Address some of the PR review findings

tamasvajk · tamasvajk · commit 21ff1a0445dc · 2020-10-02T09:12:13.000+02:00
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll
@@ -41,6 +41,18 @@ private Sign certainExprSign(Expr e) {
   )
 }
 
+/**
+ * Gets the value of the expression if it can't be converted to integer, but
+ * can be converted to float.
+ */
+float getNonIntegerValue(ExprWithPossibleValue e) {
+  exists(string s |
+    s = e.getValue() and
+    result = s.toFloat() and
+    not exists(s.toInt())
+  )
+}
+
 /** Holds if the sign of `e` is too complicated to determine. */
 predicate unknownSign(Expr e) {
   not exists(certainExprSign(e)) and
@@ -55,7 +67,7 @@ predicate unknownSign(Expr e) {
       not fromtyp instanceof NumericOrCharType
     )
     or
-    unknownIntegerAccess(e)
+    numericExprWithUnknownSign(e)
   )
 }
 
@@ -246,7 +258,7 @@ private Sign ssaDefSign(SsaVariable v) {
 }
 
 /** Returns the sign of explicit SSA definition `v`. */
-Sign explicitSsaDefSign(SsaVariable v) {
+private Sign explicitSsaDefSign(SsaVariable v) {
   exists(VariableUpdate def | def = getExplicitSsaAssignment(v) |
     result = exprSign(getExprFromSsaAssignment(def))
     or
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
@@ -34,6 +34,8 @@ module Private {
 
   class VariableUpdate = CS::AssignableDefinition;
 
+  class ExprWithPossibleValue = CS::Expr;
+
   predicate ssaRead = SU::ssaRead/2;
 }
 
@@ -50,18 +52,6 @@ private module Impl {
 
   private class BooleanValue = AbstractValues::BooleanValue;
 
-  /**
-   * Gets the value of the expression if it can't be converted to integer, but
-   * can be converted to float.
-   */
-  float getNonIntegerValue(Expr e) {
-    exists(string s |
-      s = e.getValue() and
-      result = s.toFloat() and
-      not exists(s.toInt())
-    )
-  }
-
   /** Gets the character value of expression `e`. */
   string getCharValue(Expr e) { result = e.getValue() and e.getType() instanceof CharType }
 
@@ -162,7 +152,7 @@ private module Impl {
   /**
    * Holds if `e` has type `NumericOrCharType`, but the sign of `e` is unknown.
    */
-  predicate unknownIntegerAccess(Expr e) {
+  predicate numericExprWithUnknownSign(Expr e) {
     e.getType() instanceof NumericOrCharType and
     not e = getARead(_) and
     not e instanceof FieldAccess and
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll b/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll
@@ -41,6 +41,18 @@ private Sign certainExprSign(Expr e) {
   )
 }
 
+/**
+ * Gets the value of the expression if it can't be converted to integer, but
+ * can be converted to float.
+ */
+float getNonIntegerValue(ExprWithPossibleValue e) {
+  exists(string s |
+    s = e.getValue() and
+    result = s.toFloat() and
+    not exists(s.toInt())
+  )
+}
+
 /** Holds if the sign of `e` is too complicated to determine. */
 predicate unknownSign(Expr e) {
   not exists(certainExprSign(e)) and
@@ -55,7 +67,7 @@ predicate unknownSign(Expr e) {
       not fromtyp instanceof NumericOrCharType
     )
     or
-    unknownIntegerAccess(e)
+    numericExprWithUnknownSign(e)
   )
 }
 
@@ -246,7 +258,7 @@ private Sign ssaDefSign(SsaVariable v) {
 }
 
 /** Returns the sign of explicit SSA definition `v`. */
-Sign explicitSsaDefSign(SsaVariable v) {
+private Sign explicitSsaDefSign(SsaVariable v) {
   exists(VariableUpdate def | def = getExplicitSsaAssignment(v) |
     result = exprSign(getExprFromSsaAssignment(def))
     or
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll b/java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
@@ -38,6 +38,8 @@ module Private {
 
   class VariableUpdate = J::VariableUpdate;
 
