Migrate local and CI linting and formatting to trunk.io

.github/workflows/lint.yml

@@ -0,0 +1,19 @@
+name: Trunk Lint
+
+on:
+  workflow_dispatch: {}
+  push:
+    branches:
+      - master
+  pull_request: {}
+  merge_group: {}
+
+permissions: read-all
+
+jobs:
+  lint:
+    uses: trailofbits/.github/.github/workflows/[email protected]
+    permissions:
+      contents: read
+      pull-requests: read
+      checks: write

mypy.ini → .mypy.ini

@@ -1,3 +1,4 @@
 [mypy]
 ignore_missing_imports = True
 exclude = polytracker/src/compiler-rt
+python_version = 3.8

.ruff.toml

@@ -0,0 +1,18 @@
+line-length = 127
+
+exclude = [
+  ".git",
+  "__pycache__",
+  "polytracker/src/compiler-rt/**",
+  "examples/**",
+  "the_klondike",
+  "third_party",
+]
+
+select = ["B", "D3", "D4", "E", "F", "W", "C9"]
+
+ignore = ["E501", "F403", "F405", "E265", "E203"]
+
+mccabe.max-complexity = 30
+
+target-version = "py38"

.trunk/.gitignore

@@ -0,0 +1,8 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml

.trunk/configs/.hadolint.yaml

@@ -0,0 +1,4 @@
+# Following source doesn't work in most setups
+ignored:
+  - SC1090
+  - SC1091

.trunk/configs/.isort.cfg

@@ -0,0 +1,2 @@
+[settings]
+profile=black

.trunk/configs/.markdownlint.yaml

@@ -0,0 +1,10 @@
+# Autoformatter friendly markdownlint config (all formatting rules disabled)
+default: true
+blank_lines: false
+bullet: false
+html: false
+indentation: false
+line_length: false
+spaces: false
+url: false
+whitespace: false

.trunk/configs/.shellcheckrc

@@ -0,0 +1,7 @@
+enable=all
+source-path=SCRIPTDIR
+disable=SC2154
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+disable=SC1091

.trunk/configs/.yamllint.yaml

@@ -0,0 +1,10 @@
+rules:
+  quoted-strings:
+    required: only-when-needed
+    extra-allowed: ["{|}"]
+  empty-values:
+    forbid-in-block-mappings: true
+    forbid-in-flow-mappings: true
+  key-duplicates: {}
+  octal-values:
+    forbid-implicit-octal: true

.trunk/configs/svgo.config.js

@@ -0,0 +1,14 @@
+module.exports = {
+  plugins: [
+    {
+      name: "preset-default",
+      params: {
+        overrides: {
+          removeViewBox: false, // https://github.com/svg/svgo/issues/1128
+          sortAttrs: true,
+          removeOffCanvasPaths: true,
+        },
+      },
+    },
+  ],
+};

.trunk/trunk.yaml

@@ -0,0 +1,48 @@
+version: 0.1
+cli:
+  version: 1.14.1
+plugins:
+  sources:
+    - id: trunk
+      ref: v1.2.1
+      uri: https://github.com/trunk-io/plugins
+runtimes:
+  enabled:
+    - [email protected]
+    - [email protected]
+    - [email protected]
+lint:
+  ignore:
+    - linters: [ALL]
+      paths:
+        - polytracker/src/compiler-rt/**
+  enabled:
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - git-diff-check
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+    - [email protected]
+actions:
+  disabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-fmt-pre-commit
+  enabled:
+    - trunk-upgrade-available

Makefile

@@ -1,24 +1,23 @@
-# This is intentionally a very simple top-level Makefile, just to drive the
-# semi-complicated CMake build process.
+.PHONY: all
+all:
+	@echo "Run my targets individually!"
 
-# This Makefile provides a few top-level targets
-.PHONY: install clean check
+.PHONY: docker
+docker:
+	DOCKER_BUILDKIT=1 docker build -t trailofbits/polytracker -f Dockerfile .
 
