Merge pull request diffblue#318 from diffblue/bugfix/different_reason_for_xfail

SEC-171: Fix benchmark rule; note reason for test failure

Author: marek-trtik

regression/end_to_end/tainted-user-class/subclass_rules.json

@@ -5,7 +5,7 @@
       "comment": "Taint source",
       "id": "basic1_source",
       "class": "subclass",
-      "method": "source:()[Lsubclass;",
+      "method": "source:()Lsubclass;",
       "result": {
 		    "location": "return_value",
 		    "taint": "XXX"

regression/end_to_end/tainted-user-class/test_tainted_user_class.py

@@ -3,6 +3,7 @@
     import run_security_analyser_pipeline
 
 import os.path
+import pytest
 
 def test_user_class():
     traces = run_security_analyser_pipeline(
@@ -12,12 +13,17 @@ def test_user_class():
     assert traces.count_traces() > 0
     assert traces.trace_exists("java::test.main:(I)V", 16)
 
+@pytest.mark.xfail(strict=True)
 def test_user_subclass():
-    # The current behaviour may not be what we want, but this verifies if
-    # it has changed: taint assigned to a subtype and taint cleared / read
-    # from a supertype are currently *always distinct*.
+    """
+    The issue is the instrumentation; Although the taint var is here
+        struct subclass { struct test @test; _Bool @__CPROVER_XXX; }
+    However, the sink test looks like this
+        IF !((struct test *)anonlocal::3a)->@__CPROVER_XXX THEN GOTO 5
+    """
     traces = run_security_analyser_pipeline(
         "subclass.class",
         "subclass_rules.json",
         os.path.realpath(os.path.dirname(__file__)))
-    assert traces.count_traces() == 0
+    assert traces.count_traces() == 1
+    assert traces.trace_exists("java::subclass.main:(I)V", 14)