Fix Type-based Call-Graphs with Multiple Inheritance (#776)

* replaced llvm-14 with llvm-15 in relevant files

* some changes

* more efficient call-graph

* String-nbased vtable getter + CG-test with dbg info

* minor in CG

* annotation fix + test fix

* removed bitcasts and fixed tests

* Fix Annotation.cpp + TaintConfigTest

* Quick-fix LLVMTypeHierarchyTest

* fix one IIA test

* Fix StringtestCpp for generalized LCA

* first half of tests fixed

* fixed first half of tests

* fixed all but one test in IDEInstInteractionAnalysisTest

* fixed all but two tests

* Fix IIAFlowFact equality

* Re-add getVFTableGlobal

* fixed some newly failed tests

* trade soundness for precision in LLVMAliasSet

* ci.yml update

* Revert "fixed some newly failed tests"

* pre-commit hook

* Two Tests + xtaint09 test fix for pipeline

* Basic Opaque Pointer Impl, bugged

* switching to DebugInfoFinder

* re-add the quick-fix for LLVMTypeHierarchy

* OpaquePtr type mapping, missing subroutines

* Introducing a pass to save ptr types

* Revert "Introducing a pass to save ptr types"

This reverts commit 2a91b6d.

* moving phasar to DIBasedTypeHierarchy

* full switch to DIBasedTypeHierarchy + Test fixes

* fixed PathTracingTest

* dtaresolver deprecated and test fixes

* Fixed OTFTest

* trimmed trailing whitespace

* minor fixes

* readded TypeToDIType map for RTAResolver

* pre-commit clang-format fix

* pre-commit clang-format llvmbasedicfg.cpp

* moved RTAResolver to DITypes

* implemented review suggestions

* Log error if trying to instantiate DTAResolver + minor

* Add breaking changes

* Also compare gep type in IIA EqualGEPDescriptor

* Expose getDILocation()

* expose getSrcCodeFromIR for DebugLocation + minor

* Remove some unused includes

* Make TaintConfigData compatible with C++20

* Compatibility with opaque pointers

* Allow setting the LLVM version from higher-level projects

* Getting rid of UB in CHAResolver

* Start adding more sophisticated type extraction (WIP)

* Handle function calls in getVarTypeFromIR

* better fallback handling for getDebugLocation, etc

* Better IntraMonoSolver dump

* minor

* improve intra mono dump

* minor

* expose getNonPureVirtualVFTEntry as namespace-scope function + fix build with LLVM 14

* Fix RTA resolver

* Add missing include

* Fix solveIFDSProblem + cherry-pick fix of DIBasedTypeHierarchy::buildTypeGraph

* Potential fix, needs testing

* Look into the right VTable, when resolving a virtual call

* pre-commit

* some cleanup

---------

Co-authored-by: mxHuber <[email protected]>
Co-authored-by: Fabian Schiebel <[email protected]>

Author: 3 people

include/phasar/PhasarLLVM/ControlFlow/LLVMVFTableProvider.h

@@ -11,9 +11,13 @@
 #define PHASAR_PHASARLLVM_CONTROLFLOW_LLVMVFTABLEPROVIDER_H
 
 #include "phasar/PhasarLLVM/TypeHierarchy/LLVMVFTable.h"
+#include "phasar/Utils/HashUtils.h"
 
+#include "llvm/ADT/DenseSet.h"
 #include "llvm/ADT/StringMap.h"
+#include "llvm/IR/DebugInfoMetadata.h"
 
+#include <cstdint>
 #include <unordered_map>
 
 namespace llvm {
@@ -37,8 +41,19 @@ class LLVMVFTableProvider {
   explicit LLVMVFTableProvider(const LLVMProjectIRDB &IRDB);
 
   [[nodiscard]] bool hasVFTable(const llvm::DIType *Type) const;
-  [[nodiscard]] const LLVMVFTable *
-  getVFTableOrNull(const llvm::DIType *Type) const;
+  [[nodiscard]] const LLVMVFTable *getVFTableOrNull(const llvm::DIType *Type,
+                                                    uint32_t Index = 0) const;
+
+  [[nodiscard]] const llvm::SmallDenseSet<uint32_t> &
+  getVTableIndexInHierarchy(const llvm::DIType *DerivedType,
+                            const llvm::DIType *BaseType) const;
+
+  /// Supercedes DIBasedTypeHierarchy::removeVTablePrefix
+  [[nodiscard]] static llvm::StringRef
+  removeVTablePrefix(llvm::StringRef GlobName) noexcept;
+
+  /// Supercedes DIBasedTypeHierarchy::isVTable
+  [[nodiscard]] static bool isVTable(llvm::StringRef MangledVarName);
 
