C++: Split 'ssaFlow' into multiple smaller predicates for readability.

Author: MathiasVP

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/Ssa.qll

@@ -304,65 +304,59 @@ predicate explicitWrite(boolean certain, Instruction instr, Instruction address)
 
 cached
 private module Cached {
-  /**
-   * Holds if `nodeFrom` is a read or write, and `nTo` is the next subsequent read of the variable
-   * written (or read) by `storeOrRead`.
-   */
-  cached
-  predicate ssaFlow(Node nodeFrom, Node nodeTo) {
-    // Def-use/use-use flow from an `InstructionNode` to an `OperandNode`.
-    exists(IRBlock bb1, int i1, IRBlock bb2, int i2, DefOrUse defOrUse, Use use, SourceVariable v |
+  private predicate defUseFlow(Node nodeFrom, Node nodeTo) {
+    exists(IRBlock bb1, int i1, IRBlock bb2, int i2, DefOrUse defOrUse, Use use |
       defOrUse.hasRankInBlock(bb1, i1) and
       use.hasRankInBlock(bb2, i2) and
-      use.getVariable() = v and
       adjacentDefRead(_, bb1, i1, bb2, i2) and
       nodeFrom.asInstruction() = toInstruction(defOrUse) and
       flowOutOfAddressStep(use.getOperand(), nodeTo)
     )
-    or
-    // Use-use flow from a `ReadNode` to an `OperandNode`.
-    exists(ReadNode read, IRBlock bb1, int i1, IRBlock bb2, int i2, Use use1, Use use2 |
-      read = nodeFrom and
+  }
+
+  private predicate fromReadNode(ReadNode nodeFrom, Node nodeTo) {
+    exists(IRBlock bb1, int i1, IRBlock bb2, int i2, Use use1, Use use2 |
       use1.hasRankInBlock(bb1, i1) and
       use2.hasRankInBlock(bb2, i2) and
-      use1.getOperand().getDef() = read.getInstruction() and
+      use1.getOperand().getDef() = nodeFrom.getInstruction() and
       adjacentDefRead(_, bb1, i1, bb2, i2) and
       flowOutOfAddressStep(use2.getOperand(), nodeTo)
     )
-    or
-    // Flow from phi nodes
+  }
+
+  private predicate fromPhiNode(SsaPhiNode nodeFrom, Node nodeTo) {
     exists(PhiNode phi, Use use, IRBlock block, int rnk |
-      phi = nodeFrom.(SsaPhiNode).getPhiNode() and
+      phi = nodeFrom.getPhiNode() and
+      adjacentDefRead(_, phi.getBasicBlock(), -1, block, rnk) and
       use.hasRankInBlock(block, rnk) and
       phi.getSourceVariable() = use.getVariable() and
-      flowOutOfAddressStep(use.getOperand(), nodeTo) and
-      adjacentDefRead(_, phi.getBasicBlock(), -1, block, rnk)
+      flowOutOfAddressStep(use.getOperand(), nodeTo)
     )
-    or
+  }
+
+  private predicate toPhiNode(Node nodeFrom, SsaPhiNode nodeTo) {
     // Flow to phi nodes
-    exists(Def def, StoreNode store, IRBlock block, int rnk |
-      store = nodeFrom and
-      store.isTerminal() and
-      def.getInstruction() = store.getStoreInstruction() and
-      def.hasRankInBlock(block, rnk) and
-      nodeTo.(SsaPhiNode).hasInputAtRankInBlock(block, rnk)
-    )
-    or
     exists(Def def, IRBlock block, int rnk |
-      def.getInstruction() = nodeFrom.asInstruction() and
       def.hasRankInBlock(block, rnk) and
-      nodeTo.(SsaPhiNode).hasInputAtRankInBlock(block, rnk)
-    )
-    or
-    // Def-use flow from a `StoreNode` to an `OperandNode`.
-    exists(
-      StoreNode store, IRBlock bb1, int i1, IRBlock bb2, int i2, Def def, Use use, Definition ssaDef
+      nodeTo.hasInputAtRankInBlock(block, rnk)
     |
-      store = nodeFrom and
-      store.isTerminal() and
-      def.getInstruction() = store.getStoreInstruction() and
+      exists(StoreNode store |
+        store = nodeFrom and
+        store.isTerminal() and
+        def.getInstruction() = store.getStoreInstruction()
+      )
+      or
+      def.getInstruction() = nodeFrom.asInstruction()
+    )
+  }
+
+  private predicate fromStoreNode(StoreNode nodeFrom, Node nodeTo) {
+    // Def-use flow from a `StoreNode`.
+    exists(IRBlock bb1, int i1, IRBlock bb2, int i2, Def def, Use use |
+      nodeFrom.isTerminal() and
+      def.getInstruction() = nodeFrom.getStoreInstruction() and
       def.hasRankInBlock(bb1, i1) and
-      adjacentDefRead(ssaDef, bb1, i1, bb2, i2) and
+      adjacentDefRead(_, bb1, i1, bb2, i2) and
       use.hasRankInBlock(bb2, i2) and
       flowOutOfAddressStep(use.getOperand(), nodeTo)
     )
@@ -372,17 +366,14 @@ private module Cached {
     // library to hook that up to the assignment to `a`. So instead we flow to the _first_ use of the
     // value computed by `operator new` that occurs after `nodeFrom` (to avoid a loop in the
     // dataflow graph).
-    exists(
-      StoreNode store, WriteSideEffectInstruction write, IRBlock bb, int i1, int i2, Operand op
-    |
-      store = nodeFrom and
-      store.getInstruction().(CallInstruction).getStaticCallTarget() instanceof
+    exists(WriteSideEffectInstruction write, IRBlock bb, int i1, int i2, Operand op |
+      nodeFrom.getInstruction().(CallInstruction).getStaticCallTarget() instanceof
         Alloc::OperatorNewAllocationFunction and
-      write = store.getStoreInstruction() and
+      write = nodeFrom.getStoreInstruction() and
       bb.getInstruction(i1) = write and
       bb.getInstruction(i2) = op.getUse() and
       // Flow to an instruction that occurs later in the block.
-      valueFlow*(store.getInstruction(), op.getDef()) and
+      valueFlow*(nodeFrom.getInstruction(), op.getDef()) and
       nodeTo.asOperand() = op and
       i2 > i1 and
       // There is no previous instruction that also occurs after `nodeFrom`.
@@ -395,6 +386,26 @@ private module Cached {
     )
   }
 
+  /**
+   * Holds if `nodeFrom` is a read or write, and `nTo` is the next subsequent read of the variable
+   * written (or read) by `storeOrRead`.
+   */
+  cached
+  predicate ssaFlow(Node nodeFrom, Node nodeTo) {
+    // Def-use/use-use flow from an `InstructionNode`.
+    defUseFlow(nodeFrom, nodeTo)
+    or
+    // Use-use flow from a `ReadNode`.
+    fromReadNode(nodeFrom, nodeTo)
+    or
+    // Def-use flow from a `StoreNode`.
+    fromStoreNode(nodeFrom, nodeTo)
+    or
+    fromPhiNode(nodeFrom, nodeTo)
+    or
+    toPhiNode(nodeFrom, nodeTo)
+  }
+
   private predicate valueFlow(Instruction iFrom, Instruction iTo) {
     iTo.(CopyValueInstruction).getSourceValue() = iFrom
     or