github
diff --git a/‎change-notes/1.19/analysis-csharp.md‎
Lines changed: 20 additions & 0 deletions b/‎change-notes/1.19/analysis-csharp.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/Assignable.qll‎
Lines changed: 29 additions & 45 deletions b/‎csharp/ql/src/semmle/code/csharp/Assignable.qll‎
Lines changed: 29 additions & 45 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/Element.qll‎
Lines changed: 0 additions & 21 deletions b/‎csharp/ql/src/semmle/code/csharp/Element.qll‎
Lines changed: 0 additions & 21 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/ExprOrStmtParent.qll‎
Lines changed: 22 additions & 0 deletions b/‎csharp/ql/src/semmle/code/csharp/ExprOrStmtParent.qll‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎csharp/ql/src/semmle/code/csharp/Stmt.qll‎
Lines changed: 25 additions & 19 deletions b/‎csharp/ql/src/semmle/code/csharp/Stmt.qll‎
Lines changed: 25 additions & 19 deletions
@@ -0,0 +1,20 @@
+# Improvements to C# analysis
+
+## General improvements
+
+* The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in `if (b) x = 0; if (b) x = 1;`, the control flow graph will reflect that taking the `true` (resp. `false`) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment to `x` will now be identified as being dead.
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+| *@name of query (Query ID)* | *Tags*    |*Aim of the new query and whether it is enabled by default or not*  |
+
+## Changes to existing queries
+
+| **Query**                  | **Expected impact**    | **Change**                                                       |
+|----------------------------|------------------------|------------------------------------------------------------------|
+| *@name of query (Query ID)*| *Impact on results*    | *How/why the query has changed*                                  |
+
+
+## Changes to QL libraries
@@ -446,16 +446,25 @@ class AssignableDefinition extends TAssignableDefinition {
    * the definitions of `x` and `y` in `M(out x, out y)` and `(x, y) = (0, 1)`
    * relate to the same call to `M` and assignment node, respectively.
    */
-  ControlFlow::Node getAControlFlowNode() { none() }
+  ControlFlow::Node getAControlFlowNode() {
+    result = this.getExpr().getAControlFlowNode()
+  }
+
+  /**
+   * Gets the underlying expression that updates the targeted assignable when
+   * reached, if any.
+   *
+   * Not all definitions have an associated expression, for example implicit
+   * parameter definitions.
+   */
+  Expr getExpr() { none() }
 
   /** DEPRECATED: Use `getAControlFlowNode()` instead. */
   deprecated
   ControlFlow::Node getControlFlowNode() { result = this.getAControlFlowNode() }
 
   /** Gets the enclosing callable of this definition. */
-  Callable getEnclosingCallable() {
-    result = this.getAControlFlowNode().getBasicBlock().getCallable()
-  }
+  Callable getEnclosingCallable() { result = this.getExpr().getEnclosingCallable() }
 
   /**
    * Gets the assigned expression, if any. For example, the expression assigned
@@ -581,7 +590,7 @@ class AssignableDefinition extends TAssignableDefinition {
 
   /** Gets the location of this assignable definition. */
   Location getLocation() {
-    result = this.getAControlFlowNode().getLocation()
+    result = this.getExpr().getLocation()
   }
 }
 
@@ -602,9 +611,7 @@ module AssignableDefinitions {
       result = a
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = a.getAControlFlowNode()
-    }
+    override Expr getExpr() { result = a }
 
     override Expr getSource() {
       result = a.getRValue() and
@@ -633,30 +640,19 @@ module AssignableDefinitions {
       result = ae
     }
 
-    private Expr getLeaf() {
-      result = leaf
-    }
-
     /**
      * Gets the evaluation order of this definition among the other definitions
      * in the compound tuple assignment. For example, in `(x, (y, z)) = ...` the
      * orders of the definitions of `x`, `y`, and `z` are 0, 1, and 2, respectively.
      */
     int getEvaluationOrder() {
-      exists(ControlFlow::BasicBlock bb, int i |
-        bb.getNode(i).getElement() = leaf |
-        i = rank[result + 1](int j, TupleAssignmentDefinition def |
-          bb.getNode(j).getElement() = def.getLeaf() and
-          ae = def.getAssignment()
-          |
-          j
-        )
+      leaf = rank[result + 1](Expr leaf0 |
+        exists(TTupleAssignmentDefinition(ae, leaf0)) |
+        leaf0 order by leaf0.getLocation().getStartLine(), leaf0.getLocation().getStartColumn()
       )
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = ae.getAControlFlowNode()
-    }
+    override Expr getExpr() { result = ae }
 
     override Expr getSource() {
       result = getTupleSource(this) // need not exist
@@ -700,9 +696,7 @@ module AssignableDefinitions {
       )
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = this.getCall().getAControlFlowNode()
-    }
+    override Expr getExpr() { result = this.getCall() }
 
     override predicate isCertain() {
       not isUncertainRefCall(this.getCall(), this.getTargetAccess())
@@ -732,9 +726,7 @@ module AssignableDefinitions {
       result = mo
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = mo.getAControlFlowNode()
-    }
+    override Expr getExpr() { result = mo }
 
     override string toString() {
       result = mo.toString()
@@ -756,9 +748,7 @@ module AssignableDefinitions {
       result = lvde
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = lvde.getAControlFlowNode()
-    }
+    override Expr getExpr() { result = lvde }
 
     override string toString() {
       result = lvde.toString()
@@ -785,6 +775,10 @@ module AssignableDefinitions {
       result = p.getCallable().getEntryPoint()
     }
 
