Skip to content

C++: Autoformat IR SSA files #1928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 12, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,7 @@ private class DefaultTaintTrackingCfg extends DataFlow::Configuration {
}

private predicate accessesVariable(CopyInstruction copy, Variable var) {
exists(VariableAddressInstruction va |
va.getVariable().getAST() = var
|
exists(VariableAddressInstruction va | va.getVariable().getAST() = var |
copy.(StoreInstruction).getDestinationAddress() = va
or
copy.(LoadInstruction).getSourceAddress() = va
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,32 +9,31 @@ private import semmle.code.cpp.ir.implementation.internal.OperandTag

private class IntValue = Ints::IntValue;

private predicate hasResultMemoryAccess(Instruction instr, IRVariable var, Type type, IntValue startBitOffset,
IntValue endBitOffset) {
private predicate hasResultMemoryAccess(
Instruction instr, IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset
) {
resultPointsTo(instr.getResultAddress(), var, startBitOffset) and
type = instr.getResultType() and
if exists(instr.getResultSize()) then
endBitOffset = Ints::add(startBitOffset, Ints::mul(instr.getResultSize(), 8))
else
endBitOffset = Ints::unknown()
if exists(instr.getResultSize())
then endBitOffset = Ints::add(startBitOffset, Ints::mul(instr.getResultSize(), 8))
else endBitOffset = Ints::unknown()
}

private predicate hasOperandMemoryAccess(MemoryOperand operand, IRVariable var, Type type, IntValue startBitOffset,
IntValue endBitOffset) {
private predicate hasOperandMemoryAccess(
MemoryOperand operand, IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset
) {
resultPointsTo(operand.getAddressOperand().getAnyDef(), var, startBitOffset) and
type = operand.getType() and
if exists(operand.getSize()) then
endBitOffset = Ints::add(startBitOffset, Ints::mul(operand.getSize(), 8))
else
endBitOffset = Ints::unknown()
if exists(operand.getSize())
then endBitOffset = Ints::add(startBitOffset, Ints::mul(operand.getSize(), 8))
else endBitOffset = Ints::unknown()
}

private newtype TMemoryLocation =
TVariableMemoryLocation(IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset) {
hasResultMemoryAccess(_, var, type, startBitOffset, endBitOffset) or
hasOperandMemoryAccess(_, var, type, startBitOffset, endBitOffset)
}
or
} or
TUnknownMemoryLocation(IRFunction irFunc) or
TUnknownVirtualVariable(IRFunction irFunc)

Expand All @@ -47,16 +46,15 @@ private newtype TMemoryLocation =
*/
abstract class MemoryLocation extends TMemoryLocation {
abstract string toString();

abstract VirtualVariable getVirtualVariable();

abstract Type getType();

abstract string getUniqueId();
}

abstract class VirtualVariable extends MemoryLocation {
}
abstract class VirtualVariable extends MemoryLocation { }

/**
* An access to memory within a single known `IRVariable`. The variable may be either an unescaped variable
Expand All @@ -72,36 +70,28 @@ class VariableMemoryLocation extends TVariableMemoryLocation, MemoryLocation {
this = TVariableMemoryLocation(var, type, startBitOffset, endBitOffset)
}

override final string toString() {
result = var.toString() + Interval::getIntervalString(startBitOffset, endBitOffset) + "<" + type.toString() + ">"
final override string toString() {
result = var.toString() + Interval::getIntervalString(startBitOffset, endBitOffset) + "<" +
type.toString() + ">"
}

override final Type getType() {
result = type
}
final override Type getType() { result = type }

final IntValue getStartBitOffset() {
result = startBitOffset
}

final IntValue getEndBitOffset() {
result = endBitOffset
}

final IRVariable getVariable() {
result = var
}
final IntValue getStartBitOffset() { result = startBitOffset }

final IntValue getEndBitOffset() { result = endBitOffset }

override final string getUniqueId() {
final IRVariable getVariable() { result = var }

final override string getUniqueId() {
result = var.getUniqueId() + Interval::getIntervalString(startBitOffset, endBitOffset) + "<" +
getTypeIdentityString(type) + ">"
getTypeIdentityString(type) + ">"
}

override final VirtualVariable getVirtualVariable() {
if variableAddressEscapes(var) then
result = TUnknownVirtualVariable(var.getEnclosingIRFunction())
else
result = TVariableMemoryLocation(var, var.getType(), 0, var.getType().getSize() * 8)
final override VirtualVariable getVirtualVariable() {
if variableAddressEscapes(var)
then result = TUnknownVirtualVariable(var.getEnclosingIRFunction())
else result = TVariableMemoryLocation(var, var.getType(), 0, var.getType().getSize() * 8)
}

/**
Expand Down Expand Up @@ -132,25 +122,15 @@ class VariableVirtualVariable extends VariableMemoryLocation, VirtualVariable {
class UnknownMemoryLocation extends TUnknownMemoryLocation, MemoryLocation {
IRFunction irFunc;

UnknownMemoryLocation() {
this = TUnknownMemoryLocation(irFunc)
}

override final string toString() {
result = "{Unknown}"
}

override final VirtualVariable getVirtualVariable() {
result = TUnknownVirtualVariable(irFunc)
}
UnknownMemoryLocation() { this = TUnknownMemoryLocation(irFunc) }

override final Type getType() {
result instanceof UnknownType
}
final override string toString() { result = "{Unknown}" }

override final string getUniqueId() {
result = "{Unknown}"
}
final override VirtualVariable getVirtualVariable() { result = TUnknownVirtualVariable(irFunc) }

final override Type getType() { result instanceof UnknownType }

final override string getUniqueId() { result = "{Unknown}" }
}

/**
Expand All @@ -159,70 +139,60 @@ class UnknownMemoryLocation extends TUnknownMemoryLocation, MemoryLocation {
class UnknownVirtualVariable extends TUnknownVirtualVariable, VirtualVariable {
IRFunction irFunc;

UnknownVirtualVariable() {
this = TUnknownVirtualVariable(irFunc)
}

override final string toString() {
result = "{AllAliased}"
}
UnknownVirtualVariable() { this = TUnknownVirtualVariable(irFunc) }

override final Type getType() {
result instanceof UnknownType
}
final override string toString() { result = "{AllAliased}" }

override final string getUniqueId() {
result = " " + toString()
}
final override Type getType() { result instanceof UnknownType }

override final VirtualVariable getVirtualVariable() {
result = this
}
final override string getUniqueId() { result = " " + toString() }

final override VirtualVariable getVirtualVariable() { result = this }
}

Overlap getOverlap(MemoryLocation def, MemoryLocation use) {
// The def and the use must have the same virtual variable, or no overlap is possible.
(
// An UnknownVirtualVariable must totally overlap any location within the same virtual variable.
def.getVirtualVariable() = use.getVirtualVariable() and
def instanceof UnknownVirtualVariable and result instanceof MustTotallyOverlap
def instanceof UnknownVirtualVariable and
result instanceof MustTotallyOverlap
or
// An UnknownMemoryLocation may partially overlap any Location within the same virtual variable.
def.getVirtualVariable() = use.getVirtualVariable() and
def instanceof UnknownMemoryLocation and result instanceof MayPartiallyOverlap
def instanceof UnknownMemoryLocation and
result instanceof MayPartiallyOverlap
or
exists(VariableMemoryLocation defVariableLocation |
defVariableLocation = def and
(
(
// A VariableMemoryLocation may partially overlap an unknown location within the same virtual variable.
def.getVirtualVariable() = use.getVirtualVariable() and
((use instanceof UnknownMemoryLocation) or (use instanceof UnknownVirtualVariable)) and
result instanceof MayPartiallyOverlap
) or
// A VariableMemoryLocation may partially overlap an unknown location within the same virtual variable.
def.getVirtualVariable() = use.getVirtualVariable() and
(use instanceof UnknownMemoryLocation or use instanceof UnknownVirtualVariable) and
result instanceof MayPartiallyOverlap
or
// A VariableMemoryLocation overlaps another location within the same variable based on the relationship
// of the two offset intervals.
exists(Overlap intervalOverlap |
intervalOverlap = getVariableMemoryLocationOverlap(def, use) and
if intervalOverlap instanceof MustExactlyOverlap then (
if def.getType() = use.getType() then (
if intervalOverlap instanceof MustExactlyOverlap
then
if def.getType() = use.getType()
then
// The def and use types match, so it's an exact overlap.
result instanceof MustExactlyOverlap
)
else (
else
// The def and use types are not the same, so it's just a total overlap.
result instanceof MustTotallyOverlap
)
)
else if defVariableLocation.coversEntireVariable() then (
// The definition covers the entire variable, so assume that it totally overlaps the use, even if the
// interval for the use is unknown or outside the bounds of the variable.
result instanceof MustTotallyOverlap
)
else (
// Just use the overlap relation of the interval.
result = intervalOverlap
)
else
if defVariableLocation.coversEntireVariable()
then
// The definition covers the entire variable, so assume that it totally overlaps the use, even if the
// interval for the use is unknown or outside the bounds of the variable.
result instanceof MustTotallyOverlap
else
// Just use the overlap relation of the interval.
result = intervalOverlap
)
)
)
Expand All @@ -245,10 +215,9 @@ Overlap getOverlap(MemoryLocation def, MemoryLocation use) {
* 5. In `getVariableMemoryLocationOverlap`, compute the precise overlap relation for each
* overlapping pair of VMLs (linear in the size of the overlap set)
*/

