java/ql/lib: update shared range analysis library to use BigInts

Author: d10c

java/ql/lib/semmle/code/java/Constants.qll

@@ -6,7 +6,7 @@ import java
 
 signature boolean getBoolValSig(Expr e);
 
-signature int getIntValSig(Expr e);
+signature QlBuiltins::BigInt getBigIntValSig(Expr e);
 
 /**
  * Given predicates defining boolean and integer constants, this module
@@ -15,18 +15,18 @@ signature int getIntValSig(Expr e);
  *
  * The input and output predicates are expected to be mutually recursive.
  */
-module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal> {
+module CalculateConstants<getBoolValSig/1 getBoolVal, getBigIntValSig/1 getBigIntVal> {
   /** Gets the value of a constant boolean expression. */
   boolean calculateBooleanValue(Expr e) {
     // No casts relevant to booleans.
     // `!` is the only unary operator that evaluates to a boolean.
     result = getBoolVal(e.(LogNotExpr).getExpr()).booleanNot()
     or
     // Handle binary expressions that have integer operands and a boolean result.
-    exists(BinaryExpr b, int left, int right |
+    exists(BinaryExpr b, QlBuiltins::BigInt left, QlBuiltins::BigInt right |
       b = e and
-      left = getIntVal(b.getLeftOperand()) and
-      right = getIntVal(b.getRightOperand())
+      left = getBigIntVal(b.getLeftOperand()) and
+      right = getBigIntVal(b.getRightOperand())
     |
       (
         b instanceof LTExpr and
@@ -97,33 +97,35 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
     )
   }
 
-  /** Gets the value of a constant integer expression. */
-  int calculateIntValue(Expr e) {
-    exists(IntegralType t | e.getType() = t | t.getName().toLowerCase() != "long") and
+  /** Gets the big int value of a constant integer expression. */
+  QlBuiltins::BigInt calculateBigIntValue(Expr e) {
+    e.getType() instanceof IntegralType and
     (
-      exists(CastingExpr cast, int val | cast = e and val = getIntVal(cast.getExpr()) |
+      exists(CastingExpr cast, QlBuiltins::BigInt val |
+        cast = e and val = getBigIntVal(cast.getExpr())
+      |
         if cast.getType().hasName("byte")
-        then result = (val + 128).bitAnd(255) - 128
+        then result = (val + 128.toBigInt()).bitAnd(255.toBigInt()) - 128.toBigInt()
         else
           if cast.getType().hasName("short")
-          then result = (val + 32768).bitAnd(65535) - 32768
+          then result = (val + 32768.toBigInt()).bitAnd(65535.toBigInt()) - 32768.toBigInt()
           else
             if cast.getType().hasName("char")
-            then result = val.bitAnd(65535)
+            then result = val.bitAnd(65535.toBigInt())
             else result = val
       )
       or
-      result = getIntVal(e.(PlusExpr).getExpr())
+      result = getBigIntVal(e.(PlusExpr).getExpr())
       or
-      result = -getIntVal(e.(MinusExpr).getExpr())
+      result = -getBigIntVal(e.(MinusExpr).getExpr())
       or
-      result = getIntVal(e.(BitNotExpr).getExpr()).bitNot()
+      result = getBigIntVal(e.(BitNotExpr).getExpr()).bitNot()
       or
       // No `int` value for `LogNotExpr`.
-      exists(BinaryExpr b, int v1, int v2 |
+      exists(BinaryExpr b, QlBuiltins::BigInt v1, QlBuiltins::BigInt v2 |
         b = e and
-        v1 = getIntVal(b.getLeftOperand()) and
-        v2 = getIntVal(b.getRightOperand())
+        v1 = getBigIntVal(b.getLeftOperand()) and
+        v2 = getBigIntVal(b.getRightOperand())
       |
         b instanceof MulExpr and result = v1 * v2
         or
@@ -135,11 +137,12 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
         or
         b instanceof SubExpr and result = v1 - v2
         or
-        b instanceof LeftShiftExpr and result = v1.bitShiftLeft(v2)
+        b instanceof LeftShiftExpr and result = v1.bitShiftLeft(v2.toInt())
         or
-        b instanceof RightShiftExpr and result = v1.bitShiftRightSigned(v2)
+        b instanceof RightShiftExpr and result = v1.bitShiftRightSigned(v2.toInt())
         or
-        b instanceof UnsignedRightShiftExpr and result = v1.bitShiftRight(v2)
+        b instanceof UnsignedRightShiftExpr and
+        result = v1.toInt().bitShiftRight(v2.toInt()).toBigInt() // bitShiftRight not implemented on bigints (yet)
         or
         b instanceof AndBitwiseExpr and result = v1.bitAnd(v2)
         or
@@ -154,12 +157,12 @@ module CalculateConstants<getBoolValSig/1 getBoolVal, getIntValSig/1 getIntVal>
       exists(ConditionalExpr ce, boolean condition |
         ce = e and
         condition = getBoolVal(ce.getCondition()) and
-        result = getIntVal(ce.getBranchExpr(condition))
+        result = getBigIntVal(ce.getBranchExpr(condition))
       )
       or
       // If a `Variable` is final, its value is its initializer, if it exists.
       exists(Variable v | e = v.getAnAccess() and v.isFinal() |
-        result = getIntVal(v.getInitializer())
+        result = getBigIntVal(v.getInitializer())
       )
     )
   }

