Dataflow: Align on ApNil.

aschackmull · aschackmull · commit 0a60a3abb351 · 2020-11-13T15:09:28.000+01:00
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -745,6 +745,10 @@ private module Stage2 {
 
   class Ap = boolean;
 
+  class ApNil extends Ap {
+    ApNil() { this = false }
+  }
+
   class ApOption = BooleanOption;
 
   ApOption apNone() { result = TBooleanNone() }
@@ -858,7 +862,7 @@ private module Stage2 {
       fwdFlow(arg, cc, argAp, ap, config) and
       flowIntoCallNodeCand1(call, arg, p, allowsFieldFlow, config)
     |
-      ap = false or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -870,7 +874,7 @@ private module Stage2 {
       fwdFlow(ret, cc, argAp, ap, config) and
       flowOutOfCallNodeCand1(call, ret, out, allowsFieldFlow, config)
     |
-      ap = false or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -903,6 +907,7 @@ private module Stage2 {
    * the enclosing callable in order to reach a sink, and if so, `returnAp`
    * records whether a field must be read from the returned value.
    */
+  pragma[nomagic]
   predicate revFlow(Node node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {
     revFlow0(node, toReturn, returnAp, ap, config) and
     fwdFlow(node, _, _, ap, config)
@@ -916,17 +921,18 @@ private module Stage2 {
     config.isSink(node) and
     toReturn = false and
     returnAp = apNone() and
-    ap = false
+    ap instanceof ApNil
     or
     exists(Node mid |
       localFlowStepNodeCand1(node, mid, config) and
       revFlow(mid, toReturn, returnAp, ap, config)
     )
     or
-    exists(Node mid |
+    exists(Node mid, ApNil nil |
+      fwdFlow(node, _, _, ap, config) and
       additionalLocalFlowStepNodeCand1(node, mid, config) and
-      revFlow(mid, toReturn, returnAp, ap, config) and
-      ap = false
+      revFlow(mid, toReturn, returnAp, nil, config) and
+      ap instanceof ApNil
     )
     or
     exists(Node mid |
@@ -936,12 +942,13 @@ private module Stage2 {
       returnAp = apNone()
     )
     or
-    exists(Node mid |
+    exists(Node mid, ApNil nil |
+      fwdFlow(node, _, _, ap, config) and
       additionalJumpStep(node, mid, config) and
-      revFlow(mid, _, _, ap, config) and
+      revFlow(mid, _, _, nil, config) and
       toReturn = false and
       returnAp = apNone() and
-      ap = false
+      ap instanceof ApNil
     )
     or
     // store
@@ -963,7 +970,7 @@ private module Stage2 {
       revFlowIn(call, node, toReturn, returnAp, ap, config) and
       toReturn = false
       or
-      exists(boolean returnAp0 |
+      exists(Ap returnAp0 |
         revFlowInToReturn(call, node, returnAp0, ap, config) and
         revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)
       )
@@ -1034,7 +1041,7 @@ private module Stage2 {
       revFlow(out, toReturn, returnAp, ap, config) and
       flowOutOfCallNodeCand1(call, ret, out, allowsFieldFlow, config)
     |
-      ap = false or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -1047,13 +1054,13 @@ private module Stage2 {
       revFlow(p, toReturn, returnAp, ap, config) and
       flowIntoCallNodeCand1(call, arg, p, allowsFieldFlow, config)
     |
-      ap = false or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
   pragma[nomagic]
