Skip to content

JS: recognize more conditionals in useless-conditional#404

Merged
semmle-qlci merged 2 commits into
github:masterfrom
asger-semmle:useless-conditional2
Nov 7, 2018
Merged

JS: recognize more conditionals in useless-conditional#404
semmle-qlci merged 2 commits into
github:masterfrom
asger-semmle:useless-conditional2

Conversation

@asger-semmle

Copy link
Copy Markdown
Contributor

Reimplements the following two improvements to Useless Conditional from #380:

  • It recognises loop conditions.
  • It recognises z in if (x && z) as a conditional. Previously only x and x && z were recognised.

Evaluation.

@asger-semmle asger-semmle requested a review from a team as a code owner November 5, 2018 11:24

@ghost ghost left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is an impressive amount of new alerts, well spotted!
I have one suggestion for additional alerts, but given the current PR pressure on the js/trivial-conditional query, we may want to wait with that.

e = cond.(LogOrExpr).getLeftOperand()
e = cond.(LogicalBinaryExpr).getLeftOperand() or
// Include `z` in `if (x && z)`.
isConditional(_, cond) and e = cond.(LogicalBinaryExpr).getRightOperand()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should squeeze this syntactic pattern a bit more: cond.getUnderlyingValue().(LogicalBinaryExpr).getRightOperand().

@xiemaisi xiemaisi left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one suggestion.

predicate isConditional(ASTNode cond, Expr e) {
e = cond.(IfStmt).getCondition() or
e = cond.(WhileStmt).getExpr() or
e = cond.(ForStmt).getTest() or

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about just generalising all the way to LoopStmt.getTest()? Or do we not want this to cover DoWhileStmt.getTest()?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed EphemeralLoop.ql whitelists do-while because of Emscripten, so I thought we'd run into the same issue here.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's entirely possible.

@asger-semmle asger-semmle Nov 5, 2018

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually it looks like I got that backwards. EphemeralLoop.ql whitelists Emscripten-generated files because of do {} while(0), but this query already whitelists constants, so it shouldn't be a problem.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated to use LoopStmt

xiemaisi
xiemaisi previously approved these changes Nov 5, 2018
@xiemaisi xiemaisi added the JS label Nov 5, 2018
@xiemaisi

xiemaisi commented Nov 6, 2018

Copy link
Copy Markdown

Conflicts.

@asger-semmle

Copy link
Copy Markdown
Contributor Author

Rebased.

I've also opened ODASA-7450 for the change note, to be authored once all the changes to UselessConditional are in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants