search

Fraunhofer-AISEC / cpg

A library to extract Code Property Graphs from C/C++, Java, Go, Python, Ruby and every other language through LLVM-IR.
https://fraunhofer-aisec.github.io/cpg/
Apache License 2.0
248 stars 60 forks source link

Fix DFG of the variable of a`ForEachStatement` #1052

Closed KuechA closed 1 year ago

KuechA commented 1 year ago

The variable declaration in a ForEachStatement does not have an initializer and is therefore not really considered by the ControlFlowSensitiveDFGPass. We have to handle this case separately.

Closes #1006

KuechA commented 1 year ago

No, actually, the respective edges from the DFGPass would probably be removed anyway... I tried an alternative approach by setting the initializer of the variable in the normal DFG Pass with the iterable but I didn't like the solution (even if it would have worked).

oxisto commented 1 year ago

No, actually, the respective edges from the DFGPass would probably be removed anyway... I tried an alternative approach by setting the initializer of the variable in the normal DFG Pass with the iterable but I didn't like the solution (even if it would have worked).

I just meant, if the user is missing out on this "feature", if he is only using the "normal" DFG pass?

KuechA commented 1 year ago

No, actually, the respective edges from the DFGPass would probably be removed anyway... I tried an alternative approach by setting the initializer of the variable in the normal DFG Pass with the iterable but I didn't like the solution (even if it would have worked).

I just meant, if the user is missing out on this "feature", if he is only using the "normal" DFG pass?

Good point. Since the variable declaration is wrapped in a DeclarationStatement, the DFG edge was indeed not added only with the normal DFG pass. Btw. the DeclarationStatement has a DFG edge to the ForEachStatement. Do you have any idea why this is the case? We do not add this edge in our passes

oxisto commented 1 year ago

No, actually, the respective edges from the DFGPass would probably be removed anyway... I tried an alternative approach by setting the initializer of the variable in the normal DFG Pass with the iterable but I didn't like the solution (even if it would have worked).

I just meant, if the user is missing out on this "feature", if he is only using the "normal" DFG pass?

Good point. Since the variable declaration is wrapped in a DeclarationStatement, the DFG edge was indeed not added only with the normal DFG pass. Btw. the DeclarationStatement has a DFG edge to the ForEachStatement. Do you have any idea why this is the case? We do not add this edge in our passes

uhm no idea :D @konradweiss ?

oxisto commented 1 year ago

I'm generally in favor of this PR. The only thing I dislike is the heavy use of !! in the pass.

Agree. Can you change it to a local variable assignment + smart card instead? We should really avoid !!

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

50.0% 50.0% Coverage
0.0% 0.0% Duplication