C++: Change a few indirectionIndex ranges from '[0 .. n - 1]' to '[1 .. n]'. This simplifies some arithmetic in a few predicates.

Author: MathiasVP

cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

@@ -137,7 +137,7 @@ private newtype TReturnKind =
     exists(IndirectReturnNode return, ReturnIndirectionInstruction returnInd |
       returnInd.hasIndex(argumentIndex) and
       return.getAddressOperand() = returnInd.getSourceAddressOperand() and
-      indirectionIndex = return.getIndirectionIndex() - 1 // We subtract one because the return loads the value.
+      indirectionIndex = return.getIndirectionIndex()
     )
   }
 
@@ -197,7 +197,7 @@ class ReturnIndirectionNode extends IndirectReturnNode, ReturnNode {
     exists(int argumentIndex, ReturnIndirectionInstruction returnInd |
       returnInd.hasIndex(argumentIndex) and
       this.getAddressOperand() = returnInd.getSourceAddressOperand() and
-      result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex() - 1) and
+      result = TIndirectReturnKind(argumentIndex, this.getIndirectionIndex()) and
       hasNonInitializeParameterDef(returnInd.getIRVariable())
     )
     or
@@ -365,7 +365,7 @@ predicate jumpStep(Node n1, Node n2) {
 predicate storeStep(Node node1, Content c, PostFieldUpdateNode node2) {
   exists(int indirectionIndex1, int numberOfLoads, StoreInstruction store |
     nodeHasInstruction(node1, store, pragma[only_bind_into](indirectionIndex1)) and
-    node2.getIndirectionIndex() = 0 and
+    node2.getIndirectionIndex() = 1 and
     numberOfLoadsFromOperand(node2.getFieldAddress(), store.getDestinationAddressOperand(),
       numberOfLoads)
   |

cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

@@ -38,13 +38,12 @@ private module Cached {
     TVariableNode(Variable var) or
     TPostFieldUpdateNode(FieldAddress operand, int indirectionIndex) {
       indirectionIndex =
-        [0 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType()) -
-            1]
+        [1 .. Ssa::countIndirectionsForCppType(operand.getObjectAddress().getResultLanguageType())]
     } or
     TSsaPhiNode(Ssa::PhiNode phi) or
     TIndirectArgumentOutNode(ArgumentOperand operand, int indirectionIndex) {
       Ssa::isModifiableByCall(operand) and
-      indirectionIndex = [0 .. Ssa::countIndirectionsForCppType(operand.getLanguageType()) - 1]
+      indirectionIndex = [1 .. Ssa::countIndirectionsForCppType(operand.getLanguageType())]
     } or
     TIndirectOperand(Operand op, int indirectionIndex) {
       Ssa::hasIndirectOperand(op, indirectionIndex)
@@ -370,19 +369,15 @@ class PostFieldUpdateNode extends TPostFieldUpdateNode, PartialDefinitionNode {
 
   override Declaration getEnclosingCallable() { result = this.getFunction() }
 
-  override IRType getType() { result = fieldAddress.getIRType() }
-
   FieldAddress getFieldAddress() { result = fieldAddress }
 
   Field getUpdatedField() { result = fieldAddress.getField() }
 
   int getIndirectionIndex() { result = indirectionIndex }
 
   override Node getPreUpdateNode() {
-    // + 1 because we're storing into an lvalue, and the original node should be the rvalue of
-    // the same address.
     hasOperandAndIndex(result, pragma[only_bind_into](fieldAddress).getObjectAddressOperand(),
-      indirectionIndex + 1)
+      indirectionIndex)
   }
 
   override Expr getDefinedExpr() {
@@ -536,9 +531,7 @@ class IndirectArgumentOutNode extends Node, TIndirectArgumentOutNode, PostUpdate
 
   override Function getFunction() { result = this.getCallInstruction().getEnclosingFunction() }
 
-  override IRType getType() { result instanceof IRVoidType }
-
-  override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex + 1) }
+  override Node getPreUpdateNode() { hasOperandAndIndex(result, operand, indirectionIndex) }
 
   override string toStringImpl() {
     // This string should be unique enough to be helpful but common enough to
@@ -1075,7 +1068,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
       store.getDestinationAddressOperand() = address
     )
     or
-    Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex - 1)
+    Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex)
   )
 }
 

cpp/ql/lib/experimental/semmle/code/cpp/ir/dataflow/internal/ModelUtil.qll

@@ -41,7 +41,7 @@ Node callOutput(CallInstruction call, FunctionOutput output) {
   // The side effect of a call on the value pointed to by an argument or qualifier
   exists(int index, int indirectionIndex |
     result.(IndirectArgumentOutNode).getArgumentIndex() = index and
-    result.(IndirectArgumentOutNode).getIndirectionIndex() + 1 = indirectionIndex and
+    result.(IndirectArgumentOutNode).getIndirectionIndex() = indirectionIndex and
     result.(IndirectArgumentOutNode).getCallInstruction() = call and
     output.isParameterDerefOrQualifierObject(index, indirectionIndex)
   )