C++/C#: Fix bad overlap sanity failures

`Instruction.getDefinitionOverlap()` depends on `SSAConstruction::getMemoryOperandDefinition()`, which in turn depends on `SSAConstruction::hasMemoryOperandDefinition()`. When the definition in question came from a `Chi` instruction, `hasMemoryOperandDefinition()` incorrectly bound `overlap` to the overlap relationship between the original (non-`Chi`) instruction and the use. The fix is to make use of the `actualDefLocation` parameter to `getDefinitionOrChiInstruction()`, which specifies the location for the result of the `Chi` in that case.

Author: Dave Bartolomeo

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll

@@ -84,14 +84,15 @@ private module Cached {
     oldOperand instanceof OldIR::NonPhiMemoryOperand and
     exists(
       OldBlock useBlock, int useRank, Alias::MemoryLocation useLocation,
-      Alias::MemoryLocation defLocation, OldBlock defBlock, int defRank, int defOffset
+      Alias::MemoryLocation defLocation, OldBlock defBlock, int defRank, int defOffset,
+      Alias::MemoryLocation actualDefLocation
     |
       useLocation = Alias::getOperandMemoryLocation(oldOperand) and
       hasUseAtRank(useLocation, useBlock, useRank, oldInstruction) and
       definitionReachesUse(useLocation, defBlock, defRank, useBlock, useRank) and
       hasDefinitionAtRank(useLocation, defLocation, defBlock, defRank, defOffset) and
-      instr = getDefinitionOrChiInstruction(defBlock, defOffset, defLocation, _) and
-      overlap = Alias::getOverlap(defLocation, useLocation)
+      instr = getDefinitionOrChiInstruction(defBlock, defOffset, defLocation, actualDefLocation) and
+      overlap = Alias::getOverlap(actualDefLocation, useLocation)
     )
   }
 

cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll

@@ -84,14 +84,15 @@ private module Cached {
     oldOperand instanceof OldIR::NonPhiMemoryOperand and
     exists(
       OldBlock useBlock, int useRank, Alias::MemoryLocation useLocation,
-      Alias::MemoryLocation defLocation, OldBlock defBlock, int defRank, int defOffset
+      Alias::MemoryLocation defLocation, OldBlock defBlock, int defRank, int defOffset,
+      Alias::MemoryLocation actualDefLocation
     |
       useLocation = Alias::getOperandMemoryLocation(oldOperand) and
       hasUseAtRank(useLocation, useBlock, useRank, oldInstruction) and
       definitionReachesUse(useLocation, defBlock, defRank, useBlock, useRank) and
       hasDefinitionAtRank(useLocation, defLocation, defBlock, defRank, defOffset) and
-      instr = getDefinitionOrChiInstruction(defBlock, defOffset, defLocation, _) and
-      overlap = Alias::getOverlap(defLocation, useLocation)
+      instr = getDefinitionOrChiInstruction(defBlock, defOffset, defLocation, actualDefLocation) and
+      overlap = Alias::getOverlap(actualDefLocation, useLocation)
     )
   }
 

cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected

@@ -459,7 +459,7 @@ ssa.cpp:
 #  112|     m112_12(Point)       = Chi                    : total:m112_7, partial:m112_11
 #  113|     r113_1(glval<Point>) = VariableAddress[b]     : 
 #  113|     r113_2(glval<Point>) = VariableAddress[a]     : 
-#  113|     r113_3(Point)        = Load                   : &:r113_2, ~m112_12
+#  113|     r113_3(Point)        = Load                   : &:r113_2, m112_12
 #  113|     m113_4(Point)        = Store                  : &:r113_1, r113_3
 #  114|     v114_1(void)         = NoOp                   : 
 #  111|     v111_10(void)        = ReturnVoid             : 

cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected

@@ -457,7 +457,7 @@ ssa.cpp:
 #  112|     m112_12(Point)       = Chi                    : total:m112_7, partial:m112_11
 #  113|     r113_1(glval<Point>) = VariableAddress[b]     : 
 #  113|     r113_2(glval<Point>) = VariableAddress[a]     : 
-#  113|     r113_3(Point)        = Load                   : &:r113_2, ~m112_12
+#  113|     r113_3(Point)        = Load                   : &:r113_2, m112_12
 #  113|     m113_4(Point)        = Store                  : &:r113_1, r113_3
 #  114|     v114_1(void)         = NoOp                   : 
 #  111|     v111_10(void)        = ReturnVoid             : 
@@ -490,7 +490,7 @@ ssa.cpp:
 #  117|     m117_12(Point)         = Chi                          : total:m117_7, partial:m117_11
 #  118|     r118_1(glval<Point>)   = VariableAddress[b]           : 
 #  118|     r118_2(glval<Point>)   = VariableAddress[a]           : 
-#  118|     r118_3(Point)          = Load                         : &:r118_2, ~m117_12
+#  118|     r118_3(Point)          = Load                         : &:r118_2, m117_12
 #  118|     m118_4(Point)          = Store                        : &:r118_1, r118_3
 #  119|     r119_1(glval<unknown>) = FunctionAddress[Escape]      : 
 #  119|     r119_2(glval<Point>)   = VariableAddress[a]           : 
@@ -941,7 +941,7 @@ ssa.cpp:
 #  209|     m209_12(int)           = Chi                                : total:m208_2, partial:m209_11
 #  210|     r210_1(glval<int>)     = VariableAddress[#return]           : 
 #  210|     r210_2(glval<int>)     = VariableAddress[y]                 : 
-#  210|     r210_3(int)            = Load                               : &:r210_2, ~m209_12
+#  210|     r210_3(int)            = Load                               : &:r210_2, m209_12
 #  210|     m210_4(int)            = Store                              : &:r210_1, r210_3
 #  207|     r207_8(glval<int>)     = VariableAddress[#return]           : 
 #  207|     v207_9(void)           = ReturnValue                        : &:r207_8, m210_4
@@ -1179,7 +1179,7 @@ ssa.cpp:
 #  251|     r251_2(glval<char *>)  = VariableAddress[dst]               : 
 #  251|     r251_3(char *)         = Load                               : &:r251_2, m248_12
 #  251|     m251_4(char *)         = Store                              : &:r251_1, r251_3
-#  247|     v247_12(void)          = ReturnIndirection                  : &:r247_8, ~m249_6
+#  247|     v247_12(void)          = ReturnIndirection                  : &:r247_8, m249_6
 #  247|     r247_13(glval<char *>) = VariableAddress[#return]           : 
 #  247|     v247_14(void)          = ReturnValue                        : &:r247_13, m251_4
 #  247|     v247_15(void)          = UnmodeledUse                       : mu*

