Merge pull request #83 from thientc/main

Add result to README resolve #82

Author: thientc

README.md

@@ -7,6 +7,7 @@
   - [4. Авторы](#4-авторы)
   - [5. Статьи и материалы](#5-статьи-и-материалы)
   - [6. Найденные ошибки](#6-найденные-ошибки)
+  - [7. Результаты](#7-результаты)
 
 # 1. Описание
 
@@ -211,4 +212,15 @@ context_generator.compile_targets( #компиляция сгенерирова
 | libpng      | 1.6.37      | png_convert_from_time_t | AddressSanitizer:DEADLYSIGNAL             | [Feb 8, 2021](https://github.com/glennrp/libpng/issues/362)       | Sep 13, 2022      |
 | tinyxml2    | 9.0.0       | ErrorIDToName           | AddressSanitizer: global-buffer-overflow  | [Nov 2, 2022](https://github.com/leethomason/tinyxml2/issues/923) | Nov 12, 2022      |
 | pugixml     | 1.13        | default_allocate        | AddressSanitizer: allocation-size-too-big | [Apr 11, 2023](https://github.com/zeux/pugixml/issues/560)        | Apr 15, 2023      |
-|             |             |                         |                                           |                                                                   |                   |
+|             |             |                         |                                           |                                                                   |                   |
+
+## 7. Результаты
+
+| **Библиотека** | **Время генерации** | **Кол-во фаззинг-оберток** | **Время компиляции** | **Кол-во строк кода** |
+|:---:|---:|:---:|:---:|:---:|
+| lib json-c | 180 | **3111** | 612 | 280.019 |
+| libpostgres | 105 | **749** | 29 | 84.387 |
+| curl | 4.210 | **152** | 21 | 9.617 |
+| openssl | 2.172 | **269** | 255 | 19.458 |
+| pugixml | 55 | **61** | 58 | 2.815 |
+| libopus | 75 | **422** | 7 | 12.606 |

src/Checkers/include/Checkers.td

@@ -240,6 +240,7 @@ def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">,
 //===----------------------------------------------------------------------===//
 let ParentPackage = Futag in {
 
+
     def FutagAnalyzer : Checker<"FutagAnalyzer">,
     HelpText<"Futag Checker for finding potential fuzzing functions.">,
     CheckerOptions<[
@@ -251,6 +252,10 @@ let ParentPackage = Futag in {
     ]>,
     Documentation<NotDocumented>;
 
+    def FutagSimpleChecker : Checker<"FutagSimpleChecker">,
+    HelpText<"Futag Simple Checker for traversing nodes in AST.">,
+    Documentation<NotDocumented>;
+
     def FutagConsumerAnalyzer : Checker<"FutagConsumerAnalyzer">,
     HelpText<"Futag Checker for finding potential fuzzing functions. Use scan-build for viewing result and generating list of needed function">,
     CheckerOptions<[

src/Checkers/include/Checkers13.td

@@ -237,6 +237,10 @@ def NonnullGlobalConstantsChecker: Checker<"NonnilStringConstants">,
 //===----------------------------------------------------------------------===//
 let ParentPackage = Futag in {
 
+    def SimpleChecker : Checker<"FutagSimpleChecker">,
+    HelpText<"Futag Simple Checker for traversing nodes in AST.">,
+    Documentation<NotDocumented>;
+
     def FutagAnalyzer : Checker<"FutagAnalyzer">,
     HelpText<"Futag Checker for finding potential fuzzing functions. Use scan-build for viewing result and generating list of needed function">,
     CheckerOptions<[

src/Checkers/lib/CMakeLists.txt

@@ -46,6 +46,7 @@ add_clang_library(clangStaticAnalyzerCheckers
   FutagAnalyzer.cpp
   FutagConsumerAnalyzer.cpp
   FutagCatchInfo.cpp
+  FutagSimpleChecker.cpp
   GCDAntipatternChecker.cpp
   GenericTaintChecker.cpp
   GTestChecker.cpp

src/Checkers/lib/CMakeLists13.txt

@@ -46,6 +46,7 @@ add_clang_library(clangStaticAnalyzerCheckers
   FutagAnalyzer.cpp
   FutagConsumerAnalyzer.cpp
   FutagCatchInfo.cpp
+  FutagSimpleChecker.cpp
   GCDAntipatternChecker.cpp
   GenericTaintChecker.cpp
   GTestChecker.cpp

