C++: Handle casts to void in IR

Casts to `void` did not have a semantic conversion type in the AST, so they also weren't getting generated correctly in the IR. I've added a `VoidConversion` class to the AST, along with tests. I've also added IR translation for such conversions, using a new `ConvertToVoid` opcode. I'm not sure if it's really necessary to generate an instruction to represent this, but it may be useful for detecting values that are explicitly unused (e.g. return value from a call).

I added two new sanity queries for the IR to detect the following:
- IR blocks with no successors, which usually indicates bad IR translation
- Phi instruction without an operand for one of the predecessor blocks.

These sanity queries found another subtle IR translation bug. If an expression that is normally translated as a condition (e.g. `&&`, `||`, or parens in certain contexts) has a constant value, we were not creating a `TranslatedExpr` for the expression at all. I changed it to always treat a constant condition as a non-condition expression.

Author: dave-bartolomeo

cpp/ql/src/semmle/code/cpp/exprs/Cast.qll

@@ -292,6 +292,20 @@ class BoolConversion extends Cast {
   }
 }
 
+/**
+ * A conversion to `void`.
+ */
+class VoidConversion extends Cast {
+  VoidConversion() {
+    conversionkinds(this, 0) and
+    getType().getUnspecifiedType() instanceof VoidType
+  }
+
+  override string getSemanticConversionString() {
+    result = "conversion to void"
+  }
+}
+
 /**
  * A conversion between two pointers or glvalues related by inheritance. The
  * base class will always be either a direct base class of the derived class,

cpp/ql/src/semmle/code/cpp/ir/internal/Instruction.qll

@@ -67,6 +67,31 @@ module InstructionSanity {
     not tag instanceof UnmodeledUseOperand
   }
 
+  /**
+   * Holds if `Phi` instruction `instr` has fewer than two operands.
+   */
+  query predicate missingPhiOperands(PhiInstruction instr, int predIndex, Location predLoc) {
+    exists(IRBlock pred |
+      pred = instr.getBlock().getAPredecessor() and
+      predLoc = pred.getLocation() and
+      predIndex = pred.getDisplayIndex() and
+      not exists(PhiOperand operand |
+        exists(instr.getOperand(operand)) and
+        operand.getPredecessorBlock() = pred
+      )
+    )
+  }
+
+  /**
+   * Holds if an instruction, other than `ExitFunction`, has no successors.
+   */
+  query predicate instructionWithoutSuccessor(Instruction instr) {
+    not exists(instr.getASuccessor()) and
+    not instr instanceof ExitFunctionInstruction and
+    // Phi instructions aren't linked into the instruction-level flow graph.
+    not instr instanceof PhiInstruction
+  }
+
   query predicate operandAcrossFunctions(
     Instruction op, Instruction operand, OperandTag tag
   ) {

cpp/ql/src/semmle/code/cpp/ir/internal/Opcode.qll

@@ -33,6 +33,7 @@ private newtype TOpcode =
   TPointerSub() or
   TPointerDiff() or
   TConvert() or
+  TConvertToVoid() or
   TConvertToBase() or
   TConvertToVirtualBase() or
   TConvertToDerived() or
@@ -125,6 +126,7 @@ module Opcode {
   class PointerSub extends PointerOffsetOpcode, TPointerSub { override final string toString() { result = "PointerSub" } }
   class PointerDiff extends PointerArithmeticOpcode, TPointerDiff { override final string toString() { result = "PointerDiff" } }
   class Convert extends UnaryOpcode, TConvert { override final string toString() { result = "Convert" } }
+  class ConvertToVoid extends UnaryOpcode, TConvertToVoid { override final string toString() { result = "ConvertToVoid" } }
   class ConvertToBase extends UnaryOpcode, TConvertToBase { override final string toString() { result = "ConvertToBase" } }
   class ConvertToVirtualBase extends UnaryOpcode, TConvertToVirtualBase { override final string toString() { result = "ConvertToVirtualBase" } }
   class ConvertToDerived extends UnaryOpcode, TConvertToDerived { override final string toString() { result = "ConvertToDerived" } }

cpp/ql/src/semmle/code/cpp/ir/internal/TranslatedElement.qll

@@ -89,7 +89,8 @@ private predicate ignoreElement(Element element) {
  * a value.
  */
 private predicate isNativeCondition(Expr expr) {
-  expr instanceof BinaryLogicalOperation
+  expr instanceof BinaryLogicalOperation and
+  not expr.isConstant()
 }
 
 /**
@@ -101,7 +102,8 @@ private predicate isFlexibleCondition(Expr expr) {
     expr instanceof ParenthesisExpr or
     expr instanceof NotExpr
   ) and
-  usedAsCondition(expr)
+  usedAsCondition(expr) and
+  not expr.isConstant()
 }
 
 /**

cpp/ql/src/semmle/code/cpp/ir/internal/TranslatedExpr.qll

@@ -1126,6 +1126,19 @@ abstract class TranslatedSingleInstructionConversion extends TranslatedConversio
   abstract Opcode getOpcode();
 }
 
