Merge pull request github#2077 from jbj/cfg-enable-pr

geoffw0 · web-flow · commit 6f96d1759ff7 · 2019-10-16T14:06:22.000+01:00
C++: enable the QL-based CFG code
diff --git a/change-notes/1.23/analysis-cpp.md b/change-notes/1.23/analysis-cpp.md
@@ -44,3 +44,7 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
   clarity (e.g. `isOutReturnPointer()` to `isReturnValueDeref()`). The existing member predicates
   have been deprecated, and will be removed in a future release. Code that uses the old member
   predicates should be updated to use the corresponding new member predicate.
+* The control-flow graph is now computed in QL, not in the extractor. This can
+  lead to regressions (or improvements) in how queries are optimized because
+  optimization in QL relies on static size estimates, and the control-flow edge
+  relations will now have different size estimates than before.
diff --git a/cpp/ql/src/semmle/code/cpp/controlflow/ControlFlowGraph.qll b/cpp/ql/src/semmle/code/cpp/controlflow/ControlFlowGraph.qll
@@ -1,6 +1,7 @@
 import cpp
 import BasicBlocks
 private import semmle.code.cpp.controlflow.internal.ConstantExprs
+private import semmle.code.cpp.controlflow.internal.CFG
 
 /**
  * A control-flow node is either a statement or an expression; in addition,
@@ -86,11 +87,11 @@ import ControlFlowGraphPublic
 class ControlFlowNodeBase extends ElementBase, @cfgnode { }
 
 predicate truecond_base(ControlFlowNodeBase n1, ControlFlowNodeBase n2) {
-  truecond(unresolveElement(n1), unresolveElement(n2))
+  qlCFGTrueSuccessor(n1, n2)
 }
 
 predicate falsecond_base(ControlFlowNodeBase n1, ControlFlowNodeBase n2) {
-  falsecond(unresolveElement(n1), unresolveElement(n2))
+  qlCFGFalseSuccessor(n1, n2)
 }
 
 /**
@@ -120,7 +121,7 @@ abstract class AdditionalControlFlowEdge extends ControlFlowNodeBase {
  * `AdditionalControlFlowEdge`. Use this relation instead of `successors`.
  */
 predicate successors_extended(ControlFlowNodeBase source, ControlFlowNodeBase target) {
-  successors(unresolveElement(source), unresolveElement(target))
+  qlCFGSuccessor(source, target)
   or
   source.(AdditionalControlFlowEdge).getAnEdgeTarget() = target
 }
diff --git a/cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll b/cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll
@@ -851,6 +851,21 @@ private predicate subEdge(Pos p1, Node n1, Node n2, Pos p2) {
     p2.nodeAfter(n2, s)
   )
   or
+  // ConstexprIfStmt -> condition ; { then, else } -> // same as IfStmt
+  exists(ConstexprIfStmt s |
+    p1.nodeAt(n1, s) and
+    p2.nodeBefore(n2, s.getCondition())
+    or
+    p1.nodeAfter(n1, s.getThen()) and
+    p2.nodeBeforeDestructors(n2, s)
+    or
+    p1.nodeAfter(n1, s.getElse()) and
+    p2.nodeBeforeDestructors(n2, s)
+    or
+    p1.nodeAfterDestructors(n1, s) and
+    p2.nodeAfter(n2, s)
+  )
+  or
   // WhileStmt -> condition ; body -> condition ; after dtors -> after
   exists(WhileStmt s |
     p1.nodeAt(n1, s) and
@@ -1138,9 +1153,8 @@ private class ExceptionSource extends Node {
 }
 
