C#: Instantiate shared Guards and shared ControlFlowReachability and replace nullness #20558
Conversation
aschackmull
force-pushed
the
csharp/guards3
branch
from
6dd6d90 to
475d584
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| private module ControlFlowInput implements | ||
| InputSig<Location, ControlFlow::Node, ControlFlow::BasicBlock> | ||
| { | ||
| private import csharp as CS |
Check warning
Code scanning / CodeQL
Names only differing by case Warning
| private module GuardsInput implements | ||
| SharedGuards::InputSig<Location, ControlFlow::Node, ControlFlow::BasicBlock> | ||
| { | ||
| private import csharp as CS |
Check warning
Code scanning / CodeQL
Names only differing by case Warning
aschackmull
force-pushed
the
csharp/guards3
branch
4 times, most recently
from
366f0b0 to
2372a9c
Compare
aschackmull
force-pushed
the
csharp/guards3
branch
from
2372a9c to
613c789
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR instantiates the shared Guards and ControlFlowReachability libraries for C# and introduces a new shared constant condition query, along with several related changes:
- Instantiates shared Guards library for C# and removes 3 splitting categories that are incompatible
- Instantiates shared ControlFlowReachability library and uses it to re-implement nullness analysis
- Introduces new shared ConstantCondition query to replace functionality lost from removed splitting
Reviewed Changes
Copilot reviewed 65 out of 70 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| shared/controlflow/codeql/controlflow/queries/ConstantCondition.qll | New shared query library for detecting constant conditions |
| shared/controlflow/codeql/controlflow/Guards.qll | Updates to boolean value handling and trivial guard filtering |
| shared/controlflow/codeql/controlflow/ControlFlow.qll | Minor method name change from getAPhiInput to getAnInput |
| shared/controlflow/codeql/controlflow/Cfg.qll | Adds NormalExitNode class definition |
| java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll | Adds getAnInput method for compatibility |
| java/ql/lib/semmle/code/java/dataflow/SSA.qll | Adds getAnInput method for compatibility |
| Multiple test .expected files | Updates to test expectations reflecting improved precision and new query results |
| csharp/ql/test/query-tests/Nullness/E.cs | Test file updates showing improved null analysis precision |
| csharp/ql/test/query-tests/Nullness/D.cs | Test file updates showing improved null analysis precision |
| csharp/ql/test/library-tests/dataflow/ssa/Splitting.cs | Removed file - splitting functionality no longer used |
Comments suppressed due to low confidence (3)
hvitved
left a comment
hvitved
left a comment
There was a problem hiding this comment.
Looks really great, thanks a lot for taking on the task of sharing this code.
...ery-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected
Show resolved
Hide resolved
|
DCA reports a relative significant slowdown on |
I have not, I'll take a look. |
|
I have found and fixed the join-order problem in I've kicked off another dca run. |
2 participants
This PR contains several changes that have been bunched together by necessity - commit-by-commit review is encouraged!
The shared Guards library is instantiated for C#. This is somewhat incompatible with splitting, so 3 categories of splitting are removed. This has some minor impact on a few queries, including actually some precision improvements (see #20430 and its corresponding dca run for an isolated measurement of the impact of disabling these 3 categories of splitting (and disregard the changes to
cs/call-to-object-tostring- they have been addressed in a separate bugfix)). Beyond the misc. minor query impact of removing these splitting categories, we see major precision reduction incs/constant-condition(lost TPs) andcs/dereferenced-value-may-be-null(gained FPs). These regressions are therefore addressed in this PR.The shared ControlFlowReachability library is instantiated and used to re-implement
cs/dereferenced-value-may-be-null. This yields a massive precision improvement with lots of FPs removed; we also appear to gain some new TPs. Spot-checking indicates that these changes are almost exclusively improvements.A new shared query is introduced to cover the gap in
cs/constant-condition, which covers the results lost from lack of splitting and much more - i.e. we get a lot more results. The C#-specific instantiation adds several exclusions to reduce FPs. Spot-checking appears to indicate generally good results, but there's certainly still a number of FPs, and I have not done any formal measurements of FP rates.One thing that's explicitly excluded in this PR is the replacement of the existing Guards library with the new one - for now the two libraries live side-by-side. This cleanup is left as follow-up work.
(note: some intermediate commits contain temporary comparison predicates, which I've found useful to leave in the commit-history during development)