github · jketema · Feb 27, 2026 · Feb 27, 2026 · Feb 27, 2026
@@ -9,12 +9,13 @@
 private import semmle.code.cpp.ir.internal.TempVariableTag
 private import InstructionTag
 private import TranslatedCondition
 private import TranslatedElement
 private import TranslatedExpr
 private import TranslatedCall
 private import TranslatedStmt
 private import TranslatedFunction
 private import TranslatedGlobalVar
+private import TranslatedNonStaticDataMember
 
 TranslatedElement getInstructionTranslatedElement(Instruction instruction) {
   instruction = TRawInstruction(result, _)
@@ -44,6 +45,8 @@
       or
       not var.isFromUninstantiatedTemplate(_) and
       var instanceof StaticInitializedStaticLocalVariable
+      or
+      var instanceof Field
     ) and
     var.hasInitializer() and
     (
@@ -63,6 +66,8 @@
     getTranslatedFunction(decl).hasUserVariable(var, type)
     or
     getTranslatedVarInit(decl).hasUserVariable(var, type)
+    or
+    getTranslatedFieldInit(decl).hasUserVariable(var, type)
   }
 
   cached

@@ -36,7 +36,8 @@ abstract class TranslatedCondition extends TranslatedElement {
   final override Declaration getFunction() {
     result = getEnclosingFunction(expr) or
     result = getEnclosingVariable(expr).(GlobalOrNamespaceVariable) or
-    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable)
+    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable) or
+    result = getEnclosingVariable(expr).(Field)
   }
 
   final Type getResultType() { result = expr.getUnspecifiedType() }

@@ -36,6 +36,7 @@ abstract class TranslatedDeclarationEntry extends TranslatedElement, TTranslated
       or
       not entry.getDeclaration() instanceof StaticInitializedStaticLocalVariable and
       not entry.getDeclaration() instanceof GlobalOrNamespaceVariable and
+      not entry.getDeclaration() instanceof Field and
       result = stmt.getEnclosingFunction()
     )
   }

@@ -918,7 +918,10 @@ newtype TTranslatedElement =
   } or
   // The side effect that initializes newly-allocated memory.
   TTranslatedAllocationSideEffect(AllocationExpr expr) { not ignoreSideEffects(expr) } or
-  TTranslatedStaticStorageDurationVarInit(Variable var) { Raw::varHasIRFunc(var) } or
+  TTranslatedStaticStorageDurationVarInit(Variable var) {
+    Raw::varHasIRFunc(var) and not var instanceof Field
+  } or
+  TTranslatedNonStaticDataMemberVarInit(Field var) { Raw::varHasIRFunc(var) } or
   TTranslatedAssertionOperand(MacroInvocation mi, int index) { hasAssertionOperand(mi, index) }
 
 /**
@@ -1297,5 +1300,7 @@ abstract class TranslatedRootElement extends TranslatedElement {
     this instanceof TTranslatedFunction
     or
     this instanceof TTranslatedStaticStorageDurationVarInit
+    or
+    this instanceof TTranslatedNonStaticDataMemberVarInit
   }
 }
@@ -9,11 +9,12 @@
 private import InstructionTag
 private import TranslatedCondition
 private import TranslatedDeclarationEntry
 private import TranslatedElement
 private import TranslatedFunction
 private import TranslatedInitialization
 private import TranslatedStmt
 private import TranslatedGlobalVar
+private import TranslatedNonStaticDataMember
 private import IRConstruction
 import TranslatedCall
 
@@ -138,6 +139,8 @@
     result = getTranslatedFunction(getEnclosingFunction(expr))
     or
     result = getTranslatedVarInit(getEnclosingVariable(expr))
+    or
+    result = getTranslatedFieldInit(getEnclosingVariable(expr))
   }
 }
 
@@ -153,7 +156,10 @@
     i.getExpr().getFullyConverted() = e and
     v = i.getDeclaration()
   |
-    if v instanceof StaticInitializedStaticLocalVariable or v instanceof GlobalOrNamespaceVariable
+    if
+      v instanceof StaticInitializedStaticLocalVariable or
+      v instanceof GlobalOrNamespaceVariable or
+      v instanceof Field
     then result = v
     else result = e.getEnclosingDeclaration()
   )
@@ -173,7 +179,10 @@
     i.getExpr().getFullyConverted() = e and
     v = i.getDeclaration()
   |
-    if v instanceof StaticInitializedStaticLocalVariable or v instanceof GlobalOrNamespaceVariable
+    if
+      v instanceof StaticInitializedStaticLocalVariable or
+      v instanceof GlobalOrNamespaceVariable or
+      v instanceof Field
     then result = v
     else result = e.getEnclosingVariable()
   )
@@ -826,6 +835,46 @@
   override Instruction getResult() { result = this.getLoadedOperand().getResult() }
 }
 
