From 4d9b3fd37055eb1a08605041553343a041d33a38 Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:30:52 +0100 Subject: [PATCH 01/10] spec > dfg > AssignExpression > Case 1 mermaid syntax error --- docs/docs/CPG/specs/dfg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/CPG/specs/dfg.md b/docs/docs/CPG/specs/dfg.md index af1138bf60..13b7a7404f 100755 --- a/docs/docs/CPG/specs/dfg.md +++ b/docs/docs/CPG/specs/dfg.md @@ -91,7 +91,7 @@ flowchart LR ```mermaid flowchart LR A[assignment.rhs] -- DFG --> assignment.lhs; - subgraph S[If the ast parent is not a Block + subgraph S[If the ast parent is not a Block] direction LR assignment.rhs -- DFG --> assignment; end From 5df7d8fb51391025e4e3a915e54104e219d8f3ff Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:36:27 +0100 Subject: [PATCH 02/10] spec > dfg > NewExpression bulletpoint needs blank line --- docs/docs/CPG/specs/dfg.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/CPG/specs/dfg.md b/docs/docs/CPG/specs/dfg.md index 13b7a7404f..7e7195b38e 100755 --- a/docs/docs/CPG/specs/dfg.md +++ b/docs/docs/CPG/specs/dfg.md @@ -162,6 +162,7 @@ Scheme: ## NewExpression Interesting fields: + * `initializer: Expression`: The initializer of the expression. The `initializer` flows to the whole expression. From 2512afcbc6a57a7d63040928ab3662ae2e9762f9 Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:38:17 +0100 Subject: [PATCH 03/10] spec > dfg > ConditionalExpression mermaid doesnt render -> align code block quotes --- docs/docs/CPG/specs/dfg.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/CPG/specs/dfg.md b/docs/docs/CPG/specs/dfg.md index 7e7195b38e..664a1235d3 100755 --- a/docs/docs/CPG/specs/dfg.md +++ b/docs/docs/CPG/specs/dfg.md @@ -208,7 +208,7 @@ Scheme: thenExpression -.- node; elseExpression -.- node; elseExpression -- DFG --> node; - ``` + ``` ## Reference From 85709b981157834999e288a21a6eb19b705c4f61 Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:50:07 +0100 Subject: [PATCH 04/10] spec > dfg > Reference > ControlFlowSensitiveDFGPass "Scheme:" missing one some bullets --- docs/docs/CPG/specs/dfg.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/CPG/specs/dfg.md b/docs/docs/CPG/specs/dfg.md index 664a1235d3..dfa178be8d 100755 --- a/docs/docs/CPG/specs/dfg.md +++ b/docs/docs/CPG/specs/dfg.md @@ -270,7 +270,7 @@ The `ControlFlowSensitiveDFGPass` completely changes this behavior and accounts input -- DFG 4 --> R[/Node/]; R == next read of ==> refersTo; ``` -* For compound operators such as `+=, -=, *=, /=`, we have an incoming flow from the last writes to reference on the left hand side of the expression to the lhs. The lhs then flows to the whole expression. Also, the right hand side flows to the whole expression (if it's a read, this is processed separately). The data flows back to the lhs which is marked as the last write to the variable. *Attention: This potentially adds loops and can look like a branch. Needs to be handled with care in subsequent passes/analyses!* +* For compound operators such as `+=, -=, *=, /=`, we have an incoming flow from the last writes to reference on the left hand side of the expression to the lhs. The lhs then flows to the whole expression. Also, the right hand side flows to the whole expression (if it's a read, this is processed separately). The data flows back to the lhs which is marked as the last write to the variable. *Attention: This potentially adds loops and can look like a branch. Needs to be handled with care in subsequent passes/analyses!* Scheme: ```mermaid flowchart LR node -.- rhs; @@ -284,7 +284,7 @@ The `ControlFlowSensitiveDFGPass` completely changes this behavior and accounts node -- DFG 3 --> lhs; R[/Node/] == next read of ==> refersTo; ``` -* If the variable is assigned a value (a binary operator `var = rhs`), the right hand side flows to the variable. This is considered as a write operation. +* If the variable is assigned a value (a binary operator `var = rhs`), the right hand side flows to the variable. This is considered as a write operation. Scheme: ```mermaid flowchart LR node -.- rhs; From f968604f5d06e7e2ab2745291385f2334e5adfe9 Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:52:18 +0100 Subject: [PATCH 05/10] spec > dfg > DoStatement bulletpoint needs blank line --- docs/docs/CPG/specs/dfg.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/CPG/specs/dfg.md b/docs/docs/CPG/specs/dfg.md index dfa178be8d..cb34ce5ba3 100755 --- a/docs/docs/CPG/specs/dfg.md +++ b/docs/docs/CPG/specs/dfg.md @@ -286,7 +286,7 @@ The `ControlFlowSensitiveDFGPass` completely changes this behavior and accounts ``` * If the variable is assigned a value (a binary operator `var = rhs`), the right hand side flows to the variable. This is considered as a write operation. Scheme: ```mermaid - flowchart LR + flowchart LR node -.- rhs; node -.- lhs; lhs -.- refersTo; @@ -463,8 +463,8 @@ Scheme: ### DoStatement Interesting fields: -* `condition: Statement`: The condition that is evaluated before making the branching decision +* `condition: Statement`: The condition that is evaluated before making the branching decision Scheme: ```mermaid From 4523dfdadaccb7d0a54045dec5e08816ed0e5d3b Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:53:50 +0100 Subject: [PATCH 06/10] spec > dfg > (While|For|If|Switch)Statement bulletpoint needs blank line --- docs/docs/CPG/specs/dfg.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/docs/CPG/specs/dfg.md b/docs/docs/CPG/specs/dfg.md index cb34ce5ba3..44f8bcfb26 100755 --- a/docs/docs/CPG/specs/dfg.md +++ b/docs/docs/CPG/specs/dfg.md @@ -476,6 +476,7 @@ Scheme: ### WhileStatement Interesting fields: + * `condition: Statement`: The condition that is evaluated before making the branching decision * `conditionDeclaration: Statement`: A declaration containing the condition in the initializer, used instead of the condition @@ -491,6 +492,7 @@ Scheme: ### ForStatement Interesting fields: + * `condition: Statement`: The condition that is evaluated before making the branching decision * `conditionDeclaration: Statement`: A declaration containing the condition in the initializer, used instead of the condition. @@ -507,6 +509,7 @@ Scheme: ### IfStatement Interesting fields: + * `condition: Statement`: The condition that is evaluated before making the branching decision * `conditionDeclaration: Statement`: A declaration containing the condition in the initialize, used instead of the condition. @@ -522,6 +525,7 @@ Scheme: ### SwitchStatement Interesting fields: + * `selector: Statement`: The expression that is evaluated before making the branching decision * `selectorDeclaration: Statement`: A declaration containing the selector in the initializer, used instead of the selector. From c763ed1698cb5e4c2e26ecbccbeb1df2239c81b8 Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 11:56:30 +0100 Subject: [PATCH 07/10] spec > dfg-function-summaries > example expl. bulletpoint/numList needs blank line --- docs/docs/CPG/specs/dfg-function-summaries.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/CPG/specs/dfg-function-summaries.md b/docs/docs/CPG/specs/dfg-function-summaries.md index 8bf268b9dd..a2871cb353 100644 --- a/docs/docs/CPG/specs/dfg-function-summaries.md +++ b/docs/docs/CPG/specs/dfg-function-summaries.md @@ -107,12 +107,14 @@ An example of a file could look as follows: ``` This file configures the following edges: + * For a method declaration in Java `java.util.List.addAll(int, java.util.Object)`, the parameter 1 flows to the base (i.e., the list object) * For a method declaration in Java `java.util.List.addAll(java.util.Object)`, the parameter 0 flows to the base (i.e., the list object) * For a function declaration in C `memcpy` (and thus also CXX `std::memcpy`), the parameter 1 flows to parameter 0. Note: If multiple function summaries match a method/function declaration (after the normal matching considering the language, local name of the function/method, signature if applicable and type hierarchy of the base object), we use the following routine to identify ideally a single entry: + 1. We filter for existing signatures since it's more precisely specified than the generic "catch all" without a signature-element. 2. We filter for the most precise class of the base. 3. If there are still multiple options, we take the longest signature. From 98ad31178b2a814710feab16588bda3f24e7b5ee Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 12:31:00 +0100 Subject: [PATCH 08/10] spec > dfg-function-summaries > exception throws bulletpoint needs blank line --- docs/docs/CPG/specs/eog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/docs/CPG/specs/eog.md b/docs/docs/CPG/specs/eog.md index 64bb47c19c..1e3ba26a8d 100644 --- a/docs/docs/CPG/specs/eog.md +++ b/docs/docs/CPG/specs/eog.md @@ -365,6 +365,7 @@ flowchart LR Throwing of exceptions is modelled as unary operation. The EOG continues at an exception catching structure or a function that does a re-throw. Interesting fields: + * `input: Expression`: Exception to be thrown for exception handling. Scheme: From 129791eead9988a075b7f06c59015fde110e8b3a Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 12:43:29 +0100 Subject: [PATCH 09/10] spec > dfg-function-summaries > NewExpression Scheme shouldnt be bulletpoint --- docs/docs/CPG/specs/eog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/CPG/specs/eog.md b/docs/docs/CPG/specs/eog.md index 1e3ba26a8d..f500b26bfc 100644 --- a/docs/docs/CPG/specs/eog.md +++ b/docs/docs/CPG/specs/eog.md @@ -502,7 +502,7 @@ Interesting fields: * `initializer: Expression`: To be evaluated before creating a new object. -* Scheme: +Scheme: ```mermaid flowchart LR classDef outer fill:#fff,stroke:#ddd,stroke-dasharray:5 5; From 8c21bc449c115f8e7e136a5cd7c2bbc30c1e18b4 Mon Sep 17 00:00:00 2001 From: Marius Albrecht Date: Wed, 27 Mar 2024 12:44:13 +0100 Subject: [PATCH 10/10] spec > dfg-function-summaries > ExpressionList typo --- docs/docs/CPG/specs/eog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/CPG/specs/eog.md b/docs/docs/CPG/specs/eog.md index f500b26bfc..d27fae5eb5 100644 --- a/docs/docs/CPG/specs/eog.md +++ b/docs/docs/CPG/specs/eog.md @@ -528,7 +528,7 @@ flowchart LR ``` ## ExpressionList -List of several expressions that aer evaluated sequentially. The resulting value is the last evaluated expression. +List of several expressions that are evaluated sequentially. The resulting value is the last evaluated expression. Interesting fields: