Skip to content

JS: classify generated data files#108

Merged
semmle-qlci merged 1 commit into
masterfrom
unknown repository
Aug 29, 2018
Merged

JS: classify generated data files#108
semmle-qlci merged 1 commit into
masterfrom
unknown repository

Conversation

@ghost
Copy link
Copy Markdown

@ghost ghost commented Aug 27, 2018

@ghost ghost added the JS label Aug 27, 2018
@ghost ghost self-requested a review as a code owner August 27, 2018 13:12
xiemaisi
xiemaisi reviewed Aug 27, 2018
View reviewed changes
Copy link
Copy Markdown

@xiemaisi xiemaisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approach seems plausible; how many projects have you tried this out on?

Comment thread javascript/ql/src/semmle/javascript/GeneratedCode.qll
e.getFile() = f and
e.isImpure() and
// ... except for variable initializers
not e instanceof VariableDeclarator
Copy link
Copy Markdown

@xiemaisi xiemaisi Aug 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean we consider VariableDeclarators to be impure? That seems undesirable.

Copy link
Copy Markdown
Author

@ghost ghost Aug 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but that seems right to me.
They do modify the scope object after all.

Copy link
Copy Markdown

@xiemaisi xiemaisi Aug 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's true, but modelling it seems overkill, particularly since we don't even model the scope object. Also, that modification isn't observable in any way, is it?

Copy link
Copy Markdown
Author

@ghost ghost Aug 27, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I could go either way on this. On the one hand, shadowing variables in enclosing scopes and creation of properties on the global object are easily observable side effects, but on the other hand, I see what you mean regarding the expressive power of our analysis.
Do you want a change in this PR?

Copy link
Copy Markdown

@xiemaisi xiemaisi Aug 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right, of course, there are observable side effects, but I would still hesitate to ascribe them to the declarator, so on the whole I'd be in favour of changing this. It seems like a fairly minor and harmless change that would make this predicate look a bit less confusing.

Copy link
Copy Markdown
Author

@ghost ghost Aug 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.
Do we skip the full dist-compare for this change?

Copy link
Copy Markdown

@xiemaisi xiemaisi Aug 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Yes, we do.

@ghost
Copy link
Copy Markdown
Author

ghost commented Aug 27, 2018

This has been tested on 203 projects with 38 results, which are all true positives.

xiemaisi
xiemaisi previously approved these changes Aug 28, 2018
View reviewed changes
Copy link
Copy Markdown

@xiemaisi xiemaisi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ghost
Copy link
Copy Markdown
Author

ghost commented Aug 28, 2018

Amended with updated expected output for isPure.ql.

@xiemaisi
Copy link
Copy Markdown

xiemaisi commented Aug 28, 2018

Apologies, I only just realised I misremembered what a VariableDeclarator is. I didn't realise that it included the initialiser expression and is, in fact, a VarDef.

In that case of course it doesn't make sense to treat it as pure. Could you remove the second commit, please? (Sorry about that.)

@ghost
Copy link
Copy Markdown
Author

ghost commented Aug 29, 2018

Done.

@semmle-qlci semmle-qlci merged commit d22a65a into github:master Aug 29, 2018
aibaars pushed a commit that referenced this pull request Oct 14, 2021
@hvitved
Merge pull request #108 from github/hvitved/ssa
f8790c8 
Add SSA library
smowton pushed a commit to smowton/codeql that referenced this pull request Dec 6, 2021
@tamasvajk
Merge pull request github#108 from github/kotlin-extract-fields
4a75e24 
Allow associating comments with fields
MathiasVP added a commit to MathiasVP/ql that referenced this pull request Aug 10, 2025
@MathiasVP
Merge pull request github#108 from microsoft/fix-powershell-compilation
e36e617 
PS: Fix compile errors and warnings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xiemaisi @semmle-qlci