 /**
- * Holds if `test` is the test of a control-flow construct that will always
- * have true/false sub-edges out of it, where the `truth`-sub-edge goes to
- * `(n2, p2)`.
+ * Holds if `test` is the test of a control-flow construct where the `truth`
+ * sub-edge goes to `(n2, p2)`.
  */
 private predicate conditionJumpsTop(Expr test, boolean truth, Node n2, Pos p2) {
   exists(IfStmt s | test = s.getCondition() |
@@ -1155,6 +1169,24 @@ private predicate conditionJumpsTop(Expr test, boolean truth, Node n2, Pos p2) {
     p2.nodeBeforeDestructors(n2, s)
   )
   or
+  exists(ConstexprIfStmt s, string cond |
+    test = s.getCondition() and
+    cond = test.getFullyConverted().getValue()
+  |
+    truth = true and
+    cond != "0" and
+    p2.nodeBefore(n2, s.getThen())
+    or
+    truth = false and
+    cond = "0" and
+    p2.nodeBefore(n2, s.getElse())
+    or
+    not exists(s.getElse()) and
+    truth = false and
+    cond = "0" and
+    p2.nodeBeforeDestructors(n2, s)
+  )
+  or
   exists(Loop l |
     (
       l instanceof WhileStmt
diff --git a/cpp/ql/src/semmle/code/cpp/exprs/ArithmeticOperation.qll b/cpp/ql/src/semmle/code/cpp/exprs/ArithmeticOperation.qll
@@ -32,6 +32,8 @@ class UnaryPlusExpr extends UnaryArithmeticOperation, @unaryplusexpr {
  */
 class ConjugationExpr extends UnaryArithmeticOperation, @conjugation {
   override string getOperator() { result = "~" }
+
+  override string getCanonicalQLClass() { result = "ConjugationExpr" }
 }
 
 /**
@@ -142,13 +144,17 @@ class PostfixDecrExpr extends DecrementOperation, PostfixCrementOperation, @post
  */
 class RealPartExpr extends UnaryArithmeticOperation, @realpartexpr {
   override string getOperator() { result = "__real" }
+
+  override string getCanonicalQLClass() { result = "RealPartExpr" }
 }
 
 /**
  * A C/C++ GNU imaginary part expression.
  */
 class ImaginaryPartExpr extends UnaryArithmeticOperation, @imagpartexpr {
   override string getOperator() { result = "__imag" }
+
+  override string getCanonicalQLClass() { result = "ImaginaryPartExpr" }
 }
 
 /**
@@ -217,6 +223,8 @@ class RemExpr extends BinaryArithmeticOperation, @remexpr {
 class ImaginaryMulExpr extends BinaryArithmeticOperation, @jmulexpr {
   override string getOperator() { result = "*" }
 
+  override string getCanonicalQLClass() { result = "ImaginaryMulExpr" }
+
   override int getPrecedence() { result = 13 }
 }
 
@@ -226,6 +234,8 @@ class ImaginaryMulExpr extends BinaryArithmeticOperation, @jmulexpr {
 class ImaginaryDivExpr extends BinaryArithmeticOperation, @jdivexpr {
   override string getOperator() { result = "/" }
 
+  override string getCanonicalQLClass() { result = "ImaginaryDivExpr" }
+
   override int getPrecedence() { result = 13 }
 }
 
@@ -235,6 +245,8 @@ class ImaginaryDivExpr extends BinaryArithmeticOperation, @jdivexpr {
 class RealImaginaryAddExpr extends BinaryArithmeticOperation, @fjaddexpr {
   override string getOperator() { result = "+" }
 
+  override string getCanonicalQLClass() { result = "RealImaginaryAddExpr" }
+
   override int getPrecedence() { result = 12 }
 }
 
@@ -244,6 +256,8 @@ class RealImaginaryAddExpr extends BinaryArithmeticOperation, @fjaddexpr {
 class ImaginaryRealAddExpr extends BinaryArithmeticOperation, @jfaddexpr {
   override string getOperator() { result = "+" }
 
+  override string getCanonicalQLClass() { result = "ImaginaryRealAddExpr" }
+
   override int getPrecedence() { result = 12 }
 }
 
@@ -253,6 +267,8 @@ class ImaginaryRealAddExpr extends BinaryArithmeticOperation, @jfaddexpr {
 class RealImaginarySubExpr extends BinaryArithmeticOperation, @fjsubexpr {
   override string getOperator() { result = "-" }
 
+  override string getCanonicalQLClass() { result = "RealImaginarySubExpr" }
+
   override int getPrecedence() { result = 12 }
 }
 
@@ -262,6 +278,8 @@ class RealImaginarySubExpr extends BinaryArithmeticOperation, @fjsubexpr {
 class ImaginaryRealSubExpr extends BinaryArithmeticOperation, @jfsubexpr {
   override string getOperator() { result = "-" }
 
+  override string getCanonicalQLClass() { result = "ImaginaryRealSubExpr" }
+
   override int getPrecedence() { result = 12 }
 }
 
@@ -270,13 +288,17 @@ class ImaginaryRealSubExpr extends BinaryArithmeticOperation, @jfsubexpr {
  */
 class MinExpr extends BinaryArithmeticOperation, @minexpr {
   override string getOperator() { result = "<?" }
+
+  override string getCanonicalQLClass() { result = "MinExpr" }
 }
 
 /**
  * A C/C++ GNU max expression.
  */
 class MaxExpr extends BinaryArithmeticOperation, @maxexpr {
   override string getOperator() { result = ">?" }
+
+  override string getCanonicalQLClass() { result = "MaxExpr" }
 }
 
 /**
diff --git a/cpp/ql/src/semmle/code/cpp/stmts/Stmt.qll b/cpp/ql/src/semmle/code/cpp/stmts/Stmt.qll
@@ -294,6 +294,8 @@ class IfStmt extends ConditionalStmt, @stmt_if {
  * ```
  */
 class ConstexprIfStmt extends ConditionalStmt, @stmt_constexpr_if {
+  override string getCanonicalQLClass() { result = "ConstexprIfStmt" }
+
   /**
    * Gets the condition expression of this 'constexpr if' statement.
    *
diff --git a/cpp/ql/test/library-tests/complex_numbers/expr.expected b/cpp/ql/test/library-tests/complex_numbers/expr.expected
@@ -1,177 +1,35 @@
-| conjugation.c:3:5:3:5 | x | AnalysedExpr |
-| conjugation.c:3:5:3:5 | x | CompileTimeVariableExpr |
-| conjugation.c:3:5:3:5 | x | DefOrUse |
 | conjugation.c:3:5:3:5 | x | VariableAccess |
-| conjugation.c:3:5:3:10 | ... = ... | AnalysedExpr |
 | conjugation.c:3:5:3:10 | ... = ... | AssignExpr |
-| conjugation.c:3:5:3:10 | ... = ... | CompileTimeVariableExpr |
-| conjugation.c:3:5:3:10 | ... = ... | Def |
-| conjugation.c:3:5:3:10 | ... = ... | ExprInVoidContext |
-| conjugation.c:3:5:3:10 | ... = ... | NameQualifiableElement |
-| conjugation.c:3:5:3:10 | ... = ... | RangeSsaDefinition |
-| conjugation.c:3:5:3:10 | ... = ... | SsaDefinition |
-| conjugation.c:3:9:3:10 | ~ ... | AnalysedExpr |
-| conjugation.c:3:9:3:10 | ~ ... | CompileTimeVariableExpr |
 | conjugation.c:3:9:3:10 | ~ ... | ConjugationExpr |
-| conjugation.c:3:9:3:10 | ~ ... | DefOrUse |
-| conjugation.c:3:9:3:10 | ~ ... | NameQualifiableElement |
-| conjugation.c:3:10:3:10 | x | AnalysedExpr |
-| conjugation.c:3:10:3:10 | x | CompileTimeVariableExpr |
-| conjugation.c:3:10:3:10 | x | Use |
 | conjugation.c:3:10:3:10 | x | VariableAccess |
-| test.c:5:5:5:5 | z | AnalysedExpr |
-| test.c:5:5:5:5 | z | CompileTimeVariableExpr |