   private predicate revFlowInToReturn(
-    DataFlowCall call, ArgumentNode arg, boolean returnAp, Ap ap, Configuration config
+    DataFlowCall call, ArgumentNode arg, Ap returnAp, Ap ap, Configuration config
   ) {
     revFlowIn(call, arg, true, apSome(returnAp), ap, config)
   }
@@ -1236,6 +1243,8 @@ private module Stage3 {
 
   class Ap = AccessPathFront;
 
+  class ApNil = AccessPathFrontNil;
+
   class ApOption = AccessPathFrontOption;
 
   ApOption apNone() { result = TAccessPathFrontNone() }
@@ -1273,7 +1282,7 @@ private module Stage3 {
       localFlowBigStep(mid, node, true, _, config, _)
     )
     or
-    exists(Node mid, AccessPathFrontNil nil |
+    exists(Node mid, ApNil nil |
       fwdFlow(mid, cc, argAp, nil, config) and
       localFlowBigStep(mid, node, false, ap, config, _)
     )
@@ -1286,7 +1295,7 @@ private module Stage3 {
       argAp = apNone()
     )
     or
-    exists(Node mid, AccessPathFrontNil nil |
+    exists(Node mid, ApNil nil |
       fwdFlow(mid, _, _, nil, config) and
       Stage2::revFlow(node, unbind(config)) and
       additionalJumpStep(mid, node, config) and
@@ -1365,7 +1374,7 @@ private module Stage3 {
       fwdFlow(arg, cc, argAp, ap, config) and
       flowIntoCallNodeCand2(call, arg, p, allowsFieldFlow, config)
     |
-      ap instanceof AccessPathFrontNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -1377,7 +1386,7 @@ private module Stage3 {
       fwdFlow(ret, cc, argAp, ap, config) and
       flowOutOfCallNodeCand2(call, ret, node, allowsFieldFlow, config)
     |
-      ap instanceof AccessPathFrontNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -1423,18 +1432,18 @@ private module Stage3 {
     config.isSink(node) and
     toReturn = false and
     returnAp = apNone() and
-    ap instanceof AccessPathFrontNil
+    ap instanceof ApNil
     or
     exists(Node mid |
       localFlowBigStep(node, mid, true, _, config, _) and
       revFlow(mid, toReturn, returnAp, ap, config)
     )
     or
-    exists(Node mid, AccessPathFrontNil nil |
+    exists(Node mid, ApNil nil |
       fwdFlow(node, _, _, ap, config) and
       localFlowBigStep(node, mid, false, _, config, _) and
       revFlow(mid, toReturn, returnAp, nil, config) and
-      ap instanceof AccessPathFrontNil
+      ap instanceof ApNil
     )
     or
     exists(Node mid |
@@ -1444,13 +1453,13 @@ private module Stage3 {
       returnAp = apNone()
     )
     or
-    exists(Node mid, AccessPathFrontNil nil |
+    exists(Node mid, ApNil nil |
       fwdFlow(node, _, _, ap, config) and
       additionalJumpStep(node, mid, config) and
       revFlow(mid, _, _, nil, config) and
       toReturn = false and
       returnAp = apNone() and
-      ap instanceof AccessPathFrontNil
+      ap instanceof ApNil
     )
     or
     // store
@@ -1524,7 +1533,7 @@ private module Stage3 {
       revFlow(out, toReturn, returnAp, ap, config) and
       flowOutOfCallNodeCand2(call, ret, out, allowsFieldFlow, config)
     |
-      ap instanceof AccessPathFrontNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -1537,7 +1546,7 @@ private module Stage3 {
       revFlow(p, toReturn, returnAp, ap, config) and
       flowIntoCallNodeCand2(call, arg, p, allowsFieldFlow, config)
     |
-      ap instanceof AccessPathFrontNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -1771,6 +1780,8 @@ private module Stage4 {
 
   class Ap = AccessPathApprox;
 
+  class ApNil = AccessPathApproxNil;
+
   class ApOption = AccessPathApproxOption;
 
   ApOption apNone() { result = TAccessPathApproxNone() }
@@ -1807,10 +1818,10 @@ private module Stage4 {
         localFlowBigStep(mid, node, true, _, config, localCC)
       )
       or
-      exists(Node mid, AccessPathApproxNil nil, LocalCallContext localCC, AccessPathFront apf |
+      exists(Node mid, ApNil nil, LocalCallContext localCC, AccessPathFront apf |
         fwdFlowLocalEntry(mid, cc, argAp, nil, localCC, config) and
         localFlowBigStep(mid, node, false, apf, config, localCC) and
-        apf = ap.(AccessPathApproxNil).getFront()
+        apf = ap.(ApNil).getFront()
       )
       or
       exists(Node mid |
@@ -1820,7 +1831,7 @@ private module Stage4 {
         argAp = apNone()
       )
       or
-      exists(Node mid, AccessPathApproxNil nil |
+      exists(Node mid, ApNil nil |
         fwdFlow(mid, _, _, nil, config) and
         additionalJumpStep(mid, node, config) and
         cc instanceof CallContextAny and
@@ -1944,7 +1955,7 @@ private module Stage4 {
       then innercc = TSpecificCall(call)
       else innercc = TSomeCall()
     |
-      ap instanceof AccessPathApproxNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -1964,7 +1975,7 @@ private module Stage4 {
         innercc.(CallContextCall).matchesCall(call)
       )
     |
-      ap instanceof AccessPathApproxNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -2008,18 +2019,18 @@ private module Stage4 {
     config.isSink(node) and
     toReturn = false and
     returnAp = apNone() and
-    ap instanceof AccessPathApproxNil
+    ap instanceof ApNil
     or
     exists(Node mid |
       localFlowBigStep(node, mid, true, _, config, _) and
       revFlow(mid, toReturn, returnAp, ap, config)
     )
     or
-    exists(Node mid, AccessPathApproxNil nil |
+    exists(Node mid, ApNil nil |
       fwdFlow(node, _, _, ap, config) and
       localFlowBigStep(node, mid, false, _, config, _) and
       revFlow(mid, toReturn, returnAp, nil, config) and
-      ap instanceof AccessPathApproxNil
+      ap instanceof ApNil
     )
     or
     exists(Node mid |
@@ -2029,13 +2040,13 @@ private module Stage4 {
       returnAp = apNone()
     )
     or
-    exists(Node mid, AccessPathApproxNil nil |
+    exists(Node mid, ApNil nil |
       fwdFlow(node, _, _, ap, config) and
       additionalJumpStep(node, mid, config) and
       revFlow(mid, _, _, nil, config) and
       toReturn = false and
       returnAp = apNone() and
-      ap instanceof AccessPathApproxNil
+      ap instanceof ApNil
     )
     or
     // store
@@ -2118,7 +2129,7 @@ private module Stage4 {
       revFlow(out, toReturn, returnAp, ap, config) and
       flowOutOfCallNodeCand2(call, ret, out, allowsFieldFlow, config)
     |
-      ap instanceof AccessPathApproxNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 
@@ -2131,7 +2142,7 @@ private module Stage4 {
       revFlow(p, toReturn, returnAp, ap, config) and
       flowIntoCallNodeCand2(call, arg, p, allowsFieldFlow, config)
     |
-      ap instanceof AccessPathApproxNil or allowsFieldFlow = true
+      ap instanceof ApNil or allowsFieldFlow = true
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -745,6 +745,10 @@ private module Stage2 {`
`745`	`745`
`746`	`746`	`class Ap = boolean;`
`747`	`747`
	`748`	`+ class ApNil extends Ap {`
	`749`	`+ ApNil() { this = false }`
	`750`	`+ }`
	`751`	`+`
`748`	`752`	`class ApOption = BooleanOption;`
`749`	`753`
`750`	`754`	`ApOption apNone() { result = TBooleanNone() }`
`@@ -858,7 +862,7 @@ private module Stage2 {`
`858`	`862`	`fwdFlow(arg, cc, argAp, ap, config) and`
`859`	`863`	`flowIntoCallNodeCand1(call, arg, p, allowsFieldFlow, config)`
`860`	`864`	`\|`
`861`		`- ap = false or allowsFieldFlow = true`
	`865`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`862`	`866`	`)`
`863`	`867`	`}`
`864`	`868`
`@@ -870,7 +874,7 @@ private module Stage2 {`
`870`	`874`	`fwdFlow(ret, cc, argAp, ap, config) and`
`871`	`875`	`flowOutOfCallNodeCand1(call, ret, out, allowsFieldFlow, config)`
`872`	`876`	`\|`
`873`		`- ap = false or allowsFieldFlow = true`
	`877`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`874`	`878`	`)`
`875`	`879`	`}`
`876`	`880`
`@@ -903,6 +907,7 @@ private module Stage2 {`
`903`	`907`	* the enclosing callable in order to reach a sink, and if so, `returnAp`
`904`	`908`	`* records whether a field must be read from the returned value.`
`905`	`909`	`*/`
	`910`	`+ pragma[nomagic]`
`906`	`911`	`predicate revFlow(Node node, boolean toReturn, ApOption returnAp, Ap ap, Configuration config) {`
`907`	`912`	`revFlow0(node, toReturn, returnAp, ap, config) and`
`908`	`913`	`fwdFlow(node, _, _, ap, config)`
`@@ -916,17 +921,18 @@ private module Stage2 {`
`916`	`921`	`config.isSink(node) and`
`917`	`922`	`toReturn = false and`
`918`	`923`	`returnAp = apNone() and`
`919`		`- ap = false`
	`924`	`+ ap instanceof ApNil`
`920`	`925`	`or`
`921`	`926`	`exists(Node mid \|`
`922`	`927`	`localFlowStepNodeCand1(node, mid, config) and`
`923`	`928`	`revFlow(mid, toReturn, returnAp, ap, config)`
`924`	`929`	`)`
`925`	`930`	`or`
`926`		`- exists(Node mid \|`
	`931`	`+ exists(Node mid, ApNil nil \|`
	`932`	`+ fwdFlow(node, _, _, ap, config) and`
`927`	`933`	`additionalLocalFlowStepNodeCand1(node, mid, config) and`
`928`		`- revFlow(mid, toReturn, returnAp, ap, config) and`
`929`		`- ap = false`
	`934`	`+ revFlow(mid, toReturn, returnAp, nil, config) and`
	`935`	`+ ap instanceof ApNil`
`930`	`936`	`)`
`931`	`937`	`or`
`932`	`938`	`exists(Node mid \|`
`@@ -936,12 +942,13 @@ private module Stage2 {`
`936`	`942`	`returnAp = apNone()`
`937`	`943`	`)`
`938`	`944`	`or`
`939`		`- exists(Node mid \|`
	`945`	`+ exists(Node mid, ApNil nil \|`
	`946`	`+ fwdFlow(node, _, _, ap, config) and`
`940`	`947`	`additionalJumpStep(node, mid, config) and`
`941`		`- revFlow(mid, _, _, ap, config) and`
	`948`	`+ revFlow(mid, _, _, nil, config) and`
`942`	`949`	`toReturn = false and`
`943`	`950`	`returnAp = apNone() and`
`944`		`- ap = false`
	`951`	`+ ap instanceof ApNil`
`945`	`952`	`)`
`946`	`953`	`or`
`947`	`954`	`// store`
`@@ -963,7 +970,7 @@ private module Stage2 {`
`963`	`970`	`revFlowIn(call, node, toReturn, returnAp, ap, config) and`
`964`	`971`	`toReturn = false`
`965`	`972`	`or`
`966`		`- exists(boolean returnAp0 \|`
