Skip to content

Shared: Add a shared SuccessorType implementation #20300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
+2,402 −4,322
Open

Shared: Add a shared SuccessorType implementation #20300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
cfa2620
Controlflow: Add a shared SuccessorType implementation.
aschackmull Aug 27, 2025
f2bee47
C#: Use shared SuccessorType.
aschackmull Aug 27, 2025
b09882b
Ruby: Use shared SuccessorType.
aschackmull Aug 27, 2025
1765e98
Rust: Use shared SuccessorType.
aschackmull Aug 27, 2025
fdcad17
C#/Ruby: Accept qltest changes.
aschackmull Aug 28, 2025
86d1078
Swift: Use shared SuccessorType.
aschackmull Aug 28, 2025
3e5ed9e
Actions: Use shared SuccessorType.
aschackmull Aug 28, 2025
c4b0db1
Java: Use shared SuccessorType.
aschackmull Aug 28, 2025
2beabed
Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs.
aschackmull Aug 28, 2025
4b899bb
C#: Fix caching dependencies.
aschackmull Aug 28, 2025
0df7d6f
Cfg: Allow for multiple exception successors.
aschackmull Aug 28, 2025
bcc61a5
Guards: Use shared SuccessorType.
aschackmull Aug 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 3 additions & 35 deletions actions/ql/lib/codeql/actions/controlflow/internal/Cfg.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ private import codeql.controlflow.Cfg as CfgShared
private import codeql.Locations

module Completion {
import codeql.controlflow.SuccessorType

private newtype TCompletion =
TSimpleCompletion() or
TBooleanCompletion(boolean b) { b in [false, true] } or
Expand All @@ -25,7 +27,7 @@ module Completion {

override predicate isValidFor(AstNode e) { not any(Completion c).isValidForSpecific(e) }

override NormalSuccessor getAMatchingSuccessorType() { any() }
override DirectSuccessor getAMatchingSuccessorType() { any() }
}

class BooleanCompletion extends NormalCompletion, TBooleanCompletion {
Expand All @@ -49,34 +51,6 @@ module Completion {

override ReturnSuccessor getAMatchingSuccessorType() { any() }
}

cached
private newtype TSuccessorType =
TNormalSuccessor() or
TBooleanSuccessor(boolean b) { b in [false, true] } or
TReturnSuccessor()

class SuccessorType extends TSuccessorType {
string toString() { none() }
}

class NormalSuccessor extends SuccessorType, TNormalSuccessor {
override string toString() { result = "successor" }
}

class BooleanSuccessor extends SuccessorType, TBooleanSuccessor {
boolean value;

BooleanSuccessor() { this = TBooleanSuccessor(value) }

override string toString() { result = value.toString() }

boolean getValue() { result = value }
}

class ReturnSuccessor extends SuccessorType, TReturnSuccessor {
override string toString() { result = "return" }
}
}

module CfgScope {
Expand Down Expand Up @@ -127,14 +101,8 @@ private module Implementation implements CfgShared::InputSig<Location> {
last(scope.(CompositeAction), e, c)
}

predicate successorTypeIsSimple(SuccessorType t) { t instanceof NormalSuccessor }

predicate successorTypeIsCondition(SuccessorType t) { t instanceof BooleanSuccessor }

SuccessorType getAMatchingSuccessorType(Completion c) { result = c.getAMatchingSuccessorType() }

predicate isAbnormalExitType(SuccessorType t) { none() }

int idOfAstNode(AstNode node) { none() }

int idOfCfgScope(CfgScope scope) { none() }
Expand Down
3 changes: 0 additions & 3 deletions csharp/ql/lib/semmle/code/csharp/Caching.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ module Stages {
cached
module ControlFlowStage {
private import semmle.code.csharp.controlflow.internal.Splitting
private import semmle.code.csharp.controlflow.internal.SuccessorType
private import semmle.code.csharp.controlflow.Guards as Guards

cached
Expand All @@ -20,8 +19,6 @@ module Stages {
private predicate forceCachingInSameStageRev() {
exists(Split s)
or
exists(SuccessorType st)
or
exists(ControlFlow::Node n)
or
Guards::Internal::isCustomNullCheck(_, _, _, _)
Expand Down
4 changes: 1 addition & 3 deletions csharp/ql/lib/semmle/code/csharp/commons/Constants.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,7 @@ private import semmle.code.csharp.commons.StructuralComparison as StructuralComp

pragma[noinline]
private predicate isConstantCondition0(ControlFlow::Node cfn, boolean b) {
exists(
cfn.getASuccessorByType(any(ControlFlow::SuccessorTypes::BooleanSuccessor t | t.getValue() = b))
) and
exists(cfn.getASuccessorByType(any(ControlFlow::BooleanSuccessor t | t.getValue() = b))) and
strictcount(ControlFlow::SuccessorType t | exists(cfn.getASuccessorByType(t))) = 1
}

