Address PR comment and fix bug

Fixes a bug where loads for array indexes would be ignored, even though the only ignored load in an array access should be the qualifier's.
2026-04-28 02:05:14 +02:00 · 2019-09-17 15:53:14 +01:00
parent fa74ed3419
commit 47750513de
4 changed files with 115 additions and 101 deletions
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedElement.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedElement.qll
@@ -177,7 +177,7 @@ private predicate usedAsCondition(Expr expr) {
 /**
 * Holds if we should have a `Load` instruction for `expr` when generating the IR.
 */
-predicate needsLoad(Expr expr) {
+predicate mayNeedLoad(Expr expr) {
  expr instanceof AssignableRead
  or
  // We need an extra load for the `PointerIndirectionExpr`
@@ -187,12 +187,18 @@ predicate needsLoad(Expr expr) {
  not exists(Assignment a | a.getLValue() = expr)
 }

+predicate needsLoad(Expr expr) {
+  mayNeedLoad(expr) and
+  not ignoreLoad(expr)
+}
+
 /**
 * Holds if we should ignore the `Load` instruction for `expr` when generating IR.
 */
 predicate ignoreLoad(Expr expr) {
-  // No load needed for an array access
-  expr.getParent() instanceof ArrayAccess
+  // No load needed for the qualifier
+  // in an array access
+  expr = any(ArrayAccess aa).getQualifier()
  or
  // No load is needed for the lvalue in an assignment such as:
  // Eg. `Object obj = oldObj`;
@@ -241,7 +247,6 @@ newtype TTranslatedElement =
  // expression.
  TTranslatedLoad(Expr expr) {
    not ignoreExpr(expr) and
-    not ignoreLoad(expr) and
    needsLoad(expr)
  } or
  // An expression most naturally translated as control flow.
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -94,10 +94,6 @@ abstract class TranslatedCoreExpr extends TranslatedExpr {
  final override predicate producesExprResult() {
    // If the expr needs a load, its translation does not produce the final value.
    not needsLoad(expr)
-    or
-    // If we're supposed to ignore the load on this expression, then this
-    // expression produces the final value.
-    ignoreLoad(expr)
  }

  /**
--- a/csharp/ql/test/library-tests/ir/ir/array.cs
+++ b/csharp/ql/test/library-tests/ir/ir/array.cs
@@ -5,6 +5,9 @@ public class ArrayTest {
        one_dim[0] = 1000;
        one_dim[1] = one_dim[0];
        one_dim[1] = 1003;
+
+        int i = 0;
+        one_dim[i] = 0;
    }

    public void twod_and_init_acc() 
--- a/csharp/ql/test/library-tests/ir/ir/raw_ir.expected
+++ b/csharp/ql/test/library-tests/ir/ir/raw_ir.expected
@@ -41,100 +41,110 @@ array.cs:
 #    7|     r0_37(Int32)           = Constant[1]              : 
 #    7|     r0_38(Int32[])         = PointerAdd[4]            : r0_36, r0_37
 #    7|     mu0_39(Int32)          = Store                    : &:r0_38, r0_34
-#    2|     v0_40(Void)            = ReturnVoid               : 
-#    2|     v0_41(Void)            = UnmodeledUse             : mu*
-#    2|     v0_42(Void)            = ExitFunction             : 
+#    9|     r0_40(glval<Int32>)    = VariableAddress[i]       : 
+#    9|     r0_41(Int32)           = Constant[0]              : 
+#    9|     mu0_42(Int32)          = Store                    : &:r0_40, r0_41
+#   10|     r0_43(Int32)           = Constant[0]              : 
+#   10|     r0_44(glval<Int32[]>)  = VariableAddress[one_dim] : 
+#   10|     r0_45(Int32[])         = ElementsAddress          : r0_44
+#   10|     r0_46(glval<Int32>)    = VariableAddress[i]       : 
+#   10|     r0_47(Int32)           = Load                     : &:r0_46, ~mu0_2
+#   10|     r0_48(Int32[])         = PointerAdd[4]            : r0_45, r0_47
+#   10|     mu0_49(Int32)          = Store                    : &:r0_48, r0_43
+#    2|     v0_50(Void)            = ReturnVoid               : 
+#    2|     v0_51(Void)            = UnmodeledUse             : mu*
+#    2|     v0_52(Void)            = ExitFunction             : 

-#   10| System.Void ArrayTest.twod_and_init_acc()
-#   10|   Block 0
-#   10|     v0_0(Void)             = EnterFunction       : 
-#   10|     mu0_1(null)            = AliasedDefinition   : 
-#   10|     mu0_2(null)            = UnmodeledDefinition : 
-#   10|     r0_3(glval<ArrayTest>) = InitializeThis      : 
-#   12|     r0_4(glval<Int32[,]>)  = VariableAddress[a]  : 
-#   12|     mu0_5(Int32[,])        = Uninitialized[a]    : &:r0_4
-#   12|     r0_6(Int32)            = Constant[0]         : 
-#   12|     r0_7(glval<null>)      = PointerAdd          : r0_4, r0_6
-#   12|     r0_8(Int32)            = Constant[0]         : 
-#   12|     r0_9(glval<Int32>)     = PointerAdd          : r0_7, r0_8
-#   12|     r0_10(Int32)           = Constant[100]       : 
-#   12|     mu0_11(Int32)          = Store               : &:r0_9, r0_10
-#   12|     r0_12(Int32)           = Constant[1]         : 
-#   12|     r0_13(glval<Int32>)    = PointerAdd          : r0_7, r0_12
-#   12|     r0_14(Int32)           = Constant[101]       : 
-#   12|     mu0_15(Int32)          = Store               : &:r0_13, r0_14
-#   12|     r0_16(Int32)           = Constant[1]         : 
-#   12|     r0_17(glval<null>)     = PointerAdd          : r0_4, r0_16
-#   12|     r0_18(Int32)           = Constant[0]         : 
-#   12|     r0_19(glval<Int32>)    = PointerAdd          : r0_17, r0_18
-#   12|     r0_20(Int32)           = Constant[102]       : 
-#   12|     mu0_21(Int32)          = Store               : &:r0_19, r0_20
-#   12|     r0_22(Int32)           = Constant[1]         : 
-#   12|     r0_23(glval<Int32>)    = PointerAdd          : r0_17, r0_22
-#   12|     r0_24(Int32)           = Constant[103]       : 
-#   12|     mu0_25(Int32)          = Store               : &:r0_23, r0_24
-#   13|     r0_26(glval<Int32[,]>) = VariableAddress[b]  : 
-#   13|     mu0_27(Int32[,])       = Uninitialized[b]    : &:r0_26
-#   14|     r0_28(glval<Int32[,]>) = VariableAddress[c]  : 
-#   14|     mu0_29(Int32[,])       = Uninitialized[c]    : &:r0_28
-#   14|     r0_30(Int32)           = Constant[0]         : 
-#   14|     r0_31(glval<null>)     = PointerAdd          : r0_28, r0_30
-#   14|     r0_32(Int32)           = Constant[0]         : 
-#   14|     r0_33(glval<Int32>)    = PointerAdd          : r0_31, r0_32
-#   14|     r0_34(Int32)           = Constant[100]       : 
-#   14|     mu0_35(Int32)          = Store               : &:r0_33, r0_34
-#   14|     r0_36(Int32)           = Constant[1]         : 
-#   14|     r0_37(glval<Int32>)    = PointerAdd          : r0_31, r0_36
-#   14|     r0_38(Int32)           = Constant[101]       : 
-#   14|     mu0_39(Int32)          = Store               : &:r0_37, r0_38
-#   14|     r0_40(Int32)           = Constant[1]         : 
-#   14|     r0_41(glval<null>)     = PointerAdd          : r0_28, r0_40
-#   14|     r0_42(Int32)           = Constant[0]         : 
-#   14|     r0_43(glval<Int32>)    = PointerAdd          : r0_41, r0_42
-#   14|     r0_44(Int32)           = Constant[102]       : 
-#   14|     mu0_45(Int32)          = Store               : &:r0_43, r0_44
-#   14|     r0_46(Int32)           = Constant[1]         : 
-#   14|     r0_47(glval<Int32>)    = PointerAdd          : r0_41, r0_46
-#   14|     r0_48(Int32)           = Constant[103]       : 
-#   14|     mu0_49(Int32)          = Store               : &:r0_47, r0_48
-#   15|     r0_50(glval<Int32[,]>) = VariableAddress[d]  : 
-#   15|     mu0_51(Int32[,])       = Uninitialized[d]    : &:r0_50
-#   15|     r0_52(Int32)           = Constant[0]         : 
-#   15|     r0_53(glval<null>)     = PointerAdd          : r0_50, r0_52
-#   15|     r0_54(Int32)           = Constant[0]         : 
-#   15|     r0_55(glval<Int32>)    = PointerAdd          : r0_53, r0_54
-#   15|     r0_56(Int32)           = Constant[100]       : 
-#   15|     mu0_57(Int32)          = Store               : &:r0_55, r0_56
-#   15|     r0_58(Int32)           = Constant[1]         : 
-#   15|     r0_59(glval<Int32>)    = PointerAdd          : r0_53, r0_58
-#   15|     r0_60(Int32)           = Constant[101]       : 
-#   15|     mu0_61(Int32)          = Store               : &:r0_59, r0_60
-#   15|     r0_62(Int32)           = Constant[1]         : 
-#   15|     r0_63(glval<null>)     = PointerAdd          : r0_50, r0_62
-#   15|     r0_64(Int32)           = Constant[0]         : 
-#   15|     r0_65(glval<Int32>)    = PointerAdd          : r0_63, r0_64
-#   15|     r0_66(Int32)           = Constant[102]       : 
-#   15|     mu0_67(Int32)          = Store               : &:r0_65, r0_66
-#   15|     r0_68(Int32)           = Constant[1]         : 
-#   15|     r0_69(glval<Int32>)    = PointerAdd          : r0_63, r0_68
-#   15|     r0_70(Int32)           = Constant[103]       : 
-#   15|     mu0_71(Int32)          = Store               : &:r0_69, r0_70
-#   16|     r0_72(glval<Int32[,]>) = VariableAddress[e]  : 
-#   16|     r0_73(glval<Int32[,]>) = VariableAddress[a]  : 
-#   16|     r0_74(Int32[,])        = Load                : &:r0_73, ~mu0_2
-#   16|     mu0_75(Int32[,])       = Store               : &:r0_72, r0_74
-#   17|     r0_76(Int32)           = Constant[-1]        : 
-#   17|     r0_77(glval<Int32[,]>) = VariableAddress[e]  : 
-#   17|     r0_78(Int32[,])        = ElementsAddress     : r0_77
-#   17|     r0_79(Int32)           = Constant[1]         : 
-#   17|     r0_80(Int32[,])        = PointerAdd[4]       : r0_78, r0_79
-#   17|     r0_81(Int32[])         = ElementsAddress     : r0_80
-#   17|     r0_82(Int32)           = Constant[1]         : 
-#   17|     r0_83(Int32[])         = PointerAdd[4]       : r0_81, r0_82
-#   17|     mu0_84(Int32)          = Store               : &:r0_83, r0_76
-#   10|     v0_85(Void)            = ReturnVoid          : 
-#   10|     v0_86(Void)            = UnmodeledUse        : mu*
-#   10|     v0_87(Void)            = ExitFunction        : 
+#   13| System.Void ArrayTest.twod_and_init_acc()
+#   13|   Block 0
+#   13|     v0_0(Void)             = EnterFunction       : 
+#   13|     mu0_1(null)            = AliasedDefinition   : 
+#   13|     mu0_2(null)            = UnmodeledDefinition : 
+#   13|     r0_3(glval<ArrayTest>) = InitializeThis      : 
+#   15|     r0_4(glval<Int32[,]>)  = VariableAddress[a]  : 
+#   15|     mu0_5(Int32[,])        = Uninitialized[a]    : &:r0_4
+#   15|     r0_6(Int32)            = Constant[0]         : 
+#   15|     r0_7(glval<null>)      = PointerAdd          : r0_4, r0_6
+#   15|     r0_8(Int32)            = Constant[0]         : 
+#   15|     r0_9(glval<Int32>)     = PointerAdd          : r0_7, r0_8
+#   15|     r0_10(Int32)           = Constant[100]       : 
+#   15|     mu0_11(Int32)          = Store               : &:r0_9, r0_10
+#   15|     r0_12(Int32)           = Constant[1]         : 
+#   15|     r0_13(glval<Int32>)    = PointerAdd          : r0_7, r0_12
+#   15|     r0_14(Int32)           = Constant[101]       : 
+#   15|     mu0_15(Int32)          = Store               : &:r0_13, r0_14
+#   15|     r0_16(Int32)           = Constant[1]         : 
+#   15|     r0_17(glval<null>)     = PointerAdd          : r0_4, r0_16
+#   15|     r0_18(Int32)           = Constant[0]         : 
+#   15|     r0_19(glval<Int32>)    = PointerAdd          : r0_17, r0_18
+#   15|     r0_20(Int32)           = Constant[102]       : 
+#   15|     mu0_21(Int32)          = Store               : &:r0_19, r0_20
+#   15|     r0_22(Int32)           = Constant[1]         : 
+#   15|     r0_23(glval<Int32>)    = PointerAdd          : r0_17, r0_22
+#   15|     r0_24(Int32)           = Constant[103]       : 
+#   15|     mu0_25(Int32)          = Store               : &:r0_23, r0_24
+#   16|     r0_26(glval<Int32[,]>) = VariableAddress[b]  : 
+#   16|     mu0_27(Int32[,])       = Uninitialized[b]    : &:r0_26
+#   17|     r0_28(glval<Int32[,]>) = VariableAddress[c]  : 
+#   17|     mu0_29(Int32[,])       = Uninitialized[c]    : &:r0_28
+#   17|     r0_30(Int32)           = Constant[0]         : 
+#   17|     r0_31(glval<null>)     = PointerAdd          : r0_28, r0_30
+#   17|     r0_32(Int32)           = Constant[0]         : 
+#   17|     r0_33(glval<Int32>)    = PointerAdd          : r0_31, r0_32
+#   17|     r0_34(Int32)           = Constant[100]       : 
+#   17|     mu0_35(Int32)          = Store               : &:r0_33, r0_34
+#   17|     r0_36(Int32)           = Constant[1]         : 
+#   17|     r0_37(glval<Int32>)    = PointerAdd          : r0_31, r0_36
+#   17|     r0_38(Int32)           = Constant[101]       : 
+#   17|     mu0_39(Int32)          = Store               : &:r0_37, r0_38
+#   17|     r0_40(Int32)           = Constant[1]         : 
+#   17|     r0_41(glval<null>)     = PointerAdd          : r0_28, r0_40
+#   17|     r0_42(Int32)           = Constant[0]         : 
+#   17|     r0_43(glval<Int32>)    = PointerAdd          : r0_41, r0_42
+#   17|     r0_44(Int32)           = Constant[102]       : 
+#   17|     mu0_45(Int32)          = Store               : &:r0_43, r0_44
+#   17|     r0_46(Int32)           = Constant[1]         : 
+#   17|     r0_47(glval<Int32>)    = PointerAdd          : r0_41, r0_46
+#   17|     r0_48(Int32)           = Constant[103]       : 
+#   17|     mu0_49(Int32)          = Store               : &:r0_47, r0_48
+#   18|     r0_50(glval<Int32[,]>) = VariableAddress[d]  : 
+#   18|     mu0_51(Int32[,])       = Uninitialized[d]    : &:r0_50
+#   18|     r0_52(Int32)           = Constant[0]         : 
+#   18|     r0_53(glval<null>)     = PointerAdd          : r0_50, r0_52
+#   18|     r0_54(Int32)           = Constant[0]         : 
+#   18|     r0_55(glval<Int32>)    = PointerAdd          : r0_53, r0_54
+#   18|     r0_56(Int32)           = Constant[100]       : 
+#   18|     mu0_57(Int32)          = Store               : &:r0_55, r0_56
+#   18|     r0_58(Int32)           = Constant[1]         : 
+#   18|     r0_59(glval<Int32>)    = PointerAdd          : r0_53, r0_58
+#   18|     r0_60(Int32)           = Constant[101]       : 
+#   18|     mu0_61(Int32)          = Store               : &:r0_59, r0_60
+#   18|     r0_62(Int32)           = Constant[1]         : 
+#   18|     r0_63(glval<null>)     = PointerAdd          : r0_50, r0_62
+#   18|     r0_64(Int32)           = Constant[0]         : 
+#   18|     r0_65(glval<Int32>)    = PointerAdd          : r0_63, r0_64
+#   18|     r0_66(Int32)           = Constant[102]       : 
+#   18|     mu0_67(Int32)          = Store               : &:r0_65, r0_66
+#   18|     r0_68(Int32)           = Constant[1]         : 
+#   18|     r0_69(glval<Int32>)    = PointerAdd          : r0_63, r0_68
+#   18|     r0_70(Int32)           = Constant[103]       : 
+#   18|     mu0_71(Int32)          = Store               : &:r0_69, r0_70
+#   19|     r0_72(glval<Int32[,]>) = VariableAddress[e]  : 
+#   19|     r0_73(glval<Int32[,]>) = VariableAddress[a]  : 
+#   19|     r0_74(Int32[,])        = Load                : &:r0_73, ~mu0_2
+#   19|     mu0_75(Int32[,])       = Store               : &:r0_72, r0_74
+#   20|     r0_76(Int32)           = Constant[-1]        : 
+#   20|     r0_77(glval<Int32[,]>) = VariableAddress[e]  : 
+#   20|     r0_78(Int32[,])        = ElementsAddress     : r0_77
+#   20|     r0_79(Int32)           = Constant[1]         : 
+#   20|     r0_80(Int32[,])        = PointerAdd[4]       : r0_78, r0_79
+#   20|     r0_81(Int32[])         = ElementsAddress     : r0_80
+#   20|     r0_82(Int32)           = Constant[1]         : 
+#   20|     r0_83(Int32[])         = PointerAdd[4]       : r0_81, r0_82
+#   20|     mu0_84(Int32)          = Store               : &:r0_83, r0_76
+#   13|     v0_85(Void)            = ReturnVoid          : 
+#   13|     v0_86(Void)            = UnmodeledUse        : mu*
+#   13|     v0_87(Void)            = ExitFunction        : 

 assignop.cs:
 #    4| System.Void AssignOp.Main()