hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Replace getAnOperand().(XXXOperand) with getXXXOperand()

Browse Source
This commit is contained in:
Dave Bartolomeo
2019-02-06 17:51:48 -08:00
committed by Robert Marsh
parent 4c23ad100e
commit f6d392089e
7 changed files with 388 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
cpp/ql/src/semmle/code/cpp/controlflow/IRGuards.qll
View File

@@ -389,9 +389,9 @@ private predicate compares_eq(Instruction test, Operand left, Operand right, int
/** Rearrange various simple comparisons into `left == right + k` form. */
private predicate simple_comparison_eq(CompareInstruction cmp, Operand left, Operand right, int k, boolean areEqual) {
left = cmp.getAnOperand().(LeftOperand) and cmp instanceof CompareEQInstruction and right = cmp.getAnOperand().(RightOperand) and k = 0 and areEqual = true
left = cmp.getLeftOperand() and cmp instanceof CompareEQInstruction and right = cmp.getRightOperand() and k = 0 and areEqual = true
or
left = cmp.getAnOperand().(LeftOperand) and cmp instanceof CompareNEInstruction and right = cmp.getAnOperand().(RightOperand) and k = 0 and areEqual = false
left = cmp.getLeftOperand() and cmp instanceof CompareNEInstruction and right = cmp.getRightOperand() and k = 0 and areEqual = false
}
private predicate complex_eq(CompareInstruction cmp, Operand left, Operand right, int k, boolean areEqual, boolean testIsTrue) {
@@ -432,13 +432,13 @@ private predicate compares_ge(Instruction test, Operand left, Operand right, int
/** Rearrange various simple comparisons into `left < right + k` form. */
private predicate simple_comparison_lt(CompareInstruction cmp, Operand left, Operand right, int k) {
left = cmp.getAnOperand().(LeftOperand) and cmp instanceof CompareLTInstruction and right = cmp.getAnOperand().(RightOperand) and k = 0
left = cmp.getLeftOperand() and cmp instanceof CompareLTInstruction and right = cmp.getRightOperand() and k = 0
or
left = cmp.getAnOperand().(LeftOperand) and cmp instanceof CompareLEInstruction and right = cmp.getAnOperand().(RightOperand) and k = 1
left = cmp.getLeftOperand() and cmp instanceof CompareLEInstruction and right = cmp.getRightOperand() and k = 1
or
right = cmp.getAnOperand().(LeftOperand) and cmp instanceof CompareGTInstruction and left = cmp.getAnOperand().(RightOperand) and k = 0
right = cmp.getLeftOperand() and cmp instanceof CompareGTInstruction and left = cmp.getRightOperand() and k = 0
or
right = cmp.getAnOperand().(LeftOperand) and cmp instanceof CompareGEInstruction and left = cmp.getAnOperand().(RightOperand) and k = 1
right = cmp.getLeftOperand() and cmp instanceof CompareGEInstruction and left = cmp.getRightOperand() and k = 1
}
private predicate complex_lt(CompareInstruction cmp, Operand left, Operand right, int k, boolean isLt, boolean testIsTrue) {
@@ -452,12 +452,12 @@ private predicate complex_lt(CompareInstruction cmp, Operand left, Operand right
left < (right - x) + c => left < right + (c-x) */
private predicate sub_lt(CompareInstruction cmp, Operand left, Operand right, int k, boolean isLt, boolean testIsTrue) {
exists(SubInstruction lhs, int c, int x | compares_lt(cmp, lhs.getAUse(), right, c, isLt, testIsTrue) and
left = lhs.getAnOperand().(LeftOperand) and x = int_value(lhs.getRight())
left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
and k = c + x
)
or
exists(SubInstruction rhs, int c, int x | compares_lt(cmp, left, rhs.getAUse(), c, isLt, testIsTrue) and
right = rhs.getAnOperand().(LeftOperand) and x = int_value(rhs.getRight())
right = rhs.getLeftOperand() and x = int_value(rhs.getRight())
and k = c - x
)
}
@@ -466,17 +466,17 @@ private predicate sub_lt(CompareInstruction cmp, Operand left, Operand right, in
left < (right + x) + c => left < right + (c+x) */
private predicate add_lt(CompareInstruction cmp, Operand left, Operand right, int k, boolean isLt, boolean testIsTrue) {
exists(AddInstruction lhs, int c, int x | compares_lt(cmp, lhs.getAUse(), right, c, isLt, testIsTrue) and
(left = lhs.getAnOperand().(LeftOperand) and x = int_value(lhs.getRight())
(left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
or
left = lhs.getAnOperand().(RightOperand) and x = int_value(lhs.getLeft())
left = lhs.getRightOperand() and x = int_value(lhs.getLeft())
)
and k = c - x
)
or
exists(AddInstruction rhs, int c, int x | compares_lt(cmp, left, rhs.getAUse(), c, isLt, testIsTrue) and
(right = rhs.getAnOperand().(LeftOperand) and x = int_value(rhs.getRight())
(right = rhs.getLeftOperand() and x = int_value(rhs.getRight())
or
right = rhs.getAnOperand().(RightOperand) and x = int_value(rhs.getLeft())
right = rhs.getRightOperand() and x = int_value(rhs.getLeft())
)
and k = c + x
)
