Rust: Exclude data flow inconsistencies that stem from other inconsis…#18144
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
paldepind
force-pushed
the
rust-df-inconsistency-no-location
branch
from
87e663c to
a2f6ca1
Compare
paldepind
force-pushed
the
rust-df-inconsistency-no-location
branch
from
a2f6ca1 to
b05d290
Compare
DCA pulls data from the Otherwise LGTM. |
| private module Input implements InputSig<Location, RustDataFlow> { } | ||
|
|
||
| import MakeConsistency<Location, RustDataFlow, RustTaintTracking, Input> | ||
| import codeql.rust.dataflow.internal.DataFlowConsistency |
There was a problem hiding this comment.
Adding this file has got rid of some needless duplication. 👍
|
Thanks for the guidance @geoffw0. I missed the |
|
DCA results are now looking as expected: Almost all data flow inconsistencies are gone and AST inconsistencies are up. |
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
Notably we now have more new AST inconsistencies than we've lost data flow inconsistencies, but I think that's expected and reflects where the problem really is. And we have over 5 million AST inconsistencies on windows-rs, which is spectacular, but nothing appears to have broken as a result.
It would [obviously] be good to prioritize fixing a majority of those AST inconsistencies fairly soon.
👍
|
Just to note, after this PR I think we want to keep an eye on the data flow inconsistencies in DCA and make sure that it doesn't go up. The DCA projects (not including Rust) all sits at 0 or 1 inconsistencies, so increases should be noticeable. |
4 participants
Exclude some data flow inconsistency errors where the root cause is not in the data flow library.
Adds a new AST consistency metric that tracks AST nodes without a location.
I'm not sure if the change in this PR alone is enough for the new metric to show up on DCA. @geoffw0 most likely knows if additional setup is needed.