Skip to content

Commit b0d3c9e

Browse files
jbjjbj
committed
C++: Fix getExtentOverlap for entire allocation
1 parent 79d5b88 commit b0d3c9e

File tree

6 files changed

+80
-59
lines changed

6 files changed

+80
-59
lines changed

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -430,10 +430,18 @@ private Overlap getExtentOverlap(MemoryLocation def, MemoryLocation use) {
430430
use instanceof EntireAllocationMemoryLocation and
431431
result instanceof MustExactlyOverlap
432432
or
433-
// EntireAllocationMemoryLocation totally overlaps any location within the same virtual
434-
// variable.
435433
not use instanceof EntireAllocationMemoryLocation and
436-
result instanceof MustTotallyOverlap
434+
if def.getAllocation() = use.getAllocation()
435+
then
436+
// EntireAllocationMemoryLocation totally overlaps any location within
437+
// the same allocation.
438+
result instanceof MustTotallyOverlap
439+
else (
440+
// There is no overlap with a location that's known to belong to a
441+
// different allocation, but all other locations may partially overlap.
442+
not exists(use.getAllocation()) and
443+
result instanceof MayPartiallyOverlap
444+
)
437445
)
438446
or
439447
exists(VariableMemoryLocation defVariableLocation |

cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ lostReachability
2020
backEdgeCountMismatch
2121
useNotDominatedByDefinition
2222
switchInstructionWithoutDefaultEdge
23+
notMarkedAsConflated
24+
wronglyMarkedAsConflated
2325
missingCanonicalLanguageType
2426
multipleCanonicalLanguageTypes
2527
missingIRType

cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,8 @@ lostReachability
2020
backEdgeCountMismatch
2121
useNotDominatedByDefinition
2222
switchInstructionWithoutDefaultEdge
23+
notMarkedAsConflated
24+
wronglyMarkedAsConflated
2325
missingCanonicalLanguageType
2426
multipleCanonicalLanguageTypes
2527
missingIRType

