This commit is contained in:
Asger Feldthaus 2022-02-10 13:08:40 +01:00
Родитель b51b6069fc
Коммит f66cad85be
2 изменённых файлов: 211 добавлений и 118 удалений

Просмотреть файл

@ -26,9 +26,13 @@ module Public {
string toString() { string toString() {
exists(Content c | this = TContentSummaryComponent(c) and result = c.toString()) exists(Content c | this = TContentSummaryComponent(c) and result = c.toString())
or or
exists(int i | this = TParameterSummaryComponent(i) and result = "parameter " + i) exists(ArgumentPosition pos |
this = TParameterSummaryComponent(pos) and result = "parameter " + pos
)
or or
exists(int i | this = TArgumentSummaryComponent(i) and result = "argument " + i) exists(ParameterPosition pos |
this = TArgumentSummaryComponent(pos) and result = "argument " + pos
)
or or
exists(ReturnKind rk | this = TReturnSummaryComponent(rk) and result = "return (" + rk + ")") exists(ReturnKind rk | this = TReturnSummaryComponent(rk) and result = "return (" + rk + ")")
} }
@ -39,11 +43,11 @@ module Public {
/** Gets a summary component for content `c`. */ /** Gets a summary component for content `c`. */
SummaryComponent content(Content c) { result = TContentSummaryComponent(c) } SummaryComponent content(Content c) { result = TContentSummaryComponent(c) }
/** Gets a summary component for parameter `i`. */ /** Gets a summary component for a parameter at position `pos`. */
SummaryComponent parameter(int i) { result = TParameterSummaryComponent(i) } SummaryComponent parameter(ArgumentPosition pos) { result = TParameterSummaryComponent(pos) }
/** Gets a summary component for argument `i`. */ /** Gets a summary component for an argument at position `pos`. */
SummaryComponent argument(int i) { result = TArgumentSummaryComponent(i) } SummaryComponent argument(ParameterPosition pos) { result = TArgumentSummaryComponent(pos) }
/** Gets a summary component for a return of kind `rk`. */ /** Gets a summary component for a return of kind `rk`. */
SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) } SummaryComponent return(ReturnKind rk) { result = TReturnSummaryComponent(rk) }
@ -86,7 +90,9 @@ module Public {
predicate contains(SummaryComponent c) { c = this.drop(_).head() } predicate contains(SummaryComponent c) { c = this.drop(_).head() }
/** Gets the bottom element of this stack. */ /** Gets the bottom element of this stack. */
SummaryComponent bottom() { result = this.drop(this.length() - 1).head() } SummaryComponent bottom() {
this = TSingletonSummaryComponentStack(result) or result = this.tail().bottom()
}
/** Gets a textual representation of this stack. */ /** Gets a textual representation of this stack. */
string toString() { string toString() {
@ -120,8 +126,10 @@ module Public {
result = TConsSummaryComponentStack(head, tail) result = TConsSummaryComponentStack(head, tail)
} }
/** Gets a singleton stack for argument `i`. */ /** Gets a singleton stack for an argument at position `pos`. */
SummaryComponentStack argument(int i) { result = singleton(SummaryComponent::argument(i)) } SummaryComponentStack argument(ParameterPosition pos) {
result = singleton(SummaryComponent::argument(pos))
}
/** Gets a singleton stack representing a return of kind `rk`. */ /** Gets a singleton stack representing a return of kind `rk`. */
SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) } SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) }
@ -137,9 +145,15 @@ module Public {
or or
noComponentSpecificCsv(sc) and noComponentSpecificCsv(sc) and
( (
exists(int i | sc = TParameterSummaryComponent(i) and result = "Parameter[" + i + "]") exists(ArgumentPosition pos |
sc = TParameterSummaryComponent(pos) and
result = "Parameter[" + getArgumentPositionCsv(pos) + "]"
)
or or
exists(int i | sc = TArgumentSummaryComponent(i) and result = "Argument[" + i + "]") exists(ParameterPosition pos |
sc = TArgumentSummaryComponent(pos) and
result = "Argument[" + getParameterPositionCsv(pos) + "]"
)
or or
sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue" sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
) )
@ -163,11 +177,11 @@ module Public {
* A class that exists for QL technical reasons only (the IPA type used * A class that exists for QL technical reasons only (the IPA type used
* to represent component stacks needs to be bounded). * to represent component stacks needs to be bounded).
