Merge branch 'main' into orm

Author: RasmusWL

.pre-commit-config.yaml

@@ -0,0 +1,29 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+
+-   repo: local
+    hooks:
+    -   id: codeql-format
+        name: Fix QL file formatting
+        files: \.qll?$
+        language: system
+        entry: codeql query format --in-place
+
+    -   id: sync-files
+        name: Fix files required to be identical
+        language: system
+        entry: python3 config/sync-files.py --latest
+        pass_filenames: false
+
+    -   id: qhelp
+        name: Check query help generation
+        files: \.qhelp$
+        language: system
+        entry: python3 misc/scripts/check-qhelp.py

CONTRIBUTING.md

@@ -42,7 +42,11 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
     - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html).
 
-    If you prefer, you can use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted. See the [pre-commit hook installation guide](docs/pre-commit-hook-setup.md) for instructions on how to install the hook.
+    If you prefer, you can either:
+    1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or
+    2. use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted.
+
+    See the [pre-commit hook installation guide](docs/pre-commit-hook-setup.md) for instructions on the two approaches.
 
 4. **Compilation**
 
@@ -63,6 +67,6 @@ After the experimental query is merged, we welcome pull requests to improve it.
 
 ## Using your personal data
 
-If you contribute to this project, we will record your name and email address (as provided by you with your contributions) as part of the code repositories, which are public. We might also use this information to contact you in relation to your contributions, as well as in the normal course of software development. We also store records of CLA agreements signed in the past, but no longer require contributors to sign a CLA. Under GDPR legislation, we do this on the basis of our legitimate interest in creating the CodeQL product. 
+If you contribute to this project, we will record your name and email address (as provided by you with your contributions) as part of the code repositories, which are public. We might also use this information to contact you in relation to your contributions, as well as in the normal course of software development. We also store records of CLA agreements signed in the past, but no longer require contributors to sign a CLA. Under GDPR legislation, we do this on the basis of our legitimate interest in creating the CodeQL product.
 
 Please do get in touch ([email protected]) if you have any questions about this or our data protection policies.

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.0.10
+
+### New Features
+
+* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.
+
 ## 0.0.9
 
 ## 0.0.8

cpp/ql/lib/change-notes/2022-02-24-structured-bindings-in-ir.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Many queries now support structured bindings, as structured bindings are now handled in the IR translation.

cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md renamed to cpp/ql/lib/change-notes/released/0.0.10.md

@@ -1,4 +1,5 @@
----
-category: feature
----
+## 0.0.10
+
+### New Features
+
 * Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.9
+lastReleaseVersion: 0.0.10

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.0.10-dev
+version: 0.0.11-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

@@ -71,7 +71,8 @@ newtype TInstructionTag =
   AsmTag() or
   AsmInputTag(int elementIndex) { exists(AsmStmt asm | exists(asm.getChild(elementIndex))) } or
   ThisAddressTag() or
-  ThisLoadTag()
+  ThisLoadTag() or
+  StructuredBindingAccessTag()
 
 class InstructionTag extends TInstructionTag {
   final string toString() { result = "Tag" }
@@ -221,4 +222,6 @@ string getInstructionTagId(TInstructionTag tag) {
   tag = ThisAddressTag() and result = "ThisAddress"
   or
   tag = ThisLoadTag() and result = "ThisLoad"
+  or
+  tag = StructuredBindingAccessTag() and result = "StructuredBindingAccess"
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -3,6 +3,7 @@ private import semmle.code.cpp.ir.implementation.IRType
 private import semmle.code.cpp.ir.implementation.Opcode
 private import semmle.code.cpp.ir.implementation.internal.OperandTag
 private import semmle.code.cpp.ir.internal.CppType
+private import semmle.code.cpp.ir.internal.IRUtilities
 private import semmle.code.cpp.ir.internal.TempVariableTag
 private import InstructionTag
 private import TranslatedCondition
@@ -813,7 +814,9 @@ abstract class TranslatedVariableAccess extends TranslatedNonConstantExpr {
 }
 
 class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {
-  TranslatedNonFieldVariableAccess() { not expr instanceof FieldAccess }
+  TranslatedNonFieldVariableAccess() {
+    not expr instanceof FieldAccess and not isNonReferenceStructuredBinding(expr.getTarget())
+  }
 
   override Instruction getFirstInstruction() {
     if exists(this.getQualifier())
@@ -860,6 +863,71 @@ class TranslatedFieldAccess extends TranslatedVariableAccess {
   }
 }
 
