From e90886d85aa601ef460923f03f45435c27cf50a9 Mon Sep 17 00:00:00 2001 From: Fabian Schiebel Date: Mon, 14 Nov 2022 16:28:36 +0100 Subject: [PATCH 1/5] Remove llvm::Type::getPointerElementType() + llvm::PointerType::getElementType() wherever possible and deprecate everything else; TODO: How to deal with the legacy stuff that got deprecated? --- .clang-tidy | 1 + .../PhasarLLVM/ControlFlow/LLVMBasedICFG.h | 4 +- .../Utils/DataFlowUtils.h | 19 +- .../phasar/PhasarLLVM/Utils/LLVMShorthands.h | 8 - include/phasar/Utils/Utilities.h | 4 +- .../ControlFlow/Resolver/OTFResolver.cpp | 184 ++++++++---------- .../ControlFlow/Resolver/RTAResolver.cpp | 15 -- .../ControlFlow/Resolver/Resolver.cpp | 25 ++- .../IDEGeneralizedLCA/ConstantHelper.cpp | 6 +- .../Problems/IDEGeneralizedLCA/EdgeValue.cpp | 10 +- .../Problems/IDELinearConstantAnalysis.cpp | 2 +- .../IfdsIde/Problems/IDETypeStateAnalysis.cpp | 18 +- .../Passes/GeneralStatisticsAnalysis.cpp | 18 +- .../Pointer/LLVMBasedPointsToAnalysis.cpp | 21 +- lib/PhasarLLVM/Pointer/LLVMPointsToGraph.cpp | 14 +- lib/PhasarLLVM/Pointer/LLVMPointsToSet.cpp | 21 +- lib/PhasarLLVM/TaintConfig/TaintConfig.cpp | 4 +- lib/PhasarLLVM/Utils/LLVMShorthands.cpp | 11 +- lib/Utils/Utilities.cpp | 5 +- 19 files changed, 178 insertions(+), 212 deletions(-) diff --git a/.clang-tidy b/.clang-tidy index ad126f001..57a4a4530 100644 --- a/.clang-tidy +++ b/.clang-tidy @@ -15,6 +15,7 @@ Checks: '-*, -readability-function-cognitive-complexity, -readability-convert-member-functions-to-static, -readability-isolate-declaration, + -readability-identifier-length, cppcoreguidelines-*, -cppcoreguidelines-avoid-non-const-global-variables, -cppcoreguidelines-pro-bounds-array-to-pointer-decay, diff --git a/include/phasar/PhasarLLVM/ControlFlow/LLVMBasedICFG.h b/include/phasar/PhasarLLVM/ControlFlow/LLVMBasedICFG.h index 784fd3d26..5cef957a4 100644 --- a/include/phasar/PhasarLLVM/ControlFlow/LLVMBasedICFG.h +++ b/include/phasar/PhasarLLVM/ControlFlow/LLVMBasedICFG.h @@ -140,8 +140,8 @@ class LLVMBasedICFG return; } - if (const auto *FunArray = llvm::dyn_cast( - Gtors->getType()->getPointerElementType())) { + if (const auto *FunArray = + llvm::dyn_cast(Gtors->getValueType())) { if (const auto *ConstFunArray = llvm::dyn_cast(Gtors->getInitializer())) { for (const auto &Op : ConstFunArray->operands()) { diff --git a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h index bcd301051..1e05e8d4b 100644 --- a/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h +++ b/include/phasar/PhasarLLVM/DataFlowSolver/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h @@ -16,7 +16,8 @@ namespace psr { -class DataFlowUtils { +class [[deprecated("Requires non-opaque pointers, which will no longer be " + "supported by LLVM in the next version!")]] DataFlowUtils { public: DataFlowUtils() = delete; @@ -26,12 +27,12 @@ class DataFlowUtils { static bool isMemoryLocationTainted(const llvm::Value *MemLocationMatr, const ExtendedValue &Fact); - static std::vector - getMemoryLocationSeqFromMatr(const llvm::Value *MemLocationMatr); - static std::vector - getMemoryLocationSeqFromFact(const ExtendedValue &MemLocationFact); - static std::vector - getVaListMemoryLocationSeqFromFact(const ExtendedValue &VaListFact); + static std::vector getMemoryLocationSeqFromMatr( + const llvm::Value *MemLocationMatr); + static std::vector getMemoryLocationSeqFromFact( + const ExtendedValue &MemLocationFact); + static std::vector getVaListMemoryLocationSeqFromFact( + const ExtendedValue &VaListFact); static bool isMemoryLocationSeqsEqual( const std::vector &MemLocationSeq1, @@ -68,8 +69,8 @@ class DataFlowUtils { const llvm::Function *DestFun, const llvm::Value *ZeroValue); - static const llvm::BasicBlock * - getEndOfTaintedBlock(const llvm::BasicBlock *StartBasicBlock); + static const llvm::BasicBlock *getEndOfTaintedBlock( + const llvm::BasicBlock *StartBasicBlock); static bool removeTaintedBlockInst(const ExtendedValue &Fact, const llvm::Instruction *CurrentInst); static bool isAutoGENInTaintedBlock(const llvm::Instruction *CurrentInst); diff --git a/include/phasar/PhasarLLVM/Utils/LLVMShorthands.h b/include/phasar/PhasarLLVM/Utils/LLVMShorthands.h index ccca02e27..e4814c168 100644 --- a/include/phasar/PhasarLLVM/Utils/LLVMShorthands.h +++ b/include/phasar/PhasarLLVM/Utils/LLVMShorthands.h @@ -30,14 +30,6 @@ namespace psr { -/** - * @brief Checks if the given LLVM Value is a LLVM Function Pointer. - * @param V LLVM Value. - * @return True, if given LLVM Value is a LLVM Function Pointer. False, - * otherwise. - */ -bool isFunctionPointer(const llvm::Value *V) noexcept; - /** * @brief Checks if the given LLVM Value is either a alloca instruction or a * heap allocation function, e.g. new, new[], malloc, realloc or calloc. diff --git a/include/phasar/Utils/Utilities.h b/include/phasar/Utils/Utilities.h index 13601efa2..210667858 100644 --- a/include/phasar/Utils/Utilities.h +++ b/include/phasar/Utils/Utilities.h @@ -34,7 +34,9 @@ bool isConstructor(const std::string &MangledName); std::string debasify(const std::string &Name); -const llvm::Type *stripPointer(const llvm::Type *Pointer); +[[deprecated("Requires non-opaque pointers, which will no longer be " + "supported by LLVM in the next version!")]] const llvm::Type * +stripPointer(const llvm::Type *Pointer); bool isMangled(const std::string &Name); diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/OTFResolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/OTFResolver.cpp index b4b0b0917..f51f56cad 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/OTFResolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/OTFResolver.cpp @@ -27,6 +27,7 @@ #include "llvm/IR/Instruction.h" #include "llvm/IR/Instructions.h" #include "llvm/IR/Module.h" +#include "llvm/IR/Operator.h" #include "llvm/Support/Casting.h" #include "llvm/Support/ErrorHandling.h" @@ -105,31 +106,26 @@ auto OTFResolver::resolveVirtualCall(const llvm::CallBase *CallSite) const llvm::Value *Receiver = CallSite->getArgOperand(0); - if (CallSite->getCalledOperand() && - CallSite->getCalledOperand()->getType()->isPointerTy()) { - if (const auto *FTy = llvm::dyn_cast( - CallSite->getCalledOperand()->getType()->getPointerElementType())) { - - auto PTS = PT.getPointsToSet(CallSite->getCalledOperand(), CallSite); - for (const auto *P : *PTS) { - if (auto *PGV = llvm::dyn_cast(P)) { - if (PGV->hasName() && - PGV->getName().startswith(LLVMTypeHierarchy::VTablePrefix) && - PGV->hasInitializer()) { - if (auto *PCS = llvm::dyn_cast( - PGV->getInitializer())) { - auto VFs = LLVMVFTable::getVFVectorFromIRVTable(*PCS); - if (VtableIndex >= VFs.size()) { - continue; - } - auto *Callee = VFs[VtableIndex]; - if (Callee == nullptr || !Callee->hasName() || - Callee->getName() == LLVMTypeHierarchy::PureVirtualCallName) { - continue; - } - PossibleCallTargets.insert(Callee); - } + const auto *FTy = CallSite->getFunctionType(); + + auto PTS = PT.getPointsToSet(CallSite->getCalledOperand(), CallSite); + for (const auto *P : *PTS) { + if (auto *PGV = llvm::dyn_cast(P)) { + if (PGV->hasName() && + PGV->getName().startswith(LLVMTypeHierarchy::VTablePrefix) && + PGV->hasInitializer()) { + if (auto *PCS = + llvm::dyn_cast(PGV->getInitializer())) { + auto VFs = LLVMVFTable::getVFVectorFromIRVTable(*PCS); + if (VtableIndex >= VFs.size()) { + continue; } + auto *Callee = VFs[VtableIndex]; + if (Callee == nullptr || !Callee->hasName() || + Callee->getName() == LLVMTypeHierarchy::PureVirtualCallName) { + continue; + } + PossibleCallTargets.insert(Callee); } } } @@ -141,95 +137,87 @@ auto OTFResolver::resolveVirtualCall(const llvm::CallBase *CallSite) auto OTFResolver::resolveFunctionPointer(const llvm::CallBase *CallSite) -> FunctionSetTy { FunctionSetTy Callees; - if (CallSite->getCalledOperand() && - CallSite->getCalledOperand()->getType()->isPointerTy()) { - if (const auto *FTy = llvm::dyn_cast( - CallSite->getCalledOperand()->getType()->getPointerElementType())) { + const auto *FTy = CallSite->getFunctionType(); + + auto PTS = PT.getPointsToSet(CallSite->getCalledOperand(), CallSite); - auto PTS = PT.getPointsToSet(CallSite->getCalledOperand(), CallSite); + llvm::SmallVector GlobalVariableWL; + llvm::SmallVector ConstantAggregateWL; + llvm::SmallPtrSet + VisitedConstantAggregates; - llvm::SmallVector GlobalVariableWL; - llvm::SmallVector ConstantAggregateWL; - llvm::SmallPtrSet - VisitedConstantAggregates; + for (const auto *P : *PTS) { + if (!llvm::isa(P)) { + continue; + } + + GlobalVariableWL.clear(); + ConstantAggregateWL.clear(); + + if (const auto *F = llvm::dyn_cast(P)) { + if (matchesSignature(F, FTy, false)) { + Callees.insert(F); + } + } - for (const auto *P : *PTS) { - if (!llvm::isa(P)) { - continue; + if (const auto *GVP = llvm::dyn_cast(P)) { + GlobalVariableWL.push_back(GVP); + } else if (const auto *CE = llvm::dyn_cast(P)) { + for (const auto &Op : CE->operands()) { + if (const auto *GVOp = llvm::dyn_cast(Op)) { + GlobalVariableWL.push_back(GVOp); } + } + } + + if (GlobalVariableWL.empty()) { + continue; + } - GlobalVariableWL.clear(); - ConstantAggregateWL.clear(); + for (const auto *GV : GlobalVariableWL) { + if (!GV->hasInitializer()) { + continue; + } + const auto *InitConst = GV->getInitializer(); + if (const auto *InitConstAggregate = + llvm::dyn_cast(InitConst)) { + ConstantAggregateWL.push_back(InitConstAggregate); + } + } - if (P->getType()->isPointerTy() && - P->getType()->getPointerElementType()->isFunctionTy()) { - if (const auto *F = llvm::dyn_cast(P)) { - if (matchesSignature(F, FTy, false)) { + VisitedConstantAggregates.clear(); + + while (!ConstantAggregateWL.empty()) { + const auto *ConstAggregateItem = ConstantAggregateWL.pop_back_val(); + // We may have already processed the item, avoid an infinite loop + if (!VisitedConstantAggregates.insert(ConstAggregateItem).second) { + continue; + } + for (const auto &Op : ConstAggregateItem->operands()) { + if (const auto *CE = llvm::dyn_cast(Op)) { + if (CE->getType()->isPointerTy() && + (CE->getType()->isOpaquePointerTy() || + CE->getType()->getPointerElementType() == FTy)) { + if (const auto *F = + llvm::dyn_cast(CE->getOperand(0))) { Callees.insert(F); } } } - if (const auto *GVP = llvm::dyn_cast(P)) { - GlobalVariableWL.push_back(GVP); - } else if (const auto *CE = llvm::dyn_cast(P)) { - for (const auto &Op : CE->operands()) { - if (const auto *GVOp = llvm::dyn_cast(Op)) { - GlobalVariableWL.push_back(GVOp); - } + if (const auto *F = llvm::dyn_cast(Op)) { + if (matchesSignature(F, FTy, false)) { + Callees.insert(F); } - } - - if (GlobalVariableWL.empty()) { - continue; - } - - for (const auto *GV : GlobalVariableWL) { + } else if (auto *CA = llvm::dyn_cast(Op)) { + ConstantAggregateWL.push_back(CA); + } else if (auto *GV = llvm::dyn_cast(Op)) { if (!GV->hasInitializer()) { continue; } - const auto *InitConst = GV->getInitializer(); - if (const auto *InitConstAggregate = - llvm::dyn_cast(InitConst)) { - ConstantAggregateWL.push_back(InitConstAggregate); - } - } - - VisitedConstantAggregates.clear(); - - while (!ConstantAggregateWL.empty()) { - const auto *ConstAggregateItem = ConstantAggregateWL.pop_back_val(); - // We may have already processed the item, avoid an infinite loop - if (!VisitedConstantAggregates.insert(ConstAggregateItem).second) { - continue; - } - for (const auto &Op : ConstAggregateItem->operands()) { - if (const auto *CE = llvm::dyn_cast(Op)) { - if (CE->getType()->isPointerTy() && - CE->getType()->getPointerElementType() == FTy && - CE->isCast()) { - if (const auto *F = - llvm::dyn_cast(CE->getOperand(0))) { - Callees.insert(F); - } - } - } - - if (const auto *F = llvm::dyn_cast(Op)) { - if (matchesSignature(F, FTy, false)) { - Callees.insert(F); - } - } else if (auto *CA = llvm::dyn_cast(Op)) { - ConstantAggregateWL.push_back(CA); - } else if (auto *GV = llvm::dyn_cast(Op)) { - if (!GV->hasInitializer()) { - continue; - } - if (auto *GVCA = llvm::dyn_cast( - GV->getInitializer())) { - ConstantAggregateWL.push_back(GVCA); - } - } + if (auto *GVCA = llvm::dyn_cast( + GV->getInitializer())) { + ConstantAggregateWL.push_back(GVCA); } } } diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp index 441343915..347b4dfa5 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp @@ -33,23 +33,8 @@ using namespace psr; RTAResolver::RTAResolver(ProjectIRDB &IRDB, LLVMTypeHierarchy &TH) : CHAResolver(IRDB, TH) {} -// void RTAResolver::firstFunction(const llvm::Function *F) { -// auto func_type = F->getFunctionType(); - -// for (auto param : func_type->params()) { -// if (llvm::isa(param)) { -// if (auto struct_ty = -// llvm::dyn_cast(stripPointer(param))) { -// unsound_types.insert(struct_ty); -// } -// } -// } -// } - auto RTAResolver::resolveVirtualCall(const llvm::CallBase *CallSite) -> FunctionSetTy { - // throw runtime_error("RTA is currently unabled to deal with already built " - // "library, it has been disable until this is fixed"); FunctionSetTy PossibleCallTargets; diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp index 3cfbeaeca..45f26c6b3 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp @@ -71,9 +71,11 @@ const llvm::StructType *getReceiverType(const llvm::CallBase *CallSite) { return nullptr; } - if (const auto *ReceiverTy = llvm::dyn_cast( - Receiver->getType()->getPointerElementType())) { - return ReceiverTy; + if (!Receiver->getType()->isOpaquePointerTy()) { + if (const auto *ReceiverTy = llvm::dyn_cast( + Receiver->getType()->getPointerElementType())) { + return ReceiverTy; + } } return nullptr; @@ -119,19 +121,14 @@ auto Resolver::resolveFunctionPointer(const llvm::CallBase *CallSite) PHASAR_LOG_LEVEL(DEBUG, "Call function pointer: " << llvmIRToString(CallSite)); FunctionSetTy CalleeTargets; - // *CS.getCalledValue() == nullptr* can happen in extremely rare cases (the - // origin is still unknown) - if (CallSite->getCalledOperand() != nullptr && - CallSite->getCalledOperand()->getType()->isPointerTy()) { - if (const auto *FTy = llvm::dyn_cast( - CallSite->getCalledOperand()->getType()->getPointerElementType())) { - for (const auto *F : IRDB.getAllFunctions()) { - if (matchesSignature(F, FTy)) { - CalleeTargets.insert(F); - } - } + + const auto *FTy = CallSite->getFunctionType(); + for (const auto *F : IRDB.getAllFunctions()) { + if (matchesSignature(F, FTy)) { + CalleeTargets.insert(F); } } + return CalleeTargets; } diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/ConstantHelper.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/ConstantHelper.cpp index 857f1b893..5a06e6147 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/ConstantHelper.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/ConstantHelper.cpp @@ -9,6 +9,7 @@ #include "llvm/IR/Constants.h" #include "llvm/IR/GlobalVariable.h" +#include "llvm/IR/Operator.h" #include "llvm/IR/Value.h" #include "phasar/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/ConstantHelper.h" @@ -26,9 +27,8 @@ bool isConstant(const llvm::Value *Val) { if (llvm::isa(Val)) { // NULL return true; } - if (const auto *Gep = llvm::dyn_cast(Val); - Gep && Val->getType()->isPointerTy() && - Val->getType()->getPointerElementType()->isIntegerTy()) { + if (const auto *Gep = llvm::dyn_cast(Val); + Gep && Gep->getResultElementType()->isIntegerTy()) { // const string // val isa GEP auto *Op1 = Gep->getOperand(0); // op1 is pointer-operand diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/EdgeValue.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/EdgeValue.cpp index 3eea17a96..4e4e4b824 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/EdgeValue.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDEGeneralizedLCA/EdgeValue.cpp @@ -13,6 +13,8 @@ #include "llvm/ADT/APFloat.h" #include "llvm/IR/Constants.h" #include "llvm/IR/GlobalVariable.h" +#include "llvm/IR/Operator.h" +#include "llvm/Support/Casting.h" #include "llvm/Support/raw_ostream.h" #include @@ -64,13 +66,11 @@ EdgeValue::EdgeValue(const llvm::Value *Val) : VariantType(Top) { } else if (llvm::isa(Const)) { VariantType = String; ValVariant = std::string(); - } else if (Const->getType()->isPointerTy() && - Const->getType()->getPointerElementType()->isIntegerTy()) { + } else if (auto Gep = llvm::dyn_cast(Const); + Gep && Gep->getResultElementType()->isIntegerTy()) { VariantType = String; - const auto *Gep = llvm::cast( - Const); // already checked, hence cast instead of dyn_cast if (const auto *Glob = - llvm::dyn_cast(Gep->getOperand(0))) { + llvm::dyn_cast(Gep->getPointerOperand())) { ValVariant = std::string( llvm::cast(Glob->getInitializer()) ->getAsCString() diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDELinearConstantAnalysis.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDELinearConstantAnalysis.cpp index 1077b582c..60975098c 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDELinearConstantAnalysis.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDELinearConstantAnalysis.cpp @@ -91,7 +91,7 @@ IDELinearConstantAnalysis::getNormalFlowFunction(n_t Curr, n_t /*Succ*/) { // check load instructions if (const auto *Load = llvm::dyn_cast(Curr)) { // only consider i32 load - if (Load->getPointerOperandType()->getPointerElementType()->isIntegerTy()) { + if (Load->getType()->isIntegerTy()) { return std::make_shared>(Load, [Load](d_t Source) { return Source == Load->getPointerOperand(); }); diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDETypeStateAnalysis.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDETypeStateAnalysis.cpp index bc18f79bd..aff2fe390 100644 --- a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDETypeStateAnalysis.cpp +++ b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/IDETypeStateAnalysis.cpp @@ -717,10 +717,12 @@ bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { TSD.getTypeNameOfInterest())) { return true; } + // fallthrough } if (const auto *Alloca = llvm::dyn_cast(V)) { if (Alloca->getAllocatedType()->isPointerTy()) { - if (hasMatchingTypeName( + if (Alloca->getAllocatedType()->isOpaquePointerTy() || + hasMatchingTypeName( Alloca->getAllocatedType()->getPointerElementType(), TSD.getTypeNameOfInterest())) { return true; @@ -729,14 +731,9 @@ bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { return false; } if (const auto *Load = llvm::dyn_cast(V)) { - if (Load->getPointerOperand() - ->getType() - ->getPointerElementType() - ->isPointerTy()) { - if (hasMatchingTypeName(Load->getPointerOperand() - ->getType() - ->getPointerElementType() - ->getPointerElementType(), + if (Load->getType()->isPointerTy()) { + if (Load->getType()->isOpaquePointerTy() || + hasMatchingTypeName(Load->getType()->getPointerElementType(), TSD.getTypeNameOfInterest())) { return true; } @@ -745,7 +742,8 @@ bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { } if (const auto *Store = llvm::dyn_cast(V)) { if (Store->getValueOperand()->getType()->isPointerTy()) { - if (hasMatchingTypeName( + if (Store->getValueOperand()->getType()->isOpaquePointerTy() || + hasMatchingTypeName( Store->getValueOperand()->getType()->getPointerElementType(), TSD.getTypeNameOfInterest())) { return true; diff --git a/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp b/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp index ae2a90dd2..0a3883921 100644 --- a/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp +++ b/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp @@ -22,6 +22,7 @@ #include "llvm/Analysis/LoopInfo.h" #include "llvm/Demangle/Demangle.h" #include "llvm/IR/AbstractCallSite.h" +#include "llvm/IR/DerivedTypes.h" #include "llvm/IR/Function.h" #include "llvm/IR/IntrinsicInst.h" #include "llvm/IR/Module.h" @@ -59,14 +60,7 @@ GeneralStatisticsAnalysis::run(llvm::Module &M, Stats.AllocaInstructions.insert(&I); ++Stats.AllocationSites; } // check bitcast instructions for possible types - else { - for (auto *User : I.users()) { - if (const llvm::BitCastInst *Cast = - llvm::dyn_cast(User)) { - // types.insert(cast->getDestTy()); - } - } - } + // check for return or resume instructions if (llvm::isa(I) || llvm::isa(I)) { Stats.RetResInstructions.insert(&I); @@ -84,9 +78,8 @@ GeneralStatisticsAnalysis::run(llvm::Module &M, ++Stats.MemIntrinsics; } // check for function calls - if (llvm::isa(I) || llvm::isa(I)) { + if (const auto *CallSite = llvm::dyn_cast(&I)) { ++Stats.CallSites; - const llvm::CallBase *CallSite = llvm::cast(&I); if (CallSite->getCalledFunction()) { if (MemAllocatingFunctions.count(llvm::demangle( CallSite->getCalledFunction()->getName().str()))) { @@ -95,9 +88,12 @@ GeneralStatisticsAnalysis::run(llvm::Module &M, ++Stats.AllocationSites; // check if an instance of a user-defined type is allocated on the // heap + for (auto *User : I.users()) { if (auto *Cast = llvm::dyn_cast(User)) { - if (Cast->getDestTy() + if (Cast->getDestTy()->isPointerTy() && + !Cast->getDestTy()->isOpaquePointerTy() && + Cast->getDestTy() ->getPointerElementType() ->isStructTy()) { // finally check for ctor call diff --git a/lib/PhasarLLVM/Pointer/LLVMBasedPointsToAnalysis.cpp b/lib/PhasarLLVM/Pointer/LLVMBasedPointsToAnalysis.cpp index 17e83cf49..9b72665ce 100644 --- a/lib/PhasarLLVM/Pointer/LLVMBasedPointsToAnalysis.cpp +++ b/lib/PhasarLLVM/Pointer/LLVMBasedPointsToAnalysis.cpp @@ -218,16 +218,18 @@ void LLVMBasedPointsToAnalysis::print(llvm::raw_ostream &OS) const { // iterate over the worklist, and run the full (n^2)/2 disambiguations for (auto I1 = Pointers.begin(), E = Pointers.end(); I1 != E; ++I1) { auto I1Size = llvm::LocationSize::beforeOrAfterPointer(); - llvm::Type *I1ElTy = - llvm::cast((*I1)->getType())->getElementType(); - if (I1ElTy->isSized()) { + llvm::Type *I1ElTy = !(*I1)->getType()->isOpaquePointerTy() + ? (*I1)->getType()->getPointerElementType() + : nullptr; + if (!I1ElTy && I1ElTy->isSized()) { I1Size = llvm::LocationSize::precise(DL.getTypeStoreSize(I1ElTy)); } for (auto I2 = Pointers.begin(); I2 != I1; ++I2) { auto I2Size = llvm::LocationSize::beforeOrAfterPointer(); - llvm::Type *I2ElTy = - llvm::cast((*I2)->getType())->getElementType(); - if (I2ElTy->isSized()) { + llvm::Type *I2ElTy = !(*I2)->getType()->isOpaquePointerTy() + ? (*I2)->getType()->getPointerElementType() + : nullptr; + if (I2ElTy && I2ElTy->isSized()) { I2Size = llvm::LocationSize::precise(DL.getTypeStoreSize(I2ElTy)); } llvm::AliasResult AR = AA->alias(*I1, I1Size, *I2, I2Size); @@ -306,9 +308,10 @@ void LLVMBasedPointsToAnalysis::print(llvm::raw_ostream &OS) const { for (const llvm::CallBase *Call : Calls) { for (const auto *Pointer : Pointers) { auto Size = llvm::LocationSize::beforeOrAfterPointer(); - llvm::Type *ElTy = - llvm::cast(Pointer->getType())->getElementType(); - if (ElTy->isSized()) { + llvm::Type *ElTy = !Pointer->getType()->isOpaquePointerTy() + ? Pointer->getType()->getPointerElementType() + : nullptr; + if (ElTy && ElTy->isSized()) { Size = llvm::LocationSize::precise(DL.getTypeStoreSize(ElTy)); } diff --git a/lib/PhasarLLVM/Pointer/LLVMPointsToGraph.cpp b/lib/PhasarLLVM/Pointer/LLVMPointsToGraph.cpp index 2be8f7a0e..0437dfd70 100644 --- a/lib/PhasarLLVM/Pointer/LLVMPointsToGraph.cpp +++ b/lib/PhasarLLVM/Pointer/LLVMPointsToGraph.cpp @@ -218,15 +218,17 @@ void LLVMPointsToGraph::computePointsToGraph(llvm::Function *F) { // iterate over the worklist, and run the full (n^2)/2 disambiguations const auto MapEnd = ValueVertexMap.end(); for (auto I1 = ValueVertexMap.begin(); I1 != MapEnd; ++I1) { - llvm::Type *I1ElTy = - llvm::cast(I1->first->getType())->getElementType(); - const uint64_t I1Size = I1ElTy->isSized() + llvm::Type *I1ElTy = !I1->first->getType()->isOpaquePointerTy() + ? I1->first->getType()->getPointerElementType() + : nullptr; + const uint64_t I1Size = I1ElTy && I1ElTy->isSized() ? DL.getTypeStoreSize(I1ElTy) : llvm::MemoryLocation::UnknownSize; for (auto I2 = std::next(I1); I2 != MapEnd; ++I2) { - llvm::Type *I2ElTy = - llvm::cast(I2->first->getType())->getElementType(); - const uint64_t I2Size = I2ElTy->isSized() + llvm::Type *I2ElTy = !I2->first->getType()->isOpaquePointerTy() + ? I2->first->getType()->getPointerElementType() + : nullptr; + const uint64_t I2Size = I2ElTy && I2ElTy->isSized() ? DL.getTypeStoreSize(I2ElTy) : llvm::MemoryLocation::UnknownSize; switch (AA.alias(I1->first, I1Size, I2->first, I2Size)) { diff --git a/lib/PhasarLLVM/Pointer/LLVMPointsToSet.cpp b/lib/PhasarLLVM/Pointer/LLVMPointsToSet.cpp index 626a8d515..c15e39f33 100644 --- a/lib/PhasarLLVM/Pointer/LLVMPointsToSet.cpp +++ b/lib/PhasarLLVM/Pointer/LLVMPointsToSet.cpp @@ -306,14 +306,19 @@ static bool mayAlias(llvm::AAResults &AA, const llvm::DataLayout &DL, assert(V->getType()->isPointerTy()); assert(Rep->getType()->isPointerTy()); - auto VSize = V->getType()->getPointerElementType()->isSized() - ? DL.getTypeStoreSize(V->getType()->getPointerElementType()) - : llvm::MemoryLocation::UnknownSize; - - auto RepSize = - Rep->getType()->getPointerElementType()->isSized() - ? DL.getTypeStoreSize(Rep->getType()->getPointerElementType()) - : llvm::MemoryLocation::UnknownSize; + auto *ElTy = !V->getType()->isOpaquePointerTy() + ? V->getType()->getPointerElementType() + : nullptr; + auto *RepElTy = !Rep->getType()->isOpaquePointerTy() + ? Rep->getType()->getPointerElementType() + : nullptr; + + auto VSize = ElTy && ElTy->isSized() ? DL.getTypeStoreSize(ElTy) + : llvm::MemoryLocation::UnknownSize; + + auto RepSize = RepElTy && RepElTy->isSized() + ? DL.getTypeStoreSize(RepElTy) + : llvm::MemoryLocation::UnknownSize; if (AA.alias(V, VSize, Rep, RepSize) != llvm::AliasResult::NoAlias) { return true; diff --git a/lib/PhasarLLVM/TaintConfig/TaintConfig.cpp b/lib/PhasarLLVM/TaintConfig/TaintConfig.cpp index 81d643df4..ec37ba8d4 100644 --- a/lib/PhasarLLVM/TaintConfig/TaintConfig.cpp +++ b/lib/PhasarLLVM/TaintConfig/TaintConfig.cpp @@ -243,8 +243,8 @@ TaintConfig::TaintConfig(const psr::ProjectIRDB &Code, // NOLINT } else if (!StructConfigMap.empty()) { // Ignorning line numbers for getElementPtr instructions if (const auto *Gep = llvm::dyn_cast(&I)) { - const auto *StType = llvm::dyn_cast( - Gep->getPointerOperandType()->getPointerElementType()); + const auto *StType = + llvm::dyn_cast(Gep->getSourceElementType()); if (StType && StructConfigMap.count(StType)) { const auto VarDesc = StructConfigMap.at(StType); auto VarName = VarDesc["name"].get(); diff --git a/lib/PhasarLLVM/Utils/LLVMShorthands.cpp b/lib/PhasarLLVM/Utils/LLVMShorthands.cpp index 048de6578..86ce1ecb6 100644 --- a/lib/PhasarLLVM/Utils/LLVMShorthands.cpp +++ b/lib/PhasarLLVM/Utils/LLVMShorthands.cpp @@ -52,14 +52,6 @@ namespace psr { const set HeapAllocationFunctions = {"_Znwm", "_Znam", "malloc", "calloc", "realloc"}; -bool isFunctionPointer(const llvm::Value *V) noexcept { - if (V) { - return V->getType()->isPointerTy() && - V->getType()->getPointerElementType()->isFunctionTy(); - } - return false; -} - bool isAllocaInstOrHeapAllocaFunction(const llvm::Value *V) noexcept { if (V) { if (llvm::isa(V)) { @@ -89,7 +81,8 @@ bool isTypeMatchForFunctionArgument(llvm::Type *Actual, llvm::Type *Formal) { // For PointerType delegate into its element type if (llvm::isa(Actual)) { // If formal argument is void *, we can pass anything. - if (Formal->getPointerElementType()->isIntegerTy(8)) { + if (Actual->isOpaquePointerTy() || Formal->isOpaquePointerTy() || + Formal->getPointerElementType()->isIntegerTy(8)) { return true; } return isTypeMatchForFunctionArgument(Actual->getPointerElementType(), diff --git a/lib/Utils/Utilities.cpp b/lib/Utils/Utilities.cpp index b6be7d113..27dd1c6d4 100644 --- a/lib/Utils/Utilities.cpp +++ b/lib/Utils/Utilities.cpp @@ -71,7 +71,10 @@ bool isConstructor(const string &MangledName) { const llvm::Type *stripPointer(const llvm::Type *Pointer) { const auto *Next = llvm::dyn_cast(Pointer); while (Next) { - Pointer = Next->getElementType(); + assert(!Next->isOpaquePointerTy() && + "Don't call stripPointer, when analyzing IR that uses opaque " + "pointers!"); + Pointer = Next->getNonOpaquePointerElementType(); Next = llvm::dyn_cast(Pointer); } From 6dee13f8ab4c4c3c825b35f32a4e990e30b2d954 Mon Sep 17 00:00:00 2001 From: Fabian Schiebel Date: Mon, 20 Feb 2023 12:59:54 +0100 Subject: [PATCH 2/5] Remove IfdsFieldSensTaintAnalysis --- .../phasar/Controller/AnalysisController.h | 1 - .../BranchSwitchInstFlowFunction.h | 25 - .../FlowFunctions/CallToRetFlowFunction.h | 24 - .../FlowFunctions/CheckOperandsFlowFunction.h | 24 - .../FlowFunctions/FlowFunctionBase.h | 34 - .../FlowFunctions/GEPInstFlowFunction.h | 24 - .../FlowFunctions/GenerateFlowFunction.h | 24 - .../FlowFunctions/IdentityFlowFunction.h | 24 - .../FlowFunctions/MapTaintedValuesToCallee.h | 38 - .../FlowFunctions/MapTaintedValuesToCaller.h | 36 - .../FlowFunctions/MemSetInstFlowFunction.h | 24 - .../MemTransferInstFlowFunction.h | 24 - .../FlowFunctions/PHINodeFlowFunction.h | 24 - .../FlowFunctions/ReturnInstFlowFunction.h | 24 - .../FlowFunctions/StoreInstFlowFunction.h | 24 - .../FlowFunctions/VAEndInstFlowFunction.h | 24 - .../FlowFunctions/VAStartInstFlowFunction.h | 24 - .../Stats/LcovRetValWriter.h | 23 - .../Stats/LcovWriter.h | 23 - .../Stats/LineNumberEntry.h | 33 - .../Stats/LineNumberWriter.h | 23 - .../Stats/TraceStats.h | 44 - .../Stats/TraceStatsWriter.h | 35 - .../Utils/DataFlowUtils.h | 102 -- .../Utils/ExtendedValue.h | 201 --- .../IFDSFieldSensTaintAnalysis/Utils/Log.h | 25 - .../Problems/IFDSFieldSensTaintAnalysis.h | 125 -- .../PhasarLLVM/Utils/DataFlowAnalysisType.def | 1 - lib/Controller/AnalysisController.cpp | 8 +- .../AnalysisControllerXIFDSFieldSensTaint.cpp | 20 - .../BranchSwitchInstFlowFunction.cpp | 62 - .../FlowFunctions/CallToRetFlowFunction.cpp | 45 - .../CheckOperandsFlowFunction.cpp | 30 - .../FlowFunctions/FlowFunctionBase.cpp | 91 -- .../FlowFunctions/GEPInstFlowFunction.cpp | 51 - .../FlowFunctions/GenerateFlowFunction.cpp | 20 - .../FlowFunctions/IdentityFlowFunction.cpp | 14 - .../MapTaintedValuesToCallee.cpp | 122 -- .../MapTaintedValuesToCaller.cpp | 102 -- .../FlowFunctions/MemSetInstFlowFunction.cpp | 30 - .../MemTransferInstFlowFunction.cpp | 94 -- .../FlowFunctions/PHINodeFlowFunction.cpp | 34 - .../FlowFunctions/ReturnInstFlowFunction.cpp | 35 - .../FlowFunctions/StoreInstFlowFunction.cpp | 179 --- .../FlowFunctions/VAEndInstFlowFunction.cpp | 48 - .../FlowFunctions/VAStartInstFlowFunction.cpp | 52 - .../Stats/LcovRetValWriter.cpp | 83 -- .../Stats/LcovWriter.cpp | 42 - .../Stats/LineNumberWriter.cpp | 28 - .../Stats/TraceStats.cpp | 120 -- .../Utils/DataFlowUtils.cpp | 1129 ----------------- .../Problems/IFDSFieldSensTaintAnalysis.cpp | 261 ---- 52 files changed, 2 insertions(+), 3755 deletions(-) delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberEntry.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStatsWriter.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h delete mode 100644 include/phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.h delete mode 100644 lib/Controller/AnalysisControllerXIFDSFieldSensTaint.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.cpp delete mode 100644 lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.cpp diff --git a/include/phasar/Controller/AnalysisController.h b/include/phasar/Controller/AnalysisController.h index 5ded47b64..7dc02d33e 100644 --- a/include/phasar/Controller/AnalysisController.h +++ b/include/phasar/Controller/AnalysisController.h @@ -71,7 +71,6 @@ class AnalysisController { void executeIFDSTaint(); void executeIFDSType(); void executeIFDSSolverTest(); - void executeIFDSFieldSensTaint(); void executeIDEXTaint(); void executeIDEOpenSSLTS(); void executeIDECSTDIOTS(); diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.h deleted file mode 100644 index 75129176f..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.h +++ /dev/null @@ -1,25 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_BRANCHSWITCHINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_BRANCHSWITCHINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class BranchSwitchInstFlowFunction : public FlowFunctionBase { -public: - BranchSwitchInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TStats, - const ExtendedValue &ZeroValue) - : FlowFunctionBase(CurrentInst, TStats, ZeroValue) {} - ~BranchSwitchInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.h deleted file mode 100644 index efa2f22b9..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_CALLTORETFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_CALLTORETFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class CallToRetFlowFunction : public FlowFunctionBase { -public: - CallToRetFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TStats, const ExtendedValue &ZeroValue) - : FlowFunctionBase(CurrentInst, TStats, ZeroValue) {} - ~CallToRetFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.h deleted file mode 100644 index 2a9f2f5bf..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_CHECKOPERANDSFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_CHECKOPERANDSFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class CheckOperandsFlowFunction : public FlowFunctionBase { -public: - CheckOperandsFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TStats, const ExtendedValue &ZeroValue) - : FlowFunctionBase(CurrentInst, TStats, ZeroValue) {} - ~CheckOperandsFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h deleted file mode 100644 index 0117e364b..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h +++ /dev/null @@ -1,34 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_FLOWFUNCTIONBASE_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_FLOWFUNCTIONBASE_H - -#include "phasar/DataFlow/IfdsIde/FlowFunctions.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde//IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h" - -#include "llvm/IR/Instruction.h" - -namespace psr { - -class FlowFunctionBase : public FlowFunction { -public: - FlowFunctionBase(const llvm::Instruction *CurrentInst, TraceStats &TStats, - const ExtendedValue &ZeroValue) - : CurrentInst(CurrentInst), TStats(TStats), ZeroValue(ZeroValue) {} - ~FlowFunctionBase() override = default; - - std::set computeTargets(ExtendedValue Fact) override; - virtual std::set computeTargetsExt(ExtendedValue &Fact) = 0; - -protected: - const llvm::Instruction *CurrentInst; - TraceStats &TStats; - ExtendedValue ZeroValue; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.h deleted file mode 100644 index 4ebf27b65..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_GEPINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_GEPINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class GEPInstFlowFunction : public FlowFunctionBase { -public: - GEPInstFlowFunction(const llvm::Instruction *CurrentInst, TraceStats &TStats, - const ExtendedValue &ZeroValue) - : FlowFunctionBase(CurrentInst, TStats, ZeroValue) {} - ~GEPInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.h deleted file mode 100644 index 969e7dd73..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_GENERATEFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_GENERATEFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class GenerateFlowFunction : public FlowFunctionBase { -public: - GenerateFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~GenerateFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.h deleted file mode 100644 index 0aa541206..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_IDENTITYFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_IDENTITYFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class IdentityFlowFunction : public FlowFunctionBase { -public: - IdentityFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~IdentityFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.h deleted file mode 100644 index fcca65bf6..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.h +++ /dev/null @@ -1,38 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MAPTAINTEDVALUESTOCALLEE_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MAPTAINTEDVALUESTOCALLEE_H - -#include "phasar/DataFlow/IfdsIde/FlowFunctions.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde//IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMZeroValue.h" - -#include "llvm/IR/AbstractCallSite.h" -#include "llvm/IR/Instruction.h" - -namespace psr { - -class MapTaintedValuesToCallee : public FlowFunction { -public: - MapTaintedValuesToCallee(const llvm::CallInst *CallInst, - const llvm::Function *DestFun, TraceStats &TStats, - const ExtendedValue &ZeroValue) - : CallInst(CallInst), DestFun(DestFun), TStats(TStats), - ZeroValue(ZeroValue) {} - ~MapTaintedValuesToCallee() override = default; - - std::set computeTargets(ExtendedValue Fact) override; - -private: - const llvm::CallInst *CallInst; - const llvm::Function *DestFun; - TraceStats &TStats; - ExtendedValue ZeroValue; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.h deleted file mode 100644 index 57477a0ad..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.h +++ /dev/null @@ -1,36 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MAPTAINTEDVALUESTOCALLER_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MAPTAINTEDVALUESTOCALLER_H - -#include "phasar/DataFlow/IfdsIde/FlowFunctions.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde//IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMZeroValue.h" - -#include "llvm/IR/Instructions.h" - -namespace psr { - -class MapTaintedValuesToCaller : public FlowFunction { -public: - MapTaintedValuesToCaller(const llvm::CallInst *CallInst, - const llvm::ReturnInst *RetInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : CallInst(CallInst), RetInst(RetInst), TraceStats(TraceStats), ZV(ZV) {} - ~MapTaintedValuesToCaller() override = default; - - std::set computeTargets(ExtendedValue Fact) override; - -private: - const llvm::CallInst *CallInst; - const llvm::ReturnInst *RetInst; - TraceStats &TraceStats; - ExtendedValue ZV; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.h deleted file mode 100644 index 9c12e828b..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MEMSETINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MEMSETINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class MemSetInstFlowFunction : public FlowFunctionBase { -public: - MemSetInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~MemSetInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.h deleted file mode 100644 index 7d52a7458..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MEMTRANSFERINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_MEMTRANSFERINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class MemTransferInstFlowFunction : public FlowFunctionBase { -public: - MemTransferInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~MemTransferInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.h deleted file mode 100644 index 1aa55b8eb..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_PHINODEFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_PHINODEFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class PHINodeFlowFunction : public FlowFunctionBase { -public: - PHINodeFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~PHINodeFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.h deleted file mode 100644 index 700699152..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_RETURNINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_RETURNINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class ReturnInstFlowFunction : public FlowFunctionBase { -public: - ReturnInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~ReturnInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.h deleted file mode 100644 index c2e121de1..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_STOREINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_STOREINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class StoreInstFlowFunction : public FlowFunctionBase { -public: - StoreInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~StoreInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.h deleted file mode 100644 index 04949dae2..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_VAENDINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_VAENDINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class VAEndInstFlowFunction : public FlowFunctionBase { -public: - VAEndInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~VAEndInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.h deleted file mode 100644 index 3b7980bc5..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.h +++ /dev/null @@ -1,24 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_VASTARTINSTFLOWFUNCTION_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_FLOWFUNCTIONS_VASTARTINSTFLOWFUNCTION_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -namespace psr { - -class VAStartInstFlowFunction : public FlowFunctionBase { -public: - VAStartInstFlowFunction(const llvm::Instruction *CurrentInst, - TraceStats &TraceStats, const ExtendedValue &ZV) - : FlowFunctionBase(CurrentInst, TraceStats, ZV) {} - ~VAStartInstFlowFunction() override = default; - - std::set computeTargetsExt(ExtendedValue &Fact) override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.h deleted file mode 100644 index 0c5664800..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.h +++ /dev/null @@ -1,23 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LCOVRETVALWRITER_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LCOVRETVALWRITER_H - -#include "TraceStatsWriter.h" - -namespace psr { - -class LcovRetValWriter : public TraceStatsWriter { -public: - LcovRetValWriter(const TraceStats &TStats, const std::string &OutFile) - : TraceStatsWriter(TStats, OutFile) {} - ~LcovRetValWriter() override = default; - - void write() const override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.h deleted file mode 100644 index d7e27b295..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.h +++ /dev/null @@ -1,23 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LCOVWRITER_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LCOVWRITER_H - -#include "TraceStatsWriter.h" - -namespace psr { - -class LcovWriter : public TraceStatsWriter { -public: - LcovWriter(const TraceStats &TStats, const std::string &OutFile) - : TraceStatsWriter(TStats, OutFile) {} - ~LcovWriter() override = default; - - void write() const override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberEntry.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberEntry.h deleted file mode 100644 index 72a927b63..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberEntry.h +++ /dev/null @@ -1,33 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LINENUMBERENTRY_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LINENUMBERENTRY_H - -#include - -namespace psr { - -class LineNumberEntry { -public: - LineNumberEntry(unsigned int LineNumber) : LineNumber(LineNumber) {} - ~LineNumberEntry() = default; - - bool operator<(const LineNumberEntry &Rhs) const { - return std::less{}(LineNumber, Rhs.LineNumber); - } - - [[nodiscard]] unsigned int getLineNumber() const { return LineNumber; } - - [[nodiscard]] bool isReturnValue() const { return ReturnVal; } - void setReturnValue(bool ReturnVal) { this->ReturnVal = ReturnVal; } - -private: - unsigned int LineNumber; - bool ReturnVal = false; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.h deleted file mode 100644 index 23fe53f94..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.h +++ /dev/null @@ -1,23 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LINENUMBERWRITER_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_LINENUMBERWRITER_H - -#include "TraceStatsWriter.h" - -namespace psr { - -class LineNumberWriter : public TraceStatsWriter { -public: - LineNumberWriter(const TraceStats &TraceStats, const std::string &OutFile) - : TraceStatsWriter(TraceStats, OutFile) {} - ~LineNumberWriter() override = default; - - void write() const override; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h deleted file mode 100644 index 5ba0fcd25..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h +++ /dev/null @@ -1,44 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_TRACESTATS_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_TRACESTATS_H - -#include "llvm/IR/Instruction.h" - -#include "LineNumberEntry.h" - -#include -#include - -namespace psr { - -class TraceStats { -public: - using FileStats = - std::map>>; - using FunctionStats = std::map>; - using LineNumberStats = std::set; - - TraceStats() = default; - ~TraceStats() = default; - - long add(const llvm::Instruction *Inst, - const std::vector &MemLocationSeq = - std::vector()); - - [[nodiscard]] FileStats getStats() const { return Stats; } - -private: - long add(const llvm::Instruction *Inst, bool IsReturnValue); - - FunctionStats &getFunctionStats(const std::string &File); - LineNumberStats &getLineNumberStats(const std::string &File, - const std::string &FunctionName); - FileStats Stats; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStatsWriter.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStatsWriter.h deleted file mode 100644 index d4d5f599d..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStatsWriter.h +++ /dev/null @@ -1,35 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_TRACESTATSWRITER_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_STATS_TRACESTATSWRITER_H - -#include "../Utils/Log.h" -#include "TraceStats.h" - -#include -#include - -namespace psr { - -class TraceStatsWriter { -public: - TraceStatsWriter(const TraceStats &TraceStats, std::string OutFile) - : TrStats(TraceStats), OutFile(std::move(OutFile)) {} - virtual ~TraceStatsWriter() = default; - - virtual void write() const = 0; - -protected: - [[nodiscard]] const TraceStats &getTraceStats() const { return TrStats; } - [[nodiscard]] std::string getOutFile() const { return OutFile; } - -private: - const TraceStats &TrStats; - const std::string OutFile; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h deleted file mode 100644 index aaf87fd61..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h +++ /dev/null @@ -1,102 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_UTILS_DATAFLOWUTILS_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_UTILS_DATAFLOWUTILS_H - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h" - -#include "llvm/IR/Instructions.h" - -#include -#include -#include -#include - -namespace psr { - -class [[deprecated("Requires non-opaque pointers, which will no longer be " - "supported by LLVM in the next version!")]] DataFlowUtils { -public: - DataFlowUtils() = delete; - - static bool isValueTainted(const llvm::Value *CurrentInst, - const ExtendedValue &Fact); - - static bool isMemoryLocationTainted(const llvm::Value *MemLocationMatr, - const ExtendedValue &Fact); - - static std::vector getMemoryLocationSeqFromMatr( - const llvm::Value *MemLocationMatr); - static std::vector getMemoryLocationSeqFromFact( - const ExtendedValue &MemLocationFact); - static std::vector getVaListMemoryLocationSeqFromFact( - const ExtendedValue &VaListFact); - - static bool isMemoryLocationSeqsEqual( - const std::vector &MemLocationSeq1, - const std::vector &MemLocationSeq2); - - static bool isSubsetMemoryLocationSeq( - const std::vector &MemLocationSeqInst, - const std::vector &MemLocationSeqFact); - static std::vector getRelocatableMemoryLocationSeq( - const std::vector &TaintedMemLocationSeq, - const std::vector &SrcMemLocationSeq); - static std::vector joinMemoryLocationSeqs( - const std::vector &MemLocationSeq1, - const std::vector &MemLocationSeq2); - - static bool isPatchableArgumentStore(const llvm::Value *SrcValue, - const ExtendedValue &Fact); - static bool isPatchableArgumentMemcpy( - const llvm::Value *SrcValue, - const std::vector &SrcMemLocationSeq, - const ExtendedValue &Fact); - static bool isPatchableVaListArgument(const llvm::Value *SrcValue, - const ExtendedValue &Fact); - static bool isPatchableReturnValue(const llvm::Value *SrcValue, - const ExtendedValue &Fact); - static std::vector patchMemoryLocationFrame( - const std::vector &PatchableMemLocationSeq, - const std::vector &PatchMemLocationSeq); - - static std::vector< - std::tuple, - const llvm::Value *>> - getSanitizedArgList(const llvm::CallInst *CallInst, - const llvm::Function *DestFun, - const llvm::Value *ZeroValue); - - static const llvm::BasicBlock *getEndOfTaintedBlock( - const llvm::BasicBlock *StartBasicBlock); - static bool removeTaintedBlockInst(const ExtendedValue &Fact, - const llvm::Instruction *CurrentInst); - static bool isAutoGENInTaintedBlock(const llvm::Instruction *CurrentInst); - - static bool isMemoryLocationFact(const ExtendedValue &Ev); - static bool isKillAfterStoreFact(const ExtendedValue &Ev); - static bool isCheckOperandsInst(const llvm::Instruction *CurrentInst); - static bool isAutoIdentity(const llvm::Instruction *CurrentInst, - const ExtendedValue &Fact); - static bool isVarArgParam(const llvm::Value *Param, - const llvm::Value *ZeroValue); - static bool isVaListType(const llvm::Type *Type); - static bool isReturnValue(const llvm::Instruction *CurrentInst, - const llvm::Instruction *SuccessorInst); - static bool isArrayDecay(const llvm::Value *MemLocationMatr); - static bool isGlobalMemoryLocationSeq( - const std::vector &MemLocationSeq); - - static void dumpFact(const ExtendedValue &Ev); - - static std::set getTaintedFunctions(); - static std::set getBlacklistedFunctions(); - - static std::string getTraceFilenamePrefix(const std::string &EntryPoint); -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h deleted file mode 100644 index 45139ba97..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h +++ /dev/null @@ -1,201 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DOMAIN_EXTENDEDVALUE_H -#define PHASAR_PHASARLLVM_DOMAIN_EXTENDEDVALUE_H - -#include -#include -#include -#include - -namespace llvm { - -class Value; -} // namespace llvm - -namespace psr { - -class ExtendedValue { -public: - ExtendedValue() = default; - explicit ExtendedValue(const llvm::Value *Val) : Val(Val) { - assert(Val && "ExtendedValue requires an llvm::Value* object"); - } - ~ExtendedValue() = default; - - bool operator==(const ExtendedValue &Rhs) const { - bool IsValueEqual = Val == Rhs.Val; - if (!IsValueEqual) { - return false; - } - - bool IsMemLocationSeqEqual = MemLocationSeq == Rhs.MemLocationSeq; - if (!IsMemLocationSeqEqual) { - return false; - } - - bool IsEndOfTaintedBlockLabelEqual = - EndOfTaintedBlockLabel == Rhs.EndOfTaintedBlockLabel; - if (!IsEndOfTaintedBlockLabelEqual) { - return false; - } - - bool IsVaListMemLocationSeqEqual = - VaListMemLocationSeq == Rhs.VaListMemLocationSeq; - if (!IsVaListMemLocationSeqEqual) { - return false; - } - - bool IsVarArgIndexEqual = VarArgIndex == Rhs.VarArgIndex; - if (!IsVarArgIndexEqual) { - return false; - } - - bool IsCurrentVarArgIndexEqual = - CurrentVarArgIndex == Rhs.CurrentVarArgIndex; - if (!IsCurrentVarArgIndexEqual) { - return false; - } - - return true; - } - - bool operator<(const ExtendedValue &Rhs) const { - if (std::less{}(Val, Rhs.Val)) { - return true; - } - if (std::less{}(Rhs.Val, Val)) { - return false; - } - - if (MemLocationSeq < Rhs.MemLocationSeq) { - return true; - } - if (Rhs.MemLocationSeq < MemLocationSeq) { - return false; - } - - if (std::less{}(EndOfTaintedBlockLabel, - Rhs.EndOfTaintedBlockLabel)) { - return true; - } - if (std::less{}(Rhs.EndOfTaintedBlockLabel, - EndOfTaintedBlockLabel)) { - return false; - } - - if (VaListMemLocationSeq < Rhs.VaListMemLocationSeq) { - return true; - } - if (Rhs.VaListMemLocationSeq < VaListMemLocationSeq) { - return false; - } - - if (std::less{}(VarArgIndex, Rhs.VarArgIndex)) { - return true; - } - if (std::less{}(Rhs.VarArgIndex, VarArgIndex)) { - return false; - } - - return std::less{}(CurrentVarArgIndex, Rhs.CurrentVarArgIndex); - } - - [[nodiscard]] const llvm::Value *getValue() const { return Val; } - - [[nodiscard]] std::vector getMemLocationSeq() const { - return MemLocationSeq; - } - void - setMemLocationSeq(const std::vector &MemLocationSeq) { - this->MemLocationSeq = MemLocationSeq; - } - - [[nodiscard]] std::string getEndOfTaintedBlockLabel() const { - return EndOfTaintedBlockLabel; - } - void setEndOfTaintedBlockLabel(const std::string &EndOfTaintedBlockLabel) { - this->EndOfTaintedBlockLabel = EndOfTaintedBlockLabel; - } - - [[nodiscard]] std::vector - getVaListMemLocationSeq() const { - return VaListMemLocationSeq; - } - void setVaListMemLocationSeq( - const std::vector &VaListMemLocationSeq) { - this->VaListMemLocationSeq = VaListMemLocationSeq; - } - - [[nodiscard]] long getVarArgIndex() const { return VarArgIndex; } - void setVarArgIndex(long VarArgIndex) { this->VarArgIndex = VarArgIndex; } - - void resetVarArgIndex() { - if (!isVarArgTemplate()) { - VarArgIndex = -1L; - } - } - - [[nodiscard]] long getCurrentVarArgIndex() const { - return CurrentVarArgIndex; - } - void incrementCurrentVarArgIndex() { - if (!isVarArgTemplate()) { - ++CurrentVarArgIndex; - } - } - - [[nodiscard]] bool isVarArg() const { return VarArgIndex > -1L; } - [[nodiscard]] bool isVarArgTemplate() const { - return VaListMemLocationSeq.empty() && isVarArg(); - } - -private: - const llvm::Value *Val = nullptr; - std::vector MemLocationSeq; - std::string EndOfTaintedBlockLabel; - - std::vector VaListMemLocationSeq; - long VarArgIndex = -1L; - long CurrentVarArgIndex = -1L; -}; - -} // namespace psr - -namespace std { - -template <> struct hash { - std::size_t operator()(const psr::ExtendedValue &Ev) const { - std::size_t Seed = 0x4711; - - Seed ^= hash{}(Ev.getValue()) + 0x9e3779b9 + - (Seed << 6) + (Seed >> 2); - - for (const auto &MemLocationPart : Ev.getMemLocationSeq()) { - Seed ^= hash{}(MemLocationPart) + 0x9e3779b9 + - (Seed << 6) + (Seed >> 2); - } - - Seed ^= hash{}(Ev.getEndOfTaintedBlockLabel()) + 0x9e3779b9 + - (Seed << 6) + (Seed >> 2); - - for (const auto &VaListMemLocationPart : Ev.getVaListMemLocationSeq()) { - Seed ^= hash{}(VaListMemLocationPart) + 0x9e3779b9 + - (Seed << 6) + (Seed >> 2); - } - - Seed ^= hash{}(Ev.getVarArgIndex()) + 0x9e3779b9 + (Seed << 6) + - (Seed >> 2); - - Seed ^= hash{}(Ev.getCurrentVarArgIndex()) + 0x9e3779b9 + - (Seed << 6) + (Seed >> 2); - - return Seed; - } -}; - -} // namespace std - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h deleted file mode 100644 index 24ab01522..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h +++ /dev/null @@ -1,25 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_UTILS_LOG_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_IFDSFIELDSENSTAINTANALYSIS_UTILS_LOG_H - -#include "llvm/Support/raw_ostream.h" - -#define LOG_INFO(x) \ - do { \ - llvm::outs() << "[ENV_TRACE] " << x << "\n"; /*NOLINT*/ \ - \ - llvm::outs().flush(); \ - } while (0) - -#ifdef DEBUG_BUILD -#define LOG_DEBUG(x) LOG_INFO(x) -#else -#define LOG_DEBUG(x) \ - do { \ - } while (0) -#endif - -#endif diff --git a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.h b/include/phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.h deleted file mode 100644 index d64c3993f..000000000 --- a/include/phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.h +++ /dev/null @@ -1,125 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#ifndef PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_PROBLEMS_IFDSFIELDSENSTAINTANALYSIS_H -#define PHASAR_PHASARLLVM_DATAFLOWSOLVER_IFDSIDE_PROBLEMS_IFDSFIELDSENSTAINTANALYSIS_H - -#include "phasar/DataFlow/IfdsIde/IFDSTabulationProblem.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde//IFDSFieldSensTaintAnalysis/Utils/ExtendedValue.