Swift: make only certain elements hideable in the AST

[redsun82]

By tweaking code generation and adding an explicit @ql.hideable attribute in the schema, only certain specific types get the resolve infrastructure, decreasing the number of Immediate predicates being generated.

[geoffw0]

Is it possible to have a hideable parent of a non-hideable child?

[redsun82]

you mean in AST parent/child terms, or in superclass/subclass terms? Both can mix, which just made me think of an issue with this change: hideability should actually travel both directions of inheritance. For example marking Expr explicitly as hideable, doesn't only mean that all Expr subclasses are hideable, but also superclasses such as AstNode. Failing to do so like I'm doing here means that something like BraceStmt.getElement/1 would fail to hide conversions which would be quite confusing.

[geoffw0]

The worry that prompted this question was the removal of getFullyUnresolved() calls from non-hideable elements. Which seems maybe wrong if a hideable element can resolve to it (I'm not really sure why we use getFullyUnresolved() though).

[redsun82]

yeah, it was wrong, I ended up reverting that. This does mean one could implement getResolveStep on a non-hideable class, which would compile but not really work. Just something to keep in mind. We can add final overrides to the non-hideable AstNode classes to avoid such a problem if we see this happening at some point.

[geoffw0]

You've addressed my concerns, and I want this change, but I can't confidently say I have a full understanding of everything that is going on.

My understanding is:

• the goal of this change is to reduce the amount of generated QL and potentially make things a bit speedier as well.
• previously everything was hideable.
• now 'just' Type, Expr and Pattern are hideable...
  • plus everything above them in the QL class tree (e.g. Element), because when you have an Element x it could in fact be a Type / Expr / Pattern.
  • plus by anything below them in the QL class tree (e.g. BitwiseOperation), because those things are a Type / Expr / Pattern.
• but plenty of specific classes outside of that are not hideable any more.
• for non-hideable classes, we can skip including the getImmediate* machinery and calls to .getResolveStep() and the like.
  • but not the other direction, .getFullyUnresolved(), because the result could be hideable.

I would appreciate if you could correct any misconceptions in the above, and perhaps get a second pair of eyes on this?

[redsun82]

You've addressed my concerns, and I want this change, but I can't confidently say I have a full understanding of everything that is going on.

My understanding is:

• the goal of this change is to reduce the amount of generated QL and potentially make things a bit speedier as well.

• previously everything was hideable.

• now 'just' Type, Expr and Pattern are hideable...

  • plus everything above them in the QL class tree (e.g. Element), because when you have an Element x it could in fact be a Type / Expr / Pattern.
  • plus by anything below them in the QL class tree (e.g. BitwiseOperation), because those things are a Type / Expr / Pattern.

• but plenty of specific classes outside of that are not hideable any more.

• for non-hideable classes, we can skip including the getImmediate* machinery and calls to .getResolveStep() and the like.

  • but not the other direction, .getFullyUnresolved(), because the result could be hideable.

I would appreciate if you could correct any misconceptions in the above, and perhaps get a second pair of eyes on this?

I've added @MathiasVP as a reviewer too, as yes, two set of eyes is better than one.

Your analysis is correct, although it is to be noted that as far as the current actually hidden nodes go, it is also not really possible for unhideable nodes to have a .getFullyUnresolved() different from this, because no current getResolveStep() actually gives a non-hideable result. I also don't foresee it happening ever, but the possibility is there. So, theoretically, we could remove .getFullyUnresolved() from all non-Expr, non-Pattern or non-Type things. But I preferred to actually revert all changes outside those strictly required, so that the only hand-written changes to QL code in this PR are related to some getProperty becoming the customization points to override in place of getImmediateProperty.

[geoffw0]

Happy with this PR pending @MathiasVP s opinion and a successful DCA run.

[MathiasVP]

I think the changes makes sense. A couple of open questions. I'd also like to run a few CFG consistency queries on this PR to make sure we didn't break CFG construction in some subtle way.

[MathiasVP]

I'm not sure I like this change very much 🤔. So now, if you have a value of a very general class (like ... Locatable, for example) and you want to resolve it to skip hidden elements you have to explicitly consider two cases:

• Either it's an instance of HideableElement and so you have to do an inline cast and call getResolveStep, or
• It's not a HideableElement and you don't have to do anything.

[redsun82]

this was indeed reverted in a later commit

[MathiasVP]

An open question:

Looking through the changes to CFG construction, we've had bugs in the past because someone (most likely me 😅) forgot to call recursively on the fully unresolved / fully converted sub-element which led to inconsistent CFGs. And in those cases it was pretty easy to see syntactically that:

• We were calling getFullyUnresolved (or getFullyConverted) in 99% of the cases, and
• 1% of the cases were missing a call to getFullyUnresolved (or getFullyConverted)

And so that 1% was most likely a bug. But now some places will need the to call getFullyUnresolved (when it's available), and other places won't need to do that (because there's no such method on the class).

Do you think this is a problem?

[redsun82]

I backtracked on this on a later commit. As I understood that "hideability" travels both directions of a hierarchy, Element ended up hideable no matter what, so in the end I kept the resolve/getFullyUnresolved predicates on Element, and undid all these changes. I agree that that was a possible source of bugs.

Sorry for the mix up.

[MathiasVP]

@redsun82 it took me a few restarts to get a pair of semmle-code and codeql SHAs with compatible dbschemes, but that last experiment seems to have worked 😂.

[redsun82]

DCA looks good to me, apart the known Thomvis/Construct wobbly number of extracted files.

[redsun82]

@geoffw0: @MathiasVP's comments are addressed by later commits, and DCA shows nothing suspicious, so I think we can merge this.

[redsun82]

Ah, wait, there is this comment by @MathiasVP:

I'd also like to run a few CFG consistency queries on this PR to make sure we didn't break CFG construction in some subtle way.

Do you know what it means @geoffw0? On the other hand, as far as I understand this was a comment based on the CFG library changes, that got completely reverted.

[geoffw0]

Do you know what it means @geoffw0?

I guess it means he wants to run a few more checks locally and build confidence. When/if @MathiasVP gives the 👍, I'm happy for this to be merged.

[aibaars]

Ah, wait, there is this comment by @MathiasVP:

I'd also like to run a few CFG consistency queries on this PR to make sure we didn't break CFG construction in some subtle way.

I guess it means running the equivalent of https://github.com/github/codeql/blob/main/ruby/ql/consistency-queries/CfgConsistency.ql . For Ruby we run consistency checks automatically in CI as part of codeql test run --consistency-queries ...

 --consistency-queries=<dir>
                             [Advanced] A directory with consistency queries that will be run for each test database. These queries should not produce any output (except when they find a problem) unless the test directory includes
                               a CONSISTENCY subdirectory with a .expected file. This is mostly useful for testing extractors.