github
diff --git a/‎cpp/ql/src/semmle/code/cpp/exprs/Lambda.qll‎
Lines changed: 8 additions & 0 deletions b/‎cpp/ql/src/semmle/code/cpp/exprs/Lambda.qll‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/ir/implementation/TempVariableTag.qll‎
Lines changed: 1 addition & 1 deletion b/‎cpp/ql/src/semmle/code/cpp/ir/implementation/TempVariableTag.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll‎
Lines changed: 1 addition & 0 deletions b/‎cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll‎
Lines changed: 3 additions & 0 deletions b/‎cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll‎
Lines changed: 119 additions & 0 deletions b/‎cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll‎
Lines changed: 119 additions & 0 deletions
@@ -57,6 +57,14 @@ class LambdaExpression extends Expr, @lambdaexpr {
   Operator getLambdaFunction() {
     result = getType().(Closure).getLambdaFunction()
   }
+
+  /**
+   * Gets the initializer that initializes the captured variables in the closure, if any.
+   * A lambda that does not capture any variables will not have an initializer.
+   */
+  Expr getInitializer() {
+    result = getChild(0)
+  }
 }
 
 /**
 
@@ -3,6 +3,6 @@ private import semmle.code.cpp.ir.internal.TempVariableTag
 
 class TempVariableTag extends TTempVariableTag {
   string toString() {
-    result = "Tag"
+    result = getTempVariableTagId(this)
   }
 }
@@ -99,6 +99,7 @@ class InstructionTag extends TInstructionTag {
 string getInstructionTagId(TInstructionTag tag) {
   tag = OnlyInstructionTag() and result = "Only" or  // Single instruction (not including implicit Load)
   tag = InitializerVariableAddressTag() and result = "InitVarAddr" or
+  tag = InitializerLoadStringTag() and result = "InitLoadStr" or
   tag = InitializerStoreTag() and result = "InitStore" or
   tag = InitializerUninitializedTag() and result = "InitUninit" or
   tag = ZeroPadStringConstantTag() and result = "ZeroPadConst" or
 
@@ -268,6 +268,9 @@ newtype TTranslatedElement =
       ) or
       exists(ThrowExpr throw |
         throw.getExpr().getFullyConverted() = expr
+      ) or
+      exists(LambdaExpression lambda |
+        lambda.getInitializer().getFullyConverted() = expr
       )
     )
   } or
 
@@ -2608,3 +2608,122 @@ class TranslatedConditionDeclExpr extends TranslatedNonConstantExpr {
     result = getTranslatedExpr(expr.getVariableAccess().getFullyConverted())
   }
 }
+
+/**
+ * The IR translation of a lambda expression. This initializes a temporary variable whose type is that of the lambda,
+ * using the initializer list that represents the captures of the lambda.
+ */
+class TranslatedLambdaExpr extends TranslatedNonConstantExpr, InitializationContext {
+  override LambdaExpression expr;
+
+  override final Instruction getFirstInstruction() {
+    result = getInstruction(InitializerVariableAddressTag())
+  }
+
+  override final TranslatedElement getChild(int id) {
+    id = 0 and result = getInitialization()
+  }
+
+  override Instruction getResult() {
+    result = getInstruction(LoadTag())
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    (
+      tag = InitializerVariableAddressTag() and
+      kind instanceof GotoEdge and
+      result = getInstruction(InitializerStoreTag())
+    ) or
+    (
+      tag = InitializerStoreTag() and
+      kind instanceof GotoEdge and
+      (
+        result = getInitialization().getFirstInstruction() or
+        not hasInitializer() and result = getInstruction(LoadTag())
+      )
+    ) or
+    (
+      tag = LoadTag() and
+      kind instanceof GotoEdge and
+      result = getParent().getChildSuccessor(this)
+    )
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    child = getInitialization() and
+    result = getInstruction(LoadTag())
+  }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, Type resultType,
+      boolean isGLValue) {
+    (
+      tag = InitializerVariableAddressTag() and
+      opcode instanceof Opcode::VariableAddress and
+      resultType = getResultType() and
+      isGLValue = true
+    ) or
+    (
+      tag = InitializerStoreTag() and
+      opcode instanceof Opcode::Uninitialized and
+      resultType = getResultType() and
+      isGLValue = false
+    ) or
+    (
+      tag = LoadTag() and
+      opcode instanceof Opcode::Load and
+      resultType = getResultType() and
+      isGLValue = false
+    )
+  }
+
+  override Instruction getInstructionOperand(InstructionTag tag,
+      OperandTag operandTag) {
+    (
+      tag = InitializerStoreTag() and
+      operandTag instanceof AddressOperandTag and
+      result = getInstruction(InitializerVariableAddressTag())
+    ) or
+    (
+      tag = LoadTag() and
+      (
+        (
+          operandTag instanceof AddressOperandTag and
+          result = getInstruction(InitializerVariableAddressTag())
+        ) or
+        (
+          operandTag instanceof LoadOperandTag and
+          result = getEnclosingFunction().getUnmodeledDefinitionInstruction()
+        )
+      )
+    )
+  }
+
+  override IRVariable getInstructionVariable(InstructionTag tag) {
+    (
+      tag = InitializerVariableAddressTag() or
+      tag = InitializerStoreTag()
+    ) and
+    result = getTempVariable(LambdaTempVar())
+  }
+
+  override predicate hasTempVariable(TempVariableTag tag, Type type) {
+    tag = LambdaTempVar() and
+    type = getResultType()
+  }
+
+  override final Instruction getTargetAddress() {
+    result = getInstruction(InitializerVariableAddressTag())
+  }
+
+  override final Type getTargetType() {
+    result = getResultType()
+  }
+
+  private predicate hasInitializer() {
+    exists(getInitialization())
+  }
+
+  private TranslatedInitialization getInitialization() {
+    result = getTranslatedInitialization(expr.getChild(0).getFullyConverted())
+  }
+}
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,14 @@ class LambdaExpression extends Expr, @lambdaexpr {`
`57`	`57`	`Operator getLambdaFunction() {`
`58`	`58`	`result = getType().(Closure).getLambdaFunction()`
`59`	`59`	`}`
	`60`	`+`
	`61`	`+ /**`
	`62`	`+ * Gets the initializer that initializes the captured variables in the closure, if any.`
	`63`	`+ * A lambda that does not capture any variables will not have an initializer.`
	`64`	`+ */`
	`65`	`+ Expr getInitializer() {`
	`66`	`+ result = getChild(0)`
	`67`	`+ }`
`60`	`68`	`}`
`61`	`69`
`62`	`70`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,6 @@ private import semmle.code.cpp.ir.internal.TempVariableTag`
`3`	`3`
`4`	`4`	`class TempVariableTag extends TTempVariableTag {`
`5`	`5`	`string toString() {`
`6`		`- result = "Tag"`
	`6`	`+ result = getTempVariableTagId(this)`
`7`	`7`	`}`
`8`	`8`	`}`
Original file line number	Diff line number	Diff line change
`@@ -268,6 +268,9 @@ newtype TTranslatedElement =`
`268`	`268`	`) or`
`269`	`269`	`exists(ThrowExpr throw \|`
`270`	`270`	`throw.getExpr().getFullyConverted() = expr`
	`271`	`+ ) or`
	`272`	`+ exists(LambdaExpression lambda \|`
	`273`	`+ lambda.getInitializer().getFullyConverted() = expr`
`271`	`274`	`)`
`272`	`275`	`)`
`273`	`276`	`} or`