hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Data flow: Inline local(Expr|Instruction)?(Flow|Taint)

Browse Source 
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
This commit is contained in:
Tom Hvitved
2022-01-31 14:28:45 +01:00
parent 56ac99039f
commit f2352d8272
13 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/ql-libraries/dataflow/dataflow.md
View File

@@ -92,7 +92,7 @@ Recommendations:
See the C/C++ implementation, which makes use of this feature. Another use of
this indirection is to hide synthesized local steps that are only relevant
for global flow. See the C# implementation for an example of this.
* Define `predicate localFlow(Node node1, Node node2) { localFlowStep*(node1, node2) }`.
* Define `pragma[inline] predicate localFlow(Node node1, Node node2) { localFlowStep*(node1, node2) }`.
* Make the local flow step relation in `simpleLocalFlowStep` follow
def-to-first-use and use-to-next-use steps for SSA variables. Def-use steps
also work, but the upside of `use-use` steps is that sources defined in terms