Skip to content

Commit

Permalink
DataFlowEx refactor
Browse files Browse the repository at this point in the history
  • Loading branch information
hvitved committed Dec 10, 2024
1 parent c66f6ca commit 5ed89fd
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 75 deletions.
82 changes: 41 additions & 41 deletions shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
Original file line number Diff line number Diff line change
Expand Up @@ -647,7 +647,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
// inline to reduce the number of iterations
pragma[inline]
private predicate fwdFlowIn(DataFlowCallEx call, NodeEx arg, Cc cc, ParamNodeEx p) {
exists(DataFlowCall underlyingCall | underlyingCall = call.asDataFlowCall(_) |
exists(DataFlowCall underlyingCall | underlyingCall = call.projectToCall() |
// call context cannot help reduce virtual dispatch
fwdFlow(arg, cc) and
viableParamArgEx(call, p, arg) and
Expand Down Expand Up @@ -680,7 +680,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
) {
fwdFlow(arg, true) and
viableParamArgEx(call, p, arg) and
CachedCallContextSensitivity::reducedViableImplInCallContext(call.asDataFlowCall(_), _, _) and
CachedCallContextSensitivity::reducedViableImplInCallContext(call.projectToCall(), _, _) and
target = p.getEnclosingCallable() and
not fullBarrier(p)
}
Expand All @@ -694,7 +694,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
private DataFlowCallable viableImplInSomeFwdFlowCallContextExt(DataFlowCall call) {
exists(DataFlowCallEx ctx |
fwdFlowIsEntered(ctx, _) and
result = viableImplInCallContextExt(call, ctx.asDataFlowCall(_))
result = viableImplInCallContextExt(call, ctx.projectToCall())
)
}

Expand Down Expand Up @@ -1246,7 +1246,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
DataFlowCall ctx
) {
returnCallEdge1(c, scope, call, out) and
c = viableImplInCallContextExt(call.asDataFlowCall(_), ctx)
c = viableImplInCallContextExt(call.projectToCall(), ctx)
}

private int ctxDispatchFanoutOnReturn(NodeEx out, DataFlowCallEx ctx) {
Expand All @@ -1255,10 +1255,10 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
not Stage1::revFlow(out, false) and
call.getEnclosingCallable() = c and
returnCallEdge1(c, _, ctx, _) and
mayBenefitFromCallContextExt(call.asDataFlowCall(_), _) and
mayBenefitFromCallContextExt(call.projectToCall(), _) and
result =
count(DataFlowCallable tgt, SndLevelScopeOption scope |
returnCallEdgeInCtx1(tgt, scope, call, out, ctx.asDataFlowCall(_))
returnCallEdgeInCtx1(tgt, scope, call, out, ctx.projectToCall())
)
)
}
Expand Down Expand Up @@ -1531,7 +1531,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
PrevStage::callEdgeReturn(call, _, ret, kind, out, allowsFieldFlow, apa) and
PrevStage::callMayFlowThroughRev(call) and
PrevStage::returnMayFlowThrough(ret, argApa, apa, kind) and
matchesCall(ccc, call.asDataFlowCall(_))
matchesCall(ccc, call.projectToCall())
)
}

Expand Down Expand Up @@ -1860,7 +1860,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
private DataFlowCallable viableImplCallContextReducedRestricted(
DataFlowCallEx call, CcCall ctx
) {
result = viableImplCallContextReduced(call.asDataFlowCall(_), ctx) and
result = viableImplCallContextReduced(call.projectToCall(), ctx) and
callEdgeArgParamRestricted(call, result, _, _, _, _)
}

Expand Down Expand Up @@ -1905,7 +1905,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
) {
callEdgeArgParamRestricted(call, _, arg, _, _, _) and
instanceofCc(outercc) and
viableImplNotCallContextReducedInlineLate(call.asDataFlowCall(_), outercc)
viableImplNotCallContextReducedInlineLate(call.projectToCall(), outercc)
}

pragma[inline]
Expand Down Expand Up @@ -1949,7 +1949,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
DataFlowCallEx call, DataFlowCallable inner, CcCall innercc, boolean cc
) {
not enableTypeFlow() and
FwdTypeFlow::typeFlowValidEdgeIn(call.asDataFlowCall(_), inner, cc) and
FwdTypeFlow::typeFlowValidEdgeIn(call.projectToCall(), inner, cc) and
innercc = getCallContextCall(call, inner)
}

Expand All @@ -1959,7 +1959,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
CcCall innercc, boolean emptyAp, ApApprox apa, boolean cc
) {
fwdFlowInCandTypeFlowEnabled(call, arg, outercc, inner, p, emptyAp, apa, cc) and
FwdTypeFlow::typeFlowValidEdgeIn(call.asDataFlowCall(_), inner, cc) and
FwdTypeFlow::typeFlowValidEdgeIn(call.projectToCall(), inner, cc) and
innercc = getCallContextCall(call, inner)
}

