Clean up code

Author: t1mlange

soot-infoflow/src/soot/jimple/infoflow/InfoflowManager.java

@@ -25,6 +25,7 @@ public class InfoflowManager {
 	private IInfoflowSolver forwardSolver;
 	private IInfoflowSolver backwardSolver;
 	private final IInfoflowCFG icfg;
+	private final IInfoflowCFG originalIcfg;
 	private final ISourceSinkManager sourceSinkManager;
 	private final ITaintPropagationWrapper taintWrapper;
 	private final TypeUtils typeUtils;
@@ -37,6 +38,7 @@ protected InfoflowManager(InfoflowConfiguration config) {
 		this.config = config;
 		this.forwardSolver = null;
 		this.icfg = null;
+		this.originalIcfg = null;
 		this.sourceSinkManager = null;
 		this.taintWrapper = null;
 		this.typeUtils = null;
@@ -51,6 +53,7 @@ protected InfoflowManager(InfoflowConfiguration config, IInfoflowSolver forwardS
 		this.config = config;
 		this.forwardSolver = forwardSolver;
 		this.icfg = icfg;
+		this.originalIcfg = null;
 		this.sourceSinkManager = sourceSinkManager;
 		this.taintWrapper = taintWrapper;
 		this.typeUtils = new TypeUtils(this);
@@ -65,6 +68,7 @@ protected InfoflowManager(InfoflowConfiguration config, IInfoflowSolver forwardS
 		this.config = config;
 		this.forwardSolver = forwardSolver;
 		this.icfg = icfg;
+		this.originalIcfg = existingManager.getICFG();
 		this.sourceSinkManager = sourceSinkManager;
 		this.taintWrapper = taintWrapper;
 		this.typeUtils = existingManager.getTypeUtils();
@@ -77,6 +81,7 @@ protected InfoflowManager(InfoflowConfiguration config, IInfoflowSolver forwardS
 		this.config = config;
 		this.forwardSolver = forwardSolver;
 		this.icfg = icfg;
+		this.originalIcfg = null;
 		this.sourceSinkManager = null;
 		this.taintWrapper = null;
 		this.typeUtils = new TypeUtils(this);
@@ -139,6 +144,15 @@ public IInfoflowCFG getICFG() {
 		return this.icfg;
 	}
 
+	/**
+	 * Gets the interprocedural control flow graph for the other direction. Only available in the alias search.
+	 *
+	 * @return The inversed interprocedural control flow graph
+	 */
+	public IInfoflowCFG getOriginalICFG() {
+		return this.originalIcfg;
+	}
+
 	/**
 	 * Gets the SourceSinkManager implementation
 	 * 

soot-infoflow/src/soot/jimple/infoflow/aliasing/BackwardsFlowSensitiveAliasStrategy.java

@@ -30,11 +30,10 @@ public BackwardsFlowSensitiveAliasStrategy(InfoflowManager manager, IInfoflowSol
 	public void computeAliasTaints(final Abstraction d1, final Stmt src, final Value targetValue,
 			Set<Abstraction> taintSet, SootMethod method, Abstraction newAbs) {
 		// Start the backwards solver
-		Abstraction bwAbs = newAbs.deriveInactiveAbstraction(src);
 		assert manager.getICFG() instanceof BackwardsInfoflowCFG;
 		// sometimes we need to revisit the statement itself, so
 		// looping through predecessors isn't always needed
-		bSolver.processEdge(new PathEdge<Unit, Abstraction>(d1, src, bwAbs));
+		bSolver.processEdge(new PathEdge<Unit, Abstraction>(d1, src, newAbs));
 	}
 
 	@Override

soot-infoflow/src/soot/jimple/infoflow/problems/BackwardsAliasProblem.java

@@ -1,10 +1,6 @@
 package soot.jimple.infoflow.problems;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;
 
 import heros.FlowFunction;
 import heros.FlowFunctions;
@@ -140,6 +136,7 @@ private Set<Abstraction> computeAliases(final DefinitionStmt defStmt, Abstractio
 						AccessPath ap = source.getAccessPath();
 						Value sourceBase = ap.getPlainValue();
 						boolean handoverLeftValue = false;
+						boolean leftSideOverwritten = false;
 						if (leftOp instanceof StaticFieldRef) {
 							if (manager.getConfig()
 									.getStaticFieldTrackingMode() != InfoflowConfiguration.StaticFieldTrackingMode.None
@@ -171,11 +168,10 @@ else if (source.dependsOnCutAP() || isCircularType(leftVal)) {
 						if (handoverLeftValue) {
 							// We found a missed path upwards
 							// inject same stmt in infoflow solver
-							manager.getForwardSolver()
-									.processEdge(new PathEdge<Unit, Abstraction>(d1, srcUnit, source.getActiveCopy()));
+							handOver(d1, srcUnit, source);
 						}
 
