C++: Call functions for NSDMI initialization

Currently missing: side-effect information for the functions

Author: jketema

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -775,6 +775,17 @@ newtype TTranslatedElement =
       position = -1
     )
   } or
+  // The initialization of a field via a default member initializer.
+  TTranslatedDefaultFieldInitialization(Expr ast, Field field, int position) {
+    exists(ConstructorFieldInit init |
+      not ignoreExpr(init) and
+      ast = init and
+      field = init.getTarget() and
+      not exists(init.getExpr()) and
+      exists(field.getInitializer()) and
+      position = -1
+    )
+  } or
   // The value initialization of a field due to an omitted member of an
   // initializer list.
   TTranslatedFieldValueInitialization(Expr ast, Field field) {

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -521,6 +521,11 @@ TranslatedFieldInitialization getTranslatedConstructorFieldInitialization(Constr
 abstract class TranslatedFieldInitialization extends TranslatedElement {
   Expr ast;
   Field field;
+  int position;
+
+  // All subclass charpreds must bind the `position` field.
+  bindingset[position]
+  TranslatedFieldInitialization() { any() }
 
   final override string toString() { result = ast.toString() + "." + field.toString() }
 
@@ -533,17 +538,32 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
     result = getEnclosingVariable(ast).(Field)
   }
 
-  final override Instruction getFirstInstruction(EdgeKind kind) {
-    result = this.getInstruction(this.getFieldAddressTag()) and
-    kind instanceof GotoEdge
-  }
+  final Field getField() { result = field }
 
   /**
    * Gets the zero-based index describing the order in which this field is to be
    * initialized relative to the other fields in the class.
    */
   final int getOrder() { result = field.getInitializationOrder() }
 
+  /** Gets the position in the initializer list, or `-1` if the initialization is implicit. */
+  final int getPosition() { result = position }
+}
+
+/**
+ * Represents the IR translation of the initialization of a field from an
+ * element of an initializer list where default initialization is not used.
+ */
+abstract class TranslatedNonDefaultFieldInitialization extends TranslatedFieldInitialization {
+  // All subclass charpreds must bind the `position` field.
+  bindingset[position]
+  TranslatedNonDefaultFieldInitialization() { any() }
+
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(this.getFieldAddressTag()) and
+    kind instanceof GotoEdge
+  }
+
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
     tag = this.getFieldAddressTag() and
     opcode instanceof Opcode::FieldAddress and
@@ -561,22 +581,16 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
   }
 
   final InstructionTag getFieldAddressTag() { result = InitializerFieldAddressTag() }
-
-  final Field getField() { result = field }
-
-  /** Gets the position in the initializer list, or `-1` if the initialization is implicit. */
-  int getPosition() { result = -1 }
 }
 
 /**
  * Represents the IR translation of the initialization of a field from an
  * explicit element in an initializer list.
  */
-class TranslatedExplicitFieldInitialization extends TranslatedFieldInitialization,
+class TranslatedExplicitFieldInitialization extends TranslatedNonDefaultFieldInitialization,
   InitializationContext, TTranslatedExplicitFieldInitialization
 {
   Expr expr;
-  int position;
 
   TranslatedExplicitFieldInitialization() {
     this = TTranslatedExplicitFieldInitialization(ast, field, expr, position)
@@ -608,8 +622,61 @@ class TranslatedExplicitFieldInitialization extends TranslatedFieldInitializatio
   private TranslatedInitialization getInitialization() {
     result = getTranslatedInitialization(expr)
   }
+}
 
-  override int getPosition() { result = position }
+/**
+ * Represents the IR translation of the initialization of a field from an
+ * element of an initializer list where default initialization is used.
+ */
+class TranslatedDefaultFieldInitialization extends TranslatedFieldInitialization,
+  TTranslatedDefaultFieldInitialization
+{
+  TranslatedDefaultFieldInitialization() {
+    this = TTranslatedDefaultFieldInitialization(ast, field, position)
+  }
+
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(CallTargetTag()) and
+    kind instanceof GotoEdge
+  }
+
+  override Instruction getALastInstructionInternal() { result = this.getInstruction(CallTag()) }
+
+  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    tag = CallTargetTag() and
+    result = this.getInstruction(CallTag())
+    or
+    tag = CallTag() and
+    result = this.getParent().getChildSuccessor(this, kind)
+  }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
+    tag = CallTargetTag() and
+    opcode instanceof Opcode::FunctionAddress and
+    resultType = getFunctionGLValueType()
+    or
+    tag = CallTag() and
+    opcode instanceof Opcode::Call and
+    resultType = getVoidType()
+  }
+
+  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = CallTag() and
+    (
+      operandTag instanceof CallTargetOperandTag and
+      result = this.getInstruction(CallTargetTag())
+      or
+      operandTag instanceof ThisArgumentOperandTag and
+      result = getTranslatedFunction(this.getFunction()).getLoadThisInstruction()
+    )
+  }
+
+  override Declaration getInstructionFunction(InstructionTag tag) {
+    tag = CallTargetTag() and
+    result = field
+  }
+
+  override TranslatedElement getChild(int id) { none() }
 }
 
 private string getZeroValue(Type type) {
@@ -620,17 +687,19 @@ private string getZeroValue(Type type) {
  * Represents the IR translation of the initialization of a field without a
  * corresponding element in the initializer list.
  */
-class TranslatedFieldValueInitialization extends TranslatedFieldInitialization,
+class TranslatedFieldValueInitialization extends TranslatedNonDefaultFieldInitialization,
   TTranslatedFieldValueInitialization
 {
-  TranslatedFieldValueInitialization() { this = TTranslatedFieldValueInitialization(ast, field) }
+  TranslatedFieldValueInitialization() {
+    this = TTranslatedFieldValueInitialization(ast, field) and position = -1
+  }
 
   override Instruction getALastInstructionInternal() {
     result = this.getInstruction(this.getFieldDefaultValueStoreTag())
   }
 
   override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
-    TranslatedFieldInitialization.super.hasInstruction(opcode, tag, resultType)
+    TranslatedNonDefaultFieldInitialization.super.hasInstruction(opcode, tag, resultType)
     or
     tag = this.getFieldDefaultValueTag() and
     opcode instanceof Opcode::Constant and
@@ -661,7 +730,8 @@ class TranslatedFieldValueInitialization extends TranslatedFieldInitialization,
   }
 
   override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
-    result = TranslatedFieldInitialization.super.getInstructionRegisterOperand(tag, operandTag)
+    result =
+      TranslatedNonDefaultFieldInitialization.super.getInstructionRegisterOperand(tag, operandTag)
     or
     tag = this.getFieldDefaultValueStoreTag() and
     (