codyze icon indicating copy to clipboard operation
codyze copied to clipboard

Published 20 hours ago verified publisher icon Fraunhofer-AISEC

Inconsistencies when using C-style code and the WPDS

Open maximiliankaul opened this issue 3 years ago • 4 comments

See https://github.com/Fraunhofer-AISEC/codyze/tree/mk/wpdscstyle for a test case. This branch just takes the Botan cpp testcases and mimics the behavior for an imaginary C - API. The results should not differ, but they do.

maximiliankaul avatar Oct 12 '21 12:10 maximiliankaul

There is a general problem with WPDS not correctly checking for an order rule to correct properly. Neither the https://github.com/Fraunhofer-AISEC/codyze/blob/08d6ff7f6a861a087e52d691fdaabd71344dbf8f/src/test/java/de/fraunhofer/aisec/codyze/crymlin/WpdsTest.kt#L530 .c test nor the https://github.com/Fraunhofer-AISEC/codyze/blob/08d6ff7f6a861a087e52d691fdaabd71344dbf8f/src/test/java/de/fraunhofer/aisec/codyze/crymlin/WpdsTest.kt#L538 .cpp test fail besides missing the required finish() call https://github.com/Fraunhofer-AISEC/codyze/blob/08d6ff7f6a861a087e52d691fdaabd71344dbf8f/src/test/resources/unittests/WPDS_c_cpp_style.mark#L28

Note: NFA works correctly.

maximiliankaul avatar Oct 12 '21 14:10 maximiliankaul

@oxisto I checked 06320a3 with the cpp code as discussed and it's broken, too :(

maximiliankaul avatar Oct 12 '21 15:10 maximiliankaul

@oxisto same with ba136fe

maximiliankaul avatar Oct 12 '21 15:10 maximiliankaul

Possible fix: TypestateAnalysis.kt:277 (oxisto)

maximiliankaul avatar Oct 12 '21 15:10 maximiliankaul