wip

hvitved · hvitved · commit 88eed59e2bae · 2024-11-18T15:50:55.000+01:00
diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/CfgNodes.qll b/rust/ql/lib/codeql/rust/controlflow/internal/CfgNodes.qll
@@ -72,29 +72,64 @@ class FormatArgsExprChildMapping extends ParentAstNode, CfgImpl::ExprTrees::Form
 }
 
 private class ChildMappingImpl extends ChildMapping {
-  pragma[nomagic]
-  predicate reachesBasicBlock(AstNode parent, AstNode child, CfgNode cfn, BasicBlock bb) {
+  private CfgNode getRelevantChildDesug(AstNode parent, AstNode child) {
     this.relevantChild(parent, child) and
-    cfn.getAstNode() = parent and
-    bb.getANode() = cfn
+    result = CfgNodesInput::getDesugared(child).getACfgNode()
+  }
+
+  pragma[nomagic]
+  predicate reachesBasicBlock1(AstNode parent, AstNode child, CfgNode cfnChild, BasicBlock bb) {
+    cfnChild = this.getRelevantChildDesug(parent, child) and
+    bb.getANode() = cfnChild
+    or
+    exists(BasicBlock bb0 |
+      cfnChild = this.getRelevantChildDesug(parent, child) and
+      bb0.getANode() = cfnChild and
+      not bb0.getANode().getAstNode() = parent and
+      if isPostOrder(parent) then bb = bb0.getASuccessor() else bb = bb0.getAPredecessor()
+    )
     or
     if isPostOrder(parent)
     then
       exists(BasicBlock mid |
-        this.reachesBasicBlock(parent, child, cfn, mid) and
-        bb = mid.getAPredecessor() and
-        not mid.getANode().getAstNode() = child
+        this.reachesBasicBlock1(parent, child, cfnChild, mid) and
+        bb = mid.getASuccessor() and
+        not mid.getANode().getAstNode() = parent and
+        not mid.getANode() = this.getRelevantChildDesug(parent, _)
       )
     else
       exists(BasicBlock mid |
-        this.reachesBasicBlock(parent, child, cfn, mid) and
-        bb = mid.getASuccessor() and
-        not mid.getANode().getAstNode() = child
+        this.reachesBasicBlock1(parent, child, cfnChild, mid) and
+        bb = mid.getAPredecessor() and
+        not mid.getANode().getAstNode() = parent and
+        not mid.getANode() = this.getRelevantChildDesug(parent, _)
+      )
+  }
+
+  pragma[nomagic]
+  predicate reachesBasicBlock2(AstNode parent, CfgNode cfnParent, AstNode child, CfgNode cfnChild) {
+    exists(BasicBlock bb |
+      this.reachesBasicBlock1(parent, child, cfnChild, bb) and
+      cfnParent.getAstNode() = parent
+    |
+      cfnParent = bb.getANode()
+      or
+      if isPostOrder(parent)
+      then cfnParent = bb.getASuccessor().getANode()
+      else cfnParent = bb.getAPredecessor().getANode()
+    )
+    or
+    exists(AstNode otherChild, CfgNode cfnOtherChild |
+      // cfnOtherChild = this.getRelevantChildDesug(parent, otherChild) and
+      this.reachesBasicBlock2(parent, cfnParent, otherChild, cfnOtherChild) and
+      exists(BasicBlock bb |
+        this.reachesBasicBlock1(parent, child, cfnChild, bb) and
+        bb.getANode() = cfnOtherChild
       )
+    )
   }
 
   override predicate hasCfgChild(AstNode parent, AstNode child, AstCfgNode cfn, AstCfgNode cfnChild) {
-    this.reachesBasicBlock(parent, child, cfn, cfnChild.getBasicBlock()) and
-    cfnChild.getAstNode() = CfgNodesInput::getDesugared(child)
+    this.reachesBasicBlock2(parent, cfn, child, cfnChild)
   }
 }
