C#: Clean up implementation and remove CIL dataflow implementation.

Author: michaelnebel

csharp/ql/lib/semmle/code/cil/Declaration.qll

@@ -42,7 +42,9 @@ class Declaration extends DotNet::Declaration, Element, @cil_declaration {
   }
 }
 
-private CS::Declaration toCSharpNonTypeParameter(Declaration d) { result.matchesHandle(d) }
+private CS::Declaration toCSharpNonTypeParameter(Declaration d) {
+  result.(DotNet::Declaration).matchesHandle(d)
+}
 
 private CS::TypeParameter toCSharpTypeParameter(TypeParameter tp) {
   toCSharpTypeParameterJoin(tp, result.getIndex(), result.getGeneric())

csharp/ql/lib/semmle/code/csharp/Namespace.qll

@@ -3,7 +3,6 @@
 private import semmle.code.csharp.commons.QualifiedName
 import Element
 import Type
-private import dotnet
 
 /**
  * A type container. Either a namespace (`Namespace`) or a type (`Type`).

csharp/ql/lib/semmle/code/csharp/Property.qll

@@ -5,8 +5,6 @@
 import Member
 import Stmt
 import Type
-private import cil
-private import dotnet
 private import semmle.code.csharp.ExprOrStmtParent
 private import TypeRef
 
@@ -558,8 +556,6 @@ class TrivialProperty extends Property {
     this.isAutoImplemented()
     or
     this.getGetter().trivialGetterField() = this.getSetter().trivialSetterField()
-    or
-    exists(CIL::TrivialProperty prop | this.matchesHandle(prop))
   }
 }
 

csharp/ql/lib/semmle/code/csharp/Variable.qll

@@ -7,7 +7,6 @@ import Assignable
 import Callable
 import Element
 import Type
-private import dotnet
 private import semmle.code.csharp.ExprOrStmtParent
 private import TypeRef
 

csharp/ql/lib/semmle/code/csharp/commons/Disposal.qll

@@ -3,56 +3,13 @@
  */
 
 import csharp
-private import cil
-private import dotnet
 
-private predicate isDisposeMethod(DotNet::Callable method) {
+private predicate isDisposeMethod(Callable method) {
   method.getName() = "Dispose" and
   method.getNumberOfParameters() = 0
 }
 
-private predicate cilVariableReadFlowsToNode(CIL::Variable variable, DataFlow::Node n) {
-  n.asExpr() = variable.getARead()
-  or
-  exists(DataFlow::Node mid |
-    cilVariableReadFlowsToNode(variable, mid) and
-    DataFlow::localFlowStep(mid, n)
-  )
-}
-
-private predicate cilVariableReadFlowsTo(CIL::Variable variable, CIL::DataFlowNode n) {
-  cilVariableReadFlowsToNode(variable, DataFlow::exprNode(n))
-}
-
-private predicate disposedCilVariable(CIL::Variable variable) {
-  // `variable` is the `this` parameter on a dispose method.
-  isDisposeMethod(variable.(CIL::ThisParameter).getMethod())
-  or
-  // `variable` is passed to a method that disposes it.
-  exists(CIL::Call call, CIL::Parameter param |
-    cilVariableReadFlowsTo(variable, call.getArgumentForParameter(param)) and
-    disposedCilVariable(param)
-  )
-  or
-  // A parameter is disposed if its source declaration is disposed
-  disposedCilVariable(variable.(CIL::Parameter).getUnboundDeclaration())
-  or
-  // A variable is disposed if it's assigned to another variable
-  // that may be disposed.
-  exists(CIL::WriteAccess write |
-    cilVariableReadFlowsTo(variable, write.getExpr()) and
-    disposedCilVariable(write.getTarget())
-  )
-}
-
 private predicate disposedCSharpVariable(Variable variable) {
-  // A C# parameter is disposed if its corresponding CIL parameter is disposed
-  exists(CIL::Method m, CIL::Parameter p, int i |
-    disposedCilVariable(p) and p = m.getRawParameter(i)
-  |
-    variable = any(Callable c2 | c2.matchesHandle(m)).getRawParameter(i)
-  )
-  or
   // Call to a method that disposes it
   exists(Call call, int arg, VariableRead read |
     read.getTarget() = variable and
@@ -83,7 +40,4 @@ private predicate disposedCSharpVariable(Variable variable) {
  * Hold if `variable` might be disposed.
  * This is a conservative overestimate.
  */
-predicate mayBeDisposed(DotNet::Variable variable) {
-  disposedCSharpVariable(variable) or
-  disposedCilVariable(variable)
-}
+predicate mayBeDisposed(Variable variable) { disposedCSharpVariable(variable) }

