Skip to content

Commit 34980bf

Browse files
MathiasVPMathiasVP
committed
C++: Add more QLDoc.
1 parent 7a0cbb4 commit 34980bf

File tree

1 file changed

+57
-0
lines changed

1 file changed

+57
-0
lines changed

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -452,6 +452,57 @@ class FinalParameterUse extends UseImpl, TFinalParameterUse {
452452
}
453453
}
454454

455+
/**
456+
* A use that models a synthetic "last use" of a global variable just before a
457+
* function returns.
458+
*
459+
* We model global variable flow by:
460+
* - Inserting a last use of any global variable that's modified by a function
461+
* - Flowing from the last use to the `VariableNode` that represents the global
462+
* variable.
463+
* - Flowing from the `VariableNode` to an "initial def" of the global variable
464+
* in any function that may read the global variable.
465+
* - Flowing from the initial definition to any subsequent uses of the global
466+
* variable in the function body.
467+
*
468+
* For example, consider the following pair of functions:
469+
* ```cpp
470+
* int global;
471+
* int source();
472+
* void sink(int);
473+
*
474+
* void set_global() {
475+
* global = source();
476+
* }
477+
*
478+
* void read_global() {
479+
* sink(global);
480+
* }
481+
* ```
482+
* we insert global uses and defs so that (from the point-of-view of dataflow)
483+
* the above scenario looks like:
484+
* ```cpp
485+
* int global; // (1)
486+
* int source();
487+
* void sink(int);
488+
*
489+
* void set_global() {
490+
* global = source();
491+
* __global_use(global); // (2)
492+
* }
493+
*
494+
* void read_global() {
495+
* global = __global_def; // (3)
496+
* sink(global); // (4)
497+
* }
498+
* ```
499+
* and flow from `source()` to the argument of `sink` is then modelled as
500+
* follows:
501+
* 1. Flow from `source()` to `(2)` (via SSA).
502+
* 2. Flow from `(2)` to `(1)` (via a `jumpStep`).
503+
* 3. Flow from `(1)` to `(3)` (via a `jumpStep`).
504+
* 4. Flow from `(3)` to `(4)` (via SSA).
505+
*/
455506
class GlobalUse extends UseImpl, TGlobalUse {
456507
GlobalLikeVariable global;
457508
IRFunction f;
@@ -499,6 +550,12 @@ class GlobalUse extends UseImpl, TGlobalUse {
499550
override BaseSourceVariableInstruction getBase() { none() }
500551
}
501552

553+
/**
554+
* A definition that models a synthetic "initial definition" of a global
555+
* variable just after the function entry point.
556+
*
557+
* See the QLDoc for `GlobalUse` for how this is used.
558+
*/
502559
class GlobalDefImpl extends DefOrUseImpl, TGlobalDefImpl {
503560
GlobalLikeVariable global;
504561
IRFunction f;

0 commit comments

Comments
 (0)