+class TranslatedParamAccessForType extends TranslatedNonConstantExpr {
+  override ParamAccessForType expr;
+
+  TranslatedParamAccessForType() {
+    // Currently only needed for this parameter accesses.
+    expr.isThisAccess()
+  }
+
+  final override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(OnlyInstructionTag()) and
+    kind instanceof GotoEdge
+  }
+
+  override Instruction getALastInstructionInternal() {
+    result = this.getInstruction(OnlyInstructionTag())
+  }
+
+  final override TranslatedElement getChildInternal(int id) { none() }
+
+  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    tag = OnlyInstructionTag() and
+    result = this.getParent().getChildSuccessor(this, kind)
+  }
+
+  override Instruction getResult() { result = this.getInstruction(OnlyInstructionTag()) }
+
+  override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
+    tag = OnlyInstructionTag() and
+    opcode instanceof Opcode::CopyValue and
+    resultType = getTypeForPRValue(expr.getType())
+  }
+
+  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    tag = OnlyInstructionTag() and
+    operandTag instanceof UnaryOperandTag and
+    result =
+      this.getEnclosingFunction().(TranslatedNonStaticDataMemberVarInit).getLoadThisInstruction()
+  }
+}
+
 /**
  * IR translation of an array access expression (e.g. `a[i]`). The array being accessed will either
  * be a prvalue of pointer type (possibly due to an implicit array-to-pointer conversion), or a

@@ -148,7 +148,8 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
   final override Declaration getFunction() {
     result = getEnclosingFunction(expr) or
     result = getEnclosingVariable(expr).(GlobalOrNamespaceVariable) or
-    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable)
+    result = getEnclosingVariable(expr).(StaticInitializedStaticLocalVariable) or
+    result = getEnclosingVariable(expr).(Field)
   }
 
   final override Locatable getAst() { result = expr }
@@ -528,7 +529,8 @@ abstract class TranslatedFieldInitialization extends TranslatedElement {
   final override Declaration getFunction() {
     result = getEnclosingFunction(ast) or
     result = getEnclosingVariable(ast).(GlobalOrNamespaceVariable) or
-    result = getEnclosingVariable(ast).(StaticInitializedStaticLocalVariable)
+    result = getEnclosingVariable(ast).(StaticInitializedStaticLocalVariable) or
+    result = getEnclosingVariable(ast).(Field)
   }
 
   final override Instruction getFirstInstruction(EdgeKind kind) {
@@ -701,6 +703,8 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
     result = getEnclosingVariable(initList).(GlobalOrNamespaceVariable)
     or
     result = getEnclosingVariable(initList).(StaticInitializedStaticLocalVariable)
+    or
+    result = getEnclosingVariable(initList).(Field)
   }
 
