github
diff --git a/‎java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt‎
Lines changed: 4 additions & 16 deletions b/‎java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt‎
Lines changed: 4 additions & 16 deletions
diff --git a/‎java/ql/examples/snippets/eq_true.ql‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/examples/snippets/eq_true.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/Expr.qll‎
Lines changed: 63 additions & 15 deletions b/‎java/ql/lib/semmle/code/java/Expr.qll‎
Lines changed: 63 additions & 15 deletions
diff --git a/‎java/ql/lib/semmle/code/java/controlflow/Guards.qll‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/lib/semmle/code/java/controlflow/Guards.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll‎
Lines changed: 2 additions & 2 deletions b/‎java/ql/lib/semmle/code/java/controlflow/UnreachableBlocks.qll‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll‎
Lines changed: 2 additions & 2 deletions b/‎java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/NullGuards.qll‎
Lines changed: 6 additions & 4 deletions b/‎java/ql/lib/semmle/code/java/dataflow/NullGuards.qll‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/Nullness.qll‎
Lines changed: 3 additions & 3 deletions b/‎java/ql/lib/semmle/code/java/dataflow/Nullness.qll‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll‎
Lines changed: 1 addition & 1 deletion
@@ -1278,15 +1278,9 @@ open class KotlinFileExtractor(
                 }
                 // != gets desugared into not and ==. Here we resugar it.
                 c.origin == IrStatementOrigin.EXCLEQ && isFunction("kotlin", "Boolean", "not") && c.valueArgumentsCount == 0 && dr != null && dr is IrCall && isBuiltinCallInternal(dr, "EQEQ") -> {
-                    var id: Label<out DbExpr>
+                    var id = tw.getFreshIdLabel<DbValueneexpr>()
                     val type = useType(c.type)
-                    if (isShallowEqualityTest(dr)) {
-                        id = tw.getFreshIdLabel<DbNeexpr>()
-                        tw.writeExprs_neexpr(id, type.javaResult.id, parent, idx)
-                    } else {
-                        id = tw.getFreshIdLabel<DbValueneexpr>()
-                        tw.writeExprs_valueneexpr(id, type.javaResult.id, parent, idx)
-                    }
+                    tw.writeExprs_valueneexpr(id, type.javaResult.id, parent, idx)
                     tw.writeExprsKotlinType(id, type.kotlinResult.id)
                     binOp(id, dr, callable, enclosingStmt)
                 }
@@ -1351,15 +1345,9 @@ open class KotlinFileExtractor(
                     if(c.origin != IrStatementOrigin.EQEQ) {
                         logger.errorElement("Unexpected origin for EQEQ: ${c.origin}", c)
                     }
-                    var id: Label<out DbExpr>
+                    var id = tw.getFreshIdLabel<DbValueeqexpr>()
                     val type = useType(c.type)
-                    if (isShallowEqualityTest(c)) {
-                        id = tw.getFreshIdLabel<DbEqexpr>()
-                        tw.writeExprs_eqexpr(id, type.javaResult.id, parent, idx)
-                    } else {
-                        id = tw.getFreshIdLabel<DbValueeqexpr>()
-                        tw.writeExprs_valueeqexpr(id, type.javaResult.id, parent, idx)
-                    }
+                    tw.writeExprs_valueeqexpr(id, type.javaResult.id, parent, idx)
                     tw.writeExprsKotlinType(id, type.kotlinResult.id)
                     binOp(id, c, callable, enclosingStmt)
                 }
 
@@ -9,6 +9,6 @@
 
 import java
 
-from EqualityTest eq
+from AnyEqualityTest eq
 where eq.getAnOperand() instanceof BooleanLiteral
 select eq
@@ -225,12 +225,12 @@ class CompileTimeConstantExpr extends Expr {
       )
       or
       (
-        b instanceof EQExpr and
+        b instanceof AnyEqualsExpr and
         if left = right then result = true else result = false
       )
       or
       (
-        b instanceof NEExpr and
+        b instanceof AnyNotEqualsExpr and
         if left != right then result = true else result = false
       )
     )
@@ -242,12 +242,12 @@ class CompileTimeConstantExpr extends Expr {
       right = b.getRightOperand().(CompileTimeConstantExpr).getBooleanValue()
     |
       (
-        b instanceof EQExpr and
+        b instanceof AnyEqualsExpr and
         if left = right then result = true else result = false
       )
       or
       (
-        b instanceof NEExpr and
+        b instanceof AnyNotEqualsExpr and
         if left != right then result = true else result = false
       )
       or
@@ -269,15 +269,18 @@ class CompileTimeConstantExpr extends Expr {
       /*
        * JLS 15.28 specifies that compile-time `String` constants are interned. Therefore `==`
        * equality can be interpreted as equality over the constant values, not the references.
+       *
+       * Kotlin's `==` and `===` operators will return the same result for `String`s, so they
+       * can be handled alike:
        */
 
