From f4f5d43bcbb22ba7d1c97b033884f4278e0717f7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 7 Aug 2023 17:31:20 +0100 Subject: [PATCH] C++: `indirectReturnOutNodeOperand0` and `indirectReturnOutNodeInstruction0` were broken and for some reason only handled the case where calls mapped to raw indirect nodes :wat:. It turns out these predicates weren't actually needed anyway. --- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 209d0246832..f834259dc37 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -781,26 +781,12 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PartialDef override Expr getDefinedExpr() { result = operand.getDef().getUnconvertedResultExpression() } } -pragma[nomagic] -predicate indirectReturnOutNodeOperand0(CallInstruction call, Operand operand, int indirectionIndex) { - Ssa::hasRawIndirectInstruction(call, indirectionIndex) and - operandForFullyConvertedCall(operand, call) -} - -pragma[nomagic] -predicate indirectReturnOutNodeInstruction0( - CallInstruction call, Instruction instr, int indirectionIndex -) { - Ssa::hasRawIndirectInstruction(call, indirectionIndex) and - instructionForFullyConvertedCall(instr, call) -} - /** * Holds if `node` is an indirect operand with columns `(operand, indirectionIndex)`, and * `operand` represents a use of the fully converted value of `call`. */ private predicate hasOperand(Node node, CallInstruction call, int indirectionIndex, Operand operand) { - indirectReturnOutNodeOperand0(call, operand, indirectionIndex) and + operandForFullyConvertedCall(operand, call) and hasOperandAndIndex(node, operand, indirectionIndex) } @@ -813,7 +799,7 @@ private predicate hasOperand(Node node, CallInstruction call, int indirectionInd private predicate hasInstruction( Node node, CallInstruction call, int indirectionIndex, Instruction instr ) { - indirectReturnOutNodeInstruction0(call, instr, indirectionIndex) and + instructionForFullyConvertedCall(instr, call) and hasInstructionAndIndex(node, instr, indirectionIndex) }