Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: github/codeql
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: main
Choose a base ref
...
head repository: github/codeql
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: yoff/python-use-shared-control-flow
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 6 commits
  • 42 files changed
  • 1 contributor

Commits on Apr 16, 2026

  1. Python: Add self-validating CFG tests 

    These tests consist of various Python constructions (hopefully a
somewhat comprehensive set) with specific timestamp annotations
scattered throughout. When the tests are run using the Python 3
interpreter, these annotations are checked and compared to the "current
timestamp" to see that they are in agreement. This is what makes the
tests "self-validating".

There are a few different kinds of annotations: the basic `t[4]` style
(meaning this is executed at timestamp 4), the `t.dead[4]` variant
(meaning this _would_ happen at timestamp 4, but it is in a dead
branch), and `t.never` (meaning this is never executed at all).

In addition to this, there is a query, MissingAnnotations, which checks
whether we have applied these annotations maximally. Many expression
nodes are not actually annotatable, so there is a sizeable list of
excluded nodes for that query.
    @tausbn
    tausbn committed Apr 16, 2026
    Configuration menu
    Copy the full SHA
    21c0d3d View commit details
    Browse the repository at this point in the history

  2. Python: Add some CFG-validation queries 

    These use the annotated, self-verifying test files to check various
consistency requirements.

Some of these may be expressing the same thing in different ways, but
it's fairly cheap to keep them around, so I have not attempted to
produce a minimal set of queries for this.
    @tausbn
    tausbn committed Apr 16, 2026
    Configuration menu
    Copy the full SHA
    d29fa6f View commit details
    Browse the repository at this point in the history

  3. Python: Add BasicBlockOrdering test 

    This one demonstrates a bug in the current CFG. In a dictionary
comprehension `{k: v for k, v in d.items()}`, we evaluate the value
before the key, which is incorrect. (A fix for this bug has been
implemented in a separate PR.)
    @tausbn
    tausbn committed Apr 16, 2026
    Configuration menu
    Copy the full SHA
    91f74ce View commit details
    Browse the repository at this point in the history

  4. Python: Add NeverReachable test 

    This looks for nodes annotated with `t.never` in the test that are
reachable in the CFG. This should not happen (it messes with various
queries, e.g. the "mixed returns" query), but the test shows that in a
few particular cases (involving the `match` statement where all cases
contain `return`s), we _do_ have reachable nodes that shouldn't be.
    @tausbn
    tausbn committed Apr 16, 2026
    Configuration menu
    Copy the full SHA
    06de5e7 View commit details
    Browse the repository at this point in the history

  5. Python: Add ConsecutiveTimestamps test 

    This one is potentially a bit iffy -- it checks for a very powerful
propetry (that implies many of the other queries), but as the test
results show, it can produce false positives when there is in fact no
problem. We may want to get rid of it entirely, if it becomes too noisy.
    @tausbn
    tausbn committed Apr 16, 2026
    Configuration menu
    Copy the full SHA
    a8f9f10 View commit details
    Browse the repository at this point in the history

  6. Python: First stab at shared control-flow

    @tausbn
    tausbn committed Apr 16, 2026
    Configuration menu
    Copy the full SHA
    92a81ea View commit details
    Browse the repository at this point in the history
Loading