Removing hashcons usages from LeapYear.qll, inefficient and I'm not sure they are actually necessary or providing much utility.

bdrodes · bdrodes · commit 87560891605d · 2026-01-15T15:16:42.000-05:00
diff --git a/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll b/cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll
@@ -5,7 +5,6 @@
 import cpp
 import semmle.code.cpp.dataflow.new.TaintTracking
 import semmle.code.cpp.commons.DateTime
-import semmle.code.cpp.valuenumbering.HashCons
 
 /**
  * Get the top-level `BinaryOperation` enclosing the expression e.
@@ -42,7 +41,6 @@ class CheckForLeapYearOperation extends Expr {
   }
 }
 
-bindingset[modVal]
 Expr moduloCheckEQ_0(EQExpr eq, int modVal) {
   exists(RemExpr rem | rem = eq.getLeftOperand() |
     result = rem.getLeftOperand() and
@@ -51,7 +49,6 @@ Expr moduloCheckEQ_0(EQExpr eq, int modVal) {
   eq.getRightOperand().getValue().toInt() = 0
 }
 
-bindingset[modVal]
 Expr moduloCheckNEQ_0(NEExpr neq, int modVal) {
   exists(RemExpr rem | rem = neq.getLeftOperand() |
     result = rem.getLeftOperand() and
@@ -60,17 +57,6 @@ Expr moduloCheckNEQ_0(NEExpr neq, int modVal) {
   neq.getRightOperand().getValue().toInt() = 0
 }
 
-/**
- * Returns if the two expressions resolve to the same value, albeit it is a fuzzy attempt.
- * SSA is not fit for purpose here as calls break SSA equivalence.
- */
-bindingset[e1, e2]
-pragma[inline_late]
-predicate exprEq_propertyPermissive(Expr e1, Expr e2) {
-  not e1 = e2 and
-  hashCons(e1) = hashCons(e2)
-}
-
 /**
  * An expression that is the subject of a mod-4 check.
  * ie `expr % 4 == 0`
@@ -196,8 +182,7 @@ class ExprCheckCenturyComponent extends LogicalOrExpr {
   ExprCheckCenturyComponent() {
     exists(ExprCheckCenturyComponentDiv400 exprDiv400, ExprCheckCenturyComponentDiv100 exprDiv100 |
       this.getAnOperand() = exprDiv100 and
-      this.getAnOperand() = exprDiv400 and
-      exprEq_propertyPermissive(exprDiv100.getYearExpr(), exprDiv400.getYearExpr())
+      this.getAnOperand() = exprDiv400
     )
   }
 
@@ -222,8 +207,7 @@ final class ExprCheckLeapYearFormA extends ExprCheckLeapYear, LogicalAndExpr {
   ExprCheckLeapYearFormA() {
     exists(Expr e, ExprCheckCenturyComponent centuryCheck |
       e = moduloCheckEQ_0(this.getLeftOperand(), 4) and
-      centuryCheck = this.getAnOperand().getAChild*() and
-      exprEq_propertyPermissive(e, centuryCheck.getYearExpr())
+      centuryCheck = this.getAnOperand().getAChild*()
     )
   }
 }
@@ -238,12 +222,7 @@ final class ExprCheckLeapYearFormB extends ExprCheckLeapYear, LogicalOrExpr {
     exists(VariableAccess va1, VariableAccess va2, VariableAccess va3 |
       va1 = moduloCheckEQ_0(this.getAnOperand(), 400) and
       va2 = moduloCheckNEQ_0(this.getAnOperand().(LogicalAndExpr).getAnOperand(), 100) and
-      va3 = moduloCheckEQ_0(this.getAnOperand().(LogicalAndExpr).getAnOperand(), 4) and
-      // The 400-leap year check may be offset by [1900,1970,2000].
-      exists(Expr va1_subExpr | va1_subExpr = va1.getAChild*() |
-        exprEq_propertyPermissive(va1_subExpr, va2) and
-        exprEq_propertyPermissive(va2, va3)
-      )
+      va3 = moduloCheckEQ_0(this.getAnOperand().(LogicalAndExpr).getAnOperand(), 4)
     )
   }
 }
@@ -384,47 +363,44 @@ class StructTmLeapYearFieldAccess extends LeapYearFieldAccess {
  * `stDate.wMonth == 2`
  */
 class DateCheckMonthFebruary extends Operation {
-  DateCheckMonthFebruary(){
+  DateCheckMonthFebruary() {
     this.getOperator() = "==" and
     this.getAnOperand() instanceof MonthFieldAccess and
     this.getAnOperand().(Literal).getValue() = "2"
   }
 
-  Expr getDateQualifier(){
-    result = this.getAnOperand().(MonthFieldAccess).getQualifier()
-  }
+  Expr getDateQualifier() { result = this.getAnOperand().(MonthFieldAccess).getQualifier() }
 }
 
 /**
  * `stDate.wDay == 29`
  */
 class DateCheckDay29 extends Operation {
-  DateCheckDay29(){
+  DateCheckDay29() {
     this.getOperator() = "==" and
     this.getAnOperand() instanceof DayFieldAccess and
     this.getAnOperand().(Literal).getValue() = "29"
   }
 
-  Expr getDateQualifier(){
-    result = this.getAnOperand().(DayFieldAccess).getQualifier()
-  }
+  Expr getDateQualifier() { result = this.getAnOperand().(DayFieldAccess).getQualifier() }
 }
 
 /**
  * The combination of a February and Day 29 verification
  * `stDate.wMonth == 2 && stDate.wDay == 29`
  */
 class DateFebruary29Check extends Operation {
-  DateFebruary29Check(){
+  DateFebruary29Check() {
     this.getOperator() = "&&" and
     exists(DateCheckMonthFebruary checkFeb, DateCheckDay29 check29 |
       checkFeb = this.getAnOperand() and
-      check29 = this.getAnOperand() and
-      hashCons(checkFeb.getDateQualifier()) = hashCons(check29.getDateQualifier())
+      check29 = this.getAnOperand()
+      // and
+      // hashCons(checkFeb.getDateQualifier()) = hashCons(check29.getDateQualifier())
     )
   }
 
-  Expr getDateQualifier(){
+  Expr getDateQualifier() {
     result = this.getAnOperand().(DateCheckMonthFebruary).getDateQualifier()
   }
 }
