Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c32242e

Browse files
hvitvedhvitved
committed
C#: Simplify ControlFlowReachability.qll 
1 parent b49aa67 commit c32242e

3 files changed

Lines changed: 62 additions & 66 deletions

File tree

csharp/ql/src/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll

Lines changed: 30 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,4 @@
11
import csharp
2-
private import DataFlowPrivate
3-
private import DataFlowPublic
42

53
private class ControlFlowScope extends ControlFlowElement {
64
private boolean exactScope;
@@ -89,21 +87,21 @@ abstract class ControlFlowReachabilityConfiguration extends string {
8987

9088
pragma[nomagic]
9189
private predicate reachesBasicBlockExprBase(
92-
Expr e1, Expr e2, ControlFlowElement scope, boolean exactScope, boolean isSuccessor,
93-
ControlFlow::Nodes::ElementNode cfn1, int i, ControlFlow::BasicBlock bb
90+
Expr e1, Expr e2, boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn1, int i,
91+
ControlFlow::BasicBlock bb
9492
) {
95-
this.candidate(e1, e2, scope, exactScope, isSuccessor) and
93+
this.candidate(e1, e2, _, _, isSuccessor) and
9694
cfn1 = e1.getAControlFlowNode() and
9795
bb.getNode(i) = cfn1
9896
}
9997

10098
pragma[nomagic]
10199
private predicate reachesBasicBlockExprRec(
102-
Expr e1, Expr e2, ControlFlowElement scope, boolean exactScope, boolean isSuccessor,
103-
ControlFlow::Nodes::ElementNode cfn1, ControlFlow::BasicBlock bb
100+
Expr e1, Expr e2, boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn1,
101+
ControlFlow::BasicBlock bb
104102
) {
105103
exists(ControlFlow::BasicBlock mid |
106-
this.reachesBasicBlockExpr(e1, e2, scope, exactScope, isSuccessor, cfn1, mid)
104+
this.reachesBasicBlockExpr(e1, e2, isSuccessor, cfn1, mid)
107105
|
108106
isSuccessor = true and
109107
bb = mid.getASuccessor()
@@ -115,36 +113,35 @@ abstract class ControlFlowReachabilityConfiguration extends string {
115113

116114
pragma[nomagic]
117115
private predicate reachesBasicBlockExpr(
118-
Expr e1, Expr e2, ControlFlowElement scope, boolean exactScope, boolean isSuccessor,
119-
ControlFlow::Nodes::ElementNode cfn1, ControlFlow::BasicBlock bb
116+
Expr e1, Expr e2, boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn1,
117+
ControlFlow::BasicBlock bb
120118
) {
121-
this.reachesBasicBlockExprBase(e1, e2, scope, exactScope, isSuccessor, cfn1, _, bb)
119+
this.reachesBasicBlockExprBase(e1, e2, isSuccessor, cfn1, _, bb)
122120
or
123-
this.candidate(e1, e2, scope, exactScope, isSuccessor) and
124-
exists(ControlFlowElement scope0, boolean exactScope0 |
125-
this.reachesBasicBlockExprRec(e1, e2, scope0, exactScope0, isSuccessor, cfn1, bb)
126-
|
127-
bb = getABasicBlockInScope(scope0, exactScope0)
121+
exists(ControlFlowElement scope, boolean exactScope |
122+
this.candidate(e1, e2, scope, exactScope, isSuccessor) and
123+
this.reachesBasicBlockExprRec(e1, e2, isSuccessor, cfn1, bb) and
124+
bb = getABasicBlockInScope(scope, exactScope)
128125
)
129126
}
130127

131128
pragma[nomagic]
132129
private predicate reachesBasicBlockDefinitionBase(
133-
Expr e, AssignableDefinition def, ControlFlowElement scope, boolean exactScope,
134-
boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn, int i, ControlFlow::BasicBlock bb
130+
Expr e, AssignableDefinition def, boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn,
131+
int i, ControlFlow::BasicBlock bb
135132
) {
136-
this.candidateDef(e, def, scope, exactScope, isSuccessor) and
133+
this.candidateDef(e, def, _, _, isSuccessor) and
137134
cfn = e.getAControlFlowNode() and
138135
bb.getNode(i) = cfn
139136
}
140137

141138
pragma[nomagic]
142139
private predicate reachesBasicBlockDefinitionRec(
143-
Expr e, AssignableDefinition def, ControlFlowElement scope, boolean exactScope,
144-
boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn, ControlFlow::BasicBlock bb
140+
Expr e, AssignableDefinition def, boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn,
141+
ControlFlow::BasicBlock bb
145142
) {
146143
exists(ControlFlow::BasicBlock mid |
147-
this.reachesBasicBlockDefinition(e, def, scope, exactScope, isSuccessor, cfn, mid)
144+
this.reachesBasicBlockDefinition(e, def, isSuccessor, cfn, mid)
148145
|
149146
isSuccessor = true and
150147
bb = mid.getASuccessor()
@@ -156,16 +153,15 @@ abstract class ControlFlowReachabilityConfiguration extends string {
156153

157154
pragma[nomagic]
158155
private predicate reachesBasicBlockDefinition(
159-
Expr e, AssignableDefinition def, ControlFlowElement scope, boolean exactScope,
160-
boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn, ControlFlow::BasicBlock bb
156+
Expr e, AssignableDefinition def, boolean isSuccessor, ControlFlow::Nodes::ElementNode cfn,
157+
ControlFlow::BasicBlock bb
161158
) {
162-
this.reachesBasicBlockDefinitionBase(e, def, scope, exactScope, isSuccessor, cfn, _, bb)
159+
this.reachesBasicBlockDefinitionBase(e, def, isSuccessor, cfn, _, bb)
163160
or
164-
this.candidateDef(e, def, scope, exactScope, isSuccessor) and
165-
exists(ControlFlowElement scope0, boolean exactScope0 |
166-
this.reachesBasicBlockDefinitionRec(e, def, scope0, exactScope0, isSuccessor, cfn, bb)
167-
|
168-
bb = getABasicBlockInScope(scope0, exactScope0)
161+
exists(ControlFlowElement scope, boolean exactScope |
162+
this.candidateDef(e, def, scope, exactScope, isSuccessor) and
163+
this.reachesBasicBlockDefinitionRec(e, def, isSuccessor, cfn, bb) and
164+
bb = getABasicBlockInScope(scope, exactScope)
169165
)
170166
}
171167

@@ -176,7 +172,7 @@ abstract class ControlFlowReachabilityConfiguration extends string {
176172
pragma[nomagic]
177173
predicate hasExprPath(Expr e1, ControlFlow::Node cfn1, Expr e2, ControlFlow::Node cfn2) {
178174
exists(ControlFlow::BasicBlock bb, boolean isSuccessor, int i, int j |
179-
this.reachesBasicBlockExprBase(e1, e2, _, _, isSuccessor, cfn1, i, bb) and
175+
this.reachesBasicBlockExprBase(e1, e2, isSuccessor, cfn1, i, bb) and
180176
cfn2 = bb.getNode(j) and
181177
cfn2 = e2.getAControlFlowNode()
182178
|
@@ -186,7 +182,7 @@ abstract class ControlFlowReachabilityConfiguration extends string {
186182
)
187183
or
188184
exists(ControlFlow::BasicBlock bb |
189-
this.reachesBasicBlockExprRec(e1, e2, _, _, _, cfn1, bb) and
185+
this.reachesBasicBlockExprRec(e1, e2, _, cfn1, bb) and
190186
cfn2 = bb.getANode() and
191187
cfn2 = e2.getAControlFlowNode()
192188
)
@@ -201,7 +197,7 @@ abstract class ControlFlowReachabilityConfiguration extends string {
201197
Expr e, ControlFlow::Node cfn, AssignableDefinition def, ControlFlow::Node cfnDef
202198
) {
203199
exists(ControlFlow::BasicBlock bb, boolean isSuccessor, int i, int j |
204-
this.reachesBasicBlockDefinitionBase(e, def, _, _, isSuccessor, cfn, i, bb) and
200+
this.reachesBasicBlockDefinitionBase(e, def, isSuccessor, cfn, i, bb) and
205201
cfnDef = bb.getNode(j) and
206202
def.getAControlFlowNode() = cfnDef
207203
|
@@ -211,35 +207,9 @@ abstract class ControlFlowReachabilityConfiguration extends string {
211207
)
212208
or
213209
exists(ControlFlow::BasicBlock bb |
214-
this.reachesBasicBlockDefinitionRec(e, def, _, _, _, cfn, bb) and
210+
this.reachesBasicBlockDefinitionRec(e, def, _, cfn, bb) and
215211
def.getAControlFlowNode() = cfnDef and
216212
cfnDef = bb.getANode()
217213
)
218214
}
219-
220-
/**
221-
* Holds if there is a control-flow path from `n1` to `n2`. `n2` is either an
222-
* expression node or an SSA definition node.
223-
*/
224-
pragma[nomagic]
225-
predicate hasNodePath(ExprNode n1, Node n2) {
226-
exists(Expr e1, ControlFlow::Node cfn1, Expr e2, ControlFlow::Node cfn2 |
227-
this.hasExprPath(e1, cfn1, e2, cfn2)
228-
|
229-
cfn1 = n1.getControlFlowNode() and
230-
cfn2 = n2.(ExprNode).getControlFlowNode()
231-
)
232-
or
233-
exists(
234-
Expr e, ControlFlow::Node cfn, AssignableDefinition def, ControlFlow::Node cfnDef,
235-
Ssa::ExplicitDefinition ssaDef
236-
|
237-
this.hasDefPath(e, cfn, def, cfnDef)
238-
|
239-
cfn = n1.getControlFlowNode() and
240-
ssaDef.getADefinition() = def and
241-
ssaDef.getControlFlowNode() = cfnDef and
242-
n2.(SsaDefinitionNode).getDefinition() = ssaDef
243-
)
244-
}
245215
}

csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll

Lines changed: 31 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,32 @@ private module ThisFlow {
121121
}
122122
}
123123

124+
/**
125+
* Holds if there is a control-flow path from `n1` to `n2`. `n2` is either an
126+
* expression node or an SSA definition node.
127+
*/
128+
pragma[nomagic]
129+
predicate hasNodePath(ControlFlowReachabilityConfiguration conf, ExprNode n1, Node n2) {
130+
exists(Expr e1, ControlFlow::Node cfn1, Expr e2, ControlFlow::Node cfn2 |
131+
conf.hasExprPath(e1, cfn1, e2, cfn2)
132+
|
133+
cfn1 = n1.getControlFlowNode() and
134+
cfn2 = n2.(ExprNode).getControlFlowNode()
135+
)
136+
or
137+
exists(
138+
Expr e, ControlFlow::Node cfn, AssignableDefinition def, ControlFlow::Node cfnDef,
139+
Ssa::ExplicitDefinition ssaDef
140+
|
141+
conf.hasDefPath(e, cfn, def, cfnDef)
142+
|
143+
cfn = n1.getControlFlowNode() and
144+
ssaDef.getADefinition() = def and
145+
ssaDef.getControlFlowNode() = cfnDef and
146+
n2.(SsaDefinitionNode).getDefinition() = ssaDef
147+
)
148+
}
149+
124150
/** Provides predicates related to local data flow. */
125151
module LocalFlow {
126152
private class LocalExprStepConfiguration extends ControlFlowReachabilityConfiguration {
@@ -306,7 +332,7 @@ module LocalFlow {
306332
not usesInstanceField(def)
307333
)
308334
or
309-
any(LocalExprStepConfiguration x).hasNodePath(nodeFrom, nodeTo)
335+
hasNodePath(any(LocalExprStepConfiguration x), nodeFrom, nodeTo)
310336
or
311337
ThisFlow::adjacentThisRefs(nodeFrom, nodeTo)
312338
or
@@ -656,7 +682,7 @@ private module Cached {
656682
cached
657683
predicate storeStepImpl(Node node1, Content c, Node node2) {
658684
exists(StoreStepConfiguration x, ExprNode node, boolean postUpdate |
659-
x.hasNodePath(node1, node) and
685+
hasNodePath(x, node1, node) and
660686
if postUpdate = true then node = node2.(PostUpdateNode).getPreUpdateNode() else node = node2
661687
|
662688
fieldOrPropertyStore(_, c, node1.asExpr(), node.getExpr(), postUpdate)
@@ -691,10 +717,10 @@ private module Cached {
691717
cached
692718
predicate readStepImpl(Node node1, Content c, Node node2) {
693719
exists(ReadStepConfiguration x |
694-
x.hasNodePath(node1, node2) and
720+
hasNodePath(x, node1, node2) and
695721
fieldOrPropertyRead(node1.asExpr(), c, node2.asExpr())
696722
or
697-
x.hasNodePath(node1, node2) and
723+
hasNodePath(x, node1, node2) and
698724
arrayRead(node1.asExpr(), node2.asExpr()) and
699725
c instanceof ElementContent
700726
or
@@ -706,7 +732,7 @@ private module Cached {
706732
c instanceof ElementContent
707733
)
708734
or
709-
x.hasNodePath(node1, node2) and
735+
hasNodePath(x, node1, node2) and
710736
node2.asExpr().(AwaitExpr).getExpr() = node1.asExpr() and
711737
c = getResultContent()
712738
)

csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ private class LocalTaintExprStepConfiguration extends ControlFlowReachabilityCon
105105

106106
private predicate localTaintStepCommon(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
107107
Stages::DataFlowStage::forceCachingInSameStage() and
108-
any(LocalTaintExprStepConfiguration x).hasNodePath(nodeFrom, nodeTo)
108+
hasNodePath(any(LocalTaintExprStepConfiguration x), nodeFrom, nodeTo)
109109
or
110110
localTaintStepCil(nodeFrom, nodeTo)
111111
}

0 commit comments

Comments
 (0)