From 206a96df9411d98724161c78a67a09c84e10e31f Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Mon, 1 Jul 2019 10:14:19 +0200 Subject: [PATCH] C++ IR: Rename getters for def/use on Operand This renames `getDefinitionInstruction` to `getAnyDef`, reflecting that it includes definitions without exact overlap. It renames `getUseInstruction` to `getUse` for consistency. perl -p -i -e 's/\bgetUseInstruction\b/getUse/g; s/\bgetDefinitionInstruction\b/getAnyDef/g' \ cpp/ql/src/semmle/code/cpp/ir/**/*.ql* \ cpp/ql/test/**/*.ql* \ cpp/ql/src/semmle/code/cpp/rangeanalysis/**/*.ql* --- .../code/cpp/ir/dataflow/TaintTracking.qll | 2 +- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 2 +- .../aliased_ssa/Instruction.qll | 50 +++++++++---------- .../ir/implementation/aliased_ssa/Operand.qll | 24 ++++----- .../aliased_ssa/gvn/ValueNumbering.qll | 4 +- .../aliased_ssa/internal/AliasAnalysis.qll | 36 ++++++------- .../aliased_ssa/internal/AliasedSSA.qll | 4 +- .../aliased_ssa/internal/SSAConstruction.qll | 4 +- .../cpp/ir/implementation/raw/Instruction.qll | 50 +++++++++---------- .../cpp/ir/implementation/raw/Operand.qll | 24 ++++----- .../implementation/raw/gvn/ValueNumbering.qll | 4 +- .../unaliased_ssa/Instruction.qll | 50 +++++++++---------- .../implementation/unaliased_ssa/Operand.qll | 24 ++++----- .../unaliased_ssa/gvn/ValueNumbering.qll | 4 +- .../unaliased_ssa/internal/AliasAnalysis.qll | 36 ++++++------- .../internal/SSAConstruction.qll | 4 +- .../unaliased_ssa/internal/SimpleSSA.qll | 4 +- .../code/cpp/rangeanalysis/RangeAnalysis.qll | 22 ++++---- .../code/cpp/rangeanalysis/RangeUtils.qll | 12 ++--- .../code/cpp/rangeanalysis/SignAnalysis.qll | 16 +++--- .../controlflow/guards-ir/tests.ql | 2 +- 21 files changed, 189 insertions(+), 189 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/TaintTracking.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/TaintTracking.qll index d619e84e244..5063dec5122 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/TaintTracking.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/TaintTracking.qll @@ -136,7 +136,7 @@ module TaintTracking { // Taint can flow through expressions that alter the value but preserve // more than one bit of it _or_ expressions that follow data through // pointer indirections. - nodeTo.getAnOperand().getDefinitionInstruction() = nodeFrom and + nodeTo.getAnOperand().getAnyDef() = nodeFrom and ( nodeTo instanceof ArithmeticInstruction or diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index cd2d9e82850..0c87ca3ebf6 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -143,7 +143,7 @@ UninitializedNode uninitializedNode(LocalVariable v) { result.getLocalVariable() */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { nodeTo.(CopyInstruction).getSourceValue() = nodeFrom or - nodeTo.(PhiInstruction).getAnOperand().getDefinitionInstruction() = nodeFrom or + nodeTo.(PhiInstruction).getAnOperand().getAnyDef() = nodeFrom or // Treat all conversions as flow, even conversions between different numeric types. nodeTo.(ConvertInstruction).getUnary() = nodeFrom } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index 7ae52934a30..a6cdbe013f1 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -103,7 +103,7 @@ module InstructionSanity { query predicate missingOperandType(Operand operand, string message) { exists(Function func | not exists(operand.getType()) and - func = operand.getUseInstruction().getEnclosingFunction() and + func = operand.getUse().getEnclosingFunction() and message = "Operand missing type in function '" + getIdentityString(func) + "'." ) } @@ -158,8 +158,8 @@ module InstructionSanity { * a different function. */ query predicate operandAcrossFunctions(Operand operand, Instruction instr, Instruction defInstr) { - operand.getUseInstruction() = instr and - operand.getDefinitionInstruction() = defInstr and + operand.getUse() = instr and + operand.getAnyDef() = defInstr and instr.getEnclosingIRFunction() != defInstr.getEnclosingIRFunction() } @@ -483,14 +483,14 @@ class Instruction extends Construction::TInstruction { * Gets all direct uses of the result of this instruction. */ final Operand getAUse() { - result.getDefinitionInstruction() = this + result.getAnyDef() = this } /** * Gets all of this instruction's operands. */ final Operand getAnOperand() { - result.getUseInstruction() = this + result.getUse() = this } /** @@ -515,7 +515,7 @@ class Instruction extends Construction::TInstruction { */ final AddressOperand getResultAddressOperand() { getResultMemoryAccess().usesAddressOperand() and - result.getUseInstruction() = this + result.getUse() = this } /** @@ -698,7 +698,7 @@ class FieldAddressInstruction extends FieldInstruction { } final Instruction getObjectAddress() { - result = getObjectAddressOperand().getDefinitionInstruction() + result = getObjectAddressOperand().getAnyDef() } } @@ -747,7 +747,7 @@ class ReturnValueInstruction extends ReturnInstruction { } final Instruction getReturnValue() { - result = getReturnValueOperand().getDefinitionInstruction() + result = getReturnValueOperand().getAnyDef() } } @@ -761,7 +761,7 @@ class CopyInstruction extends Instruction { } final Instruction getSourceValue() { - result = getSourceValueOperand().getDefinitionInstruction() + result = getSourceValueOperand().getAnyDef() } } @@ -785,7 +785,7 @@ class LoadInstruction extends CopyInstruction { } final Instruction getSourceAddress() { - result = getSourceAddressOperand().getDefinitionInstruction() + result = getSourceAddressOperand().getAnyDef() } override final LoadOperand getSourceValueOperand() { @@ -807,7 +807,7 @@ class StoreInstruction extends CopyInstruction { } final Instruction getDestinationAddress() { - result = getDestinationAddressOperand().getDefinitionInstruction() + result = getDestinationAddressOperand().getAnyDef() } override final StoreValueOperand getSourceValueOperand() { @@ -825,7 +825,7 @@ class ConditionalBranchInstruction extends Instruction { } final Instruction getCondition() { - result = getConditionOperand().getDefinitionInstruction() + result = getConditionOperand().getAnyDef() } final Instruction getTrueSuccessor() { @@ -891,11 +891,11 @@ class BinaryInstruction extends Instruction { } final Instruction getLeft() { - result = getLeftOperand().getDefinitionInstruction() + result = getLeftOperand().getAnyDef() } final Instruction getRight() { - result = getRightOperand().getDefinitionInstruction() + result = getRightOperand().getAnyDef() } /** @@ -1045,7 +1045,7 @@ class UnaryInstruction extends Instruction { } final Instruction getUnary() { - result = getUnaryOperand().getDefinitionInstruction() + result = getUnaryOperand().getAnyDef() } } @@ -1275,7 +1275,7 @@ class SwitchInstruction extends Instruction { } final Instruction getExpression() { - result = getExpressionOperand().getDefinitionInstruction() + result = getExpressionOperand().getAnyDef() } final Instruction getACaseSuccessor() { @@ -1310,7 +1310,7 @@ class CallInstruction extends Instruction { * function pointer. */ final Instruction getCallTarget() { - result = getCallTargetOperand().getDefinitionInstruction() + result = getCallTargetOperand().getAnyDef() } /** @@ -1331,7 +1331,7 @@ class CallInstruction extends Instruction { * Gets all of the arguments of the call, including the `this` pointer, if any. */ final Instruction getAnArgument() { - result = getAnArgumentOperand().getDefinitionInstruction() + result = getAnArgumentOperand().getAnyDef() } /** @@ -1345,7 +1345,7 @@ class CallInstruction extends Instruction { * Gets the `this` pointer argument of the call, if any. */ final Instruction getThisArgument() { - result = getThisArgumentOperand().getDefinitionInstruction() + result = getThisArgumentOperand().getAnyDef() } /** @@ -1360,7 +1360,7 @@ class CallInstruction extends Instruction { * Gets the argument at the specified index. */ final Instruction getPositionalArgument(int index) { - result = getPositionalArgumentOperand(index).getDefinitionInstruction() + result = getPositionalArgumentOperand(index).getAnyDef() } } @@ -1516,7 +1516,7 @@ class ThrowValueInstruction extends ThrowInstruction { * Gets the address of the exception thrown by this instruction. */ final Instruction getExceptionAddress() { - result = getExceptionAddressOperand().getDefinitionInstruction() + result = getExceptionAddressOperand().getAnyDef() } /** @@ -1530,7 +1530,7 @@ class ThrowValueInstruction extends ThrowInstruction { * Gets the exception thrown by this instruction. */ final Instruction getException() { - result = getExceptionOperand().getDefinitionInstruction() + result = getExceptionOperand().getAnyDef() } } @@ -1660,7 +1660,7 @@ class PhiInstruction extends Instruction { */ pragma[noinline] final Instruction getAnInput() { - result = this.getAnInputOperand().getDefinitionInstruction() + result = this.getAnInputOperand().getAnyDef() } } @@ -1728,7 +1728,7 @@ class ChiInstruction extends Instruction { * memory write. */ final Instruction getTotal() { - result = getTotalOperand().getDefinitionInstruction() + result = getTotalOperand().getAnyDef() } /** @@ -1742,7 +1742,7 @@ class ChiInstruction extends Instruction { * Gets the operand that represents the new value written by the memory write. */ final Instruction getPartial() { - result = getPartialOperand().getDefinitionInstruction() + result = getPartialOperand().getAnyDef() } } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll index 84562760140..4eb31ee3a97 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll @@ -26,24 +26,24 @@ class Operand extends TOperand { } final Location getLocation() { - result = getUseInstruction().getLocation() + result = getUse().getLocation() } final IRFunction getEnclosingIRFunction() { - result = getUseInstruction().getEnclosingIRFunction() + result = getUse().getEnclosingIRFunction() } /** * Gets the `Instruction` that consumes this operand. */ - Instruction getUseInstruction() { + Instruction getUse() { none() } /** * Gets the `Instruction` whose result is the value of the operand. */ - Instruction getDefinitionInstruction() { + Instruction getAnyDef() { none() } @@ -76,7 +76,7 @@ class Operand extends TOperand { * For example: `this:r3_5` */ final string getDumpString() { - result = getDumpLabel() + getInexactSpecifier() + getDefinitionInstruction().getResultId() + result = getDumpLabel() + getInexactSpecifier() + getAnyDef().getResultId() } /** @@ -106,7 +106,7 @@ class Operand extends TOperand { * has been cast to a different type. */ Type getType() { - result = getDefinitionInstruction().getResultType() + result = getAnyDef().getResultType() } /** @@ -117,7 +117,7 @@ class Operand extends TOperand { * given by `getResultType()`. */ predicate isGLValue() { - getDefinitionInstruction().isGLValue() + getAnyDef().isGLValue() } /** @@ -157,7 +157,7 @@ class MemoryOperand extends Operand { */ final AddressOperand getAddressOperand() { getMemoryAccess().usesAddressOperand() and - result.getUseInstruction() = getUseInstruction() + result.getUse() = getUse() } } @@ -174,11 +174,11 @@ class NonPhiOperand extends Operand { this = TNonPhiMemoryOperand(useInstr, tag, defInstr, _) } - override final Instruction getUseInstruction() { + override final Instruction getUse() { result = useInstr } - override final Instruction getDefinitionInstruction() { + override final Instruction getAnyDef() { result = defInstr } @@ -436,11 +436,11 @@ class PhiInputOperand extends MemoryOperand, TPhiOperand { result = "Phi" } - override final PhiInstruction getUseInstruction() { + override final PhiInstruction getUse() { result = useInstr } - override final Instruction getDefinitionInstruction() { + override final Instruction getAnyDef() { result = defInstr } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll index a3e12bb5628..87f5df0594a 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll @@ -88,7 +88,7 @@ class ValueNumber extends TValueNumber { } final Operand getAUse() { - this = valueNumber(result.getDefinitionInstruction()) + this = valueNumber(result.getAnyDef()) } } @@ -230,7 +230,7 @@ cached ValueNumber valueNumber(Instruction instr) { * Gets the value number assigned to `instr`, if any. Returns at most one result. */ ValueNumber valueNumberOfOperand(Operand op) { - result = valueNumber(op.getDefinitionInstruction()) + result = valueNumber(op.getAnyDef()) } /** diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll index efd62a7e401..8bb359e7b9c 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll @@ -53,7 +53,7 @@ private predicate operandIsConsumedWithoutEscaping(Operand operand) { // loaded/stored value could). operand instanceof AddressOperand or exists (Instruction instr | - instr = operand.getUseInstruction() and + instr = operand.getUse() and ( // Neither operand of a Compare escapes. instr instanceof CompareInstruction or @@ -72,7 +72,7 @@ private predicate operandEscapesDomain(Operand operand) { not operandIsPropagated(operand, _) and not isArgumentForParameter(_, operand, _) and not isOnlyEscapesViaReturnArgument(operand) and - not operand.getUseInstruction() instanceof ReturnValueInstruction and + not operand.getUse() instanceof ReturnValueInstruction and not operand instanceof PhiInputOperand } @@ -113,7 +113,7 @@ IntValue getPointerBitOffset(PointerOffsetInstruction instr) { */ private predicate operandIsPropagated(Operand operand, IntValue bitOffset) { exists(Instruction instr | - instr = operand.getUseInstruction() and + instr = operand.getUse() and ( // Converting to a non-virtual base class adds the offset of the base class. exists(ConvertToBaseInstruction convert | @@ -156,7 +156,7 @@ private predicate operandIsPropagated(Operand operand, IntValue bitOffset) { private predicate operandEscapesNonReturn(Operand operand) { // The address is propagated to the result of the instruction, and that result itself is returned - operandIsPropagated(operand, _) and resultEscapesNonReturn(operand.getUseInstruction()) + operandIsPropagated(operand, _) and resultEscapesNonReturn(operand.getUse()) or // The operand is used in a function call which returns it, and the return value is then returned exists(CallInstruction ci, Instruction init | @@ -169,10 +169,10 @@ private predicate operandEscapesNonReturn(Operand operand) { ) ) or - isOnlyEscapesViaReturnArgument(operand) and resultEscapesNonReturn(operand.getUseInstruction()) + isOnlyEscapesViaReturnArgument(operand) and resultEscapesNonReturn(operand.getUse()) or operand instanceof PhiInputOperand and - resultEscapesNonReturn(operand.getUseInstruction()) + resultEscapesNonReturn(operand.getUse()) or operandEscapesDomain(operand) } @@ -180,7 +180,7 @@ private predicate operandEscapesNonReturn(Operand operand) { private predicate operandMayReachReturn(Operand operand) { // The address is propagated to the result of the instruction, and that result itself is returned operandIsPropagated(operand, _) and - resultMayReachReturn(operand.getUseInstruction()) + resultMayReachReturn(operand.getUse()) or // The operand is used in a function call which returns it, and the return value is then returned exists(CallInstruction ci, Instruction init | @@ -190,19 +190,19 @@ private predicate operandMayReachReturn(Operand operand) { ) or // The address is returned - operand.getUseInstruction() instanceof ReturnValueInstruction + operand.getUse() instanceof ReturnValueInstruction or - isOnlyEscapesViaReturnArgument(operand) and resultMayReachReturn(operand.getUseInstruction()) + isOnlyEscapesViaReturnArgument(operand) and resultMayReachReturn(operand.getUse()) or operand instanceof PhiInputOperand and - resultMayReachReturn(operand.getUseInstruction()) + resultMayReachReturn(operand.getUse()) } private predicate operandReturned(Operand operand, IntValue bitOffset) { // The address is propagated to the result of the instruction, and that result itself is returned exists(IntValue bitOffset1, IntValue bitOffset2 | operandIsPropagated(operand, bitOffset1) and - resultReturned(operand.getUseInstruction(), bitOffset2) and + resultReturned(operand.getUse(), bitOffset2) and bitOffset = Ints::add(bitOffset1, bitOffset2) ) or @@ -216,16 +216,16 @@ private predicate operandReturned(Operand operand, IntValue bitOffset) { ) or // The address is returned - operand.getUseInstruction() instanceof ReturnValueInstruction and + operand.getUse() instanceof ReturnValueInstruction and bitOffset = 0 or - isOnlyEscapesViaReturnArgument(operand) and resultReturned(operand.getUseInstruction(), _) and + isOnlyEscapesViaReturnArgument(operand) and resultReturned(operand.getUse(), _) and bitOffset = Ints::unknown() } private predicate isArgumentForParameter(CallInstruction ci, Operand operand, Instruction init) { exists(Function f | - ci = operand.getUseInstruction() and + ci = operand.getUse() and f = ci.getStaticCallTarget() and ( init.(InitializeParameterInstruction).getParameter() = f.getParameter(operand.(PositionalArgumentOperand).getIndex()) @@ -241,21 +241,21 @@ private predicate isArgumentForParameter(CallInstruction ci, Operand operand, In private predicate isAlwaysReturnedArgument(Operand operand) { exists(AliasFunction f | - f = operand.getUseInstruction().(CallInstruction).getStaticCallTarget() and + f = operand.getUse().(CallInstruction).getStaticCallTarget() and f.parameterIsAlwaysReturned(operand.(PositionalArgumentOperand).getIndex()) ) } private predicate isOnlyEscapesViaReturnArgument(Operand operand) { exists(AliasFunction f | - f = operand.getUseInstruction().(CallInstruction).getStaticCallTarget() and + f = operand.getUse().(CallInstruction).getStaticCallTarget() and f.parameterEscapesOnlyViaReturn(operand.(PositionalArgumentOperand).getIndex()) ) } private predicate isNeverEscapesArgument(Operand operand) { exists(AliasFunction f | - f = operand.getUseInstruction().(CallInstruction).getStaticCallTarget() and + f = operand.getUse().(CallInstruction).getStaticCallTarget() and f.parameterNeverEscapes(operand.(PositionalArgumentOperand).getIndex()) ) } @@ -315,7 +315,7 @@ predicate resultPointsTo(Instruction instr, IRVariable var, IntValue bitOffset) operand = instr.getAnOperand() and // If an operand is propagated, then the result points to the same variable, // offset by the bit offset from the propagation. - resultPointsTo(operand.getDefinitionInstruction(), var, originalBitOffset) and + resultPointsTo(operand.getAnyDef(), var, originalBitOffset) and ( operandIsPropagated(operand, propagatedBitOffset) or diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll index e12cdcee715..e10b238a850 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll @@ -11,7 +11,7 @@ private class IntValue = Ints::IntValue; private predicate hasResultMemoryAccess(Instruction instr, IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset) { - resultPointsTo(instr.getResultAddressOperand().getDefinitionInstruction(), var, startBitOffset) and + resultPointsTo(instr.getResultAddressOperand().getAnyDef(), var, startBitOffset) and type = instr.getResultType() and if exists(instr.getResultSize()) then endBitOffset = Ints::add(startBitOffset, Ints::mul(instr.getResultSize(), 8)) @@ -21,7 +21,7 @@ private predicate hasResultMemoryAccess(Instruction instr, IRVariable var, Type private predicate hasOperandMemoryAccess(MemoryOperand operand, IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset) { - resultPointsTo(operand.getAddressOperand().getDefinitionInstruction(), var, startBitOffset) and + resultPointsTo(operand.getAddressOperand().getAnyDef(), var, startBitOffset) and type = operand.getType() and if exists(operand.getSize()) then endBitOffset = Ints::add(startBitOffset, Ints::mul(operand.getSize(), 8)) diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll index 86b16330af4..922f632680c 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll @@ -69,7 +69,7 @@ cached private module Cached { oldInstruction = getOldInstruction(instruction) and oldOperand = oldInstruction.getAnOperand() and tag = oldOperand.getOperandTag() and - result = getNewInstruction(oldOperand.getDefinitionInstruction()) + result = getNewInstruction(oldOperand.getAnyDef()) ) } @@ -101,7 +101,7 @@ cached private module Cached { exists(OldInstruction oldDefinition | instruction instanceof UnmodeledUseInstruction and tag instanceof UnmodeledUseOperandTag and - oldDefinition = oldOperand.getDefinitionInstruction() and + oldDefinition = oldOperand.getAnyDef() and not exists(Alias::getResultMemoryLocation(oldDefinition)) and result = getNewInstruction(oldDefinition) and overlap instanceof MustTotallyOverlap diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll index 7ae52934a30..a6cdbe013f1 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -103,7 +103,7 @@ module InstructionSanity { query predicate missingOperandType(Operand operand, string message) { exists(Function func | not exists(operand.getType()) and - func = operand.getUseInstruction().getEnclosingFunction() and + func = operand.getUse().getEnclosingFunction() and message = "Operand missing type in function '" + getIdentityString(func) + "'." ) } @@ -158,8 +158,8 @@ module InstructionSanity { * a different function. */ query predicate operandAcrossFunctions(Operand operand, Instruction instr, Instruction