Dataflow: Risky! Remove fwdFlowLocalEntry.

aschackmull · aschackmull · commit 4b5905c5e0dc · 2020-11-13T15:09:29.000+01:00
This commit is a little bit risky, as it allows for some potentially bad
join-orders. The best order starts with the delta and proceeds with the
then functional `mid.getEnclosingCallable()` and `getLocalCallContext`.
In this order `localFlowEntry` becomes superfluous. The standard order
is however somewhat unwilling to choose this. If it picks
`getLocalCallContext` and `getEnclosingCallable` as the first join, the
result is really bad, but it appears that the existence of
`localFlowEntry` at least means that it'll do `localFlowEntry`,
`getEnclosingCallable`, `getLocalCallContext` in that order, which
appears to be acceptable, although it isn't optimal. Without the
`localFlowEntry` conjunct we end up with the worst case. We'll need to
watch this particular join-ordering until we get better join-ordering
directives.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -1945,33 +1945,36 @@ private module Stage4 {
     argAp = apNone() and
     ap = getApNil(node)
     or
-    flowCand(node, _, unbind(config)) and
-    (
-      exists(Node mid, LocalCallContext localCC |
-        fwdFlowLocalEntry(mid, cc, argAp, ap, localCC, config) and
-        localFlowBigStep(mid, node, true, _, config, localCC)
-      )
+    exists(Node mid, Ap ap0, LocalCallContext localCC |
+      fwdFlow(mid, cc, argAp, ap0, config) and
+      localFlowEntry(mid, config) and
+      localCC = getLocalCallContext(cc, mid.getEnclosingCallable())
+    |
+      localFlowBigStep(mid, node, true, _, config, localCC) and
+      ap = ap0
       or
-      exists(Node mid, ApNil nil, LocalCallContext localCC, AccessPathFront apf |
-        fwdFlowLocalEntry(mid, cc, argAp, nil, localCC, config) and
+      exists(AccessPathFront apf |
         localFlowBigStep(mid, node, false, apf, config, localCC) and
+        ap0 instanceof ApNil and
         apf = ap.(ApNil).getFront()
       )
-      or
-      exists(Node mid |
-        fwdFlow(mid, _, _, ap, config) and
-        jumpStep(mid, node, config) and
-        cc = ccAny() and
-        argAp = apNone()
-      )
-      or
-      exists(Node mid, ApNil nil |
-        fwdFlow(mid, _, _, nil, config) and
-        additionalJumpStep(mid, node, config) and
-        cc = ccAny() and
-        argAp = apNone() and
-        ap = getApNil(node)
-      )
+    )
+    or
+    exists(Node mid |
+      fwdFlow(mid, _, _, ap, config) and
+      flowCand(node, _, unbind(config)) and
+      jumpStep(mid, node, config) and
+      cc = ccAny() and
+      argAp = apNone()
+    )
+    or
+    exists(Node mid, ApNil nil |
+      fwdFlow(mid, _, _, nil, config) and
+      flowCand(node, _, unbind(config)) and
+      additionalJumpStep(mid, node, config) and
+      cc = ccAny() and
+      argAp = apNone() and
+      ap = getApNil(node)
     )
     or
     // store
@@ -2004,15 +2007,6 @@ private module Stage4 {
     )
   }
 
-  pragma[nomagic]
-  private predicate fwdFlowLocalEntry(
-    Node node, Cc cc, ApOption argAp, Ap ap, LocalCallContext localCC, Configuration config
-  ) {
-    fwdFlow(node, cc, argAp, ap, config) and
-    localFlowEntry(node, config) and
-    localCC = getLocalCallContext(cc, node.getEnclosingCallable())
-  }
-
   pragma[nomagic]
   private predicate fwdFlowStore(
     Node node, TypedContent tc, Ap ap0, Cc cc, ApOption argAp, Configuration config
