Merge master into next.

Author: adityasharad

change-notes/1.20/analysis-csharp.md

@@ -17,6 +17,8 @@
 
 ## Changes to code extraction
 
+* Initializers of `stackalloc` arrays are now extracted.
+
 ## Changes to QL libraries
 
 ## Changes to the autobuilder

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs

@@ -9,55 +9,35 @@ abstract class ArrayCreation<SyntaxNode> : Expression<SyntaxNode> where SyntaxNo
         protected ArrayCreation(ExpressionNodeInfo info) : base(info) { }
     }
 
-    class StackAllocArrayCreation : ArrayCreation<StackAllocArrayCreationExpressionSyntax>
+    abstract class ExplicitArrayCreation<SyntaxNode> : ArrayCreation<SyntaxNode> where SyntaxNode : ExpressionSyntax
     {
-        StackAllocArrayCreation(ExpressionNodeInfo info) : base(info.SetKind(ExprKind.ARRAY_CREATION)) { }
+        protected ExplicitArrayCreation(ExpressionNodeInfo info) : base(info.SetKind(ExprKind.ARRAY_CREATION)) { }
 
-        public static Expression Create(ExpressionNodeInfo info) => new StackAllocArrayCreation(info).TryPopulate();
+        protected abstract ArrayTypeSyntax TypeSyntax { get; }
+
+        public abstract InitializerExpressionSyntax  Initializer { get;  }
 
         protected override void Populate()
         {
-            var arrayType = Syntax.Type as ArrayTypeSyntax;
-
-            if (arrayType == null)
-            {
-                cx.ModelError(Syntax, "Unexpected array type");
-                return;
-            }
-
             var child = 0;
+            var explicitlySized = false;
 
-            foreach (var rank in arrayType.RankSpecifiers.SelectMany(rs => rs.Sizes))
+            if (TypeSyntax is null)
             {
-                Create(cx, rank, this, child++);
+                cx.ModelError(Syntax, "Array has unexpected type syntax");
             }
 
-            cx.Emit(Tuples.explicitly_sized_array_creation(this));
-        }
-    }
-
-    class ExplicitArrayCreation : ArrayCreation<ArrayCreationExpressionSyntax>
-    {
-        ExplicitArrayCreation(ExpressionNodeInfo info) : base(info.SetKind(ExprKind.ARRAY_CREATION)) { }
-
-        public static Expression Create(ExpressionNodeInfo info) => new ExplicitArrayCreation(info).TryPopulate();
-
-        protected override void Populate()
-        {
-            var child = 0;
-            bool explicitlySized = false;
-
-            foreach (var rank in Syntax.Type.RankSpecifiers.SelectMany(rs => rs.Sizes))
+            foreach (var rank in TypeSyntax.RankSpecifiers.SelectMany(rs => rs.Sizes))
             {
                 if (rank is OmittedArraySizeExpressionSyntax)
                 {
                     // Create an expression which simulates the explicit size of the array
 
-                    if (Syntax.Initializer != null)
+                    if (!(Initializer is null))
                     {
                         // An implicitly-sized array must have an initializer.
                         // Guard it just in case.
-                        var size = Syntax.Initializer.Expressions.Count;
+                        var size = Initializer.Expressions.Count;
 
                         var info = new ExpressionInfo(
                             cx,
@@ -79,16 +59,38 @@ protected override void Populate()
                 }
                 child++;
             }
-            if (Syntax.Initializer != null)
+            if (!(Initializer is null))
             {
-                ArrayInitializer.Create(new ExpressionNodeInfo(cx, Syntax.Initializer, this, -1));
+                ArrayInitializer.Create(new ExpressionNodeInfo(cx, Initializer, this, -1));
             }
 
             if (explicitlySized)
                 cx.Emit(Tuples.explicitly_sized_array_creation(this));
         }
     }
 
+    class NormalArrayCreation : ExplicitArrayCreation<ArrayCreationExpressionSyntax>
+    {
+        private NormalArrayCreation(ExpressionNodeInfo info) : base(info) { }
+
+        protected override ArrayTypeSyntax TypeSyntax => Syntax.Type;
+
+        public override InitializerExpressionSyntax Initializer => Syntax.Initializer;
+
+        public static Expression Create(ExpressionNodeInfo info) => new NormalArrayCreation(info).TryPopulate();
+    }
+
+    class StackAllocArrayCreation : ExplicitArrayCreation<StackAllocArrayCreationExpressionSyntax>
+    {
+        StackAllocArrayCreation(ExpressionNodeInfo info) : base(info) { }
+
+        protected override ArrayTypeSyntax TypeSyntax => Syntax.Type as ArrayTypeSyntax;
+
+        public override InitializerExpressionSyntax Initializer => Syntax.Initializer;
+
+        public static Expression Create(ExpressionNodeInfo info) => new StackAllocArrayCreation(info).TryPopulate();
+    }
+
     class ImplicitArrayCreation : ArrayCreation<ImplicitArrayCreationExpressionSyntax>
     {
         ImplicitArrayCreation(ExpressionNodeInfo info) : base(info.SetKind(ExprKind.ARRAY_CREATION)) { }

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs

@@ -86,7 +86,7 @@ internal static Expression Create(ExpressionNodeInfo info)
                         return ExplicitObjectCreation.Create(info);
 
                     case SyntaxKind.ArrayCreationExpression:
-                        return ExplicitArrayCreation.Create(info);
+                        return NormalArrayCreation.Create(info);
 
                     case SyntaxKind.ObjectInitializerExpression:
                         return ObjectInitializer.Create(info);

csharp/ql/test/library-tests/csharp7.3/ArrayCreations.expected

@@ -0,0 +1,6 @@
+| csharp73.cs:9:20:9:49 | array creation of type Char* | 0 | csharp73.cs:9:20:9:49 | 2 |
+| csharp73.cs:10:20:10:45 | array creation of type Char* | 0 | csharp73.cs:10:36:10:36 | 1 |
+| csharp73.cs:11:20:11:37 | array creation of type Char[] | 0 | csharp73.cs:11:20:11:37 | 1 |
+| csharp73.cs:12:20:12:38 | array creation of type Char* | 0 | csharp73.cs:12:36:12:37 | 10 |
+| csharp73.cs:13:20:13:31 | array creation of type Char[] | 0 | csharp73.cs:13:29:13:30 | 10 |
+| csharp73.cs:21:23:21:33 | array creation of type Int32[] | 0 | csharp73.cs:21:31:21:32 | 10 |

csharp/ql/test/library-tests/csharp7.3/ArrayCreations.ql

@@ -0,0 +1,4 @@
+import csharp
+
+from ArrayCreation creation, int i
+select creation, i, creation.getLengthArgument(i)

csharp/ql/test/library-tests/csharp7.3/ArrayElements.expected

@@ -0,0 +1,4 @@
+| csharp73.cs:9:20:9:49 | array creation of type Char* | 0 | csharp73.cs:9:40:9:42 | x |
+| csharp73.cs:9:20:9:49 | array creation of type Char* | 1 | csharp73.cs:9:45:9:47 | y |
+| csharp73.cs:10:20:10:45 | array creation of type Char* | 0 | csharp73.cs:10:41:10:43 | x |
+| csharp73.cs:11:20:11:37 | array creation of type Char[] | 0 | csharp73.cs:11:33:11:35 | x |

csharp/ql/test/library-tests/csharp7.3/ArrayElements.ql

@@ -0,0 +1,4 @@
+import csharp
+
+from ArrayCreation array, int i
+select array, i, array.getInitializer().getElement(i)

csharp/ql/test/library-tests/csharp7.3/csharp73.cs

@@ -0,0 +1,52 @@
+// semmle-extractor-options: /langversion:latest
+
+using System;
+
+class StackAllocs
+{
+    unsafe void Fn()
+    {
+        var arr1 = stackalloc char[] { 'x', 'y' };
+        var arr2 = stackalloc char[1] { 'x' };
+        var arr3 = new char[] { 'x' };
+        var arr4 = stackalloc char[10];
+        var arr5 = new char[10];
+    }
+}
+
+class PinnedReference
+{
+    unsafe void F()
+    {
+        Span<int> t = new int[10];
+        // This line should compile and generate a call to t.GetPinnableReference()
+        // fixed (int * p = t)
+        {
+        }
+    }
+}
+
+class UnmanagedConstraint<T> where T : unmanaged
+{
+}
+
+class EnumConstraint<T> where T : System.Enum
+{
+}
+
+class DelegateConstraint<T> where T : System.Delegate
+{
+}
+
+class ExpressionVariables
+{
+    ExpressionVariables(out int x)
+    {
+        x = 5;
+    }
+
+    public ExpressionVariables() : this(out int x)
+    {
+        Console.WriteLine($"x is {x}");
+    }
+}

javascript/ql/src/Statements/UselessConditional.ql

@@ -109,15 +109,26 @@ predicate whitelist(Expr e) {
 
 /**
  * Holds if `e` is part of a conditional node `cond` that evaluates
- * `e` and checks its value for truthiness.
+ * `e` and checks its value for truthiness, and the return value of `e`
+ * is not used for anything other than this truthiness check.
  */
-predicate isConditional(ASTNode cond, Expr e) {
+predicate isExplicitConditional(ASTNode cond, Expr e) {
   e = cond.(IfStmt).getCondition() or
   e = cond.(LoopStmt).getTest() or
   e = cond.(ConditionalExpr).getCondition() or
-  e = cond.(LogicalBinaryExpr).getLeftOperand() or
-  // Include `z` in `if (x && z)`.
-  isConditional(_, cond) and e = cond.(Expr).getUnderlyingValue().(LogicalBinaryExpr).getRightOperand()
+  isExplicitConditional(_, cond) and e = cond.(Expr).getUnderlyingValue().(LogicalBinaryExpr).getAnOperand()
+}
+
+/**
+ * Holds if `e` is part of a conditional node `cond` that evaluates
+ * `e` and checks its value for truthiness.
+ *
+ * The return value of `e` may have other uses besides the truthiness check,
+ * but if the truthiness check always goes one way, it still indicates an error.
+ */
+predicate isConditional(ASTNode cond, Expr e) {
+  isExplicitConditional(cond, e) or
+  e = cond.(LogicalBinaryExpr).getLeftOperand()
 }
 
 from ASTNode cond, DataFlow::AnalyzedNode op, boolean cv, ASTNode sel, string msg

javascript/ql/src/semmle/javascript/dataflow/Configuration.qll

@@ -687,6 +687,7 @@ private predicate flowsTo(PathNode flowsource, DataFlow::Node source,
  * Holds if `nd` is reachable from a source under `cfg` along a path summarized by
  * `summary`.
  */
+pragma[nomagic]
 private predicate reachableFromSource(DataFlow::Node nd, DataFlow::Configuration cfg,
                                       PathSummary summary) {
   exists (FlowLabel lbl |