C++: Fix IR edge case where there are no function calls taking an argument

jketema · jketema · commit 401281331ff9 · 2025-05-14T13:44:29.000+02:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll b/cpp/ql/lib/semmle/code/cpp/ir/internal/IRCppLanguage.qll
@@ -67,8 +67,13 @@ class Class = Cpp::Class; // Used for inheritance conversions
 predicate hasCaseEdge(string minValue, string maxValue) { hasCaseEdge(_, minValue, maxValue) }
 
 predicate hasPositionalArgIndex(int argIndex) {
-  exists(Cpp::FunctionCall call | exists(call.getArgument(argIndex))) or
+  exists(Cpp::FunctionCall call | exists(call.getArgument(argIndex)))
+  or
   exists(Cpp::BuiltInOperation op | exists(op.getChild(argIndex)))
+  or
+  // Ensure we are always able to output the argument of a call to the delete operator.
+  exists(Cpp::DeleteExpr d) and
+  argIndex = 0
 }
 
 predicate hasAsmOperandIndex(int operandIndex) {
diff --git a/cpp/ql/test/library-tests/ir/no-function-calls/aliased_ir.expected b/cpp/ql/test/library-tests/ir/no-function-calls/aliased_ir.expected
@@ -9,17 +9,18 @@ test.cpp:
 #    5|     m5_6(int *)          = InitializeParameter[x]           : &:r5_5
 #    5|     r5_7(int *)          = Load[x]                          : &:r5_5, m5_6
 #    5|     m5_8(unknown)        = InitializeIndirection[x]         : &:r5_7
+#    5|     m5_9(unknown)        = Chi                              : total:m5_4, partial:m5_8
 #    6|     r6_1(glval<unknown>) = FunctionAddress[operator delete] : 
 #    6|     r6_2(glval<int *>)   = VariableAddress[x]               : 
 #    6|     r6_3(int *)          = Load[x]                          : &:r6_2, m5_6
-#    6|     v6_4(void)           = Call[operator delete]            : func:r6_1
-#    6|     m6_5(unknown)        = ^CallSideEffect                  : ~m5_4
-#    6|     m6_6(unknown)        = Chi                              : total:m5_4, partial:m6_5
+#    6|     v6_4(void)           = Call[operator delete]            : func:r6_1, 0:r6_3
+#    6|     m6_5(unknown)        = ^CallSideEffect                  : ~m5_9
+#    6|     m6_6(unknown)        = Chi                              : total:m5_9, partial:m6_5
 #    7|     v7_1(void)           = NoOp                             : 
-#    5|     v5_9(void)           = ReturnIndirection[x]             : &:r5_7, m5_8
-#    5|     v5_10(void)          = ReturnVoid                       : 
-#    5|     v5_11(void)          = AliasedUse                       : ~m6_6
-#    5|     v5_12(void)          = ExitFunction                     : 
+#    5|     v5_10(void)          = ReturnIndirection[x]             : &:r5_7, ~m6_6
+#    5|     v5_11(void)          = ReturnVoid                       : 
+#    5|     v5_12(void)          = AliasedUse                       : ~m6_6
+#    5|     v5_13(void)          = ExitFunction                     : 
 
 #   11| void jazz()
 #   11|   Block 0