-CC       := clang
-CXX      := clang++
-CFLAGS   := -DSANITIZER_DEBUG=1 -Wall -Wextra -Wno-unused-parameter
-CXXFLAGS := $(CFLAGS)
+.PHONY: lint
+lint:
+	trunk check
 
-install: .cmake_init
-	$(MAKE) -C build install
+.PHONY: format
+format:
+	trunk fmt
 
-.cmake_init:
-	mkdir -p build
-	cd build && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=1 -DCMAKE_BUILD_TYPE=Debug ../
-	touch $@
+.PHONY: test
+test:
+	docker run --rm trailofbits/polytracker pytest /polytracker/tests
 
+.PHONY: clean
 clean:
-	rm -rf build .cmake_init
-
-check: install
-	env PATH="$$PATH:$$PWD/build/bin/polytracker" polytracker/test/test-polytracker
+	docker rmi $(docker images --filter=reference="trailofbits/polytracker*" -q)

README.md

@@ -208,6 +208,12 @@ POLYDB: A path to which to save the output database (default is polytracker.tdag
 WLLVM_ARTIFACT_STORE: Provides a path to an existing directory to store artifact/manifest for all build targets
 
 POLYTRACKER_TAINT_ARGV: Set to '1' to use argv as a taint source.
+
+POLYTRACKER_STDIN_SOURCE: Set to '1' to use stdin as a taint source.
+
+POLYTRACKER_STDOUT_SINK: Set to '1' to use stdout as a taint sink.
+
+POLYTRACKER_STDERR_SINK: Set to '1' to use stderr as a taint sink.
 ```
 
 Polytracker will set its configuration parameters in the following order:
@@ -289,54 +295,9 @@ versions of standard library bitcode. We highly recommend using our pre-built
 and tested Docker container if at all possible. Installing the PolyTracker
 Python package on your host system will allow you to seamlessly interact with
 the prebuilt Docker container. Otherwise, to install PolyTracker natively, we
-recommend first replicating the install process from the
-[`polytracker-llvm` Dockerfile](https://github.com/trailofbits/polytracker-llvm/blob/polytracker/Dockerfile),
-followed by replicating the install process from the
+recommend replicating the install process from the
 [PolyTracker Dockerfile](Dockerfile).
 
-### Build Dependencies
-
-- [**PolyTracker LLVM**](https://github.com/trailofbits/polytracker-llvm).
-  PolyTracker is built atop its own fork of LLVM,
-  [`polytracker-llvm`](https://github.com/trailofbits/polytracker-llvm). This
-  fork modifies the
-  [DataFlow Sanitizer](https://clang.llvm.org/docs/DataFlowSanitizer.html) to
-  use increased label sizes (to allow for tracking orders of magnitude more
-  taints), as well as alternative data structures to store them. We have
-  investigated up-streaming our changes into LLVM proper, but there has been
-  little interest.
-- [**CMake**](https://cmake.org)
-- [**Ninja**](https://ninja-build.org) (`ninja-build` on Ubuntu)
-
-### Runtime Dependencies
-
-The following tools are required to test and run PolyTracker:
-
-- Python 3.7+ and `pip` (`apt-get -y install python3.7 python3-pip`). These are
-  used for both seamlessly interacting with the Docker container (if necessary),
-  as well as post-processing and analyzing the artifacts produced from runtime
-  traces.
-- [gllvm](https://github.com/SRI-CSL/gllvm)
-  (`go get github.com/SRI-CSL/gllvm/cmd/...`) is used to create whole program
-  bitcode archives and to extract bitcode from targets.
-
-### Building on Apple silicon:
-
-Prebuilt Docker images for `polytracker-llvm` are only available for `amd64`.
-Users with `arm64` systems will have to build the image locally and then change
-`polytracker`'s Dockerfile to point to it:
-
-```commandline
-$ mkdir repos && cd repos
-$ git clone https://github.com/trailofbits/polytracker
-$ git clone https://github.com/trailofbits/polytracker-llvm
-$ cd polytracker-llvm
-$ DOCKER_BUILDKIT=1 docker build -t trailofbits/polytracker-llvm .
-$ cd ../polytracker
-$ ## Replace the first line of the Dockerfile with "FROM trailofbits/polytracker-llvm:latest" (no quotes)
-$ docker build -t trailofbits/polytracker .
-```
-
 ## Current Status and Known Issues
 
 PolyTracker currently only runs on Linux, because that is the only system