Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C++: Generate int-to-bool conversions in C code #18490

Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

C++: Generate int-to-bool conversions in C code #18490

wants to merge 18 commits into from

Conversation

MathiasVP
Copy link
Contributor

@MathiasVP MathiasVP commented Jan 14, 2025
edited
Loading

In C++ code we have int-to-bool conversions on myInt in examples like:

void test(int myInt) {
  if(myInt) {
   // ...
  }
}

That is, it's not myInt that is branched on, but rather the result of myInt != 0. In the IR, this manifests as the IR looking like:

r1_5(glval<int>) = VariableAddress[myInt]     :
m1_6(int)        = InitializeParameter[myInt] : &:r1_5
r2_1(glval<int>) = VariableAddress[myInt]     :
r2_2(int)        = Load[myInt]                : &:r2_1, m1_6
r2_3(int)        = Constant[0]                :
r2_4(bool)       = CompareNE                  : r2_2, r2_3
v2_5(void)       = ConditionalBranch          : r2_4

(notice the BranchNE instruction).

This information is important in guard conditions since branching on myInt doesn't tell us that myInt == 1, but rather that (myInt != 0) == 1.

This is all well and good in C++. However, in C, there are no int-to-bool conversions. So when compiling the same code with a C compiler the IR looks like:

r1_5(glval<int>) = VariableAddress[myInt]     :
m1_6(int)        = InitializeParameter[myInt] : &:r1_5
r2_1(glval<int>) = VariableAddress[myInt]     :
r2_2(int)        = Load[myInt]                : &:r2_1, m1_6
v2_5(void)       = ConditionalBranch          : r2_2

(notice that we're now branching on the value of myInt)

Historically, we've worked around this problem in IRGuards specifically (see #16364 and #16533), but upon facing a related problem somewhere else I now feel like we should simply make the IR equivalent in C and C++.

So this PR inserts IR equivalent to what would have been generated for an int-to-bool conversion if it had been present in the database in the places I'm aware of this being a problem. It then removes the workarounds in the guards library that were added to handle these.

Commit-by-commit review recommended (especially for the IR construction related commits).

DCA reveals a few new results and a few lost results:

  • The lost cpp/overrun-write and cpp/path-injection results are because both queries use any guard as a barrier, and we now recognize more barriers.
  • The cpp/redundant-null-check-simple results are new TPs 🎉

I've verified that the new TPs are real TPs caused by us recognizing more guards in C code (🎉), and I've verified that the removed results are

@github-actions github-actions bot added the C++ label Jan 14, 2025
@MathiasVP MathiasVP force-pushed the generate-int-to-bool-conversion-instructions-2 branch from 446f6cb to d182a41 Compare January 15, 2025 16:28
@MathiasVP MathiasVP force-pushed the generate-int-to-bool-conversion-instructions-2 branch from d182a41 to d204810 Compare January 15, 2025 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C++
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MathiasVP