github
diff --git a/‎csharp/ql/src/semmle/code/csharp/commons/Assertions.qll‎
Lines changed: 217 additions & 72 deletions b/‎csharp/ql/src/semmle/code/csharp/commons/Assertions.qll‎
Lines changed: 217 additions & 72 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/controlflow/internal/Completion.qll‎
Lines changed: 24 additions & 12 deletions b/‎csharp/ql/src/semmle/code/csharp/controlflow/internal/Completion.qll‎
Lines changed: 24 additions & 12 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/controlflow/internal/NonReturning.qll‎
Lines changed: 2 additions & 6 deletions b/‎csharp/ql/src/semmle/code/csharp/controlflow/internal/NonReturning.qll‎
Lines changed: 2 additions & 6 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/controlflow/internal/Splitting.qll‎
Lines changed: 27 additions & 31 deletions b/‎csharp/ql/src/semmle/code/csharp/controlflow/internal/Splitting.qll‎
Lines changed: 27 additions & 31 deletions
diff --git a/‎csharp/ql/test/library-tests/commons/Assertions/Assertions.ql‎
Lines changed: 16 additions & 8 deletions b/‎csharp/ql/test/library-tests/commons/Assertions/Assertions.ql‎
Lines changed: 16 additions & 8 deletions
diff --git a/‎csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected‎
Lines changed: 3 additions & 1 deletion b/‎csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎csharp/ql/test/library-tests/controlflow/graph/Condition.expected‎
Lines changed: 8 additions & 8 deletions b/‎csharp/ql/test/library-tests/controlflow/graph/Condition.expected‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎csharp/ql/test/library-tests/controlflow/graph/Consistency.expected‎
Lines changed: 1 addition & 11 deletions b/‎csharp/ql/test/library-tests/controlflow/graph/Consistency.expected‎
Lines changed: 1 addition & 11 deletions
@@ -99,12 +99,7 @@ class Completion extends TCompletion {
     cfe instanceof ThrowElement and
     this = TThrowCompletion(cfe.(ThrowElement).getThrownExceptionType())
     or
-    exists(AssertMethod m | assertion(cfe, m, _) |
-      this = TThrowCompletion(m.getExceptionClass())
-      or
-      not exists(m.getExceptionClass()) and
-      this = TExitCompletion()
-    )
+    this = assertionCompletion(cfe, _)
     or
     completionIsValidForStmt(cfe, this)
     or
@@ -390,11 +385,22 @@ private predicate invalidCastCandidate(CastExpr ce) {
   ce.getType() = ce.getExpr().getType().(ValueOrRefType).getASubType+()
 }
 
-private predicate assertion(Assertion a, AssertMethod am, Expr e) {
-  e = a.getAnExpr() and
+private predicate assertion(Assertion a, int i, AssertMethod am, Expr e) {
+  e = a.getExpr(i) and
   am = a.getAssertMethod()
 }
 
+/** Gets a valid completion when argument `i` fails in assertion `a`. */
+Completion assertionCompletion(Assertion a, int i) {
+  exists(AssertMethod am | am = a.getAssertMethod() |
+    result = TThrowCompletion(am.getExceptionClass(i))
+    or
+    i = am.getAnAssertionIndex() and
+    not exists(am.getExceptionClass(i)) and
+    result = TExitCompletion()
+  )
+}
+
 /**
  * Holds if a normal completion of `e` must be a Boolean completion.
  */
@@ -422,8 +428,11 @@ private predicate inBooleanContext(Expr e, boolean isBooleanCompletionForParent)
   or
   exists(SpecificCatchClause scc | scc.getFilterClause() = e | isBooleanCompletionForParent = false)
   or
-  assertion(_, [any(AssertTrueMethod m).(AssertMethod), any(AssertFalseMethod m)], e) and
-  isBooleanCompletionForParent = false
+  exists(BooleanAssertMethod m, int i |
+    assertion(_, i, m, e) and
+    i = m.getAnAssertionIndex(_) and
+    isBooleanCompletionForParent = false
+  )
   or
   exists(LogicalNotExpr lne | lne.getAnOperand() = e |
     inBooleanContext(lne, _) and
@@ -495,8 +504,11 @@ private predicate inNullnessContext(Expr e, boolean isNullnessCompletionForParen
     isNullnessCompletionForParent = false
   )
   or
-  assertion(_, [any(AssertNullMethod m).(AssertMethod), any(AssertNonNullMethod m)], e) and
-  isNullnessCompletionForParent = false
+  exists(NullnessAssertMethod m, int i |
+    assertion(_, i, m, e) and
+    i = m.getAnAssertionIndex(_) and
+    isNullnessCompletionForParent = false
+  )
   or
   exists(ConditionalExpr ce | inNullnessContext(ce, _) |
     (e = ce.getThen() or e = ce.getElse()) and
 
