hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java/C++: Share valueFlowStep.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-11-09 20:24:28 +01:00
parent b8e7e1d15e
commit 657c29f409
10 changed files with 61 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
View File

@@ -255,6 +255,8 @@ module Sem implements Semantic {
Expr getDefiningExpr() { result = super.getDefiningExpr() }
}
predicate additionalValueFlowStep = RU::additionalValueFlowStep/3;
predicate conversionCannotOverflow = safeCast/2;
}
@@ -360,8 +362,6 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
predicate ignoreExprBound(Sem::Expr e) { none() }
predicate additionalValueFlowStep(Sem::Expr dest, Sem::Expr src, int delta) { none() }
Sem::Type getAlternateType(Sem::Expr e) { none() }
Sem::Type getAlternateTypeForSsaVariable(Sem::SsaVariable var) { none() }
@@ -370,10 +370,6 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
}
module Utils implements UtilSig<Sem, IntDelta> {
private import RangeUtils as RU
predicate semValueFlowStep = RU::valueFlowStep/3;
Sem::Type getTrackedTypeForSsaVariable(Sem::SsaVariable var) {
result = var.getSourceVariable().getType()
}

44
java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
View File

@@ -17,6 +17,8 @@ predicate ssaRead = U::ssaRead/2;
predicate ssaUpdateStep = U::ssaUpdateStep/3;
predicate valueFlowStep = U::valueFlowStep/3;
predicate guardDirectlyControlsSsaRead = U::guardDirectlyControlsSsaRead/3;
predicate guardControlsSsaRead = U::guardControlsSsaRead/3;
@@ -163,50 +165,10 @@ class ConstantStringExpr extends Expr {
/**
* Holds if `e1 + delta` equals `e2`.
*/
predicate valueFlowStep(Expr e2, Expr e1, int delta) {
e2.(AssignExpr).getSource() = e1 and delta = 0
or
e2.(PlusExpr).getExpr() = e1 and delta = 0
or
e2.(PostIncExpr).getExpr() = e1 and delta = 0
or
e2.(PostDecExpr).getExpr() = e1 and delta = 0
or
e2.(PreIncExpr).getExpr() = e1 and delta = 1
or
e2.(PreDecExpr).getExpr() = e1 and delta = -1
or
predicate additionalValueFlowStep(Expr e2, Expr e1, int delta) {
exists(ArrayCreationExpr a |
arrayLengthDef(e2, a) and
a.getDimension(0) = e1 and
delta = 0
)
or
exists(Expr x |
e2.(AddExpr).hasOperands(e1, x)
or
exists(AssignAddExpr add | add = e2 |
add.getDest() = e1 and add.getRhs() = x
or
add.getDest() = x and add.getRhs() = e1
)
|
x.(ConstantIntegerExpr).getIntValue() = delta
)
or
exists(Expr x |
exists(SubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
sub.getRightOperand() = x
)
or
exists(AssignSubExpr sub |
e2 = sub and
sub.getDest() = e1 and
sub.getRhs() = x
)
|
x.(ConstantIntegerExpr).getIntValue() = -delta
)
}

12
java/ql/test/library-tests/dataflow/range-analysis/RangeAnalysis.expected
View File

@@ -59,6 +59,7 @@
| A.java:12:16:12:20 | ... + ... | SSA init(y) | 1 | upper | NoReason |
| A.java:12:20:12:20 | 1 | 0 | 1 | lower | NoReason |
| A.java:12:20:12:20 | 1 | 0 | 1 | upper | NoReason |
| A.java:13:13:13:23 | sum | SSA init(y) | 400 | upper | NoReason |
| A.java:13:19:13:19 | x | 0 | 400 | upper | ... > ... |
| A.java:13:19:13:19 | x | SSA init(x) | 0 | lower | NoReason |
| A.java:13:19:13:19 | x | SSA init(x) | 0 | upper | NoReason |
@@ -72,6 +73,17 @@
| A.java:15:13:15:13 | y | SSA init(y) | 0 | upper | NoReason |
| A.java:15:17:15:19 | 300 | 0 | 300 | lower | NoReason |
| A.java:15:17:15:19 | 300 | 0 | 300 | upper | NoReason |
| A.java:16:15:16:25 | sum | 0 | 603 | lower | ... > ... |
| A.java:16:15:16:25 | sum | 0 | 799 | upper | ... != ... |
| A.java:16:15:16:25 | sum | 0 | 799 | upper | ... > ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 301 | lower | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 301 | lower | NoReason |
| A.java:16:15:16:25 | sum | SSA init(x) | 399 | upper | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(x) | 399 | upper | NoReason |
| A.java:16:15:16:25 | sum | SSA init(y) | 302 | lower | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(y) | 302 | lower | NoReason |
| A.java:16:15:16:25 | sum | SSA init(y) | 400 | upper | ... != ... |
| A.java:16:15:16:25 | sum | SSA init(y) | 400 | upper | NoReason |
| A.java:16:21:16:21 | x | 0 | 302 | lower | ... > ... |
| A.java:16:21:16:21 | x | 0 | 400 | upper | ... > ... |
| A.java:16:21:16:21 | x | SSA init(x) | 0 | lower | NoReason |