Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7a6ec83

Browse files
jbjjbj
committed
C++: No CopyValue for immediately discarded exprs
Expressions like the `e` in `e;` or `e, e2`, whose result is immediately discarded, should not get a synthetic `CopyValue`. This removes a lot of redundancy from the IR. To prevent these expressions from being confused with the expressions from which they get their result, the predicate `getInstructionConvertedResultExpression` now suppresses results for expressions that don't produce their own result. This should fix the mapping between expressions and IR data-flow nodes.
1 parent cbbe9b4 commit 7a6ec83

9 files changed

Lines changed: 1092 additions & 1301 deletions

File tree

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,20 +49,23 @@ private module Cached {
4949
Expr getInstructionConvertedResultExpression(Instruction instruction) {
5050
exists(TranslatedExpr translatedExpr |
5151
translatedExpr = getTranslatedExpr(result) and
52-
instruction = translatedExpr.getResult()
52+
instruction = translatedExpr.getResult() and
53+
// Only associate `instruction` with this expression if the translated
54+
// expression actually produced the instruction; not if it merely
55+
// forwarded the result of another translated expression.
56+
instruction = translatedExpr.getInstruction(_)
5357
)
5458
}
5559

5660
cached
5761
Expr getInstructionUnconvertedResultExpression(Instruction instruction) {
58-
exists(Expr converted, TranslatedExpr translatedExpr |
62+
exists(Expr converted |
5963
result = converted.(Conversion).getExpr+()
6064
or
6165
result = converted
6266
|
6367
not result instanceof Conversion and
64-
translatedExpr = getTranslatedExpr(converted) and
65-
instruction = translatedExpr.getResult()
68+
converted = getInstructionConvertedResultExpression(instruction)
6669
)
6770
}
6871

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

Lines changed: 39 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -2547,27 +2547,45 @@ class TranslatedErrorExpr extends TranslatedSingleInstructionExpr {
25472547
// This should ideally be a dispatch predicate on TranslatedNonConstantExpr,
25482548
// but it doesn't look monotonic to QL.
25492549
predicate exprNeedsCopyIfNotLoaded(Expr expr) {
2550-
expr instanceof AssignExpr
2551-
or
2552-
expr instanceof AssignOperation and
2553-
not expr.isPRValueCategory() // is C++
2554-
or
2555-
expr instanceof PrefixCrementOperation and
2556-
not expr.isPRValueCategory() // is C++
2557-
or
2558-
expr instanceof PointerDereferenceExpr
2559-
or
2560-
expr instanceof AddressOfExpr
2561-
or
2562-
expr instanceof BuiltInOperationBuiltInAddressOf
2563-
or
2564-
// No case for ParenthesisExpr to avoid getting too many instructions
2565-
expr instanceof ReferenceDereferenceExpr
2566-
or
2567-
expr instanceof ReferenceToExpr
2550+
(
2551+
expr instanceof AssignExpr
2552+
or
2553+
expr instanceof AssignOperation and
2554+
not expr.isPRValueCategory() // is C++
2555+
or
2556+
expr instanceof PrefixCrementOperation and
2557+
not expr.isPRValueCategory() // is C++
2558+
or
2559+
expr instanceof PointerDereferenceExpr
2560+
or
2561+
expr instanceof AddressOfExpr
2562+
or
2563+
expr instanceof BuiltInOperationBuiltInAddressOf
2564+
or
2565+
// No case for ParenthesisExpr to avoid getting too many instructions
2566+
expr instanceof ReferenceDereferenceExpr
2567+
or
2568+
expr instanceof ReferenceToExpr
2569+
or
2570+
expr instanceof CommaExpr
2571+
or
2572+
expr instanceof ConditionDeclExpr
2573+
// TODO: simplify TranslatedStmtExpr too
2574+
) and
2575+
not exprImmediatelyDiscarded(expr)
2576+
}
2577+
2578+
/**
2579+
* Holds if `expr` is immediately discarded. Such expressions do not need a
2580+
* `CopyValue` because it's unlikely that anyone is interested in their value.
2581+
*/
2582+
private predicate exprImmediatelyDiscarded(Expr expr) {
2583+
exists(ExprStmt s |
2584+
s = expr.getParent() and
2585+
not exists(StmtExpr se | s = se.getStmt().(Block).getLastStmt())
2586+
)
25682587
or
2569-
expr instanceof CommaExpr
2588+
exists(CommaExpr c | c.getLeftOperand() = expr)
25702589
or
2571-
expr instanceof ConditionDeclExpr
2572-
// TODO: simplify TranslatedStmtExpr too
2590+
exists(ForStmt for | for.getUpdate() = expr)
25732591
}

cpp/ql/test/library-tests/ir/escape/points_to.expected

Lines changed: 0 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,14 @@
1-
| escape.cpp:108:5:108:11 | CopyValue | no_+0:0 | no_+0:0 |
2-
| escape.cpp:109:5:109:13 | CopyValue | no_+0:0 | no_+0:0 |
3-
| escape.cpp:110:5:110:19 | CopyValue | no_result+0:0 | no_result+0:0 |
4-
| escape.cpp:111:5:111:21 | CopyValue | no_result+0:0 | no_result+0:0 |
51
| escape.cpp:111:18:111:21 | CopyValue | no_+0:0 | no_+0:0 |
6-
| escape.cpp:114:5:114:8 | CopyValue | no_+0:0 | no_+0:0 |
7-
| escape.cpp:115:5:115:29 | CopyValue | no_result+0:0 | no_result+0:0 |
82
| escape.cpp:115:19:115:28 | PointerAdd[4] | no_+0:0 | no_+0:0 |
93
| escape.cpp:115:20:115:23 | CopyValue | no_+0:0 | no_+0:0 |
10-
| escape.cpp:116:5:116:29 | CopyValue | no_result+0:0 | no_result+0:0 |
114
| escape.cpp:116:19:116:28 | PointerSub[4] | no_+0:0 | no_+0:0 |
125
| escape.cpp:116:20:116:23 | CopyValue | no_+0:0 | no_+0:0 |
13-
| escape.cpp:117:5:117:27 | CopyValue | no_result+0:0 | no_result+0:0 |
146
| escape.cpp:117:19:117:26 | PointerAdd[4] | no_+0:0 | no_+0:0 |
157
| escape.cpp:117:23:117:26 | CopyValue | no_+0:0 | no_+0:0 |
168
| escape.cpp:118:9:118:12 | CopyValue | no_+0:0 | no_+0:0 |
179
| escape.cpp:120:12:120:15 | CopyValue | no_+0:0 | no_+0:0 |
1810
| escape.cpp:123:14:123:17 | CopyValue | no_+0:0 | no_+0:0 |
19-
| escape.cpp:124:9:124:12 | CopyValue | no_+0:0 | no_+0:0 |
2011
| escape.cpp:124:15:124:18 | CopyValue | no_+0:0 | no_+0:0 |
21-
| escape.cpp:124:21:124:24 | CopyValue | no_+0:0 | no_+0:0 |
2212
| escape.cpp:127:9:127:12 | CopyValue | no_+0:0 | no_+0:0 |
2313
| escape.cpp:129:12:129:15 | CopyValue | no_+0:0 | no_+0:0 |
2414
| escape.cpp:134:5:134:18 | Convert | no_Array+0:0 | no_Array+0:0 |
@@ -27,38 +17,31 @@
2717
| escape.cpp:135:5:135:15 | PointerAdd[4] | no_Array+20:0 | no_Array+20:0 |
2818
| escape.cpp:136:5:136:15 | PointerAdd[4] | no_Array+20:0 | no_Array+20:0 |
2919
| escape.cpp:136:7:136:14 | Convert | no_Array+0:0 | no_Array+0:0 |
30-
| escape.cpp:137:5:137:27 | CopyValue | no_result+0:0 | no_result+0:0 |
3120
| escape.cpp:137:17:137:24 | Convert | no_Array+0:0 | no_Array+0:0 |
3221
| escape.cpp:137:17:137:27 | PointerAdd[4] | no_Array+20:0 | no_Array+20:0 |
33-
| escape.cpp:138:5:138:27 | CopyValue | no_result+0:0 | no_result+0:0 |
3422
| escape.cpp:138:17:138:27 | PointerAdd[4] | no_Array+20:0 | no_Array+20:0 |
3523
| escape.cpp:138:19:138:26 | Convert | no_Array+0:0 | no_Array+0:0 |
3624
| escape.cpp:140:21:140:32 | FieldAddress[x] | no_Point+0:0 | no_Point+0:0 |
3725
| escape.cpp:140:21:140:32 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
3826
| escape.cpp:140:21:140:32 | FieldAddress[z] | no_Point+8:0 | no_Point+8:0 |
3927
| escape.cpp:141:27:141:27 | FieldAddress[x] | no_Point+0:0 | no_Point+0:0 |
40-
| escape.cpp:142:5:142:21 | CopyValue | no_Point+4:0 | no_Point+4:0 |
4128
| escape.cpp:142:14:142:14 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
4229
| escape.cpp:143:19:143:27 | CopyValue | no_Point+0:0 | no_Point+0:0 |
4330
| escape.cpp:143:31:143:31 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
44-
| escape.cpp:144:5:144:25 | CopyValue | no_Point+4:0 | no_Point+4:0 |
4531
| escape.cpp:144:6:144:14 | CopyValue | no_Point+0:0 | no_Point+0:0 |
4632
| escape.cpp:144:18:144:18 | FieldAddress[y] | no_Point+4:0 | no_Point+4:0 |
4733
| escape.cpp:145:20:145:30 | CopyValue | no_Point+8:0 | no_Point+8:0 |
4834
| escape.cpp:145:30:145:30 | FieldAddress[z] | no_Point+8:0 | no_Point+8:0 |
4935
| escape.cpp:146:5:146:18 | CopyValue | no_Point+8:0 | no_Point+8:0 |
50-
| escape.cpp:146:5:146:25 | CopyValue | no_Point+8:0 | no_Point+8:0 |
5136
| escape.cpp:146:7:146:17 | CopyValue | no_Point+8:0 | no_Point+8:0 |
5237
| escape.cpp:146:17:146:17 | FieldAddress[z] | no_Point+8:0 | no_Point+8:0 |
5338
| escape.cpp:149:5:149:14 | ConvertToBase[Derived : Intermediate1] | no_Derived+0:0 | no_Derived+0:0 |
5439
| escape.cpp:149:5:149:14 | ConvertToBase[Intermediate1 : Base] | no_Derived+0:0 | no_Derived+0:0 |
55-
| escape.cpp:149:5:149:20 | CopyValue | no_Derived+0:0 | no_Derived+0:0 |
5640
| escape.cpp:149:16:149:16 | FieldAddress[b] | no_Derived+0:0 | no_Derived+0:0 |
5741
| escape.cpp:150:18:150:27 | ConvertToBase[Derived : Intermediate1] | no_Derived+0:0 | no_Derived+0:0 |
5842
| escape.cpp:150:18:150:27 | ConvertToBase[Intermediate1 : Base] | no_Derived+0:0 | no_Derived+0:0 |
5943
| escape.cpp:150:29:150:29 | FieldAddress[b] | no_Derived+0:0 | no_Derived+0:0 |
6044
| escape.cpp:151:5:151:14 | ConvertToBase[Derived : Intermediate2] | no_Derived+12:0 | no_Derived+12:0 |
61-
| escape.cpp:151:5:151:21 | CopyValue | no_Derived+16:0 | no_Derived+16:0 |
6245
| escape.cpp:151:16:151:17 | FieldAddress[i2] | no_Derived+16:0 | no_Derived+16:0 |
6346
| escape.cpp:152:19:152:28 | ConvertToBase[Derived : Intermediate2] | no_Derived+12:0 | no_Derived+12:0 |
6447
| escape.cpp:152:30:152:31 | FieldAddress[i2] | no_Derived+16:0 | no_Derived+16:0 |
@@ -97,9 +80,7 @@
9780
| escape.cpp:217:14:217:16 | CopyValue | c2+0:0 | c2+0:0 |
9881
| escape.cpp:221:8:221:19 | Call | none | c3+0:0 |
9982
| escape.cpp:225:17:225:28 | Call | none | c4+0:0 |
100-
| escape.cpp:247:2:247:27 | CopyValue | no_condTemp+0:0 | no_condTemp+0:0 |
10183
| escape.cpp:247:2:247:27 | Store | condEscape1+0:0 | condEscape1+0:0 |
10284
| escape.cpp:247:16:247:27 | CopyValue | condEscape1+0:0 | condEscape1+0:0 |
103-
| escape.cpp:249:9:249:34 | CopyValue | no_condTemp+0:0 | no_condTemp+0:0 |
10485
| escape.cpp:249:9:249:34 | Store | condEscape2+0:0 | condEscape2+0:0 |
10586
| escape.cpp:249:23:249:34 | CopyValue | condEscape2+0:0 | condEscape2+0:0 |

0 commit comments

Comments
 (0)