static bool handleParams(LLVMNode *callNode, LLVMDependenceGraph *subgraph, DefMap *df, DefMap *subgraph_df) { bool changed = false; // get actual parameters (operands) and for every pointer in there // check if the memory location it points to gets defined // in the subprocedure LLVMDGParameters *params = callNode->getParameters(); // if we have params, process params if (!params) return false; const Function *func = cast<Function>(subgraph->getEntry()->getKey()); unsigned vararg = 0; // set this only with vararg functions, for revealing the bugs if (func->isVarArg()) vararg = func->arg_size(); changed |= handleParams(callNode, vararg, params, df, subgraph_df); changed |= handleParamsGlobals(callNode->getDG(), params, df, subgraph_df); changed |= handleDynMemoryParams(subgraph, params, df, subgraph_df); if (vararg != 0) changed |= handleVarArgParams(subgraph, df, subgraph_df); return changed; }
bool LLVMReachingDefsAnalysis::handleCallInst(LLVMDependenceGraph *graph, LLVMNode *callNode, DefMap *df) { bool changed = false; LLVMNode *exitNode = graph->getExit(); // the function doesn't return? if (!exitNode) return false; DefMap *subgraph_df = getDefMap(exitNode); // now handle all parameters // and global variables that are as parameters changed |= handleParams(callNode, graph, df, subgraph_df); return changed; }
void cElementManager::gotTag (const string &tag) { string tagname; list<sParam> params; sParam param; param.flag = false; char quote; tagParserState pstate = tagBegin; string::const_iterator it; for (it = tag.begin(); it != tag.end(); ++it) { char ch = *it; //process character switch (pstate) { case tagBegin: { if (ch != ' ') { pstate = tagName; tagname += ch; } break; } case tagName: { if (ch == ' ') pstate = tagBetweenParams; else tagname += ch; break; } case tagParam: { if (ch == '=') pstate = tagParamValue; else if (ch == ' ') { //one parameter, value only (it could also be a flag, we'll check that later) param.value = param.name; param.name = ""; //add a new parameter :-) params.push_back (param); param.value = ""; pstate = tagBetweenParams; } else param.name += ch; break; } case tagParamValue: { if (ch == ' ') { //add a new parameter :-) params.push_back (param); param.name = ""; param.value = ""; pstate = tagBetweenParams; } else if (param.value.empty() && ((ch == '\'') || (ch == '"'))) { pstate = tagQuotedParam; quote = ch; } else param.value += ch; break; } case tagQuotedParam: { if (ch == quote) { //add a new parameter :-) params.push_back (param); param.name = ""; param.value = ""; pstate = tagAfterQuotedParam; } else param.value += ch; break; } case tagAfterQuotedParam: { if (ch == ' ') //ignore everything up to some space... pstate = tagBetweenParams; break; } case tagBetweenParams: { if (ch != ' ') { if ((ch == '\'') || (ch == '"')) { pstate = tagQuotedParam; param.name = ""; quote = ch; } else { pstate = tagParam; param.name += ch; } } break; } }; } //last parameter... switch (pstate) { case tagBegin: results->addToList (results->createError ("Received a tag with no body!")); break; case tagParam: { param.value = param.name; param.name = ""; params.push_back (param); } break; case tagParamValue: params.push_back (param); break; case tagQuotedParam: results->addToList (results->createError ("Received tag " + tagname + " with unfinished quoted parameter!")); break; }; //nothing more to do if the tag has no contents... if (pstate == tagBegin) return; //convert tag name to lowercase tagname = lcase (tagname); //handle closing tag... if (tagname[0] == '/') { if (!params.empty()) results->addToList (results->createError ("Received closing tag " + tagname + " with parametrs!")); //remove that '/' tagname.erase (tagname.begin()); //and call closing tag processing handleClosingTag (tagname); return; } //convert all parameter names to lower-case list<sParam>::iterator parit; for (parit = params.begin(); parit != params.end(); ++parit) (*parit).name = lcase ((*parit).name); //now we check the type of the tag and act accordingly if (!elementDefined (tagname)) { params.clear(); results->addToList (results->createError ("Received undefined tag " + tagname + "!")); return; } mxpMode m = state->getMXPMode (); //mode can be open or secure; locked mode is not possible here (or we're in a bug) if (m == openMode) //open mode - only open tags allowed if (!openElement (tagname)) { params.clear(); results->addToList (results->createError ("Received secure tag " + tagname + " in open mode!")); return; } if (internalElement (tagname)) { //if the name is an alias for another tag, change the name if (aliases.count (tagname)) tagname = aliases[tagname]; //the <support> tag has to be handled separately :( if (tagname == "support") { processSupport (params); return; } //identify all flags in the tag identifyFlags (ielements[tagname]->attdefault, params); //correctly identify all parameters (assign names where necessary) handleParams (tagname, params, ielements[tagname]->attlist, ielements[tagname]->attdefault); //separate out all the flags (flags are only valid for internal tags) list<string> flags; parit = params.begin(); while (parit != params.end()) { if ((*parit).flag) { flags.push_back ((*parit).name); parit = params.erase (parit); } else ++parit; } //okay, parsing done - send the tag for further processing processInternalTag (tagname, params, flags); } else { handleParams (tagname, params, elements[tagname]->attlist, elements[tagname]->attdefault); processCustomTag (tagname, params); } params.clear (); }