From 42f91ce7b0683a1f8b7a36829f7269579bf775d2 Mon Sep 17 00:00:00 2001 From: Martin Mory Date: Wed, 22 Dec 2021 23:26:50 +0100 Subject: [PATCH 1/6] various fixes in IDEExtendedTaintAnalysis --- .../AbstractMemoryLocation.h | 9 +- .../AbstractMemoryLocationFactory.h | 24 ++- .../ComposeEdgeFunction.h | 2 +- .../ExtendedTaintAnalysis/GenEdgeFunction.h | 2 +- .../Problems/ExtendedTaintAnalysis/Helpers.h | 8 +- .../JoinConstEdgeFunction.h | 2 +- .../ExtendedTaintAnalysis/JoinEdgeFunction.h | 2 +- .../KillIfSanitizedEdgeFunction.h | 2 +- .../XTaintEdgeFunctionBase.h | 8 +- .../Problems/IDEExtendedTaintAnalysis.h | 2 +- include/phasar/Utils/Utilities.h | 4 +- .../AbstractMemoryLocationFactory.cpp | 30 +++- .../ComposeEdgeFunction.cpp | 2 +- .../ExtendedTaintAnalysis/GenEdgeFunction.cpp | 2 +- .../JoinConstEdgeFunction.cpp | 2 +- .../JoinEdgeFunction.cpp | 4 +- .../KillIfSanitizedEdgeFunction.cpp | 2 +- .../TransferEdgeFunction.cpp | 2 +- .../XTaintEdgeFunctionBase.cpp | 4 +- .../Problems/IDEExtendedTaintAnalysis.cpp | 4 +- .../Problems/IDEExtendedTaintAnalysisTest.cpp | 162 +++++++++--------- 21 files changed, 144 insertions(+), 135 deletions(-) diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocation.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocation.h index 38fc506283..4fd61d5e4c 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocation.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocation.h @@ -214,13 +214,12 @@ namespace llvm { template <> struct DenseMapInfo { static inline psr::AbstractMemoryLocation getEmptyKey() { - return psr::AbstractMemoryLocation( - DenseMapInfo::getEmptyKey()); + return { + DenseMapInfo::getEmptyKey()}; } static inline psr::AbstractMemoryLocation getTombstoneKey() { - return psr::AbstractMemoryLocation( - DenseMapInfo< - psr::detail::AbstractMemoryLocationImpl *>::getTombstoneKey()); + return {DenseMapInfo< + psr::detail::AbstractMemoryLocationImpl *>::getTombstoneKey()}; } static unsigned getHashValue(psr::AbstractMemoryLocation Val) { return hash_value(Val); diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h index 26c4686cb7..62fb2be36b 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h @@ -95,7 +95,7 @@ class AbstractMemoryLocationFactoryBase { const detail::AbstractMemoryLocationImpl * getOrCreateImpl(const llvm::Value *V, unsigned BOUND); - const AbstractMemoryLocationImpl *CreateImpl(const llvm::Value *V, + const AbstractMemoryLocationImpl *createImpl(const llvm::Value *V, unsigned BOUND); const AbstractMemoryLocationImpl *GetOrCreateZeroImpl() const; const AbstractMemoryLocationImpl * @@ -141,7 +141,7 @@ class AbstractMemoryLocationFactory : public detail::AbstractMemoryLocationFactoryBase { AbstractMemoryLocation limit(const AbstractMemoryLocation &AML) { - return AbstractMemoryLocation(limitImpl(AML.operator->())); + return {limitImpl(AML.operator->())}; } public: @@ -156,12 +156,12 @@ class AbstractMemoryLocationFactory AbstractMemoryLocationFactory & operator=(const AbstractMemoryLocationFactory &) = delete; - [[nodiscard]] AbstractMemoryLocation Create(const llvm::Value *V, + [[nodiscard]] AbstractMemoryLocation create(const llvm::Value *V, unsigned BOUND) { - return AbstractMemoryLocation(CreateImpl(V, BOUND)); + return {createImpl(V, BOUND)}; } - [[nodiscard]] AbstractMemoryLocation GetOrCreateZero() const { - return AbstractMemoryLocation(GetOrCreateZeroImpl()); + [[nodiscard]] AbstractMemoryLocation getOrCreateZero() const { + return {getOrCreateZeroImpl()}; } /// Creates a decendant AbstractMemoryLocation by adding an indirection @@ -170,19 +170,19 @@ class AbstractMemoryLocationFactory [[nodiscard]] AbstractMemoryLocation withIndirectionOf(const AbstractMemoryLocation &AML, llvm::ArrayRef Ind) { - return AbstractMemoryLocation(withIndirectionOfImpl(AML.operator->(), Ind)); + return {withIndirectionOfImpl(AML.operator->(), Ind)}; } [[nodiscard]] AbstractMemoryLocation withOffset(const AbstractMemoryLocation &AML, const llvm::GetElementPtrInst *Gep) { - return AbstractMemoryLocation(withOffsetImpl(AML.operator->(), Gep)); + return {withOffsetImpl(AML.operator->(), Gep)}; } [[nodiscard]] AbstractMemoryLocation withOffsets(const AbstractMemoryLocation &AML, llvm::ArrayRef Offs) { - return AbstractMemoryLocation(withOffsetsImpl(AML.operator->(), Offs)); + return {withOffsetsImpl(AML.operator->(), Offs)}; } /// Transfers the taint from AML (source at the callsite) seen as From to To @@ -191,8 +191,7 @@ class AbstractMemoryLocationFactory [[nodiscard]] AbstractMemoryLocation withTransferTo(const AbstractMemoryLocation &AML, const AbstractMemoryLocation &From, const llvm::Value *To) { - return AbstractMemoryLocation( - withTransferToImpl(AML.operator->(), From.operator->(), To)); + return {withTransferToImpl(AML.operator->(), From.operator->(), To)}; } /// Transfers the taint from AML (source at the return-site) to To(at the @@ -201,8 +200,7 @@ class AbstractMemoryLocationFactory [[nodiscard]] AbstractMemoryLocation withTransferFrom(const AbstractMemoryLocation &AML, const AbstractMemoryLocation &To) { - return AbstractMemoryLocation( - withTransferFromImpl(AML.operator->(), To.operator->())); + return {withTransferFromImpl(AML.operator->(), To.operator->())}; } }; diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.h index f84be039e6..1803b9e218 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.h @@ -29,7 +29,7 @@ class ComposeEdgeFunction : public EdgeFunctionBase { llvm::hash_code getHashCode() const override; static inline bool classof(const EdgeFunctionBase *EF) { - return EF->getKind() == Kind::Compose; + return EF->getKind() == EFKind::Compose; } }; } // namespace psr::XTaint diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.h index 5d39725a32..6ef7185def 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.h @@ -36,7 +36,7 @@ class GenEdgeFunction : public EdgeFunctionBase { inline const llvm::Instruction *getSanitizer() const { return Sani; } static inline bool classof(const EdgeFunctionBase *EF) { - return EF->getKind() == Kind::Gen; + return EF->getKind() == EFKind::Gen; } llvm::hash_code getHashCode() const override; diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/Helpers.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/Helpers.h index 320469edf8..e513733ffe 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/Helpers.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/Helpers.h @@ -54,12 +54,12 @@ EdgeFunction::EdgeFunctionPtrType getAllSanitized(); /// Have an own function for creating a flow/edge-function instance to allow /// fast migration to memory-management schemes other than std::shared_ptr template -inline std::shared_ptr makeFF(Args &&...args) { - return std::make_shared(std::forward(args)...); +inline std::shared_ptr makeFF(Args &&...Arguments) { + return std::make_shared(std::forward(Arguments)...); } template -inline std::shared_ptr makeEF(Args &&...args) { - return std::make_shared(std::forward(args)...); +inline std::shared_ptr makeEF(Args &&...Arguments) { + return std::make_shared(std::forward(Arguments)...); } } // namespace psr::XTaint diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.h index 96aca3f831..0261bd1798 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.h @@ -36,7 +36,7 @@ class JoinConstEdgeFunction : public EdgeFunctionBase { llvm::hash_code getHashCode() const override; inline static bool classof(const EdgeFunctionBase *EF) { - return EF->getKind() == Kind::JoinConst; + return EF->getKind() == EFKind::JoinConst; } }; } // namespace psr::XTaint diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.h index 91d6e55672..25d18f4506 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.h @@ -88,7 +88,7 @@ class JoinEdgeFunction : public EdgeFunctionBase { llvm::hash_code getHashCode() const override; static inline bool classof(const EdgeFunctionBase *EF) { - return EF->getKind() == Kind::Join; + return EF->getKind() == EFKind::Join; } }; } // namespace psr::XTaint diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.h index 90610b5b3b..e2ea52ed8e 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.h @@ -33,7 +33,7 @@ class KillIfSanitizedEdgeFunction : public EdgeFunctionBase { llvm::hash_code getHashCode() const override; inline static bool classof(const EdgeFunctionBase *EF) { - return EF->getKind() == Kind::KillIfSani; + return EF->getKind() == EFKind::KillIfSani; } }; diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.h index 3f2d9cbaed..06a6c4612b 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.h @@ -25,25 +25,25 @@ namespace psr::XTaint { class EdgeFunctionBase : public EdgeFunction, public std::enable_shared_from_this { public: - enum class Kind { Gen, Join, JoinConst, Compose, KillIfSani, Transfer }; + enum class EFKind { Gen, Join, JoinConst, Compose, KillIfSani, Transfer }; protected: BasicBlockOrdering &BBO; private: - const Kind kind; + const EFKind Kind; public: using