secure-software-engineering · fabianbs96 · Sep 8, 2025 · Aug 27, 2025 · Aug 29, 2025 · Aug 30, 2025
@@ -15,6 +15,7 @@
 #include "phasar/DataFlow/IfdsIde/FlowFunctions.h"
 #include "phasar/DataFlow/IfdsIde/IDETabulationProblem.h"
 #include "phasar/PhasarLLVM/ControlFlow/LLVMBasedCFG.h"
+#include "phasar/PhasarLLVM/DB/LLVMProjectIRDB.h"
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMZeroValue.h"
 #include "phasar/PhasarLLVM/Domain/LLVMAnalysisDomain.h"
 #include "phasar/PhasarLLVM/Pointer/LLVMAliasInfo.h"
@@ -35,9 +36,6 @@
 
 namespace psr {
 
-class LLVMBasedICFG;
-class LLVMTypeHierarchy;
-
 namespace detail {
 
 class IDETypeStateAnalysisBaseCommon : public LLVMAnalysisDomainDefault {
@@ -123,7 +121,7 @@ class IDETypeStateAnalysisBase
   container_type getLocalAliasesAndAllocas(d_t V, llvm::StringRef Fname);
 
   /**
-   * @brief Checks if the type machtes the type of interest.
+   * @brief Checks if the type matches the type of interest.
    */
   bool hasMatchingType(d_t V);
 
@@ -132,7 +130,7 @@ class IDETypeStateAnalysisBase
     return generateFlow(FactToGenerate, LLVMZeroValue::getInstance());
   }
 
-  bool hasMatchingTypeName(const llvm::Type *Ty);
+  bool hasMatchingTypeName(const llvm::DIType *DITy);
 
   std::map<const llvm::Value *, LLVMAliasInfo::AliasSetTy> AliasCache;
   LLVMAliasInfoRef PT{};
@@ -283,11 +281,7 @@ class IDETypeStateAnalysis
     template <typename LL = l_t,
               typename = std::enable_if_t<HasJoinLatticeTraits<LL>>>
     TSConstant(l_t Value, EmptyType /*unused*/ = {}) noexcept
-        : ConstantEdgeFunction<l_t>{Value} {
-      if constexpr (!HasJoinLatticeTraits<l_t>) {
-        this->TSD = TSD;
-      }
-    }
+        : ConstantEdgeFunction<l_t>{Value} {}
 
     /// XXX: Cannot default compose() and join(), because l_t does not implement
     /// JoinLatticeTraits (because bottom value is not constant)

@@ -15,7 +15,6 @@
 
 #include "llvm/Support/raw_ostream.h"
 
-#include <map>
 #include <set>
 #include <string>
 

@@ -12,7 +12,6 @@
 
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/TypeStateDescriptions/TypeStateDescription.h"
 
-#include <map>
 #include <set>
 #include <string>
 

@@ -12,11 +12,13 @@
 
 #include "phasar/PhasarLLVM/Utils/DataFlowAnalysisType.h"
 
-#include "llvm/IR/InstrTypes.h"
-
 #include <set>
 #include <string>
 
+namespace llvm {
+class CallBase;
+} // namespace llvm
+
 namespace psr {
 
 struct TypeStateDescriptionBase {

@@ -20,13 +20,15 @@
 #include "llvm/IR/PassManager.h"
 
 #include <set>
+#include <vector>
 
 namespace llvm {
 class Type;
 class Value;
 class Instruction;
 class AnalysisUsage;
 class Module;
+class DICompositeType;
 } // namespace llvm
 
 namespace psr {
@@ -67,7 +69,7 @@ struct GeneralStatistics {
   size_t NumInstWithMultipleUses = 0;
   size_t NumInstsUsedOutsideBB = 0;
   size_t NonVoidInsts = 0;
-  std::set<const llvm::Type *> AllocatedTypes;
+  std::vector<const llvm::DICompositeType *> AllocatedTypes;
   std::set<const llvm::Instruction *> AllocaInstructions;
   std::set<const llvm::Instruction *> RetResInstructions;
   std::string ModuleName{};

