Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8b5e452

Browse files
aschackmullaschackmull
committed
Dataflow: Improve cons-cand relation.
Post-recursion we can filter the forward cons-candidates to only include those that met a read step, and similarly restrict the reverse flow cons-candidates to those that met a store step.
1 parent e4fb415 commit 8b5e452

1 file changed

Lines changed: 35 additions & 25 deletions

File tree

java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll

Lines changed: 35 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1153,6 +1153,14 @@ private module Stage2 {
11531153
}
11541154

11551155
predicate revFlow(Node node, Configuration config) { revFlow(node, _, _, _, config) }
1156+
1157+
private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
1158+
storeStepFwd(_, ap, tc, _, _, config)
1159+
}
1160+
1161+
predicate consCand(TypedContent tc, Ap ap, Configuration config) {
1162+
storeStepCand(_, ap, tc, _, _, config)
1163+
}
11561164
/* End: Stage 2 logic. */
11571165
}
11581166

@@ -1624,7 +1632,7 @@ private module Stage3 {
16241632
}
16251633

16261634
pragma[nomagic]
1627-
predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
1635+
private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
16281636
exists(Node mid |
16291637
revFlow(mid, _, _, tail, config) and
16301638
readStepFwd(_, cons, c, mid, tail, config)
@@ -1695,14 +1703,15 @@ private module Stage3 {
16951703
revFlowStore(ap1, c, /*unbind*/ ap2, _, _, _, _, _, unbind(config))
16961704
)
16971705
}
1698-
/* End: Stage 3 logic. */
1699-
}
17001706

1701-
private predicate stage3consCand(TypedContent tc, AccessPathFront apf, Configuration config) {
1702-
exists(AccessPathFront apf0 |
1703-
Stage3::revFlowConsCand(apf0, _, apf, config) and
1704-
apf0.getHead() = tc
1705-
)
1707+
private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
1708+
storeStepFwd(_, ap, tc, _, _, config)
1709+
}
1710+
1711+
predicate consCand(TypedContent tc, Ap ap, Configuration config) {
1712+
storeStepCand(_, ap, tc, _, _, config)
1713+
}
1714+
/* End: Stage 3 logic. */
17061715
}
17071716

17081717
/**
@@ -1722,7 +1731,7 @@ private predicate flowCandSummaryCtx(Node node, AccessPathFront argApf, Configur
17221731
*/
17231732
private predicate expensiveLen2unfolding(TypedContent tc, Configuration config) {
17241733
exists(int tails, int nodes, int apLimit, int tupleLimit |
1725-
tails = strictcount(AccessPathFront apf | stage3consCand(tc, apf, config)) and
1734+
tails = strictcount(AccessPathFront apf | Stage3::consCand(tc, apf, config)) and
17261735
nodes =
17271736
strictcount(Node n |
17281737
Stage3::revFlow(n, _, _, any(AccessPathFrontHead apf | apf.headUsesContent(tc)), config)
@@ -1738,11 +1747,11 @@ private predicate expensiveLen2unfolding(TypedContent tc, Configuration config)
17381747
private newtype TAccessPathApprox =
17391748
TNil(DataFlowType t) or
17401749
TConsNil(TypedContent tc, DataFlowType t) {
1741-
stage3consCand(tc, TFrontNil(t), _) and
1750+
Stage3::consCand(tc, TFrontNil(t), _) and
17421751
not expensiveLen2unfolding(tc, _)
17431752
} or
17441753
TConsCons(TypedContent tc1, TypedContent tc2, int len) {
1745-
stage3consCand(tc1, TFrontHead(tc2), _) and
1754+
Stage3::consCand(tc1, TFrontHead(tc2), _) and
17461755
len in [2 .. accessPathLimit()] and
17471756
not expensiveLen2unfolding(tc1, _)
17481757
} or
@@ -1872,7 +1881,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
18721881
override AccessPathApprox pop(TypedContent head) {
18731882
head = tc and
18741883
(
1875-
exists(TypedContent tc2 | stage3consCand(tc, TFrontHead(tc2), _) |
1884+
exists(TypedContent tc2 | Stage3::consCand(tc, TFrontHead(tc2), _) |
18761885
result = TConsCons(tc2, _, len - 1)
18771886
or
18781887
len = 2 and
@@ -1883,7 +1892,7 @@ private class AccessPathApproxCons1 extends AccessPathApproxCons, TCons1 {
18831892
or
18841893
exists(DataFlowType t |
18851894
len = 1 and
1886-
stage3consCand(tc, TFrontNil(t), _) and
1895+
Stage3::consCand(tc, TFrontNil(t), _) and
18871896
result = TNil(t)
18881897
)
18891898
)
@@ -2245,7 +2254,7 @@ private module Stage4 {
22452254
}
22462255

22472256
pragma[nomagic]
2248-
predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
2257+
private predicate revFlowConsCand(Ap cons, Content c, Ap tail, Configuration config) {
22492258
exists(Node mid |
22502259
revFlow(mid, _, _, tail, config) and
22512260
readStepFwd(_, cons, c, mid, tail, config)
@@ -2319,14 +2328,15 @@ private module Stage4 {
23192328
}
23202329

23212330
predicate revFlow(Node n, Configuration config) { revFlow(n, _, _, _, config) }
2322-
/* End: Stage 4 logic. */
2323-
}
23242331

2325-
private predicate stage4consCand(TypedContent tc, AccessPathApprox apa, Configuration config) {
2326-
exists(AccessPathApprox apa0 |
2327-
Stage4::revFlowConsCand(apa0, _, apa, config) and
2328-
apa0.getHead() = tc
2329-
)
2332+
private predicate fwdConsCand(TypedContent tc, Ap ap, Configuration config) {
2333+
storeStepFwd(_, ap, tc, _, _, config)
2334+
}
2335+
2336+
predicate consCand(TypedContent tc, Ap ap, Configuration config) {
2337+
storeStepCand(_, ap, tc, _, _, config)
2338+
}
2339+
/* End: Stage 4 logic. */
23302340
}
23312341

23322342
bindingset[conf, result]
@@ -2405,7 +2415,7 @@ private int count1to2unfold(AccessPathApproxCons1 apa, Configuration config) {
24052415
len = apa.len() and
24062416
result =
24072417
strictcount(AccessPathFront apf |
2408-
stage4consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
2418+
Stage4::consCand(tc, any(AccessPathApprox ap | ap.getFront() = apf and ap.len() = len - 1),
24092419
config)
24102420
)
24112421
)
@@ -2433,7 +2443,7 @@ private predicate expensiveLen1to2unfolding(AccessPathApproxCons1 apa, Configura
24332443
private AccessPathApprox getATail(AccessPathApprox apa, Configuration config) {
24342444
exists(TypedContent head |
24352445
apa.pop(head) = result and
2436-
stage4consCand(head, result, config)
2446+
Stage4::consCand(head, result, config)
24372447
)
24382448
}
24392449

@@ -2651,7 +2661,7 @@ private class AccessPathCons2 extends AccessPath, TAccessPathCons2 {
26512661
override TypedContent getHead() { result = head1 }
26522662

26532663
override AccessPath getTail() {
2654-
stage4consCand(head1, result.getApprox(), _) and
2664+
Stage4::consCand(head1, result.getApprox(), _) and
26552665
result.getHead() = head2 and
26562666
result.length() = len - 1
26572667
}
@@ -2682,7 +2692,7 @@ private class AccessPathCons1 extends AccessPath, TAccessPathCons1 {
26822692
override TypedContent getHead() { result = head }
26832693

26842694
override AccessPath getTail() {
2685-
stage4consCand(head, result.getApprox(), _) and result.length() = len - 1
2695+
Stage4::consCand(head, result.getApprox(), _) and result.length() = len - 1
26862696
}
26872697

26882698
override AccessPathFrontHead getFront() { result = TFrontHead(head) }

0 commit comments

Comments
 (0)