defInstr) { - operand.getUseInstruction() = instr and - operand.getDefinitionInstruction() = defInstr and + operand.getUse() = instr and + operand.getAnyDef() = defInstr and instr.getEnclosingIRFunction() != defInstr.getEnclosingIRFunction() } @@ -483,14 +483,14 @@ class Instruction extends Construction::TInstruction { * Gets all direct uses of the result of this instruction. */ final Operand getAUse() { - result.getDefinitionInstruction() = this + result.getAnyDef() = this } /** * Gets all of this instruction's operands. */ final Operand getAnOperand() { - result.getUseInstruction() = this + result.getUse() = this } /** @@ -515,7 +515,7 @@ class Instruction extends Construction::TInstruction { */ final AddressOperand getResultAddressOperand() { getResultMemoryAccess().usesAddressOperand() and - result.getUseInstruction() = this + result.getUse() = this } /** @@ -698,7 +698,7 @@ class FieldAddressInstruction extends FieldInstruction { } final Instruction getObjectAddress() { - result = getObjectAddressOperand().getDefinitionInstruction() + result = getObjectAddressOperand().getAnyDef() } } @@ -747,7 +747,7 @@ class ReturnValueInstruction extends ReturnInstruction { } final Instruction getReturnValue() { - result = getReturnValueOperand().getDefinitionInstruction() + result = getReturnValueOperand().getAnyDef() } } @@ -761,7 +761,7 @@ class CopyInstruction extends Instruction { } final Instruction getSourceValue() { - result = getSourceValueOperand().getDefinitionInstruction() + result = getSourceValueOperand().getAnyDef() } } @@ -785,7 +785,7 @@ class LoadInstruction extends CopyInstruction { } final Instruction getSourceAddress() { - result = getSourceAddressOperand().getDefinitionInstruction() + result = getSourceAddressOperand().getAnyDef() } override final LoadOperand getSourceValueOperand() { @@ -807,7 +807,7 @@ class StoreInstruction extends CopyInstruction { } final Instruction getDestinationAddress() { - result = getDestinationAddressOperand().getDefinitionInstruction() + result = getDestinationAddressOperand().getAnyDef() } override final StoreValueOperand getSourceValueOperand() { @@ -825,7 +825,7 @@ class ConditionalBranchInstruction extends Instruction { } final Instruction getCondition() { - result = getConditionOperand().getDefinitionInstruction() + result = getConditionOperand().getAnyDef() } final Instruction getTrueSuccessor() { @@ -891,11 +891,11 @@ class BinaryInstruction extends Instruction { } final Instruction getLeft() { - result = getLeftOperand().getDefinitionInstruction() + result = getLeftOperand().getAnyDef() } final Instruction getRight() { - result = getRightOperand().getDefinitionInstruction() + result = getRightOperand().getAnyDef() } /** @@ -1045,7 +1045,7 @@ class UnaryInstruction extends Instruction { } final Instruction getUnary() { - result = getUnaryOperand().getDefinitionInstruction() + result = getUnaryOperand().getAnyDef() } } @@ -1275,7 +1275,7 @@ class SwitchInstruction extends Instruction { } final Instruction getExpression() { - result = getExpressionOperand().getDefinitionInstruction() + result = getExpressionOperand().getAnyDef() } final Instruction getACaseSuccessor() { @@ -1310,7 +1310,7 @@ class CallInstruction extends Instruction { * function pointer. */ final Instruction getCallTarget() { - result = getCallTargetOperand().getDefinitionInstruction() + result = getCallTargetOperand().getAnyDef() } /** @@ -1331,7 +1331,7 @@ class CallInstruction extends Instruction { * Gets all of the arguments of the call, including the `this` pointer, if any. */ final Instruction getAnArgument() { - result = getAnArgumentOperand().getDefinitionInstruction() + result = getAnArgumentOperand().getAnyDef() } /** @@ -1345,7 +1345,7 @@ class CallInstruction extends Instruction { * Gets the `this` pointer argument of the call, if any. */ final Instruction getThisArgument() { - result = getThisArgumentOperand().getDefinitionInstruction() + result = getThisArgumentOperand().getAnyDef() } /** @@ -1360,7 +1360,7 @@ class CallInstruction extends Instruction { * Gets the argument at the specified index. */ final Instruction getPositionalArgument(int index) { - result = getPositionalArgumentOperand(index).getDefinitionInstruction() + result = getPositionalArgumentOperand(index).getAnyDef() } } @@ -1516,7 +1516,7 @@ class ThrowValueInstruction extends ThrowInstruction { * Gets the address of the exception thrown by this instruction. */ final Instruction getExceptionAddress() { - result = getExceptionAddressOperand().getDefinitionInstruction() + result = getExceptionAddressOperand().getAnyDef() } /** @@ -1530,7 +1530,7 @@ class ThrowValueInstruction extends ThrowInstruction { * Gets the exception thrown by this instruction. */ final Instruction getException() { - result = getExceptionOperand().getDefinitionInstruction() + result = getExceptionOperand().getAnyDef() } } @@ -1660,7 +1660,7 @@ class PhiInstruction extends Instruction { */ pragma[noinline] final Instruction getAnInput() { - result = this.getAnInputOperand().getDefinitionInstruction() + result = this.getAnInputOperand().getAnyDef() } } @@ -1728,7 +1728,7 @@ class ChiInstruction extends Instruction { * memory write. */ final Instruction getTotal() { - result = getTotalOperand().getDefinitionInstruction() + result = getTotalOperand().getAnyDef() } /** @@ -1742,7 +1742,7 @@ class ChiInstruction extends Instruction { * Gets the operand that represents the new value written by the memory write. */ final Instruction getPartial() { - result = getPartialOperand().getDefinitionInstruction() + result = getPartialOperand().getAnyDef() } } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll index 84562760140..4eb31ee3a97 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll @@ -26,24 +26,24 @@ class Operand extends TOperand { } final Location getLocation() { - result = getUseInstruction().getLocation() + result = getUse().getLocation() } final IRFunction getEnclosingIRFunction() { - result = getUseInstruction().getEnclosingIRFunction() + result = getUse().getEnclosingIRFunction() } /** * Gets the `Instruction` that consumes this operand. */ - Instruction getUseInstruction() { + Instruction getUse() { none() } /** * Gets the `Instruction` whose result is the value of the operand. */ - Instruction getDefinitionInstruction() { + Instruction getAnyDef() { none() } @@ -76,7 +76,7 @@ class Operand extends TOperand { * For example: `this:r3_5` */ final string getDumpString() { - result = getDumpLabel() + getInexactSpecifier() + getDefinitionInstruction().getResultId() + result = getDumpLabel() + getInexactSpecifier() + getAnyDef().getResultId() } /** @@ -106,7 +106,7 @@ class Operand extends TOperand { * has been cast to a different type. */ Type getType() { - result = getDefinitionInstruction().getResultType() + result = getAnyDef().getResultType() } /** @@ -117,7 +117,7 @@ class Operand extends TOperand { * given by `getResultType()`. */ predicate isGLValue() { - getDefinitionInstruction().isGLValue() + getAnyDef().isGLValue() } /** @@ -157,7 +157,7 @@ class MemoryOperand extends Operand { */ final AddressOperand getAddressOperand() { getMemoryAccess().usesAddressOperand() and - result.getUseInstruction() = getUseInstruction() + result.getUse() = getUse() } } @@ -174,11 +174,11 @@ class NonPhiOperand extends Operand { this = TNonPhiMemoryOperand(useInstr, tag, defInstr, _) } - override final Instruction getUseInstruction() { + override final Instruction getUse() { result = useInstr } - override final Instruction getDefinitionInstruction() { + override final Instruction getAnyDef() { result = defInstr } @@ -436,11 +436,11 @@ class PhiInputOperand extends MemoryOperand, TPhiOperand { result = "Phi" } - override final PhiInstruction getUseInstruction() { + override final PhiInstruction getUse() { result = useInstr } - override final Instruction getDefinitionInstruction() { + override final Instruction getAnyDef() { result = defInstr } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll index a3e12bb5628..87f5df0594a 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll @@ -88,7 +88,7 @@ class ValueNumber extends TValueNumber { } final Operand getAUse() { - this = valueNumber(result.getDefinitionInstruction()) + this = valueNumber(result.getAnyDef()) } } @@ -230,7 +230,7 @@ cached ValueNumber valueNumber(Instruction instr) { * Gets the value number assigned to `instr`, if any. Returns at most one result. */ ValueNumber valueNumberOfOperand(Operand op) { - result = valueNumber(op.getDefinitionInstruction()) + result = valueNumber(op.getAnyDef()) } /** diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index 7ae52934a30..a6cdbe013f1 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -103,7 +103,7 @@ module InstructionSanity { query predicate missingOperandType(Operand operand, string message) { exists(Function func | not exists(operand.getType()) and - func = operand.getUseInstruction().getEnclosingFunction() and + func = operand.getUse().getEnclosingFunction() and message = "Operand missing type in function '" + getIdentityString(func) + "'." ) } @@ -158,8 +158,8 @@ module InstructionSanity { * a different function. */ query predicate operandAcrossFunctions(Operand operand, Instruction instr, Instruction defInstr) { - operand.getUseInstruction() = instr and - operand.getDefinitionInstruction() = defInstr and + operand.getUse() = instr and + operand.getAnyDef() = defInstr and instr.getEnclosingIRFunction() != defInstr.getEnclosingIRFunction() } @@ -483,14 +483,14 @@ class Instruction extends Construction::TInstruction { * Gets all direct uses of the result of this instruction. */ final Operand getAUse() { - result.getDefinitionInstruction() = this + result.getAnyDef() = this } /** * Gets all of this instruction's operands. */ final Operand getAnOperand() { - result.getUseInstruction() = this + result.getUse() = this } /** @@ -515,7 +515,7 @@ class Instruction extends Construction::TInstruction { */ final AddressOperand getResultAddressOperand() { getResultMemoryAccess().usesAddressOperand() and - result.getUseInstruction() = this + result.getUse() = this } /** @@ -698,7 +698,7 @@ class FieldAddressInstruction extends FieldInstruction { } final Instruction getObjectAddress() { - result = getObjectAddressOperand().getDefinitionInstruction() + result = getObjectAddressOperand().getAnyDef() } } @@ -747,7 +747,7 @@ class ReturnValueInstruction extends ReturnInstruction { } final Instruction getReturnValue() { - result = getReturnValueOperand().getDefinitionInstruction() + result = getReturnValueOperand().getAnyDef() } } @@ -761,7 +761,7 @@ class CopyInstruction extends Instruction { } final Instruction getSourceValue() { - result = getSourceValueOperand().getDefinitionInstruction() + result = getSourceValueOperand().getAnyDef() } } @@ -785,7 +785,7 @@ class LoadInstruction extends CopyInstruction { } final Instruction getSourceAddress() { - result = getSourceAddressOperand().getDefinitionInstruction() + result = getSourceAddressOperand().getAnyDef() } override final LoadOperand getSourceValueOperand() { @@ -807,7 +807,7 @@ class StoreInstruction extends CopyInstruction { } final Instruction getDestinationAddress() { - result = getDestinationAddressOperand().getDefinitionInstruction() + result = getDestinationAddressOperand().getAnyDef() } override final StoreValueOperand getSourceValueOperand() { @@ -825,7 +825,7 @@ class ConditionalBranchInstruction extends Instruction { } final Instruction getCondition() { - result = getConditionOperand().getDefinitionInstruction() + result = getConditionOperand().getAnyDef() } final Instruction getTrueSuccessor() { @@ -891,11 +891,11 @@ class BinaryInstruction extends Instruction { } final Instruction getLeft() { - result = getLeftOperand().getDefinitionInstruction() + result = getLeftOperand().getAnyDef() } final Instruction getRight() { - result = getRightOperand().getDefinitionInstruction() + result = getRightOperand().getAnyDef() } /** @@ -1045,7 +1045,7 @@ class UnaryInstruction extends Instruction { } final Instruction getUnary() { - result = getUnaryOperand().getDefinitionInstruction() + result = getUnaryOperand().getAnyDef() } } @@ -1275,7 +1275,7 @@ class SwitchInstruction extends Instruction { } final Instruction getExpression() { - result = getExpressionOperand().getDefinitionInstruction() + result = getExpressionOperand().getAnyDef() } final Instruction getACaseSuccessor() { @@ -1310,7 +1310,7 @@ class CallInstruction extends Instruction { * function pointer. */ final Instruction getCallTarget() { - result = getCallTargetOperand().getDefinitionInstruction() + result = getCallTargetOperand().getAnyDef() } /** @@ -1331,7 +1331,7 @@ class CallInstruction extends Instruction { * Gets all of the arguments of the call, including the `this` pointer, if any. */ final Instruction getAnArgument() { - result = getAnArgumentOperand().getDefinitionInstruction() + result = getAnArgumentOperand().getAnyDef() } /** @@ -1345,7 +1345,7 @@ class CallInstruction extends Instruction { * Gets the `this` pointer argument of the call, if any. */ final Instruction getThisArgument() { - result = getThisArgumentOperand().getDefinitionInstruction() + result = getThisArgumentOperand().getAnyDef() } /** @@ -1360,7 +1360,7 @@ class CallInstruction extends Instruction { * Gets the argument at the specified index. */ final Instruction getPositionalArgument(int index) { - result = getPositionalArgumentOperand(index).getDefinitionInstruction() + result = getPositionalArgumentOperand(index).getAnyDef() } } @@ -1516,7 +1516,7 @@ class ThrowValueInstruction extends ThrowInstruction { * Gets the address of the exception thrown by this instruction. */ final Instruction getExceptionAddress() { - result = getExceptionAddressOperand().getDefinitionInstruction() + result = getExceptionAddressOperand().getAnyDef() } /** @@ -1530,7 +1530,7 @@ class ThrowValueInstruction extends ThrowInstruction { * Gets the exception thrown by this instruction. */ final Instruction getException() { - result = getExceptionOperand().getDefinitionInstruction() + result = getExceptionOperand().getAnyDef() } } @@ -1660,7 +1660,7 @@ class PhiInstruction extends Instruction { */ pragma[noinline] final Instruction getAnInput() { - result = this.getAnInputOperand().getDefinitionInstruction() + result = this.getAnInputOperand().getAnyDef() } } @@ -1728,7 +1728,7 @@ class ChiInstruction extends Instruction { * memory write. */ final Instruction getTotal() { - result = getTotalOperand().getDefinitionInstruction() + result = getTotalOperand().getAnyDef() } /** @@ -1742,7 +1742,7 @@ class ChiInstruction extends Instruction { * Gets the operand that represents the new value written by the memory write. */ final Instruction getPartial() { - result = getPartialOperand().getDefinitionInstruction() + result = getPartialOperand().getAnyDef() } } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll index 84562760140..4eb31ee3a97 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll @@ -26,24 +26,24 @@ class Operand extends TOperand { } final Location getLocation() { - result = getUseInstruction().getLocation() + result = getUse().getLocation() } final IRFunction getEnclosingIRFunction() { - result = getUseInstruction().getEnclosingIRFunction() + result = getUse().getEnclosingIRFunction() } /** * Gets the `Instruction` that consumes this operand. */ - Instruction getUseInstruction() { + Instruction getUse() { none() } /** * Gets the `Instruction` whose result is the value of the operand. */ - Instruction getDefinitionInstruction() { + Instruction getAnyDef() { none() } @@ -76,7 +76,7 @@ class Operand extends TOperand { * For example: `this:r3_5` */ final string getDumpString() { - result = getDumpLabel() + getInexactSpecifier() + getDefinitionInstruction().getResultId() + result = getDumpLabel() + getInexactSpecifier() + getAnyDef().getResultId() } /** @@ -106,7 +106,7 @@ class Operand extends TOperand { * has been cast to a different type. */ Type getType() { - result = getDefinitionInstruction().getResultType() + result = getAnyDef().getResultType() } /** @@ -117,7 +117,7 @@ class Operand extends TOperand { * given by `getResultType()`. */ predicate isGLValue() { - getDefinitionInstruction().isGLValue() + getAnyDef().isGLValue() } /** @@ -157,7 +157,7 @@ class MemoryOperand extends Operand { */ final AddressOperand getAddressOperand() { getMemoryAccess().usesAddressOperand() and - result.getUseInstruction() = getUseInstruction() + result.getUse() = getUse() } } @@ -174,11 +174,11 @@ class NonPhiOperand extends Operand { this = TNonPhiMemoryOperand(useInstr, tag, defInstr, _) } - override final Instruction getUseInstruction() { + override final Instruction getUse() { result = useInstr } - override final Instruction getDefinitionInstruction() { + override final Instruction getAnyDef() { result = defInstr } @@ -436,11 +436,11 @@ class PhiInputOperand extends MemoryOperand, TPhiOperand { result = "Phi" } - override final PhiInstruction getUseInstruction() { + override final PhiInstruction getUse() { result = useInstr } - override final Instruction getDefinitionInstruction() { + override final Instruction getAnyDef() { result = defInstr } diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll index a3e12bb5628..87f5df0594a 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll @@ -88,7 +88,7 @@ class ValueNumber extends TValueNumber { } final Operand getAUse() { - this = valueNumber(result.getDefinitionInstruction()) + this = valueNumber(result.getAnyDef()) } } @@ -230,7 +230,7 @@ cached ValueNumber valueNumber(Instruction instr) { * Gets the value number assigned to `instr`, if any. Returns at most one result. */ ValueNumber valueNumberOfOperand(Operand op) { - result = valueNumber(op.getDefinitionInstruction()) + result = valueNumber(op.getAnyDef()) } /** diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll index efd62a7e401..8bb359e7b9c 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll @@ -53,7 +53,7 @@ private predicate operandIsConsumedWithoutEscaping(Operand operand) { // loaded/stored value could). operand instanceof AddressOperand or exists (Instruction instr | - instr = operand.getUseInstruction() and + instr = operand.getUse() and ( // Neither operand of a Compare escapes. instr instanceof CompareInstruction or @@ -72,7 +72,7 @@ private predicate operandEscapesDomain(Operand operand) { not operandIsPropagated(operand, _) and not isArgumentForParameter(_, operand, _) and not isOnlyEscapesViaReturnArgument(operand) and - not operand.getUseInstruction() instanceof ReturnValueInstruction and + not operand.getUse() instanceof ReturnValueInstruction and not operand instanceof PhiInputOperand } @@ -113,7 +113,7 @@ IntValue getPointerBitOffset(PointerOffsetInstruction instr) { */ private predicate operandIsPropagated(Operand operand, IntValue bitOffset) { exists(Instruction instr | - instr = operand.getUseInstruction() and + instr = operand.getUse() and ( // Converting to a non-virtual base class adds the offset of the base class. exists(ConvertToBaseInstruction convert | @@ -156,7 +156,7 @@ private predicate operandIsPropagated(Operand operand, IntValue bitOffset) { private predicate operandEscapesNonReturn(Operand operand) { // The address is propagated to the result of the instruction, and that result itself is returned - operandIsPropagated(operand, _) and resultEscapesNonReturn(operand.getUseInstruction()) + operandIsPropagated(operand, _) and resultEscapesNonReturn(operand.getUse()) or // The operand is used in a function call which returns it, and the return value is then returned exists(CallInstruction ci, Instruction init | @@ -169,10 +169,10 @@ private predicate operandEscapesNonReturn(Operand operand) { ) ) or - isOnlyEscapesViaReturnArgument(operand) and resultEscapesNonReturn(operand.getUseInstruction()) + isOnlyEscapesViaReturnArgument(operand) and resultEscapesNonReturn(operand.getUse()) or operand instanceof PhiInputOperand and - resultEscapesNonReturn(operand.getUseInstruction()) + resultEscapesNonReturn(operand.getUse()) or operandEscapesDomain(operand) } @@ -180,7 +180,7 @@ private predicate operandEscapesNonReturn(Operand operand) { private predicate operandMayReachReturn(Operand operand) { // The address is propagated to the result of the instruction, and that result itself is returned operandIsPropagated(operand, _) and - resultMayReachReturn(operand.getUseInstruction()) + resultMayReachReturn(operand.getUse()) or // The operand is used in a function call which returns it, and the return value is then returned exists(CallInstruction ci, Instruction init | @@ -190,19 +190,19 @@ private predicate operandMayReachReturn(Operand operand) { ) or // The address is returned - operand.getUseInstruction() instanceof ReturnValueInstruction + operand.getUse() instanceof ReturnValueInstruction or - isOnlyEscapesViaReturnArgument(operand) and resultMayReachReturn(operand.getUseInstruction()) + isOnlyEscapesViaReturnArgument(operand) and resultMayReachReturn(operand.getUse()) or operand instanceof PhiInputOperand and - resultMayReachReturn(operand.getUseInstruction()) + resultMayReachReturn(operand.getUse()) } private predicate