Python: Fix bad join in total_cost

The recent change to `appliesTo` lead to a perturbation in the join order of this predicate, which resulted in a cartesian product between `call` and `ctx` being created (before being filtered by `appliesTo`). By splitting the intermediate result into its own helper predicate, suitably marked to prevent inlining/magic, we prevent this from happening again.
2026-04-28 18:25:24 +02:00 · 2021-04-14 15:36:01 +00:00
parent 591ac38c31
commit a7fcf52267
1 changed files with 6 additions and 2 deletions
--- a/python/ql/src/semmle/python/pointsto/PointsToContext.qll
+++ b/python/ql/src/semmle/python/pointsto/PointsToContext.qll
@@ -100,10 +100,14 @@ private int total_call_cost(CallNode call) {
  if call_to_init_or_del(call) then result = 1 else result = call_cost(call) + splay_cost(call)
 }

+pragma[nomagic]
+private int relevant_call_cost(PointsToContext ctx, CallNode call) {
+  ctx.appliesTo(call) and result = total_call_cost(call)
+}
+
 pragma[noinline]
 private int total_cost(CallNode call, PointsToContext ctx) {
-  ctx.appliesTo(call) and
-  result = total_call_cost(call) + context_cost(ctx)
+  result = relevant_call_cost(ctx, call) + context_cost(ctx)
 }

 cached