Expand Down
2 changes: 1 addition & 1 deletion csharp/ql/lib/semmle/code/csharp/controlflow/BasicBlocks.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
*/

import csharp
private import ControlFlow::SuccessorTypes
private import ControlFlow
private import semmle.code.csharp.controlflow.internal.ControlFlowGraphImpl as CfgImpl
private import CfgImpl::BasicBlocks as BasicBlocksImpl

Expand Down
1 change: 0 additions & 1 deletion csharp/ql/lib/semmle/code/csharp/controlflow/ControlFlowElement.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ private import semmle.code.csharp.ExprOrStmtParent
private import semmle.code.csharp.commons.Compilation
private import ControlFlow
private import ControlFlow::BasicBlocks
private import SuccessorTypes
private import semmle.code.csharp.Caching
private import internal.ControlFlowGraphImpl as Impl

Expand Down
1 change: 0 additions & 1 deletion csharp/ql/lib/semmle/code/csharp/controlflow/ControlFlowGraph.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import csharp
module ControlFlow {
private import semmle.code.csharp.controlflow.BasicBlocks as BBs
import semmle.code.csharp.controlflow.internal.SuccessorType
private import SuccessorTypes
private import internal.ControlFlowGraphImpl as Impl
private import internal.Splitting as Splitting

Expand Down
3 changes: 2 additions & 1 deletion csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
*/

import csharp
private import ControlFlow::SuccessorTypes
private import ControlFlow
private import semmle.code.csharp.commons.Assertions
private import semmle.code.csharp.commons.ComparisonTest
private import semmle.code.csharp.commons.StructuralComparison as SC
Expand Down Expand Up @@ -1424,6 +1424,7 @@ module Internal {

cached
predicate isGuard(Expr e, AbstractValue val) {
Stages::ControlFlowStage::forceCachingInSameStage() and
(
e.getType() instanceof BoolType and
not e instanceof BoolLiteral and
Expand Down
7 changes: 3 additions & 4 deletions csharp/ql/lib/semmle/code/csharp/controlflow/internal/Completion.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
private import ControlFlowGraphImpl
private import NonReturning
private import SuccessorType
private import SuccessorTypes

private newtype TCompletion =
TSimpleCompletion() or
Expand Down Expand Up @@ -575,7 +574,7 @@

/** A simple (normal) completion. */
class SimpleCompletion extends NonNestedNormalCompletion, TSimpleCompletion {
override NormalSuccessor getAMatchingSuccessorType() { any() }
override DirectSuccessor getAMatchingSuccessorType() { any() }

override string toString() { result = "normal" }
}
Expand Down Expand Up @@ -859,7 +858,7 @@
/** Gets the label of the `goto` completion. */
string getLabel() { result = label }

override GotoSuccessor getAMatchingSuccessorType() { result.getLabel() = label }
override GotoSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?

override string toString() {
// `NestedCompletion` defines `toString()` for the other case
Expand All @@ -882,7 +881,7 @@
/** Gets the type of the exception being thrown. */
ExceptionClass getExceptionClass() { result = ec }

override ExceptionSuccessor getAMatchingSuccessorType() { result.getExceptionClass() = ec }
override ExceptionSuccessor getAMatchingSuccessorType() { any() }

Check warning

Code scanning / CodeQL

Override with unmentioned parameter Warning

Override predicate doesn't mention
result
Loading
. Maybe mention it in a 'exists(result)'?

override string toString() {
// `NestedCompletion` defines `toString()` for the other case
Expand Down
15 changes: 1 addition & 14 deletions csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,23 +79,10 @@ private module CfgInput implements CfgShared::InputSig<Location> {
Impl::scopeLast(scope, last, c)
}

class SuccessorType = ST::SuccessorType;
private class SuccessorType = ST::SuccessorType;

SuccessorType getAMatchingSuccessorType(Completion c) { result = c.getAMatchingSuccessorType() }

predicate successorTypeIsSimple(SuccessorType t) {
t instanceof ST::SuccessorTypes::NormalSuccessor
}

predicate successorTypeIsCondition(SuccessorType t) {
t instanceof ST::SuccessorTypes::ConditionalSuccessor
}

predicate isAbnormalExitType(SuccessorType t) {
t instanceof ST::SuccessorTypes::ExceptionSuccessor or
t instanceof ST::SuccessorTypes::ExitSuccessor
}

int idOfAstNode(AstNode node) { result = node.getId() }

int idOfCfgScope(CfgScope node) { result = idOfAstNode(node) }
Expand Down
2 changes: 1 addition & 1 deletion csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreBasicBlocks.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ class ConditionBlock extends PreBasicBlock {
}

pragma[nomagic]
predicate controls(PreBasicBlock controlled, Cfg::SuccessorTypes::ConditionalSuccessor s) {
predicate controls(PreBasicBlock controlled, Cfg::ConditionalSuccessor s) {
exists(PreBasicBlock succ, ConditionalCompletion c | this.immediatelyControls(succ, c) |
succ.dominates(controlled) and
s = c.getAMatchingSuccessorType()
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ module PreSsa {
}

module SsaInput implements SsaImplCommon::InputSig<Location> {
private import semmle.code.csharp.Caching

class BasicBlock extends PreBasicBlocks::PreBasicBlock {
ControlFlowNode getNode(int i) { result = this.getElement(i) }
}
Expand Down Expand Up @@ -130,6 +132,7 @@ module PreSsa {
}

predicate variableWrite(BasicBlock bb, int i, SourceVariable v, boolean certain) {
Stages::ControlFlowStage::forceCachingInSameStage() and
exists(AssignableDefinition def |
definitionAt(def, bb, i, v) and
if def.getTargetAccess().isRefArgument() then certain = false else certain = true
Expand Down
17 changes: 10 additions & 7 deletions csharp/ql/lib/semmle/code/csharp/controlflow/internal/Splitting.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -470,16 +470,19 @@ module FinallySplitting {
* then the `finally` block must end with a `return` as well (provided that
* the `finally` block exits normally).
*/
class FinallySplitType extends Cfg::SuccessorType {
FinallySplitType() { not this instanceof Cfg::SuccessorTypes::ConditionalSuccessor }
class FinallySplitType instanceof Cfg::SuccessorType {
FinallySplitType() { not this instanceof Cfg::ConditionalSuccessor }

/** Gets a textual representation of this successor type. */
string toString() { result = super.toString() }

/** Holds if this split type matches entry into a `finally` block with completion `c`. */
predicate isSplitForEntryCompletion(Completion c) {
if c instanceof NormalCompletion
then
// If the entry into the `finally` block completes with any normal completion,
// it simply means normal execution after the `finally` block
this instanceof Cfg::SuccessorTypes::NormalSuccessor
this instanceof Cfg::DirectSuccessor
else this = c.getAMatchingSuccessorType()
}
}
Expand Down Expand Up @@ -533,7 +536,7 @@ module FinallySplitting {
int getNestLevel() { result = nestLevel }

override string toString() {
if type instanceof Cfg::SuccessorTypes::NormalSuccessor
if type instanceof Cfg::DirectSuccessor
then result = ""
else
if nestLevel > 0
Expand Down Expand Up @@ -617,14 +620,14 @@ module FinallySplitting {
or
not c instanceof NormalCompletion
or
type instanceof Cfg::SuccessorTypes::NormalSuccessor
type instanceof Cfg::DirectSuccessor
)
else (
// Finally block can exit with completion `c` inherited from try/catch
// block: must match this split
inherited = true and
type = c.getAMatchingSuccessorType() and
not type instanceof Cfg::SuccessorTypes::NormalSuccessor
not type instanceof Cfg::DirectSuccessor
)
)
or
Expand Down Expand Up @@ -657,7 +660,7 @@ module FinallySplitting {
exists(FinallySplit outer |
outer.getNestLevel() = super.getNestLevel() - 1 and
outer.(FinallySplitImpl).exit(pred, c, inherited) and
super.getType() instanceof Cfg::SuccessorTypes::NormalSuccessor and
super.getType() instanceof Cfg::DirectSuccessor and
inherited = true
)
}
Expand Down
Loading
Loading