Binary: Translate 'CilLdfld' to IR.

Author: MathiasVP

binary/ql/lib/semmle/code/binary/ast/internal/CilInstructions.qll

@@ -624,19 +624,38 @@ class CilUnbox extends @il_unbox, CilInstruction { }
 class CilThrow extends @il_throw, CilInstruction { }
 
 /** An instruction that loads a field value. */
-abstract class CilLoadFieldInstruction extends CilInstruction { }
+abstract class CilLoadFieldInstruction extends CilInstruction {
+  CilField getField() {
+    exists(string declaringTypeName, string fieldName |
+      il_field_operand(this, declaringTypeName, fieldName) and
+      fieldHasDeclaringTypeNameAndName(declaringTypeName, fieldName, result)
+    )
+  }
+
+  predicate isStatic() { none() }
+
+  predicate onlyComputesAddress() { none() }
+}
 
 /** An instruction that loads an instance field value. */
 class CilLdfld extends @il_ldfld, CilLoadFieldInstruction { }
 
 /** An instruction that loads the address of an instance field. */
-class CilLdflda extends @il_ldflda, CilLoadFieldInstruction { }
+class CilLdflda extends @il_ldflda, CilLoadFieldInstruction {
+  final override predicate onlyComputesAddress() { any() }
+}
 
 /** An instruction that loads a static field value. */
-class CilLdsfld extends @il_ldsfld, CilLoadFieldInstruction { }
+class CilLdsfld extends @il_ldsfld, CilLoadFieldInstruction {
+  final override predicate isStatic() { any() }
+}
 
 /** An instruction that loads the address of a static field. */
-class CilLdsflda extends @il_ldsflda, CilLoadFieldInstruction { }
+class CilLdsflda extends @il_ldsflda, CilLoadFieldInstruction {
+  final override predicate isStatic() { any() }
+
+  final override predicate onlyComputesAddress() { any() }
+}
 
 pragma[nomagic]
 private predicate fieldHasDeclaringTypeNameAndName(

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/InstructionTag.qll

@@ -58,7 +58,9 @@ newtype TInstructionTag =
   CilNewObjCallTag() or
   CilNewObjExternalRefTag() or
   CilStoreFieldAddressTag() or
-  CilStoreFieldStoreTag()
+  CilStoreFieldStoreTag() or
+  CilLoadFieldAddressTag() or
+  CilLoadFieldLoadTag()
 
 class InstructionTag extends TInstructionTag {
   final string toString() {
@@ -216,6 +218,12 @@ class InstructionTag extends TInstructionTag {
     or
     this = CilStoreFieldStoreTag() and
     result = "CilStoreFieldStore"
+    or
+    this = CilLoadFieldAddressTag() and
+    result = "CilLoadFieldAddress"
+    or
+    this = CilLoadFieldLoadTag() and
+    result = "CilLoadFieldLoad"
   }
 }
 

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TempVariableTag.qll

@@ -33,7 +33,9 @@ newtype TTempVariableTag =
   CilNewObjInitVarTag() or
   CilNewObjCallExternalVarTag() or
   CilDupVarTag() or
-  CilStoreFieldAddressVarTag()
+  CilStoreFieldAddressVarTag() or
+  CilLoadFieldAddressVarTag() or
+  CilLoadFieldLoadVarTag()
 
 class TempVariableTag extends TTempVariableTag {
   string toString() {
@@ -141,5 +143,11 @@ class TempVariableTag extends TTempVariableTag {
     or
     this = CilStoreFieldAddressVarTag() and
     result = "stfldaddr"
+    or
+    this = CilLoadFieldAddressVarTag() and
+    result = "ldfldaddr"
+    or
+    this = CilLoadFieldLoadVarTag() and
+    result = "ldfld"
   }
 }

