Merge pull request #882 from jbj/ir-ConstantAnalysis-perf

rdmarsh2 · web-flow · commit 97c5b8ee44b6 · 2019-02-06T22:29:09.000-08:00
C++: Speed up IR ConstantAnalysis
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
@@ -1484,6 +1484,17 @@ class PhiInstruction extends Instruction {
   override final MemoryAccessKind getResultMemoryAccess() {
     result instanceof PhiMemoryAccess
   }
+
+  /**
+   * Gets an instruction that defines the input to one of the operands of this
+   * instruction. It's possible for more than one operand to have the same
+   * defining instruction, so this predicate will have the same number of
+   * results as `getAnOperand()` or fewer.
+   */
+  pragma[noinline]
+  final Instruction getAnOperandDefinitionInstruction() {
+    result = this.getAnOperand().(PhiOperand).getDefinitionInstruction()
+  }
 }
 
 /**
@@ -1492,7 +1503,7 @@ class PhiInstruction extends Instruction {
  *
  * A `ChiInstruction` is inserted immediately after an instruction that writes to memory. The
  * `ChiInstruction` has two operands. The first operand, given by `getTotalOperand()`, represents
- * the previous state of all of the memory that might be alised by the memory write. The second
+ * the previous state of all of the memory that might be aliased by the memory write. The second
  * operand, given by `getPartialOperand()`, represents the memory that was actually modified by the
  * memory write. The result of the `ChiInstruction` represents the same memory as
  * `getTotalOperand()`, updated to include the changes due to the value that was actually stored by
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/constant/ConstantAnalysis.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/constant/ConstantAnalysis.qll
@@ -1,38 +1,49 @@
 private import internal.ConstantAnalysisInternal
-import semmle.code.cpp.ir.internal.IntegerConstant
+private import semmle.code.cpp.ir.internal.IntegerPartial
 private import IR
 
 language[monotonicAggregates]
-IntValue getConstantValue(Instruction instr) {
+int getConstantValue(Instruction instr) {
   result = instr.(IntegerConstantInstruction).getValue().toInt() or
-  exists(BinaryInstruction binInstr, IntValue left, IntValue right |
-    binInstr = instr and
-    left = getConstantValue(binInstr.getLeftOperand()) and
-    right = getConstantValue(binInstr.getRightOperand()) and
-    (
-      binInstr instanceof AddInstruction and result = add(left, right) or
-      binInstr instanceof SubInstruction and result = sub(left, right) or
-      binInstr instanceof MulInstruction and result = mul(left, right) or
-      binInstr instanceof DivInstruction and result = div(left, right) or
-      binInstr instanceof CompareEQInstruction and result = compareEQ(left, right) or
-      binInstr instanceof CompareNEInstruction and result = compareNE(left, right) or
-      binInstr instanceof CompareLTInstruction and result = compareLT(left, right) or
-      binInstr instanceof CompareGTInstruction and result = compareGT(left, right) or
-      binInstr instanceof CompareLEInstruction and result = compareLE(left, right) or
-      binInstr instanceof CompareGEInstruction and result = compareGE(left, right)
-    )
-  ) or
-  exists(UnaryInstruction unaryInstr, IntValue src |
-    unaryInstr = instr and
-    src = getConstantValue(unaryInstr.getOperand()) and
-    (
-      unaryInstr instanceof NegateInstruction and result = neg(src)
-    )
-  ) or
+  result = getBinaryInstructionValue(instr) or
+  result = neg(getConstantValue(instr.(NegateInstruction).getOperand())) or
   result = getConstantValue(instr.(CopyInstruction).getSourceValue()) or
   exists(PhiInstruction phi |
     phi = instr and
-    result = max(PhiOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction())) and
-    result = min(PhiOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction()))
+    result = max(Instruction def | def = phi.getAnOperandDefinitionInstruction() | getConstantValueToPhi(def)) and
+    result = min(Instruction def | def = phi.getAnOperandDefinitionInstruction() | getConstantValueToPhi(def))
+  )
+}
+
+pragma[noinline]
+int getConstantValueToPhi(Instruction def) {
+  exists(PhiInstruction phi |
+    result = getConstantValue(def) and
+    def = phi.getAnOperandDefinitionInstruction()
+  )
+}
+
+pragma[noinline]
+private predicate binaryInstructionOperands(BinaryInstruction instr, int left, int right) {
+  left = getConstantValue(instr.getLeftOperand()) and
+  right = getConstantValue(instr.getRightOperand())
+}
+
+pragma[noinline]
+private int getBinaryInstructionValue(BinaryInstruction instr) {
+  exists(int left, int right |
+    binaryInstructionOperands(instr, left, right) and
+    (
+      instr instanceof AddInstruction and result = add(left, right) or
+      instr instanceof SubInstruction and result = sub(left, right) or
+      instr instanceof MulInstruction and result = mul(left, right) or
+      instr instanceof DivInstruction and result = div(left, right) or
+      instr instanceof CompareEQInstruction and result = compareEQ(left, right) or
+      instr instanceof CompareNEInstruction and result = compareNE(left, right) or
+      instr instanceof CompareLTInstruction and result = compareLT(left, right) or
+      instr instanceof CompareGTInstruction and result = compareGT(left, right) or
+      instr instanceof CompareLEInstruction and result = compareLE(left, right) or
+      instr instanceof CompareGEInstruction and result = compareGE(left, right)
+    )
   )
 }
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll
@@ -1484,6 +1484,17 @@ class PhiInstruction extends Instruction {
   override final MemoryAccessKind getResultMemoryAccess() {
     result instanceof PhiMemoryAccess
   }
+
+  /**
+   * Gets an instruction that defines the input to one of the operands of this
+   * instruction. It's possible for more than one operand to have the same
+   * defining instruction, so this predicate will have the same number of
+   * results as `getAnOperand()` or fewer.
+   */
+  pragma[noinline]
+  final Instruction getAnOperandDefinitionInstruction() {
+    result = this.getAnOperand().(PhiOperand).getDefinitionInstruction()
+  }
 }
 
