C++: Add an 'EdgeKind' column to 'getFirstInstruction'.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

@@ -285,7 +285,7 @@ private predicate backEdgeCandidate(
   // is a back edge. This includes edges from `continue` and the fall-through
   // edge(s) after the last instruction(s) in the body.
   exists(TranslatedWhileStmt s |
-    targetInstruction = s.getFirstConditionInstruction() and
+    targetInstruction = s.getFirstConditionInstruction(_) and
     targetInstruction = sourceElement.getInstructionSuccessor(sourceTag, kind) and
     requiredAncestor = s.getBody()
   )
@@ -296,7 +296,7 @@ private predicate backEdgeCandidate(
   // { ... } while (0)` statement. Note that all `continue` statements in a
   // do-while loop produce forward edges.
   exists(TranslatedDoStmt s |
-    targetInstruction = s.getBody().getFirstInstruction() and
+    targetInstruction = s.getBody().getFirstInstruction(_) and
     targetInstruction = sourceElement.getInstructionSuccessor(sourceTag, kind) and
     requiredAncestor = s.getCondition()
   )
@@ -308,7 +308,7 @@ private predicate backEdgeCandidate(
   // last instruction(s) in the body. A for loop may not have a condition, in
   // which case `getFirstConditionInstruction` returns the body instead.
   exists(TranslatedForStmt s |
-    targetInstruction = s.getFirstConditionInstruction() and
+    targetInstruction = s.getFirstConditionInstruction(_) and
     targetInstruction = sourceElement.getInstructionSuccessor(sourceTag, kind) and
     (
       requiredAncestor = s.getUpdate()
@@ -322,7 +322,7 @@ private predicate backEdgeCandidate(
   // Any edge from within the update of the loop to the condition of
   // the loop is a back edge.
   exists(TranslatedRangeBasedForStmt s |
-    targetInstruction = s.getCondition().getFirstInstruction() and
+    targetInstruction = s.getCondition().getFirstInstruction(_) and
     targetInstruction = sourceElement.getInstructionSuccessor(sourceTag, kind) and
     requiredAncestor = s.getUpdate()
   )

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -40,10 +40,10 @@ abstract class TranslatedCall extends TranslatedExpr {
     id = this.getNumberOfArguments() and result = this.getSideEffects()
   }
 
-  final override Instruction getFirstInstruction() {
+  final override Instruction getFirstInstruction(EdgeKind kind) {
     if exists(this.getQualifier())
-    then result = this.getQualifier().getFirstInstruction()
-    else result = this.getFirstCallTargetInstruction()
+    then result = this.getQualifier().getFirstInstruction(kind)
+    else result = this.getFirstCallTargetInstruction(kind)
   }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
@@ -53,19 +53,18 @@ abstract class TranslatedCall extends TranslatedExpr {
   }
 
   override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) {
-    kind instanceof GotoEdge and
-    (
-      child = this.getQualifier() and
-      result = this.getFirstCallTargetInstruction()
-      or
-      child = this.getCallTarget() and
-      result = this.getFirstArgumentOrCallInstruction()
-      or
-      exists(int argIndex |
-        child = this.getArgument(argIndex) and
-        if exists(this.getArgument(argIndex + 1))
-        then result = this.getArgument(argIndex + 1).getFirstInstruction()
-        else result = this.getInstruction(CallTag())
+    child = this.getQualifier() and
+    result = this.getFirstCallTargetInstruction(kind)
+    or
+    child = this.getCallTarget() and
+    result = this.getFirstArgumentOrCallInstruction(kind)
+    or
+    exists(int argIndex |
+      child = this.getArgument(argIndex) and
+      if exists(this.getArgument(argIndex + 1))
+      then result = this.getArgument(argIndex + 1).getFirstInstruction(kind)
+      else (
+        result = this.getInstruction(CallTag()) and kind instanceof GotoEdge
       )
     )
     or
@@ -81,9 +80,8 @@ abstract class TranslatedCall extends TranslatedExpr {
   }
 
   override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
-    kind instanceof GotoEdge and
     tag = CallTag() and
-    result = this.getSideEffects().getFirstInstruction()
+    result = this.getSideEffects().getFirstInstruction(kind)
   }
 
   override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
@@ -125,8 +123,8 @@ abstract class TranslatedCall extends TranslatedExpr {
    * it can be overridden by a subclass for cases where there is a call target
    * that is not computed from an expression (e.g. a direct call).
    */
-  Instruction getFirstCallTargetInstruction() {
-    result = this.getCallTarget().getFirstInstruction()
+  Instruction getFirstCallTargetInstruction(EdgeKind kind) {
+    result = this.getCallTarget().getFirstInstruction(kind)
   }
 
   /**
@@ -163,10 +161,12 @@ abstract class TranslatedCall extends TranslatedExpr {
    * If there are any arguments, gets the first instruction of the first
    * argument. Otherwise, returns the call instruction.
    */
-  final Instruction getFirstArgumentOrCallInstruction() {
+  final Instruction getFirstArgumentOrCallInstruction(EdgeKind kind) {
     if this.hasArguments()
-    then result = this.getArgument(0).getFirstInstruction()
-    else result = this.getInstruction(CallTag())
+    then result = this.getArgument(0).getFirstInstruction(kind)
+    else (
+      kind instanceof GotoEdge and result = this.getInstruction(CallTag())
+    )
   }
 
