@@ -30,32 +30,35 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
3030
3131## Changes to libraries
3232
33- * The data-flow library has been extended with a new feature to aid debugging.
34- Instead of specifying ` isSink(Node n) { any() } ` on a configuration to
35- explore the possible flow from a source, it is recommended to use the new
36- ` Configuration::hasPartialFlow ` predicate, as this gives a more complete
37- picture of the partial flow paths from a given source. The feature is
38- disabled by default and can be enabled for individual configurations by
39- overriding ` int explorationLimit() ` .
40- * The data-flow library now supports flow out of C++ reference parameters.
41- * The data-flow library now allows flow through the address-of operator (` & ` ).
42- * The ` DataFlow::DefinitionByReferenceNode ` class now considers ` f(x) ` to be a
43- definition of ` x ` when ` x ` is a variable of pointer type. It no longer
44- considers deep paths such as ` f(&x.myField) ` to be definitions of ` x ` . These
45- changes are in line with the user expectations we've observed.
46- * The data-flow library now makes it easier to specify barriers/sanitizers
47- arising from guards by overriding the predicate
48- ` isBarrierGuard ` /` isSanitizerGuard ` on data-flow and taint-tracking
49- configurations respectively.
50- * There is now a ` DataFlow::localExprFlow ` predicate and a
51- ` TaintTracking::localExprTaint ` predicate to make it easy to use the most
52- common case of local data flow and taint: from one ` Expr ` to another.
33+ * The data-flow library in ` semmle.code.cpp.dataflow.DataFlow ` and
34+ ` semmle.code.cpp.dataflow.TaintTracking ` have had extensive changes:
35+ * Data flow through fields is now more complete and reliable.
36+ * To debug a lack of flow, instead of specifying ` isSink(Node n) { any() } `
37+ on a configuration to
38+ explore the possible flow from a source, it is recommended to use the new
39+ ` Configuration::hasPartialFlow ` predicate as this gives a more complete
40+ picture of the partial flow paths from a given source. The feature is
41+ disabled by default and can be enabled for individual configurations by
42+ overriding ` int explorationLimit() ` .
43+ * There is now flow out of C++ reference parameters.
44+ * There is now flow through the address-of operator (` & ` ).
45+ * The ` DataFlow::DefinitionByReferenceNode ` class now considers ` f(x) ` to be a
46+ definition of ` x ` when ` x ` is a variable of pointer type. It no longer
47+ considers deep paths such as ` f(&x.myField) ` to be definitions of ` x ` . These
48+ changes are in line with the user expectations we've observed.
49+ * It's now easier to specify barriers/sanitizers
50+ arising from guards by overriding the predicate
51+ ` isBarrierGuard ` /` isSanitizerGuard ` on data-flow and taint-tracking
52+ configurations respectively.
53+ * There is now a ` DataFlow::localExprFlow ` predicate and a
54+ ` TaintTracking::localExprTaint ` predicate to make it easy to use the most
55+ common case of local data flow and taint: from one ` Expr ` to another.
5356* The member predicates of the ` FunctionInput ` and ` FunctionOutput ` classes have been renamed for
5457 clarity (e.g. ` isOutReturnPointer() ` to ` isReturnValueDeref() ` ). The existing member predicates
5558 have been deprecated, and will be removed in a future release. Code that uses the old member
5659 predicates should be updated to use the corresponding new member predicate.
57- * The predicates ` Declaration.hasStdName() ` and ` Declaration.hasGlobalOrStdName `
58- have been added, simplifying handling of C++ standard library functions .
60+ * The predicate ` Declaration.hasGlobalOrStdName ` has been added, making it
61+ easier to recognize C library functions called from C++.
5962* The control-flow graph is now computed in QL, not in the extractor. This can
6063 lead to regressions (or improvements) in how queries are optimized because
6164 optimization in QL relies on static size estimates, and the control-flow edge
0 commit comments