missed changes

BazookaMusic · BazookaMusic · commit acb5c0e70f56 · 2026-05-27T17:23:45.000+02:00
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
@@ -9,6 +9,7 @@ dependencies:
   codeql/controlflow: ${workspace}
   codeql/dataflow: ${workspace}
   codeql/mad: ${workspace}
+  codeql/rangeanalysis: ${workspace}
   codeql/ssa: ${workspace}
   codeql/threat-models: ${workspace}
   codeql/tutorial: ${workspace}
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll
@@ -4,67 +4,31 @@
 overlay[local?]
 module;
 
+private import csharp as CS
 private import internal.rangeanalysis.BoundSpecific
+private import internal.rangeanalysis.BoundSpecific as BoundSpecific
+private import codeql.rangeanalysis.Bound as SharedBound
 
-private newtype TBound =
-  TBoundZero() or
-  TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
-  TBoundExpr(Expr e) {
-    interestingExprBound(e) and
-    not exists(SsaVariable v | e = v.getAUse())
-  }
+private module BoundImpl = SharedBound::Bound<CS::Location, BoundSpecific::BoundDefs>;
 
 /**
  * A bound that may be inferred for an expression plus/minus an integer delta.
  */
-abstract class Bound extends TBound {
-  /** Gets a textual representation of this bound. */
-  abstract string toString();
-
-  /** Gets an expression that equals this bound plus `delta`. */
-  abstract Expr getExpr(int delta);
-
-  /** Gets an expression that equals this bound. */
-  Expr getExpr() { result = this.getExpr(0) }
-
-  /** Gets the location of this bound. */
-  abstract Location getLocation();
-}
+class Bound = BoundImpl::Bound;
 
 /**
  * The bound that corresponds to the integer 0. This is used to represent all
  * integer bounds as bounds are always accompanied by an added integer delta.
  */
-class ZeroBound extends Bound, TBoundZero {
-  override string toString() { result = "0" }
-
-  override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
-
-  override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
-}
+class ZeroBound = BoundImpl::ZeroBound;
 
 /**
  * A bound corresponding to the value of an SSA variable.
  */
-class SsaBound extends Bound, TBoundSsa {
-  /** Gets the SSA variable that equals this bound. */
-  SsaVariable getSsa() { this = TBoundSsa(result) }
-
-  override string toString() { result = this.getSsa().toString() }
-
-  override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
-
-  override Location getLocation() { result = this.getSsa().getLocation() }
-}
+class SsaBound = BoundImpl::SsaBound;
 
 /**
  * A bound that corresponds to the value of a specific expression that might be
  * interesting, but isn't otherwise represented by the value of an SSA variable.
  */
-class ExprBound extends Bound, TBoundExpr {
-  override string toString() { result = this.getExpr().toString() }
-
-  override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
-
-  override Location getLocation() { result = this.getExpr().getLocation() }
-}
+class ExprBound = BoundImpl::ExprBound;
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll
@@ -7,16 +7,26 @@ private import semmle.code.csharp.dataflow.SSA::Ssa as Ssa
 private import semmle.code.csharp.dataflow.internal.rangeanalysis.ConstantUtils as CU
 private import semmle.code.csharp.dataflow.internal.rangeanalysis.RangeUtils as RU
 private import semmle.code.csharp.dataflow.internal.rangeanalysis.SsaUtils as SU
+private import codeql.rangeanalysis.Bound as SharedBound
 
-class SsaVariable = SU::SsaVariable;
+/** Holds if `e` is a bound expression and it is not an SSA variable read. */
 
-class Expr = CS::ControlFlowNodes::ExprNode;
 
-class Location = CS::Location;
+module BoundDefs implements SharedBound::BoundDefinitions<CS::Location> {
+    class Type = CS::Type;
 
-class IntegralType = CS::IntegralType;
+    class SsaVariable = SU::SsaVariable;
+    
+    class SsaSourceVariable = Ssa::SourceVariable;
 
-class ConstantIntegerExpr = CU::ConstantIntegerExpr;
+    class Expr = CS::ControlFlowNodes::ExprNode;
 
-/** Holds if `e` is a bound expression and it is not an SSA variable read. */
-predicate interestingExprBound(Expr e) { CU::systemArrayLengthAccess(e.getExpr()) }
+    class IntegralType = CS::IntegralType;
+
+    class ConstantIntegerExpr = CU::ConstantIntegerExpr;
+
+  /** Holds if `e` is a bound expression and it is not an SSA variable read. */
+    predicate interestingExprBound(Expr e) { 
+        CU::systemArrayLengthAccess(e.getExpr()) 
+    }
+}
diff --git a/java/ql/lib/semmle/code/java/dataflow/Bound.qll b/java/ql/lib/semmle/code/java/dataflow/Bound.qll
@@ -8,12 +8,26 @@ private import java as J
 private import internal.rangeanalysis.BoundSpecific as BoundSpecific
 private import codeql.rangeanalysis.Bound as SharedBound
 
-module BoundInstantiation = SharedBound::Bound<J::Location, BoundSpecific::BoundDefs>;
+private module BoundImpl = SharedBound::Bound<J::Location, BoundSpecific::BoundDefs>;
 
-class Bound = BoundInstantiation::Bound;
+/**
+ * A bound that may be inferred for an expression plus/minus an integer delta.
+ */
+class Bound = BoundImpl::Bound;
 
-class ZeroBound = BoundInstantiation::ZeroBound;
+/**
+ * The bound that corresponds to the integer 0. This is used to represent all
+ * integer bounds as bounds are always accompanied by an added integer delta.
+ */
+class ZeroBound = BoundImpl::ZeroBound;
 
-class SsaBound = BoundInstantiation::SsaBound;
+/**
+ * A bound corresponding to the value of an SSA variable.
+ */
+class SsaBound = BoundImpl::SsaBound;
 
-class ExprBound = BoundInstantiation::ExprBound;
+/**
+ * A bound that corresponds to the value of a specific expression that might be
+ * interesting, but isn't otherwise represented by the value of an SSA variable.
+ */
+class ExprBound = BoundImpl::ExprBound;
