Skip to content

Commit 3f13206

Browse files
arthaudfacebook-github-bot
arthaud
authored and
facebook-github-bot
committed
Remove feature part aliases
Summary: The taint abstract domains (`ForwardTaint`, `ForwardState`, `BackwardTaint`, `BackwardState`) provide aliases to feature parts (`SimpleSet`, `TitoPositionSet`, etc.) that allow fold, transform, partition or reduce operations on a subset of the taint representation. Let's remove those aliases since we can use the parts. That also makes refactoring easier. Reviewed By: dkgi Differential Revision: D30760716 fbshipit-source-id: 83f5b50f1f0ce364eed600d2f259800821a5723c
1 parent f056bfa commit 3f13206

File tree

6 files changed

+67
-189
lines changed

6 files changed

+67
-189
lines changed

source/interprocedural_analyses/taint/backwardAnalysis.ml

Lines changed: 21 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
205205
in
206206
let breadcrumbs =
207207
BackwardTaint.fold
208-
BackwardTaint.simple_feature_self
208+
Features.SimpleSet.Self
209209
element
210210
~f:Features.gather_breadcrumbs
211211
~init:Features.SimpleSet.bottom
@@ -239,10 +239,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
239239
read_tree extra_path taint_to_propagate
240240
|> BackwardState.Tree.collapse
241241
~transform:(BackwardTaint.add_features Features.tito_broadening)
242-
|> BackwardTaint.transform
243-
BackwardTaint.simple_feature_self
244-
Abstract.Domain.Add
245-
~f:breadcrumbs
242+
|> BackwardTaint.transform Features.SimpleSet.Self Add ~f:breadcrumbs
246243
|> BackwardTaint.transform
247244
TraceLength.Self
248245
(Context (BackwardTaint.kind, Map))
@@ -257,11 +254,8 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
257254
in
258255
let add_tito_feature_and_position leaf_taint =
259256
leaf_taint
260-
|> FlowDetails.transform
261-
FlowDetails.tito_position_element
262-
Abstract.Domain.Add
263-
~f:location
264-
|> FlowDetails.transform FlowDetails.simple_feature Abstract.Domain.Add ~f:Features.tito
257+
|> FlowDetails.transform Features.TitoPositionSet.Element Add ~f:location
258+
|> FlowDetails.transform Features.SimpleSet.Element Add ~f:Features.tito
265259
in
266260
BackwardState.read
267261
~transform_non_leaves
@@ -295,7 +289,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
295289
in
296290
let taint_in_taint_out =
297291
BackwardState.Tree.transform
298-
FlowDetails.tito_position_element
292+
Features.TitoPositionSet.Element
299293
Add
300294
~f:argument.Node.location
301295
obscure_taint
@@ -324,7 +318,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
324318
let features_to_add =
325319
BackwardState.Tree.filter_by_kind ~kind:Sinks.AddFeatureToArgument sink_taint
326320
|> BackwardTaint.fold
327-
BackwardTaint.simple_feature_self
321+
Features.SimpleSet.Self
328322
~f:Features.gather_breadcrumbs
329323
~init:Features.SimpleSet.bottom
330324
in
@@ -333,10 +327,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
333327
else
334328
let taint =
335329
BackwardState.read state.taint ~root ~path
336-
|> BackwardState.Tree.transform
337-
BackwardTaint.simple_feature_self
338-
Abstract.Domain.Add
339-
~f:features_to_add
330+
|> BackwardState.Tree.transform Features.SimpleSet.Self Add ~f:features_to_add
340331
in
341332
{ taint = BackwardState.assign ~root ~path taint state.taint }
342333
| None -> state
@@ -359,10 +350,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
359350
BackwardState.Tree.collapse
360351
~transform:(BackwardTaint.add_features Features.tito_broadening)
361352
call_taint
362-
|> BackwardTaint.transform
363-
BackwardTaint.simple_feature_self
364-
Abstract.Domain.Add
365-
~f:breadcrumbs
353+
|> BackwardTaint.transform Features.SimpleSet.Self Add ~f:breadcrumbs
366354
|> BackwardState.Tree.create_leaf
367355
else
368356
BackwardState.Tree.bottom
@@ -390,7 +378,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
390378
let analyze_argument ~resolution taint { Call.Argument.value = argument; _ } state =
391379
let taint =
392380
BackwardState.Tree.transform
393-
FlowDetails.tito_position_element
381+
Features.TitoPositionSet.Element
394382
Add
395383
~f:argument.Node.location
396384
taint
@@ -401,7 +389,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
401389
BackwardState.Tree.collapse
402390
~transform:(BackwardTaint.add_features Features.tito_broadening)
403391
call_taint
404-
|> BackwardTaint.transform BackwardTaint.simple_feature Add ~f:Features.obscure
392+
|> BackwardTaint.transform Features.SimpleSet.Element Add ~f:Features.obscure
405393
|> BackwardState.Tree.create_leaf
406394
in
407395
let state =
@@ -563,7 +551,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
563551
| _ :: index :: _ ->
564552
let label = get_index index.value in
565553
BackwardState.Tree.transform
566-
BackwardTaint.first_indices
554+
Features.FirstIndexSet.Self
567555
Map
568556
~f:(add_first_index label)
569557
taint
@@ -688,7 +676,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
688676
BackwardState.Tree.join
689677
taint
690678
(get_taint (Some (AccessPath.create (Root.Variable "$all") [])) state)
691-
|> BackwardState.Tree.transform BackwardTaint.simple_feature Add ~f:Features.lambda
679+
|> BackwardState.Tree.transform Features.SimpleSet.Element Add ~f:Features.lambda
692680
in
693681
let all_assignee =
694682
Node.create
@@ -729,7 +717,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
729717
let taint =
730718
BackwardState.Tree.prepend [index] taint
731719
|> BackwardState.Tree.transform
732-
BackwardTaint.first_indices
720+
Features.FirstIndexSet.Self
733721
Map
734722
~f:(add_first_index index)
735723
in
@@ -950,8 +938,8 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
950938
(Name.Attribute
951939
{ base = { Node.value = Expression.String _; _ }; attribute = "format"; _ }) ->
952940
BackwardState.Tree.transform
953-
BackwardTaint.simple_feature
954-
Abstract.Domain.Add
941+
Features.SimpleSet.Element
942+
Add
955943
~f:Features.format_string
956944
taint
957945
| _ -> taint
@@ -1017,8 +1005,8 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
10171005
in
10181006
let taint =
10191007
BackwardState.Tree.transform
1020-
BackwardTaint.simple_feature
1021-
Abstract.Domain.Add
1008+
Features.SimpleSet.Element
1009+
Add
10221010
~f:Features.format_string
10231011
taint
10241012
in
@@ -1047,11 +1035,7 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
10471035
| Some override -> analyze_expression ~resolution ~taint ~state ~expression:override
10481036
| None ->
10491037
let taint =
1050-
BackwardState.Tree.transform
1051-
FlowDetails.simple_feature_self
1052-
Add
1053-
~f:Features.type_bool
1054-
taint
1038+
BackwardState.Tree.transform Features.SimpleSet.Self Add ~f:Features.type_bool taint
10551039
in
10561040
analyze_expression ~resolution ~taint ~state ~expression:right
10571041
|> fun state -> analyze_expression ~resolution ~taint ~state ~expression:left)
@@ -1131,8 +1115,8 @@ module AnalysisInstance (FunctionContext : FUNCTION_CONTEXT) = struct
11311115
in
11321116
if not (Features.SimpleSet.is_bottom attribute_features) then
11331117
BackwardState.Tree.transform
1134-
BackwardTaint.simple_feature_self
1135-
Abstract.Domain.Add
1118+
Features.SimpleSet.Self
1119+
Add
11361120
~f:attribute_features
11371121
taint
11381122
else
@@ -1411,10 +1395,7 @@ let extract_tito_and_sink_models define ~is_constructor ~resolution ~existing_ba
14111395
~transform:(BackwardTaint.add_features Features.widen_broadening)
14121396
tree
14131397
~mold:essential
1414-
|> BackwardState.Tree.transform
1415-
BackwardTaint.simple_feature_self
1416-
Abstract.Domain.Add
1417-
~f:type_breadcrumbs
1398+
|> BackwardState.Tree.transform Features.SimpleSet.Self Add ~f:type_breadcrumbs
14181399
|> BackwardState.Tree.limit_to
14191400
~transform:(BackwardTaint.add_features Features.widen_broadening)
14201401
~width:maximum_model_width

source/interprocedural_analyses/taint/domains.ml

Lines changed: 10 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -220,20 +220,9 @@ module FlowDetails = struct
220220

221221

222222
let strip_tito_positions =
223-
transform Features.TitoPositionSet.Self Abstract.Domain.Map ~f:(fun _ ->
224-
Features.TitoPositionSet.bottom)
223+
transform Features.TitoPositionSet.Self Map ~f:(fun _ -> Features.TitoPositionSet.bottom)
225224

226225

227-
let leaf_name_set = Features.LeafNameSet.Self
228-
229-
let simple_feature = Features.SimpleSet.Element
230-
231-
let simple_feature_element = Features.SimpleSet.ElementAndUnder
232-
233-
let simple_feature_self = Features.SimpleSet.Self
234-
235-
let tito_position_element = Features.TitoPositionSet.Element
236-
237226
let product_pp = pp (* shadow *)
238227

239228
let pp formatter = Format.fprintf formatter "FlowDetails(%a)" product_pp
@@ -263,21 +252,6 @@ module type TAINT_DOMAIN = sig
263252

264253
val trace_info : TraceInfo.t Abstract.Domain.part
265254

266-
val flow_details : FlowDetails.t Abstract.Domain.part
267-
268-
val leaf_name_set : Features.LeafNameSet.t Abstract.Domain.part
269-
270-
val simple_feature : Features.Simple.t Abstract.Domain.part
271-
272-
val simple_feature_element
273-
: Features.Simple.t Abstract.OverUnderSetDomain.approximation Abstract.Domain.part
274-
275-
val simple_feature_self : Features.SimpleSet.t Abstract.Domain.part
276-
277-
val first_indices : Features.FirstIndexSet.t Abstract.Domain.part
278-
279-
val first_fields : Features.FirstFieldSet.t Abstract.Domain.part
280-
281255
val add_features : Features.SimpleSet.t -> t -> t
282256

283257
val transform_on_widening_collapse : t -> t
@@ -366,20 +340,6 @@ end = struct
366340

367341
let trace_info = Map.Key
368342

369-
let flow_details = FlowDetails.Self
370-
371-
let leaf_name_set = FlowDetails.leaf_name_set
372-
373-
let simple_feature = FlowDetails.simple_feature
374-
375-
let simple_feature_self = FlowDetails.simple_feature_self
376-
377-
let simple_feature_element = FlowDetails.simple_feature_element
378-
379-
let first_fields = Features.FirstFieldSet.Self
380-
381-
let first_indices = Features.FirstIndexSet.Self
382-
383343
let kinds map =
384344
Map.fold kind ~init:[] ~f:List.cons map |> List.dedup_and_sort ~compare:Kind.compare
385345

@@ -406,7 +366,7 @@ end = struct
406366
:: leaves
407367
in
408368
let breadcrumbs =
409-
FlowDetails.(fold simple_feature_element ~f:gather_json ~init:[] features)
369+
FlowDetails.fold Features.SimpleSet.ElementAndUnder ~f:gather_json ~init:[] features
410370
in
411371
let leaves =
412372
FlowDetails.get FlowDetails.Slots.LeafName features
@@ -461,7 +421,7 @@ end = struct
461421
KindTaintDomain.Map.to_alist kind_taint |> List.map ~f:(leaf_to_json trace_info)
462422
in
463423
(* expand now do dedup possibly abstract targets that resolve to the same concrete ones *)
464-
let taint = Map.transform Key Abstract.Domain.Map ~f:TraceInfo.expand_call_site taint in
424+
let taint = Map.transform Key Map ~f:TraceInfo.expand_call_site taint in
465425
let elements = Map.to_alist taint |> List.concat_map ~f:trace_to_json in
466426
`List elements
467427

@@ -472,9 +432,7 @@ end = struct
472432
create_json ~trace_info_to_json:(TraceInfo.to_external_json ~filename_lookup)
473433

474434

475-
let add_features features =
476-
transform FlowDetails.simple_feature_self Abstract.Domain.Add ~f:features
477-
435+
let add_features features = transform Features.SimpleSet.Self Add ~f:features
478436

479437
let transform_on_widening_collapse =
480438
(* using an always-feature here would break the widening invariant: a <= a widen b *)
@@ -503,7 +461,7 @@ end = struct
503461
let kind_taint =
504462
KindTaintDomain.transform
505463
Features.TitoPositionSet.Self
506-
Abstract.Domain.Map
464+
Map
507465
~f:(fun _ -> Features.TitoPositionSet.bottom)
508466
kind_taint
509467
in
@@ -513,8 +471,7 @@ end = struct
513471
let increase_length n = if n < max_int then n + 1 else n in
514472
let trace_info = CallSite { location; callees; port; path } in
515473
let kind_taint =
516-
kind_taint
517-
|> KindTaintDomain.transform TraceLength.Self Abstract.Domain.Map ~f:increase_length
474+
kind_taint |> KindTaintDomain.transform TraceLength.Self Map ~f:increase_length
518475
in
519476
trace_info, kind_taint
520477
| Declaration { leaf_name_provided } ->
@@ -530,15 +487,11 @@ end = struct
530487
List.map ~f:make_leaf_name callees |> Features.LeafNameSet.of_list
531488
in
532489
let kind_taint =
533-
KindTaintDomain.transform
534-
Features.LeafNameSet.Self
535-
Abstract.Domain.Add
536-
~f:new_leaf_names
537-
kind_taint
490+
KindTaintDomain.transform Features.LeafNameSet.Self Add ~f:new_leaf_names kind_taint
538491
in
539492
trace_info, kind_taint
540493
in
541-
Map.transform Map.KeyValue Abstract.Domain.Map ~f:apply taint
494+
Map.transform Map.KeyValue Map ~f:apply taint
542495
end
543496

544497
module ForwardTaint = MakeTaint (Sources)
@@ -620,11 +573,7 @@ module MakeTaintTree (Taint : TAINT_DOMAIN) () = struct
620573

621574
let get_all_features taint_tree =
622575
let gather_features to_add features = Features.SimpleSet.add_set features ~to_add in
623-
fold
624-
FlowDetails.simple_feature_self
625-
~f:gather_features
626-
~init:Features.SimpleSet.bottom
627-
taint_tree
576+
fold Features.SimpleSet.Self ~f:gather_features ~init:Features.SimpleSet.bottom taint_tree
628577
end
629578

630579
module MakeTaintEnvironment (Taint : TAINT_DOMAIN) () = struct
@@ -702,7 +651,7 @@ module MakeTaintEnvironment (Taint : TAINT_DOMAIN) () = struct
702651
read ~root ~path:[] taint
703652
|> Tree.transform Taint.kind Filter ~f:(Taint.equal_kind attach_to_kind)
704653
|> Tree.collapse ~transform:Fn.id
705-
|> Taint.fold Taint.simple_feature_self ~f:gather_features ~init:Features.SimpleSet.bottom
654+
|> Taint.fold Features.SimpleSet.Self ~f:gather_features ~init:Features.SimpleSet.bottom
706655
end
707656
708657
module ForwardState = MakeTaintEnvironment (ForwardTaint) ()

0 commit comments

Comments
 (0)