Sam Blackshear
53de1b7f53
[quandary] use unsound dynamic dispatch handling on super-polymorphic call sites
...
Reviewed By: jeremydubreil
Differential Revision: D4081381
fbshipit-source-id: a29e1b4
8 years ago
Sam Blackshear
319463b3bc
[quandary] propagating taint from unknown procedures and constructors
...
Summary:
Right now, taint gets lost if it flows into a constructor or procedure whose implementation is missing.
Since the core Java (e.g., String) and Android classes (e.g, Intent) are among these, this is bad.
We could handle this by writing a bunch of models instead, but that would be a lot of work (plus we may still miss cases).
Reviewed By: jvillard
Differential Revision: D4051591
fbshipit-source-id: 65851c8
8 years ago
Sam Blackshear
355ab92130
[backend] move expression pretty-printing into exp module
...
Reviewed By: jberdine
Differential Revision: D4059909
fbshipit-source-id: b382cb1
8 years ago
Sam Blackshear
ef8e76bdec
[quandary] don't apply summary when the callee is a source or sink
...
Reviewed By: jvillard
Differential Revision: D4051420
fbshipit-source-id: 637f2cb
8 years ago
Sam Blackshear
6fc1a7e20f
[quandary] reporting on array passed to sink when contents of array are tainted
...
Reviewed By: jeremydubreil
Differential Revision: D4022485
fbshipit-source-id: 87bc432
8 years ago
Sam Blackshear
08509fb2ab
[quandary] don't double-report flows
...
Summary:
Before, if I wrote code like
```
x = src()
sink(x)
sink(x)
```
we would report three times instead of two.
The first flow would be double-reported.
Reviewed By: jeremydubreil
Differential Revision: D4024678
fbshipit-source-id: fcd5b30
8 years ago
Sam Blackshear
512de69e13
[quandary] handle dynamic dispatch
...
Reviewed By: jeremydubreil
Differential Revision: D3997701
fbshipit-source-id: 085bc16
8 years ago
Sam Blackshear
0a3993edee
[utils] add tags_compare utility to make writing default comparison functions easy
...
Differential Revision: D4020123
fbshipit-source-id: ace1a03
8 years ago
Sam Blackshear
072fe0994f
[quandary] reporting on getenv -> exec flows
...
Differential Revision: D4017588
fbshipit-source-id: ae099f8
8 years ago
Sam Blackshear
6aee686cb2
[quandary] passing actuals to the sink-determining code
...
Differential Revision: D4012216
fbshipit-source-id: 86e8aca
8 years ago
Sam Blackshear
856f84aaff
[quandary] skeleton for C++ analysis
...
Differential Revision: D3998518
fbshipit-source-id: e90c46d
8 years ago
Sam Blackshear
1a958d1d8b
[quandary] simplifying Source module interface now that calls have single retval
...
Reviewed By: jberdine
Differential Revision: D3998163
fbshipit-source-id: 399db5a
8 years ago
Sam Blackshear
35bb540bf4
[quandary] adding TaintSpec module for clearer naming
...
Reviewed By: jberdine
Differential Revision: D3997622
fbshipit-source-id: 3f22c8e
8 years ago
Sam Blackshear
715e521ead
[quandary] making summaries smaller
...
Reviewed By: jberdine
Differential Revision: D3981791
fbshipit-source-id: 8d4c839
8 years ago
Sam Blackshear
95a82a6a04
[backend] don't run preanalysis twice
...
Reviewed By: jeremydubreil
Differential Revision: D3982521
fbshipit-source-id: edb22e9
8 years ago
Josh Berdine
314506ec1a
[quandary] ok to have no post if start node has no succs
...
Reviewed By: sblackshear
Differential Revision: D3991275
fbshipit-source-id: 5f8c4be
8 years ago
Sam Blackshear
4a35862aa8
[quandary] dont add passthroughs from callee to caller
...
Summary:
We were previously leaking the passthroughs of the callee into the caller.
We definitely don't want to do this since it could make the summaries higher up in the call stack explode.
If we need to know the passthroughs of a callee, we can always read them from the callee's summary.
Reviewed By: jeremydubreil
Differential Revision: D3972679
fbshipit-source-id: 5b5903f
8 years ago
Sam Blackshear
8ed645315c
[quandary] fix missing check for builtin in Quandary models
...
