Static Value-Flow Analysis
Loading...
Searching...
No Matches
AbstractInterpretation.cpp
Go to the documentation of this file.
1//===- AbstractExecution.cpp -- Abstract Execution---------------------------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22
23
24//
25// Created by Jiawei Wang on 2024/1/10.
26//
27
28#include "AE/Svfexe/AbstractInterpretation.h"
29#include "AE/Svfexe/AbsExtAPI.h"
30#include "SVFIR/SVFIR.h"
31#include "Util/Options.h"
32#include "Util/WorkList.h"
33#include "Graphs/CallGraph.h"
34#include "WPA/Andersen.h"
35#include <cmath>
36
37using namespace SVF;
38using namespace SVFUtil;
39using namespace z3;
40
41
42void AbstractInterpretation::runOnModule(ICFG *_icfg)
43{
44 stat->startClk();
45 icfg = _icfg;
46 svfir = PAG::getPAG();
47 utils = new AbsExtAPI(abstractTrace);
48
50 collectCheckPoint();
51
52 analyse();
53 checkPointAllSet();
54 stat->endClk();
55 stat->finializeStat();
56 if (Options::PStat())
57 stat->performStat();
58 for (auto& detector: detectors)
59 detector->reportBug();
60}
61
67AbstractInterpretation::~AbstractInterpretation()
68{
69 delete stat;
70 for (auto it: funcToWTO)
71 delete it.second;
72}
73
83void AbstractInterpretation::initWTO()
84{
85 AndersenWaveDiff* ander = AndersenWaveDiff::createAndersenWaveDiff(svfir);
86 // Detect if the call graph has cycles by finding its strongly connected components (SCC)
87 Andersen::CallGraphSCC* callGraphScc = ander->getCallGraphSCC();
88 callGraphScc->find();
89 CallGraph* callGraph = ander->getCallGraph();
90
91 // Iterate through the call graph
92 for (auto it = callGraph->begin(); it != callGraph->end(); it++)
93 {
94 // Check if the current function is part of a cycle
95 if (callGraphScc->isInCycle(it->second->getId()))
96 recursiveFuns.insert(it->second->getFunction()); // Mark the function as recursive
97
98 // In TOP mode, calculate the WTO
99 if (Options::HandleRecur() == TOP)
100 {
101 if (it->second->getFunction()->isDeclaration())
102 continue;
103 auto* wto = new ICFGWTO(icfg, icfg->getFunEntryICFGNode(it->second->getFunction()));
104 wto->init();
105 funcToWTO[it->second->getFunction()] = wto;
106 }
107 // In WIDEN_TOP or WIDEN_NARROW mode, calculate the IWTO
108 else if (Options::HandleRecur() == WIDEN_ONLY ||
109 Options::HandleRecur() == WIDEN_NARROW)
110 {
111 const FunObjVar *fun = it->second->getFunction();
112 if (fun->isDeclaration())
113 continue;
114
115 NodeID repNodeId = callGraphScc->repNode(it->second->getId());
116 auto cgSCCNodes = callGraphScc->subNodes(repNodeId);
117
118 // Identify if this node is an SCC entry (nodes who have incoming edges
119 // from nodes outside the SCC). Also identify non-recursive callsites.
120 bool isEntry = false;
121 if (it->second->getInEdges().empty())
122 isEntry = true;
123 for (auto inEdge: it->second->getInEdges())
124 {
125 NodeID srcNodeId = inEdge->getSrcID();
126 if (!cgSCCNodes.test(srcNodeId))
127 {
128 isEntry = true;
129 const CallICFGNode *callSite = nullptr;
130 if (inEdge->isDirectCallEdge())
131 callSite = *(inEdge->getDirectCalls().begin());
132 else if (inEdge->isIndirectCallEdge())
133 callSite = *(inEdge->getIndirectCalls().begin());
134 else
135 assert(false && "CallGraphEdge must "
136 "be either direct or indirect!");
137
138 nonRecursiveCallSites.insert(
139 {callSite, inEdge->getDstNode()->getFunction()->getId()});
140 }
141 }
142
143 // Compute IWTO for the function partition entered from each partition entry
144 if (isEntry)
145 {
146 ICFGIWTO* iwto = new ICFGIWTO(icfg, icfg->getFunEntryICFGNode(fun),
147 cgSCCNodes, callGraph);
148 iwto->init();
149 funcToWTO[it->second->getFunction()] = iwto;
150 }
151 }
152 else
153 assert(false && "Invalid recursion mode specified!");
154 }
155}
156
158void AbstractInterpretation::analyse()
159{
160 initWTO();
161 // handle Global ICFGNode of SVFModule
162 handleGlobalNode();
163 getAbsStateFromTrace(
164 icfg->getGlobalICFGNode())[PAG::getPAG()->getBlkPtr()] = IntervalValue::top();
165 if (const CallGraphNode* cgn = svfir->getCallGraph()->getCallGraphNode("main"))
166 {
167 const ICFGWTO* wto = funcToWTO[cgn->getFunction()];
168 handleWTOComponents(wto->getWTOComponents());
169 }
170}
171
173void AbstractInterpretation::handleGlobalNode()
174{
175 const ICFGNode* node = icfg->getGlobalICFGNode();
176 abstractTrace[node] = AbstractState();
177 abstractTrace[node][IRGraph::NullPtr] = AddressValue();
178 // Global Node, we just need to handle addr, load, store, copy and gep
179 for (const SVFStmt *stmt: node->getSVFStmts())
180 {
181 handleSVFStatement(stmt);
182 }
183}
184
188bool AbstractInterpretation::mergeStatesFromPredecessors(const ICFGNode * icfgNode)
189{
190 std::vector<AbstractState> workList;
191 AbstractState preAs;
192 for (auto& edge: icfgNode->getInEdges())
193 {
194 if (abstractTrace.find(edge->getSrcNode()) != abstractTrace.end())
195 {
196
197 if (const IntraCFGEdge *intraCfgEdge =
198 SVFUtil::dyn_cast<IntraCFGEdge>(edge))
199 {
200 AbstractState tmpEs = abstractTrace[edge->getSrcNode()];
201 if (intraCfgEdge->getCondition())
202 {
203 if (isBranchFeasible(intraCfgEdge, tmpEs))
204 {
205 workList.push_back(tmpEs);
206 }
207 else
208 {
209 // do nothing
210 }
211 }
212 else
213 {
214 workList.push_back(tmpEs);
215 }
216 }
217 else if (const CallCFGEdge *callCfgEdge =
218 SVFUtil::dyn_cast<CallCFGEdge>(edge))
219 {
220
221 // context insensitive implementation
222 workList.push_back(
223 abstractTrace[callCfgEdge->getSrcNode()]);
224 }
225 else if (const RetCFGEdge *retCfgEdge =
226 SVFUtil::dyn_cast<RetCFGEdge>(edge))
227 {
228 switch (Options::HandleRecur())
229 {
230 case TOP:
231 {
232 workList.push_back(abstractTrace[retCfgEdge->getSrcNode()]);
233 break;
234 }
235 case WIDEN_ONLY:
236 case WIDEN_NARROW:
237 {
238 const RetICFGNode* returnSite = SVFUtil::dyn_cast<RetICFGNode>(icfgNode);
239 const CallICFGNode* callSite = returnSite->getCallICFGNode();
240 if (hasAbsStateFromTrace(callSite))
241 workList.push_back(abstractTrace[retCfgEdge->getSrcNode()]);
242 }
243 }
244 }
245 else
246 assert(false && "Unhandled ICFGEdge type encountered!");
247 }
248 }
249 if (workList.size() == 0)
250 {
251 return false;
252 }
253 else
254 {
255 while (!workList.empty())
256 {
257 preAs.joinWith(workList.back());
258 workList.pop_back();
259 }
260 // Has ES on the in edges - Feasible block
261 // update post as
262 abstractTrace[icfgNode] = preAs;
263 return true;
264 }
265}
266
267
268bool AbstractInterpretation::isCmpBranchFeasible(const CmpStmt* cmpStmt, s64_t succ,
269 AbstractState& as)
270{
271 AbstractState new_es = as;
272 // get cmp stmt's op0, op1, and predicate
273 NodeID op0 = cmpStmt->getOpVarID(0);
274 NodeID op1 = cmpStmt->getOpVarID(1);
275 NodeID res_id = cmpStmt->getResID();
276 s32_t predicate = cmpStmt->getPredicate();
277 // if op0 or op1 is nullptr, no need to change value, just copy the state
278 if (op0 == IRGraph::NullPtr || op1 == IRGraph::NullPtr)
279 {
280 as = new_es;
281 return true;
282 }
283 // if op0 or op1 is undefined, return;
284 // skip address compare
285 if (new_es.inVarToAddrsTable(op0) || new_es.inVarToAddrsTable(op1))
286 {
287 as = new_es;
288 return true;
289 }
290 const LoadStmt *load_op0 = nullptr;
291 const LoadStmt *load_op1 = nullptr;
292 // get '%1 = load i32 s', and load inst may not exist
293 SVFVar* loadVar0 = svfir->getGNode(op0);
294 if (!loadVar0->getInEdges().empty())
295 {
296 SVFStmt *loadVar0InStmt = *loadVar0->getInEdges().begin();
297 if (const LoadStmt *loadStmt = SVFUtil::dyn_cast<LoadStmt>(loadVar0InStmt))
298 {
299 load_op0 = loadStmt;
300 }
301 else if (const CopyStmt *copyStmt = SVFUtil::dyn_cast<CopyStmt>(loadVar0InStmt))
302 {
303 loadVar0 = svfir->getGNode(copyStmt->getRHSVarID());
304 if (!loadVar0->getInEdges().empty())
305 {
306 SVFStmt *loadVar0InStmt2 = *loadVar0->getInEdges().begin();
307 if (const LoadStmt *loadStmt = SVFUtil::dyn_cast<LoadStmt>(loadVar0InStmt2))
308 {
309 load_op0 = loadStmt;
310 }
311 }
312 }
313 }
314
315 SVFVar* loadVar1 = svfir->getGNode(op1);
316 if (!loadVar1->getInEdges().empty())
317 {
318 SVFStmt *loadVar1InStmt = *loadVar1->getInEdges().begin();
319 if (const LoadStmt *loadStmt = SVFUtil::dyn_cast<LoadStmt>(loadVar1InStmt))
320 {
321 load_op1 = loadStmt;
322 }
323 else if (const CopyStmt *copyStmt = SVFUtil::dyn_cast<CopyStmt>(loadVar1InStmt))
324 {
325 loadVar1 = svfir->getGNode(copyStmt->getRHSVarID());
326 if (!loadVar1->getInEdges().empty())
327 {
328 SVFStmt *loadVar1InStmt2 = *loadVar1->getInEdges().begin();
329 if (const LoadStmt *loadStmt = SVFUtil::dyn_cast<LoadStmt>(loadVar1InStmt2))
330 {
331 load_op1 = loadStmt;
332 }
333 }
334 }
335 }
336 // for const X const, we may get concrete resVal instantly
337 // for var X const, we may get [0,1] if the intersection of var and const is not empty set
338 IntervalValue resVal = new_es[res_id].getInterval();
339 resVal.meet_with(IntervalValue((s64_t) succ, succ));
340 // If Var X const generates bottom value, it means this branch path is not feasible.
341 if (resVal.isBottom())
342 {
343 return false;
344 }
345
346 bool b0 = new_es[op0].getInterval().is_numeral();
347 bool b1 = new_es[op1].getInterval().is_numeral();
348
349 // if const X var, we should reverse op0 and op1.
350 if (b0 && !b1)
351 {
352 std::swap(op0, op1);
353 std::swap(load_op0, load_op1);
354 predicate = _switch_lhsrhs_predicate[predicate];
355 }
356 else
357 {
358 // if var X var, we cannot preset the branch condition to infer the intervals of var0,var1
359 if (!b0 && !b1)
360 {
361 as = new_es;
362 return true;
363 }
364 // if const X const, we can instantly get the resVal
365 else if (b0 && b1)
366 {
367 as = new_es;
368 return true;
369 }
370 }
371 // if cmp is 'var X const == false', we should reverse predicate 'var X' const == true'
372 // X' is reverse predicate of X
373 if (succ == 0)
374 {
375 predicate = _reverse_predicate[predicate];
376 }
377 else {}
378 // change interval range according to the compare predicate
379 AddressValue addrs;
380 if(load_op0 && new_es.inVarToAddrsTable(load_op0->getRHSVarID()))
381 addrs = new_es[load_op0->getRHSVarID()].getAddrs();
382
383 IntervalValue &lhs = new_es[op0].getInterval(), &rhs = new_es[op1].getInterval();
384 switch (predicate)
385 {
386 case CmpStmt::Predicate::ICMP_EQ:
387 case CmpStmt::Predicate::FCMP_OEQ:
388 case CmpStmt::Predicate::FCMP_UEQ:
389 {
390 // Var == Const, so [var.lb, var.ub].meet_with(const)
391 lhs.meet_with(rhs);
392 // if lhs is register value, we should also change its mem obj
393 for (const auto &addr: addrs)
394 {
395 NodeID objId = new_es.getIDFromAddr(addr);
396 if (new_es.inAddrToValTable(objId))
397 {
398 new_es.load(addr).meet_with(rhs);
399 }
400 }
401 break;
402 }
403 case CmpStmt::Predicate::ICMP_NE:
404 case CmpStmt::Predicate::FCMP_ONE:
405 case CmpStmt::Predicate::FCMP_UNE:
406 // Compliment set
407 break;
408 case CmpStmt::Predicate::ICMP_UGT:
409 case CmpStmt::Predicate::ICMP_SGT:
410 case CmpStmt::Predicate::FCMP_OGT:
411 case CmpStmt::Predicate::FCMP_UGT:
412 // Var > Const, so [var.lb, var.ub].meet_with([Const+1, +INF])
413 lhs.meet_with(IntervalValue(rhs.lb() + 1, IntervalValue::plus_infinity()));
414 // if lhs is register value, we should also change its mem obj
415 for (const auto &addr: addrs)
416 {
417 NodeID objId = new_es.getIDFromAddr(addr);
418 if (new_es.inAddrToValTable(objId))
419 {
420 new_es.load(addr).meet_with(
421 IntervalValue(rhs.lb() + 1, IntervalValue::plus_infinity()));
422 }
423 }
424 break;
425 case CmpStmt::Predicate::ICMP_UGE:
426 case CmpStmt::Predicate::ICMP_SGE:
427 case CmpStmt::Predicate::FCMP_OGE:
428 case CmpStmt::Predicate::FCMP_UGE:
429 {
430 // Var >= Const, so [var.lb, var.ub].meet_with([Const, +INF])
431 lhs.meet_with(IntervalValue(rhs.lb(), IntervalValue::plus_infinity()));
432 // if lhs is register value, we should also change its mem obj
433 for (const auto &addr: addrs)
434 {
435 NodeID objId = new_es.getIDFromAddr(addr);
436 if (new_es.inAddrToValTable(objId))
437 {
438 new_es.load(addr).meet_with(
439 IntervalValue(rhs.lb(), IntervalValue::plus_infinity()));
440 }
441 }
442 break;
443 }
444 case CmpStmt::Predicate::ICMP_ULT:
445 case CmpStmt::Predicate::ICMP_SLT:
446 case CmpStmt::Predicate::FCMP_OLT:
447 case CmpStmt::Predicate::FCMP_ULT:
448 {
449 // Var < Const, so [var.lb, var.ub].meet_with([-INF, const.ub-1])
450 lhs.meet_with(IntervalValue(IntervalValue::minus_infinity(), rhs.ub() - 1));
451 // if lhs is register value, we should also change its mem obj
452 for (const auto &addr: addrs)
453 {
454 NodeID objId = new_es.getIDFromAddr(addr);
455 if (new_es.inAddrToValTable(objId))
456 {
457 new_es.load(addr).meet_with(
458 IntervalValue(IntervalValue::minus_infinity(), rhs.ub() - 1));
459 }
460 }
461 break;
462 }
463 case CmpStmt::Predicate::ICMP_ULE:
464 case CmpStmt::Predicate::ICMP_SLE:
465 case CmpStmt::Predicate::FCMP_OLE:
466 case CmpStmt::Predicate::FCMP_ULE:
467 {
468 // Var <= Const, so [var.lb, var.ub].meet_with([-INF, const.ub])
469 lhs.meet_with(IntervalValue(IntervalValue::minus_infinity(), rhs.ub()));
470 // if lhs is register value, we should also change its mem obj
471 for (const auto &addr: addrs)
472 {
473 NodeID objId = new_es.getIDFromAddr(addr);
474 if (new_es.inAddrToValTable(objId))
475 {
476 new_es.load(addr).meet_with(
477 IntervalValue(IntervalValue::minus_infinity(), rhs.ub()));
478 }
479 }
480 break;
481 }
482 case CmpStmt::Predicate::FCMP_FALSE:
483 break;
484 case CmpStmt::Predicate::FCMP_TRUE:
485 break;
486 default:
487 assert(false && "implement this part");
488 abort();
489 }
490 as = new_es;
491 return true;
492}
493
494bool AbstractInterpretation::isSwitchBranchFeasible(const SVFVar* var, s64_t succ,
495 AbstractState& as)
496{
497 AbstractState new_es = as;
498 IntervalValue& switch_cond = new_es[var->getId()].getInterval();
499 s64_t value = succ;
500 FIFOWorkList<const SVFStmt*> workList;
501 for (SVFStmt *cmpVarInStmt: var->getInEdges())
502 {
503 workList.push(cmpVarInStmt);
504 }
505 switch_cond.meet_with(IntervalValue(value, value));
506 if (switch_cond.isBottom())
507 {
508 return false;
509 }
510 while(!workList.empty())
511 {
512 const SVFStmt* stmt = workList.pop();
513 if (SVFUtil::isa<CopyStmt>(stmt))
514 {
515 IntervalValue& copy_cond = new_es[var->getId()].getInterval();
516 copy_cond.meet_with(IntervalValue(value, value));
517 }
518 else if (const LoadStmt* load = SVFUtil::dyn_cast<LoadStmt>(stmt))
519 {
520 if (new_es.inVarToAddrsTable(load->getRHSVarID()))
521 {
522 AddressValue &addrs = new_es[load->getRHSVarID()].getAddrs();
523 for (const auto &addr: addrs)
524 {
525 NodeID objId = new_es.getIDFromAddr(addr);
526 if (new_es.inAddrToValTable(objId))
527 {
528 new_es.load(addr).meet_with(switch_cond);
529 }
530 }
531 }
532 }
533 }
534 as = new_es;
535 return true;
536}
537
538bool AbstractInterpretation::isBranchFeasible(const IntraCFGEdge* intraEdge,
539 AbstractState& as)
540{
541 const SVFVar *cmpVar = intraEdge->getCondition();
542 if (cmpVar->getInEdges().empty())
543 {
544 return isSwitchBranchFeasible(cmpVar,
545 intraEdge->getSuccessorCondValue(), as);
546 }
547 else
548 {
549 assert(!cmpVar->getInEdges().empty() &&
550 "no in edges?");
551 SVFStmt *cmpVarInStmt = *cmpVar->getInEdges().begin();
552 if (const CmpStmt *cmpStmt = SVFUtil::dyn_cast<CmpStmt>(cmpVarInStmt))
553 {
554 return isCmpBranchFeasible(cmpStmt,
555 intraEdge->getSuccessorCondValue(), as);
556 }
557 else
558 {
559 return isSwitchBranchFeasible(
560 cmpVar, intraEdge->getSuccessorCondValue(), as);
561 }
562 }
563 return true;
564}
566void AbstractInterpretation::handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto)
567{
568 const ICFGNode* node = icfgSingletonWto->getICFGNode();
569 stat->getBlockTrace()++;
570
571 std::deque<const ICFGNode*> worklist;
572
573 stat->getICFGNodeTrace()++;
574 // handle SVF Stmt
575 for (const SVFStmt *stmt: node->getSVFStmts())
576 {
577 handleSVFStatement(stmt);
578 }
579 // inlining the callee by calling handleFunc for the callee function
580 if (const CallICFGNode* callnode = SVFUtil::dyn_cast<CallICFGNode>(node))
581 {
582 handleCallSite(callnode);
583 }
584 for (auto& detector: detectors)
585 detector->detect(getAbsStateFromTrace(node), node);
586 stat->countStateSize();
587}
588
592void AbstractInterpretation::handleWTOComponents(const std::list<const ICFGWTOComp*>& wtoComps)
593{
594 for (const ICFGWTOComp* wtoNode : wtoComps)
595 {
596 handleWTOComponent(wtoNode);
597 }
598}
599
600void AbstractInterpretation::handleWTOComponent(const ICFGWTOComp* wtoNode)
601{
602 if (const ICFGSingletonWTO* node = SVFUtil::dyn_cast<ICFGSingletonWTO>(wtoNode))
603 {
604 if (mergeStatesFromPredecessors(node->getICFGNode()))
605 handleSingletonWTO(node);
606 }
