Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit aa30745

Browse files
markshannonmarkshannon
committed
Python points-to: Further types and flow.
1 parent e3ed8c6 commit aa30745

8 files changed

Lines changed: 507 additions & 79 deletions

File tree

python/ql/src/semmle/python/objects/Callables.qll

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,10 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
8181
)
8282
}
8383

84+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
85+
none()
86+
}
87+
8488
override predicate calleeAndOffset(Function scope, int paramOffset) {
8589
scope = this.getScope() and paramOffset = 0
8690
}
@@ -98,7 +102,7 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc
98102
}
99103

100104
override string toString() {
101-
result = "builtin function " + this.getBuiltin().getName()
105+
result = "Builtin-function " + this.getBuiltin().getName()
102106
}
103107

104108
override predicate introduced(ControlFlowNode node, PointsToContext2 context) {
@@ -112,6 +116,10 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc
112116
override boolean isComparable() { result = true }
113117

114118
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
119+
none()
120+
}
121+
122+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
115123
exists(Builtin func, ClassObjectInternal cls |
116124
func = this.getBuiltin() and
117125
func != Builtin::builtin("isinstance") and
@@ -121,8 +129,7 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc
121129
cls = ObjectInternal::fromBuiltin(this.getReturnType()) and
122130
obj = TUnknownInstance(cls)
123131
) and
124-
origin = CfgOrigin::unknown() and
125-
callee_for_object(callee, this)
132+
origin = CfgOrigin::unknown()
126133
}
127134

128135
override ControlFlowNode getOrigin() {
@@ -185,6 +192,10 @@ class BuiltinMethodObjectInternal extends CallableObjectInternal, TBuiltinMethod
185192
override boolean isComparable() { result = true }
186193

187194
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
195+
none()
196+
}
197+
198+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
188199
// TO DO .. Result should be be a unknown value of a known class if the return type is known or just an unknown.
189200
none()
190201
}
@@ -235,8 +246,12 @@ class BoundMethodObjectInternal extends CallableObjectInternal, TBoundMethod {
235246
this.getFunction().callResult(callee, obj, origin)
236247
}
237248

249+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
250+
this.getFunction().callResult(obj, origin)
251+
}
252+
238253
override ControlFlowNode getOrigin() {
239-
this = TBoundMethod(result, _, _, _)
254+
none()
240255
}
241256

242257
override predicate calleeAndOffset(Function scope, int paramOffset) {

python/ql/src/semmle/python/objects/Classes.qll

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,11 @@ class PythonClassObjectInternal extends ClassObjectInternal, TPythonClassObject
8686
override predicate attributesUnknown() { none() }
8787

8888
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
89-
// TO DO .. Result should (in most cases) be an instance
89+
none()
90+
}
91+
92+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
93+
// Handled by Instance classes.
9094
none()
9195
}
9296

@@ -101,7 +105,7 @@ class BuiltinClassObjectInternal extends ClassObjectInternal, TBuiltinClassObjec
101105
}
102106

103107
override string toString() {
104-
result = "builtin class " + this.getBuiltin().getName()
108+
result = "builtin-class " + this.getBuiltin().getName()
105109
}
106110

107111
override predicate introduced(ControlFlowNode node, PointsToContext2 context) {
@@ -132,6 +136,10 @@ class BuiltinClassObjectInternal extends ClassObjectInternal, TBuiltinClassObjec
132136
override predicate attributesUnknown() { none() }
133137

134138
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
139+
none()
140+
}
141+
142+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
135143
// TO DO .. Result should (in most cases) be an instance
136144
none()
137145
}
@@ -166,8 +174,11 @@ class UnknownClassInternal extends ClassObjectInternal, TUnknownClass {
166174
}
167175

168176
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
169-
obj = ObjectInternal::unknown() and origin = CfgOrigin::unknown() and
170-
callee_for_object(callee, this)
177+
none()
178+
}
179+
180+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
181+
obj = ObjectInternal::unknown() and origin = CfgOrigin::unknown()
171182
}
172183

173184
override ControlFlowNode getOrigin() {

python/ql/src/semmle/python/objects/Constants.qll

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,11 @@ abstract class BooleanObjectInternal extends ObjectInternal {
3535
none()
3636
}
3737

38+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
39+
// Booleans aren't callable
40+
none()
41+
}
42+
3843
override ControlFlowNode getOrigin() {
3944
none()
4045
}
@@ -54,7 +59,7 @@ abstract class BooleanObjectInternal extends ObjectInternal {
5459
class TrueObjectInternal extends BooleanObjectInternal, TTrue {
5560

5661
override string toString() {
57-
result = "True"
62+
result = "bool True"
5863
}
5964

6065
override boolean booleanValue() {
@@ -78,7 +83,7 @@ class TrueObjectInternal extends BooleanObjectInternal, TTrue {
7883
class FalseObjectInternal extends BooleanObjectInternal, TFalse {
7984

8085
override string toString() {
81-
result = "False"
86+
result = "bool False"
8287
}
8388

8489
override boolean booleanValue() {
@@ -134,7 +139,12 @@ class NoneObjectInternal extends ObjectInternal, TNone {
134139
// None isn't callable
135140
none()
136141
}
137-
142+
143+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
144+
// None isn't callable
145+
none()
146+
}
147+
138148
override ControlFlowNode getOrigin() {
139149
none()
140150
}
@@ -163,7 +173,7 @@ class NoneObjectInternal extends ObjectInternal, TNone {
163173
class IntObjectInternal extends ObjectInternal, TInt {
164174

165175
override string toString() {
166-
result = this.intValue().toString()
176+
result = "int " + this.intValue().toString()
167177
}
168178

