C++: Add flow summaries to simpleLocalFlowStep.

2026-04-28 18:25:24 +02:00 · 2024-02-14 09:45:30 +00:00
parent 0c3aa7b7f2
commit e187a4a7d6
2 changed files with 6 additions and 2 deletions
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -10,6 +10,7 @@ private import semmle.code.cpp.ir.ValueNumbering
 private import semmle.code.cpp.ir.IR
 private import semmle.code.cpp.controlflow.IRGuards
 private import semmle.code.cpp.models.interfaces.DataFlow
+private import semmle.code.cpp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import DataFlowPrivate
 private import ModelUtil
 private import SsaInternals as Ssa
@@ -1965,6 +1966,9 @@ private module Cached {
    // by a function. This allows data to flow 'in' through references returned by a modeled
    // function such as `operator[]`.
    reverseFlow(nodeFrom, nodeTo)
+    or
+    // models-as-data summarized flow
+    FlowSummaryImpl::Private::Steps::summaryThroughStepValue(nodeFrom, nodeTo, _)
  }

  private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo) {
--- a/cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp
+++ b/cpp/ql/test/library-tests/dataflow/models-as-data/tests.cpp
@@ -132,7 +132,7 @@ void test_summaries() {
 	sink(madArg0ToReturn(source())); // $ MISSING: ir
 	sink(notASummary(source()));
 	sink(madArg0ToReturnValueFlow(0));
-	sink(madArg0ToReturnValueFlow(source())); // $ MISSING: ir
+	sink(madArg0ToReturnValueFlow(source())); // $ ir

 	a = source();
 	sink(madArg0IndirectToReturn(&a)); // $ MISSING: ir
@@ -159,7 +159,7 @@ void test_summaries() {
 	// test source + sinks + summaries together

 	madSinkArg0(madArg0ToReturn(remoteMadSource())); // $ MISSING: ir
-	madSinkArg0(madArg0ToReturnValueFlow(remoteMadSource())); // $ MISSING: ir
+	madSinkArg0(madArg0ToReturnValueFlow(remoteMadSource())); // $ ir
 	madSinkArg0(madArg0IndirectToReturn(remoteMadSourceIndirect())); // $ MISSING: ir*/
 }