Merge branch 'main' into rdmarsh2/swift/autoclosure-cfg

Author: rdmarsh2

cpp/BUILD.bazel

@@ -1,12 +1,17 @@
-package(default_visibility = ["//visibility:public"])
-
 load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
 
+package(default_visibility = ["//visibility:public"])
+
 alias(
     name = "dbscheme",
     actual = "//cpp/ql/lib:dbscheme",
 )
 
+alias(
+    name = "dbscheme-stats",
+    actual = "//cpp/ql/lib:dbscheme-stats",
+)
+
 pkg_filegroup(
     name = "db-files",
     srcs = [

cpp/ql/lib/BUILD.bazel

@@ -1,7 +1,7 @@
-package(default_visibility = ["//cpp:__pkg__"])
-
 load("@rules_pkg//:mappings.bzl", "pkg_files")
 
+package(default_visibility = ["//cpp:__pkg__"])
+
 pkg_files(
     name = "dbscheme",
     srcs = ["semmlecode.cpp.dbscheme"],

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

@@ -1696,16 +1696,7 @@ private module Cached {
     // Reverse flow: data that flows from the definition node back into the indirection returned
     // by a function. This allows data to flow 'in' through references returned by a modeled
     // function such as `operator[]`.
-    exists(Operand address, int indirectionIndex |
-      nodeHasOperand(nodeTo.(IndirectReturnOutNode), address, indirectionIndex)
-    |
-      exists(StoreInstruction store |
-        nodeHasInstruction(nodeFrom, store, indirectionIndex - 1) and
-        store.getDestinationAddressOperand() = address
-      )
-      or
-      Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex)
-    )
+    reverseFlow(nodeFrom, nodeTo)
   }
 
   private predicate simpleInstructionLocalFlowStep(Operand opFrom, Instruction iTo) {
@@ -1736,6 +1727,39 @@ private module Cached {
       )
     )
   }
+
+  private predicate reverseFlow(Node nodeFrom, Node nodeTo) {
+    reverseFlowOperand(nodeFrom, nodeTo)
+    or
+    reverseFlowInstruction(nodeFrom, nodeTo)
+  }
+
+  private predicate reverseFlowOperand(Node nodeFrom, IndirectReturnOutNode nodeTo) {
+    exists(Operand address, int indirectionIndex |
+      nodeHasOperand(nodeTo, address, indirectionIndex)
+    |
+      exists(StoreInstruction store |
+        nodeHasInstruction(nodeFrom, store, indirectionIndex - 1) and
+        store.getDestinationAddressOperand() = address
+      )
+      or
+      // We also want a write coming out of an `OutNode` to flow `nodeTo`.
+      // This is different from `reverseFlowInstruction` since `nodeFrom` can never
+      // be an `OutNode` when it's defined by an instruction.
+      Ssa::outNodeHasAddressAndIndex(nodeFrom, address, indirectionIndex)
+    )
+  }
+
+  private predicate reverseFlowInstruction(Node nodeFrom, IndirectReturnOutNode nodeTo) {
+    exists(Instruction address, int indirectionIndex |
+      nodeHasInstruction(nodeTo, address, indirectionIndex)
+    |
+      exists(StoreInstruction store |
+        nodeHasInstruction(nodeFrom, store, indirectionIndex - 1) and
+        store.getDestinationAddress() = address
+      )
+    )
+  }
 }
 
 import Cached

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ProductFlow.qll

@@ -374,6 +374,8 @@ module ProductFlow {
 
       predicate isBarrier(DataFlow::Node node, FlowState state) { Config::isBarrier1(node, state) }
 
+      predicate isBarrier(DataFlow::Node node) { Config::isBarrier1(node) }
+
       predicate isBarrierOut(DataFlow::Node node) { Config::isBarrierOut1(node) }
 
       predicate isAdditionalFlowStep(
@@ -408,6 +410,8 @@ module ProductFlow {
 
       predicate isBarrier(DataFlow::Node node, FlowState state) { Config::isBarrier2(node, state) }
 
+      predicate isBarrier(DataFlow::Node node) { Config::isBarrier2(node) }
+
       predicate isBarrierOut(DataFlow::Node node) { Config::isBarrierOut2(node) }
 
       predicate isAdditionalFlowStep(

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternalsCommon.qll

@@ -815,7 +815,7 @@ private module Cached {
   ) {
     indirectionIndex = [1 .. countIndirectionsForCppType(getResultLanguageType(instr))] and
     exists(Instruction load, Operand address |
-      address.getDef() = instr and
+      address = unique( | | getAUse(instr)) and
       isDereference(load, address, false) and
       instrRepr = load and
       indirectionIndexRepr = indirectionIndex - 1

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll

@@ -8,6 +8,22 @@ private import internal.IRBlockImports as Imports
 import Imports::EdgeKind
 private import Cached
 
