Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5683092

Browse files
geoffw0geoffw0
committed
C++: Implement SummaryParameterNode.
1 parent 1ace9ee commit 5683092

4 files changed

Lines changed: 40 additions & 22 deletions

File tree

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ private module VirtualDispatch {
8080
exists(DataFlowCall call, Position i |
8181
other
8282
.(DataFlow::ParameterNode)
83-
.isParameterOf(pragma[only_bind_into](call).getStaticCallTarget(), i) and
83+
.isParameterOf(TSourceCallable(pragma[only_bind_into](call).getStaticCallTarget()), i) and
8484
src.(ArgumentNode).argumentOf(call, pragma[only_bind_into](pragma[only_bind_out](i)))
8585
) and
8686
allowOtherFromArg = true and

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -340,7 +340,7 @@ DataFlowCallable nodeGetEnclosingCallable(Node n) { result = n.getEnclosingCalla
340340

341341
/** Holds if `p` is a `ParameterNode` of `c` with position `pos`. */
342342
predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) {
343-
p.isParameterOf(c.asSourceCallable(), pos) // TODO: if c is a summary node?
343+
p.isParameterOf(c, pos)
344344
}
345345

346346
/** Holds if `arg` is an `ArgumentNode` of `c` with position `pos`. */
@@ -967,10 +967,6 @@ class DataFlowCallable extends TDataFlowCallable {
967967
Cpp::Declaration asSourceCallable() { this = TSourceCallable(result) }
968968

969969
FlowSummaryImpl::Public::SummarizedCallable asSummarizedCallable() { this = TSummarizedCallable(result) }
970-
971-
/* Callable::TypeRange getUnderlyingCallable() { TODO
972-
result = this.asSummarizedCallable() or result = this.asSourceCallable()
973-
}*/
974970
}
975971

976972
private class SourceCallable extends DataFlowCallable, TSourceCallable {
@@ -1207,7 +1203,9 @@ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preserves
12071203
* One example would be to allow flow like `p.foo = p.bar;`, which is disallowed
12081204
* by default as a heuristic.
12091205
*/
1210-
predicate allowParameterReturnInSelf(ParameterNode p) { p instanceof IndirectParameterNode }
1206+
predicate allowParameterReturnInSelf(ParameterNode p) { p instanceof IndirectParameterNode
1207+
// TODO: Swift has a case for summarized callables here.
1208+
}
12111209

12121210
private predicate fieldHasApproxName(Field f, string s) {
12131211
s = f.getName().charAt(0) and

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

Lines changed: 27 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1636,14 +1636,16 @@ class ParameterNode extends Node {
16361636
this.asInstruction() instanceof InitializeParameterInstruction
16371637
or
16381638
this instanceof IndirectParameterNode
1639+
or
1640+
FlowSummaryImpl::Private::summaryParameterNode(this.(FlowSummaryNode).getSummaryNode(), _)
16391641
}
16401642

16411643
/**
16421644
* Holds if this node is the parameter of `f` at the specified position. The
16431645
* implicit `this` parameter is considered to have position `-1`, and
16441646
* pointer-indirection parameters are at further negative positions.
16451647
*/
1646-
predicate isParameterOf(Function f, ParameterPosition pos) { none() } // overridden by subclasses
1648+
predicate isParameterOf(DataFlowCallable f, ParameterPosition pos) { none() } // overridden by subclasses
16471649

16481650
/** Gets the `Parameter` associated with this node, if it exists. */
16491651
Parameter getParameter() { none() } // overridden by subclasses
@@ -1665,8 +1667,8 @@ class DirectParameterNode extends InstructionNode {
16651667
private class ExplicitParameterNode extends ParameterNode, DirectParameterNode {
16661668
ExplicitParameterNode() { exists(instr.getParameter()) }
16671669

1668-
override predicate isParameterOf(Function f, ParameterPosition pos) {
1669-
f.getParameter(pos.(DirectPosition).getIndex()) = instr.getParameter()
1670+
override predicate isParameterOf(DataFlowCallable f, ParameterPosition pos) {
1671+
f.asSourceCallable().(Function).getParameter(pos.(DirectPosition).getIndex()) = instr.getParameter()
16701672
}
16711673

16721674
override string toStringImpl() { result = instr.getParameter().toString() }
@@ -1678,13 +1680,31 @@ private class ExplicitParameterNode extends ParameterNode, DirectParameterNode {
16781680
class ThisParameterNode extends ParameterNode, DirectParameterNode {
16791681
ThisParameterNode() { instr.getIRVariable() instanceof IRThisVariable }
16801682

1681-
override predicate isParameterOf(Function f, ParameterPosition pos) {
1682-
pos.(DirectPosition).getIndex() = -1 and instr.getEnclosingFunction() = f
1683+
override predicate isParameterOf(DataFlowCallable f, ParameterPosition pos) {
1684+
pos.(DirectPosition).getIndex() = -1 and instr.getEnclosingFunction() = f.asSourceCallable()
16831685
}
16841686

