@@ -2101,23 +2101,19 @@ private newtype TAccessPath =
21012101 TAccessPathCons ( TypedContent head , AccessPath tail ) { flowConsCand ( head , tail .getApprox ( ) , _) }
21022102
21032103private newtype TPathNode =
2104- TPathNodeMid (
2105- Node node , CallContext cc , SummaryCtx sc , AccessPath ap , AccessPathApprox apa ,
2106- Configuration config
2107- ) {
2104+ TPathNodeMid ( Node node , CallContext cc , SummaryCtx sc , AccessPath ap , Configuration config ) {
21082105 // A PathNode is introduced by a source ...
21092106 flow ( node , config ) and
21102107 config .isSource ( node ) and
21112108 cc instanceof CallContextAny and
21122109 sc instanceof SummaryCtxNone and
2113- ap = TAccessPathNil ( getNodeType ( node ) ) and
2114- apa = TNil ( getNodeType ( node ) )
2110+ ap = TAccessPathNil ( getNodeType ( node ) )
21152111 or
21162112 // ... or a step from an existing PathNode to another node.
21172113 exists ( PathNodeMid mid |
2118- pathStep ( mid , node , cc , sc , ap , apa ) and
2114+ pathStep ( mid , node , cc , sc , ap ) and
21192115 config = mid .getConfiguration ( ) and
2120- flow ( node , _, _, apa , unbind ( config ) )
2116+ flow ( node , _, _, ap . getApprox ( ) , unbind ( config ) )
21212117 )
21222118 } or
21232119 TPathNodeSink ( Node node , Configuration config ) {
@@ -2129,7 +2125,7 @@ private newtype TPathNode =
21292125 or
21302126 // ... or a sink that can be reached from a source
21312127 exists ( PathNodeMid mid |
2132- pathStep ( mid , node , _, _, _ , TNil ( _) ) and
2128+ pathStep ( mid , node , _, _, TAccessPathNil ( _) ) and
21332129 config = unbind ( mid .getConfiguration ( ) )
21342130 )
21352131 )
@@ -2340,10 +2336,9 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
23402336 CallContext cc ;
23412337 SummaryCtx sc ;
23422338 AccessPath ap ;
2343- AccessPathApprox apa ;
23442339 Configuration config ;
23452340
2346- PathNodeMid ( ) { this = TPathNodeMid ( node , cc , sc , ap , apa , config ) }
2341+ PathNodeMid ( ) { this = TPathNodeMid ( node , cc , sc , ap , config ) }
23472342
23482343 override Node getNode ( ) { result = node }
23492344
@@ -2353,13 +2348,10 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
23532348
23542349 AccessPath getAp ( ) { result = ap }
23552350
2356- AccessPathApprox getApa ( ) { result = apa }
2357-
23582351 override Configuration getConfiguration ( ) { result = config }
23592352
23602353 private PathNodeMid getSuccMid ( ) {
2361- pathStep ( this , result .getNode ( ) , result .getCallContext ( ) , result .getSummaryCtx ( ) ,
2362- result .getAp ( ) , _) and
2354+ pathStep ( this , result .getNode ( ) , result .getCallContext ( ) , result .getSummaryCtx ( ) , result .getAp ( ) ) and
23632355 result .getConfiguration ( ) = unbind ( this .getConfiguration ( ) )
23642356 }
23652357
@@ -2371,7 +2363,7 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
23712363 exists ( PathNodeMid mid , PathNodeSink sink |
23722364 mid = getSuccMid ( ) and
23732365 mid .getNode ( ) = sink .getNode ( ) and
2374- mid .getApa ( ) instanceof AccessPathApproxNil and
2366+ mid .getAp ( ) instanceof AccessPathNil and
23752367 sink .getConfiguration ( ) = unbind ( mid .getConfiguration ( ) ) and
23762368 result = sink
23772369 )
@@ -2381,7 +2373,7 @@ private class PathNodeMid extends PathNodeImpl, TPathNodeMid {
23812373 config .isSource ( node ) and
23822374 cc instanceof CallContextAny and
23832375 sc instanceof SummaryCtxNone and
2384- apa instanceof AccessPathApproxNil
2376+ ap instanceof AccessPathNil
23852377 }
23862378}
23872379
@@ -2409,33 +2401,22 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
24092401 * Holds if data may flow from `mid` to `node`. The last step in or out of
24102402 * a callable is recorded by `cc`.
