Skip to content

Commit

Permalink
Got first batch of LLVM 11 upgrades on LavaTool, there is an override…
Browse files Browse the repository at this point in the history 
… I had to delete, I hope I dont regret this
  • Loading branch information
@AndrewQuijano
AndrewQuijano committed Jul 9, 2024
1 parent 308bc39 commit 9f7d4d6
Show file tree
Hide file tree
Showing 10 changed files with 65 additions and 61 deletions.
18 changes: 9 additions & 9 deletions tools/lavaTool/include/CallExprArgAdditionalHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ struct CallExprArgAdditionHandler : public LavaMatchHandler {
using LavaMatchHandler::LavaMatchHandler; // Inherit constructor.

void CAddArg(const CallExpr *call) {
SourceLocation l1 = call->getLocStart();
SourceLocation l2 = call->getLocEnd();
debug(FNARG) << "call->getLocStart = " << Mod.sm->getFileOffset(l1) << "\n";
debug(FNARG) << "call->getLocEnd = " << Mod.sm->getFileOffset(l2) << "\n";
SourceLocation l1 = call->getBeginLoc();
SourceLocation l2 = call->getEndLoc();
debug(FNARG) << "call->getBeginLoc = " << Mod.sm->getFileOffset(l1) << "\n";
debug(FNARG) << "call->getEndLoc = " << Mod.sm->getFileOffset(l2) << "\n";
bool inv=false;
debug(FNARG) << "call : [" << getStringBetweenRange(*Mod.sm, call->getSourceRange(), &inv) << "]\n";
assert(!inv);
Expand All @@ -21,14 +21,14 @@ struct CallExprArgAdditionHandler : public LavaMatchHandler {
debug(FNARG) << "CallExprArgAdditionHandler\n";

bool inv;
SourceLocation l1 = call->getLocStart();
SourceLocation l2 = call->getLocEnd();
SourceLocation l1 = call->getBeginLoc();
SourceLocation l2 = call->getEndLoc();
std::string cestr = getStringBetweenRange(*Mod.sm, call->getSourceRange(), &inv);
assert (!inv);
debug(FNARG) << "callexpr: [" << cestr << "\n";

SourceLocation loc = clang::Lexer::findLocationAfterToken(
call->getLocStart(), tok::l_paren, *Mod.sm, *Mod.LangOpts, true);
call->getBeginLoc(), tok::l_paren, *Mod.sm, *Mod.LangOpts, true);

// No need to check for ArgDataflow, since matcher only called then
auto fnname = get_containing_function_name(Result, *call);
Expand Down Expand Up @@ -60,10 +60,10 @@ struct CallExprArgAdditionHandler : public LavaMatchHandler {
if (func == nullptr || func->getLocation().isInvalid()) {
// Function Pointer
debug(FNARG) << "function pointer use\n";
call->getLocStart().print(debug(FNARG), *Mod.sm);
call->getBeginLoc().print(debug(FNARG), *Mod.sm);
debug(FNARG) << "\n";
//debug(FNARG) << " argcount=" << call->getNumArgs() << "\n";
//loc = call->getArg(0)->getLocStart();
//loc = call->getArg(0)->getBeginLoc();
} else if (Mod.sm->isInSystemHeader(func->getLocation())) {
debug(FNARG) << "in system header\n";
return;
Expand Down
16 changes: 8 additions & 8 deletions tools/lavaTool/include/FieldDeclArgAdditionHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,33 +18,33 @@ struct FieldDeclArgAdditionHandler : public LavaMatchHandler {
virtual void handle(const MatchFinder::MatchResult &Result) {
const FieldDecl *fd =
Result.Nodes.getNodeAs<FieldDecl>("fielddecl");
SourceLocation l1 = fd->getLocStart();
SourceLocation l2 = fd->getLocEnd();
SourceLocation l1 = fd->getBeginLoc();
SourceLocation l2 = fd->getEndLoc();
bool inv = false;
debug(FNARG) << "fielddecl : [" << getStringBetweenRange(*Mod.sm, fd->getSourceRange(), &inv) << "]\n";
if (inv) {
debug(FNARG) << "... is invalid\n";
return;
}
const Type *ft = fd->getType().getTypePtr();
const clang::Type *ft = fd->getType().getTypePtr();
if (ft->isFunctionPointerType()) {
// field is a fn pointer
const Type *pt = ft->getPointeeType().IgnoreParens().getTypePtr();
const clang::Type *pt = ft->getPointeeType().IgnoreParens().getTypePtr();
//assert(pt);
if (!pt) return;
const FunctionType *fun_type = dyn_cast<FunctionType>(pt);
const clang::FunctionType *fun_type = dyn_cast<clang::FunctionType>(pt);
if (fun_type == NULL) {
debug(FNARG) << "... clang could not determine function type, abort\n";
return;
}

//assert(fun_type);
if (!fun_type) return;
const FunctionProtoType *prot = dyn_cast<FunctionProtoType>(fun_type);
const clang::FunctionProtoType *prot = dyn_cast<clang::FunctionProtoType>(fun_type);
if (!prot) return;
// add the data_flow arg
SourceLocation l1 = fd->getLocStart();
SourceLocation l2 = fd->getLocEnd();
SourceLocation l1 = fd->getBeginLoc();
SourceLocation l2 = fd->getEndLoc();
AddArgGen(Mod, l1, l2, false, prot->getNumParams(), 2);
}
}
Expand Down
10 changes: 5 additions & 5 deletions tools/lavaTool/include/FuncDeclArgAdditionHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ struct FuncDeclArgAdditionHandler : public LavaMatchHandler {
using LavaMatchHandler::LavaMatchHandler; // Inherit constructor

void AddArg(const FunctionDecl *func) {
SourceLocation l1 = func->getLocStart();
SourceLocation l2 = func->getLocEnd();
debug(FNARG) << "func->getLocStart = " << Mod.sm->getFileOffset(l1) << "\n";
debug(FNARG) << "func->getLocEnd = " << Mod.sm->getFileOffset(l2) << "\n";
SourceLocation l1 = func->getBeginLoc();
SourceLocation l2 = func->getEndLoc();
debug(FNARG) << "func->getBeginLoc = " << Mod.sm->getFileOffset(l1) << "\n";
debug(FNARG) << "func->getEndLoc = " << Mod.sm->getFileOffset(l2) << "\n";
bool inv;
debug(FNARG) << "func : [" << getStringBetweenRange(*Mod.sm, func->getSourceRange(), &inv) << "]\n";

Expand Down Expand Up @@ -102,7 +102,7 @@ struct FuncDeclArgAdditionHandler : public LavaMatchHandler {
int data_slots_size = (data_slots.size() > 0) ? data_slots.size() : 1;
data_array << "int data[" << data_slots_size << "] = {0};\n";
data_array << "int *" ARG_NAME << "= &data;\n";
Mod.InsertAt(first->getLocStart(), data_array.str());
Mod.InsertAt(first->getBeginLoc(), data_array.str());
}
} else {
const FunctionDecl *bodyDecl = nullptr;
Expand Down
4 changes: 2 additions & 2 deletions tools/lavaTool/include/FunctionArgHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ struct FunctionArgHandler : public LavaMatchHandler {

const SourceManager &sm = *Result.SourceManager;

auto sl1 = call->getLocStart();
auto sl2 = call->getLocEnd();
auto sl1 = call->getBeginLoc();
auto sl2 = call->getEndLoc();
debug(FNARG) << "start: " << sl1.printToString(sm) << "\n";
debug(FNARG) << "end: " << sl2.printToString(sm) << "\n";

Expand Down
12 changes: 6 additions & 6 deletions tools/lavaTool/include/FunctionPointerFieldHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,19 @@ struct FunctionPointerFieldHandler : public LavaMatchHandler {
}
else {

const Type *t = fd->getType().getTypePtr();
const clang::Type *t = fd->getType().getTypePtr();
if (t->isPointerType()) { // || t->isArrayType()) {
const Type *pt = t->getPointeeType().getTypePtr(); // t->getPointeeOrArrayElementType();
const clang::Type *pt = t->getPointeeType().getTypePtr(); // t->getPointeeOrArrayElementType();
if (pt->isFunctionType())
debug(FNARG) << "Its a fn pointer!\n";
auto sl1 = fd->getLocStart();
auto sl2 = fd->getLocEnd();
auto sl1 = fd->getBeginLoc();
auto sl2 = fd->getEndLoc();
debug(FNARG) << "start: " << sl1.printToString(*Mod.sm) << "\n";
debug(FNARG) << "end: " << sl2.printToString(*Mod.sm) << "\n";

}
// debug(FNARG) << decl->getLocEnd().printToString(*Mod.sm) << "\n";
// Mod.InsertAt(decl->getLocEnd().getLocWithOffset(-14), "int *" ARG_NAME ", ");
// debug(FNARG) << decl->getEndLoc().printToString(*Mod.sm) << "\n";
// Mod.InsertAt(decl->getEndLoc().getLocWithOffset(-14), "int *" ARG_NAME ", ");
}
}
};
Expand Down
12 changes: 6 additions & 6 deletions tools/lavaTool/include/FunctionPointerTypedefHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,26 +6,26 @@ struct FunctionPointerTypedefHandler : public LavaMatchHandler {

virtual void handle(const MatchFinder::MatchResult &Result) {
const TypedefDecl *td = Result.Nodes.getNodeAs<TypedefDecl>("typedefdecl");
SourceLocation l1 = td->getLocStart();
SourceLocation l2 = td->getLocEnd();
SourceLocation l1 = td->getBeginLoc();
SourceLocation l2 = td->getEndLoc();
bool inv=false;
debug(FNARG) << "typedefdecl : [" << getStringBetweenRange(*Mod.sm, td->getSourceRange(), &inv) << "\n";
if (inv) {
debug(FNARG) << "... is invalid\n";
return;
}
const Type *ft = td->getUnderlyingType().getTypePtr();
const clang::Type *ft = td->getUnderlyingType().getTypePtr();
//assert(ft);
if (!ft) return;
if (ft->isFunctionPointerType()) {
// field is a fn pointer
const Type *pt = ft->getPointeeType().IgnoreParens().getTypePtr();
const clang::Type *pt = ft->getPointeeType().IgnoreParens().getTypePtr();
//assert(pt);
if (!pt) return;
const FunctionType *fun_type = dyn_cast<FunctionType>(pt);
const clang::FunctionType *fun_type = dyn_cast<clang::FunctionType>(pt);
//assert(fun_type);
if (!fun_type) return;
const FunctionProtoType *prot = dyn_cast<FunctionProtoType>(fun_type);
const clang::FunctionProtoType *prot = dyn_cast<clang::FunctionProtoType>(fun_type);
// add the data_flow arg
//assert(prot);
if (!prot) return;
Expand Down
8 changes: 4 additions & 4 deletions tools/lavaTool/include/LavaMatchHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,8 +150,8 @@ struct LavaMatchHandler : public MatchFinder::MatchCallback {

LavaASTLoc GetASTLoc(const SourceManager &sm, const Stmt *s) {
assert(!SourceDir.empty());
FullSourceLoc fullLocStart(sm.getExpansionLoc(s->getLocStart()), sm);
FullSourceLoc fullLocEnd(sm.getExpansionLoc(s->getLocEnd()), sm);
FullSourceLoc fullLocStart(sm.getExpansionLoc(s->getBeginLoc()), sm);
FullSourceLoc fullLocEnd(sm.getExpansionLoc(s->getEndLoc()), sm);
std::string src_filename = StripPrefix(
getAbsolutePath(sm.getFilename(fullLocStart)), SourceDir);
return LavaASTLoc(src_filename, fullLocStart, fullLocEnd);
Expand Down Expand Up @@ -268,11 +268,11 @@ struct LavaMatchHandler : public MatchFinder::MatchCallback {
for (auto &keyValue : nodesMap) {
const Stmt *stmt = keyValue.second.get<Stmt>();
if (stmt) {
SourceLocation start = stmt->getLocStart();
SourceLocation start = stmt->getBeginLoc();
if (!sm.getFilename(start).empty() && sm.isInMainFile(start)
&& !sm.isMacroArgExpansion(start)) {
debug(MATCHER) << keyValue.first << ": " << ExprStr(stmt) << " ";
stmt->getLocStart().print(debug(MATCHER), sm);
stmt->getBeginLoc().print(debug(MATCHER), sm);
debug(MATCHER) << "\n";
if (DEBUG_FLAGS & MATCHER) stmt->dump();
} else return;
Expand Down
6 changes: 4 additions & 2 deletions tools/lavaTool/include/MatchFinder.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,9 @@ class LavaMatchFinder : public MatchFinder, public SourceFileCallbacks {
makeHandler<MallocOffByOneArgHandler>()
);
}
virtual bool handleBeginSource(CompilerInstance &CI, StringRef Filename) override {

// TODO: WARNING, I HAVE REMOVED OVERRIDE, I REALLY HOPE I DON'T REGRET THIS!
virtual bool handleBeginSource(CompilerInstance &CI, StringRef Filename) {
Insert.clear();
Mod.Reset(&CI.getLangOpts(), &CI.getSourceManager());
TUReplace.Replacements.clear();
Expand Down Expand Up @@ -232,7 +234,7 @@ class LavaMatchFinder : public MatchFinder, public SourceFileCallbacks {
Insert.render(CurrentCI->getSourceManager(), TUReplace.Replacements);
std::error_code EC;
llvm::raw_fd_ostream YamlFile(TUReplace.MainSourceFile + ".yaml",
EC, llvm::sys::fs::F_RW);
EC, llvm::sys::fs::OF_None);
yaml::Output Yaml(YamlFile);
Yaml << TUReplace;
}
Expand Down
10 changes: 5 additions & 5 deletions tools/lavaTool/include/VarDeclArgAdditionHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,21 @@ struct VarDeclArgAdditionHandler : public LavaMatchHandler {

virtual void handle(const MatchFinder::MatchResult &Result) {
const VarDecl *vd = Result.Nodes.getNodeAs<VarDecl>("vardecl");
SourceLocation l1 = vd->getLocStart();
SourceLocation l2 = vd->getLocEnd();
SourceLocation l1 = vd->getBeginLoc();
SourceLocation l2 = vd->getEndLoc();
bool inv = false;
debug(FNARG) << "vardecl : [" << getStringBetweenRange(*Mod.sm, vd->getSourceRange(), &inv) << "]\n";
if (inv) {
debug(FNARG) << "... is invalid\n";
return;
}
const Type *ft = vd->getType().getTypePtr();
const clang::Type *ft = vd->getType().getTypePtr();
assert (ft);
if (ft->isFunctionPointerType()) {
// field is a fn pointer
const Type *pt = ft->getPointeeType().IgnoreParens().getTypePtr();
const clang::Type *pt = ft->getPointeeType().IgnoreParens().getTypePtr();
assert(pt);
const FunctionType *fun_type = dyn_cast<FunctionType>(pt);
const clang::FunctionType *fun_type = dyn_cast<clang::FunctionType>(pt);
//assert(fun_type);
if (!fun_type) return;
const FunctionProtoType *prot = dyn_cast<FunctionProtoType>(fun_type);
Expand Down
30 changes: 16 additions & 14 deletions tools/lavaTool/include/lavaTool.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ using clang::tooling::CommonOptionsParser;

#define MAX_STRNLEN 64

static llvm::raw_null_ostream null_ostream;
static llvm::raw_ostream &null_ostream = llvm::nulls();
#define debug(flag) ((DEBUG_FLAGS & (flag)) ? llvm::errs() : null_ostream)

enum action { LavaQueries, LavaInjectBugs, LavaInstrumentMain };
Expand Down Expand Up @@ -136,8 +136,7 @@ static cl::extrahelp MoreHelp(
static cl::opt<action> LavaAction("action", cl::desc("LAVA Action"),
cl::values(
clEnumValN(LavaQueries, "query", "Add taint queries"),
clEnumValN(LavaInjectBugs, "inject", "Inject bugs"),
clEnumValEnd),
clEnumValN(LavaInjectBugs, "inject", "Inject bugs")),
cl::cat(LavaCategory),
cl::Required);
static cl::opt<std::string> LavaBugList("bug-list",
Expand Down Expand Up @@ -204,7 +203,7 @@ namespace {
}

void my_terminate(void) {
static bool tried_throw = false;
static int tried_throw = false;

std::cerr << "TEST\n";

Expand Down Expand Up @@ -284,7 +283,7 @@ std::string StripPrefix(std::string filename, std::string prefix) {
return filename.substr(prefix_len);
}

bool QueriableType(const Type *lval_type) {
bool QueriableType(const clang::Type *lval_type) {
if ((lval_type->isIncompleteType())
|| (lval_type->isIncompleteArrayType())
|| (lval_type->isVoidType())
Expand All @@ -293,23 +292,24 @@ bool QueriableType(const Type *lval_type) {
return false;
}
if (lval_type->isPointerType()) {
const Type *pt = lval_type->getPointeeType().getTypePtr();
const clang::Type *pt = lval_type->getPointeeType().getTypePtr();
return QueriableType(pt);
}
return true;
}


bool IsArgAttackable(const Expr *arg) {
debug(MATCHER) << "IsArgAttackable \n";
if (DEBUG_FLAGS & MATCHER) arg->dump();

const Type *t = arg->IgnoreParenImpCasts()->getType().getTypePtr();
const clang::Type *t = arg->IgnoreParenImpCasts()->getType().getTypePtr();
if (dyn_cast<OpaqueValueExpr>(arg) || t->isStructureType() || t->isEnumeralType() || t->isIncompleteType()) {
return false;
}
if (QueriableType(t)) {
if (t->isPointerType()) {
const Type *pt = t->getPointeeType().getTypePtr();
const clang::Type *pt = t->getPointeeType().getTypePtr();
// its a pointer to a non-void
if ( ! (pt->isVoidType() ) ) {
return true;
Expand Down Expand Up @@ -388,23 +388,23 @@ LExpr threeDuaTest(Bug *bug, LvalBytes x, LvalBytes y) {

auto oldmagic = bug->magic;

printf("Bug %llu solutions\n", bug->id);
printf("Bug %lu solutions\n", bug->id);
const int NUM_BUGTYPES=3;
// Todo remove the pring switch or print to a debug output
switch (oldmagic % NUM_BUGTYPES) {
case 0:
bug->magic = (a_sol + b_sol) * c_sol;
printf("SOL 0x%llx == (0x%x + 0x%x) * 0x%x\n", bug->id, a_sol, b_sol, c_sol);
printf("SOL 0x%lx == (0x%x + 0x%x) * 0x%x\n", bug->id, a_sol, b_sol, c_sol);
break;

case 1:
bug->magic = (a_sol * b_sol) - c_sol;
printf("SOL 0x%llx id == (0x%x * 0x%x) - 0x%x\n", bug->id, a_sol, b_sol, c_sol);
printf("SOL 0x%lx id == (0x%x * 0x%x) - 0x%x\n", bug->id, a_sol, b_sol, c_sol);
break;

case 2:
bug->magic = (a_sol+2) * (b_sol+1) * (c_sol+3);
printf("SOL 0x%llx id == (0x%x+2) *( 0x%x+1) * (0x%x+3) \n", bug->id, a_sol, b_sol, c_sol);
printf("SOL 0x%lx id == (0x%x+2) *( 0x%x+1) * (0x%x+3) \n", bug->id, a_sol, b_sol, c_sol);
break;

}
Expand Down Expand Up @@ -435,9 +435,11 @@ LExpr twoDuaTest(const Bug *bug, LvalBytes x) {
return (Get(bug->trigger)^Get(x)) == LHex(bug->magic);
}

static void printVersion() {
errs() << "LavaTool Version -- " << LAVA_VER << "\n";
static void printVersion(llvm::raw_ostream &OS) {
OS << "LavaFnTool Version -- " << LAVA_VER << "\n";
}


// returns true iff this fn name is in whitelist to be instrumented
bool fninstr(std::pair<std::string, std::string> fnname) {
std::string filename = fnname.first;
Expand Down

0 comments on commit 9f7d4d6

Please sign in to comment.