Backward Query fails to apply flow function on first statement

CodeShield-Security / SPDS

Efficient and Precise Pointer-Tracking Data-Flow Framework

Eclipse Public License 2.0

66 stars 12 forks source link

Backward Query fails to apply flow function on first statement #18

Closed johspaeth closed 3 years ago

johspaeth commented 3 years ago

Assume the BackwardFlowFunctions are overwritten to kill any data-flow fact for any call to System.exit. Then in the code below

int i = 0;
System.exit(0)
queryFor(i)

If triggering a query for i just before the queryFor(i) statement, no kill occurs and the backward query incorrectly reaches i = 0.

johspaeth commented 3 years ago

Unable to reproduce, however I observed an error in the test cases.

In the CustomBackwardFlowFunctions, only callToReturn was used to kill data-flow at System.exit(). However, also normalFlow may occur on System.exit. normalFlow is invoked, whenever a data-flow fact reaches a call site that does not use the fact. Then the call site is treated as normalFlow (logic differs from IFDS).

Keep that in mind, when implementing custom FlowFunctions.