C#: Update range utils and signanalysis.

michaelnebel · michaelnebel · commit b9c177456848 · 2026-03-16T15:11:18.000+01:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/RangeUtils.qll
@@ -33,7 +33,11 @@ private module Impl {
   /** Holds if SSA definition `def` equals `e + delta`. */
   predicate ssaUpdateStep(ExplicitDefinition def, ExprNode e, int delta) {
     exists(ControlFlow::Node cfn | cfn = def.getControlFlowNode() |
-      e = cfn.(ExprNode::Assignment).getRValue() and delta = 0
+      e = cfn.(ExprNode::Assignment).getRValue() and
+      delta = 0 and
+      not cfn instanceof ExprNode::AssignOperation
+      or
+      e = cfn.(ExprNode::AssignOperation) and delta = 0
       or
       e = cfn.(ExprNode::PostIncrExpr).getOperand() and delta = 1
       or
@@ -230,6 +234,11 @@ module ExprNode {
     override CS::AssignExpr e;
   }
 
+  /** A compound assignment operation. */
+  class AssignOperation extends Assignment, BinaryOperation {
+    override CS::AssignOperation e;
+  }
+
   /** A unary operation. */
   class UnaryOperation extends ExprNode {
     override CS::UnaryOperation e;
@@ -321,80 +330,168 @@ module ExprNode {
   }
 
   /** An addition operation. */
-  class AddExpr extends BinaryOperation {
+  abstract private class AddExprImpl extends BinaryOperation {
+    override TAddOp getOp() { any() }
+  }
+
+  final class AddExpr = AddExprImpl;
+
+  private class AddAddExpr extends AddExprImpl {
     override CS::AddExpr e;
+  }
 
-    override TAddOp getOp() { any() }
+  private class AddAssignAddExpr extends AddExprImpl, AssignOperation {
+    override CS::AssignAddExpr e;
   }
 
   /** A subtraction operation. */
-  class SubExpr extends BinaryOperation {
+  abstract private class SubExprImpl extends BinaryOperation {
+    override TSubOp getOp() { any() }
+  }
+
+  final class SubExpr = SubExprImpl;
+
+  private class AddSubExpr extends SubExprImpl {
     override CS::SubExpr e;
+  }
 
-    override TSubOp getOp() { any() }
+  private class AddAssignSubExpr extends SubExprImpl, AssignOperation {
+    override CS::AssignSubExpr e;
   }
 
   /** A multiplication operation. */
-  class MulExpr extends BinaryOperation {
+  abstract private class MulExprImpl extends BinaryOperation {
+    override TMulOp getOp() { any() }
+  }
+
+  final class MulExpr = MulExprImpl;
+
+  private class AddMulExpr extends MulExprImpl {
     override CS::MulExpr e;
+  }
 
-    override TMulOp getOp() { any() }
+  private class AddAssignMulExpr extends MulExprImpl, AssignOperation {
+    override CS::AssignMulExpr e;
   }
 
   /** A division operation. */
-  class DivExpr extends BinaryOperation {
+  abstract private class DivExprImpl extends BinaryOperation {
+    override TDivOp getOp() { any() }
+  }
+
+  final class DivExpr = DivExprImpl;
+
+  private class AddDivExpr extends DivExprImpl {
     override CS::DivExpr e;
+  }
 
-    override TDivOp getOp() { any() }
+  private class AddAssignDivExpr extends DivExprImpl, AssignOperation {
+    override CS::AssignDivExpr e;
   }
 
   /** A remainder operation. */
-  class RemExpr extends BinaryOperation {
+  abstract private class RemExprImpl extends BinaryOperation {
+    override TRemOp getOp() { any() }
+  }
+
+  final class RemExpr = RemExprImpl;
+
+  private class AddRemExpr extends RemExprImpl {
     override CS::RemExpr e;
+  }
 
-    override TRemOp getOp() { any() }
+  private class AddAssignRemExpr extends RemExprImpl, AssignOperation {
+    override CS::AssignRemExpr e;
   }
 
   /** A bitwise-and operation. */
-  class BitwiseAndExpr extends BinaryOperation {
+  abstract private class BitwiseAndExprImpl extends BinaryOperation {
+    override TBitAndOp getOp() { any() }
+  }
+
+  final class BitwiseAndExpr = BitwiseAndExprImpl;
+
+  private class AddBitwiseAndExpr extends BitwiseAndExprImpl {
     override CS::BitwiseAndExpr e;
+  }
 
-    override TBitAndOp getOp() { any() }
+  private class AddAssignAndExpr extends BitwiseAndExprImpl, AssignOperation {
+    override CS::AssignAndExpr e;
   }
 
