Fixed bug: all nodes and edges are correctly added to xCFG

Specifically, updated ProgramCounterLocation

Author: merendamattia

src/main/java/it/unipr/cfg/EVMCFG.java

@@ -41,8 +41,8 @@ public class EVMCFG extends CFG {
 	public Set<Statement> pushedJumps;
 	public Set<Statement> sstores;
 	public Set<Statement> sha3s;
-	public List<Statement> logxs;
-	public List<Statement> calls;
+	public Set<Statement> logxs;
+	public Set<Statement> calls;
 
 	public EVMCFG(CodeMemberDescriptor descriptor, Collection<Statement> entrypoints,
 			NodeList<CFG, Statement, Edge> list) {
@@ -54,16 +54,16 @@ public EVMCFG(CodeMemberDescriptor cfgDesc) {
 	}
 
 	/**
-	 * Returns a list of all the CALL, STATICCALL and DELEGATECALL statements in
+	 * Returns a set of all the CALL, STATICCALL and DELEGATECALL statements in
 	 * the CFG.
 	 *
-	 * @return a list of all the CALL, STATICCALL and DELEGATECALL statements in
+	 * @return a set of all the CALL, STATICCALL and DELEGATECALL statements in
 	 *             the CFG
 	 */
-	public List<Statement> getAllCall() {
+	public Set<Statement> getAllCall() {
 		if (this.calls == null) {
 			NodeList<CFG, Statement, Edge> cfgNodeList = this.getNodeList();
-			List<Statement> calls = new ArrayList<>();
+			Set<Statement> calls = new HashSet<>();
 
 			for (Statement statement : cfgNodeList.getNodes()) {
 				if (statement instanceof Call) {
@@ -82,14 +82,14 @@ public List<Statement> getAllCall() {
 	}
 
 	/**
-	 * Returns a list of all the LOGx statements in the CFG.
+	 * Returns a set of all the LOGx statements in the CFG.
 	 *
-	 * @return a list of all the LOGx statements in the CFG
+	 * @return a set of all the LOGx statements in the CFG
 	 */
-	public List<Statement> getAllLogX() {
+	public Set<Statement> getAllLogX() {
 		if (logxs == null) {
 			NodeList<CFG, Statement, Edge> cfgNodeList = this.getNodeList();
-			List<Statement> logxs = new ArrayList<>();
+			Set<Statement> logxs = new HashSet<>();
 
 			for (Statement statement : cfgNodeList.getNodes()) {
 				if (statement instanceof Log) {

src/main/java/it/unipr/cfg/ProgramCounterLocation.java

@@ -10,15 +10,34 @@ public class ProgramCounterLocation implements CodeLocation {
 
 	private final int pc;
 	private final int sourceCodeLine;
+	private final int cfgHashCode;
 
 	/**
-	 * Default constructor.
-	 * 
-	 * @param pc integer representing the code location of the opcode
+	 * Constructs a {@code ProgramCounterLocation} with the specified program
+	 * counter (PC) and source code line.
+	 *
+	 * @param pc             the integer representing the code location of the
+	 *                           opcode
+	 * @param sourceCodeLine the corresponding line number in the source code
 	 */
 	public ProgramCounterLocation(int pc, int sourceCodeLine) {
+		this(pc, sourceCodeLine, 0);
+	}
+
+	/**
+	 * Constructs a {@code ProgramCounterLocation} with the specified program
+	 * counter (PC), source code line, and control flow graph (CFG) hash code.
+	 *
+	 * @param pc             the integer representing the code location of the
+	 *                           opcode
+	 * @param sourceCodeLine the corresponding line number in the source code
+	 * @param cfgHashCode    the hash code of the associated control flow graph
+	 *                           (CFG)
+	 */
+	public ProgramCounterLocation(int pc, int sourceCodeLine, int cfgHashCode) {
 		this.pc = pc;
 		this.sourceCodeLine = sourceCodeLine;
+		this.cfgHashCode = cfgHashCode;
 	}
 
 	@Override
@@ -45,7 +64,7 @@ public String getCodeLocation() {
 
 	@Override
 	public int hashCode() {
-		return Objects.hash(pc);
+		return Objects.hash(pc) + Objects.hash(sourceCodeLine) + Objects.hash(cfgHashCode);
 	}
 
 	@Override
@@ -62,7 +81,7 @@ public boolean equals(Object obj) {
 		if (getClass() != obj.getClass())
 			return false;
 		ProgramCounterLocation other = (ProgramCounterLocation) obj;
-		return pc == other.pc;
+		return pc == other.pc && cfgHashCode == other.cfgHashCode && sourceCodeLine == other.sourceCodeLine;
 	}
 
