circomspect-program-analysis 0.8.2

Support crate for the Circomspect static analyzer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

use log::debug;

use program_structure::cfg::Cfg;
use program_structure::report_code::ReportCode;
use program_structure::report::{Report, ReportCollection};
use program_structure::file_definition::{FileID, FileLocation};
use program_structure::ir::value_meta::ValueReduction;
use program_structure::ir::*;

pub struct ConstantBranchConditionWarning {
    value: bool,
    file_id: Option<FileID>,
    file_location: FileLocation,
}

impl ConstantBranchConditionWarning {
    pub fn into_report(self) -> Report {
        let mut report = Report::warning(
            "Constant branching statement condition found.".to_string(),
            ReportCode::ConstantBranchCondition,
        );
        if let Some(file_id) = self.file_id {
            report.add_primary(
                self.file_location,
                file_id,
                format!("This condition is always {}.", self.value),
            );
        }
        report
    }
}

/// This analysis pass uses basic constant propagation to determine cases where
/// an if-statement condition is always true or false.
pub fn find_constant_conditional_statement(cfg: &Cfg) -> ReportCollection {
    debug!("running constant conditional analysis pass");
    let mut reports = ReportCollection::new();
    for basic_block in cfg.iter() {
        for stmt in basic_block.iter() {
            visit_statement(stmt, &mut reports);
        }
    }
    debug!("{} new reports generated", reports.len());
    reports
}

fn visit_statement(stmt: &Statement, reports: &mut ReportCollection) {
    use Statement::*;
    use ValueReduction::*;
    if let IfThenElse { cond, .. } = stmt {
        let value = cond.meta().value_knowledge().get_reduces_to();
        if let Some(Boolean { value }) = value {
            reports.push(build_report(cond.meta(), *value));
        }
    }
}

fn build_report(meta: &Meta, value: bool) -> Report {
    ConstantBranchConditionWarning {
        value,
        file_id: meta.file_id(),
        file_location: meta.file_location(),
    }
    .into_report()
}

#[cfg(test)]
mod tests {
    use parser::parse_definition;
    use program_structure::{cfg::IntoCfg, constants::Curve};

    use super::*;

    #[test]
    fn test_constant_conditional() {
        let src = r#"
            function f(x) {
                var a = 1;
                var b = (2 * a * a + 1) << 2;
                var c = (3 * b / b - 2) >> 1;
                if (c > 4) {
                    a += x;
                    b += x * a;
                }
                return a + b;
            }
        "#;
        validate_reports(src, 1);

        let src = r#"
            function f(x) {
                var a = 1;
                var b = (2 * a * a + 1) << 2;
                var c = (3 * b / x - 2) >> 1;
                if (c > 4) {
                    a += x;
                    b += x * a;
                }
                return a + b;
            }
        "#;
        validate_reports(src, 0);
    }

    fn validate_reports(src: &str, expected_len: usize) {
        // Build CFG.
        let mut reports = ReportCollection::new();
        let cfg = parse_definition(src)
            .unwrap()
            .into_cfg(&Curve::default(), &mut reports)
            .unwrap()
            .into_ssa()
            .unwrap();
        assert!(reports.is_empty());

        // Generate report collection.
        let reports = find_constant_conditional_statement(&cfg);

        assert_eq!(reports.len(), expected_len);
    }
}