Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Brodes/seh flow phas3.1 add basic seh edges #18253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
Loading
from
Open

Brodes/seh flow phas3.1 add basic seh edges #18253

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8624f19
Adding basic SEH edge support. SEH exceptions are only considered for…
bdrodes Dec 9, 2024
52e1647
Updating test cases.
bdrodes Dec 9, 2024
8c8ed07
Adding comment on invalid throw in test case.
bdrodes Dec 9, 2024
4a8f0aa
Updating tests and expected files for syntax-zoo results.
bdrodes Dec 9, 2024
f75f69f
Altering unwind SEH mechanics, such that SEH unwind is generated if a…
bdrodes Dec 9, 2024
b1bfe2e
Updating test cases for new unwinding mechanic.
bdrodes Dec 9, 2024
b287196
Adding support for throw inside of microsoft try/except to simplify t…
bdrodes Dec 10, 2024
4818bd6
Updating expected files
bdrodes Dec 10, 2024
e76b912
Removing debugging code.
bdrodes Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Adding support for throw inside of microsoft try/except to simplify t… 
…he IR implementation and revert consistency check issues. There is a larger issue of how to address erroneous mix and match with SEH and traditional exceptions.
  • Loading branch information
@bdrodes
bdrodes committed Dec 10, 2024
commit b2871962da728e78ac939ea5fa0e930cc99faeea
2 changes: 1 addition & 1 deletion 2 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ abstract class TranslatedCall extends TranslatedExpr {
exists(ExceptionEdge e | this.hasExceptionBehavior(e) |
this.mayThrowException(e) and
kind = e and
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge), kind)
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
)
)
}
Expand Down
4 changes: 2 additions & 2 deletions 4 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1107,8 +1107,8 @@ abstract class TranslatedElement extends TTranslatedElement {
* nearest enclosing `try`, or the `Unwind` instruction for the function if
* there is no enclosing `try`. The successor edge kind is specified by `kind`.
*/
Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
result = this.getParent().getExceptionSuccessorInstruction(kind, exception)
Instruction getExceptionSuccessorInstruction(EdgeKind kind) {
result = this.getParent().getExceptionSuccessorInstruction(kind)
}

/**
Expand Down
11 changes: 8 additions & 3 deletions 11 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,14 @@
private import TranslatedStmt
private import TranslatedGlobalVar
private import IRConstruction
private import EdgeKind
import TranslatedCall

predicate tbd(TranslatedElement e, Instruction i, string s) {
e.getInstruction(_) = i and
not exists(i.getSuccessor(_)) and
s = concat(e.getAQlClass(), ",")
github-advanced-security[bot] marked this conversation as resolved.
Fixed Show resolved Hide resolved
}

/**
* Gets the TranslatedExpr for the specified expression. If `expr` is a load or synthesized
* temporary object, the result is the TranslatedExpr for the load or synthetic temporary object
Expand Down Expand Up @@ -3045,7 +3050,7 @@
// And otherwise, exit this element with an exceptional edge
not exists(this.getChild(id + 1)) and
kind instanceof CppExceptionEdge and
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge), kind)
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
)
}

Expand Down Expand Up @@ -3084,7 +3089,7 @@
or
not exists(this.getDestructors()) and
kind instanceof CppExceptionEdge and
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge), kind)
result = this.getParent().getExceptionSuccessorInstruction(any(GotoEdge edge))
)
}

Expand Down
8 changes: 1 addition & 7 deletions 8 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ private import TranslatedExpr
private import TranslatedInitialization
private import TranslatedStmt
private import VarArgs
private import EdgeKind

/**
* Gets the `TranslatedFunction` that represents function `func`.
Expand Down Expand Up @@ -214,10 +213,6 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
or
exists(ThrowExpr throw | throw.getEnclosingFunction() = func)
or
// or
// exists(FunctionCall call | call.getEnclosingFunction() = func |
// getTranslatedExpr(call).(TranslatedCallExpr).mustThrowException(_)
// )
exists(FunctionCall call | call.getEnclosingFunction() = func |
getTranslatedExpr(call).(TranslatedCallExpr).mayThrowException(_)
)
Expand All @@ -233,8 +228,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
)
}

final override Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
(exception = cppExceptionEdge() or exception = sehExceptionEdge()) and
final override Instruction getExceptionSuccessorInstruction(EdgeKind kind) {
result = this.getInstruction(UnwindTag()) and
kind instanceof GotoEdge
}
Expand Down
47 changes: 14 additions & 33 deletions 47 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ private import TranslatedElement
private import TranslatedExpr
private import TranslatedFunction
private import TranslatedInitialization
private import EdgeKind

TranslatedStmt getTranslatedStmt(Stmt stmt) { result.getAst() = stmt }

Expand Down Expand Up @@ -152,7 +151,7 @@ class TranslatedMicrosoftTryExceptHandler extends TranslatedElement,
// TODO: This is not really correct. The semantics of `EXCEPTION_CONTINUE_EXECUTION` is that
// we should continue execution at the point where the exception occurred. But we don't have
// any instruction to model this behavior.
result = this.getExceptionSuccessorInstruction(any(GotoEdge edge), sehExceptionEdge())
result = this.getExceptionSuccessorInstruction(any(GotoEdge edge))
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateZero())
Expand All @@ -172,7 +171,7 @@ class TranslatedMicrosoftTryExceptHandler extends TranslatedElement,
tag = TryExceptCompareZeroBranch() and
(
kind instanceof TrueEdge and
result = this.getExceptionSuccessorInstruction(any(GotoEdge edge), sehExceptionEdge())
result = this.getExceptionSuccessorInstruction(any(GotoEdge edge))
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateOne())
Expand Down Expand Up @@ -227,10 +226,10 @@ class TranslatedMicrosoftTryExceptHandler extends TranslatedElement,

final override Function getFunction() { result = tryExcept.getEnclosingFunction() }

override Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
override Instruction getExceptionSuccessorInstruction(EdgeKind kind) {
// A throw from within a `__except` block flows to the handler for the parent of
// the `__try`.
result = this.getParent().getParent().getExceptionSuccessorInstruction(kind, exception)
result = this.getParent().getParent().getExceptionSuccessorInstruction(kind)
}
}

Expand Down Expand Up @@ -283,10 +282,10 @@ class TranslatedMicrosoftTryFinallyHandler extends TranslatedElement,
result = getTranslatedStmt(tryFinally.getFinally())
}

override Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
override Instruction getExceptionSuccessorInstruction(EdgeKind kind) {
// A throw from within a `__finally` block flows to the handler for the parent of
// the `__try`.
result = this.getParent().getParent().getExceptionSuccessorInstruction(kind, exception)
result = this.getParent().getParent().getExceptionSuccessorInstruction(kind)
}
}

Expand Down Expand Up @@ -735,32 +734,14 @@ class TranslatedTryStmt extends TranslatedStmt {
// of the `try`, because the exception successor of the `try` itself is
// the first catch clause.
handler = this.getHandler(stmt.getNumberOfCatchClauses() - 1) and
exists(ExceptionEdge exception |
stmt instanceof MicrosoftTryStmt and exception instanceof SehExceptionEdge
or
stmt instanceof TryStmt and exception instanceof CppExceptionEdge
|
result = this.getParent().getExceptionSuccessorInstruction(kind, exception)
)
result = this.getParent().getExceptionSuccessorInstruction(kind)
}

final override Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
// Seh exceptions are only handled for Seh try statements and
// C++ exceptions for C++ try statements.
// I.e., we are assuming there isn't a mix and match between Seh and C++ exceptions.
// They are either all Seh or all C++ within a single try block depending on the
// try type (TryStmt vs MicrosoftTryStmt).
(
stmt instanceof TryStmt and exception instanceof CppExceptionEdge
or
stmt instanceof MicrosoftTryStmt and exception instanceof SehExceptionEdge
) and
(
result = this.getHandler(0).getFirstInstruction(kind)
or
not exists(this.getHandler(_)) and
result = this.getFinally().getFirstInstruction(kind)
)
final override Instruction getExceptionSuccessorInstruction(EdgeKind kind) {
result = this.getHandler(0).getFirstInstruction(kind)
or
not exists(this.getHandler(_)) and
result = this.getFinally().getFirstInstruction(kind)
}

private TranslatedElement getHandler(int index) { result = stmt.getTranslatedHandler(index) }
Expand Down Expand Up @@ -840,10 +821,10 @@ abstract class TranslatedHandler extends TranslatedStmt {
child = this.getBlock() and result = this.getParent().getChildSuccessor(this, kind)
}

override Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
override Instruction getExceptionSuccessorInstruction(EdgeKind kind) {
// A throw from within a `catch` block flows to the handler for the parent of
// the `try`.
result = this.getParent().getParent().getExceptionSuccessorInstruction(kind, exception)
result = this.getParent().getParent().getExceptionSuccessorInstruction(kind)
}

TranslatedStmt getBlock() { result = getTranslatedStmt(stmt.getBlock()) }
Expand Down
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.