You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: python/ql/src/experimental/dataflow/internal/readme.md
+7-2Lines changed: 7 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,9 +2,9 @@
2
2
3
3
## File organisation
4
4
5
-
The files currently live in `semmle/code/python` (whereas the exisitng implementation lives in `semmle/python/dataflow`).
5
+
The files currently live in `experimental` (whereas the existing implementation lives in `semmle\python\dataflow`).
6
6
7
-
In there is found `DataFlow.qll`, `DataFlow2.qll` etc. which refer to `internal\DataFlowImpl`, `internal\DataFlowImpl2` etc. respectively. The `DataFlowImplN`-files are all identical copies to avoid mutual recursion. They start off by including two files `internal\DataFlowImplCommon` and `internal\DataFlowImplSpecific`. The former contains all the language-agnostic definitions, while the latter is where we describe our favorite language. `Sepcific` simply forwards to two other files `internal/DataFlowPrivate.qll` and `internal/DataFlowPublic.qll`. Definitions in the former will be hidden behind a `private` modifier, while those in the latter can be referred to in data flow queries. For instance, the definition of `DataFlow::Node` should likely be in `DataFlowPublic.qll`.
7
+
In there is found `DataFlow.qll`, `DataFlow2.qll` etc. which refer to `internal\DataFlowImpl`, `internal\DataFlowImpl2` etc. respectively. The `DataFlowImplN`-files are all identical copies to avoid mutual recursion. They start off by including two files `internal\DataFlowImplCommon` and `internal\DataFlowImplSpecific`. The former contains all the language-agnostic definitions, while the latter is where we describe our favorite language. `Sepcific` simply forwards to two other files `internal\DataFlowPrivate.qll` and `internal\DataFlowPublic.qll`. Definitions in the former will be hidden behind a `private` modifier, while those in the latter can be referred to in data flow queries. For instance, the definition of `DataFlow::Node` should likely be in `DataFlowPublic.qll`.
8
8
9
9
## Define the dataflow graph
10
10
@@ -31,10 +31,14 @@ The edges split into local flow (within a function) and global flow (the call gr
31
31
32
32
Extra flow, such as reading from and writing to global variables, can be captured in `jumpStep`.
33
33
The local flow should be obtainalble from an SSA computation.
34
+
Local flow nodes are generally either control flow nodes or SSA variables.
35
+
Flow from control flow nodes to SSA variables comes from SSA variable definitions, while flow from SSA variables to control flow nodes comes from def-use pairs.
34
36
35
37
The global flow should be obtainable from a `PointsTo` analysis. It is specified via `viableCallable` and
36
38
`getAnOutNode`. Consider making `ReturnKind` a singleton IPA type as in java.
37
39
40
+
Global flow includes local flow within a consistent call context. Thus, for local flow to count as global flow, all relevant node should implement `getEnclosingCallable`.
41
+
38
42
If complicated dispatch needs to be modelled, try using the `[reduced|pruned]viable*` predicates.
39
43
40
44
## Field flow
@@ -52,6 +56,7 @@ Work is being done to make field flow handle lists and dictionaries and the like
52
56
If type information is available, flows can be discarded on the grounds of type mismatch.
53
57
54
58
Tracked types are given by the class `DataFlowType` and the predicate `getTypeBound`, and compatibility is recorded in the predicate `compatibleTypes`.
59
+
If type pruning is not used, `compatibleTypes` should be implemented as `any`; if it is implemented, say, as `none`, all flows will be pruned.
55
60
56
61
Further, possible casts are given by the class `CastNode`.
0 commit comments