hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars

Browse Source 
C++: generate IR for global variables with initializers
This commit is contained in:
Mathias Vorreiter Pedersen
2022-04-26 18:17:13 +01:00
committed by GitHub
parent 7ce040f331 d0fc348ad9
commit 800e4ea7df
44 changed files with 553 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
View File

@@ -49,6 +49,9 @@ class Expr extends StmtParent, @expr {
/** Gets the enclosing variable of this expression, if any. */
Variable getEnclosingVariable() { result = exprEnclosingElement(this) }
/** Gets the enclosing variable or function of this expression. */
Declaration getEnclosingDeclaration() { result = exprEnclosingElement(this) }
/** Gets a child of this expression. */
Expr getAChild() { exists(int n | result = this.getChild(n)) }

4
cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll
View File

@@ -16,7 +16,7 @@ class IRConfiguration extends TIRConfiguration {
/**
* Holds if IR should be created for function `func`. By default, holds for all functions.
*/
predicate shouldCreateIRForFunction(Language::Function func) { any() }
predicate shouldCreateIRForFunction(Language::Declaration func) { any() }
/**
* Holds if the strings used as part of an IR dump should be generated for function `func`.
@@ -25,7 +25,7 @@ class IRConfiguration extends TIRConfiguration {
* of debug strings for IR that will not be dumped. We still generate the actual IR for these
* functions, however, to preserve the results of any interprocedural analysis.
*/
predicate shouldEvaluateDebugStringsForFunction(Language::Function func) { any() }
predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) { any() }
}
private newtype TIREscapeAnalysisConfiguration = MkIREscapeAnalysisConfiguration()

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
View File

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
/**
* Gets the `Function` that contains this block.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = getFirstInstruction(this).getEnclosingFunction()
}
}

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
View File

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
/**
* Gets the function that contains this instruction.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = this.getEnclosingIRFunction().getFunction()
}

8
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
View File

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
* Holds if the IR for `func` should be printed. By default, holds for all
* functions.
*/
predicate shouldPrintFunction(Language::Function func) { any() }
predicate shouldPrintFunction(Language::Declaration decl) { any() }
}
/**
* Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
*/
private class FilteredIRConfiguration extends IRConfiguration {
override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
shouldPrintFunction(func)
}
}
private predicate shouldPrintFunction(Language::Function func) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
private predicate shouldPrintFunction(Language::Declaration decl) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
}
private string getAdditionalInstructionProperty(Instruction instr, string key) {

17
cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll
View File

@@ -5,23 +5,28 @@
private import IRFunctionBaseInternal
private newtype TIRFunction =
MkIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) }
TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }
/**
* The IR for a function. This base class contains only the predicates that are the same between all
* phases of the IR. Each instantiation of `IRFunction` extends this class.
*/
class IRFunctionBase extends TIRFunction {
Language::Function func;
Language::Declaration decl;
IRFunctionBase() { this = MkIRFunction(func) }
IRFunctionBase() {
this = TFunctionIRFunction(decl)
or
this = TVarInitIRFunction(decl)
}
/** Gets a textual representation of this element. */
final string toString() { result = "IR: " + func.toString() }
final string toString() { result = "IR: " + decl.toString() }
/** Gets the function whose IR is represented. */
final Language::Function getFunction() { result = func }
final Language::Declaration getFunction() { result = decl }
/** Gets the location of the function. */
final Language::Location getLocation() { result = func.getLocation() }
final Language::Location getLocation() { result = decl.getLocation() }
}

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
View File

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
/**
* Gets the `Function` that contains this block.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = getFirstInstruction(this).getEnclosingFunction()
}
}

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
View File

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
/**
* Gets the function that contains this instruction.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = this.getEnclosingIRFunction().getFunction()
}

8
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
View File

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
* Holds if the IR for `func` should be printed. By default, holds for all
* functions.
*/
predicate shouldPrintFunction(Language::Function func) { any() }
predicate shouldPrintFunction(Language::Declaration decl) { any() }
}
/**
* Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
*/
private class FilteredIRConfiguration extends IRConfiguration {
override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
shouldPrintFunction(func)
}
}
private predicate shouldPrintFunction(Language::Function func) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
private predicate shouldPrintFunction(Language::Declaration decl) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
}
private string getAdditionalInstructionProperty(Instruction instr, string key) {

11
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
View File

@@ -35,6 +35,9 @@ module Raw {
cached
predicate functionHasIR(Function func) { exists(getTranslatedFunction(func)) }
cached
predicate varHasIRFunc(GlobalOrNamespaceVariable var) { any() } // TODO: restrict?
cached
predicate hasInstruction(TranslatedElement element, InstructionTag tag) {
element.hasInstruction(_, tag, _)
@@ -46,18 +49,18 @@ module Raw {
}
cached
predicate hasTempVariable(Function func, Locatable ast, TempVariableTag tag, CppType type) {
predicate hasTempVariable(Declaration decl, Locatable ast, TempVariableTag tag, CppType type) {
exists(TranslatedElement element |
element.getAst() = ast and
func = element.getFunction() and
decl = element.getFunction() and
element.hasTempVariable(tag, type)
)
}
cached
predicate hasStringLiteral(Function func, Locatable ast, CppType type, StringLiteral literal) {
predicate hasStringLiteral(Declaration decl, Locatable ast, CppType type, StringLiteral literal) {
literal = ast and
literal.getEnclosingFunction() = func and
literal.getEnclosingDeclaration() = decl and
getTypeForPRValue(literal.getType()) = type
}

11
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
View File

@@ -180,7 +180,7 @@ abstract class TranslatedSideEffects extends TranslatedElement {
/** DEPRECATED: Alias for getAst */
deprecated override Locatable getAST() { result = getAst() }
final override Function getFunction() { result = getExpr().getEnclosingFunction() }
final override Declaration getFunction() { result = getExpr().getEnclosingDeclaration() }
final override TranslatedElement getChild(int i) {
result =
@@ -375,7 +375,7 @@ abstract class TranslatedSideEffect extends TranslatedElement {
kind instanceof GotoEdge
}
final override Function getFunction() { result = getParent().getFunction() }
final override Declaration getFunction() { result = getParent().getFunction() }
final override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
tag = OnlyInstructionTag() and
@@ -436,13 +436,6 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
result = index
}
/**
* Gets the `TranslatedFunction` containing this expression.
*/
final TranslatedFunction getEnclosingFunction() {
result = getTranslatedFunction(call.getEnclosingFunction())
}
final override predicate sideEffectInstruction(Opcode opcode, CppType type) {
opcode = sideEffectOpcode and
(

