Merge pull request #180 from max/receiver-deref-update

Conservatively handle indirect updates through pointer-type receiver.

ql/src/semmle/go/dataflow/SSA.qll

@@ -24,6 +24,11 @@ class SsaSourceVariable extends LocalVariable {
     // variables that have their address taken
     exists(AddressExpr addr | addr.getOperand().stripParens() = getAUse())
     or
+    exists(DataFlow::MethodReadNode mrn |
+      mrn.getReceiver() = getARead() and
+      mrn.getMethod().getReceiverType() instanceof PointerType
+    )
+    or
     // variables where there is an unresolved reference with the same name in the same
     // scope or a nested scope, suggesting that name resolution information may be incomplete
     exists(FunctionScope scope, FuncDef inner |

ql/test/query-tests/RedundantCode/CompareIdenticalValues/CompareIdenticalValues.expected

@@ -1,3 +1,4 @@
 | CompareIdenticalValues.go:9:3:9:8 | ...<=... | This expression compares $@ to itself. | CompareIdenticalValues.go:9:3:9:3 | y | an expression |
 | tst.go:6:9:6:14 | ...==... | This expression compares $@ to itself. | tst.go:6:9:6:9 | x | an expression |
+| tst.go:60:9:60:14 | ...==... | This expression compares $@ to itself. | tst.go:60:9:60:9 | y | an expression |
 | vp.go:16:9:16:38 | ...!=... | This expression compares $@ to itself. | vp.go:16:9:16:21 | call to GetLength | an expression |

ql/test/query-tests/RedundantCode/CompareIdenticalValues/tst.go

@@ -37,3 +37,25 @@ func baz() bool {
 	bump(&x)
 	return x == 0
 }
+
+type counter int
+
+func (x *counter) bump() {
+	*x++
+}
+
+func (x counter) bimp() {
+	x++
+}
+
+func baz2() bool {
+	var x counter
+	x.bump()
+	return x == 0 // OK
+}
+
+func baz3() bool {
+	var y counter
+	y.bimp()
+	return y == 0 // NOT OK
+}