 	/**

src/main/java/it/unipr/checker/CallDataLoadChecker.java

@@ -0,0 +1,98 @@
+package it.unipr.checker;
+
+import it.unipr.analysis.AbstractStack;
+import it.unipr.analysis.EVMAbstractState;
+import it.unipr.analysis.taint.TaintAbstractDomain;
+import it.unipr.cfg.Calldataload;
+import it.unipr.cfg.EVMCFG;
+import it.unipr.cfg.ProgramCounterLocation;
+import it.unipr.utils.MyCache;
+import it.unive.lisa.analysis.AnalysisState;
+import it.unive.lisa.analysis.AnalyzedCFG;
+import it.unive.lisa.analysis.SemanticException;
+import it.unive.lisa.analysis.SimpleAbstractState;
+import it.unive.lisa.analysis.heap.MonolithicHeap;
+import it.unive.lisa.analysis.nonrelational.value.TypeEnvironment;
+import it.unive.lisa.analysis.types.InferredTypes;
+import it.unive.lisa.checks.semantic.CheckToolWithAnalysisResults;
+import it.unive.lisa.checks.semantic.SemanticCheck;
+import it.unive.lisa.program.cfg.CFG;
+import it.unive.lisa.program.cfg.statement.Statement;
+import java.util.Set;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+public class CallDataLoadChecker implements
+		SemanticCheck<SimpleAbstractState<MonolithicHeap, EVMAbstractState, TypeEnvironment<InferredTypes>>> {
+
+	private static final Logger log = LogManager.getLogger(CallDataLoadChecker.class);
+
+	@Override
+	public boolean visit(
+			CheckToolWithAnalysisResults<
+					SimpleAbstractState<MonolithicHeap, EVMAbstractState, TypeEnvironment<InferredTypes>>> tool,
+			CFG graph, Statement node) {
+
+		if (node instanceof Calldataload) {
+			EVMCFG cfg = ((EVMCFG) graph);
+			Statement callDataLoad = node;
+
+			for (AnalyzedCFG<SimpleAbstractState<MonolithicHeap, EVMAbstractState,
+					TypeEnvironment<InferredTypes>>> result : tool.getResultOf(cfg)) {
+				AnalysisState<SimpleAbstractState<MonolithicHeap, EVMAbstractState,
+						TypeEnvironment<InferredTypes>>> analysisResult = null;
+
+				try {
+					analysisResult = result.getAnalysisStateBefore(callDataLoad);
+				} catch (SemanticException e1) {
+					log.error("(CallDataLoadChecker): {}", e1.getMessage());
+				}
+
+				// Retrieve the symbolic stack from the analysis result
+				EVMAbstractState valueState = analysisResult.getState().getValueState();
+
+				// If the value state is bottom, the jump is definitely
+				// unreachable
+				if (valueState.isBottom())
+					// Nothing to do
+					continue;
+				else if (valueState.isTop())
+					continue;
+				else {
+					for (AbstractStack stack : valueState.getStacks()) {
+						log.debug(stack);
+					}
+				}
+			}
+		}
+
+		return true;
+	}
+
+	private void checkForUncheckedStateUpdate(Statement sstore, CheckToolWithAnalysisResults<
+			SimpleAbstractState<MonolithicHeap, TaintAbstractDomain, TypeEnvironment<InferredTypes>>> tool,
+			EVMCFG cfg) {
+
+		Set<Statement> jumps = cfg.getAllJumpI();
+		Set<Statement> calls = cfg.getAllCall();
+
+		for (Statement call : calls) {
+			if (cfg.reachableFrom(call, sstore)) {
+				if (!cfg.reachableFromCrossing(call, sstore, jumps)) {
+
+					ProgramCounterLocation sstoreLocation = (ProgramCounterLocation) sstore.getLocation();
+
+					log.warn("Unchecked State Update vulnerability at {} at line no. {} coming from line {}",
+							sstoreLocation.getPc(),
+							sstoreLocation.getSourceCodeLine(),
+							((ProgramCounterLocation) call.getLocation()).getSourceCodeLine());
+
+					String warn = "Unchecked State Update vulnerability at "
+							+ ((ProgramCounterLocation) call.getLocation()).getSourceCodeLine();
+					tool.warn(warn);
+					MyCache.getInstance().addUncheckedStateUpdateWarning(cfg.hashCode(), warn);
+				}
+			}
+		}
+	}
+}

src/main/java/it/unipr/checker/UncheckedStateUpdateChecker.java

@@ -17,7 +17,6 @@
 import it.unive.lisa.checks.semantic.SemanticCheck;
 import it.unive.lisa.program.cfg.CFG;
 import it.unive.lisa.program.cfg.statement.Statement;
-import java.util.List;
 import java.util.Set;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -79,7 +78,7 @@ private void checkForUncheckedStateUpdate(Statement sstore, CheckToolWithAnalysi
 			EVMCFG cfg) {
 
 		Set<Statement> jumps = cfg.getAllJumpI();
-		List<Statement> calls = cfg.getAllCall();
+		Set<Statement> calls = cfg.getAllCall();
 
 		for (Statement call : calls) {
 			if (cfg.reachableFrom(call, sstore)) {