Java/C++/C#: Improve join-order in pathStep predicate

Author: aschackmull

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and

csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll

@@ -2257,13 +2257,11 @@ private class PathNodeSink extends PathNodeImpl, TPathNodeSink {
  * a callable is recorded by `cc`.
  */
 private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCtx sc, AccessPath ap) {
-  exists(LocalCallContext localCC, AccessPath ap0, Node midnode, Configuration conf |
-    midnode = mid.getNode() and
-    conf = mid.getConfiguration() and
-    cc = mid.getCallContext() and
-    sc = mid.getSummaryCtx() and
-    localCC = getLocalCallContext(cc, midnode.getEnclosingCallable()) and
-    ap0 = mid.getAp()
+  exists(
+    AccessPath ap0, Node midnode, Configuration conf, Callable enclosing, LocalCallContext localCC
+  |
+    pathIntoLocalStep(mid, midnode, cc, enclosing, sc, ap0, conf) and
+    localCC = getLocalCallContext(cc, enclosing)
   |
     localFlowBigStep(midnode, node, true, conf, localCC) and
     ap = ap0
@@ -2297,6 +2295,20 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, SummaryCt
   pathThroughCallable(mid, node, cc, ap) and sc = mid.getSummaryCtx()
 }
 
+pragma[nomagic]
+private predicate pathIntoLocalStep(
+  PathNodeMid mid, Node midnode, CallContext cc, Callable enclosing, SummaryCtx sc, AccessPath ap0,
+  Configuration conf
+) {
+  midnode = mid.getNode() and
+  cc = mid.getCallContext() and
+  conf = mid.getConfiguration() and
+  localFlowBigStep(midnode, _, _, conf, _) and
+  enclosing = midnode.getEnclosingCallable() and
+  sc = mid.getSummaryCtx() and
+  ap0 = mid.getAp()
+}
+
 pragma[nomagic]
 private predicate readCand(Node node1, Content f, Node node2, Configuration config) {
   readDirect(node1, f, node2) and