22
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -67,7 +67,8 @@ private predicate ignoreExprAndDescendants(Expr expr) {
exists(Initializer init, StaticStorageDurationVariable var |
init = var.getInitializer() and
not var.hasDynamicInitialization() and
expr = init.getExpr().getFullyConverted()
expr = init.getExpr().getFullyConverted() and
not var instanceof GlobalOrNamespaceVariable
)
or
// Ignore descendants of `__assume` expressions, since we translated these to `NoOp`.
@@ -117,7 +118,8 @@ private predicate ignoreExprOnly(Expr expr) {
// should not be translated.
exists(NewOrNewArrayExpr new | expr = new.getAllocatorCall().getArgument(0))
or
not translateFunction(expr.getEnclosingFunction())
not translateFunction(expr.getEnclosingFunction()) and
not expr.getEnclosingVariable() instanceof GlobalOrNamespaceVariable
or
// We do not yet translate destructors properly, so for now we ignore the
// destructor call. We do, however, translate the expression being
@@ -662,7 +664,8 @@ newtype TTranslatedElement =
opcode = getASideEffectOpcode(call, -1)
} or
// The side effect that initializes newly-allocated memory.
TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) }
TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
TTranslatedGlobalOrNamespaceVarInit(GlobalOrNamespaceVariable var) { var.hasInitializer() }
/**
* Gets the index of the first explicitly initialized element in `initList`
@@ -792,7 +795,7 @@ abstract class TranslatedElement extends TTranslatedElement {
/**
* Gets the `Function` that contains this element.
*/
abstract Function getFunction();
abstract Declaration getFunction();
/**
* Gets the successor instruction of the instruction that was generated by
@@ -942,3 +945,14 @@ abstract class TranslatedElement extends TTranslatedElement {
*/
final TranslatedElement getParent() { result.getAChild() = this }
}
/**
* Represents the IR translation of a root element, either a function or a global variable.
*/
abstract class TranslatedRootElement extends TranslatedElement {
TranslatedRootElement() {
this instanceof TTranslatedFunction
or
this instanceof TTranslatedGlobalOrNamespaceVarInit
}
}

11
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -13,6 +13,7 @@ private import TranslatedFunction
private import TranslatedInitialization
private import TranslatedFunction
private import TranslatedStmt
private import TranslatedGlobalVar
import TranslatedCall
/**
@@ -79,7 +80,7 @@ abstract class TranslatedExpr extends TranslatedElement {
/** DEPRECATED: Alias for getAst */
deprecated override Locatable getAST() { result = this.getAst() }
final override Function getFunction() { result = expr.getEnclosingFunction() }
final override Declaration getFunction() { result = expr.getEnclosingDeclaration() }
/**
* Gets the expression from which this `TranslatedExpr` is generated.
@@ -89,8 +90,10 @@ abstract class TranslatedExpr extends TranslatedElement {
/**
* Gets the `TranslatedFunction` containing this expression.
*/
final TranslatedFunction getEnclosingFunction() {
final TranslatedRootElement getEnclosingFunction() {
result = getTranslatedFunction(expr.getEnclosingFunction())
or
result = getTranslatedVarInit(expr.getEnclosingVariable())
}
}
@@ -788,7 +791,7 @@ class TranslatedThisExpr extends TranslatedNonConstantExpr {
override IRVariable getInstructionVariable(InstructionTag tag) {
tag = ThisAddressTag() and
result = this.getEnclosingFunction().getThisVariable()
result = this.getEnclosingFunction().(TranslatedFunction).getThisVariable()
}
}
@@ -2523,7 +2526,7 @@ class TranslatedVarArgsStart extends TranslatedNonConstantExpr {
final override IRVariable getInstructionVariable(InstructionTag tag) {
tag = VarArgsStartEllipsisAddressTag() and
result = this.getEnclosingFunction().getEllipsisVariable()
result = this.getEnclosingFunction().(TranslatedFunction).getEllipsisVariable()
}
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
View File

@@ -58,7 +58,7 @@ predicate hasReturnValue(Function func) { not func.getUnspecifiedType() instance
* Represents the IR translation of a function. This is the root elements for
* all other elements associated with this function.
*/
class TranslatedFunction extends TranslatedElement, TTranslatedFunction {
class TranslatedFunction extends TranslatedRootElement, TTranslatedFunction {
Function func;
TranslatedFunction() { this = TTranslatedFunction(func) }

104
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll Normal file
View File

@@ -0,0 +1,104 @@
import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
private import cpp
private import semmle.code.cpp.ir.implementation.IRType
private import semmle.code.cpp.ir.implementation.Opcode
private import semmle.code.cpp.ir.implementation.internal.OperandTag
private import semmle.code.cpp.ir.internal.CppType
private import TranslatedInitialization
private import InstructionTag
class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
TTranslatedGlobalOrNamespaceVarInit, InitializationContext {
GlobalOrNamespaceVariable var;
TranslatedGlobalOrNamespaceVarInit() { this = TTranslatedGlobalOrNamespaceVarInit(var) }
override string toString() { result = var.toString() }
final override GlobalOrNamespaceVariable getAst() { result = var }
final override Declaration getFunction() { result = var }
final Location getLocation() { result = var.getLocation() }
override Instruction getFirstInstruction() { result = this.getInstruction(EnterFunctionTag()) }
override TranslatedElement getChild(int n) {
n = 1 and
result = getTranslatedInitialization(var.getInitializer().getExpr().getFullyConverted())
}
override predicate hasInstruction(Opcode op, InstructionTag tag, CppType type) {
op instanceof Opcode::EnterFunction and
tag = EnterFunctionTag() and
type = getVoidType()
or
op instanceof Opcode::AliasedDefinition and
tag = AliasedDefinitionTag() and
type = getUnknownType()
or
op instanceof Opcode::VariableAddress and
tag = InitializerVariableAddressTag() and
type = getTypeForGLValue(var.getType())
or
op instanceof Opcode::ReturnVoid and
tag = ReturnTag() and
type = getVoidType()
or
op instanceof Opcode::AliasedUse and
tag = AliasedUseTag() and
type = getVoidType()
or
op instanceof Opcode::ExitFunction and
tag = ExitFunctionTag() and
type = getVoidType()
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
kind instanceof GotoEdge and
(
tag = EnterFunctionTag() and
result = getInstruction(AliasedDefinitionTag())
or
tag = AliasedDefinitionTag() and
result = getInstruction(InitializerVariableAddressTag())
or
tag = InitializerVariableAddressTag() and
result = getChild(1).getFirstInstruction()
or
tag = ReturnTag() and
result = getInstruction(AliasedUseTag())
or
tag = AliasedUseTag() and
result = getInstruction(ExitFunctionTag())
)
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = getChild(1) and
result = getInstruction(ReturnTag())
}
final override CppType getInstructionMemoryOperandType(
InstructionTag tag, TypedOperandTag operandTag
) {
tag = AliasedUseTag() and
operandTag instanceof SideEffectOperandTag and
result = getUnknownType()
}
override IRUserVariable getInstructionVariable(InstructionTag tag) {
tag = InitializerVariableAddressTag() and
result.getVariable() = var
}
override Instruction getTargetAddress() {
result = getInstruction(InitializerVariableAddressTag())
}
override Type getTargetType() { result = var.getUnspecifiedType() }
}
TranslatedGlobalOrNamespaceVarInit getTranslatedVarInit(GlobalOrNamespaceVariable var) {
result.getAst() = var
}

16
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll
View File

@@ -137,7 +137,10 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
final override string toString() { result = "init: " + expr.toString() }
final override Function getFunction() { result = expr.getEnclosingFunction() }
final override Declaration getFunction() {
result = expr.getEnclosingFunction() or
result = expr.getEnclosingVariable().(GlobalOrNamespaceVariable)
}
final override Locatable getAst() { result = expr }
@@ -486,7 +489,10 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
/** DEPRECATED: Alias for getAst */
deprecated override Locatable getAST() { result = getAst() }
final override Function getFunction() { result = ast.getEnclosingFunction() }
final override Declaration getFunction() {
result = ast.getEnclosingFunction() or
result = ast.getEnclosingVariable().(GlobalOrNamespaceVariable)
}
final override Instruction getFirstInstruction() { result = getInstruction(getFieldAddressTag()) }
@@ -633,7 +639,11 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
/** DEPRECATED: Alias for getAst */
deprecated override Locatable getAST() { result = getAst() }
final override Function getFunction() { result = initList.getEnclosingFunction() }
final override Declaration getFunction() {
result = initList.getEnclosingFunction()
or
result = initList.getEnclosingVariable().(GlobalOrNamespaceVariable)
}
final override Instruction getFirstInstruction() { result = getInstruction(getElementIndexTag()) }

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
View File

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
/**
* Gets the `Function` that contains this block.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = getFirstInstruction(this).getEnclosingFunction()
}
}

2
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
View File

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
/**
* Gets the function that contains this instruction.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = this.getEnclosingIRFunction().getFunction()
}

8
cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
View File

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
* Holds if the IR for `func` should be printed. By default, holds for all
* functions.
*/
predicate shouldPrintFunction(Language::Function func) { any() }
predicate shouldPrintFunction(Language::Declaration decl) { any() }
}
/**
* Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
*/
private class FilteredIRConfiguration extends IRConfiguration {
override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
shouldPrintFunction(func)
}
}
private predicate shouldPrintFunction(Language::Function func) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
private predicate shouldPrintFunction(Language::Declaration decl) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
}
private string getAdditionalInstructionProperty(Instruction instr, string key) {

4
cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
View File

@@ -50,12 +50,16 @@ class AutomaticVariable = Cpp::StackVariable;
class StaticVariable = Cpp::Variable;
class GlobalVariable = Cpp::GlobalOrNamespaceVariable;
class Parameter = Cpp::Parameter;
class Field = Cpp::Field;
class BuiltInOperation = Cpp::BuiltInOperation;
class Declaration = Cpp::Declaration;
// TODO: Remove necessity for these.
class Expr = Cpp::Expr;

16
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected
View File

@@ -1,4 +1,18 @@
uniqueEnclosingCallable
| globals.cpp:9:5:9:19 | Address | Node should have one enclosing callable but has 0. |
| globals.cpp:9:5:9:19 | VariableAddress | Node should have one enclosing callable but has 0. |
| globals.cpp:9:5:9:19 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| globals.cpp:9:23:9:23 | 0 | Node should have one enclosing callable but has 0. |
| globals.cpp:9:23:9:23 | ChiPartial | Node should have one enclosing callable but has 0. |
| globals.cpp:9:23:9:23 | Store | Node should have one enclosing callable but has 0. |
| globals.cpp:9:23:9:23 | StoreValue | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | Address | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | VariableAddress | Node should have one enclosing callable but has 0. |
| globals.cpp:16:12:16:26 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| globals.cpp:16:30:16:30 | 0 | Node should have one enclosing callable but has 0. |
| globals.cpp:16:30:16:30 | ChiPartial | Node should have one enclosing callable but has 0. |
| globals.cpp:16:30:16:30 | Store | Node should have one enclosing callable but has 0. |
| globals.cpp:16:30:16:30 | StoreValue | Node should have one enclosing callable but has 0. |
uniqueType
uniqueNodeLocation
| BarrierGuard.cpp:2:11:2:13 | (unnamed parameter 0) | Node should have one location but has 6. |
@@ -199,7 +213,9 @@ postWithInFlow
| example.c:28:22:28:25 | & ... [post update] | PostUpdateNode should not be the target of local flow. |
| example.c:28:23:28:25 | pos [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:5:9:5:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:9:5:9:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:16:12:16:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. |
| lambdas.cpp:8:6:8:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| lambdas.cpp:9:6:9:6 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |

9
cpp/ql/test/library-tests/ir/ir/PrintConfig.qll
View File

@@ -12,4 +12,11 @@ predicate locationIsInStandardHeaders(Location loc) {
*
* This predicate excludes functions defined in standard headers.
*/
predicate shouldDumpFunction(Function func) { not locationIsInStandardHeaders(func.getLocation()) }
predicate shouldDumpFunction(Declaration decl) {
not locationIsInStandardHeaders(decl.getLocation()) and
(
not decl instanceof Variable
or
decl.(GlobalOrNamespaceVariable).hasInitializer()
)
}

12
cpp/ql/test/library-tests/ir/ir/ir.cpp
View File

@@ -1754,4 +1754,16 @@ int implicit_copy_constructor_test(
CopyConstructorTestVirtualClass cy = y;
}
int global_1;
int global_2 = 1;
const int global_3 = 2;
constructor_only global_4(1);
constructor_only global_5 = constructor_only(2);
char *global_string = "global string";
// semmle-extractor-options: -std=c++17 --clang

