github · geoffw0 · Apr 8, 2025 · Apr 7, 2025 · Apr 7, 2025 · Apr 7, 2025
@@ -1,3 +1,10 @@
+/**
+ * @name Static single assignment inconsistencies
+ * @description Lists the static single assignment inconsistencies in the database.  This query is intended for internal use.
+ * @kind table
+ * @id rust/diagnostics/ssa-consistency
+ */
+
 import codeql.rust.dataflow.Ssa
 import codeql.rust.dataflow.internal.SsaImpl
 import Consistency
@@ -7,6 +7,7 @@
 | Inconsistencies - AST | 0 |
 | Inconsistencies - CFG | 0 |
 | Inconsistencies - Path resolution | 0 |
+| Inconsistencies - SSA | 0 |
 | Inconsistencies - data flow | 0 |
 | Lines of code extracted | 6 |
 | Lines of user code extracted | 6 |

@@ -7,6 +7,7 @@
 | Inconsistencies - AST | 0 |
 | Inconsistencies - CFG | 0 |
 | Inconsistencies - Path resolution | 0 |
+| Inconsistencies - SSA | 0 |
 | Inconsistencies - data flow | 0 |
 | Lines of code extracted | 9 |
 | Lines of user code extracted | 9 |

@@ -7,6 +7,7 @@
 | Inconsistencies - AST | 0 |
 | Inconsistencies - CFG | 0 |
 | Inconsistencies - Path resolution | 0 |
+| Inconsistencies - SSA | 0 |
 | Inconsistencies - data flow | 0 |
 | Lines of code extracted | 9 |
 | Lines of user code extracted | 9 |

@@ -0,0 +1,14 @@
+/**
+ * @name Static single assignment inconsistency counts
+ * @description Counts the number of static single assignment inconsistencies of each type.  This query is intended for internal use.
+ * @kind diagnostic
+ * @id rust/diagnostics/ssa-consistency-counts
+ */
+
+private import codeql.rust.dataflow.internal.SsaImpl::Consistency as SsaConsistency
+
+// see also `rust/diagnostics/ssa-consistency`, which lists the
+// individual inconsistency results.
+from string type, int num
+where num = SsaConsistency::getInconsistencyCounts(type)
+select type, num
@@ -10,6 +10,7 @@ private import codeql.rust.internal.AstConsistency as AstConsistency
 private import codeql.rust.internal.PathResolutionConsistency as PathResolutionConsistency
 private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency
 private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency
+private import codeql.rust.dataflow.internal.SsaImpl::Consistency as SsaConsistency
 private import codeql.rust.Concepts
 private import codeql.rust.Diagnostics
 private import codeql.rust.security.SensitiveData
@@ -57,6 +58,13 @@ int getTotalCfgInconsistencies() {
   result = sum(string type | | CfgConsistency::getCfgInconsistencyCounts(type))
 }
 
+/**
+ * Gets a count of the total number of SSA inconsistencies in the database.
+ */
+int getTotalSsaInconsistencies() {
+  result = sum(string type | | SsaConsistency::getInconsistencyCounts(type))
+}
+
 /**
  * Gets a count of the total number of data flow inconsistencies in the database.
  */
@@ -142,6 +150,8 @@ predicate inconsistencyStats(string key, int value) {
   or
   key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies()
   or
+  key = "Inconsistencies - SSA" and value = getTotalSsaInconsistencies()
+  or
   key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies()
 }
 

@@ -0,0 +1,10 @@
+| Definition cannot reach a read | 0 |
+| End of a basic block can be reached by multiple definitions | 0 |
+| Phi has less than 2 immediately prior references | 0 |
+| Phi node has less than two inputs | 0 |
+| Phi read has less than 2 immediately prior references | 0 |
+| Read can be reached from multiple definitions | 0 |
+| Read cannot be reached from a definition | 0 |
+| Read does not have a prior reference | 0 |
+| Read has multiple prior references | 0 |
+| Read is not dominated by a definition | 0 |
@@ -0,0 +1 @@
+queries/diagnostics/SsaConsistencyCounts.ql
@@ -7,6 +7,7 @@
 | Inconsistencies - AST | 0 |
 | Inconsistencies - CFG | 0 |
 | Inconsistencies - Path resolution | 0 |
+| Inconsistencies - SSA | 0 |
 | Inconsistencies - data flow | 0 |
 | Lines of code extracted | 60 |
 | Lines of user code extracted | 60 |

diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll
@@ -1468,6 +1468,58 @@ module Make<LocationSig Location, InputSig<Location> Input> {
       inputRefs = count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and
       inputRefs < 2
     }
+
+    /**
+     * Gets counts of inconsistencies of each type.
+     */
+    int getInconsistencyCounts(string type) {
+      // total results from all the SSA consistency query predicates.
+      type = "Read can be reached from multiple definitions" and
+      result =
+        count(Definition def, SourceVariable v, BasicBlock bb, int i | nonUniqueDef(def, v, bb, i))
+      or
+      type = "Read cannot be reached from a definition" and
+      result = count(SourceVariable v, BasicBlock bb, int i | readWithoutDef(v, bb, i))
+      or
+      type = "Definition cannot reach a read" and
+      result = count(Definition def, SourceVariable v | deadDef(def, v))
+      or
+      type = "Read is not dominated by a definition" and
+      result =
+        count(Definition def, SourceVariable v, BasicBlock bb, int i |
+          notDominatedByDef(def, v, bb, i)
+        )
+      or
+      type = "End of a basic block can be reached by multiple definitions" and
+      result =
+        count(Definition def, SourceVariable v, BasicBlock bb |
+          nonUniqueDefReachesEndOfBlock(def, v, bb)
+        )
+      or
+      type = "Phi node has less than two inputs" and
+      result = count(PhiNode phi, int inputs | uselessPhiNode(phi, inputs))
+      or
+      type = "Read does not have a prior reference" and
+      result = count(SourceVariable v, BasicBlock bb, int i | readWithoutPriorRef(v, bb, i))
+      or
+      type = "Read has multiple prior references" and
+      result =
+        count(SourceVariable v, BasicBlock bb1, int i1, BasicBlock bb2, int i2 |
+          readWithMultiplePriorRefs(v, bb1, i1, bb2, i2)
+        )
+      or
+      type = "Phi has less than 2 immediately prior references" and
+      result =
+        count(PhiNode phi, BasicBlock bbPhi, SourceVariable v, int inputRefs |
+          phiWithoutTwoPriorRefs(phi, bbPhi, v, inputRefs)
+        )
+      or
+      type = "Phi read has less than 2 immediately prior references" and
+      result =
+        count(BasicBlock bbPhi, SourceVariable v, int inputRefs |
+          phiReadWithoutTwoPriorRefs(bbPhi, v, inputRefs)
+        )
+    }
   }
 
   /** Provides the input to `DataFlowIntegration`. */
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		queries/diagnostics/SsaConsistencyCounts.ql
Check warning Code scanning / CodeQL Query test without inline test expectations Warning test Query test does not use inline test expectations. Copy link Contributor Author geoffw0 Apr 7, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. It's a diagnostic query.