diff --git a/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql b/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql index 021b17f3820..de3728df482 100644 --- a/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql +++ b/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql @@ -9,41 +9,31 @@ import UnusedMavenDependencies -/* +/** * A whitelist of binary dependencies that should never be highlighted as unusued. */ predicate whitelist(Dependency d) { - /* - * jsr305 contains package annotations. If a project uses those exclusively, we will - * consider it "unused". - */ + // jsr305 contains package annotations. If a project uses those exclusively, we will + // consider it "unused". d.getShortCoordinate() = "com.google.code.findbugs:jsr305" } from PomDependency d, Pom source where source.getADependency() = d and -/* - * There is not a Pom file for the target of this dependency, so we assume that it was resolved by - * a binary file in the local maven repository. - */ +// There is not a Pom file for the target of this dependency, so we assume that it was resolved by +// a binary file in the local maven repository. not exists(Pom target | target = d.getPom()) and -/* - * In order to accurately identify whether this binary dependency is required, we must have identified - * a Maven repository. If we have not found a repository, it's likely that it has a custom path of - * which we are unaware, so do not report any problems. - */ +// In order to accurately identify whether this binary dependency is required, we must have identified +// a Maven repository. If we have not found a repository, it's likely that it has a custom path of +// which we are unaware, so do not report any problems. exists(MavenRepo mr) and -/* - * We either haven't indexed a relevant jar file, which suggests that nothing statically depended upon - * it, or we have indexed the relevant jar file, but no source code in the project defined by the pom - * depends on any code within the detected jar. - */ +// We either haven't indexed a relevant jar file, which suggests that nothing statically depended upon +// it, or we have indexed the relevant jar file, but no source code in the project defined by the pom +// depends on any code within the detected jar. not pomDependsOnContainer(source, d.getJar()) and -/* - * If something that depends on us depends on the jar represented by this dependency, and it doesn't - * depend directly on the jar itself, we don't consider it to be "unused". - */ +// If something that depends on us depends on the jar represented by this dependency, and it doesn't +// depend directly on the jar itself, we don't consider it to be "unused". not exists(Pom pomThatDependsOnSource | pomThatDependsOnSource.getAnExportedPom+() = source | diff --git a/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql b/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql index 55bf10e934c..ca45c03814c 100644 --- a/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql +++ b/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql @@ -14,17 +14,13 @@ import UnusedMavenDependencies from PomDependency d, Pom source, Pom target where source.getADependency() = d and -/* - * We have a targetPom file, so this is a "source" dependency, rather than a binary dependency - * from the Maven repository. Note, although .pom files exist in the local maven repository, they - * are usually not indexed because they are outside the source directory. We assume that they have - * not been indexed. - */ +// We have a targetPom file, so this is a "source" dependency, rather than a binary dependency +// from the Maven repository. Note, although .pom files exist in the local maven repository, they +// are usually not indexed because they are outside the source directory. We assume that they have +// not been indexed. target = d.getPom() and -/* - * If we have a pom for the target of this dependency, then it is unused iff neither it, nor any - * of its transitive dependencies are required. - */ +// If we have a pom for the target of this dependency, then it is unused iff neither it, nor any +// of its transitive dependencies are required. not exists(Pom exported | exported = target.getAnExportedPom*() | diff --git a/java/ql/src/DeadCode/DeadClass.ql b/java/ql/src/DeadCode/DeadClass.ql index 038a7fdfca3..e25d2569abb 100644 --- a/java/ql/src/DeadCode/DeadClass.ql +++ b/java/ql/src/DeadCode/DeadClass.ql @@ -26,10 +26,8 @@ where // Never accessed outside this class, so it's entirely unused. reason = " is entirely unused." else - /* - * There are no dead roots outside the class, but the class has a possible liveness cause - * external to the class, so it must be accessed from at least one dead-code cycle. - */ + // There are no dead roots outside the class, but the class has a possible liveness cause + // external to the class, so it must be accessed from at least one dead-code cycle. reason = " is only used from or in a dead-code cycle." ) select c, "The class " + c.getName() + reason, origin, origin.getName() diff --git a/java/ql/src/DeadCode/FLinesOfDeadCode.ql b/java/ql/src/DeadCode/FLinesOfDeadCode.ql index 4404a6b8d25..f5dbe615c0f 100644 --- a/java/ql/src/DeadCode/FLinesOfDeadCode.ql +++ b/java/ql/src/DeadCode/FLinesOfDeadCode.ql @@ -18,10 +18,8 @@ where // Lines of code contributed by dead classes. sum(DeadClass deadClass | deadClass.getFile() = f | deadClass.getNumberOfLinesOfCode() - - /* - * Remove inner and local classes, as they are reported as separate dead classes. Do not - * remove anonymous classes, because they aren't reported separately. - */ + // Remove inner and local classes, as they are reported as separate dead classes. Do not + // remove anonymous classes, because they aren't reported separately. sum(NestedClass innerClass | innerClass.getEnclosingType() = deadClass