C#: Adjust to FlowSummaryImpl changes.

Author: aschackmull

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll

@@ -128,7 +128,9 @@ private module Cached {
       // No need to include calls that are compiled from source
       not call.getImplementation().getMethod().compiledFromSource()
     } or
-    TSummaryCall(FlowSummaryImpl::Public::SummarizedCallable c, Node receiver) {
+    TSummaryCall(
+      FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver
+    ) {
       FlowSummaryImpl::Private::summaryCallbackRange(c, receiver)
     }
 
@@ -472,12 +474,12 @@ class CilDataFlowCall extends DataFlowCall, TCilCall {
  */
 class SummaryCall extends DelegateDataFlowCall, TSummaryCall {
   private FlowSummaryImpl::Public::SummarizedCallable c;
-  private Node receiver;
+  private FlowSummaryImpl::Private::SummaryNode receiver;
 
   SummaryCall() { this = TSummaryCall(c, receiver) }
 
   /** Gets the data flow node that this call targets. */
-  Node getReceiver() { result = receiver }
+  FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver }
 
   override DataFlowCallable getARuntimeTarget() {
     none() // handled by the shared library

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll

@@ -500,7 +500,7 @@ module LocalFlow {
    * inter-procedurality or field-sensitivity.
    */
   predicate excludeFromExposedRelations(Node n) {
-    n instanceof SummaryNode or
+    n instanceof FlowSummaryNode or
     n instanceof ImplicitCapturedArgumentNode
   }
 
@@ -559,7 +559,8 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
   or
   LocalFlow::localFlowCapturedVarStep(nodeFrom, nodeTo)
   or
-  FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, true)
+  FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(),
+    nodeTo.(FlowSummaryNode).getSummaryNode(), true)
   or
   nodeTo.(ObjectCreationNode).getPreUpdateNode() = nodeFrom.(ObjectInitializerNode)
 }
@@ -805,7 +806,8 @@ private module Cached {
 
   // Add artificial dependencies to enforce all cached predicates are evaluated
   // in the "DataFlowImplCommon stage"
-  private predicate forceCaching() {
+  cached
+  predicate forceCaching() {
     TaintTrackingPrivate::forceCachingInSameStage() or
     exists(any(NodeImpl n).getTypeImpl()) or
     exists(any(NodeImpl n).getControlFlowNodeImpl()) or
@@ -815,10 +817,7 @@ private module Cached {
 
   cached
   newtype TNode =
-    TExprNode(ControlFlow::Nodes::ElementNode cfn) {
-      forceCaching() and
-      cfn.getElement() instanceof Expr
-    } or
+    TExprNode(ControlFlow::Nodes::ElementNode cfn) { cfn.getElement() instanceof Expr } or
     TCilExprNode(CIL::Expr e) { e.getImplementation() instanceof CIL::BestImplementation } or
     TCilSsaDefinitionExtNode(CilSsaImpl::DefinitionExt def) or
     TSsaDefinitionExtNode(SsaImpl::DefinitionExt def) {
@@ -867,12 +866,7 @@ private module Cached {
         )
       )
     } or
-    TSummaryNode(DataFlowSummarizedCallable c, FlowSummaryImpl::Private::SummaryNodeState state) {
-      FlowSummaryImpl::Private::summaryNodeRange(c, state)
-    } or
-    TSummaryParameterNode(DataFlowSummarizedCallable c, ParameterPosition pos) {
-      FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
-    } or
+    TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
     TParamsArgumentNode(ControlFlow::Node callCfn) {
       callCfn = any(Call c | isParamsArg(c, _, _)).getAControlFlowNode()
     }
@@ -977,9 +971,7 @@ predicate nodeIsHidden(Node n) {
   or
   n instanceof MallocNode
   or
-  n instanceof SummaryNode
-  or
-  n instanceof SummaryParameterNode
+  n instanceof FlowSummaryNode
   or
   n instanceof ParamsArgumentNode
   or
@@ -1132,29 +1124,28 @@ private module ParameterNodes {
   }
 
   /** A parameter for a library callable with a flow summary. */
-  class SummaryParameterNode extends ParameterNodeImpl, TSummaryParameterNode {
-    private FlowSummaryImpl::Public::SummarizedCallable sc;
-    private ParameterPosition pos_;
+  class SummaryParameterNode extends ParameterNodeImpl, FlowSummaryNode {
+    SummaryParameterNode() {
+      FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), _)
+    }
 
-    SummaryParameterNode() { this = TSummaryParameterNode(sc, pos_) }
+    private ParameterPosition getPosition() {
+      FlowSummaryImpl::Private::summaryParameterNode(this.getSummaryNode(), result)
+    }
 
     override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
-      sc = c.asSummarizedCallable() and pos = pos_
+      this.getSummarizedCallable() = c.asSummarizedCallable() and pos = this.getPosition()
     }
 
