Merge pull request github#3006 from jbj/ir-no-static-init

C++: IR: Ignore constant static initializers

Author: Dave Bartolomeo

cpp/ql/src/semmle/code/cpp/Variable.qll

@@ -366,6 +366,49 @@ class LocalVariable extends LocalScopeVariable, @localvariable {
   }
 }
 
+/**
+ * A variable whose contents always have static storage duration. This can be a
+ * global variable, a namespace variable, a static local variable, or a static
+ * member variable.
+ */
+class StaticStorageDurationVariable extends Variable {
+  StaticStorageDurationVariable() {
+    this instanceof GlobalOrNamespaceVariable
+    or
+    this.(LocalVariable).isStatic()
+    or
+    this.(MemberVariable).isStatic()
+  }
+
+  /**
+   * Holds if the initializer for this variable is evaluated at compile time.
+   */
+  predicate hasConstantInitialization() {
+    not runtimeExprInStaticInitializer(this.getInitializer().getExpr())
+  }
+}
+
+/**
+ * Holds if `e` is an expression in a static initializer that must be evaluated
+ * at run time. This predicate computes "is non-const" instead of "is const"
+ * since computing "is const" for an aggregate literal with many children would
+ * either involve recursion through `forall` on those children or an iteration
+ * through the rank numbers of the children, both of which can be slow.
+ */
+private predicate runtimeExprInStaticInitializer(Expr e) {
+  inStaticInitializer(e) and
+  if e instanceof AggregateLiteral
+  then runtimeExprInStaticInitializer(e.getAChild())
+  else not e.getFullyConverted().isConstant()
+}
+
+/** Holds if `e` is part of the initializer of a `StaticStorageDurationVariable`. */
+private predicate inStaticInitializer(Expr e) {
+  exists(StaticStorageDurationVariable var | e = var.getInitializer().getExpr())
+  or
+  inStaticInitializer(e.getParent())
+}
+
 /**
  * A C/C++ variable which has global scope or namespace scope. For example the
  * variables `a` and `b` in the following code:

cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll

@@ -443,8 +443,7 @@ private Node getControlOrderChildSparse(Node n, int i) {
 private predicate skipInitializer(Initializer init) {
   exists(LocalVariable local |
     init = local.getInitializer() and
-    local.isStatic() and
-    not runtimeExprInStaticInitializer(init.getExpr())
+    local.(StaticStorageDurationVariable).hasConstantInitialization()
   )
 }
 

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -50,6 +50,14 @@ private predicate ignoreExprAndDescendants(Expr expr) {
   // constant value.
   isIRConstant(getRealParent(expr))
   or
+  // Only translate the initializer of a static local if it uses run-time data.
+  // Otherwise the initializer does not run in function scope.
+  exists(Initializer init, StaticStorageDurationVariable var |
+    init = var.getInitializer() and
+    var.hasConstantInitialization() and
+    expr = init.getExpr().getFullyConverted()
+  )
+  or
   // Ignore descendants of `__assume` expressions, since we translated these to `NoOp`.
   getRealParent(expr) instanceof AssumeExpr
   or

