Static Value-Flow Analysis
Loading...
Searching...
No Matches
AbstractState.h
Go to the documentation of this file.
1//===- AbstractExeState.h ----Interval Domain-------------------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-2022> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22/*
23 * IntervalExeState.h
24 *
25 * Created on: Jul 9, 2022
26 * Author: Xiao Cheng, Jiawei Wang
27 *
28 * [-oo,+oo]
29 * / / \ \
30 * [-oo,1] ... [-oo,10] ... [-1,+oo] ... [0,+oo]
31 * \ \ / /
32 * \ [-1,10] /
33 * \ / \ /
34 * ... [-1,1] ... [0,10] ...
35 * \ | \ / \ /
36 * ... [-1,0] [0,1] ... [1,9] ...
37 * \ | \ | \ /
38 * ... [-1,-1] [0,0] [1,1] ...
39 * \ \ \ / /
40 * ⊥
41 */
42// The implementation is based on
43// Xiao Cheng, Jiawei Wang and Yulei Sui. Precise Sparse Abstract Execution via Cross-Domain Interaction.
44// 46th International Conference on Software Engineering. (ICSE24)
45
46#ifndef Z3_EXAMPLE_INTERVAL_DOMAIN_H
47#define Z3_EXAMPLE_INTERVAL_DOMAIN_H
48
49#include "AE/Core/AbstractValue.h"
50#include "AE/Core/IntervalValue.h"
51#include "SVFIR/SVFVariables.h"
52#include "Util/Z3Expr.h"
53
54#include <iomanip>
55
56namespace SVF
57{
58class AbstractState
59{
60 friend class SVFIR2AbsState;
61 friend class RelationSolver;
62public:
63 typedef Map<u32_t, AbstractValue> VarToAbsValMap;
64
65 typedef VarToAbsValMap AddrToAbsValMap;
66
67public:
69 AbstractState()
70 {
71 }
72
73 AbstractState(VarToAbsValMap&_varToValMap, AddrToAbsValMap&_locToValMap) : _varToAbsVal(_varToValMap), _addrToAbsVal(_locToValMap) {}
74
80
81 virtual ~AbstractState() = default;
82
83 // getGepObjAddrs
84 AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset);
85
86 // initObjVar
87 void initObjVar(ObjVar* objVar);
88 // getElementIndex
89 IntervalValue getElementIndex(const GepStmt* gep);
90 // getByteOffset
91 IntervalValue getByteOffset(const GepStmt* gep);
92 // printAbstractState
93 // loadValue
94 AbstractValue loadValue(NodeID varId);
95 // storeValue
96 void storeValue(NodeID varId, AbstractValue val);
97
98 u32_t getAllocaInstByteSize(const AddrStmt *addr);
99
100
106
108 static inline bool isVirtualMemAddress(u32_t val)
109 {
110 return AddressValue::isVirtualMemAddress(val);
111 }
112
114 static inline u32_t getInternalID(u32_t idx)
115 {
116 return AddressValue::getInternalID(idx);
117 }
118
119 static inline bool isNullPtr(u32_t addr)
120 {
121 return getInternalID(addr) == 0;
122 }
123
124 AbstractState&operator=(const AbstractState&rhs)
125 {
126 if (rhs != *this)
127 {
128 _varToAbsVal = rhs._varToAbsVal;
129 _addrToAbsVal = rhs._addrToAbsVal;
130 }
131 return *this;
132 }
133
140
142 AbstractState&operator=(AbstractState&&rhs)
143 {
144 if (&rhs != this)
145 {
146 _varToAbsVal = std::move(rhs._varToAbsVal);
147 _addrToAbsVal = std::move(rhs._addrToAbsVal);
148 }
149 return *this;
150 }
151
153 AbstractState bottom() const
154 {
155 AbstractState inv = *this;
156 for (auto &item: inv._varToAbsVal)
157 {
158 if (item.second.isInterval())
159 item.second.getInterval().set_to_bottom();
160 }
161 return inv;
162 }
163
165 AbstractState top() const
166 {
167 AbstractState inv = *this;
168 for (auto &item: inv._varToAbsVal)
169 {
170 if (item.second.isInterval())
171 item.second.getInterval().set_to_top();
172 }
173 return inv;
174 }
175
177 AbstractState sliceState(Set<u32_t> &sl)
178 {
179 AbstractState inv;
180 for (u32_t id: sl)
181 {
182 inv._varToAbsVal[id] = _varToAbsVal[id];
183 }
184 return inv;
185 }
186
187protected:
188 VarToAbsValMap _varToAbsVal;
189 AddrToAbsValMap
190 _addrToAbsVal;
191
192public:
193
194
196 inline virtual AbstractValue &operator[](u32_t varId)
197 {
198 return _varToAbsVal[varId];
199 }
200
202 inline virtual const AbstractValue &operator[](u32_t varId) const
203 {
204 return _varToAbsVal.at(varId);
205 }
206
208 inline bool inVarToAddrsTable(u32_t id) const
209 {
210 if (_varToAbsVal.find(id)!= _varToAbsVal.end())
211 {
212 if (_varToAbsVal.at(id).isAddr())
213 {
214 return true;
215 }
216 }
217 return false;
218 }
219
221 inline virtual bool inVarToValTable(u32_t id) const
222 {
223 if (_varToAbsVal.find(id) != _varToAbsVal.end())
224 {
225 if (_varToAbsVal.at(id).isInterval())
226 {
227 return true;
228 }
229 }
230 return false;
231 }
232
234 inline bool inAddrToAddrsTable(u32_t id) const
235 {
236 if (_addrToAbsVal.find(id)!= _addrToAbsVal.end())
237 {
238 if (_addrToAbsVal.at(id).isAddr())
239 {
240 return true;
241 }
242 }
243 return false;
244 }
245
247 inline virtual bool inAddrToValTable(u32_t id) const
248 {
249 if (_addrToAbsVal.find(id) != _addrToAbsVal.end())
250 {
251 if (_addrToAbsVal.at(id).isInterval())
252 {
253 return true;
254 }
255 }
256 return false;
257 }
258
260 const VarToAbsValMap&getVarToVal() const
261 {
262 return _varToAbsVal;
263 }
264
266 const AddrToAbsValMap&getLocToVal() const
267 {
268 return _addrToAbsVal;
269 }
270
271public:
272
274 AbstractState widening(const AbstractState&other);
275
277 AbstractState narrowing(const AbstractState&other);
278
280 void joinWith(const AbstractState&other);
281
282
284 void meetWith(const AbstractState&other);
285
293 const SVFType* getPointeeElement(NodeID id);
294
295
296 u32_t hash() const;
297
298public:
299 inline void store(u32_t addr, const AbstractValue &val)
300 {
301 assert(isVirtualMemAddress(addr) && "not virtual address?");
302 if (isNullPtr(addr)) return;
303 u32_t objId = getInternalID(addr);
304 _addrToAbsVal[objId] = val;
305 }
306
307 inline virtual AbstractValue &load(u32_t addr)
308 {
309 assert(isVirtualMemAddress(addr) && "not virtual address?");
310 u32_t objId = getInternalID(addr);
311 return _addrToAbsVal[objId];
312
313 }
314
315
316 void printAbstractState() const;
317
318 std::string toString() const
319 {
320 return "";
321 }
322
323 bool equals(const AbstractState&other) const;
324
325
326 static bool eqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
327 {
328 if (lhs.size() != rhs.size()) return false;
329 for (const auto &item: lhs)
330 {
331 auto it = rhs.find(item.first);
332 if (it == rhs.end())
333 return false;
334 if (!item.second.equals(it->second))
335 return false;
336 else
337 {
338 }
339 }
340 return true;
341 }
342
343 static bool lessThanVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
344 {
345 if (lhs.empty()) return !rhs.empty();
346 for (const auto &item: lhs)
347 {
348 auto it = rhs.find(item.first);
349 if (it == rhs.end()) return false;
350 // judge from expr id
351 if (item.second.getInterval().contain(it->second.getInterval())) return false;
352 }
353 return true;
354 }
355
356 // lhs >= rhs
357 static bool geqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
358 {
359 if (rhs.empty()) return true;
360 for (const auto &item: rhs)
