Skip to content

Commit 3c9bd4f

Browse files
rdmarsh2rdmarsh2
committed
C++: Uniqueness fixes for HashCons
1 parent 6e2f96b commit 3c9bd4f

File tree

1 file changed

+21
-8
lines changed

1 file changed

+21
-8
lines changed

cpp/ql/src/semmle/code/cpp/valuenumbering/HashCons.qll

+21-8
Original file line numberDiff line numberDiff line change
@@ -255,7 +255,7 @@ class HashCons extends HCBase {
255255
if this instanceof HC_TypeidType then result = "TypeidType" else
256256
if this instanceof HC_TypeidExpr then result = "TypeidExpr" else
257257
if this instanceof HC_ArrayAggregateLiteral then result = "ArrayAggregateLiteral" else
258-
if this instanceof HC_ClassAggregateLiteral then result = "ClassAggreagateLiteral" else
258+
if this instanceof HC_ClassAggregateLiteral then result = "ClassAggregateLiteral" else
259259
if this instanceof HC_DeleteExpr then result = "DeleteExpr" else
260260
if this instanceof HC_DeleteArrayExpr then result = "DeleteArrayExpr" else
261261
if this instanceof HC_ThrowExpr then result = "ThrowExpr" else
@@ -464,7 +464,7 @@ private predicate mk_Deref(HashCons p, PointerDereferenceExpr deref) {
464464

465465
private predicate analyzableNonmemberFunctionCall(FunctionCall fc) {
466466
forall(int i |
467-
exists(fc.getArgument(i)) |
467+
i in [0..fc.getNumberOfArguments()-1] |
468468
strictcount(fc.getArgument(i).getFullyConverted()) = 1
469469
) and
470470
strictcount(fc.getTarget()) = 1 and
@@ -487,7 +487,7 @@ private predicate mk_NonmemberFunctionCall(Function fcn, HC_Args args, FunctionC
487487

488488
private predicate analyzableExprCall(ExprCall ec) {
489489
forall(int i |
490-
exists(ec.getArgument(i)) |
490+
i in [0..ec.getNumberOfArguments()-1] |
491491
strictcount(ec.getArgument(i).getFullyConverted()) = 1
492492
) and
493493
strictcount(ec.getExpr().getFullyConverted()) = 1
@@ -508,7 +508,7 @@ private predicate mk_ExprCall(HashCons hc, HC_Args args, ExprCall ec) {
508508
private predicate analyzableMemberFunctionCall(
509509
FunctionCall fc) {
510510
forall(int i |
511-
exists(fc.getArgument(i)) |
511+
i in [0..fc.getNumberOfArguments()-1] |
512512
strictcount(fc.getArgument(i).getFullyConverted()) = 1
513513
) and
514514
strictcount(fc.getTarget()) = 1 and
@@ -573,11 +573,15 @@ private predicate mk_ArgConsInner(HashCons head, HC_Args tail, int i, HC_Args li
573573
*/
574574
private predicate analyzableAllocatorArgZero(ErrorExpr e) {
575575
exists(NewOrNewArrayExpr new |
576-
new.getAllocatorCall().getChild(0) = e
576+
new.getAllocatorCall().getChild(0) = e and
577+
strictcount(new.getType().getUnspecifiedType()) = 1
577578
)
579+
and
580+
strictcount(NewOrNewArrayExpr new | new.getAllocatorCall().getChild(0) = e) = 1
578581
}
579582

580583
private predicate mk_AllocatorArgZero(Type t, ErrorExpr e) {
584+
analyzableAllocatorArgZero(e) and
581585
exists(NewOrNewArrayExpr new |
582586
new.getAllocatorCall().getChild(0) = e and
583587
t = new.getType().getUnspecifiedType()
@@ -767,7 +771,9 @@ private predicate analyzableClassAggregateLiteral(ClassAggregateLiteral cal) {
767771
forall(int i |
768772
exists(cal.getChild(i)) |
769773
strictcount(cal.getChild(i).getFullyConverted()) = 1 and
770-
strictcount(Field f | cal.getChild(i) = cal.getFieldExpr(f)) = 1
774+
strictcount(Field f | cal.getChild(i) = cal.getFieldExpr(f)) = 1 and
775+
strictcount(Field f, int j |
776+
cal.getFieldExpr(f) = cal.getChild(i) and j = f.getInitializationOrder()) = 1
771777
)
772778
}
773779

@@ -791,10 +797,12 @@ private predicate analyzableArrayAggregateLiteral(ArrayAggregateLiteral aal) {
791797
forall(int i |
792798
exists(aal.getChild(i)) |
793799
strictcount(aal.getChild(i).getFullyConverted()) = 1
794-
)
800+
) and
801+
strictcount(aal.getType().getUnspecifiedType()) = 1
795802
}
796803

797804
private predicate mk_ArrayCons(Type t, int i, HashCons hc, HC_Array hca, ArrayAggregateLiteral aal) {
805+
analyzableArrayAggregateLiteral(aal) and
798806
t = aal.getType().getUnspecifiedType() and
799807
hc = hashCons(aal.getChild(i)) and
800808
(
@@ -935,7 +943,7 @@ cached HashCons hashCons(Expr e) {
935943
result = HC_MemberFunctionCall(fcn, qual, args)
936944
)
937945
or
938-
// works around an extractor issue class
946+
// works around an extractor issue
939947
exists(Type t
940948
| mk_AllocatorArgZero(t, e) and
941949
result = HC_AllocatorArgZero(t)
@@ -972,6 +980,11 @@ cached HashCons hashCons(Expr e) {
972980
)
973981
or
974982
exists(Type t
983+
| mk_UuidofOperator(t, e) and
984+
result = HC_UuidofOperator(t)
985+
)
986+
or
987+
exists(Type t
975988
| mk_AlignofType(t, e) and
976989
result = HC_AlignofType(t)
977990
)

0 commit comments

Comments
 (0)