Newer
Older
void SMPPhiFunction::SetSSADef(int NewSSASub) {
this->DefName.SetSSANum(NewSSASub);
return;
}
// Set the SSA number of the input variable.
void SMPPhiFunction::SetSSARef(size_t index, int NewSSASub) {
this->SubscriptedOps.SetSSANum(index, NewSSASub);
return;
}
// Set the type of the defined variable.
void SMPPhiFunction::SetDefType(SMPOperandType Type, const SMPInstr* Instr) {
this->DefName.SetType(Type, Instr);
return;
}
// Set the type of the input variable.
void SMPPhiFunction::SetRefType(size_t index, SMPOperandType Type, const SMPInstr* Instr) {
this->SubscriptedOps.SetType(index, Type, Instr);
// Set the metadata status of the DEF variable.
void SMPPhiFunction::SetDefMetadata(SMPMetadataType Status) {
this->DefName.SetMetadataStatus(Status);
return;
} // end of SMPPhiFunction::SetDefMetadata()
// Does at least one USE have a type other than UNINIT?
bool SMPPhiFunction::HasTypedUses(void) {
size_t index;
for (index = 0; index < this->GetPhiListSize(); ++index) {
if (UNINIT != this->GetUseType(index))
return true;
}
return false;
} // end of SMPPhiFunction::HasTypedUses()
// Return the result of applying the conditional type propagation meet operator
// over all the USE types.
SMPOperandType SMPPhiFunction::ConditionalMeetType(SMPBasicBlock *CurrBlock) const {
SMPOperandType MeetType;
SMPOperandType PtrType = UNINIT;
SMPOperandType NumericType = UNINIT; // can end up NUMERIC or CODEPTR
bool FoundUNINIT = false; // any USE type UNINIT?
bool FoundNUMERIC = false; // any USE type NUMERIC?
bool FoundZero = false; // was DEF to zero? (could be POINTER or NUMERIC
bool FoundPOINTER = false; // includes all POINTER subtypes
bool FoundUNKNOWN = false; // any USE type UNKNOWN?
clc5q
committed
bool FoundPTROFFSET = false; // any USE type PTROFFSET?
bool FoundNEGATEDPTR = false; // any USE type NEGATEDPTR?
bool ProfilerDerived = false; // was any USE type Profiler-derived?
list<size_t> ZeroConstIndices;
STARS_ea_t BlockStartAddr = CurrBlock->GetFirstAddr(); // for debugging
STARSOpndTypePtr PhiOp = this->GetAnyOp();
for (size_t index = 0; index < this->GetPhiListSize(); ++index) {
SMPOperandType UseType = this->GetUseType(index);
if (IsEqType(UseType, UNINIT))
FoundUNINIT = true;
else if (IsNumeric(UseType)) {
// Check for possibility that we aggressively declared NUMERIC when register was set to zero.
int UseSSANum = this->GetUseSSANum(index);
bool CurrentUseZeroCase = false;
if (MDIsDataFlowOpnd(PhiOp, false)) {
STARS_ea_t DefAddr = CurrBlock->GetFunc()->GetGlobalDefAddr(PhiOp, UseSSANum);
// Handle simple case: DEF is in an instruction.
if ((STARS_BADADDR != DefAddr) && (DefAddr < STARS_PSEUDO_ID_MIN)) {
SMPInstr *DefInst = CurrBlock->GetFunc()->GetInstFromAddr(DefAddr);
CurrentUseZeroCase = DefInst->IsSetToZero();
}
}
if (CurrentUseZeroCase) {
FoundZero = true;
ZeroConstIndices.push_back(index);
FoundNUMERIC = true;
if (IsEqType(NumericType, CODEPTR)) {
// Already refined. If current type agrees, leave it
// alone, else revert to generic type NUMERIC.
if (IsNotEqType(UseType, NumericType))
NumericType = NUMERIC;
}
else {
// Have not yet refined NumericType; might still be UNINIT.
if (IsEqType(UNINIT, NumericType))
NumericType = UseType;
else { // NumericType is NUMERIC; leave it as NUMERIC.
assert(IsEqType(NUMERIC, NumericType));
}
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
}
}
}
else if (IsDataPtr(UseType)) {
FoundPOINTER = true;
// Perform a meet over the pointer types.
if (IsRefinedDataPtr(PtrType)) {
// Already refined. If current type agrees, leave it
// alone, else revert to generic type POINTER.
