Skip to content

Commit 2b89139

Browse files
author
Dave Bartolomeo
authored
Merge pull request #2269 from rdmarsh2/rdmarsh/cpp/uninit-string-initializers
C++: uninit instr for string literal initializers
2 parents 7527f13 + f483ec1 commit 2b89139

File tree

6 files changed

+212
-60
lines changed

6 files changed

+212
-60
lines changed

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -120,7 +120,8 @@ abstract class TranslatedVariableDeclaration extends TranslatedElement, Initiali
120120

121121
private predicate hasUninitializedInstruction() {
122122
not exists(getInitialization()) or
123-
getInitialization() instanceof TranslatedListInitialization
123+
getInitialization() instanceof TranslatedListInitialization or
124+
getInitialization().(TranslatedStringLiteralInitialization).zeroInitRange(_, _)
124125
}
125126
}
126127

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -340,7 +340,7 @@ class TranslatedStringLiteralInitialization extends TranslatedDirectInitializati
340340
* Holds if the `elementCount` array elements starting at `startIndex` must be
341341
* zero initialized.
342342
*/
343-
private predicate zeroInitRange(int startIndex, int elementCount) {
343+
predicate zeroInitRange(int startIndex, int elementCount) {
344344
exists(int targetCount |
345345
startIndex = expr.getUnspecifiedType().(ArrayType).getArraySize() and
346346
targetCount = getContext().getTargetType().getUnspecifiedType().(ArrayType).getArraySize() and

cpp/ql/test/library-tests/ir/ir/raw_ir.expected

Lines changed: 59 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -2700,64 +2700,65 @@ ir.cpp:
27002700
# 571| mu0_1(unknown) = AliasedDefinition :
27012701
# 571| mu0_2(unknown) = UnmodeledDefinition :
27022702
# 572| r0_3(glval<char[32]>) = VariableAddress[a_pad] :
2703-
# 572| r0_4(glval<char[1]>) = StringConstant[""] :
2704-
# 572| r0_5(char[1]) = Load : &:r0_4, ~mu0_2
2705-
# 572| mu0_6(char[1]) = Store : &:r0_3, r0_5
2706-
# 572| r0_7(unknown[31]) = Constant[0] :
2707-
# 572| r0_8(int) = Constant[1] :
2708-
# 572| r0_9(glval<char>) = PointerAdd[1] : r0_3, r0_8
2709-
# 572| mu0_10(unknown[31]) = Store : &:r0_9, r0_7
2710-
# 573| r0_11(glval<char[4]>) = VariableAddress[a_nopad] :
2711-
# 573| r0_12(glval<char[4]>) = StringConstant["foo"] :
2712-
# 573| r0_13(char[4]) = Load : &:r0_12, ~mu0_2
2713-
# 573| mu0_14(char[4]) = Store : &:r0_11, r0_13
2714-
# 574| r0_15(glval<char[5]>) = VariableAddress[a_infer] :
2715-
# 574| r0_16(glval<char[5]>) = StringConstant["blah"] :
2716-
# 574| r0_17(char[5]) = Load : &:r0_16, ~mu0_2
2717-
# 574| mu0_18(char[5]) = Store : &:r0_15, r0_17
2718-
# 575| r0_19(glval<char[2]>) = VariableAddress[b] :
2719-
# 575| mu0_20(char[2]) = Uninitialized[b] : &:r0_19
2720-
# 576| r0_21(glval<char[2]>) = VariableAddress[c] :
2721-
# 576| mu0_22(char[2]) = Uninitialized[c] : &:r0_21
2722-
# 576| r0_23(int) = Constant[0] :
2723-
# 576| r0_24(glval<char>) = PointerAdd[1] : r0_21, r0_23
2724-
# 576| r0_25(unknown[2]) = Constant[0] :
2725-
# 576| mu0_26(unknown[2]) = Store : &:r0_24, r0_25
2726-
# 577| r0_27(glval<char[2]>) = VariableAddress[d] :
2727-
# 577| mu0_28(char[2]) = Uninitialized[d] : &:r0_27
2728-
# 577| r0_29(int) = Constant[0] :
2729-
# 577| r0_30(glval<char>) = PointerAdd[1] : r0_27, r0_29
2730-
# 577| r0_31(char) = Constant[0] :
2731-
# 577| mu0_32(char) = Store : &:r0_30, r0_31
2732-
# 577| r0_33(int) = Constant[1] :
2733-
# 577| r0_34(glval<char>) = PointerAdd[1] : r0_27, r0_33
2734-
# 577| r0_35(char) = Constant[0] :
2735-
# 577| mu0_36(char) = Store : &:r0_34, r0_35
2736-
# 578| r0_37(glval<char[2]>) = VariableAddress[e] :
2737-
# 578| mu0_38(char[2]) = Uninitialized[e] : &:r0_37
2738-
# 578| r0_39(int) = Constant[0] :
2739-
# 578| r0_40(glval<char>) = PointerAdd[1] : r0_37, r0_39
2740-
# 578| r0_41(char) = Constant[0] :
2741-
# 578| mu0_42(char) = Store : &:r0_40, r0_41
2742-
# 578| r0_43(int) = Constant[1] :
2743-
# 578| r0_44(glval<char>) = PointerAdd[1] : r0_37, r0_43
2744-
# 578| r0_45(char) = Constant[1] :
2745-
# 578| mu0_46(char) = Store : &:r0_44, r0_45
2746-
# 579| r0_47(glval<char[3]>) = VariableAddress[f] :
2747-
# 579| mu0_48(char[3]) = Uninitialized[f] : &:r0_47
2748-
# 579| r0_49(int) = Constant[0] :
2749-
# 579| r0_50(glval<char>) = PointerAdd[1] : r0_47, r0_49
2750-
# 579| r0_51(char) = Constant[0] :
2751-
# 579| mu0_52(char) = Store : &:r0_50, r0_51
2752-
# 579| r0_53(int) = Constant[1] :
2753-
# 579| r0_54(glval<char>) = PointerAdd[1] : r0_47, r0_53
2754-
# 579| r0_55(unknown[2]) = Constant[0] :
2755-
# 579| mu0_56(unknown[2]) = Store : &:r0_54, r0_55
2756-
# 580| v0_57(void) = NoOp :
2757-
# 571| v0_58(void) = ReturnVoid :
2758-
# 571| v0_59(void) = UnmodeledUse : mu*
2759-
# 571| v0_60(void) = AliasedUse : ~mu0_2
2760-
# 571| v0_61(void) = ExitFunction :
2703+
# 572| mu0_4(char[32]) = Uninitialized[a_pad] : &:r0_3
2704+
# 572| r0_5(glval<char[1]>) = StringConstant[""] :
2705+
# 572| r0_6(char[1]) = Load : &:r0_5, ~mu0_2
2706+
# 572| mu0_7(char[1]) = Store : &:r0_3, r0_6
2707+
# 572| r0_8(unknown[31]) = Constant[0] :
2708+
# 572| r0_9(int) = Constant[1] :
2709+
# 572| r0_10(glval<char>) = PointerAdd[1] : r0_3, r0_9
2710+
# 572| mu0_11(unknown[31]) = Store : &:r0_10, r0_8
2711+
# 573| r0_12(glval<char[4]>) = VariableAddress[a_nopad] :
2712+
# 573| r0_13(glval<char[4]>) = StringConstant["foo"] :
2713+
# 573| r0_14(char[4]) = Load : &:r0_13, ~mu0_2
2714+
# 573| mu0_15(char[4]) = Store : &:r0_12, r0_14
2715+
# 574| r0_16(glval<char[5]>) = VariableAddress[a_infer] :
2716+
# 574| r0_17(glval<char[5]>) = StringConstant["blah"] :
2717+
# 574| r0_18(char[5]) = Load : &:r0_17, ~mu0_2
2718+
# 574| mu0_19(char[5]) = Store : &:r0_16, r0_18
2719+
# 575| r0_20(glval<char[2]>) = VariableAddress[b] :
2720+
# 575| mu0_21(char[2]) = Uninitialized[b] : &:r0_20
2721+
# 576| r0_22(glval<char[2]>) = VariableAddress[c] :
2722+
# 576| mu0_23(char[2]) = Uninitialized[c] : &:r0_22
2723+
# 576| r0_24(int) = Constant[0] :
2724+
# 576| r0_25(glval<char>) = PointerAdd[1] : r0_22, r0_24
2725+
# 576| r0_26(unknown[2]) = Constant[0] :
2726+
# 576| mu0_27(unknown[2]) = Store : &:r0_25, r0_26
2727+
# 577| r0_28(glval<char[2]>) = VariableAddress[d] :
2728+
# 577| mu0_29(char[2]) = Uninitialized[d] : &:r0_28
2729+
# 577| r0_30(int) = Constant[0] :
2730+
# 577| r0_31(glval<char>) = PointerAdd[1] : r0_28, r0_30
2731+
# 577| r0_32(char) = Constant[0] :
2732+
# 577| mu0_33(char) = Store : &:r0_31, r0_32
2733+
# 577| r0_34(int) = Constant[1] :
2734+
# 577| r0_35(glval<char>) = PointerAdd[1] : r0_28, r0_34
2735+
# 577| r0_36(char) = Constant[0] :
2736+
# 577| mu0_37(char) = Store : &:r0_35, r0_36
2737+
# 578| r0_38(glval<char[2]>) = VariableAddress[e] :
2738+
# 578| mu0_39(char[2]) = Uninitialized[e] : &:r0_38
2739+
# 578| r0_40(int) = Constant[0] :
2740+
# 578| r0_41(glval<char>) = PointerAdd[1] : r0_38, r0_40
2741+
# 578| r0_42(char) = Constant[0] :
2742+
# 578| mu0_43(char) = Store : &:r0_41, r0_42
2743+
# 578| r0_44(int) = Constant[1] :
2744+
# 578| r0_45(glval<char>) = PointerAdd[1] : r0_38, r0_44
2745+
# 578| r0_46(char) = Constant[1] :
2746+
# 578| mu0_47(char) = Store : &:r0_45, r0_46
2747+
# 579| r0_48(glval<char[3]>) = VariableAddress[f] :
2748+
# 579| mu0_49(char[3]) = Uninitialized[f] : &:r0_48
2749+
# 579| r0_50(int) = Constant[0] :
2750+
# 579| r0_51(glval<char>) = PointerAdd[1] : r0_48, r0_50
2751+
# 579| r0_52(char) = Constant[0] :
2752+
# 579| mu0_53(char) = Store : &:r0_51, r0_52
2753+
# 579| r0_54(int) = Constant[1] :
2754+
# 579| r0_55(glval<char>) = PointerAdd[1] : r0_48, r0_54
2755+
# 579| r0_56(unknown[2]) = Constant[0] :
2756+
# 579| mu0_57(unknown[2]) = Store : &:r0_55, r0_56
2757+
# 580| v0_58(void) = NoOp :
2758+
# 571| v0_59(void) = ReturnVoid :
2759+
# 571| v0_60(void) = UnmodeledUse : mu*
2760+
# 571| v0_61(void) = AliasedUse : ~mu0_2
2761+
# 571| v0_62(void) = ExitFunction :
27612762

27622763
# 584| void VarArgs()
27632764
# 584| Block 0

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -877,3 +877,77 @@ ssa.cpp:
877877
# 207| v0_27(void) = UnmodeledUse : mu*
878878
# 207| v0_28(void) = AliasedUse : ~m0_1
879879
# 207| v0_29(void) = ExitFunction :
880+
881+
# 213| void InitArray()
882+
# 213| Block 0
883+
# 213| v0_0(void) = EnterFunction :
884+
# 213| m0_1(unknown) = AliasedDefinition :
885+
# 213| mu0_2(unknown) = UnmodeledDefinition :
886+
# 214| r0_3(glval<char[32]>) = VariableAddress[a_pad] :
887+
# 214| m0_4(char[32]) = Uninitialized[a_pad] : &:r0_3
888+
# 214| r0_5(glval<char[1]>) = StringConstant[""] :
889+
# 214| r0_6(char[1]) = Load : &:r0_5, ~m0_1
890+
# 214| m0_7(char[1]) = Store : &:r0_3, r0_6
891+
# 214| m0_8(char[32]) = Chi : total:m0_4, partial:m0_7
892+
# 214| r0_9(unknown[31]) = Constant[0] :
893+
# 214| r0_10(int) = Constant[1] :
894+
# 214| r0_11(glval<char>) = PointerAdd[1] : r0_3, r0_10
895+
# 214| m0_12(unknown[31]) = Store : &:r0_11, r0_9
896+
# 214| m0_13(char[32]) = Chi : total:m0_8, partial:m0_12
897+
# 215| r0_14(glval<char[4]>) = VariableAddress[a_nopad] :
898+
# 215| r0_15(glval<char[4]>) = StringConstant["foo"] :
899+
# 215| r0_16(char[4]) = Load : &:r0_15, ~m0_1
900+
# 215| m0_17(char[4]) = Store : &:r0_14, r0_16
901+
# 216| r0_18(glval<char[5]>) = VariableAddress[a_infer] :
902+
# 216| r0_19(glval<char[5]>) = StringConstant["blah"] :
903+
# 216| r0_20(char[5]) = Load : &:r0_19, ~m0_1
904+
# 216| m0_21(char[5]) = Store : &:r0_18, r0_20
905+
# 217| r0_22(glval<char[2]>) = VariableAddress[b] :
906+
# 217| m0_23(char[2]) = Uninitialized[b] : &:r0_22
907+
# 218| r0_24(glval<char[2]>) = VariableAddress[c] :
908+
# 218| m0_25(char[2]) = Uninitialized[c] : &:r0_24
909+
# 218| r0_26(int) = Constant[0] :
910+
# 218| r0_27(glval<char>) = PointerAdd[1] : r0_24, r0_26
911+
# 218| r0_28(unknown[2]) = Constant[0] :
912+
# 218| m0_29(unknown[2]) = Store : &:r0_27, r0_28
913+
# 219| r0_30(glval<char[2]>) = VariableAddress[d] :
914+
