hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

SSA: Update input to use member predicates.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2025-08-18 14:03:49 +02:00
parent 119837bb1d
commit bb3abc815f
24 changed files with 147 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll
View File

@@ -108,8 +108,18 @@ module VariableCaptureConfig implements InputSig<js::Location> {
class ControlFlowNode = js::ControlFlowNode;
class BasicBlock extends js::BasicBlock {
final private class JsBasicBlock = js::BasicBlock;
class BasicBlock extends JsBasicBlock {
Callable getEnclosingCallable() { result = this.getContainer().getFunctionBoundary() }
BasicBlock getASuccessor() { result = super.getASuccessor() }
BasicBlock getImmediateDominator() { result = super.getImmediateDominator() }
predicate inDominanceFrontier(BasicBlock df) {
df.(js::ReachableJoinBlock).inDominanceFrontierOf(this)
}
}
class Callable extends js::StmtContainer {
@@ -235,10 +245,6 @@ module VariableCaptureConfig implements InputSig<js::Location> {
}
}
BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() }
BasicBlock getImmediateBasicBlockDominator(BasicBlock bb) { result = bb.getImmediateDominator() }
predicate entryBlock(BasicBlock bb) { bb instanceof js::EntryBasicBlock }
}

29
javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll
View File

@@ -12,7 +12,17 @@ private import semmle.javascript.dataflow.internal.VariableOrThis
module SsaConfig implements InputSig<js::Location> {
class ControlFlowNode = js::ControlFlowNode;
class BasicBlock = js::BasicBlock;
final private class JsBasicBlock = js::BasicBlock;
class BasicBlock extends JsBasicBlock {
BasicBlock getASuccessor() { result = super.getASuccessor() }
BasicBlock getImmediateDominator() { result = super.getImmediateDominator() }
predicate inDominanceFrontier(BasicBlock df) {
df.(js::ReachableJoinBlock).inDominanceFrontierOf(this)
}
}
class SourceVariable extends LocalVariableOrThis {
SourceVariable() { not this.isCaptured() }
@@ -40,11 +50,6 @@ module SsaConfig implements InputSig<js::Location> {
certain = true and
bb.getNode(i).(ThisUse).getBindingContainer() = v.asThisContainer()
}
predicate getImmediateBasicBlockDominator = BasicBlockInternal::immediateDominator/1;
pragma[inline]
BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() }
}
import Make<js::Location, SsaConfig>
@@ -55,7 +60,7 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig {
class Expr extends js::ControlFlowNode {
Expr() { this = any(SsaConfig::SourceVariable v).getAUse() }
predicate hasCfgNode(js::BasicBlock bb, int i) { this = bb.getNode(i) }
predicate hasCfgNode(SsaConfig::BasicBlock bb, int i) { this = bb.getNode(i) }
}
predicate ssaDefHasSource(WriteDefinition def) {
@@ -82,7 +87,9 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig {
* Holds if the evaluation of this guard to `branch` corresponds to the edge
* from `bb1` to `bb2`.
*/
predicate hasValueBranchEdge(js::BasicBlock bb1, js::BasicBlock bb2, GuardValue branch) {
predicate hasValueBranchEdge(
SsaConfig::BasicBlock bb1, SsaConfig::BasicBlock bb2, GuardValue branch
) {
exists(js::ConditionGuardNode g |
g.getTest() = this and
bb1 = this.getBasicBlock() and
@@ -96,13 +103,15 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig {
* branch edge from `bb1` to `bb2`. That is, following the edge from
* `bb1` to `bb2` implies that this guard evaluated to `branch`.
*/
predicate valueControlsBranchEdge(js::BasicBlock bb1, js::BasicBlock bb2, GuardValue branch) {
predicate valueControlsBranchEdge(
SsaConfig::BasicBlock bb1, SsaConfig::BasicBlock bb2, GuardValue branch
) {
this.hasValueBranchEdge(bb1, bb2, branch)
}
}
pragma[inline]
predicate guardDirectlyControlsBlock(Guard guard, js::BasicBlock bb, GuardValue branch) {
predicate guardDirectlyControlsBlock(Guard guard, SsaConfig::BasicBlock bb, GuardValue branch) {
exists(js::ConditionGuardNode g |
g.getTest() = guard and
g.dominates(bb) and