SVF-doxygen/html/DoubleFreeChecker_8cpp_source.html

//===- DoubleFreeChecker.cpp -- Detecting double-free errors------------------//

//

//                     SVF: Static Value-Flow Analysis

//

// Copyright (C) <2013->  <Yulei Sui>

//


// This program is free software: you can redistribute it and/or modify

// it under the terms of the GNU Affero General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.


// This program is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU Affero General Public License for more details.


// You should have received a copy of the GNU Affero General Public License

// along with this program.  If not, see <http://www.gnu.org/licenses/>.

//

//===----------------------------------------------------------------------===//


/*

 * DoubleFreeChecker.cpp

 *

 *  Created on: Apr 24, 2014

 *      Author: Yulei Sui

 */


#include "SABER/DoubleFreeChecker.h"

#include "Util/SVFUtil.h"

#include "Util/Options.h"


using namespace SVF;

using namespace SVFUtil;


void DoubleFreeChecker::reportBug(ProgSlice* slice)

{


    if(slice->isSatisfiableForPairs() == false)

    {

        GenericBug::EventStack eventStack;

        slice->evalFinalCond2Event(eventStack);

        eventStack.push_back(

            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));

        report.addSaberBug(GenericBug::DOUBLEFREE, eventStack);

    }

    if(Options::ValidateTests())

        testsValidation(slice);

}


void DoubleFreeChecker::testsValidation(ProgSlice *slice)

{

    const SVFGNode* source = slice->getSource();

    const CallICFGNode* cs = getSrcCSID(source);

    const SVFFunction* fun = cs->getCalledFunction();

    if(fun==nullptr)

        return;

    validateSuccessTests(slice,fun);

    validateExpectedFailureTests(slice,fun);

}


void DoubleFreeChecker::validateSuccessTests(ProgSlice *slice, const SVFFunction *fun)

{

    const SVFGNode* source = slice->getSource();

    const CallICFGNode* cs = getSrcCSID(source);


    bool success = false;


    if(fun->getName() == "SAFEMALLOC")

    {

        if(slice->isSatisfiableForPairs() == true)

            success = true;

    }

    else if(fun->getName() == "DOUBLEFREEMALLOC")

    {

        if(slice->isSatisfiableForPairs() == false)

            success = true;

    }

    else if(fun->getName() == "DOUBLEFREEMALLOCFN" || fun->getName() == "SAFEMALLOCFP")

    {

        return;

    }

    else

    {

        writeWrnMsg("\t can not validate, check function not found, please put it at the right place!!");

        return;

    }


    std::string funName = source->getFun()->getName();


    if (success)

    {

        outs() << sucMsg("\t SUCCESS :") << funName << " check <src id:" << source->getId()

               << ", cs id:" << (getSrcCSID(source))->valueOnlyToString() << "> at ("

               << cs->getSourceLoc() << ")\n";

        outs() << "\t\t double free path: \n" << slice->evalFinalCond() << "\n";

    }

    else

    {

        SVFUtil::errs() << errMsg("\t FAILURE :") << funName << " check <src id:" << source->getId()

                        << ", cs id:" << (getSrcCSID(source))->valueOnlyToString() << "> at ("

                        << cs->getSourceLoc() << ")\n";

        SVFUtil::errs() << "\t\t double free path: \n" << slice->evalFinalCond() << "\n";

        assert(false && "test case failed!");

    }

}


void DoubleFreeChecker::validateExpectedFailureTests(ProgSlice *slice, const SVFFunction *fun)

{

    const SVFGNode* source = slice->getSource();

    const CallICFGNode* cs = getSrcCSID(source);


    bool expectedFailure = false;

    if(fun->getName() == "DOUBLEFREEMALLOCFN")

    {

        if(slice->isSatisfiableForPairs() == true)

            expectedFailure = true;

    }

    else if(fun->getName() == "SAFEMALLOCFP")

    {

        if(slice->isSatisfiableForPairs() == false)

            expectedFailure = true;

