C++: Add an 'EdgeKind' column to 'getChildSuccessor'.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -52,28 +52,32 @@ abstract class TranslatedCall extends TranslatedExpr {
     resultType = getTypeForPRValue(this.getCallResultType())
   }
 
-  override Instruction getChildSuccessor(TranslatedElement child) {
-    child = this.getQualifier() and
-    result = this.getFirstCallTargetInstruction()
-    or
-    child = this.getCallTarget() and
-    result = this.getFirstArgumentOrCallInstruction()
-    or
-    exists(int argIndex |
-      child = this.getArgument(argIndex) and
-      if exists(this.getArgument(argIndex + 1))
-      then result = this.getArgument(argIndex + 1).getFirstInstruction()
-      else result = this.getInstruction(CallTag())
+  override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) {
+    kind instanceof GotoEdge and
+    (
+      child = this.getQualifier() and
+      result = this.getFirstCallTargetInstruction()
+      or
+      child = this.getCallTarget() and
+      result = this.getFirstArgumentOrCallInstruction()
+      or
+      exists(int argIndex |
+        child = this.getArgument(argIndex) and
+        if exists(this.getArgument(argIndex + 1))
+        then result = this.getArgument(argIndex + 1).getFirstInstruction()
+        else result = this.getInstruction(CallTag())
+      )
     )
     or
     child = this.getSideEffects() and
     if this.isNoReturn()
     then
+      kind instanceof GotoEdge and
       result =
         any(UnreachedInstruction instr |
           this.getEnclosingFunction().getFunction() = instr.getEnclosingFunction()
         )
-    else result = this.getParent().getChildSuccessor(this)
+    else result = this.getParent().getChildSuccessor(this, kind)
   }
 
   override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
@@ -203,12 +207,12 @@ abstract class TranslatedSideEffects extends TranslatedElement {
       )
   }
 
-  final override Instruction getChildSuccessor(TranslatedElement te) {
+  final override Instruction getChildSuccessor(TranslatedElement te, EdgeKind kind) {
     exists(int i |
       this.getChild(i) = te and
       if exists(this.getChild(i + 1))
-      then result = this.getChild(i + 1).getFirstInstruction()
-      else result = this.getParent().getChildSuccessor(this)
+      then kind instanceof GotoEdge and result = this.getChild(i + 1).getFirstInstruction()
+      else result = this.getParent().getChildSuccessor(this, kind)
     )
   }
 
@@ -220,7 +224,8 @@ abstract class TranslatedSideEffects extends TranslatedElement {
     result = this.getChild(0).getFirstInstruction()
     or
     // Some functions, like `std::move()`, have no side effects whatsoever.
-    not exists(this.getChild(0)) and result = this.getParent().getChildSuccessor(this)
+    not exists(this.getChild(0)) and
+    result = this.getParent().getChildSuccessor(this, any(GotoEdge edge))
   }
 
   final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() }
@@ -376,7 +381,7 @@ private int initializeAllocationGroup() { result = 3 }
 abstract class TranslatedSideEffect extends TranslatedElement {
   final override TranslatedElement getChild(int n) { none() }
 
-  final override Instruction getChildSuccessor(TranslatedElement child) { none() }
+  final override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) { none() }
 
   final override Instruction getFirstInstruction() {
     result = this.getInstruction(OnlyInstructionTag())
@@ -388,9 +393,8 @@ abstract class TranslatedSideEffect extends TranslatedElement {
   }
 
   final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
-    result = this.getParent().getChildSuccessor(this) and
-    tag = OnlyInstructionTag() and
-    kind instanceof GotoEdge
+    result = this.getParent().getChildSuccessor(this, kind) and
+    tag = OnlyInstructionTag()
   }
 
   final override Declaration getFunction() { result = this.getParent().getFunction() }

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCondition.qll

@@ -54,7 +54,7 @@ abstract class TranslatedFlexibleCondition extends TranslatedCondition, Conditio
 
   final override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) { none() }
 
-  final override Instruction getChildSuccessor(TranslatedElement child) { none() }
+  final override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) { none() }
 
   abstract TranslatedCondition getOperand();
 }
@@ -80,7 +80,7 @@ class TranslatedParenthesisCondition extends TranslatedFlexibleCondition {
 abstract class TranslatedNativeCondition extends TranslatedCondition, TTranslatedNativeCondition {
   TranslatedNativeCondition() { this = TTranslatedNativeCondition(expr) }
 
-  final override Instruction getChildSuccessor(TranslatedElement child) { none() }
+  final override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) { none() }
 }
 
 abstract class TranslatedBinaryLogicalOperation extends TranslatedNativeCondition, ConditionContext {
@@ -158,9 +158,10 @@ class TranslatedValueCondition extends TranslatedCondition, TTranslatedValueCond
     resultType = getVoidType()
   }
 
-  override Instruction getChildSuccessor(TranslatedElement child) {
+  override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) {
     child = this.getValueExpr() and
-    result = this.getInstruction(ValueConditionConditionalBranchTag())
+    result = this.getInstruction(ValueConditionConditionalBranchTag()) and
+    kind instanceof GotoEdge
   }
 
   override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedDeclarationEntry.qll

@@ -68,7 +68,7 @@ abstract class TranslatedLocalVariableDeclaration extends TranslatedVariableInit
   }
 
   final override Instruction getInitializationSuccessor() {
-    result = this.getParent().getChildSuccessor(this)
+    result = this.getParent().getChildSuccessor(this, any(GotoEdge edge))
   }
 
   final override IRVariable getIRVariable() {
@@ -163,7 +163,7 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
     tag = DynamicInitializationConditionalBranchTag() and
     (
       kind instanceof TrueEdge and
-      result = this.getParent().getChildSuccessor(this)
+      result = this.getParent().getChildSuccessor(this, any(GotoEdge edge))
       or
       kind instanceof FalseEdge and
       result = this.getInitialization().getFirstInstruction()
@@ -174,13 +174,13 @@ class TranslatedStaticLocalVariableDeclarationEntry extends TranslatedDeclaratio
     result = this.getInstruction(DynamicInitializationFlagStoreTag())
     or
     tag = DynamicInitializationFlagStoreTag() and
-    kind instanceof GotoEdge and
-    result = this.getParent().getChildSuccessor(this)
+    result = this.getParent().getChildSuccessor(this, kind)
   }
 
-  final override Instruction getChildSuccessor(TranslatedElement child) {
+  final override Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind) {
     child = this.getInitialization() and
-    result = this.getInstruction(DynamicInitializationFlagConstantTag())
+    result = this.getInstruction(DynamicInitializationFlagConstantTag()) and
+    kind instanceof GotoEdge
   }
 
   final override IRDynamicInitializationFlag getInstructionVariable(InstructionTag tag) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -904,9 +904,10 @@ abstract class TranslatedElement extends TTranslatedElement {
 
   /**
    * Gets the successor instruction to which control should flow after the
-   * child element specified by `child` has finished execution.
+   * child element specified by `child` has finished execution. The successor
+   * edge kind is specified by `kind`.
    */
-  abstract Instruction getChildSuccessor(TranslatedElement child);
+  abstract Instruction getChildSuccessor(TranslatedElement child, EdgeKind kind);
 
   /**
    * Gets the instruction to which control should flow if an exception is thrown