169179
override predicate introduced(ControlFlowNode node, PointsToContext2 context) {
@@ -193,6 +203,11 @@ class IntObjectInternal extends ObjectInternal, TInt {
193203
none()
194204
}
195205

206+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
207+
// ints aren't callable
208+
none()
209+
}
210+
196211
override ControlFlowNode getOrigin() {
197212
none()
198213
}
@@ -256,6 +271,11 @@ class StringObjectInternal extends ObjectInternal, TString {
256271
none()
257272
}
258273

274+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
275+
// strings aren't callable
276+
none()
277+
}
278+
259279
override ControlFlowNode getOrigin() {
260280
none()
261281
}

python/ql/src/semmle/python/objects/Instances.qll

Lines changed: 71 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ private import semmle.python.types.Builtins
1010
class SpecificInstanceInternal extends TSpecificInstance, ObjectInternal {
1111

1212
override string toString() {
13-
result = this.getOrigin().toString()
13+
result = this.getOrigin().getNode().toString()
1414
}
1515

1616
/** The boolean value of this object, if it has one */
@@ -53,16 +53,17 @@ class SpecificInstanceInternal extends TSpecificInstance, ObjectInternal {
5353
this = TSpecificInstance(result, _, _)
5454
}
5555

56-
/** Holds if `obj` is the result of calling `this` and `origin` is
57-
* the origin of `obj`.
58-
*/
5956
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
57+
none()
58+
}
59+
60+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
6061
// In general instances aren't callable, but some are...
6162
// TO DO -- Handle cases where class overrides __call__
6263
none()
6364
}
6465

65-
override int intValue() {
66+
override int intValue() {
6667
none()
6768
}
6869

@@ -96,7 +97,9 @@ class UnknownInstanceInternal extends TUnknownInstance, ObjectInternal {
9697
}
9798

9899
override predicate introduced(ControlFlowNode node, PointsToContext2 context) {
99-
none()
100+
context.appliesTo(node) and
101+
this.getClass() = ObjectInternal::builtin("float") and
102+
node.getNode() instanceof FloatLiteral
100103
}
101104

102105
/** Gets the class declaration for this object, if it is a declared class. */
@@ -129,10 +132,11 @@ class UnknownInstanceInternal extends TUnknownInstance, ObjectInternal {
129132
none()
130133
}
131134

132-
/** Holds if `obj` is the result of calling `this` and `origin` is
133-
* the origin of `obj`.
134-
*/
135135
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) {
136+
none()
137+
}
138+
139+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
136140
// In general instances aren't callable, but some are...
137141
// TO DO -- Handle cases where class overrides __call__
138142
none()
@@ -157,3 +161,61 @@ class UnknownInstanceInternal extends TUnknownInstance, ObjectInternal {
157161
override predicate attributesUnknown() { any() }
158162

159163
}
164+
165+
166+
class SuperInstance extends TSuperInstance, ObjectInternal {
167+
168+
override string toString() {
169+
result = "super()"
170+
}
171+
172+
override boolean booleanValue() { result = true }
173+
174+
override predicate introduced(ControlFlowNode node, PointsToContext2 context) {
175+
exists(ObjectInternal self, ClassObjectInternal startclass |
176+
super_instantiation(node, self, startclass, context) and
177+
this = TSuperInstance(self, startclass)
178+
)
179+
}
180+
181+
ClassObjectInternal getStartClass() {
182+
this = TSuperInstance(_, result)
183+
}
184+
185+
ObjectInternal getSelf() {
186+
this = TSuperInstance(result, _)
187+
}
188+
189+
override ClassDecl getClassDeclaration() { none() }
190+
191+
override boolean isClass() { result = false }
192+
193+
override ObjectInternal getClass() { none() }
194+
195+
override boolean isComparable() { none() }
196+
197+
override Builtin getBuiltin() { none() }
198+
199+
override ControlFlowNode getOrigin() {
200+
none()
201+
}
202+
203+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) { none() }
204+
205+
override predicate callResult(PointsToContext2 callee, ObjectInternal obj, CfgOrigin origin) { none() }
206+
207+
override int intValue() { none() }
208+
209+
override string strValue() { none() }
210+
211+
override predicate calleeAndOffset(Function scope, int paramOffset) { none() }
212+
213+
override predicate attribute(string name, ObjectInternal value, CfgOrigin origin) { none() }
214+
215+
override predicate attributesUnknown() { none() }
216+
217+
}
218+
219+
220+
221+

python/ql/src/semmle/python/objects/Modules.qll

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,11 @@ abstract class ModuleObjectInternal extends ObjectInternal {
1717
none()
1818
}
1919

20+
override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
21+
// Modules aren't callable
22+
none()
23+
}
24+
2025
override ControlFlowNode getOrigin() {
2126
result = this.getSourceModule().getEntryNode()
2227
}
@@ -38,7 +43,7 @@ class BuiltinModuleObjectInternal extends ModuleObjectInternal, TBuiltinModuleOb
3843
}
3944

4045
override string toString() {
41-
result = "builtin module " + this.getBuiltin().getName()
46+
result = "Module " + this.getBuiltin().getName()
4247
}
4348

4449
override string getName() {
@@ -93,7 +98,7 @@ class PackageObjectInternal extends ModuleObjectInternal, TPackageObject {
9398
}
9499

95100
override string toString() {
96-
result = "package " + this.getName()
101+
result = "Package " + this.getName()
97102
}
98103

99104
override string getName() {
@@ -186,7 +191,7 @@ class PythonModuleObjectInternal extends ModuleObjectInternal, TPythonModule {
186191
}
187192

188193
override string toString() {
189-
result = "package " + this.getName()
194+
result = "Module " + this.getName()
190195
}
191196

192197
override string getName() {

0 commit comments

Comments
 (0)