   /**
@@ -211,7 +211,7 @@ abstract class TranslatedSideEffects extends TranslatedElement {
     exists(int i |
       this.getChild(i) = te and
       if exists(this.getChild(i + 1))
-      then kind instanceof GotoEdge and result = this.getChild(i + 1).getFirstInstruction()
+      then result = this.getChild(i + 1).getFirstInstruction(kind)
       else result = this.getParent().getChildSuccessor(this, kind)
     )
   }
@@ -220,12 +220,12 @@ abstract class TranslatedSideEffects extends TranslatedElement {
     none()
   }
 
-  final override Instruction getFirstInstruction() {
-    result = this.getChild(0).getFirstInstruction()
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getChild(0).getFirstInstruction(kind)
     or
     // Some functions, like `std::move()`, have no side effects whatsoever.
     not exists(this.getChild(0)) and
-    result = this.getParent().getChildSuccessor(this, any(GotoEdge edge))
+    result = this.getParent().getChildSuccessor(this, kind)
   }
 
   final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() }
@@ -240,8 +240,9 @@ abstract class TranslatedSideEffects extends TranslatedElement {
  * (`TranslatedAllocatorCall`).
  */
 abstract class TranslatedDirectCall extends TranslatedCall {
-  final override Instruction getFirstCallTargetInstruction() {
-    result = this.getInstruction(CallTargetTag())
+  final override Instruction getFirstCallTargetInstruction(EdgeKind kind) {
+    result = this.getInstruction(CallTargetTag()) and
+    kind instanceof GotoEdge
   }
 
   final override Instruction getCallTargetResult() { result = this.getInstruction(CallTargetTag()) }
@@ -258,8 +259,7 @@ abstract class TranslatedDirectCall extends TranslatedCall {
     result = TranslatedCall.super.getInstructionSuccessor(tag, kind)
     or
     tag = CallTargetTag() and
-    kind instanceof GotoEdge and
-    result = this.getFirstArgumentOrCallInstruction()
+    result = this.getFirstArgumentOrCallInstruction(kind)
   }
 }
 
@@ -383,8 +383,9 @@ abstract class TranslatedSideEffect extends TranslatedElement {
 
   final override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) { none() }
 
-  final override Instruction getFirstInstruction() {
-    result = this.getInstruction(OnlyInstructionTag())
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(OnlyInstructionTag()) and
+    kind instanceof GotoEdge
   }
 
   final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType type) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll

@@ -44,8 +44,8 @@ abstract class TranslatedFlexibleCondition extends TranslatedCondition, Conditio
 
   final override TranslatedElement getChild(int id) { id = 0 and result = this.getOperand() }
 
-  final override Instruction getFirstInstruction() {
-    result = this.getOperand().getFirstInstruction()
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getOperand().getFirstInstruction(kind)
   }
 
   final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
@@ -92,8 +92,8 @@ abstract class TranslatedBinaryLogicalOperation extends TranslatedNativeConditio
     id = 1 and result = this.getRightOperand()
   }
 
-  final override Instruction getFirstInstruction() {
-    result = this.getLeftOperand().getFirstInstruction()
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getLeftOperand().getFirstInstruction(kind)
   }
 
   final override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
@@ -116,7 +116,7 @@ class TranslatedLogicalAndExpr extends TranslatedBinaryLogicalOperation {
 
   override Instruction getChildTrueSuccessor(TranslatedCondition child) {
     child = this.getLeftOperand() and
-    result = this.getRightOperand().getFirstInstruction()
+    result = this.getRightOperand().getFirstInstruction(any(GotoEdge edge))
     or
     child = this.getRightOperand() and
     result = this.getConditionContext().getChildTrueSuccessor(this)
@@ -138,7 +138,7 @@ class TranslatedLogicalOrExpr extends TranslatedBinaryLogicalOperation {
 
   override Instruction getChildFalseSuccessor(TranslatedCondition child) {
     child = this.getLeftOperand() and
-    result = this.getRightOperand().getFirstInstruction()
+    result = this.getRightOperand().getFirstInstruction(any(GotoEdge edge))
     or
     child = this.getRightOperand() and
     result = this.getConditionContext().getChildFalseSuccessor(this)
@@ -150,7 +150,9 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
 
   override TranslatedElement getChild(int id) { id = 0 and result = this.getValueExpr() }
 
-  override Instruction getFirstInstruction() { result = this.getValueExpr().getFirstInstruction() }
+  override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getValueExpr().getFirstInstruction(kind)
+  }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
     tag = ValueConditionConditionalBranchTag() and

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

@@ -147,8 +147,9 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
     type = getBoolType()
   }
 
-  final override Instruction getFirstInstruction() {
-    result = this.getInstruction(DynamicInitializationFlagAddressTag())
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(DynamicInitializationFlagAddressTag()) and
+    kind instanceof GotoEdge
   }
 
   final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
@@ -166,7 +167,7 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
       result = this.getParent().getChildSuccessor(this, any(GotoEdge edge))
       or
       kind instanceof FalseEdge and
-      result = this.getInitialization().getFirstInstruction()
+      result = this.getInitialization().getFirstInstruction(any(GotoEdge edge))
     )
     or
     tag = DynamicInitializationFlagConstantTag() and

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -827,9 +827,10 @@ abstract class TranslatedElement extends TTranslatedElement {
   Location getLocation() { result = this.getAst().getLocation() }
 
   /**
-   * Get the first instruction to be executed in the evaluation of this element.
+   * Get the first instruction to be executed in the evaluation of this
+   * element when the edge kind is `kind`.
    */
-  abstract Instruction getFirstInstruction();
+  abstract Instruction getFirstInstruction(EdgeKind kind);
 
   /**
    * Get the immediate child elements of this element.