Merge pull request #334 from aschackmull/java/autoformat-rangeanalysis

Approved by yh-semmle

Author: semmle-qlci

java/ql/src/semmle/code/java/dataflow/Bound.qll

@@ -5,19 +5,23 @@ private import RangeUtils
 private newtype TBound =
   TBoundZero() or
   TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
-  TBoundExpr(Expr e) { e.(FieldRead).getField() instanceof ArrayLengthField and not exists(SsaVariable v | e = v.getAUse()) }
+  TBoundExpr(Expr e) {
+    e.(FieldRead).getField() instanceof ArrayLengthField and
+    not exists(SsaVariable v | e = v.getAUse())
+  }
 
 /**
  * A bound that may be inferred for an expression plus/minus an integer delta.
  */
 abstract class Bound extends TBound {
   abstract string toString();
+
   /** Gets an expression that equals this bound plus `delta`. */
   abstract Expr getExpr(int delta);
+
   /** Gets an expression that equals this bound. */
-  Expr getExpr() {
-    result = getExpr(0)
-  }
+  Expr getExpr() { result = getExpr(0) }
+
   predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
     path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
   }
@@ -29,6 +33,7 @@ abstract class Bound extends TBound {
  */
 class ZeroBound extends Bound, TBoundZero {
   override string toString() { result = "0" }
+
   override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
 }
 
@@ -38,8 +43,11 @@ class ZeroBound extends Bound, TBoundZero {
 class SsaBound extends Bound, TBoundSsa {
   /** Gets the SSA variable that equals this bound. */
   SsaVariable getSsa() { this = TBoundSsa(result) }
+
   override string toString() { result = getSsa().toString() }
+
   override Expr getExpr(int delta) { result = getSsa().getAUse() and delta = 0 }
+
   override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
     getSsa().getLocation().hasLocationInfo(path, sl, sc, el, ec)
   }
@@ -51,7 +59,9 @@ class SsaBound extends Bound, TBoundSsa {
  */
 class ExprBound extends Bound, TBoundExpr {
   override string toString() { result = getExpr().toString() }
+
   override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
+
   override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
     getExpr().hasLocationInfo(path, sl, sc, el, ec)
   }

java/ql/src/semmle/code/java/dataflow/ModulusAnalysis.qll

@@ -32,7 +32,8 @@ private predicate nonConstAddition(Expr add, Expr larg, Expr rarg) {
     exists(AddExpr a | a = add |
       larg = a.getLeftOperand() and
       rarg = a.getRightOperand()
-    ) or
+    )
+    or
     exists(AssignAddExpr a | a = add |
       larg = a.getDest() and
       rarg = a.getRhs()
@@ -51,7 +52,8 @@ private predicate nonConstSubtraction(Expr sub, Expr larg, Expr rarg) {
     exists(SubExpr s | s = sub |
       larg = s.getLeftOperand() and
       rarg = s.getRightOperand()
-    ) or
+    )
+    or
     exists(AssignSubExpr s | s = sub |
       larg = s.getDest() and
       rarg = s.getRhs()
@@ -67,12 +69,14 @@ private Expr modExpr(Expr arg, int mod) {
     arg = rem.getLeftOperand() and
     rem.getRightOperand().(CompileTimeConstantExpr).getIntValue() = mod and
     mod >= 2
-  ) or
+  )
+  or
   exists(CompileTimeConstantExpr c |
-    mod = 2.pow([1..30]) and
+    mod = 2.pow([1 .. 30]) and
     c.getIntValue() = mod - 1 and
     result.(AndBitwiseExpr).hasOperands(arg, c)
-  ) or
+  )
+  or
   result.(ParExpr).getExpr() = modExpr(arg, mod)
 }
 
@@ -88,7 +92,9 @@ private Guard moduloCheck(SsaVariable v, int val, int mod, boolean testIsTrue) {
     (
       testIsTrue = polarity and val = r
       or
-      testIsTrue = polarity.booleanNot() and mod = 2 and val = 1 - r and
+      testIsTrue = polarity.booleanNot() and
+      mod = 2 and
+      val = 1 - r and
       (r = 0 or r = 1)
     )
   )
@@ -109,17 +115,22 @@ private predicate moduloGuardedRead(SsaVariable v, SsaReadPosition pos, int val,
 bindingset[mask]
 private predicate andmaskFactor(int mask, int factor) {
   mask % factor = 0 and
-  factor = 2.pow([1..30])
+  factor = 2.pow([1 .. 30])
 }
 
 /** Holds if `e` is evenly divisible by `factor`. */
 private predicate evenlyDivisibleExpr(Expr e, int factor) {
   exists(ConstantIntegerExpr c, int k | k = c.getIntValue() |
-    e.(MulExpr).getAnOperand() = c and factor = k.abs() and factor >= 2 or
-    e.(AssignMulExpr).getSource() = c and factor = k.abs() and factor >= 2 or
-    e.(LShiftExpr).getRightOperand() = c and factor = 2.pow(k) and k > 0 or
-    e.(AssignLShiftExpr).getRhs() = c and factor = 2.pow(k) and k > 0 or
-    e.(AndBitwiseExpr).getAnOperand() = c and factor = max(int f | andmaskFactor(k, f)) or
+    e.(MulExpr).getAnOperand() = c and factor = k.abs() and factor >= 2
+    or
+    e.(AssignMulExpr).getSource() = c and factor = k.abs() and factor >= 2
+    or
+    e.(LShiftExpr).getRightOperand() = c and factor = 2.pow(k) and k > 0
+    or
+    e.(AssignLShiftExpr).getRhs() = c and factor = 2.pow(k) and k > 0
+    or
+    e.(AndBitwiseExpr).getAnOperand() = c and factor = max(int f | andmaskFactor(k, f))
+    or
     e.(AssignAndExpr).getSource() = c and factor = max(int f | andmaskFactor(k, f))
   )
 }
@@ -134,9 +145,17 @@ private int getId(BasicBlock bb) { idOf(bb, result) }
  * Holds if `inp` is an input to `phi` along `edge` and this input has index `r`
  * in an arbitrary 1-based numbering of the input edges to `phi`.
  */
-private predicate rankedPhiInput(SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge, int r) {
+private predicate rankedPhiInput(
+  SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge, int r
+) {
   edge.phiInput(phi, inp) and
-  edge = rank[r](SsaReadPositionPhiInputEdge e | e.phiInput(phi, _) | e order by getId(e.getOrigBlock()))
+  edge = rank[r](SsaReadPositionPhiInputEdge e |
+      e.phiInput(phi, _)
+    |
+      e
+      order by
+        getId(e.getOrigBlock())
+    )
 }
 
 /**
@@ -154,9 +173,11 @@ private int gcdLim() { result = 128 }
  */
 private int gcd(int x, int y) {
   result != 1 and
-  result = x.abs() and y = 0 and x in [-gcdLim()..gcdLim()]
+  result = x.abs() and
+  y = 0 and
+  x in [-gcdLim() .. gcdLim()]
   or
-  result = gcd(y, x % y) and y != 0 and x in [-gcdLim()..gcdLim()]
+  result = gcd(y, x % y) and y != 0 and x in [-gcdLim() .. gcdLim()]
 }
 
 /**
@@ -167,14 +188,17 @@ private int gcd(int x, int y) {
  */
 bindingset[val, mod]
 private int remainder(int val, int mod) {
-  mod = 0 and result = val or
+  mod = 0 and result = val
+  or
   mod > 1 and result = ((val % mod) + mod) % mod
 }
 
 /**
  * Holds if `inp` is an input to `phi` and equals `phi` modulo `mod` along `edge`.
  */
-private predicate phiSelfModulus(SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge, int mod) {
+private predicate phiSelfModulus(
+  SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge, int mod
+) {
   exists(SsaBound phibound, int v, int m |
     edge.phiInput(phi, inp) and
     phibound.getSsa() = phi and
@@ -204,7 +228,7 @@ private predicate phiModulusRankStep(SsaPhiNode phi, Bound b, int val, int mod,
   exists(SsaVariable inp, SsaReadPositionPhiInputEdge edge, int v1, int m1 |
     mod != 1 and
     val = remainder(v1, mod)
-    |
+  |
     exists(int v2, int m2 |
       rankedPhiInput(phi, inp, edge, rix) and
       phiModulusRankStep(phi, b, v1, m1, rix - 1) and
@@ -257,36 +281,43 @@ private predicate ssaModulus(SsaVariable v, SsaReadPosition pos, Bound b, int va
  */
 cached
 predicate exprModulus(Expr e, Bound b, int val, int mod) {
-  e = b.getExpr(val) and mod = 0 or
-  evenlyDivisibleExpr(e, mod) and val = 0 and b instanceof ZeroBound or
+  e = b.getExpr(val) and mod = 0
+  or
+  evenlyDivisibleExpr(e, mod) and val = 0 and b instanceof ZeroBound
+  or
   exists(SsaVariable v, SsaReadPositionBlock bb |
     ssaModulus(v, bb, b, val, mod) and
     e = v.getAUse() and
     bb.getBlock() = e.getBasicBlock()
-  ) or
+  )
+  or
   exists(Expr mid, int val0, int delta |
     exprModulus(mid, b, val0, mod) and
     valueFlowStep(e, mid, delta) and
     val = remainder(val0 + delta, mod)
-  ) or
+  )
+  or
   exists(ConditionalExpr cond, int v1, int v2, int m1, int m2 |
     cond = e and
     condExprBranchModulus(cond, true, b, v1, m1) and
     condExprBranchModulus(cond, false, b, v2, m2) and
     mod = gcd(gcd(m1, m2), v1 - v2) and
     mod != 1 and
     val = remainder(v1, mod)
-  ) or
+  )
+  or
   exists(Bound b1, Bound b2, int v1, int v2, int m1, int m2 |
     addModulus(e, true, b1, v1, m1) and
     addModulus(e, false, b2, v2, m2) and
     mod = gcd(m1, m2) and
     mod != 1 and
     val = remainder(v1 + v2, mod)
-    |
-    b = b1 and b2 instanceof ZeroBound or
+  |
+    b = b1 and b2 instanceof ZeroBound
+    or
     b = b2 and b1 instanceof ZeroBound
-  ) or
+  )
+  or
   exists(int v1, int v2, int m1, int m2 |
     subModulus(e, true, b, v1, m1) and
     subModulus(e, false, any(ZeroBound zb), v2, m2) and
@@ -296,25 +327,24 @@ predicate exprModulus(Expr e, Bound b, int val, int mod) {
   )
 }
 
-private predicate condExprBranchModulus(ConditionalExpr cond, boolean branch, Bound b, int val, int mod) {
-  exprModulus(cond.getTrueExpr(), b, val, mod) and branch = true or
+private predicate condExprBranchModulus(
+  ConditionalExpr cond, boolean branch, Bound b, int val, int mod
+) {
+  exprModulus(cond.getTrueExpr(), b, val, mod) and branch = true
+  or
   exprModulus(cond.getFalseExpr(), b, val, mod) and branch = false
 }
 
 private predicate addModulus(Expr add, boolean isLeft, Bound b, int val, int mod) {
-  exists(Expr larg, Expr rarg |
-    nonConstAddition(add, larg, rarg)
-  |
+  exists(Expr larg, Expr rarg | nonConstAddition(add, larg, rarg) |
     exprModulus(larg, b, val, mod) and isLeft = true
     or
     exprModulus(rarg, b, val, mod) and isLeft = false
   )
 }
 
 private predicate subModulus(Expr sub, boolean isLeft, Bound b, int val, int mod) {
-  exists(Expr larg, Expr rarg |
-    nonConstSubtraction(sub, larg, rarg)
-  |
+  exists(Expr larg, Expr rarg | nonConstSubtraction(sub, larg, rarg) |
     exprModulus(larg, b, val, mod) and isLeft = true
     or
     exprModulus(rarg, b, val, mod) and isLeft = false