Swift: fix FPs with inout params in inits

rdmarsh2 · rdmarsh2 · commit 3bf3876c14fc · 2023-03-08T16:20:39.000Z
diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll
@@ -404,7 +404,10 @@ private module ReturnNodes {
    * implicitly returned as the newly-constructed object
    * */
   class SelfReturnNode extends InoutReturnNodeImpl {
-    SelfReturnNode() { exit.getScope() instanceof ConstructorDecl }
+    SelfReturnNode() {
+      exit.getScope() instanceof ConstructorDecl and
+      param instanceof SelfParamDecl
+    }
 
     override ReturnKind getKind() { result instanceof NormalReturnKind }
   }
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected
@@ -158,12 +158,9 @@ edges
 | test.swift:479:14:479:21 | call to source() :  | test.swift:479:13:479:21 | call to +(_:) |
 | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | self [str] :  |
 | test.swift:489:10:489:13 | s :  | test.swift:490:13:490:13 | s :  |
-| test.swift:490:7:490:7 | [post] self [str] :  | test.swift:489:5:491:5 | self[constructor return] [str] :  |
 | test.swift:490:7:490:7 | [post] self [str] :  | test.swift:489:5:491:5 | self[return] [str] :  |
 | test.swift:490:13:490:13 | s :  | test.swift:490:7:490:7 | [post] self [str] :  |
-| test.swift:495:17:498:5 | self[constructor return] [str] :  | test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  |
 | test.swift:495:17:498:5 | self[return] [str] :  | test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  |
-| test.swift:496:7:496:7 | [post] self [str] :  | test.swift:495:17:498:5 | self[constructor return] [str] :  |
 | test.swift:496:7:496:7 | [post] self [str] :  | test.swift:495:17:498:5 | self[return] [str] :  |
 | test.swift:496:7:496:7 | [post] self [str] :  | test.swift:497:17:497:17 | self [str] :  |
 | test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  |
@@ -351,16 +348,10 @@ nodes
 | test.swift:479:14:479:21 | call to source() :  | semmle.label | call to source() :  |
 | test.swift:480:14:480:21 | call to source() | semmle.label | call to source() |
 | test.swift:488:9:488:9 | self [str] :  | semmle.label | self [str] :  |
-| test.swift:489:5:491:5 | self[constructor return] [str] :  | semmle.label | self[constructor return] [str] :  |
-| test.swift:489:5:491:5 | self[constructor return] [str] :  | semmle.label | self[return] [str] :  |
-| test.swift:489:5:491:5 | self[return] [str] :  | semmle.label | self[constructor return] [str] :  |
 | test.swift:489:5:491:5 | self[return] [str] :  | semmle.label | self[return] [str] :  |
 | test.swift:489:10:489:13 | s :  | semmle.label | s :  |
 | test.swift:490:7:490:7 | [post] self [str] :  | semmle.label | [post] self [str] :  |
 | test.swift:490:13:490:13 | s :  | semmle.label | s :  |
-| test.swift:495:17:498:5 | self[constructor return] [str] :  | semmle.label | self[constructor return] [str] :  |
-| test.swift:495:17:498:5 | self[constructor return] [str] :  | semmle.label | self[return] [str] :  |
-| test.swift:495:17:498:5 | self[return] [str] :  | semmle.label | self[constructor return] [str] :  |
 | test.swift:495:17:498:5 | self[return] [str] :  | semmle.label | self[return] [str] :  |
 | test.swift:496:7:496:7 | [post] self [str] :  | semmle.label | [post] self [str] :  |
 | test.swift:496:20:496:28 | call to source3() :  | semmle.label | call to source3() :  |
@@ -403,11 +394,8 @@ subpaths
 | test.swift:303:15:303:16 | ...! :  | file://:0:0:0:0 | [summary param] this in signum() :  | file://:0:0:0:0 | [summary] to write: return (return) in signum() :  | test.swift:303:15:303:25 | call to signum() |
 | test.swift:468:12:468:12 | x :  | test.swift:462:9:462:9 | value :  | file://:0:0:0:0 | [post] self [x] :  | test.swift:468:5:468:5 | [post] cx [x] :  |
 | test.swift:472:20:472:20 | cx [x] :  | test.swift:462:9:462:9 | self [x] :  | file://:0:0:0:0 | .x :  | test.swift:472:20:472:23 | .x :  |
-| test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:489:5:491:5 | self[constructor return] [str] :  | test.swift:496:7:496:7 | [post] self [str] :  |
-| test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:489:5:491:5 | self[return] [str] :  | test.swift:496:7:496:7 | [post] self [str] :  |
 | test.swift:496:20:496:28 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:490:7:490:7 | [post] self [str] :  | test.swift:496:7:496:7 | [post] self [str] :  |
 | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | .str :  | test.swift:502:13:502:35 | .str |
-| test.swift:502:24:502:32 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:489:5:491:5 | self[constructor return] [str] :  | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  |
 | test.swift:502:24:502:32 | call to source3() :  | test.swift:489:10:489:13 | s :  | test.swift:489:5:491:5 | self[return] [str] :  | test.swift:502:13:502:33 | call to MyClass.init(s:) [str] :  |
 | test.swift:503:13:503:41 | call to Self.init(contentsOfFile:) [str] :  | test.swift:488:9:488:9 | self [str] :  | file://:0:0:0:0 | .str :  | test.swift:503:13:503:43 | .str |
 #select
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected
@@ -115,9 +115,7 @@
 | test.swift:163:7:163:7 | value | test.swift:163:7:163:7 | SSA def(value) |
 | test.swift:165:3:165:3 | SSA def(self) | test.swift:166:5:166:5 | self |
 | test.swift:165:3:165:3 | self | test.swift:165:3:165:3 | SSA def(self) |
-| test.swift:166:5:166:5 | [post] self | test.swift:165:3:167:3 | self[constructor return] |
 | test.swift:166:5:166:5 | [post] self | test.swift:165:3:167:3 | self[return] |
-| test.swift:166:5:166:5 | self | test.swift:165:3:167:3 | self[constructor return] |
 | test.swift:166:5:166:5 | self | test.swift:165:3:167:3 | self[return] |
 | test.swift:169:8:169:8 | SSA def(self) | test.swift:170:5:170:5 | self |
 | test.swift:169:8:169:8 | self | test.swift:169:8:169:8 | SSA def(self) |
@@ -141,9 +139,7 @@
 | test.swift:185:7:185:7 | value | test.swift:185:7:185:7 | SSA def(value) |
 | test.swift:187:3:187:3 | SSA def(self) | test.swift:188:5:188:5 | self |
 | test.swift:187:3:187:3 | self | test.swift:187:3:187:3 | SSA def(self) |
-| test.swift:188:5:188:5 | [post] self | test.swift:187:3:189:3 | self[constructor return] |
 | test.swift:188:5:188:5 | [post] self | test.swift:187:3:189:3 | self[return] |
-| test.swift:188:5:188:5 | self | test.swift:187:3:189:3 | self[constructor return] |
 | test.swift:188:5:188:5 | self | test.swift:187:3:189:3 | self[return] |
 | test.swift:193:7:193:7 | SSA def(b) | test.swift:194:3:194:3 | b |
 | test.swift:193:11:193:13 | call to B.init() | test.swift:193:7:193:7 | SSA def(b) |
@@ -165,7 +161,6 @@
 | test.swift:217:11:217:13 | call to B.init() | test.swift:217:7:217:7 | SSA def(b) |
 | test.swift:218:3:218:3 | [post] b | test.swift:219:13:219:13 | b |
 | test.swift:218:3:218:3 | b | test.swift:219:13:219:13 | b |
-| test.swift:222:7:222:7 | SSA def(self) | test.swift:222:7:222:7 | self[constructor return] |
 | test.swift:222:7:222:7 | SSA def(self) | test.swift:222:7:222:7 | self[return] |
 | test.swift:222:7:222:7 | SSA def(self) | test.swift:222:7:222:7 | self[return] |
 | test.swift:222:7:222:7 | self | test.swift:222:7:222:7 | SSA def(self) |
@@ -191,9 +186,7 @@
 | test.swift:243:18:243:18 | self | test.swift:243:9:243:42 | self[return] |
 | test.swift:246:5:246:5 | SSA def(self) | test.swift:247:9:247:9 | self |
