Go: Remove global function step from local flow#21721
Conversation
owen-mc
force-pushed
the
go/remove-global-function-jump-step-from-local-flow
branch
from
06b9b76 to
f275b9a
Compare
owen-mc
force-pushed
the
go/remove-global-function-jump-step-from-local-flow
branch
from
f275b9a to
f6135b7
Compare
|
I ran QA. It looks fine. There were a few alert changes in two repos, but investigating one of them locally I don't see any changes. The db seems to be slightly malformed - the locations don't work for many files. I don't know why this is - I didn't see any errors when building the db. There was one analysis that was much slower but it was for network reasons relating to downloading ubuntu archives (I believe canonical had some problems yesterday). |
There was a problem hiding this comment.
Pull request overview
This PR makes the Go “local flow” relation more strictly intra-procedural by removing a non-local disjunct involving global functions, while preserving the needed behavior for io/fs.WalkDir callback modeling.
Changes:
- Remove the
GlobalFunctionNode -> usecase frombasicLocalFlowStepto keep local flow truly local. - Update the
io/fs.WalkDiradditional taint step to handle both function literals and referenced global functions passed as the callback argument. - Update affected Go dataflow library-test
.expectedoutputs accordingly.
Show a summary per file
| File | Description |
|---|---|
| go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll | Removes the global-function-to-use disjunct from basicLocalFlowStep, tightening the definition of “local” flow. |
| go/ql/lib/semmle/go/frameworks/stdlib/IoFs.qll | Refines WalkDir callback handling to account for function literals and global function references passed as arguments. |
| go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected | Updates expected results to reflect removal of the global-function local-flow step. |
| go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected | Updates expected results to reflect removal of the global-function local-flow step. |
Copilot's findings
- Files reviewed: 4/4 changed files
- Comments generated: 0
This is no longer needed.
hvitved
left a comment
hvitved
left a comment
There was a problem hiding this comment.
LGTM, just one suggestion for getting rid of duplication.
It would be good if the local flow relation was really local. There was one disjunct which isn't. I tried removing it and only one test failed, and on investigation this was easily fixed. I will run DCA and QA to see if there are any alert changes from this. My best guess is that it's somehow related to assigning global functions to variables (or using them as arguments), but since go doesn't use the lambda flow capabilities of the data flow library it probably isn't doing anything.