Java: Apply deadcode guard to data flow nodes.

Author: aschackmull

java/ql/lib/semmle/code/java/Constants.qll

@@ -17,6 +17,7 @@ signature int getIntValSig(Expr e);
  */
 module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal> {
   /** Gets the value of a constant boolean expression. */
+  pragma[assume_small_delta]
   boolean calculateBooleanValue(Expr e) {
     // No casts relevant to booleans.
     // `!` is the only unary operator that evaluates to a boolean.
@@ -98,6 +99,7 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
   }
 
   /** Gets the value of a constant integer expression. */
+  pragma[assume_small_delta]
   int calculateIntValue(Expr e) {
     exists(IntegralType t | e.getType() = t | t.getName().toLowerCase() != "long") and
     (

java/ql/lib/semmle/code/java/Expr.qll

@@ -131,6 +131,7 @@ private predicate primitiveOrString(Type t) {
  * See JLS v8, section 15.28 (Constant Expressions).
  */
 class CompileTimeConstantExpr extends Expr {
+  pragma[assume_small_delta]
   CompileTimeConstantExpr() {
     primitiveOrString(this.getType()) and
     (
@@ -180,6 +181,7 @@ class CompileTimeConstantExpr extends Expr {
   /**
    * Gets the string value of this expression, where possible.
    */
+  pragma[assume_small_delta]
   pragma[nomagic]
   string getStringValue() {
     result = this.(StringLiteral).getValue()
@@ -205,6 +207,8 @@ class CompileTimeConstantExpr extends Expr {
   /**
    * Gets the boolean value of this expression, where possible.
    */
+  pragma[assume_small_delta]
+  pragma[nomagic]
   boolean getBooleanValue() {
     // Literal value.
     result = this.(BooleanLiteral).getBooleanValue()

java/ql/lib/semmle/code/java/dataflow/SSA.qll

@@ -384,7 +384,7 @@ private module SsaImpl {
   private predicate intraInstanceCallEdge(Callable c1, Method m2) {
     exists(MethodAccess ma, RefType t1 |
       ma.getCaller() = c1 and
-      m2 = viableImpl(ma) and
+      m2 = viableImpl_v2(ma) and
       not m2.isStatic() and
       (
         not exists(ma.getQualifier()) or
@@ -402,7 +402,7 @@ private module SsaImpl {
   }
 
   private Callable tgt(Call c) {
-    result = viableImpl(c)
+    result = viableImpl_v2(c)
     or
     result = getRunnerTarget(c)
     or

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll

@@ -7,16 +7,26 @@ private import DataFlowPrivate
 private import DataFlowUtil
 private import FlowSummaryImpl as FlowSummaryImpl
 private import DataFlowImplCommon as DataFlowImplCommon
+private import semmle.code.java.controlflow.Guards
+private import semmle.code.java.dataflow.RangeUtils
 
 /** Gets a string for approximating the name of a field. */
 string approximateFieldContent(FieldContent fc) { result = fc.getField().getName().prefix(1) }
 
+private predicate deadcode(Expr e) {
+  exists(Guard g, boolean b |
+    g.(ConstantBooleanExpr).getBooleanValue() = b and
+    g.controls(e.getBasicBlock(), b.booleanNot())
+  )
+}
+
 cached
 private module Cached {
   cached
   newtype TNode =
     TExprNode(Expr e) {
       DataFlowImplCommon::forceCachingInSameStage() and
+      not deadcode(e) and
       not e.getType() instanceof VoidType and
       not e.getParent*() instanceof Annotation
     } or

java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll

@@ -34,7 +34,7 @@ private predicate runner(Method m, int n, Method runmethod) {
 private Expr getRunnerArgument(MethodAccess ma, Method runmethod) {
   exists(Method runner, int param |
     runner(runner, param, runmethod) and
-    viableImpl(ma) = runner and
+    viableImpl_v2(ma) = runner and
     result = ma.getArgument(param)
   )
   or