@@ -487,12 +487,12 @@ private predicate add_lt(CompareInstruction cmp, Operand left, Operand right, in
left == (right - x) + c => left == right + (c-x) */
private predicate sub_eq(CompareInstruction cmp, Operand left, Operand right, int k, boolean areEqual, boolean testIsTrue) {
exists(SubInstruction lhs, int c, int x | compares_eq(cmp, lhs.getAUse(), right, c, areEqual, testIsTrue) and
left = lhs.getAnOperand().(LeftOperand) and x = int_value(lhs.getRight())
left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
and k = c + x
)
or
exists(SubInstruction rhs, int c, int x | compares_eq(cmp, left, rhs.getAUse(), c, areEqual, testIsTrue) and
right = rhs.getAnOperand().(LeftOperand) and x = int_value(rhs.getRight())
right = rhs.getLeftOperand() and x = int_value(rhs.getRight())
and k = c - x
)
}
@@ -502,17 +502,17 @@ private predicate sub_eq(CompareInstruction cmp, Operand left, Operand right, in
left == (right + x) + c => left == right + (c+x) */
private predicate add_eq(CompareInstruction cmp, Operand left, Operand right, int k, boolean areEqual, boolean testIsTrue) {
exists(AddInstruction lhs, int c, int x | compares_eq(cmp, lhs.getAUse(), right, c, areEqual, testIsTrue) and
(left = lhs.getAnOperand().(LeftOperand) and x = int_value(lhs.getRight())
(left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
or
left = lhs.getAnOperand().(RightOperand) and x = int_value(lhs.getLeft())
left = lhs.getRightOperand() and x = int_value(lhs.getLeft())
)
and k = c - x
)
or
exists(AddInstruction rhs, int c, int x | compares_eq(cmp, left, rhs.getAUse(), c, areEqual, testIsTrue) and
(right = rhs.getAnOperand().(LeftOperand) and x = int_value(rhs.getRight())
(right = rhs.getLeftOperand() and x = int_value(rhs.getRight())
or
right = rhs.getAnOperand().(RightOperand) and x = int_value(rhs.getLeft())
right = rhs.getRightOperand() and x = int_value(rhs.getLeft())
)
and k = c + x
)

142
cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
View File

@@ -665,8 +665,12 @@ class FieldAddressInstruction extends FieldInstruction {
getOpcode() instanceof Opcode::FieldAddress
}
final UnaryOperand getObjectAddressOperand() {
result = getAnOperand()
}
final Instruction getObjectAddress() {
result = getAnOperand().(UnaryOperand).getDefinitionInstruction()
result = getObjectAddressOperand().getDefinitionInstruction()
}
}
@@ -710,8 +714,12 @@ class ReturnValueInstruction extends ReturnInstruction {
getOpcode() instanceof Opcode::ReturnValue
}
final ReturnValueOperand getReturnValueOperand() {
result = getAnOperand()
}
final Instruction getReturnValue() {
result = getAnOperand().(ReturnValueOperand).getDefinitionInstruction()
result = getReturnValueOperand().getDefinitionInstruction()
}
}
@@ -720,8 +728,12 @@ class CopyInstruction extends Instruction {
getOpcode() instanceof CopyOpcode
}
final CopySourceOperand getSourceValueOperand() {
result = getAnOperand()
}
final Instruction getSourceValue() {
result = getAnOperand().(CopySourceOperand).getDefinitionInstruction()
result = getSourceValueOperand().getDefinitionInstruction()
}
}
@@ -736,8 +748,12 @@ class LoadInstruction extends CopyInstruction {
getOpcode() instanceof Opcode::Load
}
final AddressOperand getSourceAddressOperand() {
result = getAnOperand()
}
final Instruction getSourceAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getSourceAddressOperand().getDefinitionInstruction()
}
}
@@ -750,8 +766,12 @@ class StoreInstruction extends CopyInstruction {
result instanceof IndirectMemoryAccess
}
final AddressOperand getDestinationAddressOperand() {
result = getAnOperand()
}
final Instruction getDestinationAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getDestinationAddressOperand().getDefinitionInstruction()
}
}
@@ -760,8 +780,12 @@ class ConditionalBranchInstruction extends Instruction {
getOpcode() instanceof Opcode::ConditionalBranch
}
final ConditionOperand getConditionOperand() {
result = getAnOperand()
}
final Instruction getCondition() {
result = getAnOperand().(ConditionOperand).getDefinitionInstruction()
result = getConditionOperand().getDefinitionInstruction()
}
final Instruction getTrueSuccessor() {
@@ -818,21 +842,29 @@ class BinaryInstruction extends Instruction {
getOpcode() instanceof BinaryOpcode
}
final LeftOperand getLeftOperand() {
result = getAnOperand()
}
final RightOperand getRightOperand() {
result = getAnOperand()
}
final Instruction getLeft() {
result = getAnOperand().(LeftOperand).getDefinitionInstruction()
result = getLeftOperand().getDefinitionInstruction()
}
final Instruction getRight() {
result = getAnOperand().(RightOperand).getDefinitionInstruction()
result = getRightOperand().getDefinitionInstruction()
}
/**
* Holds if this instruction's operands are `op1` and `op2`, in either order.