   /** A bitwise-or operation. */
-  class BitwiseOrExpr extends BinaryOperation {
+  abstract private class BitwiseOrExprImpl extends BinaryOperation {
+    override TBitOrOp getOp() { any() }
+  }
+
+  final class BitwiseOrExpr = BitwiseOrExprImpl;
+
+  private class AddBitwiseOrExpr extends BitwiseOrExprImpl {
     override CS::BitwiseOrExpr e;
+  }
 
-    override TBitOrOp getOp() { any() }
+  private class AddAssignOrExpr extends BitwiseOrExprImpl, AssignOperation {
+    override CS::AssignOrExpr e;
   }
 
   /** A bitwise-xor operation. */
-  class BitwiseXorExpr extends BinaryOperation {
+  abstract private class BitwiseXorExprImpl extends BinaryOperation {
+    override TBitXorOp getOp() { any() }
+  }
+
+  final class BitwiseXorExpr = BitwiseXorExprImpl;
+
+  private class AddBitwiseXorExpr extends BitwiseXorExprImpl {
     override CS::BitwiseXorExpr e;
+  }
 
-    override TBitXorOp getOp() { any() }
+  private class AddAssignXorExpr extends BitwiseXorExprImpl, AssignOperation {
+    override CS::AssignXorExpr e;
   }
 
   /** A left-shift operation. */
-  class LeftShiftExpr extends BinaryOperation {
+  abstract private class LeftShiftExprImpl extends BinaryOperation {
+    override TLeftShiftOp getOp() { any() }
+  }
+
+  final class LeftShiftExpr = LeftShiftExprImpl;
+
+  private class AddLeftShiftExpr extends LeftShiftExprImpl {
     override CS::LeftShiftExpr e;
+  }
 
-    override TLeftShiftOp getOp() { any() }
+  private class AddAssignLeftShiftExpr extends LeftShiftExprImpl, AssignOperation {
+    override CS::AssignLeftShiftExpr e;
   }
 
   /** A right-shift operation. */
-  class RightShiftExpr extends BinaryOperation {
+  abstract private class RightShiftExprImpl extends BinaryOperation {
+    override TRightShiftOp getOp() { any() }
+  }
+
+  final class RightShiftExpr = RightShiftExprImpl;
+
+  private class AddRightShiftExpr extends RightShiftExprImpl {
     override CS::RightShiftExpr e;
+  }
 
-    override TRightShiftOp getOp() { any() }
+  private class AddAssignRightShiftExpr extends RightShiftExprImpl, AssignOperation {
+    override CS::AssignRightShiftExpr e;
   }
 
   /** An unsigned right-shift operation. */
-  class UnsignedRightShiftExpr extends BinaryOperation {
+  abstract private class UnsignedRightShiftExprImpl extends BinaryOperation {
+    override TUnsignedRightShiftOp getOp() { any() }
+  }
+
+  final class UnsignedRightShiftExpr = UnsignedRightShiftExprImpl;
+
+  private class AddUnsignedRightShiftExpr extends UnsignedRightShiftExprImpl {
     override CS::UnsignedRightShiftExpr e;
+  }
 
-    override TUnsignedRightShiftOp getOp() { any() }
+  private class AddAssignUnsignedRightShiftExpr extends UnsignedRightShiftExprImpl, AssignOperation {
+    override CS::AssignUnsighedRightShiftExpr e;
   }
 
   /** A conditional expression. */
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisSpecific.qll
@@ -130,6 +130,11 @@ private module Impl {
       adef = def.getADefinition() and
       hasChild(adef.getExpr(), adef.getSource(), def.getControlFlowNode(), result)
     )
+    or
+    exists(AssignableDefinitions::AssignOperationDefinition adef |
+      adef = def.getADefinition() and
+      result.getExpr() = adef.getSource()
+    )
   }
 
   /** Holds if `def` can have any sign. */

Original file line number	Diff line number	Diff line change
`@@ -130,6 +130,11 @@ private module Impl {`
`130`	`130`	`adef = def.getADefinition() and`
`131`	`131`	`hasChild(adef.getExpr(), adef.getSource(), def.getControlFlowNode(), result)`
`132`	`132`	`)`
	`133`	`+ or`
	`134`	`+ exists(AssignableDefinitions::AssignOperationDefinition adef \|`
	`135`	`+ adef = def.getADefinition() and`
	`136`	`+ result.getExpr() = adef.getSource()`
	`137`	`+ )`
`133`	`138`	`}`
`134`	`139`
`135`	`140`	/** Holds if `def` can have any sign. */