Java: StringLiteral and CharacterLiteral `getValue()` replaces unpaired surrogates with `?`

[Marcono1234]

Version

CodeQL CLI version: 2.6.0

Description of the issue

Slightly related to #5297

The predicate getValue() of CodeQL's StringLiteral and CharacterLiteral seems to replace unpaired Unicode surrogates (U+D800 - U+DBFF and U+DC00 - U+DFFF) with the character ?.
This is not a display problem in the Query Console or the VS Code extension; the database really seems to contain a ? as value.

This can lead to incorrect results for queries since the value reported by CodeQL does not match what the source code contains.

Reproduction steps

Run the following query:

import java

from StringLiteral s, string literal, string value
where
  literal = s.getLiteral()
  and value = s.getValue()
  // Value contains '?'
  and value.matches("%?%")
  // But literal does not contain '?'; neither literally nor escaped
  and not literal.matches(["%?%", "%\\u77%", "%\\u077%", "%\\u003f%", "%\\u003F%"])
select s, value

Query Console link

Workaround

A workaround might be to use getLiteral() which contains the Unicode escape sequences for the surrogate characters. However, then you have to manually parse escape sequences which is rather error-prone.

[smowton]

Looks like this happens because the database TRAP format uses UTF-8, and the default action for encoding malformed UTF-16 to UTF-8 is to replace unpaired surrogates with ?. We could possibly use WTF-8 (UTF-8 + treating unpaired surrogates as if they were ordinary characters) which would preserve more information.

[smowton]

We could also use U+FFFD instead of ? which would at least be less likely to surprise people

[Marcono1234]

TRAP format uses UTF-8, and the default action for encoding malformed UTF-16 to UTF-8 is to replace unpaired surrogates with ?

I was afraid that something similar to this is the reason.

Despite usage of WTF-8 sounding like a pretty tempting solution I guess it might become a maintenance issue (making TRAP format more difficult to use by other languages, little WTF-8 support, encoders not as performant as UTF-8?). So maybe your suggestion of using a different replacement character would be the best solution.
And maybe for Java (though it probably affects the other scanned languages as well) the documentation for StringLiteral and CharacterLiteral could mention this.

[smowton]

Java and Javascript now both use U+FFFD for this purpose, which was already the approach taken for C++, C# and Python.

[Marcono1234]

Thanks! Should this be documented for StringLiteral and CharacterLiteral (maybe also for JavadocText), or do you think text containing unpaired surrogates is too rare?

Edit: For StringLiteral have added this as part of #7004, for CharacterLiteral as part of #6614.