Merge branch 'development' into f-PathTracingNew

include/phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.h

@@ -41,14 +41,15 @@ class AbstractMemoryLocationFactoryBase {
       Block *Next = nullptr;
 
       static Block *create(Block *Next, size_t NumPointerEntries);
-      static void destroy(Block *Blck);
+      static void destroy(Block *Blck, size_t NumPointerEntries);
 
     private:
       Block(Block *Next);
     };
 
     Block *Root = nullptr;
     void **Pos = nullptr, **End = nullptr;
+    size_t InitialCapacity{};
 
     Allocator() noexcept = default;
     Allocator(size_t InitialCapacity);

include/phasar/Utils/StableVector.h

@@ -11,6 +11,7 @@
 #define PHASAR_UTILS_STABLEVECTOR_H_
 
 #include "llvm/ADT/SmallVector.h"
+#include "llvm/Support/Compiler.h"
 #include "llvm/Support/MathExtras.h"
 #include "llvm/Support/raw_ostream.h"
 
@@ -199,6 +200,8 @@ class StableVector {
     Start = Blck;
     End = Blck + Cap;
     Pos = Blck + (Other.Pos - Other.Start);
+
+    __asan_poison_memory_region(Pos, (End - Pos) * sizeof(T));
   }
 
   void swap(StableVector &Other) noexcept {
@@ -246,6 +249,7 @@ class StableVector {
     std::destroy(Start, Pos);
 
     for (size_t I = BlockIdx; I < Blocks.size(); ++I) {
+      __asan_unpoison_memory_region(Blocks[I], Cap * sizeof(T));
       std::allocator_traits<allocator_type>::deallocate(Alloc, Blocks[I], Cap);
 
       Cap = TotalSize;
@@ -265,6 +269,7 @@ class StableVector {
     }
 
     auto Ret = Pos;
+    __asan_unpoison_memory_region(Ret, sizeof(T));
     std::allocator_traits<allocator_type>::construct(
         Alloc, Ret, std::forward<ArgTys>(Args)...);
     ++Pos;
@@ -345,6 +350,8 @@ class StableVector {
     assert(!empty() && "Do not call pop_back() on an empty StableVector!");
 
     std::destroy_at(--Pos);
+    __asan_poison_memory_region(Pos, sizeof(T));
+
     --Size;
     if (Pos != Start) {
       return;
@@ -376,11 +383,13 @@ class StableVector {
 
     for (size_t I = 0; I < BlockIdx; ++I) {
       std::destroy_n(Blocks[I], Cap);
+      __asan_poison_memory_region(Blocks[I], Cap * sizeof(T));
       Cap = TotalSize;
       TotalSize += Cap;
     }
 
     std::destroy(Start, Pos);
+    __asan_poison_memory_region(Start, (Pos - Start) * sizeof(T));
     BlockIdx = 0;
     Size = 0;
     if (!Blocks.empty()) {
@@ -401,10 +410,12 @@ class StableVector {
         Pos -= N;
         Size -= N;
         std::destroy_n(Pos, N);
+        __asan_poison_memory_region(Pos, N * sizeof(T));
         return;
       }
 
       std::destroy(Start, Pos);
+      __asan_poison_memory_region(Start, (Pos - Start) * sizeof(T));
       Size -= NumElementsInCurrBlock;
       N -= NumElementsInCurrBlock;
 
@@ -431,6 +442,7 @@ class StableVector {
 
     if (Size == 0) {
       assert(BlockIdx == 0);
+      __asan_unpoison_memory_region(Blocks[0], InitialCapacity * sizeof(T));
       std::allocator_traits<allocator_type>::deallocate(Alloc, Blocks[0],
                                                         InitialCapacity);
     }
@@ -439,6 +451,7 @@ class StableVector {
 
     for (size_t I = BlockIdx + 1, BlocksEnd = Blocks.size(); I < BlocksEnd;
          ++I) {
+      __asan_unpoison_memory_region(Blocks[I], Cap * sizeof(T));
       std::allocator_traits<allocator_type>::deallocate(Alloc, Blocks[I], Cap);
       Cap <<= 1;
     }
@@ -485,7 +498,9 @@ class StableVector {
   template <typename... ArgTys>
   [[nodiscard]] T &growAndEmplace(ArgTys &&...Args) {
     auto makeBlock = [this](size_t N) {
-      return std::allocator_traits<allocator_type>::allocate(Alloc, N);
+      auto *Ret = std::allocator_traits<allocator_type>::allocate(Alloc, N);
+      __asan_poison_memory_region(std::next(Ret), (N - 1) * sizeof(T));
+      return Ret;
     };
 
     if (Blocks.empty()) {
@@ -495,6 +510,7 @@ class StableVector {
       assert(llvm::isPowerOf2_64(Size));
       BlockIdx++;
       End = Blocks[BlockIdx] + Size;
+      __asan_unpoison_memory_region(Blocks[BlockIdx], sizeof(T));
     } else {
       assert(llvm::isPowerOf2_64(Size));
       BlockIdx++;

lib/PhasarLLVM/DataFlow/IfdsIde/Problems/ExtendedTaintAnalysis/AbstractMemoryLocationFactory.cpp

