Updating IRGuards.qll getDerivedInstruction. Always get the deriving …

…instruction if one exists.
microsoft · Nov 4, 2024 · d17dee5 · d17dee5
1 parent 0795bcc
commit d17dee5
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -13,11 +13,19 @@ private import semmle.code.cpp.ir.implementation.raw.internal.InstructionTag
  * Returns `instr` or any instruction used to define `instr`.
  */
 private Instruction getDerivedInstruction(Instruction instr) {
-  result = valueNumber(instr).getAnInstruction() and
-  result.toString() != instr.toString() and
-  result instanceof CompareInstruction
-  or
-  result = instr
+  // If there is a defining value, use it, else derived instruction is `instr`
+  // This forces backwards examination of guards if the current instruction is 
+  // derived from a prior instruction. 
+  if
+    exists(Instruction derived |
+      derived = valueNumber(instr).getAnInstruction() and
+      derived.toString() != instr.toString()
+    )
+  then
+    result = valueNumber(instr).getAnInstruction() and
+    result.toString() != instr.toString() and
+    result instanceof CompareInstruction
+  else result = instr
 }
 
 /**