C++: Minor refactor

* Introduce new instruction tag for the base size
* Introduce some convenience predicates on `VlaDeclStmt`

Author: jketema

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

@@ -98,10 +98,9 @@ newtype TInstructionTag =
   } or
   CoAwaitBranchTag() or
   BoolToIntConversionTag() or
+  SizeofVlaBaseSizeTag() or
   SizeofVlaDimensionTag(int index) {
-    index = -1
-    or
-    exists(VlaDeclStmt v | exists(v.getVlaDimensionStmt(index)))
+    exists(VlaDeclStmt v | exists(v.getTransitiveVlaDimensionStmt(index)))
   }
 
 class InstructionTag extends TInstructionTag {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

@@ -4103,38 +4103,6 @@ private VlaDeclStmt getVlaDeclStmt(Expr expr, int pointerDerefCount) {
   result = getVlaDeclStmt(expr.(ArrayExpr).getArrayBase(), pointerDerefCount - 1)
 }
 
-private int getNumberOfVlaDimensions(VlaDeclStmt vlaDeclStmt) {
-  not exists(getParentVlaDecl(vlaDeclStmt)) and
-  result = vlaDeclStmt.getNumberOfVlaDimensionStmts()
-  or
-  result =
-    vlaDeclStmt.getNumberOfVlaDimensionStmts() +
-      getNumberOfVlaDimensions(getParentVlaDecl(vlaDeclStmt))
-}
-
-private VlaDeclStmt getParentVlaDecl(VlaDeclStmt vlaDeclStmt) {
-  exists(Variable v, Type baseType |
-    v = vlaDeclStmt.getVariable() and
-    baseType = getBaseType(v.getType(), vlaDeclStmt.getNumberOfVlaDimensionStmts())
-  |
-    result.getType() = baseType
-  )
-  or
-  exists(Type t, Type baseType |
-    t = vlaDeclStmt.getType().(TypedefType).getBaseType() and
-    baseType = getBaseType(t, vlaDeclStmt.getNumberOfVlaDimensionStmts())
-  |
-    result.getType() = baseType
-  )
-}
-
-private Type getBaseType(Type type, int n) {
-  n = 0 and
-  result = type
-  or
-  result = getBaseType(type.(DerivedType).getBaseType(), n - 1)
-}
-
 class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
   override SizeofExprOperator expr;
   VlaDeclStmt vlaDeclStmt;
@@ -4143,12 +4111,12 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
 
   TranslatedSizeofExpr() {
     vlaDeclStmt = getVlaDeclStmt(expr.getExprOperand(), pointerDerefCount) and
-    vlaDimensions = getNumberOfVlaDimensions(vlaDeclStmt) and
+    vlaDimensions = vlaDeclStmt.getTransitiveNumberOfVlaDimensionStmts() and
     pointerDerefCount < vlaDimensions
   }
 
   final override Instruction getFirstInstruction(EdgeKind kind) {
-    result = this.getInstruction(SizeofVlaDimensionTag(-1)) and
+    result = this.getInstruction(SizeofVlaBaseSizeTag()) and
     kind instanceof GotoEdge
   }
 
@@ -4160,7 +4128,7 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
 
   final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
     opcode instanceof Opcode::Constant and
-    tag = SizeofVlaDimensionTag(-1) and
+    tag = SizeofVlaBaseSizeTag() and
     resultType = this.getResultType()
     or
     opcode instanceof Opcode::Mul and
@@ -4169,7 +4137,7 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
   }
 
   final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
-    tag = SizeofVlaDimensionTag(-1) and
+    tag = SizeofVlaBaseSizeTag() and
     result = this.getInstruction(SizeofVlaDimensionTag(pointerDerefCount)) and
     kind instanceof GotoEdge
     or
@@ -4184,19 +4152,27 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
   }
 
   override string getInstructionConstantValue(InstructionTag tag) {
-    tag = SizeofVlaDimensionTag(-1) and
-    result = this.getVlaBaseType(vlaDeclStmt).getSize().toString()
+    tag = SizeofVlaBaseSizeTag() and
+    result = this.getBaseType(vlaDeclStmt).getSize().toString()
   }
 
