Python points-to: Assorted improvements to performance and better compatibility.

markshannon · markshannon · commit 162bf5143ba5 · 2019-04-26T16:21:46.000+01:00
diff --git a/python/ql/src/semmle/python/objects/Callables.qll b/python/ql/src/semmle/python/objects/Callables.qll
@@ -80,6 +80,7 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
         this = TPythonFunctionObject(result)
     }
 
+    pragma [noinline]
     override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) {
         exists(Function func, ControlFlowNode rval |
             func = this.getScope() and
@@ -93,10 +94,11 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
         )
     }
 
+    pragma [noinline]
     override predicate callResult(ObjectInternal obj, CfgOrigin origin) { 
         this.getScope().isProcedure() and
         obj = ObjectInternal::none_() and
-        origin = CfgOrigin::unknown()
+        origin = this.getScope().getEntryNode()
     }
 
     override predicate calleeAndOffset(Function scope, int paramOffset) {
@@ -155,6 +157,7 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc
 
     override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) { none() }
 
+    pragma [noinline]
     override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
         exists(Builtin func, BuiltinClassObjectInternal cls |
             func = this.getBuiltin() and
diff --git a/python/ql/src/semmle/python/objects/Classes.qll b/python/ql/src/semmle/python/objects/Classes.qll
@@ -236,12 +236,7 @@ class TypeInternal extends ClassObjectInternal, TType {
     }
 
     override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) {
-        exists(CallNode call, PointsToContext caller, ObjectInternal instance |
-            callee.fromCall(call, caller) |
-            count(call.getAnArg()) = 1 and
-            PointsToInternal::pointsTo(call.getArg(0), caller, instance, origin) and
-            obj = instance.getClass()
-        )
+        none()
     }
 
     override predicate callResult(ObjectInternal obj, CfgOrigin origin) {
diff --git a/python/ql/src/semmle/python/objects/Modules.qll b/python/ql/src/semmle/python/objects/Modules.qll
@@ -23,10 +23,6 @@ abstract class ModuleObjectInternal extends ObjectInternal {
         none()
     }
 
-    override ControlFlowNode getOrigin() {
-        result = this.getSourceModule().getEntryNode()
-    }
-
     override boolean isClass() { result = false }
 
     override boolean isComparable() { result = true }
@@ -92,6 +88,10 @@ class BuiltinModuleObjectInternal extends ModuleObjectInternal, TBuiltinModuleOb
 
     override predicate attributesUnknown() { none() }
 
+    override ControlFlowNode getOrigin() {
+        none()
+    }
+
 }
 
 class PackageObjectInternal extends ModuleObjectInternal, TPackageObject {
@@ -154,18 +154,14 @@ class PackageObjectInternal extends ModuleObjectInternal, TPackageObject {
     override predicate attribute(string name, ObjectInternal value, CfgOrigin origin) {
         this.getInitModule().attribute(name, value, origin)
         or
-        // TO DO, dollar variable...
-        //exists(Module init |
-        //    init = this.getSourceModule() and
-        //    not exists(EssaVariable var | var.getAUse() = init.getANormalExit() and var.getSourceVariable().getName() = name) and
-        //    exists(EssaVariable var, Context context |
-        //        isModuleStateVariable(var) and var.getAUse() = init.getANormalExit() and
-        //        context.isImport() and
-        //        SSA::ssa_variable_named_attribute_pointsTo(var, context, name, undefinedVariable(), _, origin) and
-        //        value = this.submodule(name)
-        //    )
-        //)
-        //or
+        exists(Module init |
+            init = this.getSourceModule() and
+            not exists(EssaVariable var | var.getAUse() = init.getANormalExit() and var.getSourceVariable().getName() = name) and
+            ModuleAttributes::pointsToAtExit(init, name, ObjectInternal::undefined(), _) and
+            value = this.submodule(name) and
+            origin = CfgOrigin::fromModule(value)
+        )
+        or
         this.hasNoInitModule() and
         exists(ModuleObjectInternal mod |
             mod = this.submodule(name) and
@@ -176,6 +172,10 @@ class PackageObjectInternal extends ModuleObjectInternal, TPackageObject {
 
     override predicate attributesUnknown() { none() }
 
+    override ControlFlowNode getOrigin() {
+        none()
+    }
+
 }
 
 /** Get the ESSA pseudo-variable used to retain module state
@@ -249,5 +249,9 @@ class PythonModuleObjectInternal extends ModuleObjectInternal, TPythonModule {
 
     override predicate attributesUnknown() { none() }
 
+    override ControlFlowNode getOrigin() {
+        result = this.getSourceModule().getEntryNode()
+    }
+
 }
 
diff --git a/python/ql/src/semmle/python/objects/ObjectAPI.qll b/python/ql/src/semmle/python/objects/ObjectAPI.qll
@@ -53,8 +53,14 @@ class Value extends TObject {
     }
 
     /* For backwards compatibility with old API */
-    ObjectSource getSource() {
+    deprecated ObjectSource getSource() {
         result = this.(ObjectInternal).getSource()
+        or
+        exists(Module p |
+            p.isPackage() and
+            p.getPath() = this.(PackageObjectInternal).getFolder() and
+            result = p.getEntryNode()
+        )
     }
 
     /** Gets the `ControlFlowNode` that will be passed as the nth argument to `this` when called at `call`.
diff --git a/python/ql/src/semmle/python/pointsto/Context.qll b/python/ql/src/semmle/python/pointsto/Context.qll
@@ -1,4 +1,4 @@
 import python
 private import semmle.python.pointsto.PointsToContext
 
-class Context = PointsToContext;
+class Context = PointsToContext;
diff --git a/python/ql/src/semmle/python/pointsto/PointsTo.qll b/python/ql/src/semmle/python/pointsto/PointsTo.qll
diff --git a/python/ql/src/semmle/python/pointsto/PointsToContext.qll b/python/ql/src/semmle/python/pointsto/PointsToContext.qll

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti`
`80`	`80`	`this = TPythonFunctionObject(result)`
`81`	`81`	`}`
`82`	`82`
	`83`	`+ pragma [noinline]`
`83`	`84`	`override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) {`
`84`	`85`	`exists(Function func, ControlFlowNode rval \|`
`85`	`86`	`func = this.getScope() and`
`@@ -93,10 +94,11 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti`
`93`	`94`	`)`
`94`	`95`	`}`
`95`	`96`
	`97`	`+ pragma [noinline]`
`96`	`98`	`override predicate callResult(ObjectInternal obj, CfgOrigin origin) {`
`97`	`99`	`this.getScope().isProcedure() and`
`98`	`100`	`obj = ObjectInternal::none_() and`
`99`		`- origin = CfgOrigin::unknown()`
	`101`	`+ origin = this.getScope().getEntryNode()`
`100`	`102`	`}`
`101`	`103`
`102`	`104`	`override predicate calleeAndOffset(Function scope, int paramOffset) {`
`@@ -155,6 +157,7 @@ class BuiltinFunctionObjectInternal extends CallableObjectInternal, TBuiltinFunc`
`155`	`157`
`156`	`158`	`override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) { none() }`
`157`	`159`
	`160`	`+ pragma [noinline]`
`158`	`161`	`override predicate callResult(ObjectInternal obj, CfgOrigin origin) {`
`159`	`162`	`exists(Builtin func, BuiltinClassObjectInternal cls \|`
`160`	`163`	`func = this.getBuiltin() and`
Original file line number	Diff line number	Diff line change
`@@ -236,12 +236,7 @@ class TypeInternal extends ClassObjectInternal, TType {`
`236`	`236`	`}`
`237`	`237`
`238`	`238`	`override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) {`
`239`		`- exists(CallNode call, PointsToContext caller, ObjectInternal instance \|`
`240`		`- callee.fromCall(call, caller) \|`
`241`		`- count(call.getAnArg()) = 1 and`
`242`		`- PointsToInternal::pointsTo(call.getArg(0), caller, instance, origin) and`
`243`		`- obj = instance.getClass()`
`244`		`- )`
	`239`	`+ none()`
`245`	`240`	`}`
`246`	`241`
`247`	`242`	`override predicate callResult(ObjectInternal obj, CfgOrigin origin) {`
Original file line number	Diff line number	Diff line change
`@@ -53,8 +53,14 @@ class Value extends TObject {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`/* For backwards compatibility with old API */`
`56`		`- ObjectSource getSource() {`
	`56`	`+ deprecated ObjectSource getSource() {`
`57`	`57`	`result = this.(ObjectInternal).getSource()`
	`58`	`+ or`
	`59`	`+ exists(Module p \|`
	`60`	`+ p.isPackage() and`
	`61`	`+ p.getPath() = this.(PackageObjectInternal).getFolder() and`
	`62`	`+ result = p.getEntryNode()`
	`63`	`+ )`
`58`	`64`	`}`
`59`	`65`
`60`	`66`	/** Gets the `ControlFlowNode` that will be passed as the nth argument to `this` when called at `call`.