75
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

@@ -4743,6 +4743,16 @@
| ir.cpp:1034:6:1034:20 | ChiTotal | total:m1034_2 |
| ir.cpp:1034:6:1034:20 | SideEffect | m1034_3 |
| ir.cpp:1035:15:1035:15 | Address | &:r1035_1 |
| ir.cpp:1038:6:1038:8 | Address | &:r1038_3 |
| ir.cpp:1038:6:1038:8 | SideEffect | ~m1038_9 |
| ir.cpp:1038:12:1038:18 | Address | &:r1038_4 |
| ir.cpp:1038:12:1038:18 | Address | &:r1038_4 |
| ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_5 |
| ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_8 |
| ir.cpp:1038:12:1038:18 | ChiTotal | total:m1038_2 |
| ir.cpp:1038:12:1038:18 | ChiTotal | total:m1038_6 |
| ir.cpp:1038:12:1038:18 | Load | ~m1038_6 |
| ir.cpp:1038:12:1038:18 | StoreValue | r1038_7 |
| ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
| ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
| ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
@@ -8215,6 +8225,43 @@
| ir.cpp:1754:42:1754:42 | SideEffect | ~m1752_4 |
| ir.cpp:1754:42:1754:42 | Unary | r1754_5 |
| ir.cpp:1754:42:1754:42 | Unary | r1754_6 |
| ir.cpp:1759:5:1759:12 | Address | &:r1759_3 |
| ir.cpp:1759:5:1759:12 | SideEffect | ~m1759_6 |
| ir.cpp:1759:16:1759:16 | ChiPartial | partial:m1759_5 |
| ir.cpp:1759:16:1759:16 | ChiTotal | total:m1759_2 |
| ir.cpp:1759:16:1759:16 | StoreValue | r1759_4 |
| ir.cpp:1761:11:1761:18 | Address | &:r1761_3 |
| ir.cpp:1761:11:1761:18 | SideEffect | ~m1761_6 |
| ir.cpp:1761:22:1761:22 | ChiPartial | partial:m1761_5 |
| ir.cpp:1761:22:1761:22 | ChiTotal | total:m1761_2 |
| ir.cpp:1761:22:1761:22 | StoreValue | r1761_4 |
| ir.cpp:1763:18:1763:25 | Address | &:r1763_3 |
| ir.cpp:1763:18:1763:25 | Arg(this) | this:r1763_3 |
| ir.cpp:1763:18:1763:25 | SideEffect | ~m1763_10 |
| ir.cpp:1763:27:1763:27 | Arg(0) | 0:r1763_5 |
| ir.cpp:1763:27:1763:28 | CallTarget | func:r1763_4 |
| ir.cpp:1763:27:1763:28 | ChiPartial | partial:m1763_7 |
| ir.cpp:1763:27:1763:28 | ChiPartial | partial:m1763_9 |
| ir.cpp:1763:27:1763:28 | ChiTotal | total:m1763_2 |
| ir.cpp:1763:27:1763:28 | ChiTotal | total:m1763_8 |
| ir.cpp:1763:27:1763:28 | SideEffect | ~m1763_2 |
| ir.cpp:1765:18:1765:25 | Address | &:r1765_3 |
| ir.cpp:1765:18:1765:25 | Arg(this) | this:r1765_3 |
| ir.cpp:1765:18:1765:25 | SideEffect | ~m1765_10 |
| ir.cpp:1765:28:1765:47 | CallTarget | func:r1765_4 |
| ir.cpp:1765:28:1765:47 | ChiPartial | partial:m1765_7 |
| ir.cpp:1765:28:1765:47 | ChiPartial | partial:m1765_9 |
| ir.cpp:1765:28:1765:47 | ChiTotal | total:m1765_2 |
| ir.cpp:1765:28:1765:47 | ChiTotal | total:m1765_8 |
| ir.cpp:1765:28:1765:47 | SideEffect | ~m1765_2 |
| ir.cpp:1765:46:1765:46 | Arg(0) | 0:r1765_5 |
| ir.cpp:1767:7:1767:19 | Address | &:r1767_3 |
| ir.cpp:1767:7:1767:19 | SideEffect | ~m1767_8 |
| ir.cpp:1767:23:1767:37 | ChiPartial | partial:m1767_7 |
| ir.cpp:1767:23:1767:37 | ChiTotal | total:m1767_2 |
| ir.cpp:1767:23:1767:37 | StoreValue | r1767_6 |
| ir.cpp:1767:23:1767:37 | Unary | r1767_4 |
| ir.cpp:1767:23:1767:37 | Unary | r1767_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_5 |
| perf-regression.cpp:6:3:6:5 | Address | &:r6_7 |
@@ -8458,6 +8505,34 @@
| smart_ptr.cpp:47:43:47:63 | SideEffect | ~m47_16 |
| smart_ptr.cpp:47:43:47:63 | Unary | r47_5 |
| smart_ptr.cpp:47:43:47:63 | Unary | r47_6 |
| struct_init.cpp:9:13:9:25 | Left | r9_3 |
| struct_init.cpp:9:13:9:25 | Left | r9_3 |
| struct_init.cpp:9:13:9:25 | SideEffect | ~m11_10 |
| struct_init.cpp:9:31:12:1 | Right | r9_4 |
| struct_init.cpp:9:31:12:1 | Right | r9_6 |
| struct_init.cpp:9:31:12:1 | Unary | r9_5 |
| struct_init.cpp:9:31:12:1 | Unary | r9_5 |
| struct_init.cpp:9:31:12:1 | Unary | r9_7 |
| struct_init.cpp:9:31:12:1 | Unary | r9_7 |
| struct_init.cpp:10:5:10:21 | Address | &:r10_1 |
| struct_init.cpp:10:5:10:21 | Address | &:r10_6 |
| struct_init.cpp:10:7:10:9 | ChiPartial | partial:m10_4 |
| struct_init.cpp:10:7:10:9 | ChiTotal | total:m9_2 |
| struct_init.cpp:10:7:10:9 | StoreValue | r10_3 |
| struct_init.cpp:10:7:10:9 | Unary | r10_2 |
| struct_init.cpp:10:12:10:19 | ChiPartial | partial:m10_8 |
| struct_init.cpp:10:12:10:19 | ChiTotal | total:m10_5 |
| struct_init.cpp:10:12:10:19 | StoreValue | r10_7 |
| struct_init.cpp:11:5:11:22 | Address | &:r11_1 |
| struct_init.cpp:11:5:11:22 | Address | &:r11_6 |
| struct_init.cpp:11:7:11:9 | ChiPartial | partial:m11_4 |
| struct_init.cpp:11:7:11:9 | ChiTotal | total:m10_9 |
| struct_init.cpp:11:7:11:9 | StoreValue | r11_3 |
| struct_init.cpp:11:7:11:9 | Unary | r11_2 |
| struct_init.cpp:11:12:11:20 | ChiPartial | partial:m11_9 |
| struct_init.cpp:11:12:11:20 | ChiTotal | total:m11_5 |
| struct_init.cpp:11:12:11:20 | StoreValue | r11_8 |
| struct_init.cpp:11:13:11:20 | Unary | r11_7 |
| struct_init.cpp:16:6:16:20 | ChiPartial | partial:m16_3 |
| struct_init.cpp:16:6:16:20 | ChiTotal | total:m16_2 |
| struct_init.cpp:16:6:16:20 | SideEffect | ~m17_5 |

