Merge pull request #18014 from microsoft/brodes/seh_flow_phase1_throwing_models

Brodes/seh flow phase1 throwing models

cpp/ql/lib/change-notes/2024-11-18-throwing-functions.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `NonThrowing` class (`semmle.code.cpp.models.interfaces.NonThrowing`) has been deprecated. Please use the `NonCppThrowingFunction` class instead.

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -364,10 +364,14 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
 
   final override predicate mayThrowException() {
     expr.getTarget().(ThrowingFunction).mayThrowException(_)
+    or
+    expr.getTarget() instanceof AlwaysSehThrowingFunction
   }
 
   final override predicate mustThrowException() {
     expr.getTarget().(ThrowingFunction).mayThrowException(true)
+    or
+    expr.getTarget() instanceof AlwaysSehThrowingFunction
   }
 }
 

cpp/ql/lib/semmle/code/cpp/models/implementations/Memcpy.qll

@@ -16,7 +16,7 @@ import semmle.code.cpp.models.interfaces.NonThrowing
  * `__builtin___memcpy_chk`.
  */
 private class MemcpyFunction extends ArrayFunction, DataFlowFunction, SideEffectFunction,
-  AliasFunction, NonThrowingFunction
+  AliasFunction, NonCppThrowingFunction
 {
   MemcpyFunction() {
     // memcpy(dest, src, num)

cpp/ql/lib/semmle/code/cpp/models/implementations/Memset.qll

@@ -11,7 +11,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
 import semmle.code.cpp.models.interfaces.NonThrowing
 
 private class MemsetFunctionModel extends ArrayFunction, DataFlowFunction, AliasFunction,
-  SideEffectFunction, NonThrowingFunction
+  SideEffectFunction, NonCppThrowingFunction
 {
   MemsetFunctionModel() {
     this.hasGlobalOrStdOrBslName("memset")

cpp/ql/lib/semmle/code/cpp/models/implementations/NoexceptFunction.qll

@@ -6,6 +6,6 @@ import semmle.code.cpp.models.interfaces.NonThrowing
  *
  * Note: The `throw` specifier was deprecated in C++11 and removed in C++17.
  */
-class NoexceptFunction extends NonThrowingFunction {
+class NoexceptFunction extends NonCppThrowingFunction {
   NoexceptFunction() { this.isNoExcept() or this.isNoThrow() }
 }

cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll

@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.NonThrowing
 /**
  * The standard functions `printf`, `wprintf` and their glib variants.
  */
-private class Printf extends FormattingFunction, AliasFunction, NonThrowingFunction {
+private class Printf extends FormattingFunction, AliasFunction, NonCppThrowingFunction {
   Printf() {
     this instanceof TopLevelFunction and
     (
@@ -37,7 +37,7 @@ private class Printf extends FormattingFunction, AliasFunction, NonThrowingFunct
 /**
  * The standard functions `fprintf`, `fwprintf` and their glib variants.
  */
-private class Fprintf extends FormattingFunction, NonThrowingFunction {
+private class Fprintf extends FormattingFunction, NonCppThrowingFunction {
   Fprintf() {
     this instanceof TopLevelFunction and
     (
@@ -55,7 +55,7 @@ private class Fprintf extends FormattingFunction, NonThrowingFunction {
 /**
  * The standard function `sprintf` and its Microsoft and glib variants.
  */
-private class Sprintf extends FormattingFunction, NonThrowingFunction {
+private class Sprintf extends FormattingFunction, NonCppThrowingFunction {
   Sprintf() {
     this instanceof TopLevelFunction and
     (
@@ -98,7 +98,9 @@ private class Sprintf extends FormattingFunction, NonThrowingFunction {
 /**
  * Implements `Snprintf`.
  */
-private class SnprintfImpl extends Snprintf, AliasFunction, SideEffectFunction, NonThrowingFunction {
+private class SnprintfImpl extends Snprintf, AliasFunction, SideEffectFunction,
+  NonCppThrowingFunction
+{
   SnprintfImpl() {
     this instanceof TopLevelFunction and
     (
@@ -205,7 +207,7 @@ private class StringCchPrintf extends FormattingFunction {
 /**
  * The standard function `syslog`.
  */
-private class Syslog extends FormattingFunction, NonThrowingFunction {
+private class Syslog extends FormattingFunction, NonCppThrowingFunction {
   Syslog() {
     this instanceof TopLevelFunction and
     this.hasGlobalName("syslog") and

cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll

@@ -15,7 +15,7 @@ import semmle.code.cpp.models.interfaces.NonThrowing
  * Does not include `strlcat`, which is covered by `StrlcatFunction`
  */
 class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, SideEffectFunction,
-  NonThrowingFunction
+  NonCppThrowingFunction
 {
   StrcatFunction() {
     this.hasGlobalOrStdOrBslName([

cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll

@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.NonThrowing
  * The standard function `strcpy` and its wide, sized, and Microsoft variants.
  */
 class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, SideEffectFunction,
-  NonThrowingFunction
+  NonCppThrowingFunction
 {
   StrcpyFunction() {
     this.hasGlobalOrStdOrBslName([

cpp/ql/lib/semmle/code/cpp/models/implementations/StructuredExceptionHandling.qll

@@ -1,9 +1,7 @@
 import semmle.code.cpp.models.interfaces.Throwing
 
-class WindowsDriverFunction extends ThrowingFunction {
-  WindowsDriverFunction() {
+class WindowsDriverExceptionAnnotation extends AlwaysSehThrowingFunction {
+  WindowsDriverExceptionAnnotation() {
     this.hasGlobalName(["RaiseException", "ExRaiseAccessViolation", "ExRaiseDatatypeMisalignment"])
   }
-
-  final override predicate mayThrowException(boolean unconditional) { unconditional = true }
 }

cpp/ql/lib/semmle/code/cpp/models/interfaces/NonThrowing.qll

@@ -6,6 +6,15 @@ import semmle.code.cpp.Function
 import semmle.code.cpp.models.Models
 
 /**
- * A function that is guaranteed to never throw.
+ * A function that is guaranteed to never throw a C++ exception
+ *
+ * The function may still raise a structured exception handling (SEH) exception.
  */
-abstract class NonThrowingFunction extends Function { }
+abstract class NonCppThrowingFunction extends Function { }
+
+/**
+ * A function that is guaranteed to never throw.
+ *
+ * DEPRECATED: use `NonCppThrowingFunction` instead.
+ */
+deprecated class NonThrowingFunction = NonCppThrowingFunction;

cpp/ql/lib/semmle/code/cpp/models/interfaces/Throwing.qll

@@ -11,7 +11,7 @@ import semmle.code.cpp.models.Models
 import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs
 
 /**
- * A class that models the exceptional behavior of a function.
+ * A function that is known to raise an exception.
  */
 abstract class ThrowingFunction extends Function {
   /**
@@ -20,3 +20,8 @@ abstract class ThrowingFunction extends Function {
    */
   abstract predicate mayThrowException(boolean unconditional);
 }
+
+/**
+ * A function that unconditionally raises a structured exception handling (SEH) exception.
+ */
+abstract class AlwaysSehThrowingFunction extends Function { }

cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql

@@ -45,7 +45,7 @@ predicate deleteMayThrow(DeleteOrDeleteArrayExpr deleteExpr) {
  * like it might throw an exception, and the function does not have a `noexcept` or `throw()` specifier.
  */
 predicate functionMayThrow(Function f) {
-  not f instanceof NonThrowingFunction and
+  not f instanceof NonCppThrowingFunction and
   (not exists(f.getBlock()) or stmtMayThrow(f.getBlock()))
 }