l_t = EdgeDomain; - EdgeFunctionBase(Kind Kind, BasicBlockOrdering &BBO); + EdgeFunctionBase(EFKind Kind, BasicBlockOrdering &BBO); ~EdgeFunctionBase() override = default; EdgeFunctionPtrType composeWith(EdgeFunctionPtrType SecondFunction) override; EdgeFunctionPtrType joinWith(EdgeFunctionPtrType OtherFunction) override; /// The actualy kind of this edge function. Can be used in a type-switch. - [[nodiscard]] inline Kind getKind() const { return kind; } + [[nodiscard]] inline EFKind getKind() const { return Kind; } virtual llvm::hash_code getHashCode() const = 0; }; diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.h index 4519afbf55..cab0017433 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.h @@ -199,7 +199,7 @@ class IDEExtendedTaintAnalysis DL((*IRDB->getAllModules().begin())->getDataLayout()), Bound(Bound), PostProcessed(DisableStrongUpdates), DisableStrongUpdates(DisableStrongUpdates) { - base_t::ZeroValue = createZeroValue(); + base_t::ZeroValue = IDEExtendedTaintAnalysis::createZeroValue(); FactFactory.setDataLayout(DL); diff --git a/include/phasar/Utils/Utilities.h b/include/phasar/Utils/Utilities.h index 7356377e8e..eb4a8af839 100644 --- a/include/phasar/Utils/Utilities.h +++ b/include/phasar/Utils/Utilities.h @@ -182,10 +182,10 @@ template class scope_exit { template scope_exit(Fn) -> scope_exit; // Copied from "https://en.cppreference.com/w/cpp/utility/variant/visit" -template struct overloaded : Ts... { using Ts::operator()...; }; +template struct Overloaded : Ts... { using Ts::operator()...; }; // explicit deduction guide (not needed as of C++20) -template overloaded(Ts...) -> overloaded; +template Overloaded(Ts...) -> Overloaded; /// Based on the reference implementation of std::remove_if /// "https://en.cppreference.com/w/cpp/algorithm/remove" and optimized for the diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp index be5662f2be..d7100686b8 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp @@ -118,7 +118,7 @@ AbstractMemoryLocationFactoryBase::Allocator::create( AbstractMemoryLocationFactoryBase::AbstractMemoryLocationFactoryBase( size_t InitialCapacity) - : Owner(InitialCapacity), DL(nullptr) { + : Owner(InitialCapacity) { Pool.reserve(InitialCapacity); Cache.reserve(InitialCapacity); @@ -166,7 +166,7 @@ AbstractMemoryLocationFactoryBase::getOrCreateImpl(const llvm::Value *V, } const AbstractMemoryLocationImpl * -AbstractMemoryLocationFactoryBase::CreateImpl(const llvm::Value *V, +AbstractMemoryLocationFactoryBase::createImpl(const llvm::Value *V, unsigned BOUND) { assert(DL); if (auto It = Cache.find(V); It != Cache.end()) { @@ -222,13 +222,14 @@ AbstractMemoryLocationFactoryBase::CreateImpl(const llvm::Value *V, auto Lifetime = BOUND - std::min(Ver, BOUND); // assert(ver >= offs.size()); - +#ifdef XTAINT_DIAGNOSTICS bool IsOverApproximating = false; - +#endif if (Offs.size() > BOUND) { assert(Lifetime == 0); - +#ifdef XTAINT_DIAGNOSTICS IsOverApproximating = true; +#endif Offs.resize(BOUND); } @@ -279,8 +280,9 @@ AbstractMemoryLocationFactoryBase::withIndirectionOfImpl( llvm::SmallVector Offs(AML->offsets().begin(), AML->offsets().end()); - +#ifdef XTAINT_DIAGNOSTICS bool IsOverApproximating = false; +#endif if (Ind.empty()) { Offs.push_back(0); @@ -288,7 +290,9 @@ AbstractMemoryLocationFactoryBase::withIndirectionOfImpl( } else { if (NwLifeTime < Ind.size()) { Ind = Ind.slice(0, NwLifeTime); +#ifdef XTAINT_DIAGNOSTICS IsOverApproximating = true; +#endif } Offs.append(Ind.begin(), Ind.end()); @@ -394,12 +398,17 @@ AbstractMemoryLocationFactoryBase::withTransferToImpl( if (!From->offsets().empty()) { return std::next(AML->offsets().begin(), - From->offsets().size() - 1); + From->offsets().size() - + 1); // FIXME @Fabian clang-tidy complains about + // narrowing conversion } return AML->offsets().begin(); } if (!AML->offsets().empty()) { - return std::next(From->offsets().begin(), AML->offsets().size() - 1); + return std::next(From->offsets().begin(), + AML->offsets().size() - + 1); // FIXME @Fabian clang-tidy complains about + // narrowing conversion } return From->offsets().begin(); }(), @@ -443,11 +452,14 @@ AbstractMemoryLocationFactoryBase::withTransferFromImpl( auto MaximumSize = std::min(AML->offsets().size() + AML->lifetime(), To->offsets().size() + NwLifetime); +#ifdef XTAINT_DIAGNOSTICS bool IsOverApproximating = false; +#endif if (Offs.size() > MaximumSize) { Offs.resize(MaximumSize); - NwLifetime = 0; +#ifdef XTAINT_DIAGNOSTICS IsOverApproximating = true; +#endif } const auto *Ret = diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp index b583c66117..e38c0652cf 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp @@ -18,7 +18,7 @@ namespace psr::XTaint { ComposeEdgeFunction::ComposeEdgeFunction(BasicBlockOrdering &BBO, EdgeFunctionPtrType F, EdgeFunctionPtrType G) - : EdgeFunctionBase(Kind::Compose, BBO), F(std::move(F)), G(std::move(G)) {} + : EdgeFunctionBase(EFKind::Compose, BBO), F(std::move(F)), G(std::move(G)) {} auto ComposeEdgeFunction::computeTarget(l_t Source) -> l_t { return G->computeTarget(F->computeTarget(Source)); diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.cpp index 208faff2d4..b816567484 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.cpp @@ -21,7 +21,7 @@ namespace psr::XTaint { GenEdgeFunction::GenEdgeFunction(BasicBlockOrdering &BBO, const llvm::Instruction *Sani) - : EdgeFunctionBase(Kind::Gen, BBO), Sani(Sani) {} + : EdgeFunctionBase(EFKind::Gen, BBO), Sani(Sani) {} GenEdgeFunction::l_t GenEdgeFunction::computeTarget([[maybe_unused]] l_t Source) { diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.cpp index 5faff6ac1e..2352cdcc00 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.cpp @@ -20,7 +20,7 @@ namespace psr::XTaint { JoinConstEdgeFunction::JoinConstEdgeFunction( BasicBlockOrdering &BBO, EdgeFunctionPtrType OtherFn, const llvm::Instruction *OtherConst) - : EdgeFunctionBase(Kind::JoinConst, BBO), OtherFn(std::move(OtherFn)), + : EdgeFunctionBase(EFKind::JoinConst, BBO), OtherFn(std::move(OtherFn)), OtherConst(OtherConst) { assert(OtherConst); } diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp index eac3a92116..c7b898aa46 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp @@ -23,11 +23,11 @@ namespace psr::XTaint { JoinEdgeFunction::JoinEdgeFunction(BasicBlockOrdering &BBO, SubEdgeFuctionsTy &&SubEF, const EdgeDomain &Seed) - : EdgeFunctionBase(Kind::Join, BBO), SubEF(std::move(SubEF)), Seed(Seed) {} + : EdgeFunctionBase(EFKind::Join, BBO), SubEF(std::move(SubEF)), Seed(Seed) {} JoinEdgeFunction::JoinEdgeFunction( BasicBlockOrdering &BBO, std::initializer_list SubEF, const EdgeDomain &Seed) - : EdgeFunctionBase(Kind::Join, BBO), SubEF(SubEF), Seed(Seed) {} + : EdgeFunctionBase(EFKind::Join, BBO), SubEF(SubEF), Seed(Seed) {} auto JoinEdgeFunction::create(BasicBlockOrdering &BBO, EdgeFunctionPtrType First, diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.cpp index 912b5749ba..72f6a0e2d5 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/KillIfSanitizedEdgeFunction.cpp @@ -19,7 +19,7 @@ namespace psr::XTaint { KillIfSanitizedEdgeFunction::KillIfSanitizedEdgeFunction( BasicBlockOrdering &BBO, const llvm::Instruction *Load) - : EdgeFunctionBase(Kind::KillIfSani, BBO), Load(Load) {} + : EdgeFunctionBase(EFKind::KillIfSani, BBO), Load(Load) {} KillIfSanitizedEdgeFunction::l_t KillIfSanitizedEdgeFunction::computeTarget(l_t Source) { diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/TransferEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/TransferEdgeFunction.cpp index 29eed278d5..c77d8d75cc 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/TransferEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/TransferEdgeFunction.cpp @@ -20,7 +20,7 @@ namespace psr::XTaint { TransferEdgeFunction::TransferEdgeFunction(BasicBlockOrdering &BBO, const llvm::Instruction *Load, const llvm::Instruction *To) - : EdgeFunctionBase(Kind::Transfer, BBO), Load(Load), To(To) {} + : EdgeFunctionBase(EFKind::Transfer, BBO), Load(Load), To(To) {} auto TransferEdgeFunction::computeTarget(l_t Source) -> l_t { diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.cpp index 3b9bc7c2f7..b3c539b890 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.cpp @@ -15,8 +15,8 @@ #include "phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.h" namespace psr::XTaint { -EdgeFunctionBase::EdgeFunctionBase(Kind Kind, BasicBlockOrdering &BBO) - : BBO(BBO), kind(Kind) {} +EdgeFunctionBase::EdgeFunctionBase(EFKind Kind, BasicBlockOrdering &BBO) + : BBO(BBO), Kind(Kind) {} EdgeFunctionBase::EdgeFunctionPtrType EdgeFunctionBase::composeWith(EdgeFunctionPtrType SecondFunction) { diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.cpp index 38ede4db52..75e4c41351 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysis.cpp @@ -72,7 +72,7 @@ IDEExtendedTaintAnalysis::initialSeeds() { } auto IDEExtendedTaintAnalysis::createZeroValue() const -> d_t { - return FactFactory.GetOrCreateZero(); + return FactFactory.getOrCreateZero(); } bool IDEExtendedTaintAnalysis::isZeroValue(d_t Fact) const { @@ -822,7 +822,7 @@ auto IDEExtendedTaintAnalysis::join(l_t LHS, l_t RHS) -> l_t { // Helpers: auto IDEExtendedTaintAnalysis::makeFlowFact(const llvm::Value *V) -> d_t { - return FactFactory.Create(V, Bound); + return FactFactory.create(V, Bound); } void IDEExtendedTaintAnalysis::identity(std::set &Ret, d_t Source, diff --git a/unittests/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysisTest.cpp b/unittests/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysisTest.cpp index 2a139deb49..84ee36f90f 100644 --- a/unittests/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysisTest.cpp +++ b/unittests/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEExtendedTaintAnalysisTest.cpp @@ -57,7 +57,7 @@ class IDETaintAnalysisTest : public ::testing::Test { void doAnalysis(const std::vector &IRFiles, const map> &GroundTruth, std::variant Config, - bool dumpResults = false) { + bool DumpResults = false) { ProjectIRDB IRDB(IRFiles, IRDBOptions::WPA); LLVMTypeHierarchy TH(IRDB); @@ -65,13 +65,13 @@ class IDETaintAnalysisTest : public ::testing::Test { LLVMPointsToSet PT(IRDB); LLVMBasedICFG ICFG(IRDB, CallGraphAnalysisType::OTF, EntryPoints, &TH, &PT); auto TC = - std::visit(overloaded{[&](std::monostate) { return TaintConfig(IRDB); }, + std::visit(Overloaded{[&](std::monostate) { return TaintConfig(IRDB); }, [&](json *JS) { - auto ret = TaintConfig(IRDB, *JS); - if (dumpResults) { - std::cerr << ret << "\n"; + auto Ret = TaintConfig(IRDB, *JS); + if (DumpResults) { + std::cerr << Ret << "\n"; } - return ret; + return Ret; }, [&](CallBackPairTy &CB) { return TaintConfig(CB.first, CB.second); @@ -84,7 +84,7 @@ class IDETaintAnalysisTest : public ::testing::Test { IDESolver_P> Solver(TaintProblem); Solver.solve(); // Solver.printAnnotatedIR(); - if (dumpResults) { + if (DumpResults) { Solver.dumpResults(); } @@ -119,9 +119,9 @@ class IDETaintAnalysisTest : public ::testing::Test { }; // Test Fixture TEST_F(IDETaintAnalysisTest, XTaint01_Json) { - map> gt; + map> Gt; - gt[7] = {"6"}; + Gt[7] = {"6"}; json Config = R"!({ "name": "XTaintTest", @@ -148,216 +148,216 @@ TEST_F(IDETaintAnalysisTest, XTaint01_Json) { ] })!"_json; - doAnalysis({PathToLLFiles + "xtaint01_json_cpp_dbg.ll"}, gt, &Config); + doAnalysis({PathToLLFiles + "xtaint01_json_cpp_dbg.ll"}, Gt, &Config); } TEST_F(IDETaintAnalysisTest, XTaint01) { - map> gt; + map> Gt; - gt[15] = {"14"}; + Gt[15] = {"14"}; - doAnalysis({PathToLLFiles + "xtaint01_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint01_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint02) { - map> gt; + map> Gt; - gt[20] = {"19"}; + Gt[20] = {"19"}; - doAnalysis({PathToLLFiles + "xtaint02_cpp.ll"}, gt, std::monostate{}, true); + doAnalysis({PathToLLFiles + "xtaint02_cpp.ll"}, Gt, std::monostate{}, true); } TEST_F(IDETaintAnalysisTest, XTaint03) { - map> gt; + map> Gt; - gt[23] = {"22"}; + Gt[23] = {"22"}; - doAnalysis({PathToLLFiles + "xtaint03_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint03_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint04) { - map> gt; + map> Gt; - gt[17] = {"16"}; + Gt[17] = {"16"}; - doAnalysis({PathToLLFiles + "xtaint04_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint04_cpp.ll"}, Gt, std::monostate{}); } // XTaint05 is similar to 06, but even harder TEST_F(IDETaintAnalysisTest, XTaint06) { - map> gt; + map> Gt; // no leaks expected - doAnalysis({PathToLLFiles + "xtaint06_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint06_cpp.ll"}, Gt, std::monostate{}); } /// In the new TaintConfig specifying source/sink/sanitizer properties for extra /// parameters of C-style variadic functions is not (yet?) supported. So, the /// tests XTaint07 and XTaint08 are disabled. TEST_F(IDETaintAnalysisTest, DISABLED_XTaint07) { - map> gt; + map> Gt; - gt[21] = {"20"}; + Gt[21] = {"20"}; - doAnalysis({PathToLLFiles + "xtaint07_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint07_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, DISABLED_XTaint08) { - map> gt; + map> Gt; - gt[24] = {"23"}; + Gt[24] = {"23"}; - doAnalysis({PathToLLFiles + "xtaint08_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint08_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint09_1) { - map> gt; + map> Gt; - gt[27] = {"26"}; + Gt[27] = {"26"}; - doAnalysis({PathToLLFiles + "xtaint09_1_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint09_1_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint09) { - map> gt; + map> Gt; - gt[34] = {"33"}; + Gt[34] = {"33"}; - doAnalysis({PathToLLFiles + "xtaint09_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint09_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, DISABLED_XTaint10) { - map> gt; + map> Gt; // undefined behaviour: sometimes this test fails, but most of the time // it passes. It only fails when executed together with other tests. It // never failed (so far) for ./IDEExtendedTaintAnalysisTest - // --gtest_filter=*XTaint10 + // --Gtest_filter=*XTaint10 // UPDATE: With the fixed k-limiting, this test // almost always fails due to aliasing issues, so disable it. - // TODO: Also update the gt - gt[33] = {"32"}; + // TODO: Also update the Gt + Gt[33] = {"32"}; - doAnalysis({PathToLLFiles + "xtaint10_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint10_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, DISABLED_XTaint11) { - map> gt; + map> Gt; // no leaks expected; actually finds "27" at 28 - doAnalysis({PathToLLFiles + "xtaint11_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint11_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint12) { - map> gt; + map> Gt; // We sanitize an alias - since we don't have must-alias relations, we cannot // kill aliases at all - gt[30] = {"29"}; + Gt[30] = {"29"}; - doAnalysis({PathToLLFiles + "xtaint12_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint12_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint13) { - map> gt; + map> Gt; - gt[32] = {"31"}; + Gt[32] = {"31"}; - doAnalysis({PathToLLFiles + "xtaint13_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint13_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint14) { - map> gt; + map> Gt; - gt[35] = {"34"}; + Gt[35] = {"34"}; - doAnalysis({PathToLLFiles + "xtaint14_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint14_cpp.ll"}, Gt, std::monostate{}); } /// The TaintConfig fails to get all call-sites of Source::get, because it has /// no CallGraph information TEST_F(IDETaintAnalysisTest, DISABLED_XTaint15) { - map> gt; + map> Gt; - gt[47] = {"46"}; + Gt[47] = {"46"}; - doAnalysis({PathToLLFiles + "xtaint15_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint15_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint16) { - map> gt; + map> Gt; - gt[26] = {"25"}; + Gt[26] = {"25"}; - doAnalysis({PathToLLFiles + "xtaint16_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint16_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint17) { - map> gt; + map> Gt; - gt[29] = {"28"}; + Gt[29] = {"28"}; - doAnalysis({PathToLLFiles + "xtaint17_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint17_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint18) { - map> gt; + map> Gt; - // gt[26] = {"25"}; + // Gt[26] = {"25"}; - doAnalysis({PathToLLFiles + "xtaint18_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint18_cpp.ll"}, Gt, std::monostate{}); } PHASAR_SKIP_TEST(TEST_F(IDETaintAnalysisTest, XTaint19) { // Is now the same as XTaint17 GTEST_SKIP(); - map> gt; + map> Gt; - gt[22] = {"21"}; + Gt[22] = {"21"}; - doAnalysis({PathToLLFiles + "xtaint19_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint19_cpp.ll"}, Gt, std::monostate{}); }) TEST_F(IDETaintAnalysisTest, XTaint20) { - map> gt; + map> Gt; - gt[25] = {"17"}; - gt[27] = {"26"}; + Gt[25] = {"17"}; + Gt[27] = {"26"}; - doAnalysis({PathToLLFiles + "xtaint20_cpp.ll"}, gt, std::monostate{}); + doAnalysis({PathToLLFiles + "xtaint20_cpp.ll"}, Gt, std::monostate{}); } TEST_F(IDETaintAnalysisTest, XTaint21) { - map> gt; + map> Gt; - gt[10] = {"2"}; - gt[12] = {"11"}; + Gt[10] = {"2"}; + Gt[12] = {"11"}; IDEExtendedTaintAnalysis<>::config_callback_t SourceCB = [](const llvm::Instruction *Inst) { - std::set ret; + std::set Ret; if (const auto *Call = llvm::dyn_cast(Inst); Call && Call->getCalledFunction() && Call->getCalledFunction()->getName() == "_Z7srcsinkRi") { - ret.insert(Call->getArgOperand(0)); + Ret.insert(Call->getArgOperand(0)); } - return ret; + return Ret; }; IDEExtendedTaintAnalysis<>::config_callback_t SinkCB = [](const llvm::Instruction *Inst) { - std::set ret; + std::set Ret; if (const auto *Call = llvm::dyn_cast(Inst); Call && Call->getCalledFunction() && (Call->getCalledFunction()->getName() == "_Z7srcsinkRi" || Call->getCalledFunction()->getName() == "_Z4sinki")) { - ret.insert(Call->getArgOperand(0)); + Ret.insert(Call->getArgOperand(0)); } - return