Java/C++: Share ssaUpdateStep.

2025-12-16 16:53:25 +01:00 · 2023-11-09 15:56:17 +01:00
parent daffae020b
commit b8e7e1d15e
6 changed files with 31 additions and 49 deletions
--- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeUtils.qll
+++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeUtils.qll
@@ -9,30 +9,6 @@ private import RangeAnalysisImpl
 private import ConstantAnalysis

 module RangeUtil<DeltaSig D, LangSig<Sem, D> Lang> implements UtilSig<Sem, D> {
-  /**
-   * Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
-   */
-  predicate semSsaUpdateStep(SemSsaExplicitUpdate v, SemExpr e, D::Delta delta) {
-    exists(SemExpr defExpr | defExpr = v.getSourceExpr() |
-      defExpr.(SemCopyValueExpr).getOperand() = e and delta = D::fromFloat(0)
-      or
-      defExpr.(SemStoreExpr).getOperand() = e and delta = D::fromFloat(0)
-      or
-      defExpr.(SemAddOneExpr).getOperand() = e and delta = D::fromFloat(1)
-      or
-      defExpr.(SemSubOneExpr).getOperand() = e and delta = D::fromFloat(-1)
-      or
-      e = defExpr and
-      not (
-        defExpr instanceof SemCopyValueExpr or
-        defExpr instanceof SemStoreExpr or
-        defExpr instanceof SemAddOneExpr or
-        defExpr instanceof SemSubOneExpr
-      ) and
-      delta = D::fromFloat(0)
-    )
-  }
-
  /**
   * Holds if `e1 + delta` equals `e2`.
   */
--- a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
@@ -372,10 +372,6 @@ module JavaLangImpl implements LangSig<Sem, IntDelta> {
 module Utils implements UtilSig<Sem, IntDelta> {
  private import RangeUtils as RU

-  predicate semSsaUpdateStep(Sem::SsaExplicitUpdate v, Sem::Expr e, int delta) {
-    RU::ssaUpdateStep(v, e, delta)
-  }
-
  predicate semValueFlowStep = RU::valueFlowStep/3;

  Sem::Type getTrackedTypeForSsaVariable(Sem::SsaVariable var) {
--- a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
@@ -15,6 +15,8 @@ private predicate backEdge = U::backEdge/3;

 predicate ssaRead = U::ssaRead/2;

+predicate ssaUpdateStep = U::ssaUpdateStep/3;
+
 predicate guardDirectlyControlsSsaRead = U::guardDirectlyControlsSsaRead/3;

 predicate guardControlsSsaRead = U::guardControlsSsaRead/3;
@@ -158,23 +160,6 @@ class ConstantStringExpr extends Expr {
  string getStringValue() { constantStringExpr(this, result) }
 }

-/**
- * Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
- */
-predicate ssaUpdateStep(SsaExplicitUpdate v, Expr e, int delta) {
-  v.getDefiningExpr().(VariableAssign).getSource() = e and delta = 0
-  or
-  v.getDefiningExpr().(PostIncExpr).getExpr() = e and delta = 1
-  or
-  v.getDefiningExpr().(PreIncExpr).getExpr() = e and delta = 1
-  or
-  v.getDefiningExpr().(PostDecExpr).getExpr() = e and delta = -1
-  or
-  v.getDefiningExpr().(PreDecExpr).getExpr() = e and delta = -1
-  or
-  v.getDefiningExpr().(AssignOp) = e and delta = 0
-}
-
 /**
 * Holds if `e1 + delta` equals `e2`.
 */
--- a/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll
+++ b/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll
@@ -30,7 +30,7 @@ module ModulusAnalysis<
   */
  pragma[nomagic]
  private predicate valueFlowStepSsa(Sem::SsaVariable v, SsaReadPosition pos, Sem::Expr e, int delta) {
-    U::semSsaUpdateStep(v, e, D::fromInt(delta)) and pos.hasReadOfVar(v)
+    ssaUpdateStep(v, e, D::fromInt(delta)) and pos.hasReadOfVar(v)
    or
    exists(Sem::Guard guard, boolean testIsTrue |
      hasReadOfVarInlineLate(pos, v) and
--- a/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll
+++ b/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll
@@ -304,8 +304,6 @@ signature module LangSig<Semantic Sem, DeltaSig D> {
 }

 signature module UtilSig<Semantic Sem, DeltaSig DeltaParam> {
-  predicate semSsaUpdateStep(Sem::SsaExplicitUpdate v, Sem::Expr e, DeltaParam::Delta delta);
-
  predicate semValueFlowStep(Sem::Expr e2, Sem::Expr e1, DeltaParam::Delta delta);

  /**
@@ -671,7 +669,7 @@ module RangeStage<
    Sem::SsaVariable v, SsaReadPosition pos, Sem::Expr e, D::Delta delta, boolean upper,
    SemReason reason
  ) {
-    semSsaUpdateStep(v, e, delta) and
+    ssaUpdateStep(v, e, delta) and
    pos.hasReadOfVar(v) and
    (upper = true or upper = false) and
    reason = TSemNoReason()
--- a/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll
+++ b/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll
@@ -57,6 +57,33 @@ module MakeUtils<Semantic Lang, DeltaSig D> {
    )
  }

+  /**
+   * Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
+   */
+  predicate ssaUpdateStep(SsaExplicitUpdate v, Expr e, D::Delta delta) {
+    exists(Expr defExpr | defExpr = v.getDefiningExpr() |
+      defExpr.(CopyValueExpr).getOperand() = e and delta = D::fromFloat(0)
+      or
+      defExpr.(PostIncExpr).getOperand() = e and delta = D::fromFloat(1)
+      or
+      defExpr.(PreIncExpr).getOperand() = e and delta = D::fromFloat(1)
+      or
+      defExpr.(PostDecExpr).getOperand() = e and delta = D::fromFloat(-1)
+      or
+      defExpr.(PreDecExpr).getOperand() = e and delta = D::fromFloat(-1)
+      or
+      e = defExpr and
+      not (
+        defExpr instanceof CopyValueExpr or
+        defExpr instanceof PostIncExpr or
+        defExpr instanceof PreIncExpr or
+        defExpr instanceof PostDecExpr or
+        defExpr instanceof PreDecExpr
+      ) and
+      delta = D::fromFloat(0)
+    )
+  }
+
  private newtype TSsaReadPosition =
    TSsaReadPositionBlock(BasicBlock bb) {
      exists(SsaVariable v | v.getAUse().getBasicBlock() = bb)