[quandary] skeleton for ObjC traces

Summary: Generalized the CppTrace into a Clang trace because we don't currently have separate checkers for Obj-C and Cpp. Happy to separate them later if there is a good reason

Reviewed By: akotulski

Differential Revision: D4394952

fbshipit-source-id: e288761

infer/src/checkers/registerCheckers.ml

@@ -49,7 +49,7 @@ let active_procedure_checkers () =
         Checkers.callback_print_c_method_calls, false;
         CheckDeadCode.callback_check_dead_code, false;
         Checkers.callback_print_access_to_globals, false;
-        CppTaintAnalysis.checker, Config.quandary;
+        ClangTaintAnalysis.checker, Config.quandary;
         Siof.checker, checkers_enabled;
       ] in
     IList.map (fun (x, y) -> (x, y, Some Config.Clang)) l in

infer/src/quandary/ClangTaintAnalysis.ml

@@ -14,13 +14,13 @@ module L = Logging
 
 include
   TaintAnalysis.Make(struct
-    module Trace = CppTrace
+    module Trace = ClangTrace
     module AccessTree = AccessTree.Make(Trace)
 
-    let to_summary_access_tree tree = QuandarySummary.AccessTree.Cpp tree
+    let to_summary_access_tree tree = QuandarySummary.AccessTree.Clang tree
 
     let of_summary_access_tree = function
-      | QuandarySummary.AccessTree.Cpp tree -> tree
+      | QuandarySummary.AccessTree.Clang tree -> tree
       | _ -> assert false
 
     let handle_unknown_call _ _ =

infer/src/quandary/ClangTrace.ml

@@ -26,8 +26,7 @@ module Kind = struct
     | (Procname.ObjC_Cpp cpp_pname) as pname ->
         begin
           match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with
-          (* placeholder for real sources *)
-          | "Namespace here", "method name here" -> None
+          | "InferTaint", "source" -> Some Other
           | _ -> None
         end
     | (Procname.C _) as pname ->
@@ -37,6 +36,8 @@ module Kind = struct
           | "__infer_taint_source" -> Some Other
           | _ -> None
         end
+    | Procname.Block _ ->
+        None
     | pname when BuiltinDecl.is_declared pname ->
         None
     | pname ->
@@ -66,6 +67,12 @@ module SinkKind = struct
         (fun actual_num _ -> kind, actual_num, report_reachable)
         actuals in
     match pname with
+    | (Procname.ObjC_Cpp cpp_pname) as pname ->
+        begin
+          match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with
+          | "InferTaint", "sink:" -> taint_all actuals Other ~report_reachable:true
+          | _ -> []
+        end
     | Procname.C _ ->
         begin
           match Procname.to_string pname with
@@ -76,6 +83,8 @@ module SinkKind = struct
           | _ ->
               []
         end
+    | Procname.Block _ ->
+        []
     | pname when BuiltinDecl.is_declared pname ->
         []
     | pname ->

infer/src/quandary/ClangTrace.mli

@@ -0,0 +1,12 @@
+(*
+ * Copyright (c) 2017 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ *)
+
+open! IStd
+
+include Trace.S

infer/src/quandary/QuandarySummary.ml

@@ -15,16 +15,16 @@ module F = Format
 module L = Logging
 
 module Java = AccessTree.Make(JavaTrace)
-module Cpp = AccessTree.Make(CppTrace)
+module Clang = AccessTree.Make(ClangTrace)
 
 module AccessTree = struct
   type t =
     | Java of Java.t
-    | Cpp of Cpp.t
+    | Clang of Clang.t
 
   let pp fmt = function
     | Java access_tree -> Java.pp fmt access_tree
-    | Cpp access_tree -> Cpp.pp fmt access_tree
+    | Clang access_tree -> Clang.pp fmt access_tree
 end
 
 type t = AccessTree.t

infer/src/quandary/QuandarySummary.mli

@@ -15,12 +15,12 @@ open! IStd
 module F = Format
 
 module Java : module type of (AccessTree.Make(JavaTrace))
-module Cpp : module type of (AccessTree.Make(CppTrace))
+module Clang : module type of (AccessTree.Make(ClangTrace))
 
 module AccessTree : sig
   type t =
     | Java of Java.t
-    | Cpp of Cpp.t
+    | Clang of Clang.t
 end
 
 type t = AccessTree.t

infer/tests/codetoanalyze/objc/quandary/Makefile

@@ -0,0 +1,25 @@
+# Copyright (c) 2017 - present Facebook, Inc.
+# All rights reserved.
+#
+# This source code is licensed under the BSD style license found in the
+# LICENSE file in the root directory of this source tree. An additional grant
+# of patent rights can be found in the PATENTS file in the same directory.
+
+TESTS_DIR = ../../..
+
+IPHONESIMULATOR_ISYSROOT_SUFFIX = /Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk
+
+XCODEROOT = $(shell xcode-select -p)
+
+CLANG_OPTIONS = -x objective-c \
+  -isysroot $(XCODEROOT)$(IPHONESIMULATOR_ISYSROOT_SUFFIX) \
+  -mios-simulator-version-min=8.2 --target=x86_64-apple-darwin14 -c \
+
+ANALYZER = quandary
+INFER_OPTIONS = --no-filtering --debug-exceptions --project-root $(TESTS_DIR) --iphoneos-target-sdk-version 8.0
+INFERPRINT_OPTIONS = --issues-tests
+
+SOURCES = \
+  $(wildcard *.m) \
+
+include $(TESTS_DIR)/clang.make

infer/tests/codetoanalyze/objc/quandary/basics.m

@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2017 - present Facebook, Inc.
+ * All rights reserved.
+ *
+ * This source code is licensed under the BSD style license found in the
+ * LICENSE file in the root directory of this source tree. An additional grant
+ * of patent rights can be found in the PATENTS file in the same directory.
+ */
+
+#import <Foundation/NSObject.h>
+
+@interface InferTaint : NSObject {
+}
+
++ (NSObject*)source;
++ (void)sink:(NSObject*)param;
++ (void)notASink:(NSObject*)param;
+@end
+
+void callSinkDirectBad() {
+  NSObject* source = [InferTaint source];
+  [InferTaint sink:source];
+}
+
+void callSinkOnNonSourceOk() {
+  NSObject* source = [NSObject new];
+  [InferTaint sink:source];
+}
+
+void callNonSinkOnSourceOk() {
+  NSObject* source = [InferTaint source];
+  [InferTaint notASink:source];
+}

infer/tests/codetoanalyze/objc/quandary/issues.exp

@@ -0,0 +1 @@
+codetoanalyze/objc/quandary/basics.m, callSinkDirectBad, 2, QUANDARY_TAINT_ERROR, [return from InferTaint_source,call to InferTaint_sink:]