Skip to content

Commit 7ef2502

Browse files
asgerfasgerf
committed
Shared: prevent use-use flow through implicit reads (part 2, modulo conflicts)
1 parent 01bf909 commit 7ef2502

File tree

1 file changed

+10
-17
lines changed

1 file changed

+10
-17
lines changed

shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll

Lines changed: 10 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -275,7 +275,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
275275

276276
private predicate outBarrier(NodeEx node) {
277277
exists(Node n |
278-
node.asNode() = n and
278+
node.asNodeOrImplicitRead() = n and
279279
Config::isBarrierOut(n)
280280
|
281281
Config::isSink(n, _)
@@ -287,7 +287,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
287287
pragma[nomagic]
288288
private predicate outBarrier(NodeEx node, FlowState state) {
289289
exists(Node n |
290-
node.asNode() = n and
290+
node.asNodeOrImplicitRead() = n and
291291
Config::isBarrierOut(n, state)
292292
|
293293
Config::isSink(n, state)
@@ -333,7 +333,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
333333

334334
pragma[nomagic]
335335
private predicate sinkNodeWithState(NodeEx node, FlowState state) {
336-
Config::isSink(node.asNode(), state) and
336+
Config::isSink(node.asNodeOrImplicitRead(), state) and
337337
not fullBarrier(node) and
338338
not stateBarrier(node, state)
339339
}
@@ -395,26 +395,19 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
395395
*/
396396
private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, string model) {
397397
exists(Node n1, Node n2 |
398-
node1.asNode() = n1 and
398+
node1.asNodeOrImplicitRead() = n1 and
399399
node2.asNode() = n2 and
400400
Config::isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2), model) and
401401
getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
402402
stepFilter(node1, node2)
403403
)
404-
or
405-
exists(Node n |
406-
node1.isImplicitReadNode(n, true) and
407-
node2.asNode() = n and
408-
not fullBarrier(node2) and
409-
model = ""
410-
)
411404
}
412405

413406
private predicate additionalLocalStateStep(
414407
NodeEx node1, FlowState s1, NodeEx node2, FlowState s2
415408
) {
416409
exists(Node n1, Node n2 |
417-
node1.asNode() = n1 and
410+
node1.asNodeOrImplicitRead() = n1 and
418411
node2.asNode() = n2 and
419412
Config::isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
420413
getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
@@ -440,7 +433,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
440433
*/
441434
private predicate additionalJumpStep(NodeEx node1, NodeEx node2, string model) {
442435
exists(Node n1, Node n2 |
443-
node1.asNode() = n1 and
436+
node1.asNodeOrImplicitRead() = n1 and
444437
node2.asNode() = n2 and
445438
Config::isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2), model) and
446439
getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
@@ -451,7 +444,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
451444

452445
private predicate additionalJumpStateStep(NodeEx node1, FlowState s1, NodeEx node2, FlowState s2) {
453446
exists(Node n1, Node n2 |
454-
node1.asNode() = n1 and
447+
node1.asNodeOrImplicitRead() = n1 and
455448
node2.asNode() = n2 and
456449
Config::isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
457450
getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
@@ -744,7 +737,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
744737
additional predicate sinkNode(NodeEx node, FlowState state) {
745738
fwdFlow(node) and
746739
fwdFlowState(state) and
747-
Config::isSink(node.asNode())
740+
Config::isSink(node.asNodeOrImplicitRead())
748741
or
749742
fwdFlow(node) and
750743
fwdFlowState(state) and
@@ -1067,7 +1060,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
10671060

10681061
private predicate sinkModel(NodeEx node, string model) {
10691062
sinkNode(node, _) and
1070-
exists(Node n | n = node.asNode() |
1063+
exists(Node n | n = node.asNodeOrImplicitRead() |
10711064
knownSinkModel(n, model)
10721065
or
10731066
not knownSinkModel(n, _) and model = ""
@@ -4866,7 +4859,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
48664859
private predicate revSinkNode(NodeEx node, FlowState state) {
48674860
sinkNodeWithState(node, state)
48684861
or
4869-
Config::isSink(node.asNode()) and
4862+
Config::isSink(node.asNodeOrImplicitRead()) and
48704863
relevantState(state) and
48714864
not fullBarrier(node) and
48724865
not stateBarrier(node, state)

0 commit comments

Comments
 (0)