Merge pull request #886 from hvitved/csharp/cfg/restructure

C#: Split up `ControlFlowGraph.qll` into multiple files

Author: calumgrant

csharp/ql/src/semmle/code/csharp/controlflow/ControlFlowGraph.qll

@@ -8,7 +8,7 @@ private import semmle.code.csharp.commons.Assertions
 private import semmle.code.csharp.commons.ComparisonTest
 private import semmle.code.csharp.commons.StructuralComparison::Internal
 private import semmle.code.csharp.controlflow.BasicBlocks
-private import semmle.code.csharp.controlflow.Completion
+private import semmle.code.csharp.controlflow.internal.Completion
 private import semmle.code.csharp.dataflow.Nullness
 private import semmle.code.csharp.frameworks.System
 
@@ -627,7 +627,8 @@ class NullGuardedDataFlowNode extends GuardedDataFlowNode {
 
 /** INTERNAL: Do not use. */
 module Internal {
-  private import ControlFlow::Internal
+  private import semmle.code.csharp.controlflow.internal.PreBasicBlocks as PreBasicBlocks
+  private import semmle.code.csharp.controlflow.internal.PreSsa as PreSsa
 
   newtype TAbstractValue =
     TBooleanValue(boolean b) { b = true or b = false } or

csharp/ql/src/semmle/code/csharp/controlflow/Guards.qll

@@ -0,0 +1,140 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides a simple analysis for identifying calls to callables that will
+ * not return.
+ */
+
+import csharp
+private import semmle.code.csharp.ExprOrStmtParent
+private import semmle.code.csharp.commons.Assertions
+private import semmle.code.csharp.frameworks.System
+private import semmle.code.csharp.controlflow.internal.Completion
+
+/** A call that definitely does not return (conservative analysis). */
+abstract class NonReturningCall extends Call {
+  /** Gets a valid completion for this non-returning call. */
+  abstract Completion getACompletion();
+}
+
+private class ExitingCall extends NonReturningCall {
+  ExitingCall() {
+    this.getTarget() instanceof ExitingCallable
+    or
+    exists(AssertMethod m | m = this.(FailingAssertion).getAssertMethod() |
+      not exists(m.getExceptionClass())
+    )
+  }
+
+  override ExitCompletion getACompletion() { any() }
+}
+
+private class ThrowingCall extends NonReturningCall {
+  private ThrowCompletion c;
+
+  ThrowingCall() {
+    c = this.getTarget().(ThrowingCallable).getACallCompletion()
+    or
+    exists(AssertMethod m | m = this.(FailingAssertion).getAssertMethod() |
+      c.getExceptionClass() = m.getExceptionClass()
+    )
+  }
+
+  override ThrowCompletion getACompletion() { result = c }
+}
+
+abstract private class NonReturningCallable extends Callable {
+  NonReturningCallable() {
+    not exists(ReturnStmt ret | ret.getEnclosingCallable() = this) and
+    not hasAccessorAutoImplementation(this, _) and
+    not exists(Virtualizable v | v.isOverridableOrImplementable() |
+      v = this or
+      v = this.(Accessor).getDeclaration()
+    )
+  }
+}
+
+abstract private class ExitingCallable extends NonReturningCallable { }
+
+private class DirectlyExitingCallable extends ExitingCallable {
+  DirectlyExitingCallable() {
+    this = any(Method m |
+        m.hasQualifiedName("System.Environment", "Exit") or
+        m.hasQualifiedName("System.Windows.Forms.Application", "Exit")
+      )
+  }
+}
+
+private class IndirectlyExitingCallable extends ExitingCallable {
+  IndirectlyExitingCallable() {
+    forex(ControlFlowElement body | body = this.getABody() | body = getAnExitingElement())
+  }
+}
+
+private ControlFlowElement getAnExitingElement() {
+  result instanceof ExitingCall
+  or
+  result = getAnExitingStmt()
+}
+
+private Stmt getAnExitingStmt() {
+  result.(ExprStmt).getExpr() = getAnExitingElement()
+  or
+  result.(BlockStmt).getFirstStmt() = getAnExitingElement()
+  or
+  exists(IfStmt ifStmt |
+    result = ifStmt and
+    ifStmt.getThen() = getAnExitingElement() and
+    ifStmt.getElse() = getAnExitingElement()
+  )
+}
+
+private class ThrowingCallable extends NonReturningCallable {
+  ThrowingCallable() {
+    forex(ControlFlowElement body | body = this.getABody() | body = getAThrowingElement(_))
+  }
+
+  /** Gets a valid completion for a call to this throwing callable. */
+  ThrowCompletion getACallCompletion() { this.getABody() = getAThrowingElement(result) }
+}
+
+private predicate directlyThrows(ThrowElement te, ThrowCompletion c) {
+  c.getExceptionClass() = te.getThrownExceptionType() and
+  // For stub implementations, there may exist proper implementations that are not seen
+  // during compilation, so we conservatively rule those out
+  not isStub(te)
+}
+
+private ControlFlowElement getAThrowingElement(ThrowCompletion c) {
+  c = result.(ThrowingCall).getACompletion()
+  or
+  directlyThrows(result, c)
+  or
+  result = getAThrowingStmt(c)
+}
+
+private Stmt getAThrowingStmt(ThrowCompletion c) {
+  directlyThrows(result, c)
+  or
+  result.(ExprStmt).getExpr() = getAThrowingElement(c)
+  or
+  result.(BlockStmt).getFirstStmt() = getAThrowingStmt(c)
+  or
+  exists(IfStmt ifStmt, ThrowCompletion c1, ThrowCompletion c2 |
+    result = ifStmt and
+    ifStmt.getThen() = getAThrowingStmt(c1) and
+    ifStmt.getElse() = getAThrowingStmt(c2)
+  |
+    c = c1
+    or
+    c = c2
+  )
+}
+
+/** Holds if `throw` element `te` indicates a stub implementation. */
+private predicate isStub(ThrowElement te) {
+  exists(Expr e | e = te.getExpr() |
+    e instanceof NullLiteral or
+    e.getType() instanceof SystemNotImplementedExceptionClass
+  )
+}

