@@ -354,15 +354,19 @@ private predicate hasStoreSummary(
354354 SummarizedCallable callable , DataFlow:: ContentSet contents , SummaryComponentStack input ,
355355 SummaryComponentStack output
356356) {
357- callable .propagatesFlow ( input , push ( SummaryComponent:: content ( contents ) , output ) , true )
357+ callable .propagatesFlow ( input , push ( SummaryComponent:: content ( contents ) , output ) , true ) and
358+ not isNonLocal ( input .head ( ) ) and
359+ not isNonLocal ( output .head ( ) )
358360}
359361
360362pragma [ nomagic]
361363private predicate hasLoadSummary (
362364 SummarizedCallable callable , DataFlow:: ContentSet contents , SummaryComponentStack input ,
363365 SummaryComponentStack output
364366) {
365- callable .propagatesFlow ( push ( SummaryComponent:: content ( contents ) , input ) , output , true )
367+ callable .propagatesFlow ( push ( SummaryComponent:: content ( contents ) , input ) , output , true ) and
368+ not isNonLocal ( input .head ( ) ) and
369+ not isNonLocal ( output .head ( ) )
366370}
367371
368372pragma [ nomagic]
@@ -373,6 +377,8 @@ private predicate hasLoadStoreSummary(
373377 callable
374378 .propagatesFlow ( push ( SummaryComponent:: content ( loadContents ) , input ) ,
375379 push ( SummaryComponent:: content ( storeContents ) , output ) , true ) and
380+ not isNonLocal ( input .head ( ) ) and
381+ not isNonLocal ( output .head ( ) ) and
376382 callable != "Hash.[]" // Special-cased due to having a huge number of summaries
377383}
378384
@@ -408,6 +414,8 @@ private predicate hasWithoutContentSummary(
408414 exists ( DataFlow:: ContentSet content |
409415 callable .propagatesFlow ( push ( SummaryComponent:: withoutContent ( content ) , input ) , output , true ) and
410416 filter = getFilterFromWithoutContentStep ( content ) and
417+ not isNonLocal ( input .head ( ) ) and
418+ not isNonLocal ( output .head ( ) ) and
411419 input != output
412420 )
413421}
@@ -444,10 +452,22 @@ private predicate hasWithContentSummary(
444452 exists ( DataFlow:: ContentSet content |
445453 callable .propagatesFlow ( push ( SummaryComponent:: withContent ( content ) , input ) , output , true ) and
446454 filter = getFilterFromWithContentStep ( content ) and
455+ not isNonLocal ( input .head ( ) ) and
456+ not isNonLocal ( output .head ( ) ) and
447457 input != output
448458 )
449459}
450460
461+ /**
462+ * Holds if the given component can't be evaluated by `evaluateSummaryComponentStackLocal`.
463+ */
464+ pragma [ nomagic]
465+ predicate isNonLocal ( SummaryComponent component ) {
466+ component = SC:: content ( _)
467+ or
468+ component = SC:: withContent ( _)
469+ }
470+
451471/**
452472 * Gets a data flow node corresponding an argument or return value of `call`,
453473 * as specified by `component`.
@@ -490,6 +510,14 @@ private predicate dependsOnSummaryComponentStackCons(
490510 dependsOnSummaryComponentStack ( callable , SCS:: push ( head , tail ) )
491511}
492512
513+ pragma [ nomagic]
514+ private predicate dependsOnSummaryComponentStackConsLocal (
515+ SummarizedCallable callable , SummaryComponent head , SummaryComponentStack tail
516+ ) {
517+ dependsOnSummaryComponentStackCons ( callable , head , tail ) and
518+ not isNonLocal ( head )
519+ }
520+
493521pragma [ nomagic]
494522private predicate dependsOnSummaryComponentStackLeaf (
495523 SummarizedCallable callable , SummaryComponent leaf
@@ -514,7 +542,7 @@ private DataFlow::Node evaluateSummaryComponentStackLocal(
514542 or
515543 exists ( DataFlow:: Node prev , SummaryComponent head , SummaryComponentStack tail |
516544 prev = evaluateSummaryComponentStackLocal ( callable , call , tail ) and
517- dependsOnSummaryComponentStackCons ( callable , pragma [ only_bind_into ] ( head ) ,
545+ dependsOnSummaryComponentStackConsLocal ( callable , pragma [ only_bind_into ] ( head ) ,
518546 pragma [ only_bind_out ] ( tail ) ) and
519547 stack = SCS:: push ( pragma [ only_bind_out ] ( head ) , pragma [ only_bind_out ] ( tail ) )
520548 |
0 commit comments