Merge remote-tracking branch 'upstream/master' into dataflow-TTwo

Conflicts: cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll cpp/ql/test/library-tests/dataflow/fields/flow.expected csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
2026-02-28 21:03:50 +01:00 · 2019-09-08 21:08:43 +02:00
parent 9c9b7ac651 9eebe00b33
commit d51e5212fb
428 changed files with 8105 additions and 2374 deletions
--- a/java/ql/src/semmle/code/java/ControlFlowGraph.qll
+++ b/java/ql/src/semmle/code/java/ControlFlowGraph.qll
@@ -1203,6 +1203,7 @@ private module ControlFlowGraphImpl {
    result = otherBranchSucc(n, branch)
  }
 }
+
 private import ControlFlowGraphImpl

 /** A control-flow node that branches based on a condition. */
--- a/java/ql/src/semmle/code/java/Conversions.qll
+++ b/java/ql/src/semmle/code/java/Conversions.qll
@@ -82,7 +82,6 @@ class ReturnConversionSite extends ConversionSite {
 */
 class InvocationConversionContext extends ConversionSite {
  Call c;
-
  int index;

  InvocationConversionContext() { this = c.getArgument(index) }
--- a/java/ql/src/semmle/code/java/Expr.qll
+++ b/java/ql/src/semmle/code/java/Expr.qll
@@ -1760,7 +1760,6 @@ private predicate hasInstantiation(RefType t) {
 /** An argument to a call. */
 class Argument extends Expr {
  Call call;
-
  int pos;

  Argument() { call.getArgument(pos) = this }
--- a/java/ql/src/semmle/code/java/dataflow/RangeAnalysis.qll
+++ b/java/ql/src/semmle/code/java/dataflow/RangeAnalysis.qll
@@ -89,7 +89,8 @@ private module RangeAnalysisCache {
     */
    cached
    predicate bounded(Expr e, Bound b, int delta, boolean upper, Reason reason) {
-      bounded(e, b, delta, upper, _, _, reason)
+      bounded(e, b, delta, upper, _, _, reason) and
+      bestBound(e, b, delta, upper)
    }
  }

@@ -101,9 +102,21 @@ private module RangeAnalysisCache {
    guard = boundFlowCond(_, _, _, _, _) or guard = eqFlowCond(_, _, _, _, _)
  }
 }
+
 private import RangeAnalysisCache
 import RangeAnalysisPublic

+/**
+ * Holds if `b + delta` is a valid bound for `e` and this is the best such delta.
+ * - `upper = true`  : `e <= b + delta`
+ * - `upper = false` : `e >= b + delta`
+ */
+private predicate bestBound(Expr e, Bound b, int delta, boolean upper) {
+  delta = min(int d | bounded(e, b, d, upper, _, _, _)) and upper = true
+  or
+  delta = max(int d | bounded(e, b, d, upper, _, _, _)) and upper = false
+}
+
 /**
 * Holds if `comp` corresponds to:
 * - `upper = true`  : `v <= e + delta` or `v < e + delta`
--- a/java/ql/src/semmle/code/java/dataflow/SSA.qll
+++ b/java/ql/src/semmle/code/java/dataflow/SSA.qll
@@ -205,6 +205,7 @@ private module TrackedVariablesImpl {

  class TrackedField extends TrackedVar, SsaSourceField { }
 }
+
 private import TrackedVariablesImpl

 cached
@@ -808,6 +809,7 @@ private module SsaImpl {
      defUseRank(v, b2, 1, i2)
    }
  }
+
  private import AdjacentUsesImpl

  /**
@@ -868,6 +870,7 @@ private module SsaImpl {
    }
  }
 }
+
 private import SsaImpl
 private import SsaDefReaches
 import SsaPublic
--- a/java/ql/src/semmle/code/java/dataflow/TypeFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/TypeFlow.qll
@@ -420,4 +420,5 @@ private module TypeFlowBounds {
    )
  }
 }
+
 import TypeFlowBounds
--- a/java/ql/src/semmle/code/java/dataflow/internal/BaseSSA.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/BaseSSA.qll
@@ -364,6 +364,7 @@ private module SsaImpl {
      defUseRank(v, b2, 1, i2)
    }
  }
+
  private import AdjacentUsesImpl

