Merge pull request #520 from secure-software-engineering/f-FixXTaintEdgeFunctions

pdschubert · web-flow · commit ea3b1dc8777e · 2022-09-28T14:46:22.000+02:00
F Fix XTaint EdgeFunctions
diff --git a/include/phasar/Controller/AnalysisController.h b/include/phasar/Controller/AnalysisController.h
@@ -130,7 +130,7 @@ class AnalysisController {
   void executeAnalysis() {
     if constexpr (WithConfig) {
       std::string AnalysisConfigPath =
-          (0 < AnalysisConfigs.size()) ? AnalysisConfigs[0] : "";
+          !AnalysisConfigs.empty() ? AnalysisConfigs[0] : "";
       auto Config =
           !AnalysisConfigPath.empty()
               ? TaintConfig(IRDB, parseTaintConfig(AnalysisConfigPath))
diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/GenEdgeFunction.cpp
@@ -59,18 +59,19 @@ GenEdgeFunction::composeWith(EdgeFunctionPtrType SecondFunction) {
 
 GenEdgeFunction::EdgeFunctionPtrType
 GenEdgeFunction::joinWith(EdgeFunctionPtrType OtherFunction) {
-  if (dynamic_cast<psr::AllBottom<l_t> *>(&*OtherFunction)) {
+  if (Sani == nullptr) {
+    // If there is a non-sanitized taint on any path, keep it
     return shared_from_this();
   }
-  if (dynamic_cast<psr::AllTop<l_t> *>(&*OtherFunction)) {
+
+  if (dynamic_cast<psr::AllBottom<l_t> *>(&*OtherFunction)) {
     return OtherFunction;
   }
-  if (&*getAllSanitized() == &*OtherFunction) {
+  if (dynamic_cast<psr::AllTop<l_t> *>(&*OtherFunction)) {
     return shared_from_this();
   }
-
-  if (Sani == nullptr) {
-    return OtherFunction;
+  if (&*getAllSanitized() == &*OtherFunction) {
+    return shared_from_this();
   }
 
   if (auto *Other = dynamic_cast<EdgeFunctionBase *>(&*OtherFunction)) {
@@ -98,17 +99,17 @@ GenEdgeFunction::joinWith(EdgeFunctionPtrType OtherFunction) {
       // sanitizers
 
       if (Res.isNotSanitized()) {
-        return makeEF<GenEdgeFunction>(BBO, nullptr);
+        return getGenEdgeFunction(BBO);
       }
 
       return makeEF<JoinConstEdgeFunction>(BBO, OtherJoin->getFunction(),
                                            Res.getSanitizer());
     }
   }
 
-  if (isEdgeIdentity(&*OtherFunction)) {
-    return getAllBot();
-  }
+  // if (isEdgeIdentity(&*OtherFunction)) {
+  //   return getAllBot();
+  // }
 
   return makeEF<JoinConstEdgeFunction>(BBO, OtherFunction, Sani);
 }
diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/JoinConstEdgeFunction.cpp
@@ -22,7 +22,9 @@ JoinConstEdgeFunction::JoinConstEdgeFunction(
     const llvm::Instruction *OtherConst)
     : EdgeFunctionBase(EFKind::JoinConst, BBO), OtherFn(std::move(OtherFn)),
       OtherConst(OtherConst) {
-  assert(OtherConst);
+  assert(OtherConst &&
+         "Join with 'NotSanitized' is always 'NotSanitized' and should "
+         "therefore not be modeled by a JoinConstEdgeFunction");
 }
 
 JoinConstEdgeFunction::l_t JoinConstEdgeFunction::computeTarget(l_t Source) {
@@ -33,10 +35,10 @@ JoinConstEdgeFunction::l_t JoinConstEdgeFunction::computeTarget(l_t Source) {
 JoinConstEdgeFunction::EdgeFunctionPtrType
 JoinConstEdgeFunction::joinWith(EdgeFunctionPtrType OtherFunction) {
   if (dynamic_cast<psr::AllBottom<l_t> *>(&*OtherFunction)) {
-    return shared_from_this();
+    return OtherFunction;
   }
   if (dynamic_cast<psr::AllTop<l_t> *>(&*OtherFunction)) {
-    return OtherFunction;
+    return shared_from_this();
   }
   if (auto *Gen = dynamic_cast<GenEdgeFunction *>(&*OtherFunction)) {
     if (Gen->getSanitizer() == nullptr) {
@@ -48,7 +50,7 @@ JoinConstEdgeFunction::joinWith(EdgeFunctionPtrType OtherFunction) {
     // we never return Top, Bottom or Sanitized from a join with two sanitizers
 
     if (Res.isNotSanitized()) {
-      return makeEF<GenEdgeFunction>(BBO, nullptr);
+      return getGenEdgeFunction(BBO);
     }
 
     return makeEF<JoinConstEdgeFunction>(BBO, OtherFn, Res.getSanitizer());
diff --git a/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.cpp b/lib/PhasarLLVM/DataFlowSolver/IfdsIde/Problems/ExtendedTaintAnalysis/XTaintEdgeFunctionBase.cpp
@@ -41,7 +41,7 @@ EdgeFunctionBase::composeWith(EdgeFunctionPtrType SecondFunction) {
 EdgeFunctionBase::EdgeFunctionPtrType
 EdgeFunctionBase::joinWith(EdgeFunctionPtrType OtherFunction) {
   if (dynamic_cast<psr::AllBottom<l_t> *>(&*OtherFunction)) {
-    return shared_from_this();
+    return OtherFunction;
   }
   if (dynamic_cast<psr::AllTop<l_t> *>(&*OtherFunction)) {
     return shared_from_this();
@@ -50,9 +50,9 @@ EdgeFunctionBase::joinWith(EdgeFunctionPtrType OtherFunction) {
     return shared_from_this();
   }
 
-  if (isEdgeIdentity(&*OtherFunction)) {
-    return getAllBot();
-  }
+  // if (isEdgeIdentity(&*OtherFunction)) {
+  //   return getAllBot();
+  // }
 
   if (auto *Gen = dynamic_cast<GenEdgeFunction *>(&*OtherFunction)) {
     if (Gen->getSanitizer() == nullptr) {

Original file line number	Diff line number	Diff line change
`@@ -59,18 +59,19 @@ GenEdgeFunction::composeWith(EdgeFunctionPtrType SecondFunction) {`
`59`	`59`
`60`	`60`	`GenEdgeFunction::EdgeFunctionPtrType`
`61`	`61`	`GenEdgeFunction::joinWith(EdgeFunctionPtrType OtherFunction) {`
`62`		`- if (dynamic_cast<psr::AllBottom<l_t> >(&OtherFunction)) {`
	`62`	`+ if (Sani == nullptr) {`
	`63`	`+ // If there is a non-sanitized taint on any path, keep it`
`63`	`64`	`return shared_from_this();`
`64`	`65`	`}`
`65`		`- if (dynamic_cast<psr::AllTop<l_t> >(&OtherFunction)) {`
	`66`	`+`
	`67`	`+ if (dynamic_cast<psr::AllBottom<l_t> >(&OtherFunction)) {`
`66`	`68`	`return OtherFunction;`
`67`	`69`	`}`
`68`		`- if (&getAllSanitized() == &OtherFunction) {`
	`70`	`+ if (dynamic_cast<psr::AllTop<l_t> >(&OtherFunction)) {`
`69`	`71`	`return shared_from_this();`
`70`	`72`	`}`
`71`		`-`
`72`		`- if (Sani == nullptr) {`
`73`		`- return OtherFunction;`
	`73`	`+ if (&getAllSanitized() == &OtherFunction) {`
	`74`	`+ return shared_from_this();`
`74`	`75`	`}`
`75`	`76`
`76`	`77`	`if (auto Other = dynamic_cast<EdgeFunctionBase >(&*OtherFunction)) {`
`@@ -98,17 +99,17 @@ GenEdgeFunction::joinWith(EdgeFunctionPtrType OtherFunction) {`
`98`	`99`	`// sanitizers`
`99`	`100`
`100`	`101`	`if (Res.isNotSanitized()) {`
`101`		`- return makeEF<GenEdgeFunction>(BBO, nullptr);`
	`102`	`+ return getGenEdgeFunction(BBO);`
`102`	`103`	`}`
`103`	`104`
`104`	`105`	`return makeEF<JoinConstEdgeFunction>(BBO, OtherJoin->getFunction(),`
`105`	`106`	`Res.getSanitizer());`
`106`	`107`	`}`
`107`	`108`	`}`
`108`	`109`
`109`		`- if (isEdgeIdentity(&*OtherFunction)) {`
`110`		`- return getAllBot();`
`111`		`- }`
	`110`	`+ // if (isEdgeIdentity(&*OtherFunction)) {`
	`111`	`+ // return getAllBot();`
	`112`	`+ // }`
`112`	`113`
`113`	`114`	`return makeEF<JoinConstEdgeFunction>(BBO, OtherFunction, Sani);`
`114`	`115`	`}`