CodeQL library for Java/Kotlin
codeql/java-all 7.6.1-dev (changelog, source)
Index
Search

Module Guards

Provides classes and predicates for determining β€œguard-controls” relationships.

In their most general form, these relate a guard expression, a value, and a basic block, and state that execution of the basic block implies that control flow must have passed through the guard in order to reach the basic block, and when it did, the guard evaluated to the given value.

For example, in if (x == 0) { A }, the guard x == 0 evaluating to true controls the basic block A, in this case because the true branch dominates A, but more elaborate controls-relationships may also hold. For example, in

int sz = a != null ? a.length : 0;
if (sz != 0) {
  // this block is controlled by:
  // sz != 0   evaluating to true
  // sz        evaluating to not 0
  // a.length  evaluating to not 0
  // a != null evaluating to true
  // a         evaluating to not null
}

The provided predicates are separated into general β€œcontrols” predicates and β€œdirectly controls” predicates. The former use all possible implication logic as described above, whereas the latter only use control flow dominance of the corresponding conditional successor edges.

In some cases, a guard may have a successor edge that can be relevant for controlling the input to an SSA phi node, but does not dominate the preceding block. To support this, the hasBranchEdge and controlsBranchEdge predicates are provided, where the former only uses the control flow graph similar to the directlyControls predicate, and the latter uses the full implication logic.

All of these predicates are also available in the more general form that refers to GuardValues instead of booleans.

The implementation is nested in two parameterized modules intended to facilitate multiple instantiations of the nested module with different precision levels. For example, more implications are available if the result of Range Analysis is available, but Range Analysis depends on Guards. This allows an initial instantiation of the Logic module without Range Analysis that can be used as input to Range Analysis, and a second instantiation using the result of Range Analysis to provide a final and more complete controls relation.

Import path

import codeql.controlflow.Guards

Modules

Make

Provides guards-related predicates and classes.

Type signatures

TypSig

Module signatures

InputSig
SuccessorTypesSig