C#: Generalize cs/constant-condition

Author: hvitved

csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql

@@ -14,39 +14,111 @@
 import csharp
 import semmle.code.csharp.commons.Assertions
 import semmle.code.csharp.commons.Constants
+import ControlFlowGraph
 
-/** A condition of an `if` statement or a conditional expression. */
-private class IfCondition extends Expr {
-  IfCondition() {
-    this = any(IfStmt is).getCondition() or
-    this = any(ConditionalExpr ce).getCondition()
+/** A constant condition. */
+abstract class ConstantCondition extends Expr {
+  /** Gets the alert message for this constant condition. */
+  abstract string getMessage();
+
+  /** Holds if this constant condition is white-listed. */
+  predicate isWhiteListed() { none() }
+}
+
+/** A constant Boolean condition. */
+class ConstantBooleanCondition extends ConstantCondition {
+  boolean b;
+
+  ConstantBooleanCondition() {
+    isConstantCondition(this, b)
+  }
+
+  override string getMessage() {
+    result = "Condition always evaluates to '" + b + "'."
+  }
+
+  override predicate isWhiteListed() {
+    // E.g. `x ?? false`
+    this.(BoolLiteral) = any(NullCoalescingExpr nce).getRightOperand()
+  }
+}
+
+/** A constant condition in an `if` statement or a conditional expression. */
+class ConstantIfCondition extends ConstantBooleanCondition {
+  ConstantIfCondition() {
+    this = any(IfStmt is).getCondition().getAChildExpr*() or
+    this = any(ConditionalExpr ce).getCondition().getAChildExpr*()
+  }
+
+  override predicate isWhiteListed() {
+    ConstantBooleanCondition.super.isWhiteListed()
+    or
+    // It is a common pattern to use a local constant/constant field to control
+    // whether code parts must be executed or not
+    this instanceof AssignableRead
   }
 }
 
-/** A loop condition */
-private class LoopCondition extends Expr {
-  LoopCondition() {
+/** A constant loop condition. */
+class ConstantLoopCondition extends ConstantBooleanCondition {
+  ConstantLoopCondition() {
     this = any(LoopStmt ls).getCondition()
   }
+
+  override predicate isWhiteListed() {
+    // Clearly intentional infinite loops are allowed
+    this.(BoolLiteral).getBoolValue() = true
+  }
+}
+
+/** A constant nullness condition. */
+class ConstantNullnessCondition extends ConstantCondition {
+  boolean b;
+
+  ConstantNullnessCondition() {
+    forex(ControlFlowNode cfn |
+      cfn = this.getAControlFlowNode() |
+      exists(ControlFlowEdgeNullness t |
+        exists(cfn.getASuccessorByType(t)) |
+        if t.isNull() then b = true else b = false
+      ) and
+      strictcount(ControlFlowEdgeType t | exists(cfn.getASuccessorByType(t))) = 1
+    )
+  }
+
+  override string getMessage() {
+    if b = true then
+      result = "Expression is always 'null'."
+    else
+      result = "Expression is never 'null'."
+  }
 }
 
-/** Holds if `e` is a conditional expression that is allowed to be constant. */
-predicate isWhiteListed(Expr e) {
-  // It is a common pattern to use a local constant/constant field to control
-  // whether code parts must be executed or not
-  e = any(IfCondition ic).getAChildExpr*() and
-  e instanceof AssignableRead
-  or
-  // Clearly intentional infinite loops are allowed
-  e instanceof LoopCondition and
-  e.(BoolLiteral).getBoolValue() = true
-  or
-  // E.g. `x ?? false`
-  e.(BoolLiteral) = any(NullCoalescingExpr nce).getRightOperand()
+/** A constant matching condition. */
+class ConstantMatchingCondition extends ConstantCondition {
+  boolean b;
+
+  ConstantMatchingCondition() {
+    forex(ControlFlowNode cfn |
+      cfn = this.getAControlFlowNode() |
+      exists(ControlFlowEdgeMatching t |
+        exists(cfn.getASuccessorByType(t)) |
+        if t.isMatch() then b = true else b = false
+      ) and
+      strictcount(ControlFlowEdgeType t | exists(cfn.getASuccessorByType(t))) = 1
+    )
+  }
+
+  override string getMessage() {
+    if b = true then
+      result = "Pattern always matches."
+    else
+      result = "Pattern never matches."
+  }
 }
 
-from Expr e, boolean b
-where isConstantCondition(e, b)
-  and not isWhiteListed(e)
-  and not isExprInAssertion(e)
-select e, "Condition always evaluates to '" + b + "'."
+from ConstantCondition c, string msg
+where msg = c.getMessage()
+  and not c.isWhiteListed()
+  and not isExprInAssertion(c)
+select c, msg

csharp/ql/src/Bad Practices/Control-Flow/ConstantNullCoalescingLeftHandOperand.qhelp

@@ -1,6 +1,7 @@
 // semmle-extractor-options: /r:System.Threading.Thread.dll /r:System.Diagnostics.Debug.dll
 
 using System;
+using System.Collections;
 using System.Diagnostics;
 
 class ConstantCondition
@@ -32,10 +33,71 @@ void M1(int x)
     bool M3(double d) => d == d; // BAD: but flagged by cs/constant-comparison
 }
 
+class ConstantNullness
+{
+    void M1(int i)
+    {
+        var j = ((string)null)?.Length; // BAD
+        var s = ((int?)i)?.ToString(); // BAD
+        var k = s?.Length; // GOOD
+        k = s?.ToLower()?.Length; // GOOD
+    }
+
+    void M2(int i)
+    {
+        var j = (int?)null ?? 0; // BAD
+        var s = "" ?? "a"; // BAD
+        j = (int?)i ?? 1; // BAD
+        s = ""?.CommaJoinWith(s); // BAD
+        s = s ?? ""; // GOOD
+    }
+}
+
+class ConstantMatching
+{
+    void M1()
+    {
+        switch (1 + 2)
+        {
+            case 2 : // BAD
+              break;
+            case 3 : // BAD
+              break;
+            case int _ : // GOOD
+              break;
+        }
+    }
+
+    void M2(string s)
+    {
+        switch ((object)s)
+        {
+            case int _ : // BAD
+              break;
+            case "" : // GOOD
+              break;
+        }
+    }
+
+    void M3(object o)
+    {
+        switch (o)
+        {
+            case IList _ : // GOOD
+              break;
+        }
+    }
+}
+
 class Assertions
 {
     void F()
     {
         Debug.Assert(false ? false : true);  // GOOD
     }
 }
+
+static class Ext
+{
+    public static string CommaJoinWith(this string s1, string s2) => s1 + ", " + s2;
+}

csharp/ql/src/Bad Practices/Control-Flow/ConstantNullCoalescingLeftHandOperand.ql

@@ -1,3 +1,12 @@
+| ConstantCondition.cs:40:18:40:29 | (...) ... | Expression is always 'null'. |
+| ConstantCondition.cs:41:18:41:24 | (...) ... | Expression is never 'null'. |
+| ConstantCondition.cs:48:17:48:26 | (...) ... | Expression is always 'null'. |
+| ConstantCondition.cs:49:17:49:18 | "" | Expression is never 'null'. |
+| ConstantCondition.cs:50:13:50:19 | (...) ... | Expression is never 'null'. |
+| ConstantCondition.cs:51:13:51:14 | "" | Expression is never 'null'. |
+| ConstantCondition.cs:62:18:62:18 | 2 | Pattern never matches. |
+| ConstantCondition.cs:64:18:64:18 | 3 | Pattern always matches. |
+| ConstantCondition.cs:75:18:75:20 | access to type Int32 | Pattern never matches. |
 | ConstantConditionBad.cs:5:16:5:20 | ... > ... | Condition always evaluates to 'false'. |
 | ConstantConditionalExpressionCondition.cs:11:22:11:34 | ... == ... | Condition always evaluates to 'true'. |
 | ConstantConditionalExpressionCondition.cs:12:21:12:25 | false | Condition always evaluates to 'false'. |
@@ -7,6 +16,8 @@
 | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. |
 | ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. |
 | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. |
+| ConstantNullCoalescingLeftHandOperand.cs:11:24:11:34 | access to constant NULL_OBJECT | Expression is never 'null'. |
+| ConstantNullCoalescingLeftHandOperand.cs:12:24:12:27 | null | Expression is always 'null'. |
 | ConstantWhileCondition.cs:12:20:12:32 | ... == ... | Condition always evaluates to 'true'. |
 | ConstantWhileCondition.cs:16:20:16:24 | false | Condition always evaluates to 'false'. |
 | ConstantWhileCondition.cs:24:20:24:29 | ... == ... | Condition always evaluates to 'true'. |