Skip to content

Commit 982fb38

Browse files
rdmarsh2rdmarsh2
authored
Merge pull request github#3419 from MathiasVP/flat-structs
C++: Add reverse reads to IR field flow
2 parents b841cac + b48168f commit 982fb38

File tree

10 files changed

+874
-143
lines changed

10 files changed

+874
-143
lines changed

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

Lines changed: 6 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -192,46 +192,24 @@ private class ArrayContent extends Content, TArrayContent {
192192
override Type getType() { none() }
193193
}
194194

195-
private predicate storeStepNoChi(Node node1, Content f, PostUpdateNode node2) {
196-
exists(FieldAddressInstruction fa, StoreInstruction store |
197-
store = node2.asInstruction() and
198-
store.getDestinationAddress() = fa and
199-
store.getSourceValue() = node1.asInstruction() and
200-
f.(FieldContent).getField() = fa.getField()
201-
)
202-
}
203-
204-
private predicate storeStepChi(Node node1, Content f, PostUpdateNode node2) {
205-
exists(FieldAddressInstruction fa, StoreInstruction store |
206-
node1.asInstruction() = store and
207-
store.getDestinationAddress() = fa and
208-
node2.asInstruction().(ChiInstruction).getPartial() = store and
209-
f.(FieldContent).getField() = fa.getField()
210-
)
211-
}
212-
213195
/**
214196
* Holds if data can flow from `node1` to `node2` via an assignment to `f`.
215197
* Thus, `node2` references an object with a field `f` that contains the
216198
* value of `node1`.
217199
*/
218-
predicate storeStep(Node node1, Content f, PostUpdateNode node2) {
219-
storeStepNoChi(node1, f, node2) or
220-
storeStepChi(node1, f, node2)
200+
predicate storeStep(Node node1, Content f, StoreStepNode node2) {
201+
node2.getStoredValue() = node1 and
202+
f.(FieldContent).getField() = node2.getAField()
221203
}
222204

223205
/**
224206
* Holds if data can flow from `node1` to `node2` via a read of `f`.
225207
* Thus, `node1` references an object with a field `f` whose value ends up in
226208
* `node2`.
227209
*/
228-
predicate readStep(Node node1, Content f, Node node2) {
229-
exists(FieldAddressInstruction fa, LoadInstruction load |
230-
load.getSourceAddress() = fa and
231-
node1.asInstruction() = load.getSourceValueOperand().getAnyDef() and
232-
fa.getField() = f.(FieldContent).getField() and
233-
load = node2.asInstruction()
234-
)
210+
predicate readStep(Node node1, Content f, ReadStepNode node2) {
211+
node2.getReadValue() = node1 and
212+
f.(FieldContent).getField() = node2.getAField()
235213
}
236214

237215
/**

0 commit comments

Comments
 (0)