Merge branch 'main' into java/refactor-dataflow-queries-1

Author: aschackmull

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs

@@ -1,5 +1,6 @@
 using Xunit;
 using Semmle.Autobuild.Shared;
+using Semmle.Util;
 using System.Collections.Generic;
 using System;
 using System.Linq;
@@ -75,6 +76,15 @@ int IBuildActions.RunProcess(string cmd, string args, string? workingDirectory,
             throw new ArgumentException("Missing RunProcess " + pattern);
         }
 
+        int IBuildActions.RunProcess(string cmd, string args, string? workingDirectory, IDictionary<string, string>? env, BuildOutputHandler onOutput, BuildOutputHandler onError)
+        {
+            var ret = (this as IBuildActions).RunProcess(cmd, args, workingDirectory, env, out var stdout);
+
+            stdout.ForEach(line => onOutput(line));
+
+            return ret;
+        }
+
         public IList<string> DirectoryDeleteIn = new List<string>();
 
         void IBuildActions.DirectoryDelete(string dir, bool recursive)
@@ -184,6 +194,15 @@ public void DownloadFile(string address, string fileName)
             if (!DownloadFiles.Contains((address, fileName)))
                 throw new ArgumentException($"Missing DownloadFile, {address}, {fileName}");
         }
+
+        public IDiagnosticsWriter CreateDiagnosticsWriter(string filename) => new TestDiagnosticWriter();
+    }
+
+    internal class TestDiagnosticWriter : IDiagnosticsWriter
+    {
+        public IList<DiagnosticMessage> Diagnostics { get; } = new List<DiagnosticMessage>();
+
+        public void AddEntry(DiagnosticMessage message) => this.Diagnostics.Add(message);
     }
 
     /// <summary>
@@ -243,6 +262,7 @@ CppAutobuilder CreateAutoBuilder(bool isWindows,
             Actions.GetEnvironmentVariable[$"CODEQL_EXTRACTOR_{codeqlUpperLanguage}_TRAP_DIR"] = "";
             Actions.GetEnvironmentVariable[$"CODEQL_EXTRACTOR_{codeqlUpperLanguage}_SOURCE_ARCHIVE_DIR"] = "";
             Actions.GetEnvironmentVariable[$"CODEQL_EXTRACTOR_{codeqlUpperLanguage}_ROOT"] = $@"C:\codeql\{codeqlUpperLanguage.ToLowerInvariant()}";
+            Actions.GetEnvironmentVariable[$"CODEQL_EXTRACTOR_{codeqlUpperLanguage}_DIAGNOSTIC_DIR"] = "";
             Actions.GetEnvironmentVariable["CODEQL_JAVA_HOME"] = @"C:\codeql\tools\java";
             Actions.GetEnvironmentVariable["CODEQL_PLATFORM"] = "win64";
             Actions.GetEnvironmentVariable["SEMMLE_DIST"] = @"C:\odasa";

cpp/autobuilder/Semmle.Autobuild.Cpp/CppAutobuilder.cs

@@ -1,4 +1,5 @@
 using Semmle.Autobuild.Shared;
+using Semmle.Util;
 
 namespace Semmle.Autobuild.Cpp
 {
@@ -21,7 +22,7 @@ public CppAutobuildOptions(IBuildActions actions) : base(actions)
 
     public class CppAutobuilder : Autobuilder<CppAutobuildOptions>
     {
-        public CppAutobuilder(IBuildActions actions, CppAutobuildOptions options) : base(actions, options) { }
+        public CppAutobuilder(IBuildActions actions, CppAutobuildOptions options) : base(actions, options, new DiagnosticClassifier()) { }
 
         public override BuildScript GetBuildScript()
         {

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.5.4
+
+No user-facing changes.
+
 ## 0.5.3
 
 No user-facing changes.

cpp/ql/lib/change-notes/released/0.5.4.md

@@ -0,0 +1,3 @@
+## 0.5.4
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.3
+lastReleaseVersion: 0.5.4

cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

@@ -456,6 +456,7 @@ module Impl<FullStateConfigSig Config> {
      * The Boolean `cc` records whether the node is reached through an
      * argument in a call.
      */
+    pragma[assume_small_delta]
     private predicate fwdFlow(NodeEx node, Cc cc) {
       sourceNode(node, _) and
       if hasSourceCallCtx() then cc = true else cc = false

cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -7,7 +7,8 @@ import TaintTrackingParameter::Public
 private import TaintTrackingParameter::Private
 
 private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
-DataFlowInternal::FullStateConfigSig {
+  DataFlowInternal::FullStateConfigSig
+{
   import Config
 
   predicate isBarrier(DataFlow::Node node) {

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.5.4-dev
+version: 0.5.5-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/Declaration.qll

@@ -186,7 +186,7 @@ class Declaration extends Locatable, @declaration {
   predicate hasDefinition() { exists(this.getDefinition()) }
 
   /** DEPRECATED: Use `hasDefinition` instead. */
-  predicate isDefined() { this.hasDefinition() }
+  deprecated predicate isDefined() { this.hasDefinition() }
 
   /** Gets the preferred location of this declaration, if any. */
   override Location getLocation() { none() }
@@ -619,11 +619,10 @@ private class DirectAccessHolder extends Element {
   /**
    * Like `couldAccessMember` but only contains derivations in which either
    * (5.2), (5.3) or (5.4) must be invoked. In other words, the `this`
-   * parameter is not ignored. This restriction makes it feasible to fully
-   * enumerate this predicate even on large code bases. We check for 11.4 as
-   * part of (5.3), since this further limits the number of tuples produced by
-   * this predicate.
+   * parameter is not ignored. We check for 11.4 as part of (5.3), since
+   * this further limits the number of tuples produced by this predicate.
    */
+  pragma[inline]
   predicate thisCouldAccessMember(Class memberClass, AccessSpecifier memberAccess, Class derived) {
     // Only (5.4) is recursive, and chains of invocations of (5.4) can always
     // be collapsed to one invocation by the transitivity of 11.2/4.
@@ -665,7 +664,9 @@ private class DirectAccessHolder extends Element {
     //    bypasses `p`. Then that path must be public, or we are in case 2.
     exists(AccessSpecifier public | public.hasName("public") |
       exists(Class between, Class p |
-        between.accessOfBaseMember(memberClass, memberAccess).hasName("protected") and
+        between
+            .accessOfBaseMember(pragma[only_bind_into](memberClass), memberAccess)
+            .hasName("protected") and
         this.isFriendOfOrEqualTo(p) and
         (
           // This is case 1 from above. If `p` derives privately from `between`

cpp/ql/lib/semmle/code/cpp/Function.qll

@@ -41,7 +41,7 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
    * `min<int>(int, int) -> int`, and the full signature of the uninstantiated
    * template on the first line would be `min<T>(T, T) -> T`.
    */
-  string getFullSignature() {
+  deprecated string getFullSignature() {
     exists(string name, string templateArgs, string args |
       result = name + templateArgs + args + " -> " + this.getType().toString() and
       name = this.getQualifiedName() and

cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll

@@ -159,7 +159,8 @@ class NameQualifyingElement extends Element, @namequalifyingelement {
  * A special name-qualifying element. For example: `__super`.
  */
 library class SpecialNameQualifyingElement extends NameQualifyingElement,
-  @specialnamequalifyingelement {
+  @specialnamequalifyingelement
+{
   /** Gets the name of this special qualifying element. */
   override string getName() { specialnamequalifyingelements(underlyingElement(this), result) }
 

cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll

@@ -12,7 +12,9 @@ predicate freeFunction(Function f, int argNum) { argNum = f.(DeallocationFunctio
  *
  * DEPRECATED: Use `DeallocationExpr` instead (this also includes `delete` expressions).
  */
-predicate freeCall(FunctionCall fc, Expr arg) { arg = fc.(DeallocationExpr).getFreedExpr() }
+deprecated predicate freeCall(FunctionCall fc, Expr arg) {
+  arg = fc.(DeallocationExpr).getFreedExpr()
+}
 
 /**
  * Is e some kind of allocation or deallocation (`new`, `alloc`, `realloc`, `delete`, `free` etc)?

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll

@@ -456,6 +456,7 @@ module Impl<FullStateConfigSig Config> {
      * The Boolean `cc` records whether the node is reached through an
      * argument in a call.
      */
+    pragma[assume_small_delta]
     private predicate fwdFlow(NodeEx node, Cc cc) {
       sourceNode(node, _) and
       if hasSourceCallCtx() then cc = true else cc = false

cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -7,7 +7,8 @@ import TaintTrackingParameter::Public
 private import TaintTrackingParameter::Private
 
 private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
-DataFlowInternal::FullStateConfigSig {
+  DataFlowInternal::FullStateConfigSig
+{
   import Config
 
   predicate isBarrier(DataFlow::Node node) {

cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll

@@ -569,7 +569,8 @@ class BuiltInOperationBuiltInAddressOf extends UnaryOperation, BuiltInOperation,
  * ```
  */
 class BuiltInOperationIsTriviallyConstructible extends BuiltInOperation,
-  @istriviallyconstructibleexpr {
+  @istriviallyconstructibleexpr
+{
   override string toString() { result = "__is_trivially_constructible" }
 
   override string getAPrimaryQlClass() { result = "BuiltInOperationIsTriviallyConstructible" }
@@ -619,7 +620,8 @@ class BuiltInOperationIsNothrowDestructible extends BuiltInOperation, @isnothrow
  * bool v = __is_trivially_destructible(MyType);
  * ```
  */
-class BuiltInOperationIsTriviallyDestructible extends BuiltInOperation, @istriviallydestructibleexpr {
+class BuiltInOperationIsTriviallyDestructible extends BuiltInOperation, @istriviallydestructibleexpr
+{
   override string toString() { result = "__is_trivially_destructible" }
 
   override string getAPrimaryQlClass() { result = "BuiltInOperationIsTriviallyDestructible" }
@@ -738,7 +740,8 @@ class BuiltInOperationIsLiteralType extends BuiltInOperation, @isliteraltypeexpr
  * ```
  */
 class BuiltInOperationHasTrivialMoveConstructor extends BuiltInOperation,
-  @hastrivialmoveconstructorexpr {
+  @hastrivialmoveconstructorexpr
+{
   override string toString() { result = "__has_trivial_move_constructor" }
 
   override string getAPrimaryQlClass() { result = "BuiltInOperationHasTrivialMoveConstructor" }
@@ -1034,7 +1037,8 @@ class BuiltInOperationIsAggregate extends BuiltInOperation, @isaggregate {
  * ```
  */
 class BuiltInOperationHasUniqueObjectRepresentations extends BuiltInOperation,
-  @hasuniqueobjectrepresentations {
+  @hasuniqueobjectrepresentations
+{
   override string toString() { result = "__has_unique_object_representations" }
 
   override string getAPrimaryQlClass() { result = "BuiltInOperationHasUniqueObjectRepresentations" }
@@ -1107,7 +1111,8 @@ class BuiltInOperationIsLayoutCompatible extends BuiltInOperation, @islayoutcomp
  * ```
  */
 class BuiltInOperationIsPointerInterconvertibleBaseOf extends BuiltInOperation,
-  @ispointerinterconvertiblebaseof {
+  @ispointerinterconvertiblebaseof
+{
   override string toString() { result = "__is_pointer_interconvertible_base_of" }
 
   override string getAPrimaryQlClass() {

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

@@ -456,6 +456,7 @@ module Impl<FullStateConfigSig Config> {
      * The Boolean `cc` records whether the node is reached through an
      * argument in a call.
      */
+    pragma[assume_small_delta]
     private predicate fwdFlow(NodeEx node, Cc cc) {
       sourceNode(node, _) and
       if hasSourceCallCtx() then cc = true else cc = false

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll

@@ -7,7 +7,8 @@ import TaintTrackingParameter::Public
 private import TaintTrackingParameter::Private
 
 private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
-DataFlowInternal::FullStateConfigSig {
+  DataFlowInternal::FullStateConfigSig
+{
   import Config
 
   predicate isBarrier(DataFlow::Node node) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll

@@ -1082,7 +1082,8 @@ module Opcode {
    * See the `CallSideEffectInstruction` documentation for more details.
    */
   class CallSideEffect extends WriteSideEffectOpcode, EscapedWriteOpcode, MayWriteOpcode,
-    ReadSideEffectOpcode, EscapedReadOpcode, MayReadOpcode, TCallSideEffect {
+    ReadSideEffectOpcode, EscapedReadOpcode, MayReadOpcode, TCallSideEffect
+  {
     final override string toString() { result = "CallSideEffect" }
   }
 
@@ -1092,7 +1093,8 @@ module Opcode {
    * See the `CallReadSideEffectInstruction` documentation for more details.
    */
   class CallReadSideEffect extends ReadSideEffectOpcode, EscapedReadOpcode, MayReadOpcode,
-    TCallReadSideEffect {
+    TCallReadSideEffect
+  {
     final override string toString() { result = "CallReadSideEffect" }
   }
 
@@ -1102,7 +1104,8 @@ module Opcode {
    * See the `IndirectReadSideEffectInstruction` documentation for more details.
    */
   class IndirectReadSideEffect extends ReadSideEffectOpcode, IndirectReadOpcode,
-    TIndirectReadSideEffect {
+    TIndirectReadSideEffect
+  {
     final override string toString() { result = "IndirectReadSideEffect" }
   }
 
@@ -1112,7 +1115,8 @@ module Opcode {
    * See the `IndirectMustWriteSideEffectInstruction` documentation for more details.
    */
   class IndirectMustWriteSideEffect extends WriteSideEffectOpcode, IndirectWriteOpcode,
-    TIndirectMustWriteSideEffect {
+    TIndirectMustWriteSideEffect
+  {
     final override string toString() { result = "IndirectMustWriteSideEffect" }
   }
 
@@ -1122,7 +1126,8 @@ module Opcode {
    * See the `IndirectMayWriteSideEffectInstruction` documentation for more details.
    */
   class IndirectMayWriteSideEffect extends WriteSideEffectOpcode, IndirectWriteOpcode,
-    MayWriteOpcode, TIndirectMayWriteSideEffect {
+    MayWriteOpcode, TIndirectMayWriteSideEffect
+  {
     final override string toString() { result = "IndirectMayWriteSideEffect" }
   }
 
@@ -1132,7 +1137,8 @@ module Opcode {
    * See the `BufferReadSideEffectInstruction` documentation for more details.
    */
   class BufferReadSideEffect extends ReadSideEffectOpcode, UnsizedBufferReadOpcode,
-    TBufferReadSideEffect {
+    TBufferReadSideEffect
+  {
     final override string toString() { result = "BufferReadSideEffect" }
   }
 
@@ -1142,7 +1148,8 @@ module Opcode {
    * See the `BufferMustWriteSideEffectInstruction` documentation for more details.
    */
   class BufferMustWriteSideEffect extends WriteSideEffectOpcode, UnsizedBufferWriteOpcode,
-    TBufferMustWriteSideEffect {
+    TBufferMustWriteSideEffect
+  {
     final override string toString() { result = "BufferMustWriteSideEffect" }
   }
 
@@ -1152,7 +1159,8 @@ module Opcode {
    * See the `BufferMayWriteSideEffectInstruction` documentation for more details.
    */
   class BufferMayWriteSideEffect extends WriteSideEffectOpcode, UnsizedBufferWriteOpcode,
-    MayWriteOpcode, TBufferMayWriteSideEffect {
+    MayWriteOpcode, TBufferMayWriteSideEffect
+  {
     final override string toString() { result = "BufferMayWriteSideEffect" }
   }
 
@@ -1162,7 +1170,8 @@ module Opcode {
    * See the `SizedBufferReadSideEffectInstruction` documentation for more details.
    */
   class SizedBufferReadSideEffect extends ReadSideEffectOpcode, SizedBufferReadOpcode,
-    TSizedBufferReadSideEffect {
+    TSizedBufferReadSideEffect
+  {
     final override string toString() { result = "SizedBufferReadSideEffect" }
   }
 
@@ -1172,7 +1181,8 @@ module Opcode {
    * See the `SizedBufferMustWriteSideEffectInstruction` documentation for more details.
    */
   class SizedBufferMustWriteSideEffect extends WriteSideEffectOpcode, SizedBufferWriteOpcode,
-    TSizedBufferMustWriteSideEffect {
+    TSizedBufferMustWriteSideEffect
+  {
     final override string toString() { result = "SizedBufferMustWriteSideEffect" }
   }
 
@@ -1182,7 +1192,8 @@ module Opcode {
    * See the `SizedBufferMayWriteSideEffectInstruction` documentation for more details.
    */
   class SizedBufferMayWriteSideEffect extends WriteSideEffectOpcode, SizedBufferWriteOpcode,
-    MayWriteOpcode, TSizedBufferMayWriteSideEffect {
+    MayWriteOpcode, TSizedBufferMayWriteSideEffect
+  {
     final override string toString() { result = "SizedBufferMayWriteSideEffect" }
   }
 
@@ -1192,7 +1203,8 @@ module Opcode {
    * See the `InitializeDynamicAllocationInstruction` documentation for more details.
    */
   class InitializeDynamicAllocation extends SideEffectOpcode, EntireAllocationWriteOpcode,
-    TInitializeDynamicAllocation {
+    TInitializeDynamicAllocation
+  {
     final override string toString() { result = "InitializeDynamicAllocation" }
   }
 
@@ -1221,7 +1233,8 @@ module Opcode {
    * See the `InlineAsmInstruction` documentation for more details.
    */
   class InlineAsm extends Opcode, EscapedWriteOpcode, MayWriteOpcode, EscapedReadOpcode,
-    MayReadOpcode, TInlineAsm {
+    MayReadOpcode, TInlineAsm
+  {
     final override string toString() { result = "InlineAsm" }
 
     final override predicate hasOperandInternal(OperandTag tag) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll

@@ -246,7 +246,8 @@ class VariableMemoryLocation extends TVariableMemoryLocation, AllocationMemoryLo
 }
 
 class EntireAllocationMemoryLocation extends TEntireAllocationMemoryLocation,
-  AllocationMemoryLocation {
+  AllocationMemoryLocation
+{
   EntireAllocationMemoryLocation() { this = TEntireAllocationMemoryLocation(var, isMayAccess) }
 
   final override string toStringInternal() { result = var.toString() }