Rename BreadcrumbSet into BreadcrumbMayAlwaysSet

Summary:
The `BreadcrumbSet` module actually represents an over and under approximation set, or may-always set, i.e two sets.
There are cases where we actually want a simple set of breadcrumbs, without the over and under approximation.

To make this clear in the codebase, this diff renames `BreadcrumbSet` into `BreadcrumbMayAlwaysSet` (terminology used by Mariana Trench),
and introduces a proper `BreadcrumbSet` module.

Reviewed By: tianhan0

Differential Revision: D77373734

fbshipit-source-id: da31823d9643f18483dcc99ad80d39087c0b8a75

Author: arthaud

source/domains/abstractOverUnderSetDomain.ml

@@ -18,6 +18,8 @@ type 'a approximation = {
 module type S = sig
   include AbstractSetDomain.S
 
+  type set
+
   type _ AbstractDomainCore.part += ElementAndUnder : element approximation AbstractDomainCore.part
 
   val empty : t
@@ -30,6 +32,8 @@ module type S = sig
 
   val of_approximation : element approximation list -> t
 
+  val of_set : set -> t
+
   val add_set : t -> to_add:t -> t
 
   val sequence_join : t -> t -> t
@@ -47,11 +51,13 @@ module MakeWithSet (Set : AbstractSetDomain.SET) = struct
 
   module rec Base : (BASE with type t := biset) = MakeBase (Domain)
 
-  and Domain : (S with type t = biset and type element = Set.element) = struct
+  and Domain : (S with type t = biset and type element = Set.element and type set = Set.t) = struct
     (* Implicitly under <= over at all times. Note that Bottom is different from ({}, {}) since ({},
        {}) is not less or equal to e.g. ({a}, {a}) *)
     type t = biset
 
+    type set = Set.t
+
     type element = Set.element
 
     type _ part +=
@@ -179,6 +185,8 @@ module MakeWithSet (Set : AbstractSetDomain.SET) = struct
 
     let of_approximation elements = ListLabels.fold_left ~f:add_element ~init:empty elements
 
+    let of_set set = BiSet { over = set; under = set }
+
     let over_to_under set =
       match set with
       | Bottom -> Bottom

source/domains/abstractOverUnderSetDomain.mli

@@ -13,6 +13,8 @@ type 'a approximation = {
 module type S = sig
   include AbstractSetDomain.S
 
+  type set
+
   type _ AbstractDomainCore.part += ElementAndUnder : element approximation AbstractDomainCore.part
 
   (* Distinct from bottom in that it has no elements present, which will cause joins to
@@ -28,6 +30,8 @@ module type S = sig
 
   val of_approximation : element approximation list -> t
 
+  val of_set : set -> t
+
   val add_set : t -> to_add:t -> t
 
   (* Normal join models an either/or outcome, e.g. two distinct paths, where as sequence_join models
@@ -39,6 +43,7 @@ module type S = sig
   val over_to_under : t -> t
 end
 
-module MakeWithSet (Set : AbstractSetDomain.SET) : S with type element = Set.element
+module MakeWithSet (Set : AbstractSetDomain.SET) :
+  S with type element = Set.element and type set = Set.t
 
 module Make (Element : AbstractSetDomain.ELEMENT) : S with type element = Element.t