104
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -5650,6 +5650,19 @@ ir.cpp:
# 1034| v1034_5(void) = AliasedUse : ~m?
# 1034| v1034_6(void) = ExitFunction :
# 1038| (lambda [] type at line 1038, col. 12) lam
# 1038| Block 0
# 1038| v1038_1(void) = EnterFunction :
# 1038| mu1038_2(unknown) = AliasedDefinition :
# 1038| r1038_3(glval<decltype([...](...){...})>) = VariableAddress :
# 1038| r1038_4(glval<decltype([...](...){...})>) = VariableAddress :
# 1038| mu1038_5(decltype([...](...){...})) = Uninitialized : &:r1038_4
# 1038| r1038_6(decltype([...](...){...})) = Load[?] : &:r1038_4, ~m?
# 1038| mu1038_7(decltype([...](...){...})) = Store[?] : &:r1038_3, r1038_6
# 1038| v1038_8(void) = ReturnVoid :
# 1038| v1038_9(void) = AliasedUse : ~m?
# 1038| v1038_10(void) = ExitFunction :
# 1038| void (lambda [] type at line 1038, col. 12)::operator()() const
# 1038| Block 0
# 1038| v1038_1(void) = EnterFunction :
@@ -9418,6 +9431,69 @@ ir.cpp:
# 1750| v1750_6(void) = AliasedUse : ~m?
# 1750| v1750_7(void) = ExitFunction :
# 1759| int global_2
# 1759| Block 0
# 1759| v1759_1(void) = EnterFunction :
# 1759| mu1759_2(unknown) = AliasedDefinition :
# 1759| r1759_3(glval<int>) = VariableAddress :
# 1759| r1759_4(int) = Constant[1] :
# 1759| mu1759_5(int) = Store[?] : &:r1759_3, r1759_4
# 1759| v1759_6(void) = ReturnVoid :
# 1759| v1759_7(void) = AliasedUse : ~m?
# 1759| v1759_8(void) = ExitFunction :
# 1761| int const global_3
# 1761| Block 0
# 1761| v1761_1(void) = EnterFunction :
# 1761| mu1761_2(unknown) = AliasedDefinition :
# 1761| r1761_3(glval<int>) = VariableAddress :
# 1761| r1761_4(int) = Constant[2] :
# 1761| mu1761_5(int) = Store[?] : &:r1761_3, r1761_4
# 1761| v1761_6(void) = ReturnVoid :
# 1761| v1761_7(void) = AliasedUse : ~m?
# 1761| v1761_8(void) = ExitFunction :
# 1763| constructor_only global_4
# 1763| Block 0
# 1763| v1763_1(void) = EnterFunction :
# 1763| mu1763_2(unknown) = AliasedDefinition :
# 1763| r1763_3(glval<constructor_only>) = VariableAddress :
# 1763| r1763_4(glval<unknown>) = FunctionAddress[constructor_only] :
# 1763| r1763_5(int) = Constant[1] :
# 1763| v1763_6(void) = Call[constructor_only] : func:r1763_4, this:r1763_3, 0:r1763_5
# 1763| mu1763_7(unknown) = ^CallSideEffect : ~m?
# 1763| mu1763_8(constructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1763_3
# 1763| v1763_9(void) = ReturnVoid :
# 1763| v1763_10(void) = AliasedUse : ~m?
# 1763| v1763_11(void) = ExitFunction :
# 1765| constructor_only global_5
# 1765| Block 0
# 1765| v1765_1(void) = EnterFunction :
# 1765| mu1765_2(unknown) = AliasedDefinition :
# 1765| r1765_3(glval<constructor_only>) = VariableAddress :
# 1765| r1765_4(glval<unknown>) = FunctionAddress[constructor_only] :
# 1765| r1765_5(int) = Constant[2] :
# 1765| v1765_6(void) = Call[constructor_only] : func:r1765_4, this:r1765_3, 0:r1765_5
# 1765| mu1765_7(unknown) = ^CallSideEffect : ~m?
# 1765| mu1765_8(constructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1765_3
# 1765| v1765_9(void) = ReturnVoid :
# 1765| v1765_10(void) = AliasedUse : ~m?
# 1765| v1765_11(void) = ExitFunction :
# 1767| char* global_string
# 1767| Block 0
# 1767| v1767_1(void) = EnterFunction :
# 1767| mu1767_2(unknown) = AliasedDefinition :
# 1767| r1767_3(glval<char *>) = VariableAddress :
# 1767| r1767_4(glval<char[14]>) = StringConstant :
# 1767| r1767_5(char *) = Convert : r1767_4
# 1767| r1767_6(char *) = Convert : r1767_5
# 1767| mu1767_7(char *) = Store[?] : &:r1767_3, r1767_6
# 1767| v1767_8(void) = ReturnVoid :
# 1767| v1767_9(void) = AliasedUse : ~m?
# 1767| v1767_10(void) = ExitFunction :
perf-regression.cpp:
# 6| void Big::Big()
# 6| Block 0
@@ -9639,6 +9715,34 @@ smart_ptr.cpp:
# 28| v28_6(void) = ExitFunction :
struct_init.cpp:
# 9| Info infos_in_file[]
# 9| Block 0
# 9| v9_1(void) = EnterFunction :
# 9| mu9_2(unknown) = AliasedDefinition :
# 9| r9_3(glval<Info[]>) = VariableAddress :
# 9| r9_4(int) = Constant[0] :
# 9| r9_5(glval<Info>) = PointerAdd[16] : r9_3, r9_4
# 10| r10_1(glval<char *>) = FieldAddress[name] : r9_5
# 10| r10_2(glval<char[2]>) = StringConstant :
# 10| r10_3(char *) = Convert : r10_2
# 10| mu10_4(char *) = Store[?] : &:r10_1, r10_3
# 10| r10_5(glval<..(*)(..)>) = FieldAddress[handler] : r9_5
# 10| r10_6(..(*)(..)) = FunctionAddress[handler1] :
# 10| mu10_7(..(*)(..)) = Store[?] : &:r10_5, r10_6
# 9| r9_6(int) = Constant[1] :
# 9| r9_7(glval<Info>) = PointerAdd[16] : r9_3, r9_6
# 11| r11_1(glval<char *>) = FieldAddress[name] : r9_7
# 11| r11_2(glval<char[2]>) = StringConstant :
# 11| r11_3(char *) = Convert : r11_2
# 11| mu11_4(char *) = Store[?] : &:r11_1, r11_3
# 11| r11_5(glval<..(*)(..)>) = FieldAddress[handler] : r9_7
# 11| r11_6(glval<..()(..)>) = FunctionAddress[handler2] :
# 11| r11_7(..(*)(..)) = CopyValue : r11_6
# 11| mu11_8(..(*)(..)) = Store[?] : &:r11_5, r11_7
# 9| v9_8(void) = ReturnVoid :
# 9| v9_9(void) = AliasedUse : ~m?
# 9| v9_10(void) = ExitFunction :
# 16| void let_info_escape(Info*)
# 16| Block 0
# 16| v16_1(void) = EnterFunction :