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected

Lines changed: 61 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -824,41 +824,43 @@ ssa.cpp:
824824
# 184| m184_7(unsigned int &) = InitializeParameter[a] : &:r184_6
825825
# 184| r184_8(unsigned int &) = Load : &:r184_6, m184_7
826826
# 184| m184_9(unknown) = InitializeIndirection[a] : &:r184_8
827-
# 184| r184_10(glval<unsigned int &>) = VariableAddress[b] :
828-
# 184| m184_11(unsigned int &) = InitializeParameter[b] : &:r184_10
829-
# 184| r184_12(unsigned int &) = Load : &:r184_10, m184_11
830-
# 184| m184_13(unknown) = InitializeIndirection[b] : &:r184_12
831-
# 184| r184_14(glval<unsigned int &>) = VariableAddress[c] :
832-
# 184| m184_15(unsigned int &) = InitializeParameter[c] : &:r184_14
833-
# 184| r184_16(unsigned int &) = Load : &:r184_14, m184_15
834-
# 184| m184_17(unknown) = InitializeIndirection[c] : &:r184_16
835-
# 184| r184_18(glval<unsigned int &>) = VariableAddress[d] :
836-
# 184| m184_19(unsigned int &) = InitializeParameter[d] : &:r184_18
837-
# 184| r184_20(unsigned int &) = Load : &:r184_18, m184_19
838-
# 184| m184_21(unknown) = InitializeIndirection[d] : &:r184_20
827+
# 184| m184_10(unknown) = Chi : total:m184_4, partial:m184_9
828+
# 184| r184_11(glval<unsigned int &>) = VariableAddress[b] :
829+
# 184| m184_12(unsigned int &) = InitializeParameter[b] : &:r184_11
830+
# 184| r184_13(unsigned int &) = Load : &:r184_11, m184_12
831+
# 184| m184_14(unknown) = InitializeIndirection[b] : &:r184_13
832+
# 184| m184_15(unknown) = Chi : total:m184_10, partial:m184_14
833+
# 184| r184_16(glval<unsigned int &>) = VariableAddress[c] :
834+
# 184| m184_17(unsigned int &) = InitializeParameter[c] : &:r184_16
835+
# 184| r184_18(unsigned int &) = Load : &:r184_16, m184_17
836+
# 184| m184_19(unknown) = InitializeIndirection[c] : &:r184_18
837+
# 184| r184_20(glval<unsigned int &>) = VariableAddress[d] :
838+
# 184| m184_21(unsigned int &) = InitializeParameter[d] : &:r184_20
839+
# 184| r184_22(unsigned int &) = Load : &:r184_20, m184_21
840+
# 184| m184_23(unknown) = InitializeIndirection[d] : &:r184_22
839841
# 189| r189_1(glval<unsigned int &>) = VariableAddress[a] :
840842
# 189| r189_2(unsigned int &) = Load : &:r189_1, m184_7
841843
# 189| r189_3(glval<unsigned int>) = CopyValue : r189_2
842844
# 189| r189_4(glval<unsigned int &>) = VariableAddress[b] :
843-
# 189| r189_5(unsigned int &) = Load : &:r189_4, m184_11
845+
# 189| r189_5(unsigned int &) = Load : &:r189_4, m184_12
844846
# 189| r189_6(glval<unsigned int>) = CopyValue : r189_5
845847
# 190| r190_1(glval<unsigned int &>) = VariableAddress[c] :
846-
# 190| r190_2(unsigned int &) = Load : &:r190_1, m184_15
847-
# 190| r190_3(unsigned int) = Load : &:r190_2, ~m184_17
848+
# 190| r190_2(unsigned int &) = Load : &:r190_1, m184_17
849+
# 190| r190_3(unsigned int) = Load : &:r190_2, ~m184_19
848850
# 190| r190_4(glval<unsigned int &>) = VariableAddress[d] :
849-
# 190| r190_5(unsigned int &) = Load : &:r190_4, m184_19
850-
# 190| r190_6(unsigned int) = Load : &:r190_5, ~m184_21
851-
# 186| m186_1(unknown) = InlineAsm : ~m184_13, 0:r189_3, 1:r189_6, 2:r190_3, 3:r190_6
852-
# 186| m186_2(unknown) = Chi : total:m184_13, partial:m186_1
851+
# 190| r190_5(unsigned int &) = Load : &:r190_4, m184_21
852+
# 190| r190_6(unsigned int) = Load : &:r190_5, ~m184_23
853+
# 186| m186_1(unknown) = InlineAsm : ~m184_15, 0:r189_3, 1:r189_6, 2:r190_3, 3:r190_6
854+
# 186| m186_2(unknown) = Chi : total:m184_15, partial:m186_1
853855
# 192| v192_1(void) = NoOp :
854-
# 184| v184_22(void) = ReturnIndirection : &:r184_8, ~m186_2
855-
# 184| v184_23(void) = ReturnIndirection : &:r184_12, ~m186_2
856-
# 184| v184_24(void) = ReturnIndirection : &:r184_16, m184_17
857-
# 184| v184_25(void) = ReturnIndirection : &:r184_20, m184_21
858-
# 184| v184_26(void) = ReturnVoid :
859-
# 184| v184_27(void) = UnmodeledUse : mu*
860-
# 184| v184_28(void) = AliasedUse : ~m186_2
861-
# 184| v184_29(void) = ExitFunction :
856+
# 184| v184_24(void) = ReturnIndirection : &:r184_8, ~m186_2
857+
# 184| v184_25(void) = ReturnIndirection : &:r184_13, ~m186_2
858+
# 184| v184_26(void) = ReturnIndirection : &:r184_18, m184_19
859+
# 184| v184_27(void) = ReturnIndirection : &:r184_22, m184_23
860+
# 184| v184_28(void) = ReturnVoid :
861+
# 184| v184_29(void) = UnmodeledUse : mu*
862+
# 184| v184_30(void) = AliasedUse : ~m186_2
863+
# 184| v184_31(void) = ExitFunction :
862864

