Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 39b400c

Browse files
author
Robert Marsh
committed
C++: Add DefinitionByReferenceNode to IR dataflow
1 parent fa8e5e6 commit 39b400c

6 files changed

Lines changed: 77 additions & 5 deletions

File tree

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,11 +173,53 @@ abstract class PostUpdateNode extends Node {
173173
abstract Node getPreUpdateNode();
174174
}
175175

176+
/**
177+
* A node that represents the value of a variable after a function call that
178+
* may have changed the variable because it's passed by reference.
179+
*
180+
* A typical example would be a call `f(&x)`. Firstly, there will be flow into
181+
* `x` from previous definitions of `x`. Secondly, there will be a
182+
* `DefinitionByReferenceNode` to represent the value of `x` after the call has
183+
* returned. This node will have its `getArgument()` equal to `&x` and its
184+
* `getVariableAccess()` equal to `x`.
185+
*/
186+
class DefinitionByReferenceNode extends Node {
187+
override WriteSideEffectInstruction instr;
188+
189+
/** Gets the argument corresponding to this node. */
190+
Expr getArgument() {
191+
result = instr
192+
.getPrimaryInstruction()
193+
.(CallInstruction)
194+
.getPositionalArgument(instr.getIndex())
195+
.getUnconvertedResultExpression()
196+
or
197+
result = instr
198+
.getPrimaryInstruction()
199+
.(CallInstruction)
200+
.getThisArgument()
201+
.getUnconvertedResultExpression() and
202+
instr.getIndex() = -1
203+
}
204+
205+
206+
/** Gets the parameter through which this value is assigned. */
207+
Parameter getParameter() {
208+
exists(CallInstruction ci |
209+
result = ci.getStaticCallTarget().getParameter(instr.getIndex())
210+
)
211+
}
212+
}
213+
176214
/**
177215
* Gets the node corresponding to `instr`.
178216
*/
179217
Node instructionNode(Instruction instr) { result.asInstruction() = instr }
180218

219+
DefinitionByReferenceNode definitionByReferenceNode(Expr e) {
220+
result.getArgument() = e
221+
}
222+
181223
/**
182224
* Gets a `Node` corresponding to `e` or any of its conversions. There is no
183225
* result if `e` is a `Conversion`.

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1236,6 +1236,8 @@ class IndirectReadSideEffectInstruction extends SideEffectInstruction {
12361236
IndirectReadSideEffectInstruction() { getOpcode() instanceof Opcode::IndirectReadSideEffect }
12371237

12381238
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1239+
1240+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12391241
}
12401242

12411243
/**
@@ -1245,6 +1247,8 @@ class BufferReadSideEffectInstruction extends SideEffectInstruction {
12451247
BufferReadSideEffectInstruction() { getOpcode() instanceof Opcode::BufferReadSideEffect }
12461248

12471249
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1250+
1251+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12481252
}
12491253

12501254
/**
@@ -1258,12 +1262,14 @@ class SizedBufferReadSideEffectInstruction extends SideEffectInstruction {
12581262
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
12591263

12601264
Instruction getSizeDef() { result = getAnOperand().(BufferSizeOperand).getDef() }
1265+
1266+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12611267
}
12621268

12631269
/**
12641270
* An instruction representing a side effect of a function call.
12651271
*/
1266-
class WriteSideEffectInstruction extends SideEffectInstruction {
1272+
class WriteSideEffectInstruction extends SideEffectInstruction, IndexedInstruction {
12671273
WriteSideEffectInstruction() { getOpcode() instanceof WriteSideEffectOpcode }
12681274

12691275
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1236,6 +1236,8 @@ class IndirectReadSideEffectInstruction extends SideEffectInstruction {
12361236
IndirectReadSideEffectInstruction() { getOpcode() instanceof Opcode::IndirectReadSideEffect }
12371237

12381238
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1239+
1240+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12391241
}
12401242

12411243
/**
@@ -1245,6 +1247,8 @@ class BufferReadSideEffectInstruction extends SideEffectInstruction {
12451247
BufferReadSideEffectInstruction() { getOpcode() instanceof Opcode::BufferReadSideEffect }
12461248

12471249
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1250+
1251+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12481252
}
12491253

12501254
/**
@@ -1258,12 +1262,14 @@ class SizedBufferReadSideEffectInstruction extends SideEffectInstruction {
12581262
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
12591263

12601264
Instruction getSizeDef() { result = getAnOperand().(BufferSizeOperand).getDef() }
1265+
1266+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12611267
}
12621268

