Static fields

AndreiDiaconu1 · AndreiDiaconu1 · commit f5b31ae9f5ce · 2019-09-27T12:21:47.000+01:00
The translation of static fields now uses `VariableAddress` instead of `FieldAddress`. This fixes the logic as well as the "field address without qualifier address" sanity check.
diff --git a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -833,16 +833,21 @@ abstract class TranslatedVariableAccess extends TranslatedNonConstantExpr {
 
 class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {
   TranslatedNonFieldVariableAccess() {
-    not expr instanceof FieldAccess and
-    // If the parent expression is a `LocalVariableDeclAndInitExpr`,
-    // then translate only the variables that are initializers (on the RHS)
-    // and not the LHS (the address of the LHS is generated during
-    // the translation of the initialization).
     (
-      expr.getParent() instanceof LocalVariableDeclAndInitExpr
-      implies
-      expr = expr.getParent().(LocalVariableDeclAndInitExpr).getInitializer()
+      not expr instanceof FieldAccess and
+      // If the parent expression is a `LocalVariableDeclAndInitExpr`,
+      // then translate only the variables that are initializers (on the RHS)
+      // and not the LHS (the address of the LHS is generated during
+      // the translation of the initialization).
+      (
+        expr.getParent() instanceof LocalVariableDeclAndInitExpr
+        implies
+        expr = expr.getParent().(LocalVariableDeclAndInitExpr).getInitializer()
+      )
     )
+    or
+    // Static field accesses should be modeled as `TranslatedNonFieldAccess`
+    expr.(FieldAccess).getTarget().isStatic()
   }
 
   override Instruction getFirstInstruction() {
@@ -874,6 +879,11 @@ class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {
 
 class TranslatedFieldAccess extends TranslatedVariableAccess {
   override FieldAccess expr;
+  
+  TranslatedFieldAccess() {
+    // Static field accesses should be modeled as `TranslatedNonFieldAccess`
+    not expr.getTarget().isStatic()
+  }
 
   override Instruction getFirstInstruction() {
     // If there is a qualifier
diff --git a/csharp/ql/test/library-tests/ir/ir/prop.cs b/csharp/ql/test/library-tests/ir/ir/prop.cs
@@ -1,6 +1,6 @@
 class PropClass 
 {
-    private int prop;
+    private static int prop;
 
     public int Prop
     { 
diff --git a/csharp/ql/test/library-tests/ir/ir/raw_ir.expected b/csharp/ql/test/library-tests/ir/ir/raw_ir.expected
@@ -1505,12 +1505,11 @@ prop.cs:
 #   12|     mu0_5(Int32)           = InitializeParameter[value] : &:r0_4
 #   14|     r0_6(glval<Int32>)     = VariableAddress[value]     : 
 #   14|     r0_7(Int32)            = Load                       : &:r0_6, ~mu0_2
-#   14|     r0_8(PropClass)        = CopyValue                  : r0_3
-#   14|     r0_9(glval<Int32>)     = FieldAddress[prop]         : r0_8
-#   14|     mu0_10(Int32)          = Store                      : &:r0_9, r0_7
-#   12|     v0_11(Void)            = ReturnVoid                 : 
-#   12|     v0_12(Void)            = UnmodeledUse               : mu*
-#   12|     v0_13(Void)            = ExitFunction               : 
+#   14|     r0_8(glval<Int32>)     = VariableAddress[prop]      : 
+#   14|     mu0_9(Int32)           = Store                      : &:r0_8, r0_7
+#   12|     v0_10(Void)            = ReturnVoid                 : 
+#   12|     v0_11(Void)            = UnmodeledUse               : mu*
+#   12|     v0_12(Void)            = ExitFunction               : 
 
 #   18| System.Int32 PropClass.func()
 #   18|   Block 0

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`class PropClass`
`2`	`2`	`{`
`3`		`- private int prop;`
	`3`	`+ private static int prop;`
`4`	`4`
`5`	`5`	`public int Prop`
`6`	`6`	`{`