Reviewed By: jeremydubreil
Differential Revision: D3972830
fbshipit-source-id: d431dfe
8 years ago
Sam Blackshear
5e2e7b88aa
[quandary] allow trace-specific rules for handling unknown code
...
Reviewed By: jeremydubreil
Differential Revision: D3962285
fbshipit-source-id: b14f3d2
8 years ago
Josh Berdine
c094a38d56
[IR] Simplify to single return id, with type
...
Summary:
Change Sil.Call instruction to have only a single optional return
identifier, insted of a list. Essentially none of the code handled
multiple return identifiers. Also, add the type of the return
identitifier to Call instructions.
Reviewed By: sblackshear
Differential Revision: D3919358
fbshipit-source-id: d2d4f72
8 years ago
Jeremy Dubreil
168c613ac9
[infer][java] Separate the builtins from the other models for a better modularity
...
Summary: The Infer builtins can be used in the e2e tests, but those tests should not depend on the Infer models to avoid cyclic dependencies. This diff separates the models and the Infer builtins in two directories so that the test can depend on the builtins without depending on the models
Reviewed By: sblackshear
Differential Revision: D3929478
fbshipit-source-id: 7d0ab79
8 years ago
Sam Blackshear
3051d90307
[quandary] kill unused Source.to_return proc
...
Reviewed By: jvillard
Differential Revision: D3927750
fbshipit-source-id: a4047f4
8 years ago
Sam Blackshear
af9f34bb60
[quandary] checking for flows from Intents parsed via Uris -> startActivity (and similar)
...
Reviewed By: mburman
Differential Revision: D3905877
fbshipit-source-id: 03fe2f6
8 years ago
Sam Blackshear
fbfece20af
[quandary] using exceptional procCFG to explore exceptional control-flow
...
Reviewed By: dkgi
Differential Revision: D3871621
fbshipit-source-id: e76a274
8 years ago
Sam Blackshear
4b9899d6b2
[quandary] handling globals in function summaries
...
Reviewed By: jeremydubreil
Differential Revision: D3866616
fbshipit-source-id: 1b77bca
8 years ago
Sam Blackshear
b1039f51f8
[quandary] add summaries for footprint traces associated with locals
...
Differential Revision: D3883275
fbshipit-source-id: 651116e
8 years ago
Cristiano Calcagno
4cee6907ec
[backend] Remove the global reference DB.current_source and clean up the flow of information about the current source file.
...
Summary:
The global reference `DB.current_source` is used internally in the module DB, by all the front-ends, and directly and indirectly by the back-end, including saving and restoring the state in case of on-demand procedure calls. In particular, it is heavily used in printing functions.
This diff cleans up the flow of information about what the current file is, making it explicit, and removes the reference.
Reviewed By: jberdine
Differential Revision: D3901247
fbshipit-source-id: ef596bd
8 years ago
Sam Blackshear
ae759ee21f
[quandary] fixing crashes when running on recursive code
...
Reviewed By: cristianoc
Differential Revision: D3888004
fbshipit-source-id: d432496
8 years ago
Sam Blackshear
de146f4f2d
[quandary] switch to using base -> formal num map in extras
...
Reviewed By: dkgi
Differential Revision: D3883256
fbshipit-source-id: 857e1f9
8 years ago
Sam Blackshear
31e6849ec0
[quandary] using summaries part 2: the relational cases
...
Differential Revision: D3861751
fbshipit-source-id: d7858e6
8 years ago
Sam Blackshear
e4beca3779
[quandary] using summaries part 1: return
...
Reviewed By: jeremydubreil
Differential Revision: D3857310
fbshipit-source-id: 29c5994
8 years ago
Sam Blackshear
cf8c957483
[quandary] use preanalysis for abstract GC
...
Reviewed By: jeremydubreil
Differential Revision: D3866919
fbshipit-source-id: 87fb380
8 years ago
Sam Blackshear
9f1c4e4bca
[quandary] adding append operation
...
Reviewed By: jeremydubreil
Differential Revision: D3857100
fbshipit-source-id: 030b1cb
8 years ago
Sam Blackshear
2f34e998c2
[quandary] consider builtins to be neither sources nor sinks
...
Reviewed By: jeremydubreil
Differential Revision: D3861787
fbshipit-source-id: 3eb8516
8 years ago
Josh Berdine
8589dc4868
Remove Tstruct in favor of Tvar
...
