Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Treat operands of Phi instructions as escaped #16465

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Treat operands of Phi instructions as escaped #16465

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
907c34b
Treat operands of `Phi` instructions as escaped
dbartol May 9, 2024
fc129e9
Merge remote-tracking branch 'origin/main' into dbartol/phi-escape
dbartol Jun 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,8 @@ private predicate operandEscapesDomain(Operand operand) {
not isArgumentForParameter(_, operand, _) and
not isOnlyEscapesViaReturnArgument(operand) and
not operand.getUse() instanceof ReturnValueInstruction and
not operand.getUse() instanceof ReturnIndirectionInstruction and
not operand instanceof PhiInputOperand
not operand.getUse() instanceof ReturnIndirectionInstruction// and
// not operand instanceof PhiInputOperand
}

/**
Expand Down Expand Up @@ -211,9 +211,9 @@ private predicate operandEscapesNonReturn(Operand operand) {
)
or
isOnlyEscapesViaReturnArgument(operand) and resultEscapesNonReturn(operand.getUse())
or
operand instanceof PhiInputOperand and
resultEscapesNonReturn(operand.getUse())
// or
// operand instanceof PhiInputOperand and
// resultEscapesNonReturn(operand.getUse())
Comment on lines +214 to +216
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about the similar case in operandMayReachReturn?

or
operandEscapesDomain(operand)
}
Expand Down Expand Up @@ -454,6 +454,9 @@ module Print {
|
value, ", "
)
or
key = "escapes" and
result = strictconcat(string value | operandEscapesNonReturn(operand) and value = "nonreturn" | value, ", ")
}

string getInstructionProperty(Instruction instr, string key) {
Expand Down
23 changes: 20 additions & 3 deletions cpp/ql/test/library-tests/ir/escape/escape.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -193,10 +193,11 @@ void Escape()
int passByRef3;
CallByReferenceParamEscape(ReturnReference(passByRef3));

int no_ssa_passByPtr4;
int no_ssa_passByPtr5;
int ssa_passByPtr4;
int ssa_passByPtr5;
bool no_b2 = false;
MaybeReturn(&no_ssa_passByPtr4, &no_ssa_passByPtr5, no_b2);
// Treated as escaped because we don't know _which_ address will be returned.
MaybeReturn(&ssa_passByPtr4, &ssa_passByPtr5, no_b2);

int passByRef6;
EscapeAndReturn(passByRef6);
Expand Down Expand Up @@ -251,3 +252,19 @@ void Escape()
CallByPointer(no_condTemp);
}

bool getBool();

void use(int);

void test_while() {
int r;
int *no_rP = &r;

while(getBool()) {
int s = 0;
*no_rP = s;
no_rP = &s;
}

use(r);
}
Loading