-    override DataFlowCallable getEnclosingCallableImpl() { result.asSummarizedCallable() = sc }
-
     override Type getTypeImpl() {
-      exists(int i | pos_.getPosition() = i and result = sc.getParameter(i).getType())
+      exists(int i |
+        this.getPosition().getPosition() = i and
+        result = this.getSummarizedCallable().getParameter(i).getType()
+      )
       or
-      pos_.isThisParameter() and result = sc.getDeclaringType()
+      this.getPosition().isThisParameter() and
+      result = this.getSummarizedCallable().getDeclaringType()
     }
-
-    override ControlFlow::Node getControlFlowNodeImpl() { none() }
-
-    override EmptyLocation getLocationImpl() { any() }
-
-    override string toStringImpl() { result = "parameter " + pos_ + " of " + sc }
   }
 }
 
@@ -1323,11 +1314,13 @@ private module ArgumentNodes {
     override string toStringImpl() { result = "[implicit array creation] " + callCfn }
   }
 
-  private class SummaryArgumentNode extends SummaryNode, ArgumentNodeImpl {
-    SummaryArgumentNode() { FlowSummaryImpl::Private::summaryArgumentNode(_, this, _) }
+  private class SummaryArgumentNode extends FlowSummaryNode, ArgumentNodeImpl {
+    SummaryArgumentNode() {
+      FlowSummaryImpl::Private::summaryArgumentNode(_, this.getSummaryNode(), _)
+    }
 
     override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
-      FlowSummaryImpl::Private::summaryArgumentNode(call, this, pos)
+      FlowSummaryImpl::Private::summaryArgumentNode(call, this.getSummaryNode(), pos)
     }
   }
 }
@@ -1469,11 +1462,11 @@ private module ReturnNodes {
     }
   }
 
-  private class SummaryReturnNode extends SummaryNode, ReturnNode {
+  private class SummaryReturnNode extends FlowSummaryNode, ReturnNode {
     private ReturnKind rk;
 
     SummaryReturnNode() {
-      FlowSummaryImpl::Private::summaryReturnNode(this, rk) and
+      FlowSummaryImpl::Private::summaryReturnNode(this.getSummaryNode(), rk) and
       not rk instanceof JumpReturnKind
       or
       exists(Parameter p, int pos |
@@ -1494,9 +1487,9 @@ private module ReturnNodes {
  * Holds if summary node `n` is a post-update node for `out`/`ref` parameter `p`.
  * In this case we adjust it to instead be a return node.
  */
-private predicate summaryPostUpdateNodeIsOutOrRef(SummaryNode n, Parameter p) {
-  exists(ParameterNodeImpl pn, DataFlowCallable c, ParameterPosition pos |
-    FlowSummaryImpl::Private::summaryPostUpdateNode(n, pn) and
+private predicate summaryPostUpdateNodeIsOutOrRef(FlowSummaryNode n, Parameter p) {
+  exists(SummaryParameterNode pn, DataFlowCallable c, ParameterPosition pos |
+    FlowSummaryImpl::Private::summaryPostUpdateNode(n.getSummaryNode(), pn.getSummaryNode()) and
     pn.isParameterOf(c, pos) and
     p = c.asSummarizedCallable().getParameter(pos.getPosition()) and
     p.isOutOrRef()
@@ -1609,37 +1602,40 @@ private module OutNodes {
     }
   }
 
-  private class SummaryOutNode extends SummaryNode, OutNode {
-    SummaryOutNode() { FlowSummaryImpl::Private::summaryOutNode(_, this, _) }
+  private class SummaryOutNode extends FlowSummaryNode, OutNode {
+    SummaryOutNode() { FlowSummaryImpl::Private::summaryOutNode(_, this.getSummaryNode(), _) }
 
     override DataFlowCall getCall(ReturnKind kind) {
-      FlowSummaryImpl::Private::summaryOutNode(result, this, kind)
+      FlowSummaryImpl::Private::summaryOutNode(result, this.getSummaryNode(), kind)
     }
   }
 }
 
 import OutNodes
 
 /** A data-flow node used to model flow summaries. */
-class SummaryNode extends NodeImpl, TSummaryNode {
-  private FlowSummaryImpl::Public::SummarizedCallable c;
-  private FlowSummaryImpl::Private::SummaryNodeState state;
+class FlowSummaryNode extends NodeImpl, TFlowSummaryNode {
+  FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) }
 
-  SummaryNode() { this = TSummaryNode(c, state) }
+  FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() {
+    result = this.getSummaryNode().getSummarizedCallable()
+  }
 
-  override DataFlowCallable getEnclosingCallableImpl() { result.asSummarizedCallable() = c }
+  override DataFlowCallable getEnclosingCallableImpl() {
+    result.asSummarizedCallable() = this.getSummarizedCallable()
+  }
 
   override DataFlowType getDataFlowType() {
-    result = FlowSummaryImpl::Private::summaryNodeType(this)
+    result = FlowSummaryImpl::Private::summaryNodeType(this.getSummaryNode())
   }
 
   override DotNet::Type getTypeImpl() { none() }
 
   override ControlFlow::Node getControlFlowNodeImpl() { none() }
 
-  override Location getLocationImpl() { result = c.getLocation() }
+  override Location getLocationImpl() { result = this.getSummarizedCallable().getLocation() }
 
-  override string toStringImpl() { result = "[summary] " + state + " in " + c }
+  override string toStringImpl() { result = this.getSummaryNode().toString() }
 }
 
