Merge pull request #509 from dave-bartolomeo/dave/ConditionDeclExpr

C++: IR support for ConditionDeclExpr

Author: jbj

cpp/ql/src/semmle/code/cpp/Variable.qll

@@ -291,7 +291,8 @@ class LocalVariable extends LocalScopeVariable, @localvariable {
   override Type getType() { localvariables(underlyingElement(this),unresolveElement(result),_) }
 
   override Function getFunction() {
-    exists(DeclStmt s | s.getADeclaration() = this and s.getEnclosingFunction() = result)
+    exists(DeclStmt s | s.getADeclaration() = this and s.getEnclosingFunction() = result) or
+    exists(ConditionDeclExpr e | e.getVariable() = this and e.getEnclosingFunction() = result)
   }
 }
 

cpp/ql/src/semmle/code/cpp/exprs/Expr.qll

@@ -28,7 +28,8 @@ class Expr extends StmtParent, @expr {
       result = this.getParent().(Expr).getEnclosingStmt() or
       result = this.getParent().(Stmt) or
       exists(Expr other | result = other.getEnclosingStmt() and other.getConversion() = this) or
-      exists(DeclStmt d, LocalVariable v | d.getADeclaration() = v and v.getInitializer().getExpr() = this and result = d)
+      exists(DeclStmt d, LocalVariable v | d.getADeclaration() = v and v.getInitializer().getExpr() = this and result = d) or
+      exists(ConditionDeclExpr cde, LocalVariable v | cde.getVariable() = v and v.getInitializer().getExpr() = this and result = cde.getEnclosingStmt())
   }
 
   /** Gets the enclosing variable of this expression, if any. */

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

@@ -10,8 +10,7 @@ private import TranslatedInitialization
  * Gets the `TranslatedDeclarationEntry` that represents the declaration
  * `entry`.
  */
-TranslatedDeclarationEntry getTranslatedDeclarationEntry(
-  DeclarationEntry entry) {
+TranslatedDeclarationEntry getTranslatedDeclarationEntry(DeclarationEntry entry) {
   result.getAST() = entry
 }
 
@@ -21,8 +20,7 @@ TranslatedDeclarationEntry getTranslatedDeclarationEntry(
  * it can also be the declaration of a static local variable, an extern
  * variable, or an extern function.
  */
-abstract class TranslatedDeclarationEntry extends TranslatedElement,
-  TTranslatedDeclarationEntry {
+abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslatedDeclarationEntry {
   DeclarationEntry entry;
 
   TranslatedDeclarationEntry() {
@@ -50,14 +48,13 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement,
  * for declarations other than local variables. Since these have no semantic
  * effect, they are translated as `NoOp`.
  */
-class TranslatedNonVariableDeclaration extends
-  TranslatedDeclarationEntry {
-  TranslatedNonVariableDeclaration() {
+class TranslatedNonVariableDeclarationEntry extends TranslatedDeclarationEntry {
+  TranslatedNonVariableDeclarationEntry() {
     not entry.getDeclaration() instanceof LocalVariable
   }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag,
-    Type resultType, boolean isGLValue) {
+      Type resultType, boolean isGLValue) {
     opcode instanceof Opcode::NoOp and
     tag = OnlyInstructionTag() and
     resultType instanceof VoidType and
@@ -88,140 +85,140 @@ class TranslatedNonVariableDeclaration extends
  * Represents the IR translation of the declaration of a local variable,
  * including its initialization, if any.
  */
-abstract class TranslatedVariableDeclaration extends
-  TranslatedDeclarationEntry {
-  LocalVariable var;
-
-  TranslatedVariableDeclaration() {
-    entry.getDeclaration() = var
-  }
-}
-
-/**
- * Represents the IR translation of a local variable with no initializer. The
- * generated IR stores into the variable using an `Uninitialized` instruction,
- * rather than a `Store`.
- */
-class TranslatedUninitializedVariable extends
-  TranslatedVariableDeclaration {
-  TranslatedUninitializedVariable() {
-    not exists(Initializer init |
-      init.getDeclaration() = var
-    )
-  }
+abstract class TranslatedVariableDeclaration extends TranslatedElement, InitializationContext {
+  /**
+   * Gets the local variable being declared.
+   */
+  abstract LocalVariable getVariable();
 
   override TranslatedElement getChild(int id) {
-    none()
+    id = 0 and result = getInitialization()
   }
 
