C++: handle degenerate phi nodes

Author: rdmarsh2

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll

@@ -43,11 +43,25 @@ private module Cached {
   class TStageInstruction =
     TRawInstruction or TPhiInstruction or TChiInstruction or TUnreachedInstruction;
 
+  /**
+   * If `oldInstruction` is a `Phi` instruction that has exactly one reachable predecessor block,
+   * this predicate returns the `PhiInputOperand` corresponding to that predecessor block.
+   * Otherwise, this predicate does not hold.
+   */
+  private OldIR::PhiInputOperand getDegeneratePhiOperand(OldInstruction oldInstruction) {
+    result =
+      unique(OldIR::PhiInputOperand operand |
+        operand = oldInstruction.(OldIR::PhiInstruction).getAnInputOperand() and
+        operand.getPredecessorBlock() instanceof OldBlock
+      )
+  }
+
   cached
   predicate hasInstruction(TStageInstruction instr) {
     instr instanceof TRawInstruction and instr instanceof OldInstruction
     or
-    instr instanceof TPhiInstruction
+    instr instanceof TPhiInstruction and 
+    not exists(getDegeneratePhiOperand(instr))
     or
     instr instanceof TChiInstruction
     or
@@ -150,16 +164,13 @@ private module Cached {
       (
         result = getNewInstruction(oldOperand.getAnyDef()) and
         overlap = originalOverlap
-        /*
-         * or
-         *        exists(OldIR::PhiInputOperand phiOperand, Overlap phiOperandOverlap |
-         *          phiOperand = getDegeneratePhiOperand(oldOperand.getAnyDef()) and
-         *          result = getNewDefinitionFromOldSSA(phiOperand, phiOperandOverlap) and
-         *          overlap = combineOverlap(phiOperandOverlap, originalOverlap)
-         *        )
-         */
-
+         or
+        exists(OldIR::PhiInputOperand phiOperand, Overlap phiOperandOverlap |
+          phiOperand = getDegeneratePhiOperand(oldOperand.getAnyDef()) and
+          result = getNewDefinitionFromOldSSA(phiOperand, phiOperandOverlap) and
+          overlap = combineOverlap(phiOperandOverlap, originalOverlap)
         )
+      )
     )
   }
 

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_consistency.expected

@@ -10,13 +10,9 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
-| ssa.cpp:345:3:345:13 | Phi: return ... | Instruction 'Phi: return ...' is in a block with only 0 predecessors in function '$@'. | ssa.cpp:335:5:335:25 | int UnreachablePhiOperand(int, int) | int UnreachablePhiOperand(int, int) |
-| ssa.cpp:395:5:395:5 | Phi: ; | Instruction 'Phi: ;' is in a block with only 0 predecessors in function '$@'. | ssa.cpp:383:5:383:24 | int FusedBlockPhiOperand(int, int, int, bool) | int FusedBlockPhiOperand(int, int, int, bool) |
 memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
-| ssa.cpp:345:3:345:13 | Phi: return ... | Instruction 'Phi: return ...' is a member of 0 blocks in function '$@'. | ssa.cpp:335:5:335:25 | int UnreachablePhiOperand(int, int) | int UnreachablePhiOperand(int, int) |
-| ssa.cpp:395:5:395:5 | Phi: ; | Instruction 'Phi: ;' is a member of 0 blocks in function '$@'. | ssa.cpp:383:5:383:24 | int FusedBlockPhiOperand(int, int, int, bool) | int FusedBlockPhiOperand(int, int, int, bool) |
 containsLoopOfForwardEdges
 lostReachability
 backEdgeCountMismatch

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_consistency_unsound.expected

@@ -10,13 +10,9 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
-| ssa.cpp:345:3:345:13 | Phi: return ... | Instruction 'Phi: return ...' is in a block with only 0 predecessors in function '$@'. | ssa.cpp:335:5:335:25 | int UnreachablePhiOperand(int, int) | int UnreachablePhiOperand(int, int) |
-| ssa.cpp:395:5:395:5 | Phi: ; | Instruction 'Phi: ;' is in a block with only 0 predecessors in function '$@'. | ssa.cpp:383:5:383:24 | int FusedBlockPhiOperand(int, int, int, bool) | int FusedBlockPhiOperand(int, int, int, bool) |
 memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
-| ssa.cpp:345:3:345:13 | Phi: return ... | Instruction 'Phi: return ...' is a member of 0 blocks in function '$@'. | ssa.cpp:335:5:335:25 | int UnreachablePhiOperand(int, int) | int UnreachablePhiOperand(int, int) |
-| ssa.cpp:395:5:395:5 | Phi: ; | Instruction 'Phi: ;' is a member of 0 blocks in function '$@'. | ssa.cpp:383:5:383:24 | int FusedBlockPhiOperand(int, int, int, bool) | int FusedBlockPhiOperand(int, int, int, bool) |
 containsLoopOfForwardEdges
 lostReachability
 backEdgeCountMismatch

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected

@@ -1618,7 +1618,7 @@ ssa.cpp:
 #  340|     m340_4(int)        = Store[ret]               : &:r340_3, r340_2
 #  345|     r345_1(glval<int>) = VariableAddress[#return] : 
 #  345|     r345_2(glval<int>) = VariableAddress[ret]     : 
-#  345|     r345_3(int)        = Load[ret]                : &:r345_2
+#  345|     r345_3(int)        = Load[ret]                : &:r345_2, m340_4
 #  345|     m345_4(int)        = Store[#return]           : &:r345_1, r345_3
 #  335|     r335_9(glval<int>) = VariableAddress[#return] : 
 #  335|     v335_10(void)      = ReturnValue              : &:r335_9, m345_4

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir_unsound.expected

@@ -1608,7 +1608,7 @@ ssa.cpp:
 #  340|     m340_4(int)        = Store[ret]               : &:r340_3, r340_2
 #  345|     r345_1(glval<int>) = VariableAddress[#return] : 
 #  345|     r345_2(glval<int>) = VariableAddress[ret]     : 
-#  345|     r345_3(int)        = Load[ret]                : &:r345_2
+#  345|     r345_3(int)        = Load[ret]                : &:r345_2, m340_4
 #  345|     m345_4(int)        = Store[#return]           : &:r345_1, r345_3
 #  335|     r335_9(glval<int>) = VariableAddress[#return] : 
 #  335|     v335_10(void)      = ReturnValue              : &:r335_9, m345_4