From 193cd46a767a0854396cf66b31296263ffc45686 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Fri, 3 Oct 2025 20:39:41 +0100 Subject: [PATCH] DataFlow: Adress comments on overlay informed dataflow --- shared/dataflow/codeql/dataflow/DataFlow.qll | 6 ++---- .../codeql/dataflow/TaintTracking.qll | 6 +++--- .../codeql/dataflow/internal/DataFlowImpl.qll | 19 ++++++++++--------- .../dataflow/internal/DataFlowImplStage1.qll | 8 ++++---- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 94bae26e7aa..49f84d45b2a 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -657,10 +657,8 @@ private module PathGraphSigMod { } } -module DataFlowMakeCore Lang> { +private module DataFlowMakeCore Lang> { private import Lang - private import internal.DataFlowImpl::MakeImpl - private import internal.DataFlowImplStage1::MakeImplStage1 import Configs /** @@ -1166,7 +1164,7 @@ module DataFlowMake Lang> { } module DataFlowMakeOverlay Lang> { - import DataFlowMakeCore + import DataFlowMake private import Lang private import internal.DataFlowImpl::MakeImpl private import internal.DataFlowImplStage1::MakeImplStage1 diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index cb4fad7c8ce..7bb9535d096 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -52,7 +52,7 @@ private module TaintFlowMakeCore< InputSig TaintTrackingLang> { import TaintTrackingLang - import DF::DataFlowMakeCore as DataFlow + import DF::DataFlowMake as DataFlow import MakeImpl as DataFlowInternal import MakeImplStage1 as DataFlowInternalStage1 @@ -295,7 +295,7 @@ module TaintFlowMake< import Stage1::PartialFlow - private module Flow = DataFlowInternal::OverlayImpl; + private module Flow = DataFlowInternal::Impl; import Flow } @@ -407,7 +407,7 @@ module TaintFlowMakeOverlay< import Stage1::PartialFlow - private module Flow = DataFlowInternal::Impl; + private module Flow = DataFlowInternal::OverlayImpl; import Flow } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index 81ac268b8b3..099866ab6bd 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -15,7 +15,7 @@ private import DataFlowImplStage1 module MakeImpl Lang> { private import Lang - private import DataFlowMakeCore + private import DataFlowMake private import MakeImplStage1 private import DataFlowImplCommon::MakeImplCommon private import DataFlowImplCommonPublic @@ -145,7 +145,8 @@ module MakeImpl Lang> { /** * Holds if sources and sinks should be filtered to only include those that - * are in the overlay database. This only has an effect when running + * may lead to a flow path with either a source or a sink in the overlay database. + * This only has an effect when running * in overlay-informed incremental mode. This should be used in conjunction * with the `OverlayImpl` implementation to merge the base results back in. */ @@ -184,22 +185,22 @@ module MakeImpl Lang> { * an initial stage 1 pruning with merging of overlay and base results. */ module OverlayImpl Stage1> { - module Base = Impl; + private module Flow = Impl; - import Base + import Flow /** * Holds if data can flow from `source` to `sink`. * * This is a local predicate that only has results local to the overlay/base database. */ - predicate flowLocal(Node source, Node sink) = forceLocal(Base::flow/2)(source, sink) + private predicate flowLocal(Node source, Node sink) = forceLocal(Flow::flow/2)(source, sink) /** * Holds if data can flow from `source` to `sink`. */ predicate flow(Node source, Node sink) { - Base::flow(source, sink) + Flow::flow(source, sink) or // If we are overlay informed (i.e. we are not diff-informed), we // merge in the local results which includes the base database results. @@ -208,15 +209,15 @@ module MakeImpl Lang> { /** * Holds if data can flow from some source to `sink`. - * This predicate that only has results local to the overlay/base database. + * This is a local predicate that only has results local to the overlay/base database. */ - predicate flowToLocal(Node sink) = forceLocal(Base::flowTo/1)(sink) + predicate flowToLocal(Node sink) = forceLocal(Flow::flowTo/1)(sink) /** * Holds if data can flow from some source to `sink`. */ predicate flowTo(Node sink) { - Base::flowTo(sink) + Flow::flowTo(sink) or // If we are overlay informed (i.e. we are not diff-informed), we // merge in the local results which includes the base database results. diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index 982e4a1c6af..bb79ff62f5b 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -149,17 +149,17 @@ module MakeImplStage1 Lang> { * * Shared between sources and sinks. */ - pragma[inline] overlay[global] + pragma[inline] private predicate nonDiffInformedFilter(Node node) { - // If we are in base-only global evaluation, do not filter out any sources. + // If we are in base-only global evaluation, do not filter out any sources/sinks. not isEvaluatingInOverlay() or - // If the configuration doesn't merge overlays, do not filter out any sources. + // If the configuration doesn't merge overlays, do not filter out any sources/sinks. not Config::observeOverlayInformedIncrementalMode() or // If we are in global evaluation with an overlay present, restrict - // sources to those visible in the overlay. + // sources/sinks to those visible in the overlay. isOverlayNode(node) }