607 // Handle WTO cycles
608 else if (const ICFGCycleWTO* cycle = SVFUtil::dyn_cast<ICFGCycleWTO>(wtoNode))
609 {
610 if (mergeStatesFromPredecessors(cycle->head()->getICFGNode()))
611 handleCycleWTO(cycle);
612 }
613 // Assert false for unknown WTO types
614 else
615 assert(false && "unknown WTO type!");
616}
617
618void AbstractInterpretation::handleCallSite(const ICFGNode* node)
619{
620 if (const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(node))
621 {
622 if (isExtCall(callNode))
623 {
624 extCallPass(callNode);
625 }
626 else if (isRecursiveCall(callNode) && Options::HandleRecur() == TOP)
627 {
628 recursiveCallPass(callNode);
629 }
630 else if (isDirectCall(callNode))
631 {
632 directCallFunPass(callNode);
633 }
634 else if (isIndirectCall(callNode))
635 {
636 indirectCallFunPass(callNode);
637 }
638 else
639 assert(false && "implement this part");
640 }
641 else
642 assert (false && "it is not call node");
643}
644
645bool AbstractInterpretation::isExtCall(const CallICFGNode *callNode)
646{
647 return SVFUtil::isExtCall(callNode->getCalledFunction());
648}
649
650void AbstractInterpretation::extCallPass(const CallICFGNode *callNode)
651{
652 callSiteStack.push_back(callNode);
653 utils->handleExtAPI(callNode);
654 for (auto& detector : detectors)
655 {
656 detector->handleStubFunctions(callNode);
657 }
658 callSiteStack.pop_back();
659}
660
661bool AbstractInterpretation::isRecursiveFun(const FunObjVar* fun)
662{
663 return recursiveFuns.find(fun) != recursiveFuns.end();
664}
665
666bool AbstractInterpretation::isRecursiveCall(const CallICFGNode *callNode)
667{
668 const FunObjVar *callfun = callNode->getCalledFunction();
669 if (!callfun)
670 return false;
671 else
672 return isRecursiveFun(callfun);
673}
674
675void AbstractInterpretation::recursiveCallPass(const CallICFGNode *callNode)
676{
677 AbstractState& as = getAbsStateFromTrace(callNode);
678 SkipRecursiveCall(callNode);
679 const RetICFGNode *retNode = callNode->getRetICFGNode();
680 if (retNode->getSVFStmts().size() > 0)
681 {
682 if (const RetPE *retPE = SVFUtil::dyn_cast<RetPE>(*retNode->getSVFStmts().begin()))
683 {
684 if (!retPE->getLHSVar()->isPointer() &&
685 !retPE->getLHSVar()->isConstDataOrAggDataButNotNullPtr())
686 {
687 as[retPE->getLHSVarID()] = IntervalValue::top();
688 }
689 }
690 }
691 abstractTrace[retNode] = as;
692}
693
700
701bool AbstractInterpretation::isDirectCall(const CallICFGNode *callNode)
702{
703 const FunObjVar *callfun =callNode->getCalledFunction();
704 if (!callfun)
705 return false;
706 else
707 return !callfun->isDeclaration();
708}
709void AbstractInterpretation::directCallFunPass(const CallICFGNode *callNode)
710{
711 AbstractState& as = getAbsStateFromTrace(callNode);
712
713 abstractTrace[callNode] = as;
714
715 const FunObjVar *calleeFun =callNode->getCalledFunction();
716 if (Options::HandleRecur() == WIDEN_ONLY || Options::HandleRecur() == WIDEN_NARROW)
717 {
718 if (isRecursiveCallSite(callNode, calleeFun))
719 return;
720 }
721
722 callSiteStack.push_back(callNode);
723
724 const ICFGWTO* wto = funcToWTO[calleeFun];
725 handleWTOComponents(wto->getWTOComponents());
726
727 callSiteStack.pop_back();
728 // handle Ret node
729 const RetICFGNode *retNode = callNode->getRetICFGNode();
730 // resume ES to callnode
731 abstractTrace[retNode] = abstractTrace[callNode];
732}
733
739
740void AbstractInterpretation::indirectCallFunPass(const CallICFGNode *callNode)
741{
742 AbstractState& as = getAbsStateFromTrace(callNode);
743 const auto callsiteMaps = svfir->getIndirectCallsites();
744 NodeID call_id = callsiteMaps.at(callNode);
745 if (!as.inVarToAddrsTable(call_id))
746 {
747 return;
748 }
749 AbstractValue Addrs = as[call_id];
750 NodeID addr = *Addrs.getAddrs().begin();
751 SVFVar *func_var = svfir->getGNode(as.getIDFromAddr(addr));
752
753 if(const FunObjVar* funObjVar = SVFUtil::dyn_cast<FunObjVar>(func_var))
754 {
755 if (Options::HandleRecur() == WIDEN_ONLY || Options::HandleRecur() == WIDEN_NARROW)
756 {
757 if (isRecursiveCallSite(callNode, funObjVar))
758 return;
759 }
760
761 const FunObjVar* callfun = funObjVar->getFunction();
762 callSiteStack.push_back(callNode);
763 abstractTrace[callNode] = as;
764
765 const ICFGWTO* wto = funcToWTO[callfun];
766 handleWTOComponents(wto->getWTOComponents());
767 callSiteStack.pop_back();
768 // handle Ret node
769 const RetICFGNode* retNode = callNode->getRetICFGNode();
770 abstractTrace[retNode] = abstractTrace[callNode];
771 }
772}
773
775void AbstractInterpretation::handleCycleWTO(const ICFGCycleWTO*cycle)
776{
777 const ICFGNode* cycle_head = cycle->head()->getICFGNode();
778 // Flag to indicate if we are in the increasing phase
779 bool increasing = true;
780 // Infinite loop until a fixpoint is reached,
781 for (u32_t cur_iter = 0;; cur_iter++)
782 {
783 // Start widening or narrowing if cur_iter >= widen threshold (widen delay)
784 if (cur_iter >= Options::WidenDelay())
785 {
786 // Widen or narrow after processing cycle head node
787 AbstractState prev_head_state = abstractTrace[cycle_head];
788 handleWTOComponent(cycle->head());
789 AbstractState cur_head_state = abstractTrace[cycle_head];
790 if (increasing)
791 {
792 // Widening, use different modes for nodes within recursions
793 if (isRecursiveFun(cycle->head()->getICFGNode()->getFun()))
794 {
795 // For nodes in recursions, widen to top in WIDEN_TOP mode
796 if (Options::HandleRecur() == WIDEN_ONLY)
797 {
798 abstractTrace[cycle_head] = prev_head_state.widening(cur_head_state);
799 }
800 // Perform normal widening in WIDEN_NARROW mode
801 else if (Options::HandleRecur() == WIDEN_NARROW)
802 {
803 abstractTrace[cycle_head] = prev_head_state.widening(cur_head_state);
804 }
805 // In TOP mode, skipRecursiveCall will handle recursions,
806 // thus should not reach this branch
807 else
808 {
809 assert(false && "Recursion mode TOP should not reach here!");
810 }
811 }
812 // For nodes outside recursions, perform normal widening
813 else
814 {
815 abstractTrace[cycle_head] = prev_head_state.widening(cur_head_state);
816 }
817
818 if (abstractTrace[cycle_head] == prev_head_state)
819 {
820 increasing = false;
821 continue;
822 }
823 }
824 else
825 {
826 // Narrowing, use different modes for nodes within recursions
827 if (isRecursiveFun(cycle->head()->getICFGNode()->getFun()))
828 {
829 // For nodes in recursions, skip narrowing in WIDEN_TOP mode
830 if (Options::HandleRecur() == WIDEN_ONLY)
831 {
832 break;
833 }
834 // Perform normal narrowing in WIDEN_NARROW mode
835 else if (Options::HandleRecur() == WIDEN_NARROW)
836 {
837 // Widening's fixpoint reached in the widening phase, switch to narrowing
838 abstractTrace[cycle_head] = prev_head_state.narrowing(cur_head_state);
839 if (abstractTrace[cycle_head] == prev_head_state)
840 {
841 // Narrowing's fixpoint reached in the narrowing phase, exit loop
842 break;
843 }
844 }
845 // In TOP mode, skipRecursiveCall will handle recursions,
846 // thus should not reach this branch
847 else
848 {
849 assert(false && "Recursion mode TOP should not reach here");
850 }
851 }
852 // For nodes outside recursions, perform normal narrowing
853 else
854 {
855 // Widening's fixpoint reached in the widening phase, switch to narrowing
856 abstractTrace[cycle_head] = prev_head_state.narrowing(cur_head_state);
857 if (abstractTrace[cycle_head] == prev_head_state)
858 {
859 // Narrowing's fixpoint reached in the narrowing phase, exit loop
860 break;
861 }
862 }
863 }
864 }
865 else
866 {
867 // Handle the cycle head
868 handleWTOComponent(cycle->head());
869 }
870 // Handle the cycle body
871 handleWTOComponents(cycle->getWTOComponents());
872 }
873}
874
875void AbstractInterpretation::handleSVFStatement(const SVFStmt *stmt)
876{
