BindingStringParser: Address perf issues in Token operations

lcartey · lcartey · commit ed87aa9b03f7 · 2025-04-02T11:57:09.000+01:00
Avoid creating a cross-product of tokens identified in a string.

Instead, create an ordering of tokens based on begin/end locations
and process those linearly to find the first/next/contains tokens.
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll
@@ -372,26 +372,85 @@ module BindingStringParser<BindingStringReaderSig BindingStringReader> {
       this = MkDoubleQuoteToken(_, _, _, result)
     }
 
-    Token getNext() {
-      result.getBegin() = this.getEnd() + 1 and
-      result.getReader() = this.getReader()
+    /**
+     * Gets the next contiguous token after the end of this token.
+     */
+    Token getNextAfterEnd() {
+      // Find the last contained token, then get the next token after that
+      result = getNextAfterContained() and
+      // Ensure contiguous tokens
+      consecutiveToken(this, result)
     }
 
-    predicate isFirst() {
-      not exists(Token other |
-        other.getBegin() < this.getBegin() and other.getReader() = this.getReader()
+    bindingset[t1, t2]
+    pragma[inline_late]
+    private predicate consecutiveToken(Token t1, Token t2) { t1.getEnd() + 1 = t2.getBegin() }
+
+    /**
+     * Gets the next token that occurs after the start of this token.
+     */
+    private Token getNext() {
+      exists(int pos |
+        tokenOrdering(this.getReader(), this, pos) and
+        tokenOrdering(this.getReader(), result, pos + uniqueTokensAtPosition(this.getReader(), pos))
       )
     }
 
+    /**
+     * Get the last token contained by this token.
+     */
+    pragma[noinline]
+    private Token getNextAfterContained() {
+      exists(Token lastToken |
+        contains(lastToken) and
+        result = lastToken.getNext() and
+        not contains(result)
+      )
+    }
+
+    predicate isFirst() { tokenOrdering(this.getReader(), this, 1) }
+
     predicate contains(Token t) {
-      this.getReader() = t.getReader() and
-      this.getBegin() < t.getBegin() and
-      this.getEnd() > t.getEnd()
+      // base case, every token contains itself
+      t = this
+      or
+      // Recursive case, find an existing token contained by this token, and determine whether the next token is
+      // contained
+      exists(Token prev |
+        this.contains(prev) and
+        prev.getNext() = t and
+        // In the case of overlapping ranges, report tokens that begin inside this token as "contained"
+        this.getEnd() >= t.getBegin()
+      )
     }
 
     stdlib::Location getLocation() { result = getReader().getLocation() }
   }
 
+  /**
+   * Holds if `t` is ordered at `position` according to the location of the beginning of the token.
+   *
+   * Note: `position` is not contiguous as certain strings may be matched by multiple tokens. In this
+   * case those tokens will all have the same `position`, and the subsequent token will have
+   * `position + count(tokens_with_current_position)`.
+   */
+  private predicate tokenOrdering(BindingStringReader reader, Token t, int position) {
+    t =
+      rank[position](Token token |
+        token.getReader() = reader
+      |
+        token order by token.getBegin(), token.getEnd()
+      )
+  }
+
+  /**
+   * Identify how many tokens are at a given position in the ordering, i.e. have the same beginning and end.
+   */
+  private int uniqueTokensAtPosition(BindingStringReader reader, int position) {
+    tokenOrdering(reader, _, position) and
+    result = count(Token t | tokenOrdering(reader, t, position))
+  }
+
   private class WhiteSpaceToken extends Token, MkWhiteSpaceToken { }
 
   private class CommaToken extends Token, MkCommaToken { }
@@ -431,10 +490,10 @@ module BindingStringParser<BindingStringReaderSig BindingStringReader> {
   private class DotToken extends Token, MkDot { }
 
   private Token getNextSkippingWhitespace(Token t) {
-    result = t.getNext() and
+    result = t.getNextAfterEnd() and
     not result instanceof WhiteSpaceToken
     or
-    exists(WhiteSpaceToken ws | ws = t.getNext() | result = getNextSkippingWhitespace(ws))
+    exists(WhiteSpaceToken ws | ws = t.getNextAfterEnd() | result = getNextSkippingWhitespace(ws))
   }
 
   private newtype TMemberList =
