SVF-doxygen/html/AbstractState_8h_source.html

//===- AbstractExeState.h ----Interval Domain-------------------------//

//

//                     SVF: Static Value-Flow Analysis

//

// Copyright (C) <2013-2022>  <Yulei Sui>

//


// This program is free software: you can redistribute it and/or modify

// it under the terms of the GNU Affero General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.


// This program is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU Affero General Public License for more details.


// You should have received a copy of the GNU Affero General Public License

// along with this program.  If not, see <http://www.gnu.org/licenses/>.

//

//===----------------------------------------------------------------------===//

/*

 * IntervalExeState.h

 *

 *  Created on: Jul 9, 2022

 *      Author: Xiao Cheng, Jiawei Wang

 *

 *                         [-oo,+oo]

 *          /           /            \           \

 *       [-oo,1] ... [-oo,10] ... [-1,+oo] ... [0,+oo]

 *          \           \           /          /

 *           \            [-1,10]            /

 *            \        /         \         /

 *       ...   [-1,1]      ...     [0,10]      ...

 *           \    |    \         /       \    /

 *       ...   [-1,0]    [0,1]    ...     [1,9]  ...

 *           \    |   \    |   \        /

 *       ...  [-1,-1]  [0,0]     [1,1]  ...

 *         \    \        \        /      /

 *                          ⊥

 */

// The implementation is based on

// Xiao Cheng, Jiawei Wang and Yulei Sui. Precise Sparse Abstract Execution via Cross-Domain Interaction.

// 46th International Conference on Software Engineering. (ICSE24)


#ifndef Z3_EXAMPLE_INTERVAL_DOMAIN_H

#define Z3_EXAMPLE_INTERVAL_DOMAIN_H


#include "AE/Core/AbstractValue.h"

#include "AE/Core/IntervalValue.h"

#include "SVFIR/SVFVariables.h"


namespace SVF

{


class AbstractState

{

    friend class SVFIR2AbsState;

    friend class RelationSolver;

public:

    typedef Map<u32_t, AbstractValue> VarToAbsValMap;

    typedef VarToAbsValMap AddrToAbsValMap;


    AbstractState()

    {

    }


    AbstractState(VarToAbsValMap&_varToValMap, AddrToAbsValMap&_locToValMap) : _varToAbsVal(_varToValMap), _addrToAbsVal(_locToValMap) {}


    AbstractState(const AbstractState&rhs) : _varToAbsVal(rhs.getVarToVal()), _addrToAbsVal(rhs.getLocToVal()), _freedAddrs(rhs._freedAddrs)

    {


    }


    virtual ~AbstractState() = default;


    // getGepObjAddrs

    AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset);


    // initObjVar

    void initObjVar(const ObjVar* objVar);

    // getElementIndex

    IntervalValue getElementIndex(const GepStmt* gep);

    // getByteOffset

    IntervalValue getByteOffset(const GepStmt* gep);

    // printAbstractState

    // loadValue

    AbstractValue loadValue(NodeID varId);

    // storeValue

    void storeValue(NodeID varId, AbstractValue val);


    u32_t getAllocaInstByteSize(const AddrStmt *addr);


    static inline u32_t getVirtualMemAddress(u32_t idx)

    {

        return AddressValue::getVirtualMemAddress(idx);

    }


    static inline bool isVirtualMemAddress(u32_t val)

    {

        return AddressValue::isVirtualMemAddress(val);

    }


    inline u32_t getIDFromAddr(u32_t addr) const

    {

        return _freedAddrs.count(addr) ?  AddressValue::getInternalID(BlackHoleObjAddr) : AddressValue::getInternalID(addr);

    }


    AbstractState(AbstractState&&rhs) : _varToAbsVal(std::move(rhs._varToAbsVal)),

        _addrToAbsVal(std::move(rhs._addrToAbsVal)),

        _freedAddrs(std::move(rhs._freedAddrs))

    {


    }


    AbstractState bottom() const

    {

        AbstractState inv = *this;

        for (auto &item: inv._varToAbsVal)

        {

            if (item.second.isInterval())

                item.second.getInterval().set_to_bottom();

        }

        return inv;

    }


    AbstractState top() const

    {

        AbstractState inv = *this;

        for (auto &item: inv._varToAbsVal)

