Merge pull request #111 from github/hvitved/dataflow

Initial data flow library

Author: aibaars

ql/src/codeql_ruby/DataFlow.qll

@@ -0,0 +1,7 @@
+/**
+ * Provides classes for performing local (intra-procedural) and
+ * global (inter-procedural) data flow analyses.
+ */
+module DataFlow {
+  import codeql_ruby.dataflow.internal.DataFlowImpl
+}

ql/src/codeql_ruby/controlflow/CfgNodes.qll

@@ -176,6 +176,23 @@ abstract private class ExprChildMapping extends Expr {
 /** Provides classes for control-flow nodes that wrap AST expressions. */
 module ExprNodes {
   // TODO: Add more classes
+  private class AssignmentExprChildMapping extends ExprChildMapping, Assignment {
+    override predicate relevantChild(Expr e) { e = this.getAnOperand() }
+  }
+
+  /** A control-flow node that wraps an `Assignment` AST expression. */
+  class AssignmentCfgNode extends ExprCfgNode {
+    override AssignmentExprChildMapping e;
+
+    final override Assignment getExpr() { result = ExprCfgNode.super.getExpr() }
+
+    /** Gets the LHS of this assignment. */
+    final ExprCfgNode getLhs() { e.hasCfgChild(e.getLhs(), this, result) }
+
+    /** Gets the RHS of this assignment. */
+    final ExprCfgNode getRhs() { e.hasCfgChild(e.getRhs(), this, result) }
+  }
+
   private class BinaryOperationExprChildMapping extends ExprChildMapping, BinaryOperation {
     override predicate relevantChild(Expr e) { e = this.getAnOperand() }
   }
@@ -193,6 +210,40 @@ module ExprNodes {
     final ExprCfgNode getRightOperand() { e.hasCfgChild(e.getRightOperand(), this, result) }
   }
 
+  private class CallExprChildMapping extends ExprChildMapping, Call {
+    override predicate relevantChild(Expr e) { e = [this.getAnArgument(), this.getReceiver()] }
+  }
+
+  /** A control-flow node that wraps a `Call` AST expression. */
+  class CallCfgNode extends ExprCfgNode {
+    override CallExprChildMapping e;
+
+    final override Call getExpr() { result = ExprCfgNode.super.getExpr() }
+
+    /** Gets the `n`th argument of this call. */
+    final ExprCfgNode getArgument(int n) { e.hasCfgChild(e.getArgument(n), this, result) }
+
+    /** Gets the receiver of this call. */
+    final ExprCfgNode getReceiver() { e.hasCfgChild(e.getReceiver(), this, result) }
+  }
+
+  private class ExprSequenceChildMapping extends ExprChildMapping, ExprSequence {
+    override predicate relevantChild(Expr e) { e = this.getAnExpr() }
+  }
+
+  /** A control-flow node that wraps an `ExprSequence` AST expression. */
+  class ExprSequenceCfgNode extends ExprCfgNode {
+    override ExprSequenceChildMapping e;
+
+    final override ExprSequence getExpr() { result = ExprCfgNode.super.getExpr() }
+
+    /** Gets the last expression in this sequence, if any. */
+    final ExprCfgNode getLastExpr() { e.hasCfgChild(e.getLastExpr(), this, result) }
+
+    /** Gets the 'n'th expression of this expression sequence. */
+    final ExprCfgNode getExpr(int n) { e.hasCfgChild(e.getExpr(n), this, result) }
+  }
+
   /** A control-flow node that wraps a `VariableReadAccess` AST expression. */
   class VariableReadAccessCfgNode extends ExprCfgNode {
     override VariableReadAccess e;

ql/src/codeql_ruby/dataflow/internal/DataFlowDispatch.qll

@@ -0,0 +1,51 @@
+private import ruby
+private import codeql_ruby.CFG
+private import DataFlowPrivate
+
+newtype TReturnKind = TNormalReturnKind()
+
+/**
+ * Gets a node that can read the value returned from `call` with return kind
+ * `kind`.
+ */
+OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) { call = result.getCall(kind) }
+
+/**
+ * A return kind. A return kind describes how a value can be returned
+ * from a callable.
+ */
+abstract class ReturnKind extends TReturnKind {
+  /** Gets a textual representation of this position. */
+  abstract string toString();
+}
+
+/**
+ * A value returned from a callable using a `return` statement or an expression
+ * body, that is, a "normal" return.
+ */
+class NormalReturnKind extends ReturnKind, TNormalReturnKind {
+  override string toString() { result = "return" }
+}
+
+class DataFlowCallable = CfgScope;
+
+class DataFlowCall extends CfgNodes::ExprNodes::CallCfgNode {
+  DataFlowCallable getEnclosingCallable() { result = this.getScope() }
+}
+
+/** Gets a viable run-time target for the call `call`. */
+DataFlowCallable viableCallable(DataFlowCall call) { none() }
+
+/**
+ * Holds if the set of viable implementations that can be called by `call`
+ * might be improved by knowing the call context. This is the case if the
+ * call is a delegate call, or if the qualifier accesses a parameter of
+ * the enclosing callable `c` (including the implicit `this` parameter).
+ */
+predicate mayBenefitFromCallContext(DataFlowCall call, Callable c) { none() }
+
+/**
+ * Gets a viable dispatch target of `call` in the context `ctx`. This is
+ * restricted to those `call`s for which a context might make a difference.
+ */
+DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { none() }