  /**
@@ -428,6 +429,7 @@ private module SsaImpl {
    }
  }
 }
+
 private import SsaImpl
 private import SsaDefReaches
 import SsaPublic
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowDispatch.qll
@@ -188,4 +188,5 @@ private module DispatchImpl {
    reducedViableImplInReturn(result, ma)
  }
 }
+
 import DispatchImpl
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -1655,11 +1655,8 @@ module PathGraph {
 */
 private class PathNodeMid extends PathNode, TPathNodeMid {
  Node node;
-
  CallContext cc;
-
  AccessPath ap;
-
  Configuration config;

  PathNodeMid() { this = TPathNodeMid(node, cc, ap, config) }
@@ -1722,7 +1719,6 @@ private class PathNodeSource extends PathNodeMid {
 */
 private class PathNodeSink extends PathNode, TPathNodeSink {
  Node node;
-
  Configuration config;

  PathNodeSink() { this = TPathNodeSink(node, config) }
@@ -2190,11 +2186,8 @@ private module FlowExploration {

  private class PartialPathNodePriv extends PartialPathNode {
    Node node;
-
    CallContext cc;
-
    PartialAccessPath ap;
-
    Configuration config;

    PartialPathNodePriv() { this = TPartialPathNodeMk(node, cc, ap, config) }
@@ -2459,6 +2452,7 @@ private module FlowExploration {
    )
  }
 }
+
 import FlowExploration

 private predicate partialFlow(
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
@@ -1655,11 +1655,8 @@ module PathGraph {
 */
 private class PathNodeMid extends PathNode, TPathNodeMid {
  Node node;
-
  CallContext cc;
-
  AccessPath ap;
-
  Configuration config;

  PathNodeMid() { this = TPathNodeMid(node, cc, ap, config) }
@@ -1722,7 +1719,6 @@ private class PathNodeSource extends PathNodeMid {
 */
 private class PathNodeSink extends PathNode, TPathNodeSink {
  Node node;
-
  Configuration config;

  PathNodeSink() { this = TPathNodeSink(node, config) }
@@ -2190,11 +2186,8 @@ private module FlowExploration {

  private class PartialPathNodePriv extends PartialPathNode {
    Node node;
-
    CallContext cc;
-
    PartialAccessPath ap;
-
    Configuration config;

    PartialPathNodePriv() { this = TPartialPathNodeMk(node, cc, ap, config) }
@@ -2459,6 +2452,7 @@ private module FlowExploration {
    )
  }
 }
+
 import FlowExploration

 private predicate partialFlow(
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
@@ -1655,11 +1655,8 @@ module PathGraph {
 */
 private class PathNodeMid extends PathNode, TPathNodeMid {
  Node node;
-
  CallContext cc;
-
  AccessPath ap;
-
  Configuration config;

  PathNodeMid() { this = TPathNodeMid(node, cc, ap, config) }
@@ -1722,7 +1719,6 @@ private class PathNodeSource extends PathNodeMid {
 */
 private class PathNodeSink extends PathNode, TPathNodeSink {
  Node node;
-
  Configuration config;

  PathNodeSink() { this = TPathNodeSink(node, config) }
@@ -2190,11 +2186,8 @@ private module FlowExploration {

  private class PartialPathNodePriv extends PartialPathNode {
    Node node;
-
    CallContext cc;
-
    PartialAccessPath ap;
-
    Configuration config;

