Data flow: Move C# lambda flow logic into shared library

Author: hvitved

csharp/ql/src/semmle/code/csharp/dataflow/CallContext.qll

@@ -1,4 +1,6 @@
 /**
+ * DEPRECATED.
+ *
  * Provides classes for data flow call contexts.
  */
 
@@ -15,39 +17,44 @@ private newtype TCallContext =
   TArgFunctionPointerCallContext(FunctionPointerCall fptrc, int i) { exists(fptrc.getArgument(i)) }
 
 /**
+ * DEPRECATED.
+ *
  * A call context.
  *
  * A call context records the origin of data flow into callables.
  */
-class CallContext extends TCallContext {
+deprecated class CallContext extends TCallContext {
   /** Gets a textual representation of this call context. */
   string toString() { none() }
 
   /** Gets the location of this call context, if any. */
   Location getLocation() { none() }
 }
 
-/** An empty call context. */
-class EmptyCallContext extends CallContext, TEmptyCallContext {
+/** DEPRECATED. An empty call context. */
+deprecated class EmptyCallContext extends CallContext, TEmptyCallContext {
   override string toString() { result = "<empty>" }
 
   override EmptyLocation getLocation() { any() }
 }
 
 /**
+ * DEPRECATED.
+ *
  * An argument call context, that is a call argument through which data flows
  * into a callable.
  */
-abstract class ArgumentCallContext extends CallContext {
+abstract deprecated class ArgumentCallContext extends CallContext {
   /**
    * Holds if this call context represents the argument at position `i` of the
    * call expression `call`.
    */
   abstract predicate isArgument(Expr call, int i);
 }
 
-/** An argument of a non-delegate call. */
-class NonDelegateCallArgumentCallContext extends ArgumentCallContext, TArgNonDelegateCallContext {
+/** DEPRECATED. An argument of a non-delegate call. */
+deprecated class NonDelegateCallArgumentCallContext extends ArgumentCallContext,
+  TArgNonDelegateCallContext {
   Expr arg;
 
   NonDelegateCallArgumentCallContext() { this = TArgNonDelegateCallContext(arg) }
@@ -61,8 +68,8 @@ class NonDelegateCallArgumentCallContext extends ArgumentCallContext, TArgNonDel
   override Location getLocation() { result = arg.getLocation() }
 }
 
-/** An argument of a delegate or function pointer call. */
-class DelegateLikeCallArgumentCallContext extends ArgumentCallContext {
+/** DEPRECATED. An argument of a delegate or function pointer call. */
+deprecated class DelegateLikeCallArgumentCallContext extends ArgumentCallContext {
   DelegateLikeCall dc;
   int arg;
 
@@ -80,10 +87,10 @@ class DelegateLikeCallArgumentCallContext extends ArgumentCallContext {
   override Location getLocation() { result = dc.getArgument(arg).getLocation() }
 }
 
-/** An argument of a delegate call. */
-class DelegateCallArgumentCallContext extends DelegateLikeCallArgumentCallContext,
+/** DEPRECATED. An argument of a delegate call. */
+deprecated class DelegateCallArgumentCallContext extends DelegateLikeCallArgumentCallContext,
   TArgDelegateCallContext { }
 
-/** An argument of a function pointer call. */
-class FunctionPointerCallArgumentCallContext extends DelegateLikeCallArgumentCallContext,
+/** DEPRECATED. An argument of a function pointer call. */
+deprecated class FunctionPointerCallArgumentCallContext extends DelegateLikeCallArgumentCallContext,
   TArgFunctionPointerCallContext { }

csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll

@@ -1,8 +1,8 @@
 private import csharp
 private import cil
 private import dotnet
+private import DataFlowPublic
 private import DataFlowPrivate
-private import DelegateDataFlow
 private import FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.FlowSummary
 private import semmle.code.csharp.dispatch.Dispatch
@@ -131,51 +131,24 @@ private module Cached {
 import Cached
 
