Skip to content

Commit f68d347

Browse files
jketemajketema
committed
C++: Output necessary conversions in the sizeof VLA IR
1 parent f0f66c6 commit f68d347

File tree

4 files changed

+124
-58
lines changed

4 files changed

+124
-58
lines changed

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,9 @@ newtype TInstructionTag =
9999
CoAwaitBranchTag() or
100100
BoolToIntConversionTag() or
101101
SizeofVlaBaseSizeTag() or
102+
SizeofVlaConversionTag(int index) {
103+
exists(VlaDeclStmt v | exists(v.getTransitiveVlaDimensionStmt(index)))
104+
} or
102105
SizeofVlaDimensionTag(int index) {
103106
exists(VlaDeclStmt v | exists(v.getTransitiveVlaDimensionStmt(index)))
104107
}

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedExpr.qll

Lines changed: 36 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4131,19 +4131,42 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
41314131
tag = SizeofVlaBaseSizeTag() and
41324132
resultType = this.getResultType()
41334133
or
4134+
exists(int n, Type dimType |
4135+
pointerDerefCount <= n and
4136+
n < vlaDimensions and
4137+
dimType = vlaDeclStmt.getTransitiveVlaDimensionStmt(n).getDimensionExpr().getUnderlyingType()
4138+
|
4139+
(
4140+
expr.getUnderlyingType() = dimType and
4141+
opcode instanceof Opcode::CopyValue and
4142+
tag = SizeofVlaConversionTag(n)
4143+
or
4144+
not expr.getUnderlyingType() = dimType and
4145+
opcode instanceof Opcode::Convert and
4146+
tag = SizeofVlaConversionTag(n)
4147+
)
4148+
) and
4149+
resultType = this.getResultType()
4150+
or
41344151
opcode instanceof Opcode::Mul and
41354152
exists(int n | pointerDerefCount <= n and n < vlaDimensions | tag = SizeofVlaDimensionTag(n)) and
41364153
resultType = this.getResultType()
41374154
}
41384155

41394156
final override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
41404157
tag = SizeofVlaBaseSizeTag() and
4141-
result = this.getInstruction(SizeofVlaDimensionTag(pointerDerefCount)) and
4158+
result = this.getInstruction(SizeofVlaConversionTag(pointerDerefCount)) and
4159+
kind instanceof GotoEdge
4160+
or
4161+
exists(int n | pointerDerefCount <= n and n < vlaDimensions |
4162+
tag = SizeofVlaConversionTag(n) and
4163+
result = this.getInstruction(SizeofVlaDimensionTag(n))
4164+
) and
41424165
kind instanceof GotoEdge
41434166
or
41444167
exists(int n | pointerDerefCount <= n and n < vlaDimensions - 1 |
41454168
tag = SizeofVlaDimensionTag(n) and
4146-
result = this.getInstruction(SizeofVlaDimensionTag(n + 1))
4169+
result = this.getInstruction(SizeofVlaConversionTag(n + 1))
41474170
) and
41484171
kind instanceof GotoEdge
41494172
or
@@ -4176,6 +4199,16 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
41764199
}
41774200

41784201
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
4202+
exists(int n | pointerDerefCount <= n and n < vlaDimensions |
4203+
tag = SizeofVlaConversionTag(n) and
4204+
(
4205+
operandTag instanceof UnaryOperandTag and
4206+
result =
4207+
getTranslatedExpr(vlaDeclStmt.getTransitiveVlaDimensionStmt(n).getDimensionExpr())
4208+
.getResult()
4209+
)
4210+
)
4211+
or
41794212
exists(int n | pointerDerefCount <= n and n < vlaDimensions |
41804213
tag = SizeofVlaDimensionTag(n) and
41814214
(
@@ -4189,9 +4222,7 @@ class TranslatedSizeofExpr extends TranslatedNonConstantExpr {
41894222
)
41904223
or
41914224
operandTag instanceof RightOperandTag and
4192-
result =
4193-
getTranslatedExpr(vlaDeclStmt.getTransitiveVlaDimensionStmt(n).getDimensionExpr())
4194-
.getResult()
4225+
result = this.getInstruction(SizeofVlaConversionTag(n))
41954226
)
41964227
)
41974228
}