    PartialPathNodePriv() { this = TPartialPathNodeMk(node, cc, ap, config) }
@@ -2459,6 +2452,7 @@ private module FlowExploration {
    )
  }
 }
+
 import FlowExploration

 private predicate partialFlow(
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
@@ -1655,11 +1655,8 @@ module PathGraph {
 */
 private class PathNodeMid extends PathNode, TPathNodeMid {
  Node node;
-
  CallContext cc;
-
  AccessPath ap;
-
  Configuration config;

  PathNodeMid() { this = TPathNodeMid(node, cc, ap, config) }
@@ -1722,7 +1719,6 @@ private class PathNodeSource extends PathNodeMid {
 */
 private class PathNodeSink extends PathNode, TPathNodeSink {
  Node node;
-
  Configuration config;

  PathNodeSink() { this = TPathNodeSink(node, config) }
@@ -2190,11 +2186,8 @@ private module FlowExploration {

  private class PartialPathNodePriv extends PartialPathNode {
    Node node;
-
    CallContext cc;
-
    PartialAccessPath ap;
-
    Configuration config;

    PartialPathNodePriv() { this = TPartialPathNodeMk(node, cc, ap, config) }
@@ -2459,6 +2452,7 @@ private module FlowExploration {
    )
  }
 }
+
 import FlowExploration

 private predicate partialFlow(
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
@@ -1655,11 +1655,8 @@ module PathGraph {
 */
 private class PathNodeMid extends PathNode, TPathNodeMid {
  Node node;
-
  CallContext cc;
-
  AccessPath ap;
-
  Configuration config;

  PathNodeMid() { this = TPathNodeMid(node, cc, ap, config) }
@@ -1722,7 +1719,6 @@ private class PathNodeSource extends PathNodeMid {
 */
 private class PathNodeSink extends PathNode, TPathNodeSink {
  Node node;
-
  Configuration config;

  PathNodeSink() { this = TPathNodeSink(node, config) }
@@ -2190,11 +2186,8 @@ private module FlowExploration {

  private class PartialPathNodePriv extends PartialPathNode {
    Node node;
-
    CallContext cc;
-
    PartialAccessPath ap;
-
    Configuration config;

    PartialPathNodePriv() { this = TPartialPathNodeMk(node, cc, ap, config) }
@@ -2459,6 +2452,7 @@ private module FlowExploration {
    )
  }
 }
+
 import FlowExploration

 private predicate partialFlow(
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -363,6 +363,7 @@ private module ImplCommon {
  newtype TReturnPosition =
    TReturnPosition0(DataFlowCallable c, ReturnKind kind) { returnPosition(_, c, kind) }
 }
+
 import ImplCommon

 pragma[noinline]
@@ -418,7 +419,6 @@ class CallContextReturn extends CallContext, TReturn {
 /** A callable tagged with a relevant return kind. */
 class ReturnPosition extends TReturnPosition0 {
  private DataFlowCallable c;
-
  private ReturnKind kind;

  ReturnPosition() { this = TReturnPosition0(c, kind) }
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -356,9 +356,7 @@ predicate hasNonlocalValue(FieldRead fr) {
 /**
 * Holds if data can flow from `node1` to `node2` in one local step.
 */
-predicate localFlowStep(Node node1, Node node2) {
-  simpleLocalFlowStep(node1, node2)
-}
+predicate localFlowStep(Node node1, Node node2) { simpleLocalFlowStep(node1, node2) }

 /**
 * INTERNAL: do not use.
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -590,6 +590,7 @@ class ObjectOutputStreamVar extends LocalVariableDecl {
    result.getMethod().hasName("writeObject")
  }
 }
+
 private import StringBuilderVarModule

 module StringBuilderVarModule {
--- a/java/ql/src/semmle/code/java/dispatch/VirtualDispatch.qll
+++ b/java/ql/src/semmle/code/java/dispatch/VirtualDispatch.qll
@@ -321,6 +321,7 @@ private module Dispatch {
    not sub.isAbstract()
  }
 }
+
 import Dispatch

 private Expr variableTrackStep(Expr use) {