361 {
362 auto it = lhs.find(item.first);
363 if (it == lhs.end()) return false;
364 // judge from expr id
365 if (!it->second.getInterval().contain(
366 item.second.getInterval()))
367 return false;
368
369 }
370 return true;
371 }
372
373 bool operator==(const AbstractState&rhs) const
374 {
375 return eqVarToValMap(_varToAbsVal, rhs.getVarToVal()) &&
376 eqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
377 }
378
379 bool operator!=(const AbstractState&rhs) const
380 {
381 return !(*this == rhs);
382 }
383
384 bool operator<(const AbstractState&rhs) const
385 {
386 return !(*this >= rhs);
387 }
388
389
390 bool operator>=(const AbstractState&rhs) const
391 {
392 return geqVarToValMap(_varToAbsVal, rhs.getVarToVal()) && geqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
393 }
394
395 void clear()
396 {
397 _addrToAbsVal.clear();
398 _varToAbsVal.clear();
399 }
400
401};
402
403}
404
405
406#endif //Z3_EXAMPLE_INTERVAL_DOMAIN_H
offset
buffer offset
Definition cJSON.cpp:1113
item
cJSON * item
Definition cJSON.h:222
SVF::AbstractState::getLocToVal
const AddrToAbsValMap & getLocToVal() const
get loc2val map
Definition AbstractState.h:266
SVF::AbstractState::getAllocaInstByteSize
u32_t getAllocaInstByteSize(const AddrStmt *addr)
Definition AbstractState.cpp:486
SVF::AbstractState::getVarToVal
const VarToAbsValMap & getVarToVal() const
get var2val map
Definition AbstractState.h:260
SVF::AbstractState::geqVarToValMap
static bool geqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:357
SVF::AbstractState::operator>=
bool operator>=(const AbstractState &rhs) const
Definition AbstractState.h:390
SVF::AbstractState::store
void store(u32_t addr, const AbstractValue &val)
Definition AbstractState.h:299
SVF::AbstractState::SVFIR2AbsState
friend class SVFIR2AbsState
Definition AbstractState.h:60
SVF::AbstractState::bottom
AbstractState bottom() const
Set all value bottom.
Definition AbstractState.h:153
SVF::AbstractState::inAddrToValTable
virtual bool inAddrToValTable(u32_t id) const
whether the memory address stores abstract value
Definition AbstractState.h:247
SVF::AbstractState::printAbstractState
void printAbstractState() const
Definition AbstractState.cpp:383
SVF::AbstractState::inAddrToAddrsTable
bool inAddrToAddrsTable(u32_t id) const
whether the memory address stores memory addresses
Definition AbstractState.h:234
SVF::AbstractState::joinWith
void joinWith(const AbstractState &other)
domain join with other, important! other widen this.
Definition AbstractState.cpp:102
SVF::AbstractState::AbstractState
AbstractState(const AbstractState &rhs)
copy constructor
Definition AbstractState.h:76
SVF::AbstractState::operator!=
bool operator!=(const AbstractState &rhs) const
Definition AbstractState.h:379
SVF::AbstractState::operator[]
virtual const AbstractValue & operator[](u32_t varId) const
get abstract value of variable
Definition AbstractState.h:202
SVF::AbstractState::getElementIndex
IntervalValue getElementIndex(const GepStmt *gep)
Definition AbstractState.cpp:225
SVF::AbstractState::equals
bool equals(const AbstractState &other) const
Definition AbstractState.cpp:37
SVF::AbstractState::AbstractState
AbstractState(AbstractState &&rhs)
move constructor
Definition AbstractState.h:135
SVF::AbstractState::_varToAbsVal
VarToAbsValMap _varToAbsVal
Map a variable (symbol) to its abstract value.
