C#: Remove some unbounded TC computations

[hvitved]

We are in some cases computing (more or less) full non-fast TCs, which can be very expensive in cases like this one.

For example, the charpred of AstNode in ControlFlowGraphImpl.qll would previously result in the following DIL:

incremental
`#ControlFlowGraphImpl::getAChild/1#000c4110Plus#bf`(
  /* Element::Element */ interned entity p, /* Element::Element */ entity result
)
{
  [base_case]
  #@top_level_exprorstmt_parentMergeTypeCall(p) and
  `ControlFlowGraphImpl::getAChild/1#000c4110`(p, result)
  [recursive_case]
  exists(/* Element::Element */ entity mid |
    `ControlFlowGraphImpl::getAChild/1#000c4110`(mid, result) and
    delta previous rec `#ControlFlowGraphImpl::getAChild/1#000c4110Plus#bf`(p,
      mid)
  ) and
  not(
    previous rec `#ControlFlowGraphImpl::getAChild/1#000c4110Plus#bf`(p, result)
  )
}

suppressTypeErrors
ControlFlowGraphImpl::AstNode#QuickEval#27f9434f(
  /* ControlFlowGraphImpl::AstNode */ interned unique entity this
)
{
  (
    ControlFlowGraphImpl::TAstNode#636d28d6(this) and
    #@top_level_exprorstmt_parentMergeTypeCall(this) and
    not(#@attributeMergeTypeCall(this))
  )
  or
  exists(/* @top_level_exprorstmt_parent */ interned entity any#expr# |
    ControlFlowGraphImpl::TAstNode#636d28d6(this) and
    `#ControlFlowGraphImpl::getAChild/1#000c4110Plus#bf`(any#expr#, this) and
    #@top_level_exprorstmt_parentMergeTypeCall(any#expr#) and
    not(#@attributeMergeTypeCall(any#expr#))
  )
}

That is, we would compute a full TC only to afterwards filter away the target column via the any#expr#.

DCA is excellent; analysis time on microsoft__CryptoNets is reduced from 1379s to 80s.

[Copilot]

Pull request overview

Reduces expensive unbounded transitive-closure (TC) computations in the C# QL libraries by replacing *-closure patterns with explicit recursive helper predicates (often pragma[nomagic]) and more targeted reachability, improving analysis performance on large projects.

Changes:

• Introduces reusable recursive descendant helpers (e.g., pattern-expression descendants) and wires them into expression/dataflow logic.
• Refactors CFG AstNode and control-flow reachability scope handling to avoid computing “full” TCs that are later filtered.
• Updates guard/dereferenceability plumbing to use a dedicated recursive predicate rather than applying getNullEquivParent* inline.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
csharp/ql/lib/semmle/code/csharp/exprs/internal/Expr.qll	Adds isPatternExprDescendant helper predicate to avoid getAChildExpr*() usage.
csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll	Replaces getAChildExpr+() usage in isImplicit and updates tuple construction logic to call the new helper.
csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll	Refactors scope/basic-block reachability with a combined newtype and doublyBoundedFastTC.
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll	Adds isAssignExprLValueDescendant helper and replaces star-closure pattern usages with helpers.
csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll	Same reachability refactor as rangeanalysis variant to avoid non-fast TC patterns.
csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImpl.qll	Replaces getAChild*-based AstNode characterization with explicit recursion via astNode.
csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll	Introduces dereferenceableExpr helper predicate and uses it in DereferenceableExpr.