Merge pull request #1760 from ian-semmle/mangling

C++: Use mangled names to resolve classes
2026-04-28 02:05:14 +02:00 · 2019-09-06 16:38:47 +01:00
parent 486707c90e 99dd8d0c51
commit 09036a3bdf
6 changed files with 4175 additions and 214 deletions
--- a/cpp/ql/src/semmle/code/cpp/internal/ResolveClass.qll
+++ b/cpp/ql/src/semmle/code/cpp/internal/ResolveClass.qll
@@ -1,7 +1,9 @@
 import semmle.code.cpp.Type

+/** For upgraded databases without mangled name info. */
 pragma[noinline]
 private string getTopLevelClassName(@usertype c) {
+  not mangled_name(_, _) and
  isClass(c) and
  usertypes(c, result, _) and
  not namespacembrs(_, c) and // not in a namespace
@@ -9,24 +11,76 @@ private string getTopLevelClassName(@usertype c) {
  not class_instantiation(c, _) // not a template instantiation
 }

-/** Holds if `d` is a unique complete class named `name`. */
+/**
+ * For upgraded databases without mangled name info.
+ * Holds if `d` is a unique complete class named `name`.
+ */
 pragma[noinline]
 private predicate existsCompleteWithName(string name, @usertype d) {
+  not mangled_name(_, _) and
  is_complete(d) and
  name = getTopLevelClassName(d) and
  onlyOneCompleteClassExistsWithName(name)
 }

+/** For upgraded databases without mangled name info. */
 pragma[noinline]
 private predicate onlyOneCompleteClassExistsWithName(string name) {
+  not mangled_name(_, _) and
  strictcount(@usertype c | is_complete(c) and getTopLevelClassName(c) = name) = 1
 }

+/**
+ * For upgraded databases without mangled name info.
+ * Holds if `c` is an incomplete class named `name`.
+ */
+pragma[noinline]
+private predicate existsIncompleteWithName(string name, @usertype c) {
+  not mangled_name(_, _) and
+  not is_complete(c) and
+  name = getTopLevelClassName(c)
+}
+
+/**
+ * For upgraded databases without mangled name info.
+ * Holds if `c` is an incomplete class, and there exists a unique complete class `d`
+ * with the same name.
+ */
+private predicate oldHasCompleteTwin(@usertype c, @usertype d) {
+  not mangled_name(_, _) and
+  exists(string name |
+    existsIncompleteWithName(name, c) and
+    existsCompleteWithName(name, d)
+  )
+}
+
+pragma[noinline]
+private @mangledname getTopLevelClassMangledName(@usertype c) {
+  isClass(c) and
+  mangled_name(c, result) and
+  not namespacembrs(_, c) and // not in a namespace
+  not member(_, _, c) and // not in some structure
+  not class_instantiation(c, _) // not a template instantiation
+}
+
+/** Holds if `d` is a unique complete class named `name`. */
+pragma[noinline]
+private predicate existsCompleteWithMangledName(@mangledname name, @usertype d) {
+  is_complete(d) and
+  name = getTopLevelClassMangledName(d) and
+  onlyOneCompleteClassExistsWithMangledName(name)
+}
+
+pragma[noinline]
+private predicate onlyOneCompleteClassExistsWithMangledName(@mangledname name) {
+  strictcount(@usertype c | is_complete(c) and getTopLevelClassMangledName(c) = name) = 1
+}
+
 /** Holds if `c` is an incomplete class named `name`. */
 pragma[noinline]
-private predicate existsIncompleteWithName(string name, @usertype c) {
+private predicate existsIncompleteWithMangledName(@mangledname name, @usertype c) {
  not is_complete(c) and
-  name = getTopLevelClassName(c)
+  name = getTopLevelClassMangledName(c)
 }

 /**
@@ -34,9 +88,9 @@ private predicate existsIncompleteWithName(string name, @usertype c) {
 * with the same name.
 */
 private predicate hasCompleteTwin(@usertype c, @usertype d) {
-  exists(string name |
-    existsIncompleteWithName(name, c) and
-    existsCompleteWithName(name, d)
+  exists(@mangledname name |
+    existsIncompleteWithMangledName(name, c) and
+    existsCompleteWithMangledName(name, d)
  )
 }