Definition AbstractState.h:188
SVF::AbstractState::toString
std::string toString() const
Definition AbstractState.h:318
SVF::AbstractState::_addrToAbsVal
AddrToAbsValMap _addrToAbsVal
Map a memory address to its stored abstract value.
Definition AbstractState.h:190
SVF::AbstractState::getPointeeElement
const SVFType * getPointeeElement(NodeID id)
Definition AbstractState.cpp:465
SVF::AbstractState::operator=
AbstractState & operator=(AbstractState &&rhs)
operator= move constructor
Definition AbstractState.h:142
SVF::AbstractState::lessThanVarToValMap
static bool lessThanVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:343
SVF::AbstractState::load
virtual AbstractValue & load(u32_t addr)
Definition AbstractState.h:307
SVF::AbstractState::AbstractState
AbstractState(VarToAbsValMap &_varToValMap, AddrToAbsValMap &_locToValMap)
Definition AbstractState.h:73
SVF::AbstractState::getByteOffset
IntervalValue getByteOffset(const GepStmt *gep)
Definition AbstractState.cpp:298
SVF::AbstractState::loadValue
AbstractValue loadValue(NodeID varId)
Definition AbstractState.cpp:365
SVF::AbstractState::inVarToAddrsTable
bool inVarToAddrsTable(u32_t id) const
whether the variable is in varToAddrs table
Definition AbstractState.h:208
SVF::AbstractState::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AbstractState.h:102
SVF::AbstractState::operator[]
virtual AbstractValue & operator[](u32_t varId)
get abstract value of variable
Definition AbstractState.h:196
SVF::AbstractState::narrowing
AbstractState narrowing(const AbstractState &other)
domain narrow with other, and return the narrowed domain
Definition AbstractState.cpp:80
SVF::AbstractState::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AbstractState.h:114
SVF::AbstractState::AbstractState
AbstractState()
default constructor
Definition AbstractState.h:69
SVF::AbstractState::isNullPtr
static bool isNullPtr(u32_t addr)
Definition AbstractState.h:119
SVF::AbstractState::inVarToValTable
virtual bool inVarToValTable(u32_t id) const
whether the variable is in varToVal table
Definition AbstractState.h:221
SVF::AbstractState::VarToAbsValMap
Map< u32_t, AbstractValue > VarToAbsValMap
Definition AbstractState.h:63
SVF::AbstractState::~AbstractState
virtual ~AbstractState()=default
SVF::AbstractState::AddrToAbsValMap
VarToAbsValMap AddrToAbsValMap
Definition AbstractState.h:65
SVF::AbstractState::top
AbstractState top() const
Set all value top.
Definition AbstractState.h:165
SVF::AbstractState::operator==
bool operator==(const AbstractState &rhs) const
Definition AbstractState.h:373
SVF::AbstractState::operator=
AbstractState & operator=(const AbstractState &rhs)
Definition AbstractState.h:124
SVF::AbstractState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AbstractState.h:108
SVF::AbstractState::storeValue
void storeValue(NodeID varId, AbstractValue val)
Definition AbstractState.cpp:375
SVF::AbstractState::eqVarToValMap
static bool eqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:326
SVF::AbstractState::meetWith
void meetWith(const AbstractState &other)
domain meet with other, important! other widen this.
Definition AbstractState.cpp:133
SVF::AbstractState::operator<
bool operator<(const AbstractState &rhs) const
Definition AbstractState.h:384
SVF::AbstractState::getGepObjAddrs
AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset)
Definition AbstractState.cpp:156
SVF::AbstractState::sliceState
AbstractState sliceState(Set< u32_t > &sl)
Copy some values and return a new IntervalExeState.
Definition AbstractState.h:177
SVF::AbstractState::initObjVar
void initObjVar(ObjVar *objVar)
Definition AbstractState.cpp:179
SVF::AbstractState::widening
AbstractState widening(const AbstractState &other)
domain widen with other, and return the widened domain
Definition AbstractState.cpp:59
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AddressValue.h:226
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AddressValue.h:212
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AddressValue.h:220
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:55
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:46
Generated by doxygen 1.9.8