C++: Add new dataflow nodes for parameters without any Instructions associated with them.

MathiasVP · MathiasVP · commit 98a3f2da7dd4 · 2024-04-18T12:01:00.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -78,6 +78,8 @@ module NodeStars {
     result = n.(PostUpdateNodeImpl).getIndirectionIndex()
     or
     result = n.(FinalParameterNode).getIndirectionIndex()
+    or
+    result = n.(BodyLessParameterNodeImpl).getIndirectionIndex()
   }
 
   /**
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -61,6 +61,15 @@ private newtype TIRDataFlowNode =
   } or
   TFinalGlobalValue(Ssa::GlobalUse globalUse) or
   TInitialGlobalValue(Ssa::GlobalDef globalUse) or
+  TBodyLessParameterNodeImpl(Parameter p, int indirectionIndex) {
+    // Rule out parameters of catch blocks.
+    not exists(p.getCatchBlock()) and
+    // We subtract one because `getMaxIndirectionsForType` returns the maximum
+    // indirection for a glvalue of a given type, and this doesn't apply to
+    // parameters.
+    indirectionIndex = [0 .. Ssa::getMaxIndirectionsForType(p.getUnspecifiedType()) - 1] and
+    not any(InitializeParameterInstruction init).getParameter() = p
+  } or
   TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn)
 
 /**
@@ -737,6 +746,40 @@ class InitialGlobalValue extends Node, TInitialGlobalValue {
   override string toStringImpl() { result = globalDef.toString() }
 }
 
+/**
+ * INTERNAL: do not use.
+ *
+ * A node representing a parameter for a function with no body.
+ */
+class BodyLessParameterNodeImpl extends Node, TBodyLessParameterNodeImpl {
+  Parameter p;
+  int indirectionIndex;
+
+  BodyLessParameterNodeImpl() { this = TBodyLessParameterNodeImpl(p, indirectionIndex) }
+
+  override Declaration getEnclosingCallable() { result = this.getFunction() }
+
+  override Declaration getFunction() { result = p.getFunction() }
+
+  /** Gets the indirection index of this node. */
+  int getIndirectionIndex() { result = indirectionIndex }
+
+  override DataFlowType getType() {
+    result = getTypeImpl(p.getUnderlyingType(), this.getIndirectionIndex())
+  }
+
+  final override Location getLocationImpl() {
+    result = unique( | | p.getLocation())
+    or
+    count(p.getLocation()) != 1 and
+    result instanceof UnknownDefaultLocation
+  }
+
+  final override string toStringImpl() {
+    exists(string prefix | prefix = stars(this) | result = prefix + p.toString())
+  }
+}
+
 /**
  * A data-flow node used to model flow summaries. That is, a dataflow node
  * that is synthesized to represent a parameter, return value, or other part

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,8 @@ module NodeStars {`
`78`	`78`	`result = n.(PostUpdateNodeImpl).getIndirectionIndex()`
`79`	`79`	`or`
`80`	`80`	`result = n.(FinalParameterNode).getIndirectionIndex()`
	`81`	`+ or`
	`82`	`+ result = n.(BodyLessParameterNodeImpl).getIndirectionIndex()`
`81`	`83`	`}`
`82`	`84`
`83`	`85`	`/**`