-
|
Sort of a generic question : in order to know exactly how a CPP request worked, I needed to know what is an AllocationExpr. Online documentation doesn't tells us much nor does librairy search When looking into Allocation.qll we find this : /**
* An allocation expression such as call to `malloc` or a `new` expression.
*/
abstract class AllocationExpr extends Expr {
/**
* Gets an expression for the allocation size, if any. The actual allocation
* size is the value of this expression multiplied by the result of
* `getSizeMult()`, in bytes.
*/
Expr getSizeExpr() { none() }
/**
* Gets a constant multiplier for the allocation size given by `getSizeExpr`,
* in bytes.
*/
int getSizeMult() { none() }
/**
* Gets the size of this allocation in bytes, if it is a fixed size and that
* size can be determined.
*/
int getSizeBytes() { none() }
/**
* Gets the expression for the input pointer argument to be reallocated, if
* this is a `realloc` function.
*/
Expr getReallocPtr() { none() }
/**
* Gets the type of the elements that are allocated, if it can be determined.
*/
Type getAllocatedElementType() { none() }
/**
* Whether or not this allocation requires a corresponding deallocation of
* some sort (most do, but `alloca` for example does not). If it is unclear,
* we default to no (for example a placement `new` allocation may or may not
* require a corresponding `delete`).
*/
predicate requiresDealloc() { any() }
}Which also doesn't help us at all. But now I know that After trying a simple : from AllocationExpr ae
select ae, ae.getPrimaryQlClasses()It returns relevant results (proof that AllocationExpr has subclass because otherwise it would return the result than if I selected I would be grateful if someone could redirect me to relevant documentation or explain me where am I mistaken. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
The problem is that all the all the subclasses are private. For example, in Allocation.qll we have A private class like that can contribute to the abstract type It isn't even necessary for the other classes brought into That would bring any expression (the supertype of AllocationExpr) that happens to stringify to "Hello world" into the type AllocationExpr, and wouldn't be documented as a subtype since it's private -- and all we know about the expression is it's an Expr, though it might satisfy other subtypes too; in this case surely it would specifically be a string literal. As a result, looking for "extends ... AllocationExpr" really is your best bet, or looking for overrides of a member predicate you're interested in. |
Beta Was this translation helpful? Give feedback.
-
|
Oh, ok thank you now I sort of understand. (Just to be sure I don't see
I didn't think about that this is clearly not a wanted behavior right, so what is the fix for this ? Every class extending AllocationExpr must have a correct constructor, and this is just a misuse ? |
Beta Was this translation helpful? Give feedback.
-
|
If you wrote that SomeExprs class, the meaning of what you've written is "So long as SomeExprs is in scope, I want anything matching the constructor (characteristic predicate, technically) to be considered part of AllocationExpr". Note that is particular to abstract classes -- for concrete classes, an |
Beta Was this translation helpful? Give feedback.
The problem is that all the all the subclasses are private. For example, in Allocation.qll we have
A private class like that can contribute to the abstract type
AllocationExprwithout itself being a publicly-accessible (and therefore documented) subtype ofAllocationExpr.It isn't even necessary for the other classes brought into
AllocationExprto be mentioned in theextendsline-- for example, I could haveThat would bring any expression (the supertype of AllocationExpr) that happens to stringify to "Hello world" …