Java: Replace getAUse with getARead.

2026-02-16 06:53:41 +01:00 · 2025-11-07 10:52:38 +01:00
parent 35caede859
commit f4b9efcdce
20 changed files with 71 additions and 67 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/NullGuards.qll
@@ -26,9 +26,9 @@ Expr enumConstEquality(Expr e, boolean polarity, EnumConstant c) {
 }

 /** Gets an instanceof expression of `v` with type `type` */
-InstanceOfExpr instanceofExpr(SsaVariable v, RefType type) {
+InstanceOfExpr instanceofExpr(SsaDefinition v, RefType type) {
  result.getCheckedType() = type and
-  result.getExpr() = v.getAUse()
+  result.getExpr() = v.getARead()
 }

 /**
@@ -37,8 +37,8 @@ InstanceOfExpr instanceofExpr(SsaVariable v, RefType type) {
 *
 * Note this includes Kotlin's `==` and `!=` operators, which are value-equality tests.
 */
-EqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
-  result.hasOperands(v1.getAUse(), v2.getAUse()) and
+EqualityTest varEqualityTestExpr(SsaDefinition v1, SsaDefinition v2, boolean isEqualExpr) {
+  result.hasOperands(v1.getARead(), v2.getARead()) and
  isEqualExpr = result.polarity()
 }

@@ -91,18 +91,18 @@ Expr clearlyNotNullExpr(Expr reason) {
    (reason = r1 or reason = r2)
  )
  or
-  exists(SsaVariable v, boolean branch, VarRead rval, Guard guard |
+  exists(SsaDefinition v, boolean branch, VarRead rval, Guard guard |
    guard = directNullGuard(v, branch, false) and
    guard.controls(rval.getBasicBlock(), branch) and
    reason = guard and
-    rval = v.getAUse() and
+    rval = v.getARead() and
    result = rval and
    not result = baseNotNullExpr()
  )
  or
-  exists(SsaVariable v |
+  exists(SsaDefinition v |
    clearlyNotNull(v, reason) and
-    result = v.getAUse() and
+    result = v.getARead() and
    not result = baseNotNullExpr()
  )
 }
--- a/java/ql/lib/semmle/code/java/dataflow/Nullness.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/Nullness.qll
@@ -179,9 +179,9 @@ private Expr nonEmptyExpr() {
  // An array creation with a known positive size is trivially non-empty.
  result.(ArrayCreationExpr).getFirstDimensionSize() > 0
  or
-  exists(SsaVariable v |
+  exists(SsaDefinition v |
    // A use of an array variable is non-empty if...
-    result = v.getAUse() and
+    result = v.getARead() and
    v.getSourceVariable().getType() instanceof Array
  |
    // ...its definition is non-empty...
@@ -192,13 +192,13 @@ private Expr nonEmptyExpr() {
      cond.controls(result.getBasicBlock(), branch) and
      cond.getCondition() = nonZeroGuard(length, branch) and
      length.getField().hasName("length") and
-      length.getQualifier() = v.getAUse()
+      length.getQualifier() = v.getARead()
    )
  )
  or
-  exists(SsaVariable v |
+  exists(SsaDefinition v |
    // A use of a Collection variable is non-empty if...
-    result = v.getAUse() and
+    result = v.getARead() and
    v.getSourceVariable().getType() instanceof CollectionType and
    exists(ConditionBlock cond, boolean branch, Expr c |
      // ...it is guarded by a condition...
@@ -216,13 +216,13 @@ private Expr nonEmptyExpr() {
      // ...and the condition proves that it is non-empty, either by using the `isEmpty` method...
      c.(MethodCall).getMethod().hasName("isEmpty") and
      branch = false and
-      c.(MethodCall).getQualifier() = v.getAUse()
+      c.(MethodCall).getQualifier() = v.getARead()
      or
      // ...or a check on its `size`.
      exists(MethodCall size |
        c = nonZeroGuard(size, branch) and
        size.getMethod().hasName("size") and
-        size.getQualifier() = v.getAUse()
+        size.getQualifier() = v.getARead()
      )
    )
  )
--- a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
@@ -242,10 +242,10 @@ module Sem implements Semantic<Location> {

  Type getSsaType(SsaVariable var) { result = var.getSourceVariable().getType() }

-  final private class FinalSsaVariable = SSA::SsaVariable;
+  final private class FinalSsaVariable = SSA::SsaDefinition;

  class SsaVariable extends FinalSsaVariable {
-    Expr getAUse() { result = super.getAUse() }
+    Expr getAUse() { result = super.getARead() }
  }

  class SsaPhiNode extends SsaVariable instanceof SSA::SsaPhiDefinition {
--- a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
@@ -74,9 +74,9 @@ ArrayCreationExpr getArrayDef(SsaVariable v) {
 * `arrlen` without going through a back edge.
 */
 private predicate arrayLengthDef(FieldRead arrlen, ArrayCreationExpr def) {
-  exists(SsaVariable arr |
+  exists(SsaDefinition arr |
    arrlen.getField() instanceof ArrayLengthField and
-    arrlen.getQualifier() = arr.getAUse() and
+    arrlen.getQualifier() = arr.getARead() and
    def = getArrayDef(arr)
  )
 }
--- a/java/ql/lib/semmle/code/java/dataflow/SSA.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/SSA.qll
@@ -417,8 +417,8 @@ private class RefTypeCastingExpr extends CastingExpr {
 *
 * The `VarAccess` represents the access to `v` that `result` has the same value as.
 */
-Expr sameValue(SsaVariable v, VarAccess va) {
-  result = v.getAUse() and result = va
+Expr sameValue(SsaDefinition v, VarAccess va) {
+  result = v.getARead() and result = va
  or
  result.(AssignExpr).getDest() = va and result = v.(SsaExplicitWrite).getDefiningExpr()
  or
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -99,7 +99,7 @@ predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)
 * updates.
 */
 predicate hasNonlocalValue(FieldRead fr) {
-  not exists(SsaVariable v | v.getAUse() = fr)
+  not exists(SsaDefinition v | v.getARead() = fr)
  or
  exists(SsaDefinition v, SsaDefinition def |
    v.getARead() = fr and def = v.getAnUltimateDefinition()
--- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/BoundSpecific.qll
@@ -8,7 +8,9 @@ private import java as J
 private import semmle.code.java.dataflow.SSA as Ssa
 private import semmle.code.java.dataflow.RangeUtils as RU

-class SsaVariable = Ssa::SsaVariable;
+class SsaVariable extends Ssa::SsaDefinition {
+  Expr getAUse() { result = super.getARead() }
+}

 class Expr = J::Expr;

--- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/ModulusAnalysisSpecific.qll
@@ -11,7 +11,9 @@ module Private {

  class BasicBlock = BB::BasicBlock;

-  class SsaVariable = Ssa::SsaVariable;
+  class SsaVariable extends Ssa::SsaDefinition {
+    Expr getAUse() { result = super.getARead() }
+  }

  class SsaPhiNode = Ssa::SsaPhiDefinition;

--- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
@@ -324,7 +324,7 @@ private module Impl {
    result = e.(CastingExpr).getExpr()
  }

-  Expr getARead(SsaVariable v) { result = v.getAUse() }
+  Expr getARead(SsaDefinition v) { result = v.getARead() }

  Field getField(FieldAccess fa) { result = fa.getField() }

--- a/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionSpecific.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionSpecific.qll
@@ -8,14 +8,14 @@ private import semmle.code.java.dataflow.SSA as Ssa
 private import semmle.code.java.controlflow.BasicBlocks as BB
 private import SsaReadPositionCommon

-class SsaVariable = Ssa::SsaVariable;
+class SsaVariable = Ssa::SsaDefinition;

 class SsaPhiNode = Ssa::SsaPhiDefinition;

 class BasicBlock = BB::BasicBlock;

 /** Gets a basic block in which SSA variable `v` is read. */
-BasicBlock getAReadBasicBlock(SsaVariable v) { result = v.getAUse().getBasicBlock() }
+BasicBlock getAReadBasicBlock(SsaVariable v) { result = v.getARead().getBasicBlock() }

 private predicate id(BB::ExprParent x, BB::ExprParent y) { x = y }

--- a/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
@@ -46,14 +46,14 @@ class RightShiftOp extends Expr {
 }

 private predicate boundedRead(VarRead read) {
-  exists(SsaVariable v, ConditionBlock cb, ComparisonExpr comp, boolean testIsTrue |
-    read = v.getAUse() and
+  exists(SsaDefinition v, ConditionBlock cb, ComparisonExpr comp, boolean testIsTrue |
+    read = v.getARead() and
    cb.controls(read.getBasicBlock(), testIsTrue) and
    cb.getCondition() = comp
  |
-    comp.getLesserOperand() = v.getAUse() and testIsTrue = true
+    comp.getLesserOperand() = v.getARead() and testIsTrue = true
    or
-    comp.getGreaterOperand() = v.getAUse() and testIsTrue = false
+    comp.getGreaterOperand() = v.getARead() and testIsTrue = false
  )
 }

--- a/java/ql/lib/semmle/code/java/security/Validation.qll
+++ b/java/ql/lib/semmle/code/java/security/Validation.qll
@@ -32,9 +32,9 @@ private predicate validationCall(MethodCall ma, VarAccess va) {
 }

 private predicate validatedAccess(VarAccess va) {
-  exists(SsaVariable v, MethodCall guardcall |
-    va = v.getAUse() and
-    validationCall(guardcall, v.getAUse())
+  exists(SsaDefinition v, MethodCall guardcall |
+    va = v.getARead() and
+    validationCall(guardcall, v.getARead())
  |
    guardcall.(Guard).controls(va.getBasicBlock(), _)
    or