@@ -23,9 +23,7 @@ private class ExitingCall extends NonReturningCall {
   ExitingCall() {
     this.getTarget() instanceof ExitingCallable
     or
-    exists(AssertMethod m | m = this.(FailingAssertion).getAssertMethod() |
-      not exists(m.getExceptionClass())
-    )
+    this = any(FailingAssertion fa | not exists(fa.getExceptionClass()))
   }
 
   override ExitCompletion getACompletion() { not result instanceof NestedCompletion }
@@ -39,9 +37,7 @@ private class ThrowingCall extends NonReturningCall {
     (
       c = this.getTarget().(ThrowingCallable).getACallCompletion()
       or
-      exists(AssertMethod m | m = this.(FailingAssertion).getAssertMethod() |
-        c.getExceptionClass() = m.getExceptionClass()
-      )
+      c.getExceptionClass() = this.(FailingAssertion).getExceptionClass()
       or
       exists(CIL::Method m, CIL::Type ex |
         this.getTarget().matchesHandle(m) and
 
@@ -36,14 +36,17 @@ private module Cached {
   cached
   newtype TSplit =
     TInitializerSplit(Constructor c) { InitializerSplitting::constructorInitializes(c, _) } or
-    TAssertionSplit(AssertionSplitting::Assertion a, boolean success) { success = [true, false] } or
+    TAssertionSplit(AssertionSplitting::Assertion a, int i, boolean success) {
+      exists(a.getExpr(i)) and
+      success in [false, true]
+    } or
     TFinallySplit(FinallySplitting::FinallySplitType type, int nestLevel) {
       nestLevel = FinallySplitting::nestLevel(_)
     } or
     TExceptionHandlerSplit(ExceptionClass ec) or
     TBooleanSplit(BooleanSplitting::BooleanSplitSubKind kind, boolean branch) {
       kind.startsSplit(_) and
-      (branch = true or branch = false)
+      branch in [false, true]
     } or
     TLoopSplit(LoopSplitting::AnalyzableLoopStmt loop)
 
@@ -414,8 +417,9 @@ module AssertionSplitting {
   class AssertionSplitImpl extends SplitImpl, TAssertionSplit {
     Assertion a;
     boolean success;
+    int i;
 
-    AssertionSplitImpl() { this = TAssertionSplit(a, success) }
+    AssertionSplitImpl() { this = TAssertionSplit(a, i, success) }
 
     /** Gets the assertion. */
     Assertion getAssertion() { result = a }
@@ -445,37 +449,29 @@ module AssertionSplitting {
 
     override predicate hasEntry(ControlFlowElement pred, ControlFlowElement succ, Completion c) {
       exists(AssertMethod m |
-        pred = last(a.getAnExpr(), c) and
+        pred = last(a.getExpr(i), c) and
         succ = succ(pred, c) and
-        this.getAssertion() = a and
-        m = a.getAssertMethod()
+        m = a.getAssertMethod() and
+        // The assertion only succeeds when all asserted arguments succeeded, so
+        // we only enter a "success" state after the last argument has succeeded.
+        //
+        // The split is only entered if we are not already in a "failing" state
+        // for one of the previous arguments, which ensures that the "success"
+        // state is only entered when all arguments succeed. This also means
+        // that if multiple arguments fail, then the first failing argument
+        // will determine the exception being thrown by the assertion.
+        if success = true then i = max(int j | exists(a.getExpr(j))) else any()
       |
-        m instanceof AssertTrueMethod and
-        (
-          c instanceof TrueCompletion and success = true
-          or
-          c instanceof FalseCompletion and success = false
-        )
-        or
-        m instanceof AssertFalseMethod and
-        (
-          c instanceof TrueCompletion and success = false
+        exists(boolean b | i = m.(BooleanAssertMethod).getAnAssertionIndex(b) |
+          c instanceof TrueCompletion and success = b
           or
-          c instanceof FalseCompletion and success = true
+          c instanceof FalseCompletion and success = b.booleanNot()
         )
         or
-        m instanceof AssertNullMethod and
-        (
-          c.(NullnessCompletion).isNull() and success = true
-          or
-          c.(NullnessCompletion).isNonNull() and success = false
-        )
-        or
-        m instanceof AssertNonNullMethod and
-        (
-          c.(NullnessCompletion).isNull() and success = false
+        exists(boolean b | i = m.(NullnessAssertMethod).getAnAssertionIndex(b) |
+          c.(NullnessCompletion).isNull() and success = b
           or
-          c.(NullnessCompletion).isNonNull() and success = true
+          c.(NullnessCompletion).isNonNull() and success = b.booleanNot()
         )
       )
     }
@@ -491,7 +487,7 @@ module AssertionSplitting {
         c instanceof NormalCompletion
         or
         success = false and
-        not c instanceof NormalCompletion
+        c = assertionCompletion(a, i)
       )
     }
 
@@ -504,7 +500,7 @@ module AssertionSplitting {
         c instanceof NormalCompletion
         or
         success = false and
-        not c instanceof NormalCompletion
+        c = assertionCompletion(a, i)
       )
     }
 
@@ -1604,7 +1600,7 @@ private module SuccSplits {
 
   /**
    * Holds if `succSplits` should not inherit a split of kind `sk` from
-   * `predSplits, except possibly because of a split in `except`.
+   * `predSplits`, except possibly because of a split in `except`.
    *
    * The predicate is written using explicit recursion, as opposed to a `forall`,
    * to avoid negative recursion.
 