-| test.c:5:5:5:5 | z | DefOrUse |
 | test.c:5:5:5:5 | z | VariableAccess |
-| test.c:5:5:5:13 | ... = ... | AnalysedExpr |
 | test.c:5:5:5:13 | ... = ... | AssignExpr |
-| test.c:5:5:5:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:5:5:5:13 | ... = ... | Def |
-| test.c:5:5:5:13 | ... = ... | ExprInVoidContext |
-| test.c:5:5:5:13 | ... = ... | NameQualifiableElement |
-| test.c:5:5:5:13 | ... = ... | RangeSsaDefinition |
-| test.c:5:5:5:13 | ... = ... | SsaDefinition |
-| test.c:5:9:5:9 | x | AnalysedExpr |
-| test.c:5:9:5:9 | x | CompileTimeVariableExpr |
-| test.c:5:9:5:9 | x | Use |
 | test.c:5:9:5:9 | x | VariableAccess |
-| test.c:5:9:5:13 | ... * ... | AnalysedExpr |
-| test.c:5:9:5:13 | ... * ... | CompileTimeVariableExpr |
-| test.c:5:9:5:13 | ... * ... | DefOrUse |
 | test.c:5:9:5:13 | ... * ... | ImaginaryMulExpr |
-| test.c:5:9:5:13 | ... * ... | NameQualifiableElement |
-| test.c:5:13:5:13 | y | AnalysedExpr |
-| test.c:5:13:5:13 | y | CompileTimeVariableExpr |
-| test.c:5:13:5:13 | y | Use |
 | test.c:5:13:5:13 | y | VariableAccess |
-| test.c:6:5:6:5 | z | AnalysedExpr |
-| test.c:6:5:6:5 | z | CompileTimeVariableExpr |
-| test.c:6:5:6:5 | z | DefOrUse |
 | test.c:6:5:6:5 | z | VariableAccess |
-| test.c:6:5:6:13 | ... = ... | AnalysedExpr |
 | test.c:6:5:6:13 | ... = ... | AssignExpr |
-| test.c:6:5:6:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:6:5:6:13 | ... = ... | Def |
-| test.c:6:5:6:13 | ... = ... | ExprInVoidContext |
-| test.c:6:5:6:13 | ... = ... | NameQualifiableElement |
-| test.c:6:5:6:13 | ... = ... | RangeSsaDefinition |
-| test.c:6:5:6:13 | ... = ... | SsaDefinition |
-| test.c:6:9:6:9 | z | AnalysedExpr |
-| test.c:6:9:6:9 | z | CompileTimeVariableExpr |
-| test.c:6:9:6:9 | z | Use |
 | test.c:6:9:6:9 | z | VariableAccess |
-| test.c:6:9:6:13 | (double)... | AnalysedExpr |
 | test.c:6:9:6:13 | (double)... | CStyleCast |
-| test.c:6:9:6:13 | (double)... | CompileTimeVariableExpr |
-| test.c:6:9:6:13 | (double)... | DefOrUse |
-| test.c:6:9:6:13 | (double)... | FloatingPointConversion |
-| test.c:6:9:6:13 | (double)... | NameQualifiableElement |
-| test.c:6:9:6:13 | ... / ... | AnalysedExpr |
-| test.c:6:9:6:13 | ... / ... | CompileTimeVariableExpr |
-| test.c:6:9:6:13 | ... / ... | DefOrUse |
 | test.c:6:9:6:13 | ... / ... | ImaginaryDivExpr |
-| test.c:6:9:6:13 | ... / ... | NameQualifiableElement |
-| test.c:6:13:6:13 | y | AnalysedExpr |
-| test.c:6:13:6:13 | y | CompileTimeVariableExpr |
-| test.c:6:13:6:13 | y | Use |
 | test.c:6:13:6:13 | y | VariableAccess |
-| test.c:7:5:7:5 | w | AnalysedExpr |
-| test.c:7:5:7:5 | w | CompileTimeVariableExpr |
-| test.c:7:5:7:5 | w | DefOrUse |
 | test.c:7:5:7:5 | w | VariableAccess |
-| test.c:7:5:7:13 | ... = ... | AnalysedExpr |