12631269
/**
12641270
* An instruction representing a side effect of a function call.
12651271
*/
1266-
class WriteSideEffectInstruction extends SideEffectInstruction {
1272+
class WriteSideEffectInstruction extends SideEffectInstruction, IndexedInstruction {
12671273
WriteSideEffectInstruction() { getOpcode() instanceof WriteSideEffectOpcode }
12681274

12691275
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }

cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1236,6 +1236,8 @@ class IndirectReadSideEffectInstruction extends SideEffectInstruction {
12361236
IndirectReadSideEffectInstruction() { getOpcode() instanceof Opcode::IndirectReadSideEffect }
12371237

12381238
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1239+
1240+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12391241
}
12401242

12411243
/**
@@ -1245,6 +1247,8 @@ class BufferReadSideEffectInstruction extends SideEffectInstruction {
12451247
BufferReadSideEffectInstruction() { getOpcode() instanceof Opcode::BufferReadSideEffect }
12461248

12471249
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1250+
1251+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12481252
}
12491253

12501254
/**
@@ -1258,12 +1262,14 @@ class SizedBufferReadSideEffectInstruction extends SideEffectInstruction {
12581262
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
12591263

12601264
Instruction getSizeDef() { result = getAnOperand().(BufferSizeOperand).getDef() }
1265+
1266+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12611267
}
12621268

12631269
/**
12641270
* An instruction representing a side effect of a function call.
12651271
*/
1266-
class WriteSideEffectInstruction extends SideEffectInstruction {
1272+
class WriteSideEffectInstruction extends SideEffectInstruction, IndexedInstruction {
12671273
WriteSideEffectInstruction() { getOpcode() instanceof WriteSideEffectOpcode }
12681274

12691275
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/Instruction.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1236,6 +1236,8 @@ class IndirectReadSideEffectInstruction extends SideEffectInstruction {
12361236
IndirectReadSideEffectInstruction() { getOpcode() instanceof Opcode::IndirectReadSideEffect }
12371237

12381238
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1239+
1240+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12391241
}
12401242

12411243
/**
@@ -1245,6 +1247,8 @@ class BufferReadSideEffectInstruction extends SideEffectInstruction {
12451247
BufferReadSideEffectInstruction() { getOpcode() instanceof Opcode::BufferReadSideEffect }
12461248

12471249
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1250+
1251+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12481252
}
12491253

12501254
/**
@@ -1258,12 +1262,14 @@ class SizedBufferReadSideEffectInstruction extends SideEffectInstruction {
12581262
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
12591263

12601264
Instruction getSizeDef() { result = getAnOperand().(BufferSizeOperand).getDef() }
1265+
1266+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12611267
}
12621268

12631269
/**
12641270
* An instruction representing a side effect of a function call.
12651271
*/
1266-
class WriteSideEffectInstruction extends SideEffectInstruction {
1272+
class WriteSideEffectInstruction extends SideEffectInstruction, IndexedInstruction {
12671273
WriteSideEffectInstruction() { getOpcode() instanceof WriteSideEffectOpcode }
12681274

12691275
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }

csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/Instruction.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1236,6 +1236,8 @@ class IndirectReadSideEffectInstruction extends SideEffectInstruction {
12361236
IndirectReadSideEffectInstruction() { getOpcode() instanceof Opcode::IndirectReadSideEffect }
12371237

12381238
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1239+
1240+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12391241
}
12401242

12411243
/**
@@ -1245,6 +1247,8 @@ class BufferReadSideEffectInstruction extends SideEffectInstruction {
12451247
BufferReadSideEffectInstruction() { getOpcode() instanceof Opcode::BufferReadSideEffect }
12461248

12471249
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
1250+
1251+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12481252
}
12491253

12501254
/**
@@ -1258,12 +1262,14 @@ class SizedBufferReadSideEffectInstruction extends SideEffectInstruction {
12581262
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }
12591263

12601264
Instruction getSizeDef() { result = getAnOperand().(BufferSizeOperand).getDef() }
1265+
1266+
Instruction getSideEffect() { result = getAnOperand().(SideEffectOperand).getDef() }
12611267
}
12621268

12631269
/**
12641270
* An instruction representing a side effect of a function call.
12651271
*/
1266-
class WriteSideEffectInstruction extends SideEffectInstruction {
1272+
class WriteSideEffectInstruction extends SideEffectInstruction, IndexedInstruction {
12671273
WriteSideEffectInstruction() { getOpcode() instanceof WriteSideEffectOpcode }
12681274

12691275
Instruction getArgumentDef() { result = getAnOperand().(AddressOperand).getDef() }

0 commit comments

Comments
 (0)