Skip to content

DataFlow: Run overlay-informed if not diff-informed#19857

Closed
jbj wants to merge 7 commits intogithub:kaspersv/overlay-java-discardingfrom
jbj:overlay-informed-dataflow
Closed

DataFlow: Run overlay-informed if not diff-informed#19857
jbj wants to merge 7 commits intogithub:kaspersv/overlay-java-discardingfrom
jbj:overlay-informed-dataflow

Conversation

@jbj
Copy link
Copy Markdown
Contributor

@jbj jbj commented Jun 24, 2025

To ensure good performance, always run data flow overlay-informed unless the configuration has opted in to being diff-informed. This change affects only databases with an overlay and therefore has no immediate production consequences.

This is my attempt to implement what @aschackmull sketched yesterday, on top of @kaspersv's branches.

kaspersv and others added 7 commits June 20, 2025 13:58
@kaspersv
Overlay: Add overlay annotations to Java & shared libraries
bceb147
@kaspersv
Run config/sync-files.py
3cbaf51
@kaspersv
rename overlay[caller] to overlay[caller?]
052023e
@kaspersv
Java: Add manual overlay annotations
4f49718
@kaspersv
Java: Add entity discard predicates
ddaf0b2
@kaspersv
Java: Allow methods with empty bodies for overlay
3c2c871
@jbj
DataFlow:Run overlay-informed if not diff-informed
c1214db 
To ensure good performance, always run data flow overlay-informed unless
the configuration has opted in to being diff-informed. This change
affects only databases with an overlay and therefore has no immediate
production consequences.
Copilot AI review requested due to automatic review settings June 24, 2025 07:03
@jbj jbj added the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label Jun 24, 2025
@jbj jbj requested a review from a team as a code owner June 24, 2025 07:03
Copilot AI reviewed Jun 24, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR defaults data flow to overlay-informed mode unless diff-informed is explicitly enabled, affecting only databases with overlays.

  • Adds isOverlayNode predicate and updates source/sink filters in Stage 1 to respect overlay evaluation.
  • Introduces a default isEvaluatingInOverlay predicate in the core DataFlow signature.
  • Provides a Java-specific override of isEvaluatingInOverlay in the Java implementation.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll Adds isOverlayNode and updates isFilteredSource/isFilteredSink to conditionally filter by overlay.
shared/dataflow/codeql/dataflow/DataFlow.qll Declares default isEvaluatingInOverlay predicate stub for overlay mode detection.
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll Imports Java Overlay support and overrides isEvaluatingInOverlay.
Comments suppressed due to low confidence (1)

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll:34

  • The override for isEvaluatingInOverlay doesn't match the signature (missing ()). It should be declared as predicate isEvaluatingInOverlay() { isOverlay() } to properly override the default.
  predicate isEvaluatingInOverlay = isOverlay/0;

Comment thread shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll
private predicate isOverlayNode(Node node) {
isEvaluatingInOverlay() and
// Any local node is an overlay node if we are evaluating in overlay mode
node = node
Copy link

Copilot AI Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The predicate isOverlayNode uses a tautology (node = node), so it doesn't actually distinguish overlay-visible nodes. Replace it with a predicate that checks the node's overlay locality (e.g., isLocalNode(node)).

Copilot uses AI. Check for mistakes.
Comment thread shared/dataflow/codeql/dataflow/DataFlow.qll
* overlay-only local evaluation. When called from a global predicate, this
* predicate holds if we are evaluating globally with overlay and base both
* visible.
*/
Copy link

Copilot AI Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default isEvaluatingInOverlay predicate lacks the required overlay[local] annotation, so overlay-local evaluations won't see it. Add overlay[local] to its definition.

Suggested change
*/
*/
overlay[local]

Copilot uses AI. Check for mistakes.
@jbj jbj added the no-change-note-required This PR does not need a change note label Jun 24, 2025
@kaspersv kaspersv force-pushed the kaspersv/overlay-java-discarding branch from 3c2c871 to 0ee6a78 Compare June 24, 2025 08:38
@kaspersv kaspersv requested review from a team as code owners June 24, 2025 08:38
aschackmull
aschackmull reviewed Jun 24, 2025
View reviewed changes
Comment thread shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll
private predicate isOverlayNode(Node node) {
isEvaluatingInOverlay() and
// Any local node is an overlay node if we are evaluating in overlay mode
node = node
Copy link
Copy Markdown
Contributor

@aschackmull aschackmull Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The canonical way to write this is exists(node).

aschackmull
aschackmull reviewed Jun 24, 2025
View reviewed changes
Comment thread shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll
Comment on lines +135 to +141
* This predicate needs to be `overlay[local?]`, either directly or
* through annotations from an outer scope. If `Node` is global for the
* language under analysis, then every node is considered an overlay
* node, which means there will effectively be no overlay-based
* filtering of sources and sinks.
*/
private predicate isOverlayNode(Node node) {
Copy link
Copy Markdown
Contributor

@aschackmull aschackmull Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not give this predicate an explicit overlay annotation now?

Copy link
Copy Markdown
Contributor Author

@jbj jbj Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The compiler gives a warning that it's redundant because the file module is also annotated overlay[local?].

@jbj jbj changed the title DataFlow:Run overlay-informed if not diff-informed DataFlow: Run overlay-informed if not diff-informed Jun 24, 2025
@kaspersv kaspersv force-pushed the kaspersv/overlay-java-discarding branch 2 times, most recently from a9f1540 to 64f27e2 Compare June 26, 2025 09:36
@kaspersv kaspersv deleted the branch github:kaspersv/overlay-java-discarding June 30, 2025 09:17
@kaspersv kaspersv closed this Jun 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aschackmull aschackmull aschackmull left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish DataFlow Library Java no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jbj @aschackmull @kaspersv