From dd00447ed86ea2dae32065f27783d09b63965f74 Mon Sep 17 00:00:00 2001
From: Richard Yao <richard.yao@alumni.stonybrook.edu>
Date: Sun, 21 Jan 2024 12:26:22 -0500
Subject: [PATCH] Add CodeQL query to detect redundant assignments

Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
---
 .github/codeql-cpp.yml                        |  5 ++
 .github/codeql-python.yml                     |  4 ++
 .github/codeql/custom-queries/cpp/qlpack.yml  |  4 ++
 .../custom-queries/cpp/redundantAssignment.c  |  8 +++
 .../custom-queries/cpp/redundantAssignment.ql | 55 +++++++++++++++++++
 .github/codeql/openzfs-code-scanning.qls      |  3 +
 .github/workflows/codeql.yml                  |  1 +
 7 files changed, 80 insertions(+)
 create mode 100644 .github/codeql-cpp.yml
 create mode 100644 .github/codeql-python.yml
 create mode 100644 .github/codeql/custom-queries/cpp/qlpack.yml
 create mode 100644 .github/codeql/custom-queries/cpp/redundantAssignment.c
 create mode 100644 .github/codeql/custom-queries/cpp/redundantAssignment.ql
 create mode 100644 .github/codeql/openzfs-code-scanning.qls

diff --git a/.github/codeql-cpp.yml b/.github/codeql-cpp.yml
new file mode 100644
index 000000000000..30c221ed2747
--- /dev/null
+++ b/.github/codeql-cpp.yml
@@ -0,0 +1,5 @@
+name: "Custom CodeQL Analysis"
+
+queries:
+  - uses: ./.github/codeql/custom-queries/cpp/redundantAssignment.ql
+#  - uses: ./.github/codeql/openzfs-code-scanning.qls
diff --git a/.github/codeql-python.yml b/.github/codeql-python.yml
new file mode 100644
index 000000000000..93cb4a435ed9
--- /dev/null
+++ b/.github/codeql-python.yml
@@ -0,0 +1,4 @@
+name: "Custom CodeQL Analysis"
+
+paths-ignore:
+  - tests
diff --git a/.github/codeql/custom-queries/cpp/qlpack.yml b/.github/codeql/custom-queries/cpp/qlpack.yml
new file mode 100644
index 000000000000..cbe0f1cbe3c4
--- /dev/null
+++ b/.github/codeql/custom-queries/cpp/qlpack.yml
@@ -0,0 +1,4 @@
+name: openzfs-cpp-queries
+version: 0.0.0
+libraryPathDependencies: codeql-cpp
+suites: openzfs-cpp-suite
diff --git a/.github/codeql/custom-queries/cpp/redundantAssignment.c b/.github/codeql/custom-queries/cpp/redundantAssignment.c
new file mode 100644
index 000000000000..f5c908a95090
--- /dev/null
+++ b/.github/codeql/custom-queries/cpp/redundantAssignment.c
@@ -0,0 +1,8 @@
+int
+main(void) {
+	int a = 0;
+	int b = a;
+	int c = 1;
+	a = b;
+	return (a*b*c);
+}
diff --git a/.github/codeql/custom-queries/cpp/redundantAssignment.ql b/.github/codeql/custom-queries/cpp/redundantAssignment.ql
new file mode 100644
index 000000000000..f7580c07a744
--- /dev/null
+++ b/.github/codeql/custom-queries/cpp/redundantAssignment.ql
@@ -0,0 +1,55 @@
+/**
+ * @name Redundant assignment detection
+ * @description Detects redundant assignments where a variable is assigned to another, and then the second variable is assigned back to the first without any intervening modification.
+ * @kind problem
+ * @id cpp/redundant-assignment
+ * @severity warning
+ */
+
+/**
+ * @name Mutual assignment detection
+ * @description Detects mutual assignments between variables and structure fields.
+ * @kind problem
+ * @id cpp/mutual-assignment
+ * @severity warning
+ */
+
+import cpp
+import semmle.code.cpp.dataflow.DataFlow
+
+class MutualAssignmentConfig extends DataFlow::Configuration {
+  MutualAssignmentConfig() { this = "MutualAssignmentConfig" }
+
+  override predicate isSource(DataFlow::Node source) {
+    exists(Assignment assign |
+      assign = source.asExpr() and
+      (
+        assign.getRValue() instanceof VariableAccess or
+        assign.getRValue() instanceof FieldAccess
+      )
+    )
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(Assignment assign |
+      assign = sink.asExpr() and
+      (
+        assign.getLValue() instanceof VariableAccess or
+        assign.getLValue() instanceof FieldAccess
+      )
+    )
+  }
+}
+
+from MutualAssignmentConfig config, Assignment assign1, Assignment assign2
+where
+  config.hasFlow(DataFlow::exprNode(assign1.getRValue()), DataFlow::exprNode(assign2.getRValue())) and
+  assign1.getLValue() = assign2.getRValue() and
+  assign2.getLValue() = assign1.getRValue() and
+  not exists(FunctionCall fc |
+    fc.getEnclosingFunction() = assign1.getEnclosingFunction() and
+    fc.getArgument(0).getFullyConverted().(VariableAccess).getTarget() = assign1.getLValue().(VariableAccess).getTarget() and
+    fc.getLocation().isBetween(assign1.getLocation(), assign2.getLocation())
+  )
+select assign2, "This assignment to " + assign2.getLValue().toString() + " is potentially redundant."
+
diff --git a/.github/codeql/openzfs-code-scanning.qls b/.github/codeql/openzfs-code-scanning.qls
new file mode 100644
index 000000000000..c371ed848cf8
--- /dev/null
+++ b/.github/codeql/openzfs-code-scanning.qls
@@ -0,0 +1,3 @@
+# Reusing existing QL Pack
+- import: codeql-suites/cpp-code-scanning.qls
+  from: codeql-cpp
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 037f8aca0eaa..7ccfc1492564 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -29,6 +29,7 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
+        config-file: .github/codeql-${{ matrix.language }}.yml
         languages: ${{ matrix.language }}
 
     - name: Autobuild