 /**
@@ -1492,7 +1503,7 @@ class PhiInstruction extends Instruction {
  *
  * A `ChiInstruction` is inserted immediately after an instruction that writes to memory. The
  * `ChiInstruction` has two operands. The first operand, given by `getTotalOperand()`, represents
- * the previous state of all of the memory that might be alised by the memory write. The second
+ * the previous state of all of the memory that might be aliased by the memory write. The second
  * operand, given by `getPartialOperand()`, represents the memory that was actually modified by the
  * memory write. The result of the `ChiInstruction` represents the same memory as
  * `getTotalOperand()`, updated to include the changes due to the value that was actually stored by
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll
@@ -1,38 +1,49 @@
 private import internal.ConstantAnalysisInternal
-import semmle.code.cpp.ir.internal.IntegerConstant
+private import semmle.code.cpp.ir.internal.IntegerPartial
 private import IR
 
 language[monotonicAggregates]
-IntValue getConstantValue(Instruction instr) {
+int getConstantValue(Instruction instr) {
   result = instr.(IntegerConstantInstruction).getValue().toInt() or
-  exists(BinaryInstruction binInstr, IntValue left, IntValue right |
-    binInstr = instr and
-    left = getConstantValue(binInstr.getLeftOperand()) and
-    right = getConstantValue(binInstr.getRightOperand()) and
-    (
-      binInstr instanceof AddInstruction and result = add(left, right) or
-      binInstr instanceof SubInstruction and result = sub(left, right) or
-      binInstr instanceof MulInstruction and result = mul(left, right) or
-      binInstr instanceof DivInstruction and result = div(left, right) or
-      binInstr instanceof CompareEQInstruction and result = compareEQ(left, right) or
-      binInstr instanceof CompareNEInstruction and result = compareNE(left, right) or
-      binInstr instanceof CompareLTInstruction and result = compareLT(left, right) or
-      binInstr instanceof CompareGTInstruction and result = compareGT(left, right) or
-      binInstr instanceof CompareLEInstruction and result = compareLE(left, right) or
-      binInstr instanceof CompareGEInstruction and result = compareGE(left, right)
-    )
-  ) or
-  exists(UnaryInstruction unaryInstr, IntValue src |
-    unaryInstr = instr and
-    src = getConstantValue(unaryInstr.getOperand()) and
-    (
-      unaryInstr instanceof NegateInstruction and result = neg(src)
-    )
-  ) or
+  result = getBinaryInstructionValue(instr) or
+  result = neg(getConstantValue(instr.(NegateInstruction).getOperand())) or
   result = getConstantValue(instr.(CopyInstruction).getSourceValue()) or
   exists(PhiInstruction phi |
     phi = instr and
-    result = max(PhiOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction())) and
-    result = min(PhiOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction()))
+    result = max(Instruction def | def = phi.getAnOperandDefinitionInstruction() | getConstantValueToPhi(def)) and
+    result = min(Instruction def | def = phi.getAnOperandDefinitionInstruction() | getConstantValueToPhi(def))
+  )
+}
+
+pragma[noinline]
+int getConstantValueToPhi(Instruction def) {
+  exists(PhiInstruction phi |
+    result = getConstantValue(def) and
+    def = phi.getAnOperandDefinitionInstruction()
+  )
+}
+
+pragma[noinline]
+private predicate binaryInstructionOperands(BinaryInstruction instr, int left, int right) {
+  left = getConstantValue(instr.getLeftOperand()) and
