Skip to content

Commit f2d6bcd

Browse files
MathiasVPMathiasVP
committed
C++: Fix join order in 'isGuarded'.
Before: Tuple counts for UnsignedDifferenceExpressionComparedZero::isGuarded#bff/3@ec24001m after 1.7s: 97431 ~0% {2} r1 = JOIN UnsignedDifferenceExpressionComparedZero::isGuarded#bff#join_rhs WITH project#BasicBlocks::Cached::basic_block_member ON FIRST 1 OUTPUT Rhs.1, Lhs.0 'sub' 11809769 ~1% {2} r2 = JOIN r1 WITH Guards::GuardCondition::controls_dispred#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'sub', Rhs.1 11809769 ~0% {4} r3 = JOIN r2 WITH project#BasicBlocks::Cached::basic_block_member ON FIRST 1 OUTPUT Lhs.1, Rhs.1, false, Lhs.0 'sub' 629277 ~4% {7} r4 = JOIN r3 WITH Guards::GuardCondition::ensuresLt_dispred#ffffff_045123#join_rhs ON FIRST 3 OUTPUT Lhs.3 'sub', Lhs.0, Lhs.1, false, Rhs.3 'left', Rhs.4 'right', Rhs.5 628120 ~4% {7} r5 = SELECT r4 ON In.6 >= 0 628120 ~1% {3} r6 = SCAN r5 OUTPUT In.0 'sub', In.4 'left', In.5 'right' return r6 After: Tuple counts for UnsignedDifferenceExpressionComparedZero::isGuarded#fff/3@i2#a5071x3a after 392ms: 103763 ~0% {2} r1 = SCAN UnsignedDifferenceExpressionComparedZero::exprIsSubLeftOrLess#ff#prev_delta OUTPUT In.0 'sub', 26 103763 ~0% {1} r2 = JOIN r1 WITH exprs ON FIRST 2 OUTPUT Lhs.0 'sub' 97431 ~0% {3} r3 = JOIN r2 WITH project#BasicBlocks::Cached::basic_block_member ON FIRST 1 OUTPUT Rhs.1, false, Lhs.0 'sub' 629277 ~0% {7} r4 = JOIN r3 WITH Guards::GuardCondition::ensuresLt_dispred#ffffff_450123#join_rhs ON FIRST 2 OUTPUT Lhs.2 'sub', Lhs.0, false, Rhs.2, Rhs.3 'left', Rhs.4 'right', Rhs.5 628120 ~0% {7} r5 = SELECT r4 ON In.6 >= 0 628120 ~1% {6} r6 = SCAN r5 OUTPUT In.0 'sub', In.1, In.3, In.4 'left', In.5 'right', In.6 628120 ~1% {6} r7 = r6 AND NOT UnsignedDifferenceExpressionComparedZero::isGuarded#fff#prev(Lhs.0 'sub', Lhs.3 'left', Lhs.4 'right') 628120 ~0% {5} r8 = SCAN r7 OUTPUT In.2, In.1, In.0 'sub', In.3 'left', In.4 'right' 628120 ~1% {3} r9 = JOIN r8 WITH Guards::GuardCondition::controls_dispred#fff ON FIRST 2 OUTPUT Lhs.2 'sub', Lhs.3 'left', Lhs.4 'right' return r9
1 parent fd60c6e commit f2d6bcd

File tree

1 file changed

+6
-4
lines changed

1 file changed

+6
-4
lines changed

cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,13 @@ import semmle.code.cpp.dataflow.DataFlow
2222
* Holds if `sub` is guarded by a condition which ensures that
2323
* `left >= right`.
2424
*/
25-
pragma[noinline]
25+
pragma[nomagic]
2626
predicate isGuarded(SubExpr sub, Expr left, Expr right) {
27-
exists(GuardCondition guard, int k |
28-
guard.controls(sub.getBasicBlock(), _) and
29-
guard.ensuresLt(left, right, k, sub.getBasicBlock(), false) and
27+
exprIsSubLeftOrLess(pragma[only_bind_into](sub), _) and // Manual magic
28+
exists(GuardCondition guard, int k, BasicBlock bb |
29+
pragma[only_bind_into](bb) = sub.getBasicBlock() and
30+
guard.controls(pragma[only_bind_into](bb), _) and
31+
guard.ensuresLt(left, right, k, bb, false) and
3032
k >= 0
3133
)
3234
}

0 commit comments

Comments
 (0)