Java: Introduce more provenance values.

Author: michaelnebel

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -317,7 +317,7 @@ module ModelValidation {
       not ext.regexpMatch("|Annotated") and
       result = "Unrecognized extra API graph element \"" + ext + "\" in " + pred + " model."
       or
-      not provenance = ["manual", "generated", "ai-generated"] and
+      invalidProvenance(provenance) and
       result = "Unrecognized provenance description \"" + provenance + "\" in " + pred + " model."
     )
   }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll

@@ -9,9 +9,9 @@ private import semmle.code.java.dispatch.internal.Unification
 
 private module DispatchImpl {
   private predicate hasHighConfidenceTarget(Call c) {
-    exists(SummarizedCallable sc | sc.getACall() = c and not sc.isAutoGenerated())
+    exists(SummarizedCallable sc | sc.getACall() = c and not sc.applyGeneratedModel())
     or
-    exists(NeutralCallable nc | nc.getACall() = c and nc.isManual())
+    exists(NeutralCallable nc | nc.getACall() = c and nc.hasManualModel())
     or
     exists(Callable srcTgt |
       srcTgt = VirtualDispatch::viableCallable(c) and

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

@@ -215,6 +215,54 @@ module Public {
     abstract predicate required(SummaryComponent head, SummaryComponentStack tail);
   }
 
+  /**
+   * Gets the valid model origin values.
+   */
+  private string getValidModelOrigin() {
+    result =
+      [
+        "ai", // AI (machine learning)
+        "df", // Dataflow (model generator)
+        "tb", // Type based (model generator)
+        "hq", // Heuristic query
+      ]
+  }
+
+  /**
+   * A class used to represent provenance values for MaD models.
+   *
+   * The provenance value is a string of the form `origin-verification`
+   * (or just `manual`), where `origin` is a value indicating the
+   * origin of the model, and `verification` is a value indicating, how
+   * the model was verified.
+   *
+   * Examples could be:
+   * - `df-generated`: A model produced by the model generator, but not verified by a human.
+   * - `ai-manual`: A model produced by AI, but verified by a human.
+   */
+  class Provenance extends string {
+    private string verification;
+
+    Provenance() {
+      exists(string origin | origin = getValidModelOrigin() |
+        this = origin + "-" + verification and
+        verification = ["manual", "generated"]
+      )
+      or
+      this = verification and verification = "manual"
+    }
+
+    /**
+     * Holds if this is a valid generated provenance value.
+     */
+    predicate isGenerated() { verification = "generated" }
+
+    /**
+     * Holds if this is a valid manual provenance value.
+     */
+    predicate isManual() { verification = "manual" }
+  }
+
   /** A callable with a flow summary. */
   abstract class SummarizedCallable extends SummarizedCallableBase {
     bindingset[this]
@@ -248,41 +296,61 @@ module Public {
     }
 
     /**
-     * Holds if all the summaries that apply to `this` are auto generated and not manually created.
+     * Holds if there exists a generated summary that applies to this callable.
      */
-    final predicate isAutoGenerated() {
-      this.hasProvenance(["generated", "ai-generated"]) and not this.isManual()
+    final predicate hasGeneratedModel() {
+      exists(Provenance p | p.isGenerated() and this.hasProvenance(p))
     }
 
     /**
-     * Holds if there exists a manual summary that applies to `this`.
+     * Holds if all the summaries that apply to this callable are auto generated and not manually created.
+     * That is, only apply generated models, when there are no manual models.
      */
-    final predicate isManual() { this.hasProvenance("manual") }
+    final predicate applyGeneratedModel() {
+      this.hasGeneratedModel() and
+      not this.hasManualModel()
+    }
 
     /**
-     * Holds if there exists a summary that applies to `this` that has provenance `provenance`.
+     * Holds if there exists a manual summary that applies to this callable.
      */
-    predicate hasProvenance(string provenance) { provenance = "manual" }
+    final predicate hasManualModel() {
+      exists(Provenance p | p.isManual() and this.hasProvenance(p))
+    }
+
+    /**
+     * Holds if there exists a manual summary that applies to this callable.
+     * Always apply manual models if they exist.
+     */
+    final predicate applyManualModel() { this.hasManualModel() }
+
+    /**
+     * Holds if there exists a summary that applies to this callable
+     * that has provenance `provenance`.
+     */
+    predicate hasProvenance(Provenance provenance) { provenance = "manual" }
   }
 