   [[nodiscard]] const llvm::GlobalVariable *
   getVFTableGlobal(const llvm::DIType *Type) const;
@@ -48,7 +63,13 @@ class LLVMVFTableProvider {
 
 private:
   llvm::StringMap<const llvm::GlobalVariable *> ClearNameTVMap;
-  std::unordered_map<const llvm::DIType *, LLVMVFTable> TypeVFTMap;
+  std::unordered_map<std::pair<const llvm::DIType *, uint32_t>, LLVMVFTable,
+                     PairHash>
+      TypeVFTMap;
+  std::unordered_map<
+      const llvm::DIType *,
+      llvm::SmallDenseMap<const llvm::DIType *, llvm::SmallDenseSet<uint32_t>>>
+      BasesOfVirt;
 };
 } // namespace psr
 

include/phasar/PhasarLLVM/ControlFlow/Resolver/CHAResolver.h

@@ -38,7 +38,8 @@ class CHAResolver : public Resolver {
   // dtor in CHAResolver.cpp
   ~CHAResolver() override;
 
-  FunctionSetTy resolveVirtualCall(const llvm::CallBase *CallSite) override;
+  void resolveVirtualCall(FunctionSetTy &PossibleTargets,
+                          const llvm::CallBase *CallSite) override;
 
   [[nodiscard]] std::string str() const override;
 

include/phasar/PhasarLLVM/ControlFlow/Resolver/NOResolver.h

@@ -25,9 +25,11 @@ class NOResolver final : public Resolver {
 
   ~NOResolver() override = default;
 
-  FunctionSetTy resolveVirtualCall(const llvm::CallBase *CallSite) override;
+  void resolveVirtualCall(FunctionSetTy &PossibleTargets,
+                          const llvm::CallBase *CallSite) override;
 
-  FunctionSetTy resolveFunctionPointer(const llvm::CallBase *CallSite) override;
+  void resolveFunctionPointer(FunctionSetTy &PossibleTargets,
+                              const llvm::CallBase *CallSite) override;
 
   [[nodiscard]] std::string str() const override;
 

include/phasar/PhasarLLVM/ControlFlow/Resolver/OTFResolver.h

@@ -48,9 +48,11 @@ class OTFResolver : public Resolver {
   void handlePossibleTargets(const llvm::CallBase *CallSite,
                              FunctionSetTy &CalleeTargets) override;
 
-  FunctionSetTy resolveVirtualCall(const llvm::CallBase *CallSite) override;
+  void resolveVirtualCall(FunctionSetTy &PossibleTargets,
+                          const llvm::CallBase *CallSite) override;
 
-  FunctionSetTy resolveFunctionPointer(const llvm::CallBase *CallSite) override;
+  void resolveFunctionPointer(FunctionSetTy &PossibleTargets,
+                              const llvm::CallBase *CallSite) override;
 
   static std::set<const llvm::Type *>
   getReachableTypes(const LLVMAliasInfo::AliasSetTy &Values);

include/phasar/PhasarLLVM/ControlFlow/Resolver/RTAResolver.h

@@ -38,7 +38,8 @@ class RTAResolver : public CHAResolver {
 
   ~RTAResolver() override = default;
 
-  FunctionSetTy resolveVirtualCall(const llvm::CallBase *CallSite) override;
+  void resolveVirtualCall(FunctionSetTy &PossibleTargets,
+                          const llvm::CallBase *CallSite) override;
 
   [[nodiscard]] std::string str() const override;
 

include/phasar/PhasarLLVM/ControlFlow/Resolver/Resolver.h

@@ -52,10 +52,9 @@ getReceiverType(const llvm::CallBase *CallSite);
 
 /// Assuming that `CallSite` is a virtual call, where `Idx` is retrieved through
 /// `getVFTIndex()` and `T` through `getReceiverType()`
-[[nodiscard]] const llvm::Function *
-getNonPureVirtualVFTEntry(const llvm::DIType *T, unsigned Idx,
-                          const llvm::CallBase *CallSite,
-                          const psr::LLVMVFTableProvider &VTP);
+[[nodiscard]] const llvm::Function *getNonPureVirtualVFTEntry(
+    const llvm::DIType *T, unsigned Idx, const llvm::CallBase *CallSite,
+    const psr::LLVMVFTableProvider &VTP, const llvm::DIType *ReceiverType);
 
 [[nodiscard]] std::string getReceiverTypeName(const llvm::CallBase *CallSite);
 
@@ -79,11 +78,12 @@ class Resolver {
 
   const llvm::Function *
   getNonPureVirtualVFTEntry(const llvm::DIType *T, unsigned Idx,
-                            const llvm::CallBase *CallSite) {
+                            const llvm::CallBase *CallSite,
+                            const llvm::DIType *ReceiverType) {
     if (!VTP) {
       return nullptr;
     }
-    return psr::getNonPureVirtualVFTEntry(T, Idx, CallSite, *VTP);
+    return psr::getNonPureVirtualVFTEntry(T, Idx, CallSite, *VTP, ReceiverType);
   }
 
 public:
@@ -103,12 +103,6 @@ class Resolver {
   [[nodiscard]] FunctionSetTy
   resolveIndirectCall(const llvm::CallBase *CallSite);
 
-  [[nodiscard]] virtual FunctionSetTy
-  resolveVirtualCall(const llvm::CallBase *CallSite) = 0;
-
-  [[nodiscard]] virtual FunctionSetTy
-  resolveFunctionPointer(const llvm::CallBase *CallSite);
-
   virtual void otherInst(const llvm::Instruction *Inst);
 
   [[nodiscard]] virtual std::string str() const = 0;
@@ -126,6 +120,13 @@ class Resolver {
                                           const LLVMVFTableProvider *VTP,
                                           const DIBasedTypeHierarchy *TH,
                                           LLVMAliasInfoRef PT = nullptr);
+
+protected:
+  virtual void resolveVirtualCall(FunctionSetTy &PossibleTargets,
+                                  const llvm::CallBase *CallSite) = 0;
+
+  virtual void resolveFunctionPointer(FunctionSetTy &PossibleTargets,
+                                      const llvm::CallBase *CallSite);
 };
 } // namespace psr
 

include/phasar/PhasarLLVM/TypeHierarchy/DIBasedTypeHierarchy.h

@@ -58,7 +58,9 @@ class DIBasedTypeHierarchy
                                 const DIBasedTypeHierarchyData &SerializedData);
   ~DIBasedTypeHierarchy() override = default;
 
+  [[deprecated("Use LLVMVFTableProvider::isVTable() instead")]]
   static bool isVTable(llvm::StringRef VarName);
+  [[deprecated("Use LLVMVFTableProvider::removeVTablePrefix() instead")]]
   static std::string removeVTablePrefix(llvm::StringRef VarName);
 
   [[nodiscard]] bool hasType(ClassType Type) const override {

include/phasar/PhasarLLVM/TypeHierarchy/LLVMVFTable.h

@@ -73,26 +73,26 @@ class LLVMVFTable : public VFTable<const llvm::Function *> {
 
   void printAsJson(llvm::raw_ostream &OS) const override;
 
-  [[nodiscard]] std::vector<const llvm::Function *>::iterator begin() {
+  [[nodiscard]] std::vector<const llvm::Function *>::iterator begin() noexcept {
     return VFT.begin();
   }
 
   [[nodiscard]] std::vector<const llvm::Function *>::const_iterator
-  begin() const {
+  begin() const noexcept {
     return VFT.begin();
   };
 
-  [[nodiscard]] std::vector<const llvm::Function *>::iterator end() {
+  [[nodiscard]] std::vector<const llvm::Function *>::iterator end() noexcept {
     return VFT.end();
   };
 
   [[nodiscard]] std::vector<const llvm::Function *>::const_iterator
-  end() const {
+  end() const noexcept {
     return VFT.end();
   };
 
   [[nodiscard]] static std::vector<const llvm::Function *>
-  getVFVectorFromIRVTable(const llvm::ConstantStruct &);
+  getVFVectorFromIRVTable(const llvm::ConstantStruct &VT, uint32_t Index = 0);
 };
 
 } // namespace psr

include/phasar/PhasarLLVM/Utils/LLVMIRToSrc.h

@@ -33,7 +33,6 @@ class Value;
 class GlobalVariable;
 class Module;
 class DIFile;
-class DIType;
 class DILocation;
 } // namespace llvm
 

include/phasar/Utils/DefaultValue.h

@@ -40,6 +40,26 @@ getDefaultValue() noexcept(std::is_nothrow_default_constructible_v<T>) {
   }
 }
 
+namespace detail {
+struct DefaultCast {
+  template <typename To,
+            typename = std::enable_if_t<CanEfficientlyPassByValue<To>>>
+  operator To() && {
+    return psr::getDefaultValue<To>();
+  }
+
+  template <typename To,
+            typename = std::enable_if_t<!CanEfficientlyPassByValue<To>>>
+  operator const To &() && {
+    return psr::getDefaultValue<To>();
+  }
+};
+} // namespace detail
+
+/// Provides a value that automatically converts to (a const-ref to) the
+/// default-constructed object of the expected receiver type.
+static constexpr detail::DefaultCast default_value() noexcept { return {}; }
+
 } // namespace psr
 
 #endif // PHASAR_UTILS_DEFAULTVALUE_H