	`973`	`+ exists(Ap returnAp0 \|`
`967`	`974`	`revFlowInToReturn(call, node, returnAp0, ap, config) and`
`968`	`975`	`revFlowIsReturned(call, toReturn, returnAp, returnAp0, config)`
`969`	`976`	`)`
`@@ -1034,7 +1041,7 @@ private module Stage2 {`
`1034`	`1041`	`revFlow(out, toReturn, returnAp, ap, config) and`
`1035`	`1042`	`flowOutOfCallNodeCand1(call, ret, out, allowsFieldFlow, config)`
`1036`	`1043`	`\|`
`1037`		`- ap = false or allowsFieldFlow = true`
	`1044`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1038`	`1045`	`)`
`1039`	`1046`	`}`
`1040`	`1047`
`@@ -1047,13 +1054,13 @@ private module Stage2 {`
`1047`	`1054`	`revFlow(p, toReturn, returnAp, ap, config) and`
`1048`	`1055`	`flowIntoCallNodeCand1(call, arg, p, allowsFieldFlow, config)`
`1049`	`1056`	`\|`
`1050`		`- ap = false or allowsFieldFlow = true`
	`1057`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1051`	`1058`	`)`
`1052`	`1059`	`}`
`1053`	`1060`
`1054`	`1061`	`pragma[nomagic]`
`1055`	`1062`	`private predicate revFlowInToReturn(`
`1056`		`- DataFlowCall call, ArgumentNode arg, boolean returnAp, Ap ap, Configuration config`
	`1063`	`+ DataFlowCall call, ArgumentNode arg, Ap returnAp, Ap ap, Configuration config`
`1057`	`1064`	`) {`
`1058`	`1065`	`revFlowIn(call, arg, true, apSome(returnAp), ap, config)`
`1059`	`1066`	`}`
`@@ -1236,6 +1243,8 @@ private module Stage3 {`
`1236`	`1243`
`1237`	`1244`	`class Ap = AccessPathFront;`
`1238`	`1245`
	`1246`	`+ class ApNil = AccessPathFrontNil;`
	`1247`	`+`
`1239`	`1248`	`class ApOption = AccessPathFrontOption;`
`1240`	`1249`
`1241`	`1250`	`ApOption apNone() { result = TAccessPathFrontNone() }`
`@@ -1273,7 +1282,7 @@ private module Stage3 {`
`1273`	`1282`	`localFlowBigStep(mid, node, true, _, config, _)`
`1274`	`1283`	`)`
`1275`	`1284`	`or`
`1276`		`- exists(Node mid, AccessPathFrontNil nil \|`
	`1285`	`+ exists(Node mid, ApNil nil \|`
`1277`	`1286`	`fwdFlow(mid, cc, argAp, nil, config) and`
`1278`	`1287`	`localFlowBigStep(mid, node, false, ap, config, _)`
`1279`	`1288`	`)`
`@@ -1286,7 +1295,7 @@ private module Stage3 {`
`1286`	`1295`	`argAp = apNone()`
`1287`	`1296`	`)`
`1288`	`1297`	`or`
`1289`		`- exists(Node mid, AccessPathFrontNil nil \|`
	`1298`	`+ exists(Node mid, ApNil nil \|`
`1290`	`1299`	`fwdFlow(mid, _, _, nil, config) and`
`1291`	`1300`	`Stage2::revFlow(node, unbind(config)) and`
`1292`	`1301`	`additionalJumpStep(mid, node, config) and`
`@@ -1365,7 +1374,7 @@ private module Stage3 {`
`1365`	`1374`	`fwdFlow(arg, cc, argAp, ap, config) and`
`1366`	`1375`	`flowIntoCallNodeCand2(call, arg, p, allowsFieldFlow, config)`
`1367`	`1376`	`\|`
`1368`		`- ap instanceof AccessPathFrontNil or allowsFieldFlow = true`
	`1377`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1369`	`1378`	`)`
`1370`	`1379`	`}`
`1371`	`1380`
`@@ -1377,7 +1386,7 @@ private module Stage3 {`
`1377`	`1386`	`fwdFlow(ret, cc, argAp, ap, config) and`
`1378`	`1387`	`flowOutOfCallNodeCand2(call, ret, node, allowsFieldFlow, config)`
`1379`	`1388`	`\|`
`1380`		`- ap instanceof AccessPathFrontNil or allowsFieldFlow = true`
	`1389`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1381`	`1390`	`)`
`1382`	`1391`	`}`
`1383`	`1392`
`@@ -1423,18 +1432,18 @@ private module Stage3 {`
`1423`	`1432`	`config.isSink(node) and`