*/
final predicate hasOperands(Operand op1, Operand op2) {
op1 = getAnOperand().(LeftOperand) and op2 = getAnOperand().(RightOperand)
op1 = getLeftOperand() and op2 = getRightOperand()
or
op1 = getAnOperand().(RightOperand) and op2 = getAnOperand().(LeftOperand)
op1 = getRightOperand() and op2 = getLeftOperand()
}
}
@@ -948,8 +980,12 @@ class UnaryInstruction extends Instruction {
getOpcode() instanceof UnaryOpcode
}
final UnaryOperand getUnaryOperand() {
result = getAnOperand()
}
final Instruction getUnary() {
result = getAnOperand().(UnaryOperand).getDefinitionInstruction()
result = getUnaryOperand().getDefinitionInstruction()
}
}
@@ -1174,8 +1210,12 @@ class SwitchInstruction extends Instruction {
getOpcode() instanceof Opcode::Switch
}
final ConditionOperand getExpressionOperand() {
result = getAnOperand()
}
final Instruction getExpression() {
result = getAnOperand().(ConditionOperand).getDefinitionInstruction()
result = getExpressionOperand().getDefinitionInstruction()
}
final Instruction getACaseSuccessor() {
@@ -1197,38 +1237,63 @@ class CallInstruction extends Instruction {
getOpcode() instanceof Opcode::Call
}
/**
* Gets the operand the specifies the target function of the call.
*/
final CallTargetOperand getCallTargetOperand() {
result = getAnOperand()
}
/**
* Gets the `Instruction` that computes the target function of the call. This is usually a
* `FunctionAddress` instruction, but can also be an arbitrary instruction that produces a
* function pointer.
*/
final Instruction getCallTarget() {
result = getAnOperand().(CallTargetOperand).getDefinitionInstruction()
result = getCallTargetOperand().getDefinitionInstruction()
}
/**
* Gets all of the argument operands of the call, including the `this` pointer, if any.
*/
final ArgumentOperand getAnArgumentOperand() {
result = getAnOperand()
}
/**
* Gets all of the arguments of the call, including the `this` pointer, if any.
*/
final Instruction getAnArgument() {
result = getAnOperand().(ArgumentOperand).getDefinitionInstruction()
result = getAnArgumentOperand().getDefinitionInstruction()
}
/**
* Gets the `this` pointer argument operand of the call, if any.
*/
final ThisArgumentOperand getThisArgumentOperand() {
result = getAnOperand()
}
/**
* Gets the `this` pointer argument of the call, if any.
*/
final Instruction getThisArgument() {
result = getAnOperand().(ThisArgumentOperand).getDefinitionInstruction()
result = getThisArgumentOperand().getDefinitionInstruction()
}
/**
* Gets the argument operand at the specified index.
*/
final PositionalArgumentOperand getPositionalArgumentOperand(int index) {
result = getAnOperand() and
result.getIndex() = index
}
/**
* Gets the argument at the specified index.
*/
final Instruction getPositionalArgument(int index) {
exists(PositionalArgumentOperand operand |
operand = getAnOperand() and
operand.getIndex() = index and
result = operand.getDefinitionInstruction()
)
result = getPositionalArgumentOperand(index).getDefinitionInstruction()
}
}
@@ -1360,18 +1425,32 @@ class ThrowValueInstruction extends ThrowInstruction {
getOpcode() instanceof Opcode::ThrowValue
}
/**
* Gets the address operand of the exception thrown by this instruction.
*/
final AddressOperand getExceptionAddressOperand() {
result = getAnOperand()
}
/**
* Gets the address of the exception thrown by this instruction.
*/
final Instruction getExceptionAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getExceptionAddressOperand().getDefinitionInstruction()
}
/**
* Gets the operand for the exception thrown by this instruction.
*/
final ExceptionOperand getExceptionOperand() {
result = getAnOperand()
}
/**
* Gets the exception thrown by this instruction.
*/
final Instruction getException() {
result = getAnOperand().(ExceptionOperand).getDefinitionInstruction()
result = getExceptionOperand().getDefinitionInstruction()
}
}
@@ -1549,19 +1628,34 @@ class ChiInstruction extends Instruction {
result instanceof ChiTotalMemoryAccess
}
/**
* Gets the operand that represents the previous state of all memory that might be aliased by the
* memory write.
*/
final ChiTotalOperand getTotalOperand() {
result = getAnOperand()
}
/**
* Gets the operand that represents the previous state of all memory that might be aliased by the
* memory write.
*/
final Instruction getTotal() {
result = getAnOperand().(ChiTotalOperand).getDefinitionInstruction()
result = getTotalOperand().getDefinitionInstruction()
}
/**
* Gets the operand that represents the new value written by the memory write.
*/
final ChiPartialOperand getPartialOperand() {
result = getAnOperand()
}
/**
* Gets the operand that represents the new value written by the memory write.
*/
final Instruction getPartial() {
result = getAnOperand().(ChiPartialOperand).getDefinitionInstruction()
result = getPartialOperand().getDefinitionInstruction()
}
}

142
cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll
View File

@@ -665,8 +665,12 @@ class FieldAddressInstruction extends FieldInstruction {
getOpcode() instanceof Opcode::FieldAddress
}
final UnaryOperand getObjectAddressOperand() {
result = getAnOperand()
}
final Instruction getObjectAddress() {
result = getAnOperand().(UnaryOperand).getDefinitionInstruction()
result = getObjectAddressOperand().getDefinitionInstruction()
}
}
@@ -710,8 +714,12 @@ class ReturnValueInstruction extends ReturnInstruction {
getOpcode() instanceof Opcode::ReturnValue
}
final ReturnValueOperand getReturnValueOperand() {
result = getAnOperand()
}
final Instruction getReturnValue() {
result = getAnOperand().(ReturnValueOperand).getDefinitionInstruction()
result = getReturnValueOperand().getDefinitionInstruction()
}
}
@@ -720,8 +728,12 @@ class CopyInstruction extends Instruction {
getOpcode() instanceof CopyOpcode
}
final CopySourceOperand getSourceValueOperand() {
result = getAnOperand()
}
final Instruction getSourceValue() {
result = getAnOperand().(CopySourceOperand).getDefinitionInstruction()
result = getSourceValueOperand().getDefinitionInstruction()
}
}
@@ -736,8 +748,12 @@ class LoadInstruction extends CopyInstruction {
getOpcode() instanceof Opcode::Load
}
final AddressOperand getSourceAddressOperand() {
result = getAnOperand()
}
final Instruction getSourceAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getSourceAddressOperand().getDefinitionInstruction()
}
}
@@ -750,8 +766,12 @@ class StoreInstruction extends CopyInstruction {
result instanceof IndirectMemoryAccess
}
final AddressOperand getDestinationAddressOperand() {
result = getAnOperand()
}
final Instruction getDestinationAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getDestinationAddressOperand().getDefinitionInstruction()
}
}
@@ -760,8 +780,12 @@ class ConditionalBranchInstruction extends Instruction {
getOpcode() instanceof Opcode::ConditionalBranch
}
final ConditionOperand getConditionOperand() {
result = getAnOperand()
}
final Instruction getCondition() {
result = getAnOperand().(ConditionOperand).getDefinitionInstruction()
result = getConditionOperand().getDefinitionInstruction()
}
final Instruction getTrueSuccessor() {
@@ -818,21 +842,29 @@ class BinaryInstruction extends Instruction {
getOpcode() instanceof BinaryOpcode
}
final LeftOperand getLeftOperand() {
result = getAnOperand()
}
final RightOperand getRightOperand() {
result = getAnOperand()
}
final Instruction getLeft() {
result = getAnOperand().(LeftOperand).getDefinitionInstruction()
result = getLeftOperand().getDefinitionInstruction()
}
final Instruction getRight() {
result = getAnOperand().(RightOperand).getDefinitionInstruction()
result = getRightOperand().getDefinitionInstruction()
}
/**
* Holds if this instruction's operands are `op1` and `op2`, in either order.
*/
final predicate hasOperands(Operand op1, Operand op2) {
op1 = getAnOperand().(LeftOperand) and op2 = getAnOperand().(RightOperand)
op1 = getLeftOperand() and op2 = getRightOperand()
or
op1 = getAnOperand().(RightOperand) and op2 = getAnOperand().(LeftOperand)
op1 = getRightOperand() and op2 = getLeftOperand()
}
}
@@ -948,8 +980,12 @@ class UnaryInstruction extends Instruction {
getOpcode() instanceof UnaryOpcode
}
final UnaryOperand getUnaryOperand() {
result = getAnOperand()
}
final Instruction getUnary() {
result = getAnOperand().(UnaryOperand).getDefinitionInstruction()
result = getUnaryOperand().getDefinitionInstruction()
}
}
@@ -1174,8 +1210,12 @@ class SwitchInstruction extends Instruction {
getOpcode() instanceof Opcode::Switch
}
final ConditionOperand getExpressionOperand() {
result = getAnOperand()
}
final Instruction getExpression() {
result = getAnOperand().(ConditionOperand).getDefinitionInstruction()
result = getExpressionOperand().getDefinitionInstruction()
}
final Instruction getACaseSuccessor() {
@@ -1197,38 +1237,63 @@ class CallInstruction extends Instruction {
getOpcode() instanceof Opcode::Call
}
/**
* Gets the operand the specifies the target function of the call.
*/
final CallTargetOperand getCallTargetOperand() {
result = getAnOperand()
}
/**
* Gets the `Instruction` that computes the target function of the call. This is usually a
* `FunctionAddress` instruction, but can also be an arbitrary instruction that produces a
* function pointer.
*/
final Instruction getCallTarget() {
result = getAnOperand().(CallTargetOperand).getDefinitionInstruction()
result = getCallTargetOperand().getDefinitionInstruction()
}
/**
* Gets all of the argument operands of the call, including the `this` pointer, if any.
*/
final ArgumentOperand getAnArgumentOperand() {
result = getAnOperand()
}
/**
* Gets all of the arguments of the call, including the `this` pointer, if any.
*/
final Instruction getAnArgument() {
result = getAnOperand().(ArgumentOperand).getDefinitionInstruction()
result = getAnArgumentOperand().getDefinitionInstruction()
}
/**
* Gets the `this` pointer argument operand of the call, if any.
*/
final ThisArgumentOperand getThisArgumentOperand() {
result = getAnOperand()
}
/**
* Gets the `this` pointer argument of the call, if any.
*/
final Instruction getThisArgument() {
result = getAnOperand().(ThisArgumentOperand).getDefinitionInstruction()
result = getThisArgumentOperand().getDefinitionInstruction()
}
/**
* Gets the argument operand at the specified index.
*/
final PositionalArgumentOperand getPositionalArgumentOperand(int index) {
result = getAnOperand() and
result.getIndex() = index
}
/**
* Gets the argument at the specified index.
*/
final Instruction getPositionalArgument(int index) {
exists(PositionalArgumentOperand operand |
operand = getAnOperand() and
operand.getIndex() = index and
result = operand.getDefinitionInstruction()
)
result = getPositionalArgumentOperand(index).getDefinitionInstruction()
}
}
@@ -1360,18 +1425,32 @@ class ThrowValueInstruction extends ThrowInstruction {
getOpcode() instanceof Opcode::ThrowValue
}
/**
* Gets the address operand of the exception thrown by this instruction.
*/
final AddressOperand getExceptionAddressOperand() {
result = getAnOperand()
}
/**
* Gets the address of the exception thrown by this instruction.
*/
final Instruction getExceptionAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getExceptionAddressOperand().getDefinitionInstruction()
}
/**
* Gets the operand for the exception thrown by this instruction.
*/
final ExceptionOperand getExceptionOperand() {
result = getAnOperand()
}
/**
* Gets the exception thrown by this instruction.
*/
final Instruction getException() {
result = getAnOperand().(ExceptionOperand).getDefinitionInstruction()
result = getExceptionOperand().getDefinitionInstruction()
}
}
@@ -1549,19 +1628,34 @@ class ChiInstruction extends Instruction {
result instanceof ChiTotalMemoryAccess
}
/**
* Gets the operand that represents the previous state of all memory that might be aliased by the
* memory write.
