Skip to content

Commit

Permalink
Dataflow: apply diff-informed filtering consistently
Browse files Browse the repository at this point in the history
  • Loading branch information
cklin committed Oct 17, 2024
1 parent d6415cd commit 1aa3eb5
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,13 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
hasFilteredSource()
)
}

bindingset[source, sink]
pragma[inline_late]
predicate isRelevantSourceSinkPair(Node source, Node sink) {
isFilteredSource(source) or
isFilteredSink(sink)
}
}

private import SourceSinkFiltering
Expand Down Expand Up @@ -3511,6 +3518,17 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
* included in the module `PathGraph`.
*/
predicate flowPath(PathNode source, PathNode sink) {
(
// When there are both sources and sinks in the diff range,
// diff-informed dataflow falls back to computing all paths without
// any filtering. To prevent significant alert flip-flopping due to
// minor code changes triggering the fallback, we consistently apply
// source-or-sink filtering here to ensure that we return the same
// paths regardless of whether the fallback is triggered.
if Config::observeDiffInformedIncrementalMode()
then isRelevantSourceSinkPair(source.getNode(), sink.getNode())
else any()
) and
exists(PathNodeImpl flowsource, PathNodeImpl flowsink |
source = flowsource and sink = flowsink
|
Expand Down

0 comments on commit 1aa3eb5

Please sign in to comment.