Skip to content

Diff-informed queries: phase 3 (non-trivial locations) #19957

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 96 commits into
base: main
Choose a base branch
from

Conversation

d10c
Copy link
Contributor

@d10c d10c commented Jul 2, 2025

This PR enables diff-informed mode on queries that select a location other than dataflow source or sink. This entails adding a non-trivial location override that returns the locations that are actually selected.

Prior work includes PRs like #19663, #19759, and #19817. This PR uses the same patch script as those PRs to find candidate queries to convert to diff-enabled. This is the final step in mass-enabling diff-informed queries on all the languages.

Commit-by-commit reviewing is recommended.

  • I have split the commits that add/modify tests from the ones that enable/disable diff-informed queries.
  • If the commit modifies a .qll file, in the commit message I've included links to the queries that depend on that .qll for easier reviewing.
  • Feel free to delegate parts of the review to others who may be more specialized in certain languages.

Potentially tricky cases:

@github-actions github-actions bot added C# JS C++ Java Python Go Ruby Rust Pull requests that update Rust code Swift Actions Analysis of GitHub Actions labels Jul 2, 2025
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch from ff3a4b9 to 95fe462 Compare July 3, 2025 15:50
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch 3 times, most recently from aff62c2 to 6d0ae3a Compare July 4, 2025 14:20
@@ -0,0 +1 @@
experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning test

Query test does not use inline test expectations.
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch 2 times, most recently from c871f5e to 276c7f0 Compare July 7, 2025 09:42
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch 2 times, most recently from cb2db2f to c70036d Compare July 8, 2025 15:30
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch from c70036d to 08c4cc2 Compare July 9, 2025 16:47
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch 2 times, most recently from 857b583 to 3e3e856 Compare July 11, 2025 12:49
@d10c
Copy link
Contributor Author

d10c commented Jul 15, 2025

DCA results: some slowdowns on Python, but they don't seem to be related to these changes. Java had some timeout-related failures, so I'll restart that. Overall, no negative performance impact on empty-diff.

d10c added 17 commits July 16, 2025 17:34
@d10c d10c force-pushed the d10c/diff-informed-phase-3 branch from 443655d to 5112a9c Compare July 16, 2025 15:36
@d10c d10c requested a review from michaelnebel July 16, 2025 15:52
@d10c d10c marked this pull request as ready for review July 16, 2025 15:52
@d10c d10c requested review from a team as code owners July 16, 2025 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Actions Analysis of GitHub Actions C# C++ Go Java JS Python Ruby Rust Pull requests that update Rust code Swift
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant