Binary: Add a few helper member predicates.

MathiasVP · MathiasVP · commit 104465f668e0 · 2025-12-08T12:55:26.000Z
diff --git a/binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/Instruction.qll b/binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/Instruction.qll
@@ -166,6 +166,8 @@ class CallInstruction extends Instruction {
 
   Function getStaticTarget() { result = TMkFunction(te.getStaticCallTarget(tag)) }
 
+  CallTargetOperand getTargetOperand() { result = this.getAnOperand() }
+
   override string getImmediateValue() { result = this.getStaticTarget().getName() }
 }
 
diff --git a/binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/Operand.qll b/binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/Operand.qll
@@ -71,3 +71,7 @@ class ConditionJumpTargetOperand extends Operand {
 class JumpTargetOperand extends Operand {
   override JumpTargetTag operandTag;
 }
+
+class CallTargetOperand extends Operand {
+  override CallTargetTag operandTag;
+}
diff --git a/binary/ql/lib/semmle/code/binary/ast/ir/internal/InstructionSig.qll b/binary/ql/lib/semmle/code/binary/ast/ir/internal/InstructionSig.qll
@@ -28,6 +28,8 @@ signature module InstructionSig {
     Function getEnclosingFunction();
 
     OperandTag getOperandTag();
+
+    Location getLocation();
   }
 
   class StoreValueOperand extends Operand;
@@ -48,6 +50,8 @@ signature module InstructionSig {
 
   class RightOperand extends Operand;
 
+  class CallTargetOperand extends Operand;
+
   class InstructionTag {
     string toString();
   }
@@ -160,6 +164,8 @@ signature module InstructionSig {
     BasicBlock getBasicBlock();
 
     InstructionTag getInstructionTag();
+
+    Operand getFirstOperand();
   }
 
   class RetInstruction extends Instruction;
@@ -221,6 +227,12 @@ signature module InstructionSig {
   }
 
   class CallInstruction extends Instruction {
+    CallTargetOperand getTargetOperand();
+
+    /**
+     * Gets the static target of this function call, if it is known (and the
+     * function exists in the database).
+     */
     Function getStaticTarget();
   }
 
@@ -248,5 +260,7 @@ signature module InstructionSig {
     Function getEnclosingFunction();
 
     Location getLocation();
+
+    string toString();
   }
 }
diff --git a/binary/ql/lib/semmle/code/binary/ast/ir/internal/TransformInstruction/TransformInstruction.qll b/binary/ql/lib/semmle/code/binary/ast/ir/internal/TransformInstruction/TransformInstruction.qll
@@ -659,6 +659,8 @@ module Transform<InstructionSig Input> {
         )
       }
 
+      CallTargetOperand getTargetOperand() { result = this.getAnOperand() }
+
       override string getImmediateValue() { result = this.getStaticTarget().getName() }
     }
 
@@ -974,6 +976,10 @@ module Transform<InstructionSig Input> {
       LeftOperand() { this.getOperandTag() instanceof LeftTag }
     }
 
+    class CallTargetOperand extends Operand {
+      CallTargetOperand() { this.getOperandTag() instanceof CallTargetTag }
+    }
+
     class RightOperand extends Operand {
       RightOperand() { this.getOperandTag() instanceof RightTag }
     }

Original file line number	Diff line number	Diff line change
`@@ -166,6 +166,8 @@ class CallInstruction extends Instruction {`
`166`	`166`
`167`	`167`	`Function getStaticTarget() { result = TMkFunction(te.getStaticCallTarget(tag)) }`
`168`	`168`
	`169`	`+ CallTargetOperand getTargetOperand() { result = this.getAnOperand() }`
	`170`	`+`
`169`	`171`	`override string getImmediateValue() { result = this.getStaticTarget().getName() }`
`170`	`172`	`}`
`171`	`173`
Original file line number	Diff line number	Diff line change
`@@ -71,3 +71,7 @@ class ConditionJumpTargetOperand extends Operand {`
`71`	`71`	`class JumpTargetOperand extends Operand {`
`72`	`72`	`override JumpTargetTag operandTag;`
`73`	`73`	`}`
	`74`	`+`
	`75`	`+class CallTargetOperand extends Operand {`
	`76`	`+ override CallTargetTag operandTag;`
	`77`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,8 @@ signature module InstructionSig {`
`28`	`28`	`Function getEnclosingFunction();`
`29`	`29`
`30`	`30`	`OperandTag getOperandTag();`
	`31`	`+`
	`32`	`+ Location getLocation();`
`31`	`33`	`}`
`32`	`34`
`33`	`35`	`class StoreValueOperand extends Operand;`
`@@ -48,6 +50,8 @@ signature module InstructionSig {`
`48`	`50`
`49`	`51`	`class RightOperand extends Operand;`
`50`	`52`
	`53`	`+ class CallTargetOperand extends Operand;`
	`54`	`+`
`51`	`55`	`class InstructionTag {`
`52`	`56`	`string toString();`
`53`	`57`	`}`
`@@ -160,6 +164,8 @@ signature module InstructionSig {`
`160`	`164`	`BasicBlock getBasicBlock();`
`161`	`165`
`162`	`166`	`InstructionTag getInstructionTag();`
	`167`	`+`
	`168`	`+ Operand getFirstOperand();`
`163`	`169`	`}`
`164`	`170`
`165`	`171`	`class RetInstruction extends Instruction;`
`@@ -221,6 +227,12 @@ signature module InstructionSig {`
`221`	`227`	`}`
`222`	`228`
`223`	`229`	`class CallInstruction extends Instruction {`
	`230`	`+ CallTargetOperand getTargetOperand();`
	`231`	`+`
	`232`	`+ /**`
	`233`	`+ * Gets the static target of this function call, if it is known (and the`
	`234`	`+ * function exists in the database).`
	`235`	`+ */`
`224`	`236`	`Function getStaticTarget();`
`225`	`237`	`}`
`226`	`238`
`@@ -248,5 +260,7 @@ signature module InstructionSig {`
`248`	`260`	`Function getEnclosingFunction();`
`249`	`261`
`250`	`262`	`Location getLocation();`
	`263`	`+`
	`264`	`+ string toString();`
`251`	`265`	`}`
`252`	`266`	`}`
Original file line number	Diff line number	Diff line change
`@@ -659,6 +659,8 @@ module Transform<InstructionSig Input> {`
`659`	`659`	`)`
`660`	`660`	`}`
`661`	`661`
	`662`	`+ CallTargetOperand getTargetOperand() { result = this.getAnOperand() }`
	`663`	`+`
`662`	`664`	`override string getImmediateValue() { result = this.getStaticTarget().getName() }`
`663`	`665`	`}`
`664`	`666`
`@@ -974,6 +976,10 @@ module Transform<InstructionSig Input> {`
`974`	`976`	`LeftOperand() { this.getOperandTag() instanceof LeftTag }`
`975`	`977`	`}`
`976`	`978`
	`979`	`+ class CallTargetOperand extends Operand {`
	`980`	`+ CallTargetOperand() { this.getOperandTag() instanceof CallTargetTag }`
	`981`	`+ }`
	`982`	`+`
`977`	`983`	`class RightOperand extends Operand {`
`978`	`984`	`RightOperand() { this.getOperandTag() instanceof RightTag }`
`979`	`985`	`}`