cpp/ql/test/library-tests/ir/ir/PrintAST.expected

@@ -8349,3 +8349,184 @@ perf-regression.cpp:
 #   12|           Type = [IntType] int
 #   12|           Value = [Literal] 0
 #   12|           ValueCategory = prvalue
+struct_init.cpp:
+#    1| [TopLevelFunction] int handler1(void*)
+#    1|   params: 
+#    1|     0: [Parameter] p
+#    1|         Type = [VoidPointerType] void *
+#    2| [TopLevelFunction] int handler2(void*)
+#    2|   params: 
+#    2|     0: [Parameter] p
+#    2|         Type = [VoidPointerType] void *
+#    4| [CopyAssignmentOperator] Info& Info::operator=(Info const&)
+#    4|   params: 
+#-----|     0: [Parameter] p#0
+#-----|         Type = [LValueReferenceType] const Info &
+#    4| [MoveAssignmentOperator] Info& Info::operator=(Info&&)
+#    4|   params: 
+#-----|     0: [Parameter] p#0
+#-----|         Type = [RValueReferenceType] Info &&
+#   16| [TopLevelFunction] void let_info_escape(Info*)
+#   16|   params: 
+#   16|     0: [Parameter] info
+#   16|         Type = [PointerType] Info *
+#   16|   body: [Block] { ... }
+#   17|     0: [ExprStmt] ExprStmt
+#   17|       0: [AssignExpr] ... = ...
+#   17|           Type = [PointerType] Info *
+#   17|           ValueCategory = lvalue
+#   17|         0: [VariableAccess] global_pointer
+#   17|             Type = [PointerType] Info *
+#   17|             ValueCategory = lvalue
+#   17|         1: [VariableAccess] info
+#   17|             Type = [PointerType] Info *
+#   17|             ValueCategory = prvalue(load)
+#   18|     1: [ReturnStmt] return ...
+#   20| [TopLevelFunction] void declare_static_infos()
+#   20|   params: 
+#   20|   body: [Block] { ... }
+#   21|     0: [DeclStmt] declaration
+#   21|       0: [VariableDeclarationEntry] definition of static_infos
+#   21|           Type = [ArrayType] Info[]
+#   21|         init: [Initializer] initializer for static_infos
+#   21|           expr: [ArrayAggregateLiteral] {...}
+#   21|               Type = [ArrayType] Info[2]
+#   21|               ValueCategory = prvalue
+#   22|             [0]: [ClassAggregateLiteral] {...}
+#   22|                 Type = [Struct] Info
+#   22|                 ValueCategory = prvalue
+#   22|               .name: [ArrayToPointerConversion] array to pointer conversion
+#   22|                   Type = [PointerType] const char *
+#   22|                   ValueCategory = prvalue
+#   22|                 expr: 1
+#   22|                     Type = [ArrayType] const char[2]
+#   22|                     Value = [StringLiteral] "1"
+#   22|                     ValueCategory = lvalue
+#   22|               .handler: [FunctionAccess] handler1
+#   22|                   Type = [FunctionPointerType] ..(*)(..)
+#   22|                   ValueCategory = prvalue(load)
+#   23|             [1]: [ClassAggregateLiteral] {...}
+#   23|                 Type = [Struct] Info
+#   23|                 ValueCategory = prvalue
+#   23|               .name: [ArrayToPointerConversion] array to pointer conversion
+#   23|                   Type = [PointerType] const char *
+#   23|                   ValueCategory = prvalue
+#   23|                 expr: 2
+#   23|                     Type = [ArrayType] const char[2]
+#   23|                     Value = [StringLiteral] "2"
+#   23|                     ValueCategory = lvalue
+#   23|               .handler: [AddressOfExpr] & ...
+#   23|                   Type = [FunctionPointerType] ..(*)(..)
+#   23|                   ValueCategory = prvalue
+#   23|                 0: [FunctionAccess] handler2
+#   23|                     Type = [RoutineType] ..()(..)
+#   23|                     ValueCategory = lvalue
+#   25|     1: [ExprStmt] ExprStmt
+#   25|       0: [FunctionCall] call to let_info_escape
+#   25|           Type = [VoidType] void
+#   25|           ValueCategory = prvalue
+#   25|         0: [ArrayToPointerConversion] array to pointer conversion
+#   25|             Type = [PointerType] Info *
+#   25|             ValueCategory = prvalue
+#   25|           expr: [VariableAccess] static_infos
+#   25|               Type = [ArrayType] Info[2]
+#   25|               ValueCategory = lvalue
+#   26|     2: [ReturnStmt] return ...
+#   28| [TopLevelFunction] void declare_local_infos()
+#   28|   params: 
+#   28|   body: [Block] { ... }
+#   29|     0: [DeclStmt] declaration
+#   29|       0: [VariableDeclarationEntry] definition of local_infos
+#   29|           Type = [ArrayType] Info[]
+#   29|         init: [Initializer] initializer for local_infos
+#   29|           expr: [ArrayAggregateLiteral] {...}
+#   29|               Type = [ArrayType] Info[2]
+#   29|               ValueCategory = prvalue