 private module DispatchImpl {
-  private import CallContext
-
-  /**
-   * Gets a viable run-time target for the delegate call `call`, requiring
-   * call context `cc`.
-   */
-  private DataFlowCallable viableDelegateCallable(DataFlowCall call, CallContext cc) {
-    result = call.(DelegateDataFlowCall).getARuntimeTarget(cc)
-  }
-
   /**
    * Holds if the set of viable implementations that can be called by `call`
    * might be improved by knowing the call context. This is the case if the
    * call is a delegate call, or if the qualifier accesses a parameter of
    * the enclosing callable `c` (including the implicit `this` parameter).
    */
-  predicate mayBenefitFromCallContext(DataFlowCall call, Callable c) {
+  predicate mayBenefitFromCallContext(NonDelegateDataFlowCall call, Callable c) {
     c = call.getEnclosingCallable() and
-    (
-      exists(CallContext cc | exists(viableDelegateCallable(call, cc)) |
-        not cc instanceof EmptyCallContext
-      )
-      or
-      call.(NonDelegateDataFlowCall).getDispatchCall().mayBenefitFromCallContext()
-    )
+    call.getDispatchCall().mayBenefitFromCallContext()
   }
 
   /**
    * Gets a viable dispatch target of `call` in the context `ctx`. This is
    * restricted to those `call`s for which a context might make a difference.
    */
-  DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) {
-    exists(ArgumentCallContext cc | result = viableDelegateCallable(call, cc) |
-      cc.isArgument(ctx.getExpr(), _)
-    )
-    or
-    exists(DataFlowCallable enclosing |
-      mayBenefitFromCallContext(call, enclosing) and
-      ctx.getARuntimeTarget() = enclosing and
-      result = viableDelegateCallable(call, any(EmptyCallContext ecc))
-    )
-    or
+  DataFlowCallable viableImplInCallContext(NonDelegateDataFlowCall call, DataFlowCall ctx) {
     result =
-      call.(NonDelegateDataFlowCall)
-          .getDispatchCall()
+      call.getDispatchCall()
           .getADynamicTargetInCallContext(ctx.(NonDelegateDataFlowCall).getDispatchCall())
           .getUnboundDeclaration()
   }
@@ -307,12 +280,7 @@ class NonDelegateDataFlowCall extends DataFlowCall, TNonDelegateCall {
 }
 
 /** A delegate call relevant for data flow. */
-abstract class DelegateDataFlowCall extends DataFlowCall {
-  /** Gets a viable run-time target of this call requiring call context `cc`. */
-  abstract DataFlowCallable getARuntimeTarget(CallContext::CallContext cc);
-
-  override DataFlowCallable getARuntimeTarget() { result = this.getARuntimeTarget(_) }
-}
+abstract class DelegateDataFlowCall extends DataFlowCall { }
 
 /** An explicit delegate or function pointer call relevant for data flow. */
 class ExplicitDelegateLikeDataFlowCall extends DelegateDataFlowCall, TExplicitDelegateLikeCall {
@@ -321,8 +289,11 @@ class ExplicitDelegateLikeDataFlowCall extends DelegateDataFlowCall, TExplicitDe
 
   ExplicitDelegateLikeDataFlowCall() { this = TExplicitDelegateLikeCall(cfn, dc) }
 
-  override DataFlowCallable getARuntimeTarget(CallContext::CallContext cc) {
-    result = getCallableForDataFlow(dc.getARuntimeTarget(cc))
+  /** Gets the underlying call. */
+  DelegateLikeCall getCall() { result = dc }
+
+  override DataFlowCallable getARuntimeTarget() {
+    none() // handled by the shared library
   }
 
   override ControlFlow::Nodes::ElementNode getControlFlowNode() { result = cfn }
@@ -395,11 +366,11 @@ class SummaryDelegateCall extends DelegateDataFlowCall, TSummaryDelegateCall {
 
   SummaryDelegateCall() { this = TSummaryDelegateCall(c, pos) }
 
-  override DataFlowCallable getARuntimeTarget(CallContext::CallContext cc) {
-    exists(SummaryDelegateParameterSink p |
-      p.isParameterOf(c, pos) and
-      result = p.getARuntimeTarget(cc)
-    )
+  /** Gets the parameter node that this delegate call targets. */
+  ParameterNode getParameterNode() { result.isParameterOf(c, pos) }
+
+  override DataFlowCallable getARuntimeTarget() {
+    none() // handled by the shared library
   }
 
   override ControlFlow::Nodes::ElementNode getControlFlowNode() { none() }