JS: Update range analysis to use getImmediatePredecessor

2025-12-17 01:03:14 +01:00 · 2019-07-31 20:35:56 +01:00
parent 9e949d0f44
commit 8e1893d0ed
2 changed files with 17 additions and 28 deletions
--- a/javascript/ql/src/semmle/javascript/RangeAnalysis.qll
+++ b/javascript/ql/src/semmle/javascript/RangeAnalysis.qll
@@ -98,29 +98,6 @@ module RangeAnalysis {
    )
  }

-  /**
-   * Holds if the given node has a unique data flow predecessor.
-   */
-  pragma[noinline]
-  private predicate hasUniquePredecessor(DataFlow::Node node) {
-    isRelevant(node) and
-    strictcount(node.getAPredecessor()) = 1 and
-    // exclude parameters with default values
-    not exists(Parameter p |
-      DataFlow::parameterNode(p) = node and
-      exists(p.getDefault())
-    )
-  }
-
-  /**
-   * Gets the definition of `node`, without unfolding phi nodes.
-   */
-  DataFlow::Node getDefinition(DataFlow::Node node) {
-    if hasUniquePredecessor(node)
-    then result = getDefinition(node.getAPredecessor())
-    else result = node
-  }
-
  /**
   * Gets a data flow node holding the result of the add/subtract operation in
   * the given increment/decrement expression.
@@ -229,8 +206,8 @@ module RangeAnalysis {
   * Holds if `r` can be modelled as `r = root * sign + bias`.
   */
  predicate linearDefinition(DataFlow::Node r, DataFlow::Node root, int sign, Bias bias) {
-    if hasUniquePredecessor(r)
-    then linearDefinition(r.getAPredecessor(), root, sign, bias)
+    if exists(r.getImmediatePredecessor())
+    then linearDefinition(r.getImmediatePredecessor(), root, sign, bias)
    else
      if linearDefinitionStep(r, _, _, _)
      then
@@ -257,8 +234,8 @@ module RangeAnalysis {
  predicate linearDefinitionSum(
    DataFlow::Node r, DataFlow::Node xroot, int xsign, DataFlow::Node yroot, int ysign, Bias bias
  ) {
-    if hasUniquePredecessor(r)
-    then linearDefinitionSum(r.getAPredecessor(), xroot, xsign, yroot, ysign, bias)
+    if exists(r.getImmediatePredecessor())
+    then linearDefinitionSum(r.getImmediatePredecessor(), xroot, xsign, yroot, ysign, bias)
    else
      if exists(r.asExpr().getIntValue())
      then none() // do not model constants as sums
@@ -336,7 +313,8 @@ module RangeAnalysis {
    ConditionGuardNode guard, DataFlow::Node a, int asign, string operator, DataFlow::Node b,
    int bsign, Bias bias
  ) {
-    exists(Comparison compare | compare = getDefinition(guard.getTest().flow()).asExpr() |
+    exists(Comparison compare |
+      compare = guard.getTest().flow().getImmediatePredecessor*().asExpr() and
      linearComparison(compare, a, asign, b, bsign, bias) and
      (
        guard.getOutcome() = true and operator = compare.getOperator()
--- a/javascript/ql/test/query-tests/Statements/UselessComparisonTest/defaults.js
+++ b/javascript/ql/test/query-tests/Statements/UselessComparisonTest/defaults.js
@@ -0,0 +1,11 @@
+function defaultParam(param = 0) {
+  if (param > 0) {} // OK
+}
+
+function defaultPattern(obj, arr) {
+  let { prop = 0 } = obj;
+  if (prop > 0) {} // OK
+
+  let [ elm = 0 ] = arr;
+  if (elm > 0) {} // OK
+}