From 4a35862aa89b29368601c4d5c0ab44f1899087f8 Mon Sep 17 00:00:00 2001 From: Sam Blackshear Date: Wed, 5 Oct 2016 20:31:00 -0700 Subject: [PATCH] [quandary] dont add passthroughs from callee to caller Summary: We were previously leaking the passthroughs of the callee into the caller. We definitely don't want to do this since it could make the summaries higher up in the call stack explode. If we need to know the passthroughs of a callee, we can always read them from the callee's summary. Reviewed By: jeremydubreil Differential Revision: D3972679 fbshipit-source-id: 5b5903f --- infer/src/quandary/Trace.ml | 12 +++++------- infer/tests/codetoanalyze/java/quandary/issues.exp | 4 ++-- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/infer/src/quandary/Trace.ml b/infer/src/quandary/Trace.ml index a1cdfa98b..f557b17e2 100644 --- a/infer/src/quandary/Trace.ml +++ b/infer/src/quandary/Trace.ml @@ -153,15 +153,13 @@ module Make (Spec : Spec) = struct |> Sources.union caller_trace.sources in let sinks = Sinks.union caller_trace.sinks callee_trace.sinks in let passthroughs = - (* true if the procedure of [sink] is itself a sink rather than a caller of a sink *) let is_original_sink sink = Procname.equal (CallSite.pname callee_site) (CallSite.pname (Sink.call_site sink)) in - let joined_passthroughs = - Passthroughs.union caller_trace.passthroughs callee_trace.passthroughs in - if Sinks.is_empty callee_trace.sinks || - not (Sinks.for_all is_original_sink callee_trace.sinks) - then Passthroughs.add (Passthrough.make callee_site) joined_passthroughs - else joined_passthroughs in + (* add [callee_site] as a passthrough if it is not an "original" sink; that is, a procedure + that is itself a sink rather than a caller of a sink *) + if Sinks.exists is_original_sink callee_trace.sinks + then caller_trace.passthroughs + else Passthroughs.add (Passthrough.make callee_site) caller_trace.passthroughs in { sources; sinks; passthroughs; } let initial = diff --git a/infer/tests/codetoanalyze/java/quandary/issues.exp b/infer/tests/codetoanalyze/java/quandary/issues.exp index 50f8c1a42..1c793bbf3 100644 --- a/infer/tests/codetoanalyze/java/quandary/issues.exp +++ b/infer/tests/codetoanalyze/java/quandary/issues.exp @@ -75,10 +75,10 @@ Interprocedural.java:83: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTa Interprocedural.java:95: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 95]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 91]) via { void Interprocedural.callSinkParam2(Object,Object) at [line 95] } Interprocedural.java:108: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 107]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 103]) via { void Interprocedural.callSinkOnFieldDirect() at [line 108] } Interprocedural.java:118: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 117]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 112]) via { void Interprocedural.callSinkOnFieldIndirect(Interprocedural$Obj) at [line 118] } -Interprocedural.java:132: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 131]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 127]) via { void Interprocedural.callSinkOnLocal() at [line 132], Object Interprocedural.getF() at [line 126] } +Interprocedural.java:132: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 131]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 127]) via { void Interprocedural.callSinkOnLocal() at [line 132] } Interprocedural.java:141: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 140]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 136]) via { void Interprocedural.callSinkOnGlobal() at [line 141] } Interprocedural.java:156: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 155]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 136]) via { void Interprocedural.callSinkOnGlobal() at [line 156], void Interprocedural.setGlobal(Object) at [line 155] } -Interprocedural.java:170: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 169]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 165]) via { Object Interprocedural.getGlobal() at [line 164], void Interprocedural.getGlobalThenCallSink() at [line 170] } +Interprocedural.java:170: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 169]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 165]) via { void Interprocedural.getGlobalThenCallSink() at [line 170] } Interprocedural.java:178: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 176]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 178]) via { Object Interprocedural.id(Object) at [line 177] } Interprocedural.java:185: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 182]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 185]) via { Object Interprocedural.id(Object) at [line 183], Object Interprocedural.id(Object) at [line 184] } Interprocedural.java:196: ERROR: QUANDARY_TAINT_ERROR Error: Other(Object InferTaint.inferSecretSource() at [line 191]) -> Other(void InferTaint.inferSensitiveSink(Object) at [line 196]) via { Object Interprocedural.returnSourceConditional(boolean) at [line 196] }