Fix problem with IsExpr

AndreiDiaconu1 · AndreiDiaconu1 · commit a86a15d2809e · 2019-09-23T17:37:50.000+01:00
The translation of `IsExpr` created a sanity check to fail since it generated
a Phi node that had only one source: if a variable was declared as part of the `IsExpr`, a conditional branch was generated, and the variable was defined only in the true successor; this has been changes so that the declaration happens before the conditional branch, and the variable is uninitialized (this removed the need for the `isInitializedByElement` predicate from `TranslatedDeclarationBase`, so that has been removed) and only the assignment happens in the true successor block (so now the two inputs of the Phi node are the result of the `Uninitialized` instruction and the `Store` instruction from the true successor block).
diff --git a/csharp/ql/src/semmle/code/csharp/ir/IRConfiguration.qll b/csharp/ql/src/semmle/code/csharp/ir/IRConfiguration.qll
@@ -15,7 +15,7 @@ class IRConfiguration extends TIRConfiguration {
   /**
    * Holds if IR should be created for callable `callable`. By default, holds for all callables.
    */
-  predicate shouldCreateIRForFunction(Callable callable) { 
+  predicate shouldCreateIRForFunction(Callable callable) {
     callable.getLocation().getFile().getExtension() = "cs"
   }
 }
diff --git a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedDeclaration.qll b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedDeclaration.qll
@@ -72,6 +72,4 @@ class TranslatedLocalVariableDeclaration extends TranslatedLocalDeclaration,
         // then the simple variable initialization
         result = getTranslatedInitialization(var.getInitializer())
   }
-
-  override predicate isInitializedByElement() { expr.getParent() instanceof IsExpr }
 }
diff --git a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -1792,27 +1792,27 @@ class TranslatedIsExpr extends TranslatedNonConstantExpr {
     this.hasVar() and
     tag = GeneratedBranchTag() and
     (
-      tag = GeneratedBranchTag() and
       kind instanceof TrueEdge and
-      result = getPatternVarDecl().getFirstInstruction()
+      result = this.getInstruction(InitializerStoreTag())
       or
-      tag = GeneratedBranchTag() and
       kind instanceof FalseEdge and
       result = this.getParent().getChildSuccessor(this)
     )
     or
     tag = GeneratedConstantTag() and
     kind instanceof GotoEdge and
-    result = this.getInstruction(GeneratedNEQTag())
+    if this.hasVar()
+    then result = this.getPatternVarDecl().getFirstInstruction()
+    else result = this.getInstruction(GeneratedNEQTag())
   }
 
   override Instruction getChildSuccessor(TranslatedElement child) {
     child = this.getIsExpr() and
     result = this.getInstruction(ConvertTag())
     or
     this.hasVar() and
-    child = getPatternVarDecl() and
-    result = this.getInstruction(InitializerStoreTag())
+    child = this.getPatternVarDecl() and
+    result = this.getInstruction(GeneratedNEQTag())
   }
 
   override predicate hasInstruction(
@@ -1842,7 +1842,7 @@ class TranslatedIsExpr extends TranslatedNonConstantExpr {
     this.hasVar() and
     tag = GeneratedBranchTag() and
     opcode instanceof Opcode::ConditionalBranch and
-    resultType = expr.getType() and
+    resultType instanceof VoidType and
     isLValue = false
   }
 
diff --git a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll
@@ -39,12 +39,7 @@ abstract class LocalVariableDeclarationBase extends TranslatedElement {
       kind instanceof GotoEdge and
       if hasUninitializedInstruction()
       then result = getInstruction(InitializerStoreTag())
-      else
-        if isInitializedByElement()
-        then
-          // initialization is done by an element
-          result = getParent().getChildSuccessor(this)
-        else result = getInitialization().getFirstInstruction()
+      else result = getInitialization().getFirstInstruction()
     )
     or
     hasUninitializedInstruction() and
@@ -75,11 +70,8 @@ abstract class LocalVariableDeclarationBase extends TranslatedElement {
    * desugaring process.
    */
   predicate hasUninitializedInstruction() {
-    (
-      not exists(getInitialization()) or
-      getInitialization() instanceof TranslatedListInitialization
-    ) and
-    not isInitializedByElement()
+    not exists(getInitialization()) or
+    getInitialization() instanceof TranslatedListInitialization
   }
 
   Instruction getVarAddress() { result = getInstruction(InitializerVariableAddressTag()) }
@@ -101,10 +93,4 @@ abstract class LocalVariableDeclarationBase extends TranslatedElement {
    * as a different step, but do it during the declaration.
    */
   abstract TranslatedElement getInitialization();
-
-  /**
-   * Holds if a declaration is not explicitly initialized,
-   * but will be implicitly initialized by an element.
-   */
-  abstract predicate isInitializedByElement();
 }
diff --git a/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedDeclaration.qll b/csharp/ql/src/semmle/code/csharp/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedDeclaration.qll
@@ -72,10 +72,6 @@ abstract class TranslatedCompilerGeneratedDeclaration extends LocalVariableDecla
   // element
   override LocalVariable getDeclVar() { none() }
 
-  // A compiler generated element always has an explicit
-  // initialization
-  override predicate isInitializedByElement() { none() }
-
   override Type getVarType() { result = getIRVariable().getType() }
 
   /**
diff --git a/csharp/ql/test/library-tests/ir/ir/raw_ir.expected b/csharp/ql/test/library-tests/ir/ir/raw_ir.expected
@@ -806,8 +806,10 @@ isexpr.cs:
 #   13|     r0_13(Object)        = Load                 : &:r0_12, ~mu0_2
 #   13|     r0_14(Is_A)          = CheckedConvertOrNull : r0_13
 #   13|     r0_15(Is_A)          = Constant[0]          : 
-#   13|     r0_16(Boolean)       = CompareNE            : r0_14, r0_15
-#   13|     r0_17(Boolean)       = ConditionalBranch    : r0_16
+#   13|     r0_16(glval<Is_A>)   = VariableAddress[tmp] : 
+#   13|     mu0_17(Is_A)         = Uninitialized[tmp]   : &:r0_16
+#   13|     r0_18(Boolean)       = CompareNE            : r0_14, r0_15
+#   13|     v0_19(Void)          = ConditionalBranch    : r0_18
 #-----|   False -> Block 2
 #-----|   True -> Block 3
 
@@ -817,13 +819,12 @@ isexpr.cs:
 #    8|     v1_2(Void) = ExitFunction : 
 
 #   13|   Block 2
-#   13|     v2_0(Void) = ConditionalBranch : r0_16
+#   13|     v2_0(Void) = ConditionalBranch : r0_18
 #-----|   False -> Block 5
 #-----|   True -> Block 4
 
 #   13|   Block 3
-#   13|     r3_0(glval<Is_A>) = VariableAddress[tmp] : 
-#   13|     mu3_1(Is_A)       = Store                : &:r3_0, r0_14
+#   13|     mu3_0(Is_A) = Store : &:r0_16, r0_14
 #-----|   Goto -> Block 2
 
 #   15|   Block 4

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ class IRConfiguration extends TIRConfiguration {`
`15`	`15`	`/**`
`16`	`16`	* Holds if IR should be created for callable `callable`. By default, holds for all callables.
`17`	`17`	`*/`
`18`		`- predicate shouldCreateIRForFunction(Callable callable) {`
	`18`	`+ predicate shouldCreateIRForFunction(Callable callable) {`
`19`	`19`	`callable.getLocation().getFile().getExtension() = "cs"`
`20`	`20`	`}`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,4 @@ class TranslatedLocalVariableDeclaration extends TranslatedLocalDeclaration,`
`72`	`72`	`// then the simple variable initialization`
`73`	`73`	`result = getTranslatedInitialization(var.getInitializer())`
`74`	`74`	`}`
`75`		`-`
`76`		`- override predicate isInitializedByElement() { expr.getParent() instanceof IsExpr }`
`77`	`75`	`}`