pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] skeleton for ObjC traces

Browse Source 
Summary: Generalized the CppTrace into a Clang trace because we don't currently have separate checkers for Obj-C and Cpp. Happy to separate them later if there is a good reason

Reviewed By: akotulski

Differential Revision: D4394952

fbshipit-source-id: e288761
master
Sam Blackshear 9 years ago committed by Facebook Github Bot
parent 73f219560d
commit 685f205dda
9 changed files with 91 additions and 11 deletions
Show Stats Download Patch File Download Diff File

2
infer/src/checkers/registerCheckers.ml
Unescape View File

@ -49,7 +49,7 @@ let active_procedure_checkers () =
Checkers.callback_print_c_method_calls, false; Checkers.callback_print_c_method_calls, false;
CheckDeadCode.callback_check_dead_code, false; CheckDeadCode.callback_check_dead_code, false;
Checkers.callback_print_access_to_globals, false; Checkers.callback_print_access_to_globals, false;
CppTaintAnalysis.checker, Config.quandary; ClangTaintAnalysis.checker, Config.quandary;
Siof.checker, checkers_enabled; Siof.checker, checkers_enabled;
] in ] in
IList.map (fun (x, y) -> (x, y, Some Config.Clang)) l in IList.map (fun (x, y) -> (x, y, Some Config.Clang)) l in

6
infer/src/quandary/CppTaintAnalysis.ml → infer/src/quandary/ClangTaintAnalysis.ml
Unescape View File

@ -14,13 +14,13 @@ module L = Logging
include include
TaintAnalysis.Make(struct TaintAnalysis.Make(struct
module Trace = CppTrace module Trace = ClangTrace
module AccessTree = AccessTree.Make(Trace) module AccessTree = AccessTree.Make(Trace)
let to_summary_access_tree tree = QuandarySummary.AccessTree.Cpp tree let to_summary_access_tree tree = QuandarySummary.AccessTree.Clang tree
let of_summary_access_tree = function let of_summary_access_tree = function
| QuandarySummary.AccessTree.Cpp tree -> tree | QuandarySummary.AccessTree.Clang tree -> tree
| _ -> assert false | _ -> assert false
let handle_unknown_call _ _ = let handle_unknown_call _ _ =

13
infer/src/quandary/CppTrace.ml → infer/src/quandary/ClangTrace.ml
Unescape View File

@ -26,8 +26,7 @@ module Kind = struct
| (Procname.ObjC_Cpp cpp_pname) as pname -> | (Procname.ObjC_Cpp cpp_pname) as pname ->
begin begin
match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with
(* placeholder for real sources *) | "InferTaint", "source" -> Some Other
| "Namespace here", "method name here" -> None
| _ -> None | _ -> None
end end
| (Procname.C _) as pname -> | (Procname.C _) as pname ->
@ -37,6 +36,8 @@ module Kind = struct
| "__infer_taint_source" -> Some Other | "__infer_taint_source" -> Some Other
| _ -> None | _ -> None
end end
| Procname.Block _ ->
None
| pname when BuiltinDecl.is_declared pname -> | pname when BuiltinDecl.is_declared pname ->
None None
| pname -> | pname ->
@ -66,6 +67,12 @@ module SinkKind = struct
(fun actual_num _ -> kind, actual_num, report_reachable) (fun actual_num _ -> kind, actual_num, report_reachable)
actuals in actuals in
match pname with match pname with
| (Procname.ObjC_Cpp cpp_pname) as pname ->
begin
match Procname.objc_cpp_get_class_name cpp_pname, Procname.get_method pname with
| "InferTaint", "sink:" -> taint_all actuals Other ~report_reachable:true
| _ -> []
end
| Procname.C _ -> | Procname.C _ ->
begin begin
match Procname.to_string pname with match Procname.to_string pname with
@ -76,6 +83,8 @@ module SinkKind = struct
| _ -> | _ ->
[] []
end end
| Procname.Block _ ->
[]
| pname when BuiltinDecl.is_declared pname -> | pname when BuiltinDecl.is_declared pname ->
[] []
| pname -> | pname ->

12
infer/src/quandary/ClangTrace.mli
Unescape View File

@ -0,0 +1,12 @@
(*
* Copyright (c) 2017 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*)
open! IStd
include Trace.S

6
infer/src/quandary/QuandarySummary.ml
Unescape View File

@ -15,16 +15,16 @@ module F = Format
module L = Logging module L = Logging
module Java = AccessTree.Make(JavaTrace) module Java = AccessTree.Make(JavaTrace)
module Cpp = AccessTree.Make(CppTrace) module Clang = AccessTree.Make(ClangTrace)
module AccessTree = struct module AccessTree = struct
type t = type t =
| Java of Java.t | Java of Java.t
| Cpp of Cpp.t | Clang of Clang.t
let pp fmt = function let pp fmt = function
| Java access_tree -> Java.pp fmt access_tree | Java access_tree -> Java.pp fmt access_tree
| Cpp access_tree -> Cpp.pp fmt access_tree | Clang access_tree -> Clang.pp fmt access_tree
end end
type t = AccessTree.t type t = AccessTree.t

4
infer/src/quandary/QuandarySummary.mli
Unescape View File

@ -15,12 +15,12 @@ open! IStd
module F = Format module F = Format
module Java : module type of (AccessTree.Make(JavaTrace)) module Java : module type of (AccessTree.Make(JavaTrace))
module Cpp : module type of (AccessTree.Make(CppTrace)) module Clang : module type of (AccessTree.Make(ClangTrace))
module AccessTree : sig module AccessTree : sig
type t = type t =
| Java of Java.t | Java of Java.t
| Cpp of Cpp.t | Clang of Clang.t
end end
type t = AccessTree.t type t = AccessTree.t

25
infer/tests/codetoanalyze/objc/quandary/Makefile
Unescape View File

@ -0,0 +1,25 @@
# Copyright (c) 2017 - present Facebook, Inc.
# All rights reserved.
#
# This source code is licensed under the BSD style license found in the
# LICENSE file in the root directory of this source tree. An additional grant
# of patent rights can be found in the PATENTS file in the same directory.
TESTS_DIR = ../../..
IPHONESIMULATOR_ISYSROOT_SUFFIX = /Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator.sdk
XCODEROOT = $(shell xcode-select -p)
CLANG_OPTIONS = -x objective-c \
-isysroot $(XCODEROOT)$(IPHONESIMULATOR_ISYSROOT_SUFFIX) \
-mios-simulator-version-min=8.2 --target=x86_64-apple-darwin14 -c \
ANALYZER = quandary
INFER_OPTIONS = --no-filtering --debug-exceptions --project-root $(TESTS_DIR) --iphoneos-target-sdk-version 8.0
INFERPRINT_OPTIONS = --issues-tests
SOURCES = \
$(wildcard *.m) \
include $(TESTS_DIR)/clang.make

33
infer/tests/codetoanalyze/objc/quandary/basics.m
Unescape View File

@ -0,0 +1,33 @@
/*
* Copyright (c) 2017 - present Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*/
#import <Foundation/NSObject.h>
@interface InferTaint : NSObject {
}
+ (NSObject*)source;
+ (void)sink:(NSObject*)param;
+ (void)notASink:(NSObject*)param;
@end
void callSinkDirectBad() {
NSObject* source = [InferTaint source];
[InferTaint sink:source];
}
void callSinkOnNonSourceOk() {
NSObject* source = [NSObject new];
[InferTaint sink:source];
}
void callNonSinkOnSourceOk() {
NSObject* source = [InferTaint source];
[InferTaint notASink:source];
}

1
infer/tests/codetoanalyze/objc/quandary/issues.exp
Unescape View File

@ -0,0 +1 @@
codetoanalyze/objc/quandary/basics.m, callSinkDirectBad, 2, QUANDARY_TAINT_ERROR, [return from InferTaint_source,call to InferTaint_sink:]
Write Preview
Loading…
Cancel
Save