csharp/ql/lib/semmle/code/csharp/commons/QualifiedName.qll

@@ -1,16 +1,15 @@
 /** Provides predicates for working with fully qualified names. */
 
 private import csharp
-private import dotnet
 
 /**
  * Holds if namespace `n` has the qualified name `qualifier`.`name`.
  *
  * For example if the qualified name is `System.Collections.Generic`, then
  * `qualifier`=`System.Collections` and `name`=`Generic`.
  */
-predicate namespaceHasQualifiedName(DotNet::Namespace n, string qualifier, string name) {
-  if n instanceof DotNet::GlobalNamespace
+predicate namespaceHasQualifiedName(Namespace n, string qualifier, string name) {
+  if n instanceof GlobalNamespace
   then qualifier = "" and name = ""
   else (
     exists(string pqualifier, string pname |

csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll

@@ -4,7 +4,6 @@
 
 import csharp
 private import cil
-private import dotnet
 private import ControlFlow::SuccessorTypes
 private import semmle.code.csharp.commons.Assertions
 private import semmle.code.csharp.commons.ComparisonTest
@@ -844,8 +843,6 @@ class NullGuardedDataFlowNode extends GuardedDataFlowNode {
 
 /** INTERNAL: Do not use. */
 module Internal {
-  private import semmle.code.cil.CallableReturns
-
   newtype TAbstractValue =
     TBooleanValue(boolean b) { b = true or b = false } or
     TIntegerValue(int i) { i = any(Expr e).getValue().toInt() } or
@@ -856,20 +853,11 @@ module Internal {
     } or
     TEmptyCollectionValue(boolean b) { b = true or b = false }
 
-  /** A callable that always returns a `null` value. */
-  private class NullCallable extends Callable {
-    NullCallable() {
-      exists(CIL::Method m | m.matchesHandle(this) | alwaysNullMethod(m) and not m.isVirtual())
-    }
-  }
-
   /** Holds if expression `e` is a `null` value. */
   predicate nullValue(Expr e) {
     e instanceof NullLiteral
     or
     e instanceof DefaultValueExpr and e.getType().isRefType()
-    or
-    e.(Call).getTarget().getUnboundDeclaration() instanceof NullCallable
   }
 
   /** Holds if expression `e2` is a `null` value whenever `e1` is. */
@@ -890,11 +878,7 @@ module Internal {
 
   /** A callable that always returns a non-`null` value. */
   private class NonNullCallable extends Callable {
-    NonNullCallable() {
-      exists(CIL::Method m | m.matchesHandle(this) | alwaysNotNullMethod(m) and not m.isVirtual())
-      or
-      this = any(SystemObjectClass c).getGetTypeMethod()
-    }
+    NonNullCallable() { this = any(SystemObjectClass c).getGetTypeMethod() }
   }
 
   /** Holds if expression `e` is a non-`null` value. */

csharp/ql/lib/semmle/code/csharp/controlflow/internal/NonReturning.qll

@@ -6,8 +6,6 @@
  */
 
 import csharp
-private import cil
-private import semmle.code.cil.CallableReturns
 private import semmle.code.csharp.ExprOrStmtParent
 private import semmle.code.csharp.commons.Assertions
 private import semmle.code.csharp.frameworks.System
@@ -39,15 +37,6 @@ private class ThrowingCall extends NonReturningCall {
       or
       this.(FailingAssertion).getAssertionFailure().isException(c.getExceptionClass())
       or
-      exists(Callable target, CIL::Method m, CIL::Type ex |
-        target = this.getTarget() and
-        not target.hasBody() and
-        target.matchesHandle(m) and
-        alwaysThrowsException(m, ex) and
-        c.getExceptionClass().matchesHandle(ex) and
-        not m.isVirtual()
-      )
-      or
       this =
         any(MethodCall mc |
           mc.getTarget()

csharp/ql/lib/semmle/code/csharp/dataflow/internal/CallableReturns.qll

@@ -3,9 +3,7 @@
  */
 
 import csharp
-private import cil
 private import semmle.code.csharp.dataflow.Nullness
-private import semmle.code.cil.CallableReturns as CR
 
 private predicate finalCallable(Callable c) {
   not c.(Virtualizable).isVirtual() and
@@ -15,19 +13,11 @@ private predicate finalCallable(Callable c) {
 /** Holds if callable `c` always returns null. */
 predicate alwaysNullCallable(Callable c) {
   finalCallable(c) and
-  (
-    exists(CIL::Method m | m.matchesHandle(c) | CR::alwaysNullMethod(m))
-    or
-    forex(Expr e | c.canReturn(e) | e instanceof AlwaysNullExpr)
-  )
+  forex(Expr e | c.canReturn(e) | e instanceof AlwaysNullExpr)
 }
 
 /** Holds if callable `c` always returns a non-null value. */
 predicate alwaysNotNullCallable(Callable c) {
   finalCallable(c) and
-  (
-    exists(CIL::Method m | m.matchesHandle(c) | CR::alwaysNotNullMethod(m))
-    or
-    forex(Expr e | c.canReturn(e) | e instanceof NonNullExpr)
-  )
+  forex(Expr e | c.canReturn(e) | e instanceof NonNullExpr)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll

@@ -1,6 +1,4 @@
 private import csharp
-private import cil
-private import dotnet
 private import DataFlowImplCommon as DataFlowImplCommon
 private import DataFlowPublic
 private import DataFlowPrivate
@@ -14,29 +12,12 @@ private import semmle.code.csharp.frameworks.system.collections.Generic
 /**
  * Gets a source declaration of callable `c` that has a body or has
  * a flow summary.
- *
- * If the callable has both CIL and source code, return only the source
- * code version.
  */
-DotNet::Callable getCallableForDataFlow(DotNet::Callable c) {
-  exists(DotNet::Callable unboundDecl | unboundDecl = c.getUnboundDeclaration() |
-    result.hasBody() and
-    if unboundDecl.getFile().fromSource()
-    then
-      // C# callable with C# implementation in the database
-      result = unboundDecl
-    else
-      if unboundDecl instanceof CIL::Callable
-      then
-        // CIL callable with C# implementation in the database
-        unboundDecl.matchesHandle(result.(Callable))
-        or
-        // CIL callable without C# implementation in the database
-        not unboundDecl.matchesHandle(any(Callable k | k.hasBody())) and
-        result = unboundDecl
-      else
-        // C# callable without C# implementation in the database
-        unboundDecl.matchesHandle(result.(CIL::Callable))
+Callable getCallableForDataFlow(Callable c) {
+  exists(Callable unboundDecl | unboundDecl = c.getUnboundDeclaration() |
+    unboundDecl.hasBody() and
+    unboundDecl.getFile().fromSource() and
+    result = unboundDecl
   )
 }
 
