Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a060369

Browse files
MathiasVPMathiasVP
committed
C++: Add LoadChain and StoreChain nodes to handle reverse reads in dataflow
1 parent 335baae commit a060369

2 files changed

Lines changed: 374 additions & 76 deletions

File tree

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

Lines changed: 6 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -180,46 +180,24 @@ private class ArrayContent extends Content, TArrayContent {
180180
override Type getType() { none() }
181181
}
182182

183-
private predicate storeStepNoChi(Node node1, Content f, PostUpdateNode node2) {
184-
exists(FieldAddressInstruction fa, StoreInstruction store |
185-
store = node2.asInstruction() and
186-
store.getDestinationAddress() = fa and
187-
store.getSourceValue() = node1.asInstruction() and
188-
f.(FieldContent).getField() = fa.getField()
189-
)
190-
}
191-
192-
private predicate storeStepChi(Node node1, Content f, PostUpdateNode node2) {
193-
exists(FieldAddressInstruction fa, StoreInstruction store |
194-
node1.asInstruction() = store and
195-
store.getDestinationAddress() = fa and
196-
node2.asInstruction().(ChiInstruction).getPartial() = store and
197-
f.(FieldContent).getField() = fa.getField()
198-
)
199-
}
200-
201183
/**
202184
* Holds if data can flow from `node1` to `node2` via an assignment to `f`.
203185
* Thus, `node2` references an object with a field `f` that contains the
204186
* value of `node1`.
205187
*/
206-
predicate storeStep(Node node1, Content f, PostUpdateNode node2) {
207-
storeStepNoChi(node1, f, node2) or
208-
storeStepChi(node1, f, node2)
188+
predicate storeStep(Node node1, Content f, StoreStepNode node2) {
189+
node2.getStoredValue() = node1 and
190+
f.(FieldContent).getField() = node2.getAField()
209191
}
210192

211193
/**
212194
* Holds if data can flow from `node1` to `node2` via a read of `f`.
213195
* Thus, `node1` references an object with a field `f` whose value ends up in
214196
* `node2`.
215197
*/
216-
predicate readStep(Node node1, Content f, Node node2) {
217-
exists(FieldAddressInstruction fa, LoadInstruction load |
218-
load.getSourceAddress() = fa and
219-
node1.asInstruction() = load.getSourceValueOperand().getAnyDef() and
220-
fa.getField() = f.(FieldContent).getField() and
221-
load = node2.asInstruction()
222-
)
198+
predicate readStep(Node node1, Content f, ReadStepNode node2) {
199+
node2.getReadValue() = node1 and
200+
f.(FieldContent).getField() = node2.getAField()
223201
}
224202

225203
/**

0 commit comments

Comments
 (0)