ret; + return Ret; }; - doAnalysis({PathToLLFiles + "xtaint21_cpp.ll"}, gt, + doAnalysis({PathToLLFiles + "xtaint21_cpp.ll"}, Gt, CallBackPairTy{std::move(SourceCB), std::move(SinkCB)}); } From 93ea6d73d859c256a11c35829acd8a54e3d1fa87 Mon Sep 17 00:00:00 2001 From: Florian Sattler Date: Fri, 24 Dec 2021 14:43:34 +0100 Subject: [PATCH 2/6] Update lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp index e38c0652cf..40bc446f9b 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/ComposeEdgeFunction.cpp @@ -18,7 +18,8 @@ namespace psr::XTaint { ComposeEdgeFunction::ComposeEdgeFunction(BasicBlockOrdering &BBO, EdgeFunctionPtrType F, EdgeFunctionPtrType G) - : EdgeFunctionBase(EFKind::Compose, BBO), F(std::move(F)), G(std::move(G)) {} + : EdgeFunctionBase(EFKind::Compose, BBO), F(std::move(F)), G(std::move(G)) { +} auto ComposeEdgeFunction::computeTarget(l_t Source) -> l_t { return G->computeTarget(F->computeTarget(Source)); From 70e11da18b3c1f4ee776f96eb33921875c526747 Mon Sep 17 00:00:00 2001 From: Florian Sattler Date: Fri, 24 Dec 2021 14:43:39 +0100 Subject: [PATCH 3/6] Update lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp index c7b898aa46..a8865cd572 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinEdgeFunction.cpp @@ -23,7 +23,8 @@ namespace psr::XTaint { JoinEdgeFunction::JoinEdgeFunction(BasicBlockOrdering &BBO, SubEdgeFuctionsTy &&SubEF, const EdgeDomain &Seed) - : EdgeFunctionBase(EFKind::Join, BBO), SubEF(std::move(SubEF)), Seed(Seed) {} + : EdgeFunctionBase(EFKind::Join, BBO), SubEF(std::move(SubEF)), Seed(Seed) { +} JoinEdgeFunction::JoinEdgeFunction( BasicBlockOrdering &BBO, std::initializer_list SubEF, const EdgeDomain &Seed) From 52384368c9fb98e51c55f9d07f992efe53759c8b Mon Sep 17 00:00:00 2001 From: Florian Sattler Date: Fri, 24 Dec 2021 15:23:03 +0100 Subject: [PATCH 4/6] Fixes function name to lower case --- .../ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h index 62fb2be36b..5364a780df 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h @@ -97,7 +97,7 @@ class AbstractMemoryLocationFactoryBase { const AbstractMemoryLocationImpl *createImpl(const llvm::Value *V, unsigned BOUND); - const AbstractMemoryLocationImpl *GetOrCreateZeroImpl() const; + const AbstractMemoryLocationImpl *getOrCreateZeroImpl() const; const AbstractMemoryLocationImpl * withIndirectionOfImpl(const AbstractMemoryLocationImpl *AML, llvm::ArrayRef Ind); From 41df274a8a83e040aa82737071101598de482c7a Mon Sep 17 00:00:00 2001 From: Florian Sattler Date: Fri, 24 Dec 2021 15:54:12 +0100 Subject: [PATCH 5/6] Rename impl --- .../ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp index d7100686b8..7ee7cac7be 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp @@ -245,7 +245,7 @@ AbstractMemoryLocationFactoryBase::createImpl(const llvm::Value *V, } [[nodiscard]] const AbstractMemoryLocationImpl * -AbstractMemoryLocationFactoryBase::GetOrCreateZeroImpl() const { +AbstractMemoryLocationFactoryBase::getOrCreateZeroImpl() const { // Can allocate without Allocator, because the number of offsets is zero static detail::AbstractMemoryLocationImpl Zero = nullptr; return &Zero; From 2d8e6a045955105a326146460025fb2f4eb4b11b Mon Sep 17 00:00:00 2001 From: Fabian Schiebel Date: Sun, 26 Dec 2021 12:20:19 +0100 Subject: [PATCH 6/6] Get rid of the narrowing conversion in AbstractMemoryLocationFactory --- .../AbstractMemoryLocationFactory.h | 2 +- .../AbstractMemoryLocationFactory.cpp | 75 +++++++------------ 2 files changed, 29 insertions(+), 48 deletions(-) diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h index 5364a780df..b703e4cc05 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h @@ -89,7 +89,7 @@ class AbstractMemoryLocationFactoryBase { const llvm::DataLayout *DL = nullptr; const detail::AbstractMemoryLocationImpl * - getOrCreateImpl(const llvm::Value *V, llvm::SmallVectorImpl &&Offs, + getOrCreateImpl(const llvm::Value *V, llvm::ArrayRef Offs, unsigned BOUND); const detail::AbstractMemoryLocationImpl * diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp index 7ee7cac7be..a7de4e36eb 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp @@ -7,7 +7,6 @@ * Fabian Schiebel and others *****************************************************************************/ -#include #include #include @@ -141,8 +140,7 @@ void AbstractMemoryLocationFactoryBase::setDataLayout( const AbstractMemoryLocationImpl * AbstractMemoryLocationFactoryBase::getOrCreateImpl( - const llvm::Value *V, llvm::SmallVectorImpl &&Offs, - unsigned BOUND) { + const llvm::Value *V, llvm::ArrayRef Offs, unsigned BOUND) { llvm::FoldingSetNodeID ID; detail::AbstractMemoryLocationImpl::MakeProfile(ID, V, Offs, BOUND); void *Pos; @@ -157,11 +155,7 @@ AbstractMemoryLocationFactoryBase::getOrCreateImpl( const AbstractMemoryLocationImpl * AbstractMemoryLocationFactoryBase::getOrCreateImpl(const llvm::Value *V, unsigned BOUND) { - - llvm::SmallVector Offs = {0}; - const auto *Ret = - getOrCreateImpl(V, std::move(Offs), BOUND == 0 ? 