source/interprocedural_analyses/taint/backwardAnalysis.ml

@@ -406,7 +406,9 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
       state
     else
       let breadcrumbs =
-        breadcrumbs |> Model.AddBreadcrumbsToState.elements |> Features.BreadcrumbSet.of_list
+        breadcrumbs
+        |> Model.AddBreadcrumbsToState.elements
+        |> Features.BreadcrumbMayAlwaysSet.of_list
       in
       {
         taint =
@@ -468,7 +470,9 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
       taint_model;
     let call_taint =
       BackwardState.Tree.add_local_breadcrumbs
-        (Features.type_breadcrumbs (Option.value_exn return_type))
+        (Option.value_exn return_type
+        |> Features.type_breadcrumbs
+        |> Features.BreadcrumbMayAlwaysSet.of_set)
         call_taint
     in
     let initial_state =
@@ -578,7 +582,7 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
                 BackwardState.Tree.transform_non_tito
                   Features.LocalKindSpecificBreadcrumbSet.Self
                   Map
-                  ~f:(Features.BreadcrumbSet.add breadcrumb)
+                  ~f:(Features.BreadcrumbMayAlwaysSet.add breadcrumb)
                   taint_to_propagate
               in
               add_extra_traces_for_tito_transforms
@@ -717,7 +721,7 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
               BackwardState.Tree.filter_by_kind ~kind:Sinks.AddFeatureToArgument sink_taint
               |> BackwardTaint.joined_breadcrumbs
             in
-            if Features.BreadcrumbSet.is_bottom breadcrumbs_to_add then
+            if Features.BreadcrumbMayAlwaysSet.is_bottom breadcrumbs_to_add then
               state
             else
               let taint =
@@ -1553,7 +1557,10 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
     let callees = get_call_callees ~location ~call:{ Call.callee; arguments; origin } in
 
     let add_type_breadcrumbs taint =
-      let type_breadcrumbs = CallModel.type_breadcrumbs_of_calls callees.call_targets in
+      let type_breadcrumbs =
+        CallModel.type_breadcrumbs_of_calls callees.call_targets
+        |> Features.BreadcrumbMayAlwaysSet.of_set
+      in
       BackwardState.Tree.add_local_breadcrumbs type_breadcrumbs taint
     in
 
@@ -2045,7 +2052,7 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
           ~pyre_in_context
           ~taint
           ~state
-          ~breadcrumbs:(Features.BreadcrumbSet.singleton (Features.format_string ()))
+          ~breadcrumbs:(Features.BreadcrumbMayAlwaysSet.singleton (Features.format_string ()))
           {
             CallModel.StringFormatCall.nested_expressions = arguments_formatted_string;
             string_literal = { value; location = value_location };
@@ -2079,7 +2086,8 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
           ~pyre_in_context
           ~taint
           ~state
-          ~breadcrumbs:(Features.BreadcrumbSet.singleton (Features.string_concat_left_hand_side ()))
+          ~breadcrumbs:
+            (Features.BreadcrumbMayAlwaysSet.singleton (Features.string_concat_left_hand_side ()))
           {
             CallModel.StringFormatCall.nested_expressions = [expression];
             string_literal = { value; location = value_location };
@@ -2117,7 +2125,7 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
           ~taint
           ~state
           ~breadcrumbs:
-            (Features.BreadcrumbSet.singleton (Features.string_concat_right_hand_side ()))
+            (Features.BreadcrumbMayAlwaysSet.singleton (Features.string_concat_right_hand_side ()))
           {
             CallModel.StringFormatCall.nested_expressions = [expression];
             string_literal = { value; location = value_location };
@@ -2141,8 +2149,8 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
           match function_name with
           | "__mod__"
           | "format" ->
-              Features.BreadcrumbSet.singleton (Features.format_string ())
-          | _ -> Features.BreadcrumbSet.empty
+              Features.BreadcrumbMayAlwaysSet.singleton (Features.format_string ())
+          | _ -> Features.BreadcrumbMayAlwaysSet.empty
         in
         let substrings =
           arguments
@@ -2474,7 +2482,7 @@ module State (FunctionContext : FUNCTION_CONTEXT) = struct
             ~pyre_in_context
             ~taint
             ~state
-            ~breadcrumbs:(Features.BreadcrumbSet.singleton (Features.format_string ()))
+            ~breadcrumbs:(Features.BreadcrumbMayAlwaysSet.singleton (Features.format_string ()))
             {
               CallModel.StringFormatCall.nested_expressions = substrings;
               string_literal = { value = string_literal; location };
@@ -2839,6 +2847,7 @@ let extract_tito_and_sink_models
       annotation
       >>| PyrePysaEnvironment.ReadOnly.parse_annotation pyre_api
       |> Features.type_breadcrumbs_from_annotation ~pyre_api
+      |> Features.BreadcrumbMayAlwaysSet.of_set
     in
     BackwardState.Tree.add_local_breadcrumbs type_breadcrumbs tree
   in

