Merge pull request #12900 from MathiasVP/ir-translate-constant-static-local-vars-2

cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll

@@ -6,7 +6,7 @@ private import IRFunctionBaseInternal
 
 private newtype TIRFunction =
   TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
-  TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }
+  TVarInitIRFunction(Language::Variable var) { IRConstruction::Raw::varHasIRFunc(var) }
 
 /**
  * The IR for a function. This base class contains only the predicates that are the same between all

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

@@ -37,7 +37,13 @@ module Raw {
   predicate functionHasIR(Function func) { exists(getTranslatedFunction(func)) }
 
   cached
-  predicate varHasIRFunc(GlobalOrNamespaceVariable var) {
+  predicate varHasIRFunc(Variable var) {
+    (
+      var instanceof GlobalOrNamespaceVariable
+      or
+      not var.isFromUninstantiatedTemplate(_) and
+      var instanceof StaticInitializedStaticLocalVariable
+    ) and
     var.hasInitializer() and
     (
       not var.getType().isDeeplyConst()
@@ -75,9 +81,10 @@ module Raw {
   }
 
   cached
-  predicate hasDynamicInitializationFlag(Function func, StaticLocalVariable var, CppType type) {
+  predicate hasDynamicInitializationFlag(
+    Function func, RuntimeInitializedStaticLocalVariable var, CppType type
+  ) {
     var.getFunction() = func and
-    var.hasDynamicInitialization() and
     type = getBoolType()
   }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -180,7 +180,7 @@ abstract class TranslatedSideEffects extends TranslatedElement {
   /** DEPRECATED: Alias for getAst */
   deprecated override Locatable getAST() { result = getAst() }
 
-  final override Declaration getFunction() { result = getExpr().getEnclosingDeclaration() }
+  final override Declaration getFunction() { result = getEnclosingDeclaration(getExpr()) }
 
   final override TranslatedElement getChild(int i) {
     result =

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll

@@ -28,7 +28,11 @@ abstract class TranslatedCondition extends TranslatedElement {
 
   final Expr getExpr() { result = expr }
 
-  final override Function getFunction() { result = expr.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = getEnclosingFunction(expr) or
+    result = getEnclosingVariable(expr).(GlobalOrNamespaceVariable) or
+    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable)
+  }
 
   final Type getResultType() { result = expr.getUnspecifiedType() }
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

@@ -28,9 +28,14 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated
 
   TranslatedDeclarationEntry() { this = TTranslatedDeclarationEntry(entry) }
 
-  final override Function getFunction() {
-    exists(DeclStmt stmt |
-      stmt = entry.getStmt() and
+  final override Declaration getFunction() {
+    exists(DeclStmt stmt | stmt = entry.getStmt() |
+      result = entry.getDeclaration().(StaticInitializedStaticLocalVariable)
+      or
+      result = entry.getDeclaration().(GlobalOrNamespaceVariable)
+      or
+      not entry.getDeclaration() instanceof StaticInitializedStaticLocalVariable and
+      not entry.getDeclaration() instanceof GlobalOrNamespaceVariable and
       result = stmt.getEnclosingFunction()
     )
   }
@@ -237,7 +242,7 @@ class TranslatedStaticLocalVariableInitialization extends TranslatedElement,
 
   final override LocalVariable getVariable() { result = var }
 
-  final override Function getFunction() { result = var.getFunction() }
+  final override Declaration getFunction() { result = var.getFunction() }
 }
 
 TranslatedConditionDecl getTranslatedConditionDecl(ConditionDeclExpr expr) {
@@ -264,7 +269,7 @@ class TranslatedConditionDecl extends TranslatedLocalVariableDeclaration, TTrans
   /** DEPRECATED: Alias for getAst */
   deprecated override Locatable getAST() { result = getAst() }
 