cpp/ql/test/library-tests/ir/ir/aliased_ir.expected

Lines changed: 43 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -20449,8 +20449,9 @@ ir.cpp:
2044920449
# 2780| v2780_5(void) = NoOp :
2045020450
# 2781| r2781_1(glval<unsigned long>) = VariableAddress[x] :
2045120451
# 2781| r2781_2(unsigned long) = Constant[1] :
20452-
# 2781| r2781_3(unsigned long) = Mul : r2781_2, r2780_4
20453-
# 2781| m2781_4(unsigned long) = Store[x] : &:r2781_1, r2781_3
20452+
# 2781| r2781_3(unsigned long) = Convert : r2780_4
20453+
# 2781| r2781_4(unsigned long) = Mul : r2781_2, r2781_3
20454+
# 2781| m2781_5(unsigned long) = Store[x] : &:r2781_1, r2781_4
2045420455
# 2782| r2782_1(glval<int[][]>) = VariableAddress[tmp2] :
2045520456
# 2782| m2782_2(int[][]) = Uninitialized[tmp2] : &:r2782_1
2045620457
# 2782| r2782_3(glval<int>) = VariableAddress[len1] :
@@ -20460,13 +20461,16 @@ ir.cpp:
2046020461
# 2782| v2782_7(void) = NoOp :
2046120462
# 2783| r2783_1(glval<unsigned long>) = VariableAddress[y] :
2046220463
# 2783| r2783_2(unsigned long) = Constant[4] :
20463-
# 2783| r2783_3(unsigned long) = Mul : r2783_2, r2782_4
20464-
# 2783| r2783_4(unsigned long) = Mul : r2783_3, r2782_6
20465-
# 2783| m2783_5(unsigned long) = Store[y] : &:r2783_1, r2783_4
20464+
# 2783| r2783_3(unsigned long) = Convert : r2782_4
20465+
# 2783| r2783_4(unsigned long) = Mul : r2783_2, r2783_3
20466+
# 2783| r2783_5(unsigned long) = CopyValue : r2782_6
20467+
# 2783| r2783_6(unsigned long) = Mul : r2783_4, r2783_5
20468+
# 2783| m2783_7(unsigned long) = Store[y] : &:r2783_1, r2783_6
2046620469
# 2784| r2784_1(glval<unsigned long>) = VariableAddress[z] :
2046720470
# 2784| r2784_2(unsigned long) = Constant[4] :
20468-
# 2784| r2784_3(unsigned long) = Mul : r2784_2, r2782_6
20469-
# 2784| m2784_4(unsigned long) = Store[z] : &:r2784_1, r2784_3
20471+
# 2784| r2784_3(unsigned long) = CopyValue : r2782_6
20472+
# 2784| r2784_4(unsigned long) = Mul : r2784_2, r2784_3
20473+
# 2784| m2784_5(unsigned long) = Store[z] : &:r2784_1, r2784_4
2047020474
# 2785| r2785_1(glval<int[][][]>) = VariableAddress[tmp3] :
2047120475
# 2785| m2785_2(int[][][]) = Uninitialized[tmp3] : &:r2785_1
2047220476
# 2785| r2785_3(glval<int>) = VariableAddress[len1] :
@@ -20478,19 +20482,25 @@ ir.cpp:
2047820482
# 2785| v2785_9(void) = NoOp :
2047920483
# 2786| r2786_1(glval<unsigned long>) = VariableAddress[w] :
2048020484
# 2786| r2786_2(unsigned long) = Constant[4] :
20481-
# 2786| r2786_3(unsigned long) = Mul : r2786_2, r2785_4
20482-
# 2786| r2786_4(unsigned long) = Mul : r2786_3, r2785_6
20483-
# 2786| r2786_5(unsigned long) = Mul : r2786_4, r2785_8
20484-
# 2786| m2786_6(unsigned long) = Store[w] : &:r2786_1, r2786_5
20485+
# 2786| r2786_3(unsigned long) = Convert : r2785_4
20486+
# 2786| r2786_4(unsigned long) = Mul : r2786_2, r2786_3
20487+
# 2786| r2786_5(unsigned long) = CopyValue : r2785_6
20488+
# 2786| r2786_6(unsigned long) = Mul : r2786_4, r2786_5
20489+
# 2786| r2786_7(unsigned long) = Convert : r2785_8
20490+
# 2786| r2786_8(unsigned long) = Mul : r2786_6, r2786_7
20491+
# 2786| m2786_9(unsigned long) = Store[w] : &:r2786_1, r2786_8
2048520492
# 2787| r2787_1(glval<unsigned long>) = VariableAddress[v] :
2048620493
# 2787| r2787_2(unsigned long) = Constant[4] :
20487-
# 2787| r2787_3(unsigned long) = Mul : r2787_2, r2785_6
20488-
# 2787| r2787_4(unsigned long) = Mul : r2787_3, r2785_8
20489-
# 2787| m2787_5(unsigned long) = Store[v] : &:r2787_1, r2787_4
20494+
# 2787| r2787_3(unsigned long) = CopyValue : r2785_6
20495+
# 2787| r2787_4(unsigned long) = Mul : r2787_2, r2787_3
20496+
# 2787| r2787_5(unsigned long) = Convert : r2785_8
20497+
# 2787| r2787_6(unsigned long) = Mul : r2787_4, r2787_5
20498+
# 2787| m2787_7(unsigned long) = Store[v] : &:r2787_1, r2787_6
2049020499
# 2788| r2788_1(glval<unsigned long>) = VariableAddress[u] :
2049120500
# 2788| r2788_2(unsigned long) = Constant[4] :
20492-
# 2788| r2788_3(unsigned long) = Mul : r2788_2, r2785_8
20493-
# 2788| m2788_4(unsigned long) = Store[u] : &:r2788_1, r2788_3
20501+
# 2788| r2788_3(unsigned long) = Convert : r2785_8
20502+
# 2788| r2788_4(unsigned long) = Mul : r2788_2, r2788_3
20503+
# 2788| m2788_5(unsigned long) = Store[u] : &:r2788_1, r2788_4
2049420504
# 2789| r2789_1(glval<unsigned long>) = VariableAddress[t] :
2049520505
# 2789| r2789_2(unsigned long) = Constant[4] :
2049620506
# 2789| m2789_3(unsigned long) = Store[t] : &:r2789_1, r2789_2
@@ -20520,8 +20530,9 @@ ir.cpp:
2052020530
# 2793| v2793_7(void) = NoOp :
2052120531
# 2794| r2794_1(glval<unsigned long>) = VariableAddress[z] :
2052220532
# 2794| r2794_2(unsigned long) = Constant[4] :
20523-
# 2794| r2794_3(unsigned long) = Mul : r2794_2, r2793_6
20524-
# 2794| m2794_4(unsigned long) = Store[z] : &:r2794_1, r2794_3
20533+
# 2794| r2794_3(unsigned long) = CopyValue : r2793_6
20534+
# 2794| r2794_4(unsigned long) = Mul : r2794_2, r2794_3
20535+
# 2794| m2794_5(unsigned long) = Store[z] : &:r2794_1, r2794_4
2052520536
# 2795| r2795_1(glval<int[][][]>) = VariableAddress[tmp2] :
2052620537
# 2795| m2795_2(int[][][]) = Uninitialized[tmp2] : &:r2795_1
2052720538
# 2795| r2795_3(glval<int>) = VariableAddress[len1] :
@@ -20533,13 +20544,16 @@ ir.cpp:
2053320544
# 2795| v2795_9(void) = NoOp :
2053420545
# 2796| r2796_1(glval<unsigned long>) = VariableAddress[v] :
2053520546
# 2796| r2796_2(unsigned long) = Constant[4] :
20536-
# 2796| r2796_3(unsigned long) = Mul : r2796_2, r2795_6
20537-
# 2796| r2796_4(unsigned long) = Mul : r2796_3, r2795_8
20538-
# 2796| m2796_5(unsigned long) = Store[v] : &:r2796_1, r2796_4
20547+
# 2796| r2796_3(unsigned long) = CopyValue : r2795_6
20548+
# 2796| r2796_4(unsigned long) = Mul : r2796_2, r2796_3
20549+
# 2796| r2796_5(unsigned long) = Convert : r2795_8
20550+
# 2796| r2796_6(unsigned long) = Mul : r2796_4, r2796_5
20551+
# 2796| m2796_7(unsigned long) = Store[v] : &:r2796_1, r2796_6
2053920552
# 2797| r2797_1(glval<unsigned long>) = VariableAddress[u] :
2054020553
# 2797| r2797_2(unsigned long) = Constant[4] :
20541-
# 2797| r2797_3(unsigned long) = Mul : r2797_2, r2795_8
20542-
# 2797| m2797_4(unsigned long) = Store[u] : &:r2797_1, r2797_3
20554+
# 2797| r2797_3(unsigned long) = Convert : r2795_8
20555+
# 2797| r2797_4(unsigned long) = Mul : r2797_2, r2797_3
20556+
# 2797| m2797_5(unsigned long) = Store[u] : &:r2797_1, r2797_4
2054320557
# 2798| r2798_1(glval<unsigned long>) = VariableAddress[t] :
2054420558
# 2798| r2798_2(unsigned long) = Constant[4] :
2054520559
# 2798| m2798_3(unsigned long) = Store[t] : &:r2798_1, r2798_2
@@ -20578,7 +20592,7 @@ ir.cpp:
2057820592
#-----| True -> Block 2
2057920593

2058020594
# 2801| Block 1
20581-
# 2801| m2801_13(unsigned long) = Phi : from 2:m2808_5, from 3:m2811_3
20595+
# 2801| m2801_13(unsigned long) = Phi : from 2:m2808_7, from 3:m2811_3
2058220596
# 2801| r2801_14(glval<unsigned long>) = VariableAddress[#return] :
2058320597
# 2801| v2801_15(void) = ReturnValue : &:r2801_14, m2801_13
2058420598
# 2801| v2801_16(void) = AliasedUse : m2801_3
@@ -20590,9 +20604,11 @@ ir.cpp:
2059020604
# 2807| v2807_3(void) = NoOp :
2059120605
# 2808| r2808_1(glval<unsigned long>) = VariableAddress[#return] :
2059220606
# 2808| r2808_2(unsigned long) = Constant[8] :
20593-
# 2808| r2808_3(unsigned long) = Mul : r2808_2, r2802_2
20594-
# 2808| r2808_4(unsigned long) = Mul : r2808_3, r2802_4
20595-
# 2808| m2808_5(unsigned long) = Store[#return] : &:r2808_1, r2808_4
20607+
# 2808| r2808_3(unsigned long) = Convert : r2802_2
20608+
# 2808| r2808_4(unsigned long) = Mul : r2808_2, r2808_3
20609+
# 2808| r2808_5(unsigned long) = CopyValue : r2802_4
20610+
# 2808| r2808_6(unsigned long) = Mul : r2808_4, r2808_5
20611+
# 2808| m2808_7(unsigned long) = Store[#return] : &:r2808_1, r2808_6
2059620612
#-----| Goto -> Block 1
2059720613

2059820614
# 2811| Block 3

0 commit comments

Comments
 (0)