 | test.c:7:5:7:13 | ... = ... | AssignExpr |
-| test.c:7:5:7:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:7:5:7:13 | ... = ... | Def |
-| test.c:7:5:7:13 | ... = ... | ExprInVoidContext |
-| test.c:7:5:7:13 | ... = ... | NameQualifiableElement |
-| test.c:7:5:7:13 | ... = ... | RangeSsaDefinition |
-| test.c:7:5:7:13 | ... = ... | SsaDefinition |
-| test.c:7:9:7:9 | z | AnalysedExpr |
-| test.c:7:9:7:9 | z | CompileTimeVariableExpr |
-| test.c:7:9:7:9 | z | Use |
 | test.c:7:9:7:9 | z | VariableAccess |
-| test.c:7:9:7:13 | ... + ... | AnalysedExpr |
-| test.c:7:9:7:13 | ... + ... | CompileTimeVariableExpr |
-| test.c:7:9:7:13 | ... + ... | DefOrUse |
-| test.c:7:9:7:13 | ... + ... | NameQualifiableElement |
 | test.c:7:9:7:13 | ... + ... | RealImaginaryAddExpr |
-| test.c:7:13:7:13 | x | AnalysedExpr |
-| test.c:7:13:7:13 | x | CompileTimeVariableExpr |
-| test.c:7:13:7:13 | x | Use |
 | test.c:7:13:7:13 | x | VariableAccess |
-| test.c:8:5:8:5 | w | AnalysedExpr |
-| test.c:8:5:8:5 | w | CompileTimeVariableExpr |
-| test.c:8:5:8:5 | w | DefOrUse |
 | test.c:8:5:8:5 | w | VariableAccess |
-| test.c:8:5:8:13 | ... = ... | AnalysedExpr |
 | test.c:8:5:8:13 | ... = ... | AssignExpr |
-| test.c:8:5:8:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:8:5:8:13 | ... = ... | Def |
-| test.c:8:5:8:13 | ... = ... | ExprInVoidContext |
-| test.c:8:5:8:13 | ... = ... | NameQualifiableElement |
-| test.c:8:5:8:13 | ... = ... | RangeSsaDefinition |
-| test.c:8:5:8:13 | ... = ... | SsaDefinition |
-| test.c:8:9:8:9 | x | AnalysedExpr |
-| test.c:8:9:8:9 | x | CompileTimeVariableExpr |
-| test.c:8:9:8:9 | x | Use |
 | test.c:8:9:8:9 | x | VariableAccess |
-| test.c:8:9:8:13 | ... + ... | AnalysedExpr |
-| test.c:8:9:8:13 | ... + ... | CompileTimeVariableExpr |
-| test.c:8:9:8:13 | ... + ... | DefOrUse |
 | test.c:8:9:8:13 | ... + ... | ImaginaryRealAddExpr |
-| test.c:8:9:8:13 | ... + ... | NameQualifiableElement |
-| test.c:8:13:8:13 | z | AnalysedExpr |
-| test.c:8:13:8:13 | z | CompileTimeVariableExpr |
-| test.c:8:13:8:13 | z | Use |
 | test.c:8:13:8:13 | z | VariableAccess |
-| test.c:9:5:9:5 | w | AnalysedExpr |
-| test.c:9:5:9:5 | w | CompileTimeVariableExpr |
-| test.c:9:5:9:5 | w | DefOrUse |
 | test.c:9:5:9:5 | w | VariableAccess |
-| test.c:9:5:9:13 | ... = ... | AnalysedExpr |
 | test.c:9:5:9:13 | ... = ... | AssignExpr |
-| test.c:9:5:9:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:9:5:9:13 | ... = ... | Def |
-| test.c:9:5:9:13 | ... = ... | ExprInVoidContext |
-| test.c:9:5:9:13 | ... = ... | NameQualifiableElement |
-| test.c:9:5:9:13 | ... = ... | RangeSsaDefinition |
-| test.c:9:5:9:13 | ... = ... | SsaDefinition |
-| test.c:9:9:9:9 | z | AnalysedExpr |
