Fixing null pointer and array index out of bound exceptions

Author: olivieriluca

go-lisa/src/main/java/it/unive/golisa/cfg/expression/literal/GoKeyedLiteral.java

@@ -190,7 +190,7 @@ public <A extends AbstractState<A>> AnalysisState<A> forwardSemanticsAux(Interpr
 				AnalysisState<A> tmp = containerState;
 
 				for (int i = 0; i < keys.length; i++) {
-					Type fieldType = structUnit.getInstanceGlobal(((VariableRef) keys[i]).getName(), true)
+					Type fieldType = structUnit.getInstanceGlobal(((VariableRef) keys[i]).getName(), true) == null ? Untyped.INSTANCE : structUnit.getInstanceGlobal(((VariableRef) keys[i]).getName(), true)
 							.getStaticType();
 					Variable field = getVariable((VariableRef) keys[i]);
 					AccessChild access = new AccessChild(fieldType, dereference, field, getLocation());
@@ -269,4 +269,4 @@ public <A extends AbstractState<A>> AnalysisState<A> forwardSemanticsAux(Interpr
 		return state.top().smallStepSemantics(new PushAny(type, getLocation()), this);
 
 	}
-}
+}

go-lisa/src/main/java/it/unive/golisa/cfg/runtime/fmt/Printf.java

@@ -7,18 +7,18 @@
 import it.unive.lisa.analysis.AnalysisState;
 import it.unive.lisa.analysis.SemanticException;
 import it.unive.lisa.analysis.StatementStore;
+import it.unive.lisa.analysis.lattices.ExpressionSet;
 import it.unive.lisa.interprocedural.InterproceduralAnalysis;
 import it.unive.lisa.program.CodeUnit;
 import it.unive.lisa.program.cfg.CFG;
 import it.unive.lisa.program.cfg.CodeLocation;
 import it.unive.lisa.program.cfg.CodeMemberDescriptor;
 import it.unive.lisa.program.cfg.NativeCFG;
 import it.unive.lisa.program.cfg.Parameter;
-import it.unive.lisa.program.cfg.statement.BinaryExpression;
 import it.unive.lisa.program.cfg.statement.Expression;
+import it.unive.lisa.program.cfg.statement.NaryExpression;
 import it.unive.lisa.program.cfg.statement.PluggableStatement;
 import it.unive.lisa.program.cfg.statement.Statement;
-import it.unive.lisa.symbolic.SymbolicExpression;
 import it.unive.lisa.symbolic.value.PushAny;
 import it.unive.lisa.type.Untyped;
 
@@ -39,15 +39,15 @@ public Printf(CodeLocation location, CodeUnit fmtUnit) {
 		super(new CodeMemberDescriptor(location, fmtUnit, false, "Printf", GoStringType.INSTANCE,
 				new Parameter(location, "format", GoStringType.INSTANCE),
 				new VarArgsParameter(location, "a", GoSliceType.lookup(Untyped.INSTANCE))),
-				SprintfImpl.class);
+				PrintfImpl.class);
 	}
 
 	/**
 	 * The {@link Printf} implementation.
 	 * 
 	 * @author <a href="mailto:[email protected]">Vincenzo Arceri</a>
 	 */
-	public static class SprintfImpl extends BinaryExpression implements PluggableStatement {
+	public static class PrintfImpl extends NaryExpression implements PluggableStatement {
 
 		private Statement original;
 
@@ -71,8 +71,11 @@ protected int compareSameClassAndParams(Statement o) {
 		 * 
 		 * @return the pluggable statement
 		 */
-		public static SprintfImpl build(CFG cfg, CodeLocation location, Expression... params) {
-			return new SprintfImpl(cfg, location, params[0], params[1]);
+		public static PrintfImpl build(CFG cfg, CodeLocation location, Expression... params) {
+			if(params.length > 1)
+				return new	PrintfImpl(cfg, location, params);
+			else 
+				return new PrintfImpl(cfg, location, params[0]);
 		}
 
 		/**
@@ -81,21 +84,18 @@ public static SprintfImpl build(CFG cfg, CodeLocation location, Expression... pa
 		 * @param cfg      the {@link CFG} where this pluggable statement lies
 		 * @param location the location where this pluggable statement is
 		 *                     defined
-		 * @param left     the left expression
-		 * @param right    the right expression
+		 * @param params     the param expressions
 		 */
-		public SprintfImpl(CFG cfg, CodeLocation location, Expression left, Expression right) {
-			super(cfg, location, "Printf", GoStringType.INSTANCE, left, right);
+		public PrintfImpl(CFG cfg, CodeLocation location, Expression... params) {
+			super(cfg, location, "Printf", GoStringType.INSTANCE, params);
 		}
 
 		@Override
-		public <A extends AbstractState<A>> AnalysisState<A> fwdBinarySemantics(
-				InterproceduralAnalysis<A> interprocedural,
-				AnalysisState<A> state,
-				SymbolicExpression left,
-				SymbolicExpression right,
+		public <A extends AbstractState<A>> AnalysisState<A> forwardSemanticsAux(
+				InterproceduralAnalysis<A> interprocedural, AnalysisState<A> state, ExpressionSet[] params,
 				StatementStore<A> expressions) throws SemanticException {
 			return state.smallStepSemantics(new PushAny(GoStringType.INSTANCE, getLocation()), original);
+
 		}
 	}
-}
+}

go-lisa/src/main/java/it/unive/golisa/cfg/runtime/fmt/Println.java

@@ -6,16 +6,17 @@
 import it.unive.lisa.analysis.AnalysisState;
 import it.unive.lisa.analysis.SemanticException;
 import it.unive.lisa.analysis.StatementStore;
+import it.unive.lisa.analysis.lattices.ExpressionSet;
 import it.unive.lisa.interprocedural.InterproceduralAnalysis;
 import it.unive.lisa.program.CodeUnit;
 import it.unive.lisa.program.cfg.CFG;
 import it.unive.lisa.program.cfg.CodeLocation;
 import it.unive.lisa.program.cfg.CodeMemberDescriptor;
 import it.unive.lisa.program.cfg.NativeCFG;
 import it.unive.lisa.program.cfg.statement.Expression;
+import it.unive.lisa.program.cfg.statement.NaryExpression;
 import it.unive.lisa.program.cfg.statement.PluggableStatement;
 import it.unive.lisa.program.cfg.statement.Statement;
-import it.unive.lisa.program.cfg.statement.UnaryExpression;
 import it.unive.lisa.symbolic.SymbolicExpression;
 import it.unive.lisa.type.Untyped;
 
@@ -43,7 +44,7 @@ public Println(CodeLocation location, CodeUnit fmtUnit) {
 	 * 
 	 * @author <a href="mailto:[email protected]">Vincenzo Arceri</a>
 	 */
-	public static class PrintlnImpl extends UnaryExpression implements PluggableStatement {
+	public static class PrintlnImpl extends NaryExpression implements PluggableStatement {
 
 		private Statement original;
 
@@ -83,11 +84,19 @@ public PrintlnImpl(CFG cfg, CodeLocation location, Expression arg) {
 			super(cfg, location, "Println", Untyped.INSTANCE, arg);
 		}
 
+
 		@Override
-		public <A extends AbstractState<A>> AnalysisState<A> fwdUnarySemantics(
-				InterproceduralAnalysis<A> interprocedural, AnalysisState<A> state,
-				SymbolicExpression expr, StatementStore<A> expressions) throws SemanticException {
-			return state.smallStepSemantics(expr, original);
+		public <A extends AbstractState<A>> AnalysisState<A> forwardSemanticsAux(
+				InterproceduralAnalysis<A> interprocedural, AnalysisState<A> state, ExpressionSet[] params,
+				StatementStore<A> expressions) throws SemanticException {
+			
+			AnalysisState<A> res = state.bottom();
+			
+			for(ExpressionSet p : params)
+				for(SymbolicExpression e : p) 
+				res = res.lub(state.smallStepSemantics(e, original));
+	
+			return res;
 		}
 	}
-}
+}

go-lisa/src/main/java/it/unive/golisa/cfg/runtime/fmt/Sprintf.java

@@ -1,29 +1,32 @@
 package it.unive.golisa.cfg.runtime.fmt;
 
+import java.util.Set;
+
 import it.unive.golisa.cfg.VarArgsParameter;
 import it.unive.golisa.cfg.type.GoStringType;
 import it.unive.golisa.cfg.type.composite.GoSliceType;
 import it.unive.lisa.analysis.AbstractState;
 import it.unive.lisa.analysis.AnalysisState;
 import it.unive.lisa.analysis.SemanticException;
 import it.unive.lisa.analysis.StatementStore;
+import it.unive.lisa.analysis.lattices.ExpressionSet;
 import it.unive.lisa.interprocedural.InterproceduralAnalysis;
 import it.unive.lisa.program.CodeUnit;
 import it.unive.lisa.program.cfg.CFG;
 import it.unive.lisa.program.cfg.CodeLocation;
 import it.unive.lisa.program.cfg.CodeMemberDescriptor;
 import it.unive.lisa.program.cfg.NativeCFG;
 import it.unive.lisa.program.cfg.Parameter;
-import it.unive.lisa.program.cfg.statement.BinaryExpression;
 import it.unive.lisa.program.cfg.statement.Expression;
+import it.unive.lisa.program.cfg.statement.NaryExpression;
 import it.unive.lisa.program.cfg.statement.PluggableStatement;
 import it.unive.lisa.program.cfg.statement.Statement;
 import it.unive.lisa.symbolic.SymbolicExpression;
 import it.unive.lisa.symbolic.value.operator.binary.BinaryOperator;
+import it.unive.lisa.symbolic.value.operator.unary.UnaryOperator;
 import it.unive.lisa.type.Type;
 import it.unive.lisa.type.TypeSystem;
 import it.unive.lisa.type.Untyped;
-import java.util.Set;
 