-  override Function getFunction() { result = conditionDeclExpr.getEnclosingFunction() }
+  override Declaration getFunction() { result = getEnclosingFunction(conditionDeclExpr) }
 
   override LocalVariable getVariable() { result = conditionDeclExpr.getVariable() }
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -62,15 +62,6 @@ private predicate ignoreExprAndDescendants(Expr expr) {
   // constant value.
   isIRConstant(getRealParent(expr))
   or
-  // Only translate the initializer of a static local if it uses run-time data.
-  // Otherwise the initializer does not run in function scope.
-  exists(Initializer init, StaticStorageDurationVariable var |
-    init = var.getInitializer() and
-    not var.hasDynamicInitialization() and
-    expr = init.getExpr().getFullyConverted() and
-    not var instanceof GlobalOrNamespaceVariable
-  )
-  or
   // Ignore descendants of `__assume` expressions, since we translated these to `NoOp`.
   getRealParent(expr) instanceof AssumeExpr
   or
@@ -118,8 +109,8 @@ private predicate ignoreExprOnly(Expr expr) {
   // should not be translated.
   exists(NewOrNewArrayExpr new | expr = new.getAllocatorCall().getArgument(0))
   or
-  not translateFunction(expr.getEnclosingFunction()) and
-  not Raw::varHasIRFunc(expr.getEnclosingVariable())
+  not translateFunction(getEnclosingFunction(expr)) and
+  not Raw::varHasIRFunc(getEnclosingVariable(expr))
   or
   // We do not yet translate destructors properly, so for now we ignore the
   // destructor call. We do, however, translate the expression being
@@ -438,6 +429,17 @@ predicate hasTranslatedSyntheticTemporaryObject(Expr expr) {
   not expr.hasLValueToRValueConversion()
 }
 
+class StaticInitializedStaticLocalVariable extends StaticLocalVariable {
+  StaticInitializedStaticLocalVariable() {
+    this.hasInitializer() and
+    not this.hasDynamicInitialization()
+  }
+}
+
+class RuntimeInitializedStaticLocalVariable extends StaticLocalVariable {
+  RuntimeInitializedStaticLocalVariable() { this.hasDynamicInitialization() }
+}
+
 /**
  * Holds if the specified `DeclarationEntry` needs an IR translation. An IR translation is only
  * necessary for automatic local variables, or for static local variables with dynamic
@@ -453,7 +455,7 @@ private predicate translateDeclarationEntry(IRDeclarationEntry entry) {
       not var.isStatic()
       or
       // Ignore static variables unless they have a dynamic initializer.
-      var.(StaticLocalVariable).hasDynamicInitialization()
+      var instanceof RuntimeInitializedStaticLocalVariable
     )
   )
 }
@@ -755,7 +757,7 @@ newtype TTranslatedElement =
   } or
   // The side effect that initializes newly-allocated memory.
   TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
-  TTranslatedGlobalOrNamespaceVarInit(GlobalOrNamespaceVariable var) { Raw::varHasIRFunc(var) }
+  TTranslatedStaticStorageDurationVarInit(Variable var) { Raw::varHasIRFunc(var) }
 
 /**
  * Gets the index of the first explicitly initialized element in `initList`
@@ -1043,6 +1045,6 @@ abstract class TranslatedRootElement extends TranslatedElement {
   TranslatedRootElement() {
     this instanceof TTranslatedFunction
     or
-    this instanceof TTranslatedGlobalOrNamespaceVarInit
+    this instanceof TTranslatedStaticStorageDurationVarInit
   }
 }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -79,7 +79,7 @@ abstract class TranslatedExpr extends TranslatedElement {
   /** DEPRECATED: Alias for getAst */
   deprecated override Locatable getAST() { result = this.getAst() }
 
-  final override Declaration getFunction() { result = expr.getEnclosingDeclaration() }
+  final override Declaration getFunction() { result = getEnclosingDeclaration(expr) }
 
   /**
    * Gets the expression from which this `TranslatedExpr` is generated.
@@ -90,12 +90,57 @@ abstract class TranslatedExpr extends TranslatedElement {
    * Gets the `TranslatedFunction` containing this expression.
    */
   final TranslatedRootElement getEnclosingFunction() {
-    result = getTranslatedFunction(expr.getEnclosingFunction())
+    result = getTranslatedFunction(getEnclosingFunction(expr))
     or
-    result = getTranslatedVarInit(expr.getEnclosingVariable())
+    result = getTranslatedVarInit(getEnclosingVariable(expr))
   }
 }
 