-  private Type getVlaBaseType(VlaDeclStmt v) {
-    not exists(getParentVlaDecl(v)) and
+  private Type getBaseType(VlaDeclStmt v) {
+    not exists(v.getParentVlaDecl()) and
     (
-      result = getBaseType(v.getVariable().getUnderlyingType(), v.getNumberOfVlaDimensionStmts())
+      result =
+        this.getBaseType(v.getVariable().getUnderlyingType(), v.getNumberOfVlaDimensionStmts())
       or
-      result = getBaseType(v.getType().getUnderlyingType(), v.getNumberOfVlaDimensionStmts())
+      result = this.getBaseType(v.getType().getUnderlyingType(), v.getNumberOfVlaDimensionStmts())
     )
     or
-    result = this.getVlaBaseType(getParentVlaDecl(v))
+    result = this.getBaseType(v.getParentVlaDecl())
+  }
+
+  private Type getBaseType(Type type, int n) {
+    n = 0 and
+    result = type
+    or
+    result = this.getBaseType(type.(DerivedType).getBaseType(), n - 1)
   }
 
   override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
@@ -4209,23 +4185,17 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
           result = this.getInstruction(SizeofVlaDimensionTag(n - 1))
           or
           n - 1 < pointerDerefCount and
-          result = this.getInstruction(SizeofVlaDimensionTag(-1))
+          result = this.getInstruction(SizeofVlaBaseSizeTag())
         )
         or
         operandTag instanceof RightOperandTag and
         result =
-          getTranslatedExpr(this.getVlaDimension(vlaDeclStmt, n).getDimensionExpr()).getResult()
+          getTranslatedExpr(vlaDeclStmt.getTransitiveVlaDimensionStmt(n).getDimensionExpr())
+              .getResult()
       )
     )
   }
 
-  private VlaDimensionStmt getVlaDimension(VlaDeclStmt v, int n) {
-    n < v.getNumberOfVlaDimensionStmts() and
-    result = v.getVlaDimensionStmt(n)
-    or
-    result = this.getVlaDimension(getParentVlaDecl(v), n - v.getNumberOfVlaDimensionStmts())
-  }
-
   final override Instruction getResult() {
     result = this.getInstruction(SizeofVlaDimensionTag(vlaDimensions - 1))
   }

cpp/ql/lib/semmle/code/cpp/stmts/Stmt.qll

@@ -2355,6 +2355,20 @@ class VlaDeclStmt extends Stmt, @stmt_vla_decl {
     )
   }
 
+  /**
+   * Gets the number of VLA dimension statements in this VLA declaration
+   * statement and transitively of the VLA declaration used to define its
+   * base type. if any.
+   */
+  int getTransitiveNumberOfVlaDimensionStmts() {
+    not exists(this.getParentVlaDecl()) and
+    result = this.getNumberOfVlaDimensionStmts()
+    or
+    result =
+      this.getNumberOfVlaDimensionStmts() +
+        this.getParentVlaDecl().getTransitiveNumberOfVlaDimensionStmts()
+  }
+
   /**
    * Gets the `i`th VLA dimension statement in this VLA
    * declaration statement.
@@ -2367,6 +2381,19 @@ class VlaDeclStmt extends Stmt, @stmt_vla_decl {
     )
   }
 
+  /**
+   * Gets the `i`th VLA dimension statement in this VLA declaration
+   * statement or transitively of the VLA declaration used to define
+   * its base type.
+   */
+  VlaDimensionStmt getTransitiveVlaDimensionStmt(int i) {
+    i < this.getNumberOfVlaDimensionStmts() and
+    result = this.getVlaDimensionStmt(i)
+    or
+    result =
+      this.getParentVlaDecl().getTransitiveVlaDimensionStmt(i - this.getNumberOfVlaDimensionStmts())
+  }
+
   /**
    * Gets the type that this VLA declaration statement relates to,
    * if any.
@@ -2378,4 +2405,31 @@ class VlaDeclStmt extends Stmt, @stmt_vla_decl {
    * if any.
    */
   Variable getVariable() { variable_vla(unresolveElement(result), underlyingElement(this)) }
+
+  /**
+   * Get the VLA declaration used to define the base type of
+   * this VLA declaration, if any.
+   */
+  VlaDeclStmt getParentVlaDecl() {
+    exists(Variable v, Type baseType |
+      v = this.getVariable() and
+      baseType = this.getBaseType(v.getType(), this.getNumberOfVlaDimensionStmts())
+    |
+      result.getType() = baseType
+    )
+    or
+    exists(Type t, Type baseType |
+      t = this.getType().(TypedefType).getBaseType() and
+      baseType = this.getBaseType(t, this.getNumberOfVlaDimensionStmts())
+    |
+      result.getType() = baseType
+    )
+  }
+
+  private Type getBaseType(Type type, int n) {
+    n = 0 and
+    result = type
+    or
+    result = this.getBaseType(type.(DerivedType).getBaseType(), n - 1)
+  }
 }