Merge pull request #19434 from jketema/array-barrier

C++: Limit flow through sinks and sources in `cpp/upcast-array-pointer-arithmetic`

Author: jketema

cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql

@@ -44,6 +44,10 @@ module CastToPointerArithFlowConfig implements DataFlow::StateConfigSig {
     ) and
     getFullyConvertedType(node) = state
   }
+
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node, _) }
+
+  predicate isBarrierOut(DataFlow::Node node) { isSink(node, _) }
 }
 
 /**

cpp/ql/test/query-tests/Likely Bugs/Conversion/CastArrayPointerArithmetic/CastArrayPointerArithmetic.expected

@@ -3,22 +3,13 @@ edges
 | test.cpp:30:34:30:34 | b | test.cpp:31:2:31:2 | b | provenance |  |
 | test.cpp:34:31:34:31 | b | test.cpp:35:2:35:2 | b | provenance |  |
 | test.cpp:57:19:57:19 | d | test.cpp:26:29:26:29 | b | provenance |  |
-| test.cpp:57:19:57:19 | d | test.cpp:58:25:58:25 | d | provenance |  |
-| test.cpp:57:19:57:19 | d | test.cpp:59:21:59:21 | d | provenance |  |
 | test.cpp:58:25:58:25 | d | test.cpp:30:34:30:34 | b | provenance |  |
-| test.cpp:58:25:58:25 | d | test.cpp:59:21:59:21 | d | provenance |  |
 | test.cpp:59:21:59:21 | d | test.cpp:34:31:34:31 | b | provenance |  |
 | test.cpp:74:19:74:21 | dss | test.cpp:26:29:26:29 | b | provenance |  |
-| test.cpp:74:19:74:21 | dss | test.cpp:75:25:75:27 | dss | provenance |  |
-| test.cpp:74:19:74:21 | dss | test.cpp:76:21:76:23 | dss | provenance |  |
 | test.cpp:75:25:75:27 | dss | test.cpp:30:34:30:34 | b | provenance |  |
-| test.cpp:75:25:75:27 | dss | test.cpp:76:21:76:23 | dss | provenance |  |
 | test.cpp:76:21:76:23 | dss | test.cpp:34:31:34:31 | b | provenance |  |
 | test.cpp:86:19:86:20 | d2 | test.cpp:26:29:26:29 | b | provenance |  |
-| test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 | provenance |  |
-| test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 | provenance |  |
 | test.cpp:87:25:87:26 | d2 | test.cpp:30:34:30:34 | b | provenance |  |
-| test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 | provenance |  |
 | test.cpp:88:21:88:22 | d2 | test.cpp:34:31:34:31 | b | provenance |  |
 nodes
 | test.cpp:26:29:26:29 | b | semmle.label | b |
@@ -41,18 +32,9 @@ subpaths
 | test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | d | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
-| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | d | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | dss | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
-| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |