From 24360d3a4c31dbc2cad55725a3993b780f28eacd Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Thu, 25 Mar 2021 12:00:49 +0100
Subject: [PATCH] C++: Fix join order in AV rule 79 by joining with GVN after
 the recursive call.

---
 cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql b/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql
index d582cfa42245..3ae7bc65b450 100644
--- a/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql	
+++ b/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql	
@@ -91,16 +91,17 @@ private predicate exprReleases(Expr e, Expr released, string kind) {
   // `e` is a call to a release function and `released` is the released argument
   releaseExpr(e, released, kind)
   or
-  exists(Function f, int arg |
+  exists(int arg, VariableAccess access, Function f |
     // `e` is a call to a function that releases one of it's parameters,
     // and `released` is the corresponding argument
     (
       e.(FunctionCall).getTarget() = f or
       e.(FunctionCall).getTarget().(MemberFunction).getAnOverridingFunction+() = f
     ) and
+    access = f.getParameter(arg).getAnAccess() and
     e.(FunctionCall).getArgument(arg) = released and
     exprReleases(_,
-      exprOrDereference(globalValueNumber(f.getParameter(arg).getAnAccess()).getAnExpr()), kind)
+      pragma[only_bind_into](exprOrDereference(globalValueNumber(access).getAnExpr())), kind)
   )
   or
   exists(Function f, ThisExpr innerThis |
@@ -112,7 +113,7 @@ private predicate exprReleases(Expr e, Expr released, string kind) {
     ) and
     e.(FunctionCall).getQualifier() = exprOrDereference(released) and
     innerThis.getEnclosingFunction() = f and
-    exprReleases(_, globalValueNumber(innerThis).getAnExpr(), kind)
+    exprReleases(_, pragma[only_bind_into](globalValueNumber(innerThis).getAnExpr()), kind)
   )
 }