Skip to content

Commit 8465e8c

Browse files
author
Robert Marsh
committed
C++: add AliasedDefinition for aliased SSA
1 parent 790b902 commit 8465e8c

11 files changed

Lines changed: 8595 additions & 8196 deletions

File tree

cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ private newtype TOpcode =
5454
TUnwind() or
5555
TUnmodeledDefinition() or
5656
TUnmodeledUse() or
57+
TAliasedDefinition() or
5758
TPhi() or
5859
TVarArgsStart() or
5960
TVarArgsEnd() or
@@ -180,6 +181,7 @@ module Opcode {
180181
class Unwind extends Opcode, TUnwind { override final string toString() { result = "Unwind" } }
181182
class UnmodeledDefinition extends Opcode, TUnmodeledDefinition { override final string toString() { result = "UnmodeledDefinition" } }
182183
class UnmodeledUse extends Opcode, TUnmodeledUse { override final string toString() { result = "UnmodeledUse" } }
184+
class AliasedDefinition extends Opcode, TAliasedDefinition { override final string toString() { result = "AliasedDefinition" } }
183185
class Phi extends Opcode, TPhi { override final string toString() { result = "Phi" } }
184186
class VarArgsStart extends BuiltInOpcode, TVarArgsStart { override final string toString() { result = "VarArgsStart" } }
185187
class VarArgsEnd extends BuiltInOpcode, TVarArgsEnd { override final string toString() { result = "VarArgsEnd" } }

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1322,6 +1322,16 @@ class UnmodeledDefinitionInstruction extends Instruction {
13221322
}
13231323
}
13241324

1325+
class AliasedDefinitionInstruction extends Instruction {
1326+
AliasedDefinitionInstruction() {
1327+
opcode instanceof Opcode::AliasedDefinition
1328+
}
1329+
1330+
override final MemoryAccessKind getResultMemoryAccess() {
1331+
result instanceof EscapedMemoryAccess
1332+
}
1333+
}
1334+
13251335
class UnmodeledUseInstruction extends Instruction {
13261336
UnmodeledUseInstruction() {
13271337
opcode instanceof Opcode::UnmodeledUse

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll

Lines changed: 41 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,8 @@ private newtype TMemoryAccess =
9393
)
9494
}
9595
or
96-
TUnknownMemoryAccess(UnknownVirtualVariable uvv)
96+
TUnknownMemoryAccess(UnknownVirtualVariable uvv) or
97+
TTotalUnknownMemoryAccess(UnknownVirtualVariable uvv)
9798

9899
private VariableMemoryAccess getVariableMemoryAccess(IRVariable var, IntValue offset, IntValue size) {
99100
result.getVirtualVariable() = getVirtualVariable(var) and
@@ -170,6 +171,26 @@ class UnknownMemoryAccess extends TUnknownMemoryAccess, MemoryAccess {
170171
}
171172
}
172173

174+
class TotalUnknownMemoryAccess extends TTotalUnknownMemoryAccess, MemoryAccess {
175+
UnknownVirtualVariable vvar;
176+
177+
TotalUnknownMemoryAccess() {
178+
this = TTotalUnknownMemoryAccess(vvar)
179+
}
180+
181+
final override string toString() {
182+
result = vvar.toString()
183+
}
184+
185+
final override VirtualVariable getVirtualVariable() {
186+
result = vvar
187+
}
188+
189+
Type getType() {
190+
result instanceof UnknownType
191+
}
192+
}
193+
173194
Overlap getOverlap(MemoryAccess def, MemoryAccess use) {
174195
def instanceof VariableMemoryAccess and
175196
def = use and
@@ -200,10 +221,16 @@ Overlap getOverlap(MemoryAccess def, MemoryAccess use) {
200221
)
201222
or
202223
exists(UnknownVirtualVariable uvv |
203-
uvv = def.getVirtualVariable() and
224+
def = TUnknownMemoryAccess(uvv) and
204225
uvv = use.getVirtualVariable() and
205226
result instanceof MayPartiallyOverlap
206227
)
228+
or
229+
exists(UnknownVirtualVariable uvv |
230+
def = TTotalUnknownMemoryAccess(uvv) and
231+
uvv = use.getVirtualVariable() and
232+
result instanceof MustTotallyOverlap
233+
)
207234
}
208235

209236
MemoryAccess getResultMemoryAccess(Instruction instr) {
@@ -215,8 +242,14 @@ MemoryAccess getResultMemoryAccess(Instruction instr) {
215242
resultPointsTo(instr.getAnOperand().(AddressOperand).getDefinitionInstruction(), var, i) and
216243
result = getVariableMemoryAccess(var, i, instr.getResultSize())
217244
)
218-
else
219-
result = TUnknownMemoryAccess(TUnknownVirtualVariable(instr.getFunctionIR()))
245+
else (
246+
result = TUnknownMemoryAccess(TUnknownVirtualVariable(instr.getFunctionIR())) and
247+
not instr instanceof UnmodeledDefinitionInstruction and
248+
not instr instanceof AliasedDefinitionInstruction
249+
or
250+
result = TTotalUnknownMemoryAccess(TUnknownVirtualVariable(instr.getFunctionIR())) and
251+
instr instanceof AliasedDefinitionInstruction
252+
)
220253
}
221254

222255
MemoryAccess getOperandMemoryAccess(Operand operand) {
@@ -228,6 +261,8 @@ MemoryAccess getOperandMemoryAccess(Operand operand) {
228261
resultPointsTo(operand.getAddressOperand().getDefinitionInstruction(), var, i) and
229262
result = getVariableMemoryAccess(var, i, operand.getDefinitionInstruction().getResultSize())
230263
)
231-
else
232-
result = TUnknownMemoryAccess(TUnknownVirtualVariable(operand.getInstruction().getFunctionIR()))
264+
else (
265+
result = TUnknownMemoryAccess(TUnknownVirtualVariable(operand.getInstruction().getFunctionIR())) and
266+
not operand.getInstruction() instanceof UnmodeledUseInstruction
267+
)
233268
}

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ cached private module Cached {
157157
else
158158
result = getPhiInstruction(instruction.getFunction(), defBlock, vvar)
159159
)
160-
)
160+
)
161161
else (
162162
result = instruction.getFunctionIR().getUnmodeledDefinitionInstruction()
163163
)

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1322,6 +1322,16 @@ class UnmodeledDefinitionInstruction extends Instruction {
13221322
}
13231323
}
13241324

1325+
class AliasedDefinitionInstruction extends Instruction {
1326+
AliasedDefinitionInstruction() {
1327+
opcode instanceof Opcode::AliasedDefinition
1328+
}
1329+
1330+
override final MemoryAccessKind getResultMemoryAccess() {
1331+
result instanceof EscapedMemoryAccess
1332+
}
1333+
}
1334+
13251335
class UnmodeledUseInstruction extends Instruction {
13261336
UnmodeledUseInstruction() {
13271337
opcode instanceof Opcode::UnmodeledUse

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ newtype TInstructionTag =
4040
ExitFunctionTag() or
4141
UnmodeledDefinitionTag() or
4242
UnmodeledUseTag() or
43+
AliasedDefinitionTag() or
4344
SwitchBranchTag() or
4445
CallTargetTag() or
4546
CallTag() or

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,9 @@ class TranslatedFunction extends TranslatedElement,
7676
(
7777
(
7878
tag = EnterFunctionTag() and
79+
result = getInstruction(AliasedDefinitionTag())
80+
) or (
81+
tag = AliasedDefinitionTag() and
7982
result = getInstruction(UnmodeledDefinitionTag())
8083
) or
8184
(
@@ -153,6 +156,12 @@ class TranslatedFunction extends TranslatedElement,
153156
resultType instanceof UnknownType and
154157
isGLValue = false
155158
) or
159+
(
160+
tag = AliasedDefinitionTag() and
161+
opcode instanceof Opcode::AliasedDefinition and
162+
resultType instanceof UnknownType and
163+
isGLValue = false
164+
) or
156165
(
157166
tag = InitializeThisTag() and
158167
opcode instanceof Opcode::InitializeThis and

cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1322,6 +1322,16 @@ class UnmodeledDefinitionInstruction extends Instruction {
13221322
}
13231323
}
13241324

1325+
class AliasedDefinitionInstruction extends Instruction {
1326+
AliasedDefinitionInstruction() {
1327+
opcode instanceof Opcode::AliasedDefinition
1328+
}
1329+
1330+
override final MemoryAccessKind getResultMemoryAccess() {
1331+
result instanceof EscapedMemoryAccess
1332+
}
1333+
}
1334+
13251335
class UnmodeledUseInstruction extends Instruction {
13261336
UnmodeledUseInstruction() {
13271337
opcode instanceof Opcode::UnmodeledUse

0 commit comments

Comments
 (0)