C++/C#: Add new MemoryAccessKind to represent entire allocation

2025-12-21 11:16:30 +01:00 · 2020-01-28 10:41:53 -07:00
parent a9bcc1dcc6
commit 1b1fded535
4 changed files with 76 additions and 4 deletions
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll
@@ -1,6 +1,7 @@
 private newtype TMemoryAccessKind =
  TIndirectMemoryAccess() or
  TBufferMemoryAccess() or
  TEntireAllocationMemoryAccess() or
  TEscapedMemoryAccess() or
  TNonLocalMemoryAccess() or
  TPhiMemoryAccess() or
@@ -43,6 +44,16 @@ class BufferMemoryAccess extends MemoryAccessKind, TBufferMemoryAccess {
  final override predicate usesAddressOperand() { any() }
 }
 /**
 * The operand or results accesses all memory in the contiguous allocation that contains the address
 * specified by the `AddressOperand` on the same instruction.
 */
 class EntireAllocationMemoryAccess extends MemoryAccessKind, TEntireAllocationMemoryAccess {
  override string toString() { result = "alloc" }
  final override predicate usesAddressOperand() { any() }
 }
 /**
 * The operand or result accesses all memory whose address has escaped.
 */
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll
@@ -232,6 +232,31 @@ abstract class BufferReadOpcode extends BufferAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() { result instanceof BufferMemoryAccess }
 }
 /**
 * An opcode that access an entire memory allocation.
 */
 abstract class EntireAllocationAccessOpcode extends Opcode {
  final override predicate hasAddressOperand() { any() }
 }
 /**
 * An opcode that write to an entire memory allocation.
 */
 abstract class EntireAllocationWriteOpcode extends EntireAllocationAccessOpcode {
  final override MemoryAccessKind getWriteMemoryAccess() {
    result instanceof EntireAllocationMemoryAccess
  }
 }
 /**
 * An opcode that reads from an entire memory allocation.
 */
 abstract class EntireAllocationReadOpcode extends EntireAllocationAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() {
    result instanceof EntireAllocationMemoryAccess
  }
 }
 /**
 * An opcode that accesses a memory buffer whose size is determined by a `BufferSizeOperand`.
 */
@@ -325,7 +350,7 @@ module Opcode {
    final override string toString() { result = "InitializeParameter" }
  }
-  class InitializeIndirection extends IndirectWriteOpcode, TInitializeIndirection {
+  class InitializeIndirection extends EntireAllocationWriteOpcode, TInitializeIndirection {
    final override string toString() { result = "InitializeIndirection" }
  }
@@ -349,7 +374,7 @@ module Opcode {
    final override string toString() { result = "ReturnVoid" }
  }
-  class ReturnIndirection extends IndirectReadOpcode, TReturnIndirection {
+  class ReturnIndirection extends EntireAllocationReadOpcode, TReturnIndirection {
    final override string toString() { result = "ReturnIndirection" }
    final override predicate hasOperandInternal(OperandTag tag) {
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/MemoryAccessKind.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/MemoryAccessKind.qll
@@ -1,6 +1,7 @@
 private newtype TMemoryAccessKind =
  TIndirectMemoryAccess() or
  TBufferMemoryAccess() or
  TEntireAllocationMemoryAccess() or
  TEscapedMemoryAccess() or
  TNonLocalMemoryAccess() or
  TPhiMemoryAccess() or
@@ -43,6 +44,16 @@ class BufferMemoryAccess extends MemoryAccessKind, TBufferMemoryAccess {
  final override predicate usesAddressOperand() { any() }
 }
 /**
 * The operand or results accesses all memory in the contiguous allocation that contains the address
 * specified by the `AddressOperand` on the same instruction.
 */
 class EntireAllocationMemoryAccess extends MemoryAccessKind, TEntireAllocationMemoryAccess {
  override string toString() { result = "alloc" }
  final override predicate usesAddressOperand() { any() }
 }
 /**
 * The operand or result accesses all memory whose address has escaped.
 */
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/Opcode.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/Opcode.qll
@@ -232,6 +232,31 @@ abstract class BufferReadOpcode extends BufferAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() { result instanceof BufferMemoryAccess }
 }
 /**
 * An opcode that access an entire memory allocation.
 */
 abstract class EntireAllocationAccessOpcode extends Opcode {
  final override predicate hasAddressOperand() { any() }
 }
 /**
 * An opcode that write to an entire memory allocation.
 */
 abstract class EntireAllocationWriteOpcode extends EntireAllocationAccessOpcode {
  final override MemoryAccessKind getWriteMemoryAccess() {
    result instanceof EntireAllocationMemoryAccess
  }
 }
 /**
 * An opcode that reads from an entire memory allocation.
 */
 abstract class EntireAllocationReadOpcode extends EntireAllocationAccessOpcode {
  final override MemoryAccessKind getReadMemoryAccess() {
    result instanceof EntireAllocationMemoryAccess
  }
 }
 /**
 * An opcode that accesses a memory buffer whose size is determined by a `BufferSizeOperand`.
 */
@@ -325,7 +350,7 @@ module Opcode {
    final override string toString() { result = "InitializeParameter" }
  }
-  class InitializeIndirection extends IndirectWriteOpcode, TInitializeIndirection {
+  class InitializeIndirection extends EntireAllocationWriteOpcode, TInitializeIndirection {
    final override string toString() { result = "InitializeIndirection" }
  }
@@ -349,7 +374,7 @@ module Opcode {
    final override string toString() { result = "ReturnVoid" }
  }
-  class ReturnIndirection extends IndirectReadOpcode, TReturnIndirection {
+  class ReturnIndirection extends EntireAllocationReadOpcode, TReturnIndirection {
    final override string toString() { result = "ReturnIndirection" }
    final override predicate hasOperandInternal(OperandTag tag) {