Java/SSA: Keep proper distinction between cached stages.

aschackmull · aschackmull · commit d5d0274ce799 · 2025-03-25T13:43:55.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
@@ -1007,7 +1007,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI
     }
   }
 
-  predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
+  predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
     guard.(IRGuards::IRGuardCondition).controls(bb, branch)
   }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
@@ -1062,7 +1062,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
   }
 
   /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
-  predicate guardControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) {
+  predicate guardDirectlyControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) {
     exists(ConditionBlock conditionBlock, ControlFlow::SuccessorTypes::ConditionalSuccessor s |
       guard.getAControlFlowNode() = conditionBlock.getLastNode() and
       s.getValue() = branch and
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll
@@ -680,6 +680,11 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
     }
   }
 
+  /** Holds if the guard `guard` directly controls block `bb` upon evaluating to `branch`. */
+  predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch) {
+    guard.directlyControls(bb, branch)
+  }
+
   /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
   predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch) {
     guard.controls(bb, branch)
diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/Ssa.qll
@@ -97,7 +97,7 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig {
   }
 
   pragma[inline]
-  predicate guardControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) {
+  predicate guardDirectlyControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) {
     exists(js::ConditionGuardNode g |
       g.getTest() = guard and
       g.dominates(bb) and
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImpl.qll
@@ -503,7 +503,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
   }
 
   /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
-  predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
+  predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
     Guards::guardControlsBlock(guard, bb, branch)
   }
 }
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll
@@ -377,7 +377,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
   }
 
   /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
-  predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
+  predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
     exists(ConditionBasicBlock conditionBlock, ConditionalSuccessor s |
       guard = conditionBlock.getLastNode() and
       s.getValue() = branch and
diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll
@@ -1493,8 +1493,13 @@ module Make<LocationSig Location, InputSig<Location> Input> {
       predicate controlsBranchEdge(BasicBlock bb1, BasicBlock bb2, boolean branch);
     }
 
+    /** Holds if `guard` directly controls block `bb` upon evaluating to `branch`. */
+    predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch);
+
     /** Holds if `guard` controls block `bb` upon evaluating to `branch`. */
-    predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch);
+    default predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch) {
+      guardDirectlyControlsBlock(guard, bb, branch)
+    }
 
     /**
      * Holds if `WriteDefinition`s should be included as an intermediate node
@@ -1578,8 +1583,8 @@ module Make<LocationSig Location, InputSig<Location> Input> {
             phi.getSourceVariable()) and
           prev != input and
           exists(DfInput::Guard g, boolean branch |
-            DfInput::guardControlsBlock(g, input, branch) and
-            not DfInput::guardControlsBlock(g, prev, branch)
+            DfInput::guardDirectlyControlsBlock(g, input, branch) and
+            not DfInput::guardDirectlyControlsBlock(g, prev, branch)
           )
         )
       )

Original file line number	Diff line number	Diff line change
`@@ -1007,7 +1007,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI`
`1007`	`1007`	`}`
`1008`	`1008`	`}`
`1009`	`1009`
`1010`		`- predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {`
	`1010`	`+ predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {`
`1011`	`1011`	`guard.(IRGuards::IRGuardCondition).controls(bb, branch)`
`1012`	`1012`	`}`
`1013`	`1013`
Original file line number	Diff line number	Diff line change
`@@ -1062,7 +1062,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu`
`1062`	`1062`	`}`
`1063`	`1063`
`1064`	`1064`	/** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
`1065`		`- predicate guardControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) {`
	`1065`	`+ predicate guardDirectlyControlsBlock(Guard guard, ControlFlow::BasicBlock bb, boolean branch) {`
`1066`	`1066`	`exists(ConditionBlock conditionBlock, ControlFlow::SuccessorTypes::ConditionalSuccessor s \|`
`1067`	`1067`	`guard.getAControlFlowNode() = conditionBlock.getLastNode() and`
`1068`	`1068`	`s.getValue() = branch and`
Original file line number	Diff line number	Diff line change
`@@ -680,6 +680,11 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu`
`680`	`680`	`}`
`681`	`681`	`}`
`682`	`682`
	`683`	+ /** Holds if the guard `guard` directly controls block `bb` upon evaluating to `branch`. */
	`684`	`+ predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch) {`
	`685`	`+ guard.directlyControls(bb, branch)`
	`686`	`+ }`
	`687`	`+`
`683`	`688`	/** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
`684`	`689`	`predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch) {`
`685`	`690`	`guard.controls(bb, branch)`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ module SsaDataflowInput implements DataFlowIntegrationInputSig {`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`pragma[inline]`
`100`		`- predicate guardControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) {`
	`100`	`+ predicate guardDirectlyControlsBlock(Guard guard, js::BasicBlock bb, boolean branch) {`
`101`	`101`	`exists(js::ConditionGuardNode g \|`
`102`	`102`	`g.getTest() = guard and`
`103`	`103`	`g.dominates(bb) and`
Original file line number	Diff line number	Diff line change
`@@ -503,7 +503,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu`
`503`	`503`	`}`
`504`	`504`
`505`	`505`	/** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
`506`		`- predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {`
	`506`	`+ predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {`
`507`	`507`	`Guards::guardControlsBlock(guard, bb, branch)`
`508`	`508`	`}`
`509`	`509`	`}`
Original file line number	Diff line number	Diff line change
`@@ -377,7 +377,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu`
`377`	`377`	`}`
`378`	`378`
`379`	`379`	/** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
`380`		`- predicate guardControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {`
	`380`	`+ predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {`
`381`	`381`	`exists(ConditionBasicBlock conditionBlock, ConditionalSuccessor s \|`
`382`	`382`	`guard = conditionBlock.getLastNode() and`
`383`	`383`	`s.getValue() = branch and`
Original file line number	Diff line number	Diff line change
`@@ -1493,8 +1493,13 @@ module Make<LocationSig Location, InputSig<Location> Input> {`
`1493`	`1493`	`predicate controlsBranchEdge(BasicBlock bb1, BasicBlock bb2, boolean branch);`
`1494`	`1494`	`}`
`1495`	`1495`
	`1496`	+ /** Holds if `guard` directly controls block `bb` upon evaluating to `branch`. */
	`1497`	`+ predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch);`
	`1498`	`+`
`1496`	`1499`	/** Holds if `guard` controls block `bb` upon evaluating to `branch`. */
`1497`		`- predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch);`
	`1500`	`+ default predicate guardControlsBlock(Guard guard, BasicBlock bb, boolean branch) {`
	`1501`	`+ guardDirectlyControlsBlock(guard, bb, branch)`
	`1502`	`+ }`
`1498`	`1503`
`1499`	`1504`	`/**`
`1500`	`1505`	* Holds if `WriteDefinition`s should be included as an intermediate node
`@@ -1578,8 +1583,8 @@ module Make<LocationSig Location, InputSig<Location> Input> {`
`1578`	`1583`	`phi.getSourceVariable()) and`
`1579`	`1584`	`prev != input and`
`1580`	`1585`	`exists(DfInput::Guard g, boolean branch \|`
`1581`		`- DfInput::guardControlsBlock(g, input, branch) and`
`1582`		`- not DfInput::guardControlsBlock(g, prev, branch)`
	`1586`	`+ DfInput::guardDirectlyControlsBlock(g, input, branch) and`
	`1587`	`+ not DfInput::guardDirectlyControlsBlock(g, prev, branch)`
`1583`	`1588`	`)`
`1584`	`1589`	`)`
`1585`	`1590`	`)`