Merge pull request #1380 from dave-bartolomeo/dave/RangeFor

Robert Marsh · web-flow · commit 6167a556fd17 · 2019-05-30T17:21:42.000-07:00
C++: IR support for range-based `for` loops
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll
@@ -3,6 +3,7 @@ import semmle.code.cpp.ir.implementation.raw.IR
 private import semmle.code.cpp.ir.internal.OperandTag
 private import semmle.code.cpp.ir.internal.TempVariableTag
 private import InstructionTag
+private import TranslatedCondition
 private import TranslatedElement
 private import TranslatedExpr
 private import TranslatedStmt
@@ -159,6 +160,23 @@ cached private module Cached {
       )
     )
     or
+    // Range-based for loop:
+    // Any edge from within the update of the loop to the condition of
+    // the loop is a back edge.
+    exists(TranslatedRangeBasedForStmt s, TranslatedCondition condition |
+      s instanceof TranslatedRangeBasedForStmt and
+      condition = s.getCondition() and
+      result = condition.getFirstInstruction() and
+      exists(TranslatedElement inUpdate, InstructionTag tag |
+        result = inUpdate.getInstructionSuccessor(tag, kind) and
+        exists(TranslatedElement update |
+          update = s.getUpdate() |
+          inUpdate = update.getAChild*()
+        ) and
+        instruction = inUpdate.getInstruction(tag)
+      )
+    )
+    or
     // Goto statement:
     // As a conservative approximation, any edge out of `goto` is a back edge
     // unless it goes strictly forward in the program text. A `goto` whose
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll
@@ -191,6 +191,44 @@ class TranslatedVariableDeclarationEntry extends TranslatedVariableDeclaration,
   }
 }
 
+/**
+ * Gets the `TranslatedRangeBasedForVariableDeclaration` that represents the declaration of
+ * `var`.
+ */
+TranslatedRangeBasedForVariableDeclaration getTranslatedRangeBasedForVariableDeclaration(
+    LocalVariable var) {
+  result.getVariable() = var
+}
+
+/**
+ * Represents the IR translation of a compiler-generated variable in a range-based `for` loop.
+ */
+class TranslatedRangeBasedForVariableDeclaration extends TranslatedVariableDeclaration,
+    TTranslatedRangeBasedForVariableDeclaration {
+  RangeBasedForStmt forStmt;
+  LocalVariable var;
+
+  TranslatedRangeBasedForVariableDeclaration() {
+    this = TTranslatedRangeBasedForVariableDeclaration(forStmt, var)
+  }
+
+  override string toString() {
+    result = var.toString()
+  }
+
+  override Locatable getAST() {
+    result = var
+  }
+
+  override Function getFunction() {
+    result = forStmt.getEnclosingFunction()
+  }
+
+  override LocalVariable getVariable() {
+    result = var
+  }
+}
+
 TranslatedConditionDecl getTranslatedConditionDecl(ConditionDeclExpr expr) {
   result.getAST() = expr
 }
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
@@ -359,6 +359,16 @@ newtype TTranslatedElement =
       declStmt.getADeclarationEntry() = entry
     )
   } or
+  // A compiler-generated variable to implement a range-based for loop. These don't have a
+  // `DeclarationEntry` in the database, so we have to go by the `Variable` itself.
+  TTranslatedRangeBasedForVariableDeclaration(RangeBasedForStmt forStmt, LocalVariable var) {
+    translateStmt(forStmt) and
+    (
+      var = forStmt.getRangeVariable()  or
+      var = forStmt.getBeginEndDeclaration().getADeclaration() or
+      var = forStmt.getVariable()
+    )
+  } or
   // An allocator call in a `new` or `new[]` expression
   TTranslatedAllocatorCall(NewOrNewArrayExpr newExpr) {
     not ignoreExpr(newExpr)
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
@@ -630,6 +630,105 @@ class TranslatedForStmt extends TranslatedLoop {
   }
 }
 
