Python: Fix bug in multi_assignment_points_to.

This turned out to be a fairly simple but easy to make bug. When we want to
figure out the value pointed-to in a multi-assignment, we look at the left hand
side to see what value from the right hand side we should assign. Unfortunately,
we accidentally attempted to look up this information in the _left hand side_ of
the assignment, resulting in no points-to information at all. The only thing
needed to fix this was to properly link up the left and right hand sides: using
the left hand side to figure out what index to look at, and then looking up the
points-to information for the corresponding place in the right hand side.

Author: tausbn

python/ql/src/semmle/python/pointsto/PointsTo.qll

@@ -508,8 +508,9 @@ cached module PointsToInternal {
 
     pragma [noinline]
     private predicate multi_assignment_points_to(MultiAssignmentDefinition def, PointsToContext context, ObjectInternal value, ControlFlowNode origin) {
-        exists(int index, ControlFlowNode rhs, SequenceObjectInternal sequence |
-            def.indexOf(index, rhs) and
+        exists(int index, ControlFlowNode lhs, ControlFlowNode rhs, SequenceObjectInternal sequence |
+            def.indexOf(index, lhs) and
+            lhs.(DefinitionNode).getValue() = rhs and
             sequence_index_points_to(rhs, context, sequence, value, index) and
             origin = def.getDefiningNode()
         )

python/ql/test/library-tests/PointsTo/new/PointsToUnknown.expected

@@ -8,6 +8,9 @@
 | a_simple.py:40 | ControlFlowNode for a | 38 |
 | a_simple.py:40 | ControlFlowNode for b | 38 |
 | a_simple.py:40 | ControlFlowNode for c | 38 |
+| a_simple.py:46 | ControlFlowNode for x | 42 |
+| a_simple.py:47 | ControlFlowNode for y | 42 |
+| a_simple.py:48 | ControlFlowNode for z | 42 |
 | a_simple.py:49 | ControlFlowNode for a | 38 |
 | a_simple.py:49 | ControlFlowNode for b | 38 |
 | a_simple.py:49 | ControlFlowNode for c | 38 |

python/ql/test/library-tests/PointsTo/new/PointsToWithContext.expected

@@ -56,6 +56,11 @@ WARNING: Predicate points_to has been deprecated and may be removed in future (P
 | a_simple.py:41 | ControlFlowNode for t | Tuple | builtin-class tuple | 39 | runtime |
 | a_simple.py:42 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 40 | runtime |
 | a_simple.py:42 | ControlFlowNode for w | Tuple | builtin-class tuple | 40 | runtime |
+| a_simple.py:43 | ControlFlowNode for p | int 1 | builtin-class int | 41 | runtime |
+| a_simple.py:44 | ControlFlowNode for q | int 2 | builtin-class int | 41 | runtime |
+| a_simple.py:45 | ControlFlowNode for r | int 3 | builtin-class int | 41 | runtime |
+| a_simple.py:47 | ControlFlowNode for y | 'b' | builtin-class str | 42 | runtime |
+| a_simple.py:48 | ControlFlowNode for z | 'c' | builtin-class str | 42 | runtime |
 | a_simple.py:49 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 49 | runtime |
 | a_simple.py:49 | ControlFlowNode for b | 'b' | builtin-class str | 38 | runtime |
 | a_simple.py:49 | ControlFlowNode for c | 'c' | builtin-class str | 38 | runtime |

python/ql/test/library-tests/PointsTo/new/PointsToWithType.expected

@@ -56,6 +56,11 @@ WARNING: Predicate points_to has been deprecated and may be removed in future (P
 | a_simple.py:41 | ControlFlowNode for t | Tuple | builtin-class tuple | 39 |
 | a_simple.py:42 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 40 |
 | a_simple.py:42 | ControlFlowNode for w | Tuple | builtin-class tuple | 40 |
+| a_simple.py:43 | ControlFlowNode for p | int 1 | builtin-class int | 41 |
+| a_simple.py:44 | ControlFlowNode for q | int 2 | builtin-class int | 41 |
+| a_simple.py:45 | ControlFlowNode for r | int 3 | builtin-class int | 41 |
+| a_simple.py:47 | ControlFlowNode for y | 'b' | builtin-class str | 42 |
+| a_simple.py:48 | ControlFlowNode for z | 'c' | builtin-class str | 42 |
 | a_simple.py:49 | ControlFlowNode for Tuple | Tuple | builtin-class tuple | 49 |
 | a_simple.py:49 | ControlFlowNode for b | 'b' | builtin-class str | 38 |
 | a_simple.py:49 | ControlFlowNode for c | 'c' | builtin-class str | 38 |

python/ql/test/library-tests/PointsTo/new/SSA.expected

@@ -31,6 +31,11 @@ WARNING: Predicate ssa_variable_points_to has been deprecated and may be removed
 | a_simple.py:38 | multi_assign_and_packing_0 = FunctionExpr | Function multi_assign_and_packing | builtin-class function |
 | a_simple.py:39 | t_0 = Tuple | Tuple | builtin-class tuple |
 | a_simple.py:40 | w_0 = Tuple | Tuple | builtin-class tuple |
+| a_simple.py:41 | p_0 = t[0] | int 1 | builtin-class int |
+| a_simple.py:41 | q_0 = t[1] | int 2 | builtin-class int |
+| a_simple.py:41 | r_0 = t[2] | int 3 | builtin-class int |
+| a_simple.py:42 | y_0 = w[1] | 'b' | builtin-class str |
+| a_simple.py:42 | z_0 = w[2] | 'c' | builtin-class str |
 | a_simple.py:49 | h_0 = b | 'b' | builtin-class str |
 | a_simple.py:49 | i_0 = c | 'c' | builtin-class str |
 | b_condition.py:0 | __name___0 = ScopeEntryDefinition | 'code.b_condition' | builtin-class str |

python/ql/test/library-tests/PointsTo/new/Values.expected

@@ -41,6 +41,11 @@
 | a_simple.py:42 | ControlFlowNode for w | runtime | (Unknown value, 'b', Unknown value, ) | builtin-class tuple |
 | a_simple.py:42 | ControlFlowNode for w | runtime | (Unknown value, Unknown value, 'c', ) | builtin-class tuple |
 | a_simple.py:42 | ControlFlowNode for w | runtime | (Unknown value, Unknown value, Unknown value, ) | builtin-class tuple |
+| a_simple.py:43 | ControlFlowNode for p | runtime | int 1 | builtin-class int |
+| a_simple.py:44 | ControlFlowNode for q | runtime | int 2 | builtin-class int |
+| a_simple.py:45 | ControlFlowNode for r | runtime | int 3 | builtin-class int |
+| a_simple.py:47 | ControlFlowNode for y | runtime | 'b' | builtin-class str |
+| a_simple.py:48 | ControlFlowNode for z | runtime | 'c' | builtin-class str |
 | a_simple.py:49 | ControlFlowNode for Tuple | runtime | (Unknown value, 'b', 'c', ) | builtin-class tuple |
 | a_simple.py:49 | ControlFlowNode for Tuple | runtime | (Unknown value, 'b', Unknown value, ) | builtin-class tuple |
 | a_simple.py:49 | ControlFlowNode for Tuple | runtime | (Unknown value, Unknown value, 'c', ) | builtin-class tuple |