Skip to content

Commit 9b6f39c

Browse files
MathiasVPMathiasVP
committed
C++: Apply similar join order fixes to the other cases.
1 parent eea7804 commit 9b6f39c

File tree

1 file changed

+18
-4
lines changed

1 file changed

+18
-4
lines changed

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2380,6 +2380,15 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
23802380
*/
23812381
Node getAnIndirectBarrierNode() { result = getAnIndirectBarrierNode(_) }
23822382

2383+
bindingset[value, n]
2384+
pragma[inline_late]
2385+
private predicate indirectConvertedExprHasValueNumber(
2386+
Expr e, int indirectionIndex, ValueNumber value, Node n
2387+
) {
2388+
e = value.getAnInstruction().getConvertedResultExpression() and
2389+
n.asIndirectConvertedExpr(indirectionIndex) = e
2390+
}
2391+
23832392
/**
23842393
* Gets an indirect expression node with indirection index `indirectionIndex` that is
23852394
* safely guarded by the given guard check.
@@ -2416,8 +2425,7 @@ module BarrierGuard<guardChecksSig/3 guardChecks> {
24162425
*/
24172426
Node getAnIndirectBarrierNode(int indirectionIndex) {
24182427
exists(IRGuardCondition g, Expr e, ValueNumber value, boolean edge |
2419-
e = value.getAnInstruction().getConvertedResultExpression() and
2420-
result.asIndirectConvertedExpr(indirectionIndex) = e and
2428+
indirectConvertedExprHasValueNumber(e, indirectionIndex, value, result) and
24212429
guardChecks(g,
24222430
pragma[only_bind_into](value.getAnInstruction().getConvertedResultExpression()), edge) and
24232431
controls(g, result, edge)
@@ -2456,12 +2464,18 @@ private EdgeKind getConditionalEdge(boolean branch) {
24562464
* in data flow and taint tracking.
24572465
*/
24582466
module InstructionBarrierGuard<instructionGuardChecksSig/3 instructionGuardChecks> {
2467+
bindingset[value, n]
2468+
pragma[inline_late]
2469+
private predicate operandHasValueNumber(Operand use, ValueNumber value, Node n) {
2470+
use = value.getAnInstruction().getAUse() and
2471+
n.asOperand() = use
2472+
}
2473+
24592474
/** Gets a node that is safely guarded by the given guard check. */
24602475
Node getABarrierNode() {
24612476
exists(IRGuardCondition g, ValueNumber value, boolean edge, Operand use |
24622477
instructionGuardChecks(g, pragma[only_bind_into](value.getAnInstruction()), edge) and
2463-
use = value.getAnInstruction().getAUse() and
2464-
result.asOperand() = use and
2478+
operandHasValueNumber(use, value, result) and
24652479
controls(g, result, edge)
24662480
)
24672481
or

0 commit comments

Comments
 (0)