C++: Fix IR variable reuse for global var inits

Author: rdmarsh2

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll

@@ -18,7 +18,7 @@ private import Imports::IRType
  * by the AST-to-IR translation (`IRTempVariable`).
  */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;
 
   IRVariable() {
     this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
   /**
    * Gets the function that references this variable.
    */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }
 
 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {
 
   final override string toString() { result = "#ellipsis" }
 
-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll

@@ -2,21 +2,21 @@ private import TIRVariableInternal
 private import Imports::TempVariableTag
 
 newtype TIRVariable =
-  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Function func) {
+  TIRUserVariable(Language::Variable var, Language::LanguageType type, Language::Declaration func) {
     Construction::hasUserVariable(func, var, type)
   } or
   TIRTempVariable(
-    Language::Function func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
+    Language::Declaration func, Language::AST ast, TempVariableTag tag, Language::LanguageType type
   ) {
     Construction::hasTempVariable(func, ast, tag, type)
   } or
   TIRDynamicInitializationFlag(
-    Language::Function func, Language::Variable var, Language::LanguageType type
+    Language::Declaration func, Language::Variable var, Language::LanguageType type
   ) {
     Construction::hasDynamicInitializationFlag(func, var, type)
   } or
   TIRStringLiteral(
-    Language::Function func, Language::AST ast, Language::LanguageType type,
+    Language::Declaration func, Language::AST ast, Language::LanguageType type,
     Language::StringLiteral literal
   ) {
     Construction::hasStringLiteral(func, ast, type, literal)

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll

@@ -18,7 +18,7 @@ private import Imports::IRType
  * by the AST-to-IR translation (`IRTempVariable`).
  */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;
 
   IRVariable() {
     this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
   /**
    * Gets the function that references this variable.
    */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }
 
 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {
 
   final override string toString() { result = "#ellipsis" }
 
-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedGlobalVar.qll

@@ -89,7 +89,8 @@ class TranslatedGlobalOrNamespaceVarInit extends TranslatedRootElement,
 
   override IRUserVariable getInstructionVariable(InstructionTag tag) {
     tag = InitializerVariableAddressTag() and
-    result.getVariable() = var
+    result.getVariable() = var and
+    result.getEnclosingFunction() = var
   }
 
   override Instruction getTargetAddress() {

cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll

@@ -18,7 +18,7 @@ private import Imports::IRType
  * by the AST-to-IR translation (`IRTempVariable`).
  */
 class IRVariable extends TIRVariable {
-  Language::Function func;
+  Language::Declaration func;
 
   IRVariable() {
     this = TIRUserVariable(_, _, func) or
@@ -79,7 +79,7 @@ class IRVariable extends TIRVariable {
   /**
    * Gets the function that references this variable.
    */
-  final Language::Function getEnclosingFunction() { result = func }
+  final Language::Declaration getEnclosingFunction() { result = func }
 }
 
 /**
@@ -246,7 +246,7 @@ class IREllipsisVariable extends IRTempVariable, IRParameter {
 
   final override string toString() { result = "#ellipsis" }
 
-  final override int getIndex() { result = func.getNumberOfParameters() }
+  final override int getIndex() { result = func.(Language::Function).getNumberOfParameters() }
 }
 
 /**

cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-ir-consistency.expected

@@ -1,16 +1,20 @@
 uniqueEnclosingCallable
 | globals.cpp:9:5:9:19 | Address | Node should have one enclosing callable but has 0. |
+| globals.cpp:9:5:9:19 | AliasedDefinition | Node should have one enclosing callable but has 0. |
 | globals.cpp:9:5:9:19 | VariableAddress | Node should have one enclosing callable but has 0. |
 | globals.cpp:9:5:9:19 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
 | globals.cpp:9:23:9:23 | 0 | Node should have one enclosing callable but has 0. |
 | globals.cpp:9:23:9:23 | ChiPartial | Node should have one enclosing callable but has 0. |
+| globals.cpp:9:23:9:23 | ChiTotal | Node should have one enclosing callable but has 0. |
 | globals.cpp:9:23:9:23 | Store | Node should have one enclosing callable but has 0. |
 | globals.cpp:9:23:9:23 | StoreValue | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:12:16:26 | Address | Node should have one enclosing callable but has 0. |
+| globals.cpp:16:12:16:26 | AliasedDefinition | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:12:16:26 | VariableAddress | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:12:16:26 | VariableAddress [post update] | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:30:16:30 | 0 | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:30:16:30 | ChiPartial | Node should have one enclosing callable but has 0. |
+| globals.cpp:16:30:16:30 | ChiTotal | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:30:16:30 | Store | Node should have one enclosing callable but has 0. |
 | globals.cpp:16:30:16:30 | StoreValue | Node should have one enclosing callable but has 0. |
 uniqueType
@@ -234,10 +238,10 @@ postWithInFlow
 | lambdas.cpp:20:11:20:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:20:11:20:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:20:11:20:11 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. |
+| lambdas.cpp:23:3:23:3 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:23:3:23:14 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:23:3:23:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:23:3:23:14 | v [post update] | PostUpdateNode should not be the target of local flow. |
-| lambdas.cpp:23:15:23:15 | (reference dereference) [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:28:7:28:7 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:28:10:31:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. |
 | lambdas.cpp:28:10:31:2 | FieldAddress [post update] | PostUpdateNode should not be the target of local flow. |

