Merge pull request #8912 from rdmarsh2/rdmarsh2/fix-ir-globals

C++: Fix IR variable reuse for global var inits

csharp/ql/src/experimental/ir/implementation/IRConfiguration.qll

@@ -16,7 +16,7 @@ class IRConfiguration extends TIRConfiguration {
   /**
    * Holds if IR should be created for function `func`. By default, holds for all functions.
    */
-  predicate shouldCreateIRForFunction(Language::Function func) { any() }
+  predicate shouldCreateIRForFunction(Language::Declaration func) { any() }
 
   /**
    * Holds if the strings used as part of an IR dump should be generated for function `func`.
@@ -25,7 +25,7 @@ class IRConfiguration extends TIRConfiguration {
    * of debug strings for IR that will not be dumped. We still generate the actual IR for these
    * functions, however, to preserve the results of any interprocedural analysis.
    */
-  predicate shouldEvaluateDebugStringsForFunction(Language::Function func) { any() }
+  predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) { any() }
 }
 
 private newtype TIREscapeAnalysisConfiguration = MkIREscapeAnalysisConfiguration()

csharp/ql/src/experimental/ir/implementation/internal/IRFunctionBase.qll

@@ -5,23 +5,28 @@
 private import IRFunctionBaseInternal
 
 private newtype TIRFunction =
-  MkIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) }
+  TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
+  TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }
 
 /**
  * The IR for a function. This base class contains only the predicates that are the same between all
  * phases of the IR. Each instantiation of `IRFunction` extends this class.
  */
 class IRFunctionBase extends TIRFunction {
-  Language::Function func;
+  Language::Declaration decl;
 
-  IRFunctionBase() { this = MkIRFunction(func) }
+  IRFunctionBase() {
+    this = TFunctionIRFunction(decl)
+    or
+    this = TVarInitIRFunction(decl)
+  }
 
   /** Gets a textual representation of this element. */
-  final string toString() { result = "IR: " + func.toString() }
+  final string toString() { result = "IR: " + decl.toString() }
 
   /** Gets the function whose IR is represented. */
-  final Language::Function getFunction() { result = func }
+  final Language::Declaration getFunction() { result = decl }
 
   /** Gets the location of the function. */
-  final Language::Location getLocation() { result = func.getLocation() }
+  final Language::Location getLocation() { result = decl.getLocation() }
 }

csharp/ql/src/experimental/ir/implementation/internal/TIRVariable.qll

@@ -2,21 +2,21 @@ private import TIRVariableInternal
 private import Imports::TempVariableTag
 
 newtype TIRVariable =
-  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Function func) {
+  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Declaration func) {
     Construction::hasUserVariable(func, var, type)
   } or
   TIRTempVariable(
-    Language::Function func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
+    Language::Declaration func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
   ) {
     Construction::hasTempVariable(func, ast, tag, type)
   } or
   TIRDynamicInitializationFlag(
-    Language::Function func, Language::Variable var, Language::LanguageType type
+    Language::Declaration func, Language::Variable var, Language::LanguageType type
   ) {
     Construction::hasDynamicInitializationFlag(func, var, type)
   } or
   TIRStringLiteral(
-    Language::Function func, Language::AST ast, Language::LanguageType type,
+    Language::Declaration func, Language::AST ast, Language::LanguageType type,
     Language::StringLiteral literal
   ) {
     Construction::hasStringLiteral(func, ast, type, literal)

csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
   /**
    * Gets the `Function` that contains this block.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = getFirstInstruction(this).getEnclosingFunction()
   }
 }

csharp/ql/src/experimental/ir/implementation/raw/IRConsistency.qll

@@ -524,4 +524,23 @@ module InstructionConsistency {
         "' has a `this` argument operand that is not an address, in function '$@'." and
     irFunc = getInstructionIRFunction(instr, irFuncText)
   }
+
+  query predicate nonUniqueIRVariable(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
+      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
+    ) and
+    message =
+      "Variable instruction '" + instr.toString() +
+        "' has multiple associated variables, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+    or
+    instr.getOpcode() instanceof Opcode::VariableAddress and
+    not instr instanceof VariableInstruction and
+    message =
+      "Variable address instruction '" + instr.toString() +
+        "' has no associated variable, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
 }

csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll

@@ -18,7 +18,7 @@ private import Imports::IRType
  * by the AST-to-IR translation (`IRTempVariable`).
  */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;
 
   IRVariable() {
     this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
   /**
    * Gets the function that references this variable.
    */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }
 
