From ee62706ad2161201bfcd707b9ec0015fba728797 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Wed, 18 Mar 2020 17:39:51 +0000
Subject: [PATCH] JavaScript: Split up a predicate to avoid bad join order.

---
 javascript/ql/src/semmle/javascript/dataflow/Nodes.qll | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
index c988bc9362e..f1914e3986d 100644
--- a/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
@@ -157,10 +157,12 @@ class InvokeNode extends DataFlow::SourceNode {
    * `name` is set to `result`.
    */
   DataFlow::ValueNode getOptionArgument(int i, string name) {
-    exists(ObjectLiteralNode obj |
-      obj.flowsTo(getArgument(i)) and
-      obj.hasPropertyWrite(name, result)
-    )
+    getOptionsArgument(i).hasPropertyWrite(name, result)
+  }
+
+  pragma[noinline]
+  private ObjectLiteralNode getOptionsArgument(int i) {
+    result.flowsTo(getArgument(i))
   }
 
   /** Gets an abstract value representing possible callees of this call site. */