Fix taint analysis (#648)

* Move Source/Sink/Sanitizer handling from CTR to Summary FF preventing those functions from being analyzed

* Fix TA summary FF

* Add insertvalue and bitcast handling

* Improve alias-handling in TA

* minor style

Author: fabianbs96

include/phasar/PhasarLLVM/DataFlow/IfdsIde/LLVMFlowFunctions.h

@@ -179,6 +179,12 @@ mapFactsToCallee(const llvm::CallBase *CallSite, const llvm::Function *DestFun,
       llvm::Function::const_arg_iterator ParamIt = DestFun->arg_begin();
       llvm::Function::const_arg_iterator ParamEnd = DestFun->arg_end();
 
+      if (ParamIt != ParamEnd && (*ParamIt).hasStructRetAttr()) {
+        // sret parameters are writeonly
+        ++ParamIt;
+        ++ArgIt;
+      }
+
       for (; ParamIt != ParamEnd; ++ParamIt, ++ArgIt) {
         if (std::invoke(PropArg, ArgIt->get(), Source)) {
           Res.insert(std::invoke(FactConstructor, &*ParamIt));

include/phasar/PhasarLLVM/DataFlow/IfdsIde/Problems/IFDSTaintAnalysis.h

@@ -98,8 +98,10 @@ class IFDSTaintAnalysis
   bool isSanitizerCall(const llvm::CallBase *CB,
                        const llvm::Function *Callee) const;
 
-  void populateWithMayAliases(std::set<d_t> &Facts) const;
-  void populateWithMustAliases(std::set<d_t> &Facts) const;
+  void populateWithMayAliases(container_type &Facts,
+                              const llvm::Instruction *Context) const;
+  void populateWithMustAliases(container_type &Facts,
+                               const llvm::Instruction *Context) const;
 };
 } // namespace psr