Swift: fixes around DictionaryContent

rdmarsh2 · rdmarsh2 · commit 79368c187cb7 · 2023-08-15T19:34:27.000Z
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -747,24 +747,26 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
     c.isSingleton(any(Content::ArrayContent ac))
   )
   or
-  // read of a dictionary value via subscript operator, with intermediate step
+  // assignment to a dictionary value via subscript operator, with intermediate step
+  // `dict[key] = value`
   exists(AssignExpr assign, SubscriptExpr subscript |
     subscript = assign.getDest() and
     (
       subscript.getArgument(0).getExpr() = node1.asExpr() and
       node2.(DictionarySubscriptNode).getExpr() = subscript and
-      c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = 1))
+      c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = 0))
       or
       assign.getSource() = node1.asExpr() and
       node2.(DictionarySubscriptNode).getExpr() = subscript and
       c.isSingleton(any(Content::TupleContent tc | tc.getIndex() = 1))
       or
-      node1.(DictionarySubscriptNode) = node1 and
-      node2.asExpr() = subscript and
+      node1.(DictionarySubscriptNode).getExpr() = subscript and
+      node2.(PostUpdateNode).getPreUpdateNode().asExpr() = subscript.getBase() and
       c.isSingleton(any(Content::CollectionContent cc))
     )
   )
   or
+  // creation of a dictionary `[key: value, ...]`
   exists(DictionaryExpr dict |
     node1.asExpr() = dict.getAnElement() and
     node2.asExpr() = dict and
@@ -872,7 +874,11 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
  * in `x.f = newValue`.
  */
 predicate clearsContent(Node n, ContentSet c) {
-  n = any(PostUpdateNode pun | storeStep(_, c, pun)).getPreUpdateNode()
+  n = any(PostUpdateNode pun | storeStep(_, c, pun)).getPreUpdateNode() and
+  (
+    c.isSingleton(any(Content::FieldContent fc)) or
+    c.isSingleton(any(Content::TupleContent tc))
+  )
 }
 
 /**
diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Array.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Array.qll
@@ -9,7 +9,7 @@ private import codeql.swift.dataflow.ExternalFlow
  * An instance of the `Array` type.
  */
 class ArrayType extends Type {
-  ArrayType() { this.getName().matches("Array<%") or this.getName().matches("[%]") }
+  ArrayType() { this.getCanonicalType().getName().matches("Array<%") }
 }
 
 /**
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -404,25 +404,42 @@ edges
 | test.swift:756:15:756:19 | .v2 [some:0] | test.swift:756:15:756:21 | ...! |
 | test.swift:757:15:757:15 | mo1 [v3] | test.swift:732:9:732:9 | self [v3] |
 | test.swift:757:15:757:15 | mo1 [v3] | test.swift:757:15:757:19 | .v3 |
-| test.swift:767:5:767:5 | [post] dict1 [Array element] | test.swift:769:15:769:15 | dict1 [Array element] |
-| test.swift:767:16:767:23 | call to source() | test.swift:767:5:767:5 | [post] dict1 [Array element] |
-| test.swift:769:15:769:15 | dict1 [Array element] | test.swift:769:15:769:22 | ...[...] |
+| test.swift:767:5:767:5 | [post] dict1 [Collection element, Tuple element at index 1] | test.swift:769:15:769:15 | dict1 [Collection element, Tuple element at index 1] |
+| test.swift:767:5:767:12 | DictionarySubscriptNode [Tuple element at index 1] | test.swift:767:5:767:5 | [post] dict1 [Collection element, Tuple element at index 1] |
+| test.swift:767:16:767:23 | call to source() | test.swift:767:5:767:12 | DictionarySubscriptNode [Tuple element at index 1] |
