Sam Blackshear
2c0bf042b4
[checkers] extract access paths from non-lhs expressions
...
Reviewed By: jvillard
Differential Revision: D4081279
fbshipit-source-id: bf2b644
8 years ago
Sam Blackshear
53de1b7f53
[quandary] use unsound dynamic dispatch handling on super-polymorphic call sites
...
Reviewed By: jeremydubreil
Differential Revision: D4081381
fbshipit-source-id: a29e1b4
8 years ago
Sam Blackshear
319463b3bc
[quandary] propagating taint from unknown procedures and constructors
...
Summary:
Right now, taint gets lost if it flows into a constructor or procedure whose implementation is missing.
Since the core Java (e.g., String) and Android classes (e.g, Intent) are among these, this is bad.
We could handle this by writing a bunch of models instead, but that would be a lot of work (plus we may still miss cases).
Reviewed By: jvillard
Differential Revision: D4051591
fbshipit-source-id: 65851c8
8 years ago
Sam Blackshear
355ab92130
[backend] move expression pretty-printing into exp module
...
Reviewed By: jberdine
Differential Revision: D4059909
fbshipit-source-id: b382cb1
8 years ago
Sam Blackshear
ef8e76bdec
[quandary] don't apply summary when the callee is a source or sink
...
Reviewed By: jvillard
Differential Revision: D4051420
fbshipit-source-id: 637f2cb
8 years ago
Sam Blackshear
6fc1a7e20f
[quandary] reporting on array passed to sink when contents of array are tainted
...
Reviewed By: jeremydubreil
Differential Revision: D4022485
fbshipit-source-id: 87bc432
8 years ago
Sam Blackshear
08509fb2ab
[quandary] don't double-report flows
...
Summary:
Before, if I wrote code like
```
x = src()
sink(x)
sink(x)
```
we would report three times instead of two.
The first flow would be double-reported.
Reviewed By: jeremydubreil
Differential Revision: D4024678
fbshipit-source-id: fcd5b30
8 years ago
Sam Blackshear
512de69e13
[quandary] handle dynamic dispatch
...
Reviewed By: jeremydubreil
Differential Revision: D3997701
fbshipit-source-id: 085bc16
8 years ago
Sam Blackshear
6aee686cb2
[quandary] passing actuals to the sink-determining code
...
Differential Revision: D4012216
fbshipit-source-id: 86e8aca
8 years ago
Sam Blackshear
1a958d1d8b
[quandary] simplifying Source module interface now that calls have single retval
...
Reviewed By: jberdine
Differential Revision: D3998163
fbshipit-source-id: 399db5a
8 years ago
Sam Blackshear
35bb540bf4
[quandary] adding TaintSpec module for clearer naming
...
Reviewed By: jberdine
Differential Revision: D3997622
fbshipit-source-id: 3f22c8e
8 years ago
Sam Blackshear
715e521ead
[quandary] making summaries smaller
...
Reviewed By: jberdine
Differential Revision: D3981791
fbshipit-source-id: 8d4c839
8 years ago
Sam Blackshear
95a82a6a04
[backend] don't run preanalysis twice
...
Reviewed By: jeremydubreil
Differential Revision: D3982521
fbshipit-source-id: edb22e9
8 years ago
Josh Berdine
314506ec1a
[quandary] ok to have no post if start node has no succs
...
Reviewed By: sblackshear
Differential Revision: D3991275
fbshipit-source-id: 5f8c4be
8 years ago
Sam Blackshear
5e2e7b88aa
[quandary] allow trace-specific rules for handling unknown code
...
Reviewed By: jeremydubreil
Differential Revision: D3962285
fbshipit-source-id: b14f3d2
8 years ago
Josh Berdine
c094a38d56
[IR] Simplify to single return id, with type
...
Summary:
Change Sil.Call instruction to have only a single optional return
identifier, insted of a list. Essentially none of the code handled
multiple return identifiers. Also, add the type of the return
identitifier to Call instructions.
Reviewed By: sblackshear
Differential Revision: D3919358
fbshipit-source-id: d2d4f72
8 years ago
Sam Blackshear
fbfece20af
[quandary] using exceptional procCFG to explore exceptional control-flow
...
Reviewed By: dkgi
Differential Revision: D3871621
fbshipit-source-id: e76a274
8 years ago
Sam Blackshear
4b9899d6b2
[quandary] handling globals in function summaries
...
Reviewed By: jeremydubreil
Differential Revision: D3866616
fbshipit-source-id: 1b77bca
8 years ago
Sam Blackshear
b1039f51f8
[quandary] add summaries for footprint traces associated with locals
...
Differential Revision: D3883275
fbshipit-source-id: 651116e
8 years ago
Cristiano Calcagno
4cee6907ec
[backend] Remove the global reference DB.current_source and clean up the flow of information about the current source file.
...
Summary:
The global reference `DB.current_source` is used internally in the module DB, by all the front-ends, and directly and indirectly by the back-end, including saving and restoring the state in case of on-demand procedure calls. In particular, it is heavily used in printing functions.
This diff cleans up the flow of information about what the current file is, making it explicit, and removes the reference.
Reviewed By: jberdine
Differential Revision: D3901247
fbshipit-source-id: ef596bd
8 years ago
Sam Blackshear
ae759ee21f
[quandary] fixing crashes when running on recursive code
...
Reviewed By: cristianoc
Differential Revision: D3888004
fbshipit-source-id: d432496
8 years ago
Sam Blackshear
de146f4f2d
[quandary] switch to using base -> formal num map in extras
...
Reviewed By: dkgi
Differential Revision: D3883256
fbshipit-source-id: 857e1f9
8 years ago
Sam Blackshear
31e6849ec0
[quandary] using summaries part 2: the relational cases
...
Differential Revision: D3861751
fbshipit-source-id: d7858e6
8 years ago
Sam Blackshear
e4beca3779
[quandary] using summaries part 1: return
...
Reviewed By: jeremydubreil
Differential Revision: D3857310
fbshipit-source-id: 29c5994
8 years ago
Sam Blackshear
cf8c957483
[quandary] use preanalysis for abstract GC
...
Reviewed By: jeremydubreil
Differential Revision: D3866919
fbshipit-source-id: 87fb380
8 years ago
Josh Berdine
8589dc4868
Remove Tstruct in favor of Tvar
...
Summary:
This diff removes the redundancy in the representation of types where
struct types could be represented either directly using Tstruct or
indirectly using Tvar to refer to the type environment. A consequence
is that it is much harder to construct large type values.
Reviewed By: sblackshear, cristianoc
Differential Revision: D3839753
fbshipit-source-id: cf04ea5
8 years ago
Sam Blackshear
41c121bebf
[quandary] adding quandary summaries to specs
...
Reviewed By: jeremydubreil
Differential Revision: D3851178
fbshipit-source-id: 8a17357
8 years ago
Sam Blackshear
d6d7293633
[quandary] moving logging of errors into analysis
...
Reviewed By: jeremydubreil
Differential Revision: D3850807
fbshipit-source-id: d34f1ab
8 years ago
Sam Blackshear
31435fa936
[quandary] summaries for interprocedural analysis
...
Reviewed By: mbouaziz
Differential Revision: D3838659
fbshipit-source-id: 2382a81
8 years ago
Sam Blackshear
27cfb141da
richer sink specifications
...
Reviewed By: jeremydubreil
Differential Revision: D3831688
fbshipit-source-id: 199f1a5
8 years ago
Sam Blackshear
3368548e3e
replace stackop instruction with skip instruction
...
Reviewed By: cristianoc
Differential Revision: D3828544
fbshipit-source-id: 5a1d05f
8 years ago
Sam Blackshear
1e4b4df427
fixing handling of aliasing for frontend tmp vars
...
Reviewed By: cristianoc
Differential Revision: D3824558
fbshipit-source-id: 624df00
8 years ago
Sam Blackshear
91071af3ad
logging errors
...
Reviewed By: dkgi
Differential Revision: D3806718
fbshipit-source-id: 3abe08a
8 years ago
Sam Blackshear
f64e880c11
java traces
...
Reviewed By: jberdine
Differential Revision: D3754285
fbshipit-source-id: 1709a62
8 years ago
Cristiano Calcagno
91d9cd83b5
Cleanup instruction names: use Load/Store instead of Letderef/Set.
...
Reviewed By: jberdine
Differential Revision: D3749108
fbshipit-source-id: c5aa438
9 years ago
Sam Blackshear
262a121cf6
handle casts
...
Reviewed By: jberdine
Differential Revision: D3742480
fbshipit-source-id: 97b6b44
9 years ago
Sam Blackshear
514107ec88
track sinks
...
Reviewed By: mbouaziz
Differential Revision: D3725051
fbshipit-source-id: 294203a
9 years ago
Sam Blackshear
f0028669ee
propagate tainted sources
...
Reviewed By: mbouaziz
Differential Revision: D3723878
fbshipit-source-id: 6774e0b
9 years ago
Sam Blackshear
3b12208e1b
intraprocedural taint analysis that records sources
...
Reviewed By: jvillard
Differential Revision: D3723819
fbshipit-source-id: 941e1fc
9 years ago
Sam Blackshear
e853b01051
taint domain
...
Reviewed By: jvillard
Differential Revision: D3723785
fbshipit-source-id: c55f0e4
9 years ago