`1424`	`1433`	`toReturn = false and`
`1425`	`1434`	`returnAp = apNone() and`
`1426`		`- ap instanceof AccessPathFrontNil`
	`1435`	`+ ap instanceof ApNil`
`1427`	`1436`	`or`
`1428`	`1437`	`exists(Node mid \|`
`1429`	`1438`	`localFlowBigStep(node, mid, true, _, config, _) and`
`1430`	`1439`	`revFlow(mid, toReturn, returnAp, ap, config)`
`1431`	`1440`	`)`
`1432`	`1441`	`or`
`1433`		`- exists(Node mid, AccessPathFrontNil nil \|`
	`1442`	`+ exists(Node mid, ApNil nil \|`
`1434`	`1443`	`fwdFlow(node, _, _, ap, config) and`
`1435`	`1444`	`localFlowBigStep(node, mid, false, _, config, _) and`
`1436`	`1445`	`revFlow(mid, toReturn, returnAp, nil, config) and`
`1437`		`- ap instanceof AccessPathFrontNil`
	`1446`	`+ ap instanceof ApNil`
`1438`	`1447`	`)`
`1439`	`1448`	`or`
`1440`	`1449`	`exists(Node mid \|`
`@@ -1444,13 +1453,13 @@ private module Stage3 {`
`1444`	`1453`	`returnAp = apNone()`
`1445`	`1454`	`)`
`1446`	`1455`	`or`
`1447`		`- exists(Node mid, AccessPathFrontNil nil \|`
	`1456`	`+ exists(Node mid, ApNil nil \|`
`1448`	`1457`	`fwdFlow(node, _, _, ap, config) and`
`1449`	`1458`	`additionalJumpStep(node, mid, config) and`
`1450`	`1459`	`revFlow(mid, _, _, nil, config) and`
`1451`	`1460`	`toReturn = false and`
`1452`	`1461`	`returnAp = apNone() and`
`1453`		`- ap instanceof AccessPathFrontNil`
	`1462`	`+ ap instanceof ApNil`
`1454`	`1463`	`)`
`1455`	`1464`	`or`
`1456`	`1465`	`// store`
`@@ -1524,7 +1533,7 @@ private module Stage3 {`
`1524`	`1533`	`revFlow(out, toReturn, returnAp, ap, config) and`
`1525`	`1534`	`flowOutOfCallNodeCand2(call, ret, out, allowsFieldFlow, config)`
`1526`	`1535`	`\|`
`1527`		`- ap instanceof AccessPathFrontNil or allowsFieldFlow = true`
	`1536`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1528`	`1537`	`)`
`1529`	`1538`	`}`
`1530`	`1539`
`@@ -1537,7 +1546,7 @@ private module Stage3 {`
`1537`	`1546`	`revFlow(p, toReturn, returnAp, ap, config) and`
`1538`	`1547`	`flowIntoCallNodeCand2(call, arg, p, allowsFieldFlow, config)`
`1539`	`1548`	`\|`
`1540`		`- ap instanceof AccessPathFrontNil or allowsFieldFlow = true`
	`1549`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1541`	`1550`	`)`
`1542`	`1551`	`}`
`1543`	`1552`
`@@ -1771,6 +1780,8 @@ private module Stage4 {`
`1771`	`1780`
`1772`	`1781`	`class Ap = AccessPathApprox;`
`1773`	`1782`
	`1783`	`+ class ApNil = AccessPathApproxNil;`
	`1784`	`+`
`1774`	`1785`	`class ApOption = AccessPathApproxOption;`
`1775`	`1786`
`1776`	`1787`	`ApOption apNone() { result = TAccessPathApproxNone() }`
`@@ -1807,10 +1818,10 @@ private module Stage4 {`
`1807`	`1818`	`localFlowBigStep(mid, node, true, _, config, localCC)`
`1808`	`1819`	`)`
`1809`	`1820`	`or`
`1810`		`- exists(Node mid, AccessPathApproxNil nil, LocalCallContext localCC, AccessPathFront apf \|`
	`1821`	`+ exists(Node mid, ApNil nil, LocalCallContext localCC, AccessPathFront apf \|`
`1811`	`1822`	`fwdFlowLocalEntry(mid, cc, argAp, nil, localCC, config) and`
`1812`	`1823`	`localFlowBigStep(mid, node, false, apf, config, localCC) and`
`1813`		`- apf = ap.(AccessPathApproxNil).getFront()`
	`1824`	`+ apf = ap.(ApNil).getFront()`
`1814`	`1825`	`)`
`1815`	`1826`	`or`
`1816`	`1827`	`exists(Node mid \|`
`@@ -1820,7 +1831,7 @@ private module Stage4 {`
`1820`	`1831`	`argAp = apNone()`
