C#: Fix dataflow for default constructors

tamasvajk · tamasvajk · commit 36c913061c1b · 2022-08-09T07:46:27.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
@@ -4,6 +4,7 @@ private import dotnet
 private import DataFlowImplCommon as DataFlowImplCommon
 private import DataFlowPublic
 private import DataFlowPrivate
+private import semmle.code.csharp.controlflow.internal.Splitting
 private import FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.FlowSummary as FlowSummary
 private import semmle.code.csharp.dataflow.ExternalFlow
@@ -39,6 +40,16 @@ DotNet::Callable getCallableForDataFlow(DotNet::Callable c) {
         // C# callable without C# implementation in the database
         unboundDecl.matchesHandle(result.(CIL::Callable))
   )
+  or
+  result = c.getUnboundDeclaration() and
+  isDefaultConstructorWithMemberInit(result)
+}
+
+private predicate isDefaultConstructorWithMemberInit(InstanceConstructor c) {
+  c.isUnboundDeclaration() and
+  c.getFile().fromSource() and
+  not c.hasBody() and
+  InitializerSplitting::constructorInitializes(c, _)
 }
 
 /**
diff --git a/csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected b/csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected
@@ -1,5 +1,4 @@
 failures
-| C_ctor.cs:13:24:13:42 | // ... | Missing result:hasValueFlow=1 |
 edges
 | A.cs:5:17:5:28 | call to method Source<C> : C | A.cs:6:24:6:24 | access to local variable c : C |
 | A.cs:5:17:5:28 | call to method Source<C> : C | A.cs:6:24:6:24 | access to local variable c : C |
@@ -309,6 +308,18 @@ edges
 | C.cs:25:14:25:15 | this access [field s3] : Elem | C.cs:25:14:25:15 | access to field s3 |
 | C.cs:27:14:27:15 | this access [property s5] : Elem | C.cs:27:14:27:15 | access to property s5 |
 | C.cs:27:14:27:15 | this access [property s5] : Elem | C.cs:27:14:27:15 | access to property s5 |
+| C_ctor.cs:3:18:3:19 | [post] this access [field s1] : Elem | C_ctor.cs:7:23:7:37 | object creation of type C_no_ctor [field s1] : Elem |
+| C_ctor.cs:3:18:3:19 | [post] this access [field s1] : Elem | C_ctor.cs:7:23:7:37 | object creation of type C_no_ctor [field s1] : Elem |
+| C_ctor.cs:3:23:3:42 | call to method Source<Elem> : Elem | C_ctor.cs:3:18:3:19 | [post] this access [field s1] : Elem |
+| C_ctor.cs:3:23:3:42 | call to method Source<Elem> : Elem | C_ctor.cs:3:18:3:19 | [post] this access [field s1] : Elem |
+| C_ctor.cs:7:23:7:37 | object creation of type C_no_ctor [field s1] : Elem | C_ctor.cs:8:9:8:9 | access to local variable c [field s1] : Elem |
+| C_ctor.cs:7:23:7:37 | object creation of type C_no_ctor [field s1] : Elem | C_ctor.cs:8:9:8:9 | access to local variable c [field s1] : Elem |
+| C_ctor.cs:8:9:8:9 | access to local variable c [field s1] : Elem | C_ctor.cs:11:17:11:18 | this [field s1] : Elem |
+| C_ctor.cs:8:9:8:9 | access to local variable c [field s1] : Elem | C_ctor.cs:11:17:11:18 | this [field s1] : Elem |
+| C_ctor.cs:11:17:11:18 | this [field s1] : Elem | C_ctor.cs:13:19:13:20 | this access [field s1] : Elem |
+| C_ctor.cs:11:17:11:18 | this [field s1] : Elem | C_ctor.cs:13:19:13:20 | this access [field s1] : Elem |
+| C_ctor.cs:13:19:13:20 | this access [field s1] : Elem | C_ctor.cs:13:19:13:20 | access to field s1 |
+| C_ctor.cs:13:19:13:20 | this access [field s1] : Elem | C_ctor.cs:13:19:13:20 | access to field s1 |
 | C_ctor.cs:19:18:19:19 | [post] this access [field s1] : Elem | C_ctor.cs:23:25:23:41 | object creation of type C_with_ctor [field s1] : Elem |
 | C_ctor.cs:19:18:19:19 | [post] this access [field s1] : Elem | C_ctor.cs:23:25:23:41 | object creation of type C_with_ctor [field s1] : Elem |
 | C_ctor.cs:19:23:19:42 | call to method Source<Elem> : Elem | C_ctor.cs:19:18:19:19 | [post] this access [field s1] : Elem |
@@ -1248,6 +1259,20 @@ nodes
 | C.cs:27:14:27:15 | this access [property s5] : Elem | semmle.label | this access [property s5] : Elem |
 | C.cs:28:14:28:15 | access to property s6 | semmle.label | access to property s6 |
 | C.cs:28:14:28:15 | access to property s6 | semmle.label | access to property s6 |
+| C_ctor.cs:3:18:3:19 | [post] this access [field s1] : Elem | semmle.label | [post] this access [field s1] : Elem |
+| C_ctor.cs:3:18:3:19 | [post] this access [field s1] : Elem | semmle.label | [post] this access [field s1] : Elem |
+| C_ctor.cs:3:23:3:42 | call to method Source<Elem> : Elem | semmle.label | call to method Source<Elem> : Elem |
+| C_ctor.cs:3:23:3:42 | call to method Source<Elem> : Elem | semmle.label | call to method Source<Elem> : Elem |
+| C_ctor.cs:7:23:7:37 | object creation of type C_no_ctor [field s1] : Elem | semmle.label | object creation of type C_no_ctor [field s1] : Elem |
+| C_ctor.cs:7:23:7:37 | object creation of type C_no_ctor [field s1] : Elem | semmle.label | object creation of type C_no_ctor [field s1] : Elem |
+| C_ctor.cs:8:9:8:9 | access to local variable c [field s1] : Elem | semmle.label | access to local variable c [field s1] : Elem |
+| C_ctor.cs:8:9:8:9 | access to local variable c [field s1] : Elem | semmle.label | access to local variable c [field s1] : Elem |
+| C_ctor.cs:11:17:11:18 | this [field s1] : Elem | semmle.label | this [field s1] : Elem |
+| C_ctor.cs:11:17:11:18 | this [field s1] : Elem | semmle.label | this [field s1] : Elem |
+| C_ctor.cs:13:19:13:20 | access to field s1 | semmle.label | access to field s1 |
+| C_ctor.cs:13:19:13:20 | access to field s1 | semmle.label | access to field s1 |
+| C_ctor.cs:13:19:13:20 | this access [field s1] : Elem | semmle.label | this access [field s1] : Elem |
+| C_ctor.cs:13:19:13:20 | this access [field s1] : Elem | semmle.label | this access [field s1] : Elem |
 | C_ctor.cs:19:18:19:19 | [post] this access [field s1] : Elem | semmle.label | [post] this access [field s1] : Elem |
 | C_ctor.cs:19:18:19:19 | [post] this access [field s1] : Elem | semmle.label | [post] this access [field s1] : Elem |
 | C_ctor.cs:19:23:19:42 | call to method Source<Elem> : Elem | semmle.label | call to method Source<Elem> : Elem |
@@ -2025,6 +2050,7 @@ subpaths
 | C.cs:26:14:26:15 | access to field s4 | C.cs:6:30:6:44 | call to method Source<Elem> : Elem | C.cs:26:14:26:15 | access to field s4 | $@ | C.cs:6:30:6:44 | call to method Source<Elem> : Elem | call to method Source<Elem> : Elem |
 | C.cs:27:14:27:15 | access to property s5 | C.cs:7:37:7:51 | call to method Source<Elem> : Elem | C.cs:27:14:27:15 | access to property s5 | $@ | C.cs:7:37:7:51 | call to method Source<Elem> : Elem | call to method Source<Elem> : Elem |
 | C.cs:28:14:28:15 | access to property s6 | C.cs:8:30:8:44 | call to method Source<Elem> : Elem | C.cs:28:14:28:15 | access to property s6 | $@ | C.cs:8:30:8:44 | call to method Source<Elem> : Elem | call to method Source<Elem> : Elem |
+| C_ctor.cs:13:19:13:20 | access to field s1 | C_ctor.cs:3:23:3:42 | call to method Source<Elem> : Elem | C_ctor.cs:13:19:13:20 | access to field s1 | $@ | C_ctor.cs:3:23:3:42 | call to method Source<Elem> : Elem | call to method Source<Elem> : Elem |
 | C_ctor.cs:31:19:31:20 | access to field s1 | C_ctor.cs:19:23:19:42 | call to method Source<Elem> : Elem | C_ctor.cs:31:19:31:20 | access to field s1 | $@ | C_ctor.cs:19:23:19:42 | call to method Source<Elem> : Elem | call to method Source<Elem> : Elem |
 | D.cs:32:14:32:23 | access to property AutoProp | D.cs:29:17:29:33 | call to method Source<Object> : Object | D.cs:32:14:32:23 | access to property AutoProp | $@ | D.cs:29:17:29:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |
 | D.cs:39:14:39:26 | access to property TrivialProp | D.cs:37:26:37:42 | call to method Source<Object> : Object | D.cs:39:14:39:26 | access to property TrivialProp | $@ | D.cs:37:26:37:42 | call to method Source<Object> : Object | call to method Source<Object> : Object |
