diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplSpecific.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplSpecific.qll index dfd207ed7e5b..603d0f8398d3 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplSpecific.qll @@ -20,8 +20,6 @@ module CppDataFlow implements InputSig { Node exprNode(DataFlowExpr e) { result = Public::exprNode(e) } - predicate getAdditionalFlowIntoCallNodeTerm = Private::getAdditionalFlowIntoCallNodeTerm/2; - predicate getSecondLevelScope = Private::getSecondLevelScope/1; predicate validParameterAliasStep = Private::validParameterAliasStep/2; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index e6ad9c86c9bd..c27612271d67 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -36,28 +36,6 @@ private module Cached { not Ssa::ignoreOperand(op) and exists(Ssa::getIRRepresentationOfOperand(op)) } } - - /** - * Gets an additional term that is added to the `join` and `branch` computations to reflect - * an additional forward or backwards branching factor that is not taken into account - * when calculating the (virtual) dispatch cost. - * - * Argument `arg` is part of a path from a source to a sink, and `p` is the target parameter. - */ - pragma[nomagic] - cached - int getAdditionalFlowIntoCallNodeTerm(ArgumentNode arg, ParameterNode p) { - DataFlowImplCommon::forceCachingInSameStage() and - exists( - ParameterNode switchee, SwitchInstruction switch, ConditionOperand op, DataFlowCall call - | - DataFlowImplCommon::viableParamArg(call, p, arg) and - DataFlowImplCommon::viableParamArg(call, switchee, _) and - switch.getExpressionOperand() = op and - getAdditionalFlowIntoCallNodeTermStep+(switchee, operandNode(op)) and - result = countNumberOfBranchesUsingParameter(switch, p) - ) - } } import Cached @@ -1433,78 +1411,6 @@ private predicate localStepsToSwitch(Node node) { ) } -/** - * Holds if `node` is part of a path from a `ParameterNode` to an operand - * of a `SwitchInstruction`. - */ -private predicate localStepsFromParameterToSwitch(Node node) { - localStepsToSwitch(node) and - ( - node instanceof ParameterNode - or - exists(Node prev | - localStepsFromParameterToSwitch(prev) and - localFlowStepWithSummaries(prev, node) - ) - ) -} - -/** - * The local flow relation `localFlowStepWithSummaries` pruned to only - * include steps that are part of a path from a `ParameterNode` to an - * operand of a `SwitchInstruction`. - */ -private predicate getAdditionalFlowIntoCallNodeTermStep(Node node1, Node node2) { - localStepsFromParameterToSwitch(node1) and - localStepsFromParameterToSwitch(node2) and - localFlowStepWithSummaries(node1, node2) -} - -/** Gets the `IRVariable` associated with the parameter node `p`. */ -pragma[nomagic] -private IRVariable getIRVariableForParameterNode(ParameterNode p) { - result = p.(InstructionDirectParameterNode).getIRVariable() - or - result.getAst() = p.(IndirectParameterNode).getParameter() -} - -/** Holds if `v` is the source variable corresponding to the parameter represented by `p`. */ -pragma[nomagic] -private predicate parameterNodeHasSourceVariable(ParameterNode p, Ssa::SourceVariable v) { - v.getIRVariable() = getIRVariableForParameterNode(p) and - exists(Position pos | p.isParameterOf(_, pos) | - pos instanceof DirectPosition and - v.getIndirection() = 1 - or - pos.(IndirectionPosition).getIndirectionIndex() + 1 = v.getIndirection() - ) -} - -private EdgeKind caseOrDefaultEdge() { - result instanceof CaseEdge or - result instanceof DefaultEdge -} - -/** - * Gets the number of switch branches that that read from (or write to) the parameter `p`. - */ -private int countNumberOfBranchesUsingParameter(SwitchInstruction switch, ParameterNode p) { - exists(Ssa::SourceVariable sv | - parameterNodeHasSourceVariable(p, sv) and - // Count the number of cases that use the parameter. We do this by finding the phi node - // that merges the uses/defs of the parameter. There might be multiple such phi nodes, so - // we pick the one with the highest edge count. - result = - max(SsaPhiNode phi | - switch.getSuccessor(caseOrDefaultEdge()).getBlock().dominanceFrontier() = - phi.getBasicBlock() and - phi.getSourceVariable() = sv - | - strictcount(phi.getAnInput()) - ) - ) -} - pragma[nomagic] private predicate isInputOutput( DF::DataFlowFunction target, Node node1, Node node2, IO::FunctionInput input, diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 1ff18d5803fa..42c9775e818c 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -299,15 +299,6 @@ signature module InputSig { */ default predicate neverSkipInPathGraph(Node n) { none() } - /** - * Gets an additional term that is added to the `join` and `branch` computations to reflect - * an additional forward or backwards branching factor that is not taken into account - * when calculating the (virtual) dispatch cost. - * - * Argument `arg` is part of a path from a source to a sink, and `p` is the target parameter. - */ - default int getAdditionalFlowIntoCallNodeTerm(ArgumentNode arg, ParameterNode p) { none() } - /** * A second-level control-flow scope in a callable. * diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index 9dfbc3e0bcda..d65e96ce0d8c 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -1102,17 +1102,6 @@ module MakeImpl Lang> { not inBarrier(p) } - /** - * Gets an additional term that is added to `branch` and `join` when deciding whether - * the amount of forward or backward branching is within the limit specified by the - * configuration. - */ - pragma[nomagic] - private int getLanguageSpecificFlowIntoCallNodeCand1(ArgNodeEx arg, ParamNodeEx p) { - flowIntoCallNodeCand1(_, arg, p) and - result = getAdditionalFlowIntoCallNodeTerm(arg.projectToNode(), p.projectToNode()) - } - private module SndLevelScopeOption = Option; private class SndLevelScopeOption = SndLevelScopeOption::Option; @@ -1177,11 +1166,11 @@ module MakeImpl Lang> { private int branch(ArgNodeEx n1) { result = strictcount(DataFlowCallable c | - exists(NodeEx n | - flowIntoCallNodeCand1(_, n1, n) and - c = n.getEnclosingCallable() - ) - ) + sum(ParamNodeEx p1 | | getLanguageSpecificFlowIntoCallNodeCand1(n1, p1)) + exists(NodeEx n | + flowIntoCallNodeCand1(_, n1, n) and + c = n.getEnclosingCallable() + ) + ) } /** @@ -1193,11 +1182,11 @@ module MakeImpl Lang> { private int join(ParamNodeEx n2) { result = strictcount(DataFlowCallable c | - exists(NodeEx n | - flowIntoCallNodeCand1(_, n, n2) and - c = n.getEnclosingCallable() - ) - ) + sum(ArgNodeEx arg2 | | getLanguageSpecificFlowIntoCallNodeCand1(arg2, n2)) + exists(NodeEx n | + flowIntoCallNodeCand1(_, n, n2) and + c = n.getEnclosingCallable() + ) + ) } /**