CodeQL library for C/C++
codeql/cpp-all 2.0.0 (changelog, source)
Search

Class ChiInstruction

An instruction representing the effect that a write to a memory may have on potential aliases of that memory.

A ChiInstruction is inserted immediately after an instruction that writes to memory. The ChiInstruction has two operands. The first operand, given by getTotalOperand(), represents the previous state of all of the memory that might be aliased by the memory write. The second operand, given by getPartialOperand(), represents the memory that was actually modified by the memory write. The result of the ChiInstruction represents the same memory as getTotalOperand(), updated to include the changes due to the value that was actually stored by the memory write.

As an example, suppose that variable p and q are pointers that may or may not point to the same memory:

*p = 5;
x = *q;

The IR would look like:

r1_1 = VariableAddress[p]
r1_2 = Load r1_1, m0_0  // Load the value of `p`
r1_3 = Constant[5]
m1_4 = Store r1_2, r1_3  // Store to `*p`
m1_5 = ^Chi m0_1, m1_4  // Side effect of the previous Store on aliased memory
r1_6 = VariableAddress[x]
r1_7 = VariableAddress[q]
r1_8 = Load r1_7, m0_2  // Load the value of `q`
r1_9 = Load r1_8, m1_5  // Load the value of `*q`
m1_10 = Store r1_6, r1_9  // Store to x

Note the Chi instruction after the store to *p. The indicates that the previous contents of aliased memory (m0_1) are merged with the new value written by the store (m1_4), producing a new version of aliased memory (m1_5). On the subsequent load from *q, the source operand of *q is m1_5, indicating that the store to *p may (or may not) have updated the memory pointed to by q.

For more information about how Chi instructions are used to model memory side effects, see https://link.springer.com/content/pdf/10.1007%2F3-540-61053-7_66.pdf.

Import path

import semmle.code.cpp.ir.IR

Direct supertypes

Indirect supertypes

Predicates

getPartial

Gets the operand that represents the new value written by the memory write.

getPartialOperand

Gets the operand that represents the new value written by the memory write.

getTotal

Gets the operand that represents the previous state of all memory that might be aliased by the memory write.

getTotalOperand

Gets the operand that represents the previous state of all memory that might be aliased by the memory write.

isPartialUpdate

Holds if the ChiPartialOperand totally, but not exactly, overlaps with the ChiTotalOperand. This means that the ChiPartialOperand will not override the entire memory associated with the ChiTotalOperand.

Inherited predicates

getAPredecessor

Gets all direct predecessors of this instruction.

from Instruction
getASuccessor

Gets all direct successors of this instruction.

from Instruction
getAUse

Gets all direct uses of the result of this instruction. The result can be an Operand for which isDefinitionInexact holds.

from Instruction
getAnOperand

Gets all of this instruction’s operands.

from Instruction
getAst

Gets the AST that caused this instruction to be generated.

from Instruction
getBackEdgeSuccessor

Gets the a back-edge successor of this instruction along the control flow edge specified by kind. A back edge in the control-flow graph is intuitively the edge that goes back around a loop. If all back edges are removed from the control-flow graph, it becomes acyclic.

from Instruction
getBlock

Gets the basic block that contains this instruction.

from Instruction
getConvertedResultExpression

Gets the Expr whose result is computed by this instruction, if any. The Expr may be a conversion.

from Instruction
getDisplayIndexInBlock

Gets the zero-based index of this instruction within its block. This is used by debugging and printing code only.

from Instruction
getDumpString

Gets a string showing the result, opcode, and operands of the instruction, equivalent to what would be printed by PrintIR.ql. For example:

from Instruction
getEnclosingFunction

Gets the function that contains this instruction.

from Instruction
getEnclosingIRFunction

Gets the IRFunction object that contains the IR for this instruction.

from Instruction
getImmediateString

Gets a string describing the immediate value of this instruction, if any.

from Instruction
getLocation

Gets the location of the source code for this instruction.

from Instruction
getOpcode

Gets the opcode that specifies the operation performed by this instruction.

from Instruction
getOperandsString

Gets a string describing the operands of this instruction, suitable for display in IR dumps.

from Instruction
getOperationString

Gets a string describing the operation of this instruction. This includes the opcode and the immediate value, if any. For example:

from Instruction
getPredecessor

Gets a predecessor of this instruction such that the predecessor reaches this instruction along the control flow edge specified by kind.

from Instruction
getResultAddress

Gets the instruction that holds the exact memory address to which this instruction stores its result, if any. For example, in m3 = Store r1, r2, the result of getResultAddressOperand() is the instruction that defines r1.

from Instruction
getResultAddressOperand

Gets the operand that holds the memory address to which this instruction stores its result, if any. For example, in m3 = Store r1, r2, the result of getResultAddressOperand() is r1.

from Instruction
getResultIRType

Gets the type of the result produced by this instruction. If the instruction does not produce a result, its result type will be IRVoidType.

from Instruction
getResultId

Gets a human-readable string that uniquely identifies this instruction within the function. This string is used to refer to this instruction when printing IR dumps.

from Instruction
getResultLanguageType

Gets the language-specific type of the result produced by this instruction.

from Instruction
getResultMemoryAccess

Gets the kind of memory access performed by this instruction’s result. Holds only for instructions with a memory result.

from Instruction
getResultSize

Gets the size of the result produced by this instruction, in bytes. If the result does not have a known constant size, this predicate does not hold.

from Instruction
getResultString

Gets a string describing the result of this instruction, suitable for display in IR dumps. This consists of the result ID plus the type of the result.

from Instruction
getResultType

Gets the type of the result produced by this instruction. If the instruction does not produce a result, its result type will be VoidType.

from Instruction
getSuccessor

Gets the successor of this instruction along the control flow edge specified by kind.

from Instruction
getUnconvertedResultExpression

Gets the unconverted form of the Expr whose result is computed by this instruction, if any.

from Instruction
getUniqueId

Gets a string identifier for this function that is unique among all instructions in the same function.

from Instruction
hasMemoryResult

Holds if this instruction produces a memory result.

from Instruction
hasResultMayMemoryAccess

Holds if the memory access performed by this instruction’s result will not always write to every bit in the memory location. This is most commonly used for memory accesses that may or may not actually occur depending on runtime state (for example, the write side effect of an output parameter that is not written to on all paths), or for accesses where the memory location is a conservative estimate of the memory that might actually be accessed at runtime (for example, the global side effects of a function call).

from Instruction
hasSortKeys

INTERNAL: Do not use.

from Instruction
isGLValue

Holds if the result produced by this instruction is a glvalue. If this holds, the result of the instruction represents the address of a location, and the type of the location is given by getResultType(). If this does not hold, the result of the instruction represents a value whose type is given by getResultType().

from Instruction
isResultConflated

Holds if this is an instruction with a memory result that represents a conflation of more than one memory allocation.

from Instruction
isResultModeled

Holds if the result of this instruction is precisely modeled in SSA. Always holds for a register result. For a memory result, a modeled result is connected to its actual uses. An unmodeled result has no uses.

from Instruction
toString

Gets a textual representation of this element.

from Instruction

Charpred