semanticcpg apidocs/io.shiftleft.semanticcpg.accesspath

io.shiftleft.semanticcpg.accesspath

package io.shiftleft.semanticcpg.accesspath

Type members

Classlikes

Companion: class

Companion: object

For handling of invertible elements, cf AccessPathAlgebra.md. The general rule is that elements concatenate normally, except for:

Elements(&) ++ Elements() == Elements() Elements() ++ Elements(&) == Elements() Elements(<0>) == Elements() Elements() ++ Elements() == Elements(<i+j>) Elements() ++ Elements() == Elements() Elements() ++ Elements() == Elements() Elements() ++ Elements() == Elements(<?>)

From this, once can see that , * and & are invertible, <?> is idempotent and <0> is a convoluted way of describing and empty sequence of tokens. Nevertheless, we mostly consider

as noninvertible (because it is, in real computers!) and <?> as invertible (because it is in real computers, we just don't know the offset)

Elements get a private constructor. Users should use the no-argument Elements.apply() factory method to get an empty path, and the specific concat operators for building up pathes. The Elements.normalized(iter) factory method serves to build this in bulk.

The unnormalized factory method is more of an escape hatch.

The elements field should never be mutated outside of this file: We compare and hash Elements by their contents, not by identity, and this breaks in case of mutation.

The reason for using a mutable Array instead of an immutable Vector is that this is the lightest weight datastructure for the job.

The reason for making this non-private is simply that it is truly annoying to write wrappers for all possible uses.

Companion: class

final
class Elements(val elements: Array[AccessElement]) extends Comparable[Elements]
Companion
object

case
class FullMatchResult(stepOverPath: Option[AccessPath], stepIntoPath: Option[AccessPath], extensionDiff: Elements)
Result of matchFull comparison

Result of matchFull comparison

Value Params
extensionDiff
extensionDiff is non empty if and only if a proper subset is affected. Outside of over tainting, if extensionDiff is non empty then: path.elements ++ path.matchFull(other).extensionDiff == other.elements path.matchFull(other).stepIntoPath.get.elements.isEmpty Invariants:

Exclusions have no invertible tail

Only paths without overTaint can have exclusions TODO: Figure out sensible assertions to defend these invariants

stepIntoPath
The affected part of the access path, mapped to be relative to this stepIntoPath.isDefined if and only if there is a match in paths, i.e. if the call can affect the tracked variable at all. Outside of overtainting, if stepIntoPath.isDefined && stepIntoPath.elements.nonEmpty then: path.elements == other.elements ++ path.matchFull(other).stepIntoPath.get.elements extensionDiff.isEmpty

stepOverPath
the unaffected part of the access path. Some(this) for no match, None for perfect match; may have additional exclusions to this.

case
object IndirectionAccess extends AccessElement

sealed
trait MatchResult
Companion
object

object MatchResult extends Enumeration
Companion
class

case
class PointerShift(logicalOffset: Int) extends AccessElement

case
class TrackedAlias(argIndex: Int) extends TrackedBase

trait TrackedBase

object TrackedFormalReturn extends TrackedBase

case
class TrackedLiteral(literal: Literal) extends TrackedBase

case
class TrackedMethodOrTypeRef(methodOrTypeRef: StoredNode & HasCode) extends TrackedBase

case
class TrackedNamedVariable(name: String) extends TrackedBase

case
class TrackedReturnValue(call: CallRepr) extends TrackedBase

object TrackedUnknown extends TrackedBase

case
object VariableAccess extends AccessElement

case
object VariablePointerShift extends AccessElement