Skip to content

Commit dd9516f

Browse files
aschackmullaschackmull
committed
Java: Preparatory Nullness refactor.
1 parent f833fe0 commit dd9516f

File tree

1 file changed

+25
-15
lines changed

1 file changed

+25
-15
lines changed

java/ql/lib/semmle/code/java/dataflow/Nullness.qll

Lines changed: 25 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -45,13 +45,21 @@ private import semmle.code.java.Collections
4545
private import semmle.code.java.frameworks.Assertions
4646

4747
/** Gets an expression that may be `null`. */
48-
Expr nullExpr() {
49-
result instanceof NullLiteral or
50-
result.(ChooseExpr).getAResultExpr() = nullExpr() or
51-
result.(AssignExpr).getSource() = nullExpr() or
52-
result.(CastExpr).getExpr() = nullExpr() or
53-
result.(ImplicitCastExpr).getExpr() = nullExpr() or
54-
result instanceof SafeCastExpr
48+
Expr nullExpr() { result = nullExpr(_) }
49+
50+
/** Gets an expression that may be `null`. */
51+
private Expr nullExpr(Expr reason) {
52+
result instanceof NullLiteral and reason = result
53+
or
54+
result.(ChooseExpr).getAResultExpr() = nullExpr(reason)
55+
or
56+
result.(AssignExpr).getSource() = nullExpr(reason)
57+
or
58+
result.(CastExpr).getExpr() = nullExpr(reason)
59+
or
60+
result.(ImplicitCastExpr).getExpr() = nullExpr(reason)
61+
or
62+
result instanceof SafeCastExpr and reason = result
5563
}
5664

5765
/** An expression of a boxed type that is implicitly unboxed. */
@@ -183,12 +191,13 @@ private predicate firstVarDereferenceInBlock(BasicBlock bb, SsaVariable v, VarAc
183191
}
184192

185193
/** A variable suspected of being `null`. */
186-
private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
194+
private predicate varMaybeNull(SsaVariable v, ControlFlowNode node, string msg, Expr reason) {
187195
// A variable compared to null might be null.
188196
exists(Expr e |
189197
reason = e and
190198
msg = "as suggested by $@ null guard" and
191199
guardSuggestsVarMaybeNull(e, v) and
200+
node = v.getCfgNode() and
192201
not v instanceof SsaPhiNode and
193202
not clearlyNotNull(v) and
194203
// Comparisons in finally blocks are excluded since missing exception edges in the CFG could otherwise yield FPs.
@@ -204,6 +213,7 @@ private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
204213
// A parameter might be null if there is a null argument somewhere.
205214
exists(Parameter p, Expr arg |
206215
v.(SsaImplicitInit).isParameterDefinition(p) and
216+
node = v.getCfgNode() and
207217
p.getAnArgument() = arg and
208218
reason = arg and
209219
msg = "because of $@ null argument" and
@@ -214,7 +224,7 @@ private predicate varMaybeNull(SsaVariable v, string msg, Expr reason) {
214224
// If the source of a variable is null then the variable may be null.
215225
exists(VariableAssign def |
216226
v.(SsaExplicitUpdate).getDefiningExpr() = def and
217-
def.getSource() = nullExpr() and
227+
def.getSource() = nullExpr(node.asExpr()) and
218228
reason = def and
219229
msg = "because of $@ assignment"
220230
)
@@ -308,7 +318,7 @@ private predicate leavingFinally(BasicBlock bb1, BasicBlock bb2, boolean normale
308318
}
309319

310320
private predicate ssaSourceVarMaybeNull(SsaSourceVariable v) {
311-
varMaybeNull(v.getAnSsaVariable(), _, _)
321+
varMaybeNull(v.getAnSsaVariable(), _, _, _)
312322
}
313323

314324
/**
@@ -361,7 +371,7 @@ private predicate nullVarStep(
361371
private predicate varMaybeNullInBlock(
362372
SsaVariable ssa, SsaSourceVariable v, BasicBlock bb, boolean storedcompletion
363373
) {
364-
varMaybeNull(ssa, _, _) and
374+
varMaybeNull(ssa, _, _, _) and
365375
bb = ssa.getBasicBlock() and
366376
storedcompletion = false and
367377
v = ssa.getSourceVariable()
@@ -387,7 +397,7 @@ private predicate varMaybeNullInBlock_origin(
387397
SsaVariable origin, SsaVariable ssa, BasicBlock bb, boolean storedcompletion
388398
) {
389399
nullDerefCandidateVariable(ssa.getSourceVariable()) and
390-
varMaybeNull(ssa, _, _) and
400+
varMaybeNull(ssa, _, _, _) and
391401
bb = ssa.getBasicBlock() and
392402
storedcompletion = false and
393403
origin = ssa
@@ -555,7 +565,7 @@ private predicate varMaybeNullInBlock_corrCond(
555565
not varConditionallyNull(ssa, cond1, _) and
556566
(branch = true or branch = false)
557567
) and
558-
varMaybeNull(ssa, _, _) and
568+
varMaybeNull(ssa, _, _, _) and
559569
bb = ssa.getBasicBlock() and
560570
storedcompletion = false and
561571
origin = ssa
@@ -761,7 +771,7 @@ private predicate varMaybeNullInBlock_trackVar(
761771
isReset(trackssa, trackvar, kind, init, _)
762772
)
763773
) and
764-
varMaybeNull(ssa, _, _) and
774+
varMaybeNull(ssa, _, _, _) and
765775
bb = ssa.getBasicBlock() and
766776
storedcompletion = false and
767777
origin = ssa
@@ -813,7 +823,7 @@ private predicate varMaybeNullInBlock_trackVar(
813823
predicate nullDeref(SsaSourceVariable v, VarAccess va, string msg, Expr reason) {
814824
exists(SsaVariable origin, SsaVariable ssa, BasicBlock bb |
815825
nullDerefCandidate(origin, va) and
816-
varMaybeNull(origin, msg, reason) and
826+
varMaybeNull(origin, _, msg, reason) and
817827
ssa.getSourceVariable() = v and
818828
firstVarDereferenceInBlock(bb, ssa, va) and
819829
forall(ConditionBlock cond | correlatedConditions(v, cond, _, _) |

0 commit comments

Comments
 (0)