Assignment-3: split harness into AEHelper/AEReporter, hand 3 driver#70
Merged
Merged
Conversation
added 5 commits
June 4, 2026 15:15
entry points to students, restructure header around the 6 tasks
Code-organisation changes
-------------------------
- Split the harness: AEReporter.{cpp,h,py} keeps the AEReporter class
(bug accumulation, assertion-point tracking, JSON / coverage summary)
while AEHelper.{cpp,py} owns every AbstractExecution::* method that
belongs to the harness driver (analyse / runOnModule / initWTO /
handleCallSite / handleStubFunctions / handleCheckpointStubs /
ensureAllAssertsValidated / state-manager forwarders / etc.).
- Hand `handleGlobalNode`, `handleFunction`, `handleICFGNode` to
students — they now appear as empty stubs in Assignment_3.{cpp,py}.
The harness's `analyse()` calls into the student-implemented driver
from there.
- Reorganise Assignment_3.h around the six student tasks
(statement transfer, branch refinement, cycle / recursion fixpoint,
external-API summaries, buffer-overflow checker, nullptr-deref
checker) with section banners and remove the meaningless
per-declaration comments.
Skeleton-only cleanup
---------------------
- Drop declarations from Assignment_3.h that the student skeleton has
no body for: `gepObjOffsetFromBase` + the four GEP-offset helpers
(updateGepObjOffsetFromBase / hasGepObjOffsetFromBase /
getGepObjOffsetFromBase / getAccessOffset) and the `getStrlen`
helper. Students design these private helpers themselves.
Renames / documentation
-----------------------
- Drop the dead `cycleHeadToCycle` member and the `_funcsInFlight`
recursion guard (replaced by SVF-style `inSameCallGraphSCC`
earlier).
- Expand `isExternalCallForAssignment` to cover all external APIs
the published test set exercises (memory and string families plus
the assignment-specific mem_insert / str_insert stubs). Substring
match handles LLVM intrinsic mangling.
- The Task-4 docstring lists the full set of recognised external
function names instead of the previous open-ended "...".
- Avoid "state-manager" terminology in comments and Python attribute
names: `self.svf_state_mgr` → `self.ai` to mirror the C++
identifier.
Reporting / output
------------------
- AEReporter.printReport renders one section per kind ("Bug Reports
(N total)" with per-kind subheadings) instead of mislabelling
everything as "Buffer Overflow".
The empty Assignment_3 skeleton intentionally trips
`ensureAllAssertsValidated` on the three published cases — that is
the assertion the harness uses to surface "your control flow never
reached the stub call site".
Mirrors the structure that now lives in Assignment_3.h on the C++ side: file-level 6-task overview, driver entry points section, and one banner per task. Adds the previously missing `nullptrDerefDetection` stub (Task 6) for parity with the C++ skeleton.
helpers the course skeleton no longer declares isBranchFeasible / isCmpBranchFeasible / isSwitchBranchFeasible, canSafelyAccessMemory / canSafelyDerefPtr, and the eleven updateStateOn* per-kind transfer helpers were declared in Assignment_3.h but never had bodies in Assignment_3.cpp. The earlier pass cleared the declarations themselves; this commit also clears the matching mentions in the 6-task overview and in the Task 1 / 2 / 5 / 6 section banners so students don't see the dangling names.
/ analyse / handleCallSite / reportBufOverflow / reportNullDeref out of AEHelper) These five methods orchestrate the per-node / per-call flow that students design — they sit naturally next to the six tasks rather than in the harness. The course skeleton ships the full bodies, mirroring the answer repo, so a working pipeline is in place from day one; students may rewrite if their design needs a different shape. C++ --- - AEHelper.cpp: delete the five method bodies and the now-stale "bug-reporter thin wrappers" section banner. - Assignment_3.cpp: append the five method bodies under a new "Analysis driver" section banner; add includes for AbstractInterpretation.h and WPA/Andersen.h. Fix the stale "in AEHelper.cpp" comment. - AEHelper.cpp top docstring rewritten to describe what's actually left. Python ------ - AEHelper.py: drop AbstractExecution.analyse and AbstractExecution.handleCallSite. - Assignment_3.py: replace the previous handleCallSite TODO stub with the pre-implemented body; append analyse and the reportBufOverflow / reportNullDeref forwarders. - Top-of-file docstring + Driver section banner now refer to analyse() "defined below" instead of "in AEHelper.py"; Task 4 no longer mentions handleCallSite as a student TODO.
the 4 driver entry points + handleCallSite TODO
Header overview
---------------
- Drop the right-side function-name parens from the 6-task list so
students don't get prematurely steered into specific signatures.
- Annotate each engine task with the entry point where it typically
lives ("typically inside handleICFGNode / handleICFGCycle /
handleCallSite"), so students see where their work plugs in.
- Update the top-of-class docstring so handleCallSite is listed as a
TODO (not "pre-implemented") and the driver list is just runOnModule
/ analyse / report* forwarders.
Student TODO surface
--------------------
- Keep only four driver TODOs in Assignment_3.cpp / .py: handleGlobalNode,
handleFunction, handleICFGNode, handleICFGCycle. Drop the explicit
updateAbsState / mergeStatesFromPredecessors / updateStateOnExtCall /
bufOverflowDetection / nullptrDerefDetection stubs — no-op virtual
defaults now live on the parent (inline {} in Assignment_3.h on the
C++ side, methods on AbstractExecution in AEHelper.py on the Python
side). Students override these if they want the analyse-driven
pipeline to call into their work.
- handleCallSite becomes a fifth student TODO. Its previous full body
is distilled into a comment-table above the empty function so
students know what to dispatch on (svf_assert / svf_assert_eq, the
SAFE_/UNSAFE_ checkpoint stubs, nd / rand, generic external calls,
and the recursion-aware inline branch).
Driver layout
-------------
- Move runOnModule + analyse + reportBufOverflow + reportNullDeref to
the top of Assignment_3.cpp / Assignment_3.py (right after the
includes), with student TODOs underneath.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.