-						boolean leftSideOverwritten = !(leftOp instanceof ArrayRef) && !(leftOp instanceof FieldRef)
+						leftSideOverwritten = !(leftOp instanceof ArrayRef) && !(leftOp instanceof FieldRef)
 								&& Aliasing.baseMatches(leftOp, source);
 						if (leftSideOverwritten)
 							return null;
@@ -203,7 +199,6 @@ else if (source.dependsOnCutAP() || isCircularType(leftVal)) {
 										.getStaticFieldTrackingMode() != InfoflowConfiguration.StaticFieldTrackingMode.None
 										&& ap.firstFieldMatches(((StaticFieldRef) rightVal).getField())) {
 									addLeftValue = true;
-//                                    leftType = source.getAccessPath().getBaseType();
 								}
 							} else if (rightVal instanceof InstanceFieldRef) {
 								InstanceFieldRef instRef = (InstanceFieldRef) rightVal;
@@ -408,10 +403,9 @@ private Set<Abstraction> computeTargetsInternal(Abstraction d1, Abstraction sour
 							}
 						}
 
-						if (res != null) {
-							for (Abstraction d3 : res)
-								manager.getForwardSolver().injectContext(solver, dest, d3, callSite, source, d1);
-						}
+						for (Abstraction d3 : res)
+							manager.getForwardSolver().injectContext(solver, dest, d3, callSite, source, d1);
+
 						return res;
 					}
 				};
@@ -635,8 +629,7 @@ private Set<Abstraction> computeTargetsInternal(Abstraction d1, Abstraction sour
 
 						if (taintWrapper != null) {
 							if (taintWrapper.isExclusive(callStmt, source)) {
-								manager.getForwardSolver().processEdge(
-										new PathEdge<Unit, Abstraction>(d1, callStmt, source.getActiveCopy()));
+								handOver(d1, callSite, source);
 							}
 
 							Set<Abstraction> wrapperAliases = taintWrapper.getAliasesForMethod(callStmt, d1, source);
@@ -648,8 +641,7 @@ private Set<Abstraction> computeTargetsInternal(Abstraction d1, Abstraction sour
 										abs.setCorrespondingCallSite(callStmt);
 
 									for (Unit u : manager.getICFG().getPredsOf(callSite))
-										manager.getForwardSolver().processEdge(
-												new PathEdge<Unit, Abstraction>(d1, u, abs.getActiveCopy()));
+										handOver(d1, u, abs);
 								}
 								return passOnSet;
 							}
@@ -682,8 +674,7 @@ private Set<Abstraction> computeTargetsInternal(Abstraction d1, Abstraction sour
 									&& arg == source.getAccessPath().getPlainValue())) {
 								// non standard source sink manager might need this
 								if (isSource)
-									manager.getForwardSolver()
-											.processEdge(new PathEdge<>(d1, callSite, source.getActiveCopy()));
+									handOver(d1, callSite, source);
 								return null;
 							}
 						} else {
@@ -694,8 +685,7 @@ private Set<Abstraction> computeTargetsInternal(Abstraction d1, Abstraction sour
 									// the native stmt does not create a new alias but we notice that we
 									// missed this argument in the infoflow search.
 									Abstraction newSource = source.deriveNewAbstractionWithTurnUnit(callSite);
-									manager.getForwardSolver()
-											.processEdge(new PathEdge<>(d1, callSite, newSource.getActiveCopy()));
+									handOver(d1, callSite, newSource);
 									return null;
 								}
 							}
@@ -711,6 +701,27 @@ private boolean isPrimitiveOrStringBase(Abstraction abs) {
 				return t instanceof PrimType
 						|| (TypeUtils.isStringType(t) && !abs.getAccessPath().getCanHaveImmutableAliases());
 			}
+
+			private void handOver(Abstraction d1, Unit unit, Abstraction in) {
+				in = in.getActiveCopy();
+
+				if (manager.getConfig().getImplicitFlowMode().trackControlFlowDependencies()) {
+					// We maybe turned around inside a conditional, so we reconstruct the condition
+					// dominator. Also, we lost track of the dominators in the alias search. Thus,
+					// we derive interprocedural wildcards.
+					// See ImplicitTests#conditionalAliasingTest
+					List<Unit> condUnits = manager.getOriginalICFG().getConditionalBranchesInterprocedural(unit);
+					// No condition path -> no need to search for one
+					for (Unit condUnit : condUnits) {
+						Abstraction abs = in.deriveNewAbstractionWithDominator(condUnit);
+						if (abs != null)
+							manager.getForwardSolver().processEdge(new PathEdge<>(d1, unit, abs));
+					}
+				} else {
+					manager.getForwardSolver()
+							.processEdge(new PathEdge<>(d1, unit, in));
+				}
+			}
 		};
 	}
 }

soot-infoflow/src/soot/jimple/infoflow/problems/BackwardsInfoflowProblem.java

@@ -81,8 +81,7 @@ public Set<Abstraction> computeTargets(Abstraction d1, Abstraction source) {
 							taintPropagationHandler.notifyFlowIn(srcUnit, source, manager,
 									TaintPropagationHandler.FlowFunctionType.NormalFlowFunction);
 
