Java: IPA the CFG (second try) #17970
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| result = this.(Expr).getEnclosingStmt() | ||
| } | ||
|
|
||
| Node getCFGNode() { result.asExpr() = this or result.asStmt() = this } |
Check warning
Code scanning / CodeQL
Acronyms should be PascalCase/camelCase. Warning
| private ControlFlowNode mainBranchSucc(ControlFlowNode n, boolean b) { | ||
| result = succ(n, BooleanCompletion(_, b)) | ||
| } | ||
| private Node mainBranchSucc(Node n, boolean b) { result = succ(n, BooleanCompletion(_, b)) } |
Check warning
Code scanning / CodeQL
Missing QLDoc for parameter Warning
| @@ -1487,8 +1555,8 @@ | |||
| * In the latter case, when `n` occurs as the last node in a finally block, there might be | |||
| * multiple different such successors. | |||
| */ | |||
| private ControlFlowNode otherBranchSucc(ControlFlowNode n, boolean b) { | |||
| exists(ControlFlowNode main | main = mainBranchSucc(n, b.booleanNot()) | | |||
| private Node otherBranchSucc(Node n, boolean b) { | |||
Check warning
Code scanning / CodeQL
Missing QLDoc for parameter Warning
Only one in Dominance required thinking.
now we need to sort out range analysis
The equivalence relation needed for range analysis is now on underlying `ExprParent`s, as `BasicBlock` is now an IPA type and ids are opaque.
Java: some mechanical transformations
| result = this.(Expr).getEnclosingStmt() | ||
| module ControlFlow { | ||
| private predicate hasControlFlow(Expr e) { | ||
| not e.getEnclosingStmt() instanceof ConstCase and |
There was a problem hiding this comment.
In a line like case "a" -> null; I think this is trying to exclude the "a" but is accidentally excluding the null as well. I guess this wasn't an issue until switch expressions got added.
There was a problem hiding this comment.
Or maybe it's the arrow syntax that caused the problem, as extra expressions are now part of this statement.
Fix is taken from https://github.com/github/codeql/pull/711/files#diff-24d21bcfe63e29a6ef28151d9bd8eeaa610565c3ed7b846de1eb5fb0be661ae5 It is not clear why anotations are left out.
Java: fix UnreachabaleBasicBlock
|
The language test failure can only be fixed with an internal PR to update a .expected file. I will prepare one when this PR has been approved. |
|
DCA has finished and it shows a mild analysis time increase. I ran some queries on apache/flink using before and after commits and looked at the tuple counts and predicate timings and didn't see anything obviously taking much longer. I don't think it's a bad join order or anything like that. But I guess that adding another layer will make analysis take a little longer. |
This converts the control flow graph to an IPA type to give us some more options in how we model control flow. There should be no change in any query results.
This resurrects this PR from almost six years ago. The CFG code hasn't changed much in the interim, thankfully.