Data flow: Fix bad join-order in TPathNodeSink

hvitved · hvitved · commit f30a42ce2682 · 2020-02-07T12:08:31.000+01:00
Avoids a Cartesian product on nodes:

```
[2020-02-07 11:01:22] (432s) Tuple counts for dom#DataFlowImpl::TPathNodeSink#ff:
                      0          ~0%      {2} r1 = JOIN DataFlowImpl::Configuration::isSource_dispred#ff AS L WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 2 OUTPUT R.&lt;1&gt;, R.&lt;0&gt;
                      101611     ~0%      {2} r2 = SCAN DataFlowImpl::PathNodeMid#class#ffffff AS I OUTPUT I.&lt;5&gt;, I.&lt;0&gt;
                      3534537047 ~3%      {3} r3 = JOIN r2 WITH DataFlowImpl::Configuration::isSink_dispred#ff AS R ON FIRST 1 OUTPUT r2.&lt;1&gt;, R.&lt;1&gt;, R.&lt;0&gt;
                      251        ~41%     {3} r4 = JOIN r3 WITH project#DataFlowImpl::pathStep#fffff AS R ON FIRST 2 OUTPUT R.&lt;2&gt;, r3.&lt;2&gt;, r3.&lt;1&gt;
                      251        ~50%     {2} r5 = JOIN r4 WITH DataFlowImpl::TNil#ff_1#join_rhs AS R ON FIRST 1 OUTPUT r4.&lt;2&gt;, r4.&lt;1&gt;
                      251        ~50%     {2} r6 = r1 \/ r5
                      323        ~67%     {3} r7 = JOIN r6 WITH DataFlowImpl::flow#ff AS R ON FIRST 1 OUTPUT r6.&lt;1&gt;, r6.&lt;0&gt;, R.&lt;1&gt;
                      288        ~58%     {3} r8 = SELECT r7 ON r7.&lt;2&gt; &gt;= r7.&lt;0&gt;
                      251        ~53%     {3} r9 = SELECT r8 ON r8.&lt;2&gt; &lt;= r8.&lt;0&gt;
                      251        ~50%     {2} r10 = SCAN r9 OUTPUT r9.&lt;1&gt;, r9.&lt;0&gt;
```
diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
@@ -2076,13 +2076,18 @@ private newtype TPathNode =
       config.isSource(node)
       or
       // ... or a sink that can be reached from a source
-      exists(PathNodeMid mid |
-        pathStep(mid, node, _, _, any(AccessPathNil nil)) and
-        config = mid.getConfiguration()
-      )
+      pathStepNil(node, config)
     )
   }
 
+pragma[nomagic]
+private predicate pathStepNil(Node node, Configuration config) {
+  exists(PathNodeMid mid |
+    pathStep(mid, node, _, _, any(AccessPathNil nil)) and
+    config = mid.getConfiguration()
+  )
+}
+
 /**
  * A `Node` augmented with a call context (except for sinks), an access path, and a configuration.
  * Only those `PathNode`s that are reachable from a source are generated.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
