|
|
@ -708,7 +708,8 @@ module Make (TaintSpecification : TaintSpec.S) = struct
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
module Analyzer =
|
|
|
|
module Analyzer =
|
|
|
|
AbstractInterpreter.Make (ProcCfg.Exceptional) (LowerHil.Make (TransferFunctions) (HilConfig))
|
|
|
|
LowerHil.MakeAbstractInterpreterWithConfig (HilConfig) (ProcCfg.Exceptional)
|
|
|
|
|
|
|
|
(TransferFunctions)
|
|
|
|
|
|
|
|
|
|
|
|
(* sanity checks for summaries. should only be used in developer mode *)
|
|
|
|
(* sanity checks for summaries. should only be used in developer mode *)
|
|
|
|
let check_invariants access_tree =
|
|
|
|
let check_invariants access_tree =
|
|
|
@ -828,21 +829,18 @@ module Make (TaintSpecification : TaintSpec.S) = struct
|
|
|
|
(* bind parameters to a trace with a tainted source (if applicable) *)
|
|
|
|
(* bind parameters to a trace with a tainted source (if applicable) *)
|
|
|
|
let make_initial pdesc =
|
|
|
|
let make_initial pdesc =
|
|
|
|
let pname = Procdesc.get_proc_name pdesc in
|
|
|
|
let pname = Procdesc.get_proc_name pdesc in
|
|
|
|
let access_tree =
|
|
|
|
List.fold
|
|
|
|
List.fold
|
|
|
|
~f:(fun acc (name, typ, taint_opt) ->
|
|
|
|
~f:(fun acc (name, typ, taint_opt) ->
|
|
|
|
match taint_opt with
|
|
|
|
match taint_opt with
|
|
|
|
| Some source ->
|
|
|
|
| Some source ->
|
|
|
|
let base_ap =
|
|
|
|
let base_ap =
|
|
|
|
AccessPath.Abs.Abstracted (AccessPath.of_pvar (Pvar.mk name pname) typ)
|
|
|
|
AccessPath.Abs.Abstracted (AccessPath.of_pvar (Pvar.mk name pname) typ)
|
|
|
|
in
|
|
|
|
in
|
|
|
|
TaintDomain.add_trace base_ap (TraceDomain.of_source source) acc
|
|
|
|
TaintDomain.add_trace base_ap (TraceDomain.of_source source) acc
|
|
|
|
| None ->
|
|
|
|
| None ->
|
|
|
|
acc)
|
|
|
|
acc)
|
|
|
|
~init:TaintDomain.empty
|
|
|
|
~init:TaintDomain.empty
|
|
|
|
(TraceDomain.Source.get_tainted_formals pdesc tenv)
|
|
|
|
(TraceDomain.Source.get_tainted_formals pdesc tenv)
|
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
(access_tree, IdAccessPathMapDomain.empty)
|
|
|
|
|
|
|
|
in
|
|
|
|
in
|
|
|
|
Preanal.do_dynamic_dispatch proc_desc (Cg.create (SourceFile.invalid __FILE__)) tenv ;
|
|
|
|
Preanal.do_dynamic_dispatch proc_desc (Cg.create (SourceFile.invalid __FILE__)) tenv ;
|
|
|
|
let initial = make_initial proc_desc in
|
|
|
|
let initial = make_initial proc_desc in
|
|
|
@ -851,8 +849,8 @@ module Make (TaintSpecification : TaintSpec.S) = struct
|
|
|
|
{formal_map; summary}
|
|
|
|
{formal_map; summary}
|
|
|
|
in
|
|
|
|
in
|
|
|
|
let proc_data = ProcData.make proc_desc tenv extras in
|
|
|
|
let proc_data = ProcData.make proc_desc tenv extras in
|
|
|
|
match Analyzer.compute_post proc_data ~initial ~debug:false with
|
|
|
|
match Analyzer.compute_post proc_data ~initial with
|
|
|
|
| Some (access_tree, _) ->
|
|
|
|
| Some access_tree ->
|
|
|
|
Summary.update_summary (make_summary proc_data access_tree) summary
|
|
|
|
Summary.update_summary (make_summary proc_data access_tree) summary
|
|
|
|
| None ->
|
|
|
|
| None ->
|
|
|
|
if Procdesc.Node.get_succs (Procdesc.get_start_node proc_desc) <> [] then (
|
|
|
|
if Procdesc.Node.get_succs (Procdesc.get_start_node proc_desc) <> [] then (
|
|
|
|