From fd7d216fe364db5f4a914e816a08c8ffc7fb0566 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 4 Sep 2025 20:01:03 +0100 Subject: [PATCH 1/4] Shared: Replace explicit recursion with a HOP. --- .../typetracking/internal/TypeTrackingImpl.qll | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll index fcfcfe9ecd1d..915aeb2b0129 100644 --- a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll +++ b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll @@ -249,20 +249,20 @@ module TypeTracking I> { returnStep(nodeFrom, nodeTo) and summary = ReturnStep() } - pragma[inline] - private predicate isLocalSourceNode(LocalSourceNode n) { any() } + private predicate isLocalSourceNode(LocalSourceNode n) { + not nonStandardFlowsTo(_, _) and exists(n) + } + + private predicate simpleLocalSmallStepPlus(Node localSource, Node dst) = + sourceBoundedFastTC(simpleLocalSmallStep/2, isLocalSourceNode/1)(localSource, dst) cached predicate standardFlowsTo(Node localSource, Node dst) { - not nonStandardFlowsTo(_, _) and // explicit type check in base case to avoid repeated type tests in recursive case isLocalSourceNode(localSource) and dst = localSource or - exists(Node mid | - standardFlowsTo(localSource, mid) and - simpleLocalSmallStep(mid, dst) - ) + simpleLocalSmallStepPlus(localSource, dst) } cached From 3aee4a88aa6326658098cdd2bf2c30baecfda95f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 8 Sep 2025 13:37:48 +0100 Subject: [PATCH 2/4] Shared: Cache the sourceBoundedFastTC structure instead of the resulting materialized relation. --- .../internal/TypeTrackingImpl.qll | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll index 915aeb2b0129..4f7b22cf6c03 100644 --- a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll +++ b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll @@ -70,6 +70,10 @@ module TypeTracking I> { private class ContentOption = ContentOption::Option; + private predicate isLocalSourceNode(LocalSourceNode n) { + not nonStandardFlowsTo(_, _) and exists(n) + } + cached private module Cached { cached @@ -249,21 +253,9 @@ module TypeTracking I> { returnStep(nodeFrom, nodeTo) and summary = ReturnStep() } - private predicate isLocalSourceNode(LocalSourceNode n) { - not nonStandardFlowsTo(_, _) and exists(n) - } - - private predicate simpleLocalSmallStepPlus(Node localSource, Node dst) = - sourceBoundedFastTC(simpleLocalSmallStep/2, isLocalSourceNode/1)(localSource, dst) - cached - predicate standardFlowsTo(Node localSource, Node dst) { - // explicit type check in base case to avoid repeated type tests in recursive case - isLocalSourceNode(localSource) and - dst = localSource - or - simpleLocalSmallStepPlus(localSource, dst) - } + predicate simpleLocalSmallStepPlus(Node localSource, Node dst) = + sourceBoundedFastTC(simpleLocalSmallStep/2, isLocalSourceNode/1)(localSource, dst) cached predicate stepNoCall(LocalSourceNode nodeFrom, LocalSourceNode nodeTo, StepSummary summary) { @@ -276,6 +268,15 @@ module TypeTracking I> { } } + pragma[inline] + predicate standardFlowsTo(Node localSource, Node dst) { + // explicit type check in base case to avoid repeated type tests in recursive case + isLocalSourceNode(localSource) and + dst = localSource + or + simpleLocalSmallStepPlus(localSource, dst) + } + import Cached /** From b7bc94b98717d99aadfeefc50b1d6a49bbb4c86a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 Sep 2025 11:21:25 +0100 Subject: [PATCH 3/4] Update shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll Co-authored-by: Anders Schack-Mulligen --- .../codeql/typetracking/internal/TypeTrackingImpl.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll index 4f7b22cf6c03..f33ffd1b75af 100644 --- a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll +++ b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll @@ -270,7 +270,6 @@ module TypeTracking I> { pragma[inline] predicate standardFlowsTo(Node localSource, Node dst) { - // explicit type check in base case to avoid repeated type tests in recursive case isLocalSourceNode(localSource) and dst = localSource or From f8bdf924dbea0704a15f17828570d74d20e749ef Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 10 Sep 2025 11:26:36 +0100 Subject: [PATCH 4/4] Shared: Make 'standardFlowsTo' private. --- .../codeql/typetracking/internal/TypeTrackingImpl.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll index f33ffd1b75af..a98e5ec8254d 100644 --- a/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll +++ b/shared/typetracking/codeql/typetracking/internal/TypeTrackingImpl.qll @@ -269,7 +269,7 @@ module TypeTracking I> { } pragma[inline] - predicate standardFlowsTo(Node localSource, Node dst) { + private predicate standardFlowsTo(Node localSource, Node dst) { isLocalSourceNode(localSource) and dst = localSource or