C++/WIP: Generate IR for global variables

cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll

@@ -5,23 +5,30 @@
 private import IRFunctionBaseInternal
 
 private newtype TIRFunction =
-  MkIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) }
+  TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
+  TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }
 
 /**
  * The IR for a function. This base class contains only the predicates that are the same between all
  * phases of the IR. Each instantiation of `IRFunction` extends this class.
  */
 class IRFunctionBase extends TIRFunction {
-  Language::Function func;
-
-  IRFunctionBase() { this = MkIRFunction(func) }
-
+  //Language::Function func;
+  //  IRFunctionBase() { this = TFunctionIRFunction(func) }
   /** Gets a textual representation of this element. */
-  final string toString() { result = "IR: " + func.toString() }
+  final string toString() {
+    result = "IR: " + any(Language::Function func | this = TFunctionIRFunction(func)).toString()
+    or
+    result = "IR: " + any(Language::GlobalVariable var | this = TVarInitIRFunction(var)).toString()
+  }
 
   /** Gets the function whose IR is represented. */
-  final Language::Function getFunction() { result = func }
+  final Language::Function getFunction() { this = TFunctionIRFunction(result) }
 
   /** Gets the location of the function. */
-  final Language::Location getLocation() { result = func.getLocation() }
+  final Language::Location getLocation() {
+    result = any(Language::Function func | this = TFunctionIRFunction(func)).getLocation()
+    or
+    result = any(Language::GlobalVariable var | this = TVarInitIRFunction(var)).getLocation()
+  }
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

@@ -34,6 +34,9 @@ module Raw {
 
   cached
   predicate functionHasIR(Function func) { exists(getTranslatedFunction(func)) }
+  
+  cached
+  predicate varHasIRFunc(GlobalOrNamespaceVariable var) { any() } // TODO: restrict?
 
   cached
   predicate hasInstruction(TranslatedElement element, InstructionTag tag) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -67,7 +67,8 @@ private predicate ignoreExprAndDescendants(Expr expr) {
   exists(Initializer init, StaticStorageDurationVariable var |
     init = var.getInitializer() and
     not var.hasDynamicInitialization() and
-    expr = init.getExpr().getFullyConverted()
+    expr = init.getExpr().getFullyConverted() and
+    not var instanceof GlobalOrNamespaceVariable
   )
   or
   // Ignore descendants of `__assume` expressions, since we translated these to `NoOp`.
@@ -117,7 +118,8 @@ private predicate ignoreExprOnly(Expr expr) {
   // should not be translated.
   exists(NewOrNewArrayExpr new | expr = new.getAllocatorCall().getArgument(0))
   or
-  not translateFunction(expr.getEnclosingFunction())
+  not translateFunction(expr.getEnclosingFunction()) and
+  not expr.getEnclosingVariable() instanceof GlobalOrNamespaceVariable
   or
   // We do not yet translate destructors properly, so for now we ignore the
   // destructor call. We do, however, translate the expression being
@@ -669,7 +671,8 @@ newtype TTranslatedElement =
     opcode = getASideEffectOpcode(call, -1)
   } or
   // The side effect that initializes newly-allocated memory.
-  TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) }
+  TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
+  TTranslatedGlobalOrNamespaceVarInit(GlobalOrNamespaceVariable var) { any() }
 
 /**
  * Gets the index of the first explicitly initialized element in `initList`

cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll

@@ -50,6 +50,8 @@ class AutomaticVariable = Cpp::StackVariable;
 
 class StaticVariable = Cpp::Variable;
 
+class GlobalVariable = Cpp::GlobalOrNamespaceVariable;
+
 class Parameter = Cpp::Parameter;
 
 class Field = Cpp::Field;