Static Value-Flow Analysis
AbstractState.h
Go to the documentation of this file.
1 //===- AbstractExeState.h ----Interval Domain-------------------------//
2 //
3 // SVF: Static Value-Flow Analysis
4 //
5 // Copyright (C) <2013-2022> <Yulei Sui>
6 //
7 
8 // This program is free software: you can redistribute it and/or modify
9 // it under the terms of the GNU Affero General Public License as published by
10 // the Free Software Foundation, either version 3 of the License, or
11 // (at your option) any later version.
12 
13 // This program is distributed in the hope that it will be useful,
14 // but WITHOUT ANY WARRANTY; without even the implied warranty of
15 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 // GNU Affero General Public License for more details.
17 
18 // You should have received a copy of the GNU Affero General Public License
19 // along with this program. If not, see <http://www.gnu.org/licenses/>.
20 //
21 //===----------------------------------------------------------------------===//
22 /*
23  * IntervalExeState.h
24  *
25  * Created on: Jul 9, 2022
26  * Author: Xiao Cheng, Jiawei Wang
27  *
28  * [-oo,+oo]
29  * / / \ \
30  * [-oo,1] ... [-oo,10] ... [-1,+oo] ... [0,+oo]
31  * \ \ / /
32  * \ [-1,10] /
33  * \ / \ /
34  * ... [-1,1] ... [0,10] ...
35  * \ | \ / \ /
36  * ... [-1,0] [0,1] ... [1,9] ...
37  * \ | \ | \ /
38  * ... [-1,-1] [0,0] [1,1] ...
39  * \ \ \ / /
40  * ⊥
41  */
42 // The implementation is based on
43 // Xiao Cheng, Jiawei Wang and Yulei Sui. Precise Sparse Abstract Execution via Cross-Domain Interaction.
44 // 46th International Conference on Software Engineering. (ICSE24)
45 
46 #ifndef Z3_EXAMPLE_INTERVAL_DOMAIN_H
47 #define Z3_EXAMPLE_INTERVAL_DOMAIN_H
48 
49 #include "AE/Core/AbstractValue.h"
50 #include "AE/Core/IntervalValue.h"
51 #include "SVFIR/SVFVariables.h"
52 #include "Util/Z3Expr.h"
53 
54 #include <iomanip>
55 
56 namespace SVF
57 {
58 class AbstractState
59 {
60  friend class SVFIR2AbsState;
61  friend class RelationSolver;
62 public:
63  typedef Map<u32_t, AbstractValue> VarToAbsValMap;
64 
65  typedef VarToAbsValMap AddrToAbsValMap;
66 
67 public:
69  AbstractState()
70  {
71  }
72 
73  AbstractState(VarToAbsValMap&_varToValMap, AddrToAbsValMap&_locToValMap) : _varToAbsVal(_varToValMap), _addrToAbsVal(_locToValMap) {}
74 
76  AbstractState(const AbstractState&rhs) : _varToAbsVal(rhs.getVarToVal()), _addrToAbsVal(rhs.getLocToVal())
77  {
78 
79  }
80 
81  virtual ~AbstractState() = default;
82 
83  // getGepObjAddrs
84  AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset);
85 
86  // initObjVar
87  void initObjVar(ObjVar* objVar);
88  // getElementIndex
89  IntervalValue getElementIndex(const GepStmt* gep);
90  // getByteOffset
91  IntervalValue getByteOffset(const GepStmt* gep);
92  // printAbstractState
93  // loadValue
94  AbstractValue loadValue(NodeID varId);
95  // storeValue
96  void storeValue(NodeID varId, AbstractValue val);
97 
98  u32_t getAllocaInstByteSize(const AddrStmt *addr);
99 
100 
102  static inline u32_t getVirtualMemAddress(u32_t idx)
103  {
104  return AddressValue::getVirtualMemAddress(idx);
105  }
106 
108  static inline bool isVirtualMemAddress(u32_t val)
109  {
110  return AddressValue::isVirtualMemAddress(val);
111  }
112 
114  static inline u32_t getInternalID(u32_t idx)
115  {
116  return AddressValue::getInternalID(idx);
117  }
118 
119  static inline bool isNullPtr(u32_t addr)
120  {
121  return getInternalID(addr) == 0;
122  }
123 
124  AbstractState&operator=(const AbstractState&rhs)
125  {
126  if (rhs != *this)
127  {
128  _varToAbsVal = rhs._varToAbsVal;
129  _addrToAbsVal = rhs._addrToAbsVal;
130  }
131  return *this;
132  }
133 
135  AbstractState(AbstractState&&rhs) : _varToAbsVal(std::move(rhs._varToAbsVal)),
136  _addrToAbsVal(std::move(rhs._addrToAbsVal))
137  {
138 
139  }
140 
142  AbstractState&operator=(AbstractState&&rhs)
143  {
144  if (&rhs != this)
145  {
146  _varToAbsVal = std::move(rhs._varToAbsVal);
147  _addrToAbsVal = std::move(rhs._addrToAbsVal);
148  }
149  return *this;
150  }
151 
153  AbstractState bottom() const
154  {
155  AbstractState inv = *this;
156  for (auto &item: inv._varToAbsVal)
157  {
158  if (item.second.isInterval())
159  item.second.getInterval().set_to_bottom();
160  }
161  return inv;
162  }
163 
165  AbstractState top() const
166  {
167  AbstractState inv = *this;
168  for (auto &item: inv._varToAbsVal)
169  {
170  if (item.second.isInterval())
171  item.second.getInterval().set_to_top();
172  }
173  return inv;
174  }
175 
177  AbstractState sliceState(Set<u32_t> &sl)
178  {
179  AbstractState inv;
180  for (u32_t id: sl)
181  {
182  inv._varToAbsVal[id] = _varToAbsVal[id];
183  }
184  return inv;
185  }
186 
187 protected:
188  VarToAbsValMap _varToAbsVal;
189  AddrToAbsValMap
190  _addrToAbsVal;
191 
192 public:
193 
194 
196  inline virtual AbstractValue &operator[](u32_t varId)
197  {
198  return _varToAbsVal[varId];
199  }
200 
202  inline virtual const AbstractValue &operator[](u32_t varId) const
203  {
204  return _varToAbsVal.at(varId);
205  }
206 
208  inline bool inVarToAddrsTable(u32_t id) const
209  {
210  if (_varToAbsVal.find(id)!= _varToAbsVal.end())
211  {
212  if (_varToAbsVal.at(id).isAddr())
213  {
214  return true;
215  }
216  }
217  return false;
218  }
219 
221  inline virtual bool inVarToValTable(u32_t id) const
222  {
223  if (_varToAbsVal.find(id) != _varToAbsVal.end())
224  {
225  if (_varToAbsVal.at(id).isInterval())
226  {
227  return true;
228  }
229  }
230  return false;
231  }
232 
234  inline bool inAddrToAddrsTable(u32_t id) const
235  {
236  if (_addrToAbsVal.find(id)!= _addrToAbsVal.end())
237  {
238  if (_addrToAbsVal.at(id).isAddr())
239  {
240  return true;
241  }
242  }
243  return false;
244  }
245 
247  inline virtual bool inAddrToValTable(u32_t id) const
248  {
249  if (_addrToAbsVal.find(id) != _addrToAbsVal.end())
250  {
251  if (_addrToAbsVal.at(id).isInterval())
252  {
253  return true;
254  }
255  }
256  return false;
257  }
258 
260  const VarToAbsValMap&getVarToVal() const
261  {
262  return _varToAbsVal;
263  }
264 
266  const AddrToAbsValMap&getLocToVal() const
267  {
268  return _addrToAbsVal;
269  }
270 
271 public:
272 
274  AbstractState widening(const AbstractState&other);
275 
277  AbstractState narrowing(const AbstractState&other);
278 
280  void joinWith(const AbstractState&other);
281 
282 
284  void meetWith(const AbstractState&other);
285 
293  const SVFType* getPointeeElement(NodeID id);
294 
295 
296  u32_t hash() const;
297 
298 public:
299  inline void store(u32_t addr, const AbstractValue &val)
300  {
301  assert(isVirtualMemAddress(addr) && "not virtual address?");
302  if (isNullPtr(addr)) return;
303  u32_t objId = getInternalID(addr);
304  _addrToAbsVal[objId] = val;
305  }
306 
307  inline virtual AbstractValue &load(u32_t addr)
308  {
309  assert(isVirtualMemAddress(addr) && "not virtual address?");
310  u32_t objId = getInternalID(addr);
311  return _addrToAbsVal[objId];
312 
313  }
314 
315 
316  void printAbstractState() const;
317 
318  std::string toString() const
319  {
320  return "";
321  }
322 
323  bool equals(const AbstractState&other) const;
324 
325 
326  static bool eqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
327  {
328  if (lhs.size() != rhs.size()) return false;
329  for (const auto &item: lhs)
330  {
331  auto it = rhs.find(item.first);
332  if (it == rhs.end())
333  return false;
334  if (!item.second.equals(it->second))
335  return false;
336  else
337  {
338  }
339  }
340  return true;
341  }
342 
343  static bool lessThanVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
344  {
345  if (lhs.empty()) return !rhs.empty();
346  for (const auto &item: lhs)
347  {
348  auto it = rhs.find(item.first);