+#   30|             [0]: [ClassAggregateLiteral] {...}
+#   30|                 Type = [Struct] Info
+#   30|                 ValueCategory = prvalue
+#   30|               .name: [ArrayToPointerConversion] array to pointer conversion
+#   30|                   Type = [PointerType] const char *
+#   30|                   ValueCategory = prvalue
+#   30|                 expr: 1
+#   30|                     Type = [ArrayType] const char[2]
+#   30|                     Value = [StringLiteral] "1"
+#   30|                     ValueCategory = lvalue
+#   30|               .handler: [FunctionAccess] handler1
+#   30|                   Type = [FunctionPointerType] ..(*)(..)
+#   30|                   ValueCategory = prvalue(load)
+#   31|             [1]: [ClassAggregateLiteral] {...}
+#   31|                 Type = [Struct] Info
+#   31|                 ValueCategory = prvalue
+#   31|               .name: [ArrayToPointerConversion] array to pointer conversion
+#   31|                   Type = [PointerType] const char *
+#   31|                   ValueCategory = prvalue
+#   31|                 expr: 2
+#   31|                     Type = [ArrayType] const char[2]
+#   31|                     Value = [StringLiteral] "2"
+#   31|                     ValueCategory = lvalue
+#   31|               .handler: [AddressOfExpr] & ...
+#   31|                   Type = [FunctionPointerType] ..(*)(..)
+#   31|                   ValueCategory = prvalue
+#   31|                 0: [FunctionAccess] handler2
+#   31|                     Type = [RoutineType] ..()(..)
+#   31|                     ValueCategory = lvalue
+#   33|     1: [ExprStmt] ExprStmt
+#   33|       0: [FunctionCall] call to let_info_escape
+#   33|           Type = [VoidType] void
+#   33|           ValueCategory = prvalue
+#   33|         0: [ArrayToPointerConversion] array to pointer conversion
+#   33|             Type = [PointerType] Info *
+#   33|             ValueCategory = prvalue
+#   33|           expr: [VariableAccess] local_infos
+#   33|               Type = [ArrayType] Info[2]
+#   33|               ValueCategory = lvalue
+#   34|     2: [ReturnStmt] return ...
+#   36| [TopLevelFunction] void declare_static_runtime_infos(char const*)
+#   36|   params: 
+#   36|     0: [Parameter] name1
+#   36|         Type = [PointerType] const char *
+#   36|   body: [Block] { ... }
+#   37|     0: [DeclStmt] declaration
+#   37|       0: [VariableDeclarationEntry] definition of static_infos
+#   37|           Type = [ArrayType] Info[]
+#   37|         init: [Initializer] initializer for static_infos
+#   37|           expr: [ArrayAggregateLiteral] {...}
+#   37|               Type = [ArrayType] Info[2]
+#   37|               ValueCategory = prvalue
+#   38|             [0]: [ClassAggregateLiteral] {...}
+#   38|                 Type = [Struct] Info
+#   38|                 ValueCategory = prvalue
+#   38|               .name: [VariableAccess] name1
+#   38|                   Type = [PointerType] const char *
+#   38|                   ValueCategory = prvalue(load)
+#   38|               .handler: [FunctionAccess] handler1
+#   38|                   Type = [FunctionPointerType] ..(*)(..)
+#   38|                   ValueCategory = prvalue(load)
+#   39|             [1]: [ClassAggregateLiteral] {...}
+#   39|                 Type = [Struct] Info
+#   39|                 ValueCategory = prvalue
+#   39|               .name: [ArrayToPointerConversion] array to pointer conversion
+#   39|                   Type = [PointerType] const char *
+#   39|                   ValueCategory = prvalue
+#   39|                 expr: 2
+#   39|                     Type = [ArrayType] const char[2]
+#   39|                     Value = [StringLiteral] "2"
+#   39|                     ValueCategory = lvalue
+#   39|               .handler: [AddressOfExpr] & ...
+#   39|                   Type = [FunctionPointerType] ..(*)(..)
+#   39|                   ValueCategory = prvalue
+#   39|                 0: [FunctionAccess] handler2
+#   39|                     Type = [RoutineType] ..()(..)
+#   39|                     ValueCategory = lvalue
+#   41|     1: [ExprStmt] ExprStmt
+#   41|       0: [FunctionCall] call to let_info_escape
+#   41|           Type = [VoidType] void
+#   41|           ValueCategory = prvalue
+#   41|         0: [ArrayToPointerConversion] array to pointer conversion
+#   41|             Type = [PointerType] Info *
+#   41|             ValueCategory = prvalue
+#   41|           expr: [VariableAccess] static_infos
+#   41|               Type = [ArrayType] Info[2]
+#   41|               ValueCategory = lvalue
+#   42|     2: [ReturnStmt] return ...