jorgectf
diff --git a/‎cpp/ql/lib/change-notes/2023-03-28-dataflow-rm-footgun.md
Lines changed: 4 additions & 0 deletions b/‎cpp/ql/lib/change-notes/2023-03-28-dataflow-rm-footgun.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisStage.qll
Lines changed: 30 additions & 0 deletions b/‎cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisStage.qll
Lines changed: 30 additions & 0 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
Lines changed: 3 additions & 2 deletions
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
Lines changed: 3 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
Lines changed: 3 additions & 2 deletions
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
@@ -1039,6 +1039,29 @@ module RangeStage<DeltaSig D, BoundSig<D> Bounds, LangSig<D> LangParam, UtilSig<
         or
         b = bRight and origdelta = odRight and reason = rRight and bLeft instanceof SemZeroBound
       )
+      or
+      exists(
+        SemRemExpr rem, SemZeroBound b1, SemZeroBound b2, D::Delta d_max, D::Delta d1, D::Delta d2,
+        boolean fbe1, boolean fbe2, D::Delta od1, D::Delta od2, SemReason r1, SemReason r2
+      |
+        rem = e and
+        not (upper = true and semPositive(rem.getRightOperand())) and
+        not (upper = true and semPositive(rem.getLeftOperand())) and
+        boundedRemExpr(rem, b1, true, d1, fbe1, od1, r1) and
+        boundedRemExpr(rem, b2, false, d2, fbe2, od2, r2) and
+        (
+          if D::toFloat(d1).abs() > D::toFloat(d2).abs()
+          then (
+            b = b1 and d_max = d1 and fromBackEdge = fbe1 and origdelta = od1 and reason = r1
+          ) else (
+            b = b2 and d_max = d2 and fromBackEdge = fbe2 and origdelta = od2 and reason = r2
+          )
+        )
+      |
+        upper = true and delta = D::fromFloat(D::toFloat(d_max).abs() - 1)
+        or
+        upper = false and delta = D::fromFloat(-D::toFloat(d_max).abs() + 1)
+      )
     )
   }
 
@@ -1065,4 +1088,11 @@ module RangeStage<DeltaSig D, BoundSig<D> Bounds, LangSig<D> LangParam, UtilSig<
       bounded(add.getRightOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
     )
   }
+
+  private predicate boundedRemExpr(
+    SemRemExpr rem, SemZeroBound b, boolean upper, D::Delta delta, boolean fromBackEdge,
+    D::Delta origdelta, SemReason reason
+  ) {
+    bounded(rem.getRightOperand(), b, delta, upper, fromBackEdge, origdelta, reason)
+  }
 }
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
 
@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {
 }
 
 private import Impl<Config> as I
-import I
 
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {
   final predicate isSinkGroup(string group) { super.isSinkGroup(group) }
 }
 
+module PathGraph = I::PathGraph;
+
 private predicate hasFlow(Node source, Node sink, Configuration config) {
   exists(PathNode source0, PathNode sink0 |
     hasFlowPath(source0, sink0, config) and
@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {
 }
 
 private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {
-  flowPath(source, sink) and source.getConfiguration() = config
+  I::flowPath(source, sink) and source.getConfiguration() = config
 }
 
 private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: fix
 +---
 +* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
Original file line number	Diff line number	Diff line change
`@@ -328,7 +328,6 @@ private module Config implements FullStateConfigSig {`
`328`	`328`	`}`
`329`	`329`
`330`	`330`	`private import Impl<Config> as I`
`331`		`-import I`
`332`	`331`
`333`	`332`	`/**`
`334`	`333`	* A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
`@@ -379,6 +378,8 @@ class PathNode instanceof I::PathNode {`
`379`	`378`	`final predicate isSinkGroup(string group) { super.isSinkGroup(group) }`
`380`	`379`	`}`
`381`	`380`
	`381`	`+module PathGraph = I::PathGraph;`
	`382`	`+`
`382`	`383`	`private predicate hasFlow(Node source, Node sink, Configuration config) {`
`383`	`384`	`exists(PathNode source0, PathNode sink0 \|`
`384`	`385`	`hasFlowPath(source0, sink0, config) and`
`@@ -388,7 +389,7 @@ private predicate hasFlow(Node source, Node sink, Configuration config) {`
`388`	`389`	`}`
`389`	`390`
`390`	`391`	`private predicate hasFlowPath(PathNode source, PathNode sink, Configuration config) {`
`391`		`- flowPath(source, sink) and source.getConfiguration() = config`
	`392`	`+ I::flowPath(source, sink) and source.getConfiguration() = config`
`392`	`393`	`}`
`393`	`394`
`394`	`395`	`private predicate hasFlowTo(Node sink, Configuration config) { hasFlow(_, sink, config) }`