*/ */
abstract class RequiredSummaryComponentStack extends SummaryComponentStack { class RequiredSummaryComponentStack extends Unit {
/** /**
* Holds if the stack obtained by pushing `head` onto `tail` is required. * Holds if the stack obtained by pushing `head` onto `tail` is required.
*/ */
abstract predicate required(SummaryComponent c); abstract predicate required(SummaryComponent head, SummaryComponentStack tail);
} }
/** A callable with a flow summary. */ /** A callable with a flow summary. */
@ -201,10 +215,10 @@ module Public {
/** /**
* Holds if values stored inside `content` are cleared on objects passed as * Holds if values stored inside `content` are cleared on objects passed as
* the `i`th argument to this callable. * arguments at position `pos` to this callable.
*/ */
pragma[nomagic] pragma[nomagic]
predicate clearsContent(int i, Content content) { none() } predicate clearsContent(ParameterPosition pos, Content content) { none() }
} }
} }
@ -217,20 +231,20 @@ module Private {
newtype TSummaryComponent = newtype TSummaryComponent =
TContentSummaryComponent(Content c) or TContentSummaryComponent(Content c) or
TParameterSummaryComponent(int i) { parameterPosition(i) } or TParameterSummaryComponent(ArgumentPosition pos) or
TArgumentSummaryComponent(int i) { parameterPosition(i) } or TArgumentSummaryComponent(ParameterPosition pos) or
TReturnSummaryComponent(ReturnKind rk) TReturnSummaryComponent(ReturnKind rk)
private TSummaryComponent thisParam() { private TParameterSummaryComponent thisParam() {
result = TParameterSummaryComponent(instanceParameterPosition()) result = TParameterSummaryComponent(instanceParameterPosition())
} }
newtype TSummaryComponentStack = newtype TSummaryComponentStack =
TSingletonSummaryComponentStack(SummaryComponent c) or TSingletonSummaryComponentStack(SummaryComponent c) or
TConsSummaryComponentStack(SummaryComponent head, SummaryComponentStack tail) { TConsSummaryComponentStack(SummaryComponent head, SummaryComponentStack tail) {
tail.(RequiredSummaryComponentStack).required(head) any(RequiredSummaryComponentStack x).required(head, tail)
or or
tail.(RequiredSummaryComponentStack).required(TParameterSummaryComponent(_)) and any(RequiredSummaryComponentStack x).required(TParameterSummaryComponent(_), tail) and
head = thisParam() head = thisParam()
or or
derivedFluentFlowPush(_, _, _, head, tail, _) derivedFluentFlowPush(_, _, _, head, tail, _)
@ -285,9 +299,9 @@ module Private {
/** /**
* Holds if `c` has a flow summary from `input` to `arg`, where `arg` * Holds if `c` has a flow summary from `input` to `arg`, where `arg`
* writes to (contents of) the `i`th argument, and `c` has a * writes to (contents of) arguments at position `pos`, and `c` has a
* value-preserving flow summary from the `i`th argument to a return value * value-preserving flow summary from the arguments at position `pos`
* (`return`). * to a return value (`return`).
* *
* In such a case, we derive flow from `input` to (contents of) the return * In such a case, we derive flow from `input` to (contents of) the return
* value. * value.