Expand Down Expand Up @@ -2011,7 +2011,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
private DataFlowCallEx viableImplCallContextReducedReverseRestricted(
DataFlowCallable c, CcNoCall ctx
) {
result.asDataFlowCall(_) = viableImplCallContextReducedReverse(c, ctx) and
result.projectToCall() = viableImplCallContextReducedReverse(c, ctx) and
PrevStage::callEdgeReturn(result, c, _, _, _, _, _)
}

Expand Down Expand Up @@ -2075,7 +2075,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
CcNoCall outercc, ApApprox apa, boolean allowsFieldFlow
) {
fwdFlowOutCand(call, ret, innercc, inner, out, apa, allowsFieldFlow) and
FwdTypeFlow::typeFlowValidEdgeOut(call.asDataFlowCall(_), inner) and
FwdTypeFlow::typeFlowValidEdgeOut(call.projectToCall(), inner) and
outercc = getCallContextReturn(inner, call)
}

Expand All @@ -2096,23 +2096,23 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
predicate enableTypeFlow = Param::enableTypeFlow/0;

predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeIn(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeIn(injectCall(call), c)
}

predicate relevantCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeOut(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeOut(injectCall(call), c)
}

pragma[nomagic]
private predicate dataFlowTakenCallEdgeIn0(
DataFlowCall call, DataFlowCallable c, ParamNodeEx p, FlowState state, CcCall innercc,
Typ t, Ap ap, TypOption stored, boolean cc
) {
FwdFlowInNoThrough::fwdFlowIn(MkDataFlowCallEx(call, _), _, c, p, state, _, innercc, _,
t, ap, _, stored, cc)
FwdFlowInNoThrough::fwdFlowIn(injectCall(call), _, c, p, state, _, innercc, _, t, ap, _,
stored, cc)
or
FwdFlowInThrough::fwdFlowIn(MkDataFlowCallEx(call, _), _, c, p, state, _, innercc, _, t,
ap, _, stored, cc)
FwdFlowInThrough::fwdFlowIn(injectCall(call), _, c, p, state, _, innercc, _, t, ap, _,
stored, cc)
}

pragma[nomagic]
Expand All @@ -2136,7 +2136,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
DataFlowCall call, DataFlowCallable c, NodeEx node, FlowState state, Cc cc, Typ t,
Ap ap, TypOption stored
) {
fwdFlowOut(MkDataFlowCallEx(call, _), c, node, state, cc, _, t, ap, _, stored)
fwdFlowOut(injectCall(call), c, node, state, cc, _, t, ap, _, stored)
}

pragma[nomagic]
Expand Down Expand Up @@ -2180,7 +2180,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
boolean allowsFieldFlow, ApApprox apa
) {
PrevStage::callEdgeArgParam(call, c, arg, p, allowsFieldFlow, apa) and
FwdTypeFlowInput::dataFlowTakenCallEdgeIn(call.asDataFlowCall(_), c, _)
FwdTypeFlowInput::dataFlowTakenCallEdgeIn(call.projectToCall(), c, _)
}

pragma[nomagic]
Expand Down Expand Up @@ -2319,8 +2319,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
if allowsFieldFlow = false then ap instanceof ApNil else any()
|
// both directions are needed for flow-through
FwdTypeFlowInput::dataFlowTakenCallEdgeIn(call.asDataFlowCall(_), c, _) or
FwdTypeFlowInput::dataFlowTakenCallEdgeOut(call.asDataFlowCall(_), c)
FwdTypeFlowInput::dataFlowTakenCallEdgeIn(call.projectToCall(), c, _) or
FwdTypeFlowInput::dataFlowTakenCallEdgeOut(call.projectToCall(), c)
)
}

Expand Down Expand Up @@ -2450,24 +2450,24 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
predicate enableTypeFlow = Param::enableTypeFlow/0;

predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
flowOutOfCallAp(MkDataFlowCallEx(call, _), c, _, _, _, _)
flowOutOfCallAp(injectCall(call), c, _, _, _, _)
}

predicate relevantCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
flowIntoCallAp(MkDataFlowCallEx(call, _), c, _, _, _)
flowIntoCallAp(injectCall(call), c, _, _, _)
}

pragma[nomagic]
predicate dataFlowTakenCallEdgeIn(DataFlowCall call, DataFlowCallable c, boolean cc) {
exists(RetNodeEx ret |
revFlowOut(MkDataFlowCallEx(call, _), ret, _, _, _, cc, _, _) and
revFlowOut(injectCall(call), ret, _, _, _, cc, _, _) and
c = ret.getEnclosingCallable()
)
}

