C++: initial support for aggregate initializers

Robert Marsh · Robert Marsh · commit 752f39b5374e · 2018-09-10T12:22:43.000-07:00
diff --git a/cpp/ql/src/semmle/code/cpp/valuenumbering/HashCons.qll b/cpp/ql/src/semmle/code/cpp/valuenumbering/HashCons.qll
@@ -107,6 +107,14 @@ private cached newtype HCBase =
   or
   HC_AlignofExpr(HashCons child) {mk_AlignofExpr(child, _)}
   or
+  HC_ClassAggregateLiteral(Class c, HC_Fields hcf) {
+    mk_ClassAggregateLiteral(c, hcf, _)
+  }
+  or
+  HC_ArrayAggregateLiteral(Type t, HC_Array hca) {
+    mk_ArrayAggregateLiteral(t, hca, _)
+  }
+  or
   // Any expression that is not handled by the cases above is
   // given a unique number based on the expression itself.
   HC_Unanalyzable(Expr e) { not analyzableExpr(e,_) }
@@ -144,6 +152,30 @@ private newtype HC_Args =
     mk_ArgCons(fcn, hc, i, list, _)
   }
 
+/**
+ * Used to implement hash-consing of struct initizializers.
+ */
+private newtype HC_Fields =
+  HC_EmptyFields(Class c) {
+    exists(ClassAggregateLiteral cal |
+      c = cal.getType().getUnspecifiedType()
+    )
+  }
+  or
+  HC_FieldCons(Class c, int i, Field f, HashCons hc, HC_Fields hcf) {
+   mk_FieldCons(c, i, f, hc, hcf, _)
+  }
+
+private newtype HC_Array =
+  HC_EmptyArray(Type t) {
+    exists(ArrayAggregateLiteral aal |
+      aal.getType() = t
+    )
+  }
+  or
+  HC_ArrayCons(Type t, int i, HashCons hc, HC_Array hca) {
+    mk_ArrayCons(t, i, hc, hca, _)
+  }
 /**
  * HashCons is the hash-cons of an expression. The relationship between `Expr`
  * and `HC` is many-to-one: every `Expr` has exactly one `HC`, but multiple
@@ -188,6 +220,8 @@ class HashCons extends HCBase {
     if this instanceof HC_SizeofExpr then result = "SizeofExprOperator" else
     if this instanceof HC_AlignofType then result = "AlignofTypeOperator" else
     if this instanceof HC_AlignofExpr then result = "AlignofExprOperator" else
+    if this instanceof HC_ArrayAggregateLiteral then result = "ArrayAggregateLiteral" else
+    if this instanceof HC_ClassAggregateLiteral then result = "ClassAggreagateLiteral" else
     result = "error"
   }
 
@@ -690,6 +724,87 @@ private predicate mk_AlignofExpr(HashCons child, AlignofExprOperator e) {
   child = hashCons(e.getAChild())
 }
 
+private predicate mk_FieldCons(Class c, int i, Field f, HashCons hc, HC_Fields hcf,
+  ClassAggregateLiteral cal) {
+  analyzableClassAggregateLiteral(cal) and
+  cal.getType().getUnspecifiedType() = c and
+  exists(Expr e |
+    e = cal.getFieldExpr(f).getFullyConverted() and
+    e = cal.getChild(i).getFullyConverted() and
+    hc = hashCons(e) and
+    (
+      exists(HashCons head, Field f2, HC_Fields tail |
+        hcf = HC_FieldCons(c, i-1, f2, head, tail) and
+        cal.getChild(i-1).getFullyConverted() = cal.getFieldExpr(f2).getFullyConverted() and
+        mk_FieldCons(c, i-1, f2, head, tail, cal)
+        
+      )
+      or
+      i = 0 and
+      hcf = HC_EmptyFields(c)
+    )
+  )
+}
+
+private predicate analyzableClassAggregateLiteral(ClassAggregateLiteral cal) {
+  forall(int i |