        {

            if (item.second.isInterval())

                item.second.getInterval().set_to_top();

        }

        return inv;

    }


    AbstractState sliceState(Set<u32_t> &sl)

    {

        AbstractState inv;

        for (u32_t id: sl)

            inv._varToAbsVal[id] = _varToAbsVal[id];

        return inv;

    }


    static inline bool isNullMem(u32_t addr)

    {

        return addr == NullMemAddr;

    }


    static inline bool isBlackHoleObjAddr(u32_t addr)

    {

        return addr == BlackHoleObjAddr;

    }


protected:

    VarToAbsValMap _varToAbsVal;

    AddrToAbsValMap _addrToAbsVal;

    Set<NodeID> _freedAddrs;


public:


    inline virtual AbstractValue &operator[](u32_t varId)

    {

        assert(!isVirtualMemAddress(varId) && "varId is a virtual memory address, use load() instead");

        return _varToAbsVal[varId];

    }


    inline virtual const AbstractValue &operator[](u32_t varId) const

    {

        assert(!isVirtualMemAddress(varId) && "varId is a virtual memory address, use load() instead");

        return _varToAbsVal.at(varId);

    }


    inline virtual AbstractValue &load(u32_t addr)

    {

        assert(isVirtualMemAddress(addr) && "not virtual address?");

        u32_t objId = getIDFromAddr(addr);

        return _addrToAbsVal[objId];

    }


    inline virtual const AbstractValue &load(u32_t addr) const

    {

        assert(isVirtualMemAddress(addr) && "not virtual address?");

        u32_t objId = getIDFromAddr(addr);

        return _addrToAbsVal.at(objId);

    }


    inline void store(u32_t addr, const AbstractValue &val)

    {

        assert(isVirtualMemAddress(addr) && "not virtual address?");

        u32_t objId = getIDFromAddr(addr);

        if (isNullMem(addr)) return;

        _addrToAbsVal[objId] = val;

    }


    inline bool inVarToAddrsTable(u32_t id) const

    {

        if (_varToAbsVal.find(id)!= _varToAbsVal.end())

        {

            if (_varToAbsVal.at(id).isAddr())

                return true;

        }

        return false;

    }


    inline virtual bool inVarToValTable(u32_t id) const

    {

        if (_varToAbsVal.find(id) != _varToAbsVal.end())

        {

            if (_varToAbsVal.at(id).isInterval())

                return true;

        }

        return false;

    }


    inline bool inAddrToAddrsTable(u32_t id) const

    {

        if (_addrToAbsVal.find(id)!= _addrToAbsVal.end())

        {

            if (_addrToAbsVal.at(id).isAddr())

            {

                return true;

            }

        }

        return false;

    }


    inline virtual bool inAddrToValTable(u32_t id) const

    {

        if (_addrToAbsVal.find(id) != _addrToAbsVal.end())

        {

            if (_addrToAbsVal.at(id).isInterval())

            {

                return true;

            }

        }

        return false;

    }


    inline const VarToAbsValMap&getVarToVal() const

    {

        return _varToAbsVal;

    }


    inline const AddrToAbsValMap&getLocToVal() const

    {

        return _addrToAbsVal;

    }


    AbstractState widening(const AbstractState&other);


    AbstractState narrowing(const AbstractState&other);


    void joinWith(const AbstractState&other);


    void meetWith(const AbstractState&other);


    void addToFreedAddrs(NodeID addr)

    {

        _freedAddrs.insert(addr);

    }


    bool isFreedMem(u32_t addr) const

    {

        return _freedAddrs.find(addr) != _freedAddrs.end();

    }


    const SVFType* getPointeeElement(NodeID id);


    void printAbstractState() const;


    std::string toString() const;


    u32_t hash() const;


    // lhs == rhs for varToValMap

    bool eqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs) const;

    // lhs >= rhs for varToValMap

    bool geqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs) const;

    // lhs == rhs for AbstractState

    bool equals(const AbstractState&other) const;


    AbstractState&operator=(const AbstractState&rhs)

    {

        if (&rhs != this)

        {

            _varToAbsVal = rhs._varToAbsVal;

            _addrToAbsVal = rhs._addrToAbsVal;

            _freedAddrs = rhs._freedAddrs;

        }

        return *this;

    }


    AbstractState&operator=(AbstractState&&rhs)

    {

        if (&rhs != this)

        {

            _varToAbsVal = std::move(rhs._varToAbsVal);

            _addrToAbsVal = std::move(rhs._addrToAbsVal);

            _freedAddrs = std::move(rhs._freedAddrs);

        }

        return *this;

    }


    bool operator==(const AbstractState&rhs) const

    {

        return  eqVarToValMap(_varToAbsVal, rhs.getVarToVal()) &&

                eqVarToValMap(_addrToAbsVal, rhs.getLocToVal());

    }


    bool operator!=(const AbstractState&rhs) const

    {

        return !(*this == rhs);

    }


    bool operator<(const AbstractState&rhs) const

    {

        return !(*this >= rhs);

    }


    bool operator>=(const AbstractState&rhs) const

    {

        return geqVarToValMap(_varToAbsVal, rhs.getVarToVal()) && geqVarToValMap(_addrToAbsVal, rhs.getLocToVal());

    }


    void clear()

    {

        _addrToAbsVal.clear();

        _varToAbsVal.clear();

        _freedAddrs.clear();

    }


};


}


#endif //Z3_EXAMPLE_INTERVAL_DOMAIN_H

AbstractValue.h

NullMemAddr
#define NullMemAddr
Definition AddressValue.h:38

BlackHoleObjAddr
#define BlackHoleObjAddr
Definition AddressValue.h:36

IntervalValue.h

SVFVariables.h

offset
buffer offset
Definition cJSON.cpp:1113

item
cJSON * item
Definition cJSON.h:222

SVF::AbstractState
Definition AbstractState.h:56

SVF::AbstractState::getLocToVal
const AddrToAbsValMap & getLocToVal() const
get loc2val map
Definition AbstractState.h:264

SVF::AbstractState::getAllocaInstByteSize
u32_t getAllocaInstByteSize(const AddrStmt *addr)
Definition AbstractState.cpp:519

SVF::AbstractState::getVarToVal
const VarToAbsValMap & getVarToVal() const
get var2val map
Definition AbstractState.h:258

SVF::AbstractState::getIDFromAddr
u32_t getIDFromAddr(u32_t addr) const
Return the internal index if addr is an address otherwise return the value of idx.
Definition AbstractState.h:108

SVF::AbstractState::operator>=
bool operator>=(const AbstractState &rhs) const
Definition AbstractState.h:354

SVF::AbstractState::store
void store(u32_t addr, const AbstractValue &val)
Definition AbstractState.h:201

SVF::AbstractState::SVFIR2AbsState
friend class SVFIR2AbsState
Definition AbstractState.h:57

SVF::AbstractState::isNullMem
static bool isNullMem(u32_t addr)
Definition AbstractState.h:154

SVF::AbstractState::bottom
AbstractState bottom() const
Set all value bottom.
Definition AbstractState.h:122

SVF::AbstractState::inAddrToValTable
virtual bool inAddrToValTable(u32_t id) const
whether the memory address stores abstract value
Definition AbstractState.h:245

SVF::AbstractState::toString
std::string toString() const
Definition AbstractState.cpp:471

SVF::AbstractState::printAbstractState
void printAbstractState() const
Definition AbstractState.cpp:389

SVF::AbstractState::inAddrToAddrsTable
bool inAddrToAddrsTable(u32_t id) const
whether the memory address stores memory addresses
Definition AbstractState.h:232

SVF::AbstractState::hash
u32_t hash() const
Definition AbstractState.cpp:42

SVF::AbstractState::load
virtual const AbstractValue & load(u32_t addr) const
Definition AbstractState.h:194

SVF::AbstractState::joinWith
void joinWith(const AbstractState &other)
domain join with other, important! other widen this.
Definition AbstractState.cpp:102

SVF::AbstractState::isBlackHoleObjAddr
static bool isBlackHoleObjAddr(u32_t addr)
Definition AbstractState.h:159

SVF::AbstractState::clear
void clear()
Definition AbstractState.h:359

SVF::AbstractState::eqVarToValMap
bool eqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs) const
Definition AbstractState.cpp:552

SVF::AbstractState::AbstractState
AbstractState(const AbstractState &rhs)
copy constructor
Definition AbstractState.h:70

