C++: Refactor read and store step for IR field flow

MathiasVP · MathiasVP · commit eaec7cd5978c · 2020-05-05T23:16:41.000+02:00
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -180,46 +180,24 @@ private class ArrayContent extends Content, TArrayContent {
   override Type getType() { none() }
 }
 
-private predicate storeStepNoChi(Node node1, Content f, PostUpdateNode node2) {
-  exists(FieldAddressInstruction fa, StoreInstruction store |
-    store = node2.asInstruction() and
-    store.getDestinationAddress() = fa and
-    store.getSourceValue() = node1.asInstruction() and
-    f.(FieldContent).getField() = fa.getField()
-  )
-}
-
-private predicate storeStepChi(Node node1, Content f, PostUpdateNode node2) {
-  exists(FieldAddressInstruction fa, StoreInstruction store |
-    node1.asInstruction() = store and
-    store.getDestinationAddress() = fa and
-    node2.asInstruction().(ChiInstruction).getPartial() = store and
-    f.(FieldContent).getField() = fa.getField()
-  )
-}
-
 /**
  * Holds if data can flow from `node1` to `node2` via an assignment to `f`.
  * Thus, `node2` references an object with a field `f` that contains the
  * value of `node1`.
  */
-predicate storeStep(Node node1, Content f, PostUpdateNode node2) {
-  storeStepNoChi(node1, f, node2) or
-  storeStepChi(node1, f, node2)
+predicate storeStep(Node node1, Content f, StoreStepNode node2) {
+  node2.getStoredValue() = node1 and
+  f.(FieldContent).getField() = node2.getAField()
 }
 
 /**
  * Holds if data can flow from `node1` to `node2` via a read of `f`.
  * Thus, `node1` references an object with a field `f` whose value ends up in
  * `node2`.
  */
-predicate readStep(Node node1, Content f, Node node2) {
-  exists(FieldAddressInstruction fa, LoadInstruction load |
-    load.getSourceAddress() = fa and
-    node1.asInstruction() = load.getSourceValueOperand().getAnyDef() and
-    fa.getField() = f.(FieldContent).getField() and
-    load = node2.asInstruction()
-  )
+predicate readStep(Node node1, Content f, ReadStepNode node2) {
+  node2.getReadValue() = node1 and
+  f.(FieldContent).getField() = node2.getAField()
 }
 
 /**
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -368,6 +368,18 @@ class VariableNode extends Node, TVariableNode {
   override string toString() { result = v.toString() }
 }
 
+abstract class ReadStepNode extends Node {
+  abstract Field getAField();
+
+  abstract Node getReadValue();
+}
+
+abstract class StoreStepNode extends PostUpdateNode {
+  abstract Field getAField();
+
+  abstract Node getStoredValue();
+}
+
 /**
  * Gets the node corresponding to `instr`.
  */
