Improving HTML dump of taint summaries.

marek-trtik · marek-trtik · commit 328021ec9f2f · 2017-04-10T09:15:30.000+01:00
diff --git a/src/taint-analysis/taint_summary_dump.cpp b/src/taint-analysis/taint_summary_dump.cpp
@@ -72,6 +72,18 @@ dumper taint_condt::dump(const taint_tokent::named_tokenst &named_tokens) const
     });
 }
 
+dumper taint_subject_conditiont::dump(
+  const taint_tokent::named_tokenst &named_tokens) const
+{
+  return dumper(
+    [this, &named_tokens] (std::ostream &ostr)
+    {
+      ostr
+        << condition.get_name(named_tokens)
+        << " \u2208 " << subject;
+    });
+}
+
 void taint_functions_for_dumping_taint_summary_in_htmlt::
   taint_dump_lvalue_in_html(
     const taint_lvaluet &lvalue,
@@ -185,6 +197,31 @@ bool taint_functions_for_dumping_taint_summary_in_htmlt::
     const bool dump_differce_of_abstract_values,
     std::ostream&  ostr)
 {
+  ostr << "<table>\n"
+          "  <caption>Formal parameters of the function.</caption>\n"
+          "  <tr>\n"
+          "    <th>Index</th>\n"
+          "    <th>Name</th>\n"
+          "    <th>Type</th>\n"
+          "  </tr>\n"
+          ;
+  assert(program.get_namespace().get_symbol_table().has_symbol(fn_id));
+  const symbolt &fn_symbol=program.get_namespace().lookup(fn_id);
+  const code_typet &fn_type=to_code_type(fn_symbol.type);
+  for (std::size_t i=0UL, n=fn_type.parameters().size(); i!=n; ++i)
+  {
+    const code_typet::parametert &param=fn_type.parameters().at(i);
+    ostr << "  <tr>\n"
+            "    <td>" << i << "</td>\n"
+            "    <td>" << param.get_base_name() << "</td>\n"
+            "    <td>" << to_html_text(from_type(program.get_namespace(),"",
+                                                 param.type()))
+                       << "</td>\n"
+            "  </tr>\n"
+            ;
+  }
+  ostr << "</table>\n";
+
   ostr << "<h2>Taint summary</h2>\n"
        << "<p>Mapping of input to symbols:</p>\n"
           "<table>\n"
@@ -257,9 +294,9 @@ bool taint_functions_for_dumping_taint_summary_in_htmlt::
       "  <tr>\n"
       "    <th>Loc</th>\n"
       "    <th>Targets</th>\n"
-      "    <th style=\"width:150px;\">Instruction</th>\n"
-      "    <th style=\"width:150px;\">Domain value</th>\n"
-      "    <th>Comment</th>\n"
+      "    <th>Instruction</th>\n"
+      "    <th>Domain value</th>\n"
+      "    <th style=\"width:300px;\">Comment</th>\n"
       "  </tr>\n";
     for (auto  instr_it = fn_body.instructions.cbegin();
       instr_it!=fn_body.instructions.cend();
@@ -281,7 +318,7 @@ bool taint_functions_for_dumping_taint_summary_in_htmlt::
 
       // Dumping instruction
       ostr << "    <td>\n";
-      dump_instruction_code_in_html(*instr_it, program.get_model(), ostr);
+      dump_instruction_code_in_html(*instr_it, program.get_namespace(), ostr);
       ostr << "</td>\n";
 
       // Dumping taint domain
@@ -339,16 +376,46 @@ bool taint_functions_for_dumping_taint_summary_in_htmlt::
           ostr << "    Function summary was applied.";
           break;
         case taint_transition_property_typet::APPLICATION_OF_PROPAGATION_RULE:
-          ostr << "    Propagation rule was applied. ";
+          ostr << "    Propagation rule '"
+               << to_html_text(props.get_rule_id())
+               << "' was applied.";
           break;
         case taint_transition_property_typet::APPLICATION_OF_SANITISATION_RULE:
-          ostr << "    Sanitisation rule was applied.";
+          ostr << "    Sanitisation rule '"
+               << to_html_text(props.get_rule_id())
+               << "' was applied.";
           break;
         case taint_transition_property_typet::APPLICATION_OF_SINK_RULE:
-          ostr << "    Sink rule was applied.";
+          ostr << "    Sink rule '"
+               << to_html_text(props.get_rule_id())
+               << "' was applied.";
           break;
         case taint_transition_property_typet::CONDITIONAL_APPLICATION_OF_SINK_RULE:
-          ostr << "    The sink rule would be applied if conditions were met.";
+          {
+            ostr << "    The sink rule '"
+                 << to_html_text(props.get_rule_id())
+                 << "' would be applied if ";
+            bool first_and=true;
+            for(const auto& set : props.get_sink_conditions())
+            {
+              if(!first_and)
+                ostr << " and ";
+              if(props.get_sink_conditions().size()>1U && set.size()>1U)
+                ostr << " ( ";
+              bool first_or=true;
+              for(const auto& cond : set)
+              {
+                if(!first_or)
+                  ostr << " or ";
+              ostr << html_encoding() << cond.dump(named_tokens);
+                first_or=false;
+              }
+              if(props.get_sink_conditions().size()>1U && set.size()>1U)
+                ostr << " ) ";
+              first_and=false;
+            }
+            ostr << ".";
+          }
           break;
         case taint_transition_property_typet::REMOVAL_OF_DEAD_VARIABLE:
           ostr << "    Dead variable was removed from the domain.";