 | test.swift:246:5:246:5 | self | test.swift:246:5:246:5 | SSA def(self) |
-| test.swift:247:9:247:9 | [post] self | test.swift:246:5:248:5 | self[constructor return] |
 | test.swift:247:9:247:9 | [post] self | test.swift:246:5:248:5 | self[return] |
-| test.swift:247:9:247:9 | self | test.swift:246:5:248:5 | self[constructor return] |
 | test.swift:247:9:247:9 | self | test.swift:246:5:248:5 | self[return] |
 | test.swift:252:23:252:23 | value | test.swift:252:23:252:23 | SSA def(value) |
 | test.swift:262:21:262:27 | SSA def(y) | test.swift:266:15:266:15 | y |
@@ -373,7 +366,6 @@
 | test.swift:448:10:448:37 | SSA def(b) | test.swift:450:19:450:19 | b |
 | test.swift:455:8:455:17 | SSA def(x) | test.swift:456:19:456:19 | x |
 | test.swift:455:8:455:17 | SSA def(y) | test.swift:457:19:457:19 | y |
-| test.swift:461:7:461:7 | SSA def(self) | test.swift:461:7:461:7 | self[constructor return] |
 | test.swift:461:7:461:7 | SSA def(self) | test.swift:461:7:461:7 | self[return] |
 | test.swift:461:7:461:7 | SSA def(self) | test.swift:461:7:461:7 | self[return] |
 | test.swift:461:7:461:7 | self | test.swift:461:7:461:7 | SSA def(self) |
@@ -409,17 +401,22 @@
 | test.swift:489:5:489:5 | self | test.swift:489:5:489:5 | SSA def(self) |
 | test.swift:489:10:489:13 | SSA def(s) | test.swift:490:13:490:13 | s |
 | test.swift:489:10:489:13 | s | test.swift:489:10:489:13 | SSA def(s) |
-| test.swift:490:7:490:7 | [post] self | test.swift:489:5:491:5 | self[constructor return] |
 | test.swift:490:7:490:7 | [post] self | test.swift:489:5:491:5 | self[return] |
-| test.swift:490:7:490:7 | self | test.swift:489:5:491:5 | self[constructor return] |
 | test.swift:490:7:490:7 | self | test.swift:489:5:491:5 | self[return] |
 | test.swift:495:17:495:17 | SSA def(self) | test.swift:496:7:496:7 | self |
 | test.swift:495:17:495:17 | self | test.swift:495:17:495:17 | SSA def(self) |
 | test.swift:496:7:496:7 | [post] self | test.swift:497:17:497:17 | self |
 | test.swift:496:7:496:7 | self | test.swift:497:17:497:17 | self |
-| test.swift:497:17:497:17 | [post] self | test.swift:495:17:498:5 | self[constructor return] |
 | test.swift:497:17:497:17 | [post] self | test.swift:495:17:498:5 | self[return] |
-| test.swift:497:17:497:17 | self | test.swift:495:17:498:5 | self[constructor return] |
 | test.swift:497:17:497:17 | self | test.swift:495:17:498:5 | self[return] |
 | test.swift:501:21:501:27 | SSA def(path) | test.swift:503:37:503:37 | path |
 | test.swift:501:21:501:27 | path | test.swift:501:21:501:27 | SSA def(path) |
+| test.swift:506:7:506:7 | SSA def(self) | test.swift:506:7:506:7 | self[return] |
+| test.swift:506:7:506:7 | self | test.swift:506:7:506:7 | SSA def(self) |
+| test.swift:507:3:507:3 | SSA def(self) | test.swift:507:3:507:40 | self[return] |
+| test.swift:507:3:507:3 | self | test.swift:507:3:507:3 | SSA def(self) |
+| test.swift:507:27:507:38 | SSA def(n) | test.swift:507:3:507:40 | n[return] |
+| test.swift:507:31:507:38 | call to source() | test.swift:507:27:507:38 | SSA def(n) |
+| test.swift:513:7:513:7 | SSA def(n) | test.swift:514:36:514:36 | n |
+| test.swift:513:11:513:11 | 0 | test.swift:513:7:513:7 | SSA def(n) |
+| test.swift:514:36:514:36 | n | test.swift:514:35:514:36 | &... |
diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift
@@ -502,3 +502,14 @@ func extensionInits(path: String) {
   sink(str: MyClass(s: source3()).str) // $ flow=502
   sink(str: MyClass(contentsOfFile: path).str) // $ flow=496
 }
+
+class InoutConstructorClass {
+  init(_ n : inout Int) { n = source() }
+}
+
+func sink(arg: InoutConstructorClass) {}
+
+func inoutConstructor() {
+  var n = 0
+  sink(arg: InoutConstructorClass(&n))
+}
