1515import semmle.code.cpp.ir.IR
1616import cpp
1717
18- predicate irBbFunctionExit ( IRBlock exit ) {
19- exit .getLastInstruction ( ) instanceof ExitFunctionInstruction
20- }
21-
22- predicate irBbNodePred ( IRBlock src , IRBlock pred ) { src .getAPredecessor ( ) = pred }
23-
24- predicate irBbIPostDominates ( IRBlock postDominator , IRBlock node ) =
25- idominance( irBbFunctionExit / 1 , irBbNodePred / 2 ) ( _, postDominator , node )
26-
27- predicate irBbStrictlyPostDominates ( IRBlock postDominator , IRBlock node ) {
28- irBbIPostDominates + ( postDominator , node )
29- }
30-
31- /**
32- * Holds if `postDominator` is a post-dominator of `node` in the control-flow graph. This
33- * is reflexive.
34- */
35- predicate irBbPostDominates ( IRBlock postDominator , IRBlock node ) {
36- irBbStrictlyPostDominates ( postDominator , node ) or postDominator = node
37- }
38-
3918bindingset [ n, result ]
4019int unbind ( int n ) { result >= n and result <= n }
4120
42- /** Holds if `p` is the `n`'th parameter of function `f`. */
43- predicate parameterOf ( Parameter p , Function f , int n ) { p .getFunction ( ) = f and p .getIndex ( ) = n }
21+ /** Holds if `p` is the `n`'th parameter of the non-virtual function `f`. */
22+ predicate parameterOf ( Parameter p , Function f , int n ) {
23+ not f .isVirtual ( ) and f .getParameter ( n ) = p
24+ }
4425
4526/**
46- * Holds if `instr` is the `n`'th argument to a call to the function `f`, and
27+ * Holds if `instr` is the `n`'th argument to a call to the non-virtual function `f`, and
4728 * `init` is the corresponding initiazation instruction that receives the value of
4829 * `instr` in `f`.
4930 */
5031predicate flowIntoParameter (
5132 CallInstruction call , Instruction instr , Function f , int n , InitializeParameterInstruction init
5233) {
34+ not f .isVirtual ( ) and
5335 call .getPositionalArgument ( n ) = instr and
5436 f = call .getStaticCallTarget ( ) and
55- init .getEnclosingFunction ( ) = f
37+ init .getEnclosingFunction ( ) = f and
38+ init .getParameter ( ) .getIndex ( ) = unbind ( n )
5639}
5740
5841/**
@@ -71,14 +54,15 @@ predicate getPositionalArgumentInitParam(
7154}
7255
7356/**
74- * Holds if `instr` is the qualifier to a call to the function `f`, and
57+ * Holds if `instr` is the qualifier to a call to the non-virtual function `f`, and
7558 * `init` is the corresponding initiazation instruction that receives the value of
7659 * `instr` in `f`.
7760 */
7861pragma [ noinline]
7962predicate getThisArgumentInitParam (
8063 CallInstruction call , Instruction instr , InitializeParameterInstruction init , Function f
8164) {
65+ not f .isVirtual ( ) and
8266 call .getStaticCallTarget ( ) = f and
8367 init .getEnclosingFunction ( ) = f and
8468 call .getThisArgument ( ) = instr and
@@ -270,7 +254,9 @@ predicate isInPath(Instruction instr) {
270254 )
271255}
272256
273- query predicate edges ( Instruction a , Instruction b ) { successor ( a , b , _) }
257+ query predicate edges ( Instruction a , Instruction b ) {
258+ successor ( a , b , _) and isInPath ( a ) and isInPath ( b )
259+ }
274260
275261query predicate nodes ( Instruction n , string key , string val ) {
276262 isInPath ( n ) and key = "semmle.label" and val = n .toString ( )
0 commit comments