Python: Move ControlFlowNode, Expr, and Module points-to to legacy module
#20722
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| not exists(ExprWithPointsTo left, ExprWithPointsTo right, Value val | | ||
| comp.compares(left, op, right) and | ||
| exists(ImmutableLiteral il | il.getLiteralValue() = val) | ||
| exists(ImmutableLiteral il | il = val.(ConstantObjectInternal).getLiteral()) |
Check warning
Code scanning / CodeQL
Expression can be replaced with a cast Warning
Moves the existing points-to predicates to the newly added class `ControlFlowNodeWithPointsTo` which resides in the `LegacyPointsTo` module. (Existing code that uses these predicates should import this module, and references to `ControlFlowNode` should be changed to `ControlFlowNodeWithPointsTo`.) Also updates all existing points-to based code to do just this.
This had only two uses in our libraries, so I simply inlined the predicate body in both places.
tausbn
force-pushed
the
tausbn/python-move-points-to-predicates-to-legacy-module
branch
from
b2c9e72 to
d7a6b3f
Compare
tausbn
force-pushed
the
tausbn/python-move-points-to-predicates-to-legacy-module
branch
from
d7a6b3f to
820d8e7
Compare
I wasn't entirely sure if this should be classified as `deprecated` or `breaking`, but seeing as these changes technically _could_ break existing queries (requiring a small rewrite), I opted for the latter.
tausbn
changed the title
ControlFlowNode, Expr, and Module points-to to legacy module
There was a problem hiding this comment.
Pull Request Overview
This pull request removes points-to analysis predicates from ControlFlowNode, Expr, and Module classes, moving them to a new LegacyPointsTo module. This change enforces explicit opt-in to legacy points-to functionality by requiring imports of LegacyPointsTo and use of specialized wrapper classes (ControlFlowNodeWithPointsTo, ExprWithPointsTo, ModuleWithPointsTo).
Key changes:
- Created
LegacyPointsTo.qllmodule with wrapper classes for accessing points-to predicates - Removed points-to predicates from
ControlFlowNode,Expr, andModulebase classes - Updated all existing usages across test files, library files, and queries to use the new wrapper classes
Reviewed Changes
Copilot reviewed 107 out of 107 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
python/ql/lib/LegacyPointsTo.qll |
New module defining ControlFlowNodeWithPointsTo, ExprWithPointsTo, and ModuleWithPointsTo wrapper classes |
python/ql/lib/semmle/python/Flow.qll |
Removed points-to predicates from ControlFlowNode class |
python/ql/lib/semmle/python/Exprs.qll |
Removed points-to predicates from Expr class |
python/ql/lib/semmle/python/Module.qll |
Removed getAnExport() predicate from Module class |
| Test and library files (80+ files) | Added LegacyPointsTo imports and casts to wrapper classes where points-to predicates are used |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Should be reviewed commit-by-commit!
This is the first step towards hiding all of the existing hooks into the points-to API behind an explicit
LegacyPointsTomodule.This PR in particular removes all ways to access points-to from
ControlFlowNode,Expr, andModule.The approach taken is roughly the same in each case: for each points-to-related predicate on, say,
Expr, we transfer it to a subclass calledExprWithPointsTothat lives inside theLegacyPointsTomodule. All existing uses of these predicates must then be updated to refer toExprWithPointsToinstead, either by updating the type (in the case of a bound variable), or by inserting an inline cast to this class.Note that for some of these classes we additionally override
getAQlClassto not return any values. This is because a few tests were failing because they were seeing new (though really just duplicated) results forExprWithPointsToandModuleWithPointsTo. Simply making the methods empty for these classes seemed like the easiest solution.Finally, to head off a potential question:
LegacyPointsto.qllat the top level?It may seem a bit ugly to place this alongside
python.qllin this otherwise (mostly) pristine spot in the module hierarchy, but I think this could be construed as a feature. It is an ugly wart, and having it present front and centre might encourage us to actually do something about this fact. 😈