ProgPilot is unable to deal with null coalescing operator

[Mister-Stein]

Progpilot built from source, includes all recent commits and in default configuration. PHP 8.2.1

Unfortunately, ProgPilot have another one problem: it doesn't know how to deal with null coalescing operator. It's syntax: expression1 ?? expression2 Simplified example code, no result after analysis:

<?php
global $wpdb;
$tainted = $_POST['order_by'] ?? 'default';
$wpdb->get_row($tainted);

Null coalescing operator, the same as ternary operator, also can be seen pretty often. Description about it in PHP Doc. That would be nice, if ProgPilot could deal with it too.

[Mister-Stein]

I had recently found, that in the CFG of the example code above, there is no phi function, as in the CFG of the code that contains ternary operator. CFG of the example code above:

Block#1
    Var#1<$_POST> = Phi()
    Var#2<$wpdb> = Phi()
    Terminal_GlobalVar
        var: LITERAL('wpdb')
    Expr_ArrayDimFetch
        var: Var#1<$_POST>
        dim: LITERAL('order_by')
        result: Var#3
    Expr_BinaryOp_Coalesce
        left: Var#3
        right: LITERAL('default')
        result: Var#4
    Expr_Assign
        var: Var#5<$tainted>
        expr: Var#4
        result: Var#6
    Expr_MethodCall
        var: Var#2<$wpdb>
        name: LITERAL('get_row')
        args[0]: Var#5<$tainted>
        result: Var#7
    Terminal_Return

I was expecting that it should produce additional blocks in CFG the same as ternary operator, but it produce just expression statement Expr_BinaryOp_Coalesce What to do with it?

[eric-therond]

This one is probably more easy to fix, I will take a look soon. Thanks for the investigation.