   override Instruction getFirstInstruction() {
     result = getInstruction(InitializerVariableAddressTag())
   }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag,
-    Type resultType, boolean isGLValue) {
+      Type resultType, boolean isGLValue) {
     (
       tag = InitializerVariableAddressTag() and
       opcode instanceof Opcode::VariableAddress and
-      resultType = var.getType().getUnspecifiedType() and
+      resultType = getVariable().getType().getUnspecifiedType() and
       isGLValue = true
     ) or
-    ( 
+    (
+      hasUninitializedInstruction() and
       tag = InitializerStoreTag() and
       opcode instanceof Opcode::Uninitialized and
-      resultType = var.getType().getUnspecifiedType() and
+      resultType = getVariable().getType().getUnspecifiedType() and
       isGLValue = false
     )
   }
 
   override Instruction getInstructionSuccessor(InstructionTag tag,
-    EdgeKind kind) {
-    kind instanceof GotoEdge and
+      EdgeKind kind) {
     (
-      (
-        tag = InitializerVariableAddressTag() and
+      tag = InitializerVariableAddressTag() and
+      kind instanceof GotoEdge and
+      if hasUninitializedInstruction() then
         result = getInstruction(InitializerStoreTag())
-      ) or
+      else
+        result = getInitialization().getFirstInstruction()
+    ) or
+    (
+      hasUninitializedInstruction() and
+      kind instanceof GotoEdge and
+      tag = InitializerStoreTag() and
       (
-        tag = InitializerStoreTag() and
-        result = getParent().getChildSuccessor(this)
+        result = getInitialization().getFirstInstruction() or
+        not exists(getInitialization()) and result = getParent().getChildSuccessor(this)
       )
     )
   }
 
   override Instruction getChildSuccessor(TranslatedElement child) {
-    none()
-  }
-
-  override Instruction getInstructionOperand(InstructionTag tag,
-    OperandTag operandTag) {
-    tag = InitializerStoreTag() and
-    (
-      (
-        operandTag instanceof AddressOperandTag and
-        result = getInstruction(InitializerVariableAddressTag())
-      ) 
-    )
+    child = getInitialization() and result = getParent().getChildSuccessor(this)
   }
 
   override IRVariable getInstructionVariable(InstructionTag tag) {
     tag = InitializerVariableAddressTag() and
-    result = getIRUserVariable(var.getFunction(), var)
+    result = getIRUserVariable(getFunction(), getVariable())
   }
-}
 
-/**
- * Represents the IR translation of a local variable with an initializer.
- */
-class TranslatedInitializedVariable extends
-  TranslatedVariableDeclaration, InitializationContext {
-  Initializer init;
+  override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) {
+    hasUninitializedInstruction() and
+    tag = InitializerStoreTag() and
+    operandTag instanceof AddressOperandTag and
+    result = getInstruction(InitializerVariableAddressTag())
+  }
 
-  TranslatedInitializedVariable() {
-    init.getDeclaration() = var
+  override Instruction getTargetAddress() {
+    result = getInstruction(InitializerVariableAddressTag())
   }
 
-  override TranslatedElement getChild(int id) {
-    id = 0 and result = getInitialization()
+  override Type getTargetType() {
+    result = getVariable().getType().getUnspecifiedType()
   }
 
-  override Instruction getFirstInstruction() {
-    result = getInstruction(InitializerVariableAddressTag())
+  private TranslatedInitialization getInitialization() {
+    result = getTranslatedInitialization(getVariable().getInitializer().getExpr().getFullyConverted())
   }
 
-  override predicate hasInstruction(Opcode opcode, InstructionTag tag,
-    Type resultType, boolean isGLValue) {
-    tag = InitializerVariableAddressTag() and
-    opcode instanceof Opcode::VariableAddress and
-    resultType = var.getType().getUnspecifiedType() and
-    isGLValue = true
+  private predicate hasUninitializedInstruction() {
+    not exists(getInitialization()) or
+    getInitialization() instanceof TranslatedListInitialization
   }
+}
 
-  override Instruction getInstructionSuccessor(InstructionTag tag,
-    EdgeKind kind) {
-    tag = InitializerVariableAddressTag() and
-    result = getInitialization().getFirstInstruction() and
-    kind instanceof GotoEdge
+/**
+ * Represents the IR translation of a local variable declaration within a declaration statement.
+ */
+class TranslatedVariableDeclarationEntry extends TranslatedVariableDeclaration,
+    TranslatedDeclarationEntry {
+  LocalVariable var;
+
+  TranslatedVariableDeclarationEntry() {
+    var = entry.getDeclaration()
   }
 
