Merge pull request #21599 from aschackmull/csharp/constantcondition-simplify

C#: Simplify the ConstantCondition query.

Author: aschackmull

csharp/ql/integration-tests/posix/query-suite/csharp-code-quality-extended.qls.expected

@@ -65,7 +65,6 @@ ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
 ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
-ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
 ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
 ql/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
 ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql

csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected

@@ -38,7 +38,6 @@ ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
 ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
-ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
 ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
 ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
 ql/csharp/ql/src/Likely Bugs/EqualsArray.ql

csharp/ql/integration-tests/posix/query-suite/csharp-security-and-quality.qls.expected

@@ -69,7 +69,6 @@ ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
 ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
-ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
 ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
 ql/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
 ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql

csharp/ql/lib/semmle/code/csharp/commons/Constants.qll

@@ -4,19 +4,6 @@ import csharp
 private import semmle.code.csharp.commons.ComparisonTest
 private import semmle.code.csharp.commons.StructuralComparison as StructuralComparison
 
-pragma[noinline]
-private predicate isConstantCondition0(ControlFlow::Node cfn, boolean b) {
-  exists(cfn.getASuccessorByType(any(ControlFlow::BooleanSuccessor t | t.getValue() = b))) and
-  strictcount(ControlFlow::SuccessorType t | exists(cfn.getASuccessorByType(t))) = 1
-}
-
-/**
- * Holds if `e` is a condition that always evaluates to Boolean value `b`.
- */
-predicate isConstantCondition(Expr e, boolean b) {
-  forex(ControlFlow::Node cfn | cfn = e.getAControlFlowNode() | isConstantCondition0(cfn, b))
-}
-
 /**
  * Holds if comparison operation `co` is constant with the Boolean value `b`.
  * For example, the comparison `x > x` is constantly `false` in

csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql

@@ -41,7 +41,9 @@ module ConstCondInput implements ConstCond::InputSig<ControlFlow::BasicBlock> {
 module ConstCondImpl = ConstCond::Make<Location, Cfg, ConstCondInput>;
 
 predicate nullCheck(Expr e, boolean direct) {
-  exists(QualifiableExpr qe | qe.isConditional() and qe.getQualifier() = e and direct = true)
+  exists(QualifiableExpr qe | qe.isConditional() and direct = true |
+    qe.getQualifier() = e or qe.(ExtensionMethodCall).getArgument(0) = e
+  )
   or
   exists(NullCoalescingOperation nce | nce.getLeftOperand() = e and direct = true)
   or
@@ -108,72 +110,38 @@ class ConstantGuard extends ConstantCondition {
 class ConstantBooleanCondition extends ConstantCondition {
   boolean b;
 
-  ConstantBooleanCondition() { isConstantCondition(this, b) }
+  ConstantBooleanCondition() { isConstantComparison(this, b) }
 
   override string getMessage() { result = "Condition always evaluates to '" + b + "'." }
-
-  override predicate isWhiteListed() {
-    // E.g. `x ?? false`
-    this.(BoolLiteral) = any(NullCoalescingOperation nce).getRightOperand() or
-    // No need to flag logical operations when the operands are constant
-    isConstantCondition(this.(LogicalNotExpr).getOperand(), _) or
-    this =
-      any(LogicalAndExpr lae |
-        isConstantCondition(lae.getAnOperand(), false)
-        or
-        isConstantCondition(lae.getLeftOperand(), true) and
-        isConstantCondition(lae.getRightOperand(), true)
-      ) or
-    this =
-      any(LogicalOrExpr loe |
-        isConstantCondition(loe.getAnOperand(), true)
-        or
-        isConstantCondition(loe.getLeftOperand(), false) and
-        isConstantCondition(loe.getRightOperand(), false)
-      )
-  }
 }
 
