Skip to content

Commit 13e7e6b

Browse files
committed
Dataflow: Improve fwd-taken call edge predicate and improve fwd-to-rev call edge pruning.
1 parent 47f6850 commit 13e7e6b

File tree

1 file changed

+13
-9
lines changed

1 file changed

+13
-9
lines changed

shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1555,16 +1555,20 @@ module MakeImpl<InputSig Lang> {
15551555

15561556
pragma[nomagic]
15571557
predicate dataFlowTakenCallEdgeIn(DataFlowCall call, DataFlowCallable c, boolean cc) {
1558-
exists(ParamNodeEx p, Cc outercc |
1559-
fwdFlowIn(call, p, _, outercc, _, _, _, _, _, _, _) and
1558+
exists(ParamNodeEx p, Cc outercc, FlowState state, Cc innercc, Typ t, Ap ap |
1559+
fwdFlowIn(call, p, state, outercc, innercc, _, _, _, t, ap, _) and
1560+
fwdFlow1(p, state, innercc, _, _, _, t, _, ap, _) and
15601561
c = p.getEnclosingCallable() and
15611562
if outercc instanceof CcCall then cc = true else cc = false
15621563
)
15631564
}
15641565

15651566
pragma[nomagic]
15661567
predicate dataFlowTakenCallEdgeOut(DataFlowCall call, DataFlowCallable c) {
1567-
fwdFlowOut(call, c, _, _, _, _, _, _, _, _, _)
1568+
exists(NodeEx node, FlowState state, Cc cc, Typ t, Ap ap |
1569+
fwdFlowOut(call, c, node, state, cc, _, _, _, t, ap, _) and
1570+
fwdFlow1(node, state, cc, _, _, _, t, _, ap, _)
1571+
)
15681572
}
15691573

15701574
predicate dataFlowNonCallEntry(DataFlowCallable c, boolean cc) {
@@ -1585,12 +1589,12 @@ module MakeImpl<InputSig Lang> {
15851589

15861590
private module FwdTypeFlow = TypeFlow<FwdTypeFlowInput>;
15871591

1588-
private predicate flowIntoCallApaValid(
1592+
private predicate flowIntoCallApaTaken(
15891593
DataFlowCall call, DataFlowCallable c, ArgNodeEx arg, ParamNodeEx p,
15901594
boolean allowsFieldFlow, ApApprox apa
15911595
) {
15921596
flowIntoCallApa(call, c, arg, p, allowsFieldFlow, apa) and
1593-
FwdTypeFlow::typeFlowValidEdgeIn(call, c, _)
1597+
FwdTypeFlowInput::dataFlowTakenCallEdgeIn(call, c, _)
15941598
}
15951599

15961600
pragma[nomagic]
@@ -1692,7 +1696,7 @@ module MakeImpl<InputSig Lang> {
16921696
exists(ApApprox argApa, Typ argT |
16931697
returnFlowsThrough(_, _, _, _, pragma[only_bind_into](p), pragma[only_bind_into](argT),
16941698
pragma[only_bind_into](argAp), ap) and
1695-
flowIntoCallApaValid(call, _, pragma[only_bind_into](arg), p, allowsFieldFlow, argApa) and
1699+
flowIntoCallApaTaken(call, _, pragma[only_bind_into](arg), p, allowsFieldFlow, argApa) and
16961700
fwdFlow(arg, _, _, _, _, _, pragma[only_bind_into](argT), pragma[only_bind_into](argAp),
16971701
argApa) and
16981702
if allowsFieldFlow = false then argAp instanceof ApNil else any()
@@ -1704,7 +1708,7 @@ module MakeImpl<InputSig Lang> {
17041708
DataFlowCall call, DataFlowCallable c, ArgNodeEx arg, ParamNodeEx p, Ap ap
17051709
) {
17061710
exists(ApApprox apa, boolean allowsFieldFlow |
1707-
flowIntoCallApaValid(call, c, arg, p, allowsFieldFlow, apa) and
1711+
flowIntoCallApaTaken(call, c, arg, p, allowsFieldFlow, apa) and
17081712
fwdFlow(arg, _, _, _, _, _, _, ap, apa) and
17091713
if allowsFieldFlow = false then ap instanceof ApNil else any()
17101714
)
@@ -1721,8 +1725,8 @@ module MakeImpl<InputSig Lang> {
17211725
pos = ret.getReturnPosition() and
17221726
if allowsFieldFlow = false then ap instanceof ApNil else any()
17231727
|
1724-
FwdTypeFlow::typeFlowValidEdgeIn(call, c, _) or
1725-
FwdTypeFlow::typeFlowValidEdgeOut(call, c)
1728+
FwdTypeFlowInput::dataFlowTakenCallEdgeIn(call, c, _) or
1729+
FwdTypeFlowInput::dataFlowTakenCallEdgeOut(call, c)
17261730
)
17271731
}
17281732

0 commit comments

Comments
 (0)