-  override Instruction getChildSuccessor(TranslatedElement child) {
-    child = getInitialization() and result = getParent().getChildSuccessor(this)
+  override LocalVariable getVariable() {
+    result = var
   }
+}
 
-  override IRVariable getInstructionVariable(InstructionTag tag) {
-    tag = InitializerVariableAddressTag() and
-    result = getIRUserVariable(var.getFunction(), var)
+TranslatedConditionDecl getTranslatedConditionDecl(ConditionDeclExpr expr) {
+  result.getAST() = expr
+}
+
+/**
+ * Represents the IR translation of the declaration portion of a `ConditionDeclExpr`, which
+ * represents the variable declared in code such as:
+ * ```
+ * if (int* p = &x) {
+ * }
+ * ```
+ */
+class TranslatedConditionDecl extends TranslatedVariableDeclaration, TTranslatedConditionDecl {
+  ConditionDeclExpr conditionDeclExpr;
+
+  TranslatedConditionDecl() {
+    this = TTranslatedConditionDecl(conditionDeclExpr)
   }
 
-  override Instruction getTargetAddress() {
-    result = getInstruction(InitializerVariableAddressTag())
+  override string toString() {
+    result = "decl: " + conditionDeclExpr.toString()
   }
 
-  override Type getTargetType() {
-    result = var.getType().getUnspecifiedType()
+  override Locatable getAST() {
+    result = conditionDeclExpr
   }
 
-  private TranslatedInitialization getInitialization() {
-    result = getTranslatedInitialization(init.getExpr().getFullyConverted())
+  override Function getFunction() {
+    result = conditionDeclExpr.getEnclosingFunction()
+  }
+
+  override LocalVariable getVariable() {
+    result = conditionDeclExpr.getVariable()
   }
 }

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -319,6 +319,10 @@ newtype TTranslatedElement =
   // An allocation size for a `new` or `new[]` expression
   TTranslatedAllocationSize(NewOrNewArrayExpr newExpr) {
     not ignoreExpr(newExpr)
+  } or
+  // The declaration/initialization part of a `ConditionDeclExpr`
+  TTranslatedConditionDecl(ConditionDeclExpr expr) {
+    not ignoreExpr(expr)
   }
 
 /**

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -4,6 +4,7 @@ private import semmle.code.cpp.ir.internal.OperandTag
 private import semmle.code.cpp.ir.internal.TempVariableTag
 private import InstructionTag
 private import TranslatedCondition
+private import TranslatedDeclarationEntry
 private import TranslatedElement
 private import TranslatedFunction
 private import TranslatedInitialization
@@ -2914,3 +2915,57 @@ class TranslatedNewArrayExpr extends TranslatedNewOrNewArrayExpr {
     none()
   }
 }
+
+/**
+ * The IR translation of a `ConditionDeclExpr`, which represents the value of the declared variable
+ * after conversion to `bool` in code such as:
+ * ```
+ * if (int* p = &x) {
+ * }
+ * ```
+ */
+class TranslatedConditionDeclExpr extends TranslatedNonConstantExpr {
+  ConditionDeclExpr condDeclExpr;
+
+  TranslatedConditionDeclExpr() {
+    condDeclExpr = expr
+  }
+
+  override final Instruction getFirstInstruction() {
+    result = getDecl().getFirstInstruction()
+  }
+
+  override final TranslatedElement getChild(int id) {
+    id = 0 and result = getDecl() or
+    id = 1 and result = getConditionExpr()
+  }
+
+  override Instruction getResult() {
+    result = getConditionExpr().getResult()
+  }
+
+  override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
+    none()
+  }
+
+  override Instruction getChildSuccessor(TranslatedElement child) {
+    (
+      child = getDecl() and
+      result = getConditionExpr().getFirstInstruction()
+    ) or
+    child = getConditionExpr() and result = getParent().getChildSuccessor(this)
+  }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, Type resultType,
+      boolean isGLValue) {
+    none()
+  }
+
+  private TranslatedConditionDecl getDecl() {
+    result = getTranslatedConditionDecl(condDeclExpr)
+  }
+
+  private TranslatedExpr getConditionExpr() {
+    result = getTranslatedExpr(condDeclExpr.getExpr().getFullyConverted())
+  }
+}