# 219| m0_31(char[2]) = Uninitialized[d] : &:r0_30
915+
# 219| r0_32(int) = Constant[0] :
916+
# 219| r0_33(glval<char>) = PointerAdd[1] : r0_30, r0_32
917+
# 219| r0_34(char) = Constant[0] :
918+
# 219| m0_35(char) = Store : &:r0_33, r0_34
919+
# 219| m0_36(char[2]) = Chi : total:m0_31, partial:m0_35
920+
# 219| r0_37(int) = Constant[1] :
921+
# 219| r0_38(glval<char>) = PointerAdd[1] : r0_30, r0_37
922+
# 219| r0_39(char) = Constant[0] :
923+
# 219| m0_40(char) = Store : &:r0_38, r0_39
924+
# 219| m0_41(char[2]) = Chi : total:m0_36, partial:m0_40
925+
# 220| r0_42(glval<char[2]>) = VariableAddress[e] :
926+
# 220| m0_43(char[2]) = Uninitialized[e] : &:r0_42
927+
# 220| r0_44(int) = Constant[0] :
928+
# 220| r0_45(glval<char>) = PointerAdd[1] : r0_42, r0_44
929+
# 220| r0_46(char) = Constant[0] :
930+
# 220| m0_47(char) = Store : &:r0_45, r0_46
931+
# 220| m0_48(char[2]) = Chi : total:m0_43, partial:m0_47
932+
# 220| r0_49(int) = Constant[1] :
933+
# 220| r0_50(glval<char>) = PointerAdd[1] : r0_42, r0_49
934+
# 220| r0_51(char) = Constant[1] :
935+
# 220| m0_52(char) = Store : &:r0_50, r0_51
936+
# 220| m0_53(char[2]) = Chi : total:m0_48, partial:m0_52
937+
# 221| r0_54(glval<char[3]>) = VariableAddress[f] :
938+
# 221| m0_55(char[3]) = Uninitialized[f] : &:r0_54
939+
# 221| r0_56(int) = Constant[0] :
940+
# 221| r0_57(glval<char>) = PointerAdd[1] : r0_54, r0_56
941+
# 221| r0_58(char) = Constant[0] :
942+
# 221| m0_59(char) = Store : &:r0_57, r0_58
943+
# 221| m0_60(char[3]) = Chi : total:m0_55, partial:m0_59
944+
# 221| r0_61(int) = Constant[1] :
945+
# 221| r0_62(glval<char>) = PointerAdd[1] : r0_54, r0_61
946+
# 221| r0_63(unknown[2]) = Constant[0] :
947+
# 221| m0_64(unknown[2]) = Store : &:r0_62, r0_63
948+
# 221| m0_65(char[3]) = Chi : total:m0_60, partial:m0_64
949+
# 222| v0_66(void) = NoOp :
950+
# 213| v0_67(void) = ReturnVoid :
951+
# 213| v0_68(void) = UnmodeledUse : mu*
952+
# 213| v0_69(void) = AliasedUse : ~m0_1
953+
# 213| v0_70(void) = ExitFunction :

