mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
Merge pull request #1761 from hvitved/csharp/dataflow/fields
C#: Data flow through fields
This commit is contained in:
Calum Grant
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
@@ -278,10 +278,9 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd1Read(f, node, config) and
|
||||
storeCandFwd1(f, config) and
|
||||
(stored = false or stored = true) and
|
||||
not inBarrier(node, config)
|
||||
)
|
||||
@@ -308,9 +307,18 @@ private predicate nodeCandFwd1(Node node, boolean stored, Configuration config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd1Read(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd1(mid, true, config) and
|
||||
read(mid, f, node)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
not fullBarrier(node, config) and
|
||||
@@ -358,10 +366,9 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand1(f, unbind(config)) and
|
||||
nodeCand1(mid, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand1Store(f, node, config) and
|
||||
readCand1(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -398,6 +405,7 @@ private predicate nodeCand1(Node node, boolean stored, Configuration config) {
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand1`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand1(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -408,6 +416,15 @@ private predicate readCand1(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCand1Store(Content f, Node node, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCand1(mid, true, config) and
|
||||
storeCandFwd1(f, unbind(config)) and
|
||||
store(node, f, mid)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate throughFlowNodeCand(Node node, Configuration config) {
|
||||
nodeCand1(node, false, config) and
|
||||
not fullBarrier(node, config) and
|
||||
@@ -669,10 +686,9 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
)
|
||||
or
|
||||
// read
|
||||
exists(Node mid, Content f |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
storeCandFwd2(f, unbind(config)) and
|
||||
exists(Content f |
|
||||
nodeCandFwd2Read(f, node, fromArg, config) and
|
||||
storeCandFwd2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -695,6 +711,7 @@ private predicate nodeCandFwd2(Node node, boolean fromArg, boolean stored, Confi
|
||||
/**
|
||||
* Holds if `f` is the target of a store in the flow covered by `nodeCandFwd2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -705,6 +722,15 @@ private predicate storeCandFwd2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate nodeCandFwd2Read(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid |
|
||||
nodeCandFwd2(mid, fromArg, true, config) and
|
||||
read(mid, f, node) and
|
||||
readCand1(f, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` is part of a path from a source to a sink in the given
|
||||
* configuration taking simple call contexts into consideration.
|
||||
@@ -742,10 +768,9 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
)
|
||||
or
|
||||
// store
|
||||
exists(Node mid, Content f |
|
||||
store(node, f, mid) and
|
||||
readCand2(f, unbind(config)) and
|
||||
nodeCand2(mid, toReturn, true, config) and
|
||||
exists(Content f |
|
||||
nodeCand2Store(f, node, toReturn, config) and
|
||||
readCand2(f, config) and
|
||||
(stored = false or stored = true)
|
||||
)
|
||||
or
|
||||
@@ -776,6 +801,7 @@ private predicate nodeCand2(Node node, boolean toReturn, boolean stored, Configu
|
||||
/**
|
||||
* Holds if `f` is the target of a read in the flow covered by `nodeCand2`.
|
||||
*/
|
||||
pragma[noinline]
|
||||
private predicate readCand2(Content f, Configuration config) {
|
||||
exists(Node mid, Node node |
|
||||
useFieldFlow(config) and
|
||||
@@ -786,16 +812,21 @@ private predicate readCand2(Content f, Configuration config) {
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node n1, Node n2 |
|
||||
store(n1, f, n2) and
|
||||
nodeCand2(n1, _, _, conf) and
|
||||
nodeCand2(n2, _, _, unbind(conf))
|
||||
pragma[noinline]
|
||||
private predicate nodeCand2Store(Content f, Node node, boolean toReturn, Configuration config) {
|
||||
exists(Node mid |
|
||||
store(node, f, mid) and
|
||||
nodeCand2(mid, toReturn, true, config)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[nomagic]
|
||||
private predicate storeCand(Content f, Configuration conf) {
|
||||
exists(Node node |
|
||||
nodeCand2Store(f, node, _, conf) and
|
||||
nodeCand2(node, _, _, conf)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `f` is the target of both a store and a read in the path graph
|
||||
@@ -804,7 +835,7 @@ private predicate readCand(Content f, Configuration conf) { readCand2(f, conf) }
|
||||
pragma[noinline]
|
||||
private predicate readStoreCand(Content f, Configuration conf) {
|
||||
storeCand(f, conf) and
|
||||
readCand(f, conf)
|
||||
readCand2(f, conf)
|
||||
}
|
||||
|
||||
private predicate nodeCand(Node node, Configuration config) { nodeCand2(node, _, _, config) }
|
||||
@@ -1030,15 +1061,13 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf,
|
||||
apf.headUsesContent(f)
|
||||
)
|
||||
or
|
||||
exists(Node mid, Content f, AccessPathFront apf0 |
|
||||
flowCandFwd(mid, fromArg, apf0, config) and
|
||||
read(mid, f, node) and
|
||||
nodeCand(node, config) and
|
||||
apf0.headUsesContent(f) and
|
||||
consCandFwd(f, apf, unbind(config))
|
||||
exists(Content f |
|
||||
flowCandFwdRead(f, node, fromArg, config) and
|
||||
consCandFwd(f, apf, config)
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCandFwd(Content f, AccessPathFront apf, Configuration config) {
|
||||
exists(Node mid, Node n |
|
||||
flowCandFwd(mid, _, apf, config) and
|
||||
@@ -1049,6 +1078,16 @@ private predicate consCandFwd(Content f, AccessPathFront apf, Configuration conf
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandFwdRead(Content f, Node node, boolean fromArg, Configuration config) {
|
||||
exists(Node mid, AccessPathFront apf |
|
||||
flowCandFwd(mid, fromArg, apf, config) and
|
||||
read(mid, f, node) and
|
||||
apf.headUsesContent(f) and
|
||||
nodeCand(node, unbind(config))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if data can flow from a source to `node` with the given `apf` and
|
||||
* from there flow to a sink.
|
||||
@@ -1139,6 +1178,7 @@ private predicate flowCandRead(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[nomagic]
|
||||
private predicate flowCandStore(
|
||||
Node node, Content f, boolean toReturn, AccessPathFront apf0, Configuration config
|
||||
) {
|
||||
@@ -1148,6 +1188,7 @@ private predicate flowCandStore(
|
||||
)
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate consCand(Content f, AccessPathFront apf, Configuration config) {
|
||||
consCandFwd(f, apf, config) and
|
||||
exists(Node n, AccessPathFront apf0 |
|
||||
@@ -1672,6 +1713,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat
|
||||
valuePathThroughCallable(mid, node, cc) and ap = mid.getAp()
|
||||
}
|
||||
|
||||
pragma[noinline]
|
||||
private predicate contentReadStep(PathNodeMid mid, Node node, AccessPath ap) {
|
||||
exists(Content f, AccessPath ap0 |
|
||||
ap0 = mid.getAp() and
|
||||
|
||||
Reference in New Issue
Block a user