C#: Add QL classes for function pointer type/invocation, tests

tamasvajk · tamasvajk · commit 183926d9fdfd · 2021-01-19T17:26:31.000+01:00
diff --git a/csharp/change-notes/2020-11-19-Function-pointer.md b/csharp/change-notes/2020-11-19-Function-pointer.md
@@ -0,0 +1,3 @@
+lgtm,codescanning
+* Function pointer types (`FunctionPointerType`) and call to function pointers
+(`FunctionPointerCall`) are extracted.
diff --git a/csharp/ql/src/semmle/code/csharp/Type.qll b/csharp/ql/src/semmle/code/csharp/Type.qll
@@ -797,6 +797,31 @@ class DelegateType extends RefType, Parameterizable, @delegate_type {
   override string getAPrimaryQlClass() { result = "DelegateType" }
 }
 
+/**
+ * A function pointer type, for example
+ *
+ * ```csharp
+ * delegate*<int, void>
+ * ```
+ */
+class FunctionPointerType extends Type, Parameterizable, @function_pointer_type {
+  /** Gets the return type of this function pointer. */
+  Type getReturnType() { function_pointer_return_type(this, getTypeRef(result)) }
+
+  /** Gets the calling convention. */
+  int getCallingConvention() { function_pointer_calling_conventions(this, result) }
+
+  /** Gets the unmanaged calling convention at index `i`. */
+  Type getUnmanagedCallingConvention(int i) {
+    has_unmanaged_calling_conventions(this, i, getTypeRef(result))
+  }
+
+  /** Gets an unmanaged calling convention. */
+  Type getAnUnmanagedCallingConvention() { result = getUnmanagedCallingConvention(_) }
+
+  override string getAPrimaryQlClass() { result = "FunctionPointerType" }
+}
+
 /**
  * The `null` type. The type of the `null` literal.
  */
diff --git a/csharp/ql/src/semmle/code/csharp/exprs/Call.qll b/csharp/ql/src/semmle/code/csharp/exprs/Call.qll
@@ -604,6 +604,27 @@ class DelegateCall extends Call, @delegate_invocation_expr {
   override string getAPrimaryQlClass() { result = "DelegateCall" }
 }
 
+/**
+ * A function pointer call, for example `fp(1)` on line 3 in
+ *
+ * ```csharp
+ * class A {
+ *   void Call(delegate*<int, void> fp) {
+ *     fp(1);
+ *   }
+ * }
+ * ```
+ */
+class FunctionPointerCall extends Call, @function_pointer_invocation_expr {
+  override Callable getTarget() { none() }
+
+  override Expr getRuntimeArgument(int i) { result = getArgument(i) }
+
+  override string toString() { result = "function pointer call" }
+
+  override string getAPrimaryQlClass() { result = "FunctionPointerCall" }
+}
+
 /**
  * A call to an accessor. Either a property accessor call (`PropertyCall`),
  * an indexer accessor call (`IndexerCall`), or an event accessor call
diff --git a/csharp/ql/test/library-tests/csharp9/FunctionPointer.cs b/csharp/ql/test/library-tests/csharp9/FunctionPointer.cs
@@ -2,13 +2,13 @@
 
 #nullable enable
 
-public class Class1
+public class FnPointer
 {
     public unsafe static class Program
     {
-        static delegate*<int> pointer = &Main;
+        static delegate*<int> pointer = &M0;
 
-        public static int Main()
+        public static int M0()
         {
             return 0;
         }
@@ -19,7 +19,7 @@ static void M1(delegate*<ref int, out object?, int> f)
             int j = f(ref i, out object? o);
         }
 
-        static void M2<T>(delegate* unmanaged[Stdcall, SuppressGCTransition]<ref int, out object?, T, void> f) where T : new()
+        static void M2<T>(delegate* unmanaged[Stdcall/*, StdcallSuppressGCTransition*/]<ref int, out object?, T, void> f) where T : new()
         {
             int i = 42;
             f(ref i, out object? o, new T());
diff --git a/csharp/ql/test/library-tests/csharp9/FunctionPointer.expected b/csharp/ql/test/library-tests/csharp9/FunctionPointer.expected
@@ -0,0 +1,22 @@
+type
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32 in,Int32 ref> | Int32 | 0 |
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32> | Int32 | 0 |
+| file://:0:0:0:0 | delegate* default<Int32> | Int32 | 0 |
+| file://:0:0:0:0 | delegate* default<T,Int32> | Int32 | 0 |
+| file://:0:0:0:0 | delegate* stdcall<Int32 ref,Object out,T,Void> | Void | 2 |
+unmanagedCallingConvention
+parameter
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32 in,Int32 ref> | 0 | file://:0:0:0:0 |  | Int32 |
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32 in,Int32 ref> | 1 | file://:0:0:0:0 | `1 | Object |
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32 in,Int32 ref> | 2 | file://:0:0:0:0 | `2 | Int32 |
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32> | 0 | file://:0:0:0:0 |  | Int32 |
+| file://:0:0:0:0 | delegate* default<Int32 ref,Object out,Int32> | 1 | file://:0:0:0:0 | `1 | Object |
+| file://:0:0:0:0 | delegate* default<T,Int32> | 0 | file://:0:0:0:0 |  | T |
+| file://:0:0:0:0 | delegate* stdcall<Int32 ref,Object out,T,Void> | 0 | file://:0:0:0:0 |  | Int32 |
+| file://:0:0:0:0 | delegate* stdcall<Int32 ref,Object out,T,Void> | 1 | file://:0:0:0:0 | `1 | Object |
+| file://:0:0:0:0 | delegate* stdcall<Int32 ref,Object out,T,Void> | 2 | file://:0:0:0:0 | `2 | T |
+invocation
+| FunctionPointer.cs:19:21:19:43 | function pointer call |
+| FunctionPointer.cs:25:13:25:44 | function pointer call |
+| FunctionPointer.cs:31:29:31:57 | function pointer call |
+| FunctionPointer.cs:36:21:36:30 | function pointer call |
diff --git a/csharp/ql/test/library-tests/csharp9/FunctionPointer.ql b/csharp/ql/test/library-tests/csharp9/FunctionPointer.ql
@@ -0,0 +1,16 @@
+import csharp
+
+query predicate type(FunctionPointerType fpt, string returnType, int callingConvention) {
+  fpt.getReturnType().toString() = returnType and
+  fpt.getCallingConvention() = callingConvention
+}
+
+query predicate unmanagedCallingConvention(FunctionPointerType fpt, int i, string callingConvention) {
+  fpt.getUnmanagedCallingConvention(i).toString() = callingConvention
+}
+
+query predicate parameter(FunctionPointerType fpt, int i, Parameter p, string t) {
+  fpt.getParameter(i) = p and p.getType().toString() = t
+}
+
+query predicate invocation(FunctionPointerCall fpc) { any() }
diff --git a/csharp/ql/test/library-tests/csharp9/PrintAst.expected b/csharp/ql/test/library-tests/csharp9/PrintAst.expected
@@ -1,3 +1,5 @@
+FunctionPointer.cs:
+#    9| [MethodAccess] access to method M0
 AnonymousObjectCreation.cs:
 #    5| [Class] AnonObj
 #    7|   5: [Field] l
@@ -103,6 +105,94 @@ Discard.cs:
 #   10|             4: [BlockStmt] {...}
 #   10|               0: [ReturnStmt] return ...;
 #   10|                 0: [IntLiteral] 0
+FunctionPointer.cs:
+#    5| [Class] FnPointer
+#    7|   5: [Class] Program
+#    9|     5: [Field] pointer
+#    9|       -1: [TypeMention] delegate* default<Int32>
+#    9|       1: [AssignExpr] ... = ...
+#    9|         0: [FieldAccess] access to field pointer
+#   11|     6: [Method] M0
+#   11|       -1: [TypeMention] int
+#   12|       4: [BlockStmt] {...}
+#   13|         0: [ReturnStmt] return ...;
+#   13|           0: [IntLiteral] 0
+#   16|     7: [Method] M1
+#   16|       -1: [TypeMention] Void
+#-----|       2: (Parameters)
+#   16|         0: [Parameter] f
+#   16|           -1: [TypeMention] delegate* default<Int32 ref,Object out,Int32>
+#   17|       4: [BlockStmt] {...}
+#   18|         0: [LocalVariableDeclStmt] ... ...;
+#   18|           0: [LocalVariableDeclAndInitExpr] Int32 i = ...
+#   18|             -1: [TypeMention] int
+#   18|             0: [LocalVariableAccess] access to local variable i
+#   18|             1: [IntLiteral] 42
+#   19|         1: [LocalVariableDeclStmt] ... ...;
+#   19|           0: [LocalVariableDeclAndInitExpr] Int32 j = ...
+#   19|             -1: [TypeMention] int
+#   19|             0: [LocalVariableAccess] access to local variable j
+#   19|             1: [FunctionPointerCall] function pointer call
+#   19|               -1: [ParameterAccess] access to parameter f
+#   19|               0: [LocalVariableAccess] access to local variable i
+#   19|               1: [LocalVariableAccess,LocalVariableDeclExpr] Object o
+#   22|     8: [Method] M2
+#   22|       -1: [TypeMention] Void
+#-----|       1: (Type parameters)
+#   22|         0: [TypeParameter] T
+#-----|       2: (Parameters)
+#   22|         0: [Parameter] f
+#   22|           -1: [TypeMention] delegate* stdcall<Int32 ref,Object out,T,Void>
+#   23|       4: [BlockStmt] {...}
+#   24|         0: [LocalVariableDeclStmt] ... ...;
+#   24|           0: [LocalVariableDeclAndInitExpr] Int32 i = ...
+#   24|             -1: [TypeMention] int
+#   24|             0: [LocalVariableAccess] access to local variable i
+#   24|             1: [IntLiteral] 42
+#   25|         1: [ExprStmt] ...;
+#   25|           0: [FunctionPointerCall] function pointer call
+#   25|             -1: [ParameterAccess] access to parameter f
+#   25|             0: [LocalVariableAccess] access to local variable i
+#   25|             1: [LocalVariableAccess,LocalVariableDeclExpr] Object o
+#   25|             2: [ObjectCreation] object creation of type T
+#   25|               0: [TypeMention] T
+#   28|     9: [Method] M3
+#   28|       -1: [TypeMention] Void
+#-----|       2: (Parameters)
+#   28|         0: [Parameter] f
+#   28|           -1: [TypeMention] delegate* default<Int32 ref,Object out,Int32 in,Int32 ref>
+#   29|       4: [BlockStmt] {...}
+#   30|         0: [LocalVariableDeclStmt] ... ...;
+#   30|           0: [LocalVariableDeclAndInitExpr] Int32 i = ...
+#   30|             -1: [TypeMention] int
+#   30|             0: [LocalVariableAccess] access to local variable i
+#   30|             1: [IntLiteral] 42
+#   31|         1: [LocalVariableDeclStmt] ... ...;
+#   31|           0: [LocalVariableDeclAndInitExpr] Int32 j = ...
+#   31|             -1: [TypeMention] null
+#   31|             0: [LocalVariableAccess] access to local variable j
+#   31|             1: [RefExpr] ref ...
+#   31|               0: [FunctionPointerCall] function pointer call
+#   31|                 -1: [ParameterAccess] access to parameter f
+#   31|                 0: [LocalVariableAccess] access to local variable i
+#   31|                 1: [LocalVariableAccess,LocalVariableDeclExpr] Object o
+#   31|                 2: [LocalVariableAccess] access to local variable i
+#   34|     10: [Method] M4
+#   34|       -1: [TypeMention] Void
+#-----|       1: (Type parameters)
+#   34|         0: [TypeParameter] T
+#-----|       2: (Parameters)
+#   34|         0: [Parameter] f
+#   34|           -1: [TypeMention] delegate* default<T,Int32>
+#   35|       4: [BlockStmt] {...}
+#   36|         0: [LocalVariableDeclStmt] ... ...;
+#   36|           0: [LocalVariableDeclAndInitExpr] Int32 j = ...
+#   36|             -1: [TypeMention] int
+#   36|             0: [LocalVariableAccess] access to local variable j
+#   36|             1: [FunctionPointerCall] function pointer call
+#   36|               -1: [ParameterAccess] access to parameter f
+#   36|               0: [ObjectCreation] object creation of type T
+#   36|                 0: [TypeMention] T
 InitOnlyProperty.cs:
 #    3| [NamespaceDeclaration] namespace ... { ... }
 #    5|   1: [Class] IsExternalInit
@@ -136,6 +226,8 @@ InitOnlyProperty.cs:
 #   18| [Class] Derived
 #-----|   3: (Base types)
 #   18|     0: [TypeMention] Base
+#   18|     0: [TypeMention] Base
+#   18|     0: [TypeMention] Base
 #   20|   5: [Property] Prop1
 #   20|     -1: [TypeMention] int
 #   20|     3: [Getter] get_Prop1
diff --git a/csharp/ql/test/library-tests/csharp9/typeParameterNullability.expected b/csharp/ql/test/library-tests/csharp9/typeParameterNullability.expected
@@ -10,6 +10,8 @@ valueType
 | TypeParameterNullability.cs:19:29:19:29 | T |
 | TypeParameterNullability.cs:24:29:24:29 | T |
 valueOrRefType
+| FunctionPointer.cs:22:24:22:24 | T |
+| FunctionPointer.cs:34:24:34:24 | T |
 | TypeParameterNullability.cs:5:28:5:28 | T |
 | TypeParameterNullability.cs:9:28:9:28 | T |
 | TypeParameterNullability.cs:15:29:15:29 | T |
diff --git a/csharp/upgrades/TO_CHANGE/upgrade.properties b/csharp/upgrades/TO_CHANGE/upgrade.properties
@@ -1,2 +1,2 @@
 description: Added '@function_pointer_type', '@function_pointer_invocation_expr' and related relations.
-compatibility: full
+compatibility: backwards

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Function pointer types (`FunctionPointerType`) and call to function pointers
	`3`	+(`FunctionPointerCall`) are extracted.
Original file line number	Diff line number	Diff line change
`@@ -2,13 +2,13 @@`
`2`	`2`
`3`	`3`	`#nullable enable`
`4`	`4`
`5`		`-public class Class1`
	`5`	`+public class FnPointer`
`6`	`6`	`{`
`7`	`7`	`public unsafe static class Program`
`8`	`8`	`{`
`9`		`- static delegate*<int> pointer = &Main;`
	`9`	`+ static delegate*<int> pointer = &M0;`
`10`	`10`
`11`		`- public static int Main()`
	`11`	`+ public static int M0()`
`12`	`12`	`{`
`13`	`13`	`return 0;`
`14`	`14`	`}`
`@@ -19,7 +19,7 @@ static void M1(delegate*<ref int, out object?, int> f)`
`19`	`19`	`int j = f(ref i, out object? o);`
`20`	`20`	`}`
`21`	`21`
`22`		`- static void M2<T>(delegate* unmanaged[Stdcall, SuppressGCTransition]<ref int, out object?, T, void> f) where T : new()`
	`22`	`+ static void M2<T>(delegate* unmanaged[Stdcall/, StdcallSuppressGCTransition/]<ref int, out object?, T, void> f) where T : new()`
`23`	`23`	`{`
`24`	`24`	`int i = 42;`
`25`	`25`	`f(ref i, out object? o, new T());`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`description: Added '@function_pointer_type', '@function_pointer_invocation_expr' and related relations.`
`2`		`-compatibility: full`
	`2`	`+compatibility: backwards`