move identical java and cs bound.qll to shared library

2026-05-30 02:51:24 +02:00 · 2026-05-27 17:23:28 +02:00
parent f18cdcfec6
commit 6042adebae
3 changed files with 125 additions and 71 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/Bound.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/Bound.qll
@@ -4,67 +4,16 @@
 overlay[local?]
 module;

-private import internal.rangeanalysis.BoundSpecific
+private import java as J
+private import internal.rangeanalysis.BoundSpecific as BoundSpecific
+private import codeql.rangeanalysis.Bound as SharedBound

-private newtype TBound =
-  TBoundZero() or
-  TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
-  TBoundExpr(Expr e) {
-    interestingExprBound(e) and
-    not exists(SsaVariable v | e = v.getAUse())
-  }
+module BoundInstantiation = SharedBound::Bound<J::Location, BoundSpecific::BoundDefs>;

-/**
- * A bound that may be inferred for an expression plus/minus an integer delta.
- */
-abstract class Bound extends TBound {
-  /** Gets a textual representation of this bound. */
-  abstract string toString();
+class Bound = BoundInstantiation::Bound;

-  /** Gets an expression that equals this bound plus `delta`. */
-  abstract Expr getExpr(int delta);
+class ZeroBound = BoundInstantiation::ZeroBound;

-  /** Gets an expression that equals this bound. */
-  Expr getExpr() { result = this.getExpr(0) }
+class SsaBound = BoundInstantiation::SsaBound;

-  /** Gets the location of this bound. */
-  abstract Location getLocation();
-}
-
-/**
- * The bound that corresponds to the integer 0. This is used to represent all
- * integer bounds as bounds are always accompanied by an added integer delta.
- */
-class ZeroBound extends Bound, TBoundZero {
-  override string toString() { result = "0" }
-
-  override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
-
-  override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
-}
-
-/**
- * A bound corresponding to the value of an SSA variable.
- */
-class SsaBound extends Bound, TBoundSsa {
-  /** Gets the SSA variable that equals this bound. */
-  SsaVariable getSsa() { this = TBoundSsa(result) }
-
-  override string toString() { result = this.getSsa().toString() }
-
-  override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
-
-  override Location getLocation() { result = this.getSsa().getLocation() }
-}
-
-/**
- * A bound that corresponds to the value of a specific expression that might be
- * interesting, but isn't otherwise represented by the value of an SSA variable.
- */
-class ExprBound extends Bound, TBoundExpr {
-  override string toString() { result = this.getExpr().toString() }
-
-  override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
-
-  override Location getLocation() { result = this.getExpr().getLocation() }
-}
+class ExprBound = BoundInstantiation::ExprBound;
--- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
@@ -7,21 +7,26 @@ module;
 private import java as J
 private import semmle.code.java.dataflow.SSA as Ssa
 private import semmle.code.java.dataflow.RangeUtils as RU
+private import codeql.rangeanalysis.Bound as SharedBound

-class SsaVariable extends Ssa::SsaDefinition {
-  /** Gets a use of this variable. */
-  Expr getAUse() { result = super.getARead() }
-}
+module BoundDefs implements SharedBound::BoundDefinitions<J::Location> {
+  class SsaVariable extends Ssa::SsaDefinition {
+    /** Gets a use of this variable. */
+    Expr getAUse() { result = super.getARead() }
+  }

-class Expr = J::Expr;
+  class SsaSourceVariable = Ssa::SourceVariable;

-class Location = J::Location;
+  class Type = J::Type;

-class IntegralType = J::IntegralType;
+  class Expr = J::Expr;

-class ConstantIntegerExpr = RU::ConstantIntegerExpr;
+  class IntegralType = J::IntegralType;

-/** Holds if `e` is a bound expression and it is not an SSA variable read. */
-predicate interestingExprBound(Expr e) {
-  e.(J::FieldRead).getField() instanceof J::ArrayLengthField
-}
+  class ConstantIntegerExpr = RU::ConstantIntegerExpr;
+
+  /** Holds if `e` is a bound expression and it is not an SSA variable read. */
+  predicate interestingExprBound(Expr e) {
+    e.(J::FieldRead).getField() instanceof J::ArrayLengthField
+  }
+}
--- a/shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
+++ b/shared/rangeanalysis/codeql/rangeanalysis/Bound.qll
@@ -0,0 +1,100 @@
+/**
+ * Provides classes for representing abstract bounds for use in, for example, range analysis.
+ */
+
+private import codeql.util.Location
+
+signature module BoundDefinitions<LocationSig Location> {
+    class Type;
+    class IntegralType extends Type;
+
+    class ConstantIntegerExpr extends Expr {
+        int getIntValue();
+    }
+
+    class SsaSourceVariable {
+        Type getType();
+    }
+
+    class SsaVariable {
+        SsaSourceVariable getSourceVariable();
+        string toString();
+        Location getLocation();
+        Expr getAUse();
+    }
+
+    class Expr {
+        string toString();
+        Location getLocation();
+    }
+
+    predicate interestingExprBound(Expr e);
+}
+
+overlay[local?]
+module Bound<LocationSig Location, BoundDefinitions<Location> Defs> {
+    private import Defs
+
+    private newtype TBound =
+    TBoundZero() or
+    TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
+    TBoundExpr(Expr e) {
+        interestingExprBound(e) and
+        not exists(SsaVariable v | e = v.getAUse())
+    }
+
+    /**
+     * A bound that may be inferred for an expression plus/minus an integer delta.
+     */
+    abstract class Bound extends TBound {
+    /** Gets a textual representation of this bound. */
+    abstract string toString();
+
+    /** Gets an expression that equals this bound plus `delta`. */
+    abstract Expr getExpr(int delta);
+
+    /** Gets an expression that equals this bound. */
+    Expr getExpr() { result = this.getExpr(0) }
+
+    /** Gets the location of this bound. */
+    abstract Location getLocation();
+    }
+
+    /**
+     * The bound that corresponds to the integer 0. This is used to represent all
+     * integer bounds as bounds are always accompanied by an added integer delta.
+     */
+    class ZeroBound extends Bound, TBoundZero {
+    override string toString() { result = "0" }
+
+    override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
+
+    override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
+    }
+
+    /**
+     * A bound corresponding to the value of an SSA variable.
+     */
+    class SsaBound extends Bound, TBoundSsa {
+    /** Gets the SSA variable that equals this bound. */
+    SsaVariable getSsa() { this = TBoundSsa(result) }
+
+    override string toString() { result = this.getSsa().toString() }
+
+    override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
+
+    override Location getLocation() { result = this.getSsa().getLocation() }
+    }
+
+    /**
+     * A bound that corresponds to the value of a specific expression that might be
+     * interesting, but isn't otherwise represented by the value of an SSA variable.
+     */
+    class ExprBound extends Bound, TBoundExpr {
+    override string toString() { result = this.getExpr().toString() }
+
+    override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
+
+    override Location getLocation() { result = this.getExpr().getLocation() }
+    }
+}