    }

    else if(fun->getName() == "SAFEMALLOC" || fun->getName() == "DOUBLEFREEMALLOC")

    {

        return;

    }

    else

    {

        writeWrnMsg("\t can not validate, check function not found, please put it at the right place!!");

        return;

    }


    std::string funName = source->getFun()->getName();


    if (expectedFailure)

    {

        outs() << sucMsg("\t EXPECTED-FAILURE :") << funName << " check <src id:" << source->getId()

               << ", cs id:" << (getSrcCSID(source))->valueOnlyToString() << "> at ("

               << cs->getSourceLoc() << ")\n";

        outs() << "\t\t double free path: \n" << slice->evalFinalCond() << "\n";

    }

    else

    {

        SVFUtil::errs() << errMsg("\t UNEXPECTED FAILURE :") << funName

                        << " check <src id:" << source->getId()

                        << ", cs id:" << (getSrcCSID(source))->valueOnlyToString() << "> at ("

                        << cs->getSourceLoc() << ")\n";

        SVFUtil::errs() << "\t\t double free path: \n" << slice->evalFinalCond() << "\n";

        assert(false && "test case failed!");

    }

}


DoubleFreeChecker.h

Options.h

SVFUtil.h

SVF::CallICFGNode
Definition ICFGNode.h:423

SVF::CallICFGNode::getSourceLoc
const std::string getSourceLoc() const override
Definition ICFGNode.h:588

SVF::CallICFGNode::getCalledFunction
const SVFFunction * getCalledFunction() const
Definition ICFGNode.h:518

SVF::DoubleFreeChecker::testsValidation
void testsValidation(ProgSlice *slice)
Validate test cases for regression test purpose.
Definition DoubleFreeChecker.cpp:54

SVF::DoubleFreeChecker::validateSuccessTests
void validateSuccessTests(ProgSlice *slice, const SVFFunction *fun)
Definition DoubleFreeChecker.cpp:65

SVF::DoubleFreeChecker::validateExpectedFailureTests
void validateExpectedFailureTests(ProgSlice *slice, const SVFFunction *fun)
Definition DoubleFreeChecker.cpp:111

SVF::DoubleFreeChecker::reportBug
void reportBug(ProgSlice *slice) override
Report file/close bugs.
Definition DoubleFreeChecker.cpp:37

SVF::GenericBug::DOUBLEFREE
@ DOUBLEFREE
Definition SVFBugReport.h:86

SVF::GenericBug::EventStack
std::vector< SVFBugEvent > EventStack
Definition SVFBugReport.h:83

SVF::LeakChecker::getSrcCSID
const CallICFGNode * getSrcCSID(const SVFGNode *src)
Definition LeakChecker.h:109

SVF::Options::ValidateTests
static const Option< bool > ValidateTests
Definition Options.h:169

SVF::ProgSlice
Definition ProgSlice.h:50

SVF::SVFBugEvent
Definition SVFBugReport.h:52

SVF::SVFBugEvent::SourceInst
@ SourceInst
Definition SVFBugReport.h:60

SVF::SVFBugReport::addSaberBug
void addSaberBug(GenericBug::BugType bugType, const GenericBug::EventStack &eventStack)
Definition SVFBugReport.h:315

SVF::SVFFunction
Definition SVFValue.h:298

SVF::SVFValue::getName
const std::string & getName() const
Definition SVFValue.h:243

SVF::SrcSnkDDA::report
SVFBugReport report
Definition SrcSnkDDA.h:80

SVF::VFGNode
Definition VFGNode.h:47

SVF::SVFUtil::sucMsg
std::string sucMsg(const std::string &msg)
Returns successful message by converting a string into green string output.
Definition SVFUtil.cpp:54

SVF::SVFUtil::errMsg
std::string errMsg(const std::string &msg)
Print error message by converting a string into red string output.
Definition SVFUtil.cpp:77

SVF::SVFUtil::errs
std::ostream & errs()
Overwrite llvm::errs()
Definition SVFUtil.h:56

SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:67

SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:50

SVF
for isBitcode
Definition BasicTypes.h:68

SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74