Problem with propagating inactive abstraction

[qdw1987]

Suppose we have the following code,

Book b = new Book();
a = b; 
String specialName = b.name + "123";
a.name = source();
sink(specialName);`

After a.name is tainted, backward alias analysis is triggerred with activation statement being a.name = source;. When the alias analysis sees a = b;, we get an inactive abstraction with b.name, which is then propagated to specialName and then the activation becomes active when passing a.name = source;; Finally the tainted specialName reaches sink. The problem is that the above taint propagation sequence does not consider the execution order of the statements, there's no flow from source to sink.

I'm wondering when should inactive abstration be propagated and when should not. Maybe we should only propagate inactive abstraction foward over ref type assignment ? In above example, if line 3 is changed to String specialName = b.name;, then we should propagate the inactive abstraction in b.name;

Any thoughts please?

[StevenArzt]

I put your code into the new test case activationStatementTest1 in HeapTests and can't reproduce the problem. Can you please double-check that you are using the newest version from the develop branch? Does the new test case work for you as well? Can you double-check that this minimal example actually covers the problem you are experiencing?

[qdw1987]

Indeed I was using an old version, I could not reproduce the problem on lastest version from develop branch. Thanks for the swift response!