2
cpp/ql/test/library-tests/ir/ir/raw_ir.ql
View File

@@ -7,5 +7,5 @@ private import semmle.code.cpp.ir.implementation.raw.PrintIR
private import PrintConfig
private class PrintConfig extends PrintIRConfiguration {
override predicate shouldPrintFunction(Function func) { shouldDumpFunction(func) }
override predicate shouldPrintFunction(Declaration decl) { shouldDumpFunction(decl) }
}

2
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected
View File

@@ -1234,6 +1234,8 @@ ssa.cpp:
# 268| v268_14(void) = AliasedUse : ~m269_7
# 268| v268_15(void) = ExitFunction :
# 274| Point* pp
# 275| void EscapedButNotConflated(bool, Point, int)
# 275| Block 0
# 275| v275_1(void) = EnterFunction :

2
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir_unsound.expected
View File

@@ -1229,6 +1229,8 @@ ssa.cpp:
# 268| v268_14(void) = AliasedUse : ~m269_7
# 268| v268_15(void) = ExitFunction :
# 274| Point* pp
# 275| void EscapedButNotConflated(bool, Point, int)
# 275| Block 0
# 275| v275_1(void) = EnterFunction :

2
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected
View File

@@ -1140,6 +1140,8 @@ ssa.cpp:
# 268| v268_13(void) = AliasedUse : ~m?
# 268| v268_14(void) = ExitFunction :
# 274| Point* pp
# 275| void EscapedButNotConflated(bool, Point, int)
# 275| Block 0
# 275| v275_1(void) = EnterFunction :

2
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir_unsound.expected
View File

@@ -1140,6 +1140,8 @@ ssa.cpp:
# 268| v268_13(void) = AliasedUse : ~m?
# 268| v268_14(void) = ExitFunction :
# 274| Point* pp
# 275| void EscapedButNotConflated(bool, Point, int)
# 275| Block 0
# 275| v275_1(void) = EnterFunction :

4
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_consistency.expected
View File

@@ -4,6 +4,8 @@ unexpectedOperand
duplicateOperand
missingPhiOperand
missingOperandType
| cpp11.cpp:36:18:36:18 | ChiTotal | Operand 'ChiTotal' of instruction 'Chi' is missing a type in function '$@'. | cpp11.cpp:36:5:36:14 | int global_int | int global_int |
| misc.c:210:24:210:28 | ChiTotal | Operand 'ChiTotal' of instruction 'Chi' is missing a type in function '$@'. | misc.c:210:5:210:20 | int global_with_init | int global_with_init |
duplicateChiOperand
sideEffectWithoutPrimary
instructionWithoutSuccessor
@@ -91,6 +93,8 @@ useNotDominatedByDefinition
switchInstructionWithoutDefaultEdge
notMarkedAsConflated
wronglyMarkedAsConflated
| cpp11.cpp:36:18:36:18 | Chi: 5 | Instruction 'Chi: 5' should not be marked as having a conflated result in function '$@'. | cpp11.cpp:36:5:36:14 | int global_int | int global_int |
| misc.c:210:24:210:28 | Chi: ... + ... | Instruction 'Chi: ... + ...' should not be marked as having a conflated result in function '$@'. | misc.c:210:5:210:20 | int global_with_init | int global_with_init |
invalidOverlap
nonUniqueEnclosingIRFunction
fieldAddressOnNonPointer