877 if (const AddrStmt *addr = SVFUtil::dyn_cast<AddrStmt>(stmt))
878 {
879 updateStateOnAddr(addr);
880 }
881 else if (const BinaryOPStmt *binary = SVFUtil::dyn_cast<BinaryOPStmt>(stmt))
882 {
883 updateStateOnBinary(binary);
884 }
885 else if (const CmpStmt *cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
886 {
887 updateStateOnCmp(cmp);
888 }
889 else if (SVFUtil::isa<UnaryOPStmt>(stmt))
890 {
891 }
892 else if (SVFUtil::isa<BranchStmt>(stmt))
893 {
894 // branch stmt is handled in hasBranchES
895 }
896 else if (const LoadStmt *load = SVFUtil::dyn_cast<LoadStmt>(stmt))
897 {
898 updateStateOnLoad(load);
899 }
900 else if (const StoreStmt *store = SVFUtil::dyn_cast<StoreStmt>(stmt))
901 {
902 updateStateOnStore(store);
903 }
904 else if (const CopyStmt *copy = SVFUtil::dyn_cast<CopyStmt>(stmt))
905 {
906 updateStateOnCopy(copy);
907 }
908 else if (const GepStmt *gep = SVFUtil::dyn_cast<GepStmt>(stmt))
909 {
910 updateStateOnGep(gep);
911 }
912 else if (const SelectStmt *select = SVFUtil::dyn_cast<SelectStmt>(stmt))
913 {
914 updateStateOnSelect(select);
915 }
916 else if (const PhiStmt *phi = SVFUtil::dyn_cast<PhiStmt>(stmt))
917 {
918 updateStateOnPhi(phi);
919 }
920 else if (const CallPE *callPE = SVFUtil::dyn_cast<CallPE>(stmt))
921 {
922 // To handle Call Edge
923 updateStateOnCall(callPE);
924 }
925 else if (const RetPE *retPE = SVFUtil::dyn_cast<RetPE>(stmt))
926 {
927 updateStateOnRet(retPE);
928 }
929 else
930 assert(false && "implement this part");
931 // NullPtr is index 0, it should not be changed
932 assert(!getAbsStateFromTrace(stmt->getICFGNode())[IRGraph::NullPtr].isInterval() &&
933 !getAbsStateFromTrace(stmt->getICFGNode())[IRGraph::NullPtr].isAddr());
934}
935
936void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
937{
938 AbstractState& as = getAbsStateFromTrace(callNode);
939 const RetICFGNode *retNode = callNode->getRetICFGNode();
940 if (retNode->getSVFStmts().size() > 0)
941 {
942 if (const RetPE *retPE = SVFUtil::dyn_cast<RetPE>(*retNode->getSVFStmts().begin()))
943 {
944 AbstractState as;
945 if (!retPE->getLHSVar()->isPointer() && !retPE->getLHSVar()->isConstDataOrAggDataButNotNullPtr())
946 as[retPE->getLHSVarID()] = IntervalValue::top();
947 }
948 }
949 if (!retNode->getOutEdges().empty())
950 {
951 if (retNode->getOutEdges().size() == 1)
952 {
953
954 }
955 else
956 {
957 return;
958 }
959 }
960 FIFOWorkList<const SVFBasicBlock *> blkWorkList;
961 FIFOWorkList<const ICFGNode *> instWorklist;
962 for (const SVFBasicBlock * bb: callNode->getCalledFunction()->getReachableBBs())
963 {
964 for (const ICFGNode* node: bb->getICFGNodeList())
965 {
966 for (const SVFStmt *stmt: node->getSVFStmts())
967 {
968 if (const StoreStmt *store = SVFUtil::dyn_cast<StoreStmt>(stmt))
969 {
970 const SVFVar *rhsVar = store->getRHSVar();
971 u32_t lhs = store->getLHSVarID();
972 if (as.inVarToAddrsTable(lhs))
973 {
974 if (!rhsVar->isPointer() && !rhsVar->isConstDataOrAggDataButNotNullPtr())
975 {
976 const AbstractValue &addrs = as[lhs];
977 for (const auto &addr: addrs.getAddrs())
978 {
979 as.store(addr, IntervalValue::top());
980 }
981 }
982 }
983 }
984 }
985 }
986 }
987}
988
989// count the size of memory map
990void AEStat::countStateSize()
991{
992 if (count == 0)
993 {
994 generalNumMap["ES_Var_AVG_Num"] = 0;
995 generalNumMap["ES_Loc_AVG_Num"] = 0;
996 generalNumMap["ES_Var_Addr_AVG_Num"] = 0;
997 generalNumMap["ES_Loc_Addr_AVG_Num"] = 0;
998 }
999 ++count;
1000}
1001
1002void AEStat::finializeStat()
1003{
1004 memUsage = getMemUsage();
1005 if (count > 0)
1006 {
1007 generalNumMap["ES_Var_AVG_Num"] /= count;
1008 generalNumMap["ES_Loc_AVG_Num"] /= count;
1009 generalNumMap["ES_Var_Addr_AVG_Num"] /= count;
1010 generalNumMap["ES_Loc_Addr_AVG_Num"] /= count;
1011 }
1012 generalNumMap["SVF_STMT_NUM"] = count;
1013 generalNumMap["ICFG_Node_Num"] = _ae->svfir->getICFG()->nodeNum;
1014 u32_t callSiteNum = 0;
1015 u32_t extCallSiteNum = 0;
1016 Set<const FunObjVar *> funs;
1017 for (const auto &it: *_ae->svfir->getICFG())
1018 {
1019 if (it.second->getFun())
1020 {
1021 funs.insert(it.second->getFun());
1022 }
1023 if (const CallICFGNode *callNode = dyn_cast<CallICFGNode>(it.second))
1024 {
1025 if (!isExtCall(callNode))
1026 {
1027 callSiteNum++;
1028 }
1029 else
1030 {
1031 extCallSiteNum++;
1032 }
1033 }
1034 }
1035 generalNumMap["Func_Num"] = funs.size();
1036 generalNumMap["EXT_CallSite_Num"] = extCallSiteNum;
1037 generalNumMap["NonEXT_CallSite_Num"] = callSiteNum;
1038 timeStatMap["Total_Time(sec)"] = (double)(endTime - startTime) / TIMEINTERVAL;
1039
1040}
1041
1042void AEStat::performStat()
1043{
1044 std::string fullName(_ae->moduleName);
1045 std::string name;
1046 std::string moduleName;
1047 if (fullName.find('/') == std::string::npos)
1048 {
1049 std::string name = fullName;
1050 moduleName = name.substr(0, fullName.find('.'));
1051 }
1052 else
1053 {
1054 std::string name = fullName.substr(fullName.find('/'), fullName.size());
1055 moduleName = name.substr(0, fullName.find('.'));
1056 }
1057
1058 SVFUtil::outs() << "\n************************\n";
1059 SVFUtil::outs() << "################ (program : " << moduleName << ")###############\n";
1060 SVFUtil::outs().flags(std::ios::left);
1061 unsigned field_width = 30;
1062 for (NUMStatMap::iterator it = generalNumMap.begin(), eit = generalNumMap.end(); it != eit; ++it)
1063 {
1064 // format out put with width 20 space
1065 std::cout << std::setw(field_width) << it->first << it->second << "\n";
1066 }
1067 SVFUtil::outs() << "-------------------------------------------------------\n";
1068 for (TIMEStatMap::iterator it = timeStatMap.begin(), eit = timeStatMap.end(); it != eit; ++it)
1069 {
1070 // format out put with width 20 space
1071 SVFUtil::outs() << std::setw(field_width) << it->first << it->second << "\n";
1072 }
1073 SVFUtil::outs() << "Memory usage: " << memUsage << "\n";
1074
1075 SVFUtil::outs() << "#######################################################" << std::endl;
1076 SVFUtil::outs().flush();
1077}
1078
1079void AbstractInterpretation::collectCheckPoint()
1080{
1081 // traverse every ICFGNode
1082 Set<std::string> ae_checkpoint_names = {"svf_assert"};
1083 Set<std::string> buf_checkpoint_names = {"UNSAFE_BUFACCESS", "SAFE_BUFACCESS"};
1084 Set<std::string> nullptr_checkpoint_names = {"UNSAFE_LOAD", "SAFE_LOAD"};
1085
1086 for (auto it = svfir->getICFG()->begin(); it != svfir->getICFG()->end(); ++it)
1087 {
1088 const ICFGNode* node = it->second;
1089 if (const CallICFGNode *call = SVFUtil::dyn_cast<CallICFGNode>(node))
1090 {
1091 if (const FunObjVar *fun = call->getCalledFunction())
1092 {
1093 if (ae_checkpoint_names.find(fun->getName()) !=
1094 ae_checkpoint_names.end())
1095 {
1096 checkpoints.insert(call);
1097 }
1098 if (Options::BufferOverflowCheck())
1099 {
1100 if (buf_checkpoint_names.find(fun->getName()) !=
1101 buf_checkpoint_names.end())
1102 {
1103 checkpoints.insert(call);
1104 }
1105 }
1106 if (Options::NullDerefCheck())
1107 {
1108 if (nullptr_checkpoint_names.find(fun->getName()) !=
1109 nullptr_checkpoint_names.end())
1110 {
1111 checkpoints.insert(call);
1112 }
1113 }
1114 }
1115 }
1116 }
1117}
1118
1119void AbstractInterpretation::checkPointAllSet()
1120{
1121 if (checkpoints.size() == 0)
1122 {
1123 return;
1124 }
1125 else
1126 {
1127 SVFUtil::errs() << SVFUtil::errMsg("At least one svf_assert has not been checked!!") << "\n";
1128 for (const CallICFGNode* call: checkpoints)
1129 SVFUtil::errs() << call->toString() + "\n";
1130 assert(false);
1131 }
1132
1133}
1134
1135void AbstractInterpretation::updateStateOnGep(const GepStmt *gep)
1136{
1137 AbstractState& as = getAbsStateFromTrace(gep->getICFGNode());
1138 u32_t rhs = gep->getRHSVarID();
1139 u32_t lhs = gep->getLHSVarID();
