Inline isCloseCall into isSink

owen-mc · owen-mc · commit dbee8fcdc034 · 2026-06-04T13:11:37.000+01:00
diff --git a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
@@ -101,44 +101,6 @@ predicate postDominatesNode(ControlFlow::Node postDominator, ControlFlow::Node n
   )
 }
 
-/**
- * Holds if `closeCall` is an unhandled call to `os.File.Close` on `sink` that is not
- * guaranteed to be preceded during execution by a handled call to `os.File.Sync` on the
- * same file handle.
- */
-predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
-  // find calls to the os.File.Close function
-  closeCall = any(CloseFileFun f).getACall() and
-  // that are unhandled
-  unhandledCall(closeCall) and
-  // where the function is called on the sink
-  closeCall.getReceiver() = sink and
-  // and check that the call to `os.File.Close` is not guaranteed to be preceded during
-  // execution by a handled call to `os.File.Sync` on the same file handle.
-  not exists(DataFlow::Node syncReceiver, DataFlow::CallNode syncCall |
-    // check that the call to `os.File.Sync` is handled
-    isHandledSync(syncReceiver, syncCall) and
-    // check that `os.File.Sync` is called on the same object as `os.File.Close`
-    exists(DataFlow::SsaNode ssa | ssa.getAUse() = sink and ssa.getAUse() = syncReceiver)
-  |
-    if exists(DeferStmt defer | defer.getCall() = closeCall.asExpr())
-    then
-      // When the call to `os.File.Close` is deferred it runs when the enclosing function
-      // returns, but the receiver of the deferred call is evaluated where the `defer`
-      // statement appears. It is therefore enough for the handled call to `os.File.Sync`
-      // to post-dominate that point, since that guarantees `os.File.Sync` runs before the
-      // deferred `os.File.Close` on every path on which the `os.File.Close` is registered.
-      // We cannot reuse the domination check below because the control-flow graph splices
-      // the deferred call in at the function exit, where it may be reachable along paths
-      // that do not pass through the call to `os.File.Sync`.
-      postDominatesNode(syncCall.asInstruction(), sink.asInstruction())
-    else
-      // Otherwise the call to `os.File.Close` is executed where it appears, so we require
-      // the handled call to `os.File.Sync` to dominate it.
-      syncCall.asInstruction().dominatesNode(closeCall.asInstruction())
-  )
-}
-
 /**
  * Holds if `os.File.Sync` is called on `sink` and the result of the call is neither
  * deferred nor discarded.
@@ -155,7 +117,43 @@ predicate isHandledSync(DataFlow::Node sink, DataFlow::CallNode syncCall) {
 module UnhandledFileCloseConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { isWritableFileHandle(source, _) }
 
-  predicate isSink(DataFlow::Node sink) { isCloseSink(sink, _) }
+  predicate isSink(DataFlow::Node sink) {
+    // `closeCall` is an unhandled call to `os.File.Close` on `sink` that is not
+    // guaranteed to be preceded during execution by a handled call to `os.File.Sync` on the
+    // same file handle.
+    exists(DataFlow::CallNode closeCall |
+      // find calls to the os.File.Close function
+      closeCall = any(CloseFileFun f).getACall() and
+      // that are unhandled
+      unhandledCall(closeCall) and
+      // where the function is called on the sink
+      closeCall.getReceiver() = sink and
+      // and check that the call to `os.File.Close` is not guaranteed to be preceded during
+      // execution by a handled call to `os.File.Sync` on the same file handle.
+      not exists(DataFlow::Node syncReceiver, DataFlow::CallNode syncCall |
+        // check that the call to `os.File.Sync` is handled
+        isHandledSync(syncReceiver, syncCall) and
+        // check that `os.File.Sync` is called on the same object as `os.File.Close`
+        exists(DataFlow::SsaNode ssa | ssa.getAUse() = sink and ssa.getAUse() = syncReceiver)
+      |
+        if exists(DeferStmt defer | defer.getCall() = closeCall.asExpr())
+        then
+          // When the call to `os.File.Close` is deferred it runs when the enclosing function
+          // returns, but the receiver of the deferred call is evaluated where the `defer`
+          // statement appears. It is therefore enough for the handled call to `os.File.Sync`
+          // to post-dominate that point, since that guarantees `os.File.Sync` runs before the
+          // deferred `os.File.Close` on every path on which the `os.File.Close` is registered.
+          // We cannot reuse the domination check below because the control-flow graph splices
+          // the deferred call in at the function exit, where it may be reachable along paths
+          // that do not pass through the call to `os.File.Sync`.
+          postDominatesNode(syncCall.asInstruction(), sink.asInstruction())
+        else
+          // Otherwise the call to `os.File.Close` is executed where it appears, so we require
+          // the handled call to `os.File.Sync` to dominate it.
+          syncCall.asInstruction().dominatesNode(closeCall.asInstruction())
+      )
+    )
+  }
 
   predicate observeDiffInformedIncrementalMode() { any() }
 
diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer.ql b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer.ql
@@ -0,0 +1,11 @@
+import go
+
+from ControlFlow::Node n, ControlFlow::Node succ, FuncDecl fd
+where
+  n.getRoot() = fd.getFuncDef() and
+  fd.getName() =
+    ["deferredCloseWithSync", "returnedSync", "copyFile", "deferredCloseWithSyncEarlyReturn"] and
+  succ = n.getASuccessor()
+select fd.getName(), n.toString(),
+  n.getLocation().getStartLine() + ":" + n.getLocation().getStartColumn(), "->", succ.toString(),
+  succ.getLocation().getStartLine() + ":" + succ.getLocation().getStartColumn()
diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer2.expected b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer2.expected
@@ -0,0 +1,180 @@
+| copyFile | 161:1 entry | -> | 161:15 argument corresponding to destFile |
+| copyFile | 161:6 skip | -> | 161:1 function declaration |
+| copyFile | 161:15 argument corresponding to destFile | -> | 161:15 initialization of destFile |
+| copyFile | 161:15 initialization of destFile | -> | 161:32 argument corresponding to mode |
+| copyFile | 161:32 argument corresponding to mode | -> | 161:32 initialization of mode |
+| copyFile | 161:32 initialization of mode | -> | 161:50 argument corresponding to src |
+| copyFile | 161:50 argument corresponding to src | -> | 161:50 initialization of src |
+| copyFile | 161:50 initialization of src | -> | 162:2 skip |
+| copyFile | 162:2 ... := ...[0] | -> | 162:2 assignment to f |
+| copyFile | 162:2 ... := ...[1] | -> | 162:5 assignment to err |