       (
-        b instanceof EQExpr and
+        b instanceof AnyEqualsExpr and
         if left = right then result = true else result = false
       )
       or
       (
-        b instanceof NEExpr and
+        b instanceof AnyNotEqualsExpr and
         if left != right then result = true else result = false
       )
     )
@@ -359,7 +362,7 @@ class CompileTimeConstantExpr extends Expr {
         or
         b instanceof XorBitwiseExpr and result = v1.bitXor(v2)
         // No `int` value for `AndLogicalExpr` or `OrLogicalExpr`.
-        // No `int` value for `LTExpr`, `GTExpr`, `LEExpr`, `GEExpr`, `EQExpr` or `NEExpr`.
+        // No `int` value for `LTExpr`, `GTExpr`, `LEExpr`, `GEExpr`, `AnyEqualsExpr` or `AnyNotEqualsExpr`.
       )
       or
       // Ternary conditional, with compile-time constant condition.
@@ -952,7 +955,7 @@ class GEExpr extends BinaryExpr, @geexpr {
   override string getAPrimaryQlClass() { result = "GEExpr" }
 }
 
-/** A binary expression using the `==` operator. */
+/** A binary expression using Java's `==` or Kotlin's `===` operator. */
 class EQExpr extends BinaryExpr, @eqexpr {
   override string getOp() { result = " == " }
 
@@ -961,12 +964,12 @@ class EQExpr extends BinaryExpr, @eqexpr {
 
 /** A binary expression using the Kotlin `==` operator, semantically equivalent to `Objects.equals`. */
 class ValueEQExpr extends BinaryExpr, @valueeqexpr {
-  override string getOp() { result = " == " }
+  override string getOp() { result = " (value equals) " }
 
   override string getAPrimaryQlClass() { result = "ValueEQExpr" }
 }
 
-/** A binary expression using the `!=` operator. */
+/** A binary expression using Java's `!=` or Kotlin's `!==` operator. */
 class NEExpr extends BinaryExpr, @neexpr {
   override string getOp() { result = " != " }
 
@@ -975,11 +978,35 @@ class NEExpr extends BinaryExpr, @neexpr {
 
 /** A binary expression using the Kotlin `!=` operator, semantically equivalent to `Objects.equals`. */
 class ValueNEExpr extends BinaryExpr, @valueneexpr {
-  override string getOp() { result = " != " }
+  override string getOp() { result = " (value not-equals) " }
 
   override string getAPrimaryQlClass() { result = "ValueNEExpr" }
 }
 
+/**
+ * A binary expression using either Java or Kotlin's `==` operator.
+ *
+ * This might test for reference equality or might function like `Objects.equals`. If you
+ * need to distinguish them, use `EQExpr` or `ValueEQExpr` instead.
+ */
+class AnyEqualsExpr extends BinaryExpr {
+  AnyEqualsExpr() {
+    this instanceof EQExpr or this instanceof ValueEQExpr
+  }
+}
+
+/**
+ * A binary expression using either Java or Kotlin's `!=` operator.
+ *
+ * This might test for reference equality or might function like `Objects.equals`. If you
+ * need to distinguish them, use `EQExpr` or `ValueEQExpr` instead.
+ */
+class AnyNotEqualsExpr extends BinaryExpr {
+  AnyNotEqualsExpr() {
+    this instanceof NEExpr or this instanceof ValueNEExpr
+  }
+}
+
 /**
  * A bitwise expression.
  *
@@ -1068,19 +1095,40 @@ class GreaterThanComparison extends ComparisonExpr {
 
 /**
  * An equality test is a binary expression using
- * the `==` or `!=` operator.
+ * Java's `==` or `!=` operators, or Kotlin's `==`, `!=`, `===` or `!==` operators.
+ *
+ * This could be a reference- or a value-in/equality test.
  */
-class EqualityTest extends BinaryExpr {
-  EqualityTest() {
+class AnyEqualityTest extends BinaryExpr {
+  AnyEqualityTest() {
     this instanceof EQExpr or
-    this instanceof NEExpr
+    this instanceof NEExpr or
+    this instanceof ValueEQExpr or
+    this instanceof ValueNEExpr
   }
 
   /** Gets a boolean indicating whether this is `==` (true) or `!=` (false). */
   boolean polarity() {
     result = true and this instanceof EQExpr
     or
     result = false and this instanceof NEExpr
+    or
+    result = true and this instanceof ValueEQExpr
+    or
+    result = false and this instanceof ValueNEExpr
+  }
+}
+
+/**
+ * An equality test is a binary expression using
+ * Java's `==` or `!=` operator.
+ *
+ * If either operand is a reference type, this is a reference-in/equality test.
+ */
+class EqualityTest extends AnyEqualityTest {
+  EqualityTest() {
+    this instanceof EQExpr or
+    this instanceof NEExpr
   }
 }
 
