Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Brodes/guard flow parsing k #17933

Closed
wants to merge 16 commits into from
Closed

Brodes/guard flow parsing k #17933

Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
aaf3ce2
Adding test cases for boolean flow.
bdrodes Nov 4, 2024
40a6786
Adding expected false positive conditions for MissingCheckScanf once …
bdrodes Nov 4, 2024
bb989ba
Addingg expected file for test changes for MissingCheckScanf before c…
bdrodes Nov 4, 2024
ddfbb08
IRGuard overhaul to parse conditions using GVN.
bdrodes Nov 4, 2024
0795bcc
Updating expected files for new IRGuard changes.
bdrodes Nov 4, 2024
d17dee5
Updating IRGuards.qll getDerivedInstruction. Always get the deriving …
bdrodes Nov 4, 2024
6f17460
Revert "Updating IRGuards.qll getDerivedInstruction. Always get the d…
bdrodes Nov 4, 2024
41e7dae
getDerivedInstruction uses getSourceValue()
bdrodes Nov 7, 2024
a18f87d
Sketch for handling k values not defined at the guard location.
bdrodes Nov 7, 2024
934cf4c
Recurse to find a k
bdrodes Nov 7, 2024
7498c05
Simplifying k parsing.
bdrodes Nov 7, 2024
418b113
Adding conversions to the getDerivedInstruction predicate. Changed al…
bdrodes Nov 11, 2024
b29814e
Merge branch 'brodes/guard_flow_parsing' into brodes/guard_flow_parsi…
bdrodes Nov 11, 2024
2cda23b
Removing uses of ConstantInstruction in favor of Instruction for GVN-…
bdrodes Nov 11, 2024
2dfa029
Misc. poc updates to address performance issues with wireshark.
bdrodes Nov 13, 2024
72dc990
Merge branch 'brodes/guard_flow_parsing' into brodes/guard_flow_parsi…
bdrodes Nov 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -855,7 +855,7 @@ private predicate unary_compares_eq(
// ((test is `areEqual` => op == const + k2) and const == `k1`) =>
// test is `areEqual` => op == k1 + k2
inNonZeroCase = false and
exists(int k1, int k2, ConstantInstruction const |
exists(int k1, int k2, Instruction const |
compares_eq(derived, op, const.getAUse(), k2, areEqual, value) and
int_value(const) = k1 and
k = k1 + k2
Expand Down Expand Up @@ -1059,7 +1059,7 @@ private predicate compares_lt(Instruction test, Operand op, int k, boolean isLt,
compares_lt(derived.(LogicalNotInstruction).getUnary(), op, k, isLt, dual)
)
or
exists(int k1, int k2, ConstantInstruction const |
exists(int k1, int k2, Instruction const |
compares_lt(derived, op, const.getAUse(), k2, isLt, value) and
int_value(const) = k1 and
k = k1 + k2
Expand Down Expand Up @@ -1388,5 +1388,9 @@ private class IntegerOrPointerConstantInstruction extends ConstantInstruction {

/** The int value of integer constant expression. */
private int int_value(Instruction i) {
result = valueNumber(i).getAnInstruction().(IntegerOrPointerConstantInstruction).getValue().toInt()
result =
valueNumber(i).getAnInstruction().(IntegerOrPointerConstantInstruction).getValue().toInt()
or
// handle conversions
result = int_value(valueNumber(i).getAnInstruction().(ConvertInstruction).getUnary())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Watch out with materializing all Instructions when all we really care about is the value number. If we instead change the i parameter to be a ValueNumber instead this predicate will be a lot smaller.

Note that this will require changing all the callers so that they convert the argument to a value number. You can define an (inline) helper predicate to do that conversion for you. This will keep all callers as-is, and still avoid unnecessary materialization

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point, but what about inlining int_value instead?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can't inline it since it's recursive, unfortunately.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah true true. The inline helper function I think is the winner then, which is basically the best of both worlds.

}
Loading