SSS: value-set-analysis adaptation #612
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Encountered during security scanner analysis: a potential case where an infinite series of pointer casts (both explicit and implicit via taking the address of a structure's first member) was accumulated, leading to nontermintion of the VSA algorithm. This is a temporary fix until the underlying cause can be conclusively identified.
Value sets already know their own location id; this adds the function id too so that context-sensitive variants of VSA can find that without needing to track extra context themselves.
This is essentially specific to the security scanner's needs, but is also impossible to add to value-set without templating the class, thus moving ~2000LOC into its header file. This is the temporary kludge until we bite the bullet and do that, or think of something smarter.
This templates value-set-analysis, so that it can be subclassed providing a value-set extension, and virtualizes value-set so it can similarly be extended.
src/pointer-analysis/value_set.cpp
Outdated
| @@ -1062,6 +1062,32 @@ void value_sett::get_reference_set( | |||
| dest.push_back(to_expr(it)); | |||
| } | |||
|
|
|||
| static void strip_casts( | |||
| exprt& e, | |||
smowton
force-pushed
the
sss_templatize_vsa
branch
from
cfc2ba4 to
ff34029
Compare
|
Done |
src/pointer-analysis/value_set.cpp
Outdated
| @@ -1062,6 +1062,32 @@ void value_sett::get_reference_set( | |||
| dest.push_back(to_expr(it)); | |||
| } | |||
|
|
|||
| static void strip_casts( | |||
There was a problem hiding this comment.
function comment block missing
| return; | ||
| } | ||
| else | ||
| return; |
There was a problem hiding this comment.
maybe add a blank line after the return
| xmlt &i=dest.new_element("instruction"); | ||
| i.new_element()=::xml(location); | ||
|
|
||
| for(value_sett::valuest::const_iterator |
| if(location==previous_location) | ||
| continue; | ||
|
|
||
| if(location.is_nil() || location.get_file()==irep_idt()) |
No functional changes
|
Made first two changes. The latter two are inherited from existing VSA, so I won't make them here (they will only clash with likely-upcoming upstream changes) |
peterschrammel
approved these changes
Mar 10, 2017
peterschrammel
added a commit
that referenced
this pull request
Jul 4, 2017
Fixed: Bug in String.indexOf() #612
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This makes a couple of small additions to VSA (storing function-ID in each value set, and a declared-type in value set entries), and templatizes and virtualizes it to make it suitable for subclassing and adaptation by the security scanner.