*/
final ChiTotalOperand getTotalOperand() {
result = getAnOperand()
}
/**
* Gets the operand that represents the previous state of all memory that might be aliased by the
* memory write.
*/
final Instruction getTotal() {
result = getAnOperand().(ChiTotalOperand).getDefinitionInstruction()
result = getTotalOperand().getDefinitionInstruction()
}
/**
* Gets the operand that represents the new value written by the memory write.
*/
final ChiPartialOperand getPartialOperand() {
result = getAnOperand()
}
/**
* Gets the operand that represents the new value written by the memory write.
*/
final Instruction getPartial() {
result = getAnOperand().(ChiPartialOperand).getDefinitionInstruction()
result = getPartialOperand().getDefinitionInstruction()
}
}

142
cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
View File

@@ -665,8 +665,12 @@ class FieldAddressInstruction extends FieldInstruction {
getOpcode() instanceof Opcode::FieldAddress
}
final UnaryOperand getObjectAddressOperand() {
result = getAnOperand()
}
final Instruction getObjectAddress() {
result = getAnOperand().(UnaryOperand).getDefinitionInstruction()
result = getObjectAddressOperand().getDefinitionInstruction()
}
}
@@ -710,8 +714,12 @@ class ReturnValueInstruction extends ReturnInstruction {
getOpcode() instanceof Opcode::ReturnValue
}
final ReturnValueOperand getReturnValueOperand() {
result = getAnOperand()
}
final Instruction getReturnValue() {
result = getAnOperand().(ReturnValueOperand).getDefinitionInstruction()
result = getReturnValueOperand().getDefinitionInstruction()
}
}
@@ -720,8 +728,12 @@ class CopyInstruction extends Instruction {
getOpcode() instanceof CopyOpcode
}
final CopySourceOperand getSourceValueOperand() {
result = getAnOperand()
}
final Instruction getSourceValue() {
result = getAnOperand().(CopySourceOperand).getDefinitionInstruction()
result = getSourceValueOperand().getDefinitionInstruction()
}
}
@@ -736,8 +748,12 @@ class LoadInstruction extends CopyInstruction {
getOpcode() instanceof Opcode::Load
}
final AddressOperand getSourceAddressOperand() {
result = getAnOperand()
}
final Instruction getSourceAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getSourceAddressOperand().getDefinitionInstruction()
}
}
@@ -750,8 +766,12 @@ class StoreInstruction extends CopyInstruction {
result instanceof IndirectMemoryAccess
}
final AddressOperand getDestinationAddressOperand() {
result = getAnOperand()
}
final Instruction getDestinationAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getDestinationAddressOperand().getDefinitionInstruction()
}
}
@@ -760,8 +780,12 @@ class ConditionalBranchInstruction extends Instruction {
getOpcode() instanceof Opcode::ConditionalBranch
}
final ConditionOperand getConditionOperand() {
result = getAnOperand()
}
final Instruction getCondition() {
result = getAnOperand().(ConditionOperand).getDefinitionInstruction()
result = getConditionOperand().getDefinitionInstruction()
}
final Instruction getTrueSuccessor() {
@@ -818,21 +842,29 @@ class BinaryInstruction extends Instruction {
getOpcode() instanceof BinaryOpcode
}
final LeftOperand getLeftOperand() {
result = getAnOperand()
}
final RightOperand getRightOperand() {
result = getAnOperand()
}
final Instruction getLeft() {
result = getAnOperand().(LeftOperand).getDefinitionInstruction()
result = getLeftOperand().getDefinitionInstruction()
}
final Instruction getRight() {
result = getAnOperand().(RightOperand).getDefinitionInstruction()
result = getRightOperand().getDefinitionInstruction()
}
/**
* Holds if this instruction's operands are `op1` and `op2`, in either order.
*/
final predicate hasOperands(Operand op1, Operand op2) {
op1 = getAnOperand().(LeftOperand) and op2 = getAnOperand().(RightOperand)
op1 = getLeftOperand() and op2 = getRightOperand()
or
op1 = getAnOperand().(RightOperand) and op2 = getAnOperand().(LeftOperand)
op1 = getRightOperand() and op2 = getLeftOperand()
}
}
@@ -948,8 +980,12 @@ class UnaryInstruction extends Instruction {
getOpcode() instanceof UnaryOpcode
}
final UnaryOperand getUnaryOperand() {
result = getAnOperand()
}
final Instruction getUnary() {
result = getAnOperand().(UnaryOperand).getDefinitionInstruction()
result = getUnaryOperand().getDefinitionInstruction()
}
}
@@ -1174,8 +1210,12 @@ class SwitchInstruction extends Instruction {
getOpcode() instanceof Opcode::Switch
}
final ConditionOperand getExpressionOperand() {
result = getAnOperand()
}
final Instruction getExpression() {
result = getAnOperand().(ConditionOperand).getDefinitionInstruction()
result = getExpressionOperand().getDefinitionInstruction()
}
final Instruction getACaseSuccessor() {
@@ -1197,38 +1237,63 @@ class CallInstruction extends Instruction {
getOpcode() instanceof Opcode::Call
}
/**
* Gets the operand the specifies the target function of the call.
