C++/C#: Add new MemoryAccessKind to represent entire allocation

2025-12-20 10:46:30 +01:00 · 2020-01-28 10:41:53 -07:00
parent a9bcc1dcc6
commit 1b1fded535
4 changed files with 76 additions and 4 deletions
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll
@@ -1,6 +1,7 @@
 private newtype TMemoryAccessKind =
  TIndirectMemoryAccess() or
  TBufferMemoryAccess() or
+  TEntireAllocationMemoryAccess() or
  TEscapedMemoryAccess() or
  TNonLocalMemoryAccess() or
  TPhiMemoryAccess() or
@@ -43,6 +44,16 @@ class BufferMemoryAccess extends MemoryAccessKind, TBufferMemoryAccess {
  final override predicate usesAddressOperand() { any() }
 }

+/**
+ * The operand or results accesses all memory in the contiguous allocation that contains the address
+ * specified by the `AddressOperand` on the same instruction.
+ */
+class EntireAllocationMemoryAccess extends MemoryAccessKind, TEntireAllocationMemoryAccess {
+  override string toString() { result = "alloc" }
+
+  final override predicate usesAddressOperand() { any() }
+}
+
 /**
 * The operand or result accesses all memory whose address has escaped.
 */
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll
@@ -232,6 +232,31 @@ abstract class BufferReadOpcode extends BufferAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() { result instanceof BufferMemoryAccess }
 }

+/**
+ * An opcode that access an entire memory allocation.
+ */
+abstract class EntireAllocationAccessOpcode extends Opcode {
+  final override predicate hasAddressOperand() { any() }
+}
+
+/**
+ * An opcode that write to an entire memory allocation.
+ */
+abstract class EntireAllocationWriteOpcode extends EntireAllocationAccessOpcode {
+  final override MemoryAccessKind getWriteMemoryAccess() {
+    result instanceof EntireAllocationMemoryAccess
+  }
+}
+
+/**
+ * An opcode that reads from an entire memory allocation.
+ */
+abstract class EntireAllocationReadOpcode extends EntireAllocationAccessOpcode {
+  final override MemoryAccessKind getReadMemoryAccess() {
+    result instanceof EntireAllocationMemoryAccess
+  }
+}
+
 /**
 * An opcode that accesses a memory buffer whose size is determined by a `BufferSizeOperand`.
 */
@@ -325,7 +350,7 @@ module Opcode {
    final override string toString() { result = "InitializeParameter" }
  }

-  class InitializeIndirection extends IndirectWriteOpcode, TInitializeIndirection {
+  class InitializeIndirection extends EntireAllocationWriteOpcode, TInitializeIndirection {
    final override string toString() { result = "InitializeIndirection" }
  }

@@ -349,7 +374,7 @@ module Opcode {
    final override string toString() { result = "ReturnVoid" }
  }

-  class ReturnIndirection extends IndirectReadOpcode, TReturnIndirection {
+  class ReturnIndirection extends EntireAllocationReadOpcode, TReturnIndirection {
    final override string toString() { result = "ReturnIndirection" }

    final override predicate hasOperandInternal(OperandTag tag) {