JS: Improve performance of StandardEndpointFilters::isNumeric

When looking for reads of expressions that are really variable accesses,
start with the set of all variable accesses,
which is a strict subset of the set of expressions,
before looking at the larger set of all expressions and their underlying values.

This does not yet give optimal performance, but reduces the largest bottleneck
when evaluating this predicate on large databases like Node
where we have ~2M variable accesses and ~10M expressions x underlying values.

Author: adityasharad

javascript/ql/lib/semmle/javascript/heuristics/SyntacticHeuristics.qll

@@ -21,8 +21,14 @@ predicate isReadFrom(DataFlow::Node read, string regexp) {
     actualRead = read
   |
     exists(string name | name.regexpMatch(regexp) |
-      actualRead.asExpr().getUnderlyingValue().(VarAccess).getName() = name or
-      actualRead.(DataFlow::PropRead).getPropertyName() = name or
+      // Performance optimisation: start with the set of variable accesses,
+      // which is a strict subset of the set of expressions,
+      // before looking at the larger set of all expressions and their underlying values.
+      any(VarAccess va | pragma[only_bind_out](va) = actualRead.asExpr().getUnderlyingValue())
+          .getName() = name
+      or
+      actualRead.(DataFlow::PropRead).getPropertyName() = name
+      or
       actualRead.(DataFlow::InvokeNode).getCalleeName() = "get" + name
     )
   )