46
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -1,4 +1,45 @@
uniqueEnclosingCallable
| cpp11.cpp:35:11:35:22 | Address | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:11:35:22 | AliasedDefinition | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:11:35:22 | VariableAddress | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:11:35:22 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:26:35:26 | 5 | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:26:35:26 | ChiPartial | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:26:35:26 | ChiTotal | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:26:35:26 | Store | Node should have one enclosing callable but has 0. |
| cpp11.cpp:35:26:35:26 | StoreValue | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:5:36:14 | Address | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:5:36:14 | VariableAddress | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:5:36:14 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:18:36:18 | 5 | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:18:36:18 | ChiPartial | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:18:36:18 | Store | Node should have one enclosing callable but has 0. |
| cpp11.cpp:36:18:36:18 | StoreValue | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | Address | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | AliasedDefinition | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | VariableAddress | Node should have one enclosing callable but has 0. |
| misc.c:10:5:10:13 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| misc.c:10:17:10:17 | 1 | Node should have one enclosing callable but has 0. |
| misc.c:10:17:10:17 | ChiPartial | Node should have one enclosing callable but has 0. |
| misc.c:10:17:10:17 | ChiTotal | Node should have one enclosing callable but has 0. |
| misc.c:10:17:10:17 | Store | Node should have one enclosing callable but has 0. |
| misc.c:10:17:10:17 | StoreValue | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | Address | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | AliasedDefinition | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | VariableAddress | Node should have one enclosing callable but has 0. |
| misc.c:11:5:11:13 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| misc.c:11:17:11:21 | ... + ... | Node should have one enclosing callable but has 0. |
| misc.c:11:17:11:21 | ChiPartial | Node should have one enclosing callable but has 0. |
| misc.c:11:17:11:21 | ChiTotal | Node should have one enclosing callable but has 0. |
| misc.c:11:17:11:21 | Store | Node should have one enclosing callable but has 0. |
| misc.c:11:17:11:21 | StoreValue | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | Address | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | VariableAddress | Node should have one enclosing callable but has 0. |
| misc.c:210:5:210:20 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
| misc.c:210:24:210:28 | ... + ... | Node should have one enclosing callable but has 0. |
| misc.c:210:24:210:28 | ChiPartial | Node should have one enclosing callable but has 0. |
| misc.c:210:24:210:28 | Store | Node should have one enclosing callable but has 0. |
| misc.c:210:24:210:28 | StoreValue | Node should have one enclosing callable but has 0. |
uniqueType
uniqueNodeLocation
| aggregateinitializer.c:1:6:1:6 | AliasedDefinition | Node should have one location but has 20. |
@@ -1622,6 +1663,8 @@ postWithInFlow
| cpp11.cpp:28:21:28:34 | temporary object [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:29:7:29:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:31:5:31:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:35:11:35:22 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:36:5:36:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:56:14:56:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:56:14:56:15 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:60:15:60:16 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
@@ -2230,6 +2273,8 @@ postWithInFlow
| ltrbinopexpr.c:37:5:37:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ltrbinopexpr.c:39:5:39:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ltrbinopexpr.c:40:5:40:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:10:5:10:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:11:5:11:13 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:18:5:18:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:19:5:19:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:20:7:20:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
@@ -2289,6 +2334,7 @@ postWithInFlow
| misc.c:200:24:200:27 | args [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:200:24:200:27 | array to pointer conversion [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:208:1:208:3 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:210:5:210:20 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:216:3:216:26 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:220:3:220:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:220:4:220:5 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |

3
cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/diff_ir_expr.expected
View File

@@ -1,18 +1,15 @@
| test.cpp:5:3:5:13 | ... = ... | test.cpp:5:3:5:13 | ... = ... | AST only |
| test.cpp:6:3:6:13 | ... = ... | test.cpp:6:3:6:13 | ... = ... | AST only |
| test.cpp:7:3:7:7 | ... = ... | test.cpp:7:3:7:7 | ... = ... | AST only |
| test.cpp:10:16:10:16 | 1 | test.cpp:10:16:10:16 | 1 | AST only |
| test.cpp:16:3:16:24 | ... = ... | test.cpp:16:3:16:24 | ... = ... | AST only |
| test.cpp:17:3:17:24 | ... = ... | test.cpp:17:3:17:24 | ... = ... | AST only |
| test.cpp:18:3:18:7 | ... = ... | test.cpp:18:3:18:7 | ... = ... | AST only |
| test.cpp:21:16:21:16 | 2 | test.cpp:21:16:21:16 | 2 | AST only |
| test.cpp:29:3:29:3 | x | test.cpp:31:3:31:3 | x | IR only |
| test.cpp:29:3:29:24 | ... = ... | test.cpp:29:3:29:24 | ... = ... | AST only |
| test.cpp:30:3:30:17 | call to change_global02 | test.cpp:30:3:30:17 | call to change_global02 | AST only |
| test.cpp:31:3:31:3 | x | test.cpp:29:3:29:3 | x | IR only |
| test.cpp:31:3:31:24 | ... = ... | test.cpp:31:3:31:24 | ... = ... | AST only |
| test.cpp:32:3:32:7 | ... = ... | test.cpp:32:3:32:7 | ... = ... | AST only |
| test.cpp:35:16:35:16 | 3 | test.cpp:35:16:35:16 | 3 | AST only |
| test.cpp:43:3:43:3 | x | test.cpp:45:3:45:3 | x | IR only |
| test.cpp:43:3:43:24 | ... = ... | test.cpp:43:3:43:24 | ... = ... | AST only |
| test.cpp:43:7:43:24 | ... + ... | test.cpp:45:7:45:24 | ... + ... | IR only |

55
cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected
View File

@@ -69,6 +69,23 @@ test.cpp:
# 1| v1_10(void) = AliasedUse : m1_3
# 1| v1_11(void) = ExitFunction :
# 10| int global01
# 10| Block 0
# 10| v10_1(void) = EnterFunction :
# 10| m10_2(unknown) = AliasedDefinition :
# 10| valnum = unique
# 10| r10_3(glval<int>) = VariableAddress[global01] :
# 10| valnum = unique
# 10| r10_4(int) = Constant[1] :
# 10| valnum = m10_5, r10_4
# 10| m10_5(int) = Store[global01] : &:r10_3, r10_4
# 10| valnum = m10_5, r10_4
# 10| m10_6(unknown) = Chi : total:~m?, partial:m10_5
# 10| valnum = unique
# 10| v10_7(void) = ReturnVoid :
# 10| v10_8(void) = AliasedUse : ~m10_2
# 10| v10_9(void) = ExitFunction :
# 12| void test01(int, int)
# 12| Block 0
# 12| v12_1(void) = EnterFunction :
@@ -151,6 +168,23 @@ test.cpp:
# 12| v12_10(void) = AliasedUse : m12_3
# 12| v12_11(void) = ExitFunction :
# 21| int global02
# 21| Block 0
# 21| v21_1(void) = EnterFunction :
# 21| m21_2(unknown) = AliasedDefinition :
# 21| valnum = unique
# 21| r21_3(glval<int>) = VariableAddress[global02] :
# 21| valnum = unique
# 21| r21_4(int) = Constant[2] :
# 21| valnum = m21_5, r21_4
# 21| m21_5(int) = Store[global02] : &:r21_3, r21_4
# 21| valnum = m21_5, r21_4
# 21| m21_6(unknown) = Chi : total:~m?, partial:m21_5
# 21| valnum = unique
# 21| v21_7(void) = ReturnVoid :
# 21| v21_8(void) = AliasedUse : ~m21_2
# 21| v21_9(void) = ExitFunction :
# 25| void test02(int, int)
# 25| Block 0
# 25| v25_1(void) = EnterFunction :
@@ -240,6 +274,23 @@ test.cpp:
# 25| v25_10(void) = AliasedUse : ~m30_4
# 25| v25_11(void) = ExitFunction :
# 35| int global03
# 35| Block 0
# 35| v35_1(void) = EnterFunction :
# 35| m35_2(unknown) = AliasedDefinition :
# 35| valnum = unique
# 35| r35_3(glval<int>) = VariableAddress[global03] :
# 35| valnum = unique
# 35| r35_4(int) = Constant[3] :
# 35| valnum = m35_5, r35_4
# 35| m35_5(int) = Store[global03] : &:r35_3, r35_4
# 35| valnum = m35_5, r35_4
# 35| m35_6(unknown) = Chi : total:~m?, partial:m35_5
# 35| valnum = unique
# 35| v35_7(void) = ReturnVoid :
# 35| v35_8(void) = AliasedUse : ~m35_2
# 35| v35_9(void) = ExitFunction :
# 39| void test03(int, int, int*)
# 39| Block 0
# 39| v39_1(void) = EnterFunction :
@@ -890,6 +941,10 @@ test.cpp:
# 124| v124_13(void) = AliasedUse : m124_3
# 124| v124_14(void) = ExitFunction :
# 132| A* global_a
# 133| int global_n
# 135| void test_read_global_same()
# 135| Block 0
# 135| v135_1(void) = EnterFunction :

4
csharp/ql/src/experimental/ir/implementation/IRConfiguration.qll
View File

@@ -16,7 +16,7 @@ class IRConfiguration extends TIRConfiguration {
/**
* Holds if IR should be created for function `func`. By default, holds for all functions.
*/
predicate shouldCreateIRForFunction(Language::Function func) { any() }
predicate shouldCreateIRForFunction(Language::Declaration func) { any() }
/**
* Holds if the strings used as part of an IR dump should be generated for function `func`.
@@ -25,7 +25,7 @@ class IRConfiguration extends TIRConfiguration {
* of debug strings for IR that will not be dumped. We still generate the actual IR for these
* functions, however, to preserve the results of any interprocedural analysis.
*/
predicate shouldEvaluateDebugStringsForFunction(Language::Function func) { any() }
predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) { any() }
}
private newtype TIREscapeAnalysisConfiguration = MkIREscapeAnalysisConfiguration()

17
csharp/ql/src/experimental/ir/implementation/internal/IRFunctionBase.qll
View File

@@ -5,23 +5,28 @@
private import IRFunctionBaseInternal
private newtype TIRFunction =
MkIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) }
TFunctionIRFunction(Language::Function func) { IRConstruction::Raw::functionHasIR(func) } or
TVarInitIRFunction(Language::GlobalVariable var) { IRConstruction::Raw::varHasIRFunc(var) }
/**
* The IR for a function. This base class contains only the predicates that are the same between all
* phases of the IR. Each instantiation of `IRFunction` extends this class.
*/
class IRFunctionBase extends TIRFunction {
Language::Function func;
Language::Declaration decl;
IRFunctionBase() { this = MkIRFunction(func) }
IRFunctionBase() {
this = TFunctionIRFunction(decl)
or
this = TVarInitIRFunction(decl)
}
/** Gets a textual representation of this element. */
final string toString() { result = "IR: " + func.toString() }
final string toString() { result = "IR: " + decl.toString() }
/** Gets the function whose IR is represented. */
final Language::Function getFunction() { result = func }
final Language::Declaration getFunction() { result = decl }
/** Gets the location of the function. */
final Language::Location getLocation() { result = func.getLocation() }
final Language::Location getLocation() { result = decl.getLocation() }
}

2
csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll
View File

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
/**
* Gets the `Function` that contains this block.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = getFirstInstruction(this).getEnclosingFunction()
}
}

2
csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll
View File

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
/**
* Gets the function that contains this instruction.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = this.getEnclosingIRFunction().getFunction()
}

8
csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll
View File

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
* Holds if the IR for `func` should be printed. By default, holds for all
* functions.
*/
predicate shouldPrintFunction(Language::Function func) { any() }
predicate shouldPrintFunction(Language::Declaration decl) { any() }
}
/**
* Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
*/
private class FilteredIRConfiguration extends IRConfiguration {
override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
shouldPrintFunction(func)
}
}
private predicate shouldPrintFunction(Language::Function func) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
private predicate shouldPrintFunction(Language::Declaration decl) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
}
private string getAdditionalInstructionProperty(Instruction instr, string key) {

3
csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll
View File

@@ -47,6 +47,9 @@ module Raw {
cached
predicate functionHasIR(Callable callable) { exists(getTranslatedFunction(callable)) }
cached
predicate varHasIRFunc(Field field) { none() }
cached
predicate hasInstruction(TranslatedElement element, InstructionTag tag) {
element.hasInstruction(_, tag, _)

2
csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll
View File

@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
/**
* Gets the `Function` that contains this block.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = getFirstInstruction(this).getEnclosingFunction()
}
}

2
csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll
View File

@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
/**
* Gets the function that contains this instruction.
*/
final Language::Function getEnclosingFunction() {
final Language::Declaration getEnclosingFunction() {
result = this.getEnclosingIRFunction().getFunction()
}

8
csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll
View File

@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
* Holds if the IR for `func` should be printed. By default, holds for all
* functions.
*/
predicate shouldPrintFunction(Language::Function func) { any() }
predicate shouldPrintFunction(Language::Declaration decl) { any() }
}
/**
* Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
*/
private class FilteredIRConfiguration extends IRConfiguration {
override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
shouldPrintFunction(func)
}
}
private predicate shouldPrintFunction(Language::Function func) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
private predicate shouldPrintFunction(Language::Declaration decl) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
}
private string getAdditionalInstructionProperty(Instruction instr, string key) {

6
csharp/ql/src/experimental/ir/internal/IRCSharpLanguage.qll
View File

@@ -8,6 +8,12 @@ class OpaqueTypeTag = CSharp::ValueOrRefType;
class Function = CSharp::Callable;
class GlobalVariable extends CSharp::Field {
GlobalVariable() { this.isStatic() }
}
class Declaration = CSharp::Declaration;
class Location = CSharp::Location;
class UnknownLocation = CSharp::EmptyLocation;