C++: IR translation for global variable inits

Robert Marsh · Robert Marsh · commit c27dfb5120d8 · 2022-03-21T13:17:05.000-04:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll
@@ -16,7 +16,7 @@ class IRConfiguration extends TIRConfiguration {
   /**
    * Holds if IR should be created for function `func`. By default, holds for all functions.
    */
-  predicate shouldCreateIRForFunction(Language::Function func) { any() }
+  predicate shouldCreateIRForFunction(Language::Declaration func) { any() }
 
   /**
    * Holds if the strings used as part of an IR dump should be generated for function `func`.
@@ -25,7 +25,7 @@ class IRConfiguration extends TIRConfiguration {
    * of debug strings for IR that will not be dumped. We still generate the actual IR for these
    * functions, however, to preserve the results of any interprocedural analysis.
    */
-  predicate shouldEvaluateDebugStringsForFunction(Language::Function func) { any() }
+  predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) { any() }
 }
 
 private newtype TIREscapeAnalysisConfiguration = MkIREscapeAnalysisConfiguration()
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
   /**
    * Gets the `Function` that contains this block.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = getFirstInstruction(this).getEnclosingFunction()
   }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
   /**
    * Gets the function that contains this instruction.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = this.getEnclosingIRFunction().getFunction()
   }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
    * Holds if the IR for `func` should be printed. By default, holds for all
    * functions.
    */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }
 
 /**
  * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
  */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
     shouldPrintFunction(func)
   }
 }
 
-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }
 
 private string getAdditionalInstructionProperty(Instruction instr, string key) {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll
@@ -13,22 +13,20 @@ private newtype TIRFunction =
  * phases of the IR. Each instantiation of `IRFunction` extends this class.
  */
 class IRFunctionBase extends TIRFunction {
-  //Language::Function func;
-  //  IRFunctionBase() { this = TFunctionIRFunction(func) }
-  /** Gets a textual representation of this element. */
-  final string toString() {
-    result = "IR: " + any(Language::Function func | this = TFunctionIRFunction(func)).toString()
+  Language::Declaration decl;
+
+  IRFunctionBase() {
+    this = TFunctionIRFunction(decl)
     or
-    result = "IR: " + any(Language::GlobalVariable var | this = TVarInitIRFunction(var)).toString()
+    this = TVarInitIRFunction(decl)
   }
 
+  /** Gets a textual representation of this element. */
+  final string toString() { result = "IR: " + decl.toString() }
+
   /** Gets the function whose IR is represented. */
-  final Language::Function getFunction() { this = TFunctionIRFunction(result) }
+  final Language::Declaration getFunction() { result = decl }
 
   /** Gets the location of the function. */
-  final Language::Location getLocation() {
-    result = any(Language::Function func | this = TFunctionIRFunction(func)).getLocation()
-    or
-    result = any(Language::GlobalVariable var | this = TVarInitIRFunction(var)).getLocation()
-  }
+  final Language::Location getLocation() { result = decl.getLocation() }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
   /**
    * Gets the `Function` that contains this block.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = getFirstInstruction(this).getEnclosingFunction()
   }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
   /**
    * Gets the function that contains this instruction.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = this.getEnclosingIRFunction().getFunction()
   }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
    * Holds if the IR for `func` should be printed. By default, holds for all
    * functions.
    */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }
 
 /**
  * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
  */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
     shouldPrintFunction(func)
   }
 }
 
-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }
 
 private string getAdditionalInstructionProperty(Instruction instr, string key) {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
@@ -802,7 +802,7 @@ abstract class TranslatedElement extends TTranslatedElement {
   /**
    * Gets the `Function` that contains this element.
    */
-  abstract Function getFunction();
+  abstract Declaration getFunction();
 
   /**
    * Gets the successor instruction of the instruction that was generated by
@@ -952,3 +952,11 @@ abstract class TranslatedElement extends TTranslatedElement {
    */
   final TranslatedElement getParent() { result.getAChild() = this }
 }
+
+abstract class TranslatedInstructionContainer extends TranslatedElement {
+  TranslatedInstructionContainer() {
+    this instanceof TTranslatedFunction
+    or
+    this instanceof TTranslatedGlobalOrNamespaceVarInit
+  }
+}
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -13,6 +13,7 @@ private import TranslatedFunction
 private import TranslatedInitialization
 private import TranslatedFunction
 private import TranslatedStmt
+private import TranslatedGlobalVar
 import TranslatedCall
 
 /**
@@ -79,7 +80,10 @@ abstract class TranslatedExpr extends TranslatedElement {
   /** DEPRECATED: Alias for getAst */
   deprecated override Locatable getAST() { result = this.getAst() }
 
-  final override Function getFunction() { result = expr.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = expr.getEnclosingFunction() or
+    result = expr.getEnclosingVariable().(GlobalOrNamespaceVariable)
+  }
 
   /**
    * Gets the expression from which this `TranslatedExpr` is generated.
@@ -89,8 +93,10 @@ abstract class TranslatedExpr extends TranslatedElement {
   /**
    * Gets the `TranslatedFunction` containing this expression.
    */
-  final TranslatedFunction getEnclosingFunction() {
+  final TranslatedInstructionContainer getEnclosingFunction() {
     result = getTranslatedFunction(expr.getEnclosingFunction())
+    or
+    result = getTranslatedVarInit(expr.getEnclosingVariable())
   }
 }
 
@@ -788,7 +794,7 @@ class TranslatedThisExpr extends TranslatedNonConstantExpr {
 
   override IRVariable getInstructionVariable(InstructionTag tag) {
     tag = ThisAddressTag() and
-    result = this.getEnclosingFunction().getThisVariable()
+    result = this.getEnclosingFunction().(TranslatedFunction).getThisVariable()
   }
 }
 
@@ -2523,7 +2529,7 @@ class TranslatedVarArgsStart extends TranslatedNonConstantExpr {
 
   final override IRVariable getInstructionVariable(InstructionTag tag) {
     tag = VarArgsStartEllipsisAddressTag() and
-    result = this.getEnclosingFunction().getEllipsisVariable()
+    result = this.getEnclosingFunction().(TranslatedFunction).getEllipsisVariable()
   }
 
   final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll
@@ -58,7 +58,7 @@ predicate hasReturnValue(Function func) { not func.getUnspecifiedType() instance
  * Represents the IR translation of a function. This is the root elements for
  * all other elements associated with this function.
  */
-class TranslatedFunction extends TranslatedElement, TTranslatedFunction {
+class TranslatedFunction extends TranslatedInstructionContainer, TTranslatedFunction {
   Function func;
 
   TranslatedFunction() { this = TTranslatedFunction(func) }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll
@@ -0,0 +1,81 @@
+import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
+private import cpp
+private import semmle.code.cpp.ir.implementation.IRType
+private import semmle.code.cpp.ir.implementation.Opcode
+private import semmle.code.cpp.ir.implementation.internal.OperandTag
+private import semmle.code.cpp.ir.internal.CppType
+private import TranslatedInitialization
+private import InstructionTag
+
+class TranslatedGlobalOrNamespaceVarInit extends TranslatedInstructionContainer,
+  TTranslatedGlobalOrNamespaceVarInit, InitializationContext {
+  GlobalOrNamespaceVariable var;
+
+  TranslatedGlobalOrNamespaceVarInit() { this = TTranslatedGlobalOrNamespaceVarInit(var) }
+
+  override string toString() { result = var.toString() }
+
+  final override GlobalOrNamespaceVariable getAst() { result = var }
+
+  final override Declaration getFunction() { result = var }
+
+  final Location getLocation() { result = var.getLocation() }
+
+  override Instruction getFirstInstruction() { result = this.getInstruction(EnterFunctionTag()) }
+
+  override TranslatedElement getChild(int n) {
+    n = 1 and result = getTranslatedInitialization(var.getInitializer().getExpr())
+  }
+
+  override predicate hasInstruction(Opcode op, InstructionTag tag, CppType type) {
+    op instanceof Opcode::EnterFunction and
+    tag = EnterFunctionTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::VariableAddress and
+    tag = InitializerVariableAddressTag() and
+    type = getTypeForGLValue(var.getType())
+    or
+    op instanceof Opcode::ReturnVoid and
+    tag = ReturnTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::ExitFunction and
+    tag = ExitFunctionTag() and
+    type = getVoidType()
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    tag = EnterFunctionTag() and
+    kind instanceof GotoEdge and
+    result = getInstruction(InitializerVariableAddressTag())
+    or
+    tag = InitializerVariableAddressTag() and
+    kind instanceof GotoEdge and
+    result = getChild(1).getFirstInstruction()
+    or
+    tag = ReturnTag() and
+    kind instanceof GotoEdge and
+    result = getInstruction(ExitFunctionTag())
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    child = getChild(1) and
+    result = getInstruction(ReturnTag())
+  }
+
+  override IRUserVariable getInstructionVariable(InstructionTag tag) {
+    tag = InitializerVariableAddressTag() and
+    result.getVariable() = var
+  }
+
+  override Instruction getTargetAddress() {
+    result = getInstruction(InitializerVariableAddressTag())
+  }
+
+  override Type getTargetType() { result = var.getType() }
+}
+
+TranslatedGlobalOrNamespaceVarInit getTranslatedVarInit(GlobalOrNamespaceVariable var) {
+  result.getAst() = var
+}
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll
@@ -137,7 +137,10 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
 
   final override string toString() { result = "init: " + expr.toString() }
 
-  final override Function getFunction() { result = expr.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = expr.getEnclosingFunction() or
+    result = expr.getEnclosingVariable().(GlobalOrNamespaceVariable)
+  }
 
   final override Locatable getAst() { result = expr }
 
@@ -486,7 +489,10 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
   /** DEPRECATED: Alias for getAst */
   deprecated override Locatable getAST() { result = getAst() }
 
-  final override Function getFunction() { result = ast.getEnclosingFunction() }
+  final override Declaration getFunction() {
+    result = ast.getEnclosingFunction() or
+    result = ast.getEnclosingVariable().(GlobalOrNamespaceVariable)
+  }
 
   final override Instruction getFirstInstruction() { result = getInstruction(getFieldAddressTag()) }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll
@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {
   /**
    * Gets the `Function` that contains this block.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = getFirstInstruction(this).getEnclosingFunction()
   }
 }
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {
   /**
    * Gets the function that contains this instruction.
    */
-  final Language::Function getEnclosingFunction() {
+  final Language::Declaration getEnclosingFunction() {
     result = this.getEnclosingIRFunction().getFunction()
   }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll
@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {
    * Holds if the IR for `func` should be printed. By default, holds for all
    * functions.
    */
-  predicate shouldPrintFunction(Language::Function func) { any() }
+  predicate shouldPrintFunction(Language::Declaration decl) { any() }
 }
 
 /**
  * Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
  */
 private class FilteredIRConfiguration extends IRConfiguration {
-  override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {
+  override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {
     shouldPrintFunction(func)
   }
 }
 
-private predicate shouldPrintFunction(Language::Function func) {
-  exists(PrintIRConfiguration config | config.shouldPrintFunction(func))
+private predicate shouldPrintFunction(Language::Declaration decl) {
+  exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
 }
 
 private string getAdditionalInstructionProperty(Instruction instr, string key) {
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
@@ -58,6 +58,8 @@ class Field = Cpp::Field;
 
 class BuiltInOperation = Cpp::BuiltInOperation;
 
+class Declaration = Cpp::Declaration;
+
 // TODO: Remove necessity for these.
 class Expr = Cpp::Expr;
 
diff --git a/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected b/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected b/cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/operand_locations.expected b/cpp/ql/test/library-tests/ir/ir/operand_locations.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/raw_consistency.expected b/cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/raw_ir.ql b/cpp/ql/test/library-tests/ir/ir/raw_ir.ql
diff --git a/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected b/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency.expected
diff --git a/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency_unsound.expected b/cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency_unsound.expected

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ class IRBlockBase extends TIRBlock {`
`97`	`97`	`/**`
`98`	`98`	* Gets the `Function` that contains this block.
`99`	`99`	`*/`
`100`		`- final Language::Function getEnclosingFunction() {`
	`100`	`+ final Language::Declaration getEnclosingFunction() {`
`101`	`101`	`result = getFirstInstruction(this).getEnclosingFunction()`
`102`	`102`	`}`
`103`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ class Instruction extends Construction::TStageInstruction {`
`194`	`194`	`/**`
`195`	`195`	`* Gets the function that contains this instruction.`
`196`	`196`	`*/`
`197`		`- final Language::Function getEnclosingFunction() {`
	`197`	`+ final Language::Declaration getEnclosingFunction() {`
`198`	`198`	`result = this.getEnclosingIRFunction().getFunction()`
`199`	`199`	`}`
`200`	`200`
Original file line number	Diff line number	Diff line change
`@@ -26,20 +26,20 @@ class PrintIRConfiguration extends TPrintIRConfiguration {`
`26`	`26`	* Holds if the IR for `func` should be printed. By default, holds for all
`27`	`27`	`* functions.`
`28`	`28`	`*/`
`29`		`- predicate shouldPrintFunction(Language::Function func) { any() }`
	`29`	`+ predicate shouldPrintFunction(Language::Declaration decl) { any() }`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`/**`
`33`	`33`	* Override of `IRConfiguration` to only evaluate debug strings for the functions that are to be dumped.
`34`	`34`	`*/`
`35`	`35`	`private class FilteredIRConfiguration extends IRConfiguration {`
`36`		`- override predicate shouldEvaluateDebugStringsForFunction(Language::Function func) {`
	`36`	`+ override predicate shouldEvaluateDebugStringsForFunction(Language::Declaration func) {`
`37`	`37`	`shouldPrintFunction(func)`
`38`	`38`	`}`
`39`	`39`	`}`
`40`	`40`
`41`		`-private predicate shouldPrintFunction(Language::Function func) {`
`42`		`- exists(PrintIRConfiguration config \| config.shouldPrintFunction(func))`
	`41`	`+private predicate shouldPrintFunction(Language::Declaration decl) {`
	`42`	`+ exists(PrintIRConfiguration config \| config.shouldPrintFunction(decl))`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`private string getAdditionalInstructionProperty(Instruction instr, string key) {`