 /** A field or a property. */
@@ -1719,12 +1715,13 @@ predicate jumpStep(Node pred, Node succ) {
   )
   or
   exists(JumpReturnKind jrk, NonDelegateDataFlowCall call |
-    FlowSummaryImpl::Private::summaryReturnNode(pred, jrk) and
+    FlowSummaryImpl::Private::summaryReturnNode(pred.(FlowSummaryNode).getSummaryNode(), jrk) and
     jrk.getTarget() = call.getATarget(_) and
     succ = getAnOutNode(call, jrk.getTargetReturnKind())
   )
   or
-  FlowSummaryImpl::Private::Steps::summaryJumpStep(pred, succ)
+  FlowSummaryImpl::Private::Steps::summaryJumpStep(pred.(FlowSummaryNode).getSummaryNode(),
+    succ.(FlowSummaryNode).getSummaryNode())
 }
 
 private class StoreStepConfiguration extends ControlFlowReachabilityConfiguration {
@@ -1784,7 +1781,8 @@ predicate storeStep(Node node1, Content c, Node node2) {
     c = getResultContent()
   )
   or
-  FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, c, node2)
+  FlowSummaryImpl::Private::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c,
+    node2.(FlowSummaryNode).getSummaryNode())
 }
 
 private class ReadStepConfiguration extends ControlFlowReachabilityConfiguration {
@@ -1907,7 +1905,8 @@ predicate readStep(Node node1, Content c, Node node2) {
     )
   )
   or
-  FlowSummaryImpl::Private::Steps::summaryReadStep(node1, c, node2)
+  FlowSummaryImpl::Private::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), c,
+    node2.(FlowSummaryNode).getSummaryNode())
 }
 
 /**
@@ -1920,7 +1919,7 @@ predicate clearsContent(Node n, Content c) {
   or
   fieldOrPropertyStore(_, c, _, n.(ObjectInitializerNode).getInitializer(), false)
   or
-  FlowSummaryImpl::Private::Steps::summaryClearsContent(n, c)
+  FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c)
   or
   exists(WithExpr we, ObjectInitializer oi, FieldOrProperty f |
     oi = we.getInitializer() and
@@ -1935,7 +1934,7 @@ predicate clearsContent(Node n, Content c) {
  * at node `n`.
  */
 predicate expectsContent(Node n, ContentSet c) {
-  FlowSummaryImpl::Private::Steps::summaryExpectsContent(n, c)
+  FlowSummaryImpl::Private::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c)
 }
 
 /**
@@ -2130,14 +2129,15 @@ private module PostUpdateNodes {
     override string toStringImpl() { result = "[post] " + cfn.toString() }
   }
 
-  private class SummaryPostUpdateNode extends SummaryNode, PostUpdateNode {
+  private class SummaryPostUpdateNode extends FlowSummaryNode, PostUpdateNode {
     SummaryPostUpdateNode() {
-      FlowSummaryImpl::Private::summaryPostUpdateNode(this, _) and
+      FlowSummaryImpl::Private::summaryPostUpdateNode(this.getSummaryNode(), _) and
       not summaryPostUpdateNodeIsOutOrRef(this, _)
     }
 
     override Node getPreUpdateNode() {
-      FlowSummaryImpl::Private::summaryPostUpdateNode(this, result)
+      FlowSummaryImpl::Private::summaryPostUpdateNode(this.getSummaryNode(),
+        result.(FlowSummaryNode).getSummaryNode())
     }
   }
 }
@@ -2233,7 +2233,7 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
         call.getControlFlowNode())
     )
     or
-    receiver = call.(SummaryCall).getReceiver()
+    receiver.(FlowSummaryNode).getSummaryNode() = call.(SummaryCall).getReceiver()
   ) and
   exists(kind)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -24,11 +24,8 @@ DataFlowCallable inject(SummarizedCallable c) { result.asSummarizedCallable() =
 /** Gets the parameter position of the instance parameter. */
 ArgumentPosition callbackSelfParameterPosition() { none() } // disables implicit summary flow to `this` for callbacks
 
-/** Gets the synthesized summary data-flow node for the given values. */
-Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = TSummaryNode(c, state) }
-
 /** Gets the synthesized data-flow call for `receiver`. */
-SummaryCall summaryDataFlowCall(Node receiver) { receiver = result.getReceiver() }
+SummaryCall summaryDataFlowCall(SummaryNode receiver) { receiver = result.getReceiver() }
 
 /** Gets the type of content `c`. */
 DataFlowType getContentType(Content c) {

csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll

@@ -156,7 +156,8 @@ private module Cached {
     // tracking configurations where the source is a collection
     readStep(nodeFrom, TElementContent(), nodeTo)
     or
-    FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom, nodeTo, false)
+    FlowSummaryImpl::Private::Steps::summaryLocalStep(nodeFrom.(FlowSummaryNode).getSummaryNode(),
+      nodeTo.(FlowSummaryNode).getSummaryNode(), false)
     or
     nodeTo = nodeFrom.(DataFlow::NonLocalJumpNode).getAJumpSuccessor(false)
   }