src/Checkers/lib/FutagAnalyzer.cpp

@@ -2,8 +2,8 @@
  * @file FutagAnalyzer.cpp
  * @author Tran Chi Thien (thientcgithub@gmail.com)
  * @brief
- * @version 2.0.5
- * @date 2023-04-17
+ * @version 2.1.0
+ * @date 2023-08-30
  *
  * @copyright Copyright (c) 2023
  *
@@ -286,7 +286,7 @@ void FutagAnalyzer::CollectBasicFunctionInfo(
     }
     // We may have already collected information about xrefs, but other fields
     // should not exist
-    if(!curr_json_context[curr_func_hash].contains("fuzz_it")){
+if(!curr_json_context[curr_func_hash].contains("fuzz_it")){
         curr_json_context[curr_func_hash].update(basic_function_info);
     }
 
@@ -371,7 +371,7 @@ void FutagAnalyzer::checkASTDecl(const TranslationUnitDecl *TUD,
     // Save all relevant includes
     const SourceManager &sm = Mgr.getASTContext().getSourceManager();
     if (!sm.getMainFileID().isValid()) {
-        return;
+    return;
     }
     for (auto it = sm.fileinfo_begin(); it != sm.fileinfo_end(); it++) {
 
@@ -380,8 +380,6 @@ void FutagAnalyzer::checkASTDecl(const TranslationUnitDecl *TUD,
         string include_path =
             utils::PathProcessor::RemoveUnnecessaryPathComponents(
                 it->first->getName().str());
-        // include_path[0] != '/' - is probably an awfully bad check to avoid
-        // system headers, but I couldn't find any way around
         if (includeLoc.isValid() && sm.isInMainFile(includeLoc)) {
             mIncludesInfo["includes"].push_back(include_path);
         }
@@ -448,13 +446,13 @@ void FutagAnalyzer::VisitFunction(const FunctionDecl *func,
     if (!func->hasBody() || !func->isThisDeclarationADefinition()) {
         return;
     }
-
+    
     FullSourceLoc func_begin_loc =
         Mgr.getASTContext().getFullLoc(func->getBeginLoc());
     FullSourceLoc func_end_loc =
         Mgr.getASTContext().getFullLoc(func->getEndLoc());
     if (!func_begin_loc.getFileEntry()) {
-        return;
+    return;
     }
     int32_t curr_func_begin_loc = func_begin_loc.getSpellingLineNumber();
     auto fe = func_begin_loc.getFileEntry();
@@ -470,7 +468,7 @@ void FutagAnalyzer::VisitFunction(const FunctionDecl *func,
     } else {
         file_name = fe->tryGetRealPathName().str();
     }
-    futag::FunctionType function_type = futag::_FUNC_UNKNOW_RECORD;
+        futag::FunctionType function_type = futag::_FUNC_UNKNOW_RECORD;
     if (isa<CXXMethodDecl>(func)) {
         auto method_decl = dyn_cast<CXXMethodDecl>(func);
         function_type = futag::_FUNC_CXXMETHOD;
@@ -503,7 +501,7 @@ void FutagAnalyzer::VisitFunction(const FunctionDecl *func,
     // Collect basic information about current function
     CollectBasicFunctionInfo(m_func_decl_info, func, Mgr, curr_func_begin_loc,
                              file_name, function_type, parent_hash);
-    CollectAdvancedFunctionInfo(m_call_context_info, func, Mgr, file_name);
+        CollectAdvancedFunctionInfo(m_call_context_info, func, Mgr, file_name);
     return;
 }
 

src/Checkers/lib/FutagSimpleChecker.cpp

@@ -0,0 +1,225 @@
+/**
+ * @file FutagSimpleChecker.cpp
+ * @author Tran Chi Thien (thientcgithub@gmail.com)
+ * @brief
+ * @version 2.0.5
+ * @date 2023-04-17
+ *
+ * @copyright Copyright (c) 2023
+ *
+ */
+
+#include <algorithm>
+#include <fstream>
+#include <iomanip>
+#include <iostream>
+#include <sstream>
+#include <string>
+#include <thread>
+#include <utility>
+#include <vector>
+
+#include "Futag/MatchFinder.h"
+#include "nlohmann/json.hpp"
+#include "clang/AST/Decl.h"
+#include "clang/AST/ODRHash.h"
+#include "clang/AST/RecursiveASTVisitor.h"
+#include "clang/AST/Type.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/ASTMatchers/ASTMatchers.h"
+#include "clang/Analysis/AnalysisDeclContext.h"
+#include "clang/Analysis/CFG.h"
+#include "clang/Basic/SourceManager.h"
+#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
+#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
+#include "clang/StaticAnalyzer/Core/Checker.h"
+#include "clang/StaticAnalyzer/Core/CheckerManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
+#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
+#include "clang/Tooling/Tooling.h"
+#include "llvm/ADT/SmallVector.h"
+#include "llvm/ADT/StringRef.h"
+#include "llvm/Support/ErrorHandling.h"
+#include "llvm/Support/FileSystem.h"
+#include "llvm/Support/Path.h"
+
+#include "llvm/Support/raw_ostream.h"
+
+#include "Futag/Basic.h"
+#include "Futag/Utils.h"
+
+using namespace llvm;
+using namespace clang;
+using namespace ento;
+using namespace nlohmann;
+using namespace futag;
+
+//===----------------------------------------------------------------------===//
+// Checker to analyze function declarations
+//===----------------------------------------------------------------------===//
+namespace {
+
+class FutagMatchFuncDeclCallBack : public MatchFinder::MatchCallback {
+  public:
+    FutagMatchFuncDeclCallBack( AnalysisManager &Mgr)
+        : Mgr{Mgr} {}
+    AnalysisManager &Mgr; // For passing the AnalysisManager
+    virtual void run(const MatchFinder::MatchResult &Result);
+};
+
+class FutagSimpleChecker : public Checker<check::ASTDecl<TranslationUnitDecl>> {
+
+  public:
+    // Entry point. Collects all needed information using recursive ast visitor
+    void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &Mgr,
+                      BugReporter &BR) const;
+
+    /* Collects information about function */
+    void VisitFunction(const FunctionDecl *func, AnalysisManager &Mgr) const;
+    /* Collects information about struct declarations*/
+    void VisitRecord(const RecordDecl *func, AnalysisManager &Mgr) const;
+    /* Collects information about typedefs */
+    void VisitTypedef(const TypedefDecl *func, AnalysisManager &Mgr) const;
+    /* Collects information about enums */
+    void VisitEnum(const EnumDecl *func, AnalysisManager &Mgr) const;
+};
+
+} // namespace
+
+void FutagMatchFuncDeclCallBack::run(const MatchFinder::MatchResult &Result) {
+    const auto *func_decl = Result.Nodes.getNodeAs<FunctionDecl>("functionDe");
+
+    if (!func_decl) {
+        return;
+    }
+    llvm::outs()<< "\n-- Found function declaration: \"" << func_decl->getDeclName().getAsString() << " ";
+    // If the available function is defined in system header file, then skip.
+
+    FullSourceLoc func_begin_loc =
+        Mgr.getASTContext().getFullLoc(func_decl->getBeginLoc());
+    int32_t curr_func_begin_loc = func_begin_loc.getSpellingLineNumber();
+    auto fe = func_begin_loc.getFileEntry();
+    std::string file_name;
+    std::string parent_hash = "";
+
+    if (fe->tryGetRealPathName().empty()) {
+        if (fe->getName().empty()) {
+            std::cerr << " -- Debug info: Cannot find filename and filepath!\n";
+        } else {
+            file_name = fe->getName().str();
+        }
+    } else {
+        file_name = fe->tryGetRealPathName().str();
+    }
+    llvm::outs()<< "  in file \""<< file_name << "\" \n\n";
+    return;
+}
+void FutagSimpleChecker::checkASTDecl(const TranslationUnitDecl *TUD,
