Address review comments

Author: knewbury01

cpp/common/src/codingstandards/cpp/rules/readofuninitializedmemory/ReadOfUninitializedMemory.qll

@@ -216,9 +216,8 @@ class UninitializedVariable extends LocalVariable {
   VariableAccess getAUse() {
     result = this.getAnAccess() and
     (
-      //count rvalue x as a use if not new int
+      //count rvalue x (or *x) as a use if not new int
       result.isRValue() and
-      not exists(PointerDereferenceExpr e | result = e.getAChild()) and
       not this.getInitializer().getExpr() instanceof NewNotInit
       or
       //count lvalue x as a use if used in *x and not new int
@@ -242,26 +241,6 @@ class UninitializedVariable extends LocalVariable {
     not result.getParent+() instanceof SizeofOperator
   }
 
-  // /**
-  //  * Gets an access of the this variable which is not used as an lvalue, and not used as an argument
-  //  * to an initialization function.
-  //  */
-  // VariableAccess getAUse() {
-  //   result = this.getAnAccess() and
-  //   // Not used as an lvalue
-  //   not result = any(AssignExpr a).getLValue() and
-  //   //(result.isRValue() and not result.getType() instanceof PointerType and not this.getInitializer().getExpr() instanceof NewNotInit) and
-  //   // Not passed to another initialization function
-  //   not exists(Call c, int j | j = c.getTarget().(InitializationFunction).initializedParameter() |
-  //     result = c.getArgument(j).(AddressOfExpr).getOperand()
-  //     or
-  //     result.isRValue() and result = c.getArgument(j)
-  //   ) and
-  //   // Not a pointless read
-  //   not result = any(ExprStmt es).getExpr() and
-  //   // sizeof operators are not real uses
-  //   not result.getParent+() instanceof SizeofOperator
-  // }
   /** Get a read of the variable that may occur while the variable is uninitialized. */
   VariableAccess getAnUnitializedUse() {
     exists(SubBasicBlock useSbb |

cpp/common/test/rules/readofuninitializedmemory/ReadOfUninitializedMemory.expected

@@ -11,6 +11,7 @@
 | test.cpp:211:8:211:9 | p1 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:206:8:206:9 | p1 | p1 |
 | test.cpp:217:8:217:9 | p2 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:214:8:214:9 | p2 | p2 |
 | test.cpp:220:10:220:11 | p2 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:214:8:214:9 | p2 | p2 |
-| test.cpp:229:7:229:8 | p4 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:227:8:227:9 | p4 | p4 |
-| test.cpp:234:14:234:15 | p5 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:233:8:233:9 | p5 | p5 |
-| test.cpp:238:8:238:9 | p6 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:236:8:236:9 | p6 | p6 |
+| test.cpp:228:7:228:8 | p4 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:226:8:226:9 | p4 | p4 |
+| test.cpp:230:8:230:9 | p4 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:226:8:226:9 | p4 | p4 |
+| test.cpp:233:14:233:15 | p5 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:232:8:232:9 | p5 | p5 |
+| test.cpp:237:8:237:9 | p6 | Local variable $@ is read here and may not be initialized on all paths. | test.cpp:235:8:235:9 | p6 | p6 |

cpp/common/test/rules/readofuninitializedmemory/test.cpp

@@ -201,7 +201,7 @@ void initialize(int *p) { *p = 0; }
 void extra_extra_test() {
   int *p0 = new int;
   use(p0);  // COMPLIANT -- the pointer is valid
-  use(*p0); // COMPLIANT[FALSE_POSITIVE] -- the pointer is valid
+  use(*p0); // NON_COMPLIANT -- the pointer is valid but there is no value yet
 
   int *p1 = new int;
   *p1 = 0;  // COMPLIANT[FALSE_POSITIVE] -- this is not found bc this is not an
@@ -219,16 +219,15 @@ void extra_extra_test() {
   int *p3 = new int(1);
   *p3 = *p2; // NON_COMPLIANT -- the pointee of p2 has not been
              // initialized
-  use(p3);   // NON_COMPLIANT[FALSE_NEGATIVE] -- the pointee of p3 has been
-             // overridden
+  use(p3);   // COMPLIANT -- the pointer is valid
   use(*p3);  // NON_COMPLIANT[FALSE_NEGATIVE] -- the pointee of p3 has been
              // overridden
 
   int *p4;
   p4 = new int;
   use(p4); // COMPLIANT[FALSE_POSITIVE] -- the pointer is valid but new int isnt
            // seen
-  use(*p4); // COMPLIANT -- the value is not read and the pointer is valid
+  use(*p4); // NON_COMPLIANT -- the value may be read
 
   int *p5;
   initialize(p5); // NON_COMPLIANT