infer_clone/infer/src/quandary/TaintAnalysis.ml

(*
 * Copyright (c) 2016 - present Facebook, Inc.
 * All rights reserved.
 *
 * This source code is licensed under the BSD style license found in the
 * LICENSE file in the root directory of this source tree. An additional grant
 * of patent rights can be found in the PATENTS file in the same directory.
 *)

open! Utils

module F = Format
module L = Logging

(** Create a taint analysis from a trace domain *)
module Make (TraceDomain : Trace.S) = struct

  module TaintDomain = AccessTree.Make (TraceDomain)
  module IdMapDomain = IdAccessPathMapDomain

  module Domain = struct
    type astate =
      {
        access_tree : TaintDomain.astate; (* mapping of access paths to trace sets *)
        id_map : IdMapDomain.astate; (* mapping of id's to access paths for normalization *)
      }

    let initial =
      let access_tree = TaintDomain.initial in
      let id_map = IdMapDomain.initial in
      { access_tree; id_map; }

    let (<=) ~lhs ~rhs =
      if lhs == rhs
      then true
      else
        TaintDomain.(<=) ~lhs:lhs.access_tree ~rhs:rhs.access_tree &&
        IdMapDomain.(<=) ~lhs:lhs.id_map ~rhs:rhs.id_map

    let join astate1 astate2 =
      if astate1 == astate2
      then astate1
      else
        let access_tree = TaintDomain.join astate1.access_tree astate2.access_tree in
        let id_map = IdMapDomain.join astate1.id_map astate2.id_map in
        { access_tree; id_map; }

    let widen ~prev ~next ~num_iters =
      if prev == next
      then prev
      else
        let access_tree =
          TaintDomain.widen ~prev:prev.access_tree ~next:next.access_tree ~num_iters in
        let id_map = IdMapDomain.widen ~prev:prev.id_map ~next:next.id_map ~num_iters in
        { access_tree; id_map; }

    let pp fmt { access_tree; id_map; } =
      F.fprintf fmt "(%a, %a)" TaintDomain.pp access_tree IdMapDomain.pp id_map
  end

end
taint domain Reviewed By: jvillard Differential Revision: D3723785 fbshipit-source-id: c55f0e4 8 years ago			`(*`
			`* Copyright (c) 2016 - present Facebook, Inc.`
			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD style license found in the`
			`* LICENSE file in the root directory of this source tree. An additional grant`
			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*)`

			`open! Utils`

			`module F = Format`
			`module L = Logging`

			`(** Create a taint analysis from a trace domain *)`
			`module Make (TraceDomain : Trace.S) = struct`

			`module TaintDomain = AccessTree.Make (TraceDomain)`
			`module IdMapDomain = IdAccessPathMapDomain`

			`module Domain = struct`
			`type astate =`
			`{`
			`access_tree : TaintDomain.astate; (* mapping of access paths to trace sets *)`
			`id_map : IdMapDomain.astate; (* mapping of id's to access paths for normalization *)`
			`}`

			`let initial =`
			`let access_tree = TaintDomain.initial in`
			`let id_map = IdMapDomain.initial in`
			`{ access_tree; id_map; }`

			`let (<=) ~lhs ~rhs =`
			`if lhs == rhs`
			`then true`
			`else`
			`TaintDomain.(<=) ~lhs:lhs.access_tree ~rhs:rhs.access_tree &&`
			`IdMapDomain.(<=) ~lhs:lhs.id_map ~rhs:rhs.id_map`

			`let join astate1 astate2 =`
			`if astate1 == astate2`
			`then astate1`
			`else`
			`let access_tree = TaintDomain.join astate1.access_tree astate2.access_tree in`
			`let id_map = IdMapDomain.join astate1.id_map astate2.id_map in`
			`{ access_tree; id_map; }`

			`let widen ~prev ~next ~num_iters =`
			`if prev == next`
			`then prev`
			`else`
			`let access_tree =`
			`TaintDomain.widen ~prev:prev.access_tree ~next:next.access_tree ~num_iters in`
			`let id_map = IdMapDomain.widen ~prev:prev.id_map ~next:next.id_map ~num_iters in`
			`{ access_tree; id_map; }`

			`let pp fmt { access_tree; id_map; } =`
			`F.fprintf fmt "(%a, %a)" TaintDomain.pp access_tree IdMapDomain.pp id_map`
			`end`

			`end`