C++: remove unused predicates

Robert Marsh · Robert Marsh · commit 1576bcfa3f1a · 2020-02-04T12:08:03.000-08:00
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -172,7 +172,7 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {
     any(CallInstruction call |
       exists(int indexIn |
         modelTaintToReturnValue(call.getStaticCallTarget(), indexIn) and
-        i1 = DataFlow::getACallArgumentOrIndirection(call, indexIn)
+        i1 = getACallArgumentOrIndirection(call, indexIn)
       )
     )
   or
@@ -185,7 +185,7 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {
     any(WriteSideEffectInstruction outNode |
       exists(CallInstruction call, int indexIn, int indexOut |
         modelTaintToParameter(call.getStaticCallTarget(), indexIn, indexOut) and
-        i1 = DataFlow::getACallArgumentOrIndirection(call, indexIn) and
+        i1 = getACallArgumentOrIndirection(call, indexIn) and
         outNode.getIndex() = indexOut and
         outNode.getPrimaryInstruction() = call
       )
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -337,38 +337,6 @@ private predicate modelFlow(Instruction iFrom, Instruction iTo) {
   )
 }
 
-/**
- * Get an instruction that goes into argument `argumentIndex` of `call`. This
- * can be either directly or through one pointer indirection.
- */
-Instruction getACallArgumentOrIndirection(CallInstruction call, int argumentIndex) {
-  result = call.getPositionalArgument(argumentIndex)
-  or
-  exists(ReadSideEffectInstruction readSE |
-    // TODO: why are read side effect operands imprecise?
-    result = readSE.getSideEffectOperand().getAnyDef() and
-    readSE.getPrimaryInstruction() = call and
-    readSE.getIndex() = argumentIndex
-  )
-}
-
-private predicate modelFlowToParameter(Function f, int parameterIn, int parameterOut) {
-  exists(FunctionInput modelIn, FunctionOutput modelOut |
-    f.(DataFlowFunction).hasDataFlow(modelIn, modelOut) and
-    (modelIn.isParameter(parameterIn) or modelIn.isParameterDeref(parameterIn)) and
-    modelOut.isParameterDeref(parameterOut)
-  )
-}
-
-private predicate modelFlowToReturnValue(Function f, int parameterIn) {
-  // Data flow from parameter to return value
-  exists(FunctionInput modelIn, FunctionOutput modelOut |
-    f.(DataFlowFunction).hasDataFlow(modelIn, modelOut) and
-    (modelIn.isParameter(parameterIn) or modelIn.isParameterDeref(parameterIn)) and
-    (modelOut.isReturnValue() or modelOut.isReturnValueDeref())
-  )
-}
-
 /**
  * Holds if data flows from `source` to `sink` in zero or more local
  * (intra-procedural) steps.

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,7 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {`
`172`	`172`	`any(CallInstruction call \|`
`173`	`173`	`exists(int indexIn \|`
`174`	`174`	`modelTaintToReturnValue(call.getStaticCallTarget(), indexIn) and`
`175`		`- i1 = DataFlow::getACallArgumentOrIndirection(call, indexIn)`
	`175`	`+ i1 = getACallArgumentOrIndirection(call, indexIn)`
`176`	`176`	`)`
`177`	`177`	`)`
`178`	`178`	`or`
`@@ -185,7 +185,7 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {`
`185`	`185`	`any(WriteSideEffectInstruction outNode \|`
`186`	`186`	`exists(CallInstruction call, int indexIn, int indexOut \|`
`187`	`187`	`modelTaintToParameter(call.getStaticCallTarget(), indexIn, indexOut) and`
`188`		`- i1 = DataFlow::getACallArgumentOrIndirection(call, indexIn) and`
	`188`	`+ i1 = getACallArgumentOrIndirection(call, indexIn) and`
`189`	`189`	`outNode.getIndex() = indexOut and`
`190`	`190`	`outNode.getPrimaryInstruction() = call`
`191`	`191`	`)`