C++: Fix missing results for Node.asDefinition
#21212
Open
+53
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes DataFlow::Node.asDefinition so it returns a result (marked uncertain = true) even when the underlying StoreInstruction has no corresponding SSA definition, preventing “missing result” cases.
Changes:
- Adjusted
Node.asDefinition/1implementation to avoid depending onSsaImpl::defToNodefor producing any result. - Added a new InlineExpectations-based regression test for
asDefinitionover different store forms (including a field store / dead variable store).
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll | Updates asDefinition uncertainty determination so stores without SSA still yield a result. |
| cpp/ql/test/library-tests/dataflow/asDefinition/test.ql | Adds an InlineExpectations test query for Node.asDefinition. |
| cpp/ql/test/library-tests/dataflow/asDefinition/test.cpp | Adds C++ test cases exercising assignments/initializers including a field store. |
| cpp/ql/test/library-tests/dataflow/asDefinition/test.expected | Empty InlineExpectations expected-output file for the new test. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For a dataflow node
none can ask ifnis the node corresponding to aStoreInstruction. This is useful when one wants to deal uniformly with all kinds of assignments/initializers/increments/decrements/etc.The predicate also tells you whether an assignment overwrites an entire buffer or whether it may be a partial write (i.e.,
node.asDefinition(true)means the write may not overwrite the entire buffer). In order to do that it uses some of the SSA predicates (in particular,SsaImpl::defToNode) to find the correspondingSsa::Definitionbelonging to theStoreInstruction.However, if there's no corresponding SSA information for the
StoreInstruction(for instance, if it's a store to a field or to a variable that is not live) thenSsaImpl::defToNodewon't hold. And so the entirenode.asDefinitionpredicate did not have a result.This PR fixes this so that, instead of the predicate not having a result, it will have a result with
uncertain = true. This means thatnode.asDefinitioncan now be used to grab all assignments/initializers/increments/decrements/etc regardless of whether we have SSA information for it.cc @bdrodes