From 5c508553f34c94df9f18249deeca66d90ead1fe1 Mon Sep 17 00:00:00 2001
From: Benjamin Rodes <brodes@microsoft.com>
Date: Tue, 13 Feb 2024 09:42:08 -0800
Subject: [PATCH] Efficiency improvement (force a better join order)

---
 cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
index 0415eff9ffe..19ef223ba5c 100644
--- a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql	
+++ b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql	
@@ -86,15 +86,14 @@ predicate isNonConst(DataFlow::Node node) {
     c = node.asIndirectExpr() 
     // and not hasConstSpecifier(c.getType())
   ) and
-  not exists(Function func, FunctionInput input, FunctionOutput output, CallInstruction call |
+  not exists(FunctionInput input, FunctionOutput output, CallInstruction call |
     // NOTE: we must include dataflow and taintflow. e.g., including only dataflow we will find sprintf
     // variant function's output are now possible non-const sources
     (
-      func.(DataFlowFunction).hasDataFlow(input, output) or
-      func.(TaintFunction).hasTaintFlow(input, output)
+      pragma[only_bind_out](call.getStaticCallTarget()).(DataFlowFunction).hasDataFlow(input, output) or
+      pragma[only_bind_out](call.getStaticCallTarget()).(TaintFunction).hasTaintFlow(input, output)
     ) and
-    node = callOutput(call, output) and
-    call.getStaticCallTarget() = func
+    node = callOutput(call, output) 
   ) and
   not exists(Call c |
     c.getTarget().hasDefinition() and