Python: Fix bad join in total_cost

tausbn · web-flow · commit a7fcf5226760 · 2021-04-14T15:36:01.000Z
The recent change to `appliesTo` lead to a perturbation in the join
order of this predicate, which resulted in a cartesian product between
`call` and `ctx` being created (before being filtered by `appliesTo`).

By splitting the intermediate result into its own helper predicate,
suitably marked to prevent inlining/magic, we prevent this from
happening again.
diff --git a/python/ql/src/semmle/python/pointsto/PointsToContext.qll b/python/ql/src/semmle/python/pointsto/PointsToContext.qll
@@ -100,10 +100,14 @@ private int total_call_cost(CallNode call) {
   if call_to_init_or_del(call) then result = 1 else result = call_cost(call) + splay_cost(call)
 }
 
+pragma[nomagic]
+private int relevant_call_cost(PointsToContext ctx, CallNode call) {
+  ctx.appliesTo(call) and result = total_call_cost(call)
+}
+
 pragma[noinline]
 private int total_cost(CallNode call, PointsToContext ctx) {
-  ctx.appliesTo(call) and
-  result = total_call_cost(call) + context_cost(ctx)
+  result = relevant_call_cost(ctx, call) + context_cost(ctx)
 }
 
 cached