   final override Instruction getFirstInstruction(EdgeKind kind) {

@@ -0,0 +1,217 @@
+import semmle.code.cpp.ir.implementation.raw.internal.TranslatedElement
+private import TranslatedExpr
+private import cpp
+private import semmle.code.cpp.ir.implementation.internal.OperandTag
+private import semmle.code.cpp.ir.internal.TempVariableTag
+private import semmle.code.cpp.ir.internal.CppType
+private import TranslatedInitialization
+private import InstructionTag
+private import semmle.code.cpp.ir.internal.IRUtilities
+
+class TranslatedNonStaticDataMemberVarInit extends TranslatedRootElement,
+  TTranslatedNonStaticDataMemberVarInit, InitializationContext
+{
+  Field field;
+  Class cls;
+
+  TranslatedNonStaticDataMemberVarInit() {
+    this = TTranslatedNonStaticDataMemberVarInit(field) and
+    cls.getAMember() = field
+  }
+
+  override string toString() { result = cls.toString() + "::" + field.toString() }
+
+  final override Field getAst() { result = field }
+
+  final override Declaration getFunction() { result = field }
+
+  override Instruction getFirstInstruction(EdgeKind kind) {
+    result = this.getInstruction(EnterFunctionTag()) and
+    kind instanceof GotoEdge
+  }
+
+  override Instruction getALastInstructionInternal() {
+    result = this.getInstruction(ExitFunctionTag())
+  }
+
+  override TranslatedElement getChild(int n) {
+    n = 1 and
+    result = getTranslatedInitialization(field.getInitializer().getExpr().getFullyConverted())
+  }
+
+  override predicate hasInstruction(Opcode op, InstructionTag tag, CppType type) {
+    op instanceof Opcode::EnterFunction and
+    tag = EnterFunctionTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::AliasedDefinition and
+    tag = AliasedDefinitionTag() and
+    type = getUnknownType()
+    or
+    op instanceof Opcode::InitializeNonLocal and
+    tag = InitializeNonLocalTag() and
+    type = getUnknownType()
+    or
+    tag = ThisAddressTag() and
+    op instanceof Opcode::VariableAddress and
+    type = getTypeForGLValue(any(UnknownType t))
+    or
+    tag = InitializerStoreTag() and
+    op instanceof Opcode::InitializeParameter and
+    type = this.getThisType()
+    or
+    tag = ThisLoadTag() and
+    op instanceof Opcode::Load and
+    type = this.getThisType()
+    or
+    tag = InitializerIndirectStoreTag() and
+    op instanceof Opcode::InitializeIndirection and
+    type = getTypeForPRValue(cls)
+    or
+    op instanceof Opcode::FieldAddress and
+    tag = InitializerFieldAddressTag() and
+    type = getTypeForGLValue(field.getType())
+    or
+    op instanceof Opcode::ReturnVoid and
+    tag = ReturnTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::AliasedUse and
+    tag = AliasedUseTag() and
+    type = getVoidType()
+    or
+    op instanceof Opcode::ExitFunction and
+    tag = ExitFunctionTag() and
+    type = getVoidType()
+  }
+
+  override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
+    kind instanceof GotoEdge and
+    (
+      tag = EnterFunctionTag() and
+      result = this.getInstruction(AliasedDefinitionTag())
+      or
+      tag = AliasedDefinitionTag() and
+      result = this.getInstruction(InitializeNonLocalTag())
+      or
+      tag = InitializeNonLocalTag() and
+      result = this.getInstruction(ThisAddressTag())
+      or
+      tag = ThisAddressTag() and
+      result = this.getInstruction(InitializerStoreTag())
+      or
+      tag = InitializerStoreTag() and
+      result = this.getInstruction(ThisLoadTag())
+      or
+      tag = ThisLoadTag() and
+      result = this.getInstruction(InitializerIndirectStoreTag())
+      or
+      tag = InitializerIndirectStoreTag() and
+      result = this.getInstruction(InitializerFieldAddressTag())
+    )
+    or
+    tag = InitializerFieldAddressTag() and
+    result = this.getChild(1).getFirstInstruction(kind)
+    or
+    kind instanceof GotoEdge and
+    (
+      tag = ReturnTag() and
+      result = this.getInstruction(AliasedUseTag())
+      or
+      tag = AliasedUseTag() and
+      result = this.getInstruction(ExitFunctionTag())
+    )
+  }
+
+  override Instruction getChildSuccessorInternal(TranslatedElement child, EdgeKind kind) {
+    child = this.getChild(1) and
+    result = this.getInstruction(ReturnTag()) and
+    kind instanceof GotoEdge
+  }
+
+  final override CppType getInstructionMemoryOperandType(
+    InstructionTag tag, TypedOperandTag operandTag
+  ) {
+    tag = AliasedUseTag() and
+    operandTag instanceof SideEffectOperandTag and
+    result = getUnknownType()
+  }
+
+  override IRVariable getInstructionVariable(InstructionTag tag) {
+    (
+      tag = ThisAddressTag() or
+      tag = InitializerStoreTag() or
+      tag = InitializerIndirectStoreTag()
+    ) and
+    result = getIRTempVariable(field, ThisTempVar())
+  }
+
+  override Field getInstructionField(InstructionTag tag) {
+    tag = InitializerFieldAddressTag() and
+    result = field
+  }
+
+  override predicate hasTempVariable(TempVariableTag tag, CppType type) {
+    tag = ThisTempVar() and
+    type = this.getThisType()
+  }
+
+  /**
+   * Holds if this variable defines or accesses variable `var` with type `type`. This includes all
+   * parameters and local variables, plus any global variables or static data members that are
+   * directly accessed by the function.
+   */
+  final predicate hasUserVariable(Variable varUsed, CppType type) {
+    (
+      (
+        varUsed instanceof GlobalOrNamespaceVariable
+        or
+        varUsed instanceof StaticLocalVariable
+        or
+        varUsed instanceof MemberVariable and not varUsed instanceof Field
+      ) and
+      exists(VariableAccess access |
+        access.getTarget() = varUsed and
+        getEnclosingVariable(access) = field
+      )
+      or
+      field = varUsed
+      or
+      varUsed.(LocalScopeVariable).getEnclosingElement*() = field
+      or
+      varUsed.(Parameter).getCatchBlock().getEnclosingElement*() = field
+    ) and
+    type = getTypeForPRValue(getVariableType(varUsed))
+  }
+
+  override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
+    (
+      tag = InitializerStoreTag()
+      or
+      tag = ThisLoadTag()
+    ) and
+    operandTag instanceof AddressOperandTag and
+    result = this.getInstruction(ThisAddressTag())
+    or
+    (
+      tag = InitializerIndirectStoreTag() and
+      operandTag instanceof AddressOperandTag
+      or
+      tag = InitializerFieldAddressTag() and
+      operandTag instanceof UnaryOperandTag
+    ) and
+    result = this.getInstruction(ThisLoadTag())
+  }
+
+  override Instruction getTargetAddress() {
+    result = this.getInstruction(InitializerFieldAddressTag())
+  }
+
+  override Type getTargetType() { result = field.getUnspecifiedType() }
+
+  final Instruction getLoadThisInstruction() { result = this.getInstruction(ThisLoadTag()) }
+
+  private CppType getThisType() { result = getTypeForGLValue(cls) }
+}
+
+TranslatedNonStaticDataMemberVarInit getTranslatedFieldInit(Field field) { result.getAst() = field }