Rust: Prune CFG for impossible true/false edges

hvitved · hvitved · commit dc4160b24acf · 2024-09-27T13:37:29.000+02:00
diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/Completion.qll b/rust/ql/lib/codeql/rust/controlflow/internal/Completion.qll
@@ -67,14 +67,21 @@ abstract class ConditionalCompletion extends NormalCompletion {
   abstract ConditionalCompletion getDual();
 }
 
+/** Holds if node `n` has the Boolean constant value `value`. */
+private predicate isBooleanConstant(AstNode n, Boolean value) {
+  n.(LiteralExpr).getTextValue() = value.toString()
+  or
+  isBooleanConstant(n.(ParenExpr).getExpr(), value)
+}
+
 /**
  * A completion that represents evaluation of an expression
  * with a Boolean value.
  */
 class BooleanCompletion extends ConditionalCompletion, TBooleanCompletion {
   BooleanCompletion() { this = TBooleanCompletion(value) }
 
-  override predicate isValidForSpecific(AstNode e) {
+  private predicate isValidForSpecific0(AstNode e) {
     e = any(IfExpr c).getCondition()
     or
     any(MatchArm arm).getGuard() = e
@@ -84,7 +91,7 @@ class BooleanCompletion extends ConditionalCompletion, TBooleanCompletion {
       e = expr.getLhs()
     )
     or
-    exists(Expr parent | this.isValidForSpecific(parent) |
+    exists(Expr parent | this.isValidForSpecific0(parent) |
       parent =
         any(PrefixExpr expr |
           expr.getOperatorName() = "!" and
@@ -103,6 +110,15 @@ class BooleanCompletion extends ConditionalCompletion, TBooleanCompletion {
     )
   }
 
+  override predicate isValidForSpecific(AstNode e) {
+    this.isValidForSpecific0(e) and
+    (
+      isBooleanConstant(e, value)
+      or
+      not isBooleanConstant(e, _)
+    )
+  }
+
   /** Gets the dual Boolean completion. */
   override BooleanCompletion getDual() { result = TBooleanCompletion(value.booleanNot()) }
 
diff --git a/rust/ql/test/library-tests/controlflow/Cfg.expected b/rust/ql/test/library-tests/controlflow/Cfg.expected
@@ -262,13 +262,8 @@
 | test.rs:146:1:151:1 | enter dead_code | test.rs:147:5:149:5 | ExprStmt |  |
 | test.rs:146:1:151:1 | exit dead_code (normal) | test.rs:146:1:151:1 | exit dead_code |  |
 | test.rs:147:5:149:5 | ExprStmt | test.rs:147:9:147:12 | true |  |
-| test.rs:147:5:149:5 | IfExpr | test.rs:150:5:150:13 | ExprStmt |  |
-| test.rs:147:8:147:13 | ParenExpr | test.rs:147:5:149:5 | IfExpr | false |
 | test.rs:147:8:147:13 | ParenExpr | test.rs:148:9:148:17 | ExprStmt | true |
 | test.rs:147:9:147:12 | true | test.rs:147:8:147:13 | ParenExpr |  |
 | test.rs:148:9:148:16 | ReturnExpr | test.rs:146:1:151:1 | exit dead_code (normal) | return |
 | test.rs:148:9:148:17 | ExprStmt | test.rs:148:16:148:16 | 0 |  |
 | test.rs:148:16:148:16 | 0 | test.rs:148:9:148:16 | ReturnExpr |  |
-| test.rs:150:5:150:12 | ReturnExpr | test.rs:146:1:151:1 | exit dead_code (normal) | return |
-| test.rs:150:5:150:13 | ExprStmt | test.rs:150:12:150:12 | 1 |  |
-| test.rs:150:12:150:12 | 1 | test.rs:150:5:150:12 | ReturnExpr |  |
