Fix backward path reconstruction

Author: t1mlange

soot-infoflow/src/soot/jimple/infoflow/data/SourceContextAndPath.java

@@ -210,32 +210,15 @@ public SourceContextAndPath extendPath(Abstraction abs, InfoflowConfiguration co
 		}
 
 		// Extend the call stack
-		switch (config.getDataFlowDirection()) {
-		case Forwards:
-			if (abs.getCorrespondingCallSite() != null && abs.getCorrespondingCallSite() != abs.getCurrentStmt()) {
-				if (scap == null)
-					scap = this.clone();
-				if (scap.callStack == null)
-					scap.callStack = new ExtensibleList<Stmt>();
-				else if (pathConfig != null && pathConfig.getMaxCallStackSize() > 0
-						&& scap.callStack.size() >= pathConfig.getMaxCallStackSize())
-					return null;
-				scap.callStack.add(abs.getCorrespondingCallSite());
-			}
-			break;
-		case Backwards:
-			if (abs.getCurrentStmt() != null && abs.getCurrentStmt().containsInvokeExpr()
-					&& abs.getCorrespondingCallSite() != abs.getCurrentStmt()) {
-				if (scap == null)
-					scap = this.clone();
-				if (scap.callStack == null)
-					scap.callStack = new ExtensibleList<Stmt>();
-				else if (pathConfig != null && pathConfig.getMaxCallStackSize() > 0
-						&& scap.callStack.size() >= pathConfig.getMaxCallStackSize())
-					return null;
-				scap.callStack.add(abs.getCurrentStmt());
-			}
-			break;
+		if (abs.getCorrespondingCallSite() != null && abs.getCorrespondingCallSite() != abs.getCurrentStmt()) {
+			if (scap == null)
+				scap = this.clone();
+			if (scap.callStack == null)
+				scap.callStack = new ExtensibleList<Stmt>();
+			else if (pathConfig != null && pathConfig.getMaxCallStackSize() > 0
+					&& scap.callStack.size() >= pathConfig.getMaxCallStackSize())
+				return null;
+			scap.callStack.add(abs.getCorrespondingCallSite());
 		}
 
 		this.neighborCounter = abs.getNeighbors() == null ? 0 : abs.getNeighbors().size();

soot-infoflow/src/soot/jimple/infoflow/data/pathBuilders/ContextSensitivePathBuilder.java

@@ -136,40 +136,19 @@ private ProcessingResult processPredecessor(SourceContextAndPath scap, Abstracti
 				return ProcessingResult.INFEASIBLE_OR_MAX_PATHS_REACHED();
 
 			// Check if we are in the right context
-			switch (manager.getConfig().getDataFlowDirection()) {
-			case Forwards:
-				if (pred.getCurrentStmt() != null && pred.getCurrentStmt().containsInvokeExpr()) {
-					// Pop the top item off the call stack. This gives us the item
-					// and the new SCAP without the item we popped off.
-					Pair<SourceContextAndPath, Stmt> pathAndItem = extendedScap.popTopCallStackItem();
-					if (pathAndItem != null) {
-						Stmt topCallStackItem = pathAndItem.getO2();
-						// Make sure that we don't follow an unrealizable path
-						if (topCallStackItem != pred.getCurrentStmt())
-							return ProcessingResult.INFEASIBLE_OR_MAX_PATHS_REACHED();
-
-						// We have returned from a function
-						extendedScap = pathAndItem.getO1();
-					}
+			if (pred.getCurrentStmt() != null && pred.getCurrentStmt().containsInvokeExpr()) {
+				// Pop the top item off the call stack. This gives us the item
+				// and the new SCAP without the item we popped off.
+				Pair<SourceContextAndPath, Stmt> pathAndItem = extendedScap.popTopCallStackItem();
+				if (pathAndItem != null) {
+					Stmt topCallStackItem = pathAndItem.getO2();
+					// Make sure that we don't follow an unrealizable path
+					if (topCallStackItem != pred.getCurrentStmt())
+						return ProcessingResult.INFEASIBLE_OR_MAX_PATHS_REACHED();
+
+					// We have returned from a function
+					extendedScap = pathAndItem.getO1();
 				}
-				break;
-			case Backwards:
-				if (pred.getCorrespondingCallSite() != null
-						&& pred.getCorrespondingCallSite() != pred.getCurrentStmt()) {
-					// Pop the top item off the call stack. This gives us the item
-					// and the new SCAP without the item we popped off.
-					Pair<SourceContextAndPath, Stmt> pathAndItem = extendedScap.popTopCallStackItem();
-					if (pathAndItem != null) {
-						Stmt topCallStackItem = pathAndItem.getO2();
-						// Make sure that we don't follow an unrealizable path
-						if (topCallStackItem != pred.getCorrespondingCallSite())
-							return ProcessingResult.INFEASIBLE_OR_MAX_PATHS_REACHED();
-
-						// We have returned from a function
-						extendedScap = pathAndItem.getO1();
-					}
-				}
-				break;
 			}
 
 			// Add the new path

soot-infoflow/src/soot/jimple/infoflow/problems/rules/backward/BackwardsImplicitFlowRule.java

@@ -243,6 +243,7 @@ public Collection<Abstraction> propagateCallToReturnFlow(Abstraction d1, Abstrac
 				for (Unit condUnit : condUnits) {
 					Abstraction abs = new Abstraction(sink.getDefinition(), AccessPath.getEmptyAccessPath(), stmt,
 							sink.getUserData(), false, false);
+					abs.setCorrespondingCallSite(stmt);
 					abs.setDominator(condUnit);
 					res.add(abs);
 				}
@@ -252,6 +253,7 @@ public Collection<Abstraction> propagateCallToReturnFlow(Abstraction d1, Abstrac
 							.createAccessPath(sm.getActiveBody().getThisLocal(), false);
 					Abstraction thisTaint = new Abstraction(sink.getDefinition(), thisAp, stmt, sink.getUserData(),
 							false, false);
+					thisTaint.setCorrespondingCallSite(stmt);
 					res.add(thisTaint);
 				}
 

soot-infoflow/src/soot/jimple/infoflow/problems/rules/backward/BackwardsSinkPropagationRule.java

@@ -56,6 +56,7 @@ private Collection<Abstraction> propagate(Abstraction source, Stmt stmt, ByRefer
 					// Create the new taint abstraction
 					Abstraction abs = new Abstraction(sinkInfo.getDefinition(), ap, stmt, sinkInfo.getUserData(), false,
 							false);
+					abs.setCorrespondingCallSite(stmt);
 					abs = abs.deriveNewAbstractionWithTurnUnit(stmt);
 
 					res.add(abs);

soot-infoflow/test/soot/jimple/infoflow/test/junit/JUnitTests.java

@@ -24,10 +24,7 @@
 import org.junit.Before;
 import org.junit.BeforeClass;
 
-import soot.jimple.infoflow.AbstractInfoflow;
-import soot.jimple.infoflow.BackwardsInfoflow;
-import soot.jimple.infoflow.IInfoflow;
-import soot.jimple.infoflow.Infoflow;
+import soot.jimple.infoflow.*;
 import soot.jimple.infoflow.config.ConfigForTest;
 import soot.jimple.infoflow.results.InfoflowResults;
 import soot.jimple.infoflow.taintWrappers.EasyTaintWrapper;