+/**
+ * The translation of an explicit cast to `void`.
+ */
+class TranslatedVoidConversion extends TranslatedSingleInstructionConversion {
+  TranslatedVoidConversion() {
+    conv instanceof VoidConversion
+  }
+
+  override Opcode getOpcode() {
+    result instanceof Opcode::ConvertToVoid
+  }
+}
+
 /**
  * Represents the translation of a conversion expression that generates a
  * `Convert` instruction.

cpp/ql/src/semmle/code/cpp/ssa/internal/aliased_ssa/Instruction.qll

@@ -67,6 +67,31 @@ module InstructionSanity {
     not tag instanceof UnmodeledUseOperand
   }
 
+  /**
+   * Holds if `Phi` instruction `instr` has fewer than two operands.
+   */
+  query predicate missingPhiOperand(PhiInstruction instr, int predIndex, Location predLoc) {
+    exists(IRBlock pred |
+      pred = instr.getBlock().getAPredecessor() and
+      predLoc = pred.getLocation() and
+      predIndex = pred.getDisplayIndex() and
+      not exists(PhiOperand operand |
+        exists(instr.getOperand(operand)) and
+        operand.getPredecessorBlock() = pred
+      )
+    )
+  }
+
+  /**
+   * Holds if an instruction, other than `ExitFunction`, has no successors.
+   */
+  query predicate instructionWithoutSuccessor(Instruction instr) {
+    not exists(instr.getASuccessor()) and
+    not instr instanceof ExitFunctionInstruction and
+    // Phi instructions aren't linked into the instruction-level flow graph.
+    not instr instanceof PhiInstruction
+  }
+
   query predicate operandAcrossFunctions(
     Instruction op, Instruction operand, OperandTag tag
   ) {

cpp/ql/src/semmle/code/cpp/ssa/internal/ssa/Instruction.qll

@@ -67,6 +67,31 @@ module InstructionSanity {
     not tag instanceof UnmodeledUseOperand
   }
 
+  /**
+   * Holds if `Phi` instruction `instr` has fewer than two operands.
+   */
+  query predicate missingPhiOperands(PhiInstruction instr, int predIndex, Location predLoc) {
+    exists(IRBlock pred |
+      pred = instr.getBlock().getAPredecessor() and
+      predLoc = pred.getLocation() and
+      predIndex = pred.getDisplayIndex() and
+      not exists(PhiOperand operand |
+        exists(instr.getOperand(operand)) and
+        operand.getPredecessorBlock() = pred
+      )
+    )
+  }
+
+  /**
+   * Holds if an instruction, other than `ExitFunction`, has no successors.
+   */
+  query predicate instructionWithoutSuccessor(Instruction instr) {
+    not exists(instr.getASuccessor()) and
+    not instr instanceof ExitFunctionInstruction and
+    // Phi instructions aren't linked into the instruction-level flow graph.
+    not instr instanceof PhiInstruction
+  }
+
   query predicate operandAcrossFunctions(
     Instruction op, Instruction operand, OperandTag tag
   ) {

cpp/ql/test/library-tests/conversions/conversions.cpp

@@ -235,3 +235,16 @@ void FuncPtrConversions(int(*pfn)(int), void* p) {
   p = (void*)pfn;
   pfn = (int(*)(int))p;
 }
+
+int Func();
+
+void ConversionsToVoid() {
+  int x;
+  (void)x;
+  static_cast<void>(x);
+  (void)Func();
+  static_cast<void>(Func());
+  (void)1;
+  static_cast<void>(1);
+}
+

cpp/ql/test/library-tests/conversions/conversions.expected

@@ -143,3 +143,9 @@
 | conversions.cpp:231:28:231:63 | dynamic_cast<PolymorphicDerived>... | dynamic_cast | lval | PolymorphicDerived | PolymorphicBase |
 | conversions.cpp:235:7:235:16 | (void *)... | pointer conversion | prval | void * | ..(*)(..) |
 | conversions.cpp:236:9:236:22 | (..(*)(..))... | pointer conversion | prval | ..(*)(..) | void * |
+| conversions.cpp:243:3:243:9 | (void)... | conversion to void | prval | void | int |
+| conversions.cpp:244:3:244:22 | static_cast<void>... | conversion to void | prval | void | int |
+| conversions.cpp:245:3:245:14 | (void)... | conversion to void | prval | void | int |
+| conversions.cpp:246:3:246:27 | static_cast<void>... | conversion to void | prval | void | int |
+| conversions.cpp:247:3:247:9 | (void)... | conversion to void | prval | void | int |
+| conversions.cpp:248:3:248:22 | static_cast<void>... | conversion to void | prval | void | int |

cpp/ql/test/library-tests/ir/ir/AliasedSSAIRSanity.expected

@@ -1,4 +1,6 @@
 missingOperand
 unexpectedOperand
 duplicateOperand
+missingPhiOperand
+instructionWithoutSuccessor
 operandAcrossFunctions