0 : BOUND - 1); - + const auto *Ret = getOrCreateImpl(V, {0}, BOUND == 0 ? 0 : BOUND - 1); return Ret; } @@ -233,7 +227,7 @@ AbstractMemoryLocationFactoryBase::createImpl(const llvm::Value *V, Offs.resize(BOUND); } - const auto *Mem = getOrCreateImpl(Baseptr, std::move(Offs), Lifetime); + const auto *Mem = getOrCreateImpl(Baseptr, Offs, Lifetime); #ifdef XTAINT_DIAGNOSTICS if (IsOverApproximating) @@ -253,10 +247,12 @@ AbstractMemoryLocationFactoryBase::getOrCreateZeroImpl() const { const AbstractMemoryLocationImpl *AbstractMemoryLocationFactoryBase::limitImpl( const AbstractMemoryLocationImpl *AML) { - const auto *Beg = AML->offsets().begin(); - const auto *End = AML->offsets().end(); - llvm::SmallVector Offs(Beg, Beg == End ? End : End - 1); - const auto *Ret = getOrCreateImpl(AML->base(), std::move(Offs), 0); + auto Offs = AML->offsets(); + if (!Offs.empty()) { + Offs = Offs.drop_back(); + } + + const auto *Ret = getOrCreateImpl(AML->base(), Offs, 0); #ifdef XTAINT_DIAGNOSTICS overApproximatedAMLs.insert(ret); @@ -299,7 +295,7 @@ AbstractMemoryLocationFactoryBase::withIndirectionOfImpl( NwLifeTime -= Ind.size(); } - const auto *Ret = getOrCreateImpl(AML->base(), std::move(Offs), NwLifeTime); + const auto *Ret = getOrCreateImpl(AML->base(), Offs, NwLifeTime); #ifdef XTAINT_DIAGNOSTICS if (isOverApproximating) @@ -331,7 +327,7 @@ AbstractMemoryLocationFactoryBase::withOffsetImpl( AML->offsets().end()); Offs.back() += *GepOffs; - return getOrCreateImpl(AML->base(), std::move(Offs), AML->lifetime()); + return getOrCreateImpl(AML->base(), Offs, AML->lifetime()); } } @@ -366,8 +362,8 @@ AbstractMemoryLocationFactoryBase::withOffsetsImpl( OffsCpy.append(std::next(Offs.begin()), Offs.end()); - const auto *Ret = getOrCreateImpl(AML->base(), std::move(OffsCpy), - NwLifetime - Offs.size() + 1); + const auto *Ret = + getOrCreateImpl(AML->base(), OffsCpy, NwLifetime - Offs.size() + 1); #ifdef XTAINT_DIAGNOSTICS if (isOverApproximating) overApproximatedAMLs.insert(ret); @@ -390,40 +386,26 @@ AbstractMemoryLocationFactoryBase::withTransferToImpl( return Ret; } + auto [LargerOffs, SmallerOffs] = [&] { + if (AML->offsets().size() >= From->offsets().size()) { + return std::make_pair(AML->offsets(), From->offsets()); + } + return std::make_pair(From->offsets(), AML->offsets()); + }(); + + if (!SmallerOffs.empty()) { + LargerOffs = LargerOffs.drop_front(SmallerOffs.size() - 1); + } + // already checked that either offsets() is a prefix of From.offsets() or // vice versa - llvm::SmallVector Offs( - [&] { - if (AML->offsets().size() >= From->offsets().size()) { - - if (!From->offsets().empty()) { - return std::next(AML->offsets().begin(), - From->offsets().size() - - 1); // FIXME @Fabian clang-tidy complains about - // narrowing conversion - } - return AML->offsets().begin(); - } - if (!AML->offsets().empty()) { - return std::next(From->offsets().begin(), - AML->offsets().size() - - 1); // FIXME @Fabian clang-tidy complains about - // narrowing conversion - } - return From->offsets().begin(); - }(), - [&] { - return AML->offsets().size() >= From->offsets().size() - ? AML->offsets().end() - : From->offsets().end(); - }()); + llvm::SmallVector Offs(LargerOffs.begin(), LargerOffs.end()); if (!Offs.empty()) { Offs.back() = 0; } - return getOrCreateImpl(To, std::move(Offs), - std::min(AML->lifetime(), From->lifetime())); + return getOrCreateImpl(To, Offs, std::min(AML->lifetime(), From->lifetime())); } const AbstractMemoryLocationImpl * @@ -462,9 +444,8 @@ AbstractMemoryLocationFactoryBase::withTransferFromImpl( #endif } - const auto *Ret = - getOrCreateImpl(To->base(), std::move(Offs), - std::min(AML->lifetime(), MaximumSize - Offs.size())); + const auto *Ret = getOrCreateImpl( + To->base(), Offs, std::min(AML->lifetime(), MaximumSize - Offs.size())); #ifdef XTAINT_DIAGNOSTICS if (isOverApproximating)