Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Java: IPA the CFG (second try) #17970

Open
wants to merge 21 commits into
base: main
Choose a base branch
from

Conversation

owen-mc
Copy link
Contributor

@owen-mc owen-mc commented Nov 12, 2024

This converts the control flow graph to an IPA type to give us some more options in how we model control flow. There should be no change in any query results.

This resurrects this PR from almost six years ago. The CFG code hasn't changed much in the interim, thankfully.

The commit history is pretty garbled, so it's probably best not to review commit-by-commit.

@owen-mc owen-mc requested a review from a team as a code owner November 12, 2024 17:04
@owen-mc owen-mc marked this pull request as draft November 12, 2024 17:04
@github-actions github-actions bot added the Java label Nov 12, 2024
java/ql/lib/semmle/code/java/ControlFlowGraph.qll Fixed Show resolved Hide resolved
private ControlFlowNode mainBranchSucc(ControlFlowNode n, boolean b) {
result = succ(n, BooleanCompletion(_, b))
}
private Node mainBranchSucc(Node n, boolean b) { result = succ(n, BooleanCompletion(_, b)) }

Check warning

Code scanning / CodeQL

Missing QLDoc for parameter Warning

The QLDoc has no documentation for b, or n, but the QLDoc mentions booleanCompletion
@@ -1487,8 +1555,8 @@
* In the latter case, when `n` occurs as the last node in a finally block, there might be
* multiple different such successors.
*/
private ControlFlowNode otherBranchSucc(ControlFlowNode n, boolean b) {
exists(ControlFlowNode main | main = mainBranchSucc(n, b.booleanNot()) |
private Node otherBranchSucc(Node n, boolean b) {

Check warning

Code scanning / CodeQL

Missing QLDoc for parameter Warning

The QLDoc has no documentation for b, but the QLDoc mentions booleanCompletion, and normalCompletion
yoff and others added 6 commits November 13, 2024 11:13
Only one in Dominance required thinking.
now we need to sort out range analysis
The equivalence relation needed for range analysis
is now on underlying `ExprParent`s, as `BasicBlock` is now an IPA type and ids are opaque.
Java: some mechanical transformations
result = this.(Expr).getEnclosingStmt()
module ControlFlow {
private predicate hasControlFlow(Expr e) {
not e.getEnclosingStmt() instanceof ConstCase and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is interesting..

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In a line like case "a" -> null; I think this is trying to exclude the "a" but is accidentally excluding the null as well. I guess this wasn't an issue until switch expressions got added.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or maybe it's the arrow syntax that caused the problem, as extra expressions are now part of this statement.

@owen-mc owen-mc marked this pull request as ready for review November 14, 2024 13:11
@owen-mc
Copy link
Contributor Author

owen-mc commented Nov 14, 2024

The language test failure can only be fixed with an internal PR to update a .expected file. I will prepare one when this PR has been approved.

@owen-mc
Copy link
Contributor Author

owen-mc commented Nov 14, 2024

DCA has finished and it shows a mild analysis time increase (1.6% median, 1.8% mean). I ran some queries on apache/flink using before and after commits and looked at the tuple counts and predicate timings and didn't see anything obviously taking much longer. I don't think it's a bad join order or anything like that. But I guess that adding another layer will make analysis take a little longer.

This is unrelated to the main purpose of this PR.
I have made a separate PR to do it here:
github#17988
Comment on lines +168 to +170
*
* This is needed for the equivalence relation on basic blocks in range
* analysis.
Copy link
Contributor

@aschackmull aschackmull Nov 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's not its only use. Also, it seems reasonable to have predicate like this without such a specific-sounding constraint.

Suggested change
*
* This is needed for the equivalence relation on basic blocks in range
* analysis.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you mean to suggest a different wording?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah no, I meant to simply delete it. Edited.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants