CPP: Libraries: Separate deallocation libraries.

cpp/ql/src/semmle/code/cpp/commons/Alloc.qll

@@ -1,5 +1,6 @@
 import cpp
 import semmle.code.cpp.models.interfaces.Allocation
+import semmle.code.cpp.models.interfaces.Deallocation
 
 /**
  * A library routine that allocates memory.

cpp/ql/src/semmle/code/cpp/models/Models.qll

@@ -1,4 +1,5 @@
 private import implementations.Allocation
+private import implementations.Deallocation
 private import implementations.IdentityFunction
 private import implementations.Inet
 private import implementations.Memcpy

cpp/ql/src/semmle/code/cpp/models/implementations/Allocation.qll

@@ -209,119 +209,3 @@ class NewArrayAllocationExpr extends AllocationExpr, NewArrayExpr {
     result = getAllocatedType().getSize()
   }
 }
-
-/**
- * A deallocation function such as `free`.
- */
-class StandardDeallocationFunction extends DeallocationFunction {
-  int freedArg;
-
-  StandardDeallocationFunction() {
-    exists(string name |
-      hasGlobalName(name) and
-      (
-        name = "free" and freedArg = 0
-        or
-        name = "realloc" and freedArg = 0
-      )
-      or
-      hasGlobalOrStdName(name) and
-      (
-        name = "ExFreePoolWithTag" and freedArg = 0
-        or
-        name = "ExFreeToLookasideListEx" and freedArg = 1
-        or
-        name = "ExFreeToPagedLookasideList" and freedArg = 1
-        or
-        name = "ExFreeToNPagedLookasideList" and freedArg = 1
-        or
-        name = "ExDeleteTimer" and freedArg = 0
-        or
-        name = "IoFreeMdl" and freedArg = 0
-        or
-        name = "IoFreeWorkItem" and freedArg = 0
-        or
-        name = "IoFreeErrorLogEntry" and freedArg = 0
-        or
-        name = "MmFreeContiguousMemory" and freedArg = 0
-        or
-        name = "MmFreeContiguousMemorySpecifyCache" and freedArg = 0
-        or
-        name = "MmFreeNonCachedMemory" and freedArg = 0
-        or
-        name = "MmFreeMappingAddress" and freedArg = 0
-        or
-        name = "MmFreePagesFromMdl" and freedArg = 0
-        or
-        name = "MmUnmapReservedMapping" and freedArg = 0
-        or
-        name = "MmUnmapLockedPages" and freedArg = 0
-        or
-        name = "LocalFree" and freedArg = 0
-        or
-        name = "GlobalFree" and freedArg = 0
-        or
-        name = "HeapFree" and freedArg = 2
-        or
-        name = "VirtualFree" and freedArg = 0
-        or
-        name = "CoTaskMemFree" and freedArg = 0
-        or
-        name = "SysFreeString" and freedArg = 0
-        or
-        name = "LocalReAlloc" and freedArg = 0
-        or
-        name = "GlobalReAlloc" and freedArg = 0
-        or
-        name = "HeapReAlloc" and freedArg = 2
-        or
-        name = "CoTaskMemRealloc" and freedArg = 0
-      )
-    )
-  }
-
-  override int getFreedArg() {
-  	result = freedArg
-  }
-}
-
-/**
- * An deallocation expression that is a function call, such as call to `free`.
- */
-class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
-  DeallocationFunction target;
-
-  CallDeallocationExpr() {
-  	target = getTarget()
-  }
-
-  override Expr getFreedExpr() {
-    result = getArgument(target.getFreedArg())
-  }
-}
-
-/**
- * An deallocation expression that is a `delete` expression.
- */
-class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
-  DeleteDeallocationExpr() {
-    this instanceof DeleteExpr
-  }
-
-  override Expr getFreedExpr() {
-    result = getExpr()
-  }
-}
-
-/**
- * An deallocation expression that is a `delete []` expression.
- */
-class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr {
-  DeleteArrayDeallocationExpr() {
-    this instanceof DeleteArrayExpr
-  }
-
-  override Expr getFreedExpr() {
-    result = getExpr()
-  }
-}

