Merge pull request #67 from dave-bartolomeo/dave/CastToVoid

C++: Handle casts to `void` in IR

Author: jbj

cpp/ql/src/semmle/code/cpp/exprs/Cast.qll

@@ -292,6 +292,20 @@ class BoolConversion extends Cast {
   }
 }
 
+/**
+ * A conversion to `void`.
+ */
+class VoidConversion extends Cast {
+  VoidConversion() {
+    conversionkinds(this, 0) and
+    getType().getUnspecifiedType() instanceof VoidType
+  }
+
+  override string getSemanticConversionString() {
+    result = "conversion to void"
+  }
+}
+
 /**
  * A conversion between two pointers or glvalues related by inheritance. The
  * base class will always be either a direct base class of the derived class,

cpp/ql/src/semmle/code/cpp/ir/internal/Instruction.qll

@@ -67,6 +67,40 @@ module InstructionSanity {
     not tag instanceof UnmodeledUseOperand
   }
 
+  /**
+   * Holds if `Phi` instruction `instr` is missing an operand corresponding to
+   * the predecessor block `pred`.
+   */
+  query predicate missingPhiOperand(PhiInstruction instr, IRBlock pred) {
+    pred = instr.getBlock().getAPredecessor() and
+    not exists(PhiOperand operand |
+      exists(instr.getOperand(operand)) and
+      operand.getPredecessorBlock() = pred
+    )
+  }
+
+  /**
+   * Holds if an instruction, other than `ExitFunction`, has no successors.
+   */
+  query predicate instructionWithoutSuccessor(Instruction instr) {
+    not exists(instr.getASuccessor()) and
+    not instr instanceof ExitFunctionInstruction and
+    // Phi instructions aren't linked into the instruction-level flow graph.
+    not instr instanceof PhiInstruction
+  }
+
+  /**
+   * Holds if a `Phi` instruction is present in a block with fewer than two
+   * predecessors.
+   */
+  query predicate unnecessaryPhiInstruction(PhiInstruction instr) {
+    count(instr.getBlock().getAPredecessor()) < 2
+  }
+
+  /**
+   * Holds if instruction `op` consumes an operand `operand` that was defined in
+   * a different function.
+   */
   query predicate operandAcrossFunctions(
     Instruction op, Instruction operand, OperandTag tag
   ) {
@@ -296,8 +330,7 @@ class Instruction extends Construction::TInstruction {
 
   /**
    * Gets the size of the result produced by this instruction, in bytes. If the
-   * instruction does not produce a result, or if the result does not have a
-   * known constant size, this predicate does not hold.
+   * result does not have a known constant size, this predicate does not hold.
    *
    * If `this.isGLValue()` holds for this instruction, the value of
    * `getResultSize()` will always be the size of a pointer.
@@ -312,7 +345,6 @@ class Instruction extends Construction::TInstruction {
     else if resultType instanceof UnknownType then
       result = Construction::getInstructionResultSize(this)
     else (
-      not resultType instanceof VoidType and
       result = resultType.getSize()
     )
   }

cpp/ql/src/semmle/code/cpp/ir/internal/TranslatedElement.qll

@@ -89,7 +89,8 @@ private predicate ignoreElement(Element element) {
  * a value.
  */
 private predicate isNativeCondition(Expr expr) {
-  expr instanceof BinaryLogicalOperation
+  expr instanceof BinaryLogicalOperation and
+  not expr.isConstant()
 }
 
 /**
@@ -101,7 +102,8 @@ private predicate isFlexibleCondition(Expr expr) {
     expr instanceof ParenthesisExpr or
     expr instanceof NotExpr
   ) and
-  usedAsCondition(expr)
+  usedAsCondition(expr) and
+  not expr.isConstant()
 }
 
 /**

cpp/ql/src/semmle/code/cpp/ir/internal/TranslatedExpr.qll

@@ -1139,7 +1139,8 @@ class TranslatedSimpleConversion extends TranslatedSingleInstructionConversion {
     conv instanceof IntegralToPointerConversion or
     conv instanceof GlvalueConversion or
     conv instanceof ArrayToPointerConversion or
-    conv instanceof PrvalueAdjustmentConversion
+    conv instanceof PrvalueAdjustmentConversion or
+    conv instanceof VoidConversion
   }
 
   override Opcode getOpcode() {

cpp/ql/src/semmle/code/cpp/ssa/internal/aliased_ssa/Instruction.qll

@@ -67,6 +67,40 @@ module InstructionSanity {
     not tag instanceof UnmodeledUseOperand
   }
 
+  /**
+   * Holds if `Phi` instruction `instr` is missing an operand corresponding to
+   * the predecessor block `pred`.
+   */
+  query predicate missingPhiOperand(PhiInstruction instr, IRBlock pred) {
+    pred = instr.getBlock().getAPredecessor() and
+    not exists(PhiOperand operand |
+      exists(instr.getOperand(operand)) and
+      operand.getPredecessorBlock() = pred
+    )
+  }
+
+  /**
+   * Holds if an instruction, other than `ExitFunction`, has no successors.
+   */
+  query predicate instructionWithoutSuccessor(Instruction instr) {
+    not exists(instr.getASuccessor()) and
+    not instr instanceof ExitFunctionInstruction and
+    // Phi instructions aren't linked into the instruction-level flow graph.
+    not instr instanceof PhiInstruction
+  }
+
+  /**
+   * Holds if a `Phi` instruction is present in a block with fewer than two
+   * predecessors.
+   */
+  query predicate unnecessaryPhiInstruction(PhiInstruction instr) {
+    count(instr.getBlock().getAPredecessor()) < 2
+  }
+
+  /**
+   * Holds if instruction `op` consumes an operand `operand` that was defined in
+   * a different function.
+   */
   query predicate operandAcrossFunctions(
     Instruction op, Instruction operand, OperandTag tag
   ) {
@@ -296,8 +330,7 @@ class Instruction extends Construction::TInstruction {
 
   /**
    * Gets the size of the result produced by this instruction, in bytes. If the
-   * instruction does not produce a result, or if the result does not have a
-   * known constant size, this predicate does not hold.
+   * result does not have a known constant size, this predicate does not hold.
    *
    * If `this.isGLValue()` holds for this instruction, the value of
    * `getResultSize()` will always be the size of a pointer.
@@ -312,7 +345,6 @@ class Instruction extends Construction::TInstruction {
     else if resultType instanceof UnknownType then
       result = Construction::getInstructionResultSize(this)
     else (
-      not resultType instanceof VoidType and
       result = resultType.getSize()
     )
   }

cpp/ql/src/semmle/code/cpp/ssa/internal/ssa/Instruction.qll

@@ -67,6 +67,40 @@ module InstructionSanity {
     not tag instanceof UnmodeledUseOperand
   }
 
+  /**
+   * Holds if `Phi` instruction `instr` is missing an operand corresponding to
+   * the predecessor block `pred`.
+   */
+  query predicate missingPhiOperand(PhiInstruction instr, IRBlock pred) {
+    pred = instr.getBlock().getAPredecessor() and
+    not exists(PhiOperand operand |
+      exists(instr.getOperand(operand)) and
+      operand.getPredecessorBlock() = pred
+    )
+  }
+
+  /**
+   * Holds if an instruction, other than `ExitFunction`, has no successors.
+   */
+  query predicate instructionWithoutSuccessor(Instruction instr) {
+    not exists(instr.getASuccessor()) and
+    not instr instanceof ExitFunctionInstruction and
+    // Phi instructions aren't linked into the instruction-level flow graph.
+    not instr instanceof PhiInstruction
+  }
+
+  /**
+   * Holds if a `Phi` instruction is present in a block with fewer than two
+   * predecessors.
+   */
+  query predicate unnecessaryPhiInstruction(PhiInstruction instr) {
+    count(instr.getBlock().getAPredecessor()) < 2
+  }
+
+  /**
+   * Holds if instruction `op` consumes an operand `operand` that was defined in
+   * a different function.
+   */
   query predicate operandAcrossFunctions(
     Instruction op, Instruction operand, OperandTag tag
   ) {
@@ -296,8 +330,7 @@ class Instruction extends Construction::TInstruction {
 
   /**
    * Gets the size of the result produced by this instruction, in bytes. If the
-   * instruction does not produce a result, or if the result does not have a
-   * known constant size, this predicate does not hold.
+   * result does not have a known constant size, this predicate does not hold.
    *
    * If `this.isGLValue()` holds for this instruction, the value of
    * `getResultSize()` will always be the size of a pointer.
@@ -312,7 +345,6 @@ class Instruction extends Construction::TInstruction {
     else if resultType instanceof UnknownType then
       result = Construction::getInstructionResultSize(this)
     else (
-      not resultType instanceof VoidType and
       result = resultType.getSize()
     )
   }

cpp/ql/test/library-tests/conversions/conversions.cpp

@@ -235,3 +235,16 @@ void FuncPtrConversions(int(*pfn)(int), void* p) {
   p = (void*)pfn;
   pfn = (int(*)(int))p;
 }
+
+int Func();
+
+void ConversionsToVoid() {
+  int x;
+  (void)x;
+  static_cast<void>(x);
+  (void)Func();
+  static_cast<void>(Func());
+  (void)1;
+  static_cast<void>(1);
+}
+

cpp/ql/test/library-tests/conversions/conversions.expected

@@ -143,3 +143,9 @@
 | conversions.cpp:231:28:231:63 | dynamic_cast<PolymorphicDerived>... | dynamic_cast | lval | PolymorphicDerived | PolymorphicBase |
 | conversions.cpp:235:7:235:16 | (void *)... | pointer conversion | prval | void * | ..(*)(..) |
 | conversions.cpp:236:9:236:22 | (..(*)(..))... | pointer conversion | prval | ..(*)(..) | void * |
+| conversions.cpp:243:3:243:9 | (void)... | conversion to void | prval | void | int |
+| conversions.cpp:244:3:244:22 | static_cast<void>... | conversion to void | prval | void | int |
+| conversions.cpp:245:3:245:14 | (void)... | conversion to void | prval | void | int |
+| conversions.cpp:246:3:246:27 | static_cast<void>... | conversion to void | prval | void | int |
+| conversions.cpp:247:3:247:9 | (void)... | conversion to void | prval | void | int |
+| conversions.cpp:248:3:248:22 | static_cast<void>... | conversion to void | prval | void | int |

cpp/ql/test/library-tests/ir/ir/AliasedSSAIRSanity.expected

@@ -1,4 +1,7 @@
 missingOperand
 unexpectedOperand
 duplicateOperand
+missingPhiOperand
+instructionWithoutSuccessor
+unnecessaryPhiInstruction
 operandAcrossFunctions

cpp/ql/test/library-tests/ir/ir/IRSanity.expected

@@ -1,4 +1,7 @@
 missingOperand
 unexpectedOperand
 duplicateOperand
+missingPhiOperand
+instructionWithoutSuccessor
+unnecessaryPhiInstruction
 operandAcrossFunctions