java/ql/lib/semmle/code/java/Expr.qll

@@ -249,25 +249,33 @@ class CompileTimeConstantExpr extends Expr {
    * - values of type `long`.
    */
   cached
-  int getIntValue() {
-    exists(IntegralType t | this.getType() = t | t.getName().toLowerCase() != "long") and
+  int getIntValue() { result = this.getBigIntValue().toInt() }
+
+  /**
+   * Gets the big integer value of this expression, where possible.
+   */
+  cached
+  QlBuiltins::BigInt getBigIntValue() {
+    this.getType() instanceof IntegralType and
     (
-      result = this.(IntegerLiteral).getIntValue()
+      result = this.(IntegerLiteral).getBigIntValue()
       or
-      result = this.(CharacterLiteral).getCodePointValue()
+      result = this.(CharacterLiteral).getCodePointValue().toBigInt()
     )
     or
-    result = CalcCompileTimeConstants::calculateIntValue(this)
+    result = CalcCompileTimeConstants::calculateBigIntValue(this)
     or
-    result = this.(LiveLiteral).getValue().getIntValue()
+    result = this.(LiveLiteral).getValue().getBigIntValue()
   }
 }
 
 private boolean getBoolValue(Expr e) { result = e.(CompileTimeConstantExpr).getBooleanValue() }
 
-private int getIntValue(Expr e) { result = e.(CompileTimeConstantExpr).getIntValue() }
+private QlBuiltins::BigInt getBigIntValue(Expr e) {
+  result = e.(CompileTimeConstantExpr).getBigIntValue()
+}
 
-private module CalcCompileTimeConstants = CalculateConstants<getBoolValue/1, getIntValue/1>;
+private module CalcCompileTimeConstants = CalculateConstants<getBoolValue/1, getBigIntValue/1>;
 
 /** An expression parent is an element that may have an expression as its child. */
 class ExprParent extends @exprparent, Top { }
@@ -590,6 +598,9 @@ class IntegerLiteral extends Literal, @integerliteral {
   /** Gets the int representation of this literal. */
   int getIntValue() { result = this.getValue().toInt() }
 
+  /** Gets the big int representation of this literal. */
+  QlBuiltins::BigInt getBigIntValue() { result = this.getValue().toBigInt() }
+
   override string getAPrimaryQlClass() { result = "IntegerLiteral" }
 }
 

java/ql/lib/semmle/code/java/controlflow/internal/GuardsLogic.qll

@@ -386,9 +386,9 @@ private predicate guardImpliesNotEqual2(
     (
       guard = directNullGuard(v0, branch, false) and val = TAbsValNull()
       or
-      exists(int k |
+      exists(QlBuiltins::BigInt k |
         guard = integerGuard(v0.getAUse(), branch, k, false) and
-        val = TAbsValInt(k)
+        val = TAbsValInt(k.toInt())
       )
     ) and
     (v = v0 or equalVarsInBlock(guard.getBasicBlock(), v0, v))

java/ql/lib/semmle/code/java/dataflow/Bound.qll

@@ -20,10 +20,10 @@ abstract class Bound extends TBound {
   abstract string toString();
 
   /** Gets an expression that equals this bound plus `delta`. */
-  abstract Expr getExpr(int delta);
+  abstract Expr getExpr(QlBuiltins::BigInt delta);
 
   /** Gets an expression that equals this bound. */
-  Expr getExpr() { result = this.getExpr(0) }
+  Expr getExpr() { result = this.getExpr(0.toBigInt()) }
 
   /** Gets the location of this bound. */
   abstract Location getLocation();
@@ -36,7 +36,9 @@ abstract class Bound extends TBound {
 class ZeroBound extends Bound, TBoundZero {
   override string toString() { result = "0" }
 
