hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Return grouped memory locations from 'getOperandMemoryLocation' and 'getResultMemoryLocation'.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2024-07-01 17:07:23 +01:00
parent 09c03d9a5f
commit e7c43b3fcc
1 changed files with 49 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll
View File

@@ -406,6 +406,22 @@ class GroupedMemoryLocation extends TGroupedMemoryLocation, MemoryLocation {
predicate isSome() { isAll = false } predicate isSome() { isAll = false }
} }
private GroupedMemoryLocation getGroupedMemoryLocation(
Allocation alloc, boolean isMayAccess, boolean isAll
) {
result.getAnAllocation() = alloc and
(
isMayAccess = true and result.isMayAccess()
or
isMayAccess = false and not result.isMayAccess()
) and
(
isAll = true and result.isAll()
or
isAll = false and result.isSome()
)
}
class EntireAllocationMemoryLocation extends TEntireAllocationMemoryLocation, class EntireAllocationMemoryLocation extends TEntireAllocationMemoryLocation,
AllocationMemoryLocation AllocationMemoryLocation
{ {
@@ -755,13 +771,24 @@ MemoryLocation getResultMemoryLocation(Instruction instr) {
( (
( (
isIndirectOrBufferMemoryAccess(kind) and isIndirectOrBufferMemoryAccess(kind) and
if hasResultMemoryAccess(instr, _, _, _, _, _, _) if hasResultMemoryAccess(_, instr, _, _, _, _, _, _, _)
then then
exists(Allocation var, IRType type, IntValue startBitOffset, IntValue endBitOffset | exists(
hasResultMemoryAccess(instr, var, type, _, startBitOffset, endBitOffset, isMayAccess) and Allocation var, IRType type, IntValue startBitOffset, IntValue endBitOffset,
result = boolean grouped
TVariableMemoryLocation(var, type, _, startBitOffset, endBitOffset, |
unbindBool(isMayAccess)) hasResultMemoryAccess(_, instr, var, type, _, startBitOffset, endBitOffset, isMayAccess,
grouped)
|
// If the instruction is only associated with one allocation we assign it a `VariableMemoryLocation`
if grouped = false
then
result =
TVariableMemoryLocation(var, type, _, startBitOffset, endBitOffset,
unbindBool(isMayAccess))
else
// And otherwise we assign it a memory location that groups all the relevant memory locations into one.
result = getGroupedMemoryLocation(var, unbindBool(isMayAccess), false)
) )
else result = TUnknownMemoryLocation(instr.getEnclosingIRFunction(), isMayAccess) else result = TUnknownMemoryLocation(instr.getEnclosingIRFunction(), isMayAccess)
) )
@@ -788,12 +815,23 @@ MemoryLocation getOperandMemoryLocation(MemoryOperand operand) {
( (
( (
isIndirectOrBufferMemoryAccess(kind) and isIndirectOrBufferMemoryAccess(kind) and
if hasOperandMemoryAccess(operand, _, _, _, _, _, _) if hasOperandMemoryAccess(_, operand, _, _, _, _, _, _, _)
then then
exists(Allocation var, IRType type, IntValue startBitOffset, IntValue endBitOffset | exists(
hasOperandMemoryAccess(operand, var, type, _, startBitOffset, endBitOffset, isMayAccess) and Allocation var, IRType type, IntValue startBitOffset, IntValue endBitOffset,
result = boolean grouped
TVariableMemoryLocation(var, type, _, startBitOffset, endBitOffset, isMayAccess) |
hasOperandMemoryAccess(_, operand, var, type, _, startBitOffset, endBitOffset,
isMayAccess, grouped)
|
// If the operand is only associated with one memory location we assign it a `VariableMemoryLocation`
if grouped = false
then
result =
TVariableMemoryLocation(var, type, _, startBitOffset, endBitOffset, isMayAccess)
else
// And otherwise we assign it a memory location that groups all relevant memory locations into one.
result = getGroupedMemoryLocation(var, isMayAccess, false)
) )
else result = TUnknownMemoryLocation(operand.getEnclosingIRFunction(), isMayAccess) else result = TUnknownMemoryLocation(operand.getEnclosingIRFunction(), isMayAccess)
) )