C++: A few more IR dataflow tweaks

dave-bartolomeo · dave-bartolomeo · commit 7eb47f3f826c · 2018-11-30T16:53:45.000-08:00
Made `Node::getType()`, `Node::asParameter()`, and `Node::asUninitialized()` operate directly on the IR. This actually fixed several diffs compared to the AST dataflow, because `getType()` wasn't holding for nodes that weren't `Exprs`.

Made `Uninitialized` a `VariableInstruction`. This makes it consistent with `InitializeParameter`.
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -21,23 +21,21 @@ class Node extends Instruction {
 
   /** Gets the type of this node. */
   Type getType() {
-    result = this.asExpr().getType()
-    or
-    result = this.getAST().(Variable).getType()
+    result = this.getResultType()
   }
 
   /** Gets the expression corresponding to this node, if any. */
   Expr asExpr() { result = this.getUnconvertedResultExpression() }
 
   /** Gets the parameter corresponding to this node, if any. */
-  Parameter asParameter() { result = this.(ParameterNode).getParameter() }
+  Parameter asParameter() { result = this.(InitializeParameterInstruction).getParameter() }
 
   /**
    * Gets the uninitialized local variable corresponding to this node, if
    * any.
    */
   LocalVariable asUninitialized() {
-    result = this.(UninitializedNode).getLocalVariable()
+    result = this.(UninitializedInstruction).getLocalVariable()
   }
 
   /**
@@ -73,8 +71,6 @@ class ParameterNode extends Node, InitializeParameterInstruction {
  * flow graph.
  */
 class UninitializedNode extends Node, UninitializedInstruction {
-  /** Gets the uninitialized local variable corresponding to this node. */
-  LocalVariable getLocalVariable() { result = this.getAST().(VariableDeclarationEntry).getDeclaration()}
 }
 
 /**
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
@@ -595,14 +595,21 @@ class FieldAddressInstruction extends FieldInstruction {
   }
 }
 
-class UninitializedInstruction extends Instruction {
+class UninitializedInstruction extends VariableInstruction {
   UninitializedInstruction() {
     opcode instanceof Opcode::Uninitialized
   }
 
   override final MemoryAccessKind getResultMemoryAccess() {
     result instanceof IndirectMemoryAccess
   }
+
+  /**
+   * Gets the `LocalVariable` that is uninitialized.
+   */
+  final LocalVariable getLocalVariable() {
+    result = var.(IRUserVariable).getVariable()
+  }
 }
 
 class NoOpInstruction extends Instruction {
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll
@@ -595,14 +595,21 @@ class FieldAddressInstruction extends FieldInstruction {
   }
 }
 
-class UninitializedInstruction extends Instruction {
+class UninitializedInstruction extends VariableInstruction {
   UninitializedInstruction() {
     opcode instanceof Opcode::Uninitialized
   }
 
   override final MemoryAccessKind getResultMemoryAccess() {
     result instanceof IndirectMemoryAccess
   }
+
+  /**
+   * Gets the `LocalVariable` that is uninitialized.
+   */
+  final LocalVariable getLocalVariable() {
+    result = var.(IRUserVariable).getVariable()
+  }
 }
 
 class NoOpInstruction extends Instruction {
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll
@@ -142,7 +142,10 @@ abstract class TranslatedVariableDeclaration extends TranslatedElement, Initiali
   }
 
   override IRVariable getInstructionVariable(InstructionTag tag) {
-    tag = InitializerVariableAddressTag() and
+    (
+      tag = InitializerVariableAddressTag() or
+      hasUninitializedInstruction() and tag = InitializerStoreTag()
+    ) and
     result = getIRUserVariable(getFunction(), getVariable())
   }
 
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
@@ -595,14 +595,21 @@ class FieldAddressInstruction extends FieldInstruction {
   }
 }
 
-class UninitializedInstruction extends Instruction {
+class UninitializedInstruction extends VariableInstruction {
   UninitializedInstruction() {
     opcode instanceof Opcode::Uninitialized
   }
 
   override final MemoryAccessKind getResultMemoryAccess() {
     result instanceof IndirectMemoryAccess
   }
+
+  /**
+   * Gets the `LocalVariable` that is uninitialized.
+   */
+  final LocalVariable getLocalVariable() {
+    result = var.(IRUserVariable).getVariable()
+  }
 }
 
 class NoOpInstruction extends Instruction {
diff --git a/cpp/ql/test/library-tests/ir/ir/aliased_ssa_ir.expected b/cpp/ql/test/library-tests/ir/ir/aliased_ssa_ir.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_ir.expected b/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_ir.expected
diff --git a/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected b/cpp/ql/test/library-tests/valuenumbering/GlobalValueNumbering/ir_gvn.expected
@@ -16,15 +16,15 @@ test.cpp:
 #    1|         valnum = m0_6
 #    2|     r0_7(glval<int>)            = VariableAddress[x]       : 
 #    2|         valnum = r0_7
-#    2|     m0_8(int)                   = Uninitialized            : r0_7
+#    2|     m0_8(int)                   = Uninitialized[x]         : r0_7
 #    2|         valnum = unique
 #    2|     r0_9(glval<int>)            = VariableAddress[y]       : 
 #    2|         valnum = r0_9
-#    2|     m0_10(int)                  = Uninitialized            : r0_9
+#    2|     m0_10(int)                  = Uninitialized[y]         : r0_9
 #    2|         valnum = unique
 #    3|     r0_11(glval<unsigned char>) = VariableAddress[b]       : 
 #    3|         valnum = unique
-#    3|     m0_12(unsigned char)        = Uninitialized            : r0_11
+#    3|     m0_12(unsigned char)        = Uninitialized[b]         : r0_11
 #    3|         valnum = unique
 #    5|     r0_13(glval<int>)           = VariableAddress[p0]      : 
 #    5|         valnum = r0_3
@@ -86,15 +86,15 @@ test.cpp:
 #   12|         valnum = m0_6
 #   13|     r0_7(glval<int>)            = VariableAddress[x]        : 
 #   13|         valnum = r0_7
-#   13|     m0_8(int)                   = Uninitialized             : r0_7
+#   13|     m0_8(int)                   = Uninitialized[x]          : r0_7
 #   13|         valnum = unique
 #   13|     r0_9(glval<int>)            = VariableAddress[y]        : 
 #   13|         valnum = r0_9
-#   13|     m0_10(int)                  = Uninitialized             : r0_9
+#   13|     m0_10(int)                  = Uninitialized[y]          : r0_9
 #   13|         valnum = unique
 #   14|     r0_11(glval<unsigned char>) = VariableAddress[b]        : 
 #   14|         valnum = unique
-#   14|     m0_12(unsigned char)        = Uninitialized             : r0_11
+#   14|     m0_12(unsigned char)        = Uninitialized[b]          : r0_11
 #   14|         valnum = unique
 #   16|     r0_13(glval<int>)           = VariableAddress[p0]       : 
 #   16|         valnum = r0_3
@@ -168,15 +168,15 @@ test.cpp:
 #   25|         valnum = m0_6
 #   26|     r0_7(glval<int>)            = VariableAddress[x]               : 
 #   26|         valnum = r0_7
-#   26|     m0_8(int)                   = Uninitialized                    : r0_7
+#   26|     m0_8(int)                   = Uninitialized[x]                 : r0_7
 #   26|         valnum = unique
 #   26|     r0_9(glval<int>)            = VariableAddress[y]               : 
 #   26|         valnum = r0_9
-#   26|     m0_10(int)                  = Uninitialized                    : r0_9
+#   26|     m0_10(int)                  = Uninitialized[y]                 : r0_9
 #   26|         valnum = unique
 #   27|     r0_11(glval<unsigned char>) = VariableAddress[b]               : 
 #   27|         valnum = unique
-#   27|     m0_12(unsigned char)        = Uninitialized                    : r0_11
+#   27|     m0_12(unsigned char)        = Uninitialized[b]                 : r0_11
 #   27|         valnum = unique
 #   29|     r0_13(glval<int>)           = VariableAddress[p0]              : 
 #   29|         valnum = r0_3
@@ -261,15 +261,15 @@ test.cpp:
 #   39|         valnum = m0_8
 #   40|     r0_9(glval<int>)            = VariableAddress[x]        : 
 #   40|         valnum = r0_9
-#   40|     m0_10(int)                  = Uninitialized             : r0_9
+#   40|     m0_10(int)                  = Uninitialized[x]          : r0_9
 #   40|         valnum = unique
 #   40|     r0_11(glval<int>)           = VariableAddress[y]        : 
 #   40|         valnum = r0_11
-#   40|     m0_12(int)                  = Uninitialized             : r0_11
+#   40|     m0_12(int)                  = Uninitialized[y]          : r0_11
 #   40|         valnum = unique
 #   41|     r0_13(glval<unsigned char>) = VariableAddress[b]        : 
 #   41|         valnum = unique
-#   41|     m0_14(unsigned char)        = Uninitialized             : r0_13
+#   41|     m0_14(unsigned char)        = Uninitialized[b]          : r0_13
 #   41|         valnum = unique
 #   43|     r0_15(glval<int>)           = VariableAddress[p0]       : 
 #   43|         valnum = r0_3
@@ -353,7 +353,7 @@ test.cpp:
 #   49|         valnum = m0_6
 #   50|     r0_7(glval<char *>)       = VariableAddress[ptr]       : 
 #   50|         valnum = r0_7
-#   50|     m0_8(char *)              = Uninitialized              : r0_7
+#   50|     m0_8(char *)              = Uninitialized[ptr]         : r0_7
 #   50|         valnum = unique
 #   51|     r0_9(glval<unsigned int>) = VariableAddress[result]    : 
 #   51|         valnum = r0_9
@@ -601,7 +601,7 @@ test.cpp:
 #   84|         valnum = m0_8
 #   86|     r0_9(glval<int>)     = VariableAddress[v]     : 
 #   86|         valnum = r0_9
-#   86|     m0_10(int)           = Uninitialized          : r0_9
+#   86|     m0_10(int)           = Uninitialized[v]       : r0_9
 #   86|         valnum = unique
 #   88|     r0_11(glval<void *>) = VariableAddress[p]     : 
 #   88|         valnum = r0_7