+| test.swift:769:15:769:15 | dict1 [Collection element, Tuple element at index 1] | test.swift:769:15:769:22 | DictionarySubscriptNode [Tuple element at index 1] |
+| test.swift:769:15:769:22 | DictionarySubscriptNode [Tuple element at index 1] | test.swift:769:15:769:22 | ...[...] |
 | test.swift:779:17:779:29 | [...] [Collection element, Tuple element at index 1] | test.swift:780:15:780:15 | dict3 [Collection element, Tuple element at index 1] |
 | test.swift:779:17:779:29 | [...] [Collection element, Tuple element at index 1] | test.swift:782:5:782:5 | dict3 [Collection element, Tuple element at index 1] |
+| test.swift:779:17:779:29 | [...] [Collection element, Tuple element at index 1] | test.swift:785:15:785:15 | dict3 [Collection element, Tuple element at index 1] |
 | test.swift:779:18:779:28 | (...) [Tuple element at index 1] | test.swift:779:17:779:29 | [...] [Collection element, Tuple element at index 1] |
 | test.swift:779:21:779:28 | call to source() | test.swift:779:18:779:28 | (...) [Tuple element at index 1] |
 | test.swift:780:15:780:15 | dict3 [Collection element, Tuple element at index 1] | test.swift:780:15:780:22 | DictionarySubscriptNode [Tuple element at index 1] |
 | test.swift:780:15:780:22 | DictionarySubscriptNode [Tuple element at index 1] | test.swift:780:15:780:22 | ...[...] |
-| test.swift:782:5:782:5 | dict3 [Collection element, Tuple element at index 1] | test.swift:785:15:785:15 | dict3 [Collection element, Tuple element at index 1] |
+| test.swift:782:5:782:5 | [post] dict3 [Collection element, Tuple element at index 0] | test.swift:784:15:784:15 | dict3 [Collection element, Tuple element at index 0] |
+| test.swift:782:5:782:5 | [post] dict3 [Collection element, Tuple element at index 1] | test.swift:785:15:785:15 | dict3 [Collection element, Tuple element at index 1] |
+| test.swift:782:5:782:5 | dict3 [Collection element, Tuple element at index 1] | test.swift:782:5:782:19 | DictionarySubscriptNode [Tuple element at index 1] |
+| test.swift:782:5:782:19 | DictionarySubscriptNode [Tuple element at index 0] | test.swift:782:5:782:5 | [post] dict3 [Collection element, Tuple element at index 0] |
+| test.swift:782:5:782:19 | DictionarySubscriptNode [Tuple element at index 1] | test.swift:782:5:782:5 | [post] dict3 [Collection element, Tuple element at index 1] |
+| test.swift:782:11:782:18 | call to source() | test.swift:782:5:782:19 | DictionarySubscriptNode [Tuple element at index 0] |
+| test.swift:784:15:784:15 | dict3 [Collection element, Tuple element at index 0] | test.swift:784:15:784:35 | call to randomElement() [some:0, Tuple element at index 0] |
+| test.swift:784:15:784:35 | call to randomElement() [some:0, Tuple element at index 0] | test.swift:784:15:784:36 | ...! [Tuple element at index 0] |
+| test.swift:784:15:784:36 | ...! [Tuple element at index 0] | test.swift:784:15:784:38 | .0 |
 | test.swift:785:15:785:15 | dict3 [Collection element, Tuple element at index 1] | test.swift:785:15:785:35 | call to randomElement() [some:0, Tuple element at index 1] |
 | test.swift:785:15:785:35 | call to randomElement() [some:0, Tuple element at index 1] | test.swift:785:15:785:36 | ...! [Tuple element at index 1] |
 | test.swift:785:15:785:36 | ...! [Tuple element at index 1] | test.swift:785:15:785:38 | .1 |
+| test.swift:792:17:792:28 | [...] [Collection element, Tuple element at index 1] | test.swift:793:15:793:15 | dict4 [Collection element, Tuple element at index 1] |
+| test.swift:792:17:792:28 | [...] [Collection element, Tuple element at index 1] | test.swift:794:15:794:15 | dict4 [Collection element, Tuple element at index 1] |
 | test.swift:792:17:792:28 | [...] [Collection element, Tuple element at index 1] | test.swift:796:15:796:15 | dict4 [Collection element, Tuple element at index 1] |
 | test.swift:792:18:792:27 | (...) [Tuple element at index 1] | test.swift:792:17:792:28 | [...] [Collection element, Tuple element at index 1] |
 | test.swift:792:20:792:27 | call to source() | test.swift:792:18:792:27 | (...) [Tuple element at index 1] |
 | test.swift:793:15:793:15 | [post] dict4 [Collection element, Tuple element at index 0] | test.swift:795:15:795:15 | dict4 [Collection element, Tuple element at index 0] |
+| test.swift:793:15:793:15 | dict4 [Collection element, Tuple element at index 1] | test.swift:793:15:793:52 | call to updateValue(_:forKey:) [some:0] |
+| test.swift:793:15:793:52 | call to updateValue(_:forKey:) [some:0] | test.swift:793:15:793:53 | ...! |
 | test.swift:793:44:793:51 | call to source() | test.swift:793:15:793:15 | [post] dict4 [Collection element, Tuple element at index 0] |
 | test.swift:794:15:794:15 | [post] dict4 [Collection element, Tuple element at index 1] | test.swift:796:15:796:15 | dict4 [Collection element, Tuple element at index 1] |
+| test.swift:794:15:794:15 | dict4 [Collection element, Tuple element at index 1] | test.swift:794:15:794:52 | call to updateValue(_:forKey:) [some:0] |
+| test.swift:794:15:794:52 | call to updateValue(_:forKey:) [some:0] | test.swift:794:15:794:53 | ...! |
 | test.swift:794:33:794:40 | call to source() | test.swift:794:15:794:15 | [post] dict4 [Collection element, Tuple element at index 1] |
 | test.swift:795:15:795:15 | dict4 [Collection element, Tuple element at index 0] | test.swift:795:15:795:35 | call to randomElement() [some:0, Tuple element at index 0] |
 | test.swift:795:15:795:35 | call to randomElement() [some:0, Tuple element at index 0] | test.swift:795:15:795:36 | ...! [Tuple element at index 0] |
@@ -875,17 +892,28 @@ nodes
 | test.swift:756:15:756:21 | ...! | semmle.label | ...! |
 | test.swift:757:15:757:15 | mo1 [v3] | semmle.label | mo1 [v3] |
 | test.swift:757:15:757:19 | .v3 | semmle.label | .v3 |
-| test.swift:767:5:767:5 | [post] dict1 [Array element] | semmle.label | [post] dict1 [Array element] |
+| test.swift:767:5:767:5 | [post] dict1 [Collection element, Tuple element at index 1] | semmle.label | [post] dict1 [Collection element, Tuple element at index 1] |
+| test.swift:767:5:767:12 | DictionarySubscriptNode [Tuple element at index 1] | semmle.label | DictionarySubscriptNode [Tuple element at index 1] |
 | test.swift:767:16:767:23 | call to source() | semmle.label | call to source() |
-| test.swift:769:15:769:15 | dict1 [Array element] | semmle.label | dict1 [Array element] |
+| test.swift:769:15:769:15 | dict1 [Collection element, Tuple element at index 1] | semmle.label | dict1 [Collection element, Tuple element at index 1] |
 | test.swift:769:15:769:22 | ...[...] | semmle.label | ...[...] |
+| test.swift:769:15:769:22 | DictionarySubscriptNode [Tuple element at index 1] | semmle.label | DictionarySubscriptNode [Tuple element at index 1] |
 | test.swift:779:17:779:29 | [...] [Collection element, Tuple element at index 1] | semmle.label | [...] [Collection element, Tuple element at index 1] |
 | test.swift:779:18:779:28 | (...) [Tuple element at index 1] | semmle.label | (...) [Tuple element at index 1] |
 | test.swift:779:21:779:28 | call to source() | semmle.label | call to source() |
 | test.swift:780:15:780:15 | dict3 [Collection element, Tuple element at index 1] | semmle.label | dict3 [Collection element, Tuple element at index 1] |
 | test.swift:780:15:780:22 | ...[...] | semmle.label | ...[...] |
 | test.swift:780:15:780:22 | DictionarySubscriptNode [Tuple element at index 1] | semmle.label | DictionarySubscriptNode [Tuple element at index 1] |
+| test.swift:782:5:782:5 | [post] dict3 [Collection element, Tuple element at index 0] | semmle.label | [post] dict3 [Collection element, Tuple element at index 0] |
+| test.swift:782:5:782:5 | [post] dict3 [Collection element, Tuple element at index 1] | semmle.label | [post] dict3 [Collection element, Tuple element at index 1] |
 | test.swift:782:5:782:5 | dict3 [Collection element, Tuple element at index 1] | semmle.label | dict3 [Collection element, Tuple element at index 1] |
+| test.swift:782:5:782:19 | DictionarySubscriptNode [Tuple element at index 0] | semmle.label | DictionarySubscriptNode [Tuple element at index 0] |
+| test.swift:782:5:782:19 | DictionarySubscriptNode [Tuple element at index 1] | semmle.label | DictionarySubscriptNode [Tuple element at index 1] |
+| test.swift:782:11:782:18 | call to source() | semmle.label | call to source() |
+| test.swift:784:15:784:15 | dict3 [Collection element, Tuple element at index 0] | semmle.label | dict3 [Collection element, Tuple element at index 0] |
+| test.swift:784:15:784:35 | call to randomElement() [some:0, Tuple element at index 0] | semmle.label | call to randomElement() [some:0, Tuple element at index 0] |
+| test.swift:784:15:784:36 | ...! [Tuple element at index 0] | semmle.label | ...! [Tuple element at index 0] |
+| test.swift:784:15:784:38 | .0 | semmle.label | .0 |
 | test.swift:785:15:785:15 | dict3 [Collection element, Tuple element at index 1] | semmle.label | dict3 [Collection element, Tuple element at index 1] |
 | test.swift:785:15:785:35 | call to randomElement() [some:0, Tuple element at index 1] | semmle.label | call to randomElement() [some:0, Tuple element at index 1] |
 | test.swift:785:15:785:36 | ...! [Tuple element at index 1] | semmle.label | ...! [Tuple element at index 1] |
@@ -894,8 +922,14 @@ nodes
 | test.swift:792:18:792:27 | (...) [Tuple element at index 1] | semmle.label | (...) [Tuple element at index 1] |
 | test.swift:792:20:792:27 | call to source() | semmle.label | call to source() |
 | test.swift:793:15:793:15 | [post] dict4 [Collection element, Tuple element at index 0] | semmle.label | [post] dict4 [Collection element, Tuple element at index 0] |
+| test.swift:793:15:793:15 | dict4 [Collection element, Tuple element at index 1] | semmle.label | dict4 [Collection element, Tuple element at index 1] |
+| test.swift:793:15:793:52 | call to updateValue(_:forKey:) [some:0] | semmle.label | call to updateValue(_:forKey:) [some:0] |
+| test.swift:793:15:793:53 | ...! | semmle.label | ...! |
 | test.swift:793:44:793:51 | call to source() | semmle.label | call to source() |
 | test.swift:794:15:794:15 | [post] dict4 [Collection element, Tuple element at index 1] | semmle.label | [post] dict4 [Collection element, Tuple element at index 1] |