349  if (it == rhs.end()) return false;
350  // judge from expr id
351  if (item.second.getInterval().contain(it->second.getInterval())) return false;
352  }
353  return true;
354  }
355 
356  // lhs >= rhs
357  static bool geqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
358  {
359  if (rhs.empty()) return true;
360  for (const auto &item: rhs)
361  {
362  auto it = lhs.find(item.first);
363  if (it == lhs.end()) return false;
364  // judge from expr id
365  if (!it->second.getInterval().contain(
366  item.second.getInterval()))
367  return false;
368 
369  }
370  return true;
371  }
372 
373  bool operator==(const AbstractState&rhs) const
374  {
375  return eqVarToValMap(_varToAbsVal, rhs.getVarToVal()) &&
376  eqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
377  }
378 
379  bool operator!=(const AbstractState&rhs) const
380  {
381  return !(*this == rhs);
382  }
383 
384  bool operator<(const AbstractState&rhs) const
385  {
386  return !(*this >= rhs);
387  }
388 
389 
390  bool operator>=(const AbstractState&rhs) const
391  {
392  return geqVarToValMap(_varToAbsVal, rhs.getVarToVal()) && geqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
393  }
394 
395  void clear()
396  {
397  _addrToAbsVal.clear();
398  _varToAbsVal.clear();
399  }
400 
401 };
402 
403 }
404 
405 
406 #endif //Z3_EXAMPLE_INTERVAL_DOMAIN_H
offset
buffer offset
Definition: cJSON.cpp:1113
item
cJSON * item
Definition: cJSON.h:222
string
const char *const string
Definition: cJSON.h:172
SVF::AbstractState::getAllocaInstByteSize
u32_t getAllocaInstByteSize(const AddrStmt *addr)
Definition: AbstractState.cpp:494
SVF::AbstractState::geqVarToValMap
static bool geqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition: AbstractState.h:357
SVF::AbstractState::operator>=
bool operator>=(const AbstractState &rhs) const
Definition: AbstractState.h:390
SVF::AbstractState::store
void store(u32_t addr, const AbstractValue &val)
Definition: AbstractState.h:299
SVF::AbstractState::SVFIR2AbsState
friend class SVFIR2AbsState
Definition: AbstractState.h:60
SVF::AbstractState::bottom
AbstractState bottom() const
Set all value bottom.
Definition: AbstractState.h:153
SVF::AbstractState::inAddrToValTable
virtual bool inAddrToValTable(u32_t id) const
whether the memory address stores abstract value
Definition: AbstractState.h:247
SVF::AbstractState::printAbstractState
void printAbstractState() const
Definition: AbstractState.cpp:391
SVF::AbstractState::inAddrToAddrsTable
bool inAddrToAddrsTable(u32_t id) const
whether the memory address stores memory addresses
Definition: AbstractState.h:234
SVF::AbstractState::hash
u32_t hash() const
Definition: AbstractState.cpp:42
SVF::AbstractState::joinWith
void joinWith(const AbstractState &other)
domain join with other, important! other widen this.
Definition: AbstractState.cpp:102
SVF::AbstractState::AbstractState
AbstractState(const AbstractState &rhs)
copy constructor
Definition: AbstractState.h:76
SVF::AbstractState::getVarToVal
const VarToAbsValMap & getVarToVal() const
get var2val map
Definition: AbstractState.h:260
SVF::AbstractState::operator!=
bool operator!=(const AbstractState &rhs) const
Definition: AbstractState.h:379
SVF::AbstractState::getElementIndex
IntervalValue getElementIndex(const GepStmt *gep)
Definition: AbstractState.cpp:232
SVF::AbstractState::equals
bool equals(const AbstractState &other) const
Definition: AbstractState.cpp:37
SVF::AbstractState::AbstractState
AbstractState(AbstractState &&rhs)
move constructor
Definition: AbstractState.h:135
SVF::AbstractState::_varToAbsVal
VarToAbsValMap _varToAbsVal
Map a variable (symbol) to its abstract value.
Definition: AbstractState.h:188
SVF::AbstractState::toString
std::string toString() const
Definition: AbstractState.h:318
SVF::AbstractState::_addrToAbsVal
AddrToAbsValMap _addrToAbsVal
Map a memory address to its stored abstract value.
Definition: AbstractState.h:190
SVF::AbstractState::getPointeeElement
const SVFType * getPointeeElement(NodeID id)
Definition: AbstractState.cpp:473
SVF::AbstractState::lessThanVarToValMap
static bool lessThanVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition: AbstractState.h:343
SVF::AbstractState::operator[]
virtual AbstractValue & operator[](u32_t varId)
get abstract value of variable
Definition: AbstractState.h:196
SVF::AbstractState::AbstractState
AbstractState(VarToAbsValMap &_varToValMap, AddrToAbsValMap &_locToValMap)
Definition: AbstractState.h:73
SVF::AbstractState::getByteOffset
IntervalValue getByteOffset(const GepStmt *gep)
Definition: AbstractState.cpp:305
SVF::AbstractState::load
virtual AbstractValue & load(u32_t addr)
Definition: AbstractState.h:307
SVF::AbstractState::loadValue
AbstractValue loadValue(NodeID varId)
Definition: AbstractState.cpp:373
SVF::AbstractState::inVarToAddrsTable
bool inVarToAddrsTable(u32_t id) const
whether the variable is in varToAddrs table
Definition: AbstractState.h:208
SVF::AbstractState::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition: AbstractState.h:102
SVF::AbstractState::narrowing
AbstractState narrowing(const AbstractState &other)
domain narrow with other, and return the narrowed domain
Definition: AbstractState.cpp:80
SVF::AbstractState::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition: AbstractState.h:114
SVF::AbstractState::AbstractState
AbstractState()
default constructor
Definition: AbstractState.h:69
SVF::AbstractState::isNullPtr
static bool isNullPtr(u32_t addr)
Definition: AbstractState.h:119
SVF::AbstractState::inVarToValTable
virtual bool inVarToValTable(u32_t id) const
whether the variable is in varToVal table
Definition: AbstractState.h:221
SVF::AbstractState::getLocToVal
const AddrToAbsValMap & getLocToVal() const
get loc2val map
Definition: AbstractState.h:266
SVF::AbstractState::VarToAbsValMap
Map< u32_t, AbstractValue > VarToAbsValMap
Definition: AbstractState.h:63
SVF::AbstractState::~AbstractState
virtual ~AbstractState()=default
SVF::AbstractState::AddrToAbsValMap
VarToAbsValMap AddrToAbsValMap
Definition: AbstractState.h:65
SVF::AbstractState::top
AbstractState top() const
Set all value top.
Definition: AbstractState.h:165
SVF::AbstractState::operator==
bool operator==(const AbstractState &rhs) const
Definition: AbstractState.h:373
SVF::AbstractState::operator[]
virtual const AbstractValue & operator[](u32_t varId) const
get abstract value of variable
Definition: AbstractState.h:202
SVF::AbstractState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition: AbstractState.h:108
SVF::AbstractState::storeValue
void storeValue(NodeID varId, AbstractValue val)
Definition: AbstractState.cpp:383
SVF::AbstractState::eqVarToValMap
static bool eqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition: AbstractState.h:326
SVF::AbstractState::meetWith
void meetWith(const AbstractState &other)
domain meet with other, important! other widen this.
Definition: AbstractState.cpp:133
SVF::AbstractState::operator<
bool operator<(const AbstractState &rhs) const
Definition: AbstractState.h:384
SVF::AbstractState::operator=
AbstractState & operator=(const AbstractState &rhs)
Definition: AbstractState.h:124
SVF::AbstractState::getGepObjAddrs
AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset)
Definition: AbstractState.cpp:156
SVF::AbstractState::sliceState
AbstractState sliceState(Set< u32_t > &sl)
Copy some values and return a new IntervalExeState.
Definition: AbstractState.h:177
SVF::AbstractState::operator=
AbstractState & operator=(AbstractState &&rhs)
operator= move constructor
Definition: AbstractState.h:142
SVF::AbstractState::initObjVar
void initObjVar(ObjVar *objVar)
Definition: AbstractState.cpp:179
SVF::AbstractState::widening
AbstractState widening(const AbstractState &other)
domain widen with other, and return the widened domain
Definition: AbstractState.cpp:59
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition: AddressValue.h:226
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition: AddressValue.h:212
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition: AddressValue.h:220
SVF::SVFUtil::move
constexpr std::remove_reference< T >::type && move(T &&t) noexcept
Definition: SVFUtil.h:447
SVF
for isBitcode
Definition: BasicTypes.h:68
SVF::NodeID
u32_t NodeID
Definition: GeneralType.h:55
SVF::Map
std::unordered_map< Key, Value, Hash, KeyEqual, Allocator > Map
Definition: GeneralType.h:101
SVF::u32_t
unsigned u32_t
Definition: GeneralType.h:46
SVF::Set
std::unordered_set< Key, Hash, KeyEqual, Allocator > Set
Definition: GeneralType.h:96
Generated by doxygen 1.9.1