C++: Add flow summaries to simpleLocalFlowStep.

geoffw0 · geoffw0 · commit e187a4a7d658 · 2024-02-16T12:31:17.000Z
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -10,6 +10,7 @@ private import semmle.code.cpp.ir.ValueNumbering
 private import semmle.code.cpp.ir.IR
 private import semmle.code.cpp.controlflow.IRGuards
 private import semmle.code.cpp.models.interfaces.DataFlow
+private import semmle.code.cpp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import DataFlowPrivate
 private import ModelUtil
 private import SsaInternals as Ssa
@@ -1965,6 +1966,9 @@ private module Cached {
     // by a function. This allows data to flow 'in' through references returned by a modeled
     // function such as `operator[]`.
     reverseFlow(nodeFrom, nodeTo)
+    or
+    // models-as-data summarized flow
+    FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, _)
   }
 
   private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo) {
diff --git a/cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp b/cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp
@@ -132,7 +132,7 @@ void test_summaries() {
 	sink(madArg0ToReturn(source())); // $ MISSING: ir
 	sink(notASummary(source()));
 	sink(madArg0ToReturnValueFlow(0));
-	sink(madArg0ToReturnValueFlow(source())); // $ MISSING: ir
+	sink(madArg0ToReturnValueFlow(source())); // $ ir
 
 	a = source();
 	sink(madArg0IndirectToReturn(&a)); // $ MISSING: ir
@@ -159,7 +159,7 @@ void test_summaries() {
 	// test source + sinks + summaries together
 
 	madSinkArg0(madArg0ToReturn(remoteMadSource())); // $ MISSING: ir
-	madSinkArg0(madArg0ToReturnValueFlow(remoteMadSource())); // $ MISSING: ir
+	madSinkArg0(madArg0ToReturnValueFlow(remoteMadSource())); // $ ir
 	madSinkArg0(madArg0IndirectToReturn(remoteMadSourceIndirect())); // $ MISSING: ir*/
 }
 
