diff --git a/config/identical-files.json b/config/identical-files.json index 5785bf71c70..5607a25cbc9 100644 --- a/config/identical-files.json +++ b/config/identical-files.json @@ -56,8 +56,6 @@ "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll" ], "DataFlow Java/C++/C#/Python/Ruby/Swift Consistency checks": [ - "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll", - "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll", "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll", "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll" ], diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll index e154491f795..229031e0149 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll @@ -3,297 +3,25 @@ * data-flow classes and predicates. */ -private import DataFlowImplSpecific::Private -private import DataFlowImplSpecific::Public -private import tainttracking1.TaintTrackingParameter::Private -private import tainttracking1.TaintTrackingParameter::Public +private import cpp +private import DataFlowImplSpecific +private import TaintTrackingImplSpecific +private import codeql.dataflow.internal.DataFlowImplConsistency -module Consistency { - private newtype TConsistencyConfiguration = MkConsistencyConfiguration() - - /** A class for configuring the consistency queries. */ - class ConsistencyConfiguration extends TConsistencyConfiguration { - string toString() { none() } - - /** Holds if `n` should be excluded from the consistency test `uniqueEnclosingCallable`. */ - predicate uniqueEnclosingCallableExclude(Node n) { none() } - - /** Holds if `call` should be excluded from the consistency test `uniqueCallEnclosingCallable`. */ - predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) { none() } - - /** Holds if `n` should be excluded from the consistency test `uniqueNodeLocation`. */ - predicate uniqueNodeLocationExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `missingLocation`. */ - predicate missingLocationExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `postWithInFlow`. */ - predicate postWithInFlowExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `argHasPostUpdate`. */ - predicate argHasPostUpdateExclude(ArgumentNode n) { none() } - - /** Holds if `n` should be excluded from the consistency test `reverseRead`. */ - predicate reverseReadExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `postHasUniquePre`. */ - predicate postHasUniquePreExclude(PostUpdateNode n) { none() } - - /** Holds if `n` should be excluded from the consistency test `uniquePostUpdate`. */ - predicate uniquePostUpdateExclude(Node n) { none() } - - /** Holds if `(call, ctx)` should be excluded from the consistency test `viableImplInCallContextTooLargeExclude`. */ - predicate viableImplInCallContextTooLargeExclude( - DataFlowCall call, DataFlowCall ctx, DataFlowCallable callable - ) { - none() - } - - /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodeAtPosition`. */ - predicate uniqueParameterNodeAtPositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) { - none() - } - - /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodePosition`. */ - predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) { - none() - } - - /** Holds if `n` should be excluded from the consistency test `identityLocalStep`. */ - predicate identityLocalStepExclude(Node n) { none() } - } - - private class RelevantNode extends Node { - RelevantNode() { - this instanceof ArgumentNode or - this instanceof ParameterNode or - this instanceof ReturnNode or - this = getAnOutNode(_, _) or - simpleLocalFlowStep(this, _) or - simpleLocalFlowStep(_, this) or - jumpStep(this, _) or - jumpStep(_, this) or - storeStep(this, _, _) or - storeStep(_, _, this) or - readStep(this, _, _) or - readStep(_, _, this) or - defaultAdditionalTaintStep(this, _) or - defaultAdditionalTaintStep(_, this) - } - } - - query predicate uniqueEnclosingCallable(Node n, string msg) { - exists(int c | - n instanceof RelevantNode and - c = count(nodeGetEnclosingCallable(n)) and - c != 1 and - not any(ConsistencyConfiguration conf).uniqueEnclosingCallableExclude(n) and - msg = "Node should have one enclosing callable but has " + c + "." - ) - } - - query predicate uniqueCallEnclosingCallable(DataFlowCall call, string msg) { - exists(int c | - c = count(call.getEnclosingCallable()) and - c != 1 and - not any(ConsistencyConfiguration conf).uniqueCallEnclosingCallableExclude(call) and - msg = "Call should have one enclosing callable but has " + c + "." - ) - } - - query predicate uniqueType(Node n, string msg) { - exists(int c | - n instanceof RelevantNode and - c = count(getNodeType(n)) and - c != 1 and - msg = "Node should have one type but has " + c + "." - ) - } - - query predicate uniqueNodeLocation(Node n, string msg) { - exists(int c | - c = - count(string filepath, int startline, int startcolumn, int endline, int endcolumn | - n.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - ) and - c != 1 and - not any(ConsistencyConfiguration conf).uniqueNodeLocationExclude(n) and - msg = "Node should have one location but has " + c + "." - ) - } - - query predicate missingLocation(string msg) { - exists(int c | - c = - strictcount(Node n | - not n.hasLocationInfo(_, _, _, _, _) and - not any(ConsistencyConfiguration conf).missingLocationExclude(n) - ) and - msg = "Nodes without location: " + c - ) - } - - query predicate uniqueNodeToString(Node n, string msg) { - exists(int c | - c = count(n.toString()) and - c != 1 and - msg = "Node should have one toString but has " + c + "." - ) - } - - query predicate missingToString(string msg) { - exists(int c | - c = strictcount(Node n | not exists(n.toString())) and - msg = "Nodes without toString: " + c - ) - } - - query predicate parameterCallable(ParameterNode p, string msg) { - exists(DataFlowCallable c | isParameterNode(p, c, _) and c != nodeGetEnclosingCallable(p)) and - msg = "Callable mismatch for parameter." - } - - query predicate localFlowIsLocal(Node n1, Node n2, string msg) { - simpleLocalFlowStep(n1, n2) and - nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and - msg = "Local flow step does not preserve enclosing callable." - } - - query predicate readStepIsLocal(Node n1, Node n2, string msg) { - readStep(n1, _, n2) and - nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and - msg = "Read step does not preserve enclosing callable." - } - - query predicate storeStepIsLocal(Node n1, Node n2, string msg) { - storeStep(n1, _, n2) and - nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and - msg = "Store step does not preserve enclosing callable." - } - - private DataFlowType typeRepr() { result = getNodeType(_) } - - query predicate compatibleTypesReflexive(DataFlowType t, string msg) { - t = typeRepr() and - not compatibleTypes(t, t) and - msg = "Type compatibility predicate is not reflexive." - } - - query predicate unreachableNodeCCtx(Node n, DataFlowCall call, string msg) { - isUnreachableInCall(n, call) and - exists(DataFlowCallable c | - c = nodeGetEnclosingCallable(n) and - not viableCallable(call) = c - ) and - msg = "Call context for isUnreachableInCall is inconsistent with call graph." - } - - query predicate localCallNodes(DataFlowCall call, Node n, string msg) { - ( - n = getAnOutNode(call, _) and - msg = "OutNode and call does not share enclosing callable." - or - n.(ArgumentNode).argumentOf(call, _) and - msg = "ArgumentNode and call does not share enclosing callable." - ) and - nodeGetEnclosingCallable(n) != call.getEnclosingCallable() - } - - // This predicate helps the compiler forget that in some languages - // it is impossible for a result of `getPreUpdateNode` to be an - // instance of `PostUpdateNode`. - private Node getPre(PostUpdateNode n) { - result = n.getPreUpdateNode() +private module Input implements InputSig { + predicate argHasPostUpdateExclude(Private::ArgumentNode n) { + // Is the null pointer (or something that's not really a pointer) + exists(n.asExpr().getValue()) or - none() - } - - query predicate postIsNotPre(PostUpdateNode n, string msg) { - getPre(n) = n and - msg = "PostUpdateNode should not equal its pre-update node." - } - - query predicate postHasUniquePre(PostUpdateNode n, string msg) { - not any(ConsistencyConfiguration conf).postHasUniquePreExclude(n) and - exists(int c | - c = count(n.getPreUpdateNode()) and - c != 1 and - msg = "PostUpdateNode should have one pre-update node but has " + c + "." + // Isn't a pointer or is a pointer to const + forall(DerivedType dt | dt = n.asExpr().getActualType() | + dt.getBaseType().isConst() + or + dt.getBaseType() instanceof RoutineType ) - } - - query predicate uniquePostUpdate(Node n, string msg) { - not any(ConsistencyConfiguration conf).uniquePostUpdateExclude(n) and - 1 < strictcount(PostUpdateNode post | post.getPreUpdateNode() = n) and - msg = "Node has multiple PostUpdateNodes." - } - - query predicate postIsInSameCallable(PostUpdateNode n, string msg) { - nodeGetEnclosingCallable(n) != nodeGetEnclosingCallable(n.getPreUpdateNode()) and - msg = "PostUpdateNode does not share callable with its pre-update node." - } - - private predicate hasPost(Node n) { exists(PostUpdateNode post | post.getPreUpdateNode() = n) } - - query predicate reverseRead(Node n, string msg) { - exists(Node n2 | readStep(n, _, n2) and hasPost(n2) and not hasPost(n)) and - not any(ConsistencyConfiguration conf).reverseReadExclude(n) and - msg = "Origin of readStep is missing a PostUpdateNode." - } - - query predicate argHasPostUpdate(ArgumentNode n, string msg) { - not hasPost(n) and - not any(ConsistencyConfiguration c).argHasPostUpdateExclude(n) and - msg = "ArgumentNode is missing PostUpdateNode." - } - - // This predicate helps the compiler forget that in some languages - // it is impossible for a `PostUpdateNode` to be the target of - // `simpleLocalFlowStep`. - private predicate isPostUpdateNode(Node n) { n instanceof PostUpdateNode or none() } - - query predicate postWithInFlow(Node n, string msg) { - isPostUpdateNode(n) and - not clearsContent(n, _) and - simpleLocalFlowStep(_, n) and - not any(ConsistencyConfiguration c).postWithInFlowExclude(n) and - msg = "PostUpdateNode should not be the target of local flow." - } - - query predicate viableImplInCallContextTooLarge( - DataFlowCall call, DataFlowCall ctx, DataFlowCallable callable - ) { - callable = viableImplInCallContext(call, ctx) and - not callable = viableCallable(call) and - not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable) - } - - query predicate uniqueParameterNodeAtPosition( - DataFlowCallable c, ParameterPosition pos, Node p, string msg - ) { - not any(ConsistencyConfiguration conf).uniqueParameterNodeAtPositionExclude(c, pos, p) and - isParameterNode(p, c, pos) and - not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and - msg = "Parameters with overlapping positions." - } - - query predicate uniqueParameterNodePosition( - DataFlowCallable c, ParameterPosition pos, Node p, string msg - ) { - not any(ConsistencyConfiguration conf).uniqueParameterNodePositionExclude(c, pos, p) and - isParameterNode(p, c, pos) and - not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and - msg = "Parameter node with multiple positions." - } - - query predicate uniqueContentApprox(Content c, string msg) { - not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and - msg = "Non-unique content approximation." - } - - query predicate identityLocalStep(Node n, string msg) { - simpleLocalFlowStep(n, n) and - not any(ConsistencyConfiguration c).identityLocalStepExclude(n) and - msg = "Node steps to itself" + // The above list of cases isn't exhaustive, but it narrows down the + // consistency alerts enough that most of them are interesting. } } + +module Consistency = MakeConsistency; diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll index a6f00f30b27..00eca92b3e4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll @@ -2,7 +2,6 @@ private import cpp private import DataFlowUtil private import DataFlowDispatch private import FlowVar -private import DataFlowImplConsistency private import codeql.util.Unit /** Gets the callable in which this node occurs. */ @@ -297,22 +296,6 @@ class ContentApprox = Unit; pragma[inline] ContentApprox getContentApprox(Content c) { any() } -private class MyConsistencyConfiguration extends Consistency::ConsistencyConfiguration { - override predicate argHasPostUpdateExclude(ArgumentNode n) { - // Is the null pointer (or something that's not really a pointer) - exists(n.asExpr().getValue()) - or - // Isn't a pointer or is a pointer to const - forall(DerivedType dt | dt = n.asExpr().getActualType() | - dt.getBaseType().isConst() - or - dt.getBaseType() instanceof RoutineType - ) - // The above list of cases isn't exhaustive, but it narrows down the - // consistency alerts enough that most of them are interesting. - } -} - /** * Gets an additional term that is added to the `join` and `branch` computations to reflect * an additional forward or backwards branching factor that is not taken into account diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll index e154491f795..c32f63a619d 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll @@ -3,297 +3,17 @@ * data-flow classes and predicates. */ -private import DataFlowImplSpecific::Private -private import DataFlowImplSpecific::Public -private import tainttracking1.TaintTrackingParameter::Private -private import tainttracking1.TaintTrackingParameter::Public +private import cpp +private import DataFlowImplSpecific +private import TaintTrackingImplSpecific +private import codeql.dataflow.internal.DataFlowImplConsistency -module Consistency { - private newtype TConsistencyConfiguration = MkConsistencyConfiguration() - - /** A class for configuring the consistency queries. */ - class ConsistencyConfiguration extends TConsistencyConfiguration { - string toString() { none() } - - /** Holds if `n` should be excluded from the consistency test `uniqueEnclosingCallable`. */ - predicate uniqueEnclosingCallableExclude(Node n) { none() } - - /** Holds if `call` should be excluded from the consistency test `uniqueCallEnclosingCallable`. */ - predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) { none() } - - /** Holds if `n` should be excluded from the consistency test `uniqueNodeLocation`. */ - predicate uniqueNodeLocationExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `missingLocation`. */ - predicate missingLocationExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `postWithInFlow`. */ - predicate postWithInFlowExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `argHasPostUpdate`. */ - predicate argHasPostUpdateExclude(ArgumentNode n) { none() } - - /** Holds if `n` should be excluded from the consistency test `reverseRead`. */ - predicate reverseReadExclude(Node n) { none() } - - /** Holds if `n` should be excluded from the consistency test `postHasUniquePre`. */ - predicate postHasUniquePreExclude(PostUpdateNode n) { none() } - - /** Holds if `n` should be excluded from the consistency test `uniquePostUpdate`. */ - predicate uniquePostUpdateExclude(Node n) { none() } - - /** Holds if `(call, ctx)` should be excluded from the consistency test `viableImplInCallContextTooLargeExclude`. */ - predicate viableImplInCallContextTooLargeExclude( - DataFlowCall call, DataFlowCall ctx, DataFlowCallable callable - ) { - none() - } - - /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodeAtPosition`. */ - predicate uniqueParameterNodeAtPositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) { - none() - } - - /** Holds if `(c, pos, p)` should be excluded from the consistency test `uniqueParameterNodePosition`. */ - predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) { - none() - } - - /** Holds if `n` should be excluded from the consistency test `identityLocalStep`. */ - predicate identityLocalStepExclude(Node n) { none() } - } - - private class RelevantNode extends Node { - RelevantNode() { - this instanceof ArgumentNode or - this instanceof ParameterNode or - this instanceof ReturnNode or - this = getAnOutNode(_, _) or - simpleLocalFlowStep(this, _) or - simpleLocalFlowStep(_, this) or - jumpStep(this, _) or - jumpStep(_, this) or - storeStep(this, _, _) or - storeStep(_, _, this) or - readStep(this, _, _) or - readStep(_, _, this) or - defaultAdditionalTaintStep(this, _) or - defaultAdditionalTaintStep(_, this) - } - } - - query predicate uniqueEnclosingCallable(Node n, string msg) { - exists(int c | - n instanceof RelevantNode and - c = count(nodeGetEnclosingCallable(n)) and - c != 1 and - not any(ConsistencyConfiguration conf).uniqueEnclosingCallableExclude(n) and - msg = "Node should have one enclosing callable but has " + c + "." - ) - } - - query predicate uniqueCallEnclosingCallable(DataFlowCall call, string msg) { - exists(int c | - c = count(call.getEnclosingCallable()) and - c != 1 and - not any(ConsistencyConfiguration conf).uniqueCallEnclosingCallableExclude(call) and - msg = "Call should have one enclosing callable but has " + c + "." - ) - } - - query predicate uniqueType(Node n, string msg) { - exists(int c | - n instanceof RelevantNode and - c = count(getNodeType(n)) and - c != 1 and - msg = "Node should have one type but has " + c + "." - ) - } - - query predicate uniqueNodeLocation(Node n, string msg) { - exists(int c | - c = - count(string filepath, int startline, int startcolumn, int endline, int endcolumn | - n.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - ) and - c != 1 and - not any(ConsistencyConfiguration conf).uniqueNodeLocationExclude(n) and - msg = "Node should have one location but has " + c + "." - ) - } - - query predicate missingLocation(string msg) { - exists(int c | - c = - strictcount(Node n | - not n.hasLocationInfo(_, _, _, _, _) and - not any(ConsistencyConfiguration conf).missingLocationExclude(n) - ) and - msg = "Nodes without location: " + c - ) - } - - query predicate uniqueNodeToString(Node n, string msg) { - exists(int c | - c = count(n.toString()) and - c != 1 and - msg = "Node should have one toString but has " + c + "." - ) - } - - query predicate missingToString(string msg) { - exists(int c | - c = strictcount(Node n | not exists(n.toString())) and - msg = "Nodes without toString: " + c - ) - } - - query predicate parameterCallable(ParameterNode p, string msg) { - exists(DataFlowCallable c | isParameterNode(p, c, _) and c != nodeGetEnclosingCallable(p)) and - msg = "Callable mismatch for parameter." - } - - query predicate localFlowIsLocal(Node n1, Node n2, string msg) { - simpleLocalFlowStep(n1, n2) and - nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and - msg = "Local flow step does not preserve enclosing callable." - } - - query predicate readStepIsLocal(Node n1, Node n2, string msg) { - readStep(n1, _, n2) and - nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and - msg = "Read step does not preserve enclosing callable." - } - - query predicate storeStepIsLocal(Node n1, Node n2, string msg) { - storeStep(n1, _, n2) and - nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and - msg = "Store step does not preserve enclosing callable." - } - - private DataFlowType typeRepr() { result = getNodeType(_) } - - query predicate compatibleTypesReflexive(DataFlowType t, string msg) { - t = typeRepr() and - not compatibleTypes(t, t) and - msg = "Type compatibility predicate is not reflexive." - } - - query predicate unreachableNodeCCtx(Node n, DataFlowCall call, string msg) { - isUnreachableInCall(n, call) and - exists(DataFlowCallable c | - c = nodeGetEnclosingCallable(n) and - not viableCallable(call) = c - ) and - msg = "Call context for isUnreachableInCall is inconsistent with call graph." - } - - query predicate localCallNodes(DataFlowCall call, Node n, string msg) { - ( - n = getAnOutNode(call, _) and - msg = "OutNode and call does not share enclosing callable." - or - n.(ArgumentNode).argumentOf(call, _) and - msg = "ArgumentNode and call does not share enclosing callable." - ) and - nodeGetEnclosingCallable(n) != call.getEnclosingCallable() - } - - // This predicate helps the compiler forget that in some languages - // it is impossible for a result of `getPreUpdateNode` to be an - // instance of `PostUpdateNode`. - private Node getPre(PostUpdateNode n) { - result = n.getPreUpdateNode() - or - none() - } - - query predicate postIsNotPre(PostUpdateNode n, string msg) { - getPre(n) = n and - msg = "PostUpdateNode should not equal its pre-update node." - } - - query predicate postHasUniquePre(PostUpdateNode n, string msg) { - not any(ConsistencyConfiguration conf).postHasUniquePreExclude(n) and - exists(int c | - c = count(n.getPreUpdateNode()) and - c != 1 and - msg = "PostUpdateNode should have one pre-update node but has " + c + "." - ) - } - - query predicate uniquePostUpdate(Node n, string msg) { - not any(ConsistencyConfiguration conf).uniquePostUpdateExclude(n) and - 1 < strictcount(PostUpdateNode post | post.getPreUpdateNode() = n) and - msg = "Node has multiple PostUpdateNodes." - } - - query predicate postIsInSameCallable(PostUpdateNode n, string msg) { - nodeGetEnclosingCallable(n) != nodeGetEnclosingCallable(n.getPreUpdateNode()) and - msg = "PostUpdateNode does not share callable with its pre-update node." - } - - private predicate hasPost(Node n) { exists(PostUpdateNode post | post.getPreUpdateNode() = n) } - - query predicate reverseRead(Node n, string msg) { - exists(Node n2 | readStep(n, _, n2) and hasPost(n2) and not hasPost(n)) and - not any(ConsistencyConfiguration conf).reverseReadExclude(n) and - msg = "Origin of readStep is missing a PostUpdateNode." - } - - query predicate argHasPostUpdate(ArgumentNode n, string msg) { - not hasPost(n) and - not any(ConsistencyConfiguration c).argHasPostUpdateExclude(n) and - msg = "ArgumentNode is missing PostUpdateNode." - } - - // This predicate helps the compiler forget that in some languages - // it is impossible for a `PostUpdateNode` to be the target of - // `simpleLocalFlowStep`. - private predicate isPostUpdateNode(Node n) { n instanceof PostUpdateNode or none() } - - query predicate postWithInFlow(Node n, string msg) { - isPostUpdateNode(n) and - not clearsContent(n, _) and - simpleLocalFlowStep(_, n) and - not any(ConsistencyConfiguration c).postWithInFlowExclude(n) and - msg = "PostUpdateNode should not be the target of local flow." - } - - query predicate viableImplInCallContextTooLarge( - DataFlowCall call, DataFlowCall ctx, DataFlowCallable callable - ) { - callable = viableImplInCallContext(call, ctx) and - not callable = viableCallable(call) and - not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable) - } - - query predicate uniqueParameterNodeAtPosition( - DataFlowCallable c, ParameterPosition pos, Node p, string msg - ) { - not any(ConsistencyConfiguration conf).uniqueParameterNodeAtPositionExclude(c, pos, p) and - isParameterNode(p, c, pos) and - not exists(unique(Node p0 | isParameterNode(p0, c, pos))) and - msg = "Parameters with overlapping positions." - } - - query predicate uniqueParameterNodePosition( - DataFlowCallable c, ParameterPosition pos, Node p, string msg - ) { - not any(ConsistencyConfiguration conf).uniqueParameterNodePositionExclude(c, pos, p) and - isParameterNode(p, c, pos) and - not exists(unique(ParameterPosition pos0 | isParameterNode(p, c, pos0))) and - msg = "Parameter node with multiple positions." - } - - query predicate uniqueContentApprox(Content c, string msg) { - not exists(unique(ContentApprox approx | approx = getContentApprox(c))) and - msg = "Non-unique content approximation." - } - - query predicate identityLocalStep(Node n, string msg) { - simpleLocalFlowStep(n, n) and - not any(ConsistencyConfiguration c).identityLocalStepExclude(n) and - msg = "Node steps to itself" +private module Input implements InputSig { + predicate argHasPostUpdateExclude(Private::ArgumentNode n) { + // The rules for whether an IR argument gets a post-update node are too + // complex to model here. + any() } } + +module Consistency = MakeConsistency; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 329164e0fd0..b5515fbe5e3 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -2,7 +2,6 @@ private import cpp as Cpp private import DataFlowUtil private import semmle.code.cpp.ir.IR private import DataFlowDispatch -private import DataFlowImplConsistency private import semmle.code.cpp.ir.internal.IRCppLanguage private import SsaInternals as Ssa private import DataFlowImplCommon as DataFlowImplCommon @@ -1011,14 +1010,6 @@ ContentApprox getContentApprox(Content c) { ) } -private class MyConsistencyConfiguration extends Consistency::ConsistencyConfiguration { - override predicate argHasPostUpdateExclude(ArgumentNode n) { - // The rules for whether an IR argument gets a post-update node are too - // complex to model here. - any() - } -} - /** * A local flow relation that includes both local steps, read steps and * argument-to-return flow through summarized functions.