Add CodeQL query to detect redundant assignments

Signed-off-by: Richard Yao <[email protected]>

.github/codeql-cpp.yml

@@ -0,0 +1,5 @@
+name: "Custom CodeQL Analysis"
+
+queries:
+  - uses: ./.github/codeql/custom-queries/cpp/redundantAssignment.ql
+#  - uses: ./.github/codeql/openzfs-code-scanning.qls

.github/codeql-python.yml

@@ -0,0 +1,4 @@
+name: "Custom CodeQL Analysis"
+
+paths-ignore:
+  - tests

.github/codeql/custom-queries/cpp/qlpack.yml

@@ -0,0 +1,4 @@
+name: openzfs-cpp-queries
+version: 0.0.0
+libraryPathDependencies: codeql-cpp
+suites: openzfs-cpp-suite

.github/codeql/custom-queries/cpp/redundantAssignment.c

@@ -0,0 +1,8 @@
+int
+main(void) {
+	int a = 0;
+	int b = a;
+	int c = 1;
+	a = b;
+	return (a*b*c);
+}

.github/codeql/custom-queries/cpp/redundantAssignment.ql

@@ -0,0 +1,51 @@
+/**
+ * @name Redundant assignment detection
+ * @description Detects redundant assignments where a variable is assigned to another, and then the second variable is assigned back to the first without any intervening modification.
+ * @kind problem
+ * @id cpp/redundant-assignment
+ * @severity warning
+ */
+
+import cpp
+import semmle.code.cpp.dataflow.DataFlow
+
+class RedundantAssignmentConfig extends DataFlow::Configuration {
+  RedundantAssignmentConfig() { this = "RedundantAssignmentConfig" }
+
+  override predicate isSource(DataFlow::Node source) {
+    exists(Assignment assign |
+      assign = source.asExpr() and
+      assign.getRValue().(VariableAccess).getTarget() instanceof Variable
+    )
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(Assignment assign |
+      assign = sink.asExpr() and
+      assign.getLValue().(VariableAccess).getTarget() instanceof Variable
+    )
+  }
+}
+
+from Variable v1, Field f, Assignment assign1, Assignment assign2, RedundantAssignmentConfig config
+where
+  // First assignment from v1 to a struct field f
+  assign1.getLValue().(FieldAccess).getTarget() = f and
+  assign1.getRValue().(VariableAccess).getTarget() = v1 and
+  // Second assignment from the struct field f back to v1
+  assign2.getLValue().(VariableAccess).getTarget() = v1 and
+  assign2.getRValue().(FieldAccess).getTarget() = f and
+  // Check for data flow between the assignments
+  config.hasFlow(DataFlow::exprNode(assign1.getRValue()), DataFlow::exprNode(assign2.getRValue())) and
+  // Ensure there is no modification to v1 and f in between
+  not exists(Assignment modAssign |
+    modAssign.getEnclosingFunction() = assign1.getEnclosingFunction() and
+    modAssign.getLocation().getFile() = assign1.getLocation().getFile() and
+    modAssign.getLocation().getStartLine() > assign1.getLocation().getStartLine() and
+    modAssign.getLocation().getStartLine() < assign2.getLocation().getStartLine() and
+    (
+      modAssign.getLValue().(VariableAccess).getTarget() = v1 or
+      modAssign.getLValue().(FieldAccess).getTarget() = f
+    )
+  )
+select assign2, "This assignment to " + v1.getName() + " is redundant."

.github/codeql/openzfs-code-scanning.qls

@@ -0,0 +1,3 @@
+# Reusing existing QL Pack
+- import: codeql-suites/cpp-code-scanning.qls
+  from: codeql-cpp

.github/workflows/codeql.yml

@@ -29,6 +29,7 @@ jobs:
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
+        config-file: .github/codeql-${{ matrix.language }}.yml
         languages: ${{ matrix.language }}
 
     - name: Autobuild