Static Value-Flow Analysis
Loading...
Searching...
No Matches
AbstractState.h
Go to the documentation of this file.
1//===- AbstractExeState.h ----Interval Domain-------------------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-2022> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22/*
23 * IntervalExeState.h
24 *
25 * Created on: Jul 9, 2022
26 * Author: Xiao Cheng, Jiawei Wang
27 *
28 * [-oo,+oo]
29 * / / \ \
30 * [-oo,1] ... [-oo,10] ... [-1,+oo] ... [0,+oo]
31 * \ \ / /
32 * \ [-1,10] /
33 * \ / \ /
34 * ... [-1,1] ... [0,10] ...
35 * \ | \ / \ /
36 * ... [-1,0] [0,1] ... [1,9] ...
37 * \ | \ | \ /
38 * ... [-1,-1] [0,0] [1,1] ...
39 * \ \ \ / /
40 * ⊥
41 */
42// The implementation is based on
43// Xiao Cheng, Jiawei Wang and Yulei Sui. Precise Sparse Abstract Execution via Cross-Domain Interaction.
44// 46th International Conference on Software Engineering. (ICSE24)
45
46#ifndef Z3_EXAMPLE_INTERVAL_DOMAIN_H
47#define Z3_EXAMPLE_INTERVAL_DOMAIN_H
48
49#include "AE/Core/AbstractValue.h"
50#include "AE/Core/IntervalValue.h"
51#include "SVFIR/SVFVariables.h"
52#include "Util/Z3Expr.h"
53
54#include <iomanip>
55
56namespace SVF
57{
58class AbstractState
59{
60 friend class SVFIR2AbsState;
61 friend class RelationSolver;
62public:
63 typedef Map<u32_t, AbstractValue> VarToAbsValMap;
64 typedef VarToAbsValMap AddrToAbsValMap;
65 Set<NodeID> _freedAddrs;
66
67
68public:
70 AbstractState()
71 {
72 }
73
74 AbstractState(VarToAbsValMap&_varToValMap, AddrToAbsValMap&_locToValMap) : _varToAbsVal(_varToValMap), _addrToAbsVal(_locToValMap) {}
75
81
82 virtual ~AbstractState() = default;
83
84 // getGepObjAddrs
85 AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset);
86
87 // initObjVar
88 void initObjVar(ObjVar* objVar);
89 // getElementIndex
90 IntervalValue getElementIndex(const GepStmt* gep);
91 // getByteOffset
92 IntervalValue getByteOffset(const GepStmt* gep);
93 // printAbstractState
94 // loadValue
95 AbstractValue loadValue(NodeID varId);
96 // storeValue
97 void storeValue(NodeID varId, AbstractValue val);
98
99 u32_t getAllocaInstByteSize(const AddrStmt *addr);
100
101
107
109 static inline bool isVirtualMemAddress(u32_t val)
110 {
111 return AddressValue::isVirtualMemAddress(val);
112 }
113
119
120 AbstractState&operator=(const AbstractState&rhs)
121 {
122 if (rhs != *this)
123 {
124 _varToAbsVal = rhs._varToAbsVal;
125 _addrToAbsVal = rhs._addrToAbsVal;
126 _freedAddrs = rhs._freedAddrs;
127 }
128 return *this;
129 }
130
137
139 AbstractState&operator=(AbstractState&&rhs)
140 {
141 if (&rhs != this)
142 {
143 _varToAbsVal = std::move(rhs._varToAbsVal);
144 _addrToAbsVal = std::move(rhs._addrToAbsVal);
145 _freedAddrs = std::move(rhs._freedAddrs);
146 }
147 return *this;
148 }
149
151 AbstractState bottom() const
152 {
153 AbstractState inv = *this;
154 for (auto &item: inv._varToAbsVal)
155 {
156 if (item.second.isInterval())
157 item.second.getInterval().set_to_bottom();
158 }
159 return inv;
160 }
161
163 AbstractState top() const
164 {
165 AbstractState inv = *this;
166 for (auto &item: inv._varToAbsVal)
167 {
168 if (item.second.isInterval())
169 item.second.getInterval().set_to_top();
170 }
171 return inv;
172 }
173
175 AbstractState sliceState(Set<u32_t> &sl)
176 {
177 AbstractState inv;
178 for (u32_t id: sl)
179 {
180 inv._varToAbsVal[id] = _varToAbsVal[id];
181 }
182 return inv;
183 }
184
185 static inline bool isNullMem(u32_t addr)
186 {
187 return AddressValue::getInternalID(addr) == NullMemAddr;
188 }
189
190 static inline bool isInvalidMem(u32_t addr)
191 {
192 return AddressValue::getInternalID(addr) == InvalidMemAddr;
193 }
194
195
196protected:
197 VarToAbsValMap _varToAbsVal;
198 AddrToAbsValMap
199 _addrToAbsVal;
200
201public:
202
203
205 inline virtual AbstractValue &operator[](u32_t varId)
206 {
207 return _varToAbsVal[varId];
208 }
209
211 inline virtual const AbstractValue &operator[](u32_t varId) const
212 {
213 return _varToAbsVal.at(varId);
214 }
215
217 inline bool inVarToAddrsTable(u32_t id) const
218 {
219 if (_varToAbsVal.find(id)!= _varToAbsVal.end())
220 {
221 if (_varToAbsVal.at(id).isAddr())
222 {
223 return true;
224 }
225 }
226 return false;
227 }
228
230 inline virtual bool inVarToValTable(u32_t id) const
231 {
232 if (_varToAbsVal.find(id) != _varToAbsVal.end())
233 {
234 if (_varToAbsVal.at(id).isInterval())
235 {
236 return true;
237 }
238 }
239 return false;
240 }
241
243 inline bool inAddrToAddrsTable(u32_t id) const
244 {
245 if (_addrToAbsVal.find(id)!= _addrToAbsVal.end())
246 {
247 if (_addrToAbsVal.at(id).isAddr())
248 {
249 return true;
250 }
251 }
252 return false;
253 }
254
256 inline virtual bool inAddrToValTable(u32_t id) const
257 {
258 if (_addrToAbsVal.find(id) != _addrToAbsVal.end())
259 {
260 if (_addrToAbsVal.at(id).isInterval())
261 {
262 return true;
263 }
264 }
265 return false;
266 }
267
269 const VarToAbsValMap&getVarToVal() const
270 {
271 return _varToAbsVal;
272 }
273
275 const AddrToAbsValMap&getLocToVal() const
276 {
277 return _addrToAbsVal;
278 }
279
280public:
281
283 AbstractState widening(const AbstractState&other);
284
286 AbstractState narrowing(const AbstractState&other);
287
289 void joinWith(const AbstractState&other);
290
292 void meetWith(const AbstractState&other);
293
294 void addToFreedAddrs(NodeID addr)
295 {
296 _freedAddrs.insert(addr);
297 }
298
299 bool isFreedMem(u32_t addr) const
300 {
301 return _freedAddrs.find(addr) != _freedAddrs.end();
302 }
303
304
312 const SVFType* getPointeeElement(NodeID id);
313
314
315 u32_t hash() const;
316
317public:
318 inline void store(u32_t addr, const AbstractValue &val)
319 {
320 assert(isVirtualMemAddress(addr) && "not virtual address?");
321 u32_t objId = getIDFromAddr(addr);
322 if (isNullMem(addr)) return;
323 _addrToAbsVal[objId] = val;
324 }
325
326 inline virtual AbstractValue &load(u32_t addr)
327 {
328 assert(isVirtualMemAddress(addr) && "not virtual address?");
329 u32_t objId = getIDFromAddr(addr);
330 return _addrToAbsVal[objId];
331
332 }
333
334 void printAbstractState() const;
335
336 std::string toString() const
337 {
338 return "";
339 }
340
341 bool equals(const AbstractState&other) const;
342
343
344 static bool eqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
345 {
346 if (lhs.size() != rhs.size()) return false;
347 for (const auto &item: lhs)
348 {
349 auto it = rhs.find(item.first);
350 if (it == rhs.end())
351 return false;
352 if (!item.second.equals(it->second))
353 return false;
354 else
355 {
356 }
357 }
358 return true;
359 }
360
361 static bool lessThanVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
362 {
363 if (lhs.empty()) return !rhs.empty();
364 for (const auto &item: lhs)
365 {
366 auto it = rhs.find(item.first);
367 if (it == rhs.end()) return false;
368 // judge from expr id
369 if (item.second.getInterval().contain(it->second.getInterval())) return false;
370 }
371 return true;
372 }
373
374 // lhs >= rhs
375 static bool geqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
376 {
377 if (rhs.empty()) return true;
378 for (const auto &item: rhs)
379 {
380 auto it = lhs.find(item.first);
381 if (it == lhs.end()) return false;
382 // judge from expr id