@ -302,10 +316,10 @@ module Private {
SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg, SummarizedCallable c, SummaryComponentStack input, SummaryComponentStack arg,
SummaryComponentStack return, boolean preservesValue SummaryComponentStack return, boolean preservesValue
) { ) {
exists(int i | exists(ParameterPosition pos |
summary(c, input, arg, preservesValue) and summary(c, input, arg, preservesValue) and
isContentOfArgument(arg, i) and isContentOfArgument(arg, pos) and
summary(c, SummaryComponentStack::singleton(TArgumentSummaryComponent(i)), return, true) and summary(c, SummaryComponentStack::argument(pos), return, true) and
return.bottom() = TReturnSummaryComponent(_) return.bottom() = TReturnSummaryComponent(_)
) )
} }
@ -330,10 +344,10 @@ module Private {
s.head() = TParameterSummaryComponent(_) and exists(s.tail()) s.head() = TParameterSummaryComponent(_) and exists(s.tail())
} }
private predicate isContentOfArgument(SummaryComponentStack s, int i) { private predicate isContentOfArgument(SummaryComponentStack s, ParameterPosition pos) {
s.head() = TContentSummaryComponent(_) and isContentOfArgument(s.tail(), i) s.head() = TContentSummaryComponent(_) and isContentOfArgument(s.tail(), pos)
or or
s = TSingletonSummaryComponentStack(TArgumentSummaryComponent(i)) s = SummaryComponentStack::argument(pos)
} }
private predicate outputState(SummarizedCallable c, SummaryComponentStack s) { private predicate outputState(SummarizedCallable c, SummaryComponentStack s) {
@ -364,8 +378,8 @@ module Private {
private newtype TSummaryNodeState = private newtype TSummaryNodeState =
TSummaryNodeInputState(SummaryComponentStack s) { inputState(_, s) } or TSummaryNodeInputState(SummaryComponentStack s) { inputState(_, s) } or
TSummaryNodeOutputState(SummaryComponentStack s) { outputState(_, s) } or TSummaryNodeOutputState(SummaryComponentStack s) { outputState(_, s) } or
TSummaryNodeClearsContentState(int i, boolean post) { TSummaryNodeClearsContentState(ParameterPosition pos, boolean post) {
any(SummarizedCallable sc).clearsContent(i, _) and post in [false, true] any(SummarizedCallable sc).clearsContent(pos, _) and post in [false, true]
} }
/** /**
@ -414,21 +428,23 @@ module Private {
result = "to write: " + s result = "to write: " + s
) )
or or
exists(int i, boolean post, string postStr | exists(ParameterPosition pos, boolean post, string postStr |
this = TSummaryNodeClearsContentState(i, post) and this = TSummaryNodeClearsContentState(pos, post) and
(if post = true then postStr = " (post)" else postStr = "") and (if post = true then postStr = " (post)" else postStr = "") and
result = "clear: " + i + postStr result = "clear: " + pos + postStr
) )
} }
} }
/** /**
* Holds if `state` represents having read the `i`th argument for `c`. In this case * Holds if `state` represents having read from a parameter at position
* we are not synthesizing a data-flow node, but instead assume that a relevant * `pos` in `c`. In this case we are not synthesizing a data-flow node,
* parameter node already exists. * but instead assume that a relevant parameter node already exists.
*/ */
private predicate parameterReadState(SummarizedCallable c, SummaryNodeState state, int i) { private predicate parameterReadState(
state.isInputState(c, SummaryComponentStack::argument(i)) SummarizedCallable c, SummaryNodeState state, ParameterPosition pos
) {
state.isInputState(c, SummaryComponentStack::argument(pos))
} }
/** /**
@ -441,9 +457,9 @@ module Private {
or or
state.isOutputState(c, _) state.isOutputState(c, _)
or or
exists(int i | exists(ParameterPosition pos |
c.clearsContent(i, _) and c.clearsContent(pos, _) and
state = TSummaryNodeClearsContentState(i, _) state = TSummaryNodeClearsContentState(pos, _)
) )
} }
@ -452,9 +468,9 @@ module Private {
exists(SummaryNodeState state | state.isInputState(c, s) | exists(SummaryNodeState state | state.isInputState(c, s) |
result = summaryNode(c, state) result = summaryNode(c, state)
or or
exists(int i | exists(ParameterPosition pos |
parameterReadState(c, state, i) and parameterReadState(c, state, pos) and
result.(ParamNode).isParameterOf(c, i) result.(ParamNode).isParameterOf(c, pos)
) )
) )
} }
@ -468,20 +484,20 @@ module Private {
} }
/** /**
* Holds if a write targets `post`, which is a post-update node for the `i`th * Holds if a write targets `post`, which is a post-update node for a
* parameter of `c`. * parameter at position `pos` in `c`.
*/ */
private predicate isParameterPostUpdate(Node post, SummarizedCallable c, int i) { private predicate isParameterPostUpdate(Node post, SummarizedCallable c, ParameterPosition pos) {
post = summaryNodeOutputState(c, SummaryComponentStack::argument(i)) post = summaryNodeOutputState(c, SummaryComponentStack::argument(pos))
} }
/** Holds if a parameter node is required for the `i`th parameter of `c`. */ /** Holds if a parameter node at position `pos` is required for `c`. */
predicate summaryParameterNodeRange(SummarizedCallable c, int i) { predicate summaryParameterNodeRange(SummarizedCallable c, ParameterPosition pos) {
parameterReadState(c, _, i) parameterReadState(c, _, pos)
or or
isParameterPostUpdate(_, c, i) isParameterPostUpdate(_, c, pos)
or or
c.clearsContent(i, _) c.clearsContent(pos, _)
} }
private predicate callbackOutput( private predicate callbackOutput(
@ -493,10 +509,10 @@ module Private {
} }
private predicate callbackInput( private predicate callbackInput(
SummarizedCallable c, SummaryComponentStack s, Node receiver, int i SummarizedCallable c, SummaryComponentStack s, Node receiver, ArgumentPosition pos
) { ) {
any(SummaryNodeState state).isOutputState(c, s) and any(SummaryNodeState state).isOutputState(c, s) and
s.head() = TParameterSummaryComponent(i) and s.head() = TParameterSummaryComponent(pos) and
receiver = summaryNodeInputState(c, s.drop(1)) receiver = summaryNodeInputState(c, s.drop(1))
} }
@ -547,17 +563,17 @@ module Private {
result = getReturnType(c, rk) result = getReturnType(c, rk)
) )
or or
exists(int i | head = TParameterSummaryComponent(i) | exists(ArgumentPosition pos | head = TParameterSummaryComponent(pos) |
result = result =
getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c), getCallbackParameterType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
s.drop(1))), i) s.drop(1))), pos)
) )
) )
) )
or or
exists(SummarizedCallable c, int i, ParamNode p | exists(SummarizedCallable c, ParameterPosition pos, ParamNode p |
n = summaryNode(c, TSummaryNodeClearsContentState(i, false)) and n = summaryNode(c, TSummaryNodeClearsContentState(pos, false)) and
p.isParameterOf(c, i) and p.isParameterOf(c, pos) and
result = getNodeType(p) result = getNodeType(p)
) )
} }
@ -571,10 +587,10 @@ module Private {
) )
} }
/** Holds if summary node `arg` is the `i`th argument of call `c`. */ /** Holds if summary node `arg` is at position `pos` in the call `c`. */
predicate summaryArgumentNode(DataFlowCall c, Node arg, int i) { predicate summaryArgumentNode(DataFlowCall c, Node arg, ArgumentPosition pos) {
exists(SummarizedCallable callable, SummaryComponentStack s, Node receiver | exists(SummarizedCallable callable, SummaryComponentStack s, Node receiver |
callbackInput(callable, s, receiver, i) and callbackInput(callable, s, receiver, pos) and
arg = summaryNodeOutputState(callable, s) and arg = summaryNodeOutputState(callable, s) and
c = summaryDataFlowCall(receiver) c = summaryDataFlowCall(receiver)
) )
@ -582,12 +598,12 @@ module Private {
/** Holds if summary node `post` is a post-update node with pre-update node `pre`. */ /** Holds if summary node `post` is a post-update node with pre-update node `pre`. */
predicate summaryPostUpdateNode(Node post, Node pre) { predicate summaryPostUpdateNode(Node post, Node pre) {
exists(SummarizedCallable c, int i | exists(SummarizedCallable c, ParameterPosition pos |
isParameterPostUpdate(post, c, i) and isParameterPostUpdate(post, c, pos) and
pre.(ParamNode).isParameterOf(c, i) pre.(ParamNode).isParameterOf(c, pos)
or or
pre = summaryNode(c, TSummaryNodeClearsContentState(i, false)) and pre = summaryNode(c, TSummaryNodeClearsContentState(pos, false)) and
post = summaryNode(c, TSummaryNodeClearsContentState(i, true)) post = summaryNode(c, TSummaryNodeClearsContentState(pos, true))
) )
or or
exists(SummarizedCallable callable, SummaryComponentStack s | exists(SummarizedCallable callable, SummaryComponentStack s |
@ -610,13 +626,13 @@ module Private {
* node, and back out to `p`. * node, and back out to `p`.
*/ */
predicate summaryAllowParameterReturnInSelf(ParamNode p) { predicate summaryAllowParameterReturnInSelf(ParamNode p) {
exists(SummarizedCallable c, int i | p.isParameterOf(c, i) | exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(c, ppos) |
c.clearsContent(i, _) c.clearsContent(ppos, _)
or or
exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents | exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents |
summary(c, inputContents, outputContents, _) and summary(c, inputContents, outputContents, _) and
inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(i)) and inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and
outputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(i)) outputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos))
) )
) )
} }
@ -641,9 +657,9 @@ module Private {
preservesValue = false and not summary(c, inputContents, outputContents, true) preservesValue = false and not summary(c, inputContents, outputContents, true)
) )
or or
exists(SummarizedCallable c, int i | exists(SummarizedCallable c, ParameterPosition pos |
pred.(ParamNode).isParameterOf(c, i) and pred.(ParamNode).isParameterOf(c, pos) and
succ = summaryNode(c, TSummaryNodeClearsContentState(i, _)) and succ = summaryNode(c, TSummaryNodeClearsContentState(pos, _)) and
preservesValue = true preservesValue = true
) )
} }
@ -692,12 +708,20 @@ module Private {
* node where field `b` is cleared). * node where field `b` is cleared).
*/ */
predicate summaryClearsContent(Node n, Content c) { predicate summaryClearsContent(Node n, Content c) {
exists(SummarizedCallable sc, int i | exists(SummarizedCallable sc, ParameterPosition pos |
n = summaryNode(sc, TSummaryNodeClearsContentState(i, true)) and n = summaryNode(sc, TSummaryNodeClearsContentState(pos, true)) and
sc.clearsContent(i, c) sc.clearsContent(pos, c)
) )
} }
pragma[noinline]
private predicate viableParam(
DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, ParamNode p
) {
p.isParameterOf(sc, ppos) and
sc = viableCallable(call)
}
/** /**
* Holds if values stored inside content `c` are cleared inside a * Holds if values stored inside content `c` are cleared inside a
* callable to which `arg` is an argument. * callable to which `arg` is an argument.
@ -706,18 +730,25 @@ module Private {
* `arg` (see comment for `summaryClearsContent`). * `arg` (see comment for `summaryClearsContent`).