+  right = getConstantValue(instr.getRightOperand())
+}
+
+pragma[noinline]
+private int getBinaryInstructionValue(BinaryInstruction instr) {
+  exists(int left, int right |
+    binaryInstructionOperands(instr, left, right) and
+    (
+      instr instanceof AddInstruction and result = add(left, right) or
+      instr instanceof SubInstruction and result = sub(left, right) or
+      instr instanceof MulInstruction and result = mul(left, right) or
+      instr instanceof DivInstruction and result = div(left, right) or
+      instr instanceof CompareEQInstruction and result = compareEQ(left, right) or
+      instr instanceof CompareNEInstruction and result = compareNE(left, right) or
+      instr instanceof CompareLTInstruction and result = compareLT(left, right) or
+      instr instanceof CompareGTInstruction and result = compareGT(left, right) or
+      instr instanceof CompareLEInstruction and result = compareLE(left, right) or
+      instr instanceof CompareGEInstruction and result = compareGE(left, right)
+    )
   )
 }
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/ReachableBlock.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/ReachableBlock.qll
@@ -1,11 +1,10 @@
 private import ReachableBlockInternal
-private import semmle.code.cpp.ir.internal.IntegerConstant
 private import IR
 private import ConstantAnalysis
 
 predicate isInfeasibleInstructionSuccessor(Instruction instr, EdgeKind kind) {
   exists(int conditionValue |
-    conditionValue = getValue(getConstantValue(instr.(ConditionalBranchInstruction).getCondition())) and
+    conditionValue = getConstantValue(instr.(ConditionalBranchInstruction).getCondition()) and
     if conditionValue = 0 then
       kind instanceof TrueEdge
     else
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
@@ -1484,6 +1484,17 @@ class PhiInstruction extends Instruction {
   override final MemoryAccessKind getResultMemoryAccess() {
     result instanceof PhiMemoryAccess
   }
+
+  /**
+   * Gets an instruction that defines the input to one of the operands of this
+   * instruction. It's possible for more than one operand to have the same
+   * defining instruction, so this predicate will have the same number of
+   * results as `getAnOperand()` or fewer.
+   */
+  pragma[noinline]
+  final Instruction getAnOperandDefinitionInstruction() {
+    result = this.getAnOperand().(PhiOperand).getDefinitionInstruction()
+  }
 }
 
 /**
@@ -1492,7 +1503,7 @@ class PhiInstruction extends Instruction {
  *
  * A `ChiInstruction` is inserted immediately after an instruction that writes to memory. The
  * `ChiInstruction` has two operands. The first operand, given by `getTotalOperand()`, represents
- * the previous state of all of the memory that might be alised by the memory write. The second
+ * the previous state of all of the memory that might be aliased by the memory write. The second
  * operand, given by `getPartialOperand()`, represents the memory that was actually modified by the
  * memory write. The result of the `ChiInstruction` represents the same memory as
  * `getTotalOperand()`, updated to include the changes due to the value that was actually stored by
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/ConstantAnalysis.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/ConstantAnalysis.qll
@@ -1,38 +1,49 @@
 private import internal.ConstantAnalysisInternal
-import semmle.code.cpp.ir.internal.IntegerConstant
+private import semmle.code.cpp.ir.internal.IntegerPartial
 private import IR
 
 language[monotonicAggregates]
-IntValue getConstantValue(Instruction instr) {
+int getConstantValue(Instruction instr) {
   result = instr.(IntegerConstantInstruction).getValue().toInt() or
-  exists(BinaryInstruction binInstr, IntValue left, IntValue right |
-    binInstr = instr and
-    left = getConstantValue(binInstr.getLeftOperand()) and
-    right = getConstantValue(binInstr.getRightOperand()) and
-    (
-      binInstr instanceof AddInstruction and result = add(left, right) or
-      binInstr instanceof SubInstruction and result = sub(left, right) or
-      binInstr instanceof MulInstruction and result = mul(left, right) or
-      binInstr instanceof DivInstruction and result = div(left, right) or
-      binInstr instanceof CompareEQInstruction and result = compareEQ(left, right) or
-      binInstr instanceof CompareNEInstruction and result = compareNE(left, right) or
-      binInstr instanceof CompareLTInstruction and result = compareLT(left, right) or
-      binInstr instanceof CompareGTInstruction and result = compareGT(left, right) or
-      binInstr instanceof CompareLEInstruction and result = compareLE(left, right) or
-      binInstr instanceof CompareGEInstruction and result = compareGE(left, right)
-    )
-  ) or
-  exists(UnaryInstruction unaryInstr, IntValue src |
-    unaryInstr = instr and
-    src = getConstantValue(unaryInstr.getOperand()) and
-    (
-      unaryInstr instanceof NegateInstruction and result = neg(src)
-    )
-  ) or
+  result = getBinaryInstructionValue(instr) or
+  result = neg(getConstantValue(instr.(NegateInstruction).getOperand())) or
   result = getConstantValue(instr.(CopyInstruction).getSourceValue()) or
   exists(PhiInstruction phi |
     phi = instr and
-    result = max(PhiOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction())) and
-    result = min(PhiOperand operand | operand = phi.getAnOperand() | getConstantValue(operand.getDefinitionInstruction()))
+    result = max(Instruction def | def = phi.getAnOperandDefinitionInstruction() | getConstantValueToPhi(def)) and
+    result = min(Instruction def | def = phi.getAnOperandDefinitionInstruction() | getConstantValueToPhi(def))
+  )
+}
+
+pragma[noinline]
+int getConstantValueToPhi(Instruction def) {
+  exists(PhiInstruction phi |
+    result = getConstantValue(def) and
+    def = phi.getAnOperandDefinitionInstruction()
+  )
+}
+
+pragma[noinline]
+private predicate binaryInstructionOperands(BinaryInstruction instr, int left, int right) {
+  left = getConstantValue(instr.getLeftOperand()) and
+  right = getConstantValue(instr.getRightOperand())
+}
+
+pragma[noinline]
+private int getBinaryInstructionValue(BinaryInstruction instr) {
+  exists(int left, int right |
+    binaryInstructionOperands(instr, left, right) and
+    (
+      instr instanceof AddInstruction and result = add(left, right) or
+      instr instanceof SubInstruction and result = sub(left, right) or
+      instr instanceof MulInstruction and result = mul(left, right) or
+      instr instanceof DivInstruction and result = div(left, right) or
+      instr instanceof CompareEQInstruction and result = compareEQ(left, right) or
+      instr instanceof CompareNEInstruction and result = compareNE(left, right) or
+      instr instanceof CompareLTInstruction and result = compareLT(left, right) or
+      instr instanceof CompareGTInstruction and result = compareGT(left, right) or
+      instr instanceof CompareLEInstruction and result = compareLE(left, right) or
+      instr instanceof CompareGEInstruction and result = compareGE(left, right)
+    )
   )
 }
diff --git a/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/ReachableBlock.qll b/cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/ReachableBlock.qll
@@ -1,11 +1,10 @@
 private import ReachableBlockInternal
-private import semmle.code.cpp.ir.internal.IntegerConstant
 private import IR
 private import ConstantAnalysis
 
 predicate isInfeasibleInstructionSuccessor(Instruction instr, EdgeKind kind) {
   exists(int conditionValue |
-    conditionValue = getValue(getConstantValue(instr.(ConditionalBranchInstruction).getCondition())) and
+    conditionValue = getConstantValue(instr.(ConditionalBranchInstruction).getCondition()) and
     if conditionValue = 0 then
       kind instanceof TrueEdge
     else
diff --git a/cpp/ql/src/semmle/code/cpp/ir/internal/IntegerPartial.qll b/cpp/ql/src/semmle/code/cpp/ir/internal/IntegerPartial.qll
