C++: Add summary jumpStep, readStep, storeStep.

geoffw0 · geoffw0 · commit 8c0f02ac4b84 · 2024-03-06T14:51:48.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -795,6 +795,10 @@ predicate jumpStep(Node n1, Node n2) {
       v = n1.asIndirectVariable(globalDef.getIndirection())
     )
   )
+  or
+  // models-as-data summarized flow
+  FlowSummaryImpl::Private::Steps::summaryJumpStep(n1.(FlowSummaryNode).getSummaryNode(),
+    n2.(FlowSummaryNode).getSummaryNode())
 }
 
 /**
@@ -805,23 +809,28 @@ predicate jumpStep(Node n1, Node n2) {
  * The boolean `certain` is true if the destination address does not involve
  * any pointer arithmetic, and false otherwise.
  */
-predicate storeStepImpl(Node node1, Content c, PostFieldUpdateNode node2, boolean certain) {
+predicate storeStepImpl(Node node1, Content c, Node node2, boolean certain) {
   exists(int indirectionIndex1, int numberOfLoads, StoreInstruction store |
     nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and
-    node2.getIndirectionIndex() = 1 and
-    numberOfLoadsFromOperand(node2.getFieldAddress(), store.getDestinationAddressOperand(),
-      numberOfLoads, certain)
+    node2.(PostFieldUpdateNode).getIndirectionIndex() = 1 and
+    numberOfLoadsFromOperand(node2.(PostFieldUpdateNode).getFieldAddress(),
+      store.getDestinationAddressOperand(), numberOfLoads, certain)
   |
     exists(FieldContent fc | fc = c |
-      fc.getField() = node2.getUpdatedField() and
+      fc.getField() = node2.(PostFieldUpdateNode).getUpdatedField() and
       fc.getIndirectionIndex() = 1 + indirectionIndex1 + numberOfLoads
     )
     or
     exists(UnionContent uc | uc = c |
-      uc.getAField() = node2.getUpdatedField() and
+      uc.getAField() = node2.(PostFieldUpdateNode).getUpdatedField() and
       uc.getIndirectionIndex() = 1 + indirectionIndex1 + numberOfLoads
     )
   )
+  or
+  // models-as-data summarized flow
+  FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c,
+    node2.(FlowSummaryNode).getSummaryNode()) and
+  certain = [true, false] // TODO
 }
 
 /**
@@ -908,6 +917,10 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
       uc.getIndirectionIndex() = indirectionIndex2 + numberOfLoads
     )
   )
+  or
+  // models-as-data summarized flow
+  FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), c,
+    node2.(FlowSummaryNode).getSummaryNode())
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -795,6 +795,10 @@ predicate jumpStep(Node n1, Node n2) {`
`795`	`795`	`v = n1.asIndirectVariable(globalDef.getIndirection())`
`796`	`796`	`)`
`797`	`797`	`)`
	`798`	`+ or`
	`799`	`+ // models-as-data summarized flow`
	`800`	`+ FlowSummaryImpl::Private::Steps::summaryJumpStep(n1.(FlowSummaryNode).getSummaryNode(),`
	`801`	`+ n2.(FlowSummaryNode).getSummaryNode())`
`798`	`802`	`}`
`799`	`803`
`800`	`804`	`/**`
`@@ -805,23 +809,28 @@ predicate jumpStep(Node n1, Node n2) {`
`805`	`809`	* The boolean `certain` is true if the destination address does not involve
`806`	`810`	`* any pointer arithmetic, and false otherwise.`
`807`	`811`	`*/`
`808`		`-predicate storeStepImpl(Node node1, Content c, PostFieldUpdateNode node2, boolean certain) {`
	`812`	`+predicate storeStepImpl(Node node1, Content c, Node node2, boolean certain) {`
`809`	`813`	`exists(int indirectionIndex1, int numberOfLoads, StoreInstruction store \|`
`810`	`814`	`nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and`
`811`		`- node2.getIndirectionIndex() = 1 and`
`812`		`- numberOfLoadsFromOperand(node2.getFieldAddress(), store.getDestinationAddressOperand(),`
`813`		`- numberOfLoads, certain)`
	`815`	`+ node2.(PostFieldUpdateNode).getIndirectionIndex() = 1 and`
	`816`	`+ numberOfLoadsFromOperand(node2.(PostFieldUpdateNode).getFieldAddress(),`
	`817`	`+ store.getDestinationAddressOperand(), numberOfLoads, certain)`
`814`	`818`	`\|`
`815`	`819`	`exists(FieldContent fc \| fc = c \|`
`816`		`- fc.getField() = node2.getUpdatedField() and`
	`820`	`+ fc.getField() = node2.(PostFieldUpdateNode).getUpdatedField() and`
`817`	`821`	`fc.getIndirectionIndex() = 1 + indirectionIndex1 + numberOfLoads`
`818`	`822`	`)`
`819`	`823`	`or`
`820`	`824`	`exists(UnionContent uc \| uc = c \|`
`821`		`- uc.getAField() = node2.getUpdatedField() and`
	`825`	`+ uc.getAField() = node2.(PostFieldUpdateNode).getUpdatedField() and`
`822`	`826`	`uc.getIndirectionIndex() = 1 + indirectionIndex1 + numberOfLoads`
`823`	`827`	`)`
`824`	`828`	`)`
	`829`	`+ or`
	`830`	`+ // models-as-data summarized flow`
	`831`	`+ FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c,`
	`832`	`+ node2.(FlowSummaryNode).getSummaryNode()) and`
	`833`	`+ certain = [true, false] // TODO`
`825`	`834`	`}`
`826`	`835`
`827`	`836`	`/**`
`@@ -908,6 +917,10 @@ predicate readStep(Node node1, ContentSet c, Node node2) {`
`908`	`917`	`uc.getIndirectionIndex() = indirectionIndex2 + numberOfLoads`
`909`	`918`	`)`
`910`	`919`	`)`
	`920`	`+ or`
	`921`	`+ // models-as-data summarized flow`
	`922`	`+ FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), c,`
	`923`	`+ node2.(FlowSummaryNode).getSummaryNode())`
`911`	`924`	`}`
`912`	`925`
`913`	`926`	`/**`