Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0afcb11

Browse files
markshannonmarkshannon
committed
Python points-to: Make sure reachability can skip over if-statements.
1 parent a5ff527 commit 0afcb11

3 files changed

Lines changed: 22 additions & 1 deletion

File tree

python/ql/src/semmle/python/Flow.qll

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1077,6 +1077,22 @@ class BasicBlock extends @py_flow_node {
10771077
not result.(ConditionBlock).controls(this, _)
10781078
}
10791079

1080+
/** Holds if flow from this BasicBlock always reaches `succ`
1081+
*/
1082+
predicate alwaysReaches(BasicBlock succ) {
1083+
succ = this
1084+
or
1085+
strictcount(this.getASuccessor()) = 1
1086+
and succ = this.getASuccessor()
1087+
or
1088+
forex(BasicBlock immsucc |
1089+
immsucc = this.getASuccessor()
1090+
|
1091+
immsucc.alwaysReaches(succ)
1092+
)
1093+
1094+
}
1095+
10801096
}
10811097

10821098
private predicate start_bb_likely_reachable(BasicBlock b) {

python/ql/src/semmle/python/pointsto/PointsTo.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,11 @@ cached module PointsToInternal {
220220
)
221221
or
222222
reachableEdge(_, b, context)
223+
or
224+
exists(BasicBlock pred |
225+
reachableBlock(pred, context) and
226+
pred.alwaysReaches(b)
227+
)
223228
}
224229

225230
private predicate reachableEdge(BasicBlock pred, BasicBlock succ, PointsToContext context) {

python/ql/test/query-tests/analysis/pointsto/Pruned.expected

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
| 1304 |
1+
| 1284 |

0 commit comments

Comments
 (0)