Merge pull request #2450 from calumgrant/cs/expr-nullability

C#: Expression nullability

Author: hvitved

change-notes/1.24/analysis-csharp.md

@@ -20,11 +20,13 @@ The following changes in version 1.24 affect C# analysis in all applications.
 ## Changes to code extraction
 
 * Tuple expressions, for example `(int,bool)` in `default((int,bool))` are now extracted correctly.
+* Expression nullability flow state is extracted. 
 
 ## Changes to libraries
 
 * The taint tracking library now tracks flow through (implicit or explicit) conversion operator calls.
 * [Code contracts](https://docs.microsoft.com/en-us/dotnet/framework/debug-trace-profile/code-contracts) are now recognized, and are treated like any other assertion methods.
+* Expression nullability flow state is given by the predicates `Expr.hasNotNullFlowState()` and `Expr.hasMaybeNullFlowState()`.
 
 ## Changes to autobuilder
 

csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs

@@ -58,7 +58,7 @@ protected override void ExtractInitializers(TextWriter trapFile)
             }
 
             var initInfo = new ExpressionInfo(Context,
-                new AnnotatedType(initializerType, Kinds.TypeAnnotation.NotAnnotated),
+                new AnnotatedType(initializerType, NullableAnnotation.None),
                 Context.Create(initializer.ThisOrBaseKeyword.GetLocation()),
                 Kinds.ExprKind.CONSTRUCTOR_INIT,
                 this,

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs

@@ -46,6 +46,18 @@ protected sealed override void Populate(TextWriter trapFile)
                 trapFile.expr_parent(this, Info.Child, Info.Parent);
             trapFile.expr_location(this, Location);
 
+            var annotatedType = Type.Symbol;
+            if (!annotatedType.HasObliviousNullability())
+            {
+                var n = NullabilityEntity.Create(cx, Nullability.Create(annotatedType));
+                trapFile.type_nullability(this, n);
+            }
+
+            if(Info.FlowState != NullableFlowState.None)
+            {
+                trapFile.expr_flowstate(this, (int)Info.FlowState);
+            }
+
             if (Info.IsCompilerGenerated)
                 trapFile.expr_compiler_generated(this);
 
@@ -280,7 +292,7 @@ abstract class Expression<SyntaxNode> : Expression
         protected Expression(ExpressionNodeInfo info)
             : base(info)
         {
-            Syntax = (SyntaxNode)info.Node;
+           Syntax = (SyntaxNode)info.Node;
         }
 
         /// <summary>
@@ -344,6 +356,8 @@ interface IExpressionInfo
         /// is null.
         /// </summary>
         string ExprValue { get; }
+
+        NullableFlowState FlowState { get; }
     }
 
     /// <summary>
@@ -360,7 +374,8 @@ class ExpressionInfo : IExpressionInfo
         public bool IsCompilerGenerated { get; }
         public string ExprValue { get; }
 
-        public ExpressionInfo(Context cx, AnnotatedType type, Extraction.Entities.Location location, ExprKind kind, IExpressionParentEntity parent, int child, bool isCompilerGenerated, string value)
+        public ExpressionInfo(Context cx, AnnotatedType type, Extraction.Entities.Location location, ExprKind kind,
+            IExpressionParentEntity parent, int child, bool isCompilerGenerated, string value)
         {
             Context = cx;
             Type = type;
@@ -371,6 +386,9 @@ public ExpressionInfo(Context cx, AnnotatedType type, Extraction.Entities.Locati
             ExprValue = value;
             IsCompilerGenerated = isCompilerGenerated;
         }
+
+        // Synthetic expressions don't have a flow state.
+        public NullableFlowState FlowState => NullableFlowState.None;
     }
 
     /// <summary>
@@ -533,5 +551,7 @@ public SymbolInfo SymbolInfo
                 return cachedSymbolInfo;
             }
         }
+
+        public NullableFlowState FlowState => TypeInfo.Nullability.FlowState;
     }
 }

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs

@@ -43,7 +43,7 @@ protected override void PopulateExpression(TextWriter trapFile)
 
                         var info = new ExpressionInfo(
                             cx,
-                            new AnnotatedType(Entities.Type.Create(cx, cx.Compilation.GetSpecialType(Microsoft.CodeAnalysis.SpecialType.System_Int32)), Kinds.TypeAnnotation.NotAnnotated),
+                            new AnnotatedType(Entities.Type.Create(cx, cx.Compilation.GetSpecialType(Microsoft.CodeAnalysis.SpecialType.System_Int32)), NullableAnnotation.None),
                             Location,
                             ExprKind.INT_LITERAL,
                             this,

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/MemberAccess.cs

@@ -30,7 +30,7 @@ private MemberAccess(ExpressionNodeInfo info, ExpressionSyntax qualifier, ISymbo
         public static Expression Create(ExpressionNodeInfo info, ConditionalAccessExpressionSyntax node) =>
             // The qualifier is located by walking the syntax tree.
             // `node.WhenNotNull` will contain a MemberBindingExpressionSyntax, calling the method below.
-            Create(info.Context, node.WhenNotNull, info.Parent, info.Child);
+            CreateFromNode(new ExpressionNodeInfo(info.Context, node.WhenNotNull, info.Parent, info.Child, info.TypeInfo));
 
         public static Expression Create(ExpressionNodeInfo info, MemberBindingExpressionSyntax node)
         {

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/This.cs

@@ -1,4 +1,4 @@
-using Semmle.Extraction.Entities;
+using Microsoft.CodeAnalysis;
 using Semmle.Extraction.Kinds;
 
 namespace Semmle.Extraction.CSharp.Entities.Expressions
@@ -7,8 +7,8 @@ class This : Expression
     {
         This(IExpressionInfo info) : base(info) { }
 
-        public static This CreateImplicit(Context cx, Type @class, Location loc, IExpressionParentEntity parent, int child) =>
-            new This(new ExpressionInfo(cx, new AnnotatedType(@class, Kinds.TypeAnnotation.NotAnnotated), loc, Kinds.ExprKind.THIS_ACCESS, parent, child, true, null));
+        public static This CreateImplicit(Context cx, Type @class, Extraction.Entities.Location loc, IExpressionParentEntity parent, int child) =>
+            new This(new ExpressionInfo(cx, new AnnotatedType(@class, NullableAnnotation.None), loc, Kinds.ExprKind.THIS_ACCESS, parent, child, true, null));
 
         public static This CreateExplicit(ExpressionNodeInfo info) => new This(info.SetKind(ExprKind.THIS_ACCESS));
     }

csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs

@@ -75,7 +75,7 @@ public override void Populate(TextWriter trapFile)
                     Context.PopulateLater(() =>
                     {
                         var loc = Context.Create(initializer.GetLocation());
-                        var annotatedType = new AnnotatedType(type, TypeAnnotation.None);
+                        var annotatedType = new AnnotatedType(type, NullableAnnotation.None);
                         var simpleAssignExpr = new Expression(new ExpressionInfo(Context, annotatedType, loc, ExprKind.SIMPLE_ASSIGN, this, child++, false, null));
                         Expression.CreateFromNode(new ExpressionNodeInfo(Context, initializer.Value, simpleAssignExpr, 0));
                         var access = new Expression(new ExpressionInfo(Context, annotatedType, Location, ExprKind.PROPERTY_ACCESS, simpleAssignExpr, 1, false, null));

csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NullType.cs

@@ -27,7 +27,7 @@ public override bool Equals(object obj)
             return obj != null && obj.GetType() == typeof(NullType);
         }
 
-        public static AnnotatedType Create(Context cx) => new AnnotatedType(NullTypeFactory.Instance.CreateEntity(cx, null), Kinds.TypeAnnotation.None);
+        public static AnnotatedType Create(Context cx) => new AnnotatedType(NullTypeFactory.Instance.CreateEntity(cx, null), NullableAnnotation.None);
 
         class NullTypeFactory : ICachedEntityFactory<ITypeSymbol, NullType>
         {

csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/Type.cs

@@ -1,8 +1,6 @@
 using Microsoft.CodeAnalysis;
 using Microsoft.CodeAnalysis.CSharp.Syntax;
-using Semmle.Extraction.CSharp.Populators;
 using Semmle.Util;
-using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -14,14 +12,23 @@ namespace Semmle.Extraction.CSharp.Entities
     /// </summary>
     public struct AnnotatedType
     {
-        public AnnotatedType(Type t, Kinds.TypeAnnotation a)
+        public AnnotatedType(Type t, NullableAnnotation n)
         {
             Type = t;
-            Annotation = a;
+            annotation = n;
         }
 
+        /// <summary>
+        /// The underlying type.
+        /// </summary>
         public Type Type;
-        public Kinds.TypeAnnotation Annotation;
+
+        readonly private NullableAnnotation annotation;
+
+        /// <summary>
+        /// Gets the annotated type symbol of this annotated type.
+        /// </summary>
+        public AnnotatedTypeSymbol Symbol => new AnnotatedTypeSymbol(Type.symbol, annotation);
     }
 
     public abstract class Type : CachedSymbol<ITypeSymbol>
@@ -108,7 +115,7 @@ protected void PopulateType(TextWriter trapFile)
 
             if (!(base.symbol is IArrayTypeSymbol))
             {
-                foreach (var t in base.symbol.Interfaces.Select(i=>Create(Context, i)))
+                foreach (var t in base.symbol.Interfaces.Select(i => Create(Context, i)))
                 {
                     trapFile.implement(this, t.TypeRef);
                     baseTypes.Add(t);
@@ -274,7 +281,7 @@ public static Type Create(Context cx, ITypeSymbol type)
         }
 
         public static AnnotatedType Create(Context cx, AnnotatedTypeSymbol type) =>
-            new AnnotatedType(Create(cx, type.Symbol), type.Nullability.GetTypeAnnotation());
+            new AnnotatedType(Create(cx, type.Symbol), type.Nullability);
 
         public virtual int Dimension => 0;
 

csharp/extractor/Semmle.Extraction.CSharp/Tuples.cs

@@ -201,16 +201,6 @@ internal static void explicitly_sized_array_creation(this TextWriter trapFile, E
             trapFile.WriteTuple("explicitly_sized_array_creation", array);
         }
 
-        internal static void expr_compiler_generated(this TextWriter trapFile, Expression expr)
-        {
-            trapFile.WriteTuple("expr_compiler_generated", expr);
-        }
-
-        internal static void expr_location(this TextWriter trapFile, Expression exprKey, Location location)
-        {
-            trapFile.WriteTuple("expr_location", exprKey, location);
-        }
-
         internal static void expr_access(this TextWriter trapFile, Expression expr, IEntity access)
         {
             trapFile.WriteTuple("expr_access", expr, access);
@@ -231,19 +221,34 @@ internal static void expr_call(this TextWriter trapFile, Expression expr, Method
             trapFile.WriteTuple("expr_call", expr, target);
         }
 
-        internal static void expr_parent(this TextWriter trapFile, Expression exprKey, int child, IExpressionParentEntity parent)
+        internal static void expr_compiler_generated(this TextWriter trapFile, Expression expr)
+        {
+            trapFile.WriteTuple("expr_compiler_generated", expr);
+        }
+
+        internal static void expr_flowstate(this TextWriter trapFile, Expression expr, int flowState)
+        {
+            trapFile.WriteTuple("expr_flowstate", expr, flowState);
+        }
+
+        internal static void expr_location(this TextWriter trapFile, Expression expr, Location location)
+        {
+            trapFile.WriteTuple("expr_location", expr, location);
+        }
+
+        internal static void expr_parent(this TextWriter trapFile, Expression expr, int child, IExpressionParentEntity parent)
         {
-            trapFile.WriteTuple("expr_parent", exprKey, child, parent);
+            trapFile.WriteTuple("expr_parent", expr, child, parent);
         }
 
-        internal static void expr_parent_top_level(this TextWriter trapFile, Expression exprKey, int child, IExpressionParentEntity parent)
+        internal static void expr_parent_top_level(this TextWriter trapFile, Expression expr, int child, IExpressionParentEntity parent)
         {
-            trapFile.WriteTuple("expr_parent_top_level", exprKey, child, parent);
+            trapFile.WriteTuple("expr_parent_top_level", expr, child, parent);
         }
 
-        internal static void expr_value(this TextWriter trapFile, Expression exprKey, string value)
+        internal static void expr_value(this TextWriter trapFile, Expression expr, string value)
         {
-            trapFile.WriteTuple("expr_value", exprKey, value);
+            trapFile.WriteTuple("expr_value", expr, value);
         }
 
         internal static void expressions(this TextWriter trapFile, Expression expr, ExprKind kind, Type exprType)