   /** A callable where there is no flow via the callable. */
   class NeutralCallable extends SummarizedCallableBase {
-    NeutralCallable() { neutralElement(this, _) }
+    private Provenance provenance;
+
+    NeutralCallable() { neutralElement(this, provenance) }
 
     /**
      * Holds if the neutral is auto generated.
      */
-    predicate isAutoGenerated() { neutralElement(this, ["generated", "ai-generated"]) }
+    final predicate hasGeneratedModel() { provenance.isGenerated() }
 
     /**
-     * Holds if there exists a manual neutral that applies to `this`.
+     * Holds if there exists a manual neutral that applies to this callable.
      */
-    final predicate isManual() { this.hasProvenance("manual") }
+    final predicate hasManualModel() { provenance.isManual() }
 
     /**
-     * Holds if the neutral has provenance `provenance`.
+     * Holds if the neutral has provenance `p`.
      */
-    predicate hasProvenance(string provenance) { neutralElement(this, provenance) }
+    predicate hasProvenance(Provenance p) { p = provenance }
   }
 }
 
@@ -1017,12 +1085,18 @@ module Private {
       private predicate relevantSummaryElementGenerated(
         AccessPath inSpec, AccessPath outSpec, string kind
       ) {
-        summaryElement(this, inSpec, outSpec, kind, ["generated", "ai-generated"]) and
-        not summaryElement(this, _, _, _, "manual")
+        exists(Provenance provenance |
+          provenance.isGenerated() and
+          summaryElement(this, inSpec, outSpec, kind, provenance)
+        ) and
+        not this.applyManualModel()
       }
 
       private predicate relevantSummaryElement(AccessPath inSpec, AccessPath outSpec, string kind) {
-        summaryElement(this, inSpec, outSpec, kind, "manual")
+        exists(Provenance provenance |
+          provenance.isManual() and
+          summaryElement(this, inSpec, outSpec, kind, provenance)
+        )
         or
         this.relevantSummaryElementGenerated(inSpec, outSpec, kind)
       }
@@ -1041,7 +1115,7 @@ module Private {
         )
       }
 
-      override predicate hasProvenance(string provenance) {
+      override predicate hasProvenance(Provenance provenance) {
         summaryElement(this, _, _, _, provenance)
       }
     }
@@ -1052,6 +1126,10 @@ module Private {
       not exists(interpretComponent(c))
     }
 
+    /** Holds if `provenance` is not a valid provenance value. */
+    bindingset[provenance]
+    predicate invalidProvenance(string provenance) { not provenance instanceof Provenance }
+
     /**
      * Holds if token `part` of specification `spec` has an invalid index.
      * E.g., `Argument[-1]`.
@@ -1219,11 +1297,11 @@ module Private {
     }
 
     private string renderProvenance(SummarizedCallable c) {
-      if c.isManual() then result = "manual" else c.hasProvenance(result)
+      if c.applyManualModel() then result = "manual" else c.hasProvenance(result)
     }
 
     private string renderProvenanceNeutral(NeutralCallable c) {
-      if c.isManual() then result = "manual" else c.hasProvenance(result)
+      if c.hasManualModel() then result = "manual" else c.hasProvenance(result)
     }
 
     /**

java/ql/src/Metrics/Summaries/GeneratedVsManualCoverageQuery.qll

@@ -16,12 +16,13 @@ private int getNumMadModeledApis(string package, string provenance, string apiSu
       sc.asCallable() instanceof DataFlowTargetApi and
       (
         // "auto-only"
-        sc.isAutoGenerated() and
+        not sc.hasManualModel() and
+        sc.hasProvenance("df-generated") and
         provenance = "generated"
         or
-        sc.isManual() and
+        sc.hasManualModel() and
         (
-          if sc.hasProvenance(["generated", "ai-generated"])
+          if sc.hasProvenance("df-generated")
           then
             // "both"
             provenance = "both"

java/ql/src/Metrics/Summaries/TopJdkApis.qll

@@ -296,11 +296,11 @@ class TopJdkApi extends SummarizedCallableBase {
   }
 
   /** Holds if this API has a manual summary model. */
-  private predicate hasManualSummary() { this.(SummarizedCallable).isManual() }
+  private predicate hasManualSummary() { this.(SummarizedCallable).hasManualModel() }
 
   /** Holds if this API has a manual neutral model. */
   private predicate hasManualNeutral() {
-    this.(FlowSummaryImpl::Public::NeutralCallable).isManual()
+    this.(FlowSummaryImpl::Public::NeutralCallable).hasManualModel()
   }
 
   /** Holds if this API has a manual MaD model. */