Skip to content

Rust: Reduce the number of sinks in DereferenceSink #20941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
paldepind wants to merge 2 commits into
base: main
Choose a base branch
from
+33 −127
Open

Rust: Reduce the number of sinks in DereferenceSink #20941

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0b3a694
Rust: Restrict the scope of `DereferenceSink` to dereferences of raw …
paldepind Dec 5, 2025
465641d
Rust: Add change note
paldepind Dec 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ private import codeql.rust.dataflow.FlowSink
private import codeql.rust.Concepts
private import codeql.rust.dataflow.internal.Node
private import codeql.rust.security.Barriers as Barriers
private import codeql.rust.internal.TypeInference as TypeInference
private import codeql.rust.internal.Type

/**
* Provides default sources, sinks and barriers for detecting accesses to
Expand Down Expand Up @@ -47,16 +49,22 @@ module AccessInvalidPointer {
ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") }
}

/**
* A pointer access using the unary `*` operator.
*/
/** A raw pointer access using the unary `*` operator. */
private class DereferenceSink extends Sink {
DereferenceSink() { any(DerefExpr p).getExpr() = this.asExpr() }
DereferenceSink() {
exists(Expr p, DerefExpr d | p = d.getExpr() and p = this.asExpr() |
// Dereferencing a raw pointer is an unsafe operation. Hence relevant
// dereferences must occur inside code marked as unsafe.
// See: https://doc.rust-lang.org/reference/types/pointer.html#r-type.pointer.raw.safety
(p.getEnclosingBlock*().isUnsafe() or p.getEnclosingCallable().(Function).isUnsafe()) and
Copy link
Contributor

@geoffw0 geoffw0 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think this check is better here, in the sink definition, or in the place where the query uses the sink (as it is for rust/access-after-lifetime-ended)? Should we be consistent between the two?

Copy link
Contributor Author

@paldepind paldepind Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it makes sense to have for the sink, if it's intended to represent pointer dereferences. We should remove the check in rust/access-after-lifetime-ended. I've done that now.

// We are only interested in dereferences of raw pointers, as other uses
// of `*` are safe.
(not exists(TypeInference::inferType(p)) or TypeInference::inferType(p) instanceof PtrType)
Copy link
Contributor

@geoffw0 geoffw0 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm interested to see if this PtrType restriction effects real world [edge case] results (DCA and/or MRVA).

)
}
}

/**
* A pointer access from model data.
*/
/** A pointer access from model data. */
private class ModelsAsDataSink extends Sink {
ModelsAsDataSink() { sinkNode(this, "pointer-access") }
}
Expand Down
4 changes: 4 additions & 0 deletions rust/ql/src/change-notes/2025-12-05-exclude-dereference-sinks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Fixed false positives from the `rust/access-invalid-pointer` query, by only considering dereferences of raw pointers as sinks.
14 changes: 7 additions & 7 deletions rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,18 @@ module AccessAfterLifetimeConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
node instanceof AccessAfterLifetime::Source and
// exclude cases with sources in macros, since these results are difficult to interpret
not node.asExpr().isFromMacroExpansion()
not node.asExpr().isFromMacroExpansion() and
AccessAfterLifetime::sourceValueScope(node, _, _)
Copy link
Contributor Author

@paldepind paldepind Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sources needs to satisfy this in the end anyway, so we might check for that here to prune some sources earlier in the process.

}

predicate isSink(DataFlow::Node node) {
node instanceof AccessAfterLifetime::Sink and
// exclude cases with sinks in macros, since these results are difficult to interpret
// Exclude cases with sinks in macros, since these results are difficult to interpret
not node.asExpr().isFromMacroExpansion() and
// include only results inside `unsafe` blocks, as other results tend to be false positives
(
node.asExpr().getEnclosingBlock*().isUnsafe() or
node.asExpr().getEnclosingCallable().(Function).isUnsafe()
)
// TODO: Remove this condition if it can be done without negatively
// impacting performance. This condition only include nodes with
// corresponding to an expression. This excludes sinks from models-as-data.
exists(node.asExpr())
Copy link
Contributor Author

@paldepind paldepind Dec 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is weird, but note that the check before the changes had the same effect of excluding all nodes without an expression. So this is only preserving what was already there.

Since my present goal is to improve performance I don't really have appetite for introducing additional sinks, hence I left this condition in place.

As the todo says I think we should try to remove this in the future and see what it does for performance and results.

