Skip to content

Commit

Permalink
Dataflow: Address review comment.
Browse files Browse the repository at this point in the history
  • Loading branch information
aschackmull committed Dec 11, 2024
1 parent da17970 commit d6a4080
Showing 1 changed file with 17 additions and 19 deletions.
36 changes: 17 additions & 19 deletions shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
Original file line number Diff line number Diff line change
Expand Up @@ -1427,6 +1427,11 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
)
}

bindingset[ap]
private boolean isNil(Ap ap) {
if ap instanceof ApNil then result = true else result = false
}

/* Begin: Stage logic. */
pragma[nomagic]
private Typ getNodeTyp(NodeEx node) {
Expand Down Expand Up @@ -1719,7 +1724,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
) {
fwdFlow(arg, state, outercc, summaryCtx, t, ap, stored) and
(if instanceofCcCall(outercc) then cc = true else cc = false) and
if ap instanceof ApNil then emptyAp = true else emptyAp = false
emptyAp = isNil(ap)
}

private signature predicate flowThroughSig();
Expand Down Expand Up @@ -2161,25 +2166,21 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
private predicate flowThroughIntoCall(
DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, Ap argAp, Ap ap
) {
exists(Typ argT, TypOption argStored, boolean emptyArgAp |
exists(Typ argT, TypOption argStored |
returnFlowsThrough(_, _, _, _, pragma[only_bind_into](p), pragma[only_bind_into](argT),
pragma[only_bind_into](argAp), pragma[only_bind_into](argStored), ap) and
flowIntoCallApaTaken(call, _, pragma[only_bind_into](arg), p, emptyArgAp) and
flowIntoCallApaTaken(call, _, pragma[only_bind_into](arg), p, isNil(argAp)) and
fwdFlow(arg, _, _, _, pragma[only_bind_into](argT), pragma[only_bind_into](argAp),
pragma[only_bind_into](argStored)) and
if argAp instanceof ApNil then emptyArgAp = true else emptyArgAp = false
pragma[only_bind_into](argStored))
)
}

pragma[nomagic]
private predicate flowIntoCallAp(
DataFlowCall call, DataFlowCallable c, ArgNodeEx arg, ParamNodeEx p, Ap ap
) {
exists(boolean emptyAp |
flowIntoCallApaTaken(call, c, arg, p, emptyAp) and
fwdFlow(arg, _, _, _, _, ap, _) and
if ap instanceof ApNil then emptyAp = true else emptyAp = false
)
flowIntoCallApaTaken(call, c, arg, p, isNil(ap)) and
fwdFlow(arg, _, _, _, _, ap, _)
}

pragma[nomagic]
Expand Down Expand Up @@ -2405,13 +2406,10 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
private predicate revFlowParamToReturn(
ParamNodeEx p, FlowState state, ReturnPosition pos, Ap returnAp, Ap ap
) {
exists(boolean emptyAp |
revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos),
apSome(returnAp), pragma[only_bind_into](ap)) and
parameterFlowThroughAllowed(p, pos.getKind()) and
PrevStage::parameterMayFlowThrough(p, emptyAp) and
if ap instanceof ApNil then emptyAp = true else emptyAp = false
)
revFlow(pragma[only_bind_into](p), state, TReturnCtxMaybeFlowThrough(pos),
apSome(returnAp), pragma[only_bind_into](ap)) and
parameterFlowThroughAllowed(p, pos.getKind()) and
PrevStage::parameterMayFlowThrough(p, isNil(ap))
}

pragma[nomagic]
Expand Down Expand Up @@ -2512,7 +2510,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
predicate parameterMayFlowThrough(ParamNodeEx p, boolean emptyAp) {
exists(Ap ap |
parameterMayFlowThroughAp(p, ap) and
if ap instanceof ApNil then emptyAp = true else emptyAp = false
emptyAp = isNil(ap)
)
}

Expand Down Expand Up @@ -2572,7 +2570,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
flowIntoCallAp(call, c, arg, p, ap) and
revFlow(arg, pragma[only_bind_into](state), pragma[only_bind_into](ap)) and
revFlow(p, pragma[only_bind_into](state), pragma[only_bind_into](ap)) and
if ap instanceof ApNil then emptyAp = true else emptyAp = false
emptyAp = isNil(ap)
|
// both directions are needed for flow-through
RevTypeFlowInput::dataFlowTakenCallEdgeIn(call, c, _) or
Expand Down

0 comments on commit d6a4080

Please sign in to comment.