-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Open
Labels
Description
related log:
[2024-03-26 13:08:51] (664s) >>> Created relation gadgets#0b9c9d51::getParaPointerIndex#1#ff/2@0e72064q with 5120 rows and digest 8c17e92ufpma1sptlsm3ibgk848.
[2024-03-26 13:08:51] (664s) No need to promote strings for predicate gadgets#0b9c9d51::getParaPointerIndex#1#ff as it does not contain computed strings.
[2024-03-26 13:08:51] (664s) >>> Created relation gadgets#0b9c9d51::getParaPointerIndex#1#ff/2@31944318 with 5120 rows and digest 8c17e92ufpma1sptlsm3ibgk848.
[2024-03-26 13:08:51] (664s) Starting to evaluate predicate _Call#39248e3c::Call::getArgument#1#dispred#fff___Call#39248e3c::FunctionCall::getTarget#0#dispred#f__#shared/3@77f45a6s
[2024-03-26 13:08:51] (664s) Starting to evaluate predicate _Call#39248e3c::Call::getArgument#1#dispred#fff___Call#39248e3c::FunctionCall::getTarget#0#dispred#f__#shared/3@6366f098
[2024-03-26 13:08:56] (669s) Tuple counts for _Call#39248e3c::Call::getArgument#1#dispred#fff___Call#39248e3c::FunctionCall::getTarget#0#dispred#f__#shared/3@6366f098 after 5s:
4234450 ~3% {2} r1 = SCAN __Call#39248e3c::FunctionCall::getTarget#0#dispred#ff_10#join_rhs_Enclosing#c50c5fbf::stmtEnclosingE__#shared OUTPUT In.0 'arg1', In.1 'arg0'
4234450 ~3% {2} r2 = STREAM DEDUP r1
9083004 ~0% {3} r3 = JOIN r2 WITH Call#39248e3c::Call::getArgument#1#dispred#fff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.0 'arg1', Rhs.1 'arg2'
return r3
[2024-03-26 13:08:56] (669s) Tuple counts for _Call#39248e3c::Call::getArgument#1#dispred#fff___Call#39248e3c::FunctionCall::getTarget#0#dispred#f__#shared/3@77f45a6s after 5s:
4214836 ~3% {2} r1 = SCAN __Call#39248e3c::FunctionCall::getTarget#0#dispred#ff_10#join_rhs_Enclosing#c50c5fbf::stmtEnclosingE__#shared OUTPUT In.0 'arg1', In.1 'arg0'
4214836 ~3% {2} r2 = STREAM DEDUP r1
9045526 ~0% {3} r3 = JOIN r2 WITH Call#39248e3c::Call::getArgument#1#dispred#fff ON FIRST 1 OUTPUT Lhs.1 'arg0', Lhs.0 'arg1', Rhs.1 'arg2'
return r3
[2024-03-26 13:08:56] (669s) Pausing evaluation to evict 1.20GiB ARRAYS at sequence stamp o+5440836
[2024-03-26 13:08:56] (669s) Unpausing evaluation: 1.23GiB forgotten: 1.23GiB UNREACHABLE (1989 items up to o+5440829)
[2024-03-26 13:08:56] (669s) >>> Created relation _Call#39248e3c::Call::getArgument#1#dispred#fff___Call#39248e3c::FunctionCall::getTarget#0#dispred#f__#shared/3@6366f098 with 9083004 rows and digest 32582d05tbfpmf64m28a66ehuh0.
[2024-03-26 13:08:56] (669s) Starting to evaluate predicate _Call#39248e3c::Call::getArgument#1#dispred#fff__Call#39248e3c::Call::getArgument#1#dispred#fff___Ca__#join_rhs/2@f5edcbe0
[2024-03-26 13:08:56] (669s) Starting to evaluate predicate _Call#39248e3c::Call::getArgument#1#dispred#fff__Call#39248e3c::Call::getArgument#1#dispred#fff___Ca__#join_rhs#1/2@96b050l9
[2024-03-26 13:08:56] (669s) >>> Created relation _Call#39248e3c::Call::getArgument#1#dispred#fff___Call#39248e3c::FunctionCall::getTarget#0#dispred#f__#shared/3@77f45a6s with 9045526 rows and digest 328843tueune55pdvlb29cmkcc8.
[2024-03-26 13:08:56] (669s) Starting to evaluate predicate _Call#39248e3c::Call::getArgument#1#dispred#fff__Call#39248e3c::Call::getArgument#1#dispred#fff___Ca__#join_rhs/2@173330kq
[2024-03-26 13:08:57] (669s) Starting to evaluate predicate _Call#39248e3c::Call::getArgument#1#dispred#fff__Call#39248e3c::Call::getArgument#1#dispred#fff___Ca__#join_rhs#1/2@67ea54jp
My query has been running far far more than 669s, but no further output log, it's confusing for me to debug.
Related query:
exists(
ReturnStmt ret, Expr retexpr, Function func, Expr argexpr, int paraindex |
func = getFunctionDefinition(fc.getTarget()) and
ret.getEnclosingFunction() = func and
retexpr = ret.getExpr() and
exists(fc.getArgument(paraindex)) |
(
if isFromParaPointer(ret) // local taint
then (
paraindex = getParaPointerIndex(ret) and
argexpr = fc.getArgument(paraindex) and
result = isTarget(argexpr, res, depth)
)
else result = isTarget(retexpr, res, depth - 1)
)
)These LoCs are for checking whether a FunctionCall's returned Expr is from (local taint) its arguments, and determine what's next on recursive back-tracing isTarget().
I'm using a out-dated version of CodeQL CLI, maybe I'll update my tool chains first. But still hope to be helped~