Address some of the PR review findings

2026-04-24 16:25:15 +02:00 · 2020-09-29 14:53:59 +02:00
parent 638d0399a8
commit 21ff1a0445
5 changed files with 37 additions and 30 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll
@@ -41,6 +41,18 @@ private Sign certainExprSign(Expr e) {
  )
 }

+/**
+ * Gets the value of the expression if it can't be converted to integer, but
+ * can be converted to float.
+ */
+float getNonIntegerValue(ExprWithPossibleValue e) {
+  exists(string s |
+    s = e.getValue() and
+    result = s.toFloat() and
+    not exists(s.toInt())
+  )
+}
+
 /** Holds if the sign of `e` is too complicated to determine. */
 predicate unknownSign(Expr e) {
  not exists(certainExprSign(e)) and
@@ -55,7 +67,7 @@ predicate unknownSign(Expr e) {
      not fromtyp instanceof NumericOrCharType
    )
    or
-    unknownIntegerAccess(e)
+    numericExprWithUnknownSign(e)
  )
 }

@@ -246,7 +258,7 @@ private Sign ssaDefSign(SsaVariable v) {
 }

 /** Returns the sign of explicit SSA definition `v`. */
-Sign explicitSsaDefSign(SsaVariable v) {
+private Sign explicitSsaDefSign(SsaVariable v) {
  exists(VariableUpdate def | def = getExplicitSsaAssignment(v) |
    result = exprSign(getExprFromSsaAssignment(def))
    or
--- a/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
@@ -38,6 +38,8 @@ module Private {

  class VariableUpdate = J::VariableUpdate;

+  class ExprWithPossibleValue = J::Literal;
+
  predicate ssaRead = RU::ssaRead/2;

  predicate guardControlsSsaRead = RU::guardControlsSsaRead/3;
@@ -57,15 +59,6 @@ private module Impl {

  class UnsignedNumericType = CharacterType;

-  /**
-   * Gets the `float` value of expression `e` where `e` has no `int` value.
-   */
-  float getNonIntegerValue(Expr e) {
-    result = e.(LongLiteral).getValue().toFloat() or
-    result = e.(FloatingPointLiteral).getValue().toFloat() or
-    result = e.(DoubleLiteral).getValue().toFloat()
-  }
-
  /** Gets the character value of expression `e`. */
  string getCharValue(Expr e) { result = e.(CharacterLiteral).getValue() }

@@ -86,11 +79,10 @@ private module Impl {

  /**
   * Holds if `e` has type `NumericOrCharType`, but the sign of `e` is unknown.
-   *
-   * The expression types handled in the predicate complements the expression
-   * types handled in `specificSubExprSign`.
   */
-  predicate unknownIntegerAccess(Expr e) {
+  predicate numericExprWithUnknownSign(Expr e) {
+    // The expression types handled in the predicate complements the expression
+    // types handled in `specificSubExprSign`.
    e instanceof ArrayAccess and e.getType() instanceof NumericOrCharType
    or
    e instanceof MethodAccess and e.getType() instanceof NumericOrCharType