cpp/ql/test/library-tests/ir/ssa/ssa.cpp

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,3 +210,13 @@ int ModeledCallTarget(int x) {
210210
return y;
211211
}
212212

213+
void InitArray() {
214+
char a_pad[32] = "";
215+
char a_nopad[4] = "foo";
216+
char a_infer[] = "blah";
217+
char b[2];
218+
char c[2] = {};
219+
char d[2] = { 0 };
220+
char e[2] = { 0, 1 };
221+
char f[3] = { 0 };
222+
}

cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_ir.expected

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -841,3 +841,69 @@ ssa.cpp:
841841
# 207| v0_24(void) = UnmodeledUse : mu*
842842
# 207| v0_25(void) = AliasedUse : ~mu0_2
843843
# 207| v0_26(void) = ExitFunction :
844+
845+
# 213| void InitArray()
846+
# 213| Block 0
847+
# 213| v0_0(void) = EnterFunction :
848+
# 213| mu0_1(unknown) = AliasedDefinition :
849+
# 213| mu0_2(unknown) = UnmodeledDefinition :
850+
# 214| r0_3(glval<char[32]>) = VariableAddress[a_pad] :
851+
# 214| mu0_4(char[32]) = Uninitialized[a_pad] : &:r0_3
852+
# 214| r0_5(glval<char[1]>) = StringConstant[""] :
853+
# 214| r0_6(char[1]) = Load : &:r0_5, ~mu0_2
854+
# 214| mu0_7(char[1]) = Store : &:r0_3, r0_6
855+
# 214| r0_8(unknown[31]) = Constant[0] :
856+
# 214| r0_9(int) = Constant[1] :
857+
# 214| r0_10(glval<char>) = PointerAdd[1] : r0_3, r0_9
858+
# 214| mu0_11(unknown[31]) = Store : &:r0_10, r0_8
859+
# 215| r0_12(glval<char[4]>) = VariableAddress[a_nopad] :
860+
# 215| r0_13(glval<char[4]>) = StringConstant["foo"] :
861+
# 215| r0_14(char[4]) = Load : &:r0_13, ~mu0_2
862+
# 215| m0_15(char[4]) = Store : &:r0_12, r0_14
863+
# 216| r0_16(glval<char[5]>) = VariableAddress[a_infer] :
864+
# 216| r0_17(glval<char[5]>) = StringConstant["blah"] :
865+
# 216| r0_18(char[5]) = Load : &:r0_17, ~mu0_2
866+
# 216| m0_19(char[5]) = Store : &:r0_16, r0_18
867+
# 217| r0_20(glval<char[2]>) = VariableAddress[b] :
868+
# 217| m0_21(char[2]) = Uninitialized[b] : &:r0_20
869+
# 218| r0_22(glval<char[2]>) = VariableAddress[c] :
870+
# 218| mu0_23(char[2]) = Uninitialized[c] : &:r0_22
871+
# 218| r0_24(int) = Constant[0] :
872+
# 218| r0_25(glval<char>) = PointerAdd[1] : r0_22, r0_24
873+
# 218| r0_26(unknown[2]) = Constant[0] :
874+
# 218| mu0_27(unknown[2]) = Store : &:r0_25, r0_26
875+
# 219| r0_28(glval<char[2]>) = VariableAddress[d] :
876+
# 219| mu0_29(char[2]) = Uninitialized[d] : &:r0_28
877+
# 219| r0_30(int) = Constant[0] :
878+
# 219| r0_31(glval<char>) = PointerAdd[1] : r0_28, r0_30
879+
# 219| r0_32(char) = Constant[0] :
880+
# 219| mu0_33(char) = Store : &:r0_31, r0_32
881+
# 219| r0_34(int) = Constant[1] :
882+
# 219| r0_35(glval<char>) = PointerAdd[1] : r0_28, r0_34
883+
# 219| r0_36(char) = Constant[0] :
884+
# 219| mu0_37(char) = Store : &:r0_35, r0_36
885+
# 220| r0_38(glval<char[2]>) = VariableAddress[e] :
886+
# 220| mu0_39(char[2]) = Uninitialized[e] : &:r0_38
887+
# 220| r0_40(int) = Constant[0] :
888+
# 220| r0_41(glval<char>) = PointerAdd[1] : r0_38, r0_40
889+
# 220| r0_42(char) = Constant[0] :
890+
# 220| mu0_43(char) = Store : &:r0_41, r0_42
891+
# 220| r0_44(int) = Constant[1] :
892+
# 220| r0_45(glval<char>) = PointerAdd[1] : r0_38, r0_44
893+
# 220| r0_46(char) = Constant[1] :
894+
# 220| mu0_47(char) = Store : &:r0_45, r0_46
895+
# 221| r0_48(glval<char[3]>) = VariableAddress[f] :
896+
# 221| mu0_49(char[3]) = Uninitialized[f] : &:r0_48
897+
# 221| r0_50(int) = Constant[0] :
898+
# 221| r0_51(glval<char>) = PointerAdd[1] : r0_48, r0_50
899+
# 221| r0_52(char) = Constant[0] :
900+
# 221| mu0_53(char) = Store : &:r0_51, r0_52
901+
# 221| r0_54(int) = Constant[1] :
902+
# 221| r0_55(glval<char>) = PointerAdd[1] : r0_48, r0_54
903+
# 221| r0_56(unknown[2]) = Constant[0] :
904+
# 221| mu0_57(unknown[2]) = Store : &:r0_55, r0_56
905+
# 222| v0_58(void) = NoOp :
906+
# 213| v0_59(void) = ReturnVoid :
907+
# 213| v0_60(void) = UnmodeledUse : mu*
908+
# 213| v0_61(void) = AliasedUse : ~mu0_2
909+
# 213| v0_62(void) = ExitFunction :

0 commit comments

Comments
 (0)