@@ -39,10 +39,17 @@ auto AbstractMemoryLocationFactoryBase::Allocator::Block::create(
       alignof(AbstractMemoryLocationImpl)}) size_t[1 + NumPointerEntries]);
 
   new (Ret) Block(Next);
+
+  __asan_poison_memory_region(Ret->getTrailingObjects<void *>(),
+                              NumPointerEntries * sizeof(void *));
+
   return Ret;
 }
 
-void AbstractMemoryLocationFactoryBase::Allocator::Block::destroy(Block *Blck) {
+void AbstractMemoryLocationFactoryBase::Allocator::Block::destroy(
+    Block *Blck, [[maybe_unused]] size_t NumPointerEntries) {
+  __asan_unpoison_memory_region(Blck->getTrailingObjects<void *>(),
+                                NumPointerEntries * sizeof(void *));
   ::operator delete[](Blck,
                       std::align_val_t{alignof(AbstractMemoryLocationImpl)});
 }
@@ -61,10 +68,13 @@ AbstractMemoryLocationFactoryBase::Allocator::Allocator(
 }
 
 AbstractMemoryLocationFactoryBase::Allocator::~Allocator() {
-  auto *Blck = Root;
+  auto *Rt = Root;
+  auto *Blck = Rt;
   while (Blck) {
     auto *Nxt = Blck->Next;
-    Block::destroy(Blck);
+    Block::destroy(Blck, Blck == Rt
+                             ? (MinNumPointersPerAML + 3) * InitialCapacity
+                             : NumPointersPerBlock);
     Blck = Nxt;
   }
   Root = nullptr;
@@ -110,6 +120,8 @@ AbstractMemoryLocationFactoryBase::Allocator::create(
 
   Pos += NumPointersRequired;
 
+  __asan_unpoison_memory_region(Ret, NumPointersRequired * sizeof(void *));
+
   new (Ret) AbstractMemoryLocationImpl(Baseptr, Offsets, Lifetime);
 
   return Ret;

lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IDESecureHeapPropagation.cpp

@@ -87,9 +87,10 @@ IDESecureHeapPropagation::getCallToRetFlowFunction(
   // Change to CallSite everywhere
   const auto *CS = llvm::cast<llvm::CallBase>(CallSite);
 
-  auto FName = CS->getCalledFunction()->getName();
-  if (FName == InitializerFn) {
-    return generateFromZero(SecureHeapFact::INITIALIZED);
+  if (const auto *Callee = CS->getCalledFunction()) {
+    if (Callee->getName() == InitializerFn) {
+      return generateFromZero(SecureHeapFact::INITIALIZED);
+    }
   }
   return identityFlow();
 }
@@ -147,7 +148,7 @@ IDESecureHeapPropagation::getCallToRetEdgeFunction(
     return SHPGenEdgeFn{l_t::INITIALIZED};
   }
   const auto *CS = llvm::cast<llvm::CallBase>(CallSite);
-  if (CallNode != ZeroValue &&
+  if (CallNode != ZeroValue && CS->getCalledFunction() &&
       CS->getCalledFunction()->getName() == ShutdownFn) {
     // std::cerr << "Kill at " << llvmIRToShortString(callSite) << std::endl;
     return SHPGenEdgeFn{l_t::BOT};

lib/PhasarLLVM/DataFlow/IfdsIde/Problems/IDETypeStateAnalysis.cpp

@@ -182,13 +182,16 @@ auto IDETypeStateAnalysisBase::getCallToRetFlowFunction(
     n_t CallSite, n_t /*RetSite*/, llvm::ArrayRef<f_t> Callees)
     -> FlowFunctionPtrType {
   const auto *CS = llvm::cast<llvm::CallBase>(CallSite);
+  bool DeclarationOnlyCalleeFound = false;
   for (const auto *Callee : Callees) {
     std::string DemangledFname = llvm::demangle(Callee->getName().str());
     // Generate the return value of factory functions from zero value
     if (isFactoryFunction(DemangledFname)) {
       return this->generateFromZero(CS);
     }
 
+    DeclarationOnlyCalleeFound |= Callee->isDeclaration();
+
     /// XXX: Revisit this:
 
     // Handle all functions that are not modeld with special semantics.
@@ -209,6 +212,10 @@ auto IDETypeStateAnalysisBase::getCallToRetFlowFunction(
       }
     }
   }
+  if (!DeclarationOnlyCalleeFound) {
+    return killFlowIf(
+        [](d_t Source) { return llvm::isa<llvm::Constant>(Source); });
+  }
   return identityFlow();
 }