Add UninitializedNode::getIndirectionIndex/0

[jeongsoolee09]

Add a member predicate getIndirectionIndex to UninitializedNode. The existing node only took indirection level 0 to account, clouding the existence of uninitialized nodes behind any level of indirection.

For example, consider this code:

int array[2][3] = {{1, 2, 3}, {4, 5, 6}}

Previously, UninitializedNode only captured array, in its uninitialized state, of type int[2][3]. However, it is also uninitialized at one level down, being of type int[3].

any(UninitializedNode node | node.getIndirectionIndex() = 1 | node) will now get the int[3] of the above.

[Copilot]

Pull request overview

Adds an indirection-index dimension to Public::UninitializedNode so queries can distinguish uninitialized values at different indirection levels (e.g., arrays-of-arrays).

Changes:

• Extend UninitializedNode to track indirectionIndex rather than hard-coding index 0.
• Expose the indirection level via UninitializedNode::getIndirectionIndex/0.

Comments suppressed due to low confidence (1)

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowNodes.qll:785

• The doc comment for getIndirectionIndex() uses different terminology (“level of indirection to get to this node”) than the rest of this file (which consistently says “indirection index”). For consistency and clarity, consider rephrasing to “Gets the indirection index of this node” and (optionally) define what 0/1/... correspond to.

    /** Gets the level of indirection to get to this node. */
    int getIndirectionIndex() { result = indirectionIndex }

[Copilot]

The class-level doc comment for UninitializedNode now understates the behavior: the implementation no longer represents only indirection level 0. Please update the doc comment to mention that the node can represent different indirection indices (and briefly what 0/1/... mean) so query authors don’t misinterpret it.

This issue also appears on line 784 of the same file.