Skip to content

Conversation

@yoff
Copy link
Contributor

@yoff yoff commented May 16, 2023

Shared module provides predicates for

  • levelStepNoCall
  • basicLoadStep
  • basicStoreStep
  • basicLoadStoreStep
  • basicWithoutContentStep
  • basicWithContentStep

see the output signature.

It is shared via identicalFiles.json and used in ruby and python.

Will require performance testing to ensure we did not break ruby performance.

TODO:

  • We will not get full benefit of this in Python until type tracking uses dataflow content (rather than just strings representing attributes, as it does now).

@github-actions github-actions bot added the Ruby label May 16, 2023
@yoff yoff force-pushed the python-ruby/track-through-summaries-pm branch from ae32ca9 to a602abf Compare May 22, 2023 13:15
@yoff yoff added the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label May 22, 2023
@yoff yoff marked this pull request as ready for review May 22, 2023 14:35
@yoff yoff requested review from a team as code owners May 22, 2023 14:35
yoff added 3 commits May 30, 2023 13:16
- add `getACallSimple` to `SummarizedCallable`
  (by adding it to `LibraryCallable`)
ruby:
- create new shared file `SummaryTypeTracker.qll`
- move much logic into the module
- instantiate the module
- remove old logic, now provided by module

python:
- clone shared file
- instantiate module
- use (some of the) steps provided by the module
@yoff yoff force-pushed the python-ruby/track-through-summaries-pm branch from a602abf to 820b5f2 Compare May 30, 2023 11:36
@yoff
Copy link
Contributor Author

yoff commented May 30, 2023

Force-pushed to resolve conflict. (Also added change note.)

@calumgrant calumgrant requested a review from asgerf June 6, 2023 08:21
@yoff
Copy link
Contributor Author

yoff commented Jun 7, 2023

It was suggested off-line to also include Java as a user, but it turns out that Java uses type tracking differently and already has flow through summaries.

Copy link
Contributor

@asgerf asgerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this! The signature does end up being rather verbose but I guess that's just the way it is. A few minor things otherwise LGTM.

Co-authored-by: Asger F <asgerf@github.com>
@yoff
Copy link
Contributor Author

yoff commented Jun 7, 2023

Thanks for the review, indeed it looks like we can remove those two predicates from the interface. Nice! 💪

@yoff yoff requested a review from asgerf June 7, 2023 12:09
@yoff
Copy link
Contributor Author

yoff commented Jun 9, 2023

to not use the call graph.
@yoff
Copy link
Contributor Author

yoff commented Jun 9, 2023

So now this PR is ready for review again :-)

@calumgrant calumgrant requested a review from RasmusWL June 12, 2023 09:11
)
}

module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be private?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, yes, that would be nicer.

Node callTo(SummarizedCallable callable) { result = callable.getACallSimple() }
}

module TypeTrackerSummaryFlow = SummaryTypeTracker::SummaryFlow<SummaryTypeTrackerInput>;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also private?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, yes, the outside does not need this, I think.

or
dependsOnSummaryComponentStackCons(callable, _, stack)
}
module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be private?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

Node callTo(SummarizedCallable callable) { result.asExpr().getExpr() = callable.getACallSimple() }
}

module TypeTrackerSummaryFlow = SummaryTypeTracker::SummaryFlow<SummaryTypeTrackerInput>;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also private?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks for making this code shared. I have a few trivial comments. We should also do final DCA runs before merging.

* These are meant to be used in `TypeTrackerSpecific.qll`
* inside the predicates of the same names.
*/
signature module Output<Input I> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think there is any need to provide an explicit output signature, when the output is not used itself as input to another parameterized module.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might it be in the future, though? If we get type tracking as a parameterised module (as started by Java).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean, it is easy enough to add when needed (so we could take it out now), but I actually like how it codifies the intention of the module...

@yoff yoff requested review from asgerf and hvitved June 13, 2023 09:56
hvitved
hvitved previously approved these changes Jun 13, 2023
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Let's do a final DCA run before merging.

@yoff
Copy link
Contributor Author

yoff commented Jun 13, 2023

LGTM. Let's do a final DCA run before merging.

Agreed, I have kept the Awaiting evaluation label. See running experiments in backlinks.

@yoff
Copy link
Contributor Author

yoff commented Jun 13, 2023

Evaluation looks safe, removing the label (but feel free to disagree).

@yoff yoff removed the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label Jun 13, 2023
// Content
class TypeTrackerContent;

class TypeTrackerContentFilter;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After reading the input signature and QLDocs, I have absolutely no idea what the content filters are supposed to do. I guess it'll make sense once I start reading the implementation 🤷

Comment on lines +222 to +248
// Relating nodes to summaries
Node argumentOf(Node call, SummaryComponent arg) {
exists(DataFlowDispatch::ParameterPosition pos |
arg = FlowSummary::SummaryComponent::argument(pos) and
argumentPositionMatch(call, result, pos)
)
}

Node parameterOf(Node callable, SummaryComponent param) {
exists(
DataFlowDispatch::ArgumentPosition apos, DataFlowDispatch::ParameterPosition ppos, Parameter p
|
param = FlowSummary::SummaryComponent::parameter(apos) and
DataFlowDispatch::parameterMatch(ppos, apos) and
// pick the SsaNode rather than the CfgNode
result.asVar().getDefinition().(ParameterDefinition).getParameter() = p and
(
exists(int i | ppos.isPositional(i) |
p = callable.getALocalSource().asExpr().(CallableExpr).getInnerScope().getArg(i)
)
or
exists(string name | ppos.isKeyword(name) |
p = callable.getALocalSource().asExpr().(CallableExpr).getInnerScope().getArgByName(name)
)
)
)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's talk about these two offline. I would like to understand the interaction with the call-graph a bit better 😊

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
@yoff yoff requested a review from RasmusWL June 14, 2023 21:31
@yoff yoff merged commit 579c56c into github:main Jun 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants