Call-sensitive analyses broken on Docker container

plast-lab / cclyzer-souffle

CClyzer port to souffle lang

MIT License

18 stars 8 forks source link

Call-sensitive analyses broken on Docker container #11

Closed ringzer0x00 closed 2 years ago

ringzer0x00 commented 3 years ago

Good morning,

I have been trying to use cclyzer's call-sensitive analyses on a docker container without success. While the context-insensitive one works, the context-sensitive ones do not.

This is the error generated when trying to run them:

Error: Atom's argument type is not a subtype of its declared type in file interprocedural.dl at line 27
callgraph_edge(?calleeCtx, ?callee, ?callerCtx, ?newItem) :-
------------------------------------------------^------------
The argument's declared type is Instruction in file points-to-decl.dl at line 77
.decl callgraph_edge(?calleeCtx: Context, ?callee: FunctionDecl, ?callerCtx: Context, ?callerInstr: Instruction)

Is it possible that this might be due to souffle versioning? And if so, which commit should I be using?

Mattia.

ktrianta commented 3 years ago

Hello Mattia!

The errors should be gone now, with the latest commit! Nevertheless, I will leave the issue open for a few days in case I missed something, so please report any abnormality.

ringzer0x00 commented 3 years ago

Hi,

Thank you for the fast response and intervention. I tried the new release but while it not longer causes errors with the 1-call-site-sensitive+heap analysis, the 2-call-site-sensitive+heap analysis produces this error:

Error: Ungrounded record in file constructors.dl at line 31
  ?callerCtx = [_, ?item0],

Also, the 1-call-site-sensitive+heap does not produce any information regarding the call graph (callgraph_edge, callgraph_edge_intern etc.), while the context-insensitive does produce what is to be expected.

Following attached the code snippet I'm using for testing.

void fun(int a)
{
    printf("Value of a is %d\n", a);
}
int main()
{
    void (*fun_ptr)(int);
    fun_ptr = &fun;
    (*fun_ptr)(10);
    return 0;
}

Thank you.

Mattia.

ktrianta commented 3 years ago

Thank you for reporting this.

The first error is any easy fix, we need to revert to ?callerCtx = [?item1, ?item0], even though ?item1 will not be bounded. The second is a bit more involved, but we are working to fix it in the next days as part of an overhaul of context-sensitivity.

I will update the issue when we have a fix. Thank you

ringzer0x00 commented 3 years ago

Thank you very much for the fast response. I am waiting forward to hear from you.

Mattia.

ktrianta commented 2 years ago

I am closing this as several fixes that address the mentioned issues have been released. If you encounter any problem or abnormal behavior please create a new issue.