From 9630feb5e417dd5d4b1c918c0789ce8a94a0106e Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Mon, 20 Mar 2023 09:04:35 +0100 Subject: [PATCH 1/3] Dataflow: Remove revFlowAlias trick --- .../cpp/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ .../cpp/ir/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ .../csharp/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ .../go/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ .../java/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ .../dataflow/new/internal/DataFlowImpl.qll | 30 +++++++------------ .../ruby/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ .../swift/dataflow/internal/DataFlowImpl.qll | 30 +++++++------------ 8 files changed, 80 insertions(+), 160 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll index b7cb98deaf9..f02728b9e18 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll @@ -1695,16 +1695,6 @@ module Impl { pragma[nomagic] predicate revFlowAp(NodeEx node, Ap ap) { revFlow(node, _, _, _, ap) } - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node) { revFlow(node, _, _, _, _) } - - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - additional predicate revFlowAlias(NodeEx node, FlowState state, Ap ap) { - revFlow(node, state, ap) - } - private predicate fwdConsCand(TypedContent tc, Ap ap) { storeStepFwd(_, ap, tc, _, _) } private predicate revConsCand(TypedContent tc, Ap ap) { storeStepCand(_, ap, tc, _, _) } @@ -1978,7 +1968,7 @@ module Impl { ) { flowOutOfCallNodeCand1(call, node1, kind, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } pragma[nomagic] @@ -1987,7 +1977,7 @@ module Impl { ) { flowIntoCallNodeCand1(call, node1, node2, allowsFieldFlow) and Stage2::revFlow(node2) and - Stage2::revFlowAlias(node1) + Stage2::revFlow(node1) } private module LocalFlowBigStep { @@ -2069,11 +2059,11 @@ module Impl { additionalLocalFlowStepNodeCand1(node1, node2) and state1 = state2 and Stage2::revFlow(node1, pragma[only_bind_into](state1), false) and - Stage2::revFlowAlias(node2, pragma[only_bind_into](state2), false) + Stage2::revFlow(node2, pragma[only_bind_into](state2), false) or additionalLocalStateStep(node1, state1, node2, state2) and Stage2::revFlow(node1, state1, false) and - Stage2::revFlowAlias(node2, state2, false) + Stage2::revFlow(node2, state2, false) } /** @@ -2266,7 +2256,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), _) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) and + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) and exists(lcc) } @@ -2277,7 +2267,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2288,7 +2278,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2590,7 +2580,7 @@ module Impl { ) { localFlowBigStep(node1, state1, node2, state2, preservesValue, ap.getType(), lcc) and PrevStage::revFlow(node1, pragma[only_bind_into](state1), _) and - PrevStage::revFlowAlias(node2, pragma[only_bind_into](state2), _) + PrevStage::revFlow(node2, pragma[only_bind_into](state2), _) } pragma[nomagic] @@ -2600,7 +2590,7 @@ module Impl { exists(FlowState state | flowOutOfCallNodeCand2(call, node1, kind, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } @@ -2611,7 +2601,7 @@ module Impl { exists(FlowState state | flowIntoCallNodeCand2(call, node1, node2, allowsFieldFlow) and PrevStage::revFlow(node2, pragma[only_bind_into](state), _) and - PrevStage::revFlowAlias(node1, pragma[only_bind_into](state), _) + PrevStage::revFlow(node1, pragma[only_bind_into](state), _) ) } From e0e3a1d62161999b5d83f96602ad5bb99634a3f9 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Mon, 20 Mar 2023 13:02:18 +0100 Subject: [PATCH 2/3] Dataflow: remove revFlowApAlias trick --- .../code/cpp/dataflow/internal/DataFlowImpl.qll | 11 ++--------- .../code/cpp/ir/dataflow/internal/DataFlowImpl.qll | 11 ++--------- .../code/csharp/dataflow/internal/DataFlowImpl.qll | 11 ++--------- .../lib/semmle/go/dataflow/internal/DataFlowImpl.qll | 11 ++--------- .../code/java/dataflow/internal/DataFlowImpl.qll | 11 ++--------- .../python/dataflow/new/internal/DataFlowImpl.qll | 11 ++--------- .../codeql/ruby/dataflow/internal/DataFlowImpl.qll | 11 ++--------- .../codeql/swift/dataflow/internal/DataFlowImpl.qll | 11 ++--------- 8 files changed, 16 insertions(+), 72 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll index f02728b9e18..a2af8508265 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll @@ -1144,20 +1144,13 @@ module Impl { module Stage implements StageSig { import Param - /* Begin: Stage logic. */ - // use an alias as a workaround for bad functionality-induced joins - pragma[nomagic] - private predicate revFlowApAlias(NodeEx node, ApApprox apa) { - PrevStage::revFlowAp(node, apa) - } - pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa ) { flowIntoCall(call, arg, p, allowsFieldFlow) and PrevStage::revFlowAp(p, pragma[only_bind_into](apa)) and - revFlowApAlias(arg, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(arg, pragma[only_bind_into](apa)) } pragma[nomagic] @@ -1167,7 +1160,7 @@ module Impl { ) { flowOutOfCall(call, ret, kind, out, allowsFieldFlow) and PrevStage::revFlowAp(out, pragma[only_bind_into](apa)) and - revFlowApAlias(ret, pragma[only_bind_into](apa)) + PrevStage::revFlowAp(ret, pragma[only_bind_into](apa)) } pragma[nomagic] From 1d2f1b6ae6982228d71854d1aa689d960dde90ed Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Mon, 20 Mar 2023 13:34:14 +0100 Subject: [PATCH 3/3] Address comments --- cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll | 1 + cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll | 1 + .../ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll | 1 + go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll | 1 + java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll | 1 + .../ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll | 1 + ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll | 1 + swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll | 1 + 8 files changed, 8 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll index a2af8508265..c47b0308855 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll @@ -1144,6 +1144,7 @@ module Impl { module Stage implements StageSig { import Param + /* Begin: Stage logic. */ pragma[nomagic] private predicate flowIntoCallApa( DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, boolean allowsFieldFlow, ApApprox apa