Skip to content

Dataflow: Overlay informed dataflow. #20386

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Dataflow: Overlay informed dataflow. #20386

wants to merge 4 commits into from

Conversation

alexet
Copy link
Contributor

@alexet alexet commented Sep 8, 2025

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 8, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 8, 2025
View reviewed changes
@alexet alexet force-pushed the alexet/overlay-informed-dataflow branch from 4ebfdd4 to 04e8ab6 Compare September 8, 2025 16:25
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 8, 2025
View reviewed changes
@alexet alexet force-pushed the alexet/overlay-informed-dataflow branch from 04e8ab6 to 5ee86e9 Compare September 12, 2025 17:27
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 12, 2025
View reviewed changes
shared/dataflow/codeql/dataflow/DataFlow.qll
private module Stage1 = ImplStage1<C>;

import Stage1::PartialFlow

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/DataFlow.qll
}

predicate observeOverlayInformedIncrementalMode() { not Config::observeDiffInformedIncrementalMode() }
}

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import MakeImplStage1<Location, DataFlowLang> as DataFlowInternalStage1

private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll

signature int speculationLimitSig();

module AddSpeculativeTaintSteps<

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import DataFlowInternal::DefaultState<Config>
import Config

private predicate relevantState(Config::FlowState state) {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
) {
Config::isAdditionalFlowStep(node1, node2) and model = "Config"
}

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import DataFlowInternal::DefaultState<Config>
import Config

predicate isAdditionalFlowStep(

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import AddTaintDefaults<Config0>
}

predicate isBarrierOut(DataFlowLang::Node node, FlowState state) {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import Config

predicate isAdditionalFlowStep(
DataFlowLang::Node node1, DataFlowLang::Node node2, string model

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
import AddTaintDefaults<Config0>
}

private module Stage1 = DataFlowInternalStage1::ImplStage1<C>;

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
@alexet alexet force-pushed the alexet/overlay-informed-dataflow branch from 850a45e to 14b7523 Compare September 12, 2025 17:33
@alexet alexet force-pushed the alexet/overlay-informed-dataflow branch from 14b7523 to c00e150 Compare September 19, 2025 15:15
@alexet alexet changed the title Dataflow: Diff informed dataflow. Dataflow: Overlay informed dataflow. Sep 19, 2025
@alexet alexet force-pushed the alexet/overlay-informed-dataflow branch from c00e150 to 1f99e98 Compare September 19, 2025 15:27
@alexet alexet requested a review from Copilot September 19, 2025 15:42
Copilot
Copilot AI reviewed Sep 19, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements overlay-informed dataflow analysis capabilities for CodeQL. The changes introduce support for evaluating dataflow in overlay mode, where base and overlay database results can be merged, providing incremental analysis capabilities.

Key changes:

  • Added overlay-informed filtering logic that complements the existing diff-informed mode
  • Introduced new predicate variants for determining overlay evaluation context
  • Created overlay-aware modules that merge base and overlay results for dataflow and taint tracking

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
shared/util/codeql/util/AlertFiltering.qll Added predicates to check diff information availability and file inclusion in diff ranges
shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll Implemented overlay-informed filtering logic for sources and sinks with dual evaluation modes
shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll Added OverlayImpl module that merges base and overlay dataflow results
shared/dataflow/codeql/dataflow/TaintTracking.qll Refactored modules and added overlay-aware taint tracking implementations
shared/dataflow/codeql/dataflow/DataFlow.qll Split into core and overlay-specific modules with new overlay evaluation support
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll Added Java-specific overlay evaluation predicate implementation
Comments suppressed due to low confidence (1)

shared/dataflow/codeql/dataflow/TaintTracking.qll:1

  • The condition should use Config::observeOverlayInformedIncrementalMode() without negation to match the logic in the flow predicate above. Currently this will include local results when overlay mode is disabled, which contradicts the expected behavior.
/**

@alexet alexet force-pushed the alexet/overlay-informed-dataflow branch from 1f99e98 to 5a11aac Compare September 19, 2025 15:53
@alexet
Copy link
Contributor Author

alexet commented Sep 19, 2025

@aschackmull Can you have a quick look over this to check that the general codee organisation is reasonable. This is the least duplication I could come up with.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
DataFlow Library Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alexet