C++/C#: Add sanity test for invalid overlap from getDefinitionOverlap()

The result of `getDefinitionOverlap()` should never be `MayPartiallyOverlap`, because if that were the case, we should have inserted as `Chi` instruction and hooked the definition up to that instead. There are quite a few existing failures.
2026-04-26 17:25:19 +02:00 · 2020-03-23 14:37:06 -04:00
parent 13465921a3
commit a2741da8e2
26 changed files with 772 additions and 0 deletions
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
@@ -5,6 +5,7 @@ import IRTypeSanity // module is in IRType.qll
 module InstructionSanity {
  private import internal.InstructionImports as Imports
  private import Imports::OperandTag
+  private import Imports::Overlap
  private import internal.IRInternal

  /**
@@ -272,4 +273,18 @@ module InstructionSanity {
    func = switchInstr.getEnclosingIRFunction() and
    funcText = Language::getIdentityString(func.getFunction())
  }
+
+  query predicate invalidOverlap(
+    MemoryOperand useOperand, string message, IRFunction func, string funcText
+  ) {
+    exists(Overlap overlap |
+      overlap = useOperand.getDefinitionOverlap() and
+      overlap instanceof MayPartiallyOverlap and
+      message =
+        "MemoryOperand '" + useOperand.toString() + "' has a `getDefinitionOverlap()` of '" +
+          overlap.toString() + "'." and
+      func = useOperand.getEnclosingIRFunction() and
+      funcText = Language::getIdentityString(func.getFunction())
+    )
+  }
 }
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/Operand.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/Operand.qll
@@ -384,6 +384,8 @@ class PositionalArgumentOperand extends ArgumentOperand {

 class SideEffectOperand extends TypedOperand {
  override SideEffectOperandTag tag;
+
+  override string toString() { result = "SideEffect" }
 }

 /**
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/InstructionImports.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/InstructionImports.qll
@@ -3,3 +3,4 @@ import semmle.code.csharp.ir.implementation.IRType as IRType
 import semmle.code.csharp.ir.implementation.MemoryAccessKind as MemoryAccessKind
 import semmle.code.csharp.ir.implementation.Opcode as Opcode
 import semmle.code.csharp.ir.implementation.internal.OperandTag as OperandTag
+import semmle.code.csharp.ir.internal.Overlap as Overlap
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
@@ -5,6 +5,7 @@ import IRTypeSanity // module is in IRType.qll
 module InstructionSanity {
  private import internal.InstructionImports as Imports
  private import Imports::OperandTag
+  private import Imports::Overlap
  private import internal.IRInternal

  /**
@@ -272,4 +273,18 @@ module InstructionSanity {
    func = switchInstr.getEnclosingIRFunction() and
    funcText = Language::getIdentityString(func.getFunction())
  }
+
+  query predicate invalidOverlap(
+    MemoryOperand useOperand, string message, IRFunction func, string funcText
+  ) {
+    exists(Overlap overlap |
+      overlap = useOperand.getDefinitionOverlap() and
+      overlap instanceof MayPartiallyOverlap and
+      message =
+        "MemoryOperand '" + useOperand.toString() + "' has a `getDefinitionOverlap()` of '" +
+          overlap.toString() + "'." and
+      func = useOperand.getEnclosingIRFunction() and
+      funcText = Language::getIdentityString(func.getFunction())
+    )
+  }
 }
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/Operand.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/Operand.qll
@@ -384,6 +384,8 @@ class PositionalArgumentOperand extends ArgumentOperand {

 class SideEffectOperand extends TypedOperand {
  override SideEffectOperandTag tag;
+
+  override string toString() { result = "SideEffect" }
 }

 /**
--- a/csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/internal/InstructionImports.qll
+++ b/csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/internal/InstructionImports.qll
@@ -3,3 +3,4 @@ import semmle.code.csharp.ir.implementation.IRType as IRType
 import semmle.code.csharp.ir.implementation.MemoryAccessKind as MemoryAccessKind
 import semmle.code.csharp.ir.implementation.Opcode as Opcode
 import semmle.code.csharp.ir.implementation.internal.OperandTag as OperandTag
+import semmle.code.csharp.ir.internal.Overlap as Overlap
--- a/csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
+++ b/csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
@@ -16,6 +16,7 @@ lostReachability
 backEdgeCountMismatch
 useNotDominatedByDefinition
 switchInstructionWithoutDefaultEdge
+invalidOverlap
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType
--- a/csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
+++ b/csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
@@ -16,6 +16,7 @@ lostReachability
 backEdgeCountMismatch
 useNotDominatedByDefinition
 switchInstructionWithoutDefaultEdge
+invalidOverlap
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType