Merge pull request #19746 from jketema/seh

C++: Use SEH exception edges in IR and generate SEH exception edges for calls in `__try`  blocks

Author: MathiasVP

cpp/ql/lib/change-notes/2014-12-13-deprecate-throwing.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `ThrowingFunction` class (`semmle.code.cpp.models.interfaces.Throwing`) has been deprecated. Please use the `AlwaysSehThrowingFunction` class instead.

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -84,11 +84,10 @@ abstract class TranslatedCall extends TranslatedExpr {
           this.getEnclosingFunction().getFunction() = instr.getEnclosingFunction()
         )
     else (
-      not this.mustThrowException() and
+      not this.mustThrowException(_) and
       result = this.getParent().getChildSuccessor(this, kind)
       or
-      this.mayThrowException() and
-      kind instanceof CppExceptionEdge and
+      this.mayThrowException(kind) and
       result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
     )
   }
@@ -117,14 +116,14 @@ abstract class TranslatedCall extends TranslatedExpr {
   final override Instruction getResult() { result = this.getInstruction(CallTag()) }
 
   /**
-   * Holds if the evaluation of this call may throw an exception.
+   * Holds if the evaluation of this call may throw an exception of the kind represented by the `ExceptionEdge`.
    */
-  abstract predicate mayThrowException();
+  abstract predicate mayThrowException(ExceptionEdge e);
 
   /**
-   * Holds if the evaluation of this call always throws an exception.
+   * Holds if the evaluation of this call always throws an exception of the kind represented by the `ExceptionEdge`.
    */
-  abstract predicate mustThrowException();
+  abstract predicate mustThrowException(ExceptionEdge e);
 
   /**
    * Gets the result type of the call.
@@ -332,14 +331,14 @@ class TranslatedExprCall extends TranslatedCallExpr {
     result = getTranslatedExpr(expr.getExpr().getFullyConverted())
   }
 
-  final override predicate mayThrowException() {
+  final override predicate mayThrowException(ExceptionEdge e) {
     // We assume that a call to a function pointer will not throw an exception.
     // This is not sound in general, but this will greatly reduce the number of
     // exceptional edges.
     none()
   }
 
-  final override predicate mustThrowException() { none() }
+  final override predicate mustThrowException(ExceptionEdge e) { none() }
 }
 
 /**
@@ -362,16 +361,16 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
     not exists(MemberFunction func | expr.getTarget() = func and func.isStatic())
   }
 
-  final override predicate mayThrowException() {
-    expr.getTarget().(ThrowingFunction).mayThrowException(_)
+  final override predicate mayThrowException(ExceptionEdge e) {
+    this.mustThrowException(e)
     or
-    expr.getTarget() instanceof AlwaysSehThrowingFunction
+    exists(MicrosoftTryStmt tryStmt | tryStmt.getStmt() = expr.getEnclosingStmt().getParent*()) and
+    e instanceof SehExceptionEdge
   }
 
-  final override predicate mustThrowException() {
-    expr.getTarget().(ThrowingFunction).mayThrowException(true)
-    or
-    expr.getTarget() instanceof AlwaysSehThrowingFunction
+  final override predicate mustThrowException(ExceptionEdge e) {
+    expr.getTarget() instanceof AlwaysSehThrowingFunction and
+    e instanceof SehExceptionEdge
   }
 }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -2483,14 +2483,14 @@ class TranslatedAllocatorCall extends TTranslatedAllocatorCall, TranslatedDirect
         result = getTranslatedExpr(expr.getAllocatorCall().getArgument(index).getFullyConverted())
   }
 
-  final override predicate mayThrowException() {
+  final override predicate mayThrowException(ExceptionEdge e) {
     // We assume that a call to `new` or `new[]` will never throw. This is not
     // sound in general, but this will greatly reduce the number of exceptional
     // edges.
     none()
   }
 
-  final override predicate mustThrowException() { none() }
+  final override predicate mustThrowException(ExceptionEdge e) { none() }
 }
 
 TranslatedAllocatorCall getTranslatedAllocatorCall(NewOrNewArrayExpr newExpr) {
@@ -2556,14 +2556,14 @@ class TranslatedDeleteOrDeleteArrayExpr extends TranslatedNonConstantExpr, Trans
     result = getTranslatedExpr(expr.getExprWithReuse().getFullyConverted())
   }
 
-  final override predicate mayThrowException() {
+  final override predicate mayThrowException(ExceptionEdge e) {
     // We assume that a call to `delete` or `delete[]` will never throw. This is not
     // sound in general, but this will greatly reduce the number of exceptional
     // edges.
     none()
   }
 
-  final override predicate mustThrowException() { none() }
+  final override predicate mustThrowException(ExceptionEdge e) { none() }
 }
 
 TranslatedDeleteOrDeleteArrayExpr getTranslatedDeleteOrDeleteArray(DeleteOrDeleteArrayExpr newExpr) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll

@@ -214,7 +214,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
         exists(ThrowExpr throw | throw.getEnclosingFunction() = func)
         or
         exists(FunctionCall call | call.getEnclosingFunction() = func |
-          getTranslatedExpr(call).(TranslatedCallExpr).mayThrowException()
+          getTranslatedExpr(call).(TranslatedCallExpr).mayThrowException(_)
         )
       )
       or

cpp/ql/lib/semmle/code/cpp/models/interfaces/Throwing.qll

@@ -12,8 +12,10 @@ import semmle.code.cpp.models.interfaces.FunctionInputsAndOutputs
 
 /**
  * A function that is known to raise an exception.
+ *
+ * DEPRECATED: use `AlwaysSehThrowingFunction` instead.
  */
-abstract class ThrowingFunction extends Function {
+abstract deprecated class ThrowingFunction extends Function {
   /**
    * Holds if this function may throw an exception during evaluation.
    * If `unconditional` is `true` the function always throws an exception.

cpp/ql/test/library-tests/ir/ir/PrintAST.expected

@@ -49652,6 +49652,43 @@ try_except.c:
 #   40|                 Type = [IntType] int
 #   40|                 ValueCategory = prvalue(load)
 #   42|     getStmt(2): [ReturnStmt] return ...
+#   44| [TopLevelFunction] int i()
+#   44|   <params>: 
+#   46| [TopLevelFunction] void j(int)
+#   46|   <params>: 
+#   46|     getParameter(0): [Parameter] b
+#   46|         Type = [IntType] int
+#   46|   getEntryPoint(): [BlockStmt] { ... }
+#   47|     getStmt(0): [DeclStmt] declaration
+#   47|       getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
+#   47|           Type = [IntType] int
+#   47|         getVariable().getInitializer(): [Initializer] initializer for x
+#   47|           getExpr(): [Literal] 0
+#   47|               Type = [IntType] int
+#   47|               Value = [Literal] 0
+#   47|               ValueCategory = prvalue
+#   48|     getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
+#   48|       getStmt(): [BlockStmt] { ... }
+#   49|         getStmt(0): [DeclStmt] declaration
+#   49|           getDeclarationEntry(0): [VariableDeclarationEntry] definition of y
+#   49|               Type = [IntType] int
+#   49|             getVariable().getInitializer(): [Initializer] initializer for y
+#   49|               getExpr(): [FunctionCall] call to i
+#   49|                   Type = [IntType] int
+#   49|                   ValueCategory = prvalue
+#   51|       getCondition(): [Literal] 1
+#   51|           Type = [IntType] int
+#   51|           Value = [Literal] 1
+#   51|           ValueCategory = prvalue
+#   51|       getExcept(): [BlockStmt] { ... }
+#   52|         getStmt(0): [ExprStmt] ExprStmt
+#   52|           getExpr(): [FunctionCall] call to sink
+#   52|               Type = [VoidType] void
+#   52|               ValueCategory = prvalue
+#   52|             getArgument(0): [VariableAccess] x
+#   52|                 Type = [IntType] int
+#   52|                 ValueCategory = prvalue(load)
+#   54|     getStmt(2): [ReturnStmt] return ...
 try_except.cpp:
 #    3| [TopLevelFunction] void ProbeFunction()
 #    3|   <params>: