TaintConfig Serialization (#672)

* LLVMTaintConfigYAML class

* basic structure

* beginning of restructuring

* compiles, untested

* Constructor init

* minor bug fixes

* new start w better approach

* basic working version

* removed unneccesary includes and functions

* new TaintConfigData structure

* fully refactored, doesn't compile

* added func/var structs

* compiling version, tests fail

* only 3 unittests fail now

* fixed a bug with sink values causing a crash

* all unittests pass

* review fixes

* one faulty unittest remaining

* all unittests pass + myphasartool revert

* pre-commit stuff

* review changes + unittest fixed

* added static to handle functions

* cleanup

* minor

* Pin swift version

* Remove unnecessary forward declaration

---------

Co-authored-by: mxHuber <huber.maximilian.leo@gmail.com>

Author: fabianbs96

include/phasar/PhasarLLVM/TaintConfig/LLVMTaintConfig.h

@@ -19,6 +19,7 @@
 namespace psr {
 class LLVMTaintConfig;
 class LLVMProjectIRDB;
+struct TaintConfigData;
 
 template <> struct TaintConfigTraits<LLVMTaintConfig> {
   using n_t = const llvm::Instruction *;
@@ -31,7 +32,7 @@ class LLVMTaintConfig : public TaintConfigBase<LLVMTaintConfig> {
 
 public:
   explicit LLVMTaintConfig(const psr::LLVMProjectIRDB &Code,
-                           const nlohmann::json &Config);
+                           const psr::TaintConfigData &Config);
   explicit LLVMTaintConfig(const psr::LLVMProjectIRDB &AnnotatedCode);
   explicit LLVMTaintConfig(
       TaintDescriptionCallBackTy SourceCB, TaintDescriptionCallBackTy SinkCB,
@@ -93,7 +94,7 @@ class LLVMTaintConfig : public TaintConfigBase<LLVMTaintConfig> {
   // --- utilities
 
   void addAllFunctions(const LLVMProjectIRDB &IRDB,
-                       const nlohmann::json &Config);
+                       const TaintConfigData &Config);
 
   // --- data members
 

include/phasar/PhasarLLVM/TaintConfig/TaintConfigBase.h

@@ -10,23 +10,22 @@
 #ifndef PHASAR_PHASARLLVM_TAINTCONFIG_TAINTCONFIGBASE_H
 #define PHASAR_PHASARLLVM_TAINTCONFIG_TAINTCONFIGBASE_H
 
+#include "phasar/PhasarLLVM/TaintConfig/TaintConfigData.h"
 #include "phasar/Utils/Nullable.h"
 
 #include "llvm/ADT/FunctionExtras.h"
 #include "llvm/ADT/Twine.h"
 #include "llvm/Support/Compiler.h"
 #include "llvm/Support/raw_ostream.h"
 
-#include "nlohmann/json.hpp"
-
 #include <map>
 #include <set>
 #include <type_traits>
 #include <utility>
 
 namespace psr {
 
-enum class TaintCategory { Source, Sink, Sanitizer, None };
+enum class TaintCategory { None, Source, Sink, Sanitizer };
 
 [[nodiscard]] llvm::StringRef to_string(TaintCategory Cat) noexcept;
 [[nodiscard]] TaintCategory toTaintCategory(llvm::StringRef Str) noexcept;
@@ -159,8 +158,9 @@ template <typename Derived> class TaintConfigBase {
 //===----------------------------------------------------------------------===//
 // Miscellaneous helper functions
 
-nlohmann::json parseTaintConfig(const llvm::Twine &Path);
-std::optional<nlohmann::json> parseTaintConfigOrNull(const llvm::Twine &Path);
+[[nodiscard]] TaintConfigData parseTaintConfig(const llvm::Twine &Path);
+[[nodiscard]] std::optional<TaintConfigData>
+parseTaintConfigOrNull(const llvm::Twine &Path) noexcept;
 
 } // namespace psr
 

include/phasar/PhasarLLVM/TaintConfig/TaintConfigData.h

@@ -0,0 +1,46 @@
+/******************************************************************************
+ * Copyright (c) 2023 Fabian Schiebel.
+ * All rights reserved. This program and the accompanying materials are made
+ * available under the terms of LICENSE.txt.
+ *
+ * Contributors:
+ *     Maximilian Leo Huber and others
+ *****************************************************************************/
+
+#ifndef PHASAR_PHASARLLVM_TAINTCONFIG_TAINTCONFIGDATA_H
+#define PHASAR_PHASARLLVM_TAINTCONFIG_TAINTCONFIGDATA_H
+
+#include <string>
+#include <vector>
+
+namespace psr {
+enum class TaintCategory;
+
+struct FunctionData {
+  FunctionData() noexcept = default;
+
+  std::string Name;
+  TaintCategory ReturnCat{};
+  std::vector<uint32_t> SourceValues;
+  std::vector<uint32_t> SinkValues;
+  std::vector<uint32_t> SanitizerValues;
+  bool HasAllSinkParam = false;
+};
+
+struct VariableData {
+  VariableData() noexcept = default;
+
+  size_t Line{};
+  std::string Name;
+  std::string Scope;
+  TaintCategory Cat{};
+};
+
+struct TaintConfigData {
+  std::vector<FunctionData> Functions;
+  std::vector<VariableData> Variables;
+};
+
+} // namespace psr
+
+#endif // PHASAR_PHASARLLVM_TAINTCONFIG_TAINTCONFIGDATA_H

lib/PhasarLLVM/TaintConfig/LLVMTaintConfig.cpp

@@ -15,13 +15,14 @@
 #include "phasar/PhasarLLVM/Utils/Annotation.h"
 #include "phasar/PhasarLLVM/Utils/LLVMShorthands.h"
 #include "phasar/Utils/Logger.h"
-#include "phasar/Utils/NlohmannLogging.h"
 
 #include "llvm/IR/DebugInfo.h"
 #include "llvm/IR/Function.h"
 #include "llvm/IR/InstIterator.h"
 #include "llvm/IR/IntrinsicInst.h"
 
+#include <string>
+
 namespace psr {
 
 static llvm::SmallVector<const llvm::Function *>
@@ -59,9 +60,9 @@ findAllFunctionDefs(const LLVMProjectIRDB &IRDB, llvm::StringRef Name) {
 }
 
 void LLVMTaintConfig::addAllFunctions(const LLVMProjectIRDB &IRDB,
-                                      const nlohmann::json &Config) {
-  for (const auto &FunDesc : Config["functions"]) {
-    auto Name = FunDesc["name"].get<std::string>();
+                                      const TaintConfigData &Config) {
+  for (const auto &FunDesc : Config.Functions) {
+    const auto &Name = FunDesc.Name;
 
     auto FnDefs = findAllFunctionDefs(IRDB, Name);
 
@@ -72,127 +73,105 @@ void LLVMTaintConfig::addAllFunctions(const LLVMProjectIRDB &IRDB,
 
     const auto *Fun = FnDefs[0];
 
-    // handle a function's parameters
-    if (FunDesc.contains("params")) {
-      auto Params = FunDesc["params"];
-      if (Params.contains("source")) {
-        for (unsigned Idx : Params["source"]) {
-          if (Idx >= Fun->arg_size()) {
-            llvm::errs()
-                << "ERROR: The source-function parameter index is out of "
-                   "bounds: "
-                << Idx << "\n";
-            // Use 'continue' instead of 'break' to get error messages for the
-            // remaining parameters as well
-            continue;
-          }
-          addTaintCategory(Fun->getArg(Idx), TaintCategory::Source);
-        }
+    // handle a function's source parameters
+    for (const auto &Idx : FunDesc.SourceValues) {
+      if (Idx >= Fun->arg_size()) {
+        llvm::errs() << "ERROR: The source-function parameter index is out of "
+                        "bounds: "
+                     << Idx << "\n";
+        // Use 'continue' instead of 'break' to get error messages for the
+        // remaining parameters as well
+        continue;
       }
-      if (Params.contains("sink")) {
-        for (const auto &Idx : Params["sink"]) {
-          if (Idx.is_number()) {
-            if (Idx >= Fun->arg_size()) {
-              llvm::errs()
-                  << "ERROR: The source-function parameter index is out of "
-                     "bounds: "
-                  << Idx << "\n";
-              continue;
-            }
-            addTaintCategory(Fun->getArg(Idx), TaintCategory::Sink);
-          } else if (Idx.is_string()) {
-            const auto Sinks = Idx.get<std::string>();
-            if (Sinks == "all") {
-              for (const auto &Arg : Fun->args()) {
-                addTaintCategory(&Arg, TaintCategory::Sink);
-              }
-            }
-          }
-        }
+
+      addTaintCategory(Fun->getArg(Idx), TaintCategory::Source);
+    }
+    for (const auto &Idx : FunDesc.SinkValues) {
+      if (Idx >= Fun->arg_size()) {
+        llvm::errs() << "ERROR: The sink-function parameter index is out of "
+                        "bounds: "
+                     << Idx << "\n";
+        continue;
       }
-      if (Params.contains("sanitizer")) {
-        for (unsigned Idx : Params["sanitizer"]) {
-          if (Idx >= Fun->arg_size()) {
-            llvm::errs()
-                << "ERROR: The source-function parameter index is out of "
-                   "bounds: "
-                << Idx << "\n";
-            continue;
-          }
-          addTaintCategory(Fun->getArg(Idx), TaintCategory::Sanitizer);
-        }
+
+      addTaintCategory(Fun->getArg(Idx), TaintCategory::Sink);
+    }
+
+    if (FunDesc.HasAllSinkParam) {
+      for (const auto &Arg : Fun->args()) {
+        addTaintCategory(&Arg, TaintCategory::Sink);
       }
     }
-    // handle a function's return value
-    if (FunDesc.contains("ret")) {
-      for (const auto &User : Fun->users()) {
-        addTaintCategory(User, FunDesc["ret"].get<std::string>());
+
+    for (const auto &Idx : FunDesc.SanitizerValues) {
+      if (Idx >= Fun->arg_size()) {
+        llvm::errs()
+            << "ERROR: The sanitizer-function parameter index is out of "
+               "bounds: "
+            << Idx << "\n";
+        continue;
       }
+      addTaintCategory(Fun->getArg(Idx), TaintCategory::Sanitizer);
+    }
+    // handle a function's return value
+    for (const auto &User : Fun->users()) {
+      addTaintCategory(User, FunDesc.ReturnCat);
     }
   }
 }
 
 LLVMTaintConfig::LLVMTaintConfig(const psr::LLVMProjectIRDB &Code,
-                                 const nlohmann::json &Config) {
+                                 const TaintConfigData &Config) {
   // handle functions
-  if (Config.contains("functions")) {
-    addAllFunctions(Code, Config);
-  }
+  addAllFunctions(Code, Config);
 
   // handle variables
-  if (Config.contains("variables")) {
-    // scope can be a function name or a struct.
-    std::unordered_map<const llvm::Type *, const nlohmann::json>
-        StructConfigMap;
-
-    // read all struct types from config
-    for (const auto &VarDesc : Config["variables"]) {
-      llvm::DebugInfoFinder DIF;
-      const auto *M = Code.getModule();
-
-      DIF.processModule(*M);
-      for (const auto &Ty : DIF.types()) {
-        if (Ty->getTag() == llvm::dwarf::DW_TAG_structure_type &&
-            Ty->getName().equals(VarDesc["scope"].get<std::string>())) {
-          for (const auto &LlvmStructTy : M->getIdentifiedStructTypes()) {
-            StructConfigMap.insert(
-                std::pair<const llvm::Type *, const nlohmann::json>(
-                    LlvmStructTy, VarDesc));
-          }
+  // scope can be a function name or a struct.
+  std::unordered_map<const llvm::Type *, const std::string> StructConfigMap;
+
+  // read all struct types from config
+  size_t Counter = 0;
+  for (const auto &VarDesc : Config.Variables) {
+    llvm::DebugInfoFinder DIF;
+    const auto *M = Code.getModule();
+
+    DIF.processModule(*M);
+    for (const auto &Ty : DIF.types()) {
+      if (Ty->getTag() == llvm::dwarf::DW_TAG_structure_type &&
+          Ty->getName().equals(VarDesc.Scope)) {
+        for (const auto &LlvmStructTy : M->getIdentifiedStructTypes()) {
+          StructConfigMap.insert(
+              std::pair<const llvm::Type *, const std::string>(LlvmStructTy,
+                                                               VarDesc.Name));
         }
       }
-      DIF.reset();
     }
-
-    // add corresponding Allocas or getElementPtr instructions to the taint
-    // category
-    for (const auto &VarDesc : Config["variables"]) {
-      for (const auto &Fun : Code.getAllFunctions()) {
-        for (const auto &I : llvm::instructions(Fun)) {
-          if (const auto *DbgDeclare =
-                  llvm::dyn_cast<llvm::DbgDeclareInst>(&I)) {
-            const llvm::DILocalVariable *LocalVar = DbgDeclare->getVariable();
-            // matching line number with for Allocas
-            if (LocalVar->getName().equals(
-                    VarDesc["name"].get<std::string>()) &&
-                LocalVar->getLine() == VarDesc["line"].get<unsigned int>()) {
-              addTaintCategory(DbgDeclare->getAddress(),
-                               VarDesc["cat"].get<std::string>());
-            }
-          } else if (!StructConfigMap.empty()) {
-            // Ignorning line numbers for getElementPtr instructions
-            if (const auto *Gep = llvm::dyn_cast<llvm::GetElementPtrInst>(&I)) {
-              const auto *StType = llvm::dyn_cast<llvm::StructType>(
-                  Gep->getPointerOperandType()->getPointerElementType());
-              if (StType && StructConfigMap.count(StType)) {
-                const auto VarDesc = StructConfigMap.at(StType);
-                auto VarName = VarDesc["name"].get<std::string>();
-                // using substr to cover the edge case in which same variable
-                // name is present as a local variable and also as a struct
-                // member variable. (Ex. JsonConfig/fun_member_02.cpp)
-                if (Gep->getName().substr(0, VarName.size()).equals(VarName)) {
-                  addTaintCategory(Gep, VarDesc["cat"].get<std::string>());
-                }
+    DIF.reset();
+  }
+  // add corresponding Allocas or getElementPtr instructions to the taint
+  // category
+  for (const auto &VarDesc : Config.Variables) {
+    for (const auto &Fun : Code.getAllFunctions()) {
+      for (const auto &I : llvm::instructions(Fun)) {
+        if (const auto *DbgDeclare = llvm::dyn_cast<llvm::DbgDeclareInst>(&I)) {
+          const llvm::DILocalVariable *LocalVar = DbgDeclare->getVariable();
+          // matching line number with for Allocas
+          if (LocalVar->getName().equals(VarDesc.Name) &&
+              LocalVar->getLine() == VarDesc.Line) {
+            addTaintCategory(DbgDeclare->getAddress(), VarDesc.Cat);
+          }
+        } else if (!StructConfigMap.empty()) {
+          // Ignorning line numbers for getElementPtr instructions
+          if (const auto *Gep = llvm::dyn_cast<llvm::GetElementPtrInst>(&I)) {
+            const auto *StType = llvm::dyn_cast<llvm::StructType>(
+                Gep->getPointerOperandType()->getPointerElementType());
+            if (StType && StructConfigMap.count(StType)) {
+              auto VarName = StructConfigMap.at(StType);
+              // using substr to cover the edge case in which same variable
+              // name is present as a local variable and also as a struct
+              // member variable. (Ex. JsonConfig/fun_member_02.cpp)
+              if (Gep->getName().substr(0, VarName.size()).equals(VarName)) {
+                addTaintCategory(Gep, VarDesc.Cat);
               }
             }
           }