C#: Simplify the ConstantCondition query.

Author: aschackmull

csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql

@@ -41,7 +41,9 @@ module ConstCondInput implements ConstCond::InputSig<ControlFlow::BasicBlock> {
 module ConstCondImpl = ConstCond::Make<Location, Cfg, ConstCondInput>;
 
 predicate nullCheck(Expr e, boolean direct) {
-  exists(QualifiableExpr qe | qe.isConditional() and qe.getQualifier() = e and direct = true)
+  exists(QualifiableExpr qe | qe.isConditional() and direct = true |
+    qe.getQualifier() = e or qe.(ExtensionMethodCall).getArgument(0) = e
+  )
   or
   exists(NullCoalescingOperation nce | nce.getLeftOperand() = e and direct = true)
   or
@@ -108,72 +110,21 @@ class ConstantGuard extends ConstantCondition {
 class ConstantBooleanCondition extends ConstantCondition {
   boolean b;
 
-  ConstantBooleanCondition() { isConstantCondition(this, b) }
+  ConstantBooleanCondition() { isConstantComparison(this, b) }
 
   override string getMessage() { result = "Condition always evaluates to '" + b + "'." }
-
-  override predicate isWhiteListed() {
-    // E.g. `x ?? false`
-    this.(BoolLiteral) = any(NullCoalescingOperation nce).getRightOperand() or
-    // No need to flag logical operations when the operands are constant
-    isConstantCondition(this.(LogicalNotExpr).getOperand(), _) or
-    this =
-      any(LogicalAndExpr lae |
-        isConstantCondition(lae.getAnOperand(), false)
-        or
-        isConstantCondition(lae.getLeftOperand(), true) and
-        isConstantCondition(lae.getRightOperand(), true)
-      ) or
-    this =
-      any(LogicalOrExpr loe |
-        isConstantCondition(loe.getAnOperand(), true)
-        or
-        isConstantCondition(loe.getLeftOperand(), false) and
-        isConstantCondition(loe.getRightOperand(), false)
-      )
-  }
-}
-
-/** A constant condition in an `if` statement or a conditional expression. */
-class ConstantIfCondition extends ConstantBooleanCondition {
-  ConstantIfCondition() {
-    this = any(IfStmt is).getCondition().getAChildExpr*() or
-    this = any(ConditionalExpr ce).getCondition().getAChildExpr*()
-  }
-
-  override predicate isWhiteListed() {
-    ConstantBooleanCondition.super.isWhiteListed()
-    or
-    // It is a common pattern to use a local constant/constant field to control
-    // whether code parts must be executed or not
-    this instanceof AssignableRead and
-    not this instanceof ParameterRead
-  }
-}
-
-/** A constant loop condition. */
-class ConstantLoopCondition extends ConstantBooleanCondition {
-  ConstantLoopCondition() { this = any(LoopStmt ls).getCondition() }
-
-  override predicate isWhiteListed() {
-    // Clearly intentional infinite loops are allowed
-    this.(BoolLiteral).getBoolValue() = true
-  }
 }
 
 /** A constant nullness condition. */
 class ConstantNullnessCondition extends ConstantCondition {
   boolean b;
 
   ConstantNullnessCondition() {
-    forex(ControlFlow::Node cfn | cfn = this.getAControlFlowNode() |
-      exists(ControlFlow::NullnessSuccessor t, ControlFlow::Node s |
-        s = cfn.getASuccessorByType(t)
-      |
-        b = t.getValue() and
-        not s.isJoin()
-      ) and
-      strictcount(ControlFlow::SuccessorType t | exists(cfn.getASuccessorByType(t))) = 1
+    nullCheck(this, true) and
+    (
+      Guards::Internal::nullValueImplied(this) and b = true
+      or
+      Guards::Internal::nonNullValueImplied(this) and b = false
     )
   }
 
@@ -184,39 +135,6 @@ class ConstantNullnessCondition extends ConstantCondition {
   }
 }
 
-/** A constant matching condition. */
-class ConstantMatchingCondition extends ConstantCondition {
-  boolean b;
-
-  ConstantMatchingCondition() {
-    this instanceof Expr and
-    forex(ControlFlow::Node cfn | cfn = this.getAControlFlowNode() |
-      exists(ControlFlow::MatchingSuccessor t | exists(cfn.getASuccessorByType(t)) |
-        b = t.getValue()
-      ) and
-      strictcount(ControlFlow::SuccessorType t | exists(cfn.getASuccessorByType(t))) = 1
-    )
-  }
-
-  override predicate isWhiteListed() {
-    exists(Switch se, Case c, int i |
-      c = se.getCase(i) and
-      c.getPattern() = this.(DiscardExpr)
-    |
-      i > 0
-      or
-      i = 0 and
-      exists(Expr cond | c.getCondition() = cond and not isConstantCondition(cond, true))
-    )
-    or
-    this = any(PositionalPatternExpr ppe).getPattern(_)
-  }
-
-  override string getMessage() {
-    if b = true then result = "Pattern always matches." else result = "Pattern never matches."
-  }
-}
-
 from ConstantCondition c, string msg, Guards::Guards::Guard reason, string reasonMsg
 where
   msg = c.getMessage() and

