Merge pull request #17998 from yoff/shared/locations-in-range-analysis

yoff · web-flow · commit b263132ab20a · 2025-01-09T14:05:54.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll
@@ -3,6 +3,7 @@
  */
 
 private import Semantic
+private import SemanticLocation
 private import SemanticExprSpecific::SemanticExprConfig as Specific
 private import SemanticType
 
@@ -15,7 +16,7 @@ private import SemanticType
 class SemExpr instanceof Specific::Expr {
   final string toString() { result = super.toString() }
 
-  final Specific::Location getLocation() { result = super.getLocation() }
+  SemLocation getLocation() { result = super.getLocation() }
 
   Opcode getOpcode() { result instanceof Opcode::Unknown }
 
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/FloatDelta.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/FloatDelta.qll
@@ -2,6 +2,7 @@ private import RangeAnalysisImpl
 private import codeql.rangeanalysis.RangeAnalysis
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExpr
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticType
+private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticLocation
 
 module FloatDelta implements DeltaSig {
   class Delta = float;
@@ -22,7 +23,7 @@ module FloatDelta implements DeltaSig {
   Delta fromFloat(float f) { result = f }
 }
 
-module FloatOverflow implements OverflowSig<Sem, FloatDelta> {
+module FloatOverflow implements OverflowSig<SemLocation, Sem, FloatDelta> {
   predicate semExprDoesNotOverflow(boolean positively, SemExpr expr) {
     exists(float lb, float ub, float delta |
       typeBounds(expr.getSemType(), lb, ub) and
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisConstantSpecific.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisConstantSpecific.qll
@@ -3,11 +3,12 @@
  */
 
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
+private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticLocation
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
 private import RangeAnalysisImpl
 private import codeql.rangeanalysis.RangeAnalysis
 
-module CppLangImplConstant implements LangSig<Sem, FloatDelta> {
+module CppLangImplConstant implements LangSig<SemLocation, Sem, FloatDelta> {
   /**
    * Ignore the bound on this expression.
    *
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll
@@ -12,7 +12,7 @@ private import SemanticType
 private import codeql.rangeanalysis.RangeAnalysis
 private import ConstantAnalysis as ConstantAnalysis
 
-module Sem implements Semantic {
+module Sem implements Semantic<SemLocation> {
   class Expr = SemExpr;
 
   class ConstantIntegerExpr = ConstantAnalysis::SemConstantIntegerExpr;
@@ -104,7 +104,7 @@ module Sem implements Semantic {
   }
 }
 
-module SignAnalysis implements SignAnalysisSig<Sem> {
+module SignAnalysis implements SignAnalysisSig<SemLocation, Sem> {
   private import SignAnalysisCommon as SA
   import SA::SignAnalysis<FloatDelta>
 }
@@ -165,7 +165,7 @@ module AllBounds implements BoundSig<SemLocation, Sem, FloatDelta> {
   }
 }
 
-private module ModulusAnalysisInstantiated implements ModulusAnalysisSig<Sem> {
+private module ModulusAnalysisInstantiated implements ModulusAnalysisSig<SemLocation, Sem> {
   class ModBound = AllBounds::SemBound;
 
   private import codeql.rangeanalysis.ModulusAnalysis as MA
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisRelativeSpecific.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisRelativeSpecific.qll
@@ -3,12 +3,13 @@
  */
 
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
+private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticLocation
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
 private import RangeAnalysisImpl
 private import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils
 private import codeql.rangeanalysis.RangeAnalysis
 
-module CppLangImplRelative implements LangSig<Sem, FloatDelta> {
+module CppLangImplRelative implements LangSig<SemLocation, Sem, FloatDelta> {
   /**
    * Ignore the bound on this expression.
    *
diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/SignAnalysisCommon.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/SignAnalysisCommon.qll
@@ -10,11 +10,12 @@ private import codeql.rangeanalysis.RangeAnalysis
 private import RangeAnalysisImpl
 private import SignAnalysisSpecific as Specific
 private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
+private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticLocation
 private import ConstantAnalysis
 private import Sign
 
 module SignAnalysis<DeltaSig D> {
-  private import codeql.rangeanalysis.internal.RangeUtils::MakeUtils<Sem, D>
+  private import codeql.rangeanalysis.internal.RangeUtils::MakeUtils<SemLocation, Sem, D>
 
   /**
    * An SSA definition for which the analysis can compute the sign.
diff --git a/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll b/java/ql/lib/semmle/code/java/dataflow/RangeAnalysis.qll
@@ -75,7 +75,7 @@ private import semmle.code.java.Maps
 import Bound
 private import codeql.rangeanalysis.RangeAnalysis
 
-module Sem implements Semantic {
+module Sem implements Semantic<Location> {
   private import java as J
   private import SSA as SSA
   private import RangeUtils as RU
@@ -266,7 +266,7 @@ module Sem implements Semantic {
   predicate conversionCannotOverflow = safeCast/2;
 }
 
-module SignInp implements SignAnalysisSig<Sem> {
+module SignInp implements SignAnalysisSig<Location, Sem> {
   private import SignAnalysis
   private import internal.rangeanalysis.Sign
 
@@ -283,7 +283,7 @@ module SignInp implements SignAnalysisSig<Sem> {
   predicate semMayBeNegative(Sem::Expr e) { exprSign(e) = TNeg() }
 }
 
-module Modulus implements ModulusAnalysisSig<Sem> {
+module Modulus implements ModulusAnalysisSig<Location, Sem> {
   class ModBound = Bound;
 
   private import codeql.rangeanalysis.ModulusAnalysis as Mod
@@ -309,7 +309,7 @@ module IntDelta implements DeltaSig {
   Delta fromFloat(float f) { result = f }
 }
 
-module JavaLangImpl implements LangSig<Sem, IntDelta> {
+module JavaLangImpl implements LangSig<Location, Sem, IntDelta> {
   /**
    * Holds if `e >= bound` (if `upper = false`) or `e <= bound` (if `upper = true`).
    */
@@ -381,7 +381,7 @@ module Bounds implements BoundSig<Location, Sem, IntDelta> {
   }
 }
 
-module Overflow implements OverflowSig<Sem, IntDelta> {
+module Overflow implements OverflowSig<Location, Sem, IntDelta> {
   predicate semExprDoesNotOverflow(boolean positively, Sem::Expr expr) {
     positively = [true, false] and exists(expr)
   }
diff --git a/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll b/java/ql/lib/semmle/code/java/dataflow/RangeUtils.qll
@@ -9,7 +9,7 @@ private import semmle.code.java.Constants
 private import semmle.code.java.dataflow.RangeAnalysis
 private import codeql.rangeanalysis.internal.RangeUtils
 
-private module U = MakeUtils<Sem, IntDelta>;
+private module U = MakeUtils<Location, Sem, IntDelta>;
 
 private predicate backEdge = U::backEdge/3;
 
diff --git a/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll b/shared/rangeanalysis/codeql/rangeanalysis/ModulusAnalysis.qll
@@ -14,9 +14,9 @@ private import codeql.util.Location
 private import RangeAnalysis
 
 module ModulusAnalysis<
-  LocationSig Location, Semantic Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds>
+  LocationSig Location, Semantic<Location> Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds>
 {
-  private import internal.RangeUtils::MakeUtils<Sem, D>
+  private import internal.RangeUtils::MakeUtils<Location, Sem, D>
 
   bindingset[pos, v]
   pragma[inline_late]
diff --git a/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll b/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll
@@ -65,11 +65,13 @@
 
 private import codeql.util.Location
 
-signature module Semantic {
+signature module Semantic<LocationSig Location> {
   class Expr {
     string toString();
 
     BasicBlock getBasicBlock();
+
+    Location getLocation();
   }
 
   class ConstantIntegerExpr extends Expr {
@@ -294,7 +296,7 @@ signature module Semantic {
   predicate conversionCannotOverflow(Type fromType, Type toType);
 }
 