*/
final CallTargetOperand getCallTargetOperand() {
result = getAnOperand()
}
/**
* Gets the `Instruction` that computes the target function of the call. This is usually a
* `FunctionAddress` instruction, but can also be an arbitrary instruction that produces a
* function pointer.
*/
final Instruction getCallTarget() {
result = getAnOperand().(CallTargetOperand).getDefinitionInstruction()
result = getCallTargetOperand().getDefinitionInstruction()
}
/**
* Gets all of the argument operands of the call, including the `this` pointer, if any.
*/
final ArgumentOperand getAnArgumentOperand() {
result = getAnOperand()
}
/**
* Gets all of the arguments of the call, including the `this` pointer, if any.
*/
final Instruction getAnArgument() {
result = getAnOperand().(ArgumentOperand).getDefinitionInstruction()
result = getAnArgumentOperand().getDefinitionInstruction()
}
/**
* Gets the `this` pointer argument operand of the call, if any.
*/
final ThisArgumentOperand getThisArgumentOperand() {
result = getAnOperand()
}
/**
* Gets the `this` pointer argument of the call, if any.
*/
final Instruction getThisArgument() {
result = getAnOperand().(ThisArgumentOperand).getDefinitionInstruction()
result = getThisArgumentOperand().getDefinitionInstruction()
}
/**
* Gets the argument operand at the specified index.
*/
final PositionalArgumentOperand getPositionalArgumentOperand(int index) {
result = getAnOperand() and
result.getIndex() = index
}
/**
* Gets the argument at the specified index.
*/
final Instruction getPositionalArgument(int index) {
exists(PositionalArgumentOperand operand |
operand = getAnOperand() and
operand.getIndex() = index and
result = operand.getDefinitionInstruction()
)
result = getPositionalArgumentOperand(index).getDefinitionInstruction()
}
}
@@ -1360,18 +1425,32 @@ class ThrowValueInstruction extends ThrowInstruction {
getOpcode() instanceof Opcode::ThrowValue
}
/**
* Gets the address operand of the exception thrown by this instruction.
*/
final AddressOperand getExceptionAddressOperand() {
result = getAnOperand()
}
/**
* Gets the address of the exception thrown by this instruction.
*/
final Instruction getExceptionAddress() {
result = getAnOperand().(AddressOperand).getDefinitionInstruction()
result = getExceptionAddressOperand().getDefinitionInstruction()
}
/**
* Gets the operand for the exception thrown by this instruction.
*/
final ExceptionOperand getExceptionOperand() {
result = getAnOperand()
}
/**
* Gets the exception thrown by this instruction.
*/
final Instruction getException() {
result = getAnOperand().(ExceptionOperand).getDefinitionInstruction()
result = getExceptionOperand().getDefinitionInstruction()
}
}
@@ -1549,19 +1628,34 @@ class ChiInstruction extends Instruction {
result instanceof ChiTotalMemoryAccess
}
/**
* Gets the operand that represents the previous state of all memory that might be aliased by the
* memory write.
*/
final ChiTotalOperand getTotalOperand() {
result = getAnOperand()
}
/**
* Gets the operand that represents the previous state of all memory that might be aliased by the
* memory write.
*/
final Instruction getTotal() {
result = getAnOperand().(ChiTotalOperand).getDefinitionInstruction()
result = getTotalOperand().getDefinitionInstruction()
}
/**
* Gets the operand that represents the new value written by the memory write.
*/
final ChiPartialOperand getPartialOperand() {
result = getAnOperand()
}
/**
* Gets the operand that represents the new value written by the memory write.
