Ruby: summarize unary splat operators and add local field step#10685
Merged
asgerf merged 5 commits intogithub:mainfrom Oct 11, 2022
Merged
Ruby: summarize unary splat operators and add local field step#10685asgerf merged 5 commits intogithub:mainfrom
asgerf merged 5 commits intogithub:mainfrom
Conversation
029ee3a to
d5c9d96
Compare
5f8ae4b to
a583672
Compare
fixup local field steps
Models should use Method[x] edges, not attribute edges
1a52427 to
b6e07c0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the local field step to type-tracking, such that any write to an instance variable can flow to a read.
For the time being it doesn't take inheritance into account.
This initially caused a regression in
opal. Investigating it I noticed some dubious API graph edges, and concluded that we should not propagate use/def nodes through self-argument passing.I wonder if we should remove self-argument passing from type-tracking altogether, since some parts of the call-graph construction also block this. But tracking of singleton methods still relies on self-argument passing so I didn't go that far in this PR, and just blocked it directly in API graphs instead.
Also marks the unary
*operator as a simple callable.Evaluation shows
selfin one of its methods, and then starts flagging up sinks inside the class. If we want to flag these sinks, the better solution is to directly treatselfin the class as uses of it, and not rely on finding a call site. I don't believe we currently lose any sources/sinks in clients of these libraries.HashLiteralPasswordSourcetreating an entire hash literal as a source, but where the value being read in the end isn't the key containing the password