Merge pull request github#12755 from MathiasVP/aggregate-initialization-ir

C++: IR generation for repeated initializers

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll

@@ -187,13 +187,44 @@ class ClassAggregateLiteral extends AggregateLiteral {
   override string getAPrimaryQlClass() { result = "ClassAggregateLiteral" }
 
   /**
+   * Gets an expression within the aggregate literal that is used to initialize
+   * field `field`, if present.
+   *
+   * This predicate may have multiple results since a field can be initialized
+   * multiple times in the same initializer.
+   */
+  Expr getAFieldExpr(Field field) { result = this.getFieldExpr(field, _) }
+
+  /**
+   * DEPRECATED: Use `getAFieldExpr` instead.
+   *
    * Gets the expression within the aggregate literal that is used to initialize
    * field `field`, if present.
+   *
+   * This predicate may have multiple results since a field can be initialized
+   * multiple times in the same initializer.
+   */
+  Expr getFieldExpr(Field field) { result = this.getFieldExpr(field, _) }
+
+  /**
+   * Gets the expression within the aggregate literal that is used to initialize
+   * field `field`, if present. The expression is the `position`'th entry in the
+   * aggregate literal.
+   *
+   * For example, if `aggr` represents the initialization literal `{.x = 123, .y = 456 .x = 789}` in
+   * ```cpp
+   * struct Foo { int x; int y; };
+   * struct Foo foo = {.x = 123, .y = 456 .x = 789};
+   * ```
+   * then:
+   * - `aggr.getFieldExpr(x, 0)` gives `123`.
+   * - `aggr.getFieldExpr(y, 1)` gives `456`.
+   * - `aggr.getFieldExpr(x, 2)` gives `789`.
    */
-  Expr getFieldExpr(Field field) {
+  Expr getFieldExpr(Field field, int position) {
     field = classType.getAField() and
     aggregate_field_init(underlyingElement(this), unresolveElement(result), unresolveElement(field),
-      _)
+      position)
   }
 
   /**
@@ -261,11 +292,41 @@ class ArrayOrVectorAggregateLiteral extends AggregateLiteral {
   Type getElementType() { none() }
 
   /**
+   * Gets an expression within the aggregate literal that is used to initialize
+   * element `elementIndex`, if present.
+   *
+   * This predicate may have multiple results since an element can be initialized
+   * multiple times in the same initializer.
+   */
+  Expr getAnElementExpr(int elementIndex) { result = this.getElementExpr(elementIndex, _) }
+
+  /**
+   * DEPRECATED: Use `getAnElementExpr` instead.
+   *
    * Gets the expression within the aggregate literal that is used to initialize
    * element `elementIndex`, if present.
+   *
+   * This predicate may have multiple results since an element can be initialized
+   * multiple times in the same initializer.
+   */
+  Expr getElementExpr(int elementIndex) { result = this.getElementExpr(elementIndex, _) }
+
+  /**
+   * Gets the expression within the aggregate literal that is used to initialize
+   * element `elementIndex`, if present. The expression is the `position`'th entry
+   * in the aggregate literal.
+   *
+   * For example, if `a` represents the initialization literal `{[0] = 123, [1] = 456, [0] = 789 }` in
+   * ```cpp
+   * int x[2] = {[0] = 123, [1] = 456, [0] = 789 };
+   * ```
+   * then:
+   * - `a.getElementExpr(0, 0)` gives `123`.
+   * - `a.getElementExpr(1, 1)` gives `456`.
+   * - `a.getElementExpr(0, 2)` gives `789`.
    */
-  Expr getElementExpr(int elementIndex) {
-    aggregate_array_init(underlyingElement(this), unresolveElement(result), elementIndex, _)
+  Expr getElementExpr(int elementIndex, int position) {
+    aggregate_array_init(underlyingElement(this), unresolveElement(result), elementIndex, position)
   }
 
