Class ChiInstruction
An instruction representing the effect that a write to a memory may have on potential aliases of that memory.
A ChiInstruction
is inserted immediately after an instruction that writes to memory. The
ChiInstruction
has two operands. The first operand, given by getTotalOperand()
, represents
the previous state of all of the memory that might be aliased by the memory write. The second
operand, given by getPartialOperand()
, represents the memory that was actually modified by the
memory write. The result of the ChiInstruction
represents the same memory as
getTotalOperand()
, updated to include the changes due to the value that was actually stored by
the memory write.
As an example, suppose that variable p
and q
are pointers that may or may not point to the
same memory:
*p = 5;
x = *q;
The IR would look like:
r1_1 = VariableAddress[p]
r1_2 = Load r1_1, m0_0 // Load the value of `p`
r1_3 = Constant[5]
m1_4 = Store r1_2, r1_3 // Store to `*p`
m1_5 = ^Chi m0_1, m1_4 // Side effect of the previous Store on aliased memory
r1_6 = VariableAddress[x]
r1_7 = VariableAddress[q]
r1_8 = Load r1_7, m0_2 // Load the value of `q`
r1_9 = Load r1_8, m1_5 // Load the value of `*q`
m1_10 = Store r1_6, r1_9 // Store to x
Note the Chi
instruction after the store to *p
. The indicates that the previous contents of
aliased memory (m0_1
) are merged with the new value written by the store (m1_4
), producing a
new version of aliased memory (m1_5
). On the subsequent load from *q
, the source operand of
*q
is m1_5
, indicating that the store to *p
may (or may not) have updated the memory
pointed to by q
.
For more information about how Chi
instructions are used to model memory side effects, see
https://link.springer.com/content/pdf/10.1007%2F3-540-61053-7_66.pdf.
Import path
import semmle.code.cpp.ir.IR
Direct supertypes
Indirect supertypes
Predicates
getPartial | Gets the operand that represents the new value written by the memory write. |
getPartialOperand | Gets the operand that represents the new value written by the memory write. |
getTotal | Gets the operand that represents the previous state of all memory that might be aliased by the memory write. |
getTotalOperand | Gets the operand that represents the previous state of all memory that might be aliased by the memory write. |
isPartialUpdate | Holds if the |
Inherited predicates
getAPredecessor | Gets all direct predecessors of this instruction. | from Instruction |
getASuccessor | Gets all direct successors of this instruction. | from Instruction |
getAUse | Gets all direct uses of the result of this instruction. The result can be an | from Instruction |
getAnOperand | Gets all of this instruction’s operands. | from Instruction |
getAst | Gets the AST that caused this instruction to be generated. | from Instruction |
getBackEdgeSuccessor | Gets the a back-edge successor of this instruction along the control flow edge specified by | from Instruction |
getBlock | Gets the basic block that contains this instruction. | from Instruction |
getConvertedResultExpression | Gets the | from Instruction |
getDisplayIndexInBlock | Gets the zero-based index of this instruction within its block. This is used by debugging and printing code only. | from Instruction |
getDumpString | Gets a string showing the result, opcode, and operands of the instruction, equivalent to what would be printed by PrintIR.ql. For example: | from Instruction |
getEnclosingFunction | Gets the function that contains this instruction. | from Instruction |
getEnclosingIRFunction | Gets the IRFunction object that contains the IR for this instruction. | from Instruction |
getImmediateString | Gets a string describing the immediate value of this instruction, if any. | from Instruction |
getLocation | Gets the location of the source code for this instruction. | from Instruction |
getOpcode | Gets the opcode that specifies the operation performed by this instruction. | from Instruction |
getOperandsString | Gets a string describing the operands of this instruction, suitable for display in IR dumps. | from Instruction |
getOperationString | Gets a string describing the operation of this instruction. This includes the opcode and the immediate value, if any. For example: | from Instruction |
getPredecessor | Gets a predecessor of this instruction such that the predecessor reaches this instruction along the control flow edge specified by | from Instruction |
getResultAddress | Gets the instruction that holds the exact memory address to which this instruction stores its result, if any. For example, in | from Instruction |
getResultAddressOperand | Gets the operand that holds the memory address to which this instruction stores its result, if any. For example, in | from Instruction |
getResultIRType | Gets the type of the result produced by this instruction. If the instruction does not produce a result, its result type will be | from Instruction |
getResultId | Gets a human-readable string that uniquely identifies this instruction within the function. This string is used to refer to this instruction when printing IR dumps. | from Instruction |
getResultLanguageType | Gets the language-specific type of the result produced by this instruction. | from Instruction |
getResultMemoryAccess | Gets the kind of memory access performed by this instruction’s result. Holds only for instructions with a memory result. | from Instruction |
getResultSize | Gets the size of the result produced by this instruction, in bytes. If the result does not have a known constant size, this predicate does not hold. | from Instruction |
getResultString | Gets a string describing the result of this instruction, suitable for display in IR dumps. This consists of the result ID plus the type of the result. | from Instruction |
getResultType | Gets the type of the result produced by this instruction. If the instruction does not produce a result, its result type will be | from Instruction |
getSuccessor | Gets the successor of this instruction along the control flow edge specified by | from Instruction |
getUnconvertedResultExpression | Gets the unconverted form of the | from Instruction |
getUniqueId | Gets a string identifier for this function that is unique among all instructions in the same function. | from Instruction |
hasMemoryResult | Holds if this instruction produces a memory result. | from Instruction |
hasResultMayMemoryAccess | Holds if the memory access performed by this instruction’s result will not always write to every bit in the memory location. This is most commonly used for memory accesses that may or may not actually occur depending on runtime state (for example, the write side effect of an output parameter that is not written to on all paths), or for accesses where the memory location is a conservative estimate of the memory that might actually be accessed at runtime (for example, the global side effects of a function call). | from Instruction |
hasSortKeys | INTERNAL: Do not use. | from Instruction |
isGLValue | Holds if the result produced by this instruction is a glvalue. If this holds, the result of the instruction represents the address of a location, and the type of the location is given by | from Instruction |
isResultConflated | Holds if this is an instruction with a memory result that represents a conflation of more than one memory allocation. | from Instruction |
isResultModeled | Holds if the result of this instruction is precisely modeled in SSA. Always holds for a register result. For a memory result, a modeled result is connected to its actual uses. An unmodeled result has no uses. | from Instruction |
toString | Gets a textual representation of this element. | from Instruction |