hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-03 04:40:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4ed5722e3eb4f2678053b4e14f9bc02436a5ae17
codeql/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.expected
Copilot 4ed5722e3e Python: switch dataflow library to new (shared) CFG + SSA 
Flips the Python dataflow trunk from the legacy CFG (semmle/python/Flow.qll)
and legacy ESSA SSA (semmle/python/essa/*) to the new shared CFG facade
(semmle.python.controlflow.internal.Cfg) and the new SSA adapter
(semmle.python.dataflow.new.internal.SsaImpl), both introduced
additively in the preceding PRs in this stack.

This is the trunk-flip equivalent of the original draft PR #21894 (kept
around as documentation), rebased on top of the four preparatory PRs:

  P1: Remove AstNode.getAFlowNode() and rewrite callers (#21919).
  P2: Qualify Flow.qll's AST references with Py:: prefix (#21920).
  P3: Add new shared-CFG-backed control flow graph (#21921).
  P4: Add new shared-SSA-backed SSA adapter (#21923).

The Python dataflow library (semmle/python/dataflow/new/) now imports
the new CFG facade and SSA adapter. All CFG-typed predicates
(ControlFlowNode, CallNode, BasicBlock, NameNode, AttrNode, ...) are
qualified with the Cfg:: prefix; SSA references switch from
EssaVariable/EssaDefinition to SsaImpl::Definition/SourceVariable.

GuardNode is redesigned to use the new CFG's outcome-node model
(isAfterTrue / isAfterFalse) instead of the legacy ConditionBlock +
flipped indirection. Only BarrierGuard<...> is preserved as public
API.

Framework files (Bottle, FastApi, Django, Tornado, Pyramid, Stdlib,
...) are updated to take CFG nodes from the new facade.

A handful of dataflow consistency tweaks for the new CFG:
- Augmented-assignment targets are treated as both load and store.
- 'from X import *' produces uncertain SSA writes for unknown names.
- CFG nodes are canonicalised so dataflow does not see equivalent
  pre/post-order pairs as distinct nodes.

Two AST tweaks for the new CFG:
- AstNodeImpl: omit PEP 695 type-parameter names from
  FunctionDefExpr / ClassDefExpr children.
- ImportResolution: drop the legacy essa import.

Test churn (~175 files): reblessed library- and query-test .expected
files reflect slightly different CFG granularity, different toString
output, and a handful of true alert deltas in security queries.

Verification: all 367 lib + src + consistency-queries compile clean.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-02 14:09:45 +00:00

55 lines
3.4 KiB
Plaintext
Raw Blame History

testFailures
| code/conditional_in_argument.py:18:5:18:11 | Attribute() | Fixed missing result: tt=X.bar |
| code/funky_regression.py:15:9:15:17 | Attribute() | Fixed missing result: tt=Wat.f2 |
debug_callableNotUnique
pointsTo_found_typeTracker_notFound
| code/class_attr_assign.py:10:9:10:27 | Attribute() | my_func |
| code/class_attr_assign.py:11:9:11:25 | Attribute() | my_func |
| code/class_attr_assign.py:26:9:26:25 | Attribute() | DummyObject.method |
| code/class_super.py:50:1:50:6 | Attribute() | outside_def |
| code/func_defined_outside_class.py:21:1:21:11 | Attribute() | A.foo |
| code/func_defined_outside_class.py:22:1:22:15 | Attribute() | outside |
| code/func_defined_outside_class.py:24:1:24:14 | Attribute() | outside_sm |
| code/func_defined_outside_class.py:25:1:25:14 | Attribute() | outside_cm |
| code/func_defined_outside_class.py:38:11:38:21 | _gen() | B._gen |
| code/func_defined_outside_class.py:39:11:39:21 | _gen() | B._gen |
| code/func_defined_outside_class.py:42:1:42:7 | Attribute() | B._gen.func |
| code/func_defined_outside_class.py:43:1:43:7 | Attribute() | B._gen.func |
| code/type_tracking_limitation.py:8:1:8:3 | x() | my_func |
typeTracker_found_pointsTo_notFound
| code/callable_as_argument.py:29:5:29:12 | Attribute() | test_class.InsideTestFunc.sm |
| code/class_construction.py:44:9:44:26 | Attribute() | WithNew.some_method |
| code/class_construction.py:61:9:61:26 | Attribute() | WithNew.some_method |
| code/class_construction.py:75:9:75:27 | Attribute() | ExtraCallToInit.__init__ |
| code/class_special_methods.py:22:9:22:16 | self() | Base.__call__ |
| code/class_special_methods.py:22:9:22:16 | self() | Sub.__call__ |
| code/class_special_methods.py:33:1:33:5 | b() | Base.__call__ |
| code/class_special_methods.py:59:1:59:7 | sub() | Sub.__call__ |
| code/class_super.py:43:9:43:21 | Attribute() | A.bar |
| code/class_super.py:44:9:44:27 | Attribute() | A.bar |
| code/class_super.py:63:1:63:18 | Attribute() | A.foo |
| code/class_super.py:78:9:78:28 | Attribute() | A.foo |
| code/class_super.py:81:1:81:12 | Attribute() | C.foo_on_A |
| code/class_super.py:92:9:92:21 | Attribute() | X.foo |
| code/class_super.py:97:9:97:21 | Attribute() | X.foo |
| code/class_super.py:97:9:97:21 | Attribute() | Y.foo |
| code/class_super.py:101:1:101:7 | Attribute() | Z.foo |
| code/class_super.py:108:1:108:8 | Attribute() | Z.foo |
| code/def_in_function.py:22:5:22:11 | Attribute() | test.A.foo |
| code/func_ref_in_content.py:32:1:32:4 | f4() | func |
| code/func_ref_in_content.py:46:1:46:4 | f5() | func |
| code/func_ref_in_content.py:48:1:48:15 | Subscript() | func2 |
| code/func_ref_in_content.py:50:1:50:19 | Subscript() | func2 |
| code/isinstance.py:9:13:9:22 | Attribute() | A.foo |
| code/isinstance.py:9:13:9:22 | Attribute() | ASub.foo |
| code/isinstance.py:14:13:14:22 | Attribute() | A.foo |
| code/isinstance.py:14:13:14:22 | Attribute() | ASub.foo |
| code/isinstance.py:14:13:14:22 | Attribute() | B.foo |
| code/isinstance.py:17:13:17:22 | Attribute() | A.foo |
| code/nested_class.py:83:9:83:16 | Attribute() | X.class_def_in_func.Y.meth |
| code/self_passing.py:16:9:16:18 | Attribute() | A.foo |
| code/self_passing.py:16:9:16:18 | Attribute() | B.foo |
| code/self_passing.py:67:9:67:16 | Attribute() | Y.cm |
| code/self_passing.py:69:9:69:17 | Attribute() | X.foo |
| code/underscore_prefix_func_name.py:14:5:14:19 | some_function() | some_function |
Reference in New Issue View Git Blame Copy Permalink