C++: Add comments to {Array,Pointer}StoreNode and arrayStoreStepChi.

MathiasVP · MathiasVP · commit 50ad4cfec4e8 · 2020-09-15T16:03:21.000+02:00
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -244,11 +244,15 @@ private predicate arrayStoreStepChi(Node node1, ArrayContent a, PostUpdateNode n
     node1.asInstruction() = store and
     (
       // `x[i] = taint()`
+      // This matches the characteristic predicate in `ArrayStoreNode`.
       store.getDestinationAddress() instanceof PointerAddInstruction
       or
       // `*p = taint()`
+      // This matches the characteristic predicate in `PointerStoreNode`.
       store.getDestinationAddress().(CopyValueInstruction).getUnary() instanceof LoadInstruction
     ) and
+    // This `ChiInstruction` will always have a non-conflated result because both `ArrayStoreNode`
+    // and `PointerStoreNode` require it in their characteristic predicates.
     node2.asInstruction().(ChiInstruction).getPartial() = store
   )
 }
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -389,6 +389,10 @@ private class ExplicitSingleFieldStoreQualifierNode extends PartialDefinitionNod
   }
 }
 
+/**
+ * The `PostUpdateNode` that is the target of a `arrayStoreStepChi` store step. The overriden
+ * `ChiInstruction` corresponds to the instruction represented by `node2` in `arrayStoreStepChi`.
+ */
 private class ArrayStoreNode extends PartialDefinitionNode {
   override ChiInstruction instr;
   PointerAddInstruction add;
@@ -406,6 +410,10 @@ private class ArrayStoreNode extends PartialDefinitionNode {
   override Expr getDefinedExpr() { result = add.getLeft().getUnconvertedResultExpression() }
 }
 
+/**
+ * The `PostUpdateNode` that is the target of a `arrayStoreStepChi` store step. The overriden
+ * `ChiInstruction` corresponds to the instruction represented by `node2` in `arrayStoreStepChi`.
+ */
 private class PointerStoreNode extends PostUpdateNode {
   override ChiInstruction instr;
 

Original file line number	Diff line number	Diff line change
`@@ -244,11 +244,15 @@ private predicate arrayStoreStepChi(Node node1, ArrayContent a, PostUpdateNode n`
`244`	`244`	`node1.asInstruction() = store and`
`245`	`245`	`(`
`246`	`246`	// `x[i] = taint()`
	`247`	+ // This matches the characteristic predicate in `ArrayStoreNode`.
`247`	`248`	`store.getDestinationAddress() instanceof PointerAddInstruction`
`248`	`249`	`or`
`249`	`250`	// `*p = taint()`
	`251`	+ // This matches the characteristic predicate in `PointerStoreNode`.
`250`	`252`	`store.getDestinationAddress().(CopyValueInstruction).getUnary() instanceof LoadInstruction`
`251`	`253`	`) and`
	`254`	+ // This `ChiInstruction` will always have a non-conflated result because both `ArrayStoreNode`
	`255`	+ // and `PointerStoreNode` require it in their characteristic predicates.
`252`	`256`	`node2.asInstruction().(ChiInstruction).getPartial() = store`
`253`	`257`	`)`
`254`	`258`	`}`
Original file line number	Diff line number	Diff line change
`@@ -389,6 +389,10 @@ private class ExplicitSingleFieldStoreQualifierNode extends PartialDefinitionNod`
`389`	`389`	`}`
`390`	`390`	`}`
`391`	`391`
	`392`	`+/**`
	`393`	+ * The `PostUpdateNode` that is the target of a `arrayStoreStepChi` store step. The overriden
	`394`	+ * `ChiInstruction` corresponds to the instruction represented by `node2` in `arrayStoreStepChi`.
	`395`	`+ */`
`392`	`396`	`private class ArrayStoreNode extends PartialDefinitionNode {`
`393`	`397`	`override ChiInstruction instr;`
`394`	`398`	`PointerAddInstruction add;`
`@@ -406,6 +410,10 @@ private class ArrayStoreNode extends PartialDefinitionNode {`
`406`	`410`	`override Expr getDefinedExpr() { result = add.getLeft().getUnconvertedResultExpression() }`
`407`	`411`	`}`
`408`	`412`
	`413`	`+/**`
	`414`	+ * The `PostUpdateNode` that is the target of a `arrayStoreStepChi` store step. The overriden
	`415`	+ * `ChiInstruction` corresponds to the instruction represented by `node2` in `arrayStoreStepChi`.
	`416`	`+ */`
`409`	`417`	`private class PointerStoreNode extends PostUpdateNode {`
`410`	`418`	`override ChiInstruction instr;`
`411`	`419`