Skip to content

[PR] Refactoring runOnFunction in CVEAssert #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rjsmith1999 merged 11 commits into from
Mar 31, 2026
Merged

[PR] Refactoring runOnFunction in CVEAssert #170

Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
6cd2182
CVEAssert.cpp: WIP refactoring runOnFunction.
Mar 26, 2026
ef9daf6
CVEAssert.cpp: WIP refactoring if-stmts in runOnFunction.
Mar 26, 2026
4dfe28b
CVEAssert.cpp: creating a helper function to dump ir for debugging pu…
Mar 26, 2026
83fe77c
CVEAssert.cpp: Revised validateIR to print out a message and the IR o…
Mar 26, 2026
fa09a97
CVEAssert.cpp: Removed variable 'out'.
Mar 26, 2026
a00a701
Minimize the refactor a bit
rjsmith1999 Mar 27, 2026
c501b78
CVEAssert.cpp: Fixing spacing issue.
Mar 30, 2026
edc6dc5
CVEAssert.cpp: Reverting space change.
Mar 30, 2026
865d3c5
CVEAssert.cpp: I don't know why Git decided to remove Jackson's work …
Mar 30, 2026
e906fef
CVEAssert.cpp: Missing one function in the rebase.
Mar 31, 2026
efac731
CVEAssert.cpp: Fixing compilation issues.
Mar 31, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 50 additions & 25 deletions resolve-cveassert/src/CVEAssert.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,31 +184,60 @@ struct LabelCVEPass : public PassInfoMixin<LabelCVEPass> {
sanitizeIntOverflow(&F, strategy);
}

/// For each function, if it matches the target function name, insert calls to
/// the vulnerability handlers as specified in the JSON. Each call receives
/// the triggering argument parsed from the JSON.
PreservedAnalyses runOnFunction(Function &F, ModuleAnalysisManager &MAM,
Vulnerability &vuln) {
/// Return true if F's name (raw or demangled) contains `targetName
///
/// Always returns true if targetName is empty
bool nameMatches(Function &F, const std::string &demangledName,
const std::string &targetName) {
// Empty function name matches all functions
if (targetName.empty()) {
return true;
}

// First check demangled name
if (demangledName.find(targetName) != std::string::npos) {
return true;
}

// Next fallback to raw symbols
if (F.getName().str().find(targetName) != std::string::npos) {
return true;
}

return false;
}

/// Return true if `F` meets instrumentation critera for vuln
bool shouldInstrument(Function &F, Vulnerability &vuln) {
// Skip noinstrument functions
if (F.getMetadata("resolve.noinstrument")) {
return false;
}

char *demangledNamePtr = llvm::itaniumDemangle(F.getName().str(), false);
std::string demangledName(demangledNamePtr ?: "");
auto result = PreservedAnalyses::all();

if (F.getMetadata("resolve.noinstrument")) { return result; }

if (CVE_ASSERT_DEBUG) {
errs() << "[CVEAssert] Trying fn " << F.getName()
<< " Demangled name: " << demangledName << "\n";
}

raw_ostream &out = errs();
return nameMatches(F, demangledName, vuln.TargetFunctionName);
}

if (vuln.TargetFunctionName.empty() ||
(demangledName.find(vuln.TargetFunctionName) == std::string::npos &&
F.getName().str().find(vuln.TargetFunctionName) ==
std::string::npos)) {
/// For each function, if it matches the target function name, insert calls to
/// the vulnerability handlers as specified in the JSON. Each call receives
/// the triggering argument parsed from the JSON.
PreservedAnalyses runOnFunction(Function &F, ModuleAnalysisManager &MAM,
Vulnerability &vuln) {
auto result = PreservedAnalyses::all();

if (!shouldInstrument(F, vuln)) {
return result;
}

raw_ostream &out = errs();

out << "[CVEAssert] === Pre Instrumented IR === \n";
out << F;

Expand All @@ -223,9 +252,9 @@ struct LabelCVEPass : public PassInfoMixin<LabelCVEPass> {
}

if (vuln.Strategy == Vulnerability::RemediationStrategies::NONE) {
errs() << "[CVEAssert] NONE strategy selected for " << vuln.TargetFileName
<< ":" << vuln.TargetFunctionName << "...\n";
errs() << "[CVEAssert] Skipping remediation\n";
out << "[CVEAssert] NONE strategy selected for " << vuln.TargetFileName
<< ":" << vuln.TargetFunctionName << "...\n";
out << "[CVEAssert] Skipping remediation\n";
return result;
}

Expand Down Expand Up @@ -275,20 +304,16 @@ struct LabelCVEPass : public PassInfoMixin<LabelCVEPass> {
break;

default:
errs() << "[CVEAssert] Error: CWE " << vuln.WeaknessID
<< " not implemented\n";
out << "[CVEAssert] Error: CWE " << vuln.WeaknessID
<< " not implemented\n";
break;
}

out << "[CVEAssert] === Post Instrumented IR === \n";
out << F;

if (verifyFunction(F, &out)) {
report_fatal_error("[CVEAssert] We broke something");
}
validateIR(&F);

errs() << "[CVEAssert] Inserted vulnerability handler calls in function "
<< vuln.TargetFileName << ":" << vuln.TargetFunctionName << "\n";
out << "[CVEAssert] Inserted vulnerability handler calls in function "
<< vuln.TargetFileName << ":" << vuln.TargetFunctionName << "\n";
return result;
}

Expand Down