C++: Model more stringstream features#4253
Conversation
| // flow from qualifier to return value | ||
| input.isQualifierAddress() and | ||
| input.isQualifierObject() and | ||
| output.isReturnValue() |
There was a problem hiding this comment.
I don't agree with this change. The qualifier object is a stringstream, but the return value is a stringstream &.
There was a problem hiding this comment.
Yeah I think you're right. These methods return a reference to their qualifier (*this), and I think I got confused by the reference (I think I'm supposed to always think of references as pointers for data flow).
That said we lose some flows if I change it back to isQualifierAddress. I'm looking into this.
There was a problem hiding this comment.
I've fixed the lost flows with a change to DataFlowUtil.qll. Please check that though - I'm not entirely sure how the dataflow library is supposed to deal with references.
| inModel.isQualifierObject() and | ||
| fromExpr = call.getQualifier() | ||
| or | ||
| inModel.isQualifierAddress() and | ||
| fromExpr = call.getQualifier() |
There was a problem hiding this comment.
I'm happy to accept this conflation between pointers and objects in AST data flow as long as there's no evidence that it causes bad results from real-world queries.
There was a problem hiding this comment.
If the call is through . then getQualifier() is the object, whereas if the call is through -> then getQualifier() is the address. The getQualifier() of a call to operator<< can be either a class or reference. I think the conflation was already there (and this is an area where our QL libraries aren't super helpful at the moment).
2 participants
Model
std::stringstreamconstructor,str,putandwrite.More to follow, but there's a small change in
DataFlowUtil.qllI'd like to get through review now.