From 0e7a08201f0ed4625ca01dc4a68f80f72797237e Mon Sep 17 00:00:00 2001
From: Cornelius Riemenschneider <cornelius.riemenschneider@googlemail.com>
Date: Fri, 22 Nov 2019 12:19:06 +0100
Subject: [PATCH] Address review by Anders.

---
 .../semmle/code/java/dataflow/NullGuards.qll  | 25 ++++++-------------
 .../semmle/code/java/dataflow/Nullness.qll    | 11 ++++----
 2 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/java/ql/src/semmle/code/java/dataflow/NullGuards.qll b/java/ql/src/semmle/code/java/dataflow/NullGuards.qll
index f337d32cc8e..1ca4720ce18 100644
--- a/java/ql/src/semmle/code/java/dataflow/NullGuards.qll
+++ b/java/ql/src/semmle/code/java/dataflow/NullGuards.qll
@@ -25,30 +25,19 @@ Expr enumConstEquality(Expr e, boolean polarity, EnumConstant c) {
 }
 
 /** Gets an instanceof expression of `v` with type `type` */
-InstanceOfExpr instanceofExpr(SsaVariable v, Expr type) {
-  result.getTypeName() = type and
+InstanceOfExpr instanceofExpr(SsaVariable v, Type type) {
+  result.getTypeName().getType() = type and
   result.getExpr() = v.getAUse()
 }
 
 /**
- * Gets an expression of the form `v1` == `v2` or `v1` != `v2`.
+ * Gets an expression of the form `v1 == v2` or `v1 != v2`.
  * The predicate is symmetric in `v1` and `v2`.
  */
-BinaryExpr varComparisonExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
-  (
-    result.getLeftOperand() = v1.getAUse() and
-    result.getRightOperand() = v2.getAUse()
-    or
-    result.getLeftOperand() = v2.getAUse() and
-    result.getRightOperand() = v1.getAUse()
-  ) and
-  (
-    result instanceof EQExpr and
-    isEqualExpr = true
-    or
-    result instanceof NEExpr and
-    isEqualExpr = false
-  )
+EqualityTest varEqualityTestExpr(SsaVariable v1, SsaVariable v2, boolean isEqualExpr) {
+  result.hasOperands(v1.getAUse(), v2.getAUse()) and
+  result instanceof EqualityTest and
+  isEqualExpr = result.polarity()
 }
 
 /** Gets an expression that is provably not `null`. */
diff --git a/java/ql/src/semmle/code/java/dataflow/Nullness.qll b/java/ql/src/semmle/code/java/dataflow/Nullness.qll
index 03d2dfac626..f6d92b78da7 100644
--- a/java/ql/src/semmle/code/java/dataflow/Nullness.qll
+++ b/java/ql/src/semmle/code/java/dataflow/Nullness.qll
@@ -516,16 +516,15 @@ private predicate correlatedConditions(
       inverted = pol1.booleanXor(pol2)
     )
     or
-    exists(SsaVariable v, Expr t1, Expr t2 |
-      cond1.getCondition() = instanceofExpr(v, t1) and
-      cond2.getCondition() = instanceofExpr(v, t2) and
-      t1.getType() = t2.getType() and
+    exists(SsaVariable v, Type type |
+      cond1.getCondition() = instanceofExpr(v, type) and
+      cond2.getCondition() = instanceofExpr(v, type) and
       inverted = false
     )
     or
     exists(SsaVariable v1, SsaVariable v2, boolean branch1, boolean branch2  |
-      cond1.getCondition() = varComparisonExpr(v1, v2, branch1) and
-      cond2.getCondition() = varComparisonExpr(v1, v2, branch2) and
+      cond1.getCondition() = varEqualityTestExpr(v1, v2, branch1) and
+      cond2.getCondition() = varEqualityTestExpr(v1, v2, branch2) and
       inverted = branch1.booleanXor(branch2)
     )
   )