operandReturned(Operand operand, IntValue bitOffset) { // The address is propagated to the result of the instruction, and that result itself is returned exists(IntValue bitOffset1, IntValue bitOffset2 | operandIsPropagated(operand, bitOffset1) and - resultReturned(operand.getUseInstruction(), bitOffset2) and + resultReturned(operand.getUse(), bitOffset2) and bitOffset = Ints::add(bitOffset1, bitOffset2) ) or @@ -216,16 +216,16 @@ private predicate operandReturned(Operand operand, IntValue bitOffset) { ) or // The address is returned - operand.getUseInstruction() instanceof ReturnValueInstruction and + operand.getUse() instanceof ReturnValueInstruction and bitOffset = 0 or - isOnlyEscapesViaReturnArgument(operand) and resultReturned(operand.getUseInstruction(), _) and + isOnlyEscapesViaReturnArgument(operand) and resultReturned(operand.getUse(), _) and bitOffset = Ints::unknown() } private predicate isArgumentForParameter(CallInstruction ci, Operand operand, Instruction init) { exists(Function f | - ci = operand.getUseInstruction() and + ci = operand.getUse() and f = ci.getStaticCallTarget() and ( init.(InitializeParameterInstruction).getParameter() = f.getParameter(operand.(PositionalArgumentOperand).getIndex()) @@ -241,21 +241,21 @@ private predicate isArgumentForParameter(CallInstruction ci, Operand operand, In private predicate isAlwaysReturnedArgument(Operand operand) { exists(AliasFunction f | - f = operand.getUseInstruction().(CallInstruction).getStaticCallTarget() and + f = operand.getUse().(CallInstruction).getStaticCallTarget() and f.parameterIsAlwaysReturned(operand.(PositionalArgumentOperand).getIndex()) ) } private predicate isOnlyEscapesViaReturnArgument(Operand operand) { exists(AliasFunction f | - f = operand.getUseInstruction().(CallInstruction).getStaticCallTarget() and + f = operand.getUse().(CallInstruction).getStaticCallTarget() and f.parameterEscapesOnlyViaReturn(operand.(PositionalArgumentOperand).getIndex()) ) } private predicate isNeverEscapesArgument(Operand operand) { exists(AliasFunction f | - f = operand.getUseInstruction().(CallInstruction).getStaticCallTarget() and + f = operand.getUse().(CallInstruction).getStaticCallTarget() and f.parameterNeverEscapes(operand.(PositionalArgumentOperand).getIndex()) ) } @@ -315,7 +315,7 @@ predicate resultPointsTo(Instruction instr, IRVariable var, IntValue bitOffset) operand = instr.getAnOperand() and // If an operand is propagated, then the result points to the same variable, // offset by the bit offset from the propagation. - resultPointsTo(operand.getDefinitionInstruction(), var, originalBitOffset) and + resultPointsTo(operand.getAnyDef(), var, originalBitOffset) and ( operandIsPropagated(operand, propagatedBitOffset) or diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll index 86b16330af4..922f632680c 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll @@ -69,7 +69,7 @@ cached private module Cached { oldInstruction = getOldInstruction(instruction) and oldOperand = oldInstruction.getAnOperand() and tag = oldOperand.getOperandTag() and - result = getNewInstruction(oldOperand.getDefinitionInstruction()) + result = getNewInstruction(oldOperand.getAnyDef()) ) } @@ -101,7 +101,7 @@ cached private module Cached { exists(OldInstruction oldDefinition | instruction instanceof UnmodeledUseInstruction and tag instanceof UnmodeledUseOperandTag and - oldDefinition = oldOperand.getDefinitionInstruction() and + oldDefinition = oldOperand.getAnyDef() and not exists(Alias::getResultMemoryLocation(oldDefinition)) and result = getNewInstruction(oldDefinition) and overlap instanceof MustTotallyOverlap diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll index 6d52e44f6fe..99222d3601c 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll @@ -8,12 +8,12 @@ private import semmle.code.cpp.ir.internal.Overlap private class IntValue = Ints::IntValue; private predicate hasResultMemoryAccess(Instruction instr, IRVariable var, Type type, IntValue bitOffset) { - resultPointsTo(instr.getResultAddressOperand().getDefinitionInstruction(), var, bitOffset) and + resultPointsTo(instr.getResultAddressOperand().getAnyDef(), var, bitOffset) and type = instr.getResultType() } private predicate hasOperandMemoryAccess(MemoryOperand operand, IRVariable var, Type type, IntValue bitOffset) { - resultPointsTo(operand.getAddressOperand().getDefinitionInstruction(), var, bitOffset) and + resultPointsTo(operand.getAddressOperand().getAnyDef(), var, bitOffset) and type = operand.getType() } diff --git a/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll b/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll index 353d76dbfd5..3bf17a82d0d 100644 --- a/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll +++ b/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll @@ -144,7 +144,7 @@ private predicate boundFlowStepSsa( ) { exists(IRGuardCondition guard, boolean testIsTrue | guard = boundFlowCond(valueNumberOfOperand(op2), op1, delta, upper, testIsTrue) and - guard.controls(op2.getUseInstruction().getBlock(), testIsTrue) and + guard.controls(op2.getUse().getBlock(), testIsTrue) and reason = TCondReason(guard) ) } @@ -269,8 +269,8 @@ private predicate boundFlowStep(Instruction i, NonPhiOperand op, int delta, bool i.(AddInstruction).getAnOperand() = x and op != x | - not exists(getValue(getConstantValue(op.getUseInstruction()))) and - not exists(getValue(getConstantValue(x.getUseInstruction()))) and + not exists(getValue(getConstantValue(op.getUse()))) and + not exists(getValue(getConstantValue(x.getUse()))) and if(strictlyPositive(x)) then ( upper = false and delta = 1 @@ -293,7 +293,7 @@ private predicate boundFlowStep(Instruction i, NonPhiOperand op, int delta, bool ) | // `x` with constant value is covered by valueFlowStep - not exists(getValue(getConstantValue(x.getUseInstruction()))) and + not exists(getValue(getConstantValue(x.getUse()))) and if strictlyPositive(x) then ( upper = true and delta = -1 @@ -353,7 +353,7 @@ private predicate boundedNonPhiOperand(NonPhiOperand op, Bound b, int delta, boo delta = d1 + d2 ) or - boundedInstruction(op.getDefinitionInstruction(), b, delta, upper, fromBackEdge, origdelta, reason) + boundedInstruction(op.getAnyDef(), b, delta, upper, fromBackEdge, origdelta, reason) or exists(int d, Reason r1, Reason r2 | boundedNonPhiOperand(op, b, d, upper, fromBackEdge, origdelta, r2) @@ -379,14 +379,14 @@ private predicate boundedNonPhiOperand(NonPhiOperand op, Bound b, int delta, boo private predicate boundFlowStepPhi( PhiInputOperand op2, Operand op1, int delta, boolean upper, Reason reason ) { - op2.getDefinitionInstruction().(CopyInstruction).getSourceValueOperand() = op1 and + op2.getAnyDef().