Python: Fix self-passing problems

This also fixes performance problems for pandas-dev/pandas

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll

@@ -441,7 +441,8 @@ private TypeTrackingNode classTracker(TypeTracker t, Class cls) {
     result.(CallCfgNode).getArg(0) = classInstanceTracker(cls)
   )
   or
-  exists(TypeTracker t2 | result = classTracker(t2, cls).track(t2, t))
+  exists(TypeTracker t2 | result = classTracker(t2, cls).track(t2, t)) and
+  not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf()))
 }
 
 /**
@@ -456,7 +457,8 @@ private TypeTrackingNode classInstanceTracker(TypeTracker t, Class cls) {
   t.start() and
   result.(CallCfgNode).getFunction() = classTracker(cls)
   or
-  exists(TypeTracker t2 | result = classInstanceTracker(t2, cls).track(t2, t))
+  exists(TypeTracker t2 | result = classInstanceTracker(t2, cls).track(t2, t)) and
+  not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf()))
 }
 
 /**
@@ -480,7 +482,8 @@ private TypeTrackingNode selfTracker(TypeTracker t, Class classWithMethod) {
     result.asExpr() = func.getArg(0)
   )
   or
-  exists(TypeTracker t2 | result = selfTracker(t2, classWithMethod).track(t2, t))
+  exists(TypeTracker t2 | result = selfTracker(t2, classWithMethod).track(t2, t)) and
+  not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf()))
 }
 
 /**
@@ -509,7 +512,8 @@ private TypeTrackingNode clsTracker(TypeTracker t, Class classWithMethod) {
     result.(CallCfgNode).getArg(0) = selfTracker(classWithMethod)
   )
   or
-  exists(TypeTracker t2 | result = clsTracker(t2, classWithMethod).track(t2, t))
+  exists(TypeTracker t2 | result = clsTracker(t2, classWithMethod).track(t2, t)) and
+  not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf()))
 }
 
 /**
@@ -532,7 +536,8 @@ private TypeTrackingNode superCallNoArgumentTracker(TypeTracker t, Function func
     call.getScope() = func
   )
   or
-  exists(TypeTracker t2 | result = superCallNoArgumentTracker(t2, func).track(t2, t))
+  exists(TypeTracker t2 | result = superCallNoArgumentTracker(t2, func).track(t2, t)) and
+  not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf()))
 }
 
 /**
@@ -555,7 +560,8 @@ private TypeTrackingNode superCallTwoArgumentTracker(TypeTracker t, Class cls, N
     call.getArg(1) = obj
   )
   or
-  exists(TypeTracker t2 | result = superCallTwoArgumentTracker(t2, cls, obj).track(t2, t))
+  exists(TypeTracker t2 | result = superCallTwoArgumentTracker(t2, cls, obj).track(t2, t)) and
+  not result.(ParameterNodeImpl).isParameterOf(_, any(ParameterPosition pp | pp.isSelf()))
 }
 
 /**

python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackerSpecific.qll

@@ -68,7 +68,6 @@ string getPossibleContentName() {
  * methods is done using API graphs (which uses type tracking).
  */
 predicate callStep(DataFlowPublic::ArgumentNode nodeFrom, DataFlowPublic::ParameterNode nodeTo) {
-  // TODO: Fix performance problem with pandas
   exists(
     DataFlowPrivate::DataFlowCall call, DataFlowPrivate::DataFlowCallable callable,
     DataFlowPrivate::ArgumentPosition apos, DataFlowPrivate::ParameterPosition ppos

python/ql/test/experimental/library-tests/CallGraph/code/self_passing.py

@@ -21,7 +21,7 @@ class Base(object):
 class A(Base):
     def foo(self):
         print("A.foo")
-        self.bar() # $ pt,tt=A.bar SPURIOUS: tt=B.bar
+        self.bar() # $ pt,tt=A.bar
 
     def not_called(self):
         self.bar() #$ pt,tt=A.bar
@@ -50,7 +50,7 @@ class X(object):
 
     def foo(self):
         print("X.foo")
-        self.meth() # $ pt,tt=X.meth SPURIOUS: tt=Y.meth
+        self.meth() # $ pt,tt=X.meth
 
 
 class Y(object):