Merge pull request github#3255 from dbartol/dbartol/UnmodeledDefinition

C++: Connect `InitializeIndirection` to `UnmodeledDefinition`

Author: rdmarsh2

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll

@@ -149,6 +149,26 @@ module InstructionSanity {
     count(instr.getBlock().getAPredecessor()) < 2
   }
 
+  /**
+   * Holds if a memory operand is connected to a definition with an unmodeled result, other than
+   * `UnmodeledDefinition` itself.
+   */
+  query predicate memoryOperandDefinitionIsUnmodeled(
+    Instruction instr, string message, IRFunction func, string funcText
+  ) {
+    exists(MemoryOperand operand, Instruction def |
+      operand = instr.getAnOperand() and
+      not operand instanceof UnmodeledUseOperand and
+      def = operand.getAnyDef() and
+      not def.isResultModeled() and
+      not def instanceof UnmodeledDefinitionInstruction and
+      message =
+        "Memory operand definition has unmodeled result, but is not the `UnmodeledDefinition` instruction in function '$@'" and
+      func = instr.getEnclosingIRFunction() and
+      funcText = Language::getIdentityString(func.getFunction())
+    )
+  }
+
   /**
    * Holds if operand `operand` consumes a value that was defined in
    * a different function.

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll

@@ -149,6 +149,26 @@ module InstructionSanity {
     count(instr.getBlock().getAPredecessor()) < 2
   }
 
+  /**
+   * Holds if a memory operand is connected to a definition with an unmodeled result, other than
+   * `UnmodeledDefinition` itself.
+   */
+  query predicate memoryOperandDefinitionIsUnmodeled(
+    Instruction instr, string message, IRFunction func, string funcText
+  ) {
+    exists(MemoryOperand operand, Instruction def |
+      operand = instr.getAnOperand() and
+      not operand instanceof UnmodeledUseOperand and
+      def = operand.getAnyDef() and
+      not def.isResultModeled() and
+      not def instanceof UnmodeledDefinitionInstruction and
+      message =
+        "Memory operand definition has unmodeled result, but is not the `UnmodeledDefinition` instruction in function '$@'" and
+      func = instr.getEnclosingIRFunction() and
+      funcText = Language::getIdentityString(func.getFunction())
+    )
+  }
+
   /**
    * Holds if operand `operand` consumes a value that was defined in
    * a different function.

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/TranslatedFunction.qll

@@ -454,7 +454,7 @@ abstract class TranslatedParameter extends TranslatedElement {
       result = getInstruction(InitializerVariableAddressTag())
       or
       operandTag instanceof LoadOperandTag and
-      result = getInstruction(InitializerStoreTag())
+      result = getTranslatedFunction(getFunction()).getUnmodeledDefinitionInstruction()
     )
     or
     tag = InitializerIndirectStoreTag() and

cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll

@@ -149,6 +149,26 @@ module InstructionSanity {
     count(instr.getBlock().getAPredecessor()) < 2
   }
 
+  /**
+   * Holds if a memory operand is connected to a definition with an unmodeled result, other than
+   * `UnmodeledDefinition` itself.
+   */
+  query predicate memoryOperandDefinitionIsUnmodeled(
+    Instruction instr, string message, IRFunction func, string funcText
+  ) {
+    exists(MemoryOperand operand, Instruction def |
+      operand = instr.getAnOperand() and
+      not operand instanceof UnmodeledUseOperand and
+      def = operand.getAnyDef() and
+      not def.isResultModeled() and
+      not def instanceof UnmodeledDefinitionInstruction and
+      message =
+        "Memory operand definition has unmodeled result, but is not the `UnmodeledDefinition` instruction in function '$@'" and
+      func = instr.getEnclosingIRFunction() and
+      funcText = Language::getIdentityString(func.getFunction())
+    )
+  }
+
   /**
    * Holds if operand `operand` consumes a value that was defined in
    * a different function.

cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected

@@ -13,6 +13,7 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
+memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
 containsLoopOfForwardEdges

cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected

@@ -13,6 +13,7 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
+memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
 containsLoopOfForwardEdges

cpp/ql/test/library-tests/ir/ir/raw_ir.expected

@@ -13,6 +13,7 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
+memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
 containsLoopOfForwardEdges

cpp/ql/test/library-tests/ir/ir/raw_sanity.expected

@@ -13,6 +13,7 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
+memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
 containsLoopOfForwardEdges

cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected

@@ -13,6 +13,7 @@ instructionWithoutSuccessor
 ambiguousSuccessors
 unexplainedLoop
 unnecessaryPhiInstruction
+memoryOperandDefinitionIsUnmodeled
 operandAcrossFunctions
 instructionWithoutUniqueBlock
 containsLoopOfForwardEdges