(CopyInstruction).getSourceValueOperand() = op1 and (upper = true or upper = false) and reason = TNoReason() and delta = 0 or exists(IRGuardCondition guard, boolean testIsTrue | guard = boundFlowCond(valueNumberOfOperand(op2), op1, delta, upper, testIsTrue) and - guard.controlsEdge(op2.getPredecessorBlock(), op2.getUseInstruction().getBlock(), testIsTrue) and + guard.controlsEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and reason = TCondReason(guard) ) } @@ -403,10 +403,10 @@ private predicate boundedPhiOperand( (if r1 instanceof NoReason then reason = r2 else reason = r1) ) or - boundedInstruction(op.getDefinitionInstruction(), b, delta, upper, fromBackEdge, origdelta, reason) + boundedInstruction(op.getAnyDef(), b, delta, upper, fromBackEdge, origdelta, reason) or exists(int d, Reason r1, Reason r2 | - boundedInstruction(op.getDefinitionInstruction(), b, d, upper, fromBackEdge, origdelta, r2) + boundedInstruction(op.getAnyDef(), b, d, upper, fromBackEdge, origdelta, r2) | unequalOperand(op, b, d, r1) and ( @@ -427,7 +427,7 @@ private predicate unequalFlowStep( ) { exists(IRGuardCondition guard, boolean testIsTrue | guard = eqFlowCond(valueNumberOfOperand(op2), op1, delta, false, testIsTrue) and - guard.controls(op2.getUseInstruction().getBlock(), testIsTrue) and + guard.controls(op2.getUse().getBlock(), testIsTrue) and reason = TCondReason(guard) ) } @@ -476,7 +476,7 @@ private predicate boundedPhiInp( exists(int d, boolean fromBackEdge0 | boundedPhiOperand(op, b, d, upper, fromBackEdge0, origdelta, reason) or - b.(ValueNumberBound).getInstruction() = op.getDefinitionInstruction() and + b.(ValueNumberBound).getInstruction() = op.getAnyDef() and d = 0 and (upper = true or upper = false) and fromBackEdge0 = false and diff --git a/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeUtils.qll b/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeUtils.qll index ea11912f47a..058a327e9bb 100644 --- a/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeUtils.qll +++ b/cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeUtils.qll @@ -22,8 +22,8 @@ IntValue getConstantValue(Instruction instr) { result = getConstantValue(instr.(CopyInstruction).getSourceValue()) or exists(PhiInstruction phi | phi = instr and - result = max(PhiInputOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction())) and - result = min(PhiInputOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction())) + result = max(PhiInputOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getAnyDef())) and + result = min(PhiInputOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getAnyDef())) ) } @@ -35,14 +35,14 @@ predicate valueFlowStep(Instruction i, Operand op, int delta) { i.(AddInstruction).getAnOperand() = x and op != x | - delta = getValue(getConstantValue(x.getDefinitionInstruction())) + delta = getValue(getConstantValue(x.getAnyDef())) ) or exists(Operand x | i.(SubInstruction).getLeftOperand() = op and i.(SubInstruction).getRightOperand() = x | - delta = -getValue(getConstantValue(x.getDefinitionInstruction())) + delta = -getValue(getConstantValue(x.getAnyDef())) ) or exists(Operand x | @@ -51,7 +51,7 @@ predicate valueFlowStep(Instruction i, Operand op, int delta) { op != x | delta = i.(PointerAddInstruction).getElementSize() * - getValue(getConstantValue(x.getDefinitionInstruction())) + getValue(getConstantValue(x.getAnyDef())) ) or exists(Operand x | @@ -59,7 +59,7 @@ predicate valueFlowStep(Instruction i, Operand op, int delta) { i.(PointerSubInstruction).getRightOperand() = x | delta = i.(PointerSubInstruction).getElementSize() * - -getValue(getConstantValue(x.getDefinitionInstruction())) + -getValue(getConstantValue(x.getAnyDef())) ) } diff --git a/cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll b/cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll index daec9898c84..e9af655efb2 100644 --- a/cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll +++ b/cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll @@ -221,7 +221,7 @@ private predicate unknownSign(Instruction i) { */ private predicate lowerBound(IRGuardCondition comp, Operand lowerbound, Operand bounded, boolean isStrict) { exists(int adjustment, Operand compared | - valueNumber(bounded.getDefinitionInstruction()) = valueNumber(compared.getDefinitionInstruction()) and + valueNumber(bounded.getAnyDef()) = valueNumber(compared.getAnyDef()) and ( isStrict = true and adjustment = 0 @@ -229,7 +229,7 @@ private predicate lowerBound(IRGuardCondition comp, Operand lowerbound, Operand isStrict = false and adjustment = 1 ) and - comp.ensuresLt(lowerbound, compared, adjustment, bounded.getUseInstruction().getBlock(), true) + comp.ensuresLt(lowerbound, compared, adjustment, bounded.getUse().getBlock(), true) ) } @@ -240,7 +240,7 @@ private predicate lowerBound(IRGuardCondition comp, Operand lowerbound, Operand */ private predicate upperBound(IRGuardCondition comp, Operand upperbound, Operand bounded, boolean isStrict) { exists(int adjustment, Operand compared | - valueNumber(bounded.getDefinitionInstruction()) = valueNumber(compared.getDefinitionInstruction()) and + valueNumber(bounded.getAnyDef()) = valueNumber(compared.getAnyDef()) and ( isStrict = true and adjustment = 0 @@ -248,7 +248,7 @@ private predicate upperBound(IRGuardCondition comp, Operand upperbound, Operand isStrict = false and adjustment = 1 ) and - comp.ensuresLt(compared, upperbound, adjustment, bounded.getUseInstruction().getBlock(), true) + comp.ensuresLt(compared, upperbound, adjustment, bounded.getUse().getBlock(), true) ) } @@ -261,8 +261,8 @@ private predicate upperBound(IRGuardCondition comp, Operand upperbound, Operand */ private predicate eqBound(IRGuardCondition guard, Operand eqbound, Operand bounded, boolean isEq) { exists(Operand compared | - valueNumber(bounded.getDefinitionInstruction()) = valueNumber(compared.getDefinitionInstruction()) and - guard.ensuresEq(compared, eqbound, 0, bounded.getUseInstruction().getBlock(), isEq) + valueNumber(bounded.getAnyDef()) = valueNumber(compared.getAnyDef()) and + guard.ensuresEq(compared, eqbound, 0, bounded.getUse().getBlock(), isEq) ) } @@ -331,12 +331,12 @@ private predicate binaryOpSigns(BinaryInstruction i, Sign lhs, Sign rhs) { } private Sign unguardedOperandSign(Operand operand) { - result = instructionSign(operand.getDefinitionInstruction()) and + result = instructionSign(operand.getAnyDef()) and not hasGuard(operand, result) } private Sign guardedOperandSign(Operand operand) { - result = instructionSign(operand.getDefinitionInstruction()) and + result = instructionSign(operand.getAnyDef()) and hasGuard(operand, result) } diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql index 173ce6c5d89..019f5a121d9 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql @@ -65,7 +65,7 @@ query predicate irGuardsCompare(int startLine, string msg) { guard.comparesEq(left, right, k, false, sense) and op = " != " ) and startLine = guard.getLocation().getStartLine() - and msg = left.getDefinitionInstruction().getUnconvertedResultExpression() + op + right.getDefinitionInstruction().getUnconvertedResultExpression() + "+" + k + " when " + guard + " is " + which + and msg = left.getAnyDef().getUnconvertedResultExpression() + op + right.getAnyDef().getUnconvertedResultExpression() + "+" + k + " when " + guard + " is " + which ) } query predicate irGuardsControl(IRGuardCondition guard, boolean sense, int start, int end) {