+Function getEnclosingFunction(Expr e) {
+  not exists(getEnclosingVariable(e)) and
+  result = e.getEnclosingFunction()
+}
+
+Declaration getEnclosingDeclaration0(Expr e) {
+  result = getEnclosingDeclaration0(e.getParentWithConversions())
+  or
+  exists(Initializer i, Variable v |
+    i.getExpr().getFullyConverted() = e and
+    v = i.getDeclaration()
+  |
+    if v instanceof StaticInitializedStaticLocalVariable or v instanceof GlobalOrNamespaceVariable
+    then result = v
+    else result = e.getEnclosingDeclaration()
+  )
+}
+
+Declaration getEnclosingDeclaration(Expr e) {
+  result = getEnclosingDeclaration0(e)
+  or
+  not exists(getEnclosingDeclaration0(e)) and
+  result = e.getEnclosingDeclaration()
+}
+
+Variable getEnclosingVariable0(Expr e) {
+  result = getEnclosingVariable0(e.getParentWithConversions())
+  or
+  exists(Initializer i, Variable v |
+    i.getExpr().getFullyConverted() = e and
+    v = i.getDeclaration()
+  |
+    if v instanceof StaticInitializedStaticLocalVariable or v instanceof GlobalOrNamespaceVariable
+    then result = v
+    else result = e.getEnclosingVariable()
+  )
+}
+
+Variable getEnclosingVariable(Expr e) {
+  result = getEnclosingVariable0(e)
+  or
+  not exists(getEnclosingVariable0(e)) and
+  result = e.getEnclosingVariable()
+}
+
 /**
  * The IR translation of the "core"  part of an expression. This is the part of
  * the expression that produces the result value of the expression, before any
@@ -843,10 +888,21 @@ class TranslatedNonFieldVariableAccess extends TranslatedVariableAccess {
 
   override IRVariable getInstructionVariable(InstructionTag tag) {
     tag = OnlyInstructionTag() and
-    result = getIRUserVariable(expr.getEnclosingDeclaration(), expr.getTarget())
+    exists(Declaration d, Variable v |
+      accessHasEnclosingDeclarationAndVariable(d, v, expr) and
+      result = getIRUserVariable(d, v)
+    )
   }
 }
 
+pragma[nomagic]
+private predicate accessHasEnclosingDeclarationAndVariable(
+  Declaration d, Variable v, VariableAccess va
+) {
+  d = getEnclosingDeclaration(va) and
+  v = va.getTarget()
+}
+
 class TranslatedFieldAccess extends TranslatedVariableAccess {
   override FieldAccess expr;
 
@@ -2000,7 +2056,7 @@ class TranslatedDestructorFieldDestruction extends TranslatedNonConstantExpr, St
   final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
     tag = OnlyInstructionTag() and
     operandTag instanceof UnaryOperandTag and
-    result = getTranslatedFunction(expr.getEnclosingFunction()).getInitializeThisInstruction()
+    result = getTranslatedFunction(getEnclosingFunction(expr)).getInitializeThisInstruction()
   }
 
   final override Field getInstructionField(InstructionTag tag) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll

@@ -322,11 +322,13 @@ class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
       (
         var instanceof GlobalOrNamespaceVariable
         or
+        var instanceof StaticLocalVariable
+        or
         var instanceof MemberVariable and not var instanceof Field
       ) and
       exists(VariableAccess access |
         access.getTarget() = var and
-        access.getEnclosingFunction() = func
+        getEnclosingFunction(access) = func
       )
       or
       var.(LocalScopeVariable).getFunction() = func

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll

@@ -1,4 +1,5 @@
 import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
+private import TranslatedExpr
 private import cpp
 private import semmle.code.cpp.ir.implementation.IRType
 private import semmle.code.cpp.ir.implementation.Opcode
@@ -8,16 +9,16 @@ private import TranslatedInitialization
 private import InstructionTag
 private import semmle.code.cpp.ir.internal.IRUtilities
 
-class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
-  TTranslatedGlobalOrNamespaceVarInit, InitializationContext
+class TranslatedStaticStorageDurationVarInit extends TranslatedRootElement,
+  TTranslatedStaticStorageDurationVarInit, InitializationContext
 {
-  GlobalOrNamespaceVariable var;
+  Variable var;
 
