Feature Taint Analysis (#738)

* Add feature-taint analysis (WIP)

* gen from zero in CTR-EF

* Add alloca flow

* generate at fallback insts

* Tie the EF semi-ring to the problem + integrate into solver

* Incorporate combine and extend into IIA

* minor

* Make the FTaint Analysis work on the iia tests (not all pass, though)

* Fix IIA

* Fix call handling (TODO: Should we strong update pointer args?)

* Rename FeatureTaintAnalysis to FeatureInteractionAnalysis

* Add taints for args at callsite

* Add FTaint Analysis to controller

* rename

* rename FIIA Domain

* rename

* Make PathSensitivityManagerMixin more self-contained

* Fix top edge facts + further debugging

* IMprove alias handling in store ff

* Handle memset + add one more rvo test

* cs taints do not hold within callees

* Fix unionWith in IDEFeatureTaintEdgeFact

* some cleanup

* fix bugs introduced by merge

* Start adding global_5 test

* Add print on error to debug the ci

* Start fixing CI for FIIA

* Add missing ground-truth for FIIA RVO and Global

* CI Fix for FIIA GlobalTest_05

* Fix buffer overflow

* Update flaky tests

* Fixes due to LLVM-15 IR

* rename test fixture to IDEFeatureTaintAnalysisTest

---------

Co-authored-by: Sriteja Kummita <sriteja.ku@gmail.com>

Author: fabianbs96

.clang-tidy

@@ -59,7 +59,7 @@ CheckOptions:
   - key:             readability-identifier-naming.ParameterIgnoredRegexp
     value:           (d|d1|d2|d3|d4|d5|eP|f|n)
   - key:             readability-identifier-naming.FunctionIgnoredRegexp
-    value:           (try_emplace|from_json|to_json|equal_to|to_string|DToString|NToString|FToString|LToString)
+    value:           (try_emplace|from_json|to_json|equal_to|to_string|DToString|NToString|FToString|LToString|hash_value)
   - key:             cppcoreguidelines-special-member-functions.AllowSoleDefaultDtor
     value:           1
   - key:             cppcoreguidelines-special-member-functions.AllowMissingMoveFunctions

include/phasar/DataFlow/IfdsIde/DefaultEdgeFunctionSingletonCache.h

@@ -22,25 +22,25 @@ namespace psr {
 /// hash_value(const EdgeFunctionTy&).
 ///
 /// This cache is *not* thread-safe.
-template <typename EdgeFunctionTy, typename = void>
-class DefaultEdgeFunctionSingletonCache
+template <typename EdgeFunctionTy, typename L>
+class DefaultEdgeFunctionSingletonCacheImpl
     : public EdgeFunctionSingletonCache<EdgeFunctionTy> {
 public:
-  DefaultEdgeFunctionSingletonCache() noexcept = default;
+  DefaultEdgeFunctionSingletonCacheImpl() noexcept = default;
 
-  DefaultEdgeFunctionSingletonCache(const DefaultEdgeFunctionSingletonCache &) =
-      delete;
-  DefaultEdgeFunctionSingletonCache &
-  operator=(const DefaultEdgeFunctionSingletonCache &) = delete;
+  DefaultEdgeFunctionSingletonCacheImpl(
+      const DefaultEdgeFunctionSingletonCacheImpl &) = delete;
+  DefaultEdgeFunctionSingletonCacheImpl &
+  operator=(const DefaultEdgeFunctionSingletonCacheImpl &) = delete;
 
-  DefaultEdgeFunctionSingletonCache(
-      DefaultEdgeFunctionSingletonCache &&) noexcept = default;
-  DefaultEdgeFunctionSingletonCache &
-  operator=(DefaultEdgeFunctionSingletonCache &&) noexcept = delete;
-  ~DefaultEdgeFunctionSingletonCache() override = default;
+  DefaultEdgeFunctionSingletonCacheImpl(
+      DefaultEdgeFunctionSingletonCacheImpl &&) noexcept = default;
+  DefaultEdgeFunctionSingletonCacheImpl &
+  operator=(DefaultEdgeFunctionSingletonCacheImpl &&) noexcept = delete;
+  ~DefaultEdgeFunctionSingletonCacheImpl() override = default;
 
   [[nodiscard]] const void *
-  lookup(ByConstRef<EdgeFunctionTy> EF) const noexcept override {
+  lookup(const EdgeFunctionTy &EF) const noexcept override {
     return Cache.lookup(&EF);
   }
 
@@ -50,13 +50,10 @@ class DefaultEdgeFunctionSingletonCache
     assert(Inserted);
   }
 
-  void erase(ByConstRef<EdgeFunctionTy> EF) noexcept override {
-    Cache.erase(&EF);
-  }
+  void erase(const EdgeFunctionTy &EF) noexcept override { Cache.erase(&EF); }
 
   template <typename... ArgTys>
-  [[nodiscard]] EdgeFunction<typename EdgeFunctionTy::l_t>
-  createEdgeFunction(ArgTys &&...Args) {
+  [[nodiscard]] EdgeFunction<L> createEdgeFunction(ArgTys &&...Args) {
     return CachedEdgeFunction<EdgeFunctionTy>{
         EdgeFunctionTy{std::forward<ArgTys>(Args)...}, this};
   }
@@ -92,19 +89,29 @@ class DefaultEdgeFunctionSingletonCache
   llvm::DenseMap<const EdgeFunctionTy *, const void *, DSI> Cache;
 };
 
+template <typename EdgeFunctionTy, typename = void>
+class DefaultEdgeFunctionSingletonCache
+    : public DefaultEdgeFunctionSingletonCacheImpl<
+          EdgeFunctionTy, typename EdgeFunctionTy::l_t> {
+public:
+  using DefaultEdgeFunctionSingletonCacheImpl<
+      EdgeFunctionTy,
+      typename EdgeFunctionTy::l_t>::DefaultEdgeFunctionSingletonCacheImpl;
+};
+
 template <typename EdgeFunctionTy>
 class DefaultEdgeFunctionSingletonCache<
     EdgeFunctionTy,
     std::enable_if_t<EdgeFunctionBase::IsSOOCandidate<EdgeFunctionTy>>> {
 public:
   [[nodiscard]] const void *
-  lookup(ByConstRef<EdgeFunctionTy> /*EF*/) const noexcept override {
+  lookup(const EdgeFunctionTy & /*EF*/) const noexcept override {
     return nullptr;
   }
   void insert(const EdgeFunctionTy * /*EF*/, const void * /*Mem*/) override {
     assert(false && "We should never go here");
   }
-  void erase(ByConstRef<EdgeFunctionTy> /*EF*/) noexcept override {
+  void erase(const EdgeFunctionTy & /*EF*/) noexcept override {
     assert(false && "We should never go here");
   }
   [[nodiscard]] EdgeFunction<typename EdgeFunctionTy::l_t>

include/phasar/DataFlow/IfdsIde/EdgeFunctionSingletonCache.h

@@ -46,7 +46,7 @@ template <typename EdgeFunctionTy> class EdgeFunctionSingletonCache {
   /// Checks whether the edge function EF is cached in this cache. Returns the
   /// cached entry if found, else nullptr.
   [[nodiscard]] virtual const void *
-  lookup(ByConstRef<EdgeFunctionTy> EF) const noexcept = 0;
+  lookup(const EdgeFunctionTy &EF) const noexcept = 0;
 
   /// Inserts the cache-entry Mem for the edge function *EF into the cache.
   /// Typically, EF points into the buffer pointed to by Mem. Both pointers are
@@ -57,7 +57,7 @@ template <typename EdgeFunctionTy> class EdgeFunctionSingletonCache {
 
   /// Erases the cache-entry associated with the edge function EF from the
   /// cache.
-  virtual void erase(ByConstRef<EdgeFunctionTy> EF) noexcept = 0;
+  virtual void erase(const EdgeFunctionTy &EF) noexcept = 0;
 
   template <typename... ArgTys>
   [[nodiscard]] auto createEdgeFunction(ArgTys &&...Args) {

include/phasar/DataFlow/IfdsIde/FlowFunctions.h

@@ -500,13 +500,13 @@ template <typename D, typename Container> class FlowFunctionTemplates {
     struct GenManyAndKillAllOthers final
         : public FlowFunction<d_t, container_type> {
       GenManyAndKillAllOthers(Container &&GenValues, d_t FromValue)
-          : GenValues(std::move(GenValues)), FromValue(std::move(FromValue)) {}
+          : GenValues(std::move(GenValues)), FromValue(FromValue) {
+        this->GenValues.insert(std::move(FromValue));
+      }
 
       container_type computeTargets(d_t Source) override {
         if (Source == FromValue) {
-          auto Ret = GenValues;
-          Ret.insert(std::move(Source));
-          return Ret;
+          return GenValues;
         }
         return {};
       }

include/phasar/DataFlow/IfdsIde/InitialSeeds.h

@@ -11,6 +11,7 @@
 #define PHASAR_DATAFLOW_IFDSIDE_INITIALSEEDS_H
 
 #include "phasar/Domain/BinaryDomain.h"
+#include "phasar/Utils/Printer.h"
 #include "phasar/Utils/TypeTraits.h"
 
 #include "llvm/Support/Compiler.h"
@@ -75,36 +76,13 @@ template <typename N, typename D, typename L> class InitialSeeds {
   [[nodiscard]] GeneralizedSeeds getSeeds() && { return std::move(Seeds); }
 
   void dump(llvm::raw_ostream &OS = llvm::errs()) const {
-
-    auto printNode = [&](auto &&Node) { // NOLINT
-      if constexpr (std::is_pointer_v<N> &&
-                    is_llvm_printable_v<std::remove_pointer_t<N>>) {
-        OS << *Node;
-      } else {
-        OS << Node;
-      }
-    };
-
-    auto printFact = [&](auto &&Node) { // NOLINT
-      if constexpr (std::is_pointer_v<D> &&
-                    is_llvm_printable_v<std::remove_pointer_t<D>>) {
-        OS << *Node;
-      } else {
-        OS << Node;
-      }
-    };
-
     OS << "======================== Initial Seeds ========================\n";
     for (const auto &[Node, Facts] : Seeds) {
-      OS << "At ";
-      printNode(Node);
-      OS << "\n";
+      OS << "At " << NToString(Node) << '\n';
       for (const auto &[Fact, Value] : Facts) {
-        OS << "> ";
-        printFact(Fact);
-        OS << " --> \\." << Value << "\n";
+        OS << "> " << DToString(Fact) << " --> \\." << LToString(Value) << '\n';
       }
-      OS << "\n";
+      OS << '\n';
     }
     OS << "========================== End Seeds ==========================\n";
   }

include/phasar/DataFlow/PathSensitivity/PathSensitivityManagerMixin.h

@@ -26,17 +26,14 @@
 #include "llvm/ADT/SetVector.h"
 #include "llvm/ADT/SmallPtrSet.h"
 #include "llvm/ADT/SmallVector.h"
+#include "llvm/IR/IntrinsicInst.h"
 #include "llvm/Support/raw_ostream.h"
 
 #include <cstdlib>
 #include <filesystem>
 #include <system_error>
 #include <type_traits>
 
-namespace llvm {
-class DbgInfoIntrinsic;
-} // namespace llvm
-
 namespace psr {
 template <typename Derived, typename AnalysisDomainTy, typename GraphType>
 class PathSensitivityManagerMixin {

include/phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMSolverResults.h

@@ -11,6 +11,7 @@
 #define PHASAR_PHASARLLVM_DATAFLOW_IFDSIDE_LLVMSOLVERRESULTS_H
 
 #include "phasar/DataFlow/IfdsIde/SolverResults.h"
+#include "phasar/PhasarLLVM/Utils/LLVMShorthands.h"
 #include "phasar/Utils/JoinLattice.h"
 #include "phasar/Utils/Logger.h"