|
1 | | -import cpp |
2 | | -private import semmle.code.cpp.ir.IR |
3 | | -private import semmle.code.cpp.ir.ValueNumbering |
4 | | - |
5 | | -private newtype TBound = |
6 | | - TBoundZero() or |
7 | | - TBoundValueNumber(ValueNumber vn) { |
8 | | - exists(Instruction i | |
9 | | - vn.getAnInstruction() = i and |
10 | | - ( |
11 | | - i.getResultIRType() instanceof IRIntegerType or |
12 | | - i.getResultIRType() instanceof IRAddressType |
13 | | - ) and |
14 | | - not vn.getAnInstruction() instanceof ConstantInstruction |
15 | | - | |
16 | | - i instanceof PhiInstruction |
17 | | - or |
18 | | - i instanceof InitializeParameterInstruction |
19 | | - or |
20 | | - i instanceof CallInstruction |
21 | | - or |
22 | | - i instanceof VariableAddressInstruction |
23 | | - or |
24 | | - i instanceof FieldAddressInstruction |
25 | | - or |
26 | | - i.(LoadInstruction).getSourceAddress() instanceof VariableAddressInstruction |
27 | | - or |
28 | | - i.(LoadInstruction).getSourceAddress() instanceof FieldAddressInstruction |
29 | | - or |
30 | | - i.getAUse() instanceof ArgumentOperand |
31 | | - or |
32 | | - i instanceof PointerArithmeticInstruction |
33 | | - or |
34 | | - i.getAUse() instanceof AddressOperand |
35 | | - ) |
36 | | - } |
37 | | - |
38 | | -/** |
39 | | - * A bound that may be inferred for an expression plus/minus an integer delta. |
40 | | - */ |
41 | | -abstract class Bound extends TBound { |
42 | | - abstract string toString(); |
43 | | - |
44 | | - /** Gets an expression that equals this bound plus `delta`. */ |
45 | | - abstract Instruction getInstruction(int delta); |
46 | | - |
47 | | - /** Gets an expression that equals this bound. */ |
48 | | - Instruction getInstruction() { result = getInstruction(0) } |
49 | | - |
50 | | - abstract Location getLocation(); |
51 | | -} |
52 | | - |
53 | | -/** |
54 | | - * The bound that corresponds to the integer 0. This is used to represent all |
55 | | - * integer bounds as bounds are always accompanied by an added integer delta. |
56 | | - */ |
57 | | -class ZeroBound extends Bound, TBoundZero { |
58 | | - override string toString() { result = "0" } |
59 | | - |
60 | | - override Instruction getInstruction(int delta) { |
61 | | - result.(ConstantValueInstruction).getValue().toInt() = delta |
62 | | - } |
63 | | - |
64 | | - override Location getLocation() { result instanceof UnknownDefaultLocation } |
65 | | -} |
66 | | - |
67 | | -/** |
68 | | - * A bound corresponding to the value of an `Instruction`. |
69 | | - */ |
70 | | -class ValueNumberBound extends Bound, TBoundValueNumber { |
71 | | - ValueNumber vn; |
72 | | - |
73 | | - ValueNumberBound() { this = TBoundValueNumber(vn) } |
74 | | - |
75 | | - /** Gets an `Instruction` that equals this bound. */ |
76 | | - override Instruction getInstruction(int delta) { |
77 | | - this = TBoundValueNumber(valueNumber(result)) and delta = 0 |
78 | | - } |
79 | | - |
80 | | - override string toString() { result = "ValueNumberBound" } |
81 | | - |
82 | | - override Location getLocation() { result = vn.getLocation() } |
83 | | - |
84 | | - /** Gets the value number that equals this bound. */ |
85 | | - ValueNumber getValueNumber() { result = vn } |
86 | | -} |
| 1 | +import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.Bound |
0 commit comments