cpp/ql/src/semmle/code/cpp/models/implementations/Deallocation.qll

@@ -0,0 +1,117 @@
+import semmle.code.cpp.models.interfaces.Allocation
+
+/**
+ * A deallocation function such as `free`.
+ */
+class StandardDeallocationFunction extends DeallocationFunction {
+  int freedArg;
+
+  StandardDeallocationFunction() {
+    exists(string name |
+      hasGlobalName(name) and
+      (
+        name = "free" and freedArg = 0
+        or
+        name = "realloc" and freedArg = 0
+      )
+      or
+      hasGlobalOrStdName(name) and
+      (
+        name = "ExFreePoolWithTag" and freedArg = 0
+        or
+        name = "ExFreeToLookasideListEx" and freedArg = 1
+        or
+        name = "ExFreeToPagedLookasideList" and freedArg = 1
+        or
+        name = "ExFreeToNPagedLookasideList" and freedArg = 1
+        or
+        name = "ExDeleteTimer" and freedArg = 0
+        or
+        name = "IoFreeMdl" and freedArg = 0
+        or
+        name = "IoFreeWorkItem" and freedArg = 0
+        or
+        name = "IoFreeErrorLogEntry" and freedArg = 0
+        or
+        name = "MmFreeContiguousMemory" and freedArg = 0
+        or
+        name = "MmFreeContiguousMemorySpecifyCache" and freedArg = 0
+        or
+        name = "MmFreeNonCachedMemory" and freedArg = 0
+        or
+        name = "MmFreeMappingAddress" and freedArg = 0
+        or
+        name = "MmFreePagesFromMdl" and freedArg = 0
+        or
+        name = "MmUnmapReservedMapping" and freedArg = 0
+        or
+        name = "MmUnmapLockedPages" and freedArg = 0
+        or
+        name = "LocalFree" and freedArg = 0
+        or
+        name = "GlobalFree" and freedArg = 0
+        or
+        name = "HeapFree" and freedArg = 2
+        or
+        name = "VirtualFree" and freedArg = 0
+        or
+        name = "CoTaskMemFree" and freedArg = 0
+        or
+        name = "SysFreeString" and freedArg = 0
+        or
+        name = "LocalReAlloc" and freedArg = 0
+        or
+        name = "GlobalReAlloc" and freedArg = 0
+        or
+        name = "HeapReAlloc" and freedArg = 2
+        or
+        name = "CoTaskMemRealloc" and freedArg = 0
+      )
+    )
+  }
+
+  override int getFreedArg() {
+  	result = freedArg
+  }
+}
+
+/**
+ * An deallocation expression that is a function call, such as call to `free`.
+ */
+class CallDeallocationExpr extends DeallocationExpr, FunctionCall {
+  DeallocationFunction target;
+
+  CallDeallocationExpr() {
+  	target = getTarget()
+  }
+
+  override Expr getFreedExpr() {
+    result = getArgument(target.getFreedArg())
+  }
+}
+
+/**
+ * An deallocation expression that is a `delete` expression.
+ */
+class DeleteDeallocationExpr extends DeallocationExpr, DeleteExpr {
+  DeleteDeallocationExpr() {
+    this instanceof DeleteExpr
+  }
+
+  override Expr getFreedExpr() {
+    result = getExpr()
+  }
+}
+
+/**
+ * An deallocation expression that is a `delete []` expression.
+ */
+class DeleteArrayDeallocationExpr extends DeallocationExpr, DeleteArrayExpr {
+  DeleteArrayDeallocationExpr() {
+    this instanceof DeleteArrayExpr
+  }
+
+  override Expr getFreedExpr() {
+    result = getExpr()
+  }
+}

cpp/ql/src/semmle/code/cpp/models/interfaces/Allocation.qll

@@ -1,9 +1,9 @@
 /**
  * Provides an abstract class for modelling functions and expressions that
- * allocate or deallocate memory, such as the standard `malloc` function.  To
+ * allocate memory, such as the standard `malloc` function.  To use this QL
- * use this QL library, create one or more QL classes extending classes here
+ * library, create one or more QL classes extending a class here with a
- * with a characteristic predicate that selects the functions or expressions
+ * characteristic predicate that selects the functions or expressions you are
- * you are trying to model. Within that class, override the predicates provided
+ * trying to model. Within that class, override the predicates provided
  * by the abstract class to match the specifics of those functions or
  * expressions. Finally, add a private import statement to `Models.qll`.
  */
@@ -64,23 +64,3 @@ abstract class AllocationExpr extends Expr {
    */
   Expr getReallocPtr() { none() }
 }
-
-/**
- * A deallocation function such as `free`.
- */
-abstract class DeallocationFunction extends Function {
-  /**
-   * Gets the index of the argument that is freed by this function.
-   */
-  int getFreedArg() { none() }
-}
-
-/**
- * An deallocation expression such as call to `free` or a `delete` expression.
- */
-abstract class DeallocationExpr extends Expr {
-  /**
-   * Gets the expression that is freed by this function.
-   */
-  Expr getFreedExpr() { none() }
-}

cpp/ql/src/semmle/code/cpp/models/interfaces/Deallocation.qll

@@ -0,0 +1,32 @@
+/**
+ * Provides an abstract class for modelling functions and expressions that
+ * deallocate memory, such as the standard `free` function.  To use this QL
+ * library, create one or more QL classes extending a class here with a
+ * characteristic predicate that selects the functions or expressions you are
+ * trying to model. Within that class, override the predicates provided
+ * by the abstract class to match the specifics of those functions or
+ * expressions. Finally, add a private import statement to `Models.qll`.
+ */
+
+import semmle.code.cpp.Function
+import semmle.code.cpp.models.Models
+
+/**
+ * A deallocation function such as `free`.
+ */
+abstract class DeallocationFunction extends Function {
+  /**
+   * Gets the index of the argument that is freed by this function.
+   */
+  int getFreedArg() { none() }
+}
+
+/**
+ * An deallocation expression such as call to `free` or a `delete` expression.
+ */
+abstract class DeallocationExpr extends Expr {
+  /**
+   * Gets the expression that is freed by this function.
+   */
+  Expr getFreedExpr() { none() }
+}