WIP: Side effects

Author: jketema

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/SideEffects.qll

@@ -142,15 +142,23 @@ class CallOrAllocationExpr extends Expr {
     this instanceof NewOrNewArrayExpr
     or
     this instanceof DeleteOrDeleteArrayExpr
+    or
+    exists(
+      ConstructorFieldInit init |
+      this = init and
+      not exists(init.getExpr()) and
+      exists(init.getTarget().getInitializer()))
   }
 
-  /** Gets the `Function` invoked by this expression, if known. */
-  final Function getTarget() {
+  /** Gets the `Declaration` invoked by this expression, if known. */
+  final Declaration getTarget() {
     result = this.(Call).getTarget()
     or
     result = this.(NewOrNewArrayExpr).getAllocator()
     or
     result = this.(DeleteOrDeleteArrayExpr).getDeallocator()
+    or
+    result = this.(ConstructorFieldInit).getTarget()
   }
 }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -10,6 +10,7 @@ private import SideEffects
 private import TranslatedElement
 private import TranslatedExpr
 private import TranslatedFunction
+private import TranslatedInitialization
 private import DefaultOptions as DefaultOptions
 
 /**
@@ -429,6 +430,9 @@ class TranslatedCallSideEffects extends TranslatedSideEffects, TTranslatedCallSi
     or
     expr instanceof DeleteOrDeleteArrayExpr and
     result = getTranslatedDeleteOrDeleteArray(expr).getInstruction(CallTag())
+    or
+    expr instanceof ConstructorFieldInit and
+    result = getTranslatedConstructorFieldInitialization(expr).getInstruction(CallTag())
   }
 }
 
@@ -508,7 +512,7 @@ abstract class TranslatedSideEffect extends TranslatedElement {
  * The IR translation of a single argument side effect for a call.
  */
 abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
-  Call call;
+  CallOrAllocationExpr callOrInit;
   int index;
   SideEffectOpcode sideEffectOpcode;
 
@@ -524,7 +528,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
     result = "(read side effect for " + this.getArgString() + ")"
   }
 
-  override Call getPrimaryExpr() { result = call }
+  override Expr getPrimaryExpr() { result = callOrInit }
 
   override predicate sortOrder(int group, int indexInGroup) {
     indexInGroup = index and
@@ -586,7 +590,7 @@ abstract class TranslatedArgumentSideEffect extends TranslatedSideEffect {
     tag instanceof OnlyInstructionTag and
     operandTag instanceof BufferSizeOperandTag and
     result =
-      getTranslatedExpr(call.getArgument(call.getTarget()
+      getTranslatedExpr(callOrInit.(Call).getArgument(callOrInit.getTarget()
               .(SideEffectFunction)
               .getParameterSizeIndex(index)).getFullyConverted()).getResult()
   }
@@ -616,7 +620,7 @@ class TranslatedArgumentExprSideEffect extends TranslatedArgumentSideEffect,
   Expr arg;
 
   TranslatedArgumentExprSideEffect() {
-    this = TTranslatedArgumentExprSideEffect(call, arg, index, sideEffectOpcode)
+    this = TTranslatedArgumentExprSideEffect(callOrInit, arg, index, sideEffectOpcode)
   }
 
   final override Locatable getAst() { result = arg }
@@ -647,21 +651,24 @@ class TranslatedStructorQualifierSideEffect extends TranslatedArgumentSideEffect
   TTranslatedStructorQualifierSideEffect
 {
   TranslatedStructorQualifierSideEffect() {
-    this = TTranslatedStructorQualifierSideEffect(call, sideEffectOpcode) and
+    this = TTranslatedStructorQualifierSideEffect(callOrInit, sideEffectOpcode) and
     index = -1
   }
 
-  final override Locatable getAst() { result = call }
+  final override Locatable getAst() { result = callOrInit }
 
-  final override Type getIndirectionType() { result = call.getTarget().getDeclaringType() }
+  final override Type getIndirectionType() { result = callOrInit.getTarget().getDeclaringType() }
 
   final override string getArgString() { result = "this" }
 
   final override Instruction getArgInstruction() {
     exists(TranslatedStructorCall structorCall |
-      structorCall.getExpr() = call and
+      structorCall.getExpr() = callOrInit and
       result = structorCall.getQualifierResult()
     )
+    or
+    callOrInit instanceof ConstructorFieldInit and
+    result = getTranslatedFunction(callOrInit.getEnclosingFunction()).getLoadThisInstruction()
   }
 }
 

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll

@@ -921,11 +921,20 @@ newtype TTranslatedElement =
   } or
   // Constructor calls lack a qualifier (`this`) expression, so we need to handle the side effects
   // on `*this` without an `Expr`.
-  TTranslatedStructorQualifierSideEffect(Call call, SideEffectOpcode opcode) {
+  TTranslatedStructorQualifierSideEffect(CallOrAllocationExpr call, SideEffectOpcode opcode) {
     not ignoreExpr(call) and
     not ignoreSideEffects(call) and
-    call instanceof ConstructorCall and
-    opcode = getASideEffectOpcode(call, -1)
+    (
+      call instanceof ConstructorCall and
+      opcode = getASideEffectOpcode(call, -1)
+      or
+      call instanceof ConstructorFieldInit and
+      (
+        opcode instanceof Opcode::IndirectReadSideEffect
+        or
+        opcode instanceof Opcode::IndirectMayWriteSideEffect
+      )
+    )
   } or
   // The side effect that initializes newly-allocated memory.
   TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedInitialization.qll

@@ -640,13 +640,22 @@ class TranslatedDefaultFieldInitialization extends TranslatedFieldInitialization
     kind instanceof GotoEdge
   }
 
-  override Instruction getALastInstructionInternal() { result = this.getInstruction(CallTag()) }
+  override Instruction getALastInstructionInternal() {
+    result = this.getSideEffects().getALastInstruction()
+  }
+
+  override TranslatedElement getLastChild() { result = this.getSideEffects() }
 
   override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
     tag = CallTargetTag() and
     result = this.getInstruction(CallTag())
     or
     tag = CallTag() and
+    result = this.getSideEffects().getFirstInstruction(kind)
+  }
+
+  override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
+    child = this.getSideEffects() and
     result = this.getParent().getChildSuccessor(this, kind)
   }
 
@@ -676,7 +685,9 @@ class TranslatedDefaultFieldInitialization extends TranslatedFieldInitialization
     result = field
   }
 
-  override TranslatedElement getChild(int id) { none() }
+  override TranslatedElement getChild(int id) { id = 0 and result = this.getSideEffects() }
+
+  final TranslatedSideEffects getSideEffects() { result.getExpr() = ast }
 }
 
 private string getZeroValue(Type type) {