Skip to content

Commit db1f399

Browse files
aschackmullaschackmull
committed
Java: Preparatory Nullness refactor.
1 parent e8ddac0 commit db1f399

File tree

1 file changed

+25
-15
lines changed

1 file changed

+25
-15
lines changed

java/ql/lib/semmle/code/java/dataflow/Nullness.qll

Lines changed: 25 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -45,13 +45,21 @@ private import semmle.code.java.Collections
4545
private import semmle.code.java.controlflow.internal.Preconditions
4646

4747
/** Gets an expression that may be `null`. */
48-
Expr nullExpr() {
49-
result instanceof NullLiteral or
50-
result.(ChooseExpr).getAResultExpr() = nullExpr() or
51-
result.(AssignExpr).getSource() = nullExpr() or
52-
result.(CastExpr).getExpr() = nullExpr() or
53-
result.(ImplicitCastExpr).getExpr() = nullExpr() or
54-
result instanceof SafeCastExpr
48+
Expr nullExpr() { result = nullExpr(_) }
49+
50+
/** Gets an expression that may be `null`. */
51+
private Expr nullExpr(Expr reason) {
52+
result instanceof NullLiteral and reason = result
53+
or
54+
result.(ChooseExpr).getAResultExpr() = nullExpr(reason)
55+
or
56+
result.(AssignExpr).getSource() = nullExpr(reason)
57+
or
58+
result.(CastExpr).getExpr() = nullExpr(reason)
59+
or
60+
result.(ImplicitCastExpr).getExpr() = nullExpr(reason)
61+
or
62+
result instanceof SafeCastExpr and reason = result
5563
}
5664

5765
/** An expression of a boxed type that is implicitly unboxed. */
@@ -174,12 +182,13 @@ private predicate firstVarDereferenceInBlock(BasicBlock bb, SsaVariable v, VarAc
174182
}
175183

176184
/** A variable suspected of being `null`. */
177-
private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
185+
private predicate varMaybeNull(SsaVariable v, ControlFlowNode node, string msg, Expr reason) {
178186
// A variable compared to null might be null.
179187
exists(Expr e |
180188
reason = e and
181189
msg = "as suggested by $@ null guard" and
182190
guardSuggestsVarMaybeNull(e, v) and
191+
node = v.getCfgNode() and
183192
not v instanceof SsaPhiNode and
184193
not clearlyNotNull(v) and
185194
// Comparisons in finally blocks are excluded since missing exception edges in the CFG could otherwise yield FPs.
@@ -195,6 +204,7 @@ private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
195204
// A parameter might be null if there is a null argument somewhere.
196205
exists(Parameter p, Expr arg |
197206
v.(SsaImplicitInit).isParameterDefinition(p) and
207+
node = v.getCfgNode() and
198208
p.getAnArgument() = arg and
199209
reason = arg and
200210
msg = "because of $@ null argument" and
@@ -205,7 +215,7 @@ private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
205215
// If the source of a variable is null then the variable may be null.
206216
exists(VariableAssign def |
207217
v.(SsaExplicitUpdate).getDefiningExpr() = def and
208-
def.getSource() = nullExpr() and
218+
def.getSource() = nullExpr(node.asExpr()) and
209219
reason = def and
210220
msg = "because of $@ assignment"
211221
)
@@ -299,7 +309,7 @@ private predicate leavingFinally(BasicBlock bb1, BasicBlock bb2, boolean normale
299309
}
300310

301311
private predicate ssaSourceVarMaybeNull(SsaSourceVariable v) {
302-
varMaybeNull(v.getAnSsaVariable(), _, _)
312+
varMaybeNull(v.getAnSsaVariable(), _, _, _)
303313
}
304314

305315
/**
@@ -352,7 +362,7 @@ private predicate nullVarStep(
352362
private predicate varMaybeNullInBlock(
353363
SsaVariable ssa, SsaSourceVariable v, BasicBlock bb, boolean storedcompletion
354364
) {
355-
varMaybeNull(ssa, _, _) and
365+
varMaybeNull(ssa, _, _, _) and
356366
bb = ssa.getBasicBlock() and
357367
storedcompletion = false and
358368
v = ssa.getSourceVariable()
@@ -378,7 +388,7 @@ private predicate varMaybeNullInBlock_origin(
378388
SsaVariable origin, SsaVariable ssa, BasicBlock bb, boolean storedcompletion
379389
) {
380390
nullDerefCandidateVariable(ssa.getSourceVariable()) and
381-
varMaybeNull(ssa, _, _) and
391+
varMaybeNull(ssa, _, _, _) and
382392
bb = ssa.getBasicBlock() and
383393
storedcompletion = false and
384394
origin = ssa
@@ -546,7 +556,7 @@ private predicate varMaybeNullInBlock_corrCond(
546556
not varConditionallyNull(ssa, cond1, _) and
547557
(branch = true or branch = false)
548558
) and
549-
varMaybeNull(ssa, _, _) and
559+
varMaybeNull(ssa, _, _, _) and
550560
bb = ssa.getBasicBlock() and
551561
storedcompletion = false and
552562
origin = ssa
@@ -752,7 +762,7 @@ private predicate varMaybeNullInBlock_trackVar(
752762
isReset(trackssa, trackvar, kind, init, _)
753763
)
754764
) and
755-
varMaybeNull(ssa, _, _) and
765+
varMaybeNull(ssa, _, _, _) and
756766
bb = ssa.getBasicBlock() and
757767
storedcompletion = false and
758768
origin = ssa
@@ -804,7 +814,7 @@ private predicate varMaybeNullInBlock_trackVar(
804814
predicate nullDeref(SsaSourceVariable v, VarAccess va, string msg, Expr reason) {
805815
exists(SsaVariable origin, SsaVariable ssa, BasicBlock bb |
806816
nullDerefCandidate(origin, va) and
807-
varMaybeNull(origin, msg, reason) and
817+
varMaybeNull(origin, _, msg, reason) and
808818
ssa.getSourceVariable() = v and
809819
firstVarDereferenceInBlock(bb, ssa, va) and
810820
forall(ConditionBlock cond | correlatedConditions(v, cond, _, _) |

0 commit comments

Comments
 (0)