From 6fc5ff53d7c8869da070ea95f1608ee27f8e696c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 Oct 2018 12:34:22 +0100 Subject: [PATCH 1/2] CPP: Speed up getBufferSize. --- cpp/ql/src/semmle/code/cpp/commons/Buffer.qll | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll b/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll index a3de2f3eb597..d6cc80dc4112 100644 --- a/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll +++ b/cpp/ql/src/semmle/code/cpp/commons/Buffer.qll @@ -81,19 +81,21 @@ int getBufferSize(Expr bufferExpr, Element why) { // buffer is a fixed size dynamic allocation isFixedSizeAllocationExpr(bufferExpr, result) and why = bufferExpr - ) or ( + ) or exists(DataFlow::ExprNode bufferExprNode | // dataflow (all sources must be the same size) + bufferExprNode = DataFlow::exprNode(bufferExpr) and + result = min(Expr def | - DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) | + DataFlow::localFlowStep(DataFlow::exprNode(def), bufferExprNode) | getBufferSize(def, _) ) and result = max(Expr def | - DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) | + DataFlow::localFlowStep(DataFlow::exprNode(def), bufferExprNode) | getBufferSize(def, _) ) and // find reason exists(Expr def | - DataFlow::localFlowStep(DataFlow::exprNode(def), DataFlow::exprNode(bufferExpr)) | + DataFlow::localFlowStep(DataFlow::exprNode(def), bufferExprNode) | why = def or exists(getBufferSize(def, why)) ) From a9b55534b4d8ca21aa2a0160f85d5858d11da842 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 12 Oct 2018 13:19:46 +0100 Subject: [PATCH 2/2] CPP: Speed up phi_node > frontier_phi_node > ssa_defn recursion. --- cpp/ql/src/semmle/code/cpp/controlflow/SSAUtils.qll | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/semmle/code/cpp/controlflow/SSAUtils.qll b/cpp/ql/src/semmle/code/cpp/controlflow/SSAUtils.qll index 62ec85562476..f3777286deb9 100644 --- a/cpp/ql/src/semmle/code/cpp/controlflow/SSAUtils.qll +++ b/cpp/ql/src/semmle/code/cpp/controlflow/SSAUtils.qll @@ -124,11 +124,17 @@ cached library class SSAHelper extends int { * Modern Compiler Implementation by Andrew Appel. */ private predicate frontier_phi_node(LocalScopeVariable v, BasicBlock b) { - exists(BasicBlock x | dominanceFrontier(x, b) and ssa_defn(v, _, x, _)) + exists(BasicBlock x | dominanceFrontier(x, b) and ssa_defn_rec(v, x)) /* We can also eliminate those nodes where the variable is not live on any incoming edge */ and live_at_start_of_bb(v, b) } + private predicate ssa_defn_rec(LocalScopeVariable v, BasicBlock b) { + phi_node(v, b) + or + variableUpdate(v, _, b, _) + } + /** * Holds if `v` is defined, for the purpose of SSA, at `node`, which is at * position `index` in block `b`. This includes definitions from phi nodes.