C++: Use max to handle mixed 32/64-bit extraction

dave-bartolomeo · dave-bartolomeo · commit 958754bed8d7 · 2019-10-21T11:56:12.000-07:00
diff --git a/cpp/ql/src/semmle/code/cpp/ir/internal/CppType.qll b/cpp/ql/src/semmle/code/cpp/ir/internal/CppType.qll
@@ -3,6 +3,10 @@ private import semmle.code.cpp.Print
 private import semmle.code.cpp.ir.implementation.IRType
 private import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction
 
+private int getPointerSize() {
+  result = max(any(NullPointerType t).getSize())
+}
+
 /**
  * Works around an extractor bug where a function reference gets a size of one byte.
  */
@@ -11,22 +15,22 @@ private int getTypeSizeWorkaround(Type type) {
     unspecifiedType = type.getUnspecifiedType() and
     (
       unspecifiedType instanceof FunctionReferenceType and
-      result = any(NullPointerType t).getSize()
+      result = getPointerSize()
       or
       exists(PointerToMemberType ptmType |
         ptmType = unspecifiedType and
         (
           if ptmType.getBaseType().getUnspecifiedType() instanceof RoutineType
-          then result = any(NullPointerType t).getSize() * 2
-          else result = any(NullPointerType t).getSize()
+          then result = getPointerSize() * 2
+          else result = getPointerSize()
         )
       )
       or
       exists(ArrayType arrayType |
         // Treat `T[]` as `T*`.
         arrayType = unspecifiedType and
         not arrayType.hasArraySize() and
-        result = any(NullPointerType t).getSize()
+        result = getPointerSize()
       )
     )
   )
@@ -35,7 +39,7 @@ private int getTypeSizeWorkaround(Type type) {
 private int getTypeSize(Type type) {
   if exists(getTypeSizeWorkaround(type))
   then result = getTypeSizeWorkaround(type)
-  else result = type.getSize()
+  else result = max(type.getSize())
 }
 
 /**
@@ -116,7 +120,7 @@ predicate hasAddressType(int byteSize) {
  * Holds if an `IRFunctionAddressType` with the specified `byteSize` should exist.
  */
 predicate hasFunctionAddressType(int byteSize) {
-  byteSize = any(NullPointerType type).getSize() or // Covers function lvalues
+  byteSize = getPointerSize() or // Covers function lvalues
   byteSize = getTypeSize(any(FunctionPointerIshType type))
 }
 
@@ -285,7 +289,7 @@ private class CppGLValueAddressType extends CppWrappedType, TGLValueAddressType
   }
 
   override final IRAddressType getIRType() {
-    result.getByteSize() = any(NullPointerType t).getSize()
+    result.getByteSize() = getPointerSize()
   }
 
   override final predicate hasType(Type type, boolean isGLValue) {
@@ -303,7 +307,7 @@ private class CppFunctionGLValueType extends CppType, TFunctionGLValueType {
   }
 
   override final IRFunctionAddressType getIRType() {
-    result.getByteSize() = any(NullPointerType type).getSize()
+    result.getByteSize() = getPointerSize()
   }
 
   override final predicate hasType(Type type, boolean isGLValue) {

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,10 @@ private import semmle.code.cpp.Print`
`3`	`3`	`private import semmle.code.cpp.ir.implementation.IRType`
`4`	`4`	`private import semmle.code.cpp.ir.implementation.raw.internal.IRConstruction as IRConstruction`
`5`	`5`
	`6`	`+private int getPointerSize() {`
	`7`	`+ result = max(any(NullPointerType t).getSize())`
	`8`	`+}`
	`9`	`+`
`6`	`10`	`/**`
`7`	`11`	`* Works around an extractor bug where a function reference gets a size of one byte.`
`8`	`12`	`*/`
`@@ -11,22 +15,22 @@ private int getTypeSizeWorkaround(Type type) {`
`11`	`15`	`unspecifiedType = type.getUnspecifiedType() and`
`12`	`16`	`(`
`13`	`17`	`unspecifiedType instanceof FunctionReferenceType and`
`14`		`- result = any(NullPointerType t).getSize()`
	`18`	`+ result = getPointerSize()`
`15`	`19`	`or`
`16`	`20`	`exists(PointerToMemberType ptmType \|`
`17`	`21`	`ptmType = unspecifiedType and`
`18`	`22`	`(`
`19`	`23`	`if ptmType.getBaseType().getUnspecifiedType() instanceof RoutineType`
`20`		`- then result = any(NullPointerType t).getSize() * 2`
`21`		`- else result = any(NullPointerType t).getSize()`
	`24`	`+ then result = getPointerSize() * 2`
	`25`	`+ else result = getPointerSize()`
`22`	`26`	`)`
`23`	`27`	`)`
`24`	`28`	`or`
`25`	`29`	`exists(ArrayType arrayType \|`
`26`	`30`	// Treat `T[]` as `T*`.
`27`	`31`	`arrayType = unspecifiedType and`
`28`	`32`	`not arrayType.hasArraySize() and`
`29`		`- result = any(NullPointerType t).getSize()`
	`33`	`+ result = getPointerSize()`
`30`	`34`	`)`
`31`	`35`	`)`
`32`	`36`	`)`
`@@ -35,7 +39,7 @@ private int getTypeSizeWorkaround(Type type) {`
`35`	`39`	`private int getTypeSize(Type type) {`
`36`	`40`	`if exists(getTypeSizeWorkaround(type))`
`37`	`41`	`then result = getTypeSizeWorkaround(type)`
`38`		`- else result = type.getSize()`
	`42`	`+ else result = max(type.getSize())`
`39`	`43`	`}`
`40`	`44`
`41`	`45`	`/**`
`@@ -116,7 +120,7 @@ predicate hasAddressType(int byteSize) {`
`116`	`120`	* Holds if an `IRFunctionAddressType` with the specified `byteSize` should exist.
`117`	`121`	`*/`
`118`	`122`	`predicate hasFunctionAddressType(int byteSize) {`
`119`		`- byteSize = any(NullPointerType type).getSize() or // Covers function lvalues`
	`123`	`+ byteSize = getPointerSize() or // Covers function lvalues`
`120`	`124`	`byteSize = getTypeSize(any(FunctionPointerIshType type))`
`121`	`125`	`}`
`122`	`126`
`@@ -285,7 +289,7 @@ private class CppGLValueAddressType extends CppWrappedType, TGLValueAddressType`
`285`	`289`	`}`
`286`	`290`
`287`	`291`	`override final IRAddressType getIRType() {`
`288`		`- result.getByteSize() = any(NullPointerType t).getSize()`
	`292`	`+ result.getByteSize() = getPointerSize()`
`289`	`293`	`}`
`290`	`294`
`291`	`295`	`override final predicate hasType(Type type, boolean isGLValue) {`
`@@ -303,7 +307,7 @@ private class CppFunctionGLValueType extends CppType, TFunctionGLValueType {`
`303`	`307`	`}`
`304`	`308`
`305`	`309`	`override final IRFunctionAddressType getIRType() {`
`306`		`- result.getByteSize() = any(NullPointerType type).getSize()`
	`310`	`+ result.getByteSize() = getPointerSize()`
`307`	`311`	`}`
`308`	`312`
`309`	`313`	`override final predicate hasType(Type type, boolean isGLValue) {`