Skip to content

Shared: Add a shared SuccessorType implementation #20300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Shared: Add a shared SuccessorType implementation #20300

wants to merge 12 commits into from

Conversation

aschackmull
Copy link
Contributor

@aschackmull aschackmull commented Aug 27, 2025
edited
Loading

This adds a shared implementation of the SuccessorType class that's used as edge labels in our CFGs. I've also updated all languages and all shared libraries to use this new shared code.

Commit-by-commit review is encouraged.

A few notes:

  • SuccessorType is now a shared non-parameterized implementation. This means that it's not using language-specific details like exception type or goto-labels.
  • Splitting in C# on finally blocks use SuccessorType, so the change has a slight semantic impact here. Initially I tried a version that bunched all of the jump successors together, but that gave a single new FP in C# nullness, so I choose to have a more detailed distinction between different jump successors.
  • I've kept the successorTypeIsCondition predicate in a few places in order to not disrupt basic block boundaries too much. Streamlining this across languages is left as a potential follow-up consideration.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 27, 2025
View reviewed changes
csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll
@@ -882,7 +881,7 @@
/** Gets the type of the exception being thrown. */
ExceptionClass getExceptionClass() { result = ec }

override ExceptionSuccessor getAMatchingSuccessorType() { result.getExceptionClass() = ec }
override ExceptionSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?
ruby/ql/lib/codeql/ruby/controlflow/internal/Completion.qll
@@ -431,7 +430,7 @@
this = TNestedCompletion(_, TRaiseCompletion(), _)
}

override RaiseSuccessor getAMatchingSuccessorType() { any() }
override ExceptionSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?
@github-actions github-actions bot added Rust Pull requests that update Rust code Java Swift Actions Analysis of GitHub Actions labels Aug 28, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 28, 2025
View reviewed changes
swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll
@@ -468,7 +467,7 @@

FallthroughCompletion() { this = TFallthroughCompletion(dest) }

override FallthroughSuccessor getAMatchingSuccessorType() { any() }
override DirectSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 29, 2025
View reviewed changes
csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll
@@ -859,7 +858,7 @@
/** Gets the label of the `goto` completion. */
string getLabel() { result = label }

override GotoSuccessor getAMatchingSuccessorType() { result.getLabel() = label }
override GotoSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?
ruby/ql/lib/codeql/ruby/controlflow/internal/Completion.qll
@@ -377,7 +376,7 @@
this = TNestedCompletion(_, TNextCompletion(), _)
}

override NextSuccessor getAMatchingSuccessorType() { any() }
override ContinueSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?
@aschackmull aschackmull marked this pull request as ready for review August 29, 2025 10:59
@aschackmull aschackmull requested review from a team as code owners August 29, 2025 10:59
@aschackmull aschackmull requested a review from a team as a code owner August 29, 2025 10:59
@Copilot Copilot AI review requested due to automatic review settings August 29, 2025 10:59
Copilot
Copilot AI reviewed Aug 29, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a shared implementation of the SuccessorType class used as edge labels in control flow graphs (CFGs). The implementation centralizes successor type definitions in the shared/controlflow module and updates all languages to use this shared code instead of maintaining language-specific implementations.

Key changes include:

  • Adding a comprehensive shared SuccessorType implementation with a well-defined hierarchy
  • Removing language-specific successor type implementations
  • Updating all languages to import and use the shared successor types

Reviewed Changes

Copilot reviewed 64 out of 68 changed files in this pull request and generated no comments.

Show a summary per file
File Description
shared/controlflow/codeql/controlflow/SuccessorType.qll New shared successor type implementation with comprehensive hierarchy
shared/controlflow/codeql/controlflow/Guards.qll Updated to import shared successor types
shared/controlflow/codeql/controlflow/Cfg.qll Updated to use shared successor types and removed language-specific definitions
shared/controlflow/codeql/controlflow/BasicBlock.qll Updated to import shared successor types
swift/ql/lib/codeql/swift/security/PathInjectionExtensions.qll Updated to use shared BooleanSuccessor type
swift/ql/lib/codeql/swift/controlflow/* Removed Swift-specific successor types and updated to use shared implementation
rust/ql/lib/codeql/rust/controlflow/* Removed Rust-specific successor types and updated to use shared implementation
ruby/ql/lib/codeql/ruby/controlflow/* Removed Ruby-specific successor types and updated to use shared implementation
java/ql/lib/semmle/code/java/controlflow/SuccessorType.qll Removed Java-specific successor type implementation
csharp/ql/test/library-tests/goto/Goto1.expected Updated test expectations for goto successor label changes
ruby/ql/test/library-tests/controlflow/graph/*.expected Updated test expectations for successor type label changes
Comments suppressed due to low confidence (1)

swift/ql/lib/codeql/swift/controlflow/internal/Completion.qll:1

  • The change from MatchSuccessor to MatchingSuccessor suggests a naming inconsistency between the old Swift implementation and the new shared implementation. Ensure all references are updated consistently.
/**

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Actions Analysis of GitHub Actions C# Java Ruby Rust Pull requests that update Rust code Swift
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aschackmull