codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Dataflow: update fieldFlowBranchLimit semantics

Open aschackmull opened this issue 1 year ago • 0 comments
trafficstars

This makes two changes to the fieldFlowBranchLimit interpretation:

  • The count is adjusted to properly count virtual dispatch instead of nodes. This will block less flow and hence result in more computation and more alerts - hopefully fixing some FNs.
  • The blocking condition on return edges is changed to only care about virtual dispatch count and not the number of call sites. This will block more flow and hopefully reduce FPs and performance problems based on uncertain dispatch. This has anecdotally been identified as the core issue in a couple of poorly performing cases.

For the return edge condition, special care is taken to still follow call edges that are determined by the call context.

All qltests are also updated to use the default fieldFlowBranchLimit instead of an inflated value to better reflect what's actually used in queries.

aschackmull avatar Feb 13 '24 13:02 aschackmull