From ca8fe033d756104a47481cb0ba250c8cd6d35da9 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 18 Jul 2025 16:12:00 +0200 Subject: [PATCH 1/2] Java: Improve join by preventing ssa use-pair join. --- .../Collections/ArrayIndexOutOfBounds.ql | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql b/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql index ecd83e39719b..845aae01a3e8 100644 --- a/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +++ b/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql @@ -18,6 +18,15 @@ import semmle.code.java.dataflow.SSA import semmle.code.java.dataflow.RangeUtils import semmle.code.java.dataflow.RangeAnalysis +pragma[nomagic] +predicate ssaArrayLengthBound(SsaVariable arr, Bound b) { + exists(FieldAccess len | + len.getField() instanceof ArrayLengthField and + len.getQualifier() = arr.getAUse() and + b.getExpr() = len + ) +} + /** * Holds if the index expression of `aa` is less than or equal to the array length plus `k`. */ @@ -27,12 +36,8 @@ predicate boundedArrayAccess(ArrayAccess aa, int k) { aa.getArray() = arr.getAUse() and bounded(index, b, delta, true, _) | - exists(FieldAccess len | - len.getField() instanceof ArrayLengthField and - len.getQualifier() = arr.getAUse() and - b.getExpr() = len and - k = delta - ) + ssaArrayLengthBound(arr, b) and + k = delta or exists(ArrayCreationExpr arraycreation | arraycreation = getArrayDef(arr) | k = delta and From 46ebf503c76521d9f717287ec878b53e72320250 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 18 Jul 2025 16:13:11 +0200 Subject: [PATCH 2/2] Java: Improve join-order by controlling magic and breaking up TCs. --- .../Statements/PartiallyMaskedCatch.ql | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql b/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql index eb5c2d380c65..b9a0229b60ff 100644 --- a/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql +++ b/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql @@ -15,14 +15,34 @@ import java +pragma[nomagic] +predicate mayThrow(Stmt s, RefType rt) { + s.(ThrowStmt).getExpr().getType() = rt + or + exists(Call call | + call.getEnclosingStmt() = s and + call.getCallee().getAnException().getType() = rt + ) +} + +pragma[nomagic] +predicate caughtBy(TryStmt try, Stmt s, RefType rt) { + mayThrow(s, rt) and + s.getEnclosingStmt+() = try.getBlock() and + caughtType(try, _).hasSubtype*(rt) +} + +pragma[nomagic] +predicate nestedTry(TryStmt outer, TryStmt inner) { inner.getEnclosingStmt+() = outer.getBlock() } + /** * Exceptions of type `rt` thrown from within statement `s` are caught by an inner try block * and are therefore not propagated to the outer try block `t`. */ private predicate caughtInside(TryStmt t, Stmt s, RefType rt) { - exists(TryStmt innerTry | innerTry.getEnclosingStmt+() = t.getBlock() | - s.getEnclosingStmt+() = innerTry.getBlock() and - caughtType(innerTry, _).hasSubtype*(rt) + exists(TryStmt innerTry | + nestedTry(t, innerTry) and + caughtBy(innerTry, s, rt) ) } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy