Dataflow: Simplify the call-edge join in reverse through-flow.

2025-12-16 16:53:25 +01:00 · 2025-01-16 16:07:24 +01:00
parent 133e2696ac
commit f310780257
1 changed files with 14 additions and 12 deletions
--- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -2187,11 +2187,11 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
        pragma[nomagic]
        private predicate flowThroughIntoCall(
-          DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, Ap argAp, Ap ap
+          DataFlowCall call, ArgNodeEx arg, ParamNodeEx p, Ap argAp
        ) {
          exists(Typ argT, TypOption argStored |
            returnFlowsThrough(_, _, _, _, pragma[only_bind_into](p), pragma[only_bind_into](argT),
-              pragma[only_bind_into](argAp), pragma[only_bind_into](argStored), ap) and
+              pragma[only_bind_into](argAp), pragma[only_bind_into](argStored), _) and
            flowIntoCallTaken(call, _, pragma[only_bind_into](arg), p, isNil(argAp)) and
            fwdFlow(arg, _, _, _, pragma[only_bind_into](argT), pragma[only_bind_into](argAp),
              pragma[only_bind_into](argStored))
@@ -2285,9 +2285,9 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
          returnAp = apNone()
          or
          // flow through a callable
-          exists(DataFlowCall call, ParamNodeEx p, Ap innerReturnAp |
+          exists(DataFlowCall call, ParamNodeEx p |
-            revFlowThrough(call, returnCtx, p, state, _, returnAp, ap, innerReturnAp) and
+            revFlowThrough(call, returnCtx, p, state, returnAp, ap) and
-            flowThroughIntoCall(call, node, p, ap, innerReturnAp)
+            flowThroughIntoCall(call, node, p, ap)
          )
          or
          // flow out of a callable
@@ -2437,11 +2437,13 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
        pragma[nomagic]
        private predicate revFlowThrough(
-          DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state,
+          DataFlowCall call, ReturnCtx returnCtx, ParamNodeEx p, FlowState state, ApOption returnAp,
-          ReturnPosition pos, ApOption returnAp, Ap ap, Ap innerReturnAp
+          Ap ap
        ) {
-          revFlowParamToReturn(p, state, pos, innerReturnAp, ap) and
+          exists(ReturnPosition pos, Ap innerReturnAp |
-          revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp)
+            revFlowParamToReturn(p, state, pos, innerReturnAp, ap) and
            revFlowIsReturned(call, returnCtx, returnAp, pos, innerReturnAp)
          )
        }
        /**
@@ -2567,9 +2569,9 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
          DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
          Ap ap
        ) {
-          exists(ParamNodeEx p, Ap innerReturnAp |
+          exists(ParamNodeEx p |
-            revFlowThrough(call, returnCtx, p, state, _, returnAp, ap, innerReturnAp) and
+            revFlowThrough(call, returnCtx, p, state, returnAp, ap) and
-            flowThroughIntoCall(call, arg, p, ap, innerReturnAp)
+            flowThroughIntoCall(call, arg, p, ap)
          )
        }