Java: Adapt to changes in FlowSummaryImpl

Author: hvitved

java/ql/lib/semmle/code/java/ConflictingAccess.qll

@@ -23,7 +23,7 @@ module Modification {
   /** Holds if the call `c` modifies a shared resource. */
   predicate isModifyingCall(Call c) {
     exists(SummarizedCallable sc, string output | sc.getACall() = c |
-      sc.propagatesFlow(_, output, _, _) and
+      sc.propagatesFlow(_, output, _, _, _, _) and
       output.matches("Argument[this]%")
     )
   }

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -620,48 +620,25 @@ predicate barrierNode(Node node, string kind) { barrierNode(node, kind, _) }
 
 // adapter class for converting Mad summaries to `SummarizedCallable`s
 private class SummarizedCallableAdapter extends SummarizedCallable {
-  SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _, _) }
+  string input_;
+  string output_;
+  string kind;
+  Provenance p_;
+  boolean isExact_;
+  string model_;
 
-  private predicate relevantSummaryElementManual(
-    string input, string output, string kind, string model
-  ) {
-    exists(Provenance provenance |
-      summaryElement(this, input, output, kind, provenance, model, _) and
-      provenance.isManual()
-    )
-  }
-
-  private predicate relevantSummaryElementGenerated(
-    string input, string output, string kind, string model
-  ) {
-    exists(Provenance provenance |
-      summaryElement(this, input, output, kind, provenance, model, _) and
-      provenance.isGenerated()
-    ) and
-    not exists(Provenance provenance |
-      neutralElement(this, "summary", provenance, _) and
-      provenance.isManual()
-    )
-  }
+  SummarizedCallableAdapter() { summaryElement(this, input_, output_, kind, p_, model_, isExact_) }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
-    exists(string kind |
-      this.relevantSummaryElementManual(input, output, kind, model)
-      or
-      not this.relevantSummaryElementManual(_, _, _, _) and
-      this.relevantSummaryElementGenerated(input, output, kind, model)
-    |
-      if kind = "value" then preservesValue = true else preservesValue = false
-    )
+    input = input_ and
+    output = output_ and
+    (if kind = "value" then preservesValue = true else preservesValue = false) and
+    p = p_ and
+    isExact = isExact_ and
+    model = model_
   }
-
-  override predicate hasProvenance(Provenance provenance) {
-    summaryElement(this, _, _, _, provenance, _, _)
-  }
-
-  override predicate hasExactModel() { summaryElement(this, _, _, _, _, _, true) }
 }
 
 final class SinkCallable = SinkModelCallable;

java/ql/lib/semmle/code/java/dataflow/FlowSummary.qll

@@ -129,16 +129,16 @@ class SummarizedCallable = Impl::Public::SummarizedCallable;
  */
 private class SummarizedSyntheticCallableAdapter extends SummarizedCallable, TSyntheticCallable {
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
     exists(SyntheticCallable sc |
       sc = this.asSyntheticCallable() and
       sc.propagatesFlow(input, output, preservesValue) and
+      p = "manual" and
+      isExact = true and
       model = sc
     )
   }
-
-  override predicate hasExactModel() { any() }
 }
 
 deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowDispatch.qll

@@ -12,7 +12,11 @@ private import semmle.code.java.dispatch.internal.Unification
 
 private module DispatchImpl {
   private predicate hasHighConfidenceTarget(Call c) {
-    exists(Impl::Public::SummarizedCallable sc | sc.getACall() = c and not sc.applyGeneratedModel())
+    exists(Impl::Public::SummarizedCallable sc, Impl::Public::Provenance p |
+      sc.getACall() = c and
+      sc.propagatesFlow(_, _, _, p, _, _) and
+      not p.isGenerated()
+    )
     or
     exists(Impl::Public::NeutralSummaryCallable nc | nc.getACall() = c and nc.hasManualModel())
     or
@@ -25,8 +29,10 @@ private module DispatchImpl {
   private predicate hasExactManualModel(Call c, Callable tgt) {
     tgt = c.getCallee().getSourceDeclaration() and
     (
-      exists(Impl::Public::SummarizedCallable sc |
-        sc.getACall() = c and sc.hasExactModel() and sc.hasManualModel()
+      exists(Impl::Public::SummarizedCallable sc, Impl::Public::Provenance p |
+        sc.getACall() = c and
+        sc.propagatesFlow(_, _, _, p, true, _) and
+        p.isManual()
       )
       or
       exists(Impl::Public::NeutralSummaryCallable nc |
@@ -57,16 +63,6 @@ private module DispatchImpl {
     exists(Call call | call = c.asCall() |
       result.asCallable() = sourceDispatch(call)
       or
-      not (
-        // Only use summarized callables with generated summaries in case
-        // the static call target is not in the source code.
-        // Note that if `applyGeneratedModel` holds it implies that there doesn't
-        // exist a manual model.
-        exists(Callable staticTarget | staticTarget = call.getCallee().getSourceDeclaration() |
-          staticTarget.fromSource() and not staticTarget.isStub()
-        ) and
-        result.asSummarizedCallable().applyGeneratedModel()
-      ) and
       result.asSummarizedCallable().getACall() = call
     )
   }

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

@@ -33,6 +33,8 @@ module Input implements InputSig<Location, DataFlowImplSpecific::JavaDataFlow> {
 
   class SummarizedCallableBase = FlowSummary::SummarizedCallableBase;
 
+  predicate allowGeneratedSummary(SummarizedCallableBase c) { not c.asCallable().fromSource() }
+
   class SourceBase = Void;
 
   class SinkBase = Void;

java/ql/lib/semmle/code/java/dispatch/WrappedInvocation.qll

@@ -74,13 +74,13 @@ private class SummarizedCallableWithCallback extends SummarizedCallable {
   SummarizedCallableWithCallback() { mayInvokeCallback(this.asCallable(), pos) }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
     input = "Argument[" + pos + "]" and
     output = "Argument[" + pos + "].Parameter[-1]" and
     preservesValue = true and
+    p = "hq-generated" and
+    isExact = true and
     model = "heuristic-callback"
   }
-
-  override predicate hasProvenance(Provenance provenance) { provenance = "hq-generated" }
 }

java/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -187,7 +187,7 @@ module SummaryModelGeneratorInput implements SummaryModelGeneratorInputSig {
   }
 
   private predicate hasManualSummaryModel(Callable api) {
-    api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.applyManualModel()).asCallable() or
+    api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.hasManualModel()).asCallable() or
     api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel()).asCallable()
   }