cpp/ql/test/library-tests/ir/ir/operand_locations.expected

@@ -4744,15 +4744,13 @@
 | ir.cpp:1034:6:1034:20 | SideEffect | m1034_3 |
 | ir.cpp:1035:15:1035:15 | Address | &:r1035_1 |
 | ir.cpp:1038:6:1038:8 | Address | &:r1038_3 |
-| ir.cpp:1038:6:1038:8 | SideEffect | ~m1038_9 |
+| ir.cpp:1038:6:1038:8 | SideEffect | ~m1038_8 |
 | ir.cpp:1038:12:1038:18 | Address | &:r1038_4 |
 | ir.cpp:1038:12:1038:18 | Address | &:r1038_4 |
-| ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_5 |
-| ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_8 |
+| ir.cpp:1038:12:1038:18 | ChiPartial | partial:m1038_7 |
 | ir.cpp:1038:12:1038:18 | ChiTotal | total:m1038_2 |
-| ir.cpp:1038:12:1038:18 | ChiTotal | total:m1038_6 |
-| ir.cpp:1038:12:1038:18 | Load | ~m1038_6 |
-| ir.cpp:1038:12:1038:18 | StoreValue | r1038_7 |
+| ir.cpp:1038:12:1038:18 | Load | m1038_5 |
+| ir.cpp:1038:12:1038:18 | StoreValue | r1038_6 |
 | ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
 | ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
 | ir.cpp:1038:14:1038:14 | Address | &:r1038_5 |
@@ -4843,6 +4841,9 @@
 | ir.cpp:1043:24:1043:24 | SideEffect | ~m1043_20 |
 | ir.cpp:1043:31:1043:31 | Address | &:r1043_9 |
 | ir.cpp:1043:36:1043:55 | Address | &:r1043_11 |
+| ir.cpp:1043:43:1043:43 | Address | &:r1043_16 |
+| ir.cpp:1043:43:1043:43 | Arg(this) | this:r1043_16 |
+| ir.cpp:1043:43:1043:43 | SideEffect | ~m1043_20 |
 | ir.cpp:1043:43:1043:54 | Address | &:r1043_22 |
 | ir.cpp:1043:43:1043:54 | Address | &:r1043_24 |
 | ir.cpp:1043:43:1043:54 | Address | &:r1043_25 |
@@ -4863,11 +4864,8 @@
 | ir.cpp:1043:45:1043:49 | SideEffect | ~m1043_4 |
 | ir.cpp:1043:45:1043:49 | Unary | r1043_13 |
 | ir.cpp:1043:45:1043:49 | Unary | r1043_15 |
-| ir.cpp:1043:52:1043:52 | Address | &:r1043_16 |
-| ir.cpp:1043:52:1043:52 | Arg(this) | this:r1043_16 |
-| ir.cpp:1043:52:1043:52 | SideEffect | ~m1043_20 |
-| ir.cpp:1043:54:1043:54 | Load | ~m1043_20 |
-| ir.cpp:1043:54:1043:54 | Right | r1043_26 |
+| ir.cpp:1043:53:1043:53 | Load | ~m1043_20 |
+| ir.cpp:1043:53:1043:53 | Right | r1043_26 |
 | ir.cpp:1043:58:1043:58 | ChiPartial | partial:m1043_9 |
 | ir.cpp:1043:58:1043:58 | ChiTotal | total:m1043_3 |
 | ir.cpp:1043:58:1043:58 | StoreValue | r1043_8 |
@@ -4982,6 +4980,9 @@
 | ir.cpp:1047:34:1047:34 | SideEffect | ~m1047_20 |
 | ir.cpp:1047:41:1047:41 | Address | &:r1047_9 |
 | ir.cpp:1047:46:1047:65 | Address | &:r1047_11 |
+| ir.cpp:1047:53:1047:53 | Address | &:r1047_16 |
+| ir.cpp:1047:53:1047:53 | Arg(this) | this:r1047_16 |
+| ir.cpp:1047:53:1047:53 | SideEffect | ~m1047_20 |
 | ir.cpp:1047:53:1047:64 | Address | &:r1047_23 |
 | ir.cpp:1047:53:1047:64 | Load | ~m1047_20 |
 | ir.cpp:1047:53:1047:64 | StoreValue | r1047_24 |
@@ -4996,9 +4997,6 @@
 | ir.cpp:1047:55:1047:59 | SideEffect | ~m1047_4 |
 | ir.cpp:1047:55:1047:59 | Unary | r1047_13 |
 | ir.cpp:1047:55:1047:59 | Unary | r1047_15 |
-| ir.cpp:1047:62:1047:62 | Address | &:r1047_16 |
-| ir.cpp:1047:62:1047:62 | Arg(this) | this:r1047_16 |
-| ir.cpp:1047:62:1047:62 | SideEffect | ~m1047_20 |
 | ir.cpp:1047:63:1047:63 | Right | r1047_22 |
 | ir.cpp:1047:68:1047:68 | StoreValue | r1047_8 |
 | ir.cpp:1047:68:1047:68 | Unary | r1047_7 |
@@ -5107,6 +5105,9 @@
 | ir.cpp:1051:39:1051:39 | SideEffect | ~m1051_20 |
 | ir.cpp:1051:46:1051:46 | Address | &:r1051_9 |
 | ir.cpp:1051:51:1051:70 | Address | &:r1051_11 |
+| ir.cpp:1051:58:1051:58 | Address | &:r1051_16 |
+| ir.cpp:1051:58:1051:58 | Arg(this) | this:r1051_16 |
+| ir.cpp:1051:58:1051:58 | SideEffect | ~m1051_20 |
 | ir.cpp:1051:58:1051:69 | Address | &:r1051_22 |
 | ir.cpp:1051:58:1051:69 | Address | &:r1051_24 |
 | ir.cpp:1051:58:1051:69 | Address | &:r1051_26 |
@@ -5127,9 +5128,6 @@
 | ir.cpp:1051:60:1051:64 | SideEffect | ~m1051_4 |
 | ir.cpp:1051:60:1051:64 | Unary | r1051_13 |
 | ir.cpp:1051:60:1051:64 | Unary | r1051_15 |
-| ir.cpp:1051:67:1051:67 | Address | &:r1051_16 |
-| ir.cpp:1051:67:1051:67 | Arg(this) | this:r1051_16 |
-| ir.cpp:1051:67:1051:67 | SideEffect | ~m1051_20 |
 | ir.cpp:1051:73:1051:73 | ChiPartial | partial:m1051_9 |
 | ir.cpp:1051:73:1051:73 | ChiTotal | total:m1051_3 |
 | ir.cpp:1051:73:1051:73 | StoreValue | r1051_8 |
@@ -5194,6 +5192,9 @@
 | ir.cpp:1054:49:1054:49 | SideEffect | ~m1054_20 |
 | ir.cpp:1054:56:1054:56 | Address | &:r1054_9 |
 | ir.cpp:1054:61:1054:88 | Address | &:r1054_11 |
+| ir.cpp:1054:68:1054:68 | Address | &:r1054_16 |
+| ir.cpp:1054:68:1054:68 | Arg(this) | this:r1054_16 |
+| ir.cpp:1054:68:1054:68 | SideEffect | ~m1054_20 |
 | ir.cpp:1054:68:1054:87 | Address | &:r1054_37 |
 | ir.cpp:1054:68:1054:87 | Load | ~m1054_20 |
 | ir.cpp:1054:68:1054:87 | StoreValue | r1054_38 |
@@ -5208,9 +5209,6 @@
 | ir.cpp:1054:70:1054:74 | SideEffect | ~m1054_4 |
 | ir.cpp:1054:70:1054:74 | Unary | r1054_13 |
 | ir.cpp:1054:70:1054:74 | Unary | r1054_15 |
-| ir.cpp:1054:77:1054:77 | Address | &:r1054_16 |
-| ir.cpp:1054:77:1054:77 | Arg(this) | this:r1054_16 |
-| ir.cpp:1054:77:1054:77 | SideEffect | ~m1054_20 |
 | ir.cpp:1054:78:1054:82 | Address | &:r1054_22 |
 | ir.cpp:1054:78:1054:82 | Address | &:r1054_24 |
 | ir.cpp:1054:78:1054:82 | Left | r1054_25 |