@@ -2,21 +2,29 @@ import csharp
 import semmle.code.csharp.commons.Assertions
 
 query predicate assertTrue(Assertion a, Expr e) {
-  a.getAnExpr() = e and
-  a.getTarget() instanceof AssertTrueMethod
+  exists(int i |
+    a.getExpr(i) = e and
+    i = a.getTarget().(BooleanAssertMethod).getAnAssertionIndex(true)
+  )
 }
 
 query predicate assertFalse(Assertion a, Expr e) {
-  a.getAnExpr() = e and
-  a.getTarget() instanceof AssertFalseMethod
+  exists(int i |
+    a.getExpr(i) = e and
+    i = a.getTarget().(BooleanAssertMethod).getAnAssertionIndex(false)
+  )
 }
 
 query predicate assertNull(Assertion a, Expr e) {
-  a.getAnExpr() = e and
-  a.getTarget() instanceof AssertNullMethod
+  exists(int i |
+    a.getExpr(i) = e and
+    i = a.getTarget().(NullnessAssertMethod).getAnAssertionIndex(true)
+  )
 }
 
 query predicate assertNonNull(Assertion a, Expr e) {
-  a.getAnExpr() = e and
-  a.getTarget() instanceof AssertNonNullMethod
+  exists(int i |
+    a.getExpr(i) = e and
+    i = a.getTarget().(NullnessAssertMethod).getAnAssertionIndex(false)
+  )
 }
@@ -138,7 +138,9 @@
 | Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:25:140:26 | access to parameter b1 | 5 |
 | Assert.cs:138:10:138:12 | exit M13 | Assert.cs:138:10:138:12 | exit M13 | 1 |
 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | Assert.cs:140:9:140:35 | [assertion failure] call to method AssertTrueFalse | 3 |
-| Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | Assert.cs:141:9:141:15 | return ...; | 4 |
+| Assert.cs:140:29:140:30 | access to parameter b2 | Assert.cs:140:29:140:30 | access to parameter b2 | 1 |
+| Assert.cs:140:33:140:34 | [assertion failure] access to parameter b3 | Assert.cs:140:9:140:35 | [assertion failure] call to method AssertTrueFalse | 2 |
+| Assert.cs:140:33:140:34 | [assertion success] access to parameter b3 | Assert.cs:141:9:141:15 | return ...; | 3 |
 | Assignments.cs:3:10:3:10 | enter M | Assignments.cs:3:10:3:10 | exit M | 33 |
 | Assignments.cs:14:18:14:35 | enter (...) => ... | Assignments.cs:14:18:14:35 | exit (...) => ... | 3 |
 | Assignments.cs:17:40:17:40 | enter + | Assignments.cs:17:40:17:40 | exit + | 5 |
 
