C++: Add some SideEffect models.

Author: geoffw0

cpp/ql/src/semmle/code/cpp/models/implementations/Strcat.qll

@@ -1,11 +1,12 @@
 import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.DataFlow
 import semmle.code.cpp.models.interfaces.Taint
+import semmle.code.cpp.models.interfaces.SideEffect
 
 /**
  * The standard function `strcat` and its wide, sized, and Microsoft variants.
  */
-class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction {
+class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, SideEffectFunction {
   StrcatFunction() {
     exists(string name | name = getName() |
       name = "strcat" or // strcat(dst, src)
@@ -56,4 +57,19 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction {
   override predicate hasArrayWithNullTerminator(int param) { param = 1 }
 
   override predicate hasArrayWithUnknownSize(int param) { param = 0 }
+
+  override predicate hasOnlySpecificReadSideEffects() { any() }
+
+  override predicate hasOnlySpecificWriteSideEffects() { any() }
+
+  predicate hasSpecificWriteSideEffect(ParameterIndex i, boolean buffer, boolean mustWrite) {
+    i = 0 and
+    buffer = true and
+    mustWrite = false
+  }
+
+  predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
+    (i = 0 or i = 1) and
+    buffer = true
+  }
 }

cpp/ql/src/semmle/code/cpp/models/implementations/Strcpy.qll

@@ -1,11 +1,12 @@
 import semmle.code.cpp.models.interfaces.ArrayFunction
 import semmle.code.cpp.models.interfaces.DataFlow
 import semmle.code.cpp.models.interfaces.Taint
+import semmle.code.cpp.models.interfaces.SideEffect
 
 /**
  * The standard function `strcpy` and its wide, sized, and Microsoft variants.
  */
-class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction {
+class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, SideEffectFunction {
   StrcpyFunction() {
     this.hasName("strcpy") or
     this.hasName("_mbscpy") or
@@ -74,4 +75,23 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction {
       output.isReturnValueDeref()
     )
   }
+
+  override predicate hasOnlySpecificReadSideEffects() { any() }
+
+  override predicate hasOnlySpecificWriteSideEffects() { any() }
+
+  predicate hasSpecificWriteSideEffect(ParameterIndex i, boolean buffer, boolean mustWrite) {
+    i = 0 and
+    buffer = true and
+    mustWrite = true
+  }
+
+  predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
+    i = 1 and
+    buffer = true
+  }
+
+  ParameterIndex getParameterSizeIndex(ParameterIndex i) {
+  	hasArrayWithVariableSize(i, result)
+  }
 }

cpp/ql/test/library-tests/ir/ir/raw_ir.expected

@@ -6259,23 +6259,18 @@ ir.cpp:
 # 1230|     r1230_5(char *)            = Load                          : &:r1230_4, ~mu1227_4
 # 1230|     r1230_6(char *)            = Convert                       : r1230_5
 # 1230|     r1230_7(char *)            = Call                          : func:r1230_1, 0:r1230_3, 1:r1230_6
-# 1230|     mu1230_8(unknown)          = ^CallSideEffect               : ~mu1227_4
-# 1230|     v1230_9(void)              = ^BufferReadSideEffect[0]      : &:r1230_3, ~mu1227_4
-# 1230|     v1230_10(void)             = ^BufferReadSideEffect[1]      : &:r1230_6, ~mu1227_4
-# 1230|     mu1230_11(unknown)         = ^BufferMayWriteSideEffect[0]  : &:r1230_3
-# 1230|     mu1230_12(unknown)         = ^BufferMayWriteSideEffect[1]  : &:r1230_6
+# 1230|     v1230_8(void)              = ^BufferReadSideEffect[1]      : &:r1230_6, ~mu1227_4
+# 1230|     mu1230_9(unknown)          = ^BufferMustWriteSideEffect[0] : &:r1230_3
 # 1231|     r1231_1(glval<unknown>)    = FunctionAddress[strcat]       : 
 # 1231|     r1231_2(glval<char[1024]>) = VariableAddress[buffer]       : 
 # 1231|     r1231_3(char *)            = Convert                       : r1231_2
 # 1231|     r1231_4(glval<char *>)     = VariableAddress[s2]           : 
 # 1231|     r1231_5(char *)            = Load                          : &:r1231_4, ~mu1227_4
 # 1231|     r1231_6(char *)            = Convert                       : r1231_5
 # 1231|     r1231_7(char *)            = Call                          : func:r1231_1, 0:r1231_3, 1:r1231_6
-# 1231|     mu1231_8(unknown)          = ^CallSideEffect               : ~mu1227_4
-# 1231|     v1231_9(void)              = ^BufferReadSideEffect[0]      : &:r1231_3, ~mu1227_4
-# 1231|     v1231_10(void)             = ^BufferReadSideEffect[1]      : &:r1231_6, ~mu1227_4
-# 1231|     mu1231_11(unknown)         = ^BufferMayWriteSideEffect[0]  : &:r1231_3
-# 1231|     mu1231_12(unknown)         = ^BufferMayWriteSideEffect[1]  : &:r1231_6
+# 1231|     v1231_8(void)              = ^BufferReadSideEffect[0]      : &:r1231_3, ~mu1227_4
+# 1231|     v1231_9(void)              = ^BufferReadSideEffect[1]      : &:r1231_6, ~mu1227_4
+# 1231|     mu1231_10(unknown)         = ^BufferMayWriteSideEffect[0]  : &:r1231_3
 # 1232|     v1232_1(void)              = NoOp                          : 
 # 1227|     v1227_13(void)             = ReturnIndirection             : &:r1227_7, ~mu1227_4
 # 1227|     v1227_14(void)             = ReturnIndirection             : &:r1227_11, ~mu1227_4