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TranslatedElement.qll

@@ -135,7 +135,8 @@ newtype TTranslatedElement =
   TTranslatedCilType(Raw::CilType type) { shouldTranslatedCilType(type) } or
   TTranslatedNewObject(Raw::CilNewobj newObj) { shouldTranslateCilInstr(newObj) } or
   TTranslatedDup(Raw::CilDup dup) { shouldTranslateCilInstr(dup) } or
-  TTranslatedCilStoreField(Raw::CilStfld store) { shouldTranslateCilInstr(store) }
+  TTranslatedCilStoreField(Raw::CilStfld store) { shouldTranslateCilInstr(store) } or
+  TTranslatedCilLoadField(Raw::CilLdfld load) { shouldTranslateCilInstr(load) }
 
 TranslatedElement getTranslatedElement(Raw::Element raw) {
   result.getRawElement() = raw and

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TranslatedInstruction.qll

@@ -2616,3 +2616,66 @@ class TranslatedCilStoreField extends TranslatedCilInstruction, TTranslatedCilSt
     result = getTranslatedCilInstruction(instr.getABackwardPredecessor()).getStackElement(i + 2)
   }
 }
+
+class TranslatedCilLoadField extends TranslatedCilInstruction, TTranslatedCilLoadField {
+  override Raw::CilLdfld instr;
+
+  TranslatedCilLoadField() { this = TTranslatedCilLoadField(instr) }
+
+  final override predicate hasInstruction(
+    Opcode opcode, InstructionTag tag, Option<Variable>::Option v
+  ) {
+    opcode instanceof Opcode::FieldAddress and
+    tag = CilLoadFieldAddressTag() and
+    v.asSome() = this.getTempVariable(CilLoadFieldAddressVarTag())
+    or
+    opcode instanceof Opcode::Load and
+    tag = CilLoadFieldLoadTag() and
+    v.asSome() = this.getTempVariable(CilLoadFieldLoadVarTag())
+  }
+
+  override predicate hasTempVariable(TempVariableTag tag) {
+    tag = CilLoadFieldAddressVarTag() or tag = CilLoadFieldLoadVarTag()
+  }
+
+  override predicate producesResult() { any() }
+
+  override Variable getVariableOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = CilLoadFieldAddressTag() and
+    operandTag instanceof UnaryTag and
+    result = getTranslatedCilInstruction(instr.getABackwardPredecessor()).getStackElement(0)
+    or
+    tag = CilLoadFieldLoadTag() and
+    operandTag instanceof LoadAddressTag and
+    result = this.getInstruction(CilLoadFieldAddressTag()).getResultVariable()
+  }
+
+  final override string getFieldName(InstructionTag tag) {
+    tag = CilLoadFieldAddressTag() and
+    result = instr.getField().getName()
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child, SuccessorType succType) { none() }
+
+  override Instruction getSuccessor(InstructionTag tag, SuccessorType succType) {
+    tag = CilLoadFieldAddressTag() and
+    succType instanceof DirectSuccessor and
+    result = this.getInstruction(CilLoadFieldLoadTag())
+    or
+    tag = CilLoadFieldLoadTag() and
+    succType instanceof DirectSuccessor and
+    result = getTranslatedInstruction(instr.getASuccessor()).getEntry()
+  }
+
+  override Instruction getEntry() { result = this.getInstruction(CilLoadFieldAddressTag()) }
+
+  override Variable getResultVariable() { result = this.getTempVariable(CilLoadFieldLoadVarTag()) }
+
+  final override Variable getStackElement(int i) {
+    i = 0 and
+    result = this.getInstruction(CilLoadFieldLoadTag()).getResultVariable()
+    or
+    i > 0 and
+    result = getTranslatedCilInstruction(instr.getABackwardPredecessor()).getStackElement(i)
+  }
+}

binary/test-inputs/TestAssembly/SimpleClass.cs

@@ -182,4 +182,22 @@ public string SwitchTest(int value)
             }
         }
     }
+
+    public class WriteToField
+    {
+        public int value;
+        public WriteToField(int x)
+        {
+            value = x;
+        }
+    }
+
+    public class B
+    {
+        public static int LoadFromField()
+        {
+            WriteToField a = new WriteToField(5);
+            return a.value;
+        }
+    }
 }