From 3fcb825e7f20e36951d03155ee40865af0e567e3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 6 Oct 2022 17:21:09 +0100 Subject: [PATCH] C++: Change a few indirectionIndex ranges from '[0 .. n - 1]' to '[1 .. n]'. This simplifies some arithmetic in a few predicates. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 6 +++--- .../cpp/ir/dataflow/internal/DataFlowUtil.qll | 17 +++++------------ .../code/cpp/ir/dataflow/internal/ModelUtil.qll | 2 +- 3 files changed, 9 insertions(+), 16 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index d6b2d455dd2..672cb93690c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -137,7 +137,7 @@ private newtype TReturnKind = exists(IndirectReturnNode return, ReturnIndirectionInstruction returnInd | returnInd.hasIndex(argumentIndex) and return.getAddressOperand() = returnInd.getSourceAddressOperand() and - indirectionIndex = return.getIndirectionIndex() - 1 // We subtract one because the return loads the value. + indirectionIndex = return.getIndirectionIndex() ) } @@ -197,7 +197,7 @@ class ReturnIndirectionNode extends IndirectReturnNode, ReturnNode { exists(int argumentIndex, ReturnIndirectionInstruction returnInd | returnInd.hasIndex(argumentIndex) and this.getAddressOperand() = returnInd.getSourceAddressOperand() and - result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex() - 1) and + result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex()) and hasNonInitializeParameterDef(returnInd.getIRVariable()) ) or @@ -365,7 +365,7 @@ predicate jumpStep(Node n1, Node n2) { predicate storeStep(Node node1, Content c, PostFieldUpdateNode node2) { exists(int indirectionIndex1, int numberOfLoads, StoreInstruction store | nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and - node2.getIndirectionIndex() = 0 and + node2.getIndirectionIndex() = 1 and numberOfLoadsFromOperand(node2.getFieldAddress(), store.getDestinationAddressOperand(), numberOfLoads) | diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 08d5f270e5a..1393ddea1a1 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -38,13 +38,12 @@ private module Cached { TVariableNode(Variable var) or TPostFieldUpdateNode(FieldAddress operand, int indirectionIndex) { indirectionIndex = - [0 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType()) - - 1] + [1 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType())] } or TSsaPhiNode(Ssa::PhiNode phi) or TIndirectArgumentOutNode(ArgumentOperand operand, int indirectionIndex) { Ssa::isModifiableByCall(operand) and - indirectionIndex = [0 .. Ssa::countIndirectionsForCppType(operand.getLanguageType()) - 1] + indirectionIndex = [1 .. Ssa::countIndirectionsForCppType(operand.getLanguageType())] } or TIndirectOperand(Operand op, int indirectionIndex) { Ssa::hasIndirectOperand(op, indirectionIndex) @@ -370,8 +369,6 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode { override Declaration getEnclosingCallable() { result = this.getFunction() } - override IRType getType() { result = fieldAddress.getIRType() } - FieldAddress getFieldAddress() { result = fieldAddress } Field getUpdatedField() { result = fieldAddress.getField() } @@ -379,10 +376,8 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode { int getIndirectionIndex() { result = indirectionIndex } override Node getPreUpdateNode() { - // + 1 because we're storing into an lvalue, and the original node should be the rvalue of - // the same address. hasOperandAndIndex(result, pragma[only_bind_into](fieldAddress).getObjectAddressOperand(), - indirectionIndex + 1) + indirectionIndex) } override Expr getDefinedExpr() { @@ -536,9 +531,7 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PostUpdate override Function getFunction() { result = this.getCallInstruction().getEnclosingFunction() } - override IRType getType() { result instanceof IRVoidType } - - override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex + 1) } + override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex) } override string toStringImpl() { // This string should be unique enough to be helpful but common enough to @@ -1075,7 +1068,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) { store.getDestinationAddressOperand() = address ) or - Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex - 1) + Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex) ) } diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll index c302c6ef878..27edf7ce02c 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll @@ -41,7 +41,7 @@ Node callOutput(CallInstruction call, FunctionOutput output) { // The side effect of a call on the value pointed to by an argument or qualifier exists(int index, int indirectionIndex | result.(IndirectArgumentOutNode).getArgumentIndex() = index and - result.(IndirectArgumentOutNode).getIndirectionIndex() + 1 = indirectionIndex and + result.(IndirectArgumentOutNode).getIndirectionIndex() = indirectionIndex and result.(IndirectArgumentOutNode).getCallInstruction() = call and output.isParameterDerefOrQualifierObject(index, indirectionIndex) )