+    exists(cal.getChild(i)) |
+    strictcount(cal.getChild(i).getFullyConverted()) = 1 and
+    strictcount(Field f | cal.getChild(i) = cal.getFieldExpr(f)) = 1
+  )
+}
+
+private predicate mk_ClassAggregateLiteral(Class c, HC_Fields hcf, ClassAggregateLiteral cal) {
+  analyzableClassAggregateLiteral(cal) and
+  c = cal.getType().getUnspecifiedType() and
+  (
+    exists(HC_Fields tail, Expr e, Field f |
+      e = cal.getChild(cal.getNumChild() - 1).getFullyConverted() and
+      e = cal.getFieldExpr(f).getFullyConverted() and
+      hcf = HC_FieldCons(c, cal.getNumChild() - 1, f, hashCons(e), tail) and
+      mk_FieldCons(c, cal.getNumChild() - 1, f, hashCons(e), tail, cal)
+    )
+    or
+    cal.getNumChild() = 0 and
+    hcf = HC_EmptyFields(c)
+  )
+}
+
+private predicate analyzableArrayAggregateLiteral(ArrayAggregateLiteral aal) {
+  forall(int i |
+    exists(aal.getChild(i)) |
+    strictcount(aal.getChild(i).getFullyConverted()) = 1
+  )
+}
+
+private predicate mk_ArrayCons(Type t, int i, HashCons hc, HC_Array hca, ArrayAggregateLiteral aal) {
+  t = aal.getType().getUnspecifiedType() and
+  hc = hashCons(aal.getChild(i)) and
+  (
+    exists(HC_Array tail, HashCons head |
+      hca = HC_ArrayCons(t, i - 1, head, tail) and
+      mk_ArrayCons(t, i-1, head, tail, aal)
+    )
+    or
+    i = 0 and
+    hca = HC_EmptyArray(t)
+  )
+}
+
+private predicate mk_ArrayAggregateLiteral(Type t, HC_Array hca, ArrayAggregateLiteral aal) {
+  t = aal.getType().getUnspecifiedType() and
+  (
+    exists(HashCons head, HC_Array tail |
+      hca = HC_ArrayCons(t, aal.getNumChild() - 1, head, tail) and
+      mk_ArrayCons(t, aal.getNumChild() - 1, head, tail, aal)
+    )
+    or
+    aal.getNumChild() = 0 and
+    hca = HC_EmptyArray(t)
+  )
+}
+
+
 /** Gets the hash-cons of expression `e`. */
 cached HashCons hashCons(Expr e) {
   exists (int val, Type t
@@ -788,6 +903,16 @@ cached HashCons hashCons(Expr e) {
     result = HC_AlignofExpr(child)
   )
   or
+  exists(Class c, HC_Fields hfc
+  | mk_ClassAggregateLiteral(c, hfc, e) and
+    result = HC_ClassAggregateLiteral(c, hfc)
+  )
+  or
+  exists(Type t, HC_Array hca
+  | mk_ArrayAggregateLiteral(t, hca, e) and
+    result = HC_ArrayAggregateLiteral(t, hca)
+  )
+  or
   (
     mk_Nullptr(e) and
     result = HC_Nullptr()
@@ -825,5 +950,8 @@ predicate analyzableExpr(Expr e, string kind) {
   (analyzableSizeofType(e) and kind = "SizeofTypeOperator") or
   (analyzableSizeofExpr(e) and kind = "SizeofExprOperator") or
   (analyzableAlignofType(e) and kind = "AlignofTypeOperator") or
-  (analyzableAlignofExpr(e) and kind = "AlignofExprOperator")
+  (analyzableAlignofExpr(e) and kind = "AlignofExprOperator") or
+  (analyzableClassAggregateLiteral(e) and kind = "ClassAggregateLiteral") or
+  (analyzableArrayAggregateLiteral(e) and kind = "ArrayAggregateLiteral")
+  
 }
diff --git a/cpp/ql/test/library-tests/valuenumbering/HashCons/HashCons.expected b/cpp/ql/test/library-tests/valuenumbering/HashCons/HashCons.expected
@@ -38,9 +38,9 @@
 | test.cpp:92:11:92:11 | x | 92:c11-c11 93:c10-c10 |
 | test.cpp:97:3:97:3 | x | 97:c3-c3 98:c3-c3 |
 | test.cpp:97:3:97:5 | ... ++ | 97:c3-c5 98:c3-c5 |
-| test.cpp:103:10:103:11 | 1 | 103:c10-c11 104:c7-c7 107:c7-c7 108:c7-c7 10:c16-c16 179:c21-c21 247:c11-c11 248:c11-c11 271:c19-c19 272:c19-c19 |
+| test.cpp:103:10:103:11 | 1 | 103:c10-c11 104:c7-c7 107:c7-c7 108:c7-c7 10:c16-c16 179:c21-c21 247:c11-c11 248:c11-c11 271:c19-c19 272:c19-c19 274:c19-c19 274:c22-c22 288:c5-c5 292:c5-c5 297:c5-c5 |
 | test.cpp:104:3:104:3 | x | 104:c3-c3 105:c3-c3 106:c3-c3 107:c3-c3 108:c3-c3 |
-| test.cpp:105:7:105:7 | 2 | 105:c7-c7 106:c7-c7 107:c11-c11 108:c11-c11 21:c16-c16 249:c11-c11 271:c15-c15 271:c22-c22 272:c15-c15 272:c22-c22 273:c15-c15 |
+| test.cpp:105:7:105:7 | 2 | 105:c7-c7 106:c7-c7 107:c11-c11 108:c11-c11 21:c16-c16 249:c11-c11 271:c15-c15 271:c22-c22 272:c15-c15 272:c22-c22 273:c15-c15 274:c15-c15 275:c15-c15 275:c19-c19 275:c22-c22 277:c15-c15 278:c15-c15 289:c5-c5 293:c5-c5 296:c5-c5 |
 | test.cpp:107:7:107:11 | ... + ... | 107:c7-c11 108:c7-c11 |
 | test.cpp:110:15:110:17 | 1 | 110:c15-c17 111:c9-c11 |
 | test.cpp:110:15:110:17 | (char *)... | 110:c15-c17 111:c9-c11 |
@@ -91,9 +91,14 @@
 | test.cpp:258:7:258:10 | (void *)... | 258:c7-c10 262:c11-c14 |
 | test.cpp:258:7:258:10 | ptr2 | 258:c7-c10 262:c11-c14 |
 | test.cpp:260:3:260:25 | new | 260:c3-c25 261:c3-c25 |
-| test.cpp:260:7:260:8 | 32 | 260:c7-c8 261:c7-c8 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c7-c8 272:c7-c8 273:c7-c8 |
-| test.cpp:260:7:260:8 | (size_t)... | 260:c7-c8 261:c7-c8 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c7-c8 272:c7-c8 273:c7-c8 |
+| test.cpp:260:7:260:8 | 32 | 260:c7-c8 261:c7-c8 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c7-c8 272:c7-c8 273:c7-c8 274:c7-c8 275:c7-c8 277:c7-c8 278:c7-c8 |
+| test.cpp:260:7:260:8 | (size_t)... | 260:c7-c8 261:c7-c8 262:c7-c8 265:c7-c8 266:c7-c8 268:c7-c8 269:c7-c8 271:c7-c8 272:c7-c8 273:c7-c8 274:c7-c8 275:c7-c8 277:c7-c8 278:c7-c8 |
 | test.cpp:265:3:265:19 | new | 265:c3-c19 266:c3-c19 |
 | test.cpp:268:3:268:23 | new[] | 268:c3-c23 269:c3-c23 |
 | test.cpp:268:21:268:22 | 10 | 268:c21-c22 269:c21-c22 92:c15-c16 |
+| test.cpp:271:3:271:23 | new[] | 271:c3-c23 272:c3-c23 |
+| test.cpp:271:3:271:23 | {...} | 271:c3-c23 272:c3-c23 |
 | test.cpp:273:19:273:19 | 3 | 273:c19-c19 35:c16-c16 |
+| test.cpp:277:3:277:19 | new[] | 277:c3-c19 278:c3-c19 |
+| test.cpp:277:3:277:19 | {...} | 277:c3-c19 278:c3-c19 |
+| test.cpp:287:15:290:3 | {...} | 287:c15-c3 291:c15-c3 |
diff --git a/cpp/ql/test/library-tests/valuenumbering/HashCons/test.cpp b/cpp/ql/test/library-tests/valuenumbering/HashCons/test.cpp
@@ -271,4 +271,29 @@ void test16() {
   new(32) int[2] {1, 2};
   new(32) int[2] {1, 2};
   new(32) int[2] {3, 4};
+  new(32) int[2] {1, 1};
+  new(32) int[2] {2, 2};
+
+  new(32) int[2] {};
+  new(32) int[2] {};
+}
+
+typedef struct point{
+  int x;
+  int y;
+} point_t;
+
+void test17() {
+  point_t p1 = {
+    1,
+    2
+  };
+  point_t p2 = {
+    1,
+    2
+  };
+  point_t p3 = {
+    2,
+    1
+  };
 }
