Binary: Delete the 'InstrRef' opcode and don't generate IR using it.

Author: MathiasVP

binary/ql/lib/semmle/code/binary/ast/ir/IR.qll

@@ -353,10 +353,6 @@ private module FinalInstruction {
     JumpTargetOperand getJumpTargetOperand() { result = super.getJumpTargetOperand() }
   }
 
-  class InstrRefInstruction extends Instruction instanceof Instruction::InstrRefInstruction {
-    Instruction getReferencedInstruction() { result = super.getReferencedInstruction() }
-  }
-
   class CopyInstruction extends Instruction instanceof Instruction::CopyInstruction {
     UnaryOperand getOperand() { result = super.getOperand() }
   }

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/Instruction.qll

@@ -32,7 +32,7 @@ class Instruction extends TInstruction {
   Operand getFirstOperand() {
     exists(OperandTag operandTag |
       result = this.getOperand(operandTag) and
-      not exists(operandTag.getPredecessorTag())
+      not exists(this.getOperand(operandTag.getPredecessorTag()))
     )
   }
 
@@ -171,21 +171,6 @@ class CallInstruction extends Instruction {
   override string getImmediateValue() { result = this.getStaticTarget().getName() }
 }
 
-class InstrRefInstruction extends Instruction {
-  override Opcode::InstrRef opcode;
-
-  Instruction getReferencedInstruction() { result = te.getReferencedInstruction(tag) }
-
-  final override string getImmediateValue() {
-    exists(Instruction ref | ref = this.getReferencedInstruction() |
-      result = ref.getResultVariable().toString()
-      or
-      not exists(ref.getResultVariable()) and
-      result = "<reference to instruction without result>"
-    )
-  }
-}
-
 class ExternalRefInstruction extends Instruction {
   override Opcode::ExternalRef opcode;
 

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/InstructionTag.qll

@@ -5,10 +5,6 @@ private import semmle.code.binary.ast.internal.CilInstructions
 newtype TInstructionTag =
   SingleTag() or
   FunEntryTag() or
-  X86JumpInstrRefTag() or
-  X86JumpTag() or
-  X86CJumpInstrRefTag() or
-  X86CJumpTag() or
   WriteTag() or
   InitFramePtrTag() or
   InitStackPtrTag() or
@@ -51,13 +47,9 @@ newtype TInstructionTag =
   CilRelSubTag() or
   CilRelCJumpTag() or
   CilRelConstTag(Boolean b) or
-  CilRelRefTag() or
-  CilBoolBranchRefTag() or
   CilBoolBranchSubTag() or
   CilBoolBranchConstTag() or
   CilBoolBranchCJumpTag() or
-  CilUnconditionalBranchTag() or
-  CilUnconditionalBranchRefTag() or
   CilCallTag() or
   CilCallTargetTag() or
   CilLdindLoadTag() or
@@ -71,18 +63,6 @@ class InstructionTag extends TInstructionTag {
     this = FunEntryTag() and
     result = "FunEntry"
     or
-    this = X86JumpInstrRefTag() and
-    result = "X86JumpInstrRef"
-    or
-    this = X86JumpTag() and
-    result = "X86Jump"
-    or
-    this = X86CJumpInstrRefTag() and
-    result = "X86CJumpInstrRef"
-    or
-    this = X86CJumpTag() and
-    result = "X86CJump"
-    or
     this = WriteTag() and
     result = "Write"
     or
@@ -196,12 +176,6 @@ class InstructionTag extends TInstructionTag {
       result = "CilRelConst(" + b.toString() + ")"
     )
     or
-    this = CilRelRefTag() and
-    result = "CilRelRef"
-    or
-    this = CilBoolBranchRefTag() and
-    result = "CilBoolBranchRef"
-    or
     this = CilBoolBranchSubTag() and
     result = "CilBoolBranchSub"
     or
@@ -211,12 +185,6 @@ class InstructionTag extends TInstructionTag {
     this = CilBoolBranchCJumpTag() and
     result = "CilBoolBranchCJump"
     or
-    this = CilUnconditionalBranchTag() and
-    result = "CilUnconditionalBranch"
-    or
-    this = CilUnconditionalBranchRefTag() and
-    result = "CilUnconditionalBranchRef"
-    or
     this = CilCallTag() and
     result = "CilCall"
     or

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TempVariableTag.qll

@@ -1,6 +1,4 @@
 newtype TTempVariableTag =
-  X86JumpInstrRefVarTag() or
-  X86CJumpInstrRefVarTag() or
   TestVarTag() or
   ZeroVarTag() or
   ImmediateOperandVarTag() or
@@ -23,11 +21,9 @@ newtype TTempVariableTag =
   CilLdLocVarTag() or
   CilBinaryVarTag() or
   CilRelSubVarTag() or
-  CilRelRefVarTag() or
   CilRelVarTag() or
   CilBoolBranchConstVarTag() or
   CilBoolBranchSubVarTag() or
-  CilBoolBranchRefVarTag() or
   CilUnconditionalBranchRefVarTag() or
   CallReturnValueTag() or
   CilCallTargetVarTag() or
@@ -37,12 +33,6 @@ newtype TTempVariableTag =
 
 class TempVariableTag extends TTempVariableTag {
   string toString() {
-    this = X86JumpInstrRefVarTag() and
-    result = "j_ir"
-    or
-    this = X86CJumpInstrRefVarTag() and
-    result = "cj_ir"
-    or
     this = TestVarTag() and
     result = "t"
     or
@@ -109,9 +99,6 @@ class TempVariableTag extends TTempVariableTag {
     this = CilRelSubVarTag() and
     result = "r_s"
     or
-    this = CilRelRefVarTag() and
-    result = "ref"
-    or
     this = CilRelVarTag() and
     result = "r"
     or
@@ -124,9 +111,6 @@ class TempVariableTag extends TTempVariableTag {
     this = CilUnconditionalBranchRefVarTag() and
     result = "cub_ir"
     or
-    this = CilBoolBranchRefVarTag() and
-    result = "cbb_ir"
-    or
     this = CallReturnValueTag() and
     result = "call_ret"
     or

binary/ql/lib/semmle/code/binary/ast/ir/internal/Instruction0/TranslatedElement.qll

@@ -217,12 +217,6 @@ abstract class TranslatedElement extends TTranslatedElement {
    */
   string getExternalName(InstructionTag tag) { none() }
 
-  /**
-   * Gets the instruction referenced by the instruction with the given tag. This `tag` must refer to
-   * an `InstrRef` (that is, an instruction for which `hasInstruction(Opcode::InstrRef, tag, _)` holds.)
-   */
-  Instruction getReferencedInstruction(InstructionTag tag) { none() }
-
   /**
    * Gets the raw element that this translated element is a translation of.
    *