Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fe32aea

Browse files
author
Robert Marsh
committed
C++: fix/add comments
1 parent ed68f91 commit fe32aea

5 files changed

Lines changed: 1390 additions & 821 deletions

File tree

cpp/ql/src/semmle/code/cpp/controlflow/IRGuards.qll

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -280,6 +280,21 @@ class IRGuardCondition extends Instruction {
280280
ne.controls(controlled, testIsTrue.booleanNot()))
281281
}
282282

283+
/**
284+
* Holds if `branch` jumps directly to `succ` when this condition is `testIsTrue`.
285+
*
286+
* This predicate is intended to help with situations in which an inference can only be made
287+
* based on an edge between a block with multiple successors and a block with multiple
288+
* predecessors. For example, in the following situation, an inference can be made about the
289+
* value of `x` at the end of the `if` statement, but there is no block which is controlled by
290+
* the `if` statement when `x >= y`.
291+
* ```
292+
* if (x < y) {
293+
* x = y;
294+
* }
295+
* return x;
296+
* ```
297+
*/
283298
cached predicate controlsEdge(ConditionalBranchInstruction branch, IRBlock succ, boolean testIsTrue) {
284299
branch.getCondition() = this and
285300
(

cpp/ql/src/semmle/code/cpp/rangeanalysis/Bound.qll

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ private newtype TBound =
1818
abstract class Bound extends TBound {
1919
abstract string toString();
2020

21-
// FIXME: operands?
2221
/** Gets an expression that equals this bound plus `delta`. */
2322
abstract Instruction getInstruction(int delta);
2423

@@ -55,7 +54,9 @@ class InstructionBound extends Bound, TBoundInstruction {
5554
}
5655
}
5756

58-
57+
/**
58+
* A bound corrseponding to the value of an `Operand`.
59+
*/
5960
class OperandBound extends Bound, TBoundOperand {
6061
Operand getOperand() {
6162
this = TBoundOperand(result)

cpp/ql/src/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll

Lines changed: 25 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -76,9 +76,9 @@ cached private module RangeAnalysisCache {
7676

7777
cached module RangeAnalysisPublic {
7878
/**
79-
* Holds if `b + delta` is a valid bound for `e`.
80-
* - `upper = true` : `e <= b + delta`
81-
* - `upper = false` : `e >= b + delta`
79+
* Holds if `b + delta` is a valid bound for `i`.
80+
* - `upper = true` : `i <= b + delta`
81+
* - `upper = false` : `i >= b + delta`
8282
*
8383
* The reason for the bound is given by `reason` and may be either a condition
8484
* or `NoReason` if the bound was proven directly without the use of a bounding
@@ -88,6 +88,15 @@ cached private module RangeAnalysisCache {
8888
boundedInstruction(i, b, delta, upper, _, _, reason)
8989
}
9090

91+
/**
92+
* Holds if `b + delta` is a valid bound for `op`.
93+
* - `upper = true` : `op <= b + delta`
94+
* - `upper = false` : `op >= b + delta`
95+
*
96+
* The reason for the bound is given by `reason` and may be either a condition
97+
* or `NoReason` if the bound was proven directly without the use of a bounding
98+
* condition.
99+
*/
91100
cached predicate boundedOperand(Operand op, Bound b, int delta, boolean upper, Reason reason) {
92101
boundedNonPhiOperand(op, b, delta, upper, _, _, reason)
93102
or
@@ -145,11 +154,11 @@ private predicate boundFlowStepSsa(
145154
}
146155

147156
/**
148-
* Gets a condition that tests whether `v` is bounded by `e + delta`.
157+
* Gets a condition that tests whether `op` is bounded by `bound + delta`.
149158
*
150159
* If the condition evaluates to `testIsTrue`:
151-
* - `upper = true` : `v <= e + delta`
152-
* - `upper = false` : `v >= e + delta`
160+
* - `upper = true` : `op <= bound + delta`
161+
* - `upper = false` : `op >= bound + delta`
153162
*/
154163
private IRGuardCondition boundFlowCond(NonPhiOperand op, NonPhiOperand bound, int delta, boolean upper,
155164
boolean testIsTrue)
@@ -163,9 +172,10 @@ private IRGuardCondition boundFlowCond(NonPhiOperand op, NonPhiOperand bound, in
163172
}
164173

165174
/**
166-
* Holds if `comp` corresponds to:
167-
* - `upper = true` : `v <= e + delta` or `v < e + delta`
168-
* - `upper = false` : `v >= e + delta` or `v > e + delta`
175+
* Gets a condition that tests whether `op` is bounded by `bound + delta`.
176+
*
177+
* - `upper = true` : `op <= bound + delta`
178+
* - `upper = false` : `op >= bound + delta`
169179
*/
170180
private IRGuardCondition boundFlowCondPhi(PhiOperand op, NonPhiOperand bound, int delta, boolean upper,
171181
boolean testIsTrue)
@@ -291,7 +301,7 @@ private predicate boundFlowStep(Instruction i, Operand op, int delta, boolean up
291301
sub.getAnOperand().(RightOperand) = x
292302
)
293303
|
294-
// `x instanceof ConstantIntegerExpr` is covered by valueFlowStep
304+
// `x` with constant value is covered by valueFlowStep
295305
not exists(getValue(getConstantValue(x.getInstruction()))) and
296306
if strictlyPositive(x)
297307
then (
@@ -383,7 +393,6 @@ private predicate boundFlowStepPhi(
383393
or
384394
exists(IRGuardCondition guard |
385395
guard = boundFlowCondPhi(op2, op1, delta, upper, _) and
386-
// Java has guardDirectlyControlsSsaRead here
387396
reason = TCondReason(guard)
388397
)
389398
}
@@ -425,20 +434,6 @@ private predicate unequalOperand(Operand op, Bound b, int delta, Reason reason)
425434
none()
426435
}
427436

428-
/*
429-
* Notes on phi nodes in the C IR vs Java
430-
*
431-
* the IR doesn't have edges as a type, but Java uses edges rather than predecessor blocks; is
432-
* there anything to be gained by distinguishing different edges from the same predecessor? (does
433-
* Java distinguish different edges from the same predecessor? can the IR actually generate multiple
434-
* edges from the same predecessor?)
435-
*
436-
* Java identifies a phi operand using a tuple of a node, an input, and an edge; we might be able to
437-
* get away with just using a PhiOperand, which I believe uniquely identifies the phi node and
438-
* predecessor block.
439-
*
440-
*/
441-
442437
private predicate boundedPhiCandValidForEdge(
443438
PhiInstruction phi, Bound b, int delta, boolean upper, boolean fromBackEdge, int origdelta,
444439
Reason reason, PhiOperand op
@@ -544,7 +539,11 @@ private predicate boundedCastExpr(
544539
) {
545540
boundedNonPhiOperand(cast.getAnOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
546541
}
547-
542+
/**
543+
* Holds if `b + delta` is a valid bound for `i`.
544+
* - `upper = true` : `i <= b + delta`
545+
* - `upper = false` : `i >= b + delta`
546+
*/
548547
private predicate boundedInstruction(
549548
Instruction i, Bound b, int delta, boolean upper, boolean fromBackEdge, int origdelta, Reason reason
550549
) {

0 commit comments

Comments
 (0)