+    override Callable getEnclosingCallable() {
+      result = p.getCallable()
+    }
+
     override string toString() {
       result = p.toString()
     }
@@ -809,9 +803,7 @@ module AssignableDefinitions {
       result = aoe
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = aoe.getAControlFlowNode()
-    }
+    override Expr getExpr() { result = aoe }
 
     override string toString() {
       result = aoe.toString()
@@ -833,9 +825,7 @@ module AssignableDefinitions {
       result = ipe.getVariableDeclExpr()
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = this.getDeclaration().getAControlFlowNode()
-    }
+    override Expr getExpr() { result = this.getDeclaration() }
 
     override Expr getSource() {
       result = ipe.getExpr()
@@ -870,9 +860,7 @@ module AssignableDefinitions {
       result = tc.getVariableDeclExpr()
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      result = this.getDeclaration().getAControlFlowNode()
-    }
+    override Expr getExpr() { result = this.getDeclaration() }
 
     override Expr getSource() {
       result = any(SwitchStmt ss | ss.getATypeCase() = tc).getCondition()
@@ -906,10 +894,6 @@ module AssignableDefinitions {
       result = a
     }
 
-    override ControlFlow::Node getAControlFlowNode() {
-      none() // initializers are currently not part of the CFG
-    }
-
     override Expr getSource() {
       result = e
     }
 
@@ -57,24 +57,3 @@ class Element extends DotNet::Element, @element {
     exists(Element parent | parent.getChild(result) = this)
   }
 }
-
-/**
- * Gets the "best" location for element `e`. Where an element has locations in
- * source and assemblies, choose the source location. If there are multiple assembly
- * locations, choose only one.
- */
-cached
-private Location bestLocation(Element e) {
-  result = e.getALocation().(SourceLocation) and
-  (mustHaveLocationInFile(e, _) implies mustHaveLocationInFile(e, result.getFile()))
-  or
-  (
-    hasNoSourceLocation(e)
-    and
-    result = min(Location l | l = e.getALocation() | l order by l.getFile().toString())
-  )
-}
-
-private predicate hasNoSourceLocation(Element e) {
-  not e.getALocation() instanceof SourceLocation
-}
@@ -370,7 +370,29 @@ private cached module Cached {
       t = getTopLevelDeclaringType(d) or d = t or d = p
     )
   }
+
+  private predicate hasNoSourceLocation(Element e) {
+    not e.getALocation() instanceof SourceLocation
+  }
+
+  /**
+   * Gets the "best" location for element `e`. Where an element has locations in
+   * source and assemblies, choose the source location. If there are multiple assembly
+   * locations, choose only one.
+   */
+  cached
+  Location bestLocationCached(Element e) {
+    result = e.getALocation().(SourceLocation) and
+    (mustHaveLocationInFile(e, _) implies mustHaveLocationInFile(e, result.getFile()))
+    or
+    (
+      hasNoSourceLocation(e)
+      and
+      result = min(Location l | l = e.getALocation() | l order by l.getFile().toString())
+    )
+  }
 }
 private import Cached
 
 predicate mustHaveLocationInFile = mustHaveLocationInFileCached/2;
+predicate bestLocation = bestLocationCached/1;
@@ -173,17 +173,7 @@ class SwitchStmt extends SelectionStmt, @switch_stmt {
    * }
    * ```
    */
-  cached
-  CaseStmt getCase(int i) {
-    exists(int index, int rankIndex |
-      result = getChildStmt(index) and
-      rankIndex = i + 1 and
-      index = rank[rankIndex](int j, CaseStmt cs |
-        cs = this.getChildStmt(j) |
-        j
-      )
-    )
-  }
+  CaseStmt getCase(int i) { result = SwithStmtInternal::getCase(this, i) }
 
   /** Gets a case of this `switch` statement. */
   CaseStmt getACase() { result = this.getCase(_) }
@@ -221,29 +211,45 @@ class SwitchStmt extends SelectionStmt, @switch_stmt {
    * Note that each non-`default` case is a labeled statement, so the statement
    * that follows is a child of the labeled statement, and not the `switch` block.
    */
+  Stmt getStmt(int i) { result = SwithStmtInternal::getStmt(this, i) }
+
+  /** Gets a statement in the body of this `switch` statement. */
+  Stmt getAStmt() { result = this.getStmt(_) }
+}
+
+private cached module SwithStmtInternal {
   cached
-  Stmt getStmt(int i) {
+  CaseStmt getCase(SwitchStmt ss, int i) {
     exists(int index, int rankIndex |
-      result = getChildStmt(index) and
+      result = ss.getChildStmt(index) and
+      rankIndex = i + 1 and
+      index = rank[rankIndex](int j, CaseStmt cs |
+        cs = ss.getChildStmt(j) |
+        j
+      )
+    )
+  }
+
+  cached
+  Stmt getStmt(SwitchStmt ss, int i) {
+    exists(int index, int rankIndex |
+      result = ss.getChildStmt(index) and
       rankIndex = i + 1 and
       index = rank[rankIndex](int j, Stmt s |
         // `getChild` includes both labeled statements and the targeted
         // statements of labeled statement as separate children, but we
         // only want the labeled statement
-        s = getLabeledStmt(j) |
+        s = getLabeledStmt(ss, j) |
         j
       )
     )
   }
 
-  private Stmt getLabeledStmt(int i) {
-    result = this.getChildStmt(i) and
+  private Stmt getLabeledStmt(SwitchStmt ss, int i) {
+    result = ss.getChildStmt(i) and
     not result = any(ConstCase cc).getStmt() and
     not result = any(TypeCase tc).getStmt()
   }
-
-  /** Gets a statement in the body of this `switch` statement. */
-  Stmt getAStmt() { result = this.getStmt(_) }
 }
 
 /**