C#: Fix false positives in cs/unchecked-return-value

hvitved · hvitved · commit 5c127ef20dd3 · 2019-07-29T17:32:21.000-07:00
diff --git a/change-notes/1.22/analysis-csharp.md b/change-notes/1.22/analysis-csharp.md
@@ -24,6 +24,7 @@
 | Number of commits | No results | Query has been removed. |
 | Poorly documented files with many authors | No results | Query has been removed. |
 | Recent activity | No results | Query has been removed. |
+| Unchecked return value (`cs/unchecked-return-value`) | Fewer false positive results | Method calls that are expression bodies of `void` callables (for example, the call to `Foo` in `void Bar() => Foo()`) are no longer considered to use the return value. |
 
 ## Changes to code extraction
 
diff --git a/csharp/ql/src/API Abuse/UncheckedReturnValue.ql b/csharp/ql/src/API Abuse/UncheckedReturnValue.ql
@@ -89,7 +89,14 @@ predicate whitelist(Method m) {
 }
 
 class DiscardedMethodCall extends MethodCall {
-  DiscardedMethodCall() { this.getParent() instanceof ExprStmt }
+  DiscardedMethodCall() {
+    this.getParent() instanceof ExprStmt
+    or
+    exists(Callable c |
+      this = c.getExpressionBody() and
+      not c.canReturn(this)
+    )
+  }
 
   string query() {
     exists(Method m |
diff --git a/csharp/ql/src/semmle/code/csharp/Callable.qll b/csharp/ql/src/semmle/code/csharp/Callable.qll
@@ -209,7 +209,8 @@ class Callable extends DotNet::Callable, Parameterizable, ExprOrStmtParent, @cal
   override predicate canReturn(DotNet::Expr e) {
     exists(ReturnStmt ret | ret.getEnclosingCallable() = this | e = ret.getExpr())
     or
-    e = getExpressionBody()
+    e = this.getExpressionBody() and
+    not this.getReturnType() instanceof VoidType
   }
 
   /** Holds if this callable can yield return the expression `e`. */
diff --git a/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.expected b/csharp/ql/test/query-tests/API Abuse/UncheckedReturnValue/UncheckedReturnValue.expected
@@ -4,6 +4,5 @@
 | UncheckedReturnValue.cs:109:9:109:17 | call to method M1 | Result of call to 'M1' is ignored, but 90% of calls to this method have their result used. |
 | UncheckedReturnValue.cs:130:9:130:21 | call to method M2 | Result of call to 'M2' is ignored, but 90% of calls to this method have their result used. |
 | UncheckedReturnValue.cs:142:9:142:20 | call to method M3 | Result of call to 'M3' is ignored, but 90% of calls to this method have their result used. |
-| UncheckedReturnValue.cs:169:9:169:12 | call to method M1 | Result of call to 'M1' is ignored, but 90% of calls to this method have their result used. |
 | UncheckedReturnValueBad.cs:29:9:29:20 | call to method DoPrint | Result of call to 'DoPrint' is ignored, but 90% of calls to this method have their result used. |
 | UncheckedReturnValueBad.cs:36:13:36:40 | call to method Read | Result of call to 'Read' is ignored, but should always be checked. |

Original file line number	Diff line number	Diff line change
`@@ -209,7 +209,8 @@ class Callable extends DotNet::Callable, Parameterizable, ExprOrStmtParent, @cal`
`209`	`209`	`override predicate canReturn(DotNet::Expr e) {`
`210`	`210`	`exists(ReturnStmt ret \| ret.getEnclosingCallable() = this \| e = ret.getExpr())`
`211`	`211`	`or`
`212`		`- e = getExpressionBody()`
	`212`	`+ e = this.getExpressionBody() and`
	`213`	`+ not this.getReturnType() instanceof VoidType`
`213`	`214`	`}`
`214`	`215`
`215`	`216`	/** Holds if this callable can yield return the expression `e`. */