Fix performance issue in ResourceLeakAnalysis.qll

[MichaelRFairhurst]

Description

After trying a lot of things, this is where I ended up, but open to additional ideas.

Regarding getAnAliasRecursive which this PR removes: The intention was to ensure that if code locks x which is an alias of y, and there's an unlock call on z which is alias of y (but not x), then we don't want to report that. This wasn't previously tested. The newly added test fails even with getAnAliasRecursive() as its incorrectly defined. Further, since the identity of an allocation (TJustResource) is based on a DataFlow::Node, and the out arg dataflow node is different from the expr dataflow node, it's not trivial to handle this edge case.

Constraining getAnAlias(node) isn't simply constrained to isAllocate(node) for two minor reasons:

• Since the expensive behavior is in the default predicate on a signature module, and CodeQL doesn't support Self::, it would require additional refactoring and increase complexity
• In the future we may want to reintroduce getAnAliasRecursive or something like it. This could require something like Config::getAnAlias+(node), so that can't require its argument to be an allocate in that case.

I then experimented with inline_late, pragma[only_bind_into](...), and other various options, but none were providing a benefit. Eventually I copied getAnAlias() into ResourceLeakAnalysis.qll and noticed that no matter what changes I made, I couldn't get good performance from it on opencv as long as it used GVN, and I didn't have the same issue with hashCons. I did also measure a slight performance improvement by adding bindingset[node] to getAnAlias() and so included that as well.

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • rule number here
• Queries have been modified for the following rules:
  • RULE-22-16
  • ERR57-CPP
  • A15-1-4

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

PR Overview

This pull request updates the change note for the ResourceLeakAnalysis.qll performance fix, documenting the removal of the recursive alias lookup and the switch from GlobalValueNumbering to HashCons-based alias comparison to improve performance.

• Updated change note to reflect aliasing changes for improved performance
• Clarified behavior differences and performance impact for RULE-22-16, ERR57-CPP, and A15-1-4

Reviewed Changes

File	Description
change_notes/2025-02-20-rule-22-16-update-aliasing-for-performance.md	Updated change note documenting aliasing updates and performance improvements

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more