Rust: Tuple writes target post update node

paldepind · paldepind · commit e1c65aae90b1 · 2024-12-02T14:48:20.000+01:00
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -264,7 +264,7 @@ module Node {
 
     final override Location getLocation() { result = n.getLocation() }
 
-    final override string toString() { result = n.toString() }
+    final override string toString() { result = "[post] " + n.toString() }
   }
 
   final class CastNode = NaNode;
@@ -286,6 +286,9 @@ module SsaFlow {
     or
     result.(SsaFlow::ExprNode).getExpr() = n.asExpr()
     or
+    result.(SsaFlow::ExprPostUpdateNode).getExpr() =
+      n.(Node::PostUpdateNode).getPreUpdateNode().asExpr()
+    or
     n = toParameterNode(result.(SsaFlow::ParameterNode).getParameter())
   }
 
@@ -753,6 +756,15 @@ module RustDataFlow implements InputSig<Location> {
     pathResolveToStructCanonicalPath(re.getPath(), s)
   }
 
+  private predicate tupleAssignment(Node node1, Node node2, TuplePositionContent c) {
+    exists(AssignmentExprCfgNode assignment, FieldExprCfgNode access |
+      assignment.getLhs() = access and
+      fieldTuplePositionContent(access, c) and
+      node1.asExpr() = assignment.getRhs() and
+      node2.asExpr() = access.getExpr()
+    )
+  }
+
   /**
    * Holds if data can flow from `node1` to `node2` via a store into `c`.  Thus,
    * `node2` references an object with a content `c.getAStoreContent()` that
@@ -786,12 +798,7 @@ module RustDataFlow implements InputSig<Location> {
         node2.asExpr() = tuple
       )
       or
-      exists(AssignmentExprCfgNode assignment, FieldExprCfgNode access |
-        assignment.getLhs() = access and
-        fieldTuplePositionContent(access, c) and
-        node1.asExpr() = assignment.getRhs() and
-        node2.asExpr() = access.getExpr()
-      )
+      tupleAssignment(node1, node2.(PostUpdateNode).getPreUpdateNode(), c)
     )
   }
 
@@ -801,11 +808,7 @@ module RustDataFlow implements InputSig<Location> {
    * in `x.f = newValue`.
    */
   predicate clearsContent(Node n, ContentSet cs) {
-    exists(AssignmentExprCfgNode assignment, FieldExprCfgNode access |
-      assignment.getLhs() = access and
-      n.asExpr() = access.getExpr() and
-      fieldTuplePositionContent(access, cs.(SingletonContentSet).getContent())
-    )
+    tupleAssignment(_, n, cs.(SingletonContentSet).getContent())
   }
 
   /**
diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected
@@ -86,6 +86,7 @@ localStep
 | main.rs:94:9:94:9 | [SSA] a | main.rs:95:10:95:10 | a |
 | main.rs:94:9:94:9 | a | main.rs:94:9:94:9 | [SSA] a |
 | main.rs:94:13:94:26 | TupleExpr | main.rs:94:9:94:9 | a |
+| main.rs:95:10:95:10 | [post] a | main.rs:96:10:96:10 | a |
 | main.rs:95:10:95:10 | a | main.rs:96:10:96:10 | a |
 | main.rs:100:9:100:9 | [SSA] a | main.rs:101:24:101:24 | a |
 | main.rs:100:9:100:9 | a | main.rs:100:9:100:9 | [SSA] a |
@@ -100,29 +101,39 @@ localStep
 | main.rs:108:9:108:13 | [SSA] a | main.rs:109:10:109:10 | a |
 | main.rs:108:9:108:13 | a | main.rs:108:9:108:13 | [SSA] a |
 | main.rs:108:17:108:31 | TupleExpr | main.rs:108:9:108:13 | a |
+| main.rs:109:10:109:10 | [post] a | main.rs:110:10:110:10 | a |
 | main.rs:109:10:109:10 | a | main.rs:110:10:110:10 | a |
+| main.rs:110:10:110:10 | [post] a | main.rs:111:5:111:5 | a |
 | main.rs:110:10:110:10 | a | main.rs:111:5:111:5 | a |
+| main.rs:111:5:111:5 | [post] a | main.rs:112:5:112:5 | a |
 | main.rs:111:5:111:5 | a | main.rs:112:5:112:5 | a |
 | main.rs:111:11:111:20 | source(...) | main.rs:111:5:111:7 | a.0 |
+| main.rs:112:5:112:5 | [post] a | main.rs:113:10:113:10 | a |
 | main.rs:112:5:112:5 | a | main.rs:113:10:113:10 | a |
 | main.rs:112:11:112:11 | 2 | main.rs:112:5:112:7 | a.1 |
+| main.rs:113:10:113:10 | [post] a | main.rs:114:10:114:10 | a |
 | main.rs:113:10:113:10 | a | main.rs:114:10:114:10 | a |
 | main.rs:118:9:118:9 | [SSA] a | main.rs:119:14:119:14 | a |
 | main.rs:118:9:118:9 | a | main.rs:118:9:118:9 | [SSA] a |
 | main.rs:118:13:118:27 | TupleExpr | main.rs:118:9:118:9 | a |
 | main.rs:119:9:119:9 | [SSA] b | main.rs:120:10:120:10 | b |
 | main.rs:119:9:119:9 | b | main.rs:119:9:119:9 | [SSA] b |
 | main.rs:119:13:119:18 | TupleExpr | main.rs:119:9:119:9 | b |
+| main.rs:120:10:120:10 | [post] b | main.rs:121:10:121:10 | b |
 | main.rs:120:10:120:10 | b | main.rs:121:10:121:10 | b |
+| main.rs:121:10:121:10 | [post] b | main.rs:122:10:122:10 | b |
 | main.rs:121:10:121:10 | b | main.rs:122:10:122:10 | b |
 | main.rs:134:9:134:9 | [SSA] p | main.rs:138:10:138:10 | p |
 | main.rs:134:9:134:9 | p | main.rs:134:9:134:9 | [SSA] p |
 | main.rs:134:13:137:5 | Point {...} | main.rs:134:9:134:9 | p |
+| main.rs:138:10:138:10 | [post] p | main.rs:139:10:139:10 | p |
 | main.rs:138:10:138:10 | p | main.rs:139:10:139:10 | p |
 | main.rs:143:9:143:13 | [SSA] p | main.rs:147:10:147:10 | p |
 | main.rs:143:9:143:13 | p | main.rs:143:9:143:13 | [SSA] p |
 | main.rs:143:17:146:5 | Point {...} | main.rs:143:9:143:13 | p |
+| main.rs:147:10:147:10 | [post] p | main.rs:148:5:148:5 | p |
 | main.rs:147:10:147:10 | p | main.rs:148:5:148:5 | p |
+| main.rs:148:5:148:5 | [post] p | main.rs:149:10:149:10 | p |
 | main.rs:148:5:148:5 | p | main.rs:149:10:149:10 | p |
 | main.rs:148:11:148:20 | source(...) | main.rs:148:5:148:7 | p.y |
 | main.rs:153:9:153:9 | [SSA] p | main.rs:157:32:157:32 | p |
@@ -136,7 +147,9 @@ localStep
 | main.rs:168:9:168:9 | [SSA] p | main.rs:175:10:175:10 | p |
 | main.rs:168:9:168:9 | p | main.rs:168:9:168:9 | [SSA] p |
 | main.rs:168:13:174:5 | Point3D {...} | main.rs:168:9:168:9 | p |
+| main.rs:175:10:175:10 | [post] p | main.rs:176:10:176:10 | p |
 | main.rs:175:10:175:10 | p | main.rs:176:10:176:10 | p |
+| main.rs:176:10:176:10 | [post] p | main.rs:177:10:177:10 | p |
 | main.rs:176:10:176:10 | p | main.rs:177:10:177:10 | p |
 | main.rs:181:9:181:9 | [SSA] p | main.rs:188:11:188:11 | p |
 | main.rs:181:9:181:9 | p | main.rs:181:9:181:9 | [SSA] p |
@@ -336,8 +349,8 @@ storeStep
 | main.rs:100:29:100:29 | 2 | tuple.2 | main.rs:100:13:100:30 | TupleExpr |
 | main.rs:108:18:108:18 | 2 | tuple.0 | main.rs:108:17:108:31 | TupleExpr |
 | main.rs:108:21:108:30 | source(...) | tuple.1 | main.rs:108:17:108:31 | TupleExpr |
-| main.rs:111:11:111:20 | source(...) | tuple.0 | main.rs:111:5:111:5 | a |
-| main.rs:112:11:112:11 | 2 | tuple.1 | main.rs:112:5:112:5 | a |
+| main.rs:111:11:111:20 | source(...) | tuple.0 | main.rs:111:5:111:5 | [post] a |
+| main.rs:112:11:112:11 | 2 | tuple.1 | main.rs:112:5:112:5 | [post] a |
 | main.rs:118:14:118:14 | 3 | tuple.0 | main.rs:118:13:118:27 | TupleExpr |
 | main.rs:118:17:118:26 | source(...) | tuple.1 | main.rs:118:13:118:27 | TupleExpr |
 | main.rs:119:14:119:14 | a | tuple.0 | main.rs:119:13:119:18 | TupleExpr |
diff --git a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected
@@ -11,8 +11,8 @@ edges
 | main.rs:108:17:108:31 | TupleExpr [tuple.1] | main.rs:110:10:110:10 | a [tuple.1] | provenance |  |
 | main.rs:108:21:108:30 | source(...) | main.rs:108:17:108:31 | TupleExpr [tuple.1] | provenance |  |
 | main.rs:110:10:110:10 | a [tuple.1] | main.rs:110:10:110:12 | a.1 | provenance |  |
-| main.rs:111:5:111:5 | a [tuple.0] | main.rs:112:5:112:5 | a [tuple.0] | provenance |  |
-| main.rs:111:11:111:20 | source(...) | main.rs:111:5:111:5 | a [tuple.0] | provenance |  |
+| main.rs:111:5:111:5 | [post] a [tuple.0] | main.rs:112:5:112:5 | a [tuple.0] | provenance |  |
+| main.rs:111:11:111:20 | source(...) | main.rs:111:5:111:5 | [post] a [tuple.0] | provenance |  |
 | main.rs:112:5:112:5 | a [tuple.0] | main.rs:113:10:113:10 | a [tuple.0] | provenance |  |
 | main.rs:113:10:113:10 | a [tuple.0] | main.rs:113:10:113:12 | a.0 | provenance |  |
 | main.rs:118:13:118:27 | TupleExpr [tuple.1] | main.rs:119:14:119:14 | a [tuple.1] | provenance |  |
@@ -63,7 +63,7 @@ nodes
 | main.rs:108:21:108:30 | source(...) | semmle.label | source(...) |
 | main.rs:110:10:110:10 | a [tuple.1] | semmle.label | a [tuple.1] |
 | main.rs:110:10:110:12 | a.1 | semmle.label | a.1 |
-| main.rs:111:5:111:5 | a [tuple.0] | semmle.label | a [tuple.0] |
+| main.rs:111:5:111:5 | [post] a [tuple.0] | semmle.label | [post] a [tuple.0] |
 | main.rs:111:11:111:20 | source(...) | semmle.label | source(...) |
 | main.rs:112:5:112:5 | a [tuple.0] | semmle.label | a [tuple.0] |
 | main.rs:113:10:113:10 | a [tuple.0] | semmle.label | a [tuple.0] |
