C++: add HashCons for delete expressions

Author: rdmarsh2

cpp/ql/src/semmle/code/cpp/valuenumbering/HashCons.qll

@@ -115,6 +115,10 @@ private cached newtype HCBase =
     mk_ArrayAggregateLiteral(t, hca, _)
   }
   or
+  HC_DeleteExpr(HashCons child) {mk_DeleteExpr(child, _)}
+  or
+  HC_DeleteArrayExpr(HashCons child) {mk_DeleteArrayExpr(child, _)}
+  or
   // Any expression that is not handled by the cases above is
   // given a unique number based on the expression itself.
   HC_Unanalyzable(Expr e) { not analyzableExpr(e,_) }
@@ -222,6 +226,8 @@ class HashCons extends HCBase {
     if this instanceof HC_AlignofExpr then result = "AlignofExprOperator" else
     if this instanceof HC_ArrayAggregateLiteral then result = "ArrayAggregateLiteral" else
     if this instanceof HC_ClassAggregateLiteral then result = "ClassAggreagateLiteral" else
+    if this instanceof HC_DeleteExpr then result = "DeleteExpr" else
+    if this instanceof HC_DeleteArrayExpr then result = "DeleteArrayExpr" else
     result = "error"
   }
 
@@ -685,6 +691,24 @@ private predicate mk_NewArrayExpr(Type t, HC_Alloc alloc, HC_Init init, HC_Align
   )
 }
 
+private predicate analyzableDeleteExpr(DeleteExpr e) {
+  strictcount(e.getAChild().getFullyConverted()) = 1
+}
+
+private predicate mk_DeleteExpr(HashCons hc, DeleteExpr e) {
+  analyzableDeleteExpr(e) and
+  hc = hashCons(e.getAChild().getFullyConverted())
+}
+
+private predicate analyzableDeleteArrayExpr(DeleteArrayExpr e) {
+  strictcount(e.getAChild().getFullyConverted()) = 1
+}
+
+private predicate mk_DeleteArrayExpr(HashCons hc, DeleteArrayExpr e) {
+  analyzableDeleteArrayExpr(e) and
+  hc = hashCons(e.getAChild().getFullyConverted())
+}
+
 private predicate analyzableSizeofType(SizeofTypeOperator e) {
   strictcount(e.getType().getUnspecifiedType()) = 1 and
   strictcount(e.getTypeOperand()) = 1
@@ -804,7 +828,6 @@ private predicate mk_ArrayAggregateLiteral(Type t, HC_Array hca, ArrayAggregateL
   )
 }
 
-
 /** Gets the hash-cons of expression `e`. */
 cached HashCons hashCons(Expr e) {
   exists (int val, Type t
@@ -913,6 +936,16 @@ cached HashCons hashCons(Expr e) {
     result = HC_ArrayAggregateLiteral(t, hca)
   )
   or
+  exists(HashCons child
+  | mk_DeleteExpr(child, e) and
+    result = HC_DeleteExpr(child)
+  )
+  or
+  exists(HashCons child
+  | mk_DeleteArrayExpr(child, e) and
+    result = HC_DeleteArrayExpr(child)
+  )
+  or
   (
     mk_Nullptr(e) and
     result = HC_Nullptr()
@@ -952,6 +985,7 @@ predicate analyzableExpr(Expr e, string kind) {
   (analyzableAlignofType(e) and kind = "AlignofTypeOperator") or
   (analyzableAlignofExpr(e) and kind = "AlignofExprOperator") or
   (analyzableClassAggregateLiteral(e) and kind = "ClassAggregateLiteral") or
-  (analyzableArrayAggregateLiteral(e) and kind = "ArrayAggregateLiteral")
-  
+  (analyzableArrayAggregateLiteral(e) and kind = "ArrayAggregateLiteral") or
+  (analyzableDeleteExpr(e) and kind = "DeleteExpr") or
+  (analyzableDeleteArrayExpr(e) and kind = "DeleteArrayExpr")
 }

