Revert "Merge pull request github#4558 from rdmarsh2/rdmarsh2/cpp/remove-initialize-nonlocal"

This reverts commit 08efd7f, reversing
changes made to cb8c5e8.

Author: MathiasVP

cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll

@@ -10,7 +10,6 @@ private newtype TMemoryAccessKind =
   TEntireAllocationMemoryAccess() or
   TEscapedMemoryAccess() or
   TNonLocalMemoryAccess() or
-  TEscapedInitializationMemoryAccess() or
   TPhiMemoryAccess() or
   TUnmodeledMemoryAccess() or
   TChiTotalMemoryAccess() or
@@ -77,14 +76,6 @@ class NonLocalMemoryAccess extends MemoryAccessKind, TNonLocalMemoryAccess {
   override string toString() { result = "nonlocal" }
 }
 
-/**
- * The operand or result accesses all memory whose address has escaped and can define read-only
- * memory (such as string constants).
- */
-class EscapedInitializationMemoryAccess extends MemoryAccessKind, TEscapedInitializationMemoryAccess {
-  override string toString() { result = "escaped(init)" }
-}
-
 /**
  * The operand is a Phi operand, which accesses the same memory as its
  * definition.

cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll

@@ -979,8 +979,19 @@ module Opcode {
   class AliasedDefinition extends Opcode, TAliasedDefinition {
     final override string toString() { result = "AliasedDefinition" }
 
+    final override MemoryAccessKind getWriteMemoryAccess() { result instanceof EscapedMemoryAccess }
+  }
+
+  /**
+   * The `Opcode` for an `InitializeNonLocalInstruction`.
+   *
+   * See the `InitializeNonLocalInstruction` documentation for more details.
+   */
+  class InitializeNonLocal extends Opcode, TInitializeNonLocal {
+    final override string toString() { result = "InitializeNonLocal" }
+
     final override MemoryAccessKind getWriteMemoryAccess() {
-      result instanceof EscapedInitializationMemoryAccess
+      result instanceof NonLocalMemoryAccess
     }
   }
 

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll

@@ -441,6 +441,34 @@ module InstructionConsistency {
     isOnAliasedDefinitionChain(instr.(PhiInstruction).getAnInputOperand().getAnyDef())
   }
 
+  private predicate shouldBeConflated(Instruction instr) {
+    isOnAliasedDefinitionChain(instr)
+    or
+    instr.getOpcode() instanceof Opcode::InitializeNonLocal
+  }
+
+  query predicate notMarkedAsConflated(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    shouldBeConflated(instr) and
+    not instr.isResultConflated() and
+    message =
+      "Instruction '" + instr.toString() +
+        "' should be marked as having a conflated result in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
+
+  query predicate wronglyMarkedAsConflated(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    instr.isResultConflated() and
+    not shouldBeConflated(instr) and
+    message =
+      "Instruction '" + instr.toString() +
+        "' should not be marked as having a conflated result in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
+
   query predicate invalidOverlap(
     MemoryOperand useOperand, string message, OptionalIRFunction irFunc, string irFuncText
   ) {

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll

@@ -92,11 +92,6 @@ class Instruction extends Construction::TStageInstruction {
       else result = "r"
   }
 
-  private string getConflationPrefix() {
-    shouldGenerateDumpStrings() and
-    if isResultConflated() then result = "%" else result = ""
-  }
-
   /**
    * Gets the zero-based index of this instruction within its block. This is
    * used by debugging and printing code only.
@@ -148,8 +143,7 @@ class Instruction extends Construction::TStageInstruction {
    */
   final string getResultString() {
     shouldGenerateDumpStrings() and
-    result =
-      getConflationPrefix() + getResultId() + "(" + getResultLanguageType().getDumpString() + ")"
+    result = getResultId() + "(" + getResultLanguageType().getDumpString() + ")"
   }
 
   /**
@@ -601,6 +595,16 @@ class InitializeParameterInstruction extends VariableInstruction {
   }
 }
 
+/**
+ * An instruction that initializes all memory that existed before this function was called.
+ *
+ * This instruction provides a definition for memory that, because it was actually allocated and
+ * initialized elsewhere, would not otherwise have a definition in this function.
+ */
+class InitializeNonLocalInstruction extends Instruction {
+  InitializeNonLocalInstruction() { getOpcode() instanceof Opcode::InitializeNonLocal }
+}
+
 /**
  * An instruction that initializes the memory pointed to by a parameter of the enclosing function
  * with the value of that memory on entry to the function.

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasedSSA.qll

@@ -81,11 +81,8 @@ private newtype TMemoryLocation =
   TAllNonLocalMemory(IRFunction irFunc, boolean isMayAccess) {
     isMayAccess = false or isMayAccess = true
   } or
-  TAllAliasedMemory(IRFunction irFunc, boolean isMayAccess, boolean canDefineReadOnly) {
-    isMayAccess = false and
-    canDefineReadOnly = [true, false]
-    or
-    isMayAccess = true and canDefineReadOnly = false
+  TAllAliasedMemory(IRFunction irFunc, boolean isMayAccess) {
+    isMayAccess = false or isMayAccess = true
   }
 
 /**
@@ -157,7 +154,7 @@ abstract class AllocationMemoryLocation extends MemoryLocation {
 
   final override VirtualVariable getVirtualVariable() {
     if allocationEscapes(var)
-    then result = TAllAliasedMemory(var.getEnclosingIRFunction(), false, true)
+    then result = TAllAliasedMemory(var.getEnclosingIRFunction(), false)
     else result.(AllocationMemoryLocation).getAllocation() = var
   }
 
@@ -287,9 +284,7 @@ class UnknownMemoryLocation extends TUnknownMemoryLocation, MemoryLocation {
 
   final override string toStringInternal() { result = "{Unknown}" }
 
-  final override VirtualVariable getVirtualVariable() {
-    result = TAllAliasedMemory(irFunc, false, true)
-  }
+  final override VirtualVariable getVirtualVariable() { result = TAllAliasedMemory(irFunc, false) }
 
   final override Language::LanguageType getType() {
     result = any(IRUnknownType type).getCanonicalLanguageType()
@@ -330,7 +325,13 @@ class AllNonLocalMemory extends TAllNonLocalMemory, MemoryLocation {
 
   final override predicate isMayAccess() { isMayAccess = true }
 
-  override predicate canDefineReadOnly() { none() }
+  override predicate canDefineReadOnly() {
+    // A "must" access that defines all non-local memory appears only on the `InitializeNonLocal`
+    // instruction, which provides the initial definition for all memory outside of the current
+    // function's stack frame. This memory includes string literals and other read-only globals, so
+    // we allow such an access to be the definition for a use of a read-only ___location.
+    not isMayAccess()
+  }
 }
 
 /**
@@ -339,9 +340,8 @@ class AllNonLocalMemory extends TAllNonLocalMemory, MemoryLocation {
 class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation {
   IRFunction irFunc;
   boolean isMayAccess;
-  boolean canDefineReadOnly;
 
-  AllAliasedMemory() { this = TAllAliasedMemory(irFunc, isMayAccess, canDefineReadOnly) }
+  AllAliasedMemory() { this = TAllAliasedMemory(irFunc, isMayAccess) }
 
   final override string toStringInternal() { result = "{AllAliased}" }
 
@@ -355,18 +355,14 @@ class AllAliasedMemory extends TAllAliasedMemory, MemoryLocation {
 
   final override string getUniqueId() { result = " " + toString() }
 
-  final override VirtualVariable getVirtualVariable() {
-    result = TAllAliasedMemory(irFunc, false, true)
-  }
+  final override VirtualVariable getVirtualVariable() { result = TAllAliasedMemory(irFunc, false) }
 
   final override predicate isMayAccess() { isMayAccess = true }
-
-  final override predicate canDefineReadOnly() { canDefineReadOnly = true }
 }
 
 /** A virtual variable that groups all escaped memory within a function. */
 class AliasedVirtualVariable extends AllAliasedMemory, VirtualVariable {
-  AliasedVirtualVariable() { not isMayAccess() and canDefineReadOnly() }
+  AliasedVirtualVariable() { not isMayAccess() }
 }
 
 /**
@@ -593,10 +589,7 @@ MemoryLocation getResultMemoryLocation(Instruction instr) {
           unbindBool(isMayAccess))
       or
       kind instanceof EscapedMemoryAccess and
-      result = TAllAliasedMemory(instr.getEnclosingIRFunction(), isMayAccess, false)
-      or
-      kind instanceof EscapedInitializationMemoryAccess and
-      result = TAllAliasedMemory(instr.getEnclosingIRFunction(), false, true)
+      result = TAllAliasedMemory(instr.getEnclosingIRFunction(), isMayAccess)
       or
       kind instanceof NonLocalMemoryAccess and
       result = TAllNonLocalMemory(instr.getEnclosingIRFunction(), isMayAccess)
@@ -627,10 +620,7 @@ MemoryLocation getOperandMemoryLocation(MemoryOperand operand) {
           isMayAccess)
       or
       kind instanceof EscapedMemoryAccess and
-      result = TAllAliasedMemory(operand.getEnclosingIRFunction(), isMayAccess, false)
-      or
-      kind instanceof EscapedInitializationMemoryAccess and
-      result = TAllAliasedMemory(operand.getEnclosingIRFunction(), false, true)
+      result = TAllAliasedMemory(operand.getEnclosingIRFunction(), isMayAccess)
       or
       kind instanceof NonLocalMemoryAccess and
       result = TAllNonLocalMemory(operand.getEnclosingIRFunction(), isMayAccess)

cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll

@@ -68,6 +68,8 @@ private module Cached {
   predicate hasConflatedMemoryResult(Instruction instruction) {
     instruction instanceof AliasedDefinitionInstruction
     or
+    instruction.getOpcode() instanceof Opcode::InitializeNonLocal
+    or
     // Chi instructions track virtual variables, and therefore a chi instruction is
     // conflated if it's associated with the aliased virtual variable.
     exists(OldInstruction oldInstruction | instruction = getChi(oldInstruction) |

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll

@@ -441,6 +441,34 @@ module InstructionConsistency {
     isOnAliasedDefinitionChain(instr.(PhiInstruction).getAnInputOperand().getAnyDef())
   }
 
+  private predicate shouldBeConflated(Instruction instr) {
+    isOnAliasedDefinitionChain(instr)
+    or
+    instr.getOpcode() instanceof Opcode::InitializeNonLocal
+  }
+
+  query predicate notMarkedAsConflated(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    shouldBeConflated(instr) and
+    not instr.isResultConflated() and
+    message =
+      "Instruction '" + instr.toString() +
+        "' should be marked as having a conflated result in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
+
+  query predicate wronglyMarkedAsConflated(
+    Instruction instr, string message, OptionalIRFunction irFunc, string irFuncText
+  ) {
+    instr.isResultConflated() and
+    not shouldBeConflated(instr) and
+    message =
+      "Instruction '" + instr.toString() +
+        "' should not be marked as having a conflated result in function '$@'." and
+    irFunc = getInstructionIRFunction(instr, irFuncText)
+  }
+
   query predicate invalidOverlap(
     MemoryOperand useOperand, string message, OptionalIRFunction irFunc, string irFuncText
   ) {

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll

@@ -92,11 +92,6 @@ class Instruction extends Construction::TStageInstruction {
       else result = "r"
   }
 
-  private string getConflationPrefix() {
-    shouldGenerateDumpStrings() and
-    if isResultConflated() then result = "%" else result = ""
-  }
-
   /**
    * Gets the zero-based index of this instruction within its block. This is
    * used by debugging and printing code only.
@@ -148,8 +143,7 @@ class Instruction extends Construction::TStageInstruction {
    */
   final string getResultString() {
     shouldGenerateDumpStrings() and
-    result =
-      getConflationPrefix() + getResultId() + "(" + getResultLanguageType().getDumpString() + ")"
+    result = getResultId() + "(" + getResultLanguageType().getDumpString() + ")"
   }
 
   /**
@@ -601,6 +595,16 @@ class InitializeParameterInstruction extends VariableInstruction {
   }
 }
 
+/**
+ * An instruction that initializes all memory that existed before this function was called.
+ *
+ * This instruction provides a definition for memory that, because it was actually allocated and
+ * initialized elsewhere, would not otherwise have a definition in this function.
+ */
+class InitializeNonLocalInstruction extends Instruction {
+  InitializeNonLocalInstruction() { getOpcode() instanceof Opcode::InitializeNonLocal }
+}
+
 /**
  * An instruction that initializes the memory pointed to by a parameter of the enclosing function
  * with the value of that memory on entry to the function.

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRConstruction.qll

@@ -166,6 +166,8 @@ predicate hasModeledMemoryResult(Instruction instruction) { none() }
 
 predicate hasConflatedMemoryResult(Instruction instruction) {
   instruction instanceof AliasedDefinitionInstruction
+  or
+  instruction.getOpcode() instanceof Opcode::InitializeNonLocal
 }
 
 Instruction getRegisterOperandDefinition(Instruction instruction, RegisterOperandTag tag) {

cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll

@@ -28,6 +28,7 @@ newtype TInstructionTag =
   ReturnTag() or
   ExitFunctionTag() or
   AliasedDefinitionTag() or
+  InitializeNonLocalTag() or
   AliasedUseTag() or
   SwitchBranchTag() or
   CallTargetTag() or
@@ -127,6 +128,8 @@ string getInstructionTagId(TInstructionTag tag) {
   or
   tag = AliasedDefinitionTag() and result = "AliasedDef"
   or
+  tag = InitializeNonLocalTag() and result = "InitNonLocal"
+  or
   tag = AliasedUseTag() and result = "AliasedUse"
   or
   tag = SwitchBranchTag() and result = "SwitchBranch"