JS: Update type inference

Author: asgerf

javascript/ql/src/semmle/javascript/dataflow/internal/BasicExprTypeInference.qll

@@ -416,23 +416,3 @@ private class AnalyzedOptionalChainExpr extends DataFlow::AnalyzedValueNode {
     result = TAbstractUndefined()
   }
 }
-
-/**
- * Flow analysis for parameter AST nodes.
- *
- * For legacy reasons this node takes its value from the SSA variable node,
- * even though the SSA variable node is a successor of this node.
- */
-private class AnalyzedParameterValueNode extends AnalyzedNode {
-  Parameter p;
-
-  AnalyzedParameterValueNode() {
-    DataFlow::parameterNode(this, p)
-  }
-
-  override AbstractValue getAValue() {
-    result = p.(AnalyzedVarDef).getAnRhsValue()
-    or
-    result = TIndefiniteAbstractValue("call")
-  }
-}

javascript/ql/src/semmle/javascript/dataflow/internal/VariableTypeInference.qll

@@ -120,7 +120,7 @@ class AnalyzedVarDef extends VarDef {
    * due to the given `cause`.
    */
   predicate isIncomplete(DataFlow::Incompleteness cause) {
-    this instanceof Parameter and cause = "call"
+    this instanceof Parameter and DataFlow::valueNode(this).(AnalyzedValueNode).isIncomplete(cause)
     or
     this instanceof ImportSpecifier and cause = "import"
     or
@@ -140,48 +140,59 @@ class AnalyzedVarDef extends VarDef {
   TopLevel getTopLevel() { result = this.(ASTNode).getTopLevel() }
 }
 
-/**
- * Flow analysis for simple parameters of selected functions.
- */
-private class AnalyzedParameter extends AnalyzedVarDef, @vardecl {
-  AnalyzedParameter() {
-    exists(FunctionWithAnalyzedParameters f, int parmIdx | this = f.getParameter(parmIdx) |
-      // we cannot track flow into rest parameters
-      not this.(Parameter).isRestParameter()
-    )
-  }
+private predicate isAnalyzedParameter(Parameter p) {
+  exists(FunctionWithAnalyzedParameters f, int parmIdx | p = f.getParameter(parmIdx) |
+    // we cannot track flow into rest parameters
+    not p.(Parameter).isRestParameter()
+  )
+}
 
-  /** Gets the function this is a parameter of. */
-  FunctionWithAnalyzedParameters getFunction() { this = result.getAParameter() }
+private class AnalyzedParameter extends AnalyzedValueNode {
+  override Parameter astNode;
 
-  override DataFlow::AnalyzedNode getRhs() {
-    getFunction().argumentPassing(this, result.asExpr()) or
-    result = AnalyzedVarDef.super.getRhs()
-  }
+  AnalyzedParameter() { isAnalyzedParameter(astNode) }
 
-  override AbstractValue getAnRhsValue() {
-    result = AnalyzedVarDef.super.getAnRhsValue()
+  FunctionWithAnalyzedParameters getFunction() { astNode = result.getAParameter() }
+
+  override AbstractValue getALocalValue() {
+    exists(DataFlow::AnalyzedNode pred |
+      getFunction().argumentPassing(astNode, pred.asExpr()) and
+      result = pred.getALocalValue()
+    )
     or
-    not getFunction().mayReceiveArgument(this) and
+    not getFunction().mayReceiveArgument(astNode) and
     result = TAbstractUndefined()
+    or
+    result = astNode.getDefault().analyze().getALocalValue()
   }
 
   override predicate isIncomplete(DataFlow::Incompleteness cause) {
     getFunction().isIncomplete(cause)
     or
-    not getFunction().argumentPassing(this, _) and
-    getFunction().mayReceiveArgument(this) and
+    not getFunction().argumentPassing(astNode, _) and
+    getFunction().mayReceiveArgument(astNode) and
     cause = "call"
   }
 }
 
+/**
+ * Flow analysis for simple parameters of selected functions.
+ */
+private class AnalyzedParameterAsVarDef extends AnalyzedVarDef, @vardecl {
+  AnalyzedParameterAsVarDef() { this instanceof Parameter }
+
+  override AbstractValue getAnRhsValue() {
+    result = DataFlow::valueNode(this).(AnalyzedValueNode).getALocalValue()
+  }
+}
+
 /**
  * Flow analysis for simple rest parameters.
  */
-private class AnalyzedRestParameter extends AnalyzedVarDef, @vardecl {
-  AnalyzedRestParameter() { this.(Parameter).isRestParameter() }
+private class AnalyzedRestParameter extends AnalyzedValueNode {
+  AnalyzedRestParameter() { astNode.(Parameter).isRestParameter() }
 
-  override AbstractValue getAnRhsValue() { result = TAbstractOtherObject() }
+  override AbstractValue getALocalValue() { result = TAbstractOtherObject() }
 
   override predicate isIncomplete(DataFlow::Incompleteness cause) { none() }
 }