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMZeroValue.h" -#include "phasar/PhasarLLVM/Domain/LLVMAnalysisDomain.h" -#include "phasar/PhasarLLVM/TaintConfig/LLVMTaintConfig.h" -#include "phasar/PhasarLLVM/Utils/LLVMShorthands.h" - -#include "llvm/IR/Function.h" -#include "llvm/IR/Instruction.h" -#include "llvm/IR/Value.h" - -#include -#include -#include -#include - -namespace llvm { -class Value; -class Function; -class StructType; -} // namespace llvm - -namespace psr { - -struct IFDSFieldSensTaintAnalysisDomain : public LLVMIFDSAnalysisDomainDefault { - using d_t = ExtendedValue; -}; - -class IFDSFieldSensTaintAnalysis - : public IFDSTabulationProblem { -public: - using ConfigurationTy = LLVMTaintConfig; - - IFDSFieldSensTaintAnalysis(const LLVMProjectIRDB *IRDB, - const LLVMTaintConfig *TaintConfig, - std::vector EntryPoints = {"main"}); - - ~IFDSFieldSensTaintAnalysis() override = default; - - FlowFunctionPtrType - getNormalFlowFunction(const llvm::Instruction *Curr, - const llvm::Instruction *Succ) override; - - FlowFunctionPtrType - getCallFlowFunction(const llvm::Instruction *CallSite, - const llvm::Function *DestFun) override; - - FlowFunctionPtrType - getRetFlowFunction(const llvm::Instruction *CallSite, - const llvm::Function *CalleeFun, - const llvm::Instruction *ExitStmt, - const llvm::Instruction *RetSite) override; - - FlowFunctionPtrType - getCallToRetFlowFunction(const llvm::Instruction *CallSite, - const llvm::Instruction *RetSite, - llvm::ArrayRef Callees) override; - - FlowFunctionPtrType - getSummaryFlowFunction(const llvm::Instruction *CallSite, - const llvm::Function *DestFun) override; - - InitialSeeds - initialSeeds() override; - - void - emitTextReport(const SolverResults &SolverResults, - llvm::raw_ostream &OS = llvm::outs()) override; - - [[nodiscard]] ExtendedValue createZeroValue() const { - // create a special value to represent the zero value! - return ExtendedValue(LLVMZeroValue::getInstance()); - } - - [[nodiscard]] bool isZeroValue(ExtendedValue EV) const override { - return LLVMZeroValue::isLLVMZeroValue(EV.getValue()); - } - - void printNode(llvm::raw_ostream &OS, - const llvm::Instruction *Stmt) const override { - OS << llvmIRToString(Stmt); - } - - void printDataFlowFact(llvm::raw_ostream &OS, - ExtendedValue EV) const override { - OS << llvmIRToString(EV.getValue()) << "\n"; - for (const auto *MemLocationPart : EV.getMemLocationSeq()) { - OS << "A:\t" << llvmIRToString(MemLocationPart) << "\n"; - } - if (!EV.getEndOfTaintedBlockLabel().empty()) { - OS << "L:\t" << EV.getEndOfTaintedBlockLabel() << "\n"; - } - if (EV.isVarArg()) { - OS << "VT:\t" << EV.isVarArgTemplate() << "\n"; - for (const auto *VAListMemLocationPart : EV.getVaListMemLocationSeq()) { - OS << "VLA:\t" << llvmIRToString(VAListMemLocationPart) << "\n"; - } - OS << "VI:\t" << EV.getVarArgIndex() << "\n"; - OS << "CI:\t" << EV.getCurrentVarArgIndex() << "\n"; - } - } - - void printFunction(llvm::raw_ostream &OS, - const llvm::Function *Func) const override { - OS << Func->getName(); - } - -private: - const LLVMTaintConfig *Config{}; - - TraceStats Stats{}; -}; - -} // namespace psr - -#endif diff --git a/include/phasar/PhasarLLVM/Utils/DataFlowAnalysisType.def b/include/phasar/PhasarLLVM/Utils/DataFlowAnalysisType.def index 5d9b001e2..08cf9e9e0 100644 --- a/include/phasar/PhasarLLVM/Utils/DataFlowAnalysisType.def +++ b/include/phasar/PhasarLLVM/Utils/DataFlowAnalysisType.def @@ -19,7 +19,6 @@ DATA_FLOW_ANALYSIS_TYPES(IFDSTypeAnalysis, "ifds-type", "Simple type analysis") DATA_FLOW_ANALYSIS_TYPES(IDECSTDIOTypeStateAnalysis, "ide-stdio-ts", "Find invalid usages of the libc file-io") DATA_FLOW_ANALYSIS_TYPES(IDEOpenSSLTypeStateAnalysis, "ide-openssl-ts", "Find invalid usages of a subset of the OpenSSL EVP library") DATA_FLOW_ANALYSIS_TYPES(IFDSSolverTest, "ifds-solvertest", "Empty analysis. Just to see that the IFDS solver works") -DATA_FLOW_ANALYSIS_TYPES(IFDSFieldSensTaintAnalysis, "ifds-fstaint", "Specialized taint analysis for tracing environment variables.") DATA_FLOW_ANALYSIS_TYPES(IDELinearConstantAnalysis, "ide-lca", "Simple linear constant propagation") DATA_FLOW_ANALYSIS_TYPES(IDESolverTest, "ide-solvertest", "Empty analysis. Just to see that the IDE solver works") DATA_FLOW_ANALYSIS_TYPES(IDEInstInteractionAnalysis, "ide-iia", "Which instruction has influence on which other instructions?") diff --git a/lib/Controller/AnalysisController.cpp b/lib/Controller/AnalysisController.cpp index 5e9d1413d..f6a781e12 100644 --- a/lib/Controller/AnalysisController.cpp +++ b/lib/Controller/AnalysisController.cpp @@ -105,9 +105,6 @@ void AnalysisController::executeWholeProgram() { case DataFlowAnalysisType::IFDSSolverTest: executeIFDSSolverTest(); continue; - case DataFlowAnalysisType::IFDSFieldSensTaintAnalysis: - executeIFDSFieldSensTaint(); - continue; case DataFlowAnalysisType::IDELinearConstantAnalysis: executeIDELinearConst(); continue; @@ -130,10 +127,9 @@ void AnalysisController::executeWholeProgram() { executeInterMonoTaint(); continue; } - - llvm_unreachable("All possible DataFlowAnalysisType variants should be " - "handled in the switch above!"); } + llvm_unreachable("All possible DataFlowAnalysisType variants should be " + "handled in the switch above!"); } void AnalysisController::emitRequestedHelperAnalysisResults() { diff --git a/lib/Controller/AnalysisControllerXIFDSFieldSensTaint.cpp b/lib/Controller/AnalysisControllerXIFDSFieldSensTaint.cpp deleted file mode 100644 index 0042d9400..000000000 --- a/lib/Controller/AnalysisControllerXIFDSFieldSensTaint.cpp +++ /dev/null @@ -1,20 +0,0 @@ -/****************************************************************************** - * Copyright (c) 2022 Martin Mory. - * All rights reserved. This program and the accompanying materials are made - * available under the terms of LICENSE.txt. - * - * Contributors: - * Martin Mory and others - *****************************************************************************/ - -#include "phasar/Controller/AnalysisController.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.h" - -namespace psr { - -void AnalysisController::executeIFDSFieldSensTaint() { - auto Config = makeTaintConfig(); - executeIFDSAnalysis(&Config, EntryPoints); -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.cpp deleted file mode 100644 index fa57a4022..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include "llvm/IR/Instructions.h" - -namespace psr { - -std::set -BranchSwitchInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const llvm::Value *Condition = nullptr; - - if (const auto *const BranchInst = - llvm::dyn_cast(CurrentInst)) { - bool IsConditional = BranchInst->isConditional(); - - if (IsConditional) { - Condition = BranchInst->getCondition(); - } - } else if (const auto *const SwitchInst = - llvm::dyn_cast(CurrentInst)) { - Condition = SwitchInst->getCondition(); - } else { - assert(false && "This MUST not happen"); - } - - if (Condition) { - bool IsConditionTainted = - DataFlowUtils::isValueTainted(Condition, Fact) || - DataFlowUtils::isMemoryLocationTainted(Condition, Fact); - - if (IsConditionTainted) { - const auto *const StartBasicBlock = CurrentInst->getParent(); - const auto StartBasicBlockLabel = StartBasicBlock->getName(); - - LOG_DEBUG("Searching end of block label for: " << StartBasicBlockLabel); - - const auto *const EndBasicBlock = - DataFlowUtils::getEndOfTaintedBlock(StartBasicBlock); - const auto EndBasicBlockLabel = - EndBasicBlock ? EndBasicBlock->getName().str() : ""; - - LOG_DEBUG("End of block label: " << EndBasicBlockLabel); - - ExtendedValue EV(CurrentInst); - EV.setEndOfTaintedBlockLabel(EndBasicBlockLabel); - - TStats.add(CurrentInst); - - return {Fact, EV}; - } - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.cpp deleted file mode 100644 index 3cb8e05bb..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "llvm/IR/IntrinsicInst.h" - -namespace psr { - -std::set -CallToRetFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - /* - * Kill every global and expect the callee to return all valid ones. - */ - bool IsGlobalMemLocationFact = DataFlowUtils::isGlobalMemoryLocationSeq( - DataFlowUtils::getMemoryLocationSeqFromFact(Fact)); - if (IsGlobalMemLocationFact) { - return {}; - } - - /* - * For functions that kill facts and are handled in getSummaryFlowFunction() - * we kill all facts here and just use what they have returned. This is - * important e.g. if memset removes a store fact then it is not readded here - * e.g. through identity function. - * - * Need to keep the list in sync with "killing" functions in - * getSummaryFlowFunction()! - */ - bool IsHandledInSummaryFlowFunction = - llvm::isa(CurrentInst) || - llvm::isa(CurrentInst) || - llvm::isa(CurrentInst); - - if (IsHandledInSummaryFlowFunction) { - return {}; - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.cpp deleted file mode 100644 index 1fea56423..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.cpp +++ /dev/null @@ -1,30 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -namespace psr { - -std::set -CheckOperandsFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - for (const auto &Use : CurrentInst->operands()) { - const auto &Operand = Use.get(); - - bool IsOperandTainted = - DataFlowUtils::isValueTainted(Operand, Fact) || - DataFlowUtils::isMemoryLocationTainted(Operand, Fact); - - if (IsOperandTainted) { - TStats.add(CurrentInst); - - return {Fact, ExtendedValue(CurrentInst)}; - } - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.cpp deleted file mode 100644 index ef95a157a..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.cpp +++ /dev/null @@ -1,91 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/FlowFunctionBase.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "llvm/IR/IntrinsicInst.h" - -namespace psr { - -std::set FlowFunctionBase::computeTargets(ExtendedValue Fact) { - bool IsAutoIdentity = DataFlowUtils::isAutoIdentity(CurrentInst, Fact); - if (IsAutoIdentity) { - return {Fact}; - } - - bool IsBranchOrSwitchFact = llvm::isa(Fact.getValue()) || - llvm::isa(Fact.getValue()); - - if (IsBranchOrSwitchFact) { - bool RemoveTaintedBlockInst = - DataFlowUtils::removeTaintedBlockInst(Fact, CurrentInst); - if (RemoveTaintedBlockInst) { - return {}; - } - - // traceStats.add(currentInst); - - bool IsAutoGEN = DataFlowUtils::isAutoGENInTaintedBlock(CurrentInst); - if (IsAutoGEN) { - TStats.add(CurrentInst); - - return {Fact, ExtendedValue(CurrentInst)}; - } - - std::set TargetFacts; - TargetFacts.insert(Fact); - - /* - * We are only intercepting the branch fact here. All other facts will still - * be evaluated according to the flow function's logic. This means that e.g. - * every valid memory instruction (i.e. if src is tainted -> memory location - * is added) will still gen/kill/id facts. Actually those functions do not - * have any clue that they behave in a tainted block and there is no way to - * provide this knowledge due to the distributive property of IFDS. - * - * The only cases we need to consider here is the addition of store facts - * that would not be added in the regular case. In particular all cases - * where the src is not tainted and the store fact is killed. - * - * Note that there is no way to relocate memory addresses here as we are - * dealing with untainted sources. This means that if e.g. we add a struct - * then all subparts of it are considered tainted. This should be the only - * spot where such memory locations are generated. - */ - if (const auto *const StoreInst = - llvm::dyn_cast(CurrentInst)) { - const auto DstMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr( - StoreInst->getPointerOperand()); - - ExtendedValue EV(CurrentInst); - EV.setMemLocationSeq(DstMemLocationSeq); - - TargetFacts.insert(EV); - TStats.add(StoreInst, DstMemLocationSeq); - } else if (const auto *const MemTransferInst = - llvm::dyn_cast(CurrentInst)) { - const auto DstMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr( - MemTransferInst->getRawDest()); - - ExtendedValue EV(CurrentInst); - EV.setMemLocationSeq(DstMemLocationSeq); - - TargetFacts.insert(EV); - TStats.add(MemTransferInst, DstMemLocationSeq); - } else if (const auto *const RetInst = - llvm::dyn_cast(CurrentInst)) { - TStats.add(RetInst); - } - - return TargetFacts; - } - - return computeTargetsExt(Fact); -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.cpp deleted file mode 100644 index 091f23e11..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "llvm/IR/Instructions.h" - -namespace psr { - -std::set -GEPInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const auto *const GepInst = llvm::cast(CurrentInst); - const auto *const GepInstPtr = GepInst->getPointerOperand(); - - bool IsVarArgFact = Fact.isVarArg(); - if (IsVarArgFact) { - bool KillFact = GepInstPtr->getName().contains("reg_save_area"); - if (KillFact) { - return {}; - } - - bool IncrementCurrentVarArgIndex = - GepInst->getName().contains("overflow_arg_area.next"); - if (IncrementCurrentVarArgIndex) { - const auto GepVaListMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(GepInstPtr); - - bool IsVaListEqual = DataFlowUtils::isSubsetMemoryLocationSeq( - DataFlowUtils::getVaListMemoryLocationSeqFromFact(Fact), - GepVaListMemLocationSeq); - if (IsVaListEqual) { - ExtendedValue EV(Fact); - EV.incrementCurrentVarArgIndex(); - - return {EV}; - } - } - } else { - bool IsPtrTainted = DataFlowUtils::isValueTainted(GepInstPtr, Fact); - if (IsPtrTainted) { - return {Fact, ExtendedValue(GepInst)}; - } - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.cpp deleted file mode 100644 index d1ede49cf..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.cpp +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.h" - -namespace psr { - -std::set -GenerateFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - TStats.add(CurrentInst); - - if (Fact == ZeroValue) { - return {ExtendedValue(CurrentInst)}; - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.cpp deleted file mode 100644 index d05b26a6d..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.cpp +++ /dev/null @@ -1,14 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.h" - -namespace psr { - -std::set -IdentityFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.cpp deleted file mode 100644 index de90fb815..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.cpp +++ /dev/null @@ -1,122 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include -#include - -namespace psr { - -std::set -MapTaintedValuesToCallee::computeTargets(ExtendedValue Fact) { - bool IsFactVarArgTemplate = Fact.isVarArgTemplate(); - if (IsFactVarArgTemplate) { - return {}; - } - - std::set TargetGlobalFacts; - std::set TargetParamFacts; - - bool IsGlobalMemLocationFact = DataFlowUtils::isGlobalMemoryLocationSeq( - DataFlowUtils::getMemoryLocationSeqFromFact(Fact)); - if (IsGlobalMemLocationFact) { - TargetGlobalFacts.insert(Fact); - } - - long VarArgIndex = 0L; - - const auto SanitizedArgList = DataFlowUtils::getSanitizedArgList( - CallInst, DestFun, ZeroValue.getValue()); - - for (const auto &ArgParamTriple : SanitizedArgList) { - - const auto *const Arg = std::get<0>(ArgParamTriple); - const auto &ArgMemLocationSeq = std::get<1>(ArgParamTriple); - const auto *const Param = std::get<2>(ArgParamTriple); - - bool IsVarArgParam = - DataFlowUtils::isVarArgParam(Param, ZeroValue.getValue()); - bool IsVarArgFact = Fact.isVarArg(); - - bool IsArgMemLocation = !ArgMemLocationSeq.empty(); - if (IsArgMemLocation) { - - const auto FactMemLocationSeq = - IsVarArgFact ? DataFlowUtils::getVaListMemoryLocationSeqFromFact(Fact) - : DataFlowUtils::getMemoryLocationSeqFromFact(Fact); - - bool GenFact = DataFlowUtils::isSubsetMemoryLocationSeq( - ArgMemLocationSeq, FactMemLocationSeq); - if (GenFact) { - const auto RelocatableMemLocationSeq = - DataFlowUtils::getRelocatableMemoryLocationSeq(FactMemLocationSeq, - ArgMemLocationSeq); - std::vector PatchablePart{Param}; - const auto PatchableMemLocationSeq = - DataFlowUtils::joinMemoryLocationSeqs(PatchablePart, - RelocatableMemLocationSeq); - - ExtendedValue EV(Fact); - if (IsVarArgFact) { - EV.setVaListMemLocationSeq(PatchableMemLocationSeq); - } else { - EV.setMemLocationSeq(PatchableMemLocationSeq); - } - - if (IsVarArgParam) { - EV.setVarArgIndex(VarArgIndex); - } - - TargetParamFacts.insert(EV); - - LOG_DEBUG("Added patchable memory location (caller -> callee)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - } else { - bool GenFact = DataFlowUtils::isValueTainted(Arg, Fact); - if (GenFact) { - std::vector PatchablePart{Param}; - - ExtendedValue EV(Fact); - EV.setMemLocationSeq(PatchablePart); - if (IsVarArgParam) { - EV.setVarArgIndex(VarArgIndex); - } - - TargetParamFacts.insert(EV); - - LOG_DEBUG("Added patchable memory location (caller -> callee)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - } - - if (IsVarArgParam) { - ++VarArgIndex; - } - } - - bool AddLineNumber = !TargetParamFacts.empty(); - if (AddLineNumber) { - TStats.add(CallInst); - } - - std::set TargetFacts; - std::set_union(TargetGlobalFacts.begin(), TargetGlobalFacts.end(), - TargetParamFacts.begin(), TargetParamFacts.end(), - std::inserter(TargetFacts, TargetFacts.begin())); - - return TargetFacts; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.cpp deleted file mode 100644 index 90e374d53..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.cpp +++ /dev/null @@ -1,102 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include - -namespace psr { - -std::set -MapTaintedValuesToCaller::computeTargets(ExtendedValue Fact) { - std::set TargetGlobalFacts; - std::set TargetRetFacts; - - bool IsGlobalMemLocationFact = DataFlowUtils::isGlobalMemoryLocationSeq( - DataFlowUtils::getMemoryLocationSeqFromFact(Fact)); - if (IsGlobalMemLocationFact) { - TargetGlobalFacts.insert(Fact); - } - - auto *const RetValMemLocationMatr = RetInst->getReturnValue(); - if (!RetValMemLocationMatr) { - return TargetGlobalFacts; - } - - auto RetValMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(RetValMemLocationMatr); - - bool IsRetValMemLocation = !RetValMemLocationSeq.empty(); - if (IsRetValMemLocation) { - const auto FactMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromFact(Fact); - - bool IsArrayDecay = DataFlowUtils::isArrayDecay(RetValMemLocationMatr); - if (IsArrayDecay) { - RetValMemLocationSeq.pop_back(); - } - - bool GenFact = DataFlowUtils::isSubsetMemoryLocationSeq( - RetValMemLocationSeq, FactMemLocationSeq); - if (GenFact) { - const auto RelocatableMemLocationSeq = - DataFlowUtils::getRelocatableMemoryLocationSeq(FactMemLocationSeq, - RetValMemLocationSeq); - std::vector PatchablePart{CallInst}; - const auto PatchableMemLocationSeq = - DataFlowUtils::joinMemoryLocationSeqs(PatchablePart, - RelocatableMemLocationSeq); - - /* - * We need to set this to call inst because we can have the case where we - * only return the call inst in the mem location sequence (which is not a - * a memory address). We then land in the else branch below and need to - * find the call instance (see test case 230-function-ptr-2). - */ - ExtendedValue EV(CallInst); - EV.setMemLocationSeq(PatchableMemLocationSeq); - - TargetRetFacts.insert(EV); - - LOG_DEBUG("Added patchable memory location (caller <- callee)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - } else { - bool GenFact = DataFlowUtils::isValueTainted(RetValMemLocationMatr, Fact); - if (GenFact) { - std::vector PatchablePart{CallInst}; - - ExtendedValue EV(CallInst); - EV.setMemLocationSeq(PatchablePart); - - TargetRetFacts.insert(EV); - - LOG_DEBUG("Added patchable memory location (caller <- callee)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - } - - bool AddLineNumbers = !TargetRetFacts.empty(); - if (AddLineNumbers) { - TraceStats.add(CallInst); - } - - std::set TargetFacts; - std::set_union(TargetGlobalFacts.begin(), TargetGlobalFacts.end(), - TargetRetFacts.begin(), TargetRetFacts.end(), - std::inserter(TargetFacts, TargetFacts.begin())); - - return TargetFacts; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.cpp deleted file mode 100644 index 857efded3..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.cpp +++ /dev/null @@ -1,30 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "llvm/IR/IntrinsicInst.h" - -namespace psr { - -std::set -MemSetInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const auto *const MemSetInst = - llvm::cast(CurrentInst); - auto *const DstMemLocationMatr = MemSetInst->getRawDest(); - - bool KillFact = - DataFlowUtils::isMemoryLocationTainted(DstMemLocationMatr, Fact); - if (KillFact) { - TStats.add(MemSetInst); - - return {}; - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.cpp deleted file mode 100644 index c240bd71b..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.cpp +++ /dev/null @@ -1,94 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include "llvm/IR/IntrinsicInst.h" - -namespace psr { - -std::set -MemTransferInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const auto *const MemTransferInst = - llvm::cast(CurrentInst); - - auto *const SrcMemLocationMatr = MemTransferInst->getRawSource(); - auto *const DstMemLocationMatr = MemTransferInst->getRawDest(); - - const auto FactMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromFact(Fact); - auto SrcMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(SrcMemLocationMatr); - auto DstMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(DstMemLocationMatr); - - bool IsArgumentPatch = DataFlowUtils::isPatchableArgumentMemcpy( - MemTransferInst->getRawSource(), SrcMemLocationSeq, Fact); - std::set TargetFacts; - - /* - * Patch argument - */ - if (IsArgumentPatch) { - const auto PatchedMemLocationSeq = DataFlowUtils::patchMemoryLocationFrame( - FactMemLocationSeq, DstMemLocationSeq); - ExtendedValue EV(Fact); - EV.setMemLocationSeq(PatchedMemLocationSeq); - EV.resetVarArgIndex(); - - TargetFacts.insert(EV); - TStats.add(MemTransferInst, DstMemLocationSeq); - - LOG_DEBUG("Patched memory location (arg/memcpy)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } else { - bool IsSrcArrayDecay = DataFlowUtils::isArrayDecay(SrcMemLocationMatr); - if (IsSrcArrayDecay) { - SrcMemLocationSeq.pop_back(); - } - - bool IsDstArrayDecay = DataFlowUtils::isArrayDecay(DstMemLocationMatr); - if (IsDstArrayDecay) { - DstMemLocationSeq.pop_back(); - } - - bool GenFact = DataFlowUtils::isSubsetMemoryLocationSeq(SrcMemLocationSeq, - FactMemLocationSeq); - bool KillFact = DataFlowUtils::isSubsetMemoryLocationSeq( - DstMemLocationSeq, FactMemLocationSeq); - - if (GenFact) { - const auto RelocatableMemLocationSeq = - DataFlowUtils::getRelocatableMemoryLocationSeq(FactMemLocationSeq, - SrcMemLocationSeq); - const auto RelocatedMemLocationSeq = - DataFlowUtils::joinMemoryLocationSeqs(DstMemLocationSeq, - RelocatableMemLocationSeq); - ExtendedValue EV(Fact); - EV.setMemLocationSeq(RelocatedMemLocationSeq); - - TargetFacts.insert(EV); - TStats.add(MemTransferInst, DstMemLocationSeq); - - LOG_DEBUG("Relocated memory location (memcpy/memmove)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - if (!KillFact) { - TargetFacts.insert(Fact); - } - } - - return TargetFacts; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.cpp deleted file mode 100644 index f2d244fd8..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.cpp +++ /dev/null @@ -1,34 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "llvm/IR/Instructions.h" - -namespace psr { - -std::set -PHINodeFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const auto *const PhiNodeInst = llvm::cast(CurrentInst); - - for (auto *const Block : PhiNodeInst->blocks()) { - auto *const IncomingValue = PhiNodeInst->getIncomingValueForBlock(Block); - - bool IsIncomingValueTainted = - DataFlowUtils::isValueTainted(IncomingValue, Fact) || - DataFlowUtils::isMemoryLocationTainted(IncomingValue, Fact); - - if (IsIncomingValueTainted) { - TStats.add(PhiNodeInst); - - return {Fact, ExtendedValue(PhiNodeInst)}; - } - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.cpp deleted file mode 100644 index 0e78ac814..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.cpp +++ /dev/null @@ -1,35 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -namespace psr { - -std::set -ReturnInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const auto *const RetInst = llvm::cast(CurrentInst); - auto *const RetValMemLocationMatr = RetInst->getReturnValue(); - - if (RetValMemLocationMatr) { - bool IsRetValTainted = - DataFlowUtils::isValueTainted(RetValMemLocationMatr, Fact) || - DataFlowUtils::isMemoryLocationTainted(RetValMemLocationMatr, Fact); - - /* - * We don't need to GEN/KILL any facts here as this is all handled - * in the map to callee flow function. Whole purpose of this flow - * function is to make sure that a tainted return statement of an - * entry point is added as for that case no mapping function is called. - */ - if (IsRetValTainted) { - TStats.add(RetInst); - } - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.cpp deleted file mode 100644 index f147c1211..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.cpp +++ /dev/null @@ -1,179 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -namespace psr { - -std::set -StoreInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - const auto *const StoreInst = llvm::cast(CurrentInst); - - const auto *const SrcMemLocationMatr = StoreInst->getValueOperand(); - const auto *const DstMemLocationMatr = StoreInst->getPointerOperand(); - - const auto FactMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromFact(Fact); - auto SrcMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(SrcMemLocationMatr); - auto DstMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(DstMemLocationMatr); - - bool IsArgumentPatch = - DataFlowUtils::isPatchableArgumentStore(SrcMemLocationMatr, Fact); - bool IsVaListArgumentPatch = - DataFlowUtils::isPatchableVaListArgument(SrcMemLocationMatr, Fact); - - bool IsReturnValuePatch = - DataFlowUtils::isPatchableReturnValue(SrcMemLocationMatr, Fact); - - bool IsSrcMemLocation = !SrcMemLocationSeq.empty(); - - std::set TargetFacts; - - /* - * Patch argument - * - * We have 3 differenct cases to consider here: - * - * 1) Patching of memory location sequence for a regular argument - * 2) Patching of memory location sequence for a vararg (int foo(int n, ...)) - * 3) Patching of va list memory location sequence for a vararg (int - * foo(va_list args)) - * - */ - if (IsArgumentPatch) { - bool PatchMemLocation = !DstMemLocationSeq.empty(); - if (PatchMemLocation) { - bool IsArgCoerced = SrcMemLocationMatr->getName().contains("coerce"); - if (IsArgCoerced) { - assert(DstMemLocationSeq.size() > 1); - DstMemLocationSeq.pop_back(); - } - - const auto PatchableMemLocationSeq = - IsVaListArgumentPatch - ? DataFlowUtils::getVaListMemoryLocationSeqFromFact(Fact) - : DataFlowUtils::getMemoryLocationSeqFromFact(Fact); - - const auto PatchedMemLocationSeq = - DataFlowUtils::patchMemoryLocationFrame(PatchableMemLocationSeq, - DstMemLocationSeq); - - ExtendedValue EV(Fact); - - if (IsVaListArgumentPatch) { - EV.setVaListMemLocationSeq(PatchedMemLocationSeq); - } else { - EV.setMemLocationSeq(PatchedMemLocationSeq); - EV.resetVarArgIndex(); - } - - TargetFacts.insert(EV); - TStats.add(StoreInst, DstMemLocationSeq); - - LOG_DEBUG("Patched memory location (arg/store)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - } - /* - * Patch return value - */ - else if (IsReturnValuePatch) { - bool PatchMemLocation = !DstMemLocationSeq.empty(); - if (PatchMemLocation) { - bool IsExtractValue = - llvm::isa(SrcMemLocationMatr); - if (IsExtractValue) { - assert(DstMemLocationSeq.size() > 1); - DstMemLocationSeq.pop_back(); - } - - const auto PatchedMemLocationSeq = - DataFlowUtils::patchMemoryLocationFrame(FactMemLocationSeq, - DstMemLocationSeq); - - ExtendedValue EV(Fact); - EV.setMemLocationSeq(PatchedMemLocationSeq); - - TargetFacts.insert(EV); - TStats.add(StoreInst, DstMemLocationSeq); - - LOG_DEBUG("Patched memory location (ret/store)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - } - /* - * If we got a memory location then we need to find all tainted memory - * locations for it and create a new relocated address that relatively works - * from the memory location destination. If the value is a pointer so is the - * desination as the store instruction is defined as - * that means we need to remove all facts that started at the destination. - */ - else if (IsSrcMemLocation) { - bool IsArrayDecay = DataFlowUtils::isArrayDecay(SrcMemLocationMatr); - if (IsArrayDecay) { - SrcMemLocationSeq.pop_back(); - } - - bool GenFact = DataFlowUtils::isSubsetMemoryLocationSeq(SrcMemLocationSeq, - FactMemLocationSeq); - bool KillFact = DataFlowUtils::isSubsetMemoryLocationSeq( - DstMemLocationSeq, FactMemLocationSeq) || - DataFlowUtils::isKillAfterStoreFact(Fact); - - if (GenFact) { - const auto RelocatableMemLocationSeq = - DataFlowUtils::getRelocatableMemoryLocationSeq(FactMemLocationSeq, - SrcMemLocationSeq); - const auto RelocatedMemLocationSeq = - DataFlowUtils::joinMemoryLocationSeqs(DstMemLocationSeq, - RelocatableMemLocationSeq); - - ExtendedValue EV(Fact); - EV.setMemLocationSeq(RelocatedMemLocationSeq); - - TargetFacts.insert(EV); - TStats.add(StoreInst, DstMemLocationSeq); - - LOG_DEBUG("Relocated memory location (store)"); - LOG_DEBUG("Source"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("Destination"); - DataFlowUtils::dumpFact(EV); - } - if (!KillFact) { - TargetFacts.insert(Fact); - } - } else { - bool GenFact = DataFlowUtils::isValueTainted(SrcMemLocationMatr, Fact); - bool KillFact = DataFlowUtils::isSubsetMemoryLocationSeq( - DstMemLocationSeq, FactMemLocationSeq) || - DataFlowUtils::isKillAfterStoreFact(Fact); - - if (GenFact) { - ExtendedValue EV(StoreInst); - EV.setMemLocationSeq(DstMemLocationSeq); - - TargetFacts.insert(EV); - TStats.add(StoreInst, DstMemLocationSeq); - } - if (!KillFact) { - TargetFacts.insert(Fact); - } - } - - return TargetFacts; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.cpp deleted file mode 100644 index 61a46d55e..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.cpp +++ /dev/null @@ -1,48 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include "llvm/IR/IntrinsicInst.h" - -namespace psr { - -std::set -VAEndInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - bool IsVarArgFact = Fact.isVarArg(); - if (!IsVarArgFact) { - return {Fact}; - } - - const auto *const VaEndInst = llvm::cast(CurrentInst); - auto *const VaEndMemLocationMatr = VaEndInst->getArgList(); - - auto VaEndMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(VaEndMemLocationMatr); - - bool IsValidMemLocationSeq = !VaEndMemLocationSeq.empty(); - if (IsValidMemLocationSeq) { - bool IsArrayDecay = DataFlowUtils::isArrayDecay(VaEndMemLocationMatr); - if (IsArrayDecay) { - VaEndMemLocationSeq.pop_back(); - } - - bool IsVaListEqual = DataFlowUtils::isMemoryLocationSeqsEqual( - DataFlowUtils::getVaListMemoryLocationSeqFromFact(Fact), - VaEndMemLocationSeq); - if (IsVaListEqual) { - LOG_DEBUG("Killed VarArg"); - DataFlowUtils::dumpFact(Fact); - - return {}; - } - } - - return {Fact}; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.cpp deleted file mode 100644 index c83c76541..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.cpp +++ /dev/null @@ -1,52 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include "llvm/IR/IntrinsicInst.h" - -namespace psr { - -std::set -VAStartInstFlowFunction::computeTargetsExt(ExtendedValue &Fact) { - std::set TargetFacts; - TargetFacts.insert(Fact); - - bool IsVarArgTemplateFact = Fact.isVarArgTemplate(); - if (!IsVarArgTemplateFact) { - return TargetFacts; - } - - const auto *const VaStartInst = llvm::cast(CurrentInst); - auto *const VaListMemLocationMatr = VaStartInst->getArgList(); - - auto VaListMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(VaListMemLocationMatr); - - bool IsValidMemLocationSeq = !VaListMemLocationSeq.empty(); - if (IsValidMemLocationSeq) { - bool IsArrayDecay = DataFlowUtils::isArrayDecay(VaListMemLocationMatr); - if (IsArrayDecay) { - VaListMemLocationSeq.pop_back(); - } - - ExtendedValue EV(Fact); - EV.setVaListMemLocationSeq(VaListMemLocationSeq); - - TargetFacts.insert(EV); - - LOG_DEBUG("Created new VarArg from template"); - LOG_DEBUG("Template"); - DataFlowUtils::dumpFact(Fact); - LOG_DEBUG("VarArg"); - DataFlowUtils::dumpFact(EV); - } - - return TargetFacts; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.cpp deleted file mode 100644 index 036bdc37f..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.cpp +++ /dev/null @@ -1,83 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.h" - -namespace psr { - -static void filterReturnValues(TraceStats::FileStats &FileStats) { - for (auto FileStatsIt = FileStats.begin(); FileStatsIt != FileStats.end();) { - const auto File = FileStatsIt->first; - auto &FunctionStats = FileStatsIt->second; - - for (auto FunctionStatsIt = FunctionStats.begin(); - FunctionStatsIt != FunctionStats.end();) { - const auto Function = FunctionStatsIt->first; - auto &LineNumberStats = FunctionStatsIt->second; - - for (auto LineNumberStatsIt = LineNumberStats.begin(); - LineNumberStatsIt != LineNumberStats.end();) { - bool IsLineNumberRetVal = LineNumberStatsIt->isReturnValue(); - if (!IsLineNumberRetVal) { - LineNumberStatsIt = LineNumberStats.erase(LineNumberStatsIt); - } else { - ++LineNumberStatsIt; - } - } - - bool IsLineNumberStatsEmpty = LineNumberStats.empty(); - if (IsLineNumberStatsEmpty) { - FunctionStatsIt = FunctionStats.erase(FunctionStatsIt); - } else { - ++FunctionStatsIt; - } - } - - bool IsFunctionStatsEmpty = FunctionStats.empty(); - if (IsFunctionStatsEmpty) { - FileStatsIt = FileStats.erase(FileStatsIt); - } else { - ++FileStatsIt; - } - } -} - -void LcovRetValWriter::write() const { - std::ofstream Writer(getOutFile()); - - LOG_INFO("Writing lcov return value trace to: " << getOutFile()); - - TraceStats::FileStats Stats = getTraceStats().getStats(); - - filterReturnValues(Stats); - - for (const auto &FileEntry : Stats) { - const auto File = FileEntry.first; - const auto FunctionStats = FileEntry.second; - - Writer << "SF:" << File << "\n"; - - for (const auto &FunctionEntry : FunctionStats) { - const auto Function = FunctionEntry.first; - - Writer << "FNDA:" - << "1," << Function << "\n"; - } - - for (const auto &FunctionEntry : FunctionStats) { - const auto LineNumberStats = FunctionEntry.second; - - for (const auto &LineNumberEntry : LineNumberStats) { - - Writer << "DA:" << LineNumberEntry.getLineNumber() << ",1" - << "\n"; - } - } - - Writer << "end_of_record" - << "\n"; - } -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.cpp deleted file mode 100644 index 9730fff69..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.cpp +++ /dev/null @@ -1,42 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.h" - -namespace psr { - -void LcovWriter::write() const { - std::ofstream Writer(getOutFile()); - - LOG_INFO("Writing lcov trace to: " << getOutFile()); - - for (const auto &FileEntry : getTraceStats().getStats()) { - const auto File = FileEntry.first; - const auto FunctionStats = FileEntry.second; - - Writer << "SF:" << File << "\n"; - - for (const auto &FunctionEntry : FunctionStats) { - const auto Function = FunctionEntry.first; - - Writer << "FNDA:" - << "1," << Function << "\n"; - } - - for (const auto &FunctionEntry : FunctionStats) { - const auto LineNumberStats = FunctionEntry.second; - - for (const auto &LineNumberEntry : LineNumberStats) { - - Writer << "DA:" << LineNumberEntry.getLineNumber() << ",1" - << "\n"; - } - } - - Writer << "end_of_record" - << "\n"; - } -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.cpp deleted file mode 100644 index b4ac741cb..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.cpp +++ /dev/null @@ -1,28 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.h" - -namespace psr { - -void LineNumberWriter::write() const { - std::ofstream Writer(getOutFile()); - - LOG_INFO("Writing line number trace to: " << getOutFile()); - - for (const auto &FileEntry : getTraceStats().getStats()) { - const auto FunctionStats = FileEntry.second; - - for (const auto &FunctionEntry : FunctionStats) { - const auto LineNumberStats = FunctionEntry.second; - - for (const auto &LineNumberEntry : LineNumberStats) { - - Writer << LineNumberEntry.getLineNumber() << "\n"; - } - } - } -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.cpp deleted file mode 100644 index c98e07db9..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.cpp +++ /dev/null @@ -1,120 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" - -#include "llvm/IR/DebugInfoMetadata.h" -#include "llvm/IR/Function.h" -#include "llvm/IR/Instructions.h" - -#include - -namespace psr { - -long TraceStats::add(const llvm::Instruction *Instruction, bool IsReturnValue) { - const llvm::DebugLoc &DebugLocInst = Instruction->getDebugLoc(); - if (!DebugLocInst) { - return 0; - } - - const llvm::DebugLoc DebugLocFn = DebugLocInst.getFnDebugLoc(); - if (!DebugLocFn) { - return 0; - } - - const auto *const Function = Instruction->getFunction(); - if (!Function) { - return 0; - } - - const auto FunctionName = Function->getName().str(); - - auto *const FnScope = llvm::cast(DebugLocFn.getScope()); - - const std::string File = - FnScope->getDirectory().str() + "/" + FnScope->getFilename().str(); - - unsigned int LineNumber = DebugLocInst->getLine(); - - LOG_DEBUG("Tainting " << File << ":" << FunctionName << ":" << LineNumber - << ":" << IsReturnValue); - - TraceStats::LineNumberStats &LineNumberStats = - getLineNumberStats(File, FunctionName); - - LineNumberEntry LineNumberEntry(LineNumber); - - if (IsReturnValue) { - LineNumberStats.erase(LineNumberEntry); - LineNumberEntry.setReturnValue(true); - } - - LineNumberStats.insert(LineNumberEntry); - - return 1; -} - -long TraceStats::add(const llvm::Instruction *Instruction, - const std::vector &MemLocationSeq) { - bool IsRetInstruction = llvm::isa(Instruction); - if (IsRetInstruction) { - const auto *const BasicBlock = Instruction->getParent(); - const auto BasicBlockName = BasicBlock->getName(); - - bool IsReturnBasicBlock = BasicBlockName.compare("return") == 0; - if (IsReturnBasicBlock) { - return 0; - } - - return add(Instruction, true); - } - - bool IsGENMemoryLocation = !MemLocationSeq.empty(); - if (IsGENMemoryLocation) { - const auto *const MemLocationFrame = MemLocationSeq.front(); - - if (const auto *const AllocaInst = - llvm::dyn_cast(MemLocationFrame)) { - const auto InstructionName = AllocaInst->getName(); - bool IsRetVal = InstructionName.compare("retval") == 0; - - if (IsRetVal) { - return add(Instruction, true); - } - } - } - - return add(Instruction, false); -} - -TraceStats::FunctionStats & -TraceStats::getFunctionStats(const std::string &File) { - auto FunctionStatsEntry = Stats.find(File); - if (FunctionStatsEntry != Stats.end()) { - return FunctionStatsEntry->second; - } - - Stats.insert({File, FunctionStats()}); - - return Stats.find(File)->second; -} - -TraceStats::LineNumberStats & -TraceStats::getLineNumberStats(const std::string &File, - const std::string &Function) { - TraceStats::FunctionStats &FunctionStats = getFunctionStats(File); - - auto LineNumberEntry = FunctionStats.find(Function); - if (LineNumberEntry != FunctionStats.end()) { - return LineNumberEntry->second; - } - - FunctionStats.insert({Function, LineNumberStats()}); - - return FunctionStats.find(Function)->second; -} - -} // namespace psr diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.cpp deleted file mode 100644 index 24959d9f8..