Skip to content

Commit 593d4c0

Browse files
rdmarsh2rdmarsh2
authored
Merge pull request #3567 from MathiasVP/ir-partial-definition
Implement `asPartialDefinition` for IR dataflow nodes
2 parents 083b8ef + 97edd97 commit 593d4c0

File tree

7 files changed

+871
-9
lines changed

7 files changed

+871
-9
lines changed

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -71,9 +71,7 @@ class Node extends TIRDataFlowNode {
7171
* `x.set(taint())` is a partial definition of `x`, and `transfer(&x, taint())` is
7272
* a partial definition of `&x`).
7373
*/
74-
Expr asPartialDefinition() {
75-
result = this.(PartialDefinitionNode).getInstruction().getUnconvertedResultExpression()
76-
}
74+
Expr asPartialDefinition() { result = this.(PartialDefinitionNode).getDefinedExpr() }
7775

7876
/**
7977
* DEPRECATED: See UninitializedNode.
@@ -251,14 +249,17 @@ abstract class PostUpdateNode extends InstructionNode {
251249
* setY(&x); // a partial definition of the object `x`.
252250
* ```
253251
*/
254-
abstract private class PartialDefinitionNode extends PostUpdateNode, TInstructionNode { }
252+
abstract private class PartialDefinitionNode extends PostUpdateNode, TInstructionNode {
253+
abstract Expr getDefinedExpr();
254+
}
255255

256256
private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
257257
override ChiInstruction instr;
258+
FieldAddressInstruction field;
258259

259260
ExplicitFieldStoreQualifierNode() {
260261
not instr.isResultConflated() and
261-
exists(StoreInstruction store, FieldInstruction field |
262+
exists(StoreInstruction store |
262263
instr.getPartial() = store and field = store.getDestinationAddress()
263264
)
264265
}
@@ -268,6 +269,10 @@ private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
268269
// DataFlowImplConsistency::Consistency. However, it's not clear what (if any) implications
269270
// this consistency failure has.
270271
override Node getPreUpdateNode() { result.asInstruction() = instr.getTotal() }
272+
273+
override Expr getDefinedExpr() {
274+
result = field.getObjectAddress().getUnconvertedResultExpression()
275+
}
271276
}
272277

273278
/**
@@ -278,15 +283,18 @@ private class ExplicitFieldStoreQualifierNode extends PartialDefinitionNode {
278283
*/
279284
private class ExplicitSingleFieldStoreQualifierNode extends PartialDefinitionNode {
280285
override StoreInstruction instr;
286+
FieldAddressInstruction field;
281287

282288
ExplicitSingleFieldStoreQualifierNode() {
283-
exists(FieldAddressInstruction field |
284-
field = instr.getDestinationAddress() and
285-
not exists(ChiInstruction chi | chi.getPartial() = instr)
286-
)
289+
field = instr.getDestinationAddress() and
290+
not exists(ChiInstruction chi | chi.getPartial() = instr)
287291
}
288292

289293
override Node getPreUpdateNode() { none() }
294+
295+
override Expr getDefinedExpr() {
296+
result = field.getObjectAddress().getUnconvertedResultExpression()
297+
}
290298
}
291299

292300
/**

0 commit comments

Comments
 (0)