@@ -49,7 +103,11 @@ cached private module Cached {
  cached @usertype resolveClass(@usertype c) {
    hasCompleteTwin(c, result)
    or
-    (not hasCompleteTwin(c, _) and result = c)
+    oldHasCompleteTwin(c, result)
+    or
+    (not hasCompleteTwin(c, _) and
+     not oldHasCompleteTwin(c, _) and
+     result = c)
  }

  /**
--- a/cpp/ql/src/semmlecode.cpp.dbscheme
+++ b/cpp/ql/src/semmlecode.cpp.dbscheme
@@ -705,6 +705,11 @@ usertype_uuid(
    unique string uuid: string ref
 );

+mangled_name(
+    unique int id: @declaration ref,
+    int mangled_name : @mangledname
+);
+
 is_pod_class(unique int id: @usertype ref);
 is_standard_layout_class(unique int id: @usertype ref);

--- a/cpp/ql/src/semmlecode.cpp.dbscheme.stats
+++ b/cpp/ql/src/semmlecode.cpp.dbscheme.stats
@@ -116,6 +116,10 @@
 <v>4328015</v>
 </e>
 <e>
+<k>@mangledname</k>
+<v>533074</v>
+</e>
+<e>
 <k>@type_mention</k>
 <v>1699398</v>
 </e>
@@ -200,6 +204,22 @@
 <v>1685056</v>
 </e>
 <e>
+<k>@preincrexpr</k>
+<v>63965</v>
+</e>
+<e>
+<k>@predecrexpr</k>
+<v>26590</v>
+</e>
+<e>
+<k>@assignexpr</k>
+<v>551713</v>
+</e>
+<e>
+<k>@varaccess</k>
+<v>5376523</v>
+</e>
+<e>
 <k>@literal</k>
 <v>4374193</v>
 </e>
@@ -276,14 +296,6 @@
 <v>5401</v>
 </e>
 <e>
-<k>@preincrexpr</k>
-<v>63965</v>
-</e>
-<e>
-<k>@predecrexpr</k>
-<v>26590</v>
-</e>
-<e>
 <k>@conditionalexpr</k>
 <v>154429</v>
 </e>
@@ -396,10 +408,6 @@
 <v>1</v>
 </e>
 <e>
-<k>@assignexpr</k>
-<v>551713</v>
-</e>
-<e>
 <k>@assignaddexpr</k>
 <v>68305</v>
 </e>
@@ -488,10 +496,6 @@
 <v>30</v>
 </e>
 <e>
-<k>@varaccess</k>
-<v>5376523</v>
-</e>
-<e>
 <k>@thisaccess</k>
 <v>1181367</v>
 </e>
@@ -844,6 +848,14 @@
 <v>1284491</v>
 </e>
 <e>
+<k>@stmt_return</k>
+<v>1197363</v>
+</e>
+<e>
+<k>@stmt_block</k>
+<v>1398476</v>
+</e>
+<e>
 <k>@stmt_if</k>
 <v>524558</v>
 </e>
@@ -860,14 +872,6 @@
 <v>85508</v>
 </e>
 <e>
-<k>@stmt_return</k>
-<v>1197363</v>
-</e>
-<e>
-<k>@stmt_block</k>
-<v>1398476</v>
-</e>
-<e>
 <k>@stmt_end_test_while</k>
 <v>149900</v>
 </e>
@@ -936,14 +940,6 @@
 <v>3</v>
 </e>
 <e>
-<k>@ppd_plain_include</k>
-<v>321760</v>
-</e>
-<e>
-<k>@ppd_define</k>
-<v>350005</v>
-</e>
-<e>
 <k>@ppd_if</k>
 <v>171105</v>
 </e>
@@ -968,6 +964,14 @@
 <v>329749</v>
 </e>
 <e>
+<k>@ppd_plain_include</k>
+<v>321760</v>
+</e>
+<e>
+<k>@ppd_define</k>
+<v>350005</v>
+</e>
+<e>
 <k>@ppd_undef</k>
 <v>21155</v>
 </e>
@@ -1492,7 +1496,7 @@
 </e>
 <e>
 <k>seconds</k>
-<v>12182</v>
+<v>12669</v>
 </e>
 </columnsizes>
 <dependencies>
@@ -1536,14 +1540,19 @@
 <budget>12</budget>
 <bs>
 <b>
+<a>2</a>
+<b>3</b>
+<v>24</v>
+</b>
+<b>
 <a>3</a>
 <b>4</b>
-<v>3149</v>
+<v>3027</v>
 </b>
 <b>
 <a>4</a>
 <b>5</b>
-<v>7416</v>
+<v>7513</v>
 </b>
 </bs>
 </hist>
@@ -1589,8 +1598,8 @@
 <budget>12</budget>
 <bs>
 <b>
-<a>1002</a>
-<b>1003</b>
+<a>1042</a>
+<b>1043</b>
 <v>12</v>
 </b>
 </bs>
@@ -1647,13 +1656,13 @@
 <v>12</v>
 </b>
 <b>
-<a>547</a>
-<b>548</b>
+<a>563</a>
+<b>564</b>
 <v>12</v>
 </b>
 <b>
-<a>577</a>
-<b>578</b>
+<a>620</a>
+<b>621</b>
 <v>12</v>
 </b>
 </bs>
@@ -1670,28 +1679,23 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>7684</v>
+<v>8036</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>2662</v>
+<v>2711</v>
 </b>
 <b>
 <a>3</a>
 <b>4</b>
-<v>814</v>
+<v>996</v>
 </b>
 <b>
 <a>4</a>
-<b>14</b>
+<b>597</b>
 <v>924</v>
 </b>
-<b>
-<a>14</a>
-<b>616</b>
-<v>97</v>
-</b>
 </bs>
 </hist>
 </val>
@@ -1706,7 +1710,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>12182</v>
+<v>12669</v>
 </b>
 </bs>
 </hist>
@@ -1722,17 +1726,17 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>10517</v>
+<v>10796</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>1653</v>
+<v>1835</v>
 </b>
 <b>
 <a>3</a>
 <b>4</b>
-<v>12</v>
+<v>36</v>
 </b>
 </bs>
 </hist>
@@ -2111,11 +2115,11 @@
 </e>
 <e>
 <k>cpu_seconds</k>
-<v>8437</v>
+<v>8450</v>
 </e>
 <e>
 <k>elapsed_seconds</k>
-<v>170</v>
+<v>182</v>
 </e>
 </columnsizes>
 <dependencies>
@@ -2161,17 +2165,17 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>7112</v>
+<v>7064</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>911</v>
+<v>984</v>
 </b>
 <b>
 <a>3</a>
 <b>9</b>
-<v>413</v>
+<v>401</v>
 </b>
 </bs>
 </hist>
@@ -2192,7 +2196,7 @@
 <b>
 <a>2</a>
 <b>3</b>
-<v>486</v>
+<v>498</v>
 </b>
 </bs>
 </hist>
@@ -2208,7 +2212,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>24</v>
+<v>36</v>
 </b>
 <b>
 <a>2</a>
@@ -2216,38 +2220,48 @@
 <v>24</v>
 </b>
 <b>
-<a>3</a>
-<b>4</b>
+<a>4</a>
+<b>5</b>
 <v>12</v>
 </b>
 <b>
-<a>9</a>
-<b>10</b>
+<a>10</a>
+<b>11</b>
 <v>12</v>
 </b>
 <b>
-<a>11</a>
-<b>12</b>
+<a>12</a>
+<b>13</b>
 <v>12</v>
 </b>
 <b>
-<a>21</a>
-<b>22</b>
-<v>24</v>
-</b>
-<b>
-<a>45</a>
-<b>46</b>
+<a>18</a>
+<b>19</b>
 <v>12</v>
 </b>
 <b>
-<a>129</a>
-<b>130</b>
+<a>23</a>
+<b>24</b>
 <v>12</v>
 </b>
 <b>
-<a>133</a>
-<b>134</b>
+<a>57</a>
+<b>58</b>
+<v>12</v>
+</b>
+<b>
+<a>127</a>
+<b>128</b>
+<v>12</v>
+</b>
+<b>
+<a>131</a>
+<b>132</b>
+<v>12</v>
+</b>
+<b>
+<a>237</a>
+<b>238</b>
 <v>12</v>
 </b>
 <b>
@@ -2255,11 +2269,6 @@
 <b>246</b>
 <v>12</v>
