Merge pull request #14711 from aschackmull/shared/rangeutil-share2

Java/C++/RangeAnalysis: Move a couple of utility predicates to shared qlpack
2026-04-26 01:05:15 +02:00 · 2023-11-08 08:33:12 +01:00
parent a8eed6bd7e 12cba7909b
commit 45ae4ed362
11 changed files with 107 additions and 173 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
@@ -211,7 +211,11 @@ module Sem implements Semantic {

  class BasicBlock = J::BasicBlock;

-  class Guard extends GL::Guard {
+  BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getABBSuccessor() }
+
+  final private class FinalGuard = GL::Guard;
+
+  class Guard extends FinalGuard {
    Expr asExpr() { result = this }
  }

@@ -219,14 +223,6 @@ module Sem implements Semantic {
    GL::implies_v2(g1, b1, g2, b2)
  }

-  predicate guardDirectlyControlsSsaRead(Guard guard, SsaReadPosition controlled, boolean testIsTrue) {
-    RU::guardDirectlyControlsSsaRead(guard, controlled, testIsTrue)
-  }
-
-  predicate guardControlsSsaRead(Guard guard, SsaReadPosition controlled, boolean testIsTrue) {
-    RU::guardControlsSsaRead(guard, controlled, testIsTrue)
-  }
-
  class Type = J::Type;

  class IntegerType extends J::IntegralType {
@@ -261,6 +257,10 @@ module Sem implements Semantic {

  class SsaReadPositionPhiInputEdge extends SsaReadPosition instanceof SsaReadPos::SsaReadPositionPhiInputEdge
  {
+    BasicBlock getOrigBlock() { result = super.getOrigBlock() }
+
+    BasicBlock getPhiBlock() { result = super.getPhiBlock() }
+
    predicate phiInput(SsaPhiNode phi, SsaVariable inp) { super.phiInput(phi, inp) }
  }

@@ -268,10 +268,6 @@ module Sem implements Semantic {
    BasicBlock getBlock() { result = super.getBlock() }
  }

-  predicate backEdge(SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge) {
-    RU::backEdge(phi, inp, edge)
-  }
-
  predicate conversionCannotOverflow = safeCast/2;
 }

--- a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
@@ -7,6 +7,18 @@ private import SSA
 private import semmle.code.java.controlflow.internal.GuardsLogic
 private import semmle.code.java.dataflow.internal.rangeanalysis.SsaReadPositionCommon
 private import semmle.code.java.Constants
+private import semmle.code.java.dataflow.RangeAnalysis
+private import codeql.rangeanalysis.internal.RangeUtils
+
+private module U = MakeUtils<Sem, IntDelta>;
+
+private predicate backEdge = U::backEdge/3;
+
+predicate ssaRead = U::ssaRead/2;
+
+predicate guardDirectlyControlsSsaRead = U::guardDirectlyControlsSsaRead/3;
+
+predicate guardControlsSsaRead = U::guardControlsSsaRead/3;

 /**
 * Holds if `v` is an input to `phi` that is not along a back edge, and the
@@ -145,79 +157,6 @@ class ConstantStringExpr extends Expr {
  string getStringValue() { constantStringExpr(this, result) }
 }

-bindingset[f]
-private predicate okInt(float f) { -2.pow(31) <= f and f <= 2.pow(31) - 1 }
-
-/**
- * Gets an expression that equals `v - d`.
- */
-Expr ssaRead(SsaVariable v, int delta) {
-  result = v.getAUse() and delta = 0
-  or
-  exists(int d1, ConstantIntegerExpr c |
-    result.(AddExpr).hasOperands(ssaRead(v, d1), c) and
-    delta = d1 - c.getIntValue() and
-    okInt(d1.(float) - c.getIntValue().(float))
-  )
-  or
-  exists(SubExpr sub, int d1, ConstantIntegerExpr c |
-    result = sub and
-    sub.getLeftOperand() = ssaRead(v, d1) and
-    sub.getRightOperand() = c and
-    delta = d1 + c.getIntValue() and
-    okInt(d1.(float) + c.getIntValue().(float))
-  )
-  or
-  v.(SsaExplicitUpdate).getDefiningExpr().(PreIncExpr) = result and delta = 0
-  or
-  v.(SsaExplicitUpdate).getDefiningExpr().(PreDecExpr) = result and delta = 0
-  or
-  v.(SsaExplicitUpdate).getDefiningExpr().(PostIncExpr) = result and delta = 1 // x++ === ++x - 1
-  or
-  v.(SsaExplicitUpdate).getDefiningExpr().(PostDecExpr) = result and delta = -1 // x-- === --x + 1
-  or
-  v.(SsaExplicitUpdate).getDefiningExpr().(Assignment) = result and delta = 0
-  or
-  result.(AssignExpr).getSource() = ssaRead(v, delta)
-}
-
-/**
- * Holds if `inp` is an input to `phi` along a back edge.
- */
-predicate backEdge(SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge) {
-  edge.phiInput(phi, inp) and
-  // Conservatively assume that every edge is a back edge if we don't have dominance information.
-  (
-    phi.getBasicBlock().bbDominates(edge.getOrigBlock()) or
-    not hasDominanceInformation(edge.getOrigBlock())
-  )
-}
-
-/**
- * Holds if `guard` directly controls the position `controlled` with the
- * value `testIsTrue`.
- */
-predicate guardDirectlyControlsSsaRead(Guard guard, SsaReadPosition controlled, boolean testIsTrue) {
-  guard.directlyControls(controlled.(SsaReadPositionBlock).getBlock(), testIsTrue)
-  or
-  exists(SsaReadPositionPhiInputEdge controlledEdge | controlledEdge = controlled |
-    guard.directlyControls(controlledEdge.getOrigBlock(), testIsTrue) or
-    guard.hasBranchEdge(controlledEdge.getOrigBlock(), controlledEdge.getPhiBlock(), testIsTrue)
-  )
-}
-
-/**
- * Holds if `guard` controls the position `controlled` with the value `testIsTrue`.
- */
-predicate guardControlsSsaRead(Guard guard, SsaReadPosition controlled, boolean testIsTrue) {
-  guardDirectlyControlsSsaRead(guard, controlled, testIsTrue)
-  or
-  exists(Guard guard0, boolean testIsTrue0 |
-    implies_v2(guard0, testIsTrue0, guard, testIsTrue) and
-    guardControlsSsaRead(guard0, controlled, testIsTrue0)
-  )
-}
-
 /**
 * Gets a condition that tests whether `v` equals `e + delta`.
 *