Merge pull request github#1857 from AndreiDiaconu1/ircsharp-forstmt

C# IR: More support for `ForStmt`s

Author: calumgrant

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/IRConstruction.qll

@@ -179,7 +179,7 @@ private module Cached {
         exists(TranslatedElement bodyOrUpdate |
           bodyOrUpdate = s.getBody()
           or
-          bodyOrUpdate = s.getUpdate()
+          bodyOrUpdate = s.getUpdate(_)
         |
           inLoop = bodyOrUpdate.getAChild*()
         ) and

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -10,7 +10,7 @@ private import semmle.code.csharp.ir.internal.IRCSharpLanguage as Language
 
 /**
  * The IR translation of a call to a function. The function can be a normal function
- * (ie. `MethodCall`) or a constructor call (ie. `ObjectCreation`). Notice that the
+ * (eg. `MethodCall`) or a constructor call (eg. `ObjectCreation`). Notice that the
  * AST generated translated calls are tied to an expression (unlike compiler generated ones,
  * which can be attached to either a statement or an expression).
  */

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedStmt.qll

@@ -651,43 +651,66 @@ class TranslatedForStmt extends TranslatedLoop {
   override ForStmt stmt;
 
   override TranslatedElement getChild(int id) {
-    id = 0 and result = this.getDeclAndInit()
+    initializerIndex(id) and result = this.getDeclAndInit(id)
     or
-    id = 1 and result = this.getCondition()
+    result = this.getUpdate(updateIndex(id))
     or
-    id = 2 and result = this.getUpdate()
+    id = initializersNo() + updatesNo() and result = this.getCondition()
     or
-    id = 3 and result = this.getBody()
+    id = initializersNo() + updatesNo() + 1 and result = this.getBody()
   }
 
-  private TranslatedLocalDeclaration getDeclAndInit() {
-    result = getTranslatedLocalDeclaration(stmt.getAnInitializer())
+  private TranslatedLocalDeclaration getDeclAndInit(int index) {
+    result = getTranslatedLocalDeclaration(stmt.getInitializer(index))
   }
 
   private predicate hasInitialization() { exists(stmt.getAnInitializer()) }
 
-  TranslatedExpr getUpdate() { result = getTranslatedExpr(stmt.getAnUpdate()) }
+  TranslatedExpr getUpdate(int index) { result = getTranslatedExpr(stmt.getUpdate(index)) }
 
   private predicate hasUpdate() { exists(stmt.getAnUpdate()) }
 
+  private int initializersNo() { result = count(stmt.getAnInitializer()) }
+
+  private int updatesNo() { result = count(stmt.getAnUpdate()) }
+
+  private predicate initializerIndex(int index) { index in [0 .. initializersNo() - 1] }
+
+  private int updateIndex(int index) {
+    result in [0 .. updatesNo() - 1] and
+    index = initializersNo() + result
+  }
+
   override Instruction getFirstInstruction() {
     if this.hasInitialization()
-    then result = this.getDeclAndInit().getFirstInstruction()
+    then result = this.getDeclAndInit(0).getFirstInstruction()
     else result = this.getFirstConditionInstruction()
   }
 
   override Instruction getChildSuccessor(TranslatedElement child) {
-    child = this.getDeclAndInit() and
+    exists(int index |
+      child = this.getDeclAndInit(index) and
+      index < initializersNo() - 1 and
+      result = this.getDeclAndInit(index + 1).getFirstInstruction()
+    )
+    or
+    child = this.getDeclAndInit(initializersNo() - 1) and
     result = this.getFirstConditionInstruction()
     or
     (
       child = this.getBody() and
       if this.hasUpdate()
-      then result = this.getUpdate().getFirstInstruction()
+      then result = this.getUpdate(0).getFirstInstruction()
       else result = this.getFirstConditionInstruction()
     )
     or
-    child = this.getUpdate() and result = this.getFirstConditionInstruction()
+    exists(int index |
+      child = this.getUpdate(index) and
+      result = this.getUpdate(index + 1).getFirstInstruction()
+    )
+    or
+    child = this.getUpdate(updatesNo() - 1) and
+    result = this.getFirstConditionInstruction()
   }
 }
 

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/common/TranslatedCallBase.qll

@@ -3,7 +3,6 @@
 * (both AST generated and compiler generated).
 */
 
-
 import csharp
 private import semmle.code.csharp.ir.implementation.Opcode
 private import semmle.code.csharp.ir.implementation.internal.OperandTag
@@ -18,129 +17,112 @@ abstract class TranslatedCallBase extends TranslatedElement {
   override final TranslatedElement getChild(int id) {
     // We choose the child's id in the order of evaluation.
     // Note: some calls do need qualifiers, though instructions for them have already
-    // been generated; eg. a constructor does not need to generate a qualifier, 
+    // been generated; eg. a constructor does not need to generate a qualifier,
     // though the `this` argument exists and is the result of the instruction
     // that allocated the new object. For those calls, `getQualifier()` should
     // be void.
-    id = -1 and result = getQualifier() or
+    id = -1 and result = getQualifier()
+    or
     result = getArgument(id)
   }
 
-  override final Instruction getFirstInstruction() {
-    if exists(getQualifier()) then
-      result = getQualifier().getFirstInstruction()
-    else
-      result = getInstruction(CallTargetTag())
+  final override Instruction getFirstInstruction() {
+    if exists(getQualifier())
+    then result = getQualifier().getFirstInstruction()
+    else result = getInstruction(CallTargetTag())
   }
 
-  override predicate hasInstruction(Opcode opcode, InstructionTag tag,
-      Type resultType, boolean isLValue) {
-    (
-      tag = CallTag() and
-      opcode instanceof Opcode::Call and
-      resultType = getCallResultType() and
-      isLValue = false
-    ) or
-    (
-      hasSideEffect() and
-      tag = CallSideEffectTag() and
-      (
-        if hasWriteSideEffect() then (
-          opcode instanceof Opcode::CallSideEffect and
-          resultType instanceof Language::UnknownType
-        )
-        else (
-          opcode instanceof Opcode::CallReadSideEffect and
-          resultType instanceof Language::UnknownType
-        )
-      ) and
-      isLValue = false
-    ) or
+  override predicate hasInstruction(
+    Opcode opcode, InstructionTag tag, Type resultType, boolean isLValue
+  ) {
+    tag = CallTag() and
+    opcode instanceof Opcode::Call and
+    resultType = getCallResultType() and
+    isLValue = false
+    or
+    hasSideEffect() and
+    tag = CallSideEffectTag() and
     (
-      tag = CallTargetTag() and
-      opcode instanceof Opcode::FunctionAddress and
-      // Since the DB does not have a function type,
-      // we just use the UnknownType
-      resultType instanceof Language::UnknownType and
-      isLValue = true
-    )
+      if hasWriteSideEffect()
+      then (
+        opcode instanceof Opcode::CallSideEffect and
+        resultType instanceof Language::UnknownType
+      ) else (
+        opcode instanceof Opcode::CallReadSideEffect and
+        resultType instanceof Language::UnknownType
+      )
+    ) and
+    isLValue = false
+    or
+    tag = CallTargetTag() and
+    opcode instanceof Opcode::FunctionAddress and
+    // Since the DB does not have a function type,
+    // we just use the UnknownType
+    resultType instanceof Language::UnknownType and
+    isLValue = true
   }
+
   override Instruction getChildSuccessor(TranslatedElement child) {
-    (
-      child = getQualifier() and
-      result = getInstruction(CallTargetTag())
-    ) or
+    child = getQualifier() and
+    result = getInstruction(CallTargetTag())
+    or
     exists(int argIndex |
       child = getArgument(argIndex) and
-      if exists(getArgument(argIndex + 1)) then
-        result = getArgument(argIndex + 1).getFirstInstruction()
-      else
-        result = getInstruction(CallTag())
+      if exists(getArgument(argIndex + 1))
+      then result = getArgument(argIndex + 1).getFirstInstruction()
+      else result = getInstruction(CallTag())
     )
   }
-  
-  override Instruction getInstructionSuccessor(InstructionTag tag,
-    EdgeKind kind) {
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
     kind instanceof GotoEdge and
     (
       (
         tag = CallTag() and
-        if hasSideEffect() then
-          result = getInstruction(CallSideEffectTag())
-        else
-          result = getParent().getChildSuccessor(this)
-      ) or
-      (
-        hasSideEffect() and
-        tag = CallSideEffectTag() and
-        result = getParent().getChildSuccessor(this)
-      ) or
-      (
-        tag = CallTargetTag() and
-        kind instanceof GotoEdge and
-        result = getFirstArgumentOrCallInstruction()
+        if hasSideEffect()
+        then result = getInstruction(CallSideEffectTag())
+        else result = getParent().getChildSuccessor(this)
       )
+      or
+      hasSideEffect() and
+      tag = CallSideEffectTag() and
+      result = getParent().getChildSuccessor(this)
+      or
+      tag = CallTargetTag() and
+      kind instanceof GotoEdge and
+      result = getFirstArgumentOrCallInstruction()
     )
   }
 
-  override Instruction getInstructionOperand(InstructionTag tag,
-      OperandTag operandTag) {
+  override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = CallTag() and
     (
-      tag = CallTag() and
-      (
-        (
-          operandTag instanceof CallTargetOperandTag and
-          result = getInstruction(CallTargetTag())
-        ) or
-        (
-          operandTag instanceof ThisArgumentOperandTag and
-          result = getQualifierResult()
-        ) or
-        exists(PositionalArgumentOperandTag argTag |
-          argTag = operandTag and
-          result = getArgument(argTag.getArgIndex()).getResult()
-        )
+      operandTag instanceof CallTargetOperandTag and
+      result = getInstruction(CallTargetTag())
+      or
+      operandTag instanceof ThisArgumentOperandTag and
+      result = getQualifierResult()
+      or
+      exists(PositionalArgumentOperandTag argTag |
+        argTag = operandTag and
+        result = getArgument(argTag.getArgIndex()).getResult()
       )
-    ) or
-    (
-      tag = CallSideEffectTag() and
-      hasSideEffect() and
-      operandTag instanceof SideEffectOperandTag and
-      result = getUnmodeledDefinitionInstruction()
     )
+    or
+    tag = CallSideEffectTag() and
+    hasSideEffect() and
+    operandTag instanceof SideEffectOperandTag and
+    result = getUnmodeledDefinitionInstruction()
   }
 
-  override final Type getInstructionOperandType(InstructionTag tag,
-      TypedOperandTag operandTag) {
+  final override Type getInstructionOperandType(InstructionTag tag, TypedOperandTag operandTag) {
     tag = CallSideEffectTag() and
     hasSideEffect() and
     operandTag instanceof SideEffectOperandTag and
     result instanceof Language::UnknownType
   }
 
-  Instruction getResult() {
-    result = getInstruction(CallTag())
-  }
+  Instruction getResult() { result = getInstruction(CallTag()) }
 
   /**
    * Gets the result type of the call.
@@ -152,16 +134,14 @@ abstract class TranslatedCallBase extends TranslatedElement {
    * function (of the element this call is attached to).
    */
   abstract Instruction getUnmodeledDefinitionInstruction();
-  
+
   /**
    * Holds if the call has a `this` argument.
    */
-  predicate hasQualifier() {
-    exists(getQualifier())
-  }
+  predicate hasQualifier() { exists(getQualifier()) }
 
   /**
-   * Gets the expr for the qualifier of the call. 
+   * Gets the expr for the qualifier of the call.
    */
   abstract TranslatedExprBase getQualifier();
 
@@ -186,10 +166,9 @@ abstract class TranslatedCallBase extends TranslatedElement {
    * argument. Otherwise, returns the call instruction.
    */
   final Instruction getFirstArgumentOrCallInstruction() {
-    if hasArguments() then
-      result = getArgument(0).getFirstInstruction()
-    else
-      result = getInstruction(CallTag())
+    if hasArguments()
+    then result = getArgument(0).getFirstInstruction()
+    else result = getInstruction(CallTag())
   }
 
   /**
@@ -199,21 +178,15 @@ abstract class TranslatedCallBase extends TranslatedElement {
     exists(getArgument(0))
   }
 
-  predicate hasReadSideEffect() {
-    any()
-  }
+  predicate hasReadSideEffect() { any() }
 
-  predicate hasWriteSideEffect() {
-    any()
-  }
+  predicate hasWriteSideEffect() { any() }
 
-  private predicate hasSideEffect() {
-    hasReadSideEffect() or hasWriteSideEffect()
-  }
+  private predicate hasSideEffect() { hasReadSideEffect() or hasWriteSideEffect() }
 
   override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
-      hasSideEffect() and
-      tag = CallSideEffectTag() and
-      result = getResult()
+    hasSideEffect() and
+    tag = CallSideEffectTag() and
+    result = getResult()
   }
-}
+}