Summary:
This diff removes the redundancy in the representation of types where
struct types could be represented either directly using Tstruct or
indirectly using Tvar to refer to the type environment. A consequence
is that it is much harder to construct large type values.
Reviewed By: sblackshear, cristianoc
Differential Revision: D3839753
fbshipit-source-id: cf04ea5
8 years ago
Sam Blackshear
41c121bebf
[quandary] adding quandary summaries to specs
...
Reviewed By: jeremydubreil
Differential Revision: D3851178
fbshipit-source-id: 8a17357
8 years ago
Sam Blackshear
d6d7293633
[quandary] moving logging of errors into analysis
...
Reviewed By: jeremydubreil
Differential Revision: D3850807
fbshipit-source-id: d34f1ab
8 years ago
Sam Blackshear
31435fa936
[quandary] summaries for interprocedural analysis
...
Reviewed By: mbouaziz
Differential Revision: D3838659
fbshipit-source-id: 2382a81
8 years ago
Sam Blackshear
55a46d1211
[quandary] format for summaries
...
Reviewed By: mbouaziz
Differential Revision: D3838520
fbshipit-source-id: 7cd8bcb
8 years ago
Sam Blackshear
27cfb141da
richer sink specifications
...
Reviewed By: jeremydubreil
Differential Revision: D3831688
fbshipit-source-id: 199f1a5
8 years ago
Sam Blackshear
3368548e3e
replace stackop instruction with skip instruction
...
Reviewed By: cristianoc
Differential Revision: D3828544
fbshipit-source-id: 5a1d05f
8 years ago
Sam Blackshear
1e4b4df427
fixing handling of aliasing for frontend tmp vars
...
Reviewed By: cristianoc
Differential Revision: D3824558
fbshipit-source-id: 624df00
8 years ago
Sam Blackshear
91071af3ad
logging errors
...
Reviewed By: dkgi
Differential Revision: D3806718
fbshipit-source-id: 3abe08a
8 years ago
Sam Blackshear
a92543b67c
fix needless type extension
...
Reviewed By: jvillard
Differential Revision: D3773053
fbshipit-source-id: 4d62a2a
8 years ago
Sam Blackshear
a31a735e35
separate pretty-printer for pp_kind
...
Reviewed By: jvillard
Differential Revision: D3762892
fbshipit-source-id: 49dcf48
8 years ago
Sam Blackshear
f64e880c11
java traces
...
Reviewed By: jberdine
Differential Revision: D3754285
fbshipit-source-id: 1709a62
9 years ago
Cristiano Calcagno
91d9cd83b5
Cleanup instruction names: use Load/Store instead of Letderef/Set.
...
Reviewed By: jberdine
Differential Revision: D3749108
fbshipit-source-id: c5aa438
9 years ago
Sam Blackshear
262a121cf6
handle casts
...
Reviewed By: jberdine
Differential Revision: D3742480
fbshipit-source-id: 97b6b44
9 years ago
Sam Blackshear
514107ec88
track sinks
...
Reviewed By: mbouaziz
Differential Revision: D3725051
fbshipit-source-id: 294203a
9 years ago
Sam Blackshear
f0028669ee
propagate tainted sources
...
Reviewed By: mbouaziz
Differential Revision: D3723878
fbshipit-source-id: 6774e0b
9 years ago
Sam Blackshear
3b12208e1b
intraprocedural taint analysis that records sources
...
Reviewed By: jvillard
Differential Revision: D3723819
fbshipit-source-id: 941e1fc
9 years ago
Sam Blackshear
e853b01051
taint domain
...
Reviewed By: jvillard
Differential Revision: D3723785
fbshipit-source-id: c55f0e4
9 years ago
Sam Blackshear
c2043af70d
functor for creating trace domain
...
Reviewed By: jberdine
Differential Revision: D3685043
fbshipit-source-id: b177fe3
9 years ago
Sam Blackshear
f99b30c4cd
abstracting passthroughs more aggressively
...
Reviewed By: jberdine
Differential Revision: D3706040
fbshipit-source-id: 9d0f305
9 years ago
Sam Blackshear
8f5542ed2f
functor for creating traces from source and sink specs
...
Differential Revision: D3684879
fbshipit-source-id: 1b101ae
9 years ago
Sam Blackshear
36e2175293
trace building blocks: sources and sinks
...
Reviewed By: jberdine
Differential Revision: D3684221
fbshipit-source-id: fe6917f
9 years ago