 
@@ -242,7 +242,7 @@ private predicate guardControls_v3(Guard guard, BasicBlock controlled, boolean b
 }
 
 private predicate equalityGuard(Guard g, Expr e1, Expr e2, boolean polarity) {
-  exists(EqualityTest eqtest |
+  exists(AnyEqualityTest eqtest |
     eqtest = g and
     polarity = eqtest.polarity() and
     eqtest.hasOperands(e1, e2)
 
@@ -133,12 +133,12 @@ class ConstantExpr extends Expr {
       )
       or
       (
-        b instanceof EQExpr and
+        b instanceof AnyEqualsExpr and
         if left = right then result = true else result = false
       )
       or
       (
-        b instanceof NEExpr and
+        b instanceof AnyNotEqualsExpr and
         if left != right then result = true else result = false
       )
     )
 
@@ -35,7 +35,7 @@ predicate implies_v1(Guard g1, boolean b1, Guard g2, boolean b2) {
   b1 = b2.booleanNot() and
   b1 = [true, false]
   or
-  exists(EqualityTest eqtest, boolean polarity, BooleanLiteral boollit |
+  exists(AnyEqualityTest eqtest, boolean polarity, BooleanLiteral boollit |
     eqtest = g1 and
     eqtest.hasOperands(g2, boollit) and
     eqtest.polarity() = polarity and
 
@@ -42,7 +42,7 @@ class IntComparableExpr extends Expr {
  */
 pragma[nomagic]
 Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
-  exists(EqualityTest eqtest, boolean polarity |
+  exists(AnyEqualityTest eqtest, boolean polarity |
     eqtest = result and
     eqtest.hasOperands(e, any(ConstantIntegerExpr c | c.getIntValue() = k)) and
     polarity = eqtest.polarity() and
@@ -53,7 +53,7 @@ Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
     )
   )
   or
-  exists(EqualityTest eqtest, int val, Expr c, boolean upper |
+  exists(AnyEqualityTest eqtest, int val, Expr c, boolean upper |
     k = e.relevantInt() and
     eqtest = result and
     eqtest.hasOperands(e, c) and
 
@@ -17,7 +17,7 @@ Expr alwaysNullExpr() {
 
 /** Gets an equality test between an expression `e` and an enum constant `c`. */
 Expr enumConstEquality(Expr e, boolean polarity, EnumConstant c) {
-  exists(EqualityTest eqtest |
+  exists(AnyEqualityTest eqtest |
     eqtest = result and
     eqtest.hasOperands(e, c.getAnAccess()) and
     polarity = eqtest.polarity()
@@ -33,8 +33,10 @@ InstanceOfExpr instanceofExpr(SsaVariable v, RefType type) {
 /**
  * Gets an expression of the form `v1 == v2` or `v1 != v2`.
  * The predicate is symmetric in `v1` and `v2`.
+ *
+ * Note this includes Kotlin's `==` and `!=` operators, which are value-equality tests.
  */
-EqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
+AnyEqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
   result.hasOperands(v1.getAUse(), v2.getAUse()) and
   isEqualExpr = result.polarity()
 }
@@ -172,7 +174,7 @@ predicate nullCheckMethod(Method m, boolean branch, boolean isnull) {
  * is true, and non-null if `isnull` is false.
  */
 Expr basicNullGuard(Expr e, boolean branch, boolean isnull) {
-  exists(EqualityTest eqtest, boolean polarity |
+  exists(AnyEqualityTest eqtest, boolean polarity |
     eqtest = result and
     eqtest.hasOperands(e, any(NullLiteral n)) and
     polarity = eqtest.polarity() and
@@ -191,7 +193,7 @@ Expr basicNullGuard(Expr e, boolean branch, boolean isnull) {
     nullCheckMethod(call.getMethod(), branch, isnull)
   )
   or
-  exists(EqualityTest eqtest |
+  exists(AnyEqualityTest eqtest |
     eqtest = result and
     eqtest.hasOperands(e, clearlyNotNullExpr()) and
     isnull = false and
 
