Python: Prevent bad TC and add a bit of caching

Using `simpleLocalFlowStep+` with the first argument specialised to `CfgNode` was causing the compiler to turn this into a very slowly converging manual TC computation. Instead, we use `simpleLocalFlowStep*` (which is fast) and then join that with a single step from any `CfgNode`. This should amount to the same thing. I also noticed that the charpred for `LocalSourceNode` was getting recomputed a lot, so this is now cached. (The recomputation was especially bad since it relied on `simpleLocalFlowStep+`, but anyway it's a good idea not to recompute this.)
2025-12-20 10:46:30 +01:00 · 2021-03-25 17:28:37 +01:00
parent 0ae8b69102
commit dbef36cbbb
1 changed files with 9 additions and 1 deletions
--- a/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
+++ b/python/ql/src/semmle/python/dataflow/new/internal/DataFlowPublic.qll
@@ -467,14 +467,22 @@ class BarrierGuard extends GuardNode {
  }
 }

+private predicate comes_from_cfgnode(Node node) {
+  exists(Node second |
+    simpleLocalFlowStep(any(CfgNode c), second) and
+    simpleLocalFlowStep*(second, node)
+  )
+}
+
 /**
 * A data flow node that is a source of local flow. This includes things like
 * - Expressions
 * - Function parameters
 */
 class LocalSourceNode extends Node {
+  cached
  LocalSourceNode() {
-    not simpleLocalFlowStep+(any(CfgNode n), this) and
+    not comes_from_cfgnode(this) and
    not this instanceof ModuleVariableNode
    or
    this = any(ModuleVariableNode mvn).getARead()