-  TranslatedGlobalOrNamespaceVarInit() { this = TTranslatedGlobalOrNamespaceVarInit(var) }
+  TranslatedStaticStorageDurationVarInit() { this = TTranslatedStaticStorageDurationVarInit(var) }
 
   override string toString() { result = var.toString() }
 
-  final override GlobalOrNamespaceVariable getAst() { result = var }
+  final override Variable getAst() { result = var }
 
   final override Declaration getFunction() { result = var }
 
@@ -111,11 +112,13 @@ class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
       (
         varUsed instanceof GlobalOrNamespaceVariable
         or
+        varUsed instanceof StaticLocalVariable
+        or
         varUsed instanceof MemberVariable and not varUsed instanceof Field
       ) and
       exists(VariableAccess access |
         access.getTarget() = varUsed and
-        access.getEnclosingVariable() = var
+        getEnclosingVariable(access) = var
       )
       or
       var = varUsed
@@ -128,6 +131,4 @@ class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
   }
 }
 
-TranslatedGlobalOrNamespaceVarInit getTranslatedVarInit(GlobalOrNamespaceVariable var) {
-  result.getAst() = var
-}
+TranslatedStaticStorageDurationVarInit getTranslatedVarInit(Variable var) { result.getAst() = var }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -138,8 +138,9 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
   final override string toString() { result = "init: " + expr.toString() }
 
   final override Declaration getFunction() {
-    result = expr.getEnclosingFunction() or
-    result = expr.getEnclosingVariable().(GlobalOrNamespaceVariable)
+    result = getEnclosingFunction(expr) or
+    result = getEnclosingVariable(expr).(GlobalOrNamespaceVariable) or
+    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable)
   }
 
   final override Locatable getAst() { result = expr }
@@ -159,7 +160,7 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
   final InitializationContext getContext() { result = getParent() }
 
   final TranslatedFunction getEnclosingFunction() {
-    result = getTranslatedFunction(expr.getEnclosingFunction())
+    result = getTranslatedFunction(this.getFunction())
   }
 }
 
@@ -493,8 +494,9 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
   deprecated override Locatable getAST() { result = getAst() }
 
   final override Declaration getFunction() {
-    result = ast.getEnclosingFunction() or
-    result = ast.getEnclosingVariable().(GlobalOrNamespaceVariable)
+    result = getEnclosingFunction(ast) or
+    result = getEnclosingVariable(ast).(GlobalOrNamespaceVariable) or
+    result = getEnclosingVariable(ast).(StaticInitializedStaticLocalVariable)
   }
 
   final override Instruction getFirstInstruction() { result = getInstruction(getFieldAddressTag()) }
@@ -651,9 +653,11 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
   deprecated override Locatable getAST() { result = getAst() }
 
   final override Declaration getFunction() {
-    result = initList.getEnclosingFunction()
+    result = getEnclosingFunction(initList)
     or
-    result = initList.getEnclosingVariable().(GlobalOrNamespaceVariable)
+    result = getEnclosingVariable(initList).(GlobalOrNamespaceVariable)
+    or
+    result = getEnclosingVariable(initList).(StaticInitializedStaticLocalVariable)
   }
 
   final override Instruction getFirstInstruction() { result = getInstruction(getElementIndexTag()) }
@@ -852,7 +856,7 @@ abstract class TranslatedStructorCallFromStructor extends TranslatedElement, Str
     result = getStructorCall()
   }
 
-  final override Function getFunction() { result = call.getEnclosingFunction() }
+  final override Function getFunction() { result = getEnclosingFunction(call) }
 
   final override Instruction getChildSuccessor(TranslatedElement child) {
     child = getStructorCall() and
@@ -989,7 +993,7 @@ class TranslatedConstructorBareInit extends TranslatedElement, TTranslatedConstr
 
   override TranslatedElement getChild(int id) { none() }
 
-  override Function getFunction() { result = getParent().getFunction() }
+  override Declaration getFunction() { result = this.getParent().getFunction() }
 
   override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() }
 

cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll

@@ -47,7 +47,7 @@ class Variable = Cpp::Variable;
 
 class AutomaticVariable = Cpp::StackVariable;
 
-class StaticVariable = Cpp::Variable;
+class StaticVariable = Cpp::StaticStorageDurationVariable;
 
 class GlobalVariable = Cpp::GlobalOrNamespaceVariable;
 

cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguageDebug.qll

@@ -1,3 +1,9 @@
+private import cpp
 private import semmle.code.cpp.Print as Print
 
-predicate getIdentityString = Print::getIdentityString/1;
+string getIdentityString(Declaration decl) {
+  if decl instanceof StaticLocalVariable
+  then
+    exists(StaticLocalVariable v | v = decl | result = v.getType().toString() + " " + v.getName())
+  else result = Print::getIdentityString(decl)
+}