@@ -67,7 +48,7 @@ private module Cached {
    */
   cached
   newtype TDataFlowCallable =
-    TDotNetCallable(DotNet::Callable c) { c.isUnboundDeclaration() } or
+    TCallable(Callable c) { c.isUnboundDeclaration() } or
     TSummarizedCallable(DataFlowSummarizedCallable sc) or
     TFieldOrPropertyCallable(FieldOrProperty f) or
     TCapturedVariableCallable(LocalScopeVariable v) { v.isCaptured() }
@@ -81,10 +62,6 @@ private module Cached {
     TExplicitDelegateLikeCall(ControlFlow::Nodes::ElementNode cfn, DelegateLikeCall dc) {
       cfn.getAstNode() = dc
     } or
-    TCilCall(CIL::Call call) {
-      // No need to include calls that are compiled from source
-      not call.getImplementation().getMethod().compiledFromSource()
-    } or
     TSummaryCall(FlowSummary::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver) {
       FlowSummaryImpl::Private::summaryCallbackRange(c, receiver)
     }
@@ -197,7 +174,7 @@ class RefReturnKind extends OutRefReturnKind, TRefReturnKind {
 /** A callable used for data flow. */
 class DataFlowCallable extends TDataFlowCallable {
   /** Gets the underlying source code callable, if any. */
-  DotNet::Callable asCallable() { this = TDotNetCallable(result) }
+  Callable asCallable() { this = TCallable(result) }
 
   /** Gets the underlying summarized callable, if any. */
   FlowSummary::SummarizedCallable asSummarizedCallable() { this = TSummarizedCallable(result) }
@@ -208,7 +185,7 @@ class DataFlowCallable extends TDataFlowCallable {
   LocalScopeVariable asCapturedVariable() { this = TCapturedVariableCallable(result) }
 
   /** Gets the underlying callable. */
-  DotNet::Callable getUnderlyingCallable() {
+  Callable getUnderlyingCallable() {
     result = this.asCallable() or result = this.asSummarizedCallable()
   }
 
@@ -235,8 +212,7 @@ class DataFlowCallable extends TDataFlowCallable {
 abstract class DataFlowCall extends TDataFlowCall {
   /**
    * Gets a run-time target of this call. A target is always a source
-   * declaration, and if the callable has both CIL and source code, only
-   * the source code version is returned.
+   * declaration.
    */
   abstract DataFlowCallable getARuntimeTarget();
 
@@ -250,7 +226,7 @@ abstract class DataFlowCall extends TDataFlowCall {
   abstract DataFlowCallable getEnclosingCallable();
 
   /** Gets the underlying expression, if any. */
-  final DotNet::Expr getExpr() { result = this.getNode().asExpr() }
+  final Expr getExpr() { result = this.getNode().asExpr() }
 
   /** Gets the argument at position `pos` of this call. */
   final ArgumentNode getArgument(ArgumentPosition pos) { result.argumentOf(this, pos) }
@@ -348,33 +324,6 @@ class ExplicitDelegateLikeDataFlowCall extends DelegateDataFlowCall, TExplicitDe
   override Location getLocation() { result = cfn.getLocation() }
 }
 
-/** A CIL call relevant for data flow. */
-class CilDataFlowCall extends DataFlowCall, TCilCall {
-  private CIL::Call call;
-
-  CilDataFlowCall() { this = TCilCall(call) }
-
-  /** Gets the underlying CIL call. */
-  CIL::Call getCilCall() { result = call }
-
-  override DataFlowCallable getARuntimeTarget() {
-    // There is no dispatch library for CIL, so do not consider overrides for now
-    result.getUnderlyingCallable() = getCallableForDataFlow(call.getTarget())
-  }
-
-  override ControlFlow::Nodes::ElementNode getControlFlowNode() { none() }
-
-  override DataFlow::ExprNode getNode() { result.getExpr() = call }
-
-  override DataFlowCallable getEnclosingCallable() {
-    result.asCallable() = call.getEnclosingCallable()
-  }
-
-  override string toString() { result = call.toString() }
-
-  override Location getLocation() { result = call.getLocation() }
-}
-
 /**
  * A synthesized call inside a callable with a flow summary.
  *