@@ -70,13 +70,13 @@ private predicate unboxed(Expr e) {
     or
     exists(AssignOp assign | assign.getSource() = e and assign.getType() instanceof PrimitiveType)
     or
-    exists(EqualityTest eq |
+    exists(AnyEqualityTest eq |
       eq.getAnOperand() = e and eq.getAnOperand().getType() instanceof PrimitiveType
     )
     or
     exists(BinaryExpr bin |
       bin.getAnOperand() = e and
-      not bin instanceof EqualityTest and
+      not bin instanceof AnyEqualityTest and
       bin.getType() instanceof PrimitiveType
     )
     or
@@ -653,7 +653,7 @@ private Expr trackingVarGuard(
     )
   )
   or
-  exists(EqualityTest eqtest, boolean branch0, boolean polarity, BooleanLiteral boollit |
+  exists(AnyEqualityTest eqtest, boolean branch0, boolean polarity, BooleanLiteral boollit |
     eqtest = result and
     eqtest.hasOperands(trackingVarGuard(trackssa, trackvar, kind, branch0, isA), boollit) and
     eqtest.polarity() = polarity and
 
@@ -387,7 +387,7 @@ private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
 /** A comparison or equality test with a constant. */
 private predicate comparisonStep(Expr tracked, Expr sink) {
   exists(Expr other |
-    exists(BinaryExpr e | e instanceof ComparisonExpr or e instanceof EqualityTest |
+    exists(BinaryExpr e | e instanceof ComparisonExpr or e instanceof AnyEqualityTest |
       e = sink and
       e.hasOperands(tracked, other)
     )
Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,7 @@ private predicate guardControls_v3(Guard guard, BasicBlock controlled, boolean b`
`242`	`242`	`}`
`243`	`243`
`244`	`244`	`private predicate equalityGuard(Guard g, Expr e1, Expr e2, boolean polarity) {`
`245`		`- exists(EqualityTest eqtest \|`
	`245`	`+ exists(AnyEqualityTest eqtest \|`
`246`	`246`	`eqtest = g and`
`247`	`247`	`polarity = eqtest.polarity() and`
`248`	`248`	`eqtest.hasOperands(e1, e2)`
Original file line number	Diff line number	Diff line change
`@@ -133,12 +133,12 @@ class ConstantExpr extends Expr {`
`133`	`133`	`)`
`134`	`134`	`or`
`135`	`135`	`(`
`136`		`- b instanceof EQExpr and`
	`136`	`+ b instanceof AnyEqualsExpr and`
`137`	`137`	`if left = right then result = true else result = false`
`138`	`138`	`)`
`139`	`139`	`or`
`140`	`140`	`(`
`141`		`- b instanceof NEExpr and`
	`141`	`+ b instanceof AnyNotEqualsExpr and`
`142`	`142`	`if left != right then result = true else result = false`
`143`	`143`	`)`
`144`	`144`	`)`
Original file line number	Diff line number	Diff line change
`@@ -70,13 +70,13 @@ private predicate unboxed(Expr e) {`
`70`	`70`	`or`
`71`	`71`	`exists(AssignOp assign \| assign.getSource() = e and assign.getType() instanceof PrimitiveType)`
`72`	`72`	`or`
`73`		`- exists(EqualityTest eq \|`
	`73`	`+ exists(AnyEqualityTest eq \|`
`74`	`74`	`eq.getAnOperand() = e and eq.getAnOperand().getType() instanceof PrimitiveType`
`75`	`75`	`)`
`76`	`76`	`or`
`77`	`77`	`exists(BinaryExpr bin \|`
`78`	`78`	`bin.getAnOperand() = e and`
`79`		`- not bin instanceof EqualityTest and`
	`79`	`+ not bin instanceof AnyEqualityTest and`
`80`	`80`	`bin.getType() instanceof PrimitiveType`
`81`	`81`	`)`
`82`	`82`	`or`
`@@ -653,7 +653,7 @@ private Expr trackingVarGuard(`
`653`	`653`	`)`
`654`	`654`	`)`
`655`	`655`	`or`
`656`		`- exists(EqualityTest eqtest, boolean branch0, boolean polarity, BooleanLiteral boollit \|`
	`656`	`+ exists(AnyEqualityTest eqtest, boolean branch0, boolean polarity, BooleanLiteral boollit \|`
`657`	`657`	`eqtest = result and`
`658`	`658`	`eqtest.hasOperands(trackingVarGuard(trackssa, trackvar, kind, branch0, isA), boollit) and`
`659`	`659`	`eqtest.polarity() = polarity and`
Original file line number	Diff line number	Diff line change
`@@ -387,7 +387,7 @@ private predicate taintPreservingArgumentToQualifier(Method method, int arg) {`
`387`	`387`	`/** A comparison or equality test with a constant. */`
`388`	`388`	`private predicate comparisonStep(Expr tracked, Expr sink) {`
`389`	`389`	`exists(Expr other \|`
`390`		`- exists(BinaryExpr e \| e instanceof ComparisonExpr or e instanceof EqualityTest \|`
	`390`	`+ exists(BinaryExpr e \| e instanceof ComparisonExpr or e instanceof AnyEqualityTest \|`
`391`	`391`	`e = sink and`
`392`	`392`	`e.hasOperands(tracked, other)`
`393`	`393`	`)`