+| copyFile | 162:2 assignment to f | -> | 162:2 ... := ...[1] |
+| copyFile | 162:2 skip | -> | 162:5 skip |
+| copyFile | 162:5 assignment to err | -> | 163:5 err |
+| copyFile | 162:5 skip | -> | 162:12 selection of OpenFile |
+| copyFile | 162:12 call to OpenFile | -> | 161:1 exit |
+| copyFile | 162:12 call to OpenFile | -> | 162:2 ... := ...[0] |
+| copyFile | 162:12 selection of OpenFile | -> | 162:24 destFile |
+| copyFile | 162:24 destFile | -> | 162:34 ...\|... |
+| copyFile | 162:34 ...\|... | -> | 162:70 mode |
+| copyFile | 162:70 mode | -> | 162:12 call to OpenFile |
+| copyFile | 163:5 ...!=... | -> | 161:1 exit |
+| copyFile | 163:5 ...!=... | -> | 163:5 ...!=... is false |
+| copyFile | 163:5 ...!=... | -> | 163:5 ...!=... is true |
+| copyFile | 163:5 ...!=... is false | -> | 166:8 f |
+| copyFile | 163:5 ...!=... is true | -> | 164:10 err |
+| copyFile | 163:5 err | -> | 163:12 nil |
+| copyFile | 163:12 nil | -> | 163:5 ...!=... |
+| copyFile | 164:3 return statement | -> | 161:1 exit |
+| copyFile | 164:10 err | -> | 164:3 return statement |
+| copyFile | 166:2 defer statement | -> | 168:2 skip |
+| copyFile | 166:8 call to Close | -> | 161:1 exit |
+| copyFile | 166:8 f | -> | 166:8 selection of Close |
+| copyFile | 166:8 selection of Close | -> | 166:2 defer statement |
+| copyFile | 168:2 ... = ...[0] | -> | 168:2 ... = ...[1] |
+| copyFile | 168:2 ... = ...[1] | -> | 168:5 assignment to err |
+| copyFile | 168:2 skip | -> | 168:5 skip |
+| copyFile | 168:5 assignment to err | -> | 169:5 err |
+| copyFile | 168:5 skip | -> | 168:11 selection of Copy |
+| copyFile | 168:11 call to Copy | -> | 166:8 call to Close |
+| copyFile | 168:11 call to Copy | -> | 168:2 ... = ...[0] |
+| copyFile | 168:11 selection of Copy | -> | 168:19 f |
+| copyFile | 168:19 f | -> | 168:22 src |
+| copyFile | 168:22 src | -> | 168:11 call to Copy |
+| copyFile | 169:5 ...!=... | -> | 166:8 call to Close |
+| copyFile | 169:5 ...!=... | -> | 169:5 ...!=... is false |
+| copyFile | 169:5 ...!=... | -> | 169:5 ...!=... is true |
+| copyFile | 169:5 ...!=... is false | -> | 172:9 f |
+| copyFile | 169:5 ...!=... is true | -> | 170:10 err |
+| copyFile | 169:5 err | -> | 169:12 nil |
+| copyFile | 169:12 nil | -> | 169:5 ...!=... |
+| copyFile | 170:3 return statement | -> | 166:8 call to Close |
+| copyFile | 170:10 err | -> | 170:3 return statement |
+| copyFile | 172:2 return statement | -> | 166:8 call to Close |
+| copyFile | 172:9 call to Sync | -> | 166:8 call to Close |
+| copyFile | 172:9 call to Sync | -> | 172:2 return statement |
+| copyFile | 172:9 f | -> | 172:9 selection of Sync |
+| copyFile | 172:9 selection of Sync | -> | 172:9 call to Sync |
+| deferredCloseWithSync | 94:1 entry | -> | 96:5 skip |
+| deferredCloseWithSync | 94:6 skip | -> | 94:1 function declaration |
+| deferredCloseWithSync | 96:5 ... := ...[0] | -> | 96:5 assignment to f |
+| deferredCloseWithSync | 96:5 ... := ...[1] | -> | 96:8 assignment to err |
+| deferredCloseWithSync | 96:5 assignment to f | -> | 96:5 ... := ...[1] |
+| deferredCloseWithSync | 96:5 skip | -> | 96:8 skip |
+| deferredCloseWithSync | 96:8 assignment to err | -> | 96:81 err |
+| deferredCloseWithSync | 96:8 skip | -> | 96:15 selection of OpenFile |
+| deferredCloseWithSync | 96:15 call to OpenFile | -> | 94:1 exit |
+| deferredCloseWithSync | 96:15 call to OpenFile | -> | 96:5 ... := ...[0] |
+| deferredCloseWithSync | 96:15 selection of OpenFile | -> | 96:27 "foo.txt" |
+| deferredCloseWithSync | 96:27 "foo.txt" | -> | 96:38 ...\|... |
+| deferredCloseWithSync | 96:38 ...\|... | -> | 96:74 0666 |
+| deferredCloseWithSync | 96:74 0666 | -> | 96:15 call to OpenFile |
+| deferredCloseWithSync | 96:81 ...!=... | -> | 94:1 exit |
+| deferredCloseWithSync | 96:81 ...!=... | -> | 96:81 ...!=... is false |
+| deferredCloseWithSync | 96:81 ...!=... | -> | 96:81 ...!=... is true |
+| deferredCloseWithSync | 96:81 ...!=... is false | -> | 94:1 exit |
+| deferredCloseWithSync | 96:81 ...!=... is true | -> | 99:9 f |
+| deferredCloseWithSync | 96:81 err | -> | 96:88 nil |
+| deferredCloseWithSync | 96:88 nil | -> | 96:81 ...!=... |
+| deferredCloseWithSync | 99:3 defer statement | -> | 101:6 skip |
+| deferredCloseWithSync | 99:9 call to Close | -> | 94:1 exit |
+| deferredCloseWithSync | 99:9 f | -> | 99:9 selection of Close |
+| deferredCloseWithSync | 99:9 selection of Close | -> | 99:3 defer statement |
+| deferredCloseWithSync | 101:6 assignment to err | -> | 101:23 err |
+| deferredCloseWithSync | 101:6 skip | -> | 101:13 f |
+| deferredCloseWithSync | 101:13 call to Sync | -> | 99:9 call to Close |
+| deferredCloseWithSync | 101:13 call to Sync | -> | 101:6 assignment to err |
+| deferredCloseWithSync | 101:13 f | -> | 101:13 selection of Sync |
+| deferredCloseWithSync | 101:13 selection of Sync | -> | 101:13 call to Sync |
+| deferredCloseWithSync | 101:23 ...!=... | -> | 99:9 call to Close |
+| deferredCloseWithSync | 101:23 ...!=... | -> | 101:23 ...!=... is false |
+| deferredCloseWithSync | 101:23 ...!=... | -> | 101:23 ...!=... is true |
+| deferredCloseWithSync | 101:23 ...!=... is false | -> | 99:9 call to Close |
+| deferredCloseWithSync | 101:23 ...!=... is true | -> | 102:4 selection of Fatal |
+| deferredCloseWithSync | 101:23 err | -> | 101:30 nil |
+| deferredCloseWithSync | 101:30 nil | -> | 101:23 ...!=... |
+| deferredCloseWithSync | 102:4 call to Fatal | -> | 99:9 call to Close |
+| deferredCloseWithSync | 102:4 selection of Fatal | -> | 102:14 err |
+| deferredCloseWithSync | 102:14 err | -> | 102:4 call to Fatal |
+| deferredCloseWithSyncEarlyReturn | 122:1 entry | -> | 122:39 argument corresponding to n |
+| deferredCloseWithSyncEarlyReturn | 122:6 skip | -> | 122:1 function declaration |
+| deferredCloseWithSyncEarlyReturn | 122:39 argument corresponding to n | -> | 122:39 initialization of n |
+| deferredCloseWithSyncEarlyReturn | 122:39 initialization of n | -> | 124:5 skip |
+| deferredCloseWithSyncEarlyReturn | 124:5 ... := ...[0] | -> | 124:5 assignment to f |
+| deferredCloseWithSyncEarlyReturn | 124:5 ... := ...[1] | -> | 124:8 assignment to err |
+| deferredCloseWithSyncEarlyReturn | 124:5 assignment to f | -> | 124:5 ... := ...[1] |
+| deferredCloseWithSyncEarlyReturn | 124:5 skip | -> | 124:8 skip |