1140 IntervalValue offsetPair = as.getElementIndex(gep);
1141 AbstractValue gepAddrs;
1142 APOffset lb = offsetPair.lb().getIntNumeral() < Options::MaxFieldLimit()?
1143 offsetPair.lb().getIntNumeral(): Options::MaxFieldLimit();
1144 APOffset ub = offsetPair.ub().getIntNumeral() < Options::MaxFieldLimit()?
1145 offsetPair.ub().getIntNumeral(): Options::MaxFieldLimit();
1146 for (APOffset i = lb; i <= ub; i++)
1147 gepAddrs.join_with(as.getGepObjAddrs(rhs,IntervalValue(i)));
1148 as[lhs] = gepAddrs;
1149}
1150
1151void AbstractInterpretation::updateStateOnSelect(const SelectStmt *select)
1152{
1153 AbstractState& as = getAbsStateFromTrace(select->getICFGNode());
1154 u32_t res = select->getResID();
1155 u32_t tval = select->getTrueValue()->getId();
1156 u32_t fval = select->getFalseValue()->getId();
1157 u32_t cond = select->getCondition()->getId();
1158 if (as[cond].getInterval().is_numeral())
1159 {
1160 as[res] = as[cond].getInterval().is_zero() ? as[fval] : as[tval];
1161 }
1162 else
1163 {
1164 as[res] = as[tval];
1165 as[res].join_with(as[fval]);
1166 }
1167}
1168
1169void AbstractInterpretation::updateStateOnPhi(const PhiStmt *phi)
1170{
1171 const ICFGNode* icfgNode = phi->getICFGNode();
1172 AbstractState& as = getAbsStateFromTrace(icfgNode);
1173 u32_t res = phi->getResID();
1174 AbstractValue rhs;
1175 for (u32_t i = 0; i < phi->getOpVarNum(); i++)
1176 {
1177 NodeID curId = phi->getOpVarID(i);
1178 const ICFGNode* opICFGNode = phi->getOpICFGNode(i);
1179 if (hasAbsStateFromTrace(opICFGNode))
1180 {
1181 AbstractState tmpEs = abstractTrace[opICFGNode];
1182 AbstractState& opAs = getAbsStateFromTrace(opICFGNode);
1183 const ICFGEdge* edge = icfg->getICFGEdge(opICFGNode, icfgNode, ICFGEdge::IntraCF);
1184 // if IntraEdge, check the condition, if it is feasible, join the value
1185 // if IntraEdge but not conditional edge, join the value
1186 // if not IntraEdge, join the value
1187 if (edge)
1188 {
1189 const IntraCFGEdge* intraEdge = SVFUtil::cast<IntraCFGEdge>(edge);
1190 if (intraEdge->getCondition())
1191 {
1192 if (isBranchFeasible(intraEdge, tmpEs))
1193 rhs.join_with(opAs[curId]);
1194 }
1195 else
1196 rhs.join_with(opAs[curId]);
1197 }
1198 else
1199 {
1200 rhs.join_with(opAs[curId]);
1201 }
1202 }
1203 }
1204 as[res] = rhs;
1205}
1206
1207
1208void AbstractInterpretation::updateStateOnCall(const CallPE *callPE)
1209{
1210 AbstractState& as = getAbsStateFromTrace(callPE->getICFGNode());
1211 NodeID lhs = callPE->getLHSVarID();
1212 NodeID rhs = callPE->getRHSVarID();
1213 as[lhs] = as[rhs];
1214}
1215
1216void AbstractInterpretation::updateStateOnRet(const RetPE *retPE)
1217{
1218 AbstractState& as = getAbsStateFromTrace(retPE->getICFGNode());
1219 NodeID lhs = retPE->getLHSVarID();
1220 NodeID rhs = retPE->getRHSVarID();
1221 as[lhs] = as[rhs];
1222}
1223
1224
1225void AbstractInterpretation::updateStateOnAddr(const AddrStmt *addr)
1226{
1227 AbstractState& as = getAbsStateFromTrace(addr->getICFGNode());
1228 as.initObjVar(SVFUtil::cast<ObjVar>(addr->getRHSVar()));
1229 if (addr->getRHSVar()->getType()->getKind() == SVFType::SVFIntegerTy)
1230 as[addr->getRHSVarID()].getInterval().meet_with(utils->getRangeLimitFromType(addr->getRHSVar()->getType()));
1231 as[addr->getLHSVarID()] = as[addr->getRHSVarID()];
1232}
1233
1234
1235void AbstractInterpretation::updateStateOnBinary(const BinaryOPStmt *binary)
1236{
1240 const ICFGNode* node = binary->getICFGNode();
1241 AbstractState& as = getAbsStateFromTrace(node);
1242 u32_t op0 = binary->getOpVarID(0);
1243 u32_t op1 = binary->getOpVarID(1);
1244 u32_t res = binary->getResID();
1245 if (!as.inVarToValTable(op0)) as[op0] = IntervalValue::top();
1246 if (!as.inVarToValTable(op1)) as[op1] = IntervalValue::top();
1247 IntervalValue &lhs = as[op0].getInterval(), &rhs = as[op1].getInterval();
1248 IntervalValue resVal;
1249 switch (binary->getOpcode())
1250 {
1251 case BinaryOPStmt::Add:
1252 case BinaryOPStmt::FAdd:
1253 resVal = (lhs + rhs);
1254 break;
1255 case BinaryOPStmt::Sub:
1256 case BinaryOPStmt::FSub:
1257 resVal = (lhs - rhs);
1258 break;
1259 case BinaryOPStmt::Mul:
1260 case BinaryOPStmt::FMul:
1261 resVal = (lhs * rhs);
1262 break;
1263 case BinaryOPStmt::SDiv:
1264 case BinaryOPStmt::FDiv:
1265 case BinaryOPStmt::UDiv:
1266 resVal = (lhs / rhs);
1267 break;
1268 case BinaryOPStmt::SRem:
1269 case BinaryOPStmt::FRem:
1270 case BinaryOPStmt::URem:
1271 resVal = (lhs % rhs);
1272 break;
1273 case BinaryOPStmt::Xor:
1274 resVal = (lhs ^ rhs);
1275 break;
1276 case BinaryOPStmt::And:
1277 resVal = (lhs & rhs);
1278 break;
1279 case BinaryOPStmt::Or:
1280 resVal = (lhs | rhs);
1281 break;
1282 case BinaryOPStmt::AShr:
1283 resVal = (lhs >> rhs);
1284 break;
1285 case BinaryOPStmt::Shl:
1286 resVal = (lhs << rhs);
1287 break;
1288 case BinaryOPStmt::LShr:
1289 resVal = (lhs >> rhs);
1290 break;
1291 default:
1292 assert(false && "undefined binary: ");
1293 }
1294 as[res] = resVal;
1295}
1296
1297void AbstractInterpretation::updateStateOnCmp(const CmpStmt *cmp)
1298{
1299 AbstractState& as = getAbsStateFromTrace(cmp->getICFGNode());
1300 u32_t op0 = cmp->getOpVarID(0);
1301 u32_t op1 = cmp->getOpVarID(1);
1302 // if it is address
1303 if (as.inVarToAddrsTable(op0) && as.inVarToAddrsTable(op1))
1304 {
1305 IntervalValue resVal;
1306 AddressValue addrOp0 = as[op0].getAddrs();
1307 AddressValue addrOp1 = as[op1].getAddrs();
1308 u32_t res = cmp->getResID();
1309 if (addrOp0.equals(addrOp1))
1310 {
1311 resVal = IntervalValue(1, 1);
1312 }
1313 else if (addrOp0.hasIntersect(addrOp1))
1314 {
1315 resVal = IntervalValue(0, 1);
1316 }
1317 else
1318 {
1319 resVal = IntervalValue(0, 0);
1320 }
1321 as[res] = resVal;
1322 }
1323 // if op0 or op1 is nullptr, compare abstractValue instead of touching addr or interval
1324 else if (op0 == IRGraph::NullPtr || op1 == IRGraph::NullPtr)
1325 {
1326 u32_t res = cmp->getResID();
1327 IntervalValue resVal = (as[op0].equals(as[op1])) ? IntervalValue(1, 1) : IntervalValue(0, 0);
1328 as[res] = resVal;
1329 }
1330 else
1331 {
1332 if (!as.inVarToValTable(op0))
1333 as[op0] = IntervalValue::top();
1334 if (!as.inVarToValTable(op1))
1335 as[op1] = IntervalValue::top();
1336 u32_t res = cmp->getResID();
1337 if (as.inVarToValTable(op0) && as.inVarToValTable(op1))
1338 {
1339 IntervalValue resVal;
1340 if (as[op0].isInterval() && as[op1].isInterval())
1341 {
1342 IntervalValue &lhs = as[op0].getInterval(),
1343 &rhs = as[op1].getInterval();
1344 // AbstractValue
1345 auto predicate = cmp->getPredicate();
1346 switch (predicate)
1347 {
1348 case CmpStmt::ICMP_EQ:
1349 case CmpStmt::FCMP_OEQ:
1350 case CmpStmt::FCMP_UEQ:
1351 resVal = (lhs == rhs);
1352 // resVal = (lhs.getInterval() == rhs.getInterval());
1353 break;
1354 case CmpStmt::ICMP_NE:
1355 case CmpStmt::FCMP_ONE:
1356 case CmpStmt::FCMP_UNE:
1357 resVal = (lhs != rhs);
1358 break;
1359 case CmpStmt::ICMP_UGT:
1360 case CmpStmt::ICMP_SGT:
1361 case CmpStmt::FCMP_OGT:
1362 case CmpStmt::FCMP_UGT:
1363 resVal = (lhs > rhs);
1364 break;
1365 case CmpStmt::ICMP_UGE:
1366 case CmpStmt::ICMP_SGE:
1367 case CmpStmt::FCMP_OGE:
1368 case CmpStmt::FCMP_UGE:
1369 resVal = (lhs >= rhs);
1370 break;
1371 case CmpStmt::ICMP_ULT:
1372 case CmpStmt::ICMP_SLT:
1373 case CmpStmt::FCMP_OLT:
1374 case CmpStmt::FCMP_ULT:
1375 resVal = (lhs < rhs);
1376 break;
1377 case CmpStmt::ICMP_ULE:
1378 case CmpStmt::ICMP_SLE:
1379 case CmpStmt::FCMP_OLE:
1380 case CmpStmt::FCMP_ULE:
1381 resVal = (lhs <= rhs);
1382 break;
1383 case CmpStmt::FCMP_FALSE:
1384 resVal = IntervalValue(0, 0);
1385 break;
1386 case CmpStmt::FCMP_TRUE:
1387 resVal = IntervalValue(1, 1);
1388 break;
1389 default:
1390 assert(false && "undefined compare: ");
1391 }
1392 as[res] = resVal;
1393 }
1394 else if (as[op0].isAddr() && as[op1].isAddr())
1395 {
1396 AddressValue &lhs = as[op0].getAddrs(),
1397 &rhs = as[op1].getAddrs();
1398 auto predicate = cmp->getPredicate();
1399 switch (predicate)
1400 {
1401 case CmpStmt::ICMP_EQ:
1402 case CmpStmt::FCMP_OEQ:
1403 case CmpStmt::FCMP_UEQ:
1404 {
1405 if (lhs.hasIntersect(rhs))
1406 {
1407 resVal = IntervalValue(0, 1);
1408 }
1409 else if (lhs.empty() && rhs.empty())
1410 {
1411 resVal = IntervalValue(1, 1);
1412 }
1413 else
1414 {
1415 resVal = IntervalValue(0, 0);
1416 }
1417 break;
1418 }
1419 case CmpStmt::ICMP_NE:
1420 case CmpStmt::FCMP_ONE:
1421 case CmpStmt::FCMP_UNE:
1422 {
1423 if (lhs.hasIntersect(rhs))
1424 {
1425 resVal = IntervalValue(0, 1);
1426 }
1427 else if (lhs.empty() && rhs.empty())
1428 {
1429 resVal = IntervalValue(0, 0);
1430 }
1431 else
1432 {
1433 resVal = IntervalValue(1, 1);
1434 }
1435 break;
1436 }
1437 case CmpStmt::ICMP_UGT:
1438 case CmpStmt::ICMP_SGT:
1439 case CmpStmt::FCMP_OGT:
1440 case CmpStmt::FCMP_UGT:
1441 {
1442 if (lhs.size() == 1 && rhs.size() == 1)
1443 {
1444 resVal = IntervalValue(*lhs.begin() > *rhs.begin());
1445 }
1446 else
1447 {
1448 resVal = IntervalValue(0, 1);
1449 }
1450 break;
1451 }
1452 case CmpStmt::ICMP_UGE:
1453 case CmpStmt::ICMP_SGE:
1454 case CmpStmt::FCMP_OGE:
1455 case CmpStmt::FCMP_UGE:
1456 {
1457 if (lhs.size() == 1 && rhs.size() == 1)
1458 {
1459 resVal = IntervalValue(*lhs.begin() >= *rhs.begin());
1460 }
1461 else
1462 {
1463 resVal = IntervalValue(0, 1);
1464 }
1465 break;
1466 }
1467 case CmpStmt::ICMP_ULT:
1468 case CmpStmt::ICMP_SLT:
1469 case CmpStmt::FCMP_OLT:
1470 case CmpStmt::FCMP_ULT:
1471 {
1472 if (lhs.size() == 1 && rhs.size() == 1)
1473 {
1474 resVal = IntervalValue(*lhs.begin() < *rhs.begin());
1475 }
1476 else
1477 {
1478 resVal = IntervalValue(0, 1);
1479 }
1480 break;
1481 }
1482 case CmpStmt::ICMP_ULE:
1483 case CmpStmt::ICMP_SLE:
1484 case CmpStmt::FCMP_OLE:
1485 case CmpStmt::FCMP_ULE:
1486 {
1487 if (lhs.size() == 1 && rhs.size() == 1)
1488 {
1489 resVal = IntervalValue(*lhs.begin() <= *rhs.begin());
1490 }
1491 else
1492 {
1493 resVal = IntervalValue(0, 1);
1494 }
1495 break;
1496 }
1497 case CmpStmt::FCMP_FALSE:
1498 resVal = IntervalValue(0, 0);
1499 break;
1500 case CmpStmt::FCMP_TRUE:
1501 resVal = IntervalValue(1, 1);
1502 break;
1503 default:
1504 assert(false && "undefined compare: ");
1505 }
1506 as[res] = resVal;
1507 }
1508 }
1509 }
1510}
1511
1512void AbstractInterpretation::updateStateOnLoad(const LoadStmt *load)
1513{
1514 AbstractState& as = getAbsStateFromTrace(load->getICFGNode());
1515 u32_t rhs = load->getRHSVarID();
1516 u32_t lhs = load->getLHSVarID();
1517 as[lhs] = as.loadValue(rhs);
1518}
1519
1520void AbstractInterpretation::updateStateOnStore(const StoreStmt *store)
1521{
1522 AbstractState& as = getAbsStateFromTrace(store->getICFGNode());
1523 u32_t rhs = store->getRHSVarID();
1524 u32_t lhs = store->getLHSVarID();
1525 as.storeValue(lhs, as[rhs]);
1526}
1527
1528void AbstractInterpretation::updateStateOnCopy(const CopyStmt *copy)
1529{
1530 auto getZExtValue = [](AbstractState& as, const SVFVar* var)
1531 {
1532 const SVFType* type = var->getType();
1533 if (SVFUtil::isa<SVFIntegerType>(type))
1534 {
1535 u32_t bits = type->getByteSize() * 8;
1536 if (as[var->getId()].getInterval().is_numeral())
1537 {
1538 if (bits == 8)
1539 {
1540 int8_t signed_i8_value = as[var->getId()].getInterval().getIntNumeral();
1541 u32_t unsigned_value = static_cast<uint8_t>(signed_i8_value);
1542 return IntervalValue(unsigned_value, unsigned_value);
1543 }
1544 else if (bits == 16)
1545 {
1546 s16_t signed_i16_value = as[var->getId()].getInterval().getIntNumeral();
1547 u32_t unsigned_value = static_cast<u16_t>(signed_i16_value);
1548 return IntervalValue(unsigned_value, unsigned_value);
1549 }
1550 else if (bits == 32)
1551 {
1552 s32_t signed_i32_value = as[var->getId()].getInterval().getIntNumeral();
1553 u32_t unsigned_value = static_cast<u32_t>(signed_i32_value);
1554 return IntervalValue(unsigned_value, unsigned_value);
1555 }
1556 else if (bits == 64)
1557 {
1558 s64_t signed_i64_value = as[var->getId()].getInterval().getIntNumeral();
1559 return IntervalValue((s64_t)signed_i64_value, (s64_t)signed_i64_value);
1560 // we only support i64 at most
1561 }
1562 else
1563 assert(false && "cannot support int type other than u8/16/32/64");
1564 }
1565 else
1566 {
1567 return IntervalValue::top(); // TODO: may have better solution
1568 }
1569 }
1570 return IntervalValue::top(); // TODO: may have better solution
1571 };
1572
1573 auto getTruncValue = [&](const AbstractState& as, const SVFVar* var,
1574 const SVFType* dstType)
1575 {
1576 const IntervalValue& itv = as[var->getId()].getInterval();
1577 if(itv.isBottom()) return itv;
1578 // get the value of ub and lb
1579 s64_t int_lb = itv.lb().getIntNumeral();
1580 s64_t int_ub = itv.ub().getIntNumeral();
1581 // get dst type
1582 u32_t dst_bits = dstType->getByteSize() * 8;
1583 if (dst_bits == 8)
1584 {
1585 // get the signed value of ub and lb
1586 int8_t s8_lb = static_cast<int8_t>(int_lb);
1587 int8_t s8_ub = static_cast<int8_t>(int_ub);
1588 if (s8_lb > s8_ub)
1589 {
1590 // return range of s8
1591 return utils->getRangeLimitFromType(dstType);
1592 }
1593 return IntervalValue(s8_lb, s8_ub);
1594 }
1595 else if (dst_bits == 16)
1596 {
1597 // get the signed value of ub and lb
1598 s16_t s16_lb = static_cast<s16_t>(int_lb);
1599 s16_t s16_ub = static_cast<s16_t>(int_ub);
1600 if (s16_lb > s16_ub)
1601 {
1602 // return range of s16
1603 return utils->getRangeLimitFromType(dstType);
1604 }
1605 return IntervalValue(s16_lb, s16_ub);
1606 }
1607 else if (dst_bits == 32)
1608 {
1609 // get the signed value of ub and lb
1610 s32_t s32_lb = static_cast<s32_t>(int_lb);
1611 s32_t s32_ub = static_cast<s32_t>(int_ub);
1612 if (s32_lb > s32_ub)
1613 {
1614 // return range of s32
1615 return utils->getRangeLimitFromType(dstType);
1616 }
1617 return IntervalValue(s32_lb, s32_ub);
1618 }
1619 else
1620 {
1621 assert(false && "cannot support dst int type other than u8/16/32");
1622 abort();
1623 }
1624 };
1625
1626 AbstractState& as = getAbsStateFromTrace(copy->getICFGNode());
1627 u32_t lhs = copy->getLHSVarID();
1628 u32_t rhs = copy->getRHSVarID();
1629
1630 if (copy->getCopyKind() == CopyStmt::COPYVAL)
1631 {
1632 as[lhs] = as[rhs];
1633 }
1634 else if (copy->getCopyKind() == CopyStmt::ZEXT)
1635 {
1636 as[lhs] = getZExtValue(as, copy->getRHSVar());
1637 }
1638 else if (copy->getCopyKind() == CopyStmt::SEXT)
1639 {
1640 as[lhs] = as[rhs].getInterval();
1641 }
1642 else if (copy->getCopyKind() == CopyStmt::FPTOSI)
1643 {
1644 as[lhs] = as[rhs].getInterval();
1645 }
1646 else if (copy->getCopyKind() == CopyStmt::FPTOUI)
1647 {
1648 as[lhs] = as[rhs].getInterval();
1649 }
1650 else if (copy->getCopyKind() == CopyStmt::SITOFP)
1651 {
1652 as[lhs] = as[rhs].getInterval();
1653 }
1654 else if (copy->getCopyKind() == CopyStmt::UITOFP)
1655 {
1656 as[lhs] = as[rhs].getInterval();
1657 }
1658 else if (copy->getCopyKind() == CopyStmt::TRUNC)
1659 {
1660 as[lhs] = getTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
1661 }
1662 else if (copy->getCopyKind() == CopyStmt::FPTRUNC)
1663 {
1664 as[lhs] = as[rhs].getInterval();
1665 }
1666 else if (copy->getCopyKind() == CopyStmt::INTTOPTR)
1667 {
1668 //insert nullptr
1669 }
1670 else if (copy->getCopyKind() == CopyStmt::PTRTOINT)
1671 {
1672 as[lhs] = IntervalValue::top();
1673 }
1674 else if (copy->getCopyKind() == CopyStmt::BITCAST)
1675 {
1676 if (as[rhs].isAddr())
1677 {
1678 as[lhs] = as[rhs];
1679 }
1680 else
1681 {
1682 // do nothing
1683 }
1684 }
1685 else
1686 assert(false && "undefined copy kind");
1687}
1688
1689
1690
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:540
type
newitem type
Definition cJSON.cpp:2739
copy
copy
Definition cJSON.cpp:414
name
const char *const name
Definition cJSON.h:264
SVF::AEStat::performStat
void performStat() override
Definition AbstractInterpretation.cpp:1042
SVF::AEStat::getMemUsage
std::string getMemUsage()
Definition AbstractInterpretation.h:60
SVF::AEStat::_ae
AbstractInterpretation * _ae
Definition AbstractInterpretation.h:70
SVF::AbsExtAPI
Handles external API calls and manages abstract states.
Definition AbsExtAPI.h:44
SVF::AbsExtAPI::handleExtAPI
void handleExtAPI(const CallICFGNode *call)
Handles an external API call.
Definition AbsExtAPI.cpp:420
SVF::AbsExtAPI::getRangeLimitFromType
IntervalValue getRangeLimitFromType(const SVFType *type)
Gets the range limit from a type.
Definition AbsExtAPI.cpp:734
SVF::AbstractInterpretation::updateStateOnCall
void updateStateOnCall(const CallPE *callPE)
Definition AbstractInterpretation.cpp:1208
SVF::AbstractInterpretation::isRecursiveCall
virtual bool isRecursiveCall(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:666
SVF::AbstractInterpretation::recursiveCallPass
virtual void recursiveCallPass(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:675
SVF::AbstractInterpretation::updateStateOnStore
void updateStateOnStore(const StoreStmt *store)
Definition AbstractInterpretation.cpp:1520
SVF::AbstractInterpretation::isDirectCall
virtual bool isDirectCall(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:701
SVF::AbstractInterpretation::hasAbsStateFromTrace
bool hasAbsStateFromTrace(const ICFGNode *node)
Definition AbstractInterpretation.h:303
SVF::AbstractInterpretation::handleCycleWTO
virtual void handleCycleWTO(const ICFGCycleWTO *cycle)
handle wto cycle (loop)
Definition AbstractInterpretation.cpp:775
SVF::AbstractInterpretation::recursiveFuns
Set< const FunObjVar * > recursiveFuns
Definition AbstractInterpretation.h:300
SVF::AbstractInterpretation::updateStateOnGep
void updateStateOnGep(const GepStmt *gep)
Definition AbstractInterpretation.cpp:1135
SVF::AbstractInterpretation::extCallPass
virtual void extCallPass(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:650
SVF::AbstractInterpretation::handleGlobalNode
virtual void handleGlobalNode()
Global ICFGNode is handled at the entry of the program,.
Definition AbstractInterpretation.cpp:173
SVF::AbstractInterpretation::mergeStatesFromPredecessors
bool mergeStatesFromPredecessors(const ICFGNode *icfgNode)
Definition AbstractInterpretation.cpp:188
SVF::AbstractInterpretation::directCallFunPass
virtual void directCallFunPass(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:709
SVF::AbstractInterpretation::handleWTOComponent
void handleWTOComponent(const ICFGWTOComp *wtoComp)
Definition AbstractInterpretation.cpp:600
SVF::AbstractInterpretation::isExtCall
virtual bool isExtCall(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:645
SVF::AbstractInterpretation::isIndirectCall
virtual bool isIndirectCall(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:734
SVF::AbstractInterpretation::initWTO
void initWTO()
Compute IWTO for each function partition entry.
Definition AbstractInterpretation.cpp:83
SVF::AbstractInterpretation::updateStateOnPhi
void updateStateOnPhi(const PhiStmt *phi)
Definition AbstractInterpretation.cpp:1169
SVF::AbstractInterpretation::isBranchFeasible
bool isBranchFeasible(const IntraCFGEdge *intraEdge, AbstractState &as)
Definition AbstractInterpretation.cpp:538
SVF::AbstractInterpretation::detectors
std::vector< std::unique_ptr< AEDetector > > detectors
Definition AbstractInterpretation.h:331
SVF::AbstractInterpretation::getAbsStateFromTrace
AbstractState & getAbsStateFromTrace(const ICFGNode *node)
Retrieves the abstract state from the trace for a given ICFG node.
Definition AbstractInterpretation.h:165
SVF::AbstractInterpretation::checkpoints
Set< const CallICFGNode * > checkpoints
Definition AbstractInterpretation.h:157
SVF::AbstractInterpretation::isSwitchBranchFeasible
bool isSwitchBranchFeasible(const SVFVar *var, s64_t succ, AbstractState &as)
Definition AbstractInterpretation.cpp:494
SVF::AbstractInterpretation::updateStateOnSelect
void updateStateOnSelect(const SelectStmt *select)
Definition AbstractInterpretation.cpp:1151
SVF::AbstractInterpretation::handleSVFStatement
virtual void handleSVFStatement(const SVFStmt *stmt)
Definition AbstractInterpretation.cpp:875
SVF::AbstractInterpretation::indirectCallFunPass
virtual void indirectCallFunPass(const CallICFGNode *callNode)
Definition AbstractInterpretation.cpp:740
SVF::AbstractInterpretation::svfir
SVFIR * svfir
protected data members, also used in subclasses
Definition AbstractInterpretation.h:290
SVF::AbstractInterpretation::runOnModule
virtual void runOnModule(ICFG *icfg)
Definition AbstractInterpretation.cpp:42
SVF::AbstractInterpretation::isRecursiveCallSite
virtual bool isRecursiveCallSite(const CallICFGNode *callNode, const FunObjVar *)
Definition AbstractInterpretation.cpp:694
SVF::AbstractInterpretation::isRecursiveFun
virtual bool isRecursiveFun(const FunObjVar *fun)
Definition AbstractInterpretation.cpp:661
SVF::AbstractInterpretation::updateStateOnAddr
void updateStateOnAddr(const AddrStmt *addr)
Definition AbstractInterpretation.cpp:1225
SVF::AbstractInterpretation::~AbstractInterpretation
virtual ~AbstractInterpretation()
Destructor.
Definition AbstractInterpretation.cpp:67
SVF::AbstractInterpretation::isCmpBranchFeasible
bool isCmpBranchFeasible(const CmpStmt *cmpStmt, s64_t succ, AbstractState &as)
Definition AbstractInterpretation.cpp:268
SVF::AbstractInterpretation::handleCallSite
virtual void handleCallSite(const ICFGNode *node)
Definition AbstractInterpretation.cpp:618
SVF::AbstractInterpretation::updateStateOnRet
void updateStateOnRet(const RetPE *retPE)
Definition AbstractInterpretation.cpp:1216
SVF::AbstractInterpretation::handleWTOComponents
void handleWTOComponents(const std::list< const ICFGWTOComp * > &wtoComps)
Handle two types of WTO components (singleton and cycle)
Definition AbstractInterpretation.cpp:592
SVF::AbstractInterpretation::updateStateOnCopy
void updateStateOnCopy(const CopyStmt *copy)
Definition AbstractInterpretation.cpp:1528
SVF::AbstractInterpretation::nonRecursiveCallSites
Set< std::pair< const CallICFGNode *, NodeID > > nonRecursiveCallSites
Definition AbstractInterpretation.h:299
SVF::AbstractInterpretation::updateStateOnLoad
void updateStateOnLoad(const LoadStmt *load)
Definition AbstractInterpretation.cpp:1512
SVF::AbstractInterpretation::updateStateOnBinary
void updateStateOnBinary(const BinaryOPStmt *binary)
Definition AbstractInterpretation.cpp:1235
SVF::AbstractInterpretation::abstractTrace
Map< const ICFGNode *, AbstractState > abstractTrace
Definition AbstractInterpretation.h:328
SVF::AbstractInterpretation::callSiteStack
std::vector< const CallICFGNode * > callSiteStack
Definition AbstractInterpretation.h:297
SVF::AbstractInterpretation::handleSingletonWTO
virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto)
handle instructions in svf basic blocks
Definition AbstractInterpretation.cpp:566
SVF::AbstractInterpretation::_switch_lhsrhs_predicate
Map< s32_t, s32_t > _switch_lhsrhs_predicate
Definition AbstractInterpretation.h:362
SVF::AbstractInterpretation::updateStateOnCmp
void updateStateOnCmp(const CmpStmt *cmp)
Definition AbstractInterpretation.cpp:1297
SVF::AbstractInterpretation::SkipRecursiveCall
virtual void SkipRecursiveCall(const CallICFGNode *callnode)
Definition AbstractInterpretation.cpp:936
SVF::AbstractInterpretation::funcToWTO
Map< const FunObjVar *, const ICFGWTO * > funcToWTO
Definition AbstractInterpretation.h:298
SVF::AbstractState::widening
AbstractState widening(const AbstractState &other)
domain widen with other, and return the widened domain
Definition AbstractState.cpp:59
SVF::AbstractValue::getAddrs
AddressValue & getAddrs()
Definition AbstractValue.h:111
SVF::AddressValue::meet_with
bool meet_with(const AddressValue &other)
Return a intersected AddressValue.
Definition AddressValue.h:156
SVF::AddressValue::begin
AddrSet::const_iterator begin() const
Definition AddressValue.h:105
SVF::AndersenWaveDiff::createAndersenWaveDiff
static AndersenWaveDiff * createAndersenWaveDiff(SVFIR *_pag)
Create an singleton instance directly instead of invoking llvm pass manager.
Definition Andersen.h:407
SVF::AssignStmt::getRHSVarID
NodeID getRHSVarID() const
Definition SVFStatements.h:295
SVF::AssignStmt::getLHSVarID
NodeID getLHSVarID() const
Definition SVFStatements.h:299
SVF::BoundedInt::getIntNumeral
s64_t getIntNumeral() const
Definition NumericValue.h:706
SVF::CallGraph::getCallGraphNode
const CallGraphNode * getCallGraphNode(const std::string &name) const
Get call graph node.
Definition CallGraph.cpp:367
SVF::CmpStmt::ICMP_SGT
@ ICMP_SGT
signed greater than
Definition SVFStatements.h:977
SVF::CmpStmt::FCMP_UEQ
@ FCMP_UEQ
1 0 0 1 True if unordered or equal
Definition SVFStatements.h:961
SVF::CmpStmt::FCMP_ONE
@ FCMP_ONE
0 1 1 0 True if ordered and operands are unequal
Definition SVFStatements.h:958
SVF::CmpStmt::ICMP_UGE
@ ICMP_UGE
unsigned greater or equal
Definition SVFStatements.h:974
SVF::CmpStmt::FCMP_UGT
@ FCMP_UGT
1 0 1 0 True if unordered or greater than
Definition SVFStatements.h:962
SVF::CmpStmt::ICMP_ULE
@ ICMP_ULE
unsigned less or equal
Definition SVFStatements.h:976
SVF::CmpStmt::FCMP_OGE
@ FCMP_OGE
0 0 1 1 True if ordered and greater than or equal
Definition SVFStatements.h:955
SVF::CmpStmt::FCMP_OLT
@ FCMP_OLT
0 1 0 0 True if ordered and less than
Definition SVFStatements.h:956
SVF::CmpStmt::FCMP_OGT
@ FCMP_OGT
0 0 1 0 True if ordered and greater than
Definition SVFStatements.h:954
SVF::CmpStmt::ICMP_NE
@ ICMP_NE
not equal
Definition SVFStatements.h:972
SVF::CmpStmt::FCMP_TRUE
@ FCMP_TRUE
1 1 1 1 Always true (always folded)
Definition SVFStatements.h:967
SVF::CmpStmt::ICMP_ULT
@ ICMP_ULT
unsigned less than
Definition SVFStatements.h:975
SVF::CmpStmt::FCMP_ULE
@ FCMP_ULE
1 1 0 1 True if unordered, less than, or equal
Definition SVFStatements.h:965
SVF::CmpStmt::ICMP_SLT
@ ICMP_SLT
signed less than
Definition SVFStatements.h:979
SVF::CmpStmt::ICMP_UGT
@ ICMP_UGT
unsigned greater than
Definition SVFStatements.h:973
SVF::CmpStmt::FCMP_OEQ
@ FCMP_OEQ
0 0 0 1 True if ordered and equal
Definition SVFStatements.h:953
SVF::CmpStmt::FCMP_OLE
@ FCMP_OLE
0 1 0 1 True if ordered and less than or equal
Definition SVFStatements.h:957
SVF::CmpStmt::FCMP_FALSE
@ FCMP_FALSE
0 0 0 0 Always false (always folded)
Definition SVFStatements.h:952
SVF::CmpStmt::FCMP_ULT
@ FCMP_ULT
1 1 0 0 True if unordered or less than
Definition SVFStatements.h:964
SVF::CmpStmt::FCMP_UGE
@ FCMP_UGE
1 0 1 1 True if unordered, greater than, or equal
Definition SVFStatements.h:963
SVF::CmpStmt::ICMP_SGE
@ ICMP_SGE
signed greater or equal
Definition SVFStatements.h:978
SVF::CmpStmt::FCMP_UNE
@ FCMP_UNE
1 1 1 0 True if unordered or not equal
Definition SVFStatements.h:966
SVF::CmpStmt::ICMP_SLE
@ ICMP_SLE
signed less or equal
Definition SVFStatements.h:980
SVF::FunObjVar::getFunction
virtual const FunObjVar * getFunction() const
Get containing function, or null for globals/constants.
Definition SVFVariables.cpp:470
SVF::FunObjVar::isDeclaration
bool isDeclaration() const
Definition SVFVariables.h:1041
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:377
SVF::GenericGraph::nodeNum
u32_t nodeNum
total num of edge
Definition GenericGraph.h:453
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:403
SVF::GenericNode::getInEdges
const GEdgeSetTy & getInEdges() const
Definition GenericGraph.h:184
SVF::ICFGNode::toString
virtual const std::string toString() const
Definition ICFG.cpp:60
SVF::ICFGNode::getSVFStmts
const SVFStmtList & getSVFStmts() const
Definition ICFGNode.h:117
SVF::ICFG::getICFGEdge
ICFGEdge * getICFGEdge(const ICFGNode *src, const ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Get a SVFG edge according to src and dst.
Definition ICFG.cpp:311
SVF::ICFG::getFunEntryICFGNode
FunEntryICFGNode * getFunEntryICFGNode(const FunObjVar *fun)
Add a function entry node.
Definition ICFG.cpp:242
SVF::ICFG::getGlobalICFGNode
GlobalICFGNode * getGlobalICFGNode() const
Definition ICFG.h:230
SVF::IRGraph::getBlkPtr
NodeID getBlkPtr() const
Definition IRGraph.h:255
SVF::IntervalValue::meet_with
void meet_with(const IntervalValue &other)
Return a intersected IntervalValue.
Definition IntervalValue.h:475
SVF::IntervalValue::minus_infinity
static BoundedInt minus_infinity()
Get minus infinity -inf.
Definition IntervalValue.h:77
SVF::IntervalValue::plus_infinity
static BoundedInt plus_infinity()
Get plus infinity +inf.
Definition IntervalValue.h:83
SVF::IntervalValue::top
static IntervalValue top()
Create the IntervalValue [-inf, +inf].
Definition IntervalValue.h:94
SVF::IntervalValue::lb
const BoundedInt & lb() const
Return the lower bound.
Definition IntervalValue.h:220
SVF::Options::HandleRecur
static const OptionMap< u32_t > HandleRecur
recursion handling mode, Default: TOP
Definition Options.h:245
SVF::Options::MaxFieldLimit
static const Option< u32_t > MaxFieldLimit
Maximum number of field derivations for an object.
Definition Options.h:35
SVF::Options::WidenDelay
static const Option< u32_t > WidenDelay
Definition Options.h:243
SVF::Options::NullDerefCheck
static const Option< bool > NullDerefCheck
nullptr dereference checker, Default: false
Definition Options.h:253
SVF::Options::PStat
static const Option< bool > PStat
Definition Options.h:116
SVF::Options::BufferOverflowCheck
static const Option< bool > BufferOverflowCheck
buffer overflow checker, Default: false
Definition Options.h:251
SVF::PointerAnalysis::getCallGraph
CallGraph * getCallGraph() const
Return call graph.
Definition PointerAnalysis.h:168
SVF::PointerAnalysis::CallGraphSCC
SCCDetection< CallGraph * > CallGraphSCC
Definition PointerAnalysis.h:105
SVF::PointerAnalysis::getCallGraphSCC
CallGraphSCC * getCallGraphSCC() const
Return call graph SCC.
Definition PointerAnalysis.h:173
SVF::SVFIR::getCallGraph
const CallGraph * getCallGraph()
Get CG.
Definition SVFIR.h:180
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:163
SVF::SVFIR::getIndirectCallsites
const CallSiteToFunPtrMap & getIndirectCallsites() const
Add/get indirect callsites.
Definition SVFIR.h:374
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::SVFStat::generalNumMap
NUMStatMap generalNumMap
Definition SVFStat.h:76
SVF::SVFStat::endClk
virtual void endClk()
Definition SVFStat.h:63
SVF::SVFStat::moduleName
std::string moduleName
Definition SVFStat.h:99
SVF::SVFStat::timeStatMap
TIMEStatMap timeStatMap
Definition SVFStat.h:78
SVF::SVFStat::startClk
virtual void startClk()
Definition SVFStat.h:58
SVF::SVFStat::endTime
double endTime
Definition SVFStat.h:81
SVF::SVFStat::startTime
double startTime
Definition SVFStat.h:80
SVF::SVFStmt::getICFGNode
ICFGNode * getICFGNode() const
Definition SVFStatements.h:160
SVF::SVFType::getByteSize
u32_t getByteSize() const
Definition SVFType.h:249
SVF::SVFUtil::errMsg
std::string errMsg(const std::string &msg)
Print error message by converting a string into red string output.
Definition SVFUtil.cpp:78
SVF::SVFUtil::errs
std::ostream & errs()
Overwrite llvm::errs()
Definition SVFUtil.h:58
SVF::SVFUtil::isExtCall
bool isExtCall(const FunObjVar *fun)
Definition SVFUtil.cpp:437
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60
SVF::s16_t
signed short s16_t
Definition GeneralType.h:54
SVF::u16_t
unsigned short u16_t
Definition GeneralType.h:53
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::s32_t
signed s32_t
Definition GeneralType.h:48
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50
Generated by doxygen 1.9.8