@@ -0,0 +1,23 @@
+/******************************************************************************
+ * Copyright (c) 2025 Fabian Schiebel.
+ * All rights reserved. This program and the accompanying materials are made
+ * available under the terms of LICENSE.txt.
+ *
+ * Contributors:
+ *     Fabian Schiebel and others
+ *****************************************************************************/
+
+#ifndef PHASAR_PHASARLLVM_UTILS_ALLOCATEDTYPES_H
+#define PHASAR_PHASARLLVM_UTILS_ALLOCATEDTYPES_H
+
+#include "llvm/IR/DebugInfoMetadata.h"
+#include "llvm/IR/Module.h"
+
+#include <vector>
+
+namespace psr {
+[[nodiscard]] std::vector<const llvm::DICompositeType *>
+collectAllocatedTypes(const llvm::Module &Mod);
+} // namespace psr
+
+#endif // PHASAR_PHASARLLVM_UTILS_ALLOCATEDTYPES_H
@@ -104,6 +104,14 @@ std::string llvmIRToShortString(const llvm::Value *V);
 [[nodiscard]] std::string llvmTypeToString(const llvm::Type *Ty,
                                            bool Shorten = false);
 
+/**
+ * @brief Returns a string-representation of a LLVM Debug-Info type.
+ *
+ * @param Shorten Tries to shorten the output
+ */
+[[nodiscard]] std::string llvmTypeToString(const llvm::DIType *Ty,
+                                           bool Shorten = false);
+
 LLVM_DUMP_METHOD void dumpIRValue(const llvm::Value *V);
 LLVM_DUMP_METHOD void dumpIRValue(const llvm::Instruction *V);
 LLVM_DUMP_METHOD void dumpIRValue(const llvm::Function *V);
@@ -283,6 +291,8 @@ class ModulesToSlotTracker {
 getVaListTagOrNull(const llvm::Function &Fun);
 
 [[nodiscard]] bool isVaListAlloca(const llvm::AllocaInst &Alloc);
+
+[[nodiscard]] const llvm::DIType *stripPointerTypes(const llvm::DIType *DITy);
 } // namespace psr
 
 #endif
@@ -18,17 +18,12 @@
 
 #include "phasar/PhasarLLVM/DB/LLVMProjectIRDB.h"
 #include "phasar/PhasarLLVM/TypeHierarchy/DIBasedTypeHierarchy.h"
-#include "phasar/PhasarLLVM/Utils/LLVMIRToSrc.h"
+#include "phasar/PhasarLLVM/Utils/AllocatedTypes.h"
 #include "phasar/PhasarLLVM/Utils/LLVMShorthands.h"
 #include "phasar/Utils/Logger.h"
 
-#include "llvm/BinaryFormat/Dwarf.h"
-#include "llvm/IR/DebugInfoMetadata.h"
-#include "llvm/IR/DerivedTypes.h"
 #include "llvm/IR/Function.h"
 #include "llvm/IR/InstrTypes.h"
-#include "llvm/IR/Instructions.h"
-#include "llvm/Support/Casting.h"
 #include "llvm/Support/raw_ostream.h"
 
 using namespace psr;
@@ -85,52 +80,10 @@ void RTAResolver::resolveVirtualCall(FunctionSetTy &PossibleTargets,
 
 std::string RTAResolver::str() const { return "RTA"; }
 
-static const llvm::DICompositeType *
-isCompositeStructType(const llvm::DIType *Ty) {
-  if (const auto *CompTy = llvm::dyn_cast_if_present<llvm::DICompositeType>(Ty);
-      CompTy && (CompTy->getTag() == llvm::dwarf::DW_TAG_structure_type ||
-                 CompTy->getTag() == llvm::dwarf::DW_TAG_class_type)) {
-
-    return CompTy;
-  }
-
-  return nullptr;
-}
-
 void RTAResolver::resolveAllocatedCompositeTypes() {
   if (!AllocatedCompositeTypes.empty()) {
     return;
   }
 
-  llvm::DenseSet<const llvm::DICompositeType *> AllocatedTypes;
-
-  for (const auto *Inst : IRDB->getAllInstructions()) {
-    if (const auto *Alloca = llvm::dyn_cast<llvm::AllocaInst>(Inst)) {
-      if (const auto *Ty = isCompositeStructType(getVarTypeFromIR(Alloca))) {
-        AllocatedTypes.insert(Ty);
-      }
-    } else if (const auto *Call = llvm::dyn_cast<llvm::CallBase>(Inst)) {
-      if (const auto *Callee = llvm::dyn_cast<llvm::Function>(
-              Call->getCalledOperand()->stripPointerCastsAndAliases())) {
-        if (psr::isHeapAllocatingFunction(Callee)) {
-          const auto *MDNode = Call->getMetadata("heapallocsite");
-          if (const auto *CompTy = llvm::
-#if LLVM_VERSION_MAJOR >= 15
-                  dyn_cast_if_present
-#else
-                  dyn_cast_or_null
-#endif
-              <llvm::DICompositeType>(MDNode);
-              isCompositeStructType(CompTy)) {
-
-            AllocatedTypes.insert(CompTy);
-          }
-        }
-      }
-    }
-  }
-
-  AllocatedCompositeTypes.reserve(AllocatedTypes.size());
-  AllocatedCompositeTypes.insert(AllocatedCompositeTypes.end(),
-                                 AllocatedTypes.begin(), AllocatedTypes.end());
+  AllocatedCompositeTypes = collectAllocatedTypes(*IRDB->getModule());
 }
@@ -87,15 +87,6 @@ psr::getVFTIndexAndVT(const llvm::CallBase *CallSite) {
   return std::nullopt;
 }
 
-static const llvm::DIType *stripPointerTypes(const llvm::DIType *DITy) {
-  while (const auto *DerivedTy =
-             llvm::dyn_cast_if_present<llvm::DIDerivedType>(DITy)) {
-    // get rid of the pointer
-    DITy = DerivedTy->getBaseType();
-  }
-  return DITy;
-}
-
 const llvm::DIType *psr::getReceiverType(const llvm::CallBase *CallSite) {
   if (!CallSite || CallSite->arg_empty() ||
       (CallSite->hasStructRetAttr() && CallSite->arg_size() < 2)) {

@@ -9,10 +9,7 @@
 
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IDETypeStateAnalysis.h"
 
-#include "phasar/DataFlow/IfdsIde/EdgeFunctionUtils.h"
-#include "phasar/DataFlow/IfdsIde/FlowFunctions.h"
 #include "phasar/PhasarLLVM/ControlFlow/LLVMBasedCFG.h"
-#include "phasar/PhasarLLVM/DB/LLVMProjectIRDB.h"
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMFlowFunctions.h"
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMZeroValue.h"
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/TypeStateDescriptions/TypeStateDescription.h"
@@ -21,17 +18,17 @@
 #include "phasar/PhasarLLVM/Utils/LLVMShorthands.h"
 #include "phasar/Utils/Logger.h"
 
-#include "llvm/ADT/DenseMap.h"
 #include "llvm/Demangle/Demangle.h"
-#include "llvm/IR/AbstractCallSite.h"
+#include "llvm/IR/DebugInfoMetadata.h"
 #include "llvm/IR/Function.h"
 #include "llvm/IR/Instruction.h"
+#include "llvm/IR/Instructions.h"
+#include "llvm/IR/Metadata.h"
 #include "llvm/IR/Value.h"
 #include "llvm/Support/Casting.h"
 #include "llvm/Support/ErrorHandling.h"
 #include "llvm/Support/raw_ostream.h"
 
-#include <algorithm>
 #include <utility>
 
 namespace psr::detail {
@@ -284,59 +281,23 @@ auto IDETypeStateAnalysisBase::getLocalAliasesAndAllocas(
   return AliasAndAllocas;
 }
 
-bool IDETypeStateAnalysisBase::hasMatchingTypeName(const llvm::Type *Ty) {
-  if (const auto *StructTy = llvm::dyn_cast<llvm::StructType>(Ty);
-      StructTy && StructTy->hasName()) {
-    return isTypeNameOfInterest(StructTy->getName());
+bool IDETypeStateAnalysisBase::hasMatchingTypeName(const llvm::DIType *DITy) {
+  if (llvm::isa<llvm::DICompositeType>(DITy) && !DITy->getName().empty()) {
+    return isTypeNameOfInterest(DITy->getName());
   }
-  // primitive type
-  std::string Str;
-  llvm::raw_string_ostream S(Str);
-  S << *Ty;
-  S.flush();
-  return isTypeNameOfInterest(Str);
+
+  return true; // Conservatively return true
 }
 
 bool IDETypeStateAnalysisBase::hasMatchingType(d_t V) {
-  // General case
-  if (V->getType()->isPointerTy() && !V->getType()->isOpaquePointerTy()) {
-    if (hasMatchingTypeName(V->getType()->getNonOpaquePointerElementType())) {
-      return true;
-    }
-    // fallthrough
-  }
-  if (const auto *Alloca = llvm::dyn_cast<llvm::AllocaInst>(V)) {
-    if (Alloca->getAllocatedType()->isPointerTy()) {
-      if (Alloca->getAllocatedType()->isOpaquePointerTy() ||
-          hasMatchingTypeName(
-              Alloca->getAllocatedType()->getNonOpaquePointerElementType())) {
-        return true;
-      }
-    }
-    return false;
-  }
-  if (const auto *Load = llvm::dyn_cast<llvm::LoadInst>(V)) {
-    if (Load->getType()->isPointerTy()) {
-      if (Load->getType()->isOpaquePointerTy() ||
-          hasMatchingTypeName(
-              Load->getType()->getNonOpaquePointerElementType())) {
-        return true;
-      }
+  if (const auto *VarTy = getVarTypeFromIR(V)) {
+    if (const auto *BaseTy = stripPointerTypes(VarTy)) {
+      return hasMatchingTypeName(BaseTy);
     }
-    return false;
-  }
-  if (const auto *Store = llvm::dyn_cast<llvm::StoreInst>(V)) {
-    if (Store->getValueOperand()->getType()->isPointerTy()) {
-      if (Store->getValueOperand()->getType()->isOpaquePointerTy() ||
-          hasMatchingTypeName(Store->getValueOperand()
-                                  ->getType()
-                                  ->getNonOpaquePointerElementType())) {
-        return true;
-      }
-    }
-    return false;
+
+    return isTypeNameOfInterest(VarTy->getName());
   }
-  return false;
-}
 
+  return true;
+}
 } // namespace psr::detail
@@ -9,8 +9,6 @@
 
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/TypeStateDescriptions/CSTDFILEIOTypeStateDescription.h"
 
-#include "phasar/PhasarLLVM/DB/LLVMProjectIRDB.h"
-
 #include "llvm/ADT/StringMap.h"
 #include "llvm/Support/ErrorHandling.h"
 
@@ -127,7 +125,7 @@ CSTDFILEIOTypeStateDescription::getNextState(llvm::StringRef Tok,
 }
 
 std::string CSTDFILEIOTypeStateDescription::getTypeNameOfInterest() const {
-  return "struct._IO_FILE";
+  return "_IO_FILE";
 }
 
 std::set<int>

@@ -11,8 +11,6 @@
 
 #include "phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/TypeStateDescriptions/OpenSSLEVPKDFDescription.h"
 
-#include "llvm/IR/Instruction.h"
-#include "llvm/IR/Value.h"
 #include "llvm/Support/ErrorHandling.h"
 
 #include <set>
@@ -125,7 +123,7 @@ OpenSSLEVPKDFCTXState OpenSSLEVPKDFCTXDescription::getNextState(
 }
 
 std::string OpenSSLEVPKDFCTXDescription::getTypeNameOfInterest() const {
-  return "struct.evp_kdf_ctx_st";
+  return "evp_kdf_ctx_st";
 }
 
 std::set<int>