@@ -295,9 +295,11 @@ conditionBlock
 | Assert.cs:123:36:123:36 | [b (line 84): true] access to parameter b | Assert.cs:127:9:127:39 | [assertion failure] call to method IsFalse | true |
 | Assert.cs:123:36:123:36 | [b (line 84): true] access to parameter b | Assert.cs:127:37:127:38 | [b (line 84): true] !... | false |
 | Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | false |
-| Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | true |
-| Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | false |
-| Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | true |
+| Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:29:140:30 | access to parameter b2 | true |
+| Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:33:140:34 | [assertion failure] access to parameter b3 | true |
+| Assert.cs:138:10:138:12 | enter M13 | Assert.cs:140:33:140:34 | [assertion success] access to parameter b3 | true |
+| Assert.cs:140:29:140:30 | access to parameter b2 | Assert.cs:140:33:140:34 | [assertion failure] access to parameter b3 | true |
+| Assert.cs:140:29:140:30 | access to parameter b2 | Assert.cs:140:33:140:34 | [assertion success] access to parameter b3 | false |
 | BreakInTry.cs:7:13:11:13 | foreach (... ... in ...) ... | BreakInTry.cs:7:26:7:28 | String arg | false |
 | BreakInTry.cs:7:13:11:13 | foreach (... ... in ...) ... | BreakInTry.cs:10:21:10:26 | break; | false |
 | BreakInTry.cs:7:26:7:28 | String arg | BreakInTry.cs:10:21:10:26 | break; | true |
@@ -1212,13 +1214,11 @@ conditionFlow
 | Assert.cs:127:24:127:32 | [b (line 84): true] ... != ... | Assert.cs:127:37:127:38 | [b (line 84): true] !... | false |
 | Assert.cs:127:38:127:38 | [b (line 84): true] access to parameter b | Assert.cs:127:9:127:39 | [assertion success] call to method IsFalse | true |
 | Assert.cs:140:25:140:26 | access to parameter b1 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | false |
-| Assert.cs:140:25:140:26 | access to parameter b1 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | true |
-| Assert.cs:140:25:140:26 | access to parameter b1 | Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | false |
-| Assert.cs:140:25:140:26 | access to parameter b1 | Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | true |
+| Assert.cs:140:25:140:26 | access to parameter b1 | Assert.cs:140:29:140:30 | access to parameter b2 | true |
 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | Assert.cs:140:33:140:34 | [assertion failure] access to parameter b3 | false |
 | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 | Assert.cs:140:33:140:34 | [assertion failure] access to parameter b3 | true |
-| Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | Assert.cs:140:33:140:34 | [assertion success] access to parameter b3 | false |
-| Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 | Assert.cs:140:33:140:34 | [assertion success] access to parameter b3 | true |
+| Assert.cs:140:29:140:30 | access to parameter b2 | Assert.cs:140:33:140:34 | [assertion failure] access to parameter b3 | true |
+| Assert.cs:140:29:140:30 | access to parameter b2 | Assert.cs:140:33:140:34 | [assertion success] access to parameter b3 | false |
 | BreakInTry.cs:9:21:9:31 | ... == ... | BreakInTry.cs:7:13:11:13 | foreach (... ... in ...) ... | false |
 | BreakInTry.cs:9:21:9:31 | ... == ... | BreakInTry.cs:10:21:10:26 | break; | true |
 | BreakInTry.cs:15:17:15:28 | ... == ... | BreakInTry.cs:3:10:3:11 | exit M1 | false |
 
@@ -3,20 +3,10 @@ nonUniqueSetRepresentation
 breakInvariant2
 breakInvariant3
 breakInvariant4
-| Assert.cs:140:25:140:26 | access to parameter b1 |  | Assert.cs:140:29:140:30 | access to parameter b2 | assertion failure | assertion success | false |
-| Assert.cs:140:25:140:26 | access to parameter b1 |  | Assert.cs:140:29:140:30 | access to parameter b2 | assertion failure | assertion success | true |
-| Assert.cs:140:25:140:26 | access to parameter b1 |  | Assert.cs:140:29:140:30 | access to parameter b2 | assertion success | assertion failure | false |
-| Assert.cs:140:25:140:26 | access to parameter b1 |  | Assert.cs:140:29:140:30 | access to parameter b2 | assertion success | assertion failure | true |
+| Assert.cs:140:29:140:30 | access to parameter b2 | assertion failure | Assert.cs:140:33:140:34 | access to parameter b3 | assertion failure | assertion failure | true |
 | Assert.cs:140:29:140:30 | access to parameter b2 | assertion failure | Assert.cs:140:33:140:34 | access to parameter b3 | assertion failure | assertion success | false |
-| Assert.cs:140:29:140:30 | access to parameter b2 | assertion failure | Assert.cs:140:33:140:34 | access to parameter b3 | assertion failure | assertion success | true |
-| Assert.cs:140:29:140:30 | access to parameter b2 | assertion success | Assert.cs:140:33:140:34 | access to parameter b3 | assertion success | assertion failure | false |
-| Assert.cs:140:29:140:30 | access to parameter b2 | assertion success | Assert.cs:140:33:140:34 | access to parameter b3 | assertion success | assertion failure | true |
 breakInvariant5
 multipleSuccessors
-| Assert.cs:140:25:140:26 | access to parameter b1 | false | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 |
-| Assert.cs:140:25:140:26 | access to parameter b1 | false | Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 |
-| Assert.cs:140:25:140:26 | access to parameter b1 | true | Assert.cs:140:29:140:30 | [assertion failure] access to parameter b2 |
-| Assert.cs:140:25:140:26 | access to parameter b1 | true | Assert.cs:140:29:140:30 | [assertion success] access to parameter b2 |
 | ConditionalAccess.cs:30:28:30:32 | ... = ... | successor | ConditionalAccess.cs:1:7:1:23 | exit ConditionalAccess |
 | ConditionalAccess.cs:30:28:30:32 | ... = ... | successor | ConditionalAccess.cs:30:10:30:12 | exit Out |
 | MultiImplementationA.cs:6:22:6:31 | enter get_P1 | successor | MultiImplementationA.cs:6:28:6:31 | null |