+| test.swift:794:15:794:15 | dict4 [Collection element, Tuple element at index 1] | semmle.label | dict4 [Collection element, Tuple element at index 1] |
+| test.swift:794:15:794:52 | call to updateValue(_:forKey:) [some:0] | semmle.label | call to updateValue(_:forKey:) [some:0] |
+| test.swift:794:15:794:53 | ...! | semmle.label | ...! |
 | test.swift:794:33:794:40 | call to source() | semmle.label | call to source() |
 | test.swift:795:15:795:15 | dict4 [Collection element, Tuple element at index 0] | semmle.label | dict4 [Collection element, Tuple element at index 0] |
 | test.swift:795:15:795:35 | call to randomElement() [some:0, Tuple element at index 0] | semmle.label | call to randomElement() [some:0, Tuple element at index 0] |
@@ -1054,7 +1088,10 @@ subpaths
 | test.swift:757:15:757:19 | .v3 | test.swift:747:14:747:21 | call to source() | test.swift:757:15:757:19 | .v3 | result |
 | test.swift:769:15:769:22 | ...[...] | test.swift:767:16:767:23 | call to source() | test.swift:769:15:769:22 | ...[...] | result |
 | test.swift:780:15:780:22 | ...[...] | test.swift:779:21:779:28 | call to source() | test.swift:780:15:780:22 | ...[...] | result |
+| test.swift:784:15:784:38 | .0 | test.swift:782:11:782:18 | call to source() | test.swift:784:15:784:38 | .0 | result |
 | test.swift:785:15:785:38 | .1 | test.swift:779:21:779:28 | call to source() | test.swift:785:15:785:38 | .1 | result |
+| test.swift:793:15:793:53 | ...! | test.swift:792:20:792:27 | call to source() | test.swift:793:15:793:53 | ...! | result |
+| test.swift:794:15:794:53 | ...! | test.swift:792:20:792:27 | call to source() | test.swift:794:15:794:53 | ...! | result |
 | test.swift:795:15:795:38 | .0 | test.swift:793:44:793:51 | call to source() | test.swift:795:15:795:38 | .0 | result |
 | test.swift:796:15:796:38 | .1 | test.swift:792:20:792:27 | call to source() | test.swift:796:15:796:38 | .1 | result |
 | test.swift:796:15:796:38 | .1 | test.swift:794:33:794:40 | call to source() | test.swift:796:15:796:38 | .1 | result |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -781,17 +781,17 @@ func testDictionary() {
 
     dict3[source()] = 2
 
-    sink(arg: dict3.randomElement()!.0) // $ MISSING: flow=779
-    sink(arg: dict3.randomElement()!.1) // $ SPURIOUS: flow=779 MISSING: flow=782
+    sink(arg: dict3.randomElement()!.0) // $ flow=782
+    sink(arg: dict3.randomElement()!.1) // $ flow=779
 
     for (key, value) in dict3 {
         sink(arg: key) // $ MISSING: flow=782
         sink(arg: value) // $ MISSING: flow=779
     }
 
     var dict4 = [1:source()]
-    sink(arg: dict4.updateValue(1, forKey: source())!)
-    sink(arg: dict4.updateValue(source(), forKey: 2)!)
+    sink(arg: dict4.updateValue(1, forKey: source())!) // $ flow=792
+    sink(arg: dict4.updateValue(source(), forKey: 2)!) // $ SPURIOUS: flow=792
     sink(arg: dict4.randomElement()!.0) // $ flow=793
     sink(arg: dict4.randomElement()!.1) // $ flow=792 flow=794
     sink(arg: dict4.keys.randomElement()) // $ MISSING: flow=793

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ private import codeql.swift.dataflow.ExternalFlow`
`9`	`9`	* An instance of the `Array` type.
`10`	`10`	`*/`
`11`	`11`	`class ArrayType extends Type {`
`12`		`- ArrayType() { this.getName().matches("Array<%") or this.getName().matches("[%]") }`
	`12`	`+ ArrayType() { this.getCanonicalType().getName().matches("Array<%") }`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`/**`