pragma[nomagic]
predicate dataFlowTakenCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
revFlowIn(MkDataFlowCallEx(call, _), c, _, _, _)
revFlowIn(injectCall(call), c, _, _, _)
}

predicate dataFlowNonCallEntry(DataFlowCallable c, boolean cc) {
Expand All @@ -2493,7 +2493,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
DataFlowCallEx call, DataFlowCallable c, ArgNodeEx arg, ParamNodeEx p, Ap ap
) {
flowIntoCallAp(call, c, arg, p, ap) and
RevTypeFlow::typeFlowValidEdgeOut(call.asDataFlowCall(_), c)
RevTypeFlow::typeFlowValidEdgeOut(call.projectToCall(), c)
}

pragma[nomagic]
Expand All @@ -2502,7 +2502,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
) {
exists(DataFlowCallable c |
flowOutOfCallAp(call, c, ret, pos, out, ap) and
RevTypeFlow::typeFlowValidEdgeIn(call.asDataFlowCall(_), c, cc)
RevTypeFlow::typeFlowValidEdgeIn(call.projectToCall(), c, cc)
)
}

Expand Down Expand Up @@ -2558,7 +2558,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
exists(RetNodeEx ret, FlowState state, CcCall ccc |
revFlowOut(call, ret, pos, state, returnCtx, _, returnAp, ap) and
returnFlowsThrough(ret, pos, state, ccc, _, _, _, _, _, ap) and
matchesCall(ccc, call.asDataFlowCall(_))
matchesCall(ccc, call.projectToCall())
)
}

Expand Down Expand Up @@ -2694,8 +2694,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
allowsFieldFlow = true
|
// both directions are needed for flow-through
RevTypeFlowInput::dataFlowTakenCallEdgeIn(call.asDataFlowCall(_), c, _) or
RevTypeFlowInput::dataFlowTakenCallEdgeOut(call.asDataFlowCall(_), c)
RevTypeFlowInput::dataFlowTakenCallEdgeIn(call.projectToCall(), c, _) or
RevTypeFlowInput::dataFlowTakenCallEdgeOut(call.projectToCall(), c)
)
}

Expand All @@ -2709,7 +2709,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
revFlow(out, pragma[only_bind_into](state), pragma[only_bind_into](ap)) and
kind = pos.getKind() and
allowsFieldFlow = true and
RevTypeFlowInput::dataFlowTakenCallEdgeIn(call.asDataFlowCall(_), c, _)
RevTypeFlowInput::dataFlowTakenCallEdgeIn(call.projectToCall(), c, _)
)
}

Expand Down Expand Up @@ -3932,11 +3932,11 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {

private module CallContextSensitivityInput implements CallContextSensitivityInputSig {
predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeIn(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeIn(injectCall(call), c)
}

predicate relevantCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeOut(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeOut(injectCall(call), c)
}

predicate reducedViableImplInCallContextCand =
Expand Down Expand Up @@ -4336,11 +4336,11 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {

private module CallContextSensitivityInput implements CallContextSensitivityInputSig {
predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeIn(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeIn(injectCall(call), c)
}

predicate relevantCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeOut(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeOut(injectCall(call), c)
}

predicate reducedViableImplInCallContextCand =
Expand Down Expand Up @@ -4536,11 +4536,11 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {

private module CallContextSensitivityInput implements CallContextSensitivityInputSig {
predicate relevantCallEdgeIn(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeIn(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeIn(injectCall(call), c)
}

predicate relevantCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
PrevStage::relevantCallEdgeOut(MkDataFlowCallEx(call, _), c)
PrevStage::relevantCallEdgeOut(injectCall(call), c)
}

predicate reducedViableImplInCallContextCand =
Expand Down Expand Up @@ -5553,7 +5553,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
partialPathOutOfCallable0(mid, pos, state, innercc, t, ap) and
c = pos.getCallable() and
kind = pos.getKind() and
CachedCallContextSensitivity::resolveReturn(innercc, c, call.asDataFlowCall(_)) and
CachedCallContextSensitivity::resolveReturn(innercc, c, call.projectToCall()) and
cc = CachedCallContextSensitivity::getCallContextReturn(c, call)
)
}
Expand Down Expand Up @@ -5590,7 +5590,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
CallContext outercc, DataFlowCallEx call, DataFlowType t, PartialAccessPath ap
) {
partialPathIntoArg(mid, pos, state, outercc, call, t, ap) and
callable = CachedCallContextSensitivity::resolveCall(call.asDataFlowCall(_), outercc)
callable = CachedCallContextSensitivity::resolveCall(call.projectToCall(), outercc)
}

private predicate partialPathIntoCallable(
Expand Down
Loading

0 comments on commit 5ed89fd

Please sign in to comment.