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_ir.expected

@@ -17,41 +17,6 @@ backEdgeCountMismatch
 useNotDominatedByDefinition
 switchInstructionWithoutDefaultEdge
 invalidOverlap
-| ssa.cpp:95:6:95:30 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:95:6:95:30 | IR: MustExactlyOverlapEscaped | void MustExactlyOverlapEscaped(Point) |
-| ssa.cpp:97:3:97:8 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:95:6:95:30 | IR: MustExactlyOverlapEscaped | void MustExactlyOverlapEscaped(Point) |
-| ssa.cpp:97:10:97:11 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:95:6:95:30 | IR: MustExactlyOverlapEscaped | void MustExactlyOverlapEscaped(Point) |
-| ssa.cpp:105:6:105:30 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:105:6:105:30 | IR: MustTotallyOverlapEscaped | void MustTotallyOverlapEscaped(Point) |
-| ssa.cpp:108:3:108:8 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:105:6:105:30 | IR: MustTotallyOverlapEscaped | void MustTotallyOverlapEscaped(Point) |
-| ssa.cpp:108:10:108:11 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:105:6:105:30 | IR: MustTotallyOverlapEscaped | void MustTotallyOverlapEscaped(Point) |
-| ssa.cpp:113:13:113:13 | Load | MemoryOperand 'Load' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:111:6:111:24 | IR: MayPartiallyOverlap | void MayPartiallyOverlap(int, int) |
-| ssa.cpp:116:6:116:31 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:116:6:116:31 | IR: MayPartiallyOverlapEscaped | void MayPartiallyOverlapEscaped(int, int) |
-| ssa.cpp:118:13:118:13 | Load | MemoryOperand 'Load' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:116:6:116:31 | IR: MayPartiallyOverlapEscaped | void MayPartiallyOverlapEscaped(int, int) |
-| ssa.cpp:119:3:119:8 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:116:6:116:31 | IR: MayPartiallyOverlapEscaped | void MayPartiallyOverlapEscaped(int, int) |
-| ssa.cpp:119:10:119:11 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:116:6:116:31 | IR: MayPartiallyOverlapEscaped | void MayPartiallyOverlapEscaped(int, int) |
-| ssa.cpp:179:5:179:11 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:179:5:179:11 | IR: AsmStmt | int AsmStmt(int*) |
-| ssa.cpp:180:3:180:14 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:179:5:179:11 | IR: AsmStmt | int AsmStmt(int*) |
-| ssa.cpp:184:13:184:30 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:184:13:184:30 | IR: AsmStmtWithOutputs | void AsmStmtWithOutputs(unsigned int&, unsigned int&, unsigned int&, unsigned int&) |
-| ssa.cpp:184:46:184:46 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:184:13:184:30 | IR: AsmStmtWithOutputs | void AsmStmtWithOutputs(unsigned int&, unsigned int&, unsigned int&, unsigned int&) |
-| ssa.cpp:184:63:184:63 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:184:13:184:30 | IR: AsmStmtWithOutputs | void AsmStmtWithOutputs(unsigned int&, unsigned int&, unsigned int&, unsigned int&) |
-| ssa.cpp:210:10:210:10 | Load | MemoryOperand 'Load' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:207:5:207:21 | IR: ModeledCallTarget | int ModeledCallTarget(int) |
-| ssa.cpp:226:6:226:26 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:226:6:226:26 | IR: StringLiteralAliasing | char StringLiteralAliasing() |
-| ssa.cpp:227:3:227:14 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:226:6:226:26 | IR: StringLiteralAliasing | char StringLiteralAliasing() |
-| ssa.cpp:239:6:239:29 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:240:19:240:20 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:241:3:241:3 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:241:5:241:5 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:242:3:242:3 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:242:5:242:5 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:243:21:243:37 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:244:3:244:4 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:244:6:244:6 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:239:6:239:29 | IR: ExplicitConstructorCalls | void ExplicitConstructorCalls() |
-| ssa.cpp:247:7:247:32 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:247:7:247:32 | IR: VoidStarIndirectParameters | char* VoidStarIndirectParameters(char*, int) |
-| ssa.cpp:247:40:247:42 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:247:7:247:32 | IR: VoidStarIndirectParameters | char* VoidStarIndirectParameters(char*, int) |
-| ssa.cpp:250:15:250:17 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:247:7:247:32 | IR: VoidStarIndirectParameters | char* VoidStarIndirectParameters(char*, int) |
-| ssa.cpp:256:5:256:16 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:254:6:254:27 | IR: StringLiteralAliasing2 | char StringLiteralAliasing2(bool) |
-| ssa.cpp:259:5:259:16 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:254:6:254:27 | IR: StringLiteralAliasing2 | char StringLiteralAliasing2(bool) |
-| ssa.cpp:268:7:268:20 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:268:7:268:20 | IR: MallocAliasing | void* MallocAliasing(void*, int) |
-| ssa.cpp:268:28:268:28 | SideEffect | MemoryOperand 'SideEffect' has a `getDefinitionOverlap()` of 'MayPartiallyOverlap'. | ssa.cpp:268:7:268:20 | IR: MallocAliasing | void* MallocAliasing(void*, int) |
 missingCanonicalLanguageType
 multipleCanonicalLanguageTypes
 missingIRType