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.cpp +++ /dev/null @@ -1,1129 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/Log.h" -#include "phasar/PhasarLLVM/Utils/LLVMShorthands.h" - -#include "llvm/Analysis/PostDominators.h" -#include "llvm/IR/IntrinsicInst.h" -#include "llvm/Support/raw_ostream.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace psr; - -static const llvm::Value *PoisonPill = // NOLINT - reinterpret_cast( - "all i need is a unique llvm::Value ptr..."); - -static const std::vector EmptySeq; -static const std::set EmptyStringSet; - -static std::string getTypeName(const llvm::Type *Type) { - std::string TypeName; - llvm::raw_string_ostream TypeRawOutputStream(TypeName); - Type->print(TypeRawOutputStream); - - return TypeRawOutputStream.str(); -} - -static bool isMemoryLocationFrame(const llvm::Value *MemLocationPart) { - return llvm::isa(MemLocationPart) || - llvm::isa(MemLocationPart) || - llvm::isa(MemLocationPart); -} - -static bool isConstantIntEqual(const llvm::ConstantInt *CI1, - const llvm::ConstantInt *CI2) { - // Compare numerical value without type - // return ci1->getSExtValue() == ci2->getSExtValue(); - - // Compare with type - return CI1 == CI2; -} - -static bool isGEPPartEqual(const llvm::GetElementPtrInst *MemLocationFactGEP, - const llvm::GetElementPtrInst *MemLocationInstGEP) { - bool HaveValidGEPParts = MemLocationFactGEP->hasAllConstantIndices() && - MemLocationInstGEP->hasAllConstantIndices(); - if (!HaveValidGEPParts) { - return false; - } - - bool IsNumIndicesEqual = MemLocationFactGEP->getNumIndices() == - MemLocationInstGEP->getNumIndices(); - - if (IsNumIndicesEqual) { - // Compare pointer type - auto *const GepFactPtrType = MemLocationFactGEP->getPointerOperandType(); - auto *const GepInstPtrType = MemLocationInstGEP->getPointerOperandType(); - if (GepFactPtrType != GepInstPtrType) { - return false; - } - - // Compare indices - for (unsigned int I = 1; I < MemLocationFactGEP->getNumOperands(); I++) { - const auto *GepFactIndex = - llvm::cast(MemLocationFactGEP->getOperand(I)); - const auto *GepInstIndex = - llvm::cast(MemLocationInstGEP->getOperand(I)); - - if (!isConstantIntEqual(GepFactIndex, GepInstIndex)) { - return false; - } - } - } else { - /* - * For now just expect this to be the result of array decaying... - * - * If we pass an array as an argument it is decayed to a pointer and loses - * type and size information. When we transfer the array from caller to - * callee we copy the GEP instruction from the caller as this is the only - * information we have. This GEP instruction carries type information: - * - * %arrayidx = getelementptr inbounds [42 x i32], [42 x i32]* %a, i64 0, i64 - * 5 - * - * However every GEP instruction for that array in the callee refers to the - * array as a pointer to the first element and performs pointer arithmetic - * in order to step through the elements. Thus the same location in the - * callee would be: - * - * %arrayidx = getelementptr inbounds i32, i32* %0, i64 5 - * - * In order to be 100% accurate here we would also need to compare the - * pointer types... - */ - const auto *const NonDecayedArrayGEP = - MemLocationFactGEP->getNumIndices() > - MemLocationInstGEP->getNumIndices() - ? MemLocationFactGEP - : MemLocationInstGEP; - - if (auto *const NonDecayedArrayGEPPtrIndex = - llvm::dyn_cast( - NonDecayedArrayGEP->getOperand(1))) { - if (!NonDecayedArrayGEPPtrIndex->isZero()) { - return false; - } - } else { - return false; - } - - const auto *GepFactIndex = - llvm::cast(MemLocationFactGEP->getOperand( - MemLocationFactGEP->getNumOperands() - 1)); - const auto *GepInstIndex = - llvm::cast(MemLocationInstGEP->getOperand( - MemLocationInstGEP->getNumOperands() - 1)); - - return isConstantIntEqual(GepFactIndex, GepInstIndex); - } - - return true; -} - -static bool isFirstNMemoryLocationPartsEqual( - std::vector MemLocationSeqFact, - std::vector MemLocationSeqInst, std::size_t N) { - assert(N > 0); - - bool SeqsHaveAtLeastNParts = - MemLocationSeqFact.size() >= N && MemLocationSeqInst.size() >= N; - if (!SeqsHaveAtLeastNParts) { - return false; - } - - bool HaveMemLocationFrames = - isMemoryLocationFrame(MemLocationSeqFact.front()) && - isMemoryLocationFrame(MemLocationSeqInst.front()); - if (!HaveMemLocationFrames) { - return false; - } - - static_assert( - true, - "We have vectors that both start with a memory location" - "frame.Size may differ but we have at least n instances in each each."); - - bool IsSameMemLocationFrame = - MemLocationSeqFact.front() == MemLocationSeqInst.front(); - if (!IsSameMemLocationFrame) { - return false; - } - - for (std::size_t I = 1; I < N; ++I) { - const auto *const FactGEPPtr = - llvm::cast(MemLocationSeqFact[I]); - const auto *const InstGEPPtr = - llvm::cast(MemLocationSeqInst[I]); - - bool IsEqual = isGEPPartEqual(FactGEPPtr, InstGEPPtr); - if (!IsEqual) { - return false; - } - } - - return true; -} - -static bool isUnionBitCast(const llvm::CastInst *CastInst) { - if (const auto *const BitCastInst = - llvm::dyn_cast(CastInst)) { - const auto TypeName = getTypeName(BitCastInst->getSrcTy()); - - return TypeName.find("union") != std::string::npos; - } - return false; -} - -static std::vector -getMemoryLocationSeqFromMatrRec(const llvm::Value *MemLocationPart) { - // Globals - if (const auto *const ConstExpr = - llvm::dyn_cast(MemLocationPart)) { - MemLocationPart = - const_cast(ConstExpr) // FIXME this is terible - ->getAsInstruction(); - } - - std::vector MemLocationSeq; - - bool IsMemLocationFrame = isMemoryLocationFrame(MemLocationPart); - if (IsMemLocationFrame) { - MemLocationSeq.push_back(MemLocationPart); - - return MemLocationSeq; - } - - if (const auto *const CastInst = - llvm::dyn_cast(MemLocationPart)) { - MemLocationSeq = getMemoryLocationSeqFromMatrRec(CastInst->getOperand(0)); - - bool PoisonSeq = isUnionBitCast(CastInst); - if (!PoisonSeq) { - return MemLocationSeq; - } - - // FALLTHROUGH - } else if (const auto *const LoadInst = - llvm::dyn_cast(MemLocationPart)) { - return getMemoryLocationSeqFromMatrRec(LoadInst->getOperand(0)); - } else if (const auto *const GepInst = - llvm::dyn_cast(MemLocationPart)) { - MemLocationSeq = - getMemoryLocationSeqFromMatrRec(GepInst->getPointerOperand()); - - bool IsSeqPoisoned = - !MemLocationSeq.empty() && MemLocationSeq.back() == PoisonPill; - if (IsSeqPoisoned) { - return MemLocationSeq; - } - - MemLocationSeq.push_back(GepInst); - - return MemLocationSeq; - } - - // Poison seq - bool IsSeqPoisoned = - !MemLocationSeq.empty() && MemLocationSeq.back() == PoisonPill; - if (!IsSeqPoisoned) { - MemLocationSeq.push_back(PoisonPill); - } - - return MemLocationSeq; -} - -static std::vector -normalizeGlobalGEPs(const std::vector &MemLocationSeq) { - bool IsGlobalMemLocationSeq = - DataFlowUtils::isGlobalMemoryLocationSeq(MemLocationSeq); - if (!IsGlobalMemLocationSeq) { - return MemLocationSeq; - } - - std::vector NormalizedMemLocationSeq; - NormalizedMemLocationSeq.push_back(MemLocationSeq.front()); - - for (std::size_t I = 1; I < MemLocationSeq.size(); ++I) { - const auto *const GepInst = - llvm::cast(MemLocationSeq[I]); - - unsigned int NumIndices = GepInst->getNumIndices(); - - bool IsNormalizedGEP = NumIndices <= 2; - if (IsNormalizedGEP) { - NormalizedMemLocationSeq.push_back(GepInst); - continue; - } - - const std::vector Indices(GepInst->idx_begin(), - GepInst->idx_end()); - - auto *SplittedGEPInst = llvm::GetElementPtrInst::CreateInBounds( - NormalizedMemLocationSeq.back() - ->getType() - ->getScalarType() - ->getPointerElementType(), - const_cast(NormalizedMemLocationSeq.back()), - {Indices[0], Indices[1]}, "gepsplit0"); - NormalizedMemLocationSeq.push_back(SplittedGEPInst); - - llvm::ConstantInt *ConstantZero = llvm::ConstantInt::get( - GepInst->getType()->getContext(), llvm::APInt(32, 0, false)); - - for (std::size_t I = 2; I < Indices.size(); ++I) { - auto *const Index = Indices[I]; - - std::stringstream NameStream; - NameStream << "gepsplit" << (I - 1); - - SplittedGEPInst = llvm::GetElementPtrInst::CreateInBounds( - NormalizedMemLocationSeq.back() - ->getType() - ->getScalarType() - ->getPointerElementType(), - const_cast(NormalizedMemLocationSeq.back()), - {ConstantZero, Index}, NameStream.str()); - NormalizedMemLocationSeq.push_back(SplittedGEPInst); - } - } - - return NormalizedMemLocationSeq; -} - -static std::vector -normalizeMemoryLocationSeq(std::vector MemLocationSeq) { - assert(!MemLocationSeq.empty()); - - // Remove poison pill - bool IsSeqPoisoned = MemLocationSeq.back() == PoisonPill; - if (IsSeqPoisoned) { - MemLocationSeq.pop_back(); - } - - if (MemLocationSeq.empty()) { - return MemLocationSeq; - } - - // Normalize global GEP parts - MemLocationSeq = normalizeGlobalGEPs(MemLocationSeq); - - return MemLocationSeq; -} - -std::vector DataFlowUtils::getMemoryLocationSeqFromMatr( - const llvm::Value *MemLocationMatr) { - auto MemLocationSeq = normalizeMemoryLocationSeq( - getMemoryLocationSeqFromMatrRec(MemLocationMatr)); - - assert(MemLocationSeq.empty() || - isMemoryLocationFrame(MemLocationSeq.front())); - - return MemLocationSeq; -} - -std::vector DataFlowUtils::getMemoryLocationSeqFromFact( - const ExtendedValue &MemLocationFact) { - return MemLocationFact.getMemLocationSeq(); -} - -std::vector -DataFlowUtils::getVaListMemoryLocationSeqFromFact( - const ExtendedValue &VaListFact) { - return VaListFact.getVaListMemLocationSeq(); -} - -static const llvm::Value * -getMemoryLocationFrameFromFact(const ExtendedValue &MemLocationFact) { - const auto MemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromFact(MemLocationFact); - if (MemLocationSeq.empty()) { - return nullptr; - } - - return MemLocationSeq.front(); -} - -static const llvm::Value * -getVaListMemoryLocationFrameFromFact(const ExtendedValue &VaListFact) { - const auto MemLocationSeq = - DataFlowUtils::getVaListMemoryLocationSeqFromFact(VaListFact); - if (MemLocationSeq.empty()) { - return nullptr; - } - - return MemLocationSeq.front(); -} - -static const llvm::Value * -getMemoryLocationFrameFromMatr(const llvm::Value *MemLocationMatr) { - const auto MemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(MemLocationMatr); - if (MemLocationSeq.empty()) { - return nullptr; - } - - return MemLocationSeq.front(); -} - -bool DataFlowUtils::isValueTainted(const llvm::Value *CurrentInst, - const ExtendedValue &Fact) { - return CurrentInst == Fact.getValue(); -} - -bool DataFlowUtils::isMemoryLocationTainted(const llvm::Value *MemLocationMatr, - const ExtendedValue &Fact) { - auto MemLocationInstSeq = getMemoryLocationSeqFromMatr(MemLocationMatr); - if (MemLocationInstSeq.empty()) { - return false; - } - - const auto MemLocationFactSeq = getMemoryLocationSeqFromFact(Fact); - if (MemLocationFactSeq.empty()) { - return false; - } - - bool IsArrayDecay = DataFlowUtils::isArrayDecay(MemLocationMatr); - if (IsArrayDecay) { - MemLocationInstSeq.pop_back(); - } - - return isSubsetMemoryLocationSeq(MemLocationInstSeq, MemLocationFactSeq); -} - -bool DataFlowUtils::isMemoryLocationSeqsEqual( - const std::vector &MemLocationSeq1, - const std::vector &MemLocationSeq2) { - bool IsSizeEqual = MemLocationSeq1.size() == MemLocationSeq2.size(); - if (!IsSizeEqual) { - return false; - } - - bool IsEmptySeq = MemLocationSeq1.empty(); - if (IsEmptySeq) { - return false; - } - - std::size_t N = MemLocationSeq1.size(); - bool IsMemLocationsEqual = - isFirstNMemoryLocationPartsEqual(MemLocationSeq1, MemLocationSeq2, N); - if (!IsMemLocationsEqual) { - return false; - } - - return true; -} - -bool DataFlowUtils::isSubsetMemoryLocationSeq( - const std::vector &MemLocationSeqInst, - const std::vector &MemLocationSeqFact) { - if (MemLocationSeqInst.empty()) { - return false; - } - if (MemLocationSeqFact.empty()) { - return false; - } - - std::size_t N = std::min(MemLocationSeqInst.size(), - MemLocationSeqFact.size()); - - return isFirstNMemoryLocationPartsEqual(MemLocationSeqInst, // NOLINT - MemLocationSeqFact, N); -} - -std::vector DataFlowUtils::getRelocatableMemoryLocationSeq( - const std::vector &TaintedMemLocationSeq, - const std::vector &SrcMemLocationSeq) { - std::vector RelocatableMemLocationSeq; - - for (std::size_t I = SrcMemLocationSeq.size(); - I < TaintedMemLocationSeq.size(); ++I) { - RelocatableMemLocationSeq.push_back(TaintedMemLocationSeq[I]); - } - - return RelocatableMemLocationSeq; -} - -std::vector DataFlowUtils::joinMemoryLocationSeqs( - const std::vector &MemLocationSeq1, - const std::vector &MemLocationSeq2) { - std::vector JoinedMemLocationSeq; - JoinedMemLocationSeq.reserve(MemLocationSeq1.size() + MemLocationSeq2.size()); - - JoinedMemLocationSeq.insert(JoinedMemLocationSeq.end(), - MemLocationSeq1.begin(), MemLocationSeq1.end()); - JoinedMemLocationSeq.insert(JoinedMemLocationSeq.end(), - MemLocationSeq2.begin(), MemLocationSeq2.end()); - - return JoinedMemLocationSeq; -} - -std::vector -getVaListMemoryLocationSeq(const llvm::Value *Value) { - if (const auto *const PhiNodeInst = llvm::dyn_cast(Value)) { - const auto PhiNodeName = PhiNodeInst->getName(); - bool IsVarArgAddr = PhiNodeName.contains("vaarg.addr"); - if (!IsVarArgAddr) { - return EmptySeq; - } - - for (const auto &Block : PhiNodeInst->blocks()) { - const auto BlockName = Block->getName(); - bool IsVarArgInMem = BlockName.contains("vaarg.in_mem"); - if (!IsVarArgInMem) { - continue; - } - - auto *const VaListMemLocationMatr = - PhiNodeInst->getIncomingValueForBlock(Block); - auto VaListMemLocationSeq = - DataFlowUtils::getMemoryLocationSeqFromMatr(VaListMemLocationMatr); - - bool IsValidMemLocation = !VaListMemLocationSeq.empty(); - if (!IsValidMemLocation) { - return EmptySeq; - } - - return VaListMemLocationSeq; - } - } - - return EmptySeq; -} - -static bool isArgumentEqual(const llvm::Value *SrcValue, - const ExtendedValue &Fact, bool IsVarArgFact) { - const auto *const FactMemLocationFrame = - IsVarArgFact ? getVaListMemoryLocationFrameFromFact(Fact) - : getMemoryLocationFrameFromFact(Fact); - if (!FactMemLocationFrame) { - return false; - } - - if (const auto *const PatchableArgument = - llvm::dyn_cast(FactMemLocationFrame)) { - if (PatchableArgument->hasByValAttr()) { - return false; - } - - if (const auto *const SrcValueArgument = - llvm::dyn_cast(SrcValue)) { - bool IsLinkEqual = SrcValueArgument == PatchableArgument; - if (IsLinkEqual) { - return true; - } - } - } - - return false; -} - -bool DataFlowUtils::isPatchableArgumentStore(const llvm::Value *SrcValue, - const ExtendedValue &Fact) { - bool IsVarArgFact = Fact.isVarArg(); - - bool IsArgEqual = isArgumentEqual(SrcValue, Fact, IsVarArgFact); - if (IsArgEqual) { - return true; - } - - /* - * Patch of varargs passed through '...' - */ - if (IsVarArgFact) { - bool IsIndexEqual = Fact.getVarArgIndex() == Fact.getCurrentVarArgIndex(); - if (!IsIndexEqual) { - return false; - } - - if (const auto *const LoadInst = llvm::dyn_cast(SrcValue)) { - const auto *const PointerOperand = LoadInst->getPointerOperand(); - - const auto VaListMemLocationSeq = - getVaListMemoryLocationSeq(PointerOperand); - bool IsValidMemLocation = !VaListMemLocationSeq.empty(); - if (!IsValidMemLocation) { - return false; - } - - return isSubsetMemoryLocationSeq(getVaListMemoryLocationSeqFromFact(Fact), - VaListMemLocationSeq); - } - } - - return false; -} - -bool DataFlowUtils::isPatchableVaListArgument(const llvm::Value *SrcValue, - const ExtendedValue &Fact) { - bool IsVarArgFact = Fact.isVarArg(); - bool IsArgEqual = isArgumentEqual(SrcValue, Fact, IsVarArgFact); - - return IsVarArgFact && IsArgEqual; -} - -bool DataFlowUtils::isPatchableArgumentMemcpy( - const llvm::Value *SrcValue, - const std::vector &SrcMemLocationSeq, - const ExtendedValue &Fact) { - bool IsVarArgFact = Fact.isVarArg(); - if (!IsVarArgFact) { - return false; - } - - bool IsIndexEqual = Fact.getVarArgIndex() == Fact.getCurrentVarArgIndex(); - if (!IsIndexEqual) { - return false; - } - - bool IsSrcMemLocation = !SrcMemLocationSeq.empty(); - if (IsSrcMemLocation) { - - return isSubsetMemoryLocationSeq(getVaListMemoryLocationSeqFromFact(Fact), - SrcMemLocationSeq); - } - if (const auto *const BitCastInst = - llvm::dyn_cast(SrcValue)) { - auto *const PointerOperand = BitCastInst->getOperand(0); - - const auto VaListMemLocationSeq = - getVaListMemoryLocationSeq(PointerOperand); - bool IsValidMemLocation = !VaListMemLocationSeq.empty(); - if (!IsValidMemLocation) { - return false; - } - - return isSubsetMemoryLocationSeq(getVaListMemoryLocationSeqFromFact(Fact), - VaListMemLocationSeq); - } - - return false; -} - -bool DataFlowUtils::isPatchableReturnValue(const llvm::Value *SrcValue, - const ExtendedValue &Fact) { - /* - * We could also check against the fact which is also a call inst when we - * have a return value. However as we are not changing the fact after - * relocation it would be again taken into account. If we use the patch - * part it is gone after first patch. - */ - const auto *const FactMemLocationFrame = getMemoryLocationFrameFromFact(Fact); - if (!FactMemLocationFrame) { - return false; - } - - if (const auto *const PatchableCallInst = - llvm::dyn_cast(FactMemLocationFrame)) { - - if (const auto *const SrcValueExtractValueInst = - llvm::dyn_cast(SrcValue)) { - bool IsLinkEqual = - SrcValueExtractValueInst->getAggregateOperand() == PatchableCallInst; - if (IsLinkEqual) { - return true; - } - } else if (const auto *const SrcValueCallInst = - llvm::dyn_cast(SrcValue)) { - bool IsLinkEqual = SrcValueCallInst == PatchableCallInst; - if (IsLinkEqual) { - return true; - } - } - } - - return false; -} - -std::vector DataFlowUtils::patchMemoryLocationFrame( - const std::vector &PatchableMemLocationSeq, - const std::vector &PatchMemLocationSeq) { - if (PatchableMemLocationSeq.empty()) { - return EmptySeq; - } - if (PatchMemLocationSeq.empty()) { - return EmptySeq; - } - - std::vector PatchedMemLocationSeq; - PatchedMemLocationSeq.reserve((PatchableMemLocationSeq.size() - 1) + - PatchMemLocationSeq.size()); - - PatchedMemLocationSeq.insert(PatchedMemLocationSeq.end(), - PatchMemLocationSeq.begin(), - PatchMemLocationSeq.end()); - PatchedMemLocationSeq.insert(PatchedMemLocationSeq.end(), - std::next(PatchableMemLocationSeq.begin()), - PatchableMemLocationSeq.end()); - - return PatchedMemLocationSeq; -} - -static long getNumCoercedArgs(const llvm::Value *Value) { - if (const auto *const ConstExpr = llvm::dyn_cast(Value)) { - Value = - const_cast(ConstExpr) // FIXME this is terrible. - ->getAsInstruction(); - } - - if (llvm::isa(Value) || - llvm::isa(Value)) { - return -4711; - } - - if (const auto *const BitCastInst = - llvm::dyn_cast(Value)) { - long Ret = getNumCoercedArgs(BitCastInst->getOperand(0)); - - if (Ret == -4711) { - auto *const DstType = BitCastInst->getDestTy(); - if (!DstType->isPointerTy()) { - return -1; - } - - auto *const ElementType = DstType->getPointerElementType(); - - if (auto *const StructType = - llvm::dyn_cast(ElementType)) { - return static_cast(StructType->getNumElements()); - } - return -1; - } - - return Ret; - } - if (const auto *const GepInst = - llvm::dyn_cast(Value)) { - return getNumCoercedArgs(GepInst->getPointerOperand()); - } - if (const auto *const LoadInst = llvm::dyn_cast(Value)) { - return getNumCoercedArgs(LoadInst->getPointerOperand()); - } - - return -1; -} - -/* - * The purpose of this function is to provide a sanitized arg list. - * Sanitization comprises the following 2 steps: - * - * (1) Only keep one coerced argument and fix mem location sequence. - * This is extremely important when using varargs as we would - * increment the var args index for every coerced element although - * we only need one index for the struct. The way we figure out the - * amount of coerced args for a struct is to retrieve the bitcast - * and count its members. Notes for fixing the mem location sequence - * can be found below. - * - * (2) Provide a default formal parameter for varargs - * - * If the struct is coerced then the indexes are not matching anymore. - * E.g. if we have the following struct: - * - * struct s1 { - * int a; - * int b; - * char *t1; - * }; - * - * If we taint t1 we will have Alloca_x -> GEP 2 as our memory location. - * - * Now if a and b are coerced from i32, i32 to i64 we will have a struct - * that only contains two members (i64, i8*). This means that also the - * GEP indexes are different (there is no GEP 2 anymore). So we just ignore - * the GEP value and pop it from the memory location and proceed as usual. - */ -std::vector< - std::tuple, - const llvm::Value *>> -DataFlowUtils::getSanitizedArgList(const llvm::CallInst *CallInst, - const llvm::Function *DestFun, - const llvm::Value *ZeroValue) { - std::vector< - std::tuple, - const llvm::Value *>> - SanitizedArgList; - - for (unsigned I = 0; I < CallInst->arg_size(); ++I) { - auto *const Arg = CallInst->getOperand(I); - const auto *const Param = getNthFunctionArgument(DestFun, I); - - auto ArgMemLocationSeq = DataFlowUtils::getMemoryLocationSeqFromMatr(Arg); - - long NumCoersedArgs = getNumCoercedArgs(Arg); - bool IsCoersedArg = NumCoersedArgs > 0; - - bool IsArrayDecay = DataFlowUtils::isArrayDecay(Arg); - - if (IsCoersedArg) { - ArgMemLocationSeq.pop_back(); - I += NumCoersedArgs - 1; - } else if (IsArrayDecay) { - ArgMemLocationSeq.pop_back(); - } - - const auto *const SanitizedParam = Param ? Param : ZeroValue; - - SanitizedArgList.emplace_back(Arg, ArgMemLocationSeq, SanitizedParam); - } - - return SanitizedArgList; -} - -static std::vector getPostDominators( - const llvm::DomTreeNodeBase *PostDomTreeNode, - const llvm::BasicBlock *StartBasicBlock) { - auto *const CurrentBasicBlock = PostDomTreeNode->getBlock(); - bool IsStartBasicBlock = CurrentBasicBlock == StartBasicBlock; - - if (IsStartBasicBlock) { - return {CurrentBasicBlock}; - } - - for (auto *const PostDomTreeChild : PostDomTreeNode->children()) { - auto ChildNodes = getPostDominators(PostDomTreeChild, StartBasicBlock); - if (!ChildNodes.empty()) { - ChildNodes.push_back(CurrentBasicBlock); - - return ChildNodes; - } - } - - return {}; -} - -const llvm::BasicBlock * -DataFlowUtils::getEndOfTaintedBlock(const llvm::BasicBlock *StartBasicBlock) { - const auto *const TerminatorInst = StartBasicBlock->getTerminator(); - auto *const Function = - const_cast( // FIXME this is terrible. - StartBasicBlock->getParent()); - - bool IsBlockStatement = llvm::isa(TerminatorInst) || - llvm::isa(TerminatorInst); - if (!IsBlockStatement) { - return nullptr; - } - - llvm::PostDominatorTree PostDominatorTree; - PostDominatorTree.recalculate(*Function); - - const auto PostDominators = - getPostDominators(PostDominatorTree.getRootNode(), StartBasicBlock); - - return PostDominators.size() > 1 ? PostDominators[1] : nullptr; -} - -/* - * We are removing the tainted branch instruction from facts if the - * instruction's basic block label matches the one of the tainted branch end - * block. Note that we remove it after the phi node making sure that the phi - * node is auto added whenever we came from a tainted branch. - */ -bool DataFlowUtils::removeTaintedBlockInst( - const ExtendedValue &Fact, const llvm::Instruction *CurrentInst) { - bool IsEndOfFunctionTaint = Fact.getEndOfTaintedBlockLabel().empty(); - if (IsEndOfFunctionTaint) { - return false; - } - - bool IsPhiNode = llvm::isa(CurrentInst); - if (IsPhiNode) { - return false; - } - - const auto *const CurrentBB = CurrentInst->getParent(); - const auto CurrentLabel = CurrentBB->getName(); - - return CurrentLabel == Fact.getEndOfTaintedBlockLabel(); -} - -bool DataFlowUtils::isAutoGENInTaintedBlock( - const llvm::Instruction *CurrentInst) { - return !llvm::isa(CurrentInst) && - !llvm::isa(CurrentInst) && - !llvm::isa(CurrentInst) && - !llvm::isa(CurrentInst) && - !llvm::isa(CurrentInst); -} - -bool DataFlowUtils::isMemoryLocationFact(const ExtendedValue &EV) { - return !EV.getMemLocationSeq().empty(); -} - -bool DataFlowUtils::isKillAfterStoreFact(const ExtendedValue &EV) { - return !isMemoryLocationFact(EV) && !llvm::isa(EV.getValue()); -} - -bool DataFlowUtils::isCheckOperandsInst(const llvm::Instruction *CurrentInst) { - bool IsLoad = llvm::isa(CurrentInst); - if (IsLoad) { - return false; - } - - return llvm::isa(CurrentInst) || - llvm::isa(CurrentInst) || - llvm::isa(CurrentInst) || - llvm::isa(CurrentInst); -} - -bool DataFlowUtils::isAutoIdentity(const llvm::Instruction *CurrentInst, - const ExtendedValue &Fact) { - bool IsVarArgTemplate = Fact.isVarArgTemplate(); - if (IsVarArgTemplate) { - return !llvm::isa(CurrentInst); - } - - /* - * If we are dealing with varargs we need to make sure that the internal - * structure va_list is never tainted (not even in an auto taint scenario). - * This would lead to detecting conditions as tainted for varargs internal - * processing branches which further leads to auto tainting of every vararg. - * For traceability disable this check and run test case - * 200-map-to-callee-varargs-15. The interesting part begins at line 101 in - * the IR. - */ - if (const auto *const StoreInst = - llvm::dyn_cast(CurrentInst)) { - const auto *const SrcMemLocationMatr = StoreInst->getValueOperand(); - const auto *const SrcMemLocationFrame = - getMemoryLocationFrameFromMatr(SrcMemLocationMatr); - - bool IsArgumentPatch = - llvm::isa_and_nonnull(SrcMemLocationFrame); - if (IsArgumentPatch) { - return false; - } - - const auto *const DstMemLocationMatr = StoreInst->getPointerOperand(); - const auto DstMemLocationSeq = - getMemoryLocationSeqFromMatr(DstMemLocationMatr); - - bool IsDstMemLocation = !DstMemLocationSeq.empty(); - if (IsDstMemLocation) { - auto *const MemLocationFrameType = DstMemLocationSeq.front()->getType(); - - bool IsMemLocationFrameTypeVaList = isVaListType(MemLocationFrameType); - if (IsMemLocationFrameTypeVaList) { - return true; - } - } - } - - return false; -} - -bool DataFlowUtils::isVarArgParam(const llvm::Value *Param, - const llvm::Value *ZeroValue) { - return Param == ZeroValue; -} - -bool DataFlowUtils::isVaListType(const llvm::Type *Type) { - const auto TypeName = getTypeName(Type); - - return TypeName.find("%struct.__va_list_tag") != std::string::npos; -} - -bool DataFlowUtils::isReturnValue(const llvm::Instruction *CurrentInst, - const llvm::Instruction *SuccessorInst) { - bool IsSuccessorRetVal = llvm::isa(SuccessorInst); - if (!IsSuccessorRetVal) { - return false; - } - - if (const auto *const BinaryOpInst = - llvm::dyn_cast(CurrentInst)) { - bool IsMagicOpCode = BinaryOpInst->getOpcode() == 20; - if (!IsMagicOpCode) { - return false; - } - - bool IsMagicType = getTypeName(BinaryOpInst->getType()) == "i4711"; - if (!IsMagicType) { - return false; - } - - return true; - } - - return false; -} - -/* - * We use the following conditions to check whether a memory location is an - * array decay or not: - * - * (1) Last GEP is of type array - * (2) There is no load after our last GEP array - * - * Check 071-arrays-3, 071-arrays-11, 200-map-to-callee-variable-array-2, - * 200-map-to-callee-varargs-30, 260-globals-12 - */ -bool DataFlowUtils::isArrayDecay(const llvm::Value *MemLocationMatr) { - if (!MemLocationMatr) { - return false; - } - - if (const auto *const ConstExpr = - llvm::dyn_cast(MemLocationMatr)) { - MemLocationMatr = - const_cast( // FIXME this is terrible. - ConstExpr) - ->getAsInstruction(); - } - - bool IsMemLocationFrame = isMemoryLocationFrame(MemLocationMatr); - if (IsMemLocationFrame) { - return false; - } - if (const auto *const CastInst = - llvm::dyn_cast(MemLocationMatr)) { - return isArrayDecay(CastInst->getOperand(0)); - } - if (const auto *const GepInst = - llvm::dyn_cast(MemLocationMatr)) { - bool IsSrcMemLocationArrayType = - GepInst->getPointerOperandType()->getPointerElementType()->isArrayTy(); - if (IsSrcMemLocationArrayType) { - return true; - } - - return false; - } - if (const auto *const LoadInst = - llvm::dyn_cast(MemLocationMatr)) { - return false; - } - - return false; -} - -bool DataFlowUtils::isGlobalMemoryLocationSeq( - const std::vector &MemLocationSeq) { - if (MemLocationSeq.empty()) { - return false; - } - - return llvm::isa(MemLocationSeq.front()); -} - -static void -dumpMemoryLocation(const std::vector &MemLocationSeq) { -#ifdef DEBUG_BUILD - for (const auto MemLocationPart : MemLocationSeq) { - llvm::outs() << "[ENV_TRACE] "; - MemLocationPart->print(llvm::outs()); - llvm::outs() << "\n"; - llvm::outs().flush(); - } -#endif -} - -void DataFlowUtils::dumpFact(const ExtendedValue &EV) { - if (!EV.getMemLocationSeq().empty()) { - LOG_DEBUG("memLocationSeq:"); - dumpMemoryLocation(EV.getMemLocationSeq()); - } - - if (!EV.getEndOfTaintedBlockLabel().empty()) { - LOG_DEBUG("endOfTaintedBlockLabel: " << EV.getEndOfTaintedBlockLabel()); - } - - if (EV.isVarArg()) { - if (!EV.isVarArgTemplate()) { - LOG_DEBUG("vaListMemLocationSeq:"); - dumpMemoryLocation(getVaListMemoryLocationSeqFromFact(EV)); - } - LOG_DEBUG("varArgIndex: " << EV.getVarArgIndex()); - LOG_DEBUG("currentVarArgIndex: " << EV.getCurrentVarArgIndex()); - } -} - -static std::set readFileFromEnvVar(const char *EnvVar) { - std::set Lines; - - const char *FilePath = std::getenv(EnvVar); - if (!FilePath) { - LOG_INFO(EnvVar << " unset"); - return Lines; - } - LOG_INFO(EnvVar << " set to: " << FilePath); - - std::ifstream Fis(FilePath); - if (Fis.fail()) { - LOG_INFO("Failed to read from: " << FilePath); - return Lines; - } - - std::string Line; - while (std::getline(Fis, Line)) { - if (Line.empty()) { - continue; - } - if (Line.at(0) == '#') { - continue; - } - - Lines.insert(Line); - } - - return Lines; -} - -std::set DataFlowUtils::getTaintedFunctions() { - std::set TaintedFunctions = - readFileFromEnvVar("TAINTED_FUNCTIONS_LOCATION"); - if (TaintedFunctions.empty()) { - TaintedFunctions = {"getenv", "secure_getenv"}; - } - - LOG_INFO("Tainted functions:"); - for (const auto &TaintedFunction : TaintedFunctions) { - LOG_INFO(TaintedFunction); - } - - return TaintedFunctions; -} - -std::set DataFlowUtils::getBlacklistedFunctions() { - std::set BlacklistedFunctions = - readFileFromEnvVar("BLACKLISTED_FUNCTIONS_LOCATION"); - if (BlacklistedFunctions.empty()) { - BlacklistedFunctions = {"printf"}; - } - - LOG_INFO("Blacklisted functions:"); - for (const auto &BlacklistedFunction : BlacklistedFunctions) { - LOG_INFO(BlacklistedFunction); - } - - return BlacklistedFunctions; -} - -std::string -DataFlowUtils::getTraceFilenamePrefix(const std::string &EntryPoint) { - time_t Time = std::time(nullptr); - long Now = static_cast(Time); - - std::stringstream TraceFileStream; - TraceFileStream << "static" - << "-" << EntryPoint << "-" << Now; - - return TraceFileStream.str(); -} diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.cpp deleted file mode 100644 index 1f1674dc4..000000000 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.cpp +++ /dev/null @@ -1,261 +0,0 @@ -/** - * @author Sebastian Roland - */ - -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSFieldSensTaintAnalysis.h" - -#include "phasar/PhasarLLVM/DB/LLVMProjectIRDB.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/BranchSwitchInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CallToRetFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/CheckOperandsFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GEPInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/GenerateFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/IdentityFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCallee.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MapTaintedValuesToCaller.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemSetInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/MemTransferInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/PHINodeFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/ReturnInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/StoreInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAEndInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/FlowFunctions/VAStartInstFlowFunction.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovRetValWriter.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LcovWriter.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/LineNumberWriter.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStats.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Stats/TraceStatsWriter.h" -#include "phasar/PhasarLLVM/DataFlow/IfdsIde/IFDSFieldSensTaintAnalysis/Utils/DataFlowUtils.h" - -#include "llvm/IR/IntrinsicInst.h" - -#include -#include -#include -#include - -namespace psr { - -IFDSFieldSensTaintAnalysis::IFDSFieldSensTaintAnalysis( - const LLVMProjectIRDB *IRDB, const LLVMTaintConfig *TaintConfig, - std::vector EntryPoints) - : IFDSTabulationProblem(IRDB, std::move(EntryPoints), createZeroValue()), - Config(TaintConfig) { - assert(Config != nullptr); -} - -IFDSFieldSensTaintAnalysis::FlowFunctionPtrType -IFDSFieldSensTaintAnalysis::getNormalFlowFunction( - const llvm::Instruction *CurrentInst, - const llvm::Instruction *SuccessorInst) { - if (Config->isSource(CurrentInst)) { - // TODO: generate current inst wrapped in an ExtendedValue - } - - if (Config->isSink(CurrentInst)) { - // TODO: report leak as done for the functions - } - - if (DataFlowUtils::isReturnValue(CurrentInst, SuccessorInst)) { - return std::make_shared(SuccessorInst, Stats, - getZeroValue()); - } - - if (llvm::isa(CurrentInst)) { - return std::make_shared(CurrentInst, Stats, - getZeroValue()); - } - - if (llvm::isa(CurrentInst) || - llvm::isa(CurrentInst)) { - return std::make_shared(CurrentInst, Stats, - getZeroValue()); - } - - if (llvm::isa(CurrentInst)) { - return std::make_shared(CurrentInst, Stats, - getZeroValue()); - } - - if (llvm::isa(CurrentInst)) { - return std::make_shared(CurrentInst, Stats, - getZeroValue()); - } - - if (DataFlowUtils::isCheckOperandsInst(CurrentInst)) { - return std::make_shared(CurrentInst, Stats, - getZeroValue()); - } - - return std::make_shared(CurrentInst, Stats, - getZeroValue()); -} - -IFDSFieldSensTaintAnalysis::FlowFunctionPtrType -IFDSFieldSensTaintAnalysis::getCallFlowFunction( - const llvm::Instruction *CallSite, const llvm::Function *DestFun) { - return std::make_shared( - llvm::cast(CallSite), DestFun, Stats, getZeroValue()); -} - -IFDSFieldSensTaintAnalysis::FlowFunctionPtrType -IFDSFieldSensTaintAnalysis::getRetFlowFunction( - const llvm::Instruction *CallSite, const llvm::Function * /*CalleeFun*/, - const llvm::Instruction *ExitStmt, const llvm::Instruction * /*RetSite*/) { - return std::make_shared( - llvm::cast(CallSite), - llvm::cast(ExitStmt), Stats, getZeroValue()); -} - -/* - * Every fact that was valid before call to function will be handled here - * right after the function call has returned... We would like to keep all - * previously generated facts. Facts from the returning functions are - * handled in getRetFlowFunction. - */ -IFDSFieldSensTaintAnalysis::FlowFunctionPtrType -IFDSFieldSensTaintAnalysis::getCallToRetFlowFunction( - const llvm::Instruction *CallSite, const llvm::Instruction * /*RetSite*/, - llvm::ArrayRef /*Callees*/) { - /* - * It is important to wrap the identity call here. Consider the following - * example: - * - * br i1 %cmp, label %cond.true, label %cond.false - * cond.true: - * %call1 = call i32 (...) @foo() - * br label %cond.end - * ... - * cond.end: - * %cond = phi i32 [ %call1, %cond.true ], [ 1, %cond.false ] - * - * Because we are in a tainted branch we must push %call1 to facts. We cannot - * do that in the getSummaryFlowFunction() because if we return a flow - * function we never follow the function. If we intercept here the call - * instruction will be pushed when the flow function is called with the branch - * instruction fact. - */ - return std::make_shared(CallSite, Stats, - getZeroValue()); -} - -/* - * If we return sth. different than a nullptr the callee will not be traversed. - * Instead facts according to the defined flow function will be taken into - * account. - */ -IFDSFieldSensTaintAnalysis::FlowFunctionPtrType -IFDSFieldSensTaintAnalysis::getSummaryFlowFunction( - const llvm::Instruction *CallSite, const llvm::Function *DestFun) { - /* - * We exclude function ptr calls as they will be applied to every - * function matching its signature (@see LLVMBasedICFG.cpp:217). - */ - const auto *const CS = llvm::cast(CallSite); - bool IsStaticCallSite = CS->getCalledFunction(); - if (!IsStaticCallSite) { - return std::make_shared(CS, Stats, getZeroValue()); - } - - /* - * Exclude blacklisted functions here. - */ - bool IsSink = Config->mayLeakValuesAt(CallSite, DestFun); - - if (IsSink) { - return std::make_shared(CS, Stats, getZeroValue()); - } - - /* - * Intrinsics. - */ - if (llvm::isa(CallSite)) { - return std::make_shared(CallSite, Stats, - getZeroValue()); - } - - if (llvm::isa(CallSite)) { - return std::make_shared(CallSite, Stats, - getZeroValue()); - } - - if (llvm::isa(CallSite)) { - return std::make_shared(CallSite, Stats, - getZeroValue()); - } - - if (llvm::isa(CallSite)) { - return std::make_shared(CallSite, Stats, - getZeroValue()); - } - - /* - * Provide summary for tainted functions. - */ - bool TaintRet = - Config->isSource(CallSite) || - (Config->getRegisteredSourceCallBack() && - Config->getRegisteredSourceCallBack()(CallSite).count(CallSite)); - /// TODO: What about source parameters? They are not handled in the original - /// implementation, so skip them for now and add them later. - if (TaintRet) { - return std::make_shared(CallSite, Stats, - getZeroValue()); - } - - /* - * Skip all (other) declarations. - */ - bool IsDeclaration = DestFun->isDeclaration(); - if (IsDeclaration) { - return std::make_shared(CallSite, Stats, - getZeroValue()); - } - - /* - * Follow call -> getCallFlowFunction() - */ - return nullptr; -} - -InitialSeeds -IFDSFieldSensTaintAnalysis::initialSeeds() { - InitialSeeds - Seeds; - auto TaintSeeds = Config->makeInitialSeeds(); - for (const auto &[Inst, Facts] : TaintSeeds) { - for (const auto &Fact : Facts) { - Seeds.addSeed(Inst, ExtendedValue(Fact)); - } - } - return Seeds; -} - -void IFDSFieldSensTaintAnalysis::emitTextReport( - const SolverResults - & /*SolverResults*/, - llvm::raw_ostream & /*OS*/) { - std::string FirstEntryPoints = *EntryPoints.begin(); - const std::string LcovTraceFile = - DataFlowUtils::getTraceFilenamePrefix(FirstEntryPoints + "-trace.txt"); - const std::string LcovRetValTraceFile = DataFlowUtils::getTraceFilenamePrefix( - FirstEntryPoints + "-return-value-trace.txt"); - -#ifdef DEBUG_BUILD - // Write line number trace (for tests only) - LineNumberWriter lineNumberWriter(traceStats, "line-numbers.txt"); - LineNumberWriter.write(); -#endif - - // Write lcov trace - LcovWriter LcovWriter(Stats, LcovTraceFile); - LcovWriter.write(); - - // Write lcov return value trace - LcovRetValWriter LcovRetValWriter(Stats, LcovRetValTraceFile); - LcovRetValWriter.write(); -} - -} // namespace psr From 1d65cf27aa9cf5b22830f186bf943dc7c8de5fb7 Mon Sep 17 00:00:00 2001 From: Fabian Schiebel Date: Wed, 22 Feb 2023 12:15:54 +0100 Subject: [PATCH 3/5] Wrap calls to stripPointer() in DTAResolver into checks for opaque pointers --- .../ControlFlow/Resolver/DTAResolver.cpp | 34 ++++++++++++------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp index 0bfec443e..88e4975f2 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp @@ -70,20 +70,23 @@ bool DTAResolver::heuristicAntiConstructorVtablePos( // We know that we are in a constructor and the source type of the bitcast is // the same as the this argument. We then check where the bitcast is against // the store instruction of the vtable. - const auto *StructTy = stripPointer(BitCast->getSrcTy()); - if (StructTy == nullptr) { - throw std::runtime_error( - "StructTy == nullptr in the heuristic_anti_contructor"); - } + if (!BitCast->getSrcTy()->isOpaquePointerTy()) { + // NOLINTNEXTLINE -- already checked for opaqueness of the ptr type + const auto *StructTy = stripPointer(BitCast->getSrcTy()); + if (StructTy == nullptr) { + throw std::runtime_error( + "StructTy == nullptr in the heuristic_anti_contructor"); + } - // If it doesn't contain vtable, there is no reason to call this class in the - // DTA graph, so no need to add it - if (StructTy->isStructTy()) { - if (Resolver::TH->hasVFTable(llvm::dyn_cast(StructTy))) { - return false; + // If it doesn't contain vtable, there is no reason to call this class in + // the DTA graph, so no need to add it + if (StructTy->isStructTy()) { + if (Resolver::TH->hasVFTable( + llvm::dyn_cast(StructTy))) { + return false; + } } } - // So there is a vtable, the question is, where is it compared to the bitcast // instruction Carefull, there can be multiple vtable storage, we want to get // the last one vtable storage typically are : store i32 (...)** bitcast (i8** @@ -138,15 +141,20 @@ bool DTAResolver::heuristicAntiConstructorVtablePos( } void DTAResolver::otherInst(const llvm::Instruction *Inst) { + if (Inst->getType()->isOpaquePointerTy()) { + /// XXX: We may want to get these information on a different way, e.g. by + /// analyzing the debug info + return; + } if (const auto *BitCast = llvm::dyn_cast(Inst)) { // We add the connection between the two types in the DTA graph auto *Src = BitCast->getSrcTy(); auto *Dest = BitCast->getDestTy(); const auto *SrcStructType = - llvm::dyn_cast(stripPointer(Src)); + llvm::dyn_cast(stripPointer(Src)); // NOLINT const auto *DestStructType = - llvm::dyn_cast(stripPointer(Dest)); + llvm::dyn_cast(stripPointer(Dest)); // NOLINT if (SrcStructType && DestStructType && heuristicAntiConstructorVtablePos(BitCast)) { From 1277254b1b536cd471916b6c5439c61c2845bc30 Mon Sep 17 00:00:00 2001 From: Fabian Schiebel Date: Sun, 7 May 2023 20:33:55 +0200 Subject: [PATCH 4/5] Move stripPointer into psr::legacy and removed the deprecated attribute from it as we need to call it from DTAResolver where we explicitly check for the opaque-pointer condition. Added an entry to the BreakingChanges about the removed IfdsFieldSensTaintAnalysis --- BreakingChanges.md | 4 ++++ include/phasar/Utils/Utilities.h | 12 +++++++++--- lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp | 11 +++++------ lib/Utils/Utilities.cpp | 2 +- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/BreakingChanges.md b/BreakingChanges.md index 2d73d94c6..f453f993a 100644 --- a/BreakingChanges.md +++ b/BreakingChanges.md @@ -1,5 +1,9 @@ # Breaking Changes +## development HEAD + +- Removed IfdsFieldSensTaintAnalysis as it relies on LLVM's deprecated typed-pointers. + ## v0323 - `EdgeFunctionPtrType` is no longer a `std::shared_ptr`. Instead `EdgeFunction` should be used directly. `EdgeFunction` is now a *value-type* that encapsulates its memory management by itself. diff --git a/include/phasar/Utils/Utilities.h b/include/phasar/Utils/Utilities.h index b161c8e4e..e38fd35f8 100644 --- a/include/phasar/Utils/Utilities.h +++ b/include/phasar/Utils/Utilities.h @@ -32,9 +32,15 @@ std::string createTimeStamp(); bool isConstructor(llvm::StringRef MangledName); -[[deprecated("Requires non-opaque pointers, which will no longer be " - "supported by LLVM in the next version!")]] const llvm::Type * -stripPointer(const llvm::Type *Pointer); +namespace legacy { +// May need to call this function from a safe environment where we have already +// checked that it does not take any harm. Surround it with the legacy namespace +// as a marker that this function will be removed soon. + +/// [[deprecated("Requires non-opaque pointers, which will no longer be " +/// "supported by LLVM in the next version!")]] +const llvm::Type *stripPointer(const llvm::Type *Pointer); +} // namespace legacy bool isMangled(llvm::StringRef Name); diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp index 88e4975f2..b143d10ea 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp @@ -71,8 +71,7 @@ bool DTAResolver::heuristicAntiConstructorVtablePos( // the same as the this argument. We then check where the bitcast is against // the store instruction of the vtable. if (!BitCast->getSrcTy()->isOpaquePointerTy()) { - // NOLINTNEXTLINE -- already checked for opaqueness of the ptr type - const auto *StructTy = stripPointer(BitCast->getSrcTy()); + const auto *StructTy = psr::legacy::stripPointer(BitCast->getSrcTy()); if (StructTy == nullptr) { throw std::runtime_error( "StructTy == nullptr in the heuristic_anti_contructor"); @@ -151,10 +150,10 @@ void DTAResolver::otherInst(const llvm::Instruction *Inst) { auto *Src = BitCast->getSrcTy(); auto *Dest = BitCast->getDestTy(); - const auto *SrcStructType = - llvm::dyn_cast(stripPointer(Src)); // NOLINT - const auto *DestStructType = - llvm::dyn_cast(stripPointer(Dest)); // NOLINT + const auto *SrcStructType = llvm::dyn_cast( + psr::legacy::stripPointer(Src)); // NOLINT + const auto *DestStructType = llvm::dyn_cast( + psr::legacy::stripPointer(Dest)); // NOLINT if (SrcStructType && DestStructType && heuristicAntiConstructorVtablePos(BitCast)) { diff --git a/lib/Utils/Utilities.cpp b/lib/Utils/Utilities.cpp index 9925a8e3e..28e8d378e 100644 --- a/lib/Utils/Utilities.cpp +++ b/lib/Utils/Utilities.cpp @@ -64,7 +64,7 @@ bool isConstructor(llvm::StringRef MangledName) { return false; } -const llvm::Type *stripPointer(const llvm::Type *Pointer) { +const llvm::Type *legacy::stripPointer(const llvm::Type *Pointer) { const auto *Next = llvm::dyn_cast(Pointer); while (Next) { assert(!Next->isOpaquePointerTy() && From 4c3f791e5d8146b33b78492da7b7a04fd7a4c731 Mon Sep 17 00:00:00 2001 From: Fabian Schiebel Date: Thu, 22 Jun 2023 18:57:54 +0200 Subject: [PATCH 5/5] Replace calls to getPointerElementType() by getNonOpaquePointerElementType() --- .../ControlFlow/LLVMBasedICFGGlobalsImpl.cpp | 4 ++-- .../ControlFlow/Resolver/RTAResolver.cpp | 16 +++++++------- .../ControlFlow/Resolver/Resolver.cpp | 2 +- .../IfdsIde/Problems/IDETypeStateAnalysis.cpp | 15 ++++++------- .../Passes/GeneralStatisticsAnalysis.cpp | 5 +++-- lib/PhasarLLVM/Pointer/LLVMAliasGraph.cpp | 14 +++++++------ lib/PhasarLLVM/Pointer/LLVMAliasSet.cpp | 4 ++-- .../Pointer/LLVMBasedAliasAnalysis.cpp | 21 +++++++++++-------- lib/PhasarLLVM/Utils/LLVMShorthands.cpp | 7 ++++--- 9 files changed, 49 insertions(+), 39 deletions(-) diff --git a/lib/PhasarLLVM/ControlFlow/LLVMBasedICFGGlobalsImpl.cpp b/lib/PhasarLLVM/ControlFlow/LLVMBasedICFGGlobalsImpl.cpp index 3e91de6f3..f0f1c16f2 100644 --- a/lib/PhasarLLVM/ControlFlow/LLVMBasedICFGGlobalsImpl.cpp +++ b/lib/PhasarLLVM/ControlFlow/LLVMBasedICFGGlobalsImpl.cpp @@ -26,8 +26,8 @@ static void insertGlobalCtorsDtorsImpl(MapTy &Into, const llvm::Module &M, return; } - if (const auto *FunArray = llvm::dyn_cast( - Gtors->getType()->getPointerElementType())) { + if (const auto *FunArray = + llvm::dyn_cast(Gtors->getValueType())) { if (const auto *ConstFunArray = llvm::dyn_cast(Gtors->getInitializer())) { for (const auto &Op : ConstFunArray->operands()) { diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp index 80dee72e9..2f0b883e1 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp @@ -27,6 +27,7 @@ #include "llvm/IR/DerivedTypes.h" #include "llvm/IR/Function.h" #include "llvm/IR/InstIterator.h" +#include "llvm/IR/InstrTypes.h" #include "llvm/IR/Instruction.h" #include "llvm/IR/Instructions.h" #include "llvm/IR/Module.h" @@ -122,21 +123,22 @@ void RTAResolver::resolveAllocatedStructTypes() { /// PointerElementType anyway... for (const auto *User : Inst.users()) { const auto *Cast = llvm::dyn_cast(User); - if (!Cast || - !Cast->getDestTy()->getPointerElementType()->isStructTy()) { + if (!Cast || Cast->getDestTy()->isOpaquePointerTy() || + !Cast->getDestTy() + ->getNonOpaquePointerElementType() + ->isStructTy()) { continue; } // finally check for ctor call for (const auto *User : Cast->users()) { - if (llvm::isa(User) || - llvm::isa(User)) { + if (const auto *CTor = llvm::dyn_cast(User)) { // potential call to the structures ctor - const auto *CTor = llvm::cast(User); if (CTor->getCalledFunction() && getNthFunctionArgument(CTor->getCalledFunction(), 0) - ->getType() == Cast->getDestTy()) { + ->getType() == Cast->getDestTy() && + !Cast->getDestTy()->isOpaquePointerTy()) { if (const auto *StructTy = llvm::dyn_cast( - Cast->getDestTy()->getPointerElementType())) { + Cast->getDestTy()->getNonOpaquePointerElementType())) { AllocatedStructTypes.insert(StructTy); } } diff --git a/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp b/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp index 0269da65a..fbb08a957 100644 --- a/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp +++ b/lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp @@ -78,7 +78,7 @@ const llvm::StructType *psr::getReceiverType(const llvm::CallBase *CallSite) { if (!Receiver->getType()->isOpaquePointerTy()) { if (const auto *ReceiverTy = llvm::dyn_cast( - Receiver->getType()->getPointerElementType())) { + Receiver->getType()->getNonOpaquePointerElementType())) { return ReceiverTy; } } diff --git a/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IDETypeStateAnalysis.cpp b/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IDETypeStateAnalysis.cpp index ee03dd088..38f914184 100644 --- a/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IDETypeStateAnalysis.cpp +++ b/lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IDETypeStateAnalysis.cpp @@ -680,8 +680,8 @@ bool hasMatchingTypeName(const llvm::Type *Ty, const std::string &Pattern) { } bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { // General case - if (V->getType()->isPointerTy()) { - if (hasMatchingTypeName(V->getType()->getPointerElementType(), + if (V->getType()->isPointerTy() && !V->getType()->isOpaquePointerTy()) { + if (hasMatchingTypeName(V->getType()->getNonOpaquePointerElementType(), TSD->getTypeNameOfInterest())) { return true; } @@ -691,7 +691,7 @@ bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { if (Alloca->getAllocatedType()->isPointerTy()) { if (Alloca->getAllocatedType()->isOpaquePointerTy() || hasMatchingTypeName( - Alloca->getAllocatedType()->getPointerElementType(), + Alloca->getAllocatedType()->getNonOpaquePointerElementType(), TSD->getTypeNameOfInterest())) { return true; } @@ -701,7 +701,7 @@ bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { if (const auto *Load = llvm::dyn_cast(V)) { if (Load->getType()->isPointerTy()) { if (Load->getType()->isOpaquePointerTy() || - hasMatchingTypeName(Load->getType()->getPointerElementType(), + hasMatchingTypeName(Load->getType()->getNonOpaquePointerElementType(), TSD->getTypeNameOfInterest())) { return true; } @@ -711,9 +711,10 @@ bool IDETypeStateAnalysis::hasMatchingType(IDETypeStateAnalysis::d_t V) { if (const auto *Store = llvm::dyn_cast(V)) { if (Store->getValueOperand()->getType()->isPointerTy()) { if (Store->getValueOperand()->getType()->isOpaquePointerTy() || - hasMatchingTypeName( - Store->getValueOperand()->getType()->getPointerElementType(), - TSD->getTypeNameOfInterest())) { + hasMatchingTypeName(Store->getValueOperand() + ->getType() + ->getNonOpaquePointerElementType(), + TSD->getTypeNameOfInterest())) { return true; } } diff --git a/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp b/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp index e368fcc6d..7265024b3 100644 --- a/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp +++ b/lib/PhasarLLVM/Passes/GeneralStatisticsAnalysis.cpp @@ -101,7 +101,7 @@ GeneralStatistics GeneralStatisticsAnalysis::runOnModule(llvm::Module &M) { if (Cast->getDestTy()->isPointerTy() && !Cast->getDestTy()->isOpaquePointerTy() && Cast->getDestTy() - ->getPointerElementType() + ->getNonOpaquePointerElementType() ->isStructTy()) { // finally check for ctor call for (auto *User : Cast->users()) { @@ -114,7 +114,8 @@ GeneralStatistics GeneralStatisticsAnalysis::runOnModule(llvm::Module &M) { CTor->getCalledFunction()->getArg(0)->getType() == Cast->getDestTy()) { Stats.AllocatedTypes.insert( - Cast->getDestTy()->getPointerElementType()); + Cast->getDestTy() + ->getNonOpaquePointerElementType()); } } } diff --git a/lib/PhasarLLVM/Pointer/LLVMAliasGraph.cpp b/lib/PhasarLLVM/Pointer/LLVMAliasGraph.cpp index 550794257..b96e745b7 100644 --- a/lib/PhasarLLVM/Pointer/LLVMAliasGraph.cpp +++ b/lib/PhasarLLVM/Pointer/LLVMAliasGraph.cpp @@ -214,16 +214,18 @@ void LLVMAliasGraph::computeAliasGraph(llvm::Function *F) { // iterate over the worklist, and run the full (n^2)/2 disambiguations const auto MapEnd = ValueVertexMap.end(); for (auto I1 = ValueVertexMap.begin(); I1 != MapEnd; ++I1) { - llvm::Type *I1ElTy = !I1->first->getType()->isOpaquePointerTy() - ? I1->first->getType()->getPointerElementType() - : nullptr; + llvm::Type *I1ElTy = + !I1->first->getType()->isOpaquePointerTy() + ? I1->first->getType()->getNonOpaquePointerElementType() + : nullptr; const uint64_t I1Size = I1ElTy && I1ElTy->isSized() ? DL.getTypeStoreSize(I1ElTy) : llvm::MemoryLocation::UnknownSize; for (auto I2 = std::next(I1); I2 != MapEnd; ++I2) { - llvm::Type *I2ElTy = !I2->first->getType()->isOpaquePointerTy() - ? I2->first->getType()->getPointerElementType() - : nullptr; + llvm::Type *I2ElTy = + !I2->first->getType()->isOpaquePointerTy() + ? I2->first->getType()->getNonOpaquePointerElementType() + : nullptr; const uint64_t I2Size = I2ElTy && I2ElTy->isSized() ? DL.getTypeStoreSize(I2ElTy) : llvm::MemoryLocation::UnknownSize; diff --git a/lib/PhasarLLVM/Pointer/LLVMAliasSet.cpp b/lib/PhasarLLVM/Pointer/LLVMAliasSet.cpp index 9c3fe5609..83e796b6b 100644 --- a/lib/PhasarLLVM/Pointer/LLVMAliasSet.cpp +++ b/lib/PhasarLLVM/Pointer/LLVMAliasSet.cpp @@ -321,10 +321,10 @@ static bool mayAlias(llvm::AAResults &AA, const llvm::DataLayout &DL, assert(Rep->getType()->isPointerTy()); auto *ElTy = !V->getType()->isOpaquePointerTy() - ? V->getType()->getPointerElementType() + ? V->getType()->getNonOpaquePointerElementType() : nullptr; auto *RepElTy = !Rep->getType()->isOpaquePointerTy() - ? Rep->getType()->getPointerElementType() + ? Rep->getType()->getNonOpaquePointerElementType() : nullptr; auto VSize = ElTy && ElTy->isSized() ? DL.getTypeStoreSize(ElTy) diff --git a/lib/PhasarLLVM/Pointer/LLVMBasedAliasAnalysis.cpp b/lib/PhasarLLVM/Pointer/LLVMBasedAliasAnalysis.cpp index d7c3292f7..9494ff213 100644 --- a/lib/PhasarLLVM/Pointer/LLVMBasedAliasAnalysis.cpp +++ b/lib/PhasarLLVM/Pointer/LLVMBasedAliasAnalysis.cpp @@ -236,17 +236,19 @@ void LLVMBasedAliasAnalysis::print(llvm::raw_ostream &OS) const { // iterate over the worklist, and run the full (n^2)/2 disambiguations for (auto I1 = Pointers.begin(), E = Pointers.end(); I1 != E; ++I1) { auto I1Size = llvm::LocationSize::beforeOrAfterPointer(); - llvm::Type *I1ElTy = !(*I1)->getType()->isOpaquePointerTy() - ? (*I1)->getType()->getPointerElementType() - : nullptr; + llvm::Type *I1ElTy = + !(*I1)->getType()->isOpaquePointerTy() + ? (*I1)->getType()->getNonOpaquePointerElementType() + : nullptr; if (!I1ElTy && I1ElTy->isSized()) { I1Size = llvm::LocationSize::precise(DL.getTypeStoreSize(I1ElTy)); } for (auto I2 = Pointers.begin(); I2 != I1; ++I2) { auto I2Size = llvm::LocationSize::beforeOrAfterPointer(); - llvm::Type *I2ElTy = !(*I2)->getType()->isOpaquePointerTy() - ? (*I2)->getType()->getPointerElementType() - : nullptr; + llvm::Type *I2ElTy = + !(*I2)->getType()->isOpaquePointerTy() + ? (*I2)->getType()->getNonOpaquePointerElementType() + : nullptr; if (I2ElTy && I2ElTy->isSized()) { I2Size = llvm::LocationSize::precise(DL.getTypeStoreSize(I2ElTy)); } @@ -326,9 +328,10 @@ void LLVMBasedAliasAnalysis::print(llvm::raw_ostream &OS) const { for (const llvm::CallBase *Call : Calls) { for (const auto *Pointer : Pointers) { auto Size = llvm::LocationSize::beforeOrAfterPointer(); - llvm::Type *ElTy = !Pointer->getType()->isOpaquePointerTy() - ? Pointer->getType()->getPointerElementType() - : nullptr; + llvm::Type *ElTy = + !Pointer->getType()->isOpaquePointerTy() + ? Pointer->getType()->getNonOpaquePointerElementType() + : nullptr; if (ElTy && ElTy->isSized()) { Size = llvm::LocationSize::precise(DL.getTypeStoreSize(ElTy)); } diff --git a/lib/PhasarLLVM/Utils/LLVMShorthands.cpp b/lib/PhasarLLVM/Utils/LLVMShorthands.cpp index a3b8a186f..18acea968 100644 --- a/lib/PhasarLLVM/Utils/LLVMShorthands.cpp +++ b/lib/PhasarLLVM/Utils/LLVMShorthands.cpp @@ -95,11 +95,12 @@ bool isTypeMatchForFunctionArgument(llvm::Type *Actual, llvm::Type *Formal) { if (llvm::isa(Actual)) { // If formal argument is void *, we can pass anything. if (Actual->isOpaquePointerTy() || Formal->isOpaquePointerTy() || - Formal->getPointerElementType()->isIntegerTy(8)) { + Formal->getNonOpaquePointerElementType()->isIntegerTy(8)) { return true; } - return isTypeMatchForFunctionArgument(Actual->getPointerElementType(), - Formal->getPointerElementType()); + return isTypeMatchForFunctionArgument( + Actual->getNonOpaquePointerElementType(), + Formal->getNonOpaquePointerElementType()); } // For structs, Formal needs to be somehow contained in Actual. if (llvm::isa(Actual)) {