Enhanced RelationalTaintElement with new method for creating tainted elements from a set of program points

merendamattia · merendamattia · commit 804cd6e5c43a · 2025-12-13T12:02:04.000+01:00
diff --git a/src/main/java/it/unipr/crosschain/taint/RelationalTaintAbstractDomain.java b/src/main/java/it/unipr/crosschain/taint/RelationalTaintAbstractDomain.java
@@ -129,8 +129,10 @@ public RelationalTaintAbstractDomain smallStepSemantics(ValueExpression expressi
 				case "PushOperator":
 				case "Push0Operator": {
 					RelationalTaintAbstractDomain resultStack = clone();
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack.push(RelationalTaintElement.CLEAN);
 					return resultStack;
@@ -181,8 +183,10 @@ public RelationalTaintAbstractDomain smallStepSemantics(ValueExpression expressi
 					RelationalTaintAbstractDomain resultStack = clone();
 					resultStack.popX(3);
 
-					if (this.isTainted((Statement) pp))
-						return mk(resultStack.stack, RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						return mk(resultStack.stack, RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 
 					return resultStack;
 				}
@@ -192,19 +196,7 @@ public RelationalTaintAbstractDomain smallStepSemantics(ValueExpression expressi
 				case "BlockhashOperator":
 				case "NotOperator":
 				case "SloadOperator":
-				case "IszeroOperator": { // pop 1, push 1
-					if (hasBottomUntil(1))
-						return bottom();
-
-					RelationalTaintAbstractDomain resultStack = clone();
-					RelationalTaintElement opnd1 = resultStack.pop();
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
-					else
-						resultStack.push(RelationalTaintElement.semantics(opnd1));
-					return resultStack;
-				}
-
+				case "IszeroOperator":
 				case "CalldataloadOperator": { // pop 1, push 1
 					if (hasBottomUntil(1))
 						return bottom();
@@ -227,7 +219,7 @@ public RelationalTaintAbstractDomain smallStepSemantics(ValueExpression expressi
 					RelationalTaintAbstractDomain resultStack = clone();
 					resultStack.pop();
 					if (memory.isTaint())
-						resultStack.push(RelationalTaintElement.TAINT);
+						resultStack.push(RelationalTaintElement.newRelationalTaintedElement(memory.getProgramPoints()));
 					else if (memory.isClean())
 						resultStack.push(RelationalTaintElement.CLEAN);
 
@@ -243,7 +235,8 @@ else if (memory.isClean())
 					RelationalTaintElement value = resultStack.pop();
 
 					if (value.isTaint())
-						return mk(resultStack.stack, RelationalTaintElement.TAINT);
+						return mk(resultStack.stack,
+								RelationalTaintElement.newRelationalTaintedElement(value.getProgramPoints()));
 					else if (value.isClean())
 						return resultStack;
 				}
@@ -464,8 +457,10 @@ else if (value.isClean())
 					RelationalTaintElement offset = resultStack.pop();
 					RelationalTaintElement length = resultStack.pop();
 
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack.push(RelationalTaintElement.semantics(value, offset, length));
 					return resultStack;
@@ -479,8 +474,10 @@ else if (value.isClean())
 					RelationalTaintElement length = resultStack.pop();
 					RelationalTaintElement salt = resultStack.pop();
 
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack.push(RelationalTaintElement.semantics(value, offset, length, salt));
 					return resultStack;
@@ -498,8 +495,10 @@ else if (value.isClean())
 					RelationalTaintElement outOffset = resultStack.pop();
 					RelationalTaintElement outLength = resultStack.pop();
 
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack
 								.push(RelationalTaintElement.semantics(gas, to, value, inOffset, inLength, outOffset,
@@ -527,8 +526,10 @@ else if (value.isClean())
 					RelationalTaintElement outOffset = resultStack.pop();
 					RelationalTaintElement outLength = resultStack.pop();
 
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack.push(
 								RelationalTaintElement.semantics(gas, to, inOffset, inLength, outOffset, outLength));
@@ -567,8 +568,10 @@ else if (value.isClean())
 					RelationalTaintAbstractDomain resultStack = clone();
 					RelationalTaintElement address = resultStack.pop();
 
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack.push(RelationalTaintElement.semantics(address));
 					return resultStack;
@@ -595,8 +598,10 @@ else if (value.isClean())
 					RelationalTaintAbstractDomain resultStack = clone();
 					RelationalTaintElement address = resultStack.pop();
 
-					if (this.isTainted((Statement) pp))
-						resultStack.push(RelationalTaintElement.TAINT);
+					Statement stmt = (Statement) pp;
+					if (this.isTainted(stmt))
+						resultStack.push(RelationalTaintElement
+								.newRelationalTaintedElement(((ProgramCounterLocation) stmt.getLocation()).getPc()));
 					else
 						resultStack.push(RelationalTaintElement.semantics(address));
 					return resultStack;
diff --git a/src/main/java/it/unipr/crosschain/taint/RelationalTaintElement.java b/src/main/java/it/unipr/crosschain/taint/RelationalTaintElement.java
@@ -37,8 +37,22 @@ public RelationalTaintElement(byte v, Integer programPoint) {
 	 *             provided program points
 	 */
 	public static RelationalTaintElement newRelationalTaintedElement(Integer... programPoints) {
+		return newRelationalTaintedElement(Set.of(programPoints));
+	}
+
+	/**
+	 * Creates a new tainted relational taint element with the specified program
+	 * points.
+	 *
+	 * @param programPoints the program points to associate with the tainted
+	 *                          element
+	 *
+	 * @return a new RelationalTaintElement with type TAINT containing all the
+	 *             provided program points
+	 */
+	public static RelationalTaintElement newRelationalTaintedElement(Set<Integer> programPoints) {
 		RelationalTaintElement t = new RelationalTaintElement((byte) 2);
-		t.programPoints.addAll(List.of(programPoints));
+		t.programPoints.addAll(programPoints);
 		return t;
 	}
 
@@ -235,4 +249,8 @@ public boolean equals(Object obj) {
 		RelationalTaintElement other = (RelationalTaintElement) obj;
 		return v == other.v && programPoints.equals(other.programPoints);
 	}
+
+	public Set<Integer> getProgramPoints() {
+		return programPoints;
+	}
 }