source/interprocedural_analyses/taint/callModel.ml

@@ -40,6 +40,7 @@ let at_callsite
                  ~caller
                  ~callee:call_target
                  ~arguments
+            |> Features.BreadcrumbMayAlwaysSet.of_set
           in
           Frame.add_propagated_breadcrumbs breadcrumbs frame
         in
@@ -299,8 +300,8 @@ let taint_in_taint_out_mapping_for_argument
       let obscure_breadcrumbs =
         TaintInTaintOutMap.get_tree mapping ~kind:output_kind
         >>| BackwardState.Tree.joined_breadcrumbs
-        |> Option.value ~default:Features.BreadcrumbSet.empty
-        |> Features.BreadcrumbSet.add (Features.obscure_model ())
+        |> Option.value ~default:Features.BreadcrumbMayAlwaysSet.empty
+        |> Features.BreadcrumbMayAlwaysSet.add (Features.obscure_model ())
       in
       let mapping = TaintInTaintOutMap.remove mapping ~kind:output_kind in
       if SanitizeTransformSet.is_all obscure_sanitize then
@@ -430,11 +431,11 @@ let source_tree_of_argument
 
 
 let type_breadcrumbs_of_calls targets =
-  List.fold targets ~init:Features.BreadcrumbSet.bottom ~f:(fun so_far call_target ->
+  List.fold targets ~init:Features.BreadcrumbSet.empty ~f:(fun so_far call_target ->
       match call_target.CallGraph.CallTarget.return_type with
       | None -> so_far
       | Some return_type ->
-          return_type |> Features.type_breadcrumbs |> Features.BreadcrumbSet.join so_far)
+          return_type |> Features.type_breadcrumbs |> Features.BreadcrumbSet.union so_far)
 
 
 module ExtraTraceForTransforms = struct

source/interprocedural_analyses/taint/classModels.ml

@@ -24,12 +24,15 @@ module PyrePysaLogic = Analysis.PyrePysaLogic
 
 module FeatureSet = struct
   type t = {
-    breadcrumbs: Features.BreadcrumbSet.t;
+    breadcrumbs: Features.BreadcrumbMayAlwaysSet.t;
     via_features: Features.ViaFeatureSet.t;
   }
 
   let empty =
-    { breadcrumbs = Features.BreadcrumbSet.bottom; via_features = Features.ViaFeatureSet.bottom }
+    {
+      breadcrumbs = Features.BreadcrumbMayAlwaysSet.bottom;
+      via_features = Features.ViaFeatureSet.bottom;
+    }
 
 
   let from_taint taint =
@@ -245,7 +248,7 @@ let infer ~scheduler ~scheduler_policies ~pyre_api ~user_models =
            ~output_root:(Sinks.ParameterUpdate self)
            ~output_path:[Abstract.TreeDomain.Label.AnyIndex]
            ~collapse_depth:0
-           ~breadcrumbs:Features.BreadcrumbSet.bottom
+           ~breadcrumbs:Features.BreadcrumbMayAlwaysSet.bottom
            ~via_features:Features.ViaFeatureSet.bottom
       |> add_tito
            ~input_root:
@@ -255,15 +258,15 @@ let infer ~scheduler ~scheduler_policies ~pyre_api ~user_models =
            ~output_root:(Sinks.ParameterUpdate self)
            ~output_path:[AccessPath.dictionary_keys]
            ~collapse_depth:Features.CollapseDepth.no_collapse
-           ~breadcrumbs:Features.BreadcrumbSet.bottom
+           ~breadcrumbs:Features.BreadcrumbMayAlwaysSet.bottom
            ~via_features:Features.ViaFeatureSet.bottom
       |> add_tito
            ~input_root:(AccessPath.Root.StarStarParameter { excluded = fields })
            ~input_path:[]
            ~output_root:(Sinks.ParameterUpdate self)
            ~output_path:[Abstract.TreeDomain.Label.AnyIndex]
            ~collapse_depth:Features.CollapseDepth.no_collapse
-           ~breadcrumbs:Features.BreadcrumbSet.bottom
+           ~breadcrumbs:Features.BreadcrumbMayAlwaysSet.bottom
            ~via_features:Features.ViaFeatureSet.bottom
     in
     let sink_taint =