Skip to content

Commit

Permalink
wip2
Browse files Browse the repository at this point in the history
  • Loading branch information
hvitved committed Oct 22, 2024
1 parent a974c9f commit cda67b3
Showing 1 changed file with 51 additions and 63 deletions.
114 changes: 51 additions & 63 deletions shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
Original file line number Diff line number Diff line change
Expand Up @@ -2606,23 +2606,6 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
);
}

/**
* A node where some checking is required, and hence the big-step relation
* is not allowed to step over.
*/
additional class FlowCheckNode extends NodeEx {
FlowCheckNode() {
revFlow(this, _, _) and
(
castNode(this.asNode()) or
clearsContentCached(this.asNode(), _) or
expectsContentCached(this.asNode(), _) or
neverSkipInPathGraph(this.asNode()) or
Config::neverSkip(this.asNode())
)
}
}

/**
* Provides a big-step relation for local flow steps.
*
Expand All @@ -2631,6 +2614,23 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
* reachable in this stage.
*/
additional module LocalFlowBigStep<LocalFlowBigStepInputSig Input> {
/**
* A node where some checking is required, and hence the big-step relation
* is not allowed to step over.
*/
private class FlowCheckNode extends NodeEx {
FlowCheckNode() {
revFlow(this, _, _) and
(
castNode(this.asNode()) or
clearsContentCached(this.asNode(), _) or
expectsContentCached(this.asNode(), _) or
neverSkipInPathGraph(this.asNode()) or
Config::neverSkip(this.asNode())
)
}
}

private predicate additionalLocalStateStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, DataFlowType t,
LocalCallContext lcc, string label
Expand Down Expand Up @@ -2767,6 +2767,33 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
exists(Ap ap |
localFlowStepPlus(node1, state1, node2, preservesValue, t, callContext, label) and
localFlowExit(node2, state1, ap) and
state1 = state2 and
node1 != node2
|
preservesValue = true or ap instanceof ApNil
)
or
additionalLocalStateStep(node1, state1, node2, state2, t, callContext, label) and
preservesValue = false
}

/**
* Holds if `node1` can step to `node2` in one or more local steps and this
* path can occur as a maximal subsequence of local steps in a dataflow path.
*
* This predicate should be used when `Input::localStep` is already a big-step
* relation, which will do the same as `localFlowBigStep`, but avoids potential
* worst-case quadratic complexity.
*/
pragma[nomagic]
predicate localFlowBigStepTc(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCallContext callContext, string label
) {
exists(Ap ap |
localFlowEntry(node1, state1, ap) and
Input::localStep(node1, state1, node2, state2, preservesValue, t, callContext, label) and
localFlowExit(node2, state2, ap) and
state1 = state2
|
preservesValue = true or ap instanceof ApNil
Expand Down Expand Up @@ -3788,7 +3815,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
import CallContextSensitivity<CallContextSensitivityInput>
import NoLocalCallContext

additional module BigStepInput implements PrevStage::LocalFlowBigStepInputSig {
private module BigStepInput implements PrevStage::LocalFlowBigStepInputSig {
bindingset[node1, state1]
bindingset[node2, state2]
predicate localStep(
Expand Down Expand Up @@ -4203,15 +4230,12 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
import CallContextSensitivity<CallContextSensitivityInput>
import LocalCallContext

predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
Typ t, LocalCc lcc, string label
) {
Stage3Param::localFlowBigStep(node1, state1, node2, state2, preservesValue, t, lcc, label) and
PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and
PrevStage::revFlow(node2, pragma[only_bind_into](state2), _)
private module BigStepInput implements PrevStage::LocalFlowBigStepInputSig {
predicate localStep = Stage3Param::localFlowBigStep/8;
}

predicate localStep = PrevStage::LocalFlowBigStep<BigStepInput>::localFlowBigStepTc/8;

bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
strengthenType(node, t0, t) and
Expand Down Expand Up @@ -4409,46 +4433,10 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
import LocalCallContext

private module BigStepInput implements PrevStage::LocalFlowBigStepInputSig {
private predicate smallStep = Stage3Param::BigStepInput::localStep/8;

private predicate localStepCand(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue
) {
Stage5Param::localStep(node1, state1, _, _, _, _, _, _) and
smallStep(node1, state1, node2, state2, preservesValue, _, _, _)
or
exists(FlowState midState, NodeEx midNode |
localStepCand(node1, state1, midNode, midState, preservesValue) and
smallStep(midNode, midState, node2, state2, _, _, _, _) and
not (
Stage5Param::localStep(midNode, midState, _, _, _, _, _, _) and
Stage5Param::localStep(_, _, midNode, midState, _, _, _, _)
) and
not midNode instanceof Stage5::FlowCheckNode
)
}

/**
* When calculating `localFlowBigStep` based on `Stage5Param::localStep`, which
* is already a big-step relation, we must be careful to avoid quadratic blowup.
*
* This is achieved by restricting `Stage5Param::localStep` to those node pairs
* reacheable via 1 or more `smallStep`s, where any intermediate node is not
* already part of `Stage5Param::localStep`.
*/
pragma[nomagic]
predicate localStep(
NodeEx node1, FlowState state1, NodeEx node2, FlowState state2, boolean preservesValue,
DataFlowType t, LocalCallContext lcc, string label
) {
localStepCand(node1, state1, node2, state2, preservesValue) and
Stage5Param::localStep(node1, state1, node2, state2, preservesValue, t, lcc, label) and
PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and
PrevStage::revFlow(node2, pragma[only_bind_into](state2), _)
}
predicate localStep = Stage5Param::localStep/8;
}

predicate localStep = PrevStage::LocalFlowBigStep<BigStepInput>::localFlowBigStep/8;
predicate localStep = PrevStage::LocalFlowBigStep<BigStepInput>::localFlowBigStepTc/8;

bindingset[node, state, t0, ap]
predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t) {
Expand Down

0 comments on commit cda67b3

Please sign in to comment.