Add subsequent error detection (CC_SUBS) #521
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the basic functionality to collect subsequent errors. Each error references preceding and subsequent errors, which improves the overall error detection, and which allows comprehending errors. In addition to that, the analysis is able to parse and deal with predicates that contain the keyword
this
. An example could look like this:A key size of
64
is not allowed. Therefore, the analysis reports aConstraintError
forKeyGenerator
andkg
is not secure. Hence, the returned key fromgenerateKey()
is not secure, too, and aRequiredPredicateError
is reported. ThisRequiredPredicateError
references the previousConstraintError
and allows reasoning that theRequiredPredicateError
is caused by theConstraintError
(and vice versa: theConstraintError
references theRequiredPredicateError
, that is, theConstraintError
causes theRequiredPredicateError
).The idea and logic was implemented by @marvinvo and most changes were taken from his work: https://github.com/marvinvo/CryptoAnalysis
Note: Currently, preceding and subsequent errors are not included in the reports, yet. They are only stored internally, which still allows testing the functionality.