 </b>
-<b>
-<a>248</a>
-<b>249</b>
-<v>12</v>
-</b>
 </bs>
 </hist>
 </val>
@@ -2274,7 +2283,7 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>24</v>
+<v>36</v>
 </b>
 <b>
 <a>2</a>
@@ -2282,48 +2291,53 @@
 <v>24</v>
 </b>
 <b>
-<a>3</a>
-<b>4</b>
+<a>4</a>
+<b>5</b>
 <v>12</v>
 </b>
 <b>
-<a>9</a>
-<b>10</b>
+<a>10</a>
+<b>11</b>
 <v>12</v>
 </b>
 <b>
-<a>11</a>
-<b>12</b>
+<a>12</a>
+<b>13</b>
 <v>12</v>
 </b>
 <b>
-<a>21</a>
-<b>22</b>
-<v>24</v>
-</b>
-<b>
-<a>45</a>
-<b>46</b>
+<a>17</a>
+<b>18</b>
 <v>12</v>
 </b>
 <b>
-<a>107</a>
-<b>108</b>
+<a>23</a>
+<b>24</b>
 <v>12</v>
 </b>
 <b>
-<a>119</a>
-<b>120</b>
+<a>54</a>
+<b>55</b>
 <v>12</v>
 </b>
 <b>
-<a>177</a>
-<b>178</b>
+<a>105</a>
+<b>106</b>
 <v>12</v>
 </b>
 <b>
-<a>215</a>
-<b>216</b>
+<a>114</a>
+<b>115</b>
+<v>12</v>
+</b>
+<b>
+<a>168</a>
+<b>169</b>
+<v>12</v>
+</b>
+<b>
+<a>222</a>
+<b>223</b>
 <v>12</v>
 </b>
 </bs>
@@ -23516,6 +23530,79 @@
 </dependencies>
 </relation>
 <relation>
+<name>mangled_name</name>
+<cardinality>4326447</cardinality>
+<columnsizes>
+<e>
+<k>id</k>
+<v>4326447</v>
+</e>
+<e>
+<k>mangled_name</k>
+<v>533074</v>
+</e>
+</columnsizes>
+<dependencies>
+<dep>
+<src>id</src>
+<trg>mangled_name</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>4326447</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+<dep>
+<src>mangled_name</src>
+<trg>id</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>326831</v>
+</b>
+<b>
+<a>2</a>
+<b>3</b>
+<v>67771</v>
+</b>
+<b>
+<a>3</a>
+<b>4</b>
+<v>35794</v>
+</b>
+<b>
+<a>4</a>
+<b>8</b>
+<v>44998</v>
+</b>
+<b>
+<a>8</a>
+<b>36</b>
+<v>40183</v>
+</b>
+<b>
+<a>36</a>
+<b>8470</b>
+<v>17495</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+</dependencies>
+</relation>
+<relation>
 <name>is_pod_class</name>
 <cardinality>1041528</cardinality>
 <columnsizes>
@@ -32123,11 +32210,11 @@
 </e>
 <e>
 <k>kind</k>
-<v>1167</v>
+<v>393</v>
 </e>
 <e>
 <k>location</k>
-<v>3937292</v>
+<v>6150603</v>
 </e>
 </columnsizes>
 <dependencies>
@@ -32171,69 +32258,69 @@
 <budget>12</budget>
 <bs>
 <b>
-<a>4</a>
-<b>18</b>
-<v>97</v>
+<a>5</a>
+<b>28</b>
+<v>30</v>
 </b>
 <b>
-<a>22</a>
-<b>48</b>
-<v>85</v>
+<a>71</a>
+<b>82</b>
+<v>30</v>
 </b>
 <b>
-<a>48</a>
-<b>91</b>
-<v>97</v>
+<a>94</a>
+<b>255</b>
+<v>30</v>
 </b>
 <b>
-<a>123</a>
-<b>295</b>
-<v>97</v>
+<a>271</a>
+<b>627</b>
+<v>30</v>
 </b>
 <b>
-<a>341</a>
-<b>541</b>
-<v>97</v>
+<a>858</a>
+<b>1879</b>
+<v>30</v>
 </b>
 <b>
-<a>541</a>
-<b>883</b>
-<v>97</v>
+<a>2191</a>
+<b>3716</b>