863865
# 198| int PureFunctions(char*, char*, int)
864866
# 198| Block 0
@@ -1147,18 +1149,19 @@ ssa.cpp:
11471149
# 247| m247_7(char *) = InitializeParameter[src] : &:r247_6
11481150
# 247| r247_8(char *) = Load : &:r247_6, m247_7
11491151
# 247| m247_9(unknown) = InitializeIndirection[src] : &:r247_8
1150-
# 247| r247_10(glval<int>) = VariableAddress[size] :
1151-
# 247| m247_11(int) = InitializeParameter[size] : &:r247_10
1152+
# 247| m247_10(unknown) = Chi : total:m247_4, partial:m247_9
1153+
# 247| r247_11(glval<int>) = VariableAddress[size] :
1154+
# 247| m247_12(int) = InitializeParameter[size] : &:r247_11
11521155
# 248| r248_1(glval<char *>) = VariableAddress[dst] :
11531156
# 248| r248_2(glval<unknown>) = FunctionAddress[operator new[]] :
11541157
# 248| r248_3(glval<int>) = VariableAddress[size] :
1155-
# 248| r248_4(int) = Load : &:r248_3, m247_11
1158+
# 248| r248_4(int) = Load : &:r248_3, m247_12
11561159
# 248| r248_5(unsigned long) = Convert : r248_4
11571160
# 248| r248_6(unsigned long) = Constant[1] :
11581161
# 248| r248_7(unsigned long) = Mul : r248_5, r248_6
11591162
# 248| r248_8(void *) = Call : func:r248_2, 0:r248_7
1160-
# 248| m248_9(unknown) = ^CallSideEffect : ~m247_9
1161-
# 248| m248_10(unknown) = Chi : total:m247_9, partial:m248_9
1163+
# 248| m248_9(unknown) = ^CallSideEffect : ~m247_10
1164+
# 248| m248_10(unknown) = Chi : total:m247_10, partial:m248_9
11621165
# 248| r248_11(char *) = Convert : r248_8
11631166
# 248| m248_12(char *) = Store : &:r248_1, r248_11
11641167
# 249| r249_1(char) = Constant[97] :
@@ -1175,7 +1178,7 @@ ssa.cpp:
11751178
# 250| r250_6(char *) = Load : &:r250_5, m247_7
11761179
# 250| r250_7(void *) = Convert : r250_6
11771180
# 250| r250_8(glval<int>) = VariableAddress[size] :
1178-
# 250| r250_9(int) = Load : &:r250_8, m247_11
1181+
# 250| r250_9(int) = Load : &:r250_8, m247_12
11791182
# 250| r250_10(void *) = Call : func:r250_1, 0:r250_4, 1:r250_7, 2:r250_9
11801183
# 250| v250_11(void) = ^SizedBufferReadSideEffect[1] : &:r250_7, r250_9, ~m249_6
11811184
# 250| m250_12(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r250_4, r250_9
@@ -1184,12 +1187,12 @@ ssa.cpp:
11841187
# 251| r251_2(glval<char *>) = VariableAddress[dst] :
11851188
# 251| r251_3(char *) = Load : &:r251_2, m248_12
11861189
# 251| m251_4(char *) = Store : &:r251_1, r251_3
1187-
# 247| v247_12(void) = ReturnIndirection : &:r247_8, ~m250_13
1188-
# 247| r247_13(glval<char *>) = VariableAddress[#return] :
1189-
# 247| v247_14(void) = ReturnValue : &:r247_13, m251_4
1190-
# 247| v247_15(void) = UnmodeledUse : mu*
1191-
# 247| v247_16(void) = AliasedUse : ~m250_13
1192-
# 247| v247_17(void) = ExitFunction :
1190+
# 247| v247_13(void) = ReturnIndirection : &:r247_8, ~m250_13
1191+
# 247| r247_14(glval<char *>) = VariableAddress[#return] :
1192+
# 247| v247_15(void) = ReturnValue : &:r247_14, m251_4
1193+
# 247| v247_16(void) = UnmodeledUse : mu*
1194+
# 247| v247_17(void) = AliasedUse : ~m250_13
1195+
# 247| v247_18(void) = ExitFunction :
11931196

11941197
# 254| char StringLiteralAliasing2(bool)
11951198
# 254| Block 0
@@ -1250,35 +1253,37 @@ ssa.cpp:
12501253
# 268| m268_7(void *) = InitializeParameter[s] : &:r268_6
12511254
# 268| r268_8(void *) = Load : &:r268_6, m268_7
12521255
# 268| m268_9(unknown) = InitializeIndirection[s] : &:r268_8
1253-
# 268| r268_10(glval<int>) = VariableAddress[size] :
1254-
# 268| m268_11(int) = InitializeParameter[size] : &:r268_10
1256+
# 268| m268_10(unknown) = Chi : total:m268_4, partial:m268_9
1257+
# 268| r268_11(glval<int>) = VariableAddress[size] :
1258+
# 268| m268_12(int) = InitializeParameter[size] : &:r268_11
12551259
# 269| r269_1(glval<void *>) = VariableAddress[buf] :
12561260
# 269| r269_2(glval<unknown>) = FunctionAddress[malloc] :
12571261
# 269| r269_3(glval<int>) = VariableAddress[size] :
1258-
# 269| r269_4(int) = Load : &:r269_3, m268_11
1262+
# 269| r269_4(int) = Load : &:r269_3, m268_12
12591263
# 269| r269_5(void *) = Call : func:r269_2, 0:r269_4
1260-
# 269| m269_6(unknown) = ^CallSideEffect : ~m268_9
1261-
# 269| m269_7(unknown) = Chi : total:m268_9, partial:m269_6
1264+
# 269| m269_6(unknown) = ^CallSideEffect : ~m268_10
1265+
# 269| m269_7(unknown) = Chi : total:m268_10, partial:m269_6
12621266
# 269| m269_8(unknown) = ^InitializeDynamicAllocation : &:r269_5
1263-
# 269| m269_9(void *) = Store : &:r269_1, r269_5
1267+
# 269| m269_9(unknown) = Chi : total:m269_7, partial:m269_8
1268+
# 269| m269_10(void *) = Store : &:r269_1, r269_5
12641269
# 270| r270_1(glval<unknown>) = FunctionAddress[memcpy] :
12651270
# 270| r270_2(glval<void *>) = VariableAddress[buf] :
1266-
# 270| r270_3(void *) = Load : &:r270_2, m269_9
1271+
# 270| r270_3(void *) = Load : &:r270_2, m269_10
12671272
# 270| r270_4(glval<void *>) = VariableAddress[s] :
12681273
# 270| r270_5(void *) = Load : &:r270_4, m268_7
12691274
# 270| r270_6(glval<int>) = VariableAddress[size] :
1270-
# 270| r270_7(int) = Load : &:r270_6, m268_11
1275+
# 270| r270_7(int) = Load : &:r270_6, m268_12
12711276
# 270| r270_8(void *) = Call : func:r270_1, 0:r270_3, 1:r270_5, 2:r270_7
1272-
# 270| v270_9(void) = ^SizedBufferReadSideEffect[1] : &:r270_5, r270_7, ~m269_8
1277+
# 270| v270_9(void) = ^SizedBufferReadSideEffect[1] : &:r270_5, r270_7, ~m269_7
12731278
# 270| m270_10(unknown) = ^SizedBufferMustWriteSideEffect[0] : &:r270_3, r270_7
1274-
# 270| m270_11(unknown) = Chi : total:m269_8, partial:m270_10
1279+
# 270| m270_11(unknown) = Chi : total:m269_9, partial:m270_10
12751280
# 271| r271_1(glval<void *>) = VariableAddress[#return] :
12761281
# 271| r271_2(glval<void *>) = VariableAddress[buf] :
1277-
# 271| r271_3(void *) = Load : &:r271_2, m269_9
1282+
# 271| r271_3(void *) = Load : &:r271_2, m269_10
12781283
# 271| m271_4(void *) = Store : &:r271_1, r271_3
1279-
# 268| v268_12(void) = ReturnIndirection : &:r268_8, ~m270_11
1280-
# 268| r268_13(glval<void *>) = VariableAddress[#return] :
1281-
# 268| v268_14(void) = ReturnValue : &:r268_13, m271_4
1282-
# 268| v268_15(void) = UnmodeledUse : mu*
1283-
# 268| v268_16(void) = AliasedUse : ~m270_11
1284-
# 268| v268_17(void) = ExitFunction :
1284+
# 268| v268_13(void) = ReturnIndirection : &:r268_8, ~m270_11
1285+
# 268| r268_14(glval<void *>) = VariableAddress[#return] :
1286+
# 268| v268_15(void) = ReturnValue : &:r268_14, m271_4
1287+
# 268| v268_16(void) = UnmodeledUse : mu*
1288+
# 268| v268_17(void) = AliasedUse : ~m270_11
1289+
# 268| v268_18(void) = ExitFunction :

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ lostReachability
1616
backEdgeCountMismatch
1717
useNotDominatedByDefinition
1818
switchInstructionWithoutDefaultEdge
19+
notMarkedAsConflated
20+
wronglyMarkedAsConflated
1921
missingCanonicalLanguageType
2022
multipleCanonicalLanguageTypes
2123
missingIRType

cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@ lostReachability
1616
backEdgeCountMismatch
1717
useNotDominatedByDefinition
1818
switchInstructionWithoutDefaultEdge
19+
notMarkedAsConflated
20+
wronglyMarkedAsConflated
1921
missingCanonicalLanguageType
2022
multipleCanonicalLanguageTypes
2123
missingIRType

0 commit comments

Comments
 (0)