Skip to content

Commit d5ac5b4

Browse files
aschackmullaschackmull
committed
SSA: Replace uncertainWriteDefinitionInput implementation.
This yields a tiny bit of additional tuples consistent with the prior Java implementation.
1 parent a4fee2e commit d5ac5b4

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

shared/ssa/codeql/ssa/Ssa.qll

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -359,13 +359,17 @@ module Make<LocationSig Location, InputSig<Location> Input> {
359359
* either a read (when `k` is `SsaActualRead()`) or an SSA definition (when
360360
* `k` is `SsaDef()`).
361361
*
362-
* Unlike `Liveness::ref`, this includes `phi` nodes.
362+
* Unlike `Liveness::ref`, this includes `phi` nodes and pseudo-reads
363+
* associated with uncertain writes.
363364
*/
364365
pragma[nomagic]
365366
predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) {
366367
variableRead(bb, i, v, _) and
367368
k = SsaActualRead()
368369
or
370+
variableWrite(bb, i, v, false) and
371+
k = SsaActualRead()
372+
or
369373
any(Definition def).definesAt(v, bb, i) and
370374
k = SsaDef()
371375
}
@@ -483,6 +487,13 @@ module Make<LocationSig Location, InputSig<Location> Input> {
483487
ssaDefReachesEndOfBlock(getImmediateBasicBlockDominator(bb), def, v) and
484488
not ssaDefReachesReadWithinBlock(v, _, bb, i)
485489
}
490+
491+
predicate uncertainWriteDefinitionInput(UncertainWriteDefinition def, Definition inp) {
492+
exists(SourceVariable v, BasicBlock bb, int i |
493+
def.definesAt(v, bb, i) and
494+
ssaDefReachesRead(v, inp, bb, i)
495+
)
496+
}
486497
}
487498

488499
private module SsaDefReaches {
@@ -861,7 +872,10 @@ module Make<LocationSig Location, InputSig<Location> Input> {
861872
*
862873
* Same as `ssaDefReachesReadExt`, but ignores phi-reads.
863874
*/
864-
predicate ssaDefReachesRead = SsaDefReachesNew::ssaDefReachesRead/4;
875+
predicate ssaDefReachesRead(SourceVariable v, Definition def, BasicBlock bb, int i) {
876+
SsaDefReachesNew::ssaDefReachesRead(v, def, bb, i) and
877+
variableRead(bb, i, v, _)
878+
}
865879

866880
/**
867881
* NB: If this predicate is exposed, it should be cached.
@@ -994,10 +1008,7 @@ module Make<LocationSig Location, InputSig<Location> Input> {
9941008
* `def`. Since `def` is uncertain, the value from the preceding definition might
9951009
* still be valid.
9961010
*/
997-
pragma[nomagic]
998-
predicate uncertainWriteDefinitionInput(UncertainWriteDefinition def, Definition inp) {
999-
lastRefRedef(inp, _, _, def)
1000-
}
1011+
predicate uncertainWriteDefinitionInput = SsaDefReachesNew::uncertainWriteDefinitionInput/2;
10011012

10021013
/** Holds if `bb` is a control-flow exit point. */
10031014
private predicate exitBlock(BasicBlock bb) { not exists(getABasicBlockSuccessor(bb)) }

0 commit comments

Comments
 (0)