Python: include try-else in getChild for completion propagation

The shared CFG library propagates abrupt completions from child to parent via getChild(parent, _) = child. Python's try.getElse() was wired into normal step rules but not listed in getChild(TryStmt, ...), so return/break/continue/raise statements occurring inside a try-else block had no parent path and ended up as dead-end CFG nodes. Add the else block at index -2 (alongside finally at -1). This affects only completion propagation; the normal-flow CFG is unchanged because TryStmt has explicit step rules. Verified on a CPython database: all 11 shared-CFG consistency queries now pass with 0 violations (deadEnd: 244 -> 0). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-14 11:19:27 +02:00 · 2026-05-05 14:56:18 +00:00
parent 76724c5391
commit 93112b2b75
1 changed files with 3 additions and 1 deletions
--- a/python/ql/lib/semmle/python/controlflow/internal/AstNodeImpl.qll
+++ b/python/ql/lib/semmle/python/controlflow/internal/AstNodeImpl.qll
@@ -969,13 +969,15 @@ module Ast implements AstSig<Py::Location> {
      index = 1 and result = r.getCause()
    )
    or
-    // TryStmt: body (0), handlers (1..n), finally (-1)
+    // TryStmt: body (0), handlers (1..n), else (-2), finally (-1)
    exists(TryStmt t | t = n |
      index = 0 and result = t.getBody()
      or
      result = t.getCatch(index - 1) and index >= 1
      or
      index = -1 and result = t.getFinally()
+      or
+      index = -2 and result = t.getElse()
    )
    or
    // Switch (match): subject (0), cases (1..n)