Update OwnedPointerValueStoredInUnrelatedSmartPointer to the new dataflow library

jketema · jketema · commit 4d16b3b90813 · 2025-08-21T11:36:51.000+02:00
Note this introduces some new results. This seems to be correct, as before the
update the query seemed to have missed problems with code like the following:
```cpp
void f3(int *v1) {
  int *v2 = v1;
  std::shared_ptr&lt;int&gt; p1(v1);        // NON_COMPLIANT
  new std::shared_ptr&lt;int&gt;(p1.get()); // NON_COMPLIANT
  new std::shared_ptr&lt;int&gt;(v2);       // NON_COMPLIANT
}

void f4() {
  f3(new int(0));
}
```
diff --git a/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll b/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll
@@ -8,7 +8,7 @@ import cpp
 import codingstandards.cpp.Customizations
 import codingstandards.cpp.Exclusions
 import codingstandards.cpp.SmartPointers
-import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.new.TaintTracking
 import PointerToSmartPointerConstructorFlowFlow::PathGraph
 
 abstract class OwnedPointerValueStoredInUnrelatedSmartPointerSharedQuery extends Query { }
diff --git a/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected b/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected
@@ -1,44 +1,64 @@
 problems
+| test.cpp:5:27:5:28 | v1 | test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. |
 | test.cpp:5:27:5:28 | v1 | test.cpp:16:13:16:22 | new | test.cpp:5:27:5:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. |
+| test.cpp:6:31:6:33 | call to get | test.cpp:4:13:4:14 | v1 | test.cpp:6:31:6:33 | call to get | Raw pointer flows to initialize multiple unrelated smart pointers. |
 | test.cpp:6:31:6:33 | call to get | test.cpp:16:13:16:22 | new | test.cpp:6:31:6:33 | call to get | Raw pointer flows to initialize multiple unrelated smart pointers. |
+| test.cpp:7:28:7:29 | v2 | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. |
 | test.cpp:7:28:7:29 | v2 | test.cpp:16:13:16:22 | new | test.cpp:7:28:7:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. |
 | test.cpp:11:28:11:29 | v2 | test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. |
 | test.cpp:12:28:12:29 | v2 | test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. |
 | test.cpp:17:27:17:28 | v1 | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. |
 edges
+| test.cpp:3:14:3:15 | v1 | test.cpp:4:13:4:14 | v1 | provenance |  |
 | test.cpp:3:14:3:15 | v1 | test.cpp:5:27:5:28 | v1 | provenance |  |
 | test.cpp:3:14:3:15 | v1 | test.cpp:5:27:5:28 | v1 | provenance |  |
-| test.cpp:3:14:3:15 | v1 | test.cpp:7:28:7:29 | v2 | provenance |  |
+| test.cpp:4:13:4:14 | v1 | test.cpp:4:13:4:14 | v1 | provenance |  |
+| test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | provenance |  |
+| test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | provenance |  |
 | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | provenance |  |
-| test.cpp:5:27:5:28 | v1 | test.cpp:5:27:5:29 | call to shared_ptr | provenance |  |
-| test.cpp:5:27:5:28 | v1 | test.cpp:5:27:5:29 | call to shared_ptr | provenance | Config |
-| test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance |  |
-| test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance |  |
+| test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | provenance |  |
+| test.cpp:5:24:5:25 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance |  |
+| test.cpp:5:24:5:25 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance |  |
+| test.cpp:5:27:5:28 | v1 | test.cpp:5:24:5:25 | call to shared_ptr | provenance | Config |
+| test.cpp:5:27:5:28 | v1 | test.cpp:5:24:5:25 | call to shared_ptr | provenance | Config |
 | test.cpp:6:28:6:29 | p1 | test.cpp:6:31:6:33 | call to get | provenance | Config |
 | test.cpp:6:28:6:29 | p1 | test.cpp:6:31:6:33 | call to get | provenance | Config |
-| test.cpp:8:8:8:14 | 0 | test.cpp:9:28:9:29 | v2 | provenance |  |
-| test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 | provenance |  |
-| test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 | provenance |  |
+| test.cpp:8:3:8:14 | ... = ... | test.cpp:9:28:9:29 | v2 | provenance |  |
+| test.cpp:8:8:8:14 | 0 | test.cpp:8:3:8:14 | ... = ... | provenance |  |
+| test.cpp:10:3:10:17 | ... = ... | test.cpp:11:28:11:29 | v2 | provenance |  |
+| test.cpp:10:3:10:17 | ... = ... | test.cpp:11:28:11:29 | v2 | provenance |  |
+| test.cpp:10:8:10:17 | new | test.cpp:10:3:10:17 | ... = ... | provenance |  |
+| test.cpp:11:28:11:29 | v2 | test.cpp:12:28:12:29 | v2 | provenance |  |
+| test.cpp:16:13:16:22 | new | test.cpp:16:13:16:22 | new | provenance |  |
+| test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | provenance |  |
 | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | provenance |  |
-| test.cpp:16:13:16:22 | new | test.cpp:19:6:19:7 | v1 | provenance |  |
+| test.cpp:17:27:17:28 | v1 | test.cpp:19:6:19:7 | v1 | provenance |  |
 | test.cpp:19:6:19:7 | v1 | test.cpp:3:14:3:15 | v1 | provenance |  |
 nodes
 | test.cpp:3:14:3:15 | v1 | semmle.label | v1 |
 | test.cpp:4:13:4:14 | v1 | semmle.label | v1 |
+| test.cpp:4:13:4:14 | v1 | semmle.label | v1 |
+| test.cpp:4:13:4:14 | v1 | semmle.label | v1 |
+| test.cpp:5:24:5:25 | call to shared_ptr | semmle.label | call to shared_ptr |
+| test.cpp:5:24:5:25 | call to shared_ptr | semmle.label | call to shared_ptr |
+| test.cpp:5:27:5:28 | v1 | semmle.label | v1 |
 | test.cpp:5:27:5:28 | v1 | semmle.label | v1 |
 | test.cpp:5:27:5:28 | v1 | semmle.label | v1 |
-| test.cpp:5:27:5:29 | call to shared_ptr | semmle.label | call to shared_ptr |
-| test.cpp:5:27:5:29 | call to shared_ptr | semmle.label | call to shared_ptr |
 | test.cpp:6:28:6:29 | p1 | semmle.label | p1 |
 | test.cpp:6:28:6:29 | p1 | semmle.label | p1 |
 | test.cpp:6:31:6:33 | call to get | semmle.label | call to get |
 | test.cpp:7:28:7:29 | v2 | semmle.label | v2 |
+| test.cpp:8:3:8:14 | ... = ... | semmle.label | ... = ... |
 | test.cpp:8:8:8:14 | 0 | semmle.label | 0 |
 | test.cpp:9:28:9:29 | v2 | semmle.label | v2 |
+| test.cpp:10:3:10:17 | ... = ... | semmle.label | ... = ... |
 | test.cpp:10:8:10:17 | new | semmle.label | new |
 | test.cpp:11:28:11:29 | v2 | semmle.label | v2 |
+| test.cpp:11:28:11:29 | v2 | semmle.label | v2 |
 | test.cpp:12:28:12:29 | v2 | semmle.label | v2 |
 | test.cpp:16:13:16:22 | new | semmle.label | new |
+| test.cpp:16:13:16:22 | new | semmle.label | new |
+| test.cpp:17:27:17:28 | v1 | semmle.label | v1 |
 | test.cpp:17:27:17:28 | v1 | semmle.label | v1 |
 | test.cpp:19:6:19:7 | v1 | semmle.label | v1 |
 subpaths
