[quandary] expose actuals to Source.get

Summary: This gives us more expressive power when defining sources--we can use heuristics like "`foo(o)` only returns a source when `o` is not a constant". Reviewed By: jvillard Differential Revision: D5467935 fbshipit-source-id: f3d581d
7 years ago · ecf9c1b402
parent 845114f570
commit ecf9c1b402
7 changed files with 14 additions and 14 deletions
--- a/infer/src/checkers/Source.ml
+++ b/infer/src/checkers/Source.ml
@ -19,7 +19,7 @@ module type Kind = sig

  val unknown : t

-  val get : Typ.Procname.t -> Tenv.t -> (t * int option) option
+  val get : Typ.Procname.t -> HilExp.t list -> Tenv.t -> (t * int option) option

  val get_tainted_formals : Procdesc.t -> Tenv.t -> (Mangled.t * Typ.t * t option) list
 end
@ -35,7 +35,7 @@ module type S = sig

  val get_footprint_access_path : t -> AccessPath.t option

-  val get : CallSite.t -> Tenv.t -> spec option
+  val get : CallSite.t -> HilExp.t list -> Tenv.t -> spec option

  val get_tainted_formals : Procdesc.t -> Tenv.t -> (Mangled.t * Typ.t * t option) list
 end
@ -73,8 +73,8 @@ module Make (Kind : Kind) = struct
    let site = CallSite.make (Procdesc.get_proc_name pdesc) (Procdesc.get_loc pdesc) in
    {site; kind}

-  let get site tenv =
-    match Kind.get (CallSite.pname site) tenv with
+  let get site actuals tenv =
+    match Kind.get (CallSite.pname site) actuals tenv with
    | Some (kind, index)
     -> let source = make kind site in
        Some {source; index}
@ -122,7 +122,7 @@ module Dummy = struct

  let get_footprint_access_path _ = assert false

-  let get _ _ = None
+  let get _ _ _ = None

  let get_tainted_formals pdesc _ =
    List.map ~f:(fun (name, typ) -> (name, typ, None)) (Procdesc.get_formals pdesc)
--- a/infer/src/checkers/Source.mli
+++ b/infer/src/checkers/Source.mli
@ -18,8 +18,8 @@ module type Kind = sig
  val unknown : t
  (** kind of an unknown source *)

-  val get : Typ.Procname.t -> Tenv.t -> (t * int option) option
-  (** return Some (kind) if the procedure is a taint source, None otherwise *)
+  val get : Typ.Procname.t -> HilExp.t list -> Tenv.t -> (t * int option) option
+  (** return Some (kind) if the procedure with the given actuals is a taint source, None otherwise *)

  val get_tainted_formals : Procdesc.t -> Tenv.t -> (Mangled.t * Typ.t * t option) list
  (** return each formal of the function paired with either Some(kind) if the formal is a taint
@ -42,8 +42,8 @@ module type S = sig
  val get_footprint_access_path : t -> AccessPath.t option
  (** return Some(access path) if the current source is a footprint source, None otherwise *)

-  val get : CallSite.t -> Tenv.t -> spec option
-  (** return Some (taint spec) if the call site is a taint source, None otherwise *)
+  val get : CallSite.t -> HilExp.t list -> Tenv.t -> spec option
+  (** return Some (taint spec) if the call site with the given actuals is a taint source, None otherwise *)

  val get_tainted_formals : Procdesc.t -> Tenv.t -> (Mangled.t * Typ.t * t option) list
  (** return each formal of the function paired with either Some(source) if the formal is a taint
--- a/infer/src/quandary/ClangTrace.ml
+++ b/infer/src/quandary/ClangTrace.ml
@ -54,7 +54,7 @@ module SourceKind = struct
        else None)
      external_sources

-  let get pname _ =
+  let get pname _ _ =
    let return = None in
    match pname with
    | Typ.Procname.ObjC_Cpp cpp_name
--- a/infer/src/quandary/JavaTrace.ml
+++ b/infer/src/quandary/JavaTrace.ml
@ -40,7 +40,7 @@ module SourceKind = struct
      ~f:(fun {QuandaryConfig.Source.procedure; kind} -> (Str.regexp procedure, kind))
      (QuandaryConfig.Source.of_json Config.quandary_sources)

-  let get pname tenv =
+  let get pname _ tenv =
    let return = None in
    match pname with
    | Typ.Procname.Java pname -> (
--- a/infer/src/quandary/TaintAnalysis.ml
+++ b/infer/src/quandary/TaintAnalysis.ml
@ -466,7 +466,7 @@ module Make (TaintSpecification : TaintSpec.S) = struct
              | None
               -> astate
            in
-            let source = TraceDomain.Source.get call_site proc_data.tenv in
+            let source = TraceDomain.Source.get call_site actuals proc_data.tenv in
            let astate_with_source =
              match source with
              | Some {TraceDomain.Source.source; index= None}
--- a/infer/src/unit/TaintTests.ml
+++ b/infer/src/unit/TaintTests.ml
@ -18,7 +18,7 @@ module MockTrace = Trace.Make (struct

    let unknown = CallSite.dummy

-    let get pname _ =
+    let get pname _ _ =
      if String.is_prefix ~prefix:"SOURCE" (Typ.Procname.to_string pname) then
        Some (CallSite.make pname Location.dummy, None)
      else None
--- a/infer/src/unit/TraceTests.ml
+++ b/infer/src/unit/TraceTests.ml
@ -55,7 +55,7 @@ module MockSource = struct
  include Source.Make (struct
    include MockTraceElem

-    let get _ = assert false
+    let get _ _ = assert false

    let get_tainted_formals _ = assert false
  end)