+| deferredCloseWithSyncEarlyReturn | 124:8 assignment to err | -> | 124:81 err |
+| deferredCloseWithSyncEarlyReturn | 124:8 skip | -> | 124:15 selection of OpenFile |
+| deferredCloseWithSyncEarlyReturn | 124:15 call to OpenFile | -> | 122:1 exit |
+| deferredCloseWithSyncEarlyReturn | 124:15 call to OpenFile | -> | 124:5 ... := ...[0] |
+| deferredCloseWithSyncEarlyReturn | 124:15 selection of OpenFile | -> | 124:27 "foo.txt" |
+| deferredCloseWithSyncEarlyReturn | 124:27 "foo.txt" | -> | 124:38 ...\|... |
+| deferredCloseWithSyncEarlyReturn | 124:38 ...\|... | -> | 124:74 0666 |
+| deferredCloseWithSyncEarlyReturn | 124:74 0666 | -> | 124:15 call to OpenFile |
+| deferredCloseWithSyncEarlyReturn | 124:81 ...!=... | -> | 122:1 exit |
+| deferredCloseWithSyncEarlyReturn | 124:81 ...!=... | -> | 124:81 ...!=... is false |
+| deferredCloseWithSyncEarlyReturn | 124:81 ...!=... | -> | 124:81 ...!=... is true |
+| deferredCloseWithSyncEarlyReturn | 124:81 ...!=... is false | -> | 122:1 exit |
+| deferredCloseWithSyncEarlyReturn | 124:81 ...!=... is true | -> | 126:9 f |
+| deferredCloseWithSyncEarlyReturn | 124:81 err | -> | 124:88 nil |
+| deferredCloseWithSyncEarlyReturn | 124:88 nil | -> | 124:81 ...!=... |
+| deferredCloseWithSyncEarlyReturn | 126:3 defer statement | -> | 128:6 n |
+| deferredCloseWithSyncEarlyReturn | 126:9 call to Close | -> | 122:1 exit |
+| deferredCloseWithSyncEarlyReturn | 126:9 f | -> | 126:9 selection of Close |
+| deferredCloseWithSyncEarlyReturn | 126:9 selection of Close | -> | 126:3 defer statement |
+| deferredCloseWithSyncEarlyReturn | 128:6 ...>... | -> | 128:6 ...>... is false |
+| deferredCloseWithSyncEarlyReturn | 128:6 ...>... | -> | 128:6 ...>... is true |
+| deferredCloseWithSyncEarlyReturn | 128:6 ...>... is false | -> | 133:6 skip |
+| deferredCloseWithSyncEarlyReturn | 128:6 ...>... is true | -> | 129:4 return statement |
+| deferredCloseWithSyncEarlyReturn | 128:6 n | -> | 128:10 100 |
+| deferredCloseWithSyncEarlyReturn | 128:10 100 | -> | 128:6 ...>... |
+| deferredCloseWithSyncEarlyReturn | 129:4 return statement | -> | 126:9 call to Close |
+| deferredCloseWithSyncEarlyReturn | 133:6 assignment to err | -> | 133:23 err |
+| deferredCloseWithSyncEarlyReturn | 133:6 skip | -> | 133:13 f |
+| deferredCloseWithSyncEarlyReturn | 133:13 call to Sync | -> | 126:9 call to Close |
+| deferredCloseWithSyncEarlyReturn | 133:13 call to Sync | -> | 133:6 assignment to err |
+| deferredCloseWithSyncEarlyReturn | 133:13 f | -> | 133:13 selection of Sync |
+| deferredCloseWithSyncEarlyReturn | 133:13 selection of Sync | -> | 133:13 call to Sync |
+| deferredCloseWithSyncEarlyReturn | 133:23 ...!=... | -> | 126:9 call to Close |
+| deferredCloseWithSyncEarlyReturn | 133:23 ...!=... | -> | 133:23 ...!=... is false |
+| deferredCloseWithSyncEarlyReturn | 133:23 ...!=... | -> | 133:23 ...!=... is true |
+| deferredCloseWithSyncEarlyReturn | 133:23 ...!=... is false | -> | 126:9 call to Close |
+| deferredCloseWithSyncEarlyReturn | 133:23 ...!=... is true | -> | 134:4 selection of Fatal |
+| deferredCloseWithSyncEarlyReturn | 133:23 err | -> | 133:30 nil |
+| deferredCloseWithSyncEarlyReturn | 133:30 nil | -> | 133:23 ...!=... |