+/**
+ * The IR translation of a range-based `for` loop.
+ * Note that this class does not extend `TranslatedLoop`. This is because the "body" of the
+ * range-based `for` loop consists of the per-iteration variable declaration followed by the
+ * user-written body statement. It is easier to handle the control flow of the loop separately,
+ * rather than synthesizing a single body or complicating the interface of `TranslatedLoop`.
+ */
+class TranslatedRangeBasedForStmt extends TranslatedStmt, ConditionContext {
+  override RangeBasedForStmt stmt;
+
+  override TranslatedElement getChild(int id) {
+    id = 0 and result = getRangeVariableDeclaration() or
+    id = 1 and result = getBeginVariableDeclaration() or
+    id = 2 and result = getEndVariableDeclaration() or
+    id = 3 and result = getCondition() or
+    id = 4 and result = getUpdate() or
+    id = 5 and result = getVariableDeclaration() or
+    id = 6 and result = getBody()
+  }
+
+  override Instruction getFirstInstruction() {
+    result = getRangeVariableDeclaration().getFirstInstruction()
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    (
+      child = getRangeVariableDeclaration() and
+      result = getBeginVariableDeclaration().getFirstInstruction()
+    ) or
+    (
+      child = getBeginVariableDeclaration() and
+      result = getEndVariableDeclaration().getFirstInstruction()
+    ) or
+    (
+      child = getEndVariableDeclaration() and
+      result = getCondition().getFirstInstruction()
+    ) or
+    (
+      child = getVariableDeclaration() and
+      result = getBody().getFirstInstruction()
+    ) or
+    (
+      child = getBody() and
+      result = getUpdate().getFirstInstruction()
+    ) or
+    (
+      child = getUpdate() and
+      result = getCondition().getFirstInstruction()
+    )
+  }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, Type resultType,
+      boolean isGLValue) {
+    none()
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    none()
+  }
+
+  override Instruction getChildTrueSuccessor(TranslatedCondition child) {
+    child = getCondition() and result = getVariableDeclaration().getFirstInstruction()
+  }
+
+  override Instruction getChildFalseSuccessor(TranslatedCondition child) {
+    child = getCondition() and result = getParent().getChildSuccessor(this)
+  }
+
+  private TranslatedRangeBasedForVariableDeclaration getRangeVariableDeclaration() {
+    result = getTranslatedRangeBasedForVariableDeclaration(stmt.getRangeVariable())
+  }
+
+  private TranslatedRangeBasedForVariableDeclaration getBeginVariableDeclaration() {
+    result = getTranslatedRangeBasedForVariableDeclaration(stmt.getBeginVariable())
+  }
+
+  private TranslatedRangeBasedForVariableDeclaration getEndVariableDeclaration() {
+    result = getTranslatedRangeBasedForVariableDeclaration(stmt.getEndVariable())
+  }
+
+  // Public for getInstructionBackEdgeSuccessor
+  final TranslatedCondition getCondition() {
+    result = getTranslatedCondition(stmt.getCondition().getFullyConverted())
+  }
+
+  // Public for getInstructionBackEdgeSuccessor
+  final TranslatedExpr getUpdate() {
+    result = getTranslatedExpr(stmt.getUpdate().getFullyConverted())
+  }
+
+  private TranslatedRangeBasedForVariableDeclaration getVariableDeclaration() {
+    result = getTranslatedRangeBasedForVariableDeclaration(stmt.getVariable())
+  }
+
+  private TranslatedStmt getBody() {
+    result = getTranslatedStmt(stmt.getStmt())
+  }
+}
+
 class TranslatedJumpStmt extends TranslatedStmt {
   override JumpStmt stmt;
 
diff --git a/cpp/ql/src/semmle/code/cpp/stmts/Stmt.qll b/cpp/ql/src/semmle/code/cpp/stmts/Stmt.qll
@@ -675,7 +675,7 @@ class RangeBasedForStmt extends Loop, @stmt_range_based_for {
    * ```
    * the result is `int x`.
    */
-  Variable getVariable() { result = getChild(4).(DeclStmt).getADeclaration() }
+  LocalVariable getVariable() { result = getChild(4).(DeclStmt).getADeclaration() }
 
   /**
    * Gets the expression giving the range to iterate over.
@@ -689,7 +689,7 @@ class RangeBasedForStmt extends Loop, @stmt_range_based_for {
   Expr getRange() { result = getRangeVariable().getInitializer().getExpr() }
 
   /** Gets the compiler-generated `__range` variable after desugaring. */
-  Variable getRangeVariable() {
+  LocalVariable getRangeVariable() {
     result = getChild(0).(DeclStmt).getADeclaration()
   }
 
@@ -709,6 +709,16 @@ class RangeBasedForStmt extends Loop, @stmt_range_based_for {
    */
   DeclStmt getBeginEndDeclaration() { result = this.getChild(1) }
 
+  /** Gets the compiler-generated `__begin` variable after desugaring. */
+  LocalVariable getBeginVariable() {
+    result = getBeginEndDeclaration().getDeclaration(0)
+  }
+
+  /** Gets the compiler-generated `__end` variable after desugaring. */
+  LocalVariable getEndVariable() {
+    result = getBeginEndDeclaration().getDeclaration(1)
+  }
+
   /**
    * Gets the compiler-generated `++__begin` which is the update
    * expression of this for statement after desugaring. It will
@@ -718,8 +728,8 @@ class RangeBasedForStmt extends Loop, @stmt_range_based_for {
   Expr getUpdate() { result = this.getChild(3) }
 
   /** Gets the compiler-generated `__begin` variable after desugaring. */
-  Variable getAnIterationVariable() {
-    result = getUpdate().getAChild().(VariableAccess).getTarget()
+  LocalVariable getAnIterationVariable() {
+    result = getBeginVariable()
   }
 }
 
diff --git a/cpp/ql/test/library-tests/ir/ir/PrintAST.expected b/cpp/ql/test/library-tests/ir/ir/PrintAST.expected
@@ -7427,3 +7427,146 @@ ir.cpp:
 #-----|               -1: this
 #-----|                   Type = const lambda [] type at line 1045, col. 23 *
 #-----|                   ValueCategory = prvalue(load)
+# 1050| vector<int>& vector<int>::operator=(vector<int> const&)
+# 1050|   params: 
+#-----|     0: p#0
+#-----|         Type = const vector<int> &
+# 1050| vector<int>& vector<int>::operator=(vector<int>&&)
+# 1050|   params: 
+#-----|     0: p#0
+#-----|         Type = vector<int> &&
+# 1051| vector<int>::iterator& vector<int>::iterator::operator=(vector<int>::iterator const public&)
+# 1051|   params: 
+#-----|     0: p#0
+#-----|         Type = const iterator &
+# 1051| vector<int>::iterator& vector<int>::iterator::operator=(vector<int>::iterator&&)
+# 1051|   params: 
+#-----|     0: p#0
+#-----|         Type = iterator &&
+# 1053| vector<T>::iterator& vector<T>::iterator::operator++()
+# 1053|   params: 
+# 1053| vector<int>::iterator& vector<int>::iterator::operator++()
+# 1053|   params: 
+# 1054| T& vector<T>::iterator::operator*() const
+# 1054|   params: 
+# 1054| int& vector<int>::iterator::operator*() const
+# 1054|   params: 
+# 1056| bool vector<T>::iterator::operator!=(vector<T>::iterator) const
+# 1056|   params: 
+# 1056|     0: right
+# 1056|         Type = iterator
+# 1056| bool vector<int>::iterator::operator!=(vector<int>::iterator) const
+# 1056|   params: 
+# 1056|     0: right
+# 1056|         Type = iterator
+# 1059| vector<T>::iterator vector<T>::begin() const
+# 1059|   params: 
+# 1059| vector<int>::iterator vector<int>::begin() const
+# 1059|   params: 
+# 1060| vector<T>::iterator vector<T>::end() const
+# 1060|   params: 
+# 1060| vector<int>::iterator vector<int>::end() const
+# 1060|   params: 
+# 1064| bool operator==<T>(iterator, iterator)
+# 1064|   params: 
+# 1064|     0: left
+# 1064|         Type = iterator
+# 1064|     1: right
+# 1064|         Type = iterator
+# 1066| bool operator!=<T>(iterator, iterator)
+# 1066|   params: 
+# 1066|     0: left
+# 1066|         Type = iterator
+# 1066|     1: right
+# 1066|         Type = iterator
+# 1068| void RangeBasedFor(vector<int> const&)
+# 1068|   params: 
+# 1068|     0: v
+# 1068|         Type = const vector<int> &
+# 1068|   body: { ... }
+# 1069|     0: for(...:...) ...
+# 1069|       0: declaration
+# 1069|       1: declaration
+# 1069|       2: call to operator!=
+# 1069|           Type = bool
+# 1069|           ValueCategory = prvalue
+#-----|         -1: (const iterator)...
+#-----|             Conversion = glvalue conversion
+#-----|             Type = const iterator
+#-----|             ValueCategory = lvalue
+#-----|           expr: (__begin)
+#-----|               Type = iterator
+#-----|               ValueCategory = lvalue
+#-----|         0: (__end)
+#-----|             Type = iterator
+#-----|             ValueCategory = prvalue(load)
+# 1069|       3: (reference dereference)
+# 1069|           Type = iterator
+# 1069|           ValueCategory = lvalue
+# 1069|         expr: call to operator++
+# 1069|             Type = iterator &
+# 1069|             ValueCategory = prvalue
+#-----|           -1: (__begin)
+#-----|               Type = iterator
+#-----|               ValueCategory = lvalue
+# 1069|       4: declaration
+# 1069|       5: { ... }
+# 1070|         0: if (...) ... 
+# 1070|           0: ... > ...
+# 1070|               Type = bool
+# 1070|               ValueCategory = prvalue
+# 1070|             0: e
+# 1070|                 Type = int
+# 1070|                 ValueCategory = prvalue(load)
+# 1070|             1: 0
+# 1070|                 Type = int
+# 1070|                 Value = 0
+# 1070|                 ValueCategory = prvalue
+# 1070|           1: { ... }
+# 1071|             0: continue;
+# 1069|         1: label ...:
+# 1075|     1: for(...:...) ...
+# 1075|       0: declaration
+# 1075|       1: declaration
+# 1075|       2: call to operator!=
+# 1075|           Type = bool
+# 1075|           ValueCategory = prvalue
+#-----|         -1: (const iterator)...
+#-----|             Conversion = glvalue conversion
+#-----|             Type = const iterator
+#-----|             ValueCategory = lvalue
+#-----|           expr: (__begin)
+#-----|               Type = iterator
+#-----|               ValueCategory = lvalue
+#-----|         0: (__end)
+#-----|             Type = iterator
+#-----|             ValueCategory = prvalue(load)
+# 1075|       3: (reference dereference)
+# 1075|           Type = iterator
+# 1075|           ValueCategory = lvalue
+# 1075|         expr: call to operator++
+# 1075|             Type = iterator &
+# 1075|             ValueCategory = prvalue
+#-----|           -1: (__begin)
+#-----|               Type = iterator
+#-----|               ValueCategory = lvalue
+# 1075|       4: declaration
+# 1075|       5: { ... }
+# 1076|         0: if (...) ... 
+# 1076|           0: ... < ...
+# 1076|               Type = bool
+# 1076|               ValueCategory = prvalue
+# 1076|             0: (reference dereference)
+# 1076|                 Type = int
+# 1076|                 ValueCategory = prvalue(load)
+# 1076|               expr: e
+# 1076|                   Type = const int &
+# 1076|                   ValueCategory = prvalue(load)
+# 1076|             1: 5
+# 1076|                 Type = int
+# 1076|                 Value = 5
+# 1076|                 ValueCategory = prvalue
+# 1076|           1: { ... }
+# 1077|             0: break;
+# 1079|     2: label ...:
+# 1080|     3: return ...
diff --git a/cpp/ql/test/library-tests/ir/ir/ir.cpp b/cpp/ql/test/library-tests/ir/ir/ir.cpp
diff --git a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
