Updating PR per review comments. Moving more towards a simplified model.

Author: bdrodes

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -363,11 +363,11 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
   }
 
   final override predicate mayThrowException() {
-    expr.getTarget().(ThrowingFunction).mayThrowException(_)
+    expr.getTarget() instanceof AlwaysSehThrowingFunction
   }
 
   final override predicate mustThrowException() {
-    expr.getTarget().(ThrowingFunction).mayThrowException(true)
+    expr.getTarget() instanceof AlwaysSehThrowingFunction
   }
 }
 

cpp/ql/lib/semmle/code/cpp/models/implementations/Memcpy.qll

@@ -9,14 +9,14 @@ import semmle.code.cpp.models.interfaces.DataFlow
 import semmle.code.cpp.models.interfaces.Alias
 import semmle.code.cpp.models.interfaces.SideEffect
 import semmle.code.cpp.models.interfaces.Taint
-import semmle.code.cpp.models.interfaces.Throwing
+import semmle.code.cpp.models.interfaces.NonThrowing
 
 /**
  * The standard functions `memcpy`, `memmove` and `bcopy`; and the gcc variant
  * `__builtin___memcpy_chk`.
  */
 private class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffectFunction,
-  AliasFunction, NonThrowingFunction
+  AliasFunction, NonCppThrowingFunction
 {
   MemcpyFunction() {
     // memcpy(dest, src, num)
@@ -106,8 +106,6 @@ private class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffect
     not this.hasGlobalName(["bcopy", mempcpy(), "memccpy"]) and
     index = this.getParamDest()
   }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 private string mempcpy() { result = ["mempcpy", "wmempcpy"] }

cpp/ql/lib/semmle/code/cpp/models/implementations/Memset.qll

@@ -8,10 +8,10 @@ import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.DataFlow
 import semmle.code.cpp.models.interfaces.Alias
 import semmle.code.cpp.models.interfaces.SideEffect
-import semmle.code.cpp.models.interfaces.Throwing
+import semmle.code.cpp.models.interfaces.NonThrowing
 
 private class MemsetFunctionModel extends ArrayFunction, DataFlowFunction, AliasFunction,
-  SideEffectFunction, NonThrowingFunction
+  SideEffectFunction, NonCppThrowingFunction
 {
   MemsetFunctionModel() {
     this.hasGlobalOrStdOrBslName("memset")
@@ -74,8 +74,6 @@ private class MemsetFunctionModel extends ArrayFunction, DataFlowFunction, Alias
     i = 0 and
     if this.hasGlobalName(bzero()) then result = 1 else result = 2
   }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 private string bzero() { result = ["bzero", "explicit_bzero"] }

cpp/ql/lib/semmle/code/cpp/models/implementations/NoexceptFunction.qll

@@ -1,13 +1,11 @@
-import semmle.code.cpp.models.interfaces.Throwing
+import semmle.code.cpp.models.interfaces.NonThrowing
 
 /**
  * A function that is annotated with a `noexcept` specifier (or the equivalent
  * `throw()` specifier) guaranteeing that the function can not throw exceptions.
  *
  * Note: The `throw` specifier was deprecated in C++11 and removed in C++17.
  */
-class NoexceptFunction extends NonThrowingFunction {
+class NoexceptFunction extends NonCppThrowingFunction {
   NoexceptFunction() { this.isNoExcept() or this.isNoThrow() }
-
-  override TCxxException getExceptionType() { any() }
 }

cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll

@@ -8,12 +8,12 @@
 import semmle.code.cpp.models.interfaces.FormattingFunction
 import semmle.code.cpp.models.interfaces.Alias
 import semmle.code.cpp.models.interfaces.SideEffect
-import semmle.code.cpp.models.interfaces.Throwing
+import semmle.code.cpp.models.interfaces.NonThrowing
 
