Java: Refactor SummarizedCallable.

Author: michaelnebel

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll

@@ -10,7 +10,7 @@ private module DispatchImpl {
   DataFlowCallable viableCallable(DataFlowCall c) {
     result.asCallable() = VirtualDispatch::viableCallable(c.asCall())
     or
-    result.(SummarizedCallable).asCallable() = c.asCall().getCallee().getSourceDeclaration()
+    result.asCallable().(SummarizedCallable) = c.asCall().getCallee().getSourceDeclaration()
   }
 
   /**
@@ -118,7 +118,7 @@ private module DispatchImpl {
         not failsUnification(t, t2)
       )
       or
-      result.asCallable() = def and result instanceof SummarizedCallable
+      result.asCallable() = def and def instanceof SummarizedCallable
     )
   }
 

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowNodes.qll

@@ -14,14 +14,14 @@ newtype TNode =
     not e.getParent*() instanceof Annotation
   } or
   TExplicitParameterNode(Parameter p) {
-    exists(p.getCallable().getBody()) or p.getCallable() = any(SummarizedCallable sc).asCallable()
+    exists(p.getCallable().getBody()) or p.getCallable() instanceof SummarizedCallable
   } or
   TImplicitVarargsArray(Call c) {
     c.getCallee().isVarargs() and
     not exists(Argument arg | arg.getCall() = c and arg.isExplicitVarargsArray())
   } or
   TInstanceParameterNode(Callable c) {
-    (exists(c.getBody()) or c = any(SummarizedCallable sc).asCallable()) and
+    (exists(c.getBody()) or c instanceof SummarizedCallable) and
     not c.isStatic()
   } or
   TImplicitInstanceAccess(InstanceAccessExt ia) { not ia.isExplicit(_) } or
@@ -336,7 +336,7 @@ module Private {
     result.asCallable() = n.(ImplicitInstanceAccess).getInstanceAccess().getEnclosingCallable() or
     result.asCallable() = n.(MallocNode).getClassInstanceExpr().getEnclosingCallable() or
     result = nodeGetEnclosingCallable(n.(ImplicitPostUpdateNode).getPreUpdateNode()) or
-    n = TSummaryInternalNode(result, _) or
+    n = TSummaryInternalNode(result.asCallable(), _) or
     result.asFieldScope() = n.(FieldValueNode).getField()
   }
 

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll

@@ -317,7 +317,7 @@ class SummaryCall extends DataFlowCall, TSummaryCall {
   /** Gets the data flow node that this call targets. */
   Node getReceiver() { result = receiver }
 
-  override DataFlowCallable getEnclosingCallable() { result = c }
+  override DataFlowCallable getEnclosingCallable() { result.asCallable() = c }
 
   override string toString() { result = "[summary] call to " + receiver + " in " + c }
 
@@ -378,7 +378,7 @@ predicate forceHighPrecision(Content c) {
 predicate nodeIsHidden(Node n) {
   n instanceof SummaryNode
   or
-  n.(ParameterNode).isParameterOf(any(SummarizedCallable c).asCallable(), _)
+  n.(ParameterNode).isParameterOf(any(SummarizedCallable c), _)
 }
 
 class LambdaCallKind = Method; // the "apply" method in the functional interface

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

@@ -195,7 +195,10 @@ module Public {
   }
 
   /** A callable with a flow summary. */
-  abstract class SummarizedCallable extends DataFlowCallable {
+  abstract class SummarizedCallable extends SummarizedCallableBase {
+    bindingset[this]
+    SummarizedCallable() { any() }
+
     /**
      * Holds if data may flow from `input` to `output` through this callable.
      *
@@ -493,7 +496,7 @@ module Private {
       or
       exists(ParameterPosition pos |
         parameterReadState(c, state, pos) and
-        result.(ParamNode).isParameterOf(c, pos)
+        result.(ParamNode).isParameterOf(inject(c), pos)
       )
     )
   }
@@ -621,7 +624,7 @@ module Private {
   predicate summaryPostUpdateNode(Node post, Node pre) {
     exists(SummarizedCallable c, ParameterPosition pos |
       isParameterPostUpdate(post, c, pos) and
-      pre.(ParamNode).isParameterOf(c, pos)
+      pre.(ParamNode).isParameterOf(inject(c), pos)
     )
     or
     exists(SummarizedCallable callable, SummaryComponentStack s |
@@ -644,7 +647,7 @@ module Private {
    * node, and back out to `p`.
    */
   predicate summaryAllowParameterReturnInSelf(ParamNode p) {
-    exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(c, ppos) |
+    exists(SummarizedCallable c, ParameterPosition ppos | p.isParameterOf(inject(c), ppos) |
       exists(SummaryComponentStack inputContents, SummaryComponentStack outputContents |
         summary(c, inputContents, outputContents, _) and
         inputContents.bottom() = pragma[only_bind_into](TArgumentSummaryComponent(ppos)) and
@@ -748,8 +751,11 @@ module Private {
     private predicate viableParam(
       DataFlowCall call, SummarizedCallable sc, ParameterPosition ppos, ParamNode p
     ) {
-      p.isParameterOf(sc, ppos) and
-      sc = viableCallable(call)
+      exists(DataFlowCallable c |
+        c = inject(sc) and
+        p.isParameterOf(c, ppos) and
+        c = viableCallable(call)
+      )
     }
 
     pragma[nomagic]
@@ -1067,16 +1073,18 @@ module Private {
   /** Provides a query predicate for outputting a set of relevant flow summaries. */
   module TestOutput {
     /** A flow summary to include in the `summary/3` query predicate. */
-    abstract class RelevantSummarizedCallable extends SummarizedCallable {
+    abstract class RelevantSummarizedCallable instanceof SummarizedCallable {
       /** Gets the string representation of this callable used by `summary/1`. */
       abstract string getCallableCsv();
 
       /** Holds if flow is propagated between `input` and `output`. */
       predicate relevantSummary(
         SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
       ) {
-        this.propagatesFlow(input, output, preservesValue)
+        super.propagatesFlow(input, output, preservesValue)
       }
+
+      string toString() { result = super.toString() }
     }
 
     /** Render the kind in the format used in flow summaries. */
@@ -1087,7 +1095,7 @@ module Private {
     }
 
     private string renderGenerated(RelevantSummarizedCallable c) {
-      if c.isAutoGenerated() then result = "generated:" else result = ""
+      if c.(SummarizedCallable).isAutoGenerated() then result = "generated:" else result = ""
     }
 
     /**
@@ -1117,19 +1125,21 @@ module Private {
    */
   module RenderSummarizedCallable {
     /** A summarized callable to include in the graph. */
-    abstract class RelevantSummarizedCallable extends SummarizedCallable { }
+    abstract class RelevantSummarizedCallable instanceof SummarizedCallable {
+      string toString() { result = super.toString() }
+    }
 
     private newtype TNodeOrCall =
       MkNode(Node n) {
         exists(RelevantSummarizedCallable c |
           n = summaryNode(c, _)
           or
-          n.(ParamNode).isParameterOf(c, _)
+          n.(ParamNode).isParameterOf(inject(c), _)
         )
       } or
       MkCall(DataFlowCall call) {
         call = summaryDataFlowCall(_) and
-        call.getEnclosingCallable() instanceof RelevantSummarizedCallable
+        call.getEnclosingCallable() = inject(any(RelevantSummarizedCallable c))
       }
 
     private class NodeOrCall extends TNodeOrCall {

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -14,6 +14,10 @@ private module FlowSummaries {
   private import semmle.code.java.dataflow.FlowSummary as F
 }
 
+class SummarizedCallableBase = Callable;
+
+DataFlowCallable inject(SummarizedCallable c) { result.asCallable() = c }
+
 /** Gets the parameter position of the instance parameter. */
 int instanceParameterPosition() { result = -1 }
 
@@ -28,7 +32,7 @@ DataFlowType getContentType(Content c) { result = c.getType() }
 
 /** Gets the return type of kind `rk` for callable `c`. */
 DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) {
-  result = getErasedRepr(c.asCallable().getReturnType()) and
+  result = getErasedRepr(c.getReturnType()) and
   exists(rk)
 }
 
@@ -56,14 +60,12 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) {
  * `input`, output specification `output`, kind `kind`, and a flag `generated`
  * stating whether the summary is autogenerated.
  */
-predicate summaryElement(
-  DataFlowCallable c, string input, string output, string kind, boolean generated
-) {
+predicate summaryElement(Callable c, string input, string output, string kind, boolean generated) {
   exists(
     string namespace, string type, boolean subtypes, string name, string signature, string ext
   |
     summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, generated) and
-    c.asCallable() = interpretElement(namespace, type, subtypes, name, signature, ext)
+    c = interpretElement(namespace, type, subtypes, name, signature, ext)
   )
 }