Codeql extract local dataflow of a java method takes so long
I want to extract the local data flow of a Java method. So far I have this query to extract wherever a variable is accessed, declared, or assigned within the function:
/**
* @name Empty block
* @kind problem
* @problem.severity warning
* @id java/example/empty-block
*/
import java
import semmle.code.java.dataflow.DataFlow
from File fl, LocalVariableDeclExpr ld, VarAccess va, Assignment asn
where
fl.getBaseName() = "Calculator.java"
and
ld.getEnclosingCallable().getName()= "calc"
and va.getEnclosingCallable().getName() = "calc"
and asn.getEnclosingCallable().getName() = "calc"
and ld.getLocation().getFile() = fl
and va.getLocation().getFile() = fl
and asn.getLocation().getFile() = fl
and va.getLocation().getStartLine() = ld.getLocation().getStartLine()
select ld, "\"" + va.getVariable().getName()+"\"" + "->" + "\"" +ld.getVariable().getName()+"\"" + "\n" + "\"" +asn.getDest()+"\"" + "->" + "\"" +asn.getSource()+"\"" + "\n"
The problem is it takes so long in the SELECT phase.
I am using this repository as a database. The file name is Calculator.Java and this is the method:
public double calc(double x, String input, char opt) {
inText.setFont(inText.getFont().deriveFont(Font.PLAIN));
double y = Double.parseDouble(input);
switch (opt) {
case '+':
return x + y;
case '-':
return x - y;
case '*':
return x * y;
case '/':
return x / y;
case '%':
return x % y;
case '^':
return Math.pow(x, y);
default:
inText.setFont(inText.getFont().deriveFont(Font.PLAIN));
return y;
}
}
Thanks.
Do you want declaration, assignment and read of the same variable? Because the way your query is currently written just selects combinations of any variable inside the calc method.
Also, your query might not be very performant because you keep checking the callable name and file. It would probably be more performant (and also easier to read) to introduce a separate variable for that, see the query code further below.
Keep in mind that CodeQL is a database language, so the intermediate result in your case is a tuple (LocalVariableDeclExpr, VarAccess, Assignment), this means:
- If a variable has no
Assignmentthen the query has no result for that variable (note that initialization of local variables is not considered anAssignment, see GitHub issue) - You get permutations of that tuple which are probably not interesting for you, e.g.:
(Decl, Access1, Assign1),(Decl, Access1, Assign2),(Decl, Access2, Assign1), ...
So maybe it would be more interesting to just for every variable get the VarAccess (which covers access for reading and writing to the variable), for example:
import java
from Method method, LocalVariableDeclExpr ld, VarAccess va
where
method.getDeclaringType().hasName("Calculator") and
method.hasName("calc") and
ld.getEnclosingCallable() = method and
va.getEnclosingCallable() = method and
// And both belong to the same variable
ld.getVariable() = va.getVariable()
select ld, va
Also note that your query is not related to dataflow, it just finds declaration, assignment and usage of variables, which do not necessarily have to be in the right (or even any) order. See the documentation for more information about tracking dataflow. Maybe you are also interested in visualizing the dataflow with path queries. It is also important to consider the difference between dataflow and taint tracking. Dataflow only covers cases where the exact same value flows between variables and calls, whereas taint tracking also covers case where the value is converted or transformed, for example obtaining a substring from a string (see also the documentation).
- How do I use org.scribe.oauth to connect to the tumblr API?
- java stream to set the values to a list from another list
- Delete directories recursively in Java
- How can I call scikit-learn classifiers from Java?
- Java method declared to throw IOException not propagating the exception up the call stack
- How to get integer and fraction portions of a BigDecimal in Java
- How to auto add imports in IntelliJ?
- remove double quotes from csv while using open csv
- Java custom annotation for a behaviour like trim
- Cors Error when calling microservice from Vue frontend application
- Why isn't my class unloaded when I erase any link to them and to ClassLoader?
- Java UTF-8 filenames with IBM JVM (AIX)
- What would be a good use-case scenario for the Spliterator in Java 8?
- Caused by: java.lang.NoClassDefFoundError: io/jsonwebtoken/Jwts
- Are supertypes of a type just the ones that are directly extended or implemented?
- ModelAttribute returns null values to controller in Spring MVC
- Jaybird 3 and Firebird transaction information
- IntelliJ - Invalid source release: 17
- How to use JScrollPane with JTextArea in Swing?
- Java FFM - Obtaining a var handle to an array field of a structure
- Is there auto type inferring in Java?
- Springboot Keycloak Admin add role or reset password error
- Setting up IntelliJ IDEA with Java 1.8/1.7 and resolve "java: System Java Compiler was not found in classpath"
- How to add a simple horizontal line at Y value of JFreeChart TimeSeries
- java.sql.SQLException: Column Index out of range, 2 > 1
- Task app:compileDebugJavaWithJavac failed
- Column name as a parameter to Spring Data JPA Query
- Pervasive SQL Java database name
- XML to be validated against multiple xsd schemas
- How many sessions can be managed by an Java Application in Struts 2?