Bug fixing for HF privacy analysis

Author: olivieriluca

go-lisa/src/main/java/it/unive/golisa/cfg/expression/GoCollectionAccess.java

@@ -12,11 +12,15 @@
 import it.unive.lisa.analysis.nonrelational.value.NonRelationalValueDomain;
 import it.unive.lisa.analysis.nonrelational.value.ValueEnvironment;
 import it.unive.lisa.interprocedural.InterproceduralAnalysis;
+import it.unive.lisa.program.Global;
 import it.unive.lisa.program.SourceCodeLocation;
+import it.unive.lisa.program.Unit;
 import it.unive.lisa.program.cfg.CFG;
 import it.unive.lisa.program.cfg.statement.BinaryExpression;
 import it.unive.lisa.program.cfg.statement.Expression;
 import it.unive.lisa.program.cfg.statement.Statement;
+import it.unive.lisa.program.cfg.statement.global.AccessGlobal;
+import it.unive.lisa.program.cfg.statement.global.AccessInstanceGlobal;
 import it.unive.lisa.symbolic.SymbolicExpression;
 import it.unive.lisa.symbolic.heap.AccessChild;
 import it.unive.lisa.symbolic.heap.HeapDereference;
@@ -25,6 +29,7 @@
 import it.unive.lisa.symbolic.value.Identifier;
 import it.unive.lisa.symbolic.value.PushAny;
 import it.unive.lisa.symbolic.value.ValueExpression;
+import it.unive.lisa.symbolic.value.Variable;
 import it.unive.lisa.type.Type;
 import it.unive.lisa.type.Untyped;
 
@@ -78,6 +83,14 @@ public <A extends AbstractState<A>> AnalysisState<A> fwdBinarySemantics(Interpro
 		if (right instanceof Tainted)
 			return state.smallStepSemantics(right, this);
 
+		if(left instanceof Variable) {
+			Unit unit = this.getProgram().getUnit(left.toString());
+			if(unit != null) {
+				Global global = unit.getGlobal(right.toString());
+				
+				return new AccessGlobal(getCFG(), getLocation(), unit, global).forwardSemantics(state, interprocedural, expressions);
+			}
+		}
 
 		SymbolicExpression inner;
 		if (left instanceof HeapReference)

go-lisa/src/main/java/it/unive/golisa/cfg/runtime/encoding/base64/function/DecodeString.java

@@ -21,6 +21,7 @@
 import it.unive.lisa.program.cfg.CodeMemberDescriptor;
 import it.unive.lisa.program.cfg.NativeCFG;
 import it.unive.lisa.program.cfg.Parameter;
+import it.unive.lisa.program.cfg.statement.BinaryExpression;
 import it.unive.lisa.program.cfg.statement.Expression;
 import it.unive.lisa.program.cfg.statement.PluggableStatement;
 import it.unive.lisa.program.cfg.statement.Statement;
@@ -45,7 +46,8 @@ public class DecodeString extends NativeCFG {
 	 * @param unit the unit to which this native cfg belongs to
 	 */
 	public DecodeString(CodeLocation location, CompilationUnit unit) {
-		super(new CodeMemberDescriptor(location, unit, false, "DecodeString", GoErrorType.INSTANCE,
+		super(new CodeMemberDescriptor(location, unit, true, "DecodeString", GoErrorType.INSTANCE,
+				new Parameter(location, "encoding", Encoding.getEncodingType(unit.getProgram())),
 				new Parameter(location, "s", GoStringType.INSTANCE)),
 				DecodeStringImpl.class);
 	}
@@ -55,7 +57,7 @@ public DecodeString(CodeLocation location, CompilationUnit unit) {
 	 * 
 	 * @author <a href="mailto:[email protected]">Luca Olivieri</a>
 	 */
-	public static class DecodeStringImpl extends UnaryExpression
+	public static class DecodeStringImpl extends BinaryExpression
 			implements PluggableStatement {
 
 		private Statement original;
@@ -65,23 +67,19 @@ public void setOriginatingStatement(Statement st) {
 			original = st;
 		}
 
-		@Override
-		protected int compareSameClassAndParams(Statement o) {
-			return 0; // nothing else to compare
-		}
 
 		/**
 		 * Builds the pluggable statement.
 		 * 
 		 * @param cfg      the {@link CFG} where this pluggable statement lies
 		 * @param location the location where this pluggable statement is
 		 *                     defined
-		 * @param par   the parameter
+		 * @param params   the parameters
 		 * 
 		 * @return the pluggable statement
 		 */
-		public static DecodeStringImpl build(CFG cfg, CodeLocation location, Expression par) {
-			return new DecodeStringImpl(cfg, location, par);
+		public static DecodeStringImpl build(CFG cfg, CodeLocation location, Expression[] params) {
+			return new DecodeStringImpl(cfg, location, params[0], params[1]);
 		}
 
 		/**
@@ -92,48 +90,58 @@ public static DecodeStringImpl build(CFG cfg, CodeLocation location, Expression
 		 *                     defined
 		 * @param par     the par of this expression
 		 */
-		public DecodeStringImpl(CFG cfg, CodeLocation location, Expression par) {
-			super(cfg, location, "DecodeStringImpl", GoErrorType.INSTANCE, par);
+		public DecodeStringImpl(CFG cfg, CodeLocation location, Expression left, Expression right) {
+			super(cfg, location, "DecodeStringImpl", GoErrorType.INSTANCE, left, right);
 		}
 
 
 		@Override
-		public <A extends AbstractState<A>> AnalysisState<A> fwdUnarySemantics(
-				InterproceduralAnalysis<A> interprocedural, AnalysisState<A> state, SymbolicExpression expr,
-				StatementStore<A> expressions) throws SemanticException {
-			Type  sliceBytes= GoSliceType.getSliceOfBytes();
-
-			GoTupleType tupleType = GoTupleType.getTupleTypeOf(original.getLocation(), sliceBytes, GoErrorType.INSTANCE);
-
-			Annotations annots = new Annotations();
-			if (original instanceof ResolvedCall)
-				for (CodeMember target : ((ResolvedCall) original).getTargets())
-					for (Annotation ann : target.getDescriptor().getAnnotations())
-						annots.addAnnotation(ann);
-			
-			
-			AnalysisState<A> pState = state.smallStepSemantics(expr, original);
-			
-			ExpressionSet computeExprs = pState.getComputedExpressions();
-			AnalysisState<A> ret = state.bottom();
-			
-			for(SymbolicExpression exp : pState.getState().rewrite(computeExprs, original, state.getState())) {
-				if(exp instanceof Identifier) {
-					Identifier v = (Identifier) exp;
-					for (Annotation ann : annots)
-						v.addAnnotation(ann);
-				}
-				ret = ret.lub(GoTupleExpression.allocateTupleExpression(pState, 
-					annots, 
-					this,
-					getLocation(), 
-					tupleType,
-					exp,
-					new Constant(GoErrorType.INSTANCE, "error", getLocation())));
-			}			
-			
-
-			return ret;
+		public <A extends AbstractState<A>> AnalysisState<A> fwdBinarySemantics(
+				InterproceduralAnalysis<A> interprocedural, AnalysisState<A> state, SymbolicExpression left,
+				SymbolicExpression right, StatementStore<A> expressions) throws SemanticException {
+				Type  sliceBytes= GoSliceType.getSliceOfBytes();
+	
+				GoTupleType tupleType = GoTupleType.getTupleTypeOf(original.getLocation(), sliceBytes, GoErrorType.INSTANCE);
+	
+				Annotations annots = new Annotations();
+				if (original instanceof ResolvedCall)
+					for (CodeMember target : ((ResolvedCall) original).getTargets())
+						for (Annotation ann : target.getDescriptor().getAnnotations())
+							annots.addAnnotation(ann);
+				
+				
+				AnalysisState<A> pState = state.smallStepSemantics(right, original);
+				
+				ExpressionSet computeExprs = pState.getComputedExpressions();
+				AnalysisState<A> ret = state.bottom();
+				
+				for(SymbolicExpression exp : pState.getState().rewrite(computeExprs, original, state.getState())) {
+					if(exp instanceof Identifier) {
+						Identifier v = (Identifier) exp;
+						for (Annotation ann : annots)
+							v.addAnnotation(ann);
+					}
+					ret = ret.lub(GoTupleExpression.allocateTupleExpression(pState, 
+						annots, 
+						this,
+						getLocation(), 
+						tupleType,
+						exp,
+						new Constant(GoErrorType.INSTANCE, "error", getLocation())));
+				}			
+				
+	
+				return ret;
 		}
+
+
+		@Override
+		protected int compareSameClassAndParams(Statement o) {
+			// TODO Auto-generated method stub
+			return 0;
+		}
+
+
+
 	}
 }

go-lisa/src/main/java/it/unive/golisa/frontend/GoRuntimeLoader.java

@@ -115,11 +115,13 @@
 import it.unive.golisa.cfg.runtime.time.type.Time;
 import it.unive.golisa.cfg.runtime.url.PathEscape;
 import it.unive.golisa.cfg.runtime.url.QueryEscape;
+import it.unive.golisa.cfg.type.GoStringType;
 import it.unive.golisa.cfg.type.composite.GoInterfaceType;
 import it.unive.golisa.cfg.type.composite.GoStructType;
 import it.unive.golisa.golang.util.GoLangAPISignatureMapper;
 import it.unive.golisa.golang.util.GoLangUtils;
 import it.unive.lisa.program.CodeUnit;
+import it.unive.lisa.program.Global;
 import it.unive.lisa.program.Program;
 import it.unive.lisa.program.SourceCodeLocation;
 import it.unive.lisa.type.Type;
@@ -325,11 +327,12 @@ private void loadBase64(Program program) {
 
 		register(Encoding.getEncodingType(program), program, GoInterfaceType::registerType);
 		register(StdEncoding.getStdEncodingType(program), program, GoInterfaceType::registerType);
+
+		base64Unit.addGlobal(new Global(GoLangUtils.GO_RUNTIME_SOURCECODE_LOCATION, base64Unit, "StdEncoding",
+				false, Encoding.getEncodingType(program)));
 
 		Encoding.registerMethods();
 		StdEncoding.registerMethods();
-	
-
 		program.addUnit(base64Unit);
 	}