+/**
+ * The IR translation of a variable access of a structured binding, where the type
+ * of the structured binding is not of a reference type, e.g., `x0` and `x1`
+ * in `auto [x0, x1] = xs` where `xs` is an array. Although the type of the
+ * structured binding is a non-reference type, the structured binding behaves
+ * like a reference. Hence, the translation requires a `VariableAddress` followed
+ * by a `Load` instead of only a `VariableAddress` as produced by
+ * `TranslatedVariableAccess`.
+ */
+class TranslatedStructuredBindingVariableAccess extends TranslatedNonConstantExpr {
+  override VariableAccess expr;
+
+  TranslatedStructuredBindingVariableAccess() { isNonReferenceStructuredBinding(expr.getTarget()) }
+
+  override Instruction getFirstInstruction() {
+    // Structured bindings cannot be qualified.
+    result = this.getInstruction(StructuredBindingAccessTag())
+  }
+
+  override TranslatedElement getChild(int id) {
+    // Structured bindings cannot be qualified.
+    none()
+  }
+
+  override Instruction getResult() { result = this.getInstruction(LoadTag()) }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    tag = StructuredBindingAccessTag() and
+    kind instanceof GotoEdge and
+    result = this.getInstruction(LoadTag())
+    or
+    tag = LoadTag() and
+    kind instanceof GotoEdge and
+    result = this.getParent().getChildSuccessor(this)
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) { none() }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
+    tag = StructuredBindingAccessTag() and
+    opcode instanceof Opcode::VariableAddress and
+    resultType = getTypeForGLValue(this.getLValueReferenceType())
+    or
+    tag = LoadTag() and
+    opcode instanceof Opcode::Load and
+    resultType = getTypeForPRValue(this.getLValueReferenceType())
+  }
+
+  private LValueReferenceType getLValueReferenceType() {
+    // The extractor ensures `result` exists when `isNonReferenceStructuredBinding(expr.getTarget())` holds.
+    result.getBaseType() = expr.getUnspecifiedType()
+  }
+
+  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = LoadTag() and
+    operandTag instanceof AddressOperandTag and
+    result = this.getInstruction(StructuredBindingAccessTag())
+  }
+
+  override IRVariable getInstructionVariable(InstructionTag tag) {
+    tag = StructuredBindingAccessTag() and
+    result = getIRUserVariable(expr.getEnclosingFunction(), expr.getTarget())
+  }
+}
+
 class TranslatedFunctionAccess extends TranslatedNonConstantExpr {
   override FunctionAccess expr;
 

cpp/ql/lib/semmle/code/cpp/ir/internal/IRUtilities.qll

@@ -11,6 +11,15 @@ private Type getDecayedType(Type type) {
   result.(PointerType).getBaseType() = type.(ArrayType).getBaseType()
 }
 
+/**
+ * Holds if the sepcified variable is a structured binding with a non-reference
+ * type.
+ */
+predicate isNonReferenceStructuredBinding(Variable v) {
+  v.isStructuredBinding() and
+  not v.getUnspecifiedType() instanceof ReferenceType
+}
+
 /**
  * Get the actual type of the specified variable, as opposed to the declared type.
  * This returns the type of the variable after any pointer decay is applied, and
@@ -30,7 +39,12 @@ Type getVariableType(Variable v) {
         result = v.getInitializer().getExpr().getType()
         or
         not exists(v.getInitializer()) and result = v.getType()
-      else result = v.getType()
+      else
+        if isNonReferenceStructuredBinding(v)
+        then
+          // The extractor ensures `r` exists when `isNonReferenceStructuredBinding(v)` holds.
+          exists(LValueReferenceType r | r.getBaseType() = v.getUnspecifiedType() | result = r)
+        else result = v.getType()
   )
 }