Skip to content

Commit dbe1ca9

Browse files
aschackmullaschackmull
committed
Dataflow: Simplify call context checks.
1 parent c95e785 commit dbe1ca9

File tree

1 file changed

+34
-2
lines changed

1 file changed

+34
-2
lines changed

java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1117,16 +1117,44 @@ ReturnPosition getReturnPosition(ReturnNodeExt ret) {
11171117
result = getReturnPosition0(ret, ret.getKind())
11181118
}
11191119

1120+
/**
1121+
* Checks whether `inner` can return to `call` in the call context `innercc`.
1122+
* Assumes a context of `inner = viableCallableExt(call)`.
1123+
*/
11201124
bindingset[innercc, inner, call]
11211125
predicate checkCallContextReturn(CallContext innercc, DataFlowCallable inner, DataFlowCall call) {
1122-
resolveReturn(innercc, inner, call)
1126+
innercc instanceof CallContextAny
1127+
or
1128+
exists(DataFlowCallable c0, DataFlowCall call0 |
1129+
callEnclosingCallable(call0, inner) and
1130+
innercc = TReturn(c0, call0) and
1131+
c0 = prunedViableImplInCallContextReverse(call0, call)
1132+
)
11231133
}
11241134

1135+
/**
1136+
* Checks whether `call` can resolve to `calltarget` in the call context `cc`.
1137+
* Assumes a context of `calltarget = viableCallableExt(call)`.
1138+
*/
11251139
bindingset[cc, call, calltarget]
11261140
predicate checkCallContextCall(CallContext cc, DataFlowCall call, DataFlowCallable calltarget) {
1127-
calltarget = resolveCall(call, cc)
1141+
exists(DataFlowCall ctx | cc = TSpecificCall(ctx) |
1142+
if reducedViableImplInCallContext(call, _, ctx)
1143+
then calltarget = prunedViableImplInCallContext(call, ctx)
1144+
else any()
1145+
)
1146+
or
1147+
cc instanceof CallContextSomeCall
1148+
or
1149+
cc instanceof CallContextAny
1150+
or
1151+
cc instanceof CallContextReturn
11281152
}
11291153

1154+
/**
1155+
* Resolves a return from `callable` in `cc` to `call`. This is equivalent to
1156+
* `callable = viableCallableExt(call) and checkCallContextReturn(cc, callable, call)`.
1157+
*/
11301158
bindingset[cc, callable]
11311159
predicate resolveReturn(CallContext cc, DataFlowCallable callable, DataFlowCall call) {
11321160
cc instanceof CallContextAny and callable = viableCallableExt(call)
@@ -1138,6 +1166,10 @@ predicate resolveReturn(CallContext cc, DataFlowCallable callable, DataFlowCall
11381166
)
11391167
}
11401168

1169+
/**
1170+
* Resolves a call from `call` in `cc` to `result`. This is equivalent to
1171+
* `result = viableCallableExt(call) and checkCallContextCall(cc, call, result)`.
1172+
*/
11411173
bindingset[call, cc]
11421174
DataFlowCallable resolveCall(DataFlowCall call, CallContext cc) {
11431175
exists(DataFlowCall ctx | cc = TSpecificCall(ctx) |

0 commit comments

Comments
 (0)