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs

@@ -59,9 +59,9 @@ void M1()
     {
         switch (1 + 2)
         {
-            case 2: // $ Alert
+            case 2: // Missing Alert
                 break;
-            case 3: // $ Alert
+            case 3: // Missing Alert
                 break;
             case int _: // GOOD
                 break;
@@ -72,7 +72,7 @@ void M2(string s)
     {
         switch ((object)s)
         {
-            case int _: // $ Alert
+            case int _: // Missing Alert
                 break;
             case "": // GOOD
                 break;
@@ -92,7 +92,7 @@ string M4(object o)
     {
         return o switch
         {
-            _ => o.ToString() // $ Alert
+            _ => o.ToString() // GOOD, catch-all pattern is fine
         };
     }
 
@@ -138,7 +138,7 @@ string M9(int i)
     {
         switch (i)
         {
-            case var _: // $ Alert
+            case var _: // GOOD, catch-all pattern is fine
                 return "even";
         }
     }

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected

@@ -4,28 +4,18 @@
 | ConstantCondition.cs:47:17:47:18 | "" | Expression is never 'null'. | ConstantCondition.cs:47:17:47:18 | "" | dummy |
 | ConstantCondition.cs:48:13:48:19 | (...) ... | Expression is never 'null'. | ConstantCondition.cs:48:13:48:19 | (...) ... | dummy |
 | ConstantCondition.cs:49:13:49:14 | "" | Expression is never 'null'. | ConstantCondition.cs:49:13:49:14 | "" | dummy |
-| ConstantCondition.cs:62:18:62:18 | 2 | Pattern never matches. | ConstantCondition.cs:62:18:62:18 | 2 | dummy |
-| ConstantCondition.cs:64:18:64:18 | 3 | Pattern always matches. | ConstantCondition.cs:64:18:64:18 | 3 | dummy |
-| ConstantCondition.cs:75:18:75:20 | access to type Int32 | Pattern never matches. | ConstantCondition.cs:75:18:75:20 | access to type Int32 | dummy |
-| ConstantCondition.cs:95:13:95:13 | _ | Pattern always matches. | ConstantCondition.cs:95:13:95:13 | _ | dummy |
 | ConstantCondition.cs:114:13:114:14 | access to parameter b1 | Condition is always true because of $@. | ConstantCondition.cs:110:14:110:15 | access to parameter b1 | access to parameter b1 |
 | ConstantCondition.cs:114:19:114:20 | access to parameter b2 | Condition is always true because of $@. | ConstantCondition.cs:112:14:112:15 | access to parameter b2 | access to parameter b2 |
-| ConstantCondition.cs:141:22:141:22 | _ | Pattern always matches. | ConstantCondition.cs:141:22:141:22 | _ | dummy |
 | ConstantConditionBad.cs:5:16:5:20 | ... > ... | Condition always evaluates to 'false'. | ConstantConditionBad.cs:5:16:5:20 | ... > ... | dummy |
 | ConstantConditionalExpressionCondition.cs:11:22:11:34 | ... == ... | Condition always evaluates to 'true'. | ConstantConditionalExpressionCondition.cs:11:22:11:34 | ... == ... | dummy |
-| ConstantConditionalExpressionCondition.cs:12:21:12:25 | false | Condition always evaluates to 'false'. | ConstantConditionalExpressionCondition.cs:12:21:12:25 | false | dummy |
 | ConstantConditionalExpressionCondition.cs:13:21:13:30 | ... == ... | Condition always evaluates to 'true'. | ConstantConditionalExpressionCondition.cs:13:21:13:30 | ... == ... | dummy |
-| ConstantForCondition.cs:9:29:9:33 | false | Condition always evaluates to 'false'. | ConstantForCondition.cs:9:29:9:33 | false | dummy |
+| ConstantDoCondition.cs:15:22:15:34 | ... == ... | Condition always evaluates to 'true'. | ConstantDoCondition.cs:15:22:15:34 | ... == ... | dummy |
+| ConstantDoCondition.cs:32:22:32:31 | ... == ... | Condition always evaluates to 'true'. | ConstantDoCondition.cs:32:22:32:31 | ... == ... | dummy |
 | ConstantForCondition.cs:11:29:11:34 | ... == ... | Condition always evaluates to 'false'. | ConstantForCondition.cs:11:29:11:34 | ... == ... | dummy |
 | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. | ConstantIfCondition.cs:11:17:11:29 | ... == ... | dummy |
-| ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. | ConstantIfCondition.cs:14:17:14:21 | false | dummy |
 | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. | ConstantIfCondition.cs:17:17:17:26 | ... == ... | dummy |
-| ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. | ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | dummy |
-| ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | dummy |
-| ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | dummy |
-| ConstantIsNullOrEmpty.cs:54:21:54:45 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. | ConstantIsNullOrEmpty.cs:54:21:54:45 | call to method IsNullOrEmpty | dummy |
+| ConstantIfCondition.cs:35:20:35:25 | ... >= ... | Condition always evaluates to 'true'. | ConstantIfCondition.cs:35:20:35:25 | ... >= ... | dummy |
 | ConstantNullCoalescingLeftHandOperand.cs:11:24:11:34 | access to constant NULL_OBJECT | Expression is never 'null'. | ConstantNullCoalescingLeftHandOperand.cs:11:24:11:34 | access to constant NULL_OBJECT | dummy |
 | ConstantNullCoalescingLeftHandOperand.cs:12:24:12:27 | null | Expression is always 'null'. | ConstantNullCoalescingLeftHandOperand.cs:12:24:12:27 | null | dummy |
 | ConstantWhileCondition.cs:12:20:12:32 | ... == ... | Condition always evaluates to 'true'. | ConstantWhileCondition.cs:12:20:12:32 | ... == ... | dummy |
-| ConstantWhileCondition.cs:16:20:16:24 | false | Condition always evaluates to 'false'. | ConstantWhileCondition.cs:16:20:16:24 | false | dummy |
 | ConstantWhileCondition.cs:24:20:24:29 | ... == ... | Condition always evaluates to 'true'. | ConstantWhileCondition.cs:24:20:24:29 | ... == ... | dummy |

