@@ -59,42 +59,56 @@ module DataFlow {
5959 }
6060
6161 private newtype TParameter =
62- TThisParam ( ClassPredicate p ) or
63- TResultParam ( Predicate p ) { exists ( p .getReturnType ( ) ) } or
64- TVarParam ( VarDecl v , int i , Predicate pred ) { pred .getParameter ( i ) = v }
62+ TThisParameter ( ClassPredicate p ) or
63+ TResultParameter ( Predicate p ) { exists ( p .getReturnType ( ) ) } or
64+ TVariableParameter ( VarDecl v , int i , Predicate pred ) { pred .getParameter ( i ) = v }
6565
66- class Parameter extends TParameter {
66+ abstract class Parameter extends TParameter {
6767 string toString ( ) { this .hasName ( result ) }
6868
69- ClassPredicate asThis ( ) { this = TThisParam ( result ) }
69+ abstract predicate hasName ( string name ) ;
7070
71- Predicate asResult ( ) { this = TResultParam ( result ) }
71+ abstract int getIndex ( ) ;
7272
73- VarDecl asVar ( int i , Predicate pred ) { this = TVarParam ( result , i , pred ) }
73+ abstract Predicate getPredicate ( ) ;
74+ }
7475
75- predicate hasName ( string name ) {
76- exists ( this .asThis ( ) ) and name = "this"
77- or
78- exists ( this .asResult ( ) ) and name = "result"
79- or
80- name = this .asVar ( _, _) .getName ( )
81- }
76+ class ThisParameter extends Parameter , TThisParameter {
77+ ClassPredicate p ;
8278
83- int getIndex ( ) {
84- exists ( this .asThis ( ) ) and result = - 1
85- or
86- exists ( this .asResult ( ) ) and result = - 2
87- or
88- exists ( this .asVar ( result , _) )
89- }
79+ ThisParameter ( ) { this = TThisParameter ( p ) }
9080
91- Predicate getPredicate ( ) {
92- result = this .asThis ( )
93- or
94- result = this .asResult ( )
95- or
96- exists ( this .asVar ( _, result ) )
97- }
81+ override predicate hasName ( string name ) { name = "this" }
82+
83+ override int getIndex ( ) { result = - 1 }
84+
85+ override Predicate getPredicate ( ) { result = p }
86+ }
87+
88+ class ResultParameter extends Parameter , TResultParameter {
89+ Predicate p ;
90+
91+ ResultParameter ( ) { this = TResultParameter ( p ) }
92+
93+ override predicate hasName ( string name ) { name = "result" }
94+
95+ override int getIndex ( ) { result = - 2 }
96+
97+ override Predicate getPredicate ( ) { result = p }
98+ }
99+
100+ class VariableParameter extends Parameter , TVariableParameter {
101+ VarDecl v ;
102+ int i ;
103+ Predicate p ;
104+
105+ VariableParameter ( ) { this = TVariableParameter ( v , i , p ) }
106+
107+ override predicate hasName ( string name ) { name = v .getName ( ) }
108+
109+ override int getIndex ( ) { result = i }
110+
111+ override Predicate getPredicate ( ) { result = p }
98112 }
99113
100114 class Node extends TNode {
@@ -222,15 +236,15 @@ module DataFlow {
222236
223237 predicate paramStep ( Expr e1 , Parameter p2 ) {
224238 exists ( VarDecl v |
225- p2 = TVarParam ( v , _, _) and
239+ p2 = TVariableParameter ( v , _, _) and
226240 varaccesValue ( e1 , v , _)
227241 )
228242 or
229243 exists ( Formula scope |
230- p2 = TThisParam ( scope .getEnclosingPredicate ( ) ) and
244+ p2 = TThisParameter ( scope .getEnclosingPredicate ( ) ) and
231245 thisValue ( e1 , scope )
232246 or
233- p2 = TResultParam ( scope .getEnclosingPredicate ( ) ) and
247+ p2 = TResultParameter ( scope .getEnclosingPredicate ( ) ) and
234248 resultValue ( e1 , scope )
235249 )
236250 }
@@ -273,7 +287,7 @@ module DataFlow {
273287 }
274288
275289 predicate flowsFromSource ( Node node ) {
276- isSource ( node )
290+ isSource ( node . asExpr ( ) )
277291 or
278292 exists ( Node mid | flowsFromSource ( mid ) | step ( mid , node ) )
279293 }
@@ -292,11 +306,10 @@ module DataFlow {
292306 sink .getPredicate ( ) instanceof EdgesPredicate
293307 }
294308
295- predicate isSource ( Node source ) {
296- exists ( ToStringCall toString |
297- source .asExpr ( ) = toString and
298- not toString .getEnclosingPredicate ( ) instanceof ToString
299- )
309+ predicate isSource ( ToStringCall toString ) {
310+ not toString .getEnclosingPredicate ( ) instanceof ToString and
311+ not toString .getEnclosingPredicate ( ) instanceof NodesPredicate and
312+ not toString .getEnclosingPredicate ( ) instanceof EdgesPredicate
300313 }
301314}
302315
@@ -309,16 +322,23 @@ predicate flowsToSelect(Expr e) {
309322
310323from ToStringCall call
311324where
325+ // It's not part of a toString call
326+ DataFlow:: isSource ( call ) and
312327 // The call doesn't flow to a select
313328 not flowsToSelect ( call ) and
314- // It's not part of a toString call
315- not call .getEnclosingPredicate ( ) instanceof ToString and
316329 // It's in a query
317330 call .getLocation ( ) .getFile ( ) .getBaseName ( ) .matches ( "%.ql" ) and
318331 // ... and not in a test
319- not call .getLocation ( )
320- .getFile ( )
321- .getAbsolutePath ( )
322- .toLowerCase ( )
323- .matches ( [ "%test%" , "%consistency%" , "%meta%" ] )
332+ not (
333+ call .getLocation ( )
334+ .getFile ( )
335+ .getAbsolutePath ( )
336+ .toLowerCase ( )
337+ .matches ( [ "%test%" , "%consistency%" , "%meta%" ] )
338+ or
339+ call .getLocation ( )
340+ .getFile ( )
341+ .getAbsolutePath ( )
342+ .regexpMatch ( ".*/(test|examples|ql-training|recorded-call-graph-metrics)/.*" )
343+ )
324344select call , "Query logic depends on implementation of 'toString'."
0 commit comments