Python: Improve performance of FileNotClosed query by using basic block reachability #19641
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joefarebrother
added
the
no-change-note-required
There was a problem hiding this comment.
Pull Request Overview
This PR improves the performance of the FileNotClosed query by replacing full CFG reachability checks with basic-block–level reachability approximations and adds a test to illustrate the approximation’s limitations.
- Introduce
bbSuccessor,bbReachableStrict, andbbReachableReflpredicates for faster reachability. - Update
guardsExceptionsinFileClose(and itsWithStatementoverride) to use these new predicates. - Add a new
closed29test demonstrating a spurious false positive due to the approximation.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| python/ql/test/query-tests/Resources/FileNotAlwaysClosed/resources_test.py | Add closed29 test case that tags a spurious false positive with $SPURIOUS. |
| python/ql/src/Resources/FileNotAlwaysClosedQuery.qll | Replace full CFG reachability with block-level reachability and refine exception guards. |
Comments suppressed due to low confidence (1)
python/ql/test/query-tests/Resources/FileNotAlwaysClosed/resources_test.py:285
- [nitpick] In
closed29, the variablef28duplicates the name fromclosed28. Consider renaming it tof29(or a more descriptive name) to avoid confusion.
f28 = open(path) # $SPURIOUS:notClosedOnException
Co-authored-by: Copilot <[email protected]>
hvitved
reviewed
Jun 4, 2025
| private predicate cfgGetASuccessorPlus(ControlFlowNode src, ControlFlowNode sink) = | ||
| fastTC(cfgGetASuccessor/2)(src, sink) | ||
| private predicate bbReachableStrict(BasicBlock src, BasicBlock sink) = | ||
| fastTC(bbSuccessor/2)(src, sink) |
There was a problem hiding this comment.
I think you should be able to use doubleBoundedFastTC here, for even better performance.
Comment on lines
+56
to
+57
| bbReachableRefl(raises.asCfgNode().getBasicBlock().getAnExceptionalSuccessor(), | ||
| this.asCfgNode().getBasicBlock()) |
There was a problem hiding this comment.
In case they belong to the same basic block, there is no logic guaranteeing that raises comes before this in that basic block.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cc @nickrolfe , @aschackmull , @alexet