For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

RangeSSA

Module RangeSSA

This library is a clone of semmle.code.cpp.controlflow.SSA, with only one difference: extra phi definitions are added after guards. For example:

    x = f();
    if (x < 10) {
      // Block 1
      ...
    } else {
      // Block 2
      ...
    }

In standard SSA, basic blocks 1 and 2 do not need phi definitions for x, because they are dominated by the definition of x on the first line. In RangeSSA, however, we add phi definitions for x at the beginning of blocks 1 and 2. This is useful for range analysis because it enables us to deduce a more accurate range for x in the two branches of the if-statement.

Import path


                                import semmle.code.cpp.rangeanalysis.RangeSSA

Imports

Dominance	Provides dominance predicates for control-flow nodes.
SSAUtils	Provides classes and predicates for use in the SSA library.
cpp	Provides classes and predicates for working with C/C++ code.

Classes

RangeSsa	The SSA logic comes in two versions: the standard SSA and range-analysis RangeSSA. This class provides the range-analysis SSA logic.
RangeSsaDefinition	A definition of one or more SSA variables, including phi node definitions. An SSA variable is effectively the pair of a definition and the (non-SSA) variable that it defines. Note definitions and uses can be coincident, due to the presence of parameter definitions and phi nodes.