+                                 AnalysisManager &Mgr, BugReporter &BR) const {
+
+    struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> {
+        const FutagSimpleChecker *futag_checker;
+        AnalysisManager &analysisMgr;
+
+        explicit LocalVisitor(const FutagSimpleChecker *Checker,
+                              AnalysisManager &AnalysisMgr)
+            : futag_checker(Checker), analysisMgr(AnalysisMgr) {}
+
+        /* callback when a function declaration is encountered */
+        bool VisitFunctionDecl(FunctionDecl *FD) {
+            futag_checker->VisitFunction(FD, analysisMgr);
+            return true;
+        }
+
+        /* callback when a struct declaration is encountered */
+        bool VisitRecordDecl(RecordDecl *RD) {
+            futag_checker->VisitRecord(RD, analysisMgr);
+            return true;
+        }
+
+        /* callback when a typedef declaration is encountered */
+        bool VisitTypedefDecl(TypedefDecl *TD) {
+            futag_checker->VisitTypedef(TD, analysisMgr);
+            return true;
+        }
+
+        /* callback when a enum declaration is encountered */
+        bool VisitEnumDecl(EnumDecl *ED) {
+            futag_checker->VisitEnum(ED, analysisMgr);
+            return true;
+        }
+    };
+
+    LocalVisitor visitor(this, Mgr);
+    visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
+}
+
+// Called for every function declaration
+void FutagSimpleChecker::VisitFunction(const FunctionDecl *func,
+                                  AnalysisManager &Mgr) const {
+    llvm::outs()<< "-- Analyzing function: \"" << func->getDeclName().getAsString() << "\"\n";
+    // If the available function is defined in system header file, then skip.
+    if (Mgr.getSourceManager().isInSystemHeader(func->getBeginLoc())) {
+        llvm::outs()<< "  } \""<< func->getDeclName().getAsString() << "\" is in system headers!\n";
+        return;
+    }
+    
+
+    FullSourceLoc func_begin_loc =
+        Mgr.getASTContext().getFullLoc(func->getBeginLoc());
+    FullSourceLoc func_end_loc =
+        Mgr.getASTContext().getFullLoc(func->getEndLoc());
+    if (!func_begin_loc.getFileEntry()) {
+        return;
+    }
+    int32_t curr_func_begin_loc = func_begin_loc.getSpellingLineNumber();
+    auto fe = func_begin_loc.getFileEntry();
+    std::string file_name;
+    std::string parent_hash = "";
+
+    if (fe->tryGetRealPathName().empty()) {
+        if (fe->getName().empty()) {
+            std::cerr << " -- Debug info: Cannot find filename and filepath!\n";
+        } else {
+            file_name = fe->getName().str();
+        }
+    } else {
+        file_name = fe->tryGetRealPathName().str();
+    }
+    llvm::outs()<< "  in file \""<< file_name << "\" \n";
+
+    MatchFinder Finder;
+    // Match all CallExpression of target function
+    auto match_callexpr =
+        functionDecl(hasName(func->getDeclName().getAsString()))
+            .bind("functionDe");
+
+    FutagMatchFuncDeclCallBack target_func_call_callback{ Mgr};;
+    Finder.addMatcher(match_callexpr, &target_func_call_callback);
+    Finder.matchAST(Mgr.getASTContext());
+
+    return;
+}
+
+void FutagSimpleChecker::VisitRecord(const RecordDecl *RD,
+                                AnalysisManager &Mgr) const {
+
+    return;
+}
+void FutagSimpleChecker::VisitTypedef(const TypedefDecl *TD,
+                                 AnalysisManager &Mgr) const {
+    return;
+}
+
+void FutagSimpleChecker::VisitEnum(const EnumDecl *ED, AnalysisManager &Mgr) const {
+    return;
+}
+
+void ento::registerFutagSimpleChecker(CheckerManager &Mgr) {
+    Mgr.registerChecker<FutagSimpleChecker>();
+}
+
+bool ento::shouldRegisterFutagSimpleChecker(const CheckerManager &mgr) {
+    return true;
+}

src/python/futag-package/README.md

@@ -20,7 +20,7 @@ This python package is for building library, generating and compiling fuzz-drive
 ## 1. Install
 
 ```bash 
-pip install dist/futag-2.0.5.tar.gz
+pip install dist/futag-2.1.0.tar.gz
 ```
 
 ## 2. Preprocessor