if (IsNotEqType(UseType, PtrType))
PtrType = POINTER;
}
else {
// Have not yet refined PtrType; might still be UNINIT.
if (IsEqType(UNINIT, PtrType))
PtrType = UseType;
else { // PtrType is POINTER because we saw POINTER or
// had a conflict between pointer refinements; leave
// it as POINTER.
assert(IsEqType(POINTER, PtrType));
}
}
}
clc5q
committed
else if (IsEqType(PTROFFSET, UseType))
FoundPTROFFSET = true;
else if (IsEqType(NEGATEDPTR, UseType))
FoundNEGATEDPTR = true;
else if (IsUnknown(UseType))
FoundUNKNOWN = true;
if (IsProfDerived(UseType))
ProfilerDerived = true;
}
// Use the boolean flags to compute the meet function.
clc5q
committed
if (FoundUNKNOWN || (FoundNUMERIC && FoundPOINTER)
|| ((FoundNUMERIC || FoundPOINTER || FoundNEGATEDPTR) && FoundPTROFFSET)
|| ((FoundNUMERIC || FoundPOINTER || FoundPTROFFSET) && FoundNEGATEDPTR))
MeetType = UNKNOWN;
else if (FoundNUMERIC)
MeetType = NumericType;
else if (FoundPOINTER) {
MeetType = PtrType;
if (FoundZero) { // mixture of POINTER and const zero DEFs, i.e. ptr := NULL;
// Undo the aggressive NUMERIC inference when registers are set to zero.
// NOTE: There cannot be any alterations to the reg between the zero DEF and
// the current block on at least one path, or it would not show up in the Phi function with the
// current SSA number.
do {
size_t ZeroConstIndex = ZeroConstIndices.front();
int UseSSANum = this->GetUseSSANum(ZeroConstIndex);
STARS_ea_t DefAddr = CurrBlock->GetFunc()->GetGlobalDefAddr(PhiOp, UseSSANum);
// Handle simple case: DEF is in an instruction.
if ((STARS_BADADDR != DefAddr) && (DefAddr < STARS_PSEUDO_ID_MIN)) {
SMPInstr *DefInst = CurrBlock->GetFunc()->GetInstFromAddr(DefAddr);
set<DefOrUse, LessDefUse>::iterator DefIter = DefInst->SetDefType(PhiOp, PtrType);
SMP_msg("INFO: Converting zeroed reg from NUMERIC to POINTER at %lx for Block at %lx\n",
(unsigned long) DefAddr, (unsigned long) BlockStartAddr);
CurrBlock->GetFunc()->ResetProcessedBlocks();
SMPBasicBlock *DefBlock = CurrBlock->GetFunc()->GetBlockFromInstAddr(DefAddr);
#if 0 // Causes infinite loops, crashes; need to debug !!!!****!!!!
DefBlock->PropagateGlobalDefType(PhiOp, PtrType, UseSSANum, false, true);
#else
DefBlock->PropagateGlobalDefType(PhiOp, PtrType, UseSSANum, false, false);
#endif
}
ZeroConstIndices.pop_front();
} while (!ZeroConstIndices.empty());
}
}
clc5q
committed
else if (FoundPTROFFSET)
MeetType = PTROFFSET;
else if (FoundNEGATEDPTR)
MeetType = NEGATEDPTR;
else if (FoundZero && (!FoundUNINIT)) // nothing but zeroes
MeetType = NUMERIC;
else {
assert(FoundUNINIT);
MeetType = UNINIT;
}
if (ProfilerDerived)
MeetType = MakeProfDerived(MeetType);
return MeetType;
} // end of SMPPhiFunction::ConditionalMeetType()
// Debug printing.
void SMPPhiFunction::Dump(void) const {
clc5q
committed
SMP_msg(" DEF: ");
this->DefName.Dump();
clc5q
committed
SMP_msg(" USEs: ");
this->SubscriptedOps.Dump();
return;
}
// *****************************************************************
// Class SMPDefUseChain
// *****************************************************************
// Constructors
SMPDefUseChain::SMPDefUseChain(void) {
this->SSAName = nullptr;
clc5q
committed
this->RefInstrs.clear();
this->RefInstrs.push_back((unsigned short) STARS_BADADDR);
this->IndWrite = false;
return;
}
SMPDefUseChain::SMPDefUseChain(STARSOpndTypePtr Name, STARS_ea_t Def) {
this->SetName(Name);
this->RefInstrs.push_back(Def);
this->IndWrite = false;
return;
}
// Set the variable name.
void SMPDefUseChain::SetName(STARSOpndTypePtr Name) {
STARSOpndTypePtr Name2 = nullptr;
if (Name->IsRegOp()) {
// We want to map AH, AL, and AX to EAX, etc. throughout our data flow analysis
// and type inference systems.
