C++: Add a new opcode and instruction.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll

@@ -13,7 +13,8 @@ private newtype TMemoryAccessKind =
   TPhiMemoryAccess() or
   TUnmodeledMemoryAccess() or
   TChiTotalMemoryAccess() or
-  TChiPartialMemoryAccess()
+  TChiPartialMemoryAccess() or
+  TGroupedMemoryAccess()
 
 /**
  * Describes the set of memory locations memory accessed by a memory operand or
@@ -99,3 +100,11 @@ class ChiTotalMemoryAccess extends MemoryAccessKind, TChiTotalMemoryAccess {
 class ChiPartialMemoryAccess extends MemoryAccessKind, TChiPartialMemoryAccess {
   override string toString() { result = "chi(partial)" }
 }
+
+/**
+ * The result of an `InitializeGroup` instruction, which initializes a set of
+ * allocations that are each assigned the same virtual variable.
+ */
+class GroupedMemoryAccess extends MemoryAccessKind, TGroupedMemoryAccess {
+  override string toString() { result = "group" }
+}

cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll

@@ -89,6 +89,7 @@ private newtype TOpcode =
   TSizedBufferMayWriteSideEffect() or
   TInitializeDynamicAllocation() or
   TChi() or
+  TInitializeGroup() or
   TInlineAsm() or
   TUnreached() or
   TNewObj()
@@ -1237,6 +1238,17 @@ module Opcode {
     }
   }
 
+  /**
+   * The `Opcode` for a `InitializeGroup`.
+   *
+   * See the `InitializeGroupInstruction` documentation for more details.
+   */
+  class InitializeGroup extends Opcode, TInitializeGroup {
+    final override string toString() { result = "InitializeGroup" }
+
+    override GroupedMemoryAccess getWriteMemoryAccess() { any() }
+  }
+
   /**
    * The `Opcode` for an `InlineAsmInstruction`.
    *

cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll

@@ -2142,6 +2142,33 @@ class ChiInstruction extends Instruction {
   final predicate isPartialUpdate() { Construction::chiOnlyPartiallyUpdatesLocation(this) }
 }
 
+/**
+ * An instruction that initializes a set of allocations that are each assigned
+ * the same "virtual variable".
+ *
+ * As an example, consider the following snippet:
+ * ```
+ * int a;
+ * int b;
+ * int* p;
+ * if(b) {
+ *   p = &a;
+ * } else {
+ *   p = &b;
+ * }
+ * *p = 5;
+ * int x = a;
+ * ```
+ *
+ * Since both the address of `a` and `b` reach `p` at `*p = 5` the IR alias
+ * analysis will create a region that contains both `a` and `b`. The region
+ * containing both `a` and `b` are initialized by an `InitializeGroup`
+ * instruction in the entry block of the enclosing function.
+ */
+class InitializeGroupInstruction extends Instruction {
+  InitializeGroupInstruction() { this.getOpcode() instanceof Opcode::InitializeGroup }
+}
+
 /**
  * An instruction representing unreachable code.
  *