   /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -619,18 +619,19 @@ newtype TTranslatedElement =
     )
   } or
   // The initialization of a field via a member of an initializer list.
-  TTranslatedExplicitFieldInitialization(Expr ast, Field field, Expr expr) {
+  TTranslatedExplicitFieldInitialization(Expr ast, Field field, Expr expr, int position) {
     exists(ClassAggregateLiteral initList |
       not ignoreExpr(initList) and
       ast = initList and
-      expr = initList.getFieldExpr(field).getFullyConverted()
+      expr = initList.getFieldExpr(field, position).getFullyConverted()
     )
     or
     exists(ConstructorFieldInit init |
       not ignoreExpr(init) and
       ast = init and
       field = init.getTarget() and
-      expr = init.getExpr().getFullyConverted()
+      expr = init.getExpr().getFullyConverted() and
+      position = -1
     )
   } or
   // The value initialization of a field due to an omitted member of an
@@ -643,9 +644,11 @@ newtype TTranslatedElement =
     )
   } or
   // The initialization of an array element via a member of an initializer list.
-  TTranslatedExplicitElementInitialization(ArrayOrVectorAggregateLiteral initList, int elementIndex) {
+  TTranslatedExplicitElementInitialization(
+    ArrayOrVectorAggregateLiteral initList, int elementIndex, int position
+  ) {
     not ignoreExpr(initList) and
-    exists(initList.getElementExpr(elementIndex))
+    exists(initList.getElementExpr(elementIndex, position))
   } or
   // The value initialization of a range of array elements that were omitted
   // from an initializer list.

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -201,11 +201,13 @@ class TranslatedClassListInitialization extends TranslatedListInitialization {
   override ClassAggregateLiteral expr;
 
   override TranslatedElement getChild(int id) {
-    exists(TranslatedFieldInitialization fieldInit |
-      result = fieldInit and
-      fieldInit = getTranslatedFieldInitialization(expr, _) and
-      fieldInit.getOrder() = id
-    )
+    result =
+      rank[id + 1](TranslatedFieldInitialization fieldInit, int ord |
+        fieldInit = getTranslatedFieldInitialization(expr, _) and
+        fieldInit.getOrder() = ord
+      |
+        fieldInit order by ord, fieldInit.getPosition()
+      )
   }
 }
 
@@ -222,7 +224,7 @@ class TranslatedArrayListInitialization extends TranslatedListInitialization {
       rank[id + 1](TranslatedElementInitialization init |
         init.getInitList() = expr
       |
-        init order by init.getElementIndex()
+        init order by init.getElementIndex(), init.getPosition()
       )
   }
 }
@@ -522,6 +524,9 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
   final InstructionTag getFieldAddressTag() { result = InitializerFieldAddressTag() }
 
   final Field getField() { result = field }
+
+  /** Gets the position in the initializer list, or `-1` if the initialization is implicit. */
+  int getPosition() { result = -1 }
 }
 
 /**
@@ -532,9 +537,10 @@ class TranslatedExplicitFieldInitialization extends TranslatedFieldInitializatio
   InitializationContext, TTranslatedExplicitFieldInitialization
 {
   Expr expr;
+  int position;
 
   TranslatedExplicitFieldInitialization() {
-    this = TTranslatedExplicitFieldInitialization(ast, field, expr)
+    this = TTranslatedExplicitFieldInitialization(ast, field, expr, position)
   }
 
   override Instruction getTargetAddress() { result = getInstruction(getFieldAddressTag()) }
@@ -556,6 +562,8 @@ class TranslatedExplicitFieldInitialization extends TranslatedFieldInitializatio
   private TranslatedInitialization getInitialization() {
     result = getTranslatedInitialization(expr)
   }
+
+  override int getPosition() { result = position }
 }
 
 private string getZeroValue(Type type) {
@@ -689,6 +697,8 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
 
   abstract int getElementIndex();
 
+  int getPosition() { result = -1 }
+
   final InstructionTag getElementAddressTag() { result = InitializerElementAddressTag() }
 
   final InstructionTag getElementIndexTag() { result = InitializerElementIndexTag() }
@@ -706,9 +716,10 @@ class TranslatedExplicitElementInitialization extends TranslatedElementInitializ
   TTranslatedExplicitElementInitialization, InitializationContext
 {
   int elementIndex;
+  int position;
 
   TranslatedExplicitElementInitialization() {
-    this = TTranslatedExplicitElementInitialization(initList, elementIndex)
+    this = TTranslatedExplicitElementInitialization(initList, elementIndex, position)
   }
 
   override Instruction getTargetAddress() { result = getInstruction(getElementAddressTag()) }
@@ -731,8 +742,13 @@ class TranslatedExplicitElementInitialization extends TranslatedElementInitializ
 
   override int getElementIndex() { result = elementIndex }
 
+  override int getPosition() { result = position }
+
   TranslatedInitialization getInitialization() {
-    result = getTranslatedInitialization(initList.getElementExpr(elementIndex).getFullyConverted())
+    result =
+      getTranslatedInitialization(initList
+            .getElementExpr(elementIndex, position)
+            .getFullyConverted())
   }
 }