}

predicate isBarrier(DataFlow::Node barrier) { barrier instanceof AccessAfterLifetime::Barrier }
Expand Down
120 changes: 7 additions & 113 deletions rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,24 +27,6 @@ edges
| deallocation.rs:242:6:242:7 | p1 | deallocation.rs:245:14:245:15 | p1 | provenance | |
| deallocation.rs:242:6:242:7 | p1 | deallocation.rs:252:14:252:15 | p1 | provenance | |
| deallocation.rs:242:30:242:38 | &raw const my_buffer | deallocation.rs:242:6:242:7 | p1 | provenance | |
| deallocation.rs:322:28:322:43 | ...: ... | deallocation.rs:324:18:324:20 | ptr | provenance | |
| deallocation.rs:334:27:334:42 | ...: ... | deallocation.rs:342:18:342:20 | ptr | provenance | |
| deallocation.rs:351:7:351:10 | ptr1 | deallocation.rs:354:4:354:7 | ptr1 | provenance | |
| deallocation.rs:351:7:351:10 | ptr1 | deallocation.rs:354:4:354:7 | ptr1 | provenance | |
| deallocation.rs:351:14:351:33 | &raw mut ... | deallocation.rs:351:7:351:10 | ptr1 | provenance | |
| deallocation.rs:352:7:352:10 | ptr2 | deallocation.rs:355:4:355:7 | ptr2 | provenance | |
| deallocation.rs:352:7:352:10 | ptr2 | deallocation.rs:355:4:355:7 | ptr2 | provenance | |
| deallocation.rs:352:14:352:33 | &raw mut ... | deallocation.rs:352:7:352:10 | ptr2 | provenance | |
| deallocation.rs:354:4:354:7 | ptr1 | deallocation.rs:357:27:357:30 | ptr1 | provenance | |
| deallocation.rs:355:4:355:7 | ptr2 | deallocation.rs:359:26:359:29 | ptr2 | provenance | |
| deallocation.rs:357:27:357:30 | ptr1 | deallocation.rs:322:28:322:43 | ...: ... | provenance | |
| deallocation.rs:359:26:359:29 | ptr2 | deallocation.rs:334:27:334:42 | ...: ... | provenance | |
| deallocation.rs:370:6:370:9 | ptr1 | deallocation.rs:373:13:373:16 | ptr1 | provenance | |
| deallocation.rs:370:6:370:9 | ptr1 | deallocation.rs:381:13:381:16 | ptr1 | provenance | |
| deallocation.rs:370:13:370:28 | &raw mut ... | deallocation.rs:370:6:370:9 | ptr1 | provenance | |
| deallocation.rs:389:6:389:9 | ptr2 | deallocation.rs:392:13:392:16 | ptr2 | provenance | |
| deallocation.rs:389:6:389:9 | ptr2 | deallocation.rs:402:13:402:16 | ptr2 | provenance | |
| deallocation.rs:389:13:389:28 | &raw mut ... | deallocation.rs:389:6:389:9 | ptr2 | provenance | |
| lifetime.rs:21:2:21:18 | return ... | lifetime.rs:54:11:54:30 | get_local_dangling(...) | provenance | |
| lifetime.rs:21:9:21:18 | &my_local1 | lifetime.rs:21:2:21:18 | return ... | provenance | |
| lifetime.rs:27:2:27:22 | return ... | lifetime.rs:55:11:55:34 | get_local_dangling_mut(...) | provenance | |
Expand Down Expand Up @@ -80,15 +62,6 @@ edges
| lifetime.rs:94:7:94:16 | &my_local1 | lifetime.rs:94:2:94:3 | p3 | provenance | |
| lifetime.rs:119:15:119:24 | &my_local3 | lifetime.rs:91:17:91:30 | ...: ... | provenance | |
| lifetime.rs:119:27:119:44 | &mut my_local_mut4 | lifetime.rs:91:33:91:44 | ...: ... | provenance | |
| lifetime.rs:127:2:127:24 | return ... | lifetime.rs:139:11:139:21 | get_const(...) | provenance | |
| lifetime.rs:127:9:127:24 | &MY_GLOBAL_CONST | lifetime.rs:127:2:127:24 | return ... | provenance | |
| lifetime.rs:134:3:134:30 | return ... | lifetime.rs:140:11:140:26 | get_static_mut(...) | provenance | |
| lifetime.rs:134:10:134:30 | &mut MY_GLOBAL_STATIC | lifetime.rs:134:3:134:30 | return ... | provenance | |
| lifetime.rs:139:6:139:7 | p1 | lifetime.rs:147:14:147:15 | p1 | provenance | |
| lifetime.rs:139:11:139:21 | get_const(...) | lifetime.rs:139:6:139:7 | p1 | provenance | |
| lifetime.rs:140:6:140:7 | p2 | lifetime.rs:148:14:148:15 | p2 | provenance | |
| lifetime.rs:140:6:140:7 | p2 | lifetime.rs:154:5:154:6 | p2 | provenance | |
| lifetime.rs:140:11:140:26 | get_static_mut(...) | lifetime.rs:140:6:140:7 | p2 | provenance | |
| lifetime.rs:161:17:161:31 | ...: ... | lifetime.rs:164:13:164:15 | ptr | provenance | |
| lifetime.rs:169:17:169:31 | ...: ... | lifetime.rs:172:13:172:15 | ptr | provenance | |
| lifetime.rs:177:17:177:31 | ...: ... | lifetime.rs:180:13:180:15 | ptr | provenance | |
Expand All @@ -106,7 +79,6 @@ edges
| lifetime.rs:201:15:201:17 | ptr | lifetime.rs:177:17:177:31 | ...: ... | provenance | |
| lifetime.rs:206:19:206:36 | ...: ... | lifetime.rs:216:16:216:21 | ptr_up | provenance | |
| lifetime.rs:208:6:208:13 | ptr_ours | lifetime.rs:211:33:211:40 | ptr_ours | provenance | |
| lifetime.rs:208:6:208:13 | ptr_ours | lifetime.rs:217:18:217:25 | ptr_ours | provenance | |
| lifetime.rs:208:6:208:13 | ptr_ours | lifetime.rs:225:2:225:16 | return ptr_ours | provenance | |
| lifetime.rs:208:17:208:29 | &my_local_rec | lifetime.rs:208:6:208:13 | ptr_ours | provenance | |
| lifetime.rs:211:7:211:14 | ptr_down | lifetime.rs:218:18:218:25 | ptr_down | provenance | |
Expand Down Expand Up @@ -150,42 +122,21 @@ edges
| lifetime.rs:383:3:383:4 | p1 | lifetime.rs:428:7:428:8 | p1 | provenance | |
| lifetime.rs:383:3:383:4 | p1 | lifetime.rs:433:7:433:8 | p1 | provenance | |
| lifetime.rs:383:31:383:37 | &raw mut my_pair | lifetime.rs:383:3:383:4 | p1 | provenance | |
| lifetime.rs:384:3:384:4 | p2 | lifetime.rs:394:14:394:15 | p2 | provenance | |
| lifetime.rs:384:3:384:4 | p2 | lifetime.rs:421:15:421:16 | p2 | provenance | |
| lifetime.rs:384:27:384:35 | &raw const ... | lifetime.rs:384:3:384:4 | p2 | provenance | |
| lifetime.rs:385:3:385:4 | p3 | lifetime.rs:395:14:395:15 | p3 | provenance | |
| lifetime.rs:385:3:385:4 | p3 | lifetime.rs:400:5:400:6 | p3 | provenance | |
| lifetime.rs:385:3:385:4 | p3 | lifetime.rs:400:5:400:6 | p3 | provenance | |
| lifetime.rs:385:31:385:39 | &raw mut ... | lifetime.rs:385:3:385:4 | p3 | provenance | |
| lifetime.rs:400:5:400:6 | p3 | lifetime.rs:422:15:422:16 | p3 | provenance | |
| lifetime.rs:400:5:400:6 | p3 | lifetime.rs:429:6:429:7 | p3 | provenance | |
| lifetime.rs:442:6:442:7 | r1 | lifetime.rs:443:42:443:43 | r1 | provenance | |
| lifetime.rs:442:17:442:23 | &my_val | lifetime.rs:442:6:442:7 | r1 | provenance | |
| lifetime.rs:443:6:443:7 | p1 | lifetime.rs:446:13:446:14 | p1 | provenance | |
| lifetime.rs:443:6:443:7 | p1 | lifetime.rs:450:2:450:10 | return p1 | provenance | |
| lifetime.rs:443:23:443:44 | ...::from_ref(...) | lifetime.rs:443:6:443:7 | p1 | provenance | |
| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:5 |
| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:3 |
| lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:454:11:454:29 | get_ptr_from_ref(...) | provenance | |
| lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:460:13:460:31 | get_ptr_from_ref(...) | provenance | |
| lifetime.rs:454:6:454:7 | p1 | lifetime.rs:459:13:459:14 | p1 | provenance | |
| lifetime.rs:454:11:454:29 | get_ptr_from_ref(...) | lifetime.rs:454:6:454:7 | p1 | provenance | |
| lifetime.rs:568:7:568:8 | p2 | lifetime.rs:572:14:572:15 | p2 | provenance | |
| lifetime.rs:568:24:568:33 | &my_local2 | lifetime.rs:568:7:568:8 | p2 | provenance | |
| lifetime.rs:630:3:630:6 | str2 | lifetime.rs:633:15:633:18 | str2 | provenance | |
| lifetime.rs:630:3:630:6 | str2 | lifetime.rs:641:14:641:17 | str2 | provenance | |
| lifetime.rs:630:10:630:25 | &... | lifetime.rs:630:3:630:6 | str2 | provenance | |
| lifetime.rs:654:4:654:7 | str2 | lifetime.rs:655:22:655:25 | str2 | provenance | |
| lifetime.rs:654:11:654:35 | ... + ... | lifetime.rs:654:4:654:7 | str2 | provenance | |
| lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:4:654:7 | str2 | provenance | |
| lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:11:654:35 | ... + ... | provenance | MaD:2 |
| lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:11:654:35 | ... + ... | provenance | MaD:1 |
| lifetime.rs:655:4:655:7 | ref1 | lifetime.rs:659:15:659:18 | ref1 | provenance | |
| lifetime.rs:655:4:655:7 | ref1 | lifetime.rs:667:14:667:17 | ref1 | provenance | |
| lifetime.rs:655:4:655:7 | ref1 [&ref] | lifetime.rs:659:15:659:18 | ref1 | provenance | |
| lifetime.rs:655:4:655:7 | ref1 [&ref] | lifetime.rs:667:14:667:17 | ref1 | provenance | |
| lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:655:4:655:7 | ref1 | provenance | |
| lifetime.rs:655:11:655:25 | &raw const str2 [&ref] | lifetime.rs:655:4:655:7 | ref1 [&ref] | provenance | |
| lifetime.rs:655:22:655:25 | str2 | lifetime.rs:655:11:655:25 | &raw const str2 [&ref] | provenance | |
| lifetime.rs:781:2:781:19 | return ... | lifetime.rs:785:11:785:41 | get_local_for_unsafe_function(...) | provenance | |
| lifetime.rs:781:9:781:19 | &my_local10 | lifetime.rs:781:2:781:19 | return ... | provenance | |
| lifetime.rs:785:6:785:7 | p1 | lifetime.rs:789:12:789:13 | p1 | provenance | |
Expand All @@ -197,47 +148,23 @@ edges
| main.rs:18:9:18:10 | p1 [&ref] | main.rs:21:19:21:20 | p1 | provenance | |
| main.rs:18:9:18:10 | p1 [&ref] | main.rs:29:19:29:20 | p1 | provenance | |
| main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | main.rs:18:9:18:10 | p1 [&ref] | provenance | |
| main.rs:18:26:18:28 | &b1 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | provenance | MaD:4 |
| main.rs:18:26:18:28 | &b1 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | provenance | MaD:2 |
| main.rs:44:9:44:10 | p2 [&ref] | main.rs:51:23:51:24 | p2 | provenance | |
| main.rs:44:9:44:10 | p2 [&ref] | main.rs:64:23:64:24 | p2 | provenance | |
| main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | main.rs:44:9:44:10 | p2 [&ref] | provenance | |
| main.rs:44:26:44:28 | &b2 | main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | provenance | MaD:4 |
| main.rs:44:26:44:28 | &b2 | main.rs:44:14:44:29 | ...::as_ptr(...) [&ref] | provenance | MaD:2 |
| main.rs:47:9:47:10 | p3 [&ref] | main.rs:52:23:52:24 | p3 | provenance | |
| main.rs:47:14:47:37 | ...::as_mut_ptr(...) [&ref] | main.rs:47:9:47:10 | p3 [&ref] | provenance | |
| main.rs:47:30:47:36 | &mut b3 | main.rs:47:14:47:37 | ...::as_mut_ptr(...) [&ref] | provenance | MaD:3 |
| main.rs:47:30:47:36 | &mut b3 | main.rs:47:14:47:37 | ...::as_mut_ptr(...) [&ref] | provenance | MaD:1 |
models
| 1 | Summary: <_ as core::ops::arith::Add>::add; Argument[0].Reference; ReturnValue; taint |
| 2 | Summary: <_ as core::ops::arith::Add>::add; Argument[0]; ReturnValue; taint |
| 3 | Summary: <alloc::boxed::Box>::as_mut_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
| 4 | Summary: <alloc::boxed::Box>::as_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
| 5 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value |
| 1 | Summary: <alloc::boxed::Box>::as_mut_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
| 2 | Summary: <alloc::boxed::Box>::as_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value |
| 3 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value |
nodes
| deallocation.rs:242:6:242:7 | p1 | semmle.label | p1 |
| deallocation.rs:242:30:242:38 | &raw const my_buffer | semmle.label | &raw const my_buffer |
| deallocation.rs:245:14:245:15 | p1 | semmle.label | p1 |
| deallocation.rs:252:14:252:15 | p1 | semmle.label | p1 |
| deallocation.rs:322:28:322:43 | ...: ... | semmle.label | ...: ... |
| deallocation.rs:324:18:324:20 | ptr | semmle.label | ptr |
| deallocation.rs:334:27:334:42 | ...: ... | semmle.label | ...: ... |
| deallocation.rs:342:18:342:20 | ptr | semmle.label | ptr |
| deallocation.rs:351:7:351:10 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:351:14:351:33 | &raw mut ... | semmle.label | &raw mut ... |
| deallocation.rs:352:7:352:10 | ptr2 | semmle.label | ptr2 |
| deallocation.rs:352:14:352:33 | &raw mut ... | semmle.label | &raw mut ... |
| deallocation.rs:354:4:354:7 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:354:4:354:7 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:355:4:355:7 | ptr2 | semmle.label | ptr2 |
| deallocation.rs:355:4:355:7 | ptr2 | semmle.label | ptr2 |
| deallocation.rs:357:27:357:30 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:359:26:359:29 | ptr2 | semmle.label | ptr2 |
| deallocation.rs:370:6:370:9 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:370:13:370:28 | &raw mut ... | semmle.label | &raw mut ... |
| deallocation.rs:373:13:373:16 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:381:13:381:16 | ptr1 | semmle.label | ptr1 |
| deallocation.rs:389:6:389:9 | ptr2 | semmle.label | ptr2 |
| deallocation.rs:389:13:389:28 | &raw mut ... | semmle.label | &raw mut ... |
| deallocation.rs:392:13:392:16 | ptr2 | semmle.label | ptr2 |
| deallocation.rs:402:13:402:16 | ptr2 | semmle.label | ptr2 |
| lifetime.rs:21:2:21:18 | return ... | semmle.label | return ... |
| lifetime.rs:21:9:21:18 | &my_local1 | semmle.label | &my_local1 |
| lifetime.rs:27:2:27:22 | return ... | semmle.label | return ... |
Expand Down Expand Up @@ -283,17 +210,6 @@ nodes
| lifetime.rs:110:5:110:6 | p2 | semmle.label | p2 |
| lifetime.rs:119:15:119:24 | &my_local3 | semmle.label | &my_local3 |
| lifetime.rs:119:27:119:44 | &mut my_local_mut4 | semmle.label | &mut my_local_mut4 |
| lifetime.rs:127:2:127:24 | return ... | semmle.label | return ... |
| lifetime.rs:127:9:127:24 | &MY_GLOBAL_CONST | semmle.label | &MY_GLOBAL_CONST |
| lifetime.rs:134:3:134:30 | return ... | semmle.label | return ... |
| lifetime.rs:134:10:134:30 | &mut MY_GLOBAL_STATIC | semmle.label | &mut MY_GLOBAL_STATIC |
| lifetime.rs:139:6:139:7 | p1 | semmle.label | p1 |
| lifetime.rs:139:11:139:21 | get_const(...) | semmle.label | get_const(...) |
| lifetime.rs:140:6:140:7 | p2 | semmle.label | p2 |
| lifetime.rs:140:11:140:26 | get_static_mut(...) | semmle.label | get_static_mut(...) |
| lifetime.rs:147:14:147:15 | p1 | semmle.label | p1 |
| lifetime.rs:148:14:148:15 | p2 | semmle.label | p2 |
