Python: Enhance points-to to support type-hint analysis.#1728
Conversation
b41a9be to
1327e42
Compare
taus-semmle
left a comment
There was a problem hiding this comment.
A few comments and questions, otherwise LGTM.
| this = TSpecificInstance(_, result, _) | ||
| exists(ClassObjectInternal cls, ClassDecl decl | | ||
| this = TSpecificInstance(_, cls, _) and | ||
| decl = cls.getClassDeclaration() | |
There was a problem hiding this comment.
Are these ClassObjectInternals guaranteed to have a ClassDecl? I'm wondering if we'll lose instances where TSpecificInstance(_, cls, _) exists, but cls.getClassDeclaration() fails (and where previously we would have used cls regardless).
There was a problem hiding this comment.
If it doesn't have a ClassDecl then we won't be able to compute an MRO. Currently that applies to DynamicallyCreatedClass. Potentially getASuperType() could be improved for those, but this makes things no worse in that case.
| result = Types::getMro(this).getAnItem() | ||
| result = this.getBaseType(_) | ||
| or | ||
| result = this.getASuperType().getBaseType(_) |
There was a problem hiding this comment.
I had to stare at this line for a while to convince myself that it was doing the right thing. Would it make more sense to do result = this.getBaseType(_).getASuperType() instead? This, at least, would make the recursion a bit more apparent (i.e. an improper supertype is either the class itself, one of its base classes, or an improper supertype of one of its base classes). I would also move result = this to be the first disjunct in that case.
There was a problem hiding this comment.
Alternatively, we could add getABaseType to ClassValue (same as what ClassObject has right now) and use getABaseType*().
241d169 to
902871b
Compare
Three changes to better track type hint objects during points-to.
.getClass().typingmodule.toString()implementations