private predicate isRelevantOffset(VirtualVariable vv, IntValue offset) {
exists(VariableMemoryLocation ml |
ml.getVirtualVariable() = vv
|
exists(VariableMemoryLocation ml | ml.getVirtualVariable() = vv |
ml.getStartBitOffset() = offset
or
ml.getEndBitOffset() = offset
Expand Down Expand Up @@ -278,50 +247,55 @@ private predicate hasUnknownOffset(VariableMemoryLocation vml, VirtualVariable v
)
}

private predicate overlappingVariableMemoryLocations(VariableMemoryLocation def, VariableMemoryLocation use) {
exists(VirtualVariable vv, int offsetRank | isCoveredOffset(def, vv, offsetRank) and isCoveredOffset(use, vv, offsetRank))
or
hasUnknownOffset(def, use.getVirtualVariable())
or
hasUnknownOffset(use, def.getVirtualVariable())
private predicate overlappingVariableMemoryLocations(
VariableMemoryLocation def, VariableMemoryLocation use
) {
exists(VirtualVariable vv, int offsetRank |
isCoveredOffset(def, vv, offsetRank) and isCoveredOffset(use, vv, offsetRank)
)
or
hasUnknownOffset(def, use.getVirtualVariable())
or
hasUnknownOffset(use, def.getVirtualVariable())
}

pragma[noopt] // Internal ticket: QL-937
private predicate overlappingIRVariableMemoryLocations(VariableMemoryLocation def, VariableMemoryLocation use) {
// Internal ticket: QL-937
pragma[noopt]
private predicate overlappingIRVariableMemoryLocations(
VariableMemoryLocation def, VariableMemoryLocation use
) {
overlappingVariableMemoryLocations(def, use) and
def.getVariable() = use.getVariable()
}

private Overlap getVariableMemoryLocationOverlap(VariableMemoryLocation def, VariableMemoryLocation use) {
private Overlap getVariableMemoryLocationOverlap(
VariableMemoryLocation def, VariableMemoryLocation use
) {
overlappingIRVariableMemoryLocations(def, use) and
result = Interval::getOverlap(def.getStartBitOffset(), def.getEndBitOffset(), use.getStartBitOffset(), use.getEndBitOffset())
result = Interval::getOverlap(def.getStartBitOffset(), def.getEndBitOffset(),
use.getStartBitOffset(), use.getEndBitOffset())
}


MemoryLocation getResultMemoryLocation(Instruction instr) {
exists(MemoryAccessKind kind |
kind = instr.getResultMemoryAccess() and
(
(
kind.usesAddressOperand() and
if hasResultMemoryAccess(instr, _, _, _, _) then (
if hasResultMemoryAccess(instr, _, _, _, _)
then
exists(IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset |
hasResultMemoryAccess(instr, var, type, startBitOffset, endBitOffset) and
result = TVariableMemoryLocation(var, type, startBitOffset, endBitOffset)
)
)
else (
result = TUnknownMemoryLocation(instr.getEnclosingIRFunction())
)
) or
(
kind instanceof EscapedMemoryAccess and
result = TUnknownVirtualVariable(instr.getEnclosingIRFunction())
) or
(
kind instanceof EscapedMayMemoryAccess and
result = TUnknownMemoryLocation(instr.getEnclosingIRFunction())
else result = TUnknownMemoryLocation(instr.getEnclosingIRFunction())
)
or
kind instanceof EscapedMemoryAccess and
result = TUnknownVirtualVariable(instr.getEnclosingIRFunction())
or
kind instanceof EscapedMayMemoryAccess and
result = TUnknownMemoryLocation(instr.getEnclosingIRFunction())
)
)
}
Expand All @@ -332,24 +306,20 @@ MemoryLocation getOperandMemoryLocation(MemoryOperand operand) {
(
(
kind.usesAddressOperand() and
if hasOperandMemoryAccess(operand, _, _, _, _) then (
if hasOperandMemoryAccess(operand, _, _, _, _)
then
exists(IRVariable var, Type type, IntValue startBitOffset, IntValue endBitOffset |
hasOperandMemoryAccess(operand, var, type, startBitOffset, endBitOffset) and
result = TVariableMemoryLocation(var, type, startBitOffset, endBitOffset)
)
)
else (
result = TUnknownMemoryLocation(operand.getEnclosingIRFunction())
)
) or
(
kind instanceof EscapedMemoryAccess and
result = TUnknownVirtualVariable(operand.getEnclosingIRFunction())
) or
(
kind instanceof EscapedMayMemoryAccess and
result = TUnknownMemoryLocation(operand.getEnclosingIRFunction())
else result = TUnknownMemoryLocation(operand.getEnclosingIRFunction())
)
or
kind instanceof EscapedMemoryAccess and
result = TUnknownVirtualVariable(operand.getEnclosingIRFunction())
or
kind instanceof EscapedMayMemoryAccess and
result = TUnknownMemoryLocation(operand.getEnclosingIRFunction())
)
)
}
Loading