C++: Remove resultType from the IPA constructors for TInstruction

Making these part of the IPA object identity changes the failure mode for cases where we assign multiple result types to an instruction. Previously, we would just have one instruction with two result types, but now we'd have two instructions, which breaks things worse. This change goes back to how things were before, to avoid any new surprises on real-world code with invalid ASTs or IR.
2025-12-21 03:06:31 +01:00 · 2020-06-03 10:11:27 -04:00
parent 53d4a8e3b2
commit f93c2e4e64
6 changed files with 112 additions and 128 deletions
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
@@ -19,10 +19,8 @@ private module Cached {
  class TStageInstruction =
    TRawInstruction or TPhiInstruction or TChiInstruction or TUnreachedInstruction;

-  private TRawInstruction rawInstruction(
-    IRFunctionBase irFunc, Opcode opcode, Language::AST ast, Language::LanguageType resultType
-  ) {
-    result = TRawInstruction(irFunc, opcode, ast, resultType, _, _) and
+  private TRawInstruction rawInstruction(IRFunctionBase irFunc, Opcode opcode, Language::AST ast) {
+    result = TRawInstruction(irFunc, opcode, ast, _, _) and
    result instanceof OldInstruction
  }

@@ -246,15 +244,15 @@ private module Cached {

  cached
  Language::AST getInstructionAST(TStageInstruction instr) {
-    instr = rawInstruction(_, _, result, _)
+    instr = rawInstruction(_, _, result)
    or
    exists(RawIR::Instruction blockStartInstr |
-      instr = phiInstruction(_, _, blockStartInstr, _) and
+      instr = phiInstruction(_, blockStartInstr, _) and
      result = blockStartInstr.getAST()
    )
    or
    exists(RawIR::Instruction primaryInstr |
-      instr = chiInstruction(_, _, primaryInstr) and
+      instr = chiInstruction(_, primaryInstr) and
      result = primaryInstr.getAST()
    )
    or
@@ -265,33 +263,40 @@ private module Cached {

  cached
  Language::LanguageType getInstructionResultType(TStageInstruction instr) {
-    instr = rawInstruction(_, _, _, result)
+    result = instr.(RawIR::Instruction).getResultLanguageType()
    or
-    instr = phiInstruction(_, result, _, _)
+    exists(Alias::MemoryLocation defLocation |
+      instr = phiInstruction(_, _, defLocation) and
+      result = defLocation.getType()
+    )
    or
-    instr = chiInstruction(_, result, _)
+    exists(Instruction primaryInstr, Alias::VirtualVariable vvar |
+      instr = chiInstruction(_, primaryInstr) and
+      hasChiNode(vvar, primaryInstr) and
+      result = vvar.getType()
+    )
    or
    instr = unreachedInstruction(_) and result = Language::getVoidType()
  }

  cached
  Opcode getInstructionOpcode(TStageInstruction instr) {
-    instr = rawInstruction(_, result, _, _)
+    instr = rawInstruction(_, result, _)
    or
-    instr = phiInstruction(_, _, _, _) and result instanceof Opcode::Phi
+    instr = phiInstruction(_, _, _) and result instanceof Opcode::Phi
    or
-    instr = chiInstruction(_, _, _) and result instanceof Opcode::Chi
+    instr = chiInstruction(_, _) and result instanceof Opcode::Chi
    or
    instr = unreachedInstruction(_) and result instanceof Opcode::Unreached
  }

  cached
  IRFunctionBase getInstructionEnclosingIRFunction(TStageInstruction instr) {
-    instr = rawInstruction(result, _, _, _)
+    instr = rawInstruction(result, _, _)
    or
-    instr = phiInstruction(result, _, _, _)
+    instr = phiInstruction(result, _, _)
    or
-    instr = chiInstruction(result, _, _)
+    instr = chiInstruction(result, _)
    or
    instr = unreachedInstruction(result)
  }
@@ -313,11 +318,11 @@ private module Cached {
 private Instruction getNewInstruction(OldInstruction instr) { getOldInstruction(result) = instr }

 private ChiInstruction getChi(OldInstruction primaryInstr) {
-  result = chiInstruction(_, _, primaryInstr)
+  result = chiInstruction(_, primaryInstr)
 }

 private PhiInstruction getPhi(OldBlock defBlock, Alias::MemoryLocation defLocation) {
-  result = phiInstruction(_, _, defBlock.getFirstInstruction(), defLocation)
+  result = phiInstruction(_, defBlock.getFirstInstruction(), defLocation)
 }

 /**
@@ -883,26 +888,19 @@ module SSA {

  cached
  predicate hasPhiInstruction(
-    IRFunction irFunc, Language::LanguageType resultType, OldInstruction blockStartInstr,
-    Alias::MemoryLocation defLocation
+    IRFunction irFunc, OldInstruction blockStartInstr, Alias::MemoryLocation defLocation
  ) {
    exists(OldBlock oldBlock |
      definitionHasPhiNode(defLocation, oldBlock) and
      irFunc = oldBlock.getEnclosingIRFunction() and
-      blockStartInstr = oldBlock.getFirstInstruction() and
-      resultType = defLocation.getType()
+      blockStartInstr = oldBlock.getFirstInstruction()
    )
  }

  cached
-  predicate hasChiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, OldInstruction primaryInstruction
-  ) {
-    exists(Alias::VirtualVariable vvar |
-      hasChiNode(vvar, primaryInstruction) and
-      irFunc = primaryInstruction.getEnclosingIRFunction() and
-      resultType = vvar.getType()
-    )
+  predicate hasChiInstruction(IRFunctionBase irFunc, OldInstruction primaryInstruction) {
+    hasChiNode(_, primaryInstruction) and
+    irFunc = primaryInstruction.getEnclosingIRFunction()
  }

  cached
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
@@ -14,35 +14,29 @@ private import Imports::Opcode
 */
 newtype TInstruction =
  TRawInstruction(
-    IRFunctionBase irFunc, Opcode opcode, Language::AST ast, Language::LanguageType resultType,
+    IRFunctionBase irFunc, Opcode opcode, Language::AST ast,
    IRConstruction::Raw::InstructionTag1 tag1, IRConstruction::Raw::InstructionTag2 tag2
  ) {
-    IRConstruction::Raw::hasInstruction(irFunc.getFunction(), opcode, ast, resultType, tag1, tag2)
+    IRConstruction::Raw::hasInstruction(irFunc.getFunction(), opcode, ast, tag1, tag2)
  } or
  TUnaliasedSSAPhiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction blockStartInstr,
+    IRFunctionBase irFunc, TRawInstruction blockStartInstr,
    UnaliasedSSA::SSA::MemoryLocation memoryLocation
  ) {
-    UnaliasedSSA::SSA::hasPhiInstruction(irFunc, resultType, blockStartInstr, memoryLocation)
-  } or
-  TUnaliasedSSAChiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction primaryInstruction
-  ) {
-    none()
+    UnaliasedSSA::SSA::hasPhiInstruction(irFunc, blockStartInstr, memoryLocation)
  } or
+  TUnaliasedSSAChiInstruction(IRFunctionBase irFunc, TRawInstruction primaryInstruction) { none() } or
  TUnaliasedSSAUnreachedInstruction(IRFunctionBase irFunc) {
    UnaliasedSSA::SSA::hasUnreachedInstruction(irFunc)
  } or
  TAliasedSSAPhiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction blockStartInstr,
+    IRFunctionBase irFunc, TRawInstruction blockStartInstr,
    AliasedSSA::SSA::MemoryLocation memoryLocation
  ) {
-    AliasedSSA::SSA::hasPhiInstruction(irFunc, resultType, blockStartInstr, memoryLocation)
+    AliasedSSA::SSA::hasPhiInstruction(irFunc, blockStartInstr, memoryLocation)
  } or
-  TAliasedSSAChiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction primaryInstruction
-  ) {
-    AliasedSSA::SSA::hasChiInstruction(irFunc, resultType, primaryInstruction)
+  TAliasedSSAChiInstruction(IRFunctionBase irFunc, TRawInstruction primaryInstruction) {
+    AliasedSSA::SSA::hasChiInstruction(irFunc, primaryInstruction)
  } or
  TAliasedSSAUnreachedInstruction(IRFunctionBase irFunc) {
    AliasedSSA::SSA::hasUnreachedInstruction(irFunc)
@@ -58,18 +52,16 @@ module UnaliasedSSAInstructions {
  class TPhiInstruction = TUnaliasedSSAPhiInstruction;

  TPhiInstruction phiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction blockStartInstr,
+    IRFunctionBase irFunc, TRawInstruction blockStartInstr,
    UnaliasedSSA::SSA::MemoryLocation memoryLocation
  ) {
-    result = TUnaliasedSSAPhiInstruction(irFunc, resultType, blockStartInstr, memoryLocation)
+    result = TUnaliasedSSAPhiInstruction(irFunc, blockStartInstr, memoryLocation)
  }

  class TChiInstruction = TUnaliasedSSAChiInstruction;

-  TChiInstruction chiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction primaryInstruction
-  ) {
-    result = TUnaliasedSSAChiInstruction(irFunc, resultType, primaryInstruction)
+  TChiInstruction chiInstruction(IRFunctionBase irFunc, TRawInstruction primaryInstruction) {
+    result = TUnaliasedSSAChiInstruction(irFunc, primaryInstruction)
  }

  class TUnreachedInstruction = TUnaliasedSSAUnreachedInstruction;
@@ -89,18 +81,16 @@ module AliasedSSAInstructions {
  class TPhiInstruction = TAliasedSSAPhiInstruction;

  TPhiInstruction phiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction blockStartInstr,
+    IRFunctionBase irFunc, TRawInstruction blockStartInstr,
    AliasedSSA::SSA::MemoryLocation memoryLocation
  ) {
-    result = TAliasedSSAPhiInstruction(irFunc, resultType, blockStartInstr, memoryLocation)
+    result = TAliasedSSAPhiInstruction(irFunc, blockStartInstr, memoryLocation)
  }

  class TChiInstruction = TAliasedSSAChiInstruction;

-  TChiInstruction chiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, TRawInstruction primaryInstruction
-  ) {
-    result = TAliasedSSAChiInstruction(irFunc, resultType, primaryInstruction)
+  TChiInstruction chiInstruction(IRFunctionBase irFunc, TRawInstruction primaryInstruction) {
+    result = TAliasedSSAChiInstruction(irFunc, primaryInstruction)
  }

  class TUnreachedInstruction = TAliasedSSAUnreachedInstruction;
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
@@ -15,11 +15,11 @@ private import TranslatedStmt
 private import TranslatedFunction

 TranslatedElement getInstructionTranslatedElement(Instruction instruction) {
-  instruction = TRawInstruction(_, _, _, _, result, _)
+  instruction = TRawInstruction(_, _, _, result, _)
 }

 InstructionTag getInstructionTag(Instruction instruction) {
-  instruction = TRawInstruction(_, _, _, _, _, result)
+  instruction = TRawInstruction(_, _, _, _, result)
 }

 pragma[noinline]
@@ -45,10 +45,9 @@ module Raw {

  cached
  predicate hasInstruction(
-    Function func, Opcode opcode, Element ast, CppType resultType, TranslatedElement element,
-    InstructionTag tag
+    Function func, Opcode opcode, Element ast, TranslatedElement element, InstructionTag tag
  ) {
-    element.hasInstruction(opcode, tag, resultType) and
+    element.hasInstruction(opcode, tag, _) and
    ast = element.getAST() and
    func = element.getFunction()
  }
@@ -371,22 +370,25 @@ private module Cached {

  cached
  Locatable getInstructionAST(TStageInstruction instr) {
-    instr = TRawInstruction(_, _, result, _, _, _)
+    instr = TRawInstruction(_, _, result, _, _)
  }

  cached
  CppType getInstructionResultType(TStageInstruction instr) {
-    instr = TRawInstruction(_, _, _, result, _, _)
+    exists(TranslatedElement element, InstructionTag tag |
+      instructionOrigin(instr, element, tag) and
+      element.hasInstruction(_, tag, result)
+    )
  }

  cached
  Opcode getInstructionOpcode(TStageInstruction instr) {
-    instr = TRawInstruction(_, result, _, _, _, _)
+    instr = TRawInstruction(_, result, _, _, _)
  }

  cached
  IRFunctionBase getInstructionEnclosingIRFunction(TStageInstruction instr) {
-    instr = TRawInstruction(result, _, _, _, _, _)
+    instr = TRawInstruction(result, _, _, _, _)
  }

  cached
--- a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -19,10 +19,8 @@ private module Cached {
  class TStageInstruction =
    TRawInstruction or TPhiInstruction or TChiInstruction or TUnreachedInstruction;

-  private TRawInstruction rawInstruction(
-    IRFunctionBase irFunc, Opcode opcode, Language::AST ast, Language::LanguageType resultType
-  ) {
-    result = TRawInstruction(irFunc, opcode, ast, resultType, _, _) and
+  private TRawInstruction rawInstruction(IRFunctionBase irFunc, Opcode opcode, Language::AST ast) {
+    result = TRawInstruction(irFunc, opcode, ast, _, _) and
    result instanceof OldInstruction
  }

@@ -246,15 +244,15 @@ private module Cached {

  cached
  Language::AST getInstructionAST(TStageInstruction instr) {
-    instr = rawInstruction(_, _, result, _)
+    instr = rawInstruction(_, _, result)
    or
    exists(RawIR::Instruction blockStartInstr |
-      instr = phiInstruction(_, _, blockStartInstr, _) and
+      instr = phiInstruction(_, blockStartInstr, _) and
      result = blockStartInstr.getAST()
    )
    or
    exists(RawIR::Instruction primaryInstr |
-      instr = chiInstruction(_, _, primaryInstr) and
+      instr = chiInstruction(_, primaryInstr) and
      result = primaryInstr.getAST()
    )
    or
@@ -265,33 +263,40 @@ private module Cached {

  cached
  Language::LanguageType getInstructionResultType(TStageInstruction instr) {
-    instr = rawInstruction(_, _, _, result)
+    result = instr.(RawIR::Instruction).getResultLanguageType()
    or
-    instr = phiInstruction(_, result, _, _)
+    exists(Alias::MemoryLocation defLocation |
+      instr = phiInstruction(_, _, defLocation) and
+      result = defLocation.getType()
+    )
    or
-    instr = chiInstruction(_, result, _)
+    exists(Instruction primaryInstr, Alias::VirtualVariable vvar |
+      instr = chiInstruction(_, primaryInstr) and
+      hasChiNode(vvar, primaryInstr) and
+      result = vvar.getType()
+    )
    or
    instr = unreachedInstruction(_) and result = Language::getVoidType()
  }

  cached
  Opcode getInstructionOpcode(TStageInstruction instr) {
-    instr = rawInstruction(_, result, _, _)
+    instr = rawInstruction(_, result, _)
    or
-    instr = phiInstruction(_, _, _, _) and result instanceof Opcode::Phi
+    instr = phiInstruction(_, _, _) and result instanceof Opcode::Phi
    or
-    instr = chiInstruction(_, _, _) and result instanceof Opcode::Chi
+    instr = chiInstruction(_, _) and result instanceof Opcode::Chi
    or
    instr = unreachedInstruction(_) and result instanceof Opcode::Unreached
  }

  cached
  IRFunctionBase getInstructionEnclosingIRFunction(TStageInstruction instr) {
-    instr = rawInstruction(result, _, _, _)
+    instr = rawInstruction(result, _, _)
    or
-    instr = phiInstruction(result, _, _, _)
+    instr = phiInstruction(result, _, _)
    or
-    instr = chiInstruction(result, _, _)
+    instr = chiInstruction(result, _)
    or
    instr = unreachedInstruction(result)
  }
@@ -313,11 +318,11 @@ private module Cached {
 private Instruction getNewInstruction(OldInstruction instr) { getOldInstruction(result) = instr }

 private ChiInstruction getChi(OldInstruction primaryInstr) {
-  result = chiInstruction(_, _, primaryInstr)
+  result = chiInstruction(_, primaryInstr)
 }

 private PhiInstruction getPhi(OldBlock defBlock, Alias::MemoryLocation defLocation) {
-  result = phiInstruction(_, _, defBlock.getFirstInstruction(), defLocation)
+  result = phiInstruction(_, defBlock.getFirstInstruction(), defLocation)
 }

 /**
@@ -883,26 +888,19 @@ module SSA {

  cached
  predicate hasPhiInstruction(
-    IRFunction irFunc, Language::LanguageType resultType, OldInstruction blockStartInstr,
-    Alias::MemoryLocation defLocation
+    IRFunction irFunc, OldInstruction blockStartInstr, Alias::MemoryLocation defLocation
  ) {
    exists(OldBlock oldBlock |
      definitionHasPhiNode(defLocation, oldBlock) and
      irFunc = oldBlock.getEnclosingIRFunction() and
-      blockStartInstr = oldBlock.getFirstInstruction() and
-      resultType = defLocation.getType()
+      blockStartInstr = oldBlock.getFirstInstruction()
    )
  }

  cached
-  predicate hasChiInstruction(
-    IRFunctionBase irFunc, Language::LanguageType resultType, OldInstruction primaryInstruction
-  ) {
-    exists(Alias::VirtualVariable vvar |
-      hasChiNode(vvar, primaryInstruction) and
-      irFunc = primaryInstruction.getEnclosingIRFunction() and
-      resultType = vvar.getType()
-    )
+  predicate hasChiInstruction(IRFunctionBase irFunc, OldInstruction primaryInstruction) {
+    hasChiNode(_, primaryInstruction) and
+    irFunc = primaryInstruction.getEnclosingIRFunction()
  }

  cached
--- a/cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
+++ b/cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
@@ -42,7 +42,6 @@ missingOperandType
 duplicateChiOperand
 sideEffectWithoutPrimary
 instructionWithoutSuccessor
-| CPP-309.cpp:7:5:7:20 | InitializeDynamicAllocation: new[] |
 | VacuousDestructorCall.cpp:2:29:2:29 | InitializeIndirection: y |
 | VacuousDestructorCall.cpp:3:3:3:3 | VariableAddress: x |
 | VacuousDestructorCall.cpp:4:3:4:3 | Load: y |
@@ -51,7 +50,6 @@ instructionWithoutSuccessor
 | condition_decls.cpp:26:23:26:24 | IndirectMayWriteSideEffect: call to BoxedInt |
 | condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt |
 | condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt |
-| cpp17.cpp:15:5:15:45 | InitializeDynamicAllocation: new |
 | enum.c:6:9:6:9 | Constant: (int)... |
 | file://:0:0:0:0 | CompareNE: (bool)... |
 | file://:0:0:0:0 | CompareNE: (bool)... |