 /**
  * func Sprintf(format string, a ...any) string.
@@ -50,7 +53,7 @@ public Sprintf(CodeLocation location, CodeUnit fmtUnit) {
 	 * 
 	 * @author <a href="mailto:[email protected]">Vincenzo Arceri</a>
 	 */
-	public static class SprintfImpl extends BinaryExpression implements PluggableStatement {
+	public static class SprintfImpl extends NaryExpression implements PluggableStatement {
 
 		private Statement original;
 
@@ -75,7 +78,7 @@ protected int compareSameClassAndParams(Statement o) {
 		 * @return the pluggable statement
 		 */
 		public static SprintfImpl build(CFG cfg, CodeLocation location, Expression... params) {
-			return new SprintfImpl(cfg, location, params[0], params[1]);
+			return new SprintfImpl(cfg, location, params);
 		}
 
 		/**
@@ -87,20 +90,35 @@ public static SprintfImpl build(CFG cfg, CodeLocation location, Expression... pa
 		 * @param left     the left expression
 		 * @param right    the right expression
 		 */
-		public SprintfImpl(CFG cfg, CodeLocation location, Expression left, Expression right) {
-			super(cfg, location, "Sprintf", GoStringType.INSTANCE, left, right);
+		public SprintfImpl(CFG cfg, CodeLocation location, Expression[] exprs) {
+			super(cfg, location, "Sprintf", GoStringType.INSTANCE, exprs);
 		}
 
+
 		@Override
-		public <A extends AbstractState<A>> AnalysisState<A> fwdBinarySemantics(
-				InterproceduralAnalysis<A> interprocedural,
-				AnalysisState<A> state,
-				SymbolicExpression left,
-				SymbolicExpression right,
+		public <A extends AbstractState<A>> AnalysisState<A> forwardSemanticsAux(
+				InterproceduralAnalysis<A> interprocedural, AnalysisState<A> state, ExpressionSet[] params,
 				StatementStore<A> expressions) throws SemanticException {
-
-			return state.smallStepSemantics(new it.unive.lisa.symbolic.value.BinaryExpression(getStaticType(), left,
-					right, SprintfOperator.INSTANCE, getLocation()), original);
+			
+			ExpressionSet p1 = params[0];
+			AnalysisState<A> res = state.bottom();
+			
+			if(params.length > 1) {	
+				for(SymbolicExpression e1 : p1) {
+					for(int i = 1; i< params.length; i++)
+						for(SymbolicExpression e2 : params[i]) 
+							res = res.lub(state.smallStepSemantics(new it.unive.lisa.symbolic.value.BinaryExpression(getStaticType(), e1,
+								e2, SprintfOperator.INSTANCE, getLocation()), original));
+				}
+			} else {
+				for(SymbolicExpression e1 : p1) {
+					res = res.lub(state.smallStepSemantics(new it.unive.lisa.symbolic.value.UnaryExpression(getStaticType(),
+							e1, (UnaryOperator) SprintfOperatorUnary.INSTANCE, getLocation()), original));
+				}
+			}
+			
+			return res;
+			
 		}
 	}
 
@@ -129,4 +147,30 @@ public Set<Type> typeInference(TypeSystem types, Set<Type> left, Set<Type> right
 			return Set.of(types.getStringType());
 		}
 	}
-}
+	
+	/**
+	 * The Sprintf operator.
+	 * 
+	 * @author <a href="mailto:[email protected]">Vincenzo Arceri</a>
+	 */
+	public static class SprintfOperatorUnary implements UnaryOperator {
+
+		/**
+		 * The singleton instance of this class.
+		 */
+		public static final SprintfOperator INSTANCE = new SprintfOperator();
+
+		private SprintfOperatorUnary() {
+		}
+
+		@Override
+		public String toString() {
+			return "SprintfOperatorUnary";
+		}
+		
+		@Override
+		public Set<Type> typeInference(TypeSystem types, Set<Type> argument) {
+			return Set.of(types.getStringType());
+		}
+	}
+}