+| deferredCloseWithSyncEarlyReturn | 134:4 call to Fatal | -> | 126:9 call to Close |
+| deferredCloseWithSyncEarlyReturn | 134:4 selection of Fatal | -> | 134:14 err |
+| deferredCloseWithSyncEarlyReturn | 134:14 err | -> | 134:4 call to Fatal |
+| returnedSync | 149:1 entry | -> | 151:2 skip |
+| returnedSync | 149:6 skip | -> | 149:1 function declaration |
+| returnedSync | 151:2 ... := ...[0] | -> | 151:2 assignment to f |
+| returnedSync | 151:2 ... := ...[1] | -> | 151:5 assignment to err |
+| returnedSync | 151:2 assignment to f | -> | 151:2 ... := ...[1] |
+| returnedSync | 151:2 skip | -> | 151:5 skip |
+| returnedSync | 151:5 assignment to err | -> | 152:5 err |
+| returnedSync | 151:5 skip | -> | 151:12 selection of OpenFile |
+| returnedSync | 151:12 call to OpenFile | -> | 149:1 exit |
+| returnedSync | 151:12 call to OpenFile | -> | 151:2 ... := ...[0] |
+| returnedSync | 151:12 selection of OpenFile | -> | 151:24 "foo.txt" |
+| returnedSync | 151:24 "foo.txt" | -> | 151:35 ...\|... |
+| returnedSync | 151:35 ...\|... | -> | 151:71 0666 |
+| returnedSync | 151:71 0666 | -> | 151:12 call to OpenFile |
+| returnedSync | 152:5 ...!=... | -> | 149:1 exit |
+| returnedSync | 152:5 ...!=... | -> | 152:5 ...!=... is false |
+| returnedSync | 152:5 ...!=... | -> | 152:5 ...!=... is true |
+| returnedSync | 152:5 ...!=... is false | -> | 157:8 f |
+| returnedSync | 152:5 ...!=... is true | -> | 155:10 err |
+| returnedSync | 152:5 err | -> | 152:12 nil |
+| returnedSync | 152:12 nil | -> | 152:5 ...!=... |
+| returnedSync | 155:3 return statement | -> | 149:1 exit |
+| returnedSync | 155:10 err | -> | 155:3 return statement |
+| returnedSync | 157:2 defer statement | -> | 158:9 f |
+| returnedSync | 157:8 call to Close | -> | 149:1 exit |
+| returnedSync | 157:8 f | -> | 157:8 selection of Close |
+| returnedSync | 157:8 selection of Close | -> | 157:2 defer statement |
+| returnedSync | 158:2 return statement | -> | 157:8 call to Close |
+| returnedSync | 158:9 call to Sync | -> | 157:8 call to Close |
+| returnedSync | 158:9 call to Sync | -> | 158:2 return statement |
+| returnedSync | 158:9 f | -> | 158:9 selection of Sync |
+| returnedSync | 158:9 selection of Sync | -> | 158:9 call to Sync |
diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer2.ql b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer2.ql
@@ -0,0 +1,13 @@
+import go
+
+from ControlFlow::Node n, ControlFlow::Node succ, FuncDecl fd
+where
+  n.getRoot() = fd and
+  fd.getName() =
+    ["deferredCloseWithSync", "returnedSync", "copyFile", "deferredCloseWithSyncEarlyReturn"] and
+  succ = n.getASuccessor()
+select fd.getName(),
+  n.getLocation().getStartLine() + ":" + n.getLocation().getStartColumn() + " " + n.toString(),
+  "->",
+  succ.getLocation().getStartLine() + ":" + succ.getLocation().getStartColumn() + " " +
+    succ.toString()
diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer3.expected b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer3.expected
diff --git a/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer3.ql b/go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/DebugDefer3.ql
