Merge pull request #9737 from geoffw0/arithmetic

Swift: Add ArithmeticOperation.qll library

Author: MathiasVP

swift/ql/lib/codeql/swift/elements/expr/ArithmeticOperation.qll

@@ -0,0 +1,112 @@
+private import codeql.swift.elements.expr.Expr
+private import codeql.swift.elements.expr.BinaryExpr
+private import codeql.swift.elements.expr.PrefixUnaryExpr
+private import codeql.swift.elements.expr.DotSyntaxCallExpr
+
+/**
+ * An arithmetic operation, such as:
+ * ```
+ * a + b
+ * ```
+ */
+class ArithmeticOperation extends Expr {
+  ArithmeticOperation() {
+    this instanceof BinaryArithmeticOperation or
+    this instanceof UnaryArithmeticOperation
+  }
+
+  /**
+   * Gets an operand of this arithmetic operation.
+   */
+  Expr getAnOperand() {
+    result = this.(BinaryArithmeticOperation).getAnOperand()
+    or
+    result = this.(UnaryArithmeticOperation).getOperand()
+  }
+}
+
+/**
+ * A binary arithmetic operation, such as:
+ * ```
+ * a + b
+ * ```
+ */
+class BinaryArithmeticOperation extends BinaryExpr {
+  BinaryArithmeticOperation() {
+    this instanceof AddExpr or
+    this instanceof SubExpr or
+    this instanceof MulExpr or
+    this instanceof DivExpr or
+    this instanceof RemExpr
+  }
+}
+
+/**
+ * An add expression.
+ * ```
+ * a + b
+ * ```
+ */
+class AddExpr extends BinaryExpr {
+  AddExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "+(_:_:)" }
+}
+
+/**
+ * A subtract expression.
+ * ```
+ * a - b
+ * ```
+ */
+class SubExpr extends BinaryExpr {
+  SubExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "-(_:_:)" }
+}
+
+/**
+ * A multiply expression.
+ * ```
+ * a * b
+ * ```
+ */
+class MulExpr extends BinaryExpr {
+  MulExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "*(_:_:)" }
+}
+
+/**
+ * A divide expression.
+ * ```
+ * a / b
+ * ```
+ */
+class DivExpr extends BinaryExpr {
+  DivExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "/(_:_:)" }
+}
+
+/**
+ * A remainder expression.
+ * ```
+ * a % b
+ * ```
+ */
+class RemExpr extends BinaryExpr {
+  RemExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "%(_:_:)" }
+}
+
+/**
+ * A unary arithmetic operation, such as:
+ * ```
+ * -a
+ * ```
+ */
+class UnaryArithmeticOperation extends PrefixUnaryExpr {
+  UnaryArithmeticOperation() { this instanceof UnaryMinusExpr }
+}
+
+/**
+ * A unary minus expression.
+ * ```
+ * -a
+ * ```
+ */
+class UnaryMinusExpr extends PrefixUnaryExpr {
+  UnaryMinusExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "-(_:)" }
+}

swift/ql/lib/codeql/swift/elements/expr/LogicalOperation.qll

@@ -6,31 +6,19 @@ private import codeql.swift.elements.expr.DeclRefExpr
 private import codeql.swift.elements.decl.ConcreteFuncDecl
 
 private predicate unaryHasName(PrefixUnaryExpr e, string name) {
-  e.getFunction()
-      .(DotSyntaxCallExpr)
-      .getFunction()
-      .(DeclRefExpr)
-      .getDecl()
-      .(ConcreteFuncDecl)
-      .getName() = name
+  e.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = name
 }
 
 private predicate binaryHasName(BinaryExpr e, string name) {
-  e.getFunction()
-      .(DotSyntaxCallExpr)
-      .getFunction()
-      .(DeclRefExpr)
-      .getDecl()
-      .(ConcreteFuncDecl)
-      .getName() = name
+  e.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = name
 }
 
 class LogicalAndExpr extends BinaryExpr {
-  LogicalAndExpr() { binaryHasName(this, "&&") }
+  LogicalAndExpr() { binaryHasName(this, "&&(_:_:)") }
 }
 
 class LogicalOrExpr extends BinaryExpr {
-  LogicalOrExpr() { binaryHasName(this, "||") }
+  LogicalOrExpr() { binaryHasName(this, "||(_:_:)") }
 }
 
 class BinaryLogicalOperation extends BinaryExpr {
@@ -41,7 +29,7 @@ class BinaryLogicalOperation extends BinaryExpr {
 }
 
 class NotExpr extends PrefixUnaryExpr {
-  NotExpr() { unaryHasName(this, "!") }
+  NotExpr() { unaryHasName(this, "!(_:)") }
 }
 
 class UnaryLogicalOperation extends PrefixUnaryExpr {

swift/ql/lib/swift.qll

@@ -1,5 +1,6 @@
 /** Top-level import for the Swift language pack */
 
 import codeql.swift.elements
+import codeql.swift.elements.expr.ArithmeticOperation
 import codeql.swift.elements.expr.LogicalOperation
 import codeql.swift.elements.decl.MethodDecl

swift/ql/test/library-tests/controlflow/graph/Cfg.expected

@@ -1670,19 +1670,29 @@ cfg.swift:
 #-----|  -> 2
 
 #  185| ... call to <=(_:_:) ...
-#-----|  -> { ... }
+#-----| false -> [false] ... call to &&(_:_:) ...
+#-----| true -> { ... }
 
 #  185| ... call to &&(_:_:) ...
 #-----| exception -> exit m1(x:) (normal)
-#-----|  -> { ... }
+#-----| false -> [false] ... call to &&(_:_:) ...
+#-----| true -> { ... }
+
+#  185| [false] ... call to &&(_:_:) ...
+#-----| exception -> exit m1(x:) (normal)
+#-----| false -> [false] ... call to &&(_:_:) ...
 
 #  185| ... call to &&(_:_:) ...
 #-----| exception -> exit m1(x:) (normal)
 #-----| true -> print(_:separator:terminator:)
 #-----| false -> print(_:separator:terminator:)
 
 #  185| StmtCondition
-#-----|  -> &&(_:_:)
+#-----|  -> <=(_:_:)
+
+#  185| [false] ... call to &&(_:_:) ...
+#-----| exception -> exit m1(x:) (normal)
+#-----| false -> print(_:separator:terminator:)
 
 #  185| <=(_:_:)
 #-----|  -> Int.Type
@@ -1696,30 +1706,60 @@ cfg.swift:
 #  185| 2
 #-----|  -> ... call to <=(_:_:) ...
 
-#  185| &&(_:_:)
-#-----|  -> Bool.Type
+#  185| x
+#-----|  -> 0
 
-#  185| Bool.Type
-#-----|  -> call to &&(_:_:)
+#  185| ... call to >(_:_:) ...
+#-----|  -> return ...
 
-#  185| call to &&(_:_:)
-#-----|  -> <=(_:_:)
+#  185| return ...
+#-----|  -> ... call to &&(_:_:) ...
 
 #  185| { ... }
-#-----|  -> ... call to &&(_:_:) ...
+#-----|  -> >(_:_:)
 
-#  185| &&(_:_:)
-#-----|  -> Bool.Type
+#  185| >(_:_:)
+#-----|  -> Int.Type
 
-#  185| Bool.Type
-#-----|  -> call to &&(_:_:)
+#  185| Int.Type
+#-----|  -> call to >(_:_:)
 
-#  185| call to &&(_:_:)
-#-----|  -> &&(_:_:)
+#  185| call to >(_:_:)
+#-----|  -> x
 
-#  185| { ... }
+#  185| 0
+#-----|  -> ... call to >(_:_:) ...
+
+#  185| call to ...
+#-----|  -> return ...
+
+#  185| return ...
 #-----|  -> ... call to &&(_:_:) ...
 
+#  185| { ... }
+#-----|  -> ==(_:_:)
+
+#  185| (...)
+#-----|  -> call to ...
+
+#  185| x
+#-----|  -> 5
+
+#  185| ... call to ==(_:_:) ...
+#-----|  -> (...)
+
+#  185| ==(_:_:)
+#-----|  -> Int.Type
+
+#  185| Int.Type
+#-----|  -> call to ==(_:_:)
+
+#  185| call to ==(_:_:)
+#-----|  -> x
+
+#  185| 5
+#-----|  -> ... call to ==(_:_:) ...
+
 #  186| print(_:separator:terminator:)
 #-----|  -> x is 1
 
@@ -2058,48 +2098,14 @@ cfg.swift:
 #  224| if ... then { ... }
 #-----|  -> StmtCondition
 
-#  224| !(_:)
-#-----|  -> Bool.Type
-
-#  224| Bool.Type
-#-----|  -> call to !(_:)
-
-#  224| call to !(_:)
-#-----|  -> true
-
 #  224| StmtCondition
-#-----|  -> !(_:)
+#-----|  -> true
 
-#  224| call to ...
+#  224| [false] call to ...
 #-----| false -> exit constant_condition() (normal)
-#-----| true -> print(_:separator:terminator:)
 
 #  224| true
-#-----|  -> call to ...
-
-#  225| print(_:separator:terminator:)
-#-----|  -> Impossible
-
-#  225| call to print(_:separator:terminator:)
-#-----|  -> exit constant_condition() (normal)
-
-#  225| default separator
-#-----|  -> default terminator
-
-#  225| default terminator
-#-----|  -> call to print(_:separator:terminator:)
-
-#  225| (Any) ...
-#-----|  -> [...]
-
-#  225| Impossible
-#-----|  -> (Any) ...
-
-#  225| [...]
-#-----|  -> default separator
-
-#  225| [...]
-#-----|  -> [...]
+#-----| true -> [false] call to ...
 
 #  229| empty_else(b:)
 #-----|  -> b
@@ -2197,7 +2203,7 @@ cfg.swift:
 #-----|  -> StmtCondition
 
 #  238| StmtCondition
-#-----|  -> ||(_:_:)
+#-----|  -> b1
 
 #  238| [false] (...)
 #-----| false -> exit disjunct(b1:b2:) (normal)
@@ -2206,24 +2212,26 @@ cfg.swift:
 #-----| true -> print(_:separator:terminator:)
 
 #  238| b1
-#-----|  -> { ... }
+#-----| true -> [true] ... call to ||(_:_:) ...
+#-----| false -> { ... }
 
 #  238| ... call to ||(_:_:) ...
 #-----| exception -> exit disjunct(b1:b2:) (normal)
 #-----| false -> [false] (...)
 #-----| true -> [true] (...)
 
-#  238| Bool.Type
-#-----|  -> call to ||(_:_:)
+#  238| [true] ... call to ||(_:_:) ...
+#-----| exception -> exit disjunct(b1:b2:) (normal)
+#-----| true -> [true] (...)
 
-#  238| call to ||(_:_:)
-#-----|  -> b1
+#  238| b2
+#-----|  -> return ...
 
-#  238| ||(_:_:)
-#-----|  -> Bool.Type
+#  238| return ...
+#-----|  -> ... call to ||(_:_:) ...
 
 #  238| { ... }
-#-----|  -> ... call to ||(_:_:) ...
+#-----|  -> b2
 
 #  239| print(_:separator:terminator:)
 #-----|  -> b1 or b2

swift/ql/test/library-tests/elements/expr/arithmeticoperation/arithmeticoperation.expected

@@ -0,0 +1,6 @@
+| arithmeticoperation.swift:6:6:6:10 | ... call to +(_:_:) ... | AddExpr, BinaryArithmeticOperation |
+| arithmeticoperation.swift:7:6:7:10 | ... call to -(_:_:) ... | BinaryArithmeticOperation, SubExpr |
+| arithmeticoperation.swift:8:6:8:10 | ... call to *(_:_:) ... | BinaryArithmeticOperation, MulExpr |
+| arithmeticoperation.swift:9:6:9:10 | ... call to /(_:_:) ... | BinaryArithmeticOperation, DivExpr |
+| arithmeticoperation.swift:10:6:10:10 | ... call to %(_:_:) ... | BinaryArithmeticOperation, RemExpr |
+| arithmeticoperation.swift:11:6:11:7 | call to ... | UnaryArithmeticOperation, UnaryMinusExpr |

swift/ql/test/library-tests/elements/expr/arithmeticoperation/arithmeticoperation.ql

@@ -0,0 +1,22 @@
+import swift
+
+string describe(ArithmeticOperation e) {
+  e instanceof BinaryArithmeticOperation and result = "BinaryArithmeticOperation"
+  or
+  e instanceof AddExpr and result = "AddExpr"
+  or
+  e instanceof SubExpr and result = "SubExpr"
+  or
+  e instanceof MulExpr and result = "MulExpr"
+  or
+  e instanceof DivExpr and result = "DivExpr"
+  or
+  e instanceof RemExpr and result = "RemExpr"
+  or
+  e instanceof UnaryArithmeticOperation and result = "UnaryArithmeticOperation"
+  or
+  e instanceof UnaryMinusExpr and result = "UnaryMinusExpr"
+}
+
+from ArithmeticOperation e
+select e, concat(describe(e), ", ")