cpp/ql/test/library-tests/ir/ir/raw_ir.expected

@@ -5652,16 +5652,16 @@ ir.cpp:
 
 # 1038| (lambda [] type at line 1038, col. 12) lam
 # 1038|   Block 0
-# 1038|     v1038_1(void)                             = EnterFunction     : 
-# 1038|     mu1038_2(unknown)                         = AliasedDefinition : 
-# 1038|     r1038_3(glval<decltype([...](...){...})>) = VariableAddress   : 
-# 1038|     r1038_4(glval<decltype([...](...){...})>) = VariableAddress   : 
-# 1038|     mu1038_5(decltype([...](...){...}))       = Uninitialized     : &:r1038_4
-# 1038|     r1038_6(decltype([...](...){...}))        = Load[?]           : &:r1038_4, ~m?
-# 1038|     mu1038_7(decltype([...](...){...}))       = Store[?]          : &:r1038_3, r1038_6
-# 1038|     v1038_8(void)                             = ReturnVoid        : 
-# 1038|     v1038_9(void)                             = AliasedUse        : ~m?
-# 1038|     v1038_10(void)                            = ExitFunction      : 
+# 1038|     v1038_1(void)                             = EnterFunction                 : 
+# 1038|     mu1038_2(unknown)                         = AliasedDefinition             : 
+# 1038|     r1038_3(glval<decltype([...](...){...})>) = VariableAddress               : 
+# 1038|     r1038_4(glval<decltype([...](...){...})>) = VariableAddress[#temp1038:12] : 
+# 1038|     mu1038_5(decltype([...](...){...}))       = Uninitialized[#temp1038:12]   : &:r1038_4
+# 1038|     r1038_6(decltype([...](...){...}))        = Load[#temp1038:12]            : &:r1038_4, ~m?
+# 1038|     mu1038_7(decltype([...](...){...}))       = Store[?]                      : &:r1038_3, r1038_6
+# 1038|     v1038_8(void)                             = ReturnVoid                    : 
+# 1038|     v1038_9(void)                             = AliasedUse                    : ~m?
+# 1038|     v1038_10(void)                            = ExitFunction                  : 
 
 # 1038| void (lambda [] type at line 1038, col. 12)::operator()() const
 # 1038|   Block 0
@@ -9483,16 +9483,16 @@ ir.cpp:
 
 # 1767| char* global_string
 # 1767|   Block 0
-# 1767|     v1767_1(void)            = EnterFunction     : 
-# 1767|     mu1767_2(unknown)        = AliasedDefinition : 
-# 1767|     r1767_3(glval<char *>)   = VariableAddress   : 
-# 1767|     r1767_4(glval<char[14]>) = StringConstant    : 
-# 1767|     r1767_5(char *)          = Convert           : r1767_4
-# 1767|     r1767_6(char *)          = Convert           : r1767_5
-# 1767|     mu1767_7(char *)         = Store[?]          : &:r1767_3, r1767_6
-# 1767|     v1767_8(void)            = ReturnVoid        : 
-# 1767|     v1767_9(void)            = AliasedUse        : ~m?
-# 1767|     v1767_10(void)           = ExitFunction      : 
+# 1767|     v1767_1(void)            = EnterFunction                   : 
+# 1767|     mu1767_2(unknown)        = AliasedDefinition               : 
+# 1767|     r1767_3(glval<char *>)   = VariableAddress                 : 
+# 1767|     r1767_4(glval<char[14]>) = StringConstant["global string"] : 
+# 1767|     r1767_5(char *)          = Convert                         : r1767_4
+# 1767|     r1767_6(char *)          = Convert                         : r1767_5
+# 1767|     mu1767_7(char *)         = Store[?]                        : &:r1767_3, r1767_6
+# 1767|     v1767_8(void)            = ReturnVoid                      : 
+# 1767|     v1767_9(void)            = AliasedUse                      : ~m?
+# 1767|     v1767_10(void)           = ExitFunction                    : 
 
 perf-regression.cpp:
 #    6| void Big::Big()
@@ -9723,7 +9723,7 @@ struct_init.cpp:
 #    9|     r9_4(int)               = Constant[0]               : 
 #    9|     r9_5(glval<Info>)       = PointerAdd[16]            : r9_3, r9_4
 #   10|     r10_1(glval<char *>)    = FieldAddress[name]        : r9_5
-#   10|     r10_2(glval<char[2]>)   = StringConstant            : 
+#   10|     r10_2(glval<char[2]>)   = StringConstant["1"]       : 
 #   10|     r10_3(char *)           = Convert                   : r10_2
 #   10|     mu10_4(char *)          = Store[?]                  : &:r10_1, r10_3
 #   10|     r10_5(glval<..(*)(..)>) = FieldAddress[handler]     : r9_5
@@ -9732,7 +9732,7 @@ struct_init.cpp:
 #    9|     r9_6(int)               = Constant[1]               : 
 #    9|     r9_7(glval<Info>)       = PointerAdd[16]            : r9_3, r9_6
 #   11|     r11_1(glval<char *>)    = FieldAddress[name]        : r9_7
-#   11|     r11_2(glval<char[2]>)   = StringConstant            : 
+#   11|     r11_2(glval<char[2]>)   = StringConstant["3"]       : 
 #   11|     r11_3(char *)           = Convert                   : r11_2
 #   11|     mu11_4(char *)          = Store[?]                  : &:r11_1, r11_3
 #   11|     r11_5(glval<..(*)(..)>) = FieldAddress[handler]     : r9_7