-						Set<Abstraction> res = computeTargetsInternal(d1,
-								source.isAbstractionActive() ? source : source.getActiveCopy());
+						Set<Abstraction> res = computeTargetsInternal(d1, source);
 						return notifyOutFlowHandlers(srcUnit, d1, source, res,
 								TaintPropagationHandler.FlowFunctionType.NormalFlowFunction);
 					}
@@ -430,8 +429,7 @@ public Set<Abstraction> computeTargets(Abstraction d1, Abstraction source) {
 							taintPropagationHandler.notifyFlowIn(stmt, source, manager,
 									TaintPropagationHandler.FlowFunctionType.CallFlowFunction);
 
-						Set<Abstraction> res = computeTargetsInternal(d1,
-								source.isAbstractionActive() ? source : source.getActiveCopy());
+						Set<Abstraction> res = computeTargetsInternal(d1, source);
 						if (res != null) {
 							for (Abstraction abs : res)
 								aliasing.getAliasingStrategy().injectCallingContext(abs, solver, dest, callStmt, source,
@@ -658,8 +656,7 @@ public Set<Abstraction> computeTargets(Abstraction source, Abstraction calleeD1,
 							taintPropagationHandler.notifyFlowIn(stmt, source, manager,
 									TaintPropagationHandler.FlowFunctionType.ReturnFlowFunction);
 
-						Set<Abstraction> res = computeTargetsInternal(
-								source.isAbstractionActive() ? source : source.getActiveCopy(), calleeD1, callerD1s);
+						Set<Abstraction> res = computeTargetsInternal(source, calleeD1, callerD1s);
 						return notifyOutFlowHandlers(exitSite, calleeD1, source, res,
 								TaintPropagationHandler.FlowFunctionType.ReturnFlowFunction);
 					}
@@ -843,8 +840,7 @@ public Set<Abstraction> computeTargets(Abstraction d1, Abstraction source) {
 							taintPropagationHandler.notifyFlowIn(callSite, source, manager,
 									TaintPropagationHandler.FlowFunctionType.CallToReturnFlowFunction);
 
-						Set<Abstraction> res = computeTargetsInternal(d1,
-								source.isAbstractionActive() ? source : source.getActiveCopy());
+						Set<Abstraction> res = computeTargetsInternal(d1, source);
 						return notifyOutFlowHandlers(callSite, d1, source, res,
 								TaintPropagationHandler.FlowFunctionType.CallToReturnFlowFunction);
 					}

soot-infoflow/src/soot/jimple/infoflow/problems/rules/backward/BackwardsImplicitFlowRule.java

@@ -122,23 +122,6 @@ else if (stmt instanceof SwitchStmt)
 			return null;
 
 		UnitContainer dominator = manager.getICFG().getDominatorOf(stmt);
-		// When a taint which just has been handed over
-		if (source.isAbstractionActive() && source.getPredecessor() != null
-				&& !source.getPredecessor().isAbstractionActive()) {
-			// We maybe turned around inside a conditional, so we reconstruct the condition
-			// dominator
-			// Also, we lost track of the dominators in the alias search. Thus, we derive
-			// interprocedural wildcards.
-			// See ImplicitTests#conditionalAliasingTest
-			List<Unit> condUnits = manager.getICFG().getConditionalBranchesInterprocedural(stmt);
-			// No condition path -> no need to search for one
-			for (Unit condUnit : condUnits) {
-				Abstraction abs = source.deriveNewAbstractionWithDominator(condUnit);
-				if (abs != null)
-					manager.getForwardSolver().processEdge(new PathEdge<>(d1, stmt, abs));
-			}
-			return null;
-		}
 
 		// Taint enters a conditional branch
 		// Only handle cases where the taint is not part of the statement
@@ -257,8 +240,6 @@ public Collection<Abstraction> propagateCallToReturnFlow(Abstraction d1, Abstrac
 					res.add(thisTaint);
 				}
 
-				System.out.println(res.size());
-
 				return res;
 			}
 		}