C#: Re-create summary models and include source and sink models as well.#9327
Conversation
Click to show differences in coveragecsharpGenerated file changes for csharp
- System,"``System.*``, ``System``",3,12038,28,5
+ System,"``System.*``, ``System``",3,11796,32,7
- Totals,,3,12599,359,5
+ Totals,,3,12357,363,7
- System,28,3,12038,,4,,23,1,3,10096,1942
+ System,32,3,11796,,4,,25,3,3,9854,1942 |
11da75b to
5e6f480
Compare
Click to show differences in coveragecsharpGenerated file changes for csharp
- System,"``System.*``, ``System``",3,12038,28,5
+ System,"``System.*``, ``System``",3,11796,32,7
- Totals,,3,12599,359,5
+ Totals,,3,12357,363,7
- System,28,3,12038,,4,,23,1,3,10096,1942
+ System,32,3,11796,,4,,25,3,3,9854,1942 |
|
DCA looks fine. No changes in performance or alerts. |
5e6f480 to
8899bf7
Compare
Click to show differences in coveragecsharpGenerated file changes for csharp
- System,"``System.*``, ``System``",3,12038,28,5
+ System,"``System.*``, ``System``",3,11796,32,7
- Totals,,3,12599,359,5
+ Totals,,3,12357,363,7
- System,28,3,12038,,4,,23,1,3,10096,1942
+ System,32,3,11796,,4,,25,3,3,9854,1942 |
tamasvajk
left a comment
There was a problem hiding this comment.
There are quite a few unexpected summary deletions in this PR. Should these be investigated? Or should we just update these models, and then investigate and possibly improve the generator in a separate PR?
| | System.Collections.Generic;KeyValuePair;false;Create<,>;(TKey,TValue);;Argument[0];ReturnValue;taint;generated | | ||
| | System.Collections.Generic;KeyValuePair;false;Create<,>;(TKey,TValue);;Argument[1];ReturnValue;taint;generated | |
There was a problem hiding this comment.
These also seem to be correct flows. Why are these removed? Without checking, I expect the Create<,> method to be quite simple, so we should be able to identify flow in there.
There was a problem hiding this comment.
It appears that these rows have disappered since we no longer use the source code for the KeyValuePair constructor as there are CSV rows it.
The rows look like
"System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[0];ReturnValue.Property[System.Collections.Generic.KeyValuePair<,>.Key];value;manual",
"System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[1];ReturnValue.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual"
That is, based on these rows the model generator no longer yields any results for
public static KeyValuePair<TKey, TValue> Create<TKey, TValue>(TKey key, TValue value) =>
new KeyValuePair<TKey, TValue>(key, value);but a summary will be derived for
public static TKey Create2<TKey, TValue>(TKey key, TValue value) =>
new KeyValuePair<TKey, TValue>(key, value).Key;| | System.Collections.Generic;CollectionExtensions;false;TryAdd<,>;(System.Collections.Generic.IDictionary<TKey,TValue>,TKey,TValue);;Argument[1];Argument[0].Element;taint;generated | | ||
| | System.Collections.Generic;CollectionExtensions;false;TryAdd<,>;(System.Collections.Generic.IDictionary<TKey,TValue>,TKey,TValue);;Argument[2];Argument[0].Element;taint;generated | |
There was a problem hiding this comment.
These two rows seem to be correct flow summaries.
There was a problem hiding this comment.
The explanation is most likely the same as above. The IDictionary.Add method has a handwritten field specific version, which seems to be incompatible with the model generator.
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15,T16,T17,T18,T19,T20,T21>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15,T16,T17,T18,T19,T20>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15,T16,T17,T18,T19>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15,T16,T17,T18>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15,T16,T17>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15,T16>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14,System.ValueTuple<T15>>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13,T14>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12,T13>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11,T12>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10,T11>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9,T10>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8,T9>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7,System.ValueTuple<T8>>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6,T7>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5,T6>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,,>;(System.ValueTuple<T1,T2,T3,T4,T5>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,,>;(System.ValueTuple<T1,T2,T3,T4>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,,>;(System.ValueTuple<T1,T2,T3>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<,>;(System.ValueTuple<T1,T2>);;Argument[0];ReturnValue;taint;generated", | ||
| "System;TupleExtensions;false;ToTuple<>;(System.ValueTuple<T1>);;Argument[0];ReturnValue;taint;generated", |
There was a problem hiding this comment.
I also find these removals unexpected. Is it somehow an interplay of manual summaries that use value steps, and autogenerated flows that use taint?
There was a problem hiding this comment.
I suspect the issue is the same as above. We have a Field specific summary for the method that is being called and this doesn't propagate the taint. The first example has been added to the Models as Data issue as something we can consider to investigate. Maybe we should do this after making the field based implementation of the summary generator.
I will try and investigate. It looks like all the removals are related to the heuristic of not using source code, when a summary exist. Will try and elaborate, if I can find any good answers. |
|
@tamasvajk : Thank you much for the review. There is identified at least one interesting aspect of the model generator in its current state, which we probably should look into, when the model generator has been made field based. |
In this PR we