`1821`	`1832`	`)`
`1822`	`1833`	`or`
`1823`		`- exists(Node mid, AccessPathApproxNil nil \|`
	`1834`	`+ exists(Node mid, ApNil nil \|`
`1824`	`1835`	`fwdFlow(mid, _, _, nil, config) and`
`1825`	`1836`	`additionalJumpStep(mid, node, config) and`
`1826`	`1837`	`cc instanceof CallContextAny and`
`@@ -1944,7 +1955,7 @@ private module Stage4 {`
`1944`	`1955`	`then innercc = TSpecificCall(call)`
`1945`	`1956`	`else innercc = TSomeCall()`
`1946`	`1957`	`\|`
`1947`		`- ap instanceof AccessPathApproxNil or allowsFieldFlow = true`
	`1958`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1948`	`1959`	`)`
`1949`	`1960`	`}`
`1950`	`1961`
`@@ -1964,7 +1975,7 @@ private module Stage4 {`
`1964`	`1975`	`innercc.(CallContextCall).matchesCall(call)`
`1965`	`1976`	`)`
`1966`	`1977`	`\|`
`1967`		`- ap instanceof AccessPathApproxNil or allowsFieldFlow = true`
	`1978`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`1968`	`1979`	`)`
`1969`	`1980`	`}`
`1970`	`1981`
`@@ -2008,18 +2019,18 @@ private module Stage4 {`
`2008`	`2019`	`config.isSink(node) and`
`2009`	`2020`	`toReturn = false and`
`2010`	`2021`	`returnAp = apNone() and`
`2011`		`- ap instanceof AccessPathApproxNil`
	`2022`	`+ ap instanceof ApNil`
`2012`	`2023`	`or`
`2013`	`2024`	`exists(Node mid \|`
`2014`	`2025`	`localFlowBigStep(node, mid, true, _, config, _) and`
`2015`	`2026`	`revFlow(mid, toReturn, returnAp, ap, config)`
`2016`	`2027`	`)`
`2017`	`2028`	`or`
`2018`		`- exists(Node mid, AccessPathApproxNil nil \|`
	`2029`	`+ exists(Node mid, ApNil nil \|`
`2019`	`2030`	`fwdFlow(node, _, _, ap, config) and`
`2020`	`2031`	`localFlowBigStep(node, mid, false, _, config, _) and`
`2021`	`2032`	`revFlow(mid, toReturn, returnAp, nil, config) and`
`2022`		`- ap instanceof AccessPathApproxNil`
	`2033`	`+ ap instanceof ApNil`
`2023`	`2034`	`)`
`2024`	`2035`	`or`
`2025`	`2036`	`exists(Node mid \|`
`@@ -2029,13 +2040,13 @@ private module Stage4 {`
`2029`	`2040`	`returnAp = apNone()`
`2030`	`2041`	`)`
`2031`	`2042`	`or`
`2032`		`- exists(Node mid, AccessPathApproxNil nil \|`
	`2043`	`+ exists(Node mid, ApNil nil \|`
`2033`	`2044`	`fwdFlow(node, _, _, ap, config) and`
`2034`	`2045`	`additionalJumpStep(node, mid, config) and`
`2035`	`2046`	`revFlow(mid, _, _, nil, config) and`
`2036`	`2047`	`toReturn = false and`
`2037`	`2048`	`returnAp = apNone() and`
`2038`		`- ap instanceof AccessPathApproxNil`
	`2049`	`+ ap instanceof ApNil`
`2039`	`2050`	`)`
`2040`	`2051`	`or`
`2041`	`2052`	`// store`
`@@ -2118,7 +2129,7 @@ private module Stage4 {`
`2118`	`2129`	`revFlow(out, toReturn, returnAp, ap, config) and`
`2119`	`2130`	`flowOutOfCallNodeCand2(call, ret, out, allowsFieldFlow, config)`
`2120`	`2131`	`\|`
`2121`		`- ap instanceof AccessPathApproxNil or allowsFieldFlow = true`
	`2132`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`2122`	`2133`	`)`
`2123`	`2134`	`}`
`2124`	`2135`
`@@ -2131,7 +2142,7 @@ private module Stage4 {`
`2131`	`2142`	`revFlow(p, toReturn, returnAp, ap, config) and`
`2132`	`2143`	`flowIntoCallNodeCand2(call, arg, p, allowsFieldFlow, config)`
`2133`	`2144`	`\|`
`2134`		`- ap instanceof AccessPathApproxNil or allowsFieldFlow = true`
	`2145`	`+ ap instanceof ApNil or allowsFieldFlow = true`
`2135`	`2146`	`)`
`2136`	`2147`	`}`
`2137`	`2148`