Skip to content

C++ IR: Support for global virtual dispatch #2638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
geoffw0 merged 3 commits into from
Jan 20, 2020
Merged

C++ IR: Support for global virtual dispatch #2638

geoffw0 merged 3 commits into from
Jan 20, 2020

Conversation

@jbj
Copy link
Contributor

@jbj jbj commented Jan 16, 2020

The IR data flow library now supports virtual dispatch with a library that's similar to security.TaintTracking. In particular, it should have the same performance characteristics. The main difference is that non-recursive callers of flowsFrom now pass _ instead of true for boolean allowFromArg. This change allows flow through return to actually work.

@jbj
C++ IR: Support for global virtual dispatch
f4d0c5e 
The IR data flow library now supports virtual dispatch with a library
that's similar to `security.TaintTracking`. In particular, it should
have the same performance characteristics. The main difference is that
non-recursive callers of `flowsFrom` now pass `_` instead of `true` for
`boolean allowFromArg`. This change allows flow through `return` to
actually work.
@jbj jbj added the C++ label Jan 16, 2020
@jbj jbj requested a review from a team as a code owner January 16, 2020 14:00
@jbj
Copy link
Contributor Author

jbj commented Jan 16, 2020

Performance is good on MySQL and facebookincubator/fizz. There's a lot of room for optimisation, but I'd like to find a database with bad performance before optimising.

geoffw0
geoffw0 reviewed Jan 17, 2020
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty happy with this. I've asked a few questions to check my understanding.

I'd like to find a database with bad performance before optimising.

Yes - I imagine in many projects there just won't be enough DataSensitiveCalls for performance issues to manifest. Perhaps run select count(DataSensitiveCall dsc) on LGTM and see which projects come up top?

@geoffw0 geoffw0 mentioned this pull request Jan 17, 2020
Merged
geoffw0
geoffw0 approved these changes Jan 20, 2020
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@geoffw0 geoffw0 merged commit 5a20e85 into github:master Jan 20, 2020
@MathiasVP MathiasVP mentioned this pull request Aug 19, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees

No one assigned

Labels

C++

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbj @geoffw0