*/ */
predicate summaryClearsContentArg(ArgNode arg, Content c) { predicate summaryClearsContentArg(ArgNode arg, Content c) {
exists(DataFlowCall call, int i | exists(DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos |
viableCallable(call).(SummarizedCallable).clearsContent(i, c) and argumentPositionMatch(call, arg, ppos) and
arg.argumentOf(call, i) viableParam(call, sc, ppos, _) and
sc.clearsContent(ppos, c)
)
}
pragma[nomagic]
private ParamNode summaryArgParam0(DataFlowCall call, ArgNode arg) {
exists(ParameterPosition ppos, SummarizedCallable sc |
argumentPositionMatch(call, arg, ppos) and
viableParam(call, sc, ppos, result)
) )
} }
pragma[nomagic] pragma[nomagic]
private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) { private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) {
exists(DataFlowCall call, int pos, SummarizedCallable callable | exists(DataFlowCall call |
arg.argumentOf(call, pos) and result = summaryArgParam0(call, arg) and
viableCallable(call) = callable and
result.isParameterOf(callable, pos) and
out = rk.getAnOutNode(call) out = rk.getAnOutNode(call)
) )
} }
@ -795,39 +826,33 @@ module Private {
} }
/** Holds if specification component `c` parses as parameter `n`. */ /** Holds if specification component `c` parses as parameter `n`. */
predicate parseParam(string c, int n) { predicate parseParam(string c, ArgumentPosition pos) {
specSplit(_, c, _) and specSplit(_, c, _) and
( exists(string body |
c.regexpCapture("Parameter\\[([-0-9]+)\\]", 1).toInt() = n body = c.regexpCapture("Parameter\\[([^\\]]*)\\]", 1) and
or pos = parseParamBody(body)
exists(int n1, int n2 |
c.regexpCapture("Parameter\\[([-0-9]+)\\.\\.([0-9]+)\\]", 1).toInt() = n1 and
c.regexpCapture("Parameter\\[([-0-9]+)\\.\\.([0-9]+)\\]", 2).toInt() = n2 and
n = [n1 .. n2]
)
) )
} }
/** Holds if specification component `c` parses as argument `n`. */ /** Holds if specification component `c` parses as argument `n`. */
predicate parseArg(string c, int n) { predicate parseArg(string c, ParameterPosition pos) {
specSplit(_, c, _) and specSplit(_, c, _) and
( exists(string body |
c.regexpCapture("Argument\\[([-0-9]+)\\]", 1).toInt() = n body = c.regexpCapture("Argument\\[([^\\]]*)\\]", 1) and
or pos = parseArgBody(body)
exists(int n1, int n2 |
c.regexpCapture("Argument\\[([-0-9]+)\\.\\.([0-9]+)\\]", 1).toInt() = n1 and
c.regexpCapture("Argument\\[([-0-9]+)\\.\\.([0-9]+)\\]", 2).toInt() = n2 and
n = [n1 .. n2]
)
) )
} }
private SummaryComponent interpretComponent(string c) { private SummaryComponent interpretComponent(string c) {
specSplit(_, c, _) and specSplit(_, c, _) and
( (
exists(int pos | parseArg(c, pos) and result = SummaryComponent::argument(pos)) exists(ParameterPosition pos |
parseArg(c, pos) and result = SummaryComponent::argument(pos)
)
or or
exists(int pos | parseParam(c, pos) and result = SummaryComponent::parameter(pos)) exists(ArgumentPosition pos |
parseParam(c, pos) and result = SummaryComponent::parameter(pos)
)
or or
c = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind()) c = "ReturnValue" and result = SummaryComponent::return(getReturnValueKind())
or or
@ -867,9 +892,9 @@ module Private {
} }
private class MkStack extends RequiredSummaryComponentStack { private class MkStack extends RequiredSummaryComponentStack {
MkStack() { interpretSpec(_, _, _, this) } override predicate required(SummaryComponent head, SummaryComponentStack tail) {
interpretSpec(_, _, head, tail)
override predicate required(SummaryComponent c) { interpretSpec(_, _, c, this) } }
} }
private class SummarizedCallableExternal extends SummarizedCallable { private class SummarizedCallableExternal extends SummarizedCallable {
@ -897,11 +922,13 @@ module Private {
} }
private predicate inputNeedsReference(string c) { private predicate inputNeedsReference(string c) {
c = "Argument" or
parseArg(c, _) or parseArg(c, _) or
inputNeedsReferenceSpecific(c) inputNeedsReferenceSpecific(c)
} }
private predicate outputNeedsReference(string c) { private predicate outputNeedsReference(string c) {
c = "Argument" or
parseArg(c, _) or parseArg(c, _) or
c = "ReturnValue" or c = "ReturnValue" or
outputNeedsReferenceSpecific(c) outputNeedsReferenceSpecific(c)
@ -934,14 +961,18 @@ module Private {
interpretOutput(output, idx + 1, ref, mid) and interpretOutput(output, idx + 1, ref, mid) and
specSplit(output, c, idx) specSplit(output, c, idx)
| |
exists(int pos | exists(ArgumentPosition apos, ParameterPosition ppos |
node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), pos) node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and
parameterMatch(ppos, apos)
| |
parseArg(c, pos) c = "Argument" or parseArg(c, ppos)
) )
or or
exists(int pos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), pos) | exists(ArgumentPosition apos, ParameterPosition ppos |
c = "Parameter" or parseParam(c, pos) node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and
parameterMatch(ppos, apos)
|
c = "Parameter" or parseParam(c, apos)
) )
or or
c = "ReturnValue" and c = "ReturnValue" and
@ -960,7 +991,12 @@ module Private {
interpretInput(input, idx + 1, ref, mid) and interpretInput(input, idx + 1, ref, mid) and
specSplit(input, c, idx) specSplit(input, c, idx)
| |
exists(int pos | node.asNode().(ArgNode).argumentOf(mid.asCall(), pos) | parseArg(c, pos)) exists(ArgumentPosition apos, ParameterPosition ppos |
node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and
parameterMatch(ppos, apos)
|
c = "Argument" or parseArg(c, ppos)
)
or or
exists(ReturnNodeExt ret | exists(ReturnNodeExt ret |
c = "ReturnValue" and c = "ReturnValue" and
@ -1115,9 +1151,9 @@ module Private {
b.asCall() = summaryDataFlowCall(a.asNode()) and b.asCall() = summaryDataFlowCall(a.asNode()) and
value = "receiver" value = "receiver"
or or
exists(int i | exists(ArgumentPosition pos |
summaryArgumentNode(b.asCall(), a.asNode(), i) and summaryArgumentNode(b.asCall(), a.asNode(), pos) and
value = "argument (" + i + ")" value = "argument (" + pos + ")"
) )
} }

Просмотреть файл

@ -22,6 +22,42 @@ predicate parameterPosition(int i) {
/** Gets the parameter position of the instance parameter. */ /** Gets the parameter position of the instance parameter. */
int instanceParameterPosition() { result = -1 } int instanceParameterPosition() { result = -1 }
/** A parameter position represented by an integer. */
class ParameterPosition extends int {
ParameterPosition() {
parameterPosition(this)
}
}
/** An argument position represented by an integer. */
class ArgumentPosition extends int {
ArgumentPosition() {
parameterPosition(this)
}
}
/** Holds if arguments at position `apos` match parameters at position `ppos`. */
pragma[inline]
predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
/**
* Holds if `arg` is an argument of `call` with an argument position that matches
* parameter position `ppos`.
*/
pragma[noinline]
predicate argumentPositionMatch(DataFlowCall call, ArgNode arg, ParameterPosition ppos) {
exists(ArgumentPosition apos |
arg.argumentOf(call, apos) and
parameterMatch(ppos, apos)
)
}
/** Gets the textual representation of a parameter position in the format used for flow summaries. */
string getParameterPositionCsv(ParameterPosition pos) { result = pos.toString() }
/** Gets the textual representation of an argument position in the format used for flow summaries. */
string getArgumentPositionCsv(ArgumentPosition pos) { result = pos.toString() }
Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = getSummaryNode(c, state) } Node summaryNode(SummarizedCallable c, SummaryNodeState state) { result = getSummaryNode(c, state) }
/** Gets the synthesized data-flow call for `receiver`. */ /** Gets the synthesized data-flow call for `receiver`. */
@ -254,3 +290,24 @@ predicate parseReturn(string c, int n) {
) )
) )
} }
bindingset[arg]
private int parseConstantOrRange(string arg) {
result = arg.toInt()
or
exists(int n1, int n2 |
arg.regexpCapture("ReturnValue\\[([-0-9]+)\\.\\.([0-9]+)\\]", 1).toInt() = n1 and
arg.regexpCapture("ReturnValue\\[([-0-9]+)\\.\\.([0-9]+)\\]", 2).toInt() = n2 and
result = [n1 .. n2]
)
}
bindingset[arg]
ArgumentPosition parseParamBody(string arg) {
result = parseConstantOrRange(arg)
}
bindingset[arg]
ParameterPosition parseArgBody(string arg) {
result = parseConstantOrRange(arg)
}