C++: Flow through uncertain writes#11658
C++: Flow through uncertain writes#11658MathiasVP merged 4 commits intogithub:mathiasvp/replace-ast-with-ir-use-usedataflowfrom
Conversation
…ces specify that the remote source is both 'isReturnValue' and 'isReturnValueDeref'.
|
This seems like a weird use of SSA to me. I'd expect the |
But we don't model writes to char xs[2]; // xs_allocation = uninitialized
xs[0] = source(); // xs_allocation = source();
xs[1] = 0; // xs_allocation = 0;
sink(xs[0]); // sink(xs_allocation); |
| predicate ssaFlow(Node nodeFrom, Node nodeTo) { | ||
| exists(Node nFrom, boolean uncertain | | ||
| ssaFlowImpl(nFrom, nodeTo, uncertain) and | ||
| if uncertain = true then nodeFrom = [nFrom, getAPriorDefinition(nFrom)] else nodeFrom = nFrom |
There was a problem hiding this comment.
Just to check - this is the only place where we're making a decision based on whether the write is certain, and the rest of the changes are just pushing certainty information through?
There was a problem hiding this comment.
Or rather: We make the decision on whether a write is certain in isDefImpl. And we then consume this information in this predicate.
MathiasVP
merged commit 22b04af
into
github:mathiasvp/replace-ast-with-ir-use-usedataflow
3 participants
Previously, we weren't getting flow in the following example on the use-use feature branch:
because the assignment to
xs[1]was seen as overwriting the contents ofxs, and thus the assignmentxs[0] = source();was dead according to SSA.This PR fixes this by recognizing that some writes are "uncertain" (i.e., we don't know if they completely overwrite a piece of memory), and ensures that we have flow from uncertain definition's prior definition to the variable being defined.
I was actually planning on putting up this PR after #11626 had been merged, but seeing as there are some performance issues with that PR I might as well put this on up now (as this PR is largely unrelated to iterators).