SVF::AbstractState::operator!=
bool operator!=(const AbstractState &rhs) const
Definition AbstractState.h:344

SVF::AbstractState::operator[]
virtual const AbstractValue & operator[](u32_t varId) const
get abstract value of variable
Definition AbstractState.h:181

SVF::AbstractState::getElementIndex
IntervalValue getElementIndex(const GepStmt *gep)
Definition AbstractState.cpp:231

SVF::AbstractState::equals
bool equals(const AbstractState &other) const
Definition AbstractState.cpp:37

SVF::AbstractState::geqVarToValMap
bool geqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs) const
Definition AbstractState.cpp:566

SVF::AbstractState::AbstractState
AbstractState(AbstractState &&rhs)
move constructor
Definition AbstractState.h:114

SVF::AbstractState::_varToAbsVal
VarToAbsValMap _varToAbsVal
Map a variable (symbol) to its abstract value.
Definition AbstractState.h:166

SVF::AbstractState::isFreedMem
bool isFreedMem(u32_t addr) const
Definition AbstractState.h:286

SVF::AbstractState::_freedAddrs
Set< NodeID > _freedAddrs
Definition AbstractState.h:168

SVF::AbstractState::initObjVar
void initObjVar(const ObjVar *objVar)
Definition AbstractState.cpp:185

SVF::AbstractState::_addrToAbsVal
AddrToAbsValMap _addrToAbsVal
Map a memory address to its stored abstract value.
Definition AbstractState.h:167

SVF::AbstractState::getPointeeElement
const SVFType * getPointeeElement(NodeID id)
Definition AbstractState.cpp:498

SVF::AbstractState::operator=
AbstractState & operator=(AbstractState &&rhs)
operator= move constructor
Definition AbstractState.h:327

SVF::AbstractState::load
virtual AbstractValue & load(u32_t addr)
Definition AbstractState.h:187

SVF::AbstractState::AbstractState
AbstractState(VarToAbsValMap &_varToValMap, AddrToAbsValMap &_locToValMap)
Definition AbstractState.h:67

SVF::AbstractState::getByteOffset
IntervalValue getByteOffset(const GepStmt *gep)
Definition AbstractState.cpp:304

SVF::AbstractState::loadValue
AbstractValue loadValue(NodeID varId)
Definition AbstractState.cpp:371

SVF::AbstractState::inVarToAddrsTable
bool inVarToAddrsTable(u32_t id) const
whether the variable is in varToAddrs table
Definition AbstractState.h:210

SVF::AbstractState::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AbstractState.h:96

SVF::AbstractState::operator[]
virtual AbstractValue & operator[](u32_t varId)
get abstract value of variable
Definition AbstractState.h:174

SVF::AbstractState::narrowing
AbstractState narrowing(const AbstractState &other)
domain narrow with other, and return the narrowed domain
Definition AbstractState.cpp:80

SVF::AbstractState::AbstractState
AbstractState()
default constructor
Definition AbstractState.h:63

SVF::AbstractState::addToFreedAddrs
void addToFreedAddrs(NodeID addr)
Definition AbstractState.h:281

SVF::AbstractState::inVarToValTable
virtual bool inVarToValTable(u32_t id) const
whether the variable is in varToVal table
Definition AbstractState.h:221

SVF::AbstractState::VarToAbsValMap
Map< u32_t, AbstractValue > VarToAbsValMap
Definition AbstractState.h:60

SVF::AbstractState::~AbstractState
virtual ~AbstractState()=default

SVF::AbstractState::AddrToAbsValMap
VarToAbsValMap AddrToAbsValMap
Definition AbstractState.h:61

SVF::AbstractState::top
AbstractState top() const
Set all value top.
Definition AbstractState.h:134

SVF::AbstractState::operator==
bool operator==(const AbstractState &rhs) const
Definition AbstractState.h:338

SVF::AbstractState::operator=
AbstractState & operator=(const AbstractState &rhs)
Assignment operator.
Definition AbstractState.h:315

SVF::AbstractState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AbstractState.h:102

SVF::AbstractState::storeValue
void storeValue(NodeID varId, AbstractValue val)
Definition AbstractState.cpp:381

SVF::AbstractState::meetWith
void meetWith(const AbstractState &other)
domain meet with other, important! other widen this.
Definition AbstractState.cpp:134

SