Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Brodes/seh flow phas3.1 add basic seh edges #18253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
Loading
from
Open

Brodes/seh flow phas3.1 add basic seh edges #18253

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
8624f19
Adding basic SEH edge support. SEH exceptions are only considered for…
bdrodes Dec 9, 2024
52e1647
Updating test cases.
bdrodes Dec 9, 2024
8c8ed07
Adding comment on invalid throw in test case.
bdrodes Dec 9, 2024
4a8f0aa
Updating tests and expected files for syntax-zoo results.
bdrodes Dec 9, 2024
f75f69f
Altering unwind SEH mechanics, such that SEH unwind is generated if a…
bdrodes Dec 9, 2024
b1bfe2e
Updating test cases for new unwinding mechanic.
bdrodes Dec 9, 2024
b287196
Adding support for throw inside of microsoft try/except to simplify t…
bdrodes Dec 10, 2024
4818bd6
Updating expected files
bdrodes Dec 10, 2024
e76b912
Removing debugging code.
bdrodes Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Altering unwind SEH mechanics, such that SEH unwind is generated if a… 
…n SEH exception could be raised inside a microsoft try except statement, or if a function may always throw an exception.
  • Loading branch information
@bdrodes
bdrodes committed Dec 9, 2024
commit f75f69f0a2c453ab530b7684ced389a098606037
11 changes: 9 additions & 2 deletions 11 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,9 +364,16 @@ abstract class TranslatedCallExpr extends TranslatedNonConstantExpr, TranslatedC
override predicate mayThrowException(ExceptionEdge e) {
// by default, all functions may throw exceptions of any kind
// unless explicitly annotated to never throw
// Only consider a call to "may" throw an Seh exception
// if inside a MicrosoftTryStmt
not this.neverThrowException(e) and
// for now assuming all calls may throw for Seh only
e instanceof SehExceptionEdge
(
this.mustThrowException(e)
or
// for now assuming all calls may throw for Seh only
e instanceof SehExceptionEdge and
exists(MicrosoftTryStmt trystmt | trystmt.getAChild*() = expr)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure whether you want this at this point, as __finally and __except blocks are also children of a MicrosoftTryStmt. Hence, you'll also get SEH exception edges for calls in those blocks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had intentionally used the getAChild to include the finally and except since if there is an exception in those, I still want to unwind.

)
}

override predicate neverThrowException(ExceptionEdge e) {
Expand Down
17 changes: 9 additions & 8 deletions 17 cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ private import TranslatedExpr
private import TranslatedInitialization
private import TranslatedStmt
private import VarArgs
private import EdgeKind

/**
* Gets the `TranslatedFunction` that represents function `func`.
Expand Down Expand Up @@ -209,14 +210,16 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
(
// Only generate the `Unwind` instruction if there is any exception
// handling present in the function.
// Do not unwind for MicrosoftTryStmt (SEH), as an optimization (SEH exception
// will occur at any store/load, so unwind would appear everywhere as a result)
exists(TryStmt try | try.getEnclosingFunction() = func)
exists(TryOrMicrosoftTryStmt try | try.getEnclosingFunction() = func)
or
exists(ThrowExpr throw | throw.getEnclosingFunction() = func)
or
exists(FunctionCall call, CppExceptionEdge exception | call.getEnclosingFunction() = func |
getTranslatedExpr(call).(TranslatedCallExpr).mayThrowException(exception)
// or
// exists(FunctionCall call | call.getEnclosingFunction() = func |
// getTranslatedExpr(call).(TranslatedCallExpr).mustThrowException(_)
// )
exists(FunctionCall call | call.getEnclosingFunction() = func |
getTranslatedExpr(call).(TranslatedCallExpr).mayThrowException(_)
)
)
or
Expand All @@ -231,9 +234,7 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
}

final override Instruction getExceptionSuccessorInstruction(EdgeKind kind, ExceptionEdge exception) {
// only unwind for C++ exceptions since SEH exceptions are too verbose
// and would generate unwind for all functions.
exception instanceof CppExceptionEdge and
(exception = cppExceptionEdge() or exception = sehExceptionEdge()) and
result = this.getInstruction(UnwindTag()) and
kind instanceof GotoEdge
}
Expand Down
Morty Proxy This is a proxified and sanitized view of the page, visit original site.