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionalExpressionCondition.cs

@@ -9,7 +9,7 @@ class Main
         public void Foo()
         {
             int i = (ZERO == 1 - 1) ? 0 : 1; // $ Alert
-            int j = false ? 0 : 1; // $ Alert
+            int j = false ? 0 : 1; // GOOD, literal false is likely intentional
             int k = " " == " " ? 0 : 1; // $ Alert
             int l = (" "[0] == ' ') ? 0 : 1; // Missing Alert
             int m = Bar() == 0 ? 0 : 1; // GOOD

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantDoCondition.cs

@@ -12,7 +12,7 @@ public void Foo()
             do
             {
                 break;
-            } while (ZERO == 1 - 1); // BAD
+            } while (ZERO == 1 - 1); // $ Alert
             do
             {
                 break;
@@ -29,7 +29,7 @@ public void Foo()
             do
             {
                 break;
-            } while (" " == " ");  // BAD
+            } while (" " == " ");  // $ Alert
             do
             {
                 break;

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantForCondition.cs

@@ -6,7 +6,7 @@ class Main
     {
         public void M()
         {
-            for (int i = 0; false; i++) // $ Alert
+            for (int i = 0; false; i++) // GOOD, literal false is likely intentional
                 ;
             for (int i = 0; 0 == 1; i++) // $ Alert
                 ;

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs

@@ -11,7 +11,7 @@ public void Foo()
             if (ZERO == 1 - 1) // $ Alert
             {
             }
-            if (false) // $ Alert
+            if (false) // GOOD
             {
             }
             if (" " == " ") // $ Alert
@@ -30,6 +30,11 @@ public int Bar()
             return ZERO;
         }
 
+        public void UnsignedCheck(byte n)
+        {
+            while (n >= 0) { n--; } // $ Alert
+        }
+
     }
 
 }

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIsNullOrEmpty.cs

@@ -7,7 +7,7 @@ internal class Program
         static void Main(string[] args)
         {
             {
-                if (string.IsNullOrEmpty(nameof(args))) // $ Alert
+                if (string.IsNullOrEmpty(nameof(args))) // Missing Alert (always false)
                 {
                 }
 
@@ -43,15 +43,15 @@ static void Main(string[] args)
                 {
                 }
 
-                if (string.IsNullOrEmpty(null)) // $ Alert
+                if (string.IsNullOrEmpty(null)) // Missing Alert
                 {
                 }
 
-                if (string.IsNullOrEmpty("")) // $ Alert
+                if (string.IsNullOrEmpty("")) // Missing Alert
                 {
                 }
 
-                if (string.IsNullOrEmpty(" ")) // $ Alert
+                if (string.IsNullOrEmpty(" ")) // Missing Alert
                 {
                 }
             }

csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantWhileCondition.cs

@@ -13,7 +13,7 @@ public void Foo()
             {
                 break;
             }
-            while (false) // $ Alert
+            while (false) // Silly, but likely intentional
             {
                 break;
             }

csharp/ql/test/query-tests/standalone/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.cs

@@ -12,7 +12,7 @@ class ConstantMatching
     void M1()
     {
         var c1 = new C1();
-        if (c1.Prop is int) // $ Alert
+        if (c1.Prop is int) // Descoped, no longer reported by the query.
         {
         }