+  class ExprWithPossibleValue = J::Literal;
+
   predicate ssaRead = RU::ssaRead/2;
 
   predicate guardControlsSsaRead = RU::guardControlsSsaRead/3;
@@ -57,15 +59,6 @@ private module Impl {
 
   class UnsignedNumericType = CharacterType;
 
-  /**
-   * Gets the `float` value of expression `e` where `e` has no `int` value.
-   */
-  float getNonIntegerValue(Expr e) {
-    result = e.(LongLiteral).getValue().toFloat() or
-    result = e.(FloatingPointLiteral).getValue().toFloat() or
-    result = e.(DoubleLiteral).getValue().toFloat()
-  }
-
   /** Gets the character value of expression `e`. */
   string getCharValue(Expr e) { result = e.(CharacterLiteral).getValue() }
 
@@ -86,11 +79,10 @@ private module Impl {
 
   /**
    * Holds if `e` has type `NumericOrCharType`, but the sign of `e` is unknown.
-   *
-   * The expression types handled in the predicate complements the expression
-   * types handled in `specificSubExprSign`.
    */
-  predicate unknownIntegerAccess(Expr e) {
+  predicate numericExprWithUnknownSign(Expr e) {
+    // The expression types handled in the predicate complements the expression
+    // types handled in `specificSubExprSign`.
     e instanceof ArrayAccess and e.getType() instanceof NumericOrCharType
     or
     e instanceof MethodAccess and e.getType() instanceof NumericOrCharType
diff --git a/java/ql/test/library-tests/dataflow/sign-analysis/SignAnalysis.ql b/java/ql/test/library-tests/dataflow/sign-analysis/SignAnalysis.ql
@@ -18,4 +18,5 @@ string getASignString(Expr e) {
 }
 
 from Expr e
+where not e instanceof Element or e.(Element).fromSource()
 select e, strictconcat(string s | s = getASignString(e) | s, " ")

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,18 @@ private Sign certainExprSign(Expr e) {`
`41`	`41`	`)`
`42`	`42`	`}`
`43`	`43`
	`44`	`+/**`
	`45`	`+ * Gets the value of the expression if it can't be converted to integer, but`
	`46`	`+ * can be converted to float.`
	`47`	`+ */`
	`48`	`+float getNonIntegerValue(ExprWithPossibleValue e) {`
	`49`	`+ exists(string s \|`
	`50`	`+ s = e.getValue() and`
	`51`	`+ result = s.toFloat() and`
	`52`	`+ not exists(s.toInt())`
	`53`	`+ )`
	`54`	`+}`
	`55`	`+`
`44`	`56`	/** Holds if the sign of `e` is too complicated to determine. */
`45`	`57`	`predicate unknownSign(Expr e) {`
`46`	`58`	`not exists(certainExprSign(e)) and`
`@@ -55,7 +67,7 @@ predicate unknownSign(Expr e) {`
`55`	`67`	`not fromtyp instanceof NumericOrCharType`
`56`	`68`	`)`
`57`	`69`	`or`
`58`		`- unknownIntegerAccess(e)`
	`70`	`+ numericExprWithUnknownSign(e)`
`59`	`71`	`)`
`60`	`72`	`}`
`61`	`73`
`@@ -246,7 +258,7 @@ private Sign ssaDefSign(SsaVariable v) {`
`246`	`258`	`}`
`247`	`259`
`248`	`260`	/** Returns the sign of explicit SSA definition `v`. */
`249`		`-Sign explicitSsaDefSign(SsaVariable v) {`
	`261`	`+private Sign explicitSsaDefSign(SsaVariable v) {`
`250`	`262`	`exists(VariableUpdate def \| def = getExplicitSsaAssignment(v) \|`
`251`	`263`	`result = exprSign(getExprFromSsaAssignment(def))`
`252`	`264`	`or`
Original file line number	Diff line number	Diff line change
`@@ -18,4 +18,5 @@ string getASignString(Expr e) {`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`from Expr e`
	`21`	`+where not e instanceof Element or e.(Element).fromSource()`
`21`	`22`	`select e, strictconcat(string s \| s = getASignString(e) \| s, " ")`