-/** A constant condition in an `if` statement or a conditional expression. */
-class ConstantIfCondition extends ConstantBooleanCondition {
-  ConstantIfCondition() {
-    this = any(IfStmt is).getCondition().getAChildExpr*() or
-    this = any(ConditionalExpr ce).getCondition().getAChildExpr*()
-  }
-
-  override predicate isWhiteListed() {
-    ConstantBooleanCondition.super.isWhiteListed()
-    or
-    // It is a common pattern to use a local constant/constant field to control
-    // whether code parts must be executed or not
-    this instanceof AssignableRead and
-    not this instanceof ParameterRead
-  }
-}
-
-/** A constant loop condition. */
-class ConstantLoopCondition extends ConstantBooleanCondition {
-  ConstantLoopCondition() { this = any(LoopStmt ls).getCondition() }
-
-  override predicate isWhiteListed() {
-    // Clearly intentional infinite loops are allowed
-    this.(BoolLiteral).getBoolValue() = true
-  }
+private Expr getQualifier(QualifiableExpr e) {
+  // `e.getQualifier()` does not work for calls to extension methods
+  result = e.getChildExpr(-1)
 }
 
 /** A constant nullness condition. */
 class ConstantNullnessCondition extends ConstantCondition {
   boolean b;
 
   ConstantNullnessCondition() {
-    forex(ControlFlow::Node cfn | cfn = this.getAControlFlowNode() |
-      exists(ControlFlow::NullnessSuccessor t, ControlFlow::Node s |
-        s = cfn.getASuccessorByType(t)
-      |
-        b = t.getValue() and
-        not s.isJoin()
-      ) and
-      strictcount(ControlFlow::SuccessorType t | exists(cfn.getASuccessorByType(t))) = 1
+    nullCheck(this, true) and
+    exists(Expr stripped | stripped = this.(Expr).stripCasts() |
+      stripped.getType() =
+        any(ValueType t |
+          not t instanceof NullableType and
+          // Extractor bug: the type of `x?.Length` is reported as `int`, but it should
+          // be `int?`
+          not getQualifier*(stripped).(QualifiableExpr).isConditional()
+        ) and
+      b = false
+      or
+      stripped instanceof NullLiteral and
+      b = true
+      or
+      stripped.hasValue() and
+      not stripped instanceof NullLiteral and
+      b = false
     )
   }
 
@@ -184,39 +152,6 @@ class ConstantNullnessCondition extends ConstantCondition {
   }
 }
 
-/** A constant matching condition. */
-class ConstantMatchingCondition extends ConstantCondition {
-  boolean b;
-
-  ConstantMatchingCondition() {
-    this instanceof Expr and
-    forex(ControlFlow::Node cfn | cfn = this.getAControlFlowNode() |
-      exists(ControlFlow::MatchingSuccessor t | exists(cfn.getASuccessorByType(t)) |
-        b = t.getValue()
-      ) and
-      strictcount(ControlFlow::SuccessorType t | exists(cfn.getASuccessorByType(t))) = 1
-    )
-  }
-
-  override predicate isWhiteListed() {
-    exists(Switch se, Case c, int i |
-      c = se.getCase(i) and
-      c.getPattern() = this.(DiscardExpr)
-    |
-      i > 0
-      or
-      i = 0 and
-      exists(Expr cond | c.getCondition() = cond and not isConstantCondition(cond, true))
-    )
-    or
-    this = any(PositionalPatternExpr ppe).getPattern(_)
-  }
-
-  override string getMessage() {
-    if b = true then result = "Pattern always matches." else result = "Pattern never matches."
-  }
-}
-
 from ConstantCondition c, string msg, Guards::Guards::Guard reason, string reasonMsg
 where
   msg = c.getMessage() and

csharp/ql/src/CSI/CompareIdenticalValues.ql

@@ -47,7 +47,6 @@ where
     not comparesIdenticalValuesNan(ct, _) and msg = "Comparison of identical values."
   ) and
   not isMutatingOperation(ct.getAnArgument().getAChild*()) and
-  not isConstantCondition(e, _) and // Avoid overlap with cs/constant-condition
-  not isConstantComparison(e, _) and // Avoid overlap with cs/constant-comparison
+  not isConstantComparison(e, _) and // Avoid overlap with cs/constant-condition
   not isExprInAssertion(e)
 select ct, msg

csharp/ql/src/Likely Bugs/ConstantComparison.cs

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* The `cs/constant-condition` query has been simplified. The query no longer reports trivially constant conditions as they were found to generally be intentional. As a result, it should now produce fewer false positives. Additionally, the simplification means that it now reports all the results that `cs/constant-comparison` used to report, and as consequence, that query has been deleted.