Delegate creation and call

Added support for delegate creation and call.
Added a test case and updated the expected output.

Author: AndreiDiaconu1

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -61,6 +61,13 @@ private predicate ignoreExprAndDescendants(Expr expr) {
   // constant value.
   isIRConstant(getRealParent(expr))
   or
+  // Ignore the local declaration done by a `ForeachStmt`
+  // since we desugar it
+  (
+    expr instanceof LocalVariableDeclExpr and
+    expr.getParent().getParent() instanceof ForeachStmt
+  )
+  or
   ignoreExprAndDescendants(getRealParent(expr)) // recursive case
 }
 
@@ -208,12 +215,15 @@ newtype TTranslatedElement =
       exists(LocalVariableDeclAndInitExpr lvInit |
         lvInit.getInitializer() = expr and
         not expr instanceof ArrayCreation and
-        not expr instanceof ObjectCreation
+        not expr instanceof ObjectCreation and
+        not expr instanceof DelegateCreation
       )
       or
       // Then treat more complex ones
       expr instanceof ObjectCreation
       or
+      expr instanceof DelegateCreation
+      or
       expr instanceof ArrayInitializer
       or
       expr instanceof ObjectInitializer

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -12,6 +12,8 @@ private import TranslatedInitialization
 private import common.TranslatedConditionBlueprint
 private import common.TranslatedCallBlueprint
 private import common.TranslatedExprBlueprint
+private import desugar.Delegate
+private import desugar.internal.TranslatedCompilerGeneratedCall
 import TranslatedCall
 private import semmle.code.csharp.ir.Util
 private import semmle.code.csharp.ir.internal.IRCSharpLanguage as Language
@@ -1879,3 +1881,47 @@ class TranslatedLambdaExpr extends TranslatedNonConstantExpr, InitializationCont
     result = getTranslatedInitialization(expr.getChild(0))
   }
 }
+
+/**
+ * The translation of a `DelegateCall`. Since this type of call needs
+ * desugaring, we treat it as a special case. The AST node of the
+ * call expression will be the parent to a compiler generated call.
+ */
+class TranslatedDelegateCall extends TranslatedNonConstantExpr {
+  override DelegateCall expr;
+
+  override final Instruction getFirstInstruction() {
+    result = getInovkeCall().getFirstInstruction()
+  }
+
+  override final TranslatedElement getChild(int id) {
+    id = 0 and result = getInovkeCall()
+  }
+
+  override Instruction getResult() {
+    result = getInovkeCall().getResult()
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    none()
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    child = getInovkeCall() and
+    result = getParent().getChildSuccessor(this)
+  }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, Type resultType,
+      boolean isLValue) {
+    none()
+  }
+
+  override Instruction getInstructionOperand(InstructionTag tag,
+      OperandTag operandTag) {
+    none()
+  }
+
+  private TranslatedCompilerGeneratedCall getInovkeCall() {
+    result = DelegateElements::getInvoke(expr)
+  }
+}

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -12,6 +12,7 @@ private import TranslatedExpr
 private import TranslatedFunction
 private import semmle.code.csharp.ir.Util
 private import IRInternal
+private import desugar.Delegate
 
 /**
  * Gets the `TranslatedInitialization` for the expression `expr`.
@@ -125,9 +126,10 @@ class TranslatedDirectInitialization extends TranslatedInitialization {
     // TODO: Make sure this is complete and correct
     not expr instanceof ArrayInitializer and
     not expr instanceof ObjectInitializer and
+    not expr instanceof DelegateCreation and
     not expr instanceof CollectionInitializer and
     not expr instanceof ObjectCreation and
-    not expr instanceof StringLiteral
+    not expr instanceof StringLiteral 
   }
 
   override TranslatedElement getChild(int id) { id = 0 and result = this.getInitializer() }
@@ -469,3 +471,75 @@ class TranslatedConstructorInitializer extends TranslatedConstructorCallFromCons
     derivedClass = this.getFunction().getDeclaringType()
   }
 }
+
+/**
+ * Represents the IR translation of a delegate creation.
+ */
+class TranslatedDelegateCreation extends TranslatedInitialization, ConstructorCallContext {
+  override DelegateCreation expr;
+
+  override TranslatedElement getChild(int id) {
+    id = 0 and result = getConstructorCall()
+  }
+
+  override predicate hasInstruction(
+    Opcode opcode, InstructionTag tag, Type resultType, boolean isLValue) {
+      (
+        tag = NewObjTag() and
+        opcode instanceof Opcode::NewObj and
+        resultType = expr.getType() and
+        isLValue = false
+      )
+      or
+      (
+        tag = InitializerStoreTag() and
+        opcode instanceof Opcode::Store and
+        resultType = expr.getType() and
+        isLValue = false
+      )
+  }
+
+  override final Instruction getFirstInstruction() {
+    result = getInstruction(NewObjTag())
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    (
+      tag = NewObjTag() and
+      result = getConstructorCall().getFirstInstruction() and
+      kind instanceof GotoEdge
+    ) or
+    (
+      tag = InitializerStoreTag() and
+      result = getParent().getChildSuccessor(this) and
+      kind instanceof GotoEdge
+    )
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    child = getConstructorCall() and
+    result = getInstruction(InitializerStoreTag())
+  }
+
+  override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = InitializerStoreTag() and 
+    (
+      ( 
+        operandTag instanceof AddressOperandTag and
+        result = getParent().(InitializationContext).getTargetAddress()
+      ) or
+      ( 
+        operandTag instanceof StoreValueOperandTag and
+        result = getInstruction(NewObjTag())
+      )
+    )
+  }
+
+  TranslatedElement getConstructorCall() {
+    result = DelegateElements::getConstructor(expr)
+  }
+
+  override Instruction getReceiver() { 
+    result = getInstruction(NewObjTag())
+  }
+}

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/desugar/Delegate.qll

@@ -0,0 +1,131 @@
+/**
+ * File that translates the desugaring of delegate creation and call expressions.
+ * In particular, in the IR we explicitly allocate a new object and call the delegate's constructor when
+ * creating a new one.
+ * For the delegate call, we explicitly call the `Invoke` method.
+ * More information about the internals:
+ * https://github.com/dotnet/roslyn/blob/master/src/Compilers/CSharp/Portable/Lowering/LocalRewriter/LocalRewriter_DelegateCreationExpression.cs
+ * This is a rough approximation which will need further refining.
+ */
+
+import csharp
+private import semmle.code.csharp.ir.implementation.Opcode
+private import semmle.code.csharp.ir.implementation.internal.OperandTag
+private import semmle.code.csharp.ir.internal.TempVariableTag
+private import semmle.code.csharp.ir.implementation.raw.internal.InstructionTag
+
+private import semmle.code.csharp.ir.implementation.raw.internal.TranslatedExpr
+private import semmle.code.csharp.ir.implementation.raw.internal.TranslatedElement
+private import semmle.code.csharp.ir.implementation.raw.internal.TranslatedStmt
+private import semmle.code.csharp.ir.implementation.raw.internal.TranslatedCondition
+
+private import semmle.code.csharp.ir.internal.IRCSharpLanguage as Language
+private import Common
+private import internal.TranslatedCompilerGeneratedCall
+private import semmle.code.csharp.ir.implementation.raw.internal.common.TranslatedExprBlueprint
+
+/**
+ * Module that exposes the functions needed for the translation of the delegate creation and call expressions.
+ */
+module DelegateElements {
+  TranslatedDelegateConstructorCall getConstructor(DelegateCreation generatedBy) {
+     exists(TranslatedDelegateConstructorCall cons |
+      cons.getAST() = generatedBy and
+      result = cons
+    )
+  }
+  
+  TranslatedDelegateInvokeCall getInvoke(DelegateCall generatedBy) {
+     exists(TranslatedDelegateInvokeCall invoke |
+      invoke.getAST() = generatedBy and
+      result = invoke
+    )
+  }
+}
+
+/**
+ * The translation of the constructor call that happens as part of the delegate creation.
+ */
+private class TranslatedDelegateConstructorCall extends TranslatedCompilerGeneratedCall,
+                                                        TTranslatedCompilerGeneratedElement {
+  override DelegateCreation generatedBy;
+  
+  TranslatedDelegateConstructorCall() {
+    this = TTranslatedCompilerGeneratedElement(generatedBy, 0)
+  }
+  
+  final override Type getCallResultType() {
+    result instanceof VoidType
+  }
+  
+  override predicate hasArguments() {
+    any()
+  }
+  
+  override TranslatedExpr getArgument(int index) {
+    index = 0 and result = getTranslatedExpr(generatedBy.getArgument())
+  }
+  
+  override TranslatedExprBlueprint getQualifier() {
+    none()
+  }
+  
+  override Instruction getQualifierResult() {
+    exists(ConstructorCallContext context |
+      context = getParent() and
+      result = context.getReceiver()
+    )
+  }
+    
+  override Callable getInstructionFunction(InstructionTag tag) {
+    tag = CallTargetTag() and
+    exists(Callable internal | 
+      internal.getName() = generatedBy.getDelegateType().getName() and
+      internal.isCompilerGenerated() and
+      internal.getFile() = generatedBy.getFile() and
+      result = internal
+    )
+  }
+}
+
+/**
+ * The translation of the invoke call that happens as part of the desugaring of the delegate call.
+ */
+private class TranslatedDelegateInvokeCall extends TranslatedCompilerGeneratedCall, 
+                                                   TTranslatedCompilerGeneratedElement{
+  override DelegateCall generatedBy;
+  
+  TranslatedDelegateInvokeCall() {
+    this = TTranslatedCompilerGeneratedElement(generatedBy, 1)
+  }
+  
+  final override Type getCallResultType() { 
+    result instanceof VoidType
+  }
+  
+  override Callable getInstructionFunction(InstructionTag tag) {
+    tag = CallTargetTag() and
+    exists(Callable internal | 
+      internal.getName() = "Invoke" and
+      internal.isCompilerGenerated() and
+      internal.getFile() = generatedBy.getFile() and
+      result = internal
+    )
+  }
+  
+  override TranslatedExprBlueprint getQualifier() {
+    result = getTranslatedExpr(generatedBy.getDelegateExpr())
+  }
+  
+  override Instruction getQualifierResult() {
+    result = getQualifier().getResult()
+  }
+  
+  override predicate hasArguments() {
+    any()
+  }
+  
+  override TranslatedExpr getArgument(int index) {
+    result = getTranslatedExpr(generatedBy.getArgument(index))
+  }
+}

csharp/ql/test/library-tests/ir/ir/delegates.cs

@@ -0,0 +1,15 @@
+using System.Collections.Generic;
+
+public class Delegates {
+    delegate int Del(int num);
+
+    static int returns(int ret)
+    {
+        return ret;
+    }
+    
+    public static void Main() {
+        Del del1 = new Del(returns);
+        del1(5);
+    }
+}

csharp/ql/test/library-tests/ir/ir/raw_ir.expected

@@ -315,6 +315,45 @@ crement.cs:
 #    3|     v0_35(Void)         = UnmodeledUse        : mu*
 #    3|     v0_36(Void)         = ExitFunction        : 
 
+delegates.cs:
+#    6| System.Int32 Delegates.returns(System.Int32)
+#    6|   Block 0
+#    6|     v0_0(Void)         = EnterFunction            : 
+#    6|     mu0_1(null)        = AliasedDefinition        : 
+#    6|     mu0_2(null)        = UnmodeledDefinition      : 
+#    6|     r0_3(glval<Int32>) = VariableAddress[ret]     : 
+#    6|     mu0_4(Int32)       = InitializeParameter[ret] : &:r0_3
+#    8|     r0_5(glval<Int32>) = VariableAddress[#return] : 
+#    8|     r0_6(glval<Int32>) = VariableAddress[ret]     : 
+#    8|     r0_7(Int32)        = Load                     : &:r0_6, ~mu0_2
+#    8|     mu0_8(Int32)       = Store                    : &:r0_5, r0_7
+#    6|     r0_9(glval<Int32>) = VariableAddress[#return] : 
+#    6|     v0_10(Void)        = ReturnValue              : &:r0_9, ~mu0_2
+#    6|     v0_11(Void)        = UnmodeledUse             : mu*
+#    6|     v0_12(Void)        = ExitFunction             : 
+
+#   11| System.Void Delegates.Main()
+#   11|   Block 0
+#   11|     v0_0(Void)         = EnterFunction            : 
+#   11|     mu0_1(null)        = AliasedDefinition        : 
+#   11|     mu0_2(null)        = UnmodeledDefinition      : 
+#   12|     r0_3(glval<Del>)   = VariableAddress[del1]    : 
+#   12|     r0_4(Del)          = NewObj                   : 
+#   12|     r0_5(glval<null>)  = FunctionAddress[Del]     : 
+#   12|     r0_6(glval<Del>)   = FunctionAddress[returns] : 
+#   12|     v0_7(Void)         = Call                     : func:r0_5, this:r0_4, 0:r0_6
+#   12|     mu0_8(null)        = ^CallSideEffect          : ~mu0_2
+#   12|     mu0_9(Del)         = Store                    : &:r0_3, r0_4
+#   13|     r0_10(glval<Del>)  = VariableAddress[del1]    : 
+#   13|     r0_11(Del)         = Load                     : &:r0_10, ~mu0_2
+#   13|     r0_12(glval<null>) = FunctionAddress[Invoke]  : 
+#   13|     r0_13(Int32)       = Constant[5]              : 
+#   13|     v0_14(Void)        = Call                     : func:r0_12, this:r0_11, 0:r0_13
+#   13|     mu0_15(null)       = ^CallSideEffect          : ~mu0_2
+#   11|     v0_16(Void)        = ReturnVoid               : 
+#   11|     v0_17(Void)        = UnmodeledUse             : mu*
+#   11|     v0_18(Void)        = ExitFunction             : 
+
 func_with_param_call.cs:
 #    5| System.Int32 test_call_with_param.f(System.Int32,System.Int32)
 #    5|   Block 0