Merge pull request #3610 from hvitved/csharp/dataflow/call-sensitivity

C#: Add call-sensitivity to data-flow call resolution

csharp/ql/test/library-tests/dataflow/call-sensitivity/CallSensitivityFlow.cs

@@ -161,9 +161,14 @@ public class A2
     {
     }
 
-    public void M()
+    public virtual void M(object o)
     {
+        Sink(o);
+    }
 
+    public static void CallM(A2 a2, object o)
+    {
+        a2.M(o);
     }
 
     public void Callsite(InterfaceB intF)
@@ -172,28 +177,31 @@ public class A2
         // in both possible implementations of foo, this callsite is relevant
         // in IntA, it improves virtual dispatch,
         // and in IntB, it improves the dataflow analysis.
-        intF.Foo(b, new object(), false);
+        intF.Foo(b, new object(), false); // no flow to `Sink()` via `A2.M()`, but flow via `IntA.Foo()`
+
+        CallM(b, new object()); // no flow to `Sink()`
+        CallM(this, new object());  // flow to `Sink()`
     }
 
-    private class B : A2
+    public class B : A2
     {
-        public void M()
+        public override void M(object o)
         {
 
         }
     }
 
-    private class IntA : InterfaceB
+    public class IntA : InterfaceB
     {
 
         public void Foo(A2 obj, object o, bool cond)
         {
-            obj.M();
+            obj.M(o);
             Sink(o);
         }
     }
 
-    private class IntB : InterfaceB
+    public class IntB : InterfaceB
     {
 
         public void Foo(A2 obj, object o, bool cond)

csharp/ql/test/library-tests/dataflow/call-sensitivity/CallSensitivityFlow.expected

@@ -26,8 +26,12 @@ edges
 | CallSensitivityFlow.cs:124:43:124:43 | o : Object | CallSensitivityFlow.cs:128:22:128:22 | access to parameter o |
 | CallSensitivityFlow.cs:133:44:133:44 | o : Object | CallSensitivityFlow.cs:137:22:137:22 | access to parameter o |
 | CallSensitivityFlow.cs:142:49:142:49 | o : Object | CallSensitivityFlow.cs:152:18:152:19 | access to local variable o3 |
-| CallSensitivityFlow.cs:175:21:175:32 | object creation of type Object : Object | CallSensitivityFlow.cs:189:40:189:40 | o : Object |
-| CallSensitivityFlow.cs:189:40:189:40 | o : Object | CallSensitivityFlow.cs:192:18:192:18 | access to parameter o |
+| CallSensitivityFlow.cs:164:34:164:34 | o : Object | CallSensitivityFlow.cs:166:14:166:14 | access to parameter o |
+| CallSensitivityFlow.cs:169:44:169:44 | o : Object | CallSensitivityFlow.cs:171:14:171:14 | access to parameter o : Object |
+| CallSensitivityFlow.cs:171:14:171:14 | access to parameter o : Object | CallSensitivityFlow.cs:164:34:164:34 | o : Object |
+| CallSensitivityFlow.cs:180:21:180:32 | object creation of type Object : Object | CallSensitivityFlow.cs:197:40:197:40 | o : Object |
+| CallSensitivityFlow.cs:183:21:183:32 | object creation of type Object : Object | CallSensitivityFlow.cs:169:44:169:44 | o : Object |
+| CallSensitivityFlow.cs:197:40:197:40 | o : Object | CallSensitivityFlow.cs:200:18:200:18 | access to parameter o |
 nodes
 | CallSensitivityFlow.cs:19:39:19:39 | o : Object | semmle.label | o : Object |
 | CallSensitivityFlow.cs:23:18:23:18 | access to parameter o | semmle.label | access to parameter o |
@@ -66,9 +70,14 @@ nodes
 | CallSensitivityFlow.cs:137:22:137:22 | access to parameter o | semmle.label | access to parameter o |
 | CallSensitivityFlow.cs:142:49:142:49 | o : Object | semmle.label | o : Object |
 | CallSensitivityFlow.cs:152:18:152:19 | access to local variable o3 | semmle.label | access to local variable o3 |
-| CallSensitivityFlow.cs:175:21:175:32 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
-| CallSensitivityFlow.cs:189:40:189:40 | o : Object | semmle.label | o : Object |
-| CallSensitivityFlow.cs:192:18:192:18 | access to parameter o | semmle.label | access to parameter o |
+| CallSensitivityFlow.cs:164:34:164:34 | o : Object | semmle.label | o : Object |
+| CallSensitivityFlow.cs:166:14:166:14 | access to parameter o | semmle.label | access to parameter o |
+| CallSensitivityFlow.cs:169:44:169:44 | o : Object | semmle.label | o : Object |
+| CallSensitivityFlow.cs:171:14:171:14 | access to parameter o : Object | semmle.label | access to parameter o : Object |
+| CallSensitivityFlow.cs:180:21:180:32 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
+| CallSensitivityFlow.cs:183:21:183:32 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
+| CallSensitivityFlow.cs:197:40:197:40 | o : Object | semmle.label | o : Object |
+| CallSensitivityFlow.cs:200:18:200:18 | access to parameter o | semmle.label | access to parameter o |
 #select
 | CallSensitivityFlow.cs:78:24:78:35 | object creation of type Object : Object | CallSensitivityFlow.cs:78:24:78:35 | object creation of type Object : Object | CallSensitivityFlow.cs:23:18:23:18 | access to parameter o | $@ | CallSensitivityFlow.cs:23:18:23:18 | access to parameter o | access to parameter o |
 | CallSensitivityFlow.cs:79:25:79:36 | object creation of type Object : Object | CallSensitivityFlow.cs:79:25:79:36 | object creation of type Object : Object | CallSensitivityFlow.cs:31:18:31:18 | access to parameter o | $@ | CallSensitivityFlow.cs:31:18:31:18 | access to parameter o | access to parameter o |
@@ -87,4 +96,5 @@ nodes
 | CallSensitivityFlow.cs:117:26:117:37 | object creation of type Object : Object | CallSensitivityFlow.cs:117:26:117:37 | object creation of type Object : Object | CallSensitivityFlow.cs:128:22:128:22 | access to parameter o | $@ | CallSensitivityFlow.cs:128:22:128:22 | access to parameter o | access to parameter o |
 | CallSensitivityFlow.cs:118:27:118:38 | object creation of type Object : Object | CallSensitivityFlow.cs:118:27:118:38 | object creation of type Object : Object | CallSensitivityFlow.cs:137:22:137:22 | access to parameter o | $@ | CallSensitivityFlow.cs:137:22:137:22 | access to parameter o | access to parameter o |
 | CallSensitivityFlow.cs:119:32:119:43 | object creation of type Object : Object | CallSensitivityFlow.cs:119:32:119:43 | object creation of type Object : Object | CallSensitivityFlow.cs:152:18:152:19 | access to local variable o3 | $@ | CallSensitivityFlow.cs:152:18:152:19 | access to local variable o3 | access to local variable o3 |
-| CallSensitivityFlow.cs:175:21:175:32 | object creation of type Object : Object | CallSensitivityFlow.cs:175:21:175:32 | object creation of type Object : Object | CallSensitivityFlow.cs:192:18:192:18 | access to parameter o | $@ | CallSensitivityFlow.cs:192:18:192:18 | access to parameter o | access to parameter o |
+| CallSensitivityFlow.cs:180:21:180:32 | object creation of type Object : Object | CallSensitivityFlow.cs:180:21:180:32 | object creation of type Object : Object | CallSensitivityFlow.cs:200:18:200:18 | access to parameter o | $@ | CallSensitivityFlow.cs:200:18:200:18 | access to parameter o | access to parameter o |
+| CallSensitivityFlow.cs:183:21:183:32 | object creation of type Object : Object | CallSensitivityFlow.cs:183:21:183:32 | object creation of type Object : Object | CallSensitivityFlow.cs:166:14:166:14 | access to parameter o | $@ | CallSensitivityFlow.cs:166:14:166:14 | access to parameter o | access to parameter o |

csharp/ql/test/library-tests/dispatch/CallContext.expected

@@ -0,0 +1,25 @@
+getADynamicTargetInCallContext
+| TypeFlow.cs:33:9:33:18 | call to method Method | TypeFlow.cs:12:29:12:34 | Method | TypeFlow.cs:7:7:7:23 | call to method Run |
+| TypeFlow.cs:33:9:33:18 | call to method Method | TypeFlow.cs:17:30:17:35 | Method | TypeFlow.cs:7:7:7:23 | call to method Run |
+mayBenefitFromCallContext
+| TypeFlow.cs:33:9:33:18 | call to method Method |
+| ViableCallable.cs:12:9:12:28 | call to method M |
+| ViableCallable.cs:14:9:14:15 | access to property Prop |
+| ViableCallable.cs:14:19:14:25 | access to property Prop |
+| ViableCallable.cs:16:9:16:23 | access to indexer |
+| ViableCallable.cs:16:27:16:41 | access to indexer |
+| ViableCallable.cs:18:9:18:16 | access to event Event |
+| ViableCallable.cs:19:9:19:16 | access to event Event |
+| ViableCallable.cs:22:9:22:30 | call to method M |
+| ViableCallable.cs:24:9:24:15 | access to property Prop |
+| ViableCallable.cs:24:19:24:25 | access to property Prop |
+| ViableCallable.cs:26:9:26:23 | access to indexer |
+| ViableCallable.cs:26:27:26:41 | access to indexer |
+| ViableCallable.cs:28:9:28:16 | access to event Event |
+| ViableCallable.cs:29:9:29:16 | access to event Event |
+| ViableCallable.cs:235:9:235:15 | call to method M |
+| ViableCallable.cs:284:9:284:15 | call to method M |
+| ViableCallable.cs:287:9:287:20 | call to method M |
+| ViableCallable.cs:412:9:412:18 | call to method M |
+| ViableCallable.cs:456:9:456:30 | call to method M2 |
+| ViableCallable.cs:462:9:462:30 | call to method M2 |

csharp/ql/test/library-tests/dispatch/CallContext.ql

@@ -0,0 +1,10 @@
+import csharp
+import semmle.code.csharp.dispatch.Dispatch
+
+query predicate getADynamicTargetInCallContext(
+  DispatchCall call, Callable callable, DispatchCall ctx
+) {
+  callable = call.getADynamicTargetInCallContext(ctx)
+}
+
+query predicate mayBenefitFromCallContext(DispatchCall call) { call.mayBenefitFromCallContext() }

csharp/ql/test/library-tests/dispatch/ViableCallable.cs

@@ -438,7 +438,7 @@ class C17 : C16<string, int>
         // Viable callables: C16<string, int>.M1()
         this.M1("");
 
-        // Viable callables: C16<string, int>.M2<int>()
+        // Viable callables: C17.M2<int>()
         this.M2(() => i);
     }