+<v>30</v>
 </b>
 <b>
-<a>1163</a>
-<b>2188</b>
-<v>97</v>
+<a>4305</a>
+<b>6068</b>
+<v>30</v>
 </b>
 <b>
-<a>2428</a>
-<b>3029</b>
-<v>97</v>
+<a>7004</a>
+<b>11661</b>
+<v>30</v>
 </b>
 <b>
-<a>3265</a>
-<b>4616</b>
-<v>97</v>
+<a>12107</a>
+<b>20202</b>
+<v>30</v>
 </b>
 <b>
-<a>4933</a>
-<b>6580</b>
-<v>97</v>
+<a>21965</a>
+<b>29561</b>
+<v>30</v>
 </b>
 <b>
-<a>6933</a>
-<b>20444</b>
-<v>97</v>
+<a>32830</a>
+<b>41032</b>
+<v>30</v>
 </b>
 <b>
-<a>30541</a>
-<b>198015</b>
-<v>97</v>
+<a>44670</a>
+<b>145995</b>
+<v>30</v>
 </b>
 <b>
-<a>399017</a>
-<b>399018</b>
-<v>12</v>
+<a>447805</a>
+<b>725766</b>
+<v>24</v>
 </b>
 </bs>
 </hist>
@@ -32248,63 +32335,68 @@
 <bs>
 <b>
 <a>1</a>
-<b>7</b>
-<v>97</v>
+<b>24</b>
+<v>30</v>
 </b>
 <b>
-<a>7</a>
-<b>14</b>
-<v>97</v>
+<a>27</a>
+<b>72</b>
+<v>30</v>
 </b>
 <b>
-<a>15</a>
-<b>28</b>
-<v>97</v>
+<a>77</a>
+<b>157</b>
+<v>30</v>
 </b>
 <b>
-<a>29</a>
-<b>47</b>
-<v>97</v>
+<a>171</a>
+<b>402</b>
+<v>30</v>
 </b>
 <b>
-<a>74</a>
-<b>171</b>
-<v>97</v>
+<a>422</a>
+<b>1083</b>
+<v>30</v>
 </b>
 <b>
-<a>175</a>
-<b>325</b>
-<v>97</v>
+<a>1179</a>
+<b>1862</b>
+<v>30</v>
 </b>
 <b>
-<a>371</a>
-<b>515</b>
-<v>97</v>
+<a>2201</a>
+<b>4268</b>
+<v>30</v>
 </b>
 <b>
-<a>623</a>
-<b>1087</b>
-<v>97</v>
+<a>4679</a>
+<b>6584</b>
+<v>30</v>
 </b>
 <b>
-<a>1127</a>
-<b>1577</b>
-<v>97</v>
+<a>6624</a>
+<b>11083</b>
+<v>30</v>
 </b>
 <b>
-<a>1827</a>
-<b>2138</b>
-<v>97</v>
+<a>11359</a>
+<b>12983</b>
+<v>30</v>
 </b>
 <b>
-<a>2219</a>
-<b>8862</b>
-<v>97</v>
+<a>17158</a>
+<b>28621</b>
+<v>30</v>
 </b>
 <b>
-<a>9363</a>
-<b>117436</b>
-<v>97</v>
+<a>29980</a>
+<b>88945</b>
+<v>30</v>
+</b>
+<b>
+<a>128315</a>
+<b>425042</b>
+<v>24</v>
 </b>
 </bs>
 </hist>
@@ -32320,37 +32412,22 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>1896838</v>
+<v>4450587</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>762528</v>
+<v>874643</v>
 </b>
 <b>
 <a>3</a>
-<b>4</b>
-<v>367780</v>
+<b>6</b>
+<v>496205</v>
 </b>
 <b>
-<a>4</a>
-<b>5</b>
-<v>283559</v>
-</b>
-<b>
-<a>5</a>
-<b>9</b>
-<v>309310</v>
-</b>
-<b>
-<a>9</a>
-<b>73</b>
-<v>295656</v>
-</b>
-<b>
-<a>73</a>
-<b>110845</b>
-<v>21617</v>
+<a>6</a>
+<b>22445</b>
+<v>329167</v>
 </b>
 </bs>
 </hist>
@@ -32366,17 +32443,22 @@
 <b>
 <a>1</a>
 <b>2</b>
-<v>2811371</v>
+<v>4599301</v>
 </b>
 <b>
 <a>2</a>
 <b>3</b>
-<v>875346</v>
+<v>812812</v>
 </b>
 <b>
 <a>3</a>
-<b>30</b>
-<v>250573</v>
+<b>5</b>
+<v>498909</v>
+</b>
+<b>
+<a>5</a>
+<b>33</b>
+<v>239579</v>
 </b>
 </bs>
 </hist>