…e/code/csharp/controlflow/Completion.qll …harp/controlflow/internal/Completion.qllcsharp/ql/src/semmle/code/csharp/controlflow/Completion.qll renamed to csharp/ql/src/semmle/code/csharp/controlflow/internal/Completion.qll csharp/ql/src/semmle/code/csharp/controlflow/Completion.qll renamed to csharp/ql/src/semmle/code/csharp/controlflow/internal/Completion.qll

@@ -0,0 +1,114 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides a basic block implementation on control flow elements. That is,
+ * a "pre-CFG" where the nodes are (unsplit) control flow elements and the
+ * successor releation is `succ = succ(pred, _)`.
+ *
+ * The logic is duplicated from the implementation in `BasicBlocks.qll`, and
+ * being an internal class, all predicate documentation has been removed.
+ */
+
+import csharp
+private import semmle.code.csharp.controlflow.internal.Completion
+private import semmle.code.csharp.controlflow.ControlFlowGraph::ControlFlow
+private import Internal::Successor
+
+private predicate startsBB(ControlFlowElement cfe) {
+  not cfe = succ(_, _) and
+  (
+    exists(succ(cfe, _))
+    or
+    exists(succExit(cfe, _))
+  )
+  or
+  strictcount(ControlFlowElement pred, Completion c | cfe = succ(pred, c)) > 1
+  or
+  exists(ControlFlowElement pred, int i |
+    cfe = succ(pred, _) and
+    i = count(ControlFlowElement succ, Completion c | succ = succ(pred, c))
+  |
+    i > 1
+    or
+    i = 1 and
+    exists(succExit(pred, _))
+  )
+}
+
+private predicate intraBBSucc(ControlFlowElement pred, ControlFlowElement succ) {
+  succ = succ(pred, _) and
+  not startsBB(succ)
+}
+
+private predicate bbIndex(ControlFlowElement bbStart, ControlFlowElement cfe, int i) =
+  shortestDistances(startsBB/1, intraBBSucc/2)(bbStart, cfe, i)
+
+private predicate succBB(PreBasicBlock pred, PreBasicBlock succ) { succ = pred.getASuccessor() }
+
+private predicate entryBB(PreBasicBlock bb) { bb = succEntry(_) }
+
+private predicate bbIDominates(PreBasicBlock dom, PreBasicBlock bb) =
+  idominance(entryBB/1, succBB/2)(_, dom, bb)
+
+class PreBasicBlock extends ControlFlowElement {
+  PreBasicBlock() { startsBB(this) }
+
+  PreBasicBlock getASuccessorByType(SuccessorType t) {
+    result = succ(this.getLastElement(), any(Completion c | t.matchesCompletion(c)))
+  }
+
+  PreBasicBlock getASuccessor() { result = this.getASuccessorByType(_) }
+
+  PreBasicBlock getAPredecessor() { result.getASuccessor() = this }
+
+  ControlFlowElement getElement(int pos) { bbIndex(this, result, pos) }
+
+  ControlFlowElement getAnElement() { result = this.getElement(_) }
+
+  ControlFlowElement getFirstElement() { result = this }
+
+  ControlFlowElement getLastElement() { result = this.getElement(length() - 1) }
+
+  int length() { result = strictcount(getAnElement()) }
+
+  predicate immediatelyDominates(PreBasicBlock bb) { bbIDominates(this, bb) }
+
+  predicate strictlyDominates(PreBasicBlock bb) { this.immediatelyDominates+(bb) }
+
+  predicate dominates(PreBasicBlock bb) {
+    bb = this
+    or
+    this.strictlyDominates(bb)
+  }
+
+  predicate inDominanceFrontier(PreBasicBlock df) {
+    this.dominatesPredecessor(df) and
+    not this.strictlyDominates(df)
+  }
+
+  private predicate dominatesPredecessor(PreBasicBlock df) { this.dominates(df.getAPredecessor()) }
+}
+
+class ConditionBlock extends PreBasicBlock {
+  ConditionBlock() {
+    strictcount(ConditionalCompletion c |
+      exists(succ(this.getLastElement(), c))
+      or
+      exists(succExit(this.getLastElement(), c))
+    ) > 1
+  }
+
+  private predicate immediatelyControls(PreBasicBlock succ, ConditionalCompletion c) {
+    succ = succ(this.getLastElement(), c) and
+    forall(PreBasicBlock pred | pred = succ.getAPredecessor() and pred != this |
+      succ.dominates(pred)
+    )
+  }
+
+  predicate controls(PreBasicBlock controlled, SuccessorTypes::ConditionalSuccessor s) {
+    exists(PreBasicBlock succ, ConditionalCompletion c | immediatelyControls(succ, c) |
+      succ.dominates(controlled) and
+      s.matchesCompletion(c)
+    )
+  }
+}