 /**
  * The standard functions `printf`, `wprintf` and their glib variants.
  */
-private class Printf extends FormattingFunction, AliasFunction, NonThrowingFunction {
+private class Printf extends FormattingFunction, AliasFunction, NonCppThrowingFunction {
   Printf() {
     this instanceof TopLevelFunction and
     (
@@ -32,8 +32,6 @@ private class Printf extends FormattingFunction, AliasFunction, NonThrowingFunct
   override predicate parameterEscapesOnlyViaReturn(int n) { none() }
 
   override predicate parameterIsAlwaysReturned(int n) { none() }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 /**
@@ -52,8 +50,6 @@ private class Fprintf extends FormattingFunction, NonThrowingFunction {
   override int getFormatParameterIndex() { result = 1 }
 
   override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 /**
@@ -97,8 +93,6 @@ private class Sprintf extends FormattingFunction, NonThrowingFunction {
     then result = 4
     else result = super.getFirstFormatArgumentIndex()
   }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 /**
@@ -171,8 +165,6 @@ private class SnprintfImpl extends Snprintf, AliasFunction, SideEffectFunction,
     // We don't know how many parameters are passed to the function since it's varargs, but they also have read side effects.
     i = this.getFormatParameterIndex() and buffer = true
   }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 /**
@@ -223,6 +215,4 @@ private class Syslog extends FormattingFunction, NonThrowingFunction {
   override int getFormatParameterIndex() { result = 1 }
 
   override predicate isOutputGlobal() { any() }
-
-  override TCxxException getExceptionType() { any() }
 }

cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll

@@ -7,15 +7,15 @@ import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.DataFlow
 import semmle.code.cpp.models.interfaces.Taint
 import semmle.code.cpp.models.interfaces.SideEffect
-import semmle.code.cpp.models.interfaces.Throwing
+import semmle.code.cpp.models.interfaces.NonThrowing
 
 /**
  * The standard function `strcat` and its wide, sized, and Microsoft variants.
  *
  * Does not include `strlcat`, which is covered by `StrlcatFunction`
  */
 class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, SideEffectFunction,
-  NonThrowingFunction
+  NonCppThrowingFunction
 {
   StrcatFunction() {
     this.hasGlobalOrStdOrBslName([
@@ -94,8 +94,6 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
     (i = 0 or i = 1) and
     buffer = true
   }
-
-  override TCxxException getExceptionType() { any() }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll

@@ -7,13 +7,13 @@ import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.DataFlow
 import semmle.code.cpp.models.interfaces.Taint
 import semmle.code.cpp.models.interfaces.SideEffect
-import semmle.code.cpp.models.interfaces.Throwing
+import semmle.code.cpp.models.interfaces.NonThrowing
 
 /**
  * The standard function `strcpy` and its wide, sized, and Microsoft variants.
  */
 class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, SideEffectFunction,
-  NonThrowingFunction
+  NonCppThrowingFunction
 {
   StrcpyFunction() {
     this.hasGlobalOrStdOrBslName([
@@ -145,6 +145,4 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
     i = this.getParamDest() and
     result = this.getParamSize()
   }
-
-  override TCxxException getExceptionType() { any() }
 }

cpp/ql/lib/semmle/code/cpp/models/implementations/StructuredExceptionHandling.qll

@@ -1,11 +1,7 @@
 import semmle.code.cpp.models.interfaces.Throwing
 
-class WindowsDriverExceptionAnnotation extends ThrowingFunction {
+class WindowsDriverExceptionAnnotation extends AlwaysSehThrowingFunction {
   WindowsDriverExceptionAnnotation() {
     this.hasGlobalName(["RaiseException", "ExRaiseAccessViolation", "ExRaiseDatatypeMisalignment"])
   }
-
-  override predicate mayThrowException(boolean unconditional) { unconditional = true }
-
-  override TSehException getExceptionType() { any() }
 }

cpp/ql/lib/semmle/code/cpp/models/interfaces/NonThrowing.qll

@@ -5,9 +5,15 @@
 import semmle.code.cpp.Function
 import semmle.code.cpp.models.Models
 
+/**
+ * A function that is guaranteed to never throw a C++ exception
+ * (distinct from a structured exception handling, SEH, exception).
+ */
+abstract class NonCppThrowingFunction extends Function { }
+
 /**
  * A function that is guaranteed to never throw.
  *
- * DEPRECATED: use `NonThrowingFunction` in `semmle.code.cpp.models.Models.Interfaces.Throwing` instead.
+ * DEPRECATED: use `NonCppThrowingFunction` instead.
  */
-abstract deprecated class NonThrowingFunction extends Function { }
+deprecated class NonThrowingFunction = NonCppThrowingFunction;

cpp/ql/lib/semmle/code/cpp/models/interfaces/Throwing.qll

@@ -11,65 +11,28 @@ import semmle.code.cpp.models.Models
 import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs
 
 /**
- * Represents a type of exception,
- * either Structured Exception Handling (SEH) or C++ exceptions.
- */
-newtype TException =
-  /** Structured Exception Handling (SEH) exception */
-  TSehException() or
-  /** C++ exception */
-  TCxxException()
-
-/**
- * Functions with information about how an exception is thrown or if one is thrown at all.
- * If throwing details conflict for the same function, IR is assumed
- * to use the most restricted interpretation, meaning taking options
- * that stipulate no exception is raised, before the exception is always raised,
- * before conditional exceptions.
+ * A function that is known to raise an exception.
  *
- * Annotations must specify if the exception is from SEH (structured exception handling)
- * or ordinary c++ exceptions.
+ * DEPRECATED: use `AlwaysSehThrowingFunction` instead if a function unconditionally throws.
+ * These are assumed the only case where functions throw/raise exceptions unconditionally.
+ * For functions that may throw, this will be the default behavior in the IR.
  */
-abstract private class ExceptionAnnotation extends Function {
-  /**
-   * Returns the type of exception this annotation is for,
-   * either a CPP exception or a STructured Exception Handling (SEH) exception.
-   */
-  abstract TException getExceptionType();
-
-  /**
-   * Holds if the exception type of this annotation is for a Structured Exception Handling (SEH) exception.
-   */
-  final predicate isSeh() { this.getExceptionType() = TSehException() }
+abstract deprecated class ThrowingFunction extends Function {
+  ThrowingFunction() { any() }
 
   /**
-   * Holds if the exception type of this annotation is for a CPP exception.
+   * Holds if this function may throw an exception during evaluation.
+   * If `unconditional` is `true` the function always throws an exception.
+   *
+   * DPERECATED: for always throwing functions use `AlwaysSehThrowingFunction` instead.
+   * For functions that may throw, this will be the default behavior in the IR.
    */
-  final predicate isCxx() { this.getExceptionType() = TCxxException() }
+  abstract deprecated predicate mayThrowException(boolean unconditional);
 }
 
 /**
- * A Function that is known to not throw an exception.
- */
-abstract class NonThrowingFunction extends ExceptionAnnotation { }
-
-/**
- * A function this is known to raise an exception.
+ * A function that is known to raise an exception unconditionally.
+ * The only cases known where this happens is for SEH
+ * (structured exception handling) exceptions.
  */
-abstract class ThrowingFunction extends ExceptionAnnotation {
-  ThrowingFunction() { any() }
-
-  /**
-   * Holds if this function may raise an exception during evaluation.
-   * If `unconditional` is `false` the function may raise, and if `true` the function
-   * will always raise an exception.
-   * Do not specify `none()` if no exception is raised, instead use the
-   * `NonThrowingFunction` class instead.
-   */
-  abstract predicate mayThrowException(boolean unconditional);
-
-  /**
-   * Holds if this function will always raise an exception if called
-   */
-  final predicate alwaysThrowsException() { this.mayThrowException(true) }
-}
+abstract class AlwaysSehThrowingFunction extends Function { }