Binary: Add a FieldAddress instruction to the IR.

Author: MathiasVP

binary/ql/lib/semmle/code/binary/ast/ir/IR.qll

@@ -321,6 +321,12 @@ private module FinalInstruction {
     }
   }
 
+  class FieldAddressInstruction extends Instruction instanceof Instruction::FieldAddressInstruction {
+    UnaryOperand getBaseOperand() { result = super.getBaseOperand() }
+
+    string getFieldName() { result = super.getFieldName() }
+  }
+
   class SubInstruction extends BinaryInstruction instanceof Instruction::SubInstruction { }
 
   class AddInstruction extends BinaryInstruction instanceof Instruction::AddInstruction { }

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/Instruction.qll

@@ -179,6 +179,16 @@ class ExternalRefInstruction extends Instruction {
   final override string getImmediateValue() { result = this.getExternalName() }
 }
 
+class FieldAddressInstruction extends Instruction {
+  override Opcode::FieldAddress opcode;
+
+  UnaryOperand getBaseOperand() { result = this.getAnOperand() }
+
+  string getFieldName() { result = te.getFieldName(tag) }
+
+  final override string getImmediateValue() { result = this.getFieldName() }
+}
+
 class FunEntryInstruction extends Instruction {
   override Opcode::FunEntry opcode;
 }

binary/ql/lib/semmle/code/binary/ast/ir/internal/InstructionSig.qll

@@ -4,7 +4,6 @@ private import codeql.controlflow.SuccessorType
 private import semmle.code.binary.ast.Location
 
 signature module InstructionSig {
-
   class Type {
     Function getAFunction();
 
@@ -267,6 +266,12 @@ signature module InstructionSig {
     string getStringValue();
   }
 
+  class FieldAddressInstruction extends Instruction {
+    UnaryOperand getBaseOperand();
+
+    string getFieldName();
+  }
+
   class ControlFlowNode {
     Instruction asInstruction();
 

binary/ql/lib/semmle/code/binary/ast/ir/internal/Opcode.qll

@@ -24,6 +24,7 @@ private newtype TOpcode =
   TNop() or
   TNot() or
   TInit() or
+  TFieldAddress() or
   // TODO: Ideally, this should either be removed when we handle unresolved CIL calls better.
   TExternalRef() or
   TFunEntry()
@@ -144,6 +145,10 @@ class Init extends Opcode, TInit {
   override string toString() { result = "Init" }
 }
 
+class FieldAddress extends Opcode, TFieldAddress {
+  override string toString() { result = "FieldAddress" }
+}
+
 newtype ConditionKind =
   EQ() or
   NE() or

binary/ql/lib/semmle/code/binary/ast/ir/internal/TransformInstruction/TransformInstruction.qll

@@ -732,6 +732,21 @@ module Transform<InstructionSig Input> {
       }
     }
 
+    class FieldAddressInstruction extends Instruction {
+      FieldAddressInstruction() { this.getOpcode() instanceof Opcode::FieldAddress }
+
+      UnaryOperand getBaseOperand() { result = this.getAnOperand() }
+
+      string getFieldName() {
+        exists(Input::FieldAddressInstruction fieldAddr |
+          this = TOldInstruction(fieldAddr) and
+          result = fieldAddr.getFieldName()
+        )
+      }
+
+      final override string getImmediateValue() { result = this.getFieldName() }
+    }
+
     private class NewInstruction extends MkInstruction, Instruction {
       Opcode opcode;
       TranslatedElement te;