24112403 */
2412- private predicate pathStep (
2413- PathNodeMid mid , Node node , CallContext cc , SummaryCtx sc , AccessPath ap , AccessPathApprox apa
2414- ) {
2404+ private predicate pathStep ( PathNodeMid mid , Node node , CallContext cc , SummaryCtx sc , AccessPath ap ) {
24152405 pathStepSameAp ( mid , node , cc , sc ) and
2416- ap = mid .getAp ( ) and
2417- apa = mid .getApa ( )
2406+ ap = mid .getAp ( )
24182407 or
24192408 exists ( DataFlowType t |
24202409 pathStepEmptyAp ( mid , node , cc , sc , t ) and
2421- ap = TAccessPathNil ( t ) and
2422- apa = TNil ( t )
2410+ ap = TAccessPathNil ( t )
24232411 )
24242412 or
2425- exists ( TypedContent tc , AccessPathApprox apa0 |
2426- pathStoreStep ( mid , node , ap .pop ( tc ) , apa0 , tc , cc ) and
2427- // Same as `apa = ap.getApprox()`, but avoids mutual recursion
2428- apa0 = apa .pop ( tc )
2429- ) and
2413+ exists ( TypedContent tc | pathStoreStep ( mid , node , ap .pop ( tc ) , tc , cc ) ) and
24302414 sc = mid .getSummaryCtx ( )
24312415 or
24322416 exists ( TypedContent tc | pathReadStep ( mid , node , ap .push ( tc ) , tc , cc ) ) and
2433- sc = mid .getSummaryCtx ( ) and
2434- // Here the approximation cannot be created from the approximation before
2435- // the read, so we must use `getApprox()`
2436- apa = ap .getApprox ( )
2417+ sc = mid .getSummaryCtx ( )
24372418 or
2438- pathThroughCallable ( mid , node , cc , ap , apa ) and
2419+ pathThroughCallable ( mid , node , cc , ap ) and
24392420 sc = mid .getSummaryCtx ( )
24402421}
24412422
@@ -2504,10 +2485,9 @@ private predicate storeCand(Node node1, TypedContent tc, Node node2, Configurati
25042485
25052486pragma [ nomagic]
25062487private predicate pathStoreStep (
2507- PathNodeMid mid , Node node , AccessPath ap0 , AccessPathApprox apa0 , TypedContent tc , CallContext cc
2488+ PathNodeMid mid , Node node , AccessPath ap0 , TypedContent tc , CallContext cc
25082489) {
25092490 ap0 = mid .getAp ( ) and
2510- apa0 = mid .getApa ( ) and
25112491 storeCand ( mid .getNode ( ) , tc , node , mid .getConfiguration ( ) ) and
25122492 cc = mid .getCallContext ( )
25132493}
@@ -2519,7 +2499,7 @@ private predicate pathOutOfCallable0(
25192499 pos = getReturnPosition ( mid .getNode ( ) ) and
25202500 innercc = mid .getCallContext ( ) and
25212501 innercc instanceof CallContextNoCall and
2522- apa = mid .getApa ( ) and
2502+ apa = mid .getAp ( ) . getApprox ( ) and
25232503 config = mid .getConfiguration ( )
25242504}
25252505
@@ -2570,7 +2550,7 @@ private predicate pathIntoArg(
25702550 cc = mid .getCallContext ( ) and
25712551 arg .argumentOf ( call , i ) and
25722552 ap = mid .getAp ( ) and
2573- apa = mid . getApa ( )
2553+ apa = ap . getApprox ( )
25742554 )
25752555}
25762556
@@ -2653,7 +2633,7 @@ private predicate paramFlowsThrough(
26532633 sc = mid .getSummaryCtx ( ) and
26542634 config = mid .getConfiguration ( ) and
26552635 ap = mid .getAp ( ) and
2656- apa = mid . getApa ( ) and
2636+ apa = ap . getApprox ( ) and
26572637 pos = sc .getParameterPos ( ) and
26582638 not kind .( ParamUpdateReturnKind ) .getPosition ( ) = pos
26592639 )
@@ -2675,10 +2655,8 @@ private predicate pathThroughCallable0(
26752655 * The context `cc` is restored to its value prior to entering the callable.
26762656 */
26772657pragma [ noinline]
2678- private predicate pathThroughCallable (
2679- PathNodeMid mid , Node out , CallContext cc , AccessPath ap , AccessPathApprox apa
2680- ) {
2681- exists ( DataFlowCall call , ReturnKindExt kind |
2658+ private predicate pathThroughCallable ( PathNodeMid mid , Node out , CallContext cc , AccessPath ap ) {
2659+ exists ( DataFlowCall call , ReturnKindExt kind , AccessPathApprox apa |
26822660 pathThroughCallable0 ( call , mid , kind , cc , ap , apa ) and
26832661 out = getAnOutNodeFlow ( kind , call , apa , unbind ( mid .getConfiguration ( ) ) )
26842662 )
0 commit comments