16851687
override string toStringImpl() { result = "this" }
16861688
}
16871689

1690+
/**
1691+
* A parameter node that is part of a summary.
1692+
*/
1693+
class SummaryParameterNode extends ParameterNode, FlowSummaryNode {
1694+
SummaryParameterNode() {
1695+
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), _)
1696+
}
1697+
1698+
private ParameterPosition getPosition() {
1699+
FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), result)
1700+
}
1701+
1702+
override predicate isParameterOf(DataFlowCallable c, ParameterPosition p) {
1703+
c.asSummarizedCallable() = this.getSummarizedCallable() and
1704+
p = this.getPosition()
1705+
}
1706+
}
1707+
16881708
pragma[noinline]
16891709
private predicate indirectPositionHasArgumentIndexAndIndex(
16901710
IndirectionPosition pos, int argumentIndex, int indirectionIndex
@@ -1703,8 +1723,8 @@ private predicate indirectParameterNodeHasArgumentIndexAndIndex(
17031723

17041724
/** A synthetic parameter to model the pointed-to object of a pointer parameter. */
17051725
class ParameterIndirectionNode extends ParameterNode instanceof IndirectParameterNode {
1706-
override predicate isParameterOf(Function f, ParameterPosition pos) {
1707-
IndirectParameterNode.super.getEnclosingCallable().asSourceCallable() = f and
1726+
override predicate isParameterOf(DataFlowCallable f, ParameterPosition pos) {
1727+
IndirectParameterNode.super.getEnclosingCallable() = f and
17081728
exists(int argumentIndex, int indirectionIndex |
17091729
indirectPositionHasArgumentIndexAndIndex(pos, argumentIndex, indirectionIndex) and
17101730
indirectParameterNodeHasArgumentIndexAndIndex(this, argumentIndex, indirectionIndex)

cpp/ql/test/library-tests/dataflow/models-as-data/FlowSummaryNode.expected

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
1-
| tests.cpp:115:5:115:19 | [summary param] 0 in madArg0ToReturn | | madArg0ToReturn | madArg0ToReturn |
1+
| tests.cpp:115:5:115:19 | [summary param] 0 in madArg0ToReturn | ParameterNode | madArg0ToReturn | madArg0ToReturn |
22
| tests.cpp:115:5:115:19 | [summary] to write: ReturnValue in madArg0ToReturn | | madArg0ToReturn | madArg0ToReturn |
3-
| tests.cpp:117:5:117:28 | [summary param] 0 in madArg0ToReturnValueFlow | | madArg0ToReturnValueFlow | madArg0ToReturnValueFlow |
3+
| tests.cpp:117:5:117:28 | [summary param] 0 in madArg0ToReturnValueFlow | ParameterNode | madArg0ToReturnValueFlow | madArg0ToReturnValueFlow |
44
| tests.cpp:117:5:117:28 | [summary] to write: ReturnValue in madArg0ToReturnValueFlow | | madArg0ToReturnValueFlow | madArg0ToReturnValueFlow |
5-
| tests.cpp:119:6:119:18 | [summary param] 0 in madArg0ToArg1 | | madArg0ToArg1 | madArg0ToArg1 |
6-
| tests.cpp:119:6:119:18 | [summary param] 1 in madArg0ToArg1 | | madArg0ToArg1 | madArg0ToArg1 |
5+
| tests.cpp:119:6:119:18 | [summary param] 0 in madArg0ToArg1 | ParameterNode | madArg0ToArg1 | madArg0ToArg1 |
6+
| tests.cpp:119:6:119:18 | [summary param] 1 in madArg0ToArg1 | ParameterNode | madArg0ToArg1 | madArg0ToArg1 |
77
| tests.cpp:119:6:119:18 | [summary] to write: Argument[1] in madArg0ToArg1 | | madArg0ToArg1 | madArg0ToArg1 |
8-
| tests.cpp:180:7:180:19 | [summary param] 0 in madArg0ToSelf | | madArg0ToSelf | madArg0ToSelf |
9-
| tests.cpp:180:7:180:19 | [summary param] this in madArg0ToSelf | | madArg0ToSelf | madArg0ToSelf |
8+
| tests.cpp:180:7:180:19 | [summary param] 0 in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
9+
| tests.cpp:180:7:180:19 | [summary param] this in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
1010
| tests.cpp:180:7:180:19 | [summary] to write: Argument[this] in madArg0ToSelf | | madArg0ToSelf | madArg0ToSelf |
11-
| tests.cpp:181:6:181:20 | [summary param] this in madSelfToReturn | | madSelfToReturn | madSelfToReturn |
11+
| tests.cpp:181:6:181:20 | [summary param] this in madSelfToReturn | ParameterNode | madSelfToReturn | madSelfToReturn |
1212
| tests.cpp:181:6:181:20 | [summary] to write: ReturnValue in madSelfToReturn | | madSelfToReturn | madSelfToReturn |
13-
| tests.cpp:209:7:209:30 | [summary param] this in namespaceMadSelfToReturn | | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
13+
| tests.cpp:209:7:209:30 | [summary param] this in namespaceMadSelfToReturn | ParameterNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
1414
| tests.cpp:209:7:209:30 | [summary] to write: ReturnValue in namespaceMadSelfToReturn | | namespaceMadSelfToReturn | namespaceMadSelfToReturn |

0 commit comments

Comments
 (0)