and not innerClass.isAnonymous() | innerClass.getNumberOfLinesOfCode() ) @@ -29,11 +27,9 @@ where // Lines of code contributed by dead methods, not in dead classes. sum(DeadMethod deadMethod | deadMethod.getFile() = f and not deadMethod.isInDeadScope() | deadMethod.getNumberOfLinesOfCode() - - /* - * Remove local classes defined in the dead method - they are reported separately as a dead - * class. We keep anonymous class counts, because anonymous classes are not reported - * separately. - */ + // Remove local classes defined in the dead method - they are reported separately as a dead + // class. We keep anonymous class counts, because anonymous classes are not reported + // separately. sum(LocalClass localClass | localClass.getLocalClassDeclStmt().getEnclosingCallable() = deadMethod | localClass.getNumberOfLinesOfCode() ) diff --git a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql index e66de0097db..58f940160ca 100644 --- a/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql +++ b/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql @@ -40,9 +40,7 @@ class ImpureStmt extends Stmt { exists(Expr e | e.getEnclosingStmt() = this | - /* - * Only permit calls to set of whitelisted targets. - */ + // Only permit calls to set of whitelisted targets. ( e instanceof Call and not e.(Call).getCallee().getDeclaringType().hasQualifiedName("java.util", "Collections") @@ -73,10 +71,8 @@ private Stmt getANestedStmt(Block block) { class SpringPureClass extends Class { SpringPureClass() { ( - /* - * The only permitted statement in static initializers is the initialization of a static - * final or effectively final logger fields, or effectively immutable types. - */ + // The only permitted statement in static initializers is the initialization of a static + // final or effectively final logger fields, or effectively immutable types. forall(Stmt s | s = getANestedStmt(getAMember().(StaticInitializer).getBody()) | @@ -164,11 +160,9 @@ class LiveSpringBean extends SpringBean { not getClass() instanceof SpringPureClass ) or ( - /* - * If the class does not exist for this bean, or the class is not a source bean, then this is - * likely to be a definition using a library class, in which case we should consider it to be - * live. - */ + // If the class does not exist for this bean, or the class is not a source bean, then this is + // likely to be a definition using a library class, in which case we should consider it to be + // live. not exists(getClass()) or not getClass().fromSource() or // In alfresco, "webscript" beans should be considered live diff --git a/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql b/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql index 0d0dc5da229..6fe548508b8 100644 --- a/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +++ b/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql @@ -27,7 +27,7 @@ where forall(VarAccess va | va = v.getAnAccess() | // ...an assignment storing a fresh container into `v`, exists(AssignExpr assgn | va = assgn.getDest() | assgn.getSource() instanceof FreshContainer) or - /// ...a return (but only if `v` is a local variable) + // ...a return (but only if `v` is a local variable) (v instanceof LocalVariableDecl and exists(ReturnStmt ret | ret.getResult() = va)) or // ...or a call to a query method on `v`. exists(MethodAccess ma | va = ma.getQualifier() | ma.getMethod() instanceof ContainerQueryMethod) diff --git a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql index f16844588bd..b88a593c92e 100644 --- a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +++ b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql @@ -125,10 +125,8 @@ predicate blockIsLocked(LockType t, BasicBlock src, BasicBlock b, int locks) { exists(BasicBlock pred, int predlocks, int curlocks, int failedlock | pred = b.getABBPredecessor() | // The number of net locks from the `src` block to the predecessor block `pred` is `predlocks`. blockIsLocked(t, src, pred, predlocks) and - /* - * The recursive call ensures that at least one lock is held, so do not consider the false - * successor of the `isHeldByCurrentThread()` check. - */ + // The recursive call ensures that at least one lock is held, so do not consider the false + // successor of the `isHeldByCurrentThread()` check. not heldByCurrentThreadCheck(t, pred, b) and // Count a failed lock as an unlock so the net is zero. ( if failedLock(t, pred, b) then failedlock = 1 else failedlock = 0 ) and diff --git a/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql b/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql index 099e1d88b55..295fe167121 100644 --- a/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql +++ b/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql @@ -79,14 +79,12 @@ where target.getName() + "[] will always fail with a ClassCastException." ) or - /* - * For unchecked operations, the crash would not occur at the cast site, - * but only if/when the value is assigned to a variable of different array type. - * This would require tracking the flow of values, but we focus on finding problematic - * APIs. We keep two cases: - * - An array that is actually returned from the (non-private) method, or - * - an array that is assigned to a field returned from another (non-private) method. - */ + // For unchecked operations, the crash would not occur at the cast site, + // but only if/when the value is assigned to a variable of different array type. + // This would require tracking the flow of values, but we focus on finding problematic + // APIs. We keep two cases: + // - An array that is actually returned from the (non-private) method, or + // - an array that is assigned to a field returned from another (non-private) method. ( uncheckedCastType(target) and returnedFrom(ce, ce.getEnclosingCallable()) and