+/**
+ * Holds if `block` is a block in `func` and `sortOverride`, `sortKey1`, and `sortKey2` are the
+ * sort keys of the block (derived from its first instruction)
+ */
+pragma[nomagic]
+private predicate blockSortKeys(
+  IRFunction func, IRBlockBase block, int sortOverride, int sortKey1, int sortKey2
+) {
+  block.getEnclosingIRFunction() = func and
+  block.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
+  // Ensure that the block containing `EnterFunction` always comes first.
+  if block.getFirstInstruction() instanceof EnterFunctionInstruction
+  then sortOverride = 0
+  else sortOverride = 1
+}
+
 /**
  * A basic block in the IR. A basic block consists of a sequence of `Instructions` with the only
  * incoming edges at the beginning of the sequence and the only outgoing edges at the end of the
@@ -37,17 +53,14 @@ class IRBlockBase extends TIRBlock {
     exists(IRConfiguration::IRConfiguration config |
       config.shouldEvaluateDebugStringsForFunction(this.getEnclosingFunction())
     ) and
-    this =
-      rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
-        funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and
-        funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
-        // Ensure that the block containing `EnterFunction` always comes first.
-        if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction
-        then sortOverride = 0
-        else sortOverride = 1
-      |
-        funcBlock order by sortOverride, sortKey1, sortKey2
-      )
+    exists(IRFunction func |
+      this =
+        rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
+          blockSortKeys(func, funcBlock, sortOverride, sortKey1, sortKey2)
+        |
+          funcBlock order by sortOverride, sortKey1, sortKey2
+        )
+    )
   }
 
   /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll

@@ -116,14 +116,14 @@ class Instruction extends Construction::TStageInstruction {
 
   private int getLineRank() {
     this.shouldGenerateDumpStrings() and
-    this =
-      rank[result](Instruction instr |
-        instr =
-          getAnInstructionAtLine(this.getEnclosingIRFunction(), this.getLocation().getFile(),
-            this.getLocation().getStartLine())
-      |
-        instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock()
-      )
+    exists(IRFunction enclosing, Language::File file, int line |
+      this =
+        rank[result](Instruction instr |
+          instr = getAnInstructionAtLine(enclosing, file, line)
+        |
+          instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock()
+        )
+    )
   }
 
   /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll

@@ -8,6 +8,22 @@ private import internal.IRBlockImports as Imports
 import Imports::EdgeKind
 private import Cached
 
+/**
+ * Holds if `block` is a block in `func` and `sortOverride`, `sortKey1`, and `sortKey2` are the
+ * sort keys of the block (derived from its first instruction)
+ */
+pragma[nomagic]
+private predicate blockSortKeys(
+  IRFunction func, IRBlockBase block, int sortOverride, int sortKey1, int sortKey2
+) {
+  block.getEnclosingIRFunction() = func and
+  block.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
+  // Ensure that the block containing `EnterFunction` always comes first.
+  if block.getFirstInstruction() instanceof EnterFunctionInstruction
+  then sortOverride = 0
+  else sortOverride = 1
+}
+
 /**
  * A basic block in the IR. A basic block consists of a sequence of `Instructions` with the only
  * incoming edges at the beginning of the sequence and the only outgoing edges at the end of the
@@ -37,17 +53,14 @@ class IRBlockBase extends TIRBlock {
     exists(IRConfiguration::IRConfiguration config |
       config.shouldEvaluateDebugStringsForFunction(this.getEnclosingFunction())
     ) and
-    this =
-      rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
-        funcBlock.getEnclosingFunction() = this.getEnclosingFunction() and
-        funcBlock.getFirstInstruction().hasSortKeys(sortKey1, sortKey2) and
-        // Ensure that the block containing `EnterFunction` always comes first.
-        if funcBlock.getFirstInstruction() instanceof EnterFunctionInstruction
-        then sortOverride = 0
-        else sortOverride = 1
-      |
-        funcBlock order by sortOverride, sortKey1, sortKey2
-      )
+    exists(IRFunction func |
+      this =
+        rank[result + 1](IRBlock funcBlock, int sortOverride, int sortKey1, int sortKey2 |
+          blockSortKeys(func, funcBlock, sortOverride, sortKey1, sortKey2)
+        |
+          funcBlock order by sortOverride, sortKey1, sortKey2
+        )
+    )
   }
 
   /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll

@@ -116,14 +116,14 @@ class Instruction extends Construction::TStageInstruction {
 
   private int getLineRank() {
     this.shouldGenerateDumpStrings() and
-    this =
-      rank[result](Instruction instr |
-        instr =
-          getAnInstructionAtLine(this.getEnclosingIRFunction(), this.getLocation().getFile(),
-            this.getLocation().getStartLine())
-      |
-        instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock()
-      )
+    exists(IRFunction enclosing, Language::File file, int line |
+      this =
+        rank[result](Instruction instr |
+          instr = getAnInstructionAtLine(enclosing, file, line)
+        |
+          instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock()
+        )
+    )
   }
 
   /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

@@ -423,7 +423,12 @@ private module CachedForDebugging {
   cached
   predicate instructionHasSortKeys(Instruction instruction, int key1, int key2) {
     key1 = getInstructionTranslatedElement(instruction).getId() and
-    getInstructionTag(instruction) =
+    getInstructionTag(instruction) = tagByRank(key2)
+  }
+
+  pragma[nomagic]
+  private InstructionTag tagByRank(int key2) {
+    result =
       rank[key2](InstructionTag tag, string tagId |
         tagId = getInstructionTagId(tag)
       |