-| test.c:9:9:9:9 | z | CompileTimeVariableExpr |
-| test.c:9:9:9:9 | z | Use |
 | test.c:9:9:9:9 | z | VariableAccess |
-| test.c:9:9:9:13 | ... - ... | AnalysedExpr |
-| test.c:9:9:9:13 | ... - ... | CompileTimeVariableExpr |
-| test.c:9:9:9:13 | ... - ... | DefOrUse |
-| test.c:9:9:9:13 | ... - ... | NameQualifiableElement |
 | test.c:9:9:9:13 | ... - ... | RealImaginarySubExpr |
-| test.c:9:13:9:13 | x | AnalysedExpr |
-| test.c:9:13:9:13 | x | CompileTimeVariableExpr |
-| test.c:9:13:9:13 | x | Use |
 | test.c:9:13:9:13 | x | VariableAccess |
-| test.c:10:5:10:5 | w | AnalysedExpr |
-| test.c:10:5:10:5 | w | CompileTimeVariableExpr |
-| test.c:10:5:10:5 | w | DefOrUse |
 | test.c:10:5:10:5 | w | VariableAccess |
-| test.c:10:5:10:13 | ... = ... | AnalysedExpr |
 | test.c:10:5:10:13 | ... = ... | AssignExpr |
-| test.c:10:5:10:13 | ... = ... | CompileTimeVariableExpr |
-| test.c:10:5:10:13 | ... = ... | Def |
-| test.c:10:5:10:13 | ... = ... | ExprInVoidContext |
-| test.c:10:5:10:13 | ... = ... | NameQualifiableElement |
-| test.c:10:5:10:13 | ... = ... | RangeSsaDefinition |
-| test.c:10:5:10:13 | ... = ... | SsaDefinition |
-| test.c:10:9:10:9 | x | AnalysedExpr |
-| test.c:10:9:10:9 | x | CompileTimeVariableExpr |
-| test.c:10:9:10:9 | x | Use |
 | test.c:10:9:10:9 | x | VariableAccess |
-| test.c:10:9:10:13 | ... - ... | AnalysedExpr |
-| test.c:10:9:10:13 | ... - ... | CompileTimeVariableExpr |
-| test.c:10:9:10:13 | ... - ... | DefOrUse |
 | test.c:10:9:10:13 | ... - ... | ImaginaryRealSubExpr |
-| test.c:10:9:10:13 | ... - ... | NameQualifiableElement |
-| test.c:10:13:10:13 | z | AnalysedExpr |
-| test.c:10:13:10:13 | z | CompileTimeVariableExpr |
-| test.c:10:13:10:13 | z | Use |
 | test.c:10:13:10:13 | z | VariableAccess |
diff --git a/cpp/ql/test/library-tests/complex_numbers/expr.ql b/cpp/ql/test/library-tests/complex_numbers/expr.ql
@@ -1,4 +1,4 @@
 import cpp
 
 from Expr e
-select e, e.getAQlClass()
+select e, e.getCanonicalQLClass()
diff --git a/cpp/ql/test/library-tests/depends_initializers/InitializerCFG.expected b/cpp/ql/test/library-tests/depends_initializers/InitializerCFG.expected
diff --git a/cpp/ql/test/library-tests/depends_initializers/template_static_instantiated.cpp b/cpp/ql/test/library-tests/depends_initializers/template_static_instantiated.cpp

Original file line number	Diff line number	Diff line change
`@@ -294,6 +294,8 @@ class IfStmt extends ConditionalStmt, @stmt_if {`
`294`	`294`	* ```
`295`	`295`	`*/`
`296`	`296`	`class ConstexprIfStmt extends ConditionalStmt, @stmt_constexpr_if {`
	`297`	`+ override string getCanonicalQLClass() { result = "ConstexprIfStmt" }`
	`298`	`+`
`297`	`299`	`/**`
`298`	`300`	`* Gets the condition expression of this 'constexpr if' statement.`
`299`	`301`	`*`