|
| 1 | +/** |
| 2 | + * Instantiates the shared SSA library for JavaScript, but only to establish use-use flow. |
| 3 | + * |
| 4 | + * JavaScript's old SSA library is still responsible for the ordinary SSA flow. |
| 5 | + */ |
| 6 | + |
| 7 | +private import javascript as js |
| 8 | +private import codeql.ssa.Ssa |
| 9 | + |
| 10 | +private module SsaConfig implements InputSig<js::DbLocation> { |
| 11 | + class ControlFlowNode = js::ControlFlowNode; |
| 12 | + |
| 13 | + class BasicBlock = js::BasicBlock; |
| 14 | + |
| 15 | + class ExitBasicBlock extends BasicBlock { |
| 16 | + ExitBasicBlock() { this.isExitBlock() } |
| 17 | + } |
| 18 | + |
| 19 | + class SourceVariable = js::PurelyLocalVariable; // TODO: include 'this' as it is relevant for use-use flow |
| 20 | + |
| 21 | + pragma[nomagic] |
| 22 | + private js::EntryBasicBlock getEntryBlock(js::StmtContainer container) { |
| 23 | + result.getContainer() = container |
| 24 | + } |
| 25 | + |
| 26 | + predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) { |
| 27 | + certain = true and |
| 28 | + ( |
| 29 | + bb.defAt(i, v, _) |
| 30 | + or |
| 31 | + // Implicit initialization and function parameters |
| 32 | + bb = getEntryBlock(v.getDeclaringContainer()) and |
| 33 | + i = -1 |
| 34 | + ) |
| 35 | + } |
| 36 | + |
| 37 | + predicate variableRead(BasicBlock bb, int i, SourceVariable v, boolean certain) { |
| 38 | + bb.useAt(i, v, _) and certain = true |
| 39 | + } |
| 40 | + |
| 41 | + predicate getImmediateBasicBlockDominator = |
| 42 | + js::BasicBlockInternal::getImmediateBasicBlockDominator/1; |
| 43 | + |
| 44 | + pragma[inline] |
| 45 | + BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } |
| 46 | +} |
| 47 | + |
| 48 | +import Make<js::DbLocation, SsaConfig> |
| 49 | + |
| 50 | +private module SsaDataflowInput implements DataFlowIntegrationInputSig { |
| 51 | + class Expr extends js::VarUse { |
| 52 | + predicate hasCfgNode(js::BasicBlock bb, int i) { this = bb.getNode(i) } |
| 53 | + } |
| 54 | + |
| 55 | + predicate ssaDefAssigns(WriteDefinition def, Expr value) { none() } // Not handled here |
| 56 | + |
| 57 | + class Parameter = js::Parameter; |
| 58 | + |
| 59 | + predicate ssaDefInitializesParam(WriteDefinition def, Parameter p) { none() } // Not handled here |
| 60 | + |
| 61 | + abstract class Guard extends Expr { } // empty class |
| 62 | + |
| 63 | + predicate guardControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) { none() } |
| 64 | + |
| 65 | + js::BasicBlock getAConditionalBasicBlockSuccessor(js::BasicBlock bb, boolean branch) { none() } |
| 66 | +} |
| 67 | + |
| 68 | +import DataFlowIntegration<SsaDataflowInput> |
0 commit comments