| lifetime.rs:154:5:154:6 | p2 | semmle.label | p2 |
| lifetime.rs:161:17:161:31 | ...: ... | semmle.label | ...: ... |
| lifetime.rs:164:13:164:15 | ptr | semmle.label | ptr |
| lifetime.rs:169:17:169:31 | ...: ... | semmle.label | ...: ... |
Expand All @@ -316,7 +232,6 @@ nodes
| lifetime.rs:211:18:211:52 | access_ptr_rec(...) | semmle.label | access_ptr_rec(...) |
| lifetime.rs:211:33:211:40 | ptr_ours | semmle.label | ptr_ours |
| lifetime.rs:216:16:216:21 | ptr_up | semmle.label | ptr_up |
| lifetime.rs:217:18:217:25 | ptr_ours | semmle.label | ptr_ours |
| lifetime.rs:218:18:218:25 | ptr_down | semmle.label | ptr_down |
| lifetime.rs:225:2:225:16 | return ptr_ours | semmle.label | return ptr_ours |
| lifetime.rs:230:6:230:14 | ptr_start | semmle.label | ptr_start |
Expand Down Expand Up @@ -352,24 +267,13 @@ nodes
| lifetime.rs:317:13:317:18 | result | semmle.label | result |
| lifetime.rs:383:3:383:4 | p1 | semmle.label | p1 |
| lifetime.rs:383:31:383:37 | &raw mut my_pair | semmle.label | &raw mut my_pair |
| lifetime.rs:384:3:384:4 | p2 | semmle.label | p2 |
| lifetime.rs:384:27:384:35 | &raw const ... | semmle.label | &raw const ... |
| lifetime.rs:385:3:385:4 | p3 | semmle.label | p3 |
| lifetime.rs:385:31:385:39 | &raw mut ... | semmle.label | &raw mut ... |
| lifetime.rs:388:15:388:16 | p1 | semmle.label | p1 |
| lifetime.rs:391:15:391:16 | p1 | semmle.label | p1 |
| lifetime.rs:394:14:394:15 | p2 | semmle.label | p2 |
| lifetime.rs:395:14:395:15 | p3 | semmle.label | p3 |
| lifetime.rs:399:6:399:7 | p1 | semmle.label | p1 |
| lifetime.rs:400:5:400:6 | p3 | semmle.label | p3 |
| lifetime.rs:400:5:400:6 | p3 | semmle.label | p3 |
| lifetime.rs:401:6:401:7 | p1 | semmle.label | p1 |
| lifetime.rs:411:16:411:17 | p1 | semmle.label | p1 |
| lifetime.rs:416:16:416:17 | p1 | semmle.label | p1 |
| lifetime.rs:421:15:421:16 | p2 | semmle.label | p2 |
| lifetime.rs:422:15:422:16 | p3 | semmle.label | p3 |
| lifetime.rs:428:7:428:8 | p1 | semmle.label | p1 |
| lifetime.rs:429:6:429:7 | p3 | semmle.label | p3 |
| lifetime.rs:433:7:433:8 | p1 | semmle.label | p1 |
| lifetime.rs:442:6:442:7 | r1 | semmle.label | r1 |
| lifetime.rs:442:17:442:23 | &my_val | semmle.label | &my_val |
Expand All @@ -385,18 +289,8 @@ nodes
| lifetime.rs:568:7:568:8 | p2 | semmle.label | p2 |
| lifetime.rs:568:24:568:33 | &my_local2 | semmle.label | &my_local2 |
| lifetime.rs:572:14:572:15 | p2 | semmle.label | p2 |
| lifetime.rs:630:3:630:6 | str2 | semmle.label | str2 |
| lifetime.rs:630:10:630:25 | &... | semmle.label | &... |
| lifetime.rs:633:15:633:18 | str2 | semmle.label | str2 |
| lifetime.rs:641:14:641:17 | str2 | semmle.label | str2 |
| lifetime.rs:654:4:654:7 | str2 | semmle.label | str2 |
| lifetime.rs:654:11:654:35 | ... + ... | semmle.label | ... + ... |
| lifetime.rs:654:31:654:35 | &str1 | semmle.label | &str1 |
| lifetime.rs:655:4:655:7 | ref1 | semmle.label | ref1 |
| lifetime.rs:655:4:655:7 | ref1 [&ref] | semmle.label | ref1 [&ref] |
| lifetime.rs:655:11:655:25 | &raw const str2 | semmle.label | &raw const str2 |
| lifetime.rs:655:11:655:25 | &raw const str2 [&ref] | semmle.label | &raw const str2 [&ref] |
| lifetime.rs:655:22:655:25 | str2 | semmle.label | str2 |
| lifetime.rs:659:15:659:18 | ref1 | semmle.label | ref1 |
| lifetime.rs:667:14:667:17 | ref1 | semmle.label | ref1 |
| lifetime.rs:781:2:781:19 | return ... | semmle.label | return ... |
Expand Down