383 if (!it->second.getInterval().contain(
384 item.second.getInterval()))
385 return false;
386
387 }
388 return true;
389 }
390
391 bool operator==(const AbstractState&rhs) const
392 {
393 return eqVarToValMap(_varToAbsVal, rhs.getVarToVal()) &&
394 eqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
395 }
396
397 bool operator!=(const AbstractState&rhs) const
398 {
399 return !(*this == rhs);
400 }
401
402 bool operator<(const AbstractState&rhs) const
403 {
404 return !(*this >= rhs);
405 }
406
407
408 bool operator>=(const AbstractState&rhs) const
409 {
410 return geqVarToValMap(_varToAbsVal, rhs.getVarToVal()) && geqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
411 }
412
413 void clear()
414 {
415 _addrToAbsVal.clear();
416 _varToAbsVal.clear();
417 _freedAddrs.clear();
418 }
419
420};
421
422}
423
424
425#endif //Z3_EXAMPLE_INTERVAL_DOMAIN_H
InvalidMemAddr
#define InvalidMemAddr
Definition AddressValue.h:36
NullMemAddr
#define NullMemAddr
Definition AddressValue.h:38
offset
buffer offset
Definition cJSON.cpp:1113
item
cJSON * item
Definition cJSON.h:222
SVF::AbstractState::getLocToVal
const AddrToAbsValMap & getLocToVal() const
get loc2val map
Definition AbstractState.h:275
SVF::AbstractState::getAllocaInstByteSize
u32_t getAllocaInstByteSize(const AddrStmt *addr)
Definition AbstractState.cpp:492
SVF::AbstractState::getVarToVal
const VarToAbsValMap & getVarToVal() const
get var2val map
Definition AbstractState.h:269
SVF::AbstractState::geqVarToValMap
static bool geqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:375
SVF::AbstractState::operator>=
bool operator>=(const AbstractState &rhs) const
Definition AbstractState.h:408
SVF::AbstractState::store
void store(u32_t addr, const AbstractValue &val)
Definition AbstractState.h:318
SVF::AbstractState::SVFIR2AbsState
friend class SVFIR2AbsState
Definition AbstractState.h:60
SVF::AbstractState::isNullMem
static bool isNullMem(u32_t addr)
Definition AbstractState.h:185
SVF::AbstractState::bottom
AbstractState bottom() const
Set all value bottom.
Definition AbstractState.h:151
SVF::AbstractState::inAddrToValTable
virtual bool inAddrToValTable(u32_t id) const
whether the memory address stores abstract value
Definition AbstractState.h:256
SVF::AbstractState::printAbstractState
void printAbstractState() const
Definition AbstractState.cpp:389
SVF::AbstractState::inAddrToAddrsTable
bool inAddrToAddrsTable(u32_t id) const
whether the memory address stores memory addresses
Definition AbstractState.h:243
SVF::AbstractState::joinWith
void joinWith(const AbstractState &other)
domain join with other, important! other widen this.
Definition AbstractState.cpp:102
SVF::AbstractState::AbstractState
AbstractState(const AbstractState &rhs)
copy constructor
Definition AbstractState.h:77
SVF::AbstractState::operator!=
bool operator!=(const AbstractState &rhs) const
Definition AbstractState.h:397
SVF::AbstractState::operator[]
virtual const AbstractValue & operator[](u32_t varId) const
get abstract value of variable
Definition AbstractState.h:211
SVF::AbstractState::getElementIndex
IntervalValue getElementIndex(const GepStmt *gep)
Definition AbstractState.cpp:231
SVF::AbstractState::equals
bool equals(const AbstractState &other) const
Definition AbstractState.cpp:37
SVF::AbstractState::AbstractState
AbstractState(AbstractState &&rhs)
move constructor
Definition AbstractState.h:132
SVF::AbstractState::isInvalidMem
static bool isInvalidMem(u32_t addr)
Definition AbstractState.h:190
SVF::AbstractState::_varToAbsVal
VarToAbsValMap _varToAbsVal
Map a variable (symbol) to its abstract value.
Definition AbstractState.h:197
SVF::AbstractState::isFreedMem
bool isFreedMem(u32_t addr) const
Definition AbstractState.h:299
SVF::AbstractState::_freedAddrs
Set< NodeID > _freedAddrs
Definition AbstractState.h:65
SVF::AbstractState::toString
std::string toString() const
Definition AbstractState.h:336
SVF::AbstractState::_addrToAbsVal
AddrToAbsValMap _addrToAbsVal
Map a memory address to its stored abstract value.
Definition AbstractState.h:199
SVF::AbstractState::getPointeeElement
const SVFType * getPointeeElement(NodeID id)
Definition AbstractState.cpp:471
SVF::AbstractState::operator=
AbstractState & operator=(AbstractState &&rhs)
operator= move constructor
Definition AbstractState.h:139
SVF::AbstractState::lessThanVarToValMap
static bool lessThanVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:361
SVF::AbstractState::load
virtual AbstractValue & load(u32_t addr)
Definition AbstractState.h:326
SVF::AbstractState::AbstractState
AbstractState(VarToAbsValMap &_varToValMap, AddrToAbsValMap &_locToValMap)
Definition AbstractState.h:74
SVF::AbstractState::getByteOffset
IntervalValue getByteOffset(const GepStmt *gep)
Definition AbstractState.cpp:304
SVF::AbstractState::loadValue
AbstractValue loadValue(NodeID varId)
Definition AbstractState.cpp:371
SVF::AbstractState::inVarToAddrsTable
bool inVarToAddrsTable(u32_t id) const
whether the variable is in varToAddrs table
Definition AbstractState.h:217
SVF::AbstractState::getIDFromAddr
u32_t getIDFromAddr(u32_t addr)
Return the internal index if addr is an address otherwise return the value of idx.
Definition AbstractState.h:115
SVF::AbstractState::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AbstractState.h:103
SVF::AbstractState::operator[]
virtual AbstractValue & operator[](u32_t varId)
get abstract value of variable
Definition AbstractState.h:205
SVF::AbstractState::narrowing
AbstractState narrowing(const AbstractState &other)
domain narrow with other, and return the narrowed domain
Definition AbstractState.cpp:80
SVF::AbstractState::AbstractState
AbstractState()
default constructor
Definition AbstractState.h:70
SVF::AbstractState::addToFreedAddrs
void addToFreedAddrs(NodeID addr)
Definition AbstractState.h:294
SVF::AbstractState::inVarToValTable
virtual bool inVarToValTable(u32_t id) const
whether the variable is in varToVal table
Definition AbstractState.h:230
SVF::AbstractState::VarToAbsValMap
Map< u32_t, AbstractValue > VarToAbsValMap
Definition AbstractState.h:63
SVF::AbstractState::~AbstractState
virtual ~AbstractState()=default
SVF::AbstractState::AddrToAbsValMap
VarToAbsValMap AddrToAbsValMap
Definition AbstractState.h:64
SVF::AbstractState::top
AbstractState top() const
Set all value top.
Definition AbstractState.h:163
SVF::AbstractState::operator==
bool operator==(const AbstractState &rhs) const
Definition AbstractState.h:391
SVF::AbstractState::operator=
AbstractState & operator=(const AbstractState &rhs)
Definition AbstractState.h:120
SVF::AbstractState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AbstractState.h:109
SVF::AbstractState::storeValue
void storeValue(NodeID varId, AbstractValue val)
Definition AbstractState.cpp:381
SVF::AbstractState::eqVarToValMap
static bool eqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:344
SVF::AbstractState::meetWith
void meetWith(const AbstractState &other)
domain meet with other, important! other widen this.
Definition AbstractState.cpp:134
SVF::AbstractState::operator<
bool operator<(const AbstractState &rhs) const
Definition AbstractState.h:402
SVF::AbstractState::getGepObjAddrs
AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset)
Definition AbstractState.cpp:162
SVF::AbstractState::sliceState
AbstractState sliceState(Set< u32_t > &sl)
Copy some values and return a new IntervalExeState.
Definition AbstractState.h:175
SVF::AbstractState::initObjVar
void initObjVar(ObjVar *objVar)
Definition AbstractState.cpp:185
SVF::AbstractState::widening
AbstractState widening(const AbstractState &other)
domain widen with other, and return the widened domain
Definition AbstractState.cpp:59
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AddressValue.h:57
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AddressValue.h:210
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AddressValue.h:218
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
Generated by doxygen 1.9.8