 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {
 
   final override string toString() { result = "#ellipsis" }
 
-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }
 
 /**

csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
   /**
    * Gets the function that contains this instruction.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = this.getEnclosingIRFunction().getFunction()
   }
 

csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
    * Holds if the IR for `func` should be printed. By default, holds for all
    * functions.
    */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }
 
 /**
  * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
  */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
     shouldPrintFunction(func)
   }
 }
 
-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }
 
 private string getAdditionalInstructionProperty(Instruction instr, string key) {

csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll

@@ -46,6 +46,9 @@ module Raw {
   cached
   predicate functionHasIR(Callable callable) { exists(getTranslatedFunction(callable)) }
 
+  cached
+  predicate varHasIRFunc(Field field) { none() }
+
   cached
   predicate hasInstruction(TranslatedElement element, InstructionTag tag) {
     element.hasInstruction(_, tag, _)

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
   /**
    * Gets the `Function` that contains this block.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = getFirstInstruction(this).getEnclosingFunction()
   }
 }

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRConsistency.qll

@@ -524,4 +524,23 @@ module InstructionConsistency {
         "' has a `this` argument operand that is not an address, in function '$@'." and
     irFunc = getInstructionIRFunction(instr, irFuncText)
   }
+
+  query predicate nonUniqueIRVariable(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    exists(VariableInstruction vi, IRVariable v1, IRVariable v2 |
+      instr = vi and vi.getIRVariable() = v1 and vi.getIRVariable() = v2 and v1 != v2
+    ) and
+    message =
+      "Variable instruction '" + instr.toString() +
+        "' has multiple associated variables, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+    or
+    instr.getOpcode() instanceof Opcode::VariableAddress and
+    not instr instanceof VariableInstruction and
+    message =
+      "Variable address instruction '" + instr.toString() +
+        "' has no associated variable, in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
 }

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll

@@ -18,7 +18,7 @@ private import Imports::IRType
  * by the AST-to-IR translation (`IRTempVariable`).
  */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;
 
   IRVariable() {
     this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
   /**
    * Gets the function that references this variable.
    */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }
 
 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {
 
   final override string toString() { result = "#ellipsis" }
 
-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }
 
 /**

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
   /**
    * Gets the function that contains this instruction.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = this.getEnclosingIRFunction().getFunction()
   }
 

csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
    * Holds if the IR for `func` should be printed. By default, holds for all
    * functions.
    */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }
 
 /**
  * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
  */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
     shouldPrintFunction(func)
   }
 }
 
-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }
 
 private string getAdditionalInstructionProperty(Instruction instr, string key) {

csharp/ql/src/experimental/ir/internal/IRCSharpLanguage.qll

@@ -8,6 +8,12 @@ class OpaqueTypeTag = CSharp::ValueOrRefType;
 
 class Function = CSharp::Callable;
 
+class GlobalVariable extends CSharp::Field {
+  GlobalVariable() { this.isStatic() }
+}
+
+class Declaration = CSharp::Declaration;
+
 class Location = CSharp::Location;
 
 class UnknownLocation = CSharp::EmptyLocation;

csharp/ql/test/experimental/ir/ir/raw_ir_consistency.expected

@@ -28,6 +28,7 @@ fieldAddressOnNonPointer
 thisArgumentIsNonPointer
 | inoutref.cs:32:22:32:35 | Call: object creation of type MyStruct | Call instruction 'Call: object creation of type MyStruct' has a `this` argument operand that is not an address, in function '$@'. | inoutref.cs:29:17:29:20 | System.Void InOutRef.Main() | System.Void InOutRef.Main() |
 | pointers.cs:27:22:27:35 | Call: object creation of type MyStruct | Call instruction 'Call: object creation of type MyStruct' has a `this` argument operand that is not an address, in function '$@'. | pointers.cs:25:17:25:20 | System.Void Pointers.Main() | System.Void Pointers.Main() |
+nonUniqueIRVariable
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType

csharp/ql/test/experimental/ir/ir/unaliased_ssa_consistency.expected

@@ -28,6 +28,7 @@ fieldAddressOnNonPointer
 thisArgumentIsNonPointer
 | inoutref.cs:32:22:32:35 | Call: object creation of type MyStruct | Call instruction 'Call: object creation of type MyStruct' has a `this` argument operand that is not an address, in function '$@'. | inoutref.cs:29:17:29:20 | System.Void InOutRef.Main() | System.Void InOutRef.Main() |
 | pointers.cs:27:22:27:35 | Call: object creation of type MyStruct | Call instruction 'Call: object creation of type MyStruct' has a `this` argument operand that is not an address, in function '$@'. | pointers.cs:25:17:25:20 | System.Void Pointers.Main() | System.Void Pointers.Main() |
+nonUniqueIRVariable
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType