-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Fix interaction between defaultAdditionalTaintStep and defaultImplicitTaintRead #18776
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
974e75b
Fix interaction between defaultAdditionalTaintStep and defaultImplici…
geoffw0 c1a4cb2
Rust: Effect on tests.
geoffw0 dd2ca0d
Swift: Effect on tests.
geoffw0 1d1cf0e
JS: Effect on tests.
geoffw0 aaa9c8d
JS: More effects on tests.
geoffw0 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
^ for the benefit of reviewers, this is the actual change, everything else is consequences.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aschackmull does this looks like a reasonable change to you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was left out on purpose to avoid lazy/imprecise models. Models from e.g. MaD are expected to handle content precisely without the need for implicit reads. I'm afraid that adding this could yield unintended FP flow in all sorts of places, but I don't know for sure. It's certainly risky, and I wouldn't expect it to be necessary.
Could you elaborate on the motivating example?
Where's the missing read step - is it from
string2to&string2or something like that? (please excuse my ignorance of Rust semantics). If so, it would seem that there would be plenty of room to add a proper read step.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, we have flow from
string2to&string2and it addsReferenceContent. The problem is that our model for+(indefaultAdditionalTaintStep) expects there to be no content. The compiler I believe adds an implicit dereference but there's nothing in our AST representing that.Thus, I think we want to be able to read out of a
ReferenceContentjust about anywhere. or we need to figure out where the implicit dereferences occur – but I suspect we don't have enough information about types in the AST for that yet.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the key word in that sentence is "yet", then this sounds like the right approach.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hvitved do we have plans around implicit dereferences (I think that's what's going on here)? Can I write up an issue if we don't already have one?
(we can see from the tests that it's not just string arguments to
+that get implicitly dereferenced, though that's a common situation)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the problem is that what we currently do for
+is not precise. The+operator is sugar for invokingaddon theAddtrait. So what happens for+depends on the specific implementation of that trait. ForStringtheaddimplementation takes a&stras its parameter. So it's not an implicit dereference, but that the function actually taking a reference as it's argument.Once we can handle calls to trait methods, we should represent
+as a trait call, and then we should be able to write a model forString::add.