Name2 = CloneIfSubwordReg(Name);
CanonicalizeOpnd(Name2);
}
else {
Name2 = Name;
this->SSAName = Name2;
return;
}
// Set the DEF instruction.
void SMPDefUseChain::SetDef(STARS_ea_t Def) {
this->RefInstrs[0] = (unsigned short) Def;
return;
}
// Push a USE onto the list
void SMPDefUseChain::PushUse(STARS_ea_t Use) {
this->RefInstrs.push_back((unsigned short) Use);
return;
}
// Set the indirect memory write flag.
void SMPDefUseChain::SetIndWrite(bool IndMemWrite) {
this->IndWrite = IndMemWrite;
return;
}
// DEBUG dump.
clc5q
committed
void SMPDefUseChain::Dump(int SSANum) const {
clc5q
committed
SMP_msg("DEF-USE chain for: ");
PrintListOperand(this->SSAName, SSANum);
if (this->RefInstrs.size() < 1) {
clc5q
committed
SMP_msg(" no references.\n");
return;
}
clc5q
committed
SMP_msg("\n DEF: %x USEs: ", this->RefInstrs.at(0));
size_t index;
for (index = 1; index < this->RefInstrs.size(); ++index)
clc5q
committed
SMP_msg("%x ", this->RefInstrs.at(index));
SMP_msg("\n");
return;
} // end of SMPDefUseChain::Dump()
// *****************************************************************
// Class SMPDUChainArray
// *****************************************************************
SMPDUChainArray::SMPDUChainArray(void) {
this->SSAName = nullptr;
this->DUChains.clear();
return;
}
SMPDUChainArray::SMPDUChainArray(STARSOpndTypePtr Name, STARS_ea_t FirstAddrMinusOne) {
STARSOpndTypePtr Name2 = nullptr;
if (Name->IsRegOp()) {
// We want to map AH, AL, and AX to EAX, etc. throughout our data flow analysis
// and type inference systems.
Name2 = CloneIfSubwordReg(Name);
CanonicalizeOpnd(Name2);
else {
Name2 = Name;
}
this->SSAName = Name2;
this->BaseAddr = FirstAddrMinusOne;
this->DUChains.clear();
return;
}
STARS_ea_t SMPDUChainArray::GetLastUse(int SSANum) const {
STARS_ea_t TempAddr = DUChains.at(SSANum).GetLastUse();
if (STARS_BADADDR != TempAddr) {
// If STARS_BADADDR, leave it as STARS_BADADDR. Otherwise, add in BaseAddr.
TempAddr += this->BaseAddr;
}
return TempAddr;
}
void SMPDUChainArray::SetName(STARSOpndTypePtr Name, STARS_ea_t FirstAddrMinusOne) {
STARSOpndTypePtr Name2 = nullptr;
if (Name->IsRegOp()) {
// We want to map AH, AL, and AX to EAX, etc. throughout our data flow analysis
// and type inference systems.
Name2 = CloneIfSubwordReg(Name);
CanonicalizeOpnd(Name2);
}
else {
Name2 = Name;
this->SSAName = Name2;
this->BaseAddr = FirstAddrMinusOne;
return;
}
// DEBUG dump.
clc5q
committed
void SMPDUChainArray::Dump(void) const {
size_t index;
for (index = 0; index < this->GetSize(); ++index) {
this->DUChains.at(index).Dump((int) index);
}
return;
}
// *****************************************************************
// Class SMPCompleteDUChains
// *****************************************************************
// DEBUG dump.
clc5q
committed
void SMPCompleteDUChains::Dump(void) const {
size_t index;
for (index = 0; index < this->ChainsByName.size(); ++index) {
this->ChainsByName.at(index).Dump();
}
return;
} // end of SMPCompleteDUChains::Dump()
// *****************************************************************
// Class STARSBitSet
// *****************************************************************
// Constructors.
STARSBitSet::STARSBitSet() {
this->BitLimit = 0;
}
// Get methods
bool STARSBitSet::GetBit(size_t BitIndex) const {
size_t ByteIndex = BitIndex / 8;
size_t BitNumber = BitIndex % 8;
clc5q
committed
assert(BitIndex <= this->BitLimit);
return (0 != (this->STARSBits.at(ByteIndex) & STARSBitMasks[BitNumber]));
}
// Set methods
void STARSBitSet::AllocateBits(size_t Size) {
size_t Bytes = Size / 8;
size_t ExtraBits = Size % 8;
clc5q
committed
this->BitLimit = Size;
if (0 != ExtraBits) {
}
else {
}
for (Bytes = 0; Bytes < this->STARSBits.size(); ++Bytes) {
this->STARSBits[Bytes] = 0;
}
}
void STARSBitSet::SetBit(size_t BitIndex) {
size_t ByteIndex = BitIndex / 8;
size_t BitNumber = BitIndex % 8;
clc5q
committed
assert(BitIndex <= this->BitLimit);
this->STARSBits[ByteIndex] |= STARSBitMasks[BitNumber];
return;
}
void STARSBitSet::ResetBit(size_t BitIndex) {
size_t ByteIndex = BitIndex / 8;
size_t BitNumber = BitIndex % 8;
clc5q
committed
assert(BitIndex <= this->BitLimit);
this->STARSBits[ByteIndex] &= (~STARSBitMasks[BitNumber]);
return;
}
// Query methods
// Returns false if all bits are zero, true otherwise.
bool STARSBitSet::IsAnyBitSet(void) const {
bool FoundSetBit = false;
size_t ByteIndex;
for (ByteIndex = 0; ByteIndex < this->STARSBits.size(); ++ByteIndex) {
if (0 != this->STARSBits[ByteIndex]) {
FoundSetBit = true;
break;
}
}
return FoundSetBit;
}
clc5q
committed
// Map system or library call name to FG info about its return value.
map<string, struct FineGrainedInfo> ReturnRegisterTypeMap;
clc5q
committed
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
// Map system or library call name to the annotation substring that
// guides saturating arithmetic or other continuation policies in
// the case of integer error detection of a value passed to that call.
// If we don't care about a certain call, we return an empty string.
static map<string, string> IntegerErrorCallSinkMap;
void InitIntegerErrorCallSinkMap(void) {
pair<string, string> MapEntry;
pair<map<string, string>::iterator, bool> InsertResult;
MapEntry.first = string("malloc");
MapEntry.second = string("SINKMALLOC");
InsertResult = IntegerErrorCallSinkMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("calloc");
MapEntry.second = string("SINKMALLOC");
InsertResult = IntegerErrorCallSinkMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("realloc");
MapEntry.second = string("SINKMALLOC");
InsertResult = IntegerErrorCallSinkMap.insert(MapEntry);
assert(InsertResult.second);
return;
}
// Return sink string for call name from the sink map.
// If we don't care find the call name, we return an empty string.
void GetSinkStringForCallName(string CalleeName, string &SinkString) {
map<string, string>::iterator MapIter;
SinkString.clear(); // empty string, append map string if found later
MapIter = IntegerErrorCallSinkMap.find(CalleeName);
if (MapIter != IntegerErrorCallSinkMap.end()) { // found it
SinkString.append(MapIter->second);
}
return;
}
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
// Map system or library call name to the argument number that
// should have an unsigned value and should be guarded from the
// signedness error that results from copying a signed value
// into the outgoing argument. Argument numbers are zero-based.
// We will return 0 when there is no argument to worry about
// for a particular library or system call name.
static map<string, unsigned int> UnsignedArgPositionMap;
void InitUnsignedArgPositionMap(void) {
pair<string, unsigned int> MapEntry;
pair<map<string, unsigned int>::iterator, bool> InsertResult;
// <string.h>
MapEntry.first = string("memchr");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcmp");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcpy");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memmove");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memset");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncat");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncmp");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncpy");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strxfrm");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdlib.h>
MapEntry.first = string("malloc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("calloc");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("realloc");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("bsearch");
MapEntry.second = (STARS_ARG_POS_2 | STARS_ARG_POS_3);
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("qsort");
MapEntry.second = (STARS_ARG_POS_1 | STARS_ARG_POS_2);
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mblen");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbtowc");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbstowcs");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wcstombs");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdio.h>
MapEntry.first = string("setvbuf");
MapEntry.second = STARS_ARG_POS_3;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <time.h>
MapEntry.first = string("strftime");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = UnsignedArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
return;
} // end of InitUnsignedArgPositionMap()
clc5q
committed
// Return unsigned arg position bitset for call name from the unsigned arg map.
// If we don't find the call name, we return 0 in ArgPosBits.
void GetUnsignedArgPositionsForCallName(string CalleeName, unsigned int &ArgPosBits) {
map<string, unsigned int>::iterator MapIter;
ArgPosBits = 0; // Change if found later
MapIter = UnsignedArgPositionMap.find(CalleeName);
if (MapIter != UnsignedArgPositionMap.end()) { // found it
ArgPosBits = MapIter->second;
}
return;
}
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
// Map of function names to arguments that are dangerous to supply
// with user-tainted input values.
static map<string, unsigned int> TaintWarningArgPositionMap;
void InitTaintWarningArgPositionMap(void) {
pair<string, unsigned int> MapEntry;
pair<map<string, unsigned int>::iterator, bool> InsertResult;
// <string.h>
MapEntry.first = string("memchr");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcmp");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcpy");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memmove");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memset");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncat");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncmp");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncpy");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strxfrm");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdlib.h>
MapEntry.first = string("malloc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("calloc");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("realloc");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("bsearch");
MapEntry.second = (STARS_ARG_POS_2 | STARS_ARG_POS_3);
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("qsort");
MapEntry.second = (STARS_ARG_POS_1 | STARS_ARG_POS_2);
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mblen");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbtowc");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbstowcs");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wcstombs");
MapEntry.second = STARS_ARG_POS_2;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdio.h>
MapEntry.first = string("setvbuf");
MapEntry.second = STARS_ARG_POS_3;
InsertResult = TaintWarningArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
return;
} // end of InitTaintWarningArgPositionMap()
// Return dangerous-to-taint arg position bitset for call name from the taint warning map.
// If we don't find the call name, we return 0 in ArgPosBits.
clc5q
committed
void GetTaintWarningArgPositionsForCallName(string CalleeName, unsigned int &ArgPosBits) {
map<string, unsigned int>::iterator MapIter;
ArgPosBits = 0; // Change if found later
MapIter = TaintWarningArgPositionMap.find(CalleeName);
if (MapIter != TaintWarningArgPositionMap.end()) { // found it
ArgPosBits = MapIter->second;
}
return;
}
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
// Map of function names to POINTER argument positions.
static map<string, unsigned int> PointerArgPositionMap;
// Init map of system or library call name to the argument number that
// should have a POINTER value.
void InitPointerArgPositionMap(void) {
pair<string, unsigned int> MapEntry;
pair<map<string, unsigned int>::iterator, bool> InsertResult;
// <locale.h>
MapEntry.first = string("setlocale");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <math.h>
MapEntry.first = string("modf");
MapEntry.second = STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <string.h>
MapEntry.first = string("memchr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcmp");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memcpy");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memmove");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("memset");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcat");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncat");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcmp");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncmp");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcpy");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strncpy");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcoll");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strxfrm");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strchr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strcspn");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strpbrk");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strrchr");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strspn");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strstr");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtok");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strlen");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdlib.h>
MapEntry.first = string("atof");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("atoi");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("atol");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtod");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtol");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("strtoul");
MapEntry.second = STARS_ARG_POS_0 | STARS_ARG_POS_1;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("free");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("realloc");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("getenv");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("system");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("bsearch");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("qsort");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mblen");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbtowc");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wctomb");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("mbstowcs");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("wcstombs");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
// <stdio.h>
MapEntry.first = string("remove");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("rename");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("tmpnam");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fclose");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fflush");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fopen");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("freopen");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1 | STARS_ARG_POS_2);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("setbuf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("setvbuf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("fscanf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("printf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("scanf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("sprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("sscanf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("vfprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("vprintf");
MapEntry.second = STARS_ARG_POS_0;
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);
MapEntry.first = string("vsprintf");
MapEntry.second = (STARS_ARG_POS_0 | STARS_ARG_POS_1);
InsertResult = PointerArgPositionMap.insert(MapEntry);
assert(InsertResult.second);