@@ -935,7 +935,8 @@ private module Stage2 {
935935 }
936936
937937 /**
938- * Holds if `c` is the target of a store in the flow covered by `fwdFlow`.
938+ * Holds if forward flow with access path `tail` reaches a store of `c`
939+ * resulting in access path `cons`.
939940 */
940941 pragma [ nomagic]
941942 private predicate fwdFlowConsCand ( Ap cons , Content c , Ap tail , Configuration config ) {
@@ -992,7 +993,8 @@ private module Stage2 {
992993 }
993994
994995 /**
995- * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`.
996+ * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
997+ * and data might flow through the target callable and back out at `call`.
996998 */
997999 pragma [ nomagic]
9981000 private predicate fwdFlowIsEntered (
@@ -1112,7 +1114,8 @@ private module Stage2 {
11121114 }
11131115
11141116 /**
1115- * Holds if `c` is the target of a read in the flow covered by `revFlow`.
1117+ * Holds if reverse flow with access path `tail` reaches a read of `c`
1118+ * resulting in access path `cons`.
11161119 */
11171120 pragma [ nomagic]
11181121 private predicate revFlowConsCand ( Ap cons , Content c , Ap tail , Configuration config ) {
@@ -1156,7 +1159,9 @@ private module Stage2 {
11561159 }
11571160
11581161 /**
1159- * Holds if an output from `call` is reached in the flow covered by `revFlow`.
1162+ * Holds if an output from `call` is reached in the flow covered by `revFlow`
1163+ * and data might flow through the target callable resulting in reverse flow
1164+ * reaching an argument of `call`.
11601165 */
11611166 pragma [ nomagic]
11621167 private predicate revFlowIsReturned (
@@ -1551,6 +1556,10 @@ private module Stage3 {
15511556 )
15521557 }
15531558
1559+ /**
1560+ * Holds if forward flow with access path `tail` reaches a store of `c`
1561+ * resulting in access path `cons`.
1562+ */
15541563 pragma [ nomagic]
15551564 private predicate fwdFlowConsCand ( Ap cons , Content c , Ap tail , Configuration config ) {
15561565 exists ( TypedContent tc |
@@ -1606,7 +1615,8 @@ private module Stage3 {
16061615 }
16071616
16081617 /**
1609- * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`.
1618+ * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
1619+ * and data might flow through the target callable and back out at `call`.
16101620 */
16111621 pragma [ nomagic]
16121622 private predicate fwdFlowIsEntered (
@@ -1725,6 +1735,10 @@ private module Stage3 {
17251735 tc .getContent ( ) = c
17261736 }
17271737
1738+ /**
1739+ * Holds if reverse flow with access path `tail` reaches a read of `c`
1740+ * resulting in access path `cons`.
1741+ */
17281742 pragma [ nomagic]
17291743 private predicate revFlowConsCand ( Ap cons , Content c , Ap tail , Configuration config ) {
17301744 exists ( Node mid |
@@ -1767,7 +1781,9 @@ private module Stage3 {
17671781 }
17681782
17691783 /**
1770- * Holds if an output from `call` is reached in the flow covered by `revFlow`.
1784+ * Holds if an output from `call` is reached in the flow covered by `revFlow`
1785+ * and data might flow through the target callable resulting in reverse flow
1786+ * reaching an argument of `call`.
17711787 */
17721788 pragma [ nomagic]
17731789 private predicate revFlowIsReturned (
@@ -2239,6 +2255,10 @@ private module Stage4 {
22392255 )
22402256 }
22412257
2258+ /**
2259+ * Holds if forward flow with access path `tail` reaches a store of `c`
2260+ * resulting in access path `cons`.
2261+ */
22422262 pragma [ nomagic]
22432263 private predicate fwdFlowConsCand ( Ap cons , Content c , Ap tail , Configuration config ) {
22442264 exists ( TypedContent tc |
@@ -2294,7 +2314,8 @@ private module Stage4 {
22942314 }
22952315
22962316 /**
2297- * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`.
2317+ * Holds if an argument to `call` is reached in the flow covered by `fwdFlow`
2318+ * and data might flow through the target callable and back out at `call`.
22982319 */
22992320 pragma [ nomagic]
23002321 private predicate fwdFlowIsEntered (
@@ -2413,6 +2434,10 @@ private module Stage4 {
24132434 tc .getContent ( ) = c
24142435 }
24152436
2437+ /**
2438+ * Holds if reverse flow with access path `tail` reaches a read of `c`
2439+ * resulting in access path `cons`.
2440+ */
24162441 pragma [ nomagic]
24172442 private predicate revFlowConsCand ( Ap cons , Content c , Ap tail , Configuration config ) {
24182443 exists ( Node mid |
@@ -2455,7 +2480,9 @@ private module Stage4 {
24552480 }
24562481
24572482 /**
2458- * Holds if an output from `call` is reached in the flow covered by `revFlow`.
2483+ * Holds if an output from `call` is reached in the flow covered by `revFlow`
2484+ * and data might flow through the target callable resulting in reverse flow
2485+ * reaching an argument of `call`.
24592486 */
24602487 pragma [ nomagic]
24612488 private predicate revFlowIsReturned (
@@ -3315,6 +3342,11 @@ private predicate finalStats(boolean fwd, int nodes, int fields, int conscand, i
33153342 tuples = count ( PathNode pn | reach ( pn ) )
33163343}
33173344
3345+ /**
3346+ * INTERNAL: Only for debugging.
3347+ *
3348+ * Calculates per-stage metrics for data flow.
3349+ */
33183350predicate stageStats (
33193351 int n , string stage , int nodes , int fields , int conscand , int tuples , Configuration config
33203352) {
0 commit comments