-  override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
+  override Expr getExpr(QlBuiltins::BigInt delta) {
+    result.(ConstantIntegerExpr).getIntValue() = delta
+  }
 
   override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
 }
@@ -50,7 +52,9 @@ class SsaBound extends Bound, TBoundSsa {
 
   override string toString() { result = this.getSsa().toString() }
 
-  override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
+  override Expr getExpr(QlBuiltins::BigInt delta) {
+    result = this.getSsa().getAUse() and delta = 0.toBigInt()
+  }
 
   override Location getLocation() { result = this.getSsa().getLocation() }
 }
@@ -62,7 +66,9 @@ class SsaBound extends Bound, TBoundSsa {
 class ExprBound extends Bound, TBoundExpr {
   override string toString() { result = this.getExpr().toString() }
 
-  override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
+  override Expr getExpr(QlBuiltins::BigInt delta) {
+    this = TBoundExpr(result) and delta = 0.toBigInt()
+  }
 
   override Location getLocation() { result = this.getExpr().getLocation() }
 }

java/ql/lib/semmle/code/java/dataflow/IntegerGuards.qll

@@ -8,7 +8,7 @@ private import RangeUtils
 private import RangeAnalysis
 
 /** Gets an expression that might have the value `i`. */
-private Expr exprWithIntValue(int i) {
+private Expr exprWithIntValue(QlBuiltins::BigInt i) {
   result.(ConstantIntegerExpr).getIntValue() = i or
   result.(ChooseExpr).getAResultExpr() = exprWithIntValue(i)
 }
@@ -21,14 +21,14 @@ class IntComparableExpr extends Expr {
   IntComparableExpr() { this instanceof VarRead or this instanceof MethodCall }
 
   /** Gets an integer that is directly assigned to the expression in case of a variable; or zero. */
-  int relevantInt() {
+  QlBuiltins::BigInt relevantInt() {
     exists(SsaExplicitUpdate ssa, SsaSourceVariable v |
       this = v.getAnAccess() and
       ssa.getSourceVariable() = v and
       ssa.getDefiningExpr().(VariableAssign).getSource() = exprWithIntValue(result)
     )
     or
-    result = 0
+    result = 0.toBigInt()
   }
 }
 
@@ -41,7 +41,7 @@ class IntComparableExpr extends Expr {
  * is true, and different from `k` if `is_k` is false.
  */
 pragma[nomagic]
-Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
+Expr integerGuard(IntComparableExpr e, boolean branch, QlBuiltins::BigInt k, boolean is_k) {
   exists(EqualityTest eqtest, boolean polarity |
     eqtest = result and
     eqtest.hasOperands(e, any(ConstantIntegerExpr c | c.getIntValue() = k)) and
@@ -53,7 +53,7 @@ Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
     )
   )
   or
-  exists(EqualityTest eqtest, int val, Expr c, boolean upper |
+  exists(EqualityTest eqtest, QlBuiltins::BigInt val, Expr c, boolean upper |
     k = e.relevantInt() and
     eqtest = result and
     eqtest.hasOperands(e, c) and
@@ -67,7 +67,7 @@ Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
     branch = eqtest.polarity()
   )
   or
-  exists(ComparisonExpr comp, Expr c, int val, boolean upper |
+  exists(ComparisonExpr comp, Expr c, QlBuiltins::BigInt val, boolean upper |
     k = e.relevantInt() and
     comp = result and
     comp.hasOperands(e, c) and
@@ -132,8 +132,8 @@ Expr integerGuard(IntComparableExpr e, boolean branch, int k, boolean is_k) {
  * If `branch_with_lower_bound_k` is true then `result` is equivalent to `k <= x`
  * and if it is false then `result` is equivalent to `k > x`.
  */
-Expr intBoundGuard(VarRead x, boolean branch_with_lower_bound_k, int k) {
-  exists(ComparisonExpr comp, ConstantIntegerExpr c, int val |
+Expr intBoundGuard(VarRead x, boolean branch_with_lower_bound_k, QlBuiltins::BigInt k) {
+  exists(ComparisonExpr comp, ConstantIntegerExpr c, QlBuiltins::BigInt val |
     comp = result and
     comp.hasOperands(x, c) and
     c.getIntValue() = val and
@@ -143,7 +143,7 @@ Expr intBoundGuard(VarRead x, boolean branch_with_lower_bound_k, int k) {
     comp.getLesserOperand() = c and
     comp.isStrict() and
     branch_with_lower_bound_k = true and
-    val + 1 = k
+    val + 1.toBigInt() = k
     or
     // c <= x
     comp.getLesserOperand() = c and
@@ -161,6 +161,6 @@ Expr intBoundGuard(VarRead x, boolean branch_with_lower_bound_k, int k) {
     comp.getGreaterOperand() = c and
     not comp.isStrict() and
     branch_with_lower_bound_k = false and
-    val + 1 = k
+    val + 1.toBigInt() = k
   )
 }