*/
final Instruction getPartial() {
result = getAnOperand().(ChiPartialOperand).getDefinitionInstruction()
result = getPartialOperand().getDefinitionInstruction()
}
}

14
cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll
View File

@@ -288,8 +288,8 @@ private predicate boundFlowStep(Instruction i, NonPhiOperand op, int delta, bool
exists(Operand x |
exists(SubInstruction sub |
i = sub and
sub.getAnOperand().(LeftOperand) = op and
sub.getAnOperand().(RightOperand) = x
sub.getLeftOperand() = op and
sub.getRightOperand() = x
)
|
// `x` with constant value is covered by valueFlowStep
@@ -308,9 +308,9 @@ private predicate boundFlowStep(Instruction i, NonPhiOperand op, int delta, bool
) else if negative(x) then (upper = false and delta = 0) else none()
)
or
i.(RemInstruction).getAnOperand().(RightOperand) = op and positive(op) and delta = -1 and upper = true
i.(RemInstruction).getRightOperand() = op and positive(op) and delta = -1 and upper = true
or
i.(RemInstruction).getAnOperand().(LeftOperand) = op and positive(op) and delta = 0 and upper = true
i.(RemInstruction).getLeftOperand() = op and positive(op) and delta = 0 and upper = true
or
i.(BitAndInstruction).getAnOperand() = op and positive(op) and delta = 0 and upper = true
or
@@ -323,7 +323,7 @@ private predicate boundFlowStepMul(Instruction i1, Operand op, int factor) {
i1.(MulInstruction).hasOperands(op, c.getAUse()) and factor = k
or
exists(ShiftLeftInstruction i |
i = i1 and i.getAnOperand().(LeftOperand) = op and i.getAnOperand().(RightOperand) = c.getAUse() and factor = 2.pow(k)
i = i1 and i.getLeftOperand() = op and i.getRightOperand() = c.getAUse() and factor = 2.pow(k)
)
)
}
@@ -331,11 +331,11 @@ private predicate boundFlowStepMul(Instruction i1, Operand op, int factor) {
private predicate boundFlowStepDiv(Instruction i1, Operand op, int factor) {
exists(Instruction c, int k | k = getValue(getConstantValue(c)) and k > 0 |
exists(DivInstruction i |
i = i1 and i.getAnOperand().(LeftOperand) = op and i.getRight() = c and factor = k
i = i1 and i.getLeftOperand() = op and i.getRight() = c and factor = k
)
or
exists(ShiftRightInstruction i |
i = i1 and i.getAnOperand().(LeftOperand) = op and i.getRight() = c and factor = 2.pow(k)
i = i1 and i.getLeftOperand() = op and i.getRight() = c and factor = 2.pow(k)
)
)
}

8
cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeUtils.qll
View File

@@ -39,8 +39,8 @@ predicate valueFlowStep(Instruction i, Operand op, int delta) {
)
or
exists(Operand x |
i.(SubInstruction).getAnOperand().(LeftOperand) = op and
i.(SubInstruction).getAnOperand().(RightOperand) = x
i.(SubInstruction).getLeftOperand() = op and
i.(SubInstruction).getRightOperand() = x
|
delta = -getValue(getConstantValue(x.getDefinitionInstruction()))
)
@@ -55,8 +55,8 @@ predicate valueFlowStep(Instruction i, Operand op, int delta) {
)
or
exists(Operand x |
i.(PointerSubInstruction).getAnOperand().(LeftOperand) = op and
i.(PointerSubInstruction).getAnOperand().(RightOperand) = x
i.(PointerSubInstruction).getLeftOperand() = op and
i.(PointerSubInstruction).getRightOperand() = x
|
delta = i.(PointerSubInstruction).getElementSize() *
-getValue(getConstantValue(x.getDefinitionInstruction()))

10
cpp/ql/src/semmle/code/cpp/rangeanalysis/SignAnalysis.qll
View File

@@ -316,16 +316,16 @@ private predicate zeroBoundOk(IRGuardCondition comp, Operand bound, Operand op)
eqBound(comp, bound, op, false) and TZero() != operandSign(bound)
}
private Sign binaryOpLhsSign(Instruction i) {
result = operandSign(i.getAnOperand().(LeftOperand))
private Sign binaryOpLhsSign(BinaryInstruction i) {
result = operandSign(i.getLeftOperand())
}
private Sign binaryOpRhsSign(Instruction i) {
result = operandSign(i.getAnOperand().(RightOperand))
private Sign binaryOpRhsSign(BinaryInstruction i) {
result = operandSign(i.getRightOperand())
}
pragma[noinline]
private predicate binaryOpSigns(Instruction i, Sign lhs, Sign rhs) {
private predicate binaryOpSigns(BinaryInstruction i, Sign lhs, Sign rhs) {
lhs = binaryOpLhsSign(i) and
rhs = binaryOpRhsSign(i)
}