Original file line number	Diff line number	Diff line change
`@@ -595,14 +595,21 @@ class FieldAddressInstruction extends FieldInstruction {`
`595`	`595`	`}`
`596`	`596`	`}`
`597`	`597`
`598`		`-class UninitializedInstruction extends Instruction {`
	`598`	`+class UninitializedInstruction extends VariableInstruction {`
`599`	`599`	`UninitializedInstruction() {`
`600`	`600`	`opcode instanceof Opcode::Uninitialized`
`601`	`601`	`}`
`602`	`602`
`603`	`603`	`override final MemoryAccessKind getResultMemoryAccess() {`
`604`	`604`	`result instanceof IndirectMemoryAccess`
`605`	`605`	`}`
	`606`	`+`
	`607`	`+ /**`
	`608`	+ * Gets the `LocalVariable` that is uninitialized.
	`609`	`+ */`
	`610`	`+ final LocalVariable getLocalVariable() {`
	`611`	`+ result = var.(IRUserVariable).getVariable()`
	`612`	`+ }`
`606`	`613`	`}`
`607`	`614`
`608`	`615`	`class NoOpInstruction extends Instruction {`
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,10 @@ abstract class TranslatedVariableDeclaration extends TranslatedElement, Initiali`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`override IRVariable getInstructionVariable(InstructionTag tag) {`
`145`		`- tag = InitializerVariableAddressTag() and`
	`145`	`+ (`
	`146`	`+ tag = InitializerVariableAddressTag() or`
	`147`	`+ hasUninitializedInstruction() and tag = InitializerStoreTag()`
	`148`	`+ ) and`
`146`	`149`	`result = getIRUserVariable(getFunction(), getVariable())`
`147`	`150`	`}`
`148`	`151`