cpp/ql/test/library-tests/valuenumbering/HashCons/HashCons.expected

@@ -38,9 +38,9 @@
 | test.cpp:92:11:92:11 | x | 92:c11-c11 93:c10-c10 |
 | test.cpp:97:3:97:3 | x | 97:c3-c3 98:c3-c3 |
 | test.cpp:97:3:97:5 | ... ++ | 97:c3-c5 98:c3-c5 |
-| test.cpp:103:10:103:11 | 1 | 103:c10-c11 104:c7-c7 107:c7-c7 108:c7-c7 10:c16-c16 179:c21-c21 247:c11-c11 248:c11-c11 271:c19-c19 272:c19-c19 274:c19-c19 274:c22-c22 288:c5-c5 292:c5-c5 297:c5-c5 |
+| test.cpp:103:10:103:11 | 1 | 103:c10-c11 104:c7-c7 107:c7-c7 108:c7-c7 10:c16-c16 179:c21-c21 247:c11-c11 248:c11-c11 271:c28-c28 272:c28-c28 274:c19-c19 274:c22-c22 288:c5-c5 292:c5-c5 297:c5-c5 |
 | test.cpp:104:3:104:3 | x | 104:c3-c3 105:c3-c3 106:c3-c3 107:c3-c3 108:c3-c3 |
-| test.cpp:105:7:105:7 | 2 | 105:c7-c7 106:c7-c7 107:c11-c11 108:c11-c11 21:c16-c16 249:c11-c11 271:c15-c15 271:c22-c22 272:c15-c15 272:c22-c22 273:c15-c15 274:c15-c15 275:c15-c15 275:c19-c19 275:c22-c22 277:c15-c15 278:c15-c15 289:c5-c5 293:c5-c5 296:c5-c5 |
+| test.cpp:105:7:105:7 | 2 | 105:c7-c7 106:c7-c7 107:c11-c11 108:c11-c11 21:c16-c16 249:c11-c11 271:c24-c24 271:c31-c31 272:c24-c24 272:c31-c31 273:c24-c24 274:c15-c15 275:c15-c15 275:c19-c19 275:c22-c22 277:c15-c15 278:c15-c15 289:c5-c5 293:c5-c5 296:c5-c5 |
 | test.cpp:107:7:107:11 | ... + ... | 107:c7-c11 108:c7-c11 |
 | test.cpp:110:15:110:17 | 1 | 110:c15-c17 111:c9-c11 |
 | test.cpp:110:15:110:17 | (char *)... | 110:c15-c17 111:c9-c11 |
@@ -85,20 +85,22 @@
 | test.cpp:211:16:211:25 | alignof(<expr>) | 211:c16-c25 211:c3-c12 |
 | test.cpp:247:3:247:12 | new | 247:c3-c12 248:c3-c12 |
 | test.cpp:253:16:253:36 | new[] | 253:c16-c36 254:c16-c36 |
-| test.cpp:256:3:256:21 | new | 256:c3-c21 257:c3-c21 |
-| test.cpp:256:7:256:10 | (void *)... | 256:c7-c10 257:c7-c10 260:c11-c14 261:c11-c14 263:c11-c14 |
-| test.cpp:256:7:256:10 | ptr1 | 256:c7-c10 257:c7-c10 260:c11-c14 261:c11-c14 263:c11-c14 |
-| test.cpp:258:7:258:10 | (void *)... | 258:c7-c10 262:c11-c14 |
-| test.cpp:258:7:258:10 | ptr2 | 258:c7-c10 262:c11-c14 |
-| test.cpp:260:3:260:25 | new | 260:c3-c25 261:c3-c25 |
-| test.cpp:260:7:260:8 | 32 | 260:c7-c8 261:c7-c8 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c7-c8 272:c7-c8 273:c7-c8 274:c7-c8 275:c7-c8 277:c7-c8 278:c7-c8 |
-| test.cpp:260:7:260:8 | (size_t)... | 260:c7-c8 261:c7-c8 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c7-c8 272:c7-c8 273:c7-c8 274:c7-c8 275:c7-c8 277:c7-c8 278:c7-c8 |
+| test.cpp:256:3:256:28 | delete | 256:c3-c28 257:c3-c28 |
+| test.cpp:256:10:256:28 | new | 256:c10-c28 257:c10-c28 |
+| test.cpp:256:14:256:17 | (void *)... | 256:c14-c17 257:c14-c17 260:c18-c21 261:c20-c23 263:c11-c14 |
+| test.cpp:256:14:256:17 | ptr1 | 256:c14-c17 257:c14-c17 260:c18-c21 261:c20-c23 263:c11-c14 |
+| test.cpp:258:14:258:17 | (void *)... | 258:c14-c17 262:c11-c14 |
+| test.cpp:258:14:258:17 | ptr2 | 258:c14-c17 262:c11-c14 |
+| test.cpp:260:10:260:32 | new | 260:c10-c32 261:c12-c34 |
+| test.cpp:260:14:260:15 | 32 | 260:c14-c15 261:c16-c17 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c16-c17 272:c16-c17 273:c16-c17 274:c7-c8 275:c7-c8 277:c7-c8 278:c7-c8 |
+| test.cpp:260:14:260:15 | (size_t)... | 260:c14-c15 261:c16-c17 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c16-c17 272:c16-c17 273:c16-c17 274:c7-c8 275:c7-c8 277:c7-c8 278:c7-c8 |
 | test.cpp:265:3:265:19 | new | 265:c3-c19 266:c3-c19 |
 | test.cpp:268:3:268:23 | new[] | 268:c3-c23 269:c3-c23 |
 | test.cpp:268:21:268:22 | 10 | 268:c21-c22 269:c21-c22 92:c15-c16 |
-| test.cpp:271:3:271:23 | new[] | 271:c3-c23 272:c3-c23 |
-| test.cpp:271:3:271:23 | {...} | 271:c3-c23 272:c3-c23 |
-| test.cpp:273:19:273:19 | 3 | 273:c19-c19 35:c16-c16 |
+| test.cpp:271:3:271:32 | delete[] | 271:c3-c32 272:c3-c32 |
+| test.cpp:271:12:271:32 | new[] | 271:c12-c32 272:c12-c32 |
+| test.cpp:271:12:271:32 | {...} | 271:c12-c32 272:c12-c32 |
+| test.cpp:273:28:273:28 | 3 | 273:c28-c28 35:c16-c16 |
 | test.cpp:277:3:277:19 | new[] | 277:c3-c19 278:c3-c19 |
 | test.cpp:277:3:277:19 | {...} | 277:c3-c19 278:c3-c19 |
 | test.cpp:287:15:290:3 | {...} | 287:c15-c3 291:c15-c3 |

cpp/ql/test/library-tests/valuenumbering/HashCons/test.cpp

@@ -253,12 +253,12 @@ void test16() {
   char *ptr1 = new char[sizeof(int)];
   char *ptr2 = new char[sizeof(int)];
 
-  new(ptr1) IntHolder;
-  new(ptr1) IntHolder;
-  new(ptr2) IntHolder;
+  delete new(ptr1) IntHolder;
+  delete new(ptr1) IntHolder;
+  delete new(ptr2) IntHolder;
 
-  new(32, ptr1) IntHolder;
-  new(32, ptr1) IntHolder;
+  delete new(32, ptr1) IntHolder;
+  delete[] new(32, ptr1) IntHolder;
   new(32, ptr2) IntHolder;
   new(16, ptr1) IntHolder;
 
@@ -268,9 +268,9 @@ void test16() {
   new(32) IntHolder[10];
   new(32) IntHolder[10];
 
-  new(32) int[2] {1, 2};
-  new(32) int[2] {1, 2};
-  new(32) int[2] {3, 4};
+  delete[] new(32) int[2] {1, 2};
+  delete[] new(32) int[2] {1, 2};
+  delete[] new(32) int[2] {3, 4};
   new(32) int[2] {1, 1};
   new(32) int[2] {2, 2};