wip

hvitved · hvitved · commit 3b34de45414a · 2026-04-28T13:34:00.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -175,6 +175,18 @@ private module ThisFlow {
     result = strictcount(int primaryParamPos | primaryConstructorThisAccess(_, bb, primaryParamPos))
   }
 
+  private module BodyNearestLocationInput implements NearestLocationInputSig {
+    class C = ControlFlowElement;
+
+    predicate relevantLocations(ControlFlowElement body, Location l1, Location l2) {
+      exists(DataFlowCallable c |
+        any(InstanceParameterNode p).isParameterOf(c, _) and
+        body = c.asCallable(l1).getBody() and
+        l2 = body.getLocation()
+      )
+    }
+  }
+
   private predicate thisAccess(Node n, BasicBlock bb, int i) {
     thisAccess(n, bb.getNode(i))
     or
@@ -183,21 +195,24 @@ private module ThisFlow {
       i = ppos - numberOfPrimaryConstructorParameters(bb)
     )
     or
-    exists(DataFlowCallable c, EntryBasicBlock entry |
-      n.(InstanceParameterNode).isParameterOf(c, _) and
-      exists(ControlFlowNode succ |
-        succ = c.getAControlFlowNode() and
-        succ = entry.getFirstNode().getASuccessor() and
+    exists(Callable c, Location l |
+      c = n.(InstanceParameterNode).getCallable(l) and
+      (
         // In case `c` has multiple bodies, we want each body to gets its own implicit
-        // entry definition. In case `c` doesn't have multiple bodies, the line below
-        // is simply the same as `bb = entry`, because `entry.getFirstNode().getASuccessor()`
-        // will be in the entry block.
-        bb = succ.getBasicBlock()
-      |
-        i = -1 - numberOfPrimaryConstructorParameters(bb)
+        // entry definition.
+        exists(ControlFlowElement body |
+          body = c.getBody() and
+          bb.getANode().isBefore(body) and
+          NearestLocation<BodyNearestLocationInput>::nearestLocation(body, l, _)
+        )
         or
-        not exists(numberOfPrimaryConstructorParameters(bb)) and i = -1
+        not c.hasBody() and
+        bb.(EntryBasicBlock).getEnclosingCallable() = c
       )
+    |
+      i = -1 - numberOfPrimaryConstructorParameters(bb)
+      or
+      not exists(numberOfPrimaryConstructorParameters(bb)) and i = -1
     )
   }
 
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll
@@ -1015,8 +1015,12 @@ private module MultiBodyNearestLocationInput implements NearestLocationInputSig
   class C = MultiBodyParameterDefinition;
 
   predicate relevantLocations(MultiBodyParameterDefinition def, Location l1, Location l2) {
-    l1 = def.getParameter().getALocation() and
-    l2 = def.getBasicBlock().getLocation()
+    exists(Callable c, ControlFlowNode n |
+      l1 = def.getParameter().getALocation() and
+      n = def.getBasicBlock().getANode() and
+      n.isBefore(c.getBody()) and
+      l2 = n.getLocation()
+    )
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1015,8 +1015,12 @@ private module MultiBodyNearestLocationInput implements NearestLocationInputSig`
`1015`	`1015`	`class C = MultiBodyParameterDefinition;`
`1016`	`1016`
`1017`	`1017`	`predicate relevantLocations(MultiBodyParameterDefinition def, Location l1, Location l2) {`
`1018`		`- l1 = def.getParameter().getALocation() and`
`1019`		`- l2 = def.getBasicBlock().getLocation()`
	`1018`	`+ exists(Callable c, ControlFlowNode n \|`
	`1019`	`+ l1 = def.getParameter().getALocation() and`
	`1020`	`+ n = def.getBasicBlock().getANode() and`
	`1021`	`+ n.isBefore(c.getBody()) and`
	`1022`	`+ l2 = n.getLocation()`
	`1023`	`+ )`
`1020`	`1024`	`}`
`1021`	`1025`	`}`
`1022`	`1026`