C++: refactor buffer overwrite queries with estimate reasons #7272
Conversation
|
Juist a few words of context: I wanted to have a kind of enum splitting the buffer size estimation results. Something like
In particular I'd like to avoid the kind of code that in the For the moment I just want to apply this reasoning to the existing two cases, but this particular PR is not getting me there yet though. |
MathiasVP
left a comment
MathiasVP
left a comment
There was a problem hiding this comment.
Let me know if something isn't clear in what I wrote. This is the kind of change that would make total sense in most other languages, but in QL it will be difficult to implement.
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
This PR is great cleanup on its own, and should make it easier to add the third strategy. 👍
redsun82
force-pushed
the
redsun82/cpp-overrunning-write-precision-split
branch
from
64a709a to
bb3ef7a
Compare
|
ok, here is a further take. Putting the special float case in was proving challenging, so I'm leaving it aside for the moment. From the tests it seems like the split is kind of working ok, but I'm eager to get some early comments on the logic behind it. |
redsun82
changed the title
redsun82
force-pushed
the
redsun82/cpp-overrunning-write-precision-split
branch
from
bb3ef7a to
b08263d
Compare
redsun82
added
the
depends on internal PR
redsun82
added
no-change-note-required
MathiasVP
left a comment
MathiasVP
left a comment
There was a problem hiding this comment.
I like this approach much better than the first one :)
redsun82
force-pushed
the
redsun82/cpp-overrunning-write-precision-split
branch
2 times, most recently
from
8ac4f1a to
3005d46
Compare
redsun82
removed
the
depends on internal PR
redsun82
force-pushed
the
redsun82/cpp-overrunning-write-precision-split
branch
from
1ad7b6d to
904bf85
Compare
We can add it later when more consistent changes to the queries are made
redsun82
force-pushed
the
redsun82/cpp-overrunning-write-precision-split
branch
from
febca72 to
5ed7056
Compare
|
The DCA run:
|
FWIW, it's failing because it's using C++/CX. It's not really flaky as much as it's using a dialect of C++ that we don't fully support. |
thanks for that @geoffw0 . So, shall we merge this? |
I haven't kept up with the changes since my initial round of comments (I believe all of those have been addressed apart from adding explanation around the |
I've added a review comment that hasn't been fixed yet :) It's an easy one! As far as I can tell, there's also been a non-trivial amount of changes since the last DCA: https://github.com/github/codeql/compare/5ed705670752bda84aa6d53c562a60b04807d1c5..d88e4d60b57cc1d49f8702fee4162ade0ecee795#diff-303d2f7d1a901ce74c795fa2b729115169b2cf4c21678522f7cd9be9c3c0d8f5 I hope it's okay that I took the liberty to start another DCA run. Once that finishes (and my final lonely comment has been addressed) I'll be happy to merge it. Sorry I didn't raise this doubt on Slack earlier today. I didn't check which SHA the DCA experiment had actually run on. |
Uh, I had totally missed that, fixed now 😄 I wish there was a view showing only unresolved comments... or is there?
Thanks for that! |
|
It seems the DCA experiment is ok, right? |
Indeed, all looks good :) |
This is a first step towards having different buffer overwrite queries with different precisions. The idea is to add a reason for why an estimate was given, allowing to detect when exact range analysis kicks in, in order to split out the current
OverrunWrite.qlinto two separate high precision and medium precision queries.Next steps will be to apply the same idea to the float special case (possibly applying range analysis there as well) and actually splitting the query in two.