-signature module SignAnalysisSig<Semantic Sem> {
+signature module SignAnalysisSig<LocationSig Location, Semantic<Location> Sem> {
   /** Holds if `e` can be positive and cannot be negative. */
   predicate semPositive(Sem::Expr e);
 
@@ -320,7 +322,7 @@ signature module SignAnalysisSig<Semantic Sem> {
   predicate semMayBeNegative(Sem::Expr e);
 }
 
-signature module ModulusAnalysisSig<Semantic Sem> {
+signature module ModulusAnalysisSig<LocationSig Location, Semantic<Location> Sem> {
   class ModBound;
 
   predicate exprModulus(Sem::Expr e, ModBound b, int val, int mod);
@@ -346,7 +348,7 @@ signature module DeltaSig {
   Delta fromFloat(float f);
 }
 
-signature module LangSig<Semantic Sem, DeltaSig D> {
+signature module LangSig<LocationSig Location, Semantic<Location> Sem, DeltaSig D> {
   /**
    * Holds if `e >= bound` (if `upper = false`) or `e <= bound` (if `upper = true`).
    */
@@ -372,7 +374,7 @@ signature module LangSig<Semantic Sem, DeltaSig D> {
   default predicate includeRelativeBounds() { any() }
 }
 
-signature module BoundSig<LocationSig Location, Semantic Sem, DeltaSig D> {
+signature module BoundSig<LocationSig Location, Semantic<Location> Sem, DeltaSig D> {
   /**
    * A bound that the range analysis can infer for a variable. This includes
    * constant bounds represented by the abstract value zero, SSA bounds for when
@@ -409,22 +411,23 @@ signature module BoundSig<LocationSig Location, Semantic Sem, DeltaSig D> {
   }
 }
 
-signature module OverflowSig<Semantic Sem, DeltaSig D> {
+signature module OverflowSig<LocationSig Location, Semantic<Location> Sem, DeltaSig D> {
   predicate semExprDoesNotOverflow(boolean positively, Sem::Expr expr);
 }
 
 module RangeStage<
-  LocationSig Location, Semantic Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds,
-  OverflowSig<Sem, D> OverflowParam, LangSig<Sem, D> LangParam, SignAnalysisSig<Sem> SignAnalysis,
-  ModulusAnalysisSig<Sem> ModulusAnalysisParam>
+  LocationSig Location, Semantic<Location> Sem, DeltaSig D, BoundSig<Location, Sem, D> Bounds,
+  OverflowSig<Location, Sem, D> OverflowParam, LangSig<Location, Sem, D> LangParam,
+  SignAnalysisSig<Location, Sem> SignAnalysis,
+  ModulusAnalysisSig<Location, Sem> ModulusAnalysisParam>
 {
   private import Bounds
   private import LangParam
   private import D
   private import OverflowParam
   private import SignAnalysis
   private import ModulusAnalysisParam
-  private import internal.RangeUtils::MakeUtils<Sem, D>
+  private import internal.RangeUtils::MakeUtils<Location, Sem, D>
 
   /**
    * An expression that does conversion, boxing, or unboxing
diff --git a/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll b/shared/rangeanalysis/codeql/rangeanalysis/internal/RangeUtils.qll
@@ -1,6 +1,7 @@
 private import codeql.rangeanalysis.RangeAnalysis
+private import codeql.util.Location
 
-module MakeUtils<Semantic Lang, DeltaSig D> {
+module MakeUtils<LocationSig Location, Semantic<Location> Lang, DeltaSig D> {
   private import Lang
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ private import SemanticType`
`12`	`12`	`private import codeql.rangeanalysis.RangeAnalysis`
`13`	`13`	`private import ConstantAnalysis as ConstantAnalysis`
`14`	`14`
`15`		`-module Sem implements Semantic {`
	`15`	`+module Sem implements Semantic<SemLocation> {`
`16`	`16`	`class Expr = SemExpr;`
`17`	`17`
`18`	`18`	`class ConstantIntegerExpr = ConstantAnalysis::SemConstantIntegerExpr;`
`@@ -104,7 +104,7 @@ module Sem implements Semantic {`
`104`	`104`	`}`
`105`	`105`	`}`
`106`	`106`
`107`		`-module SignAnalysis implements SignAnalysisSig<Sem> {`
	`107`	`+module SignAnalysis implements SignAnalysisSig<SemLocation, Sem> {`
`108`	`108`	`private import SignAnalysisCommon as SA`
`109`	`109`	`import SA::SignAnalysis<FloatDelta>`
`110`	`110`	`}`
`@@ -165,7 +165,7 @@ module AllBounds implements BoundSig<SemLocation, Sem, FloatDelta> {`
`165`	`165`	`}`
`166`	`166`	`}`
`167`	`167`
`168`		`-private module ModulusAnalysisInstantiated implements ModulusAnalysisSig<Sem> {`
	`168`	`+private module ModulusAnalysisInstantiated implements ModulusAnalysisSig<SemLocation, Sem> {`
`169`	`169`	`class ModBound = AllBounds::SemBound;`
`170`	`170`
`171`	`171`	`private import codeql.rangeanalysis.ModulusAnalysis as MA`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ private import semmle.code.java.Maps`
`75`	`75`	`import Bound`
`76`	`76`	`private import codeql.rangeanalysis.RangeAnalysis`
`77`	`77`
`78`		`-module Sem implements Semantic {`
	`78`	`+module Sem implements Semantic<Location> {`
`79`	`79`	`private import java as J`
`80`	`80`	`private import SSA as SSA`
`81`	`81`	`private import RangeUtils as RU`
`@@ -266,7 +266,7 @@ module Sem implements Semantic {`
`266`	`266`	`predicate conversionCannotOverflow = safeCast/2;`
`267`	`267`	`}`
`268`	`268`
`269`		`-module SignInp implements SignAnalysisSig<Sem> {`
	`269`	`+module SignInp implements SignAnalysisSig<Location, Sem> {`
`270`	`270`	`private import SignAnalysis`
`271`	`271`	`private import internal.rangeanalysis.Sign`
`272`	`272`
`@@ -283,7 +283,7 @@ module SignInp implements SignAnalysisSig<Sem> {`
`283`	`283`	`predicate semMayBeNegative(Sem::Expr e) { exprSign(e) = TNeg() }`
`284`	`284`	`}`
`285`	`285`
`286`		`-module Modulus implements ModulusAnalysisSig<Sem> {`
	`286`	`+module Modulus implements ModulusAnalysisSig<Location, Sem> {`
`287`	`287`	`class ModBound = Bound;`
`288`	`288`
`289`	`289`	`private import codeql.rangeanalysis.ModulusAnalysis as Mod`
`@@ -309,7 +309,7 @@ module IntDelta implements DeltaSig {`
`309`	`309`	`Delta fromFloat(float f) { result = f }`
`310`	`310`	`}`
`311`	`311`
`312`		`-module JavaLangImpl implements LangSig<Sem, IntDelta> {`
	`312`	`+module JavaLangImpl implements LangSig<Location, Sem, IntDelta> {`
`313`	`313`	`/**`
`314`	`314`	* Holds if `e >= bound` (if `upper = false`) or `e <= bound` (if `upper = true`).
`315`	`315`	`*/`
`@@ -381,7 +381,7 @@ module Bounds implements BoundSig<Location, Sem, IntDelta> {`
`381`	`381`	`}`
`382`	`382`	`}`
`383`	`383`
`384`		`-module Overflow implements OverflowSig<Sem, IntDelta> {`
	`384`	`+module Overflow implements OverflowSig<Location, Sem, IntDelta> {`
`385`	`385`	`predicate semExprDoesNotOverflow(boolean positively, Sem::Expr expr) {`
`386`	`386`	`positively = [true, false] and exists(expr)`
`387`	`387`	`}`