Kotlin: Exclude constructs in serialization constructors from java/evaluation-to-constant

2026-04-29 10:45:15 +02:00 · 2022-10-19 11:43:01 +02:00
parent 30fc6acb19
commit 78c23c2657
3 changed files with 22 additions and 5 deletions
--- a/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/DeadCode.qll
@@ -3,6 +3,7 @@ import semmle.code.java.deadcode.DeadEnumConstant
 import semmle.code.java.deadcode.DeadCodeCustomizations
 import semmle.code.java.deadcode.DeadField
 import semmle.code.java.deadcode.EntryPoints
+private import semmle.code.java.frameworks.kotlin.Serialization

 /**
 * Holds if the given callable has any liveness causes.
@@ -309,10 +310,7 @@ class RootdefCallable extends Callable {
    this.isCompilerGenerated()
    or
    // Exclude Kotlin serialization constructors.
-    this.(Constructor)
-        .getParameterType(this.getNumberOfParameters() - 1)
-        .(RefType)
-        .hasQualifiedName("kotlinx.serialization.internal", "SerializationConstructorMarker")
+    this instanceof SerializationConstructor
  }
 }

--- a/java/ql/lib/semmle/code/java/frameworks/kotlin/Serialization.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/kotlin/Serialization.qll
@@ -0,0 +1,16 @@
+/**
+ * Provides classes and predicates for working with thi `kotlinx.serialization` plugin.
+ */
+
+import java
+
+/**
+ * A constructor with a `SerializationConstructorMarker` parameter.
+ */
+class SerializationConstructor extends Constructor {
+  SerializationConstructor() {
+    this.getParameterType(this.getNumberOfParameters() - 1)
+        .(RefType)
+        .hasQualifiedName("kotlinx.serialization.internal", "SerializationConstructorMarker")
+  }
+}
--- a/Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql
+++ b/Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql
@@ -10,6 +10,7 @@
 */

 import java
+private import semmle.code.java.frameworks.kotlin.Serialization

 int eval(Expr e) { result = e.(CompileTimeConstantExpr).getIntValue() }

@@ -59,5 +60,7 @@ where
  // Exclude explicit zero multiplication.
  not e.(MulExpr).getAnOperand().(IntegerLiteral).getIntValue() = 0 and
  // Exclude expressions that appear to be disabled deliberately (e.g. `false && ...`).
-  not e.(AndLogicalExpr).getAnOperand().(BooleanLiteral).getBooleanValue() = false
+  not e.(AndLogicalExpr).getAnOperand().(BooleanLiteral).getBooleanValue() = false and
+  // Exclude expressions that are in serialization constructors, which are auto-generated.
+  not e.getEnclosingCallable() instanceof SerializationConstructor
 select e, "Expression always evaluates to the same value."