C++: Fix asPartialDefinition for IR dataflow nodes and accept testcases

MathiasVP · MathiasVP · commit 251240376bb5 · 2020-05-26T13:14:38.000+02:00
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -71,9 +71,7 @@ class Node extends TIRDataFlowNode {
    * `x.set(taint())` is a partial definition of `x`, and `transfer(&x, taint())` is
    * a partial definition of `&x`).
    */
-  Expr asPartialDefinition() {
-    result = this.(PartialDefinitionNode).getInstruction().getUnconvertedResultExpression()
-  }
+  Expr asPartialDefinition() { result = this.(PartialDefinitionNode).getDefinedExpr() }
 
   /**
    * DEPRECATED: See UninitializedNode.
@@ -251,14 +249,17 @@ abstract class PostUpdateNode extends InstructionNode {
  * setY(&x); // a partial definition of the object `x`.
  * ```
  */
-abstract private class PartialDefinitionNode extends PostUpdateNode, TInstructionNode { }
+abstract class PartialDefinitionNode extends PostUpdateNode, TInstructionNode {
+  abstract Expr getDefinedExpr();
+}
 
-private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
+class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
   override ChiInstruction instr;
+  FieldAddressInstruction field;
 
   ExplicitFieldStoreQualifierNode() {
     not instr.isResultConflated() and
-    exists(StoreInstruction store, FieldInstruction field |
+    exists(StoreInstruction store |
       instr.getPartial() = store and field = store.getDestinationAddress()
     )
   }
@@ -268,6 +269,10 @@ private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
   // DataFlowImplConsistency::Consistency. However, it's not clear what (if any) implications
   // this consistency failure has.
   override Node getPreUpdateNode() { result.asInstruction() = instr.getTotal() }
+
+  override Expr getDefinedExpr() {
+    result = field.getObjectAddress().getUnconvertedResultExpression()
+  }
 }
 
 /**
@@ -278,15 +283,18 @@ private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
  */
 private class ExplicitSingleFieldStoreQualifierNode extends PartialDefinitionNode {
   override StoreInstruction instr;
+  FieldAddressInstruction field;
 
   ExplicitSingleFieldStoreQualifierNode() {
-    exists(FieldAddressInstruction field |
-      field = instr.getDestinationAddress() and
-      not exists(ChiInstruction chi | chi.getPartial() = instr)
-    )
+    field = instr.getDestinationAddress() and
+    not exists(ChiInstruction chi | chi.getPartial() = instr)
   }
 
   override Node getPreUpdateNode() { none() }
+
+  override Expr getDefinedExpr() {
+    result = field.getObjectAddress().getUnconvertedResultExpression()
+  }
 }
 
 /**
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-diff.expected
@@ -51,7 +51,6 @@
 | a | AST only |
 | a | AST only |
 | a | AST only |
-| a | AST only |
 | a_ | AST only |
 | a_ | AST only |
 | a_ | AST only |
@@ -87,7 +86,6 @@
 | b | AST only |
 | b | AST only |
 | b | AST only |
-| b | AST only |
 | b1 | AST only |
 | b1 | AST only |
 | b1 | AST only |
@@ -151,7 +149,6 @@
 | c1 | AST only |
 | c1 | AST only |
 | c1 | AST only |
-| c1 | AST only |
 | call to get | AST only |
 | call to get | AST only |
 | call to getBox1 | AST only |
@@ -174,7 +171,6 @@
 | call to user_input | AST only |
 | call to user_input | AST only |
 | cc | AST only |
-| copy1 | AST only |
 | ct | AST only |
 | d | AST only |
 | d | AST only |
@@ -239,10 +235,6 @@
 | inner | AST only |
 | inner | AST only |
 | inner | AST only |
-| inner | AST only |
-| inner | AST only |
-| inner | AST only |
-| inner | AST only |
 | inner_nested | AST only |
 | inner_nested | AST only |
 | inner_nested | AST only |
@@ -331,21 +323,9 @@
 | pouter | AST only |
 | raw | AST only |
 | raw | AST only |
-| ref1 | AST only |
-| s | AST only |
-| s | AST only |
 | s | AST only |
 | s | AST only |
 | s | AST only |
-| s | AST only |
-| s | AST only |
-| s | AST only |
-| s | AST only |
-| s | AST only |
-| s | AST only |
-| s2 | AST only |
-| s2 | AST only |
-| s2 | AST only |
 | s2 | AST only |
 | s3 | AST only |
 | this | AST only |
diff --git a/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected b/cpp/ql/test/library-tests/dataflow/fields/partial-definition-ir.expected
@@ -0,0 +1,20 @@
+| A.cpp:100:5:100:6 | c1 |
+| A.cpp:142:7:142:7 | b |
+| aliasing.cpp:9:3:9:3 | s |
+| aliasing.cpp:13:3:13:3 | s |
+| aliasing.cpp:17:3:17:3 | s |
+| aliasing.cpp:37:3:37:6 | ref1 |
+| aliasing.cpp:42:3:42:4 | s2 |
+| aliasing.cpp:49:3:49:7 | copy1 |
+| aliasing.cpp:54:3:54:4 | s2 |
+| aliasing.cpp:60:3:60:4 | s2 |
+| aliasing.cpp:72:3:72:3 | s |
+| aliasing.cpp:79:3:79:3 | s |
+| aliasing.cpp:86:3:86:3 | s |
+| aliasing.cpp:92:5:92:5 | s |
+| by_reference.cpp:12:5:12:5 | s |
+| by_reference.cpp:84:3:84:7 | inner |
+| by_reference.cpp:88:3:88:7 | inner |
+| qualifiers.cpp:12:49:12:53 | inner |
+| qualifiers.cpp:13:51:13:55 | inner |
+| simple.cpp:65:5:65:5 | a |
