Skip to content

C++: Flow out of invalid functions #12005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 29, 2023
Merged

C++: Flow out of invalid functions #12005

merged 2 commits into from
Jan 29, 2023

Conversation

MathiasVP
Copy link
Contributor

We were not getting flow out of functions that were missing return statements since they might not have a ReturnInstruction.

After this PR, we (ab)use the generated UnreachedInstruction to assign an index in the final basic block so that SSA will ensure that we have flow out of the (invalid) function.

@MathiasVP MathiasVP requested a review from a team as a code owner January 27, 2023 11:47
@github-actions github-actions bot added the C++ label Jan 27, 2023
@MathiasVP MathiasVP added the no-change-note-required This PR does not need a change note label Jan 27, 2023
jketema
jketema reviewed Jan 27, 2023
View reviewed changes
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/ssa0/SsaInternals.qll
return instanceof ReturnInstruction or
return instanceof UnreachedInstruction
|
block.getInstruction(index) = return and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

index + 1 has been replaced here by index. Was this incorrect before?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, good question. It wasn't actually incorrect. The only thing we require is that it's the last use of the parameter in the body of the function. ssa0/SsaInternals.qll did index + 1, and SsaInternals.qll did index. So I just synced them up to be index for consistency. This will hopefully make it easier to merge those two files into one parameterized module eventually.

Copy link
Contributor Author

@MathiasVP MathiasVP Jan 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

index + 1 might actually be problematic since we can generate IR where the UnreachedInstruction is the only thing in the block. So there wouldn't necessarily be any instruction at block.getInstruction(index + 1).

This is different from ReturnInstructions since we know there is always a ExitFunctionInstruction (or whatever it's called) after the ReturnInstructions.

jketema
jketema approved these changes Jan 27, 2023
View reviewed changes
Copy link
Contributor

@jketema jketema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM provided DCA is happy and we now have the two missing results back in our internal tests.

@MathiasVP
Copy link
Contributor Author

The internal test still isn't recovered, but I think there's an additional step necessary for this. I'll write up my investigation in our internal issue for this.

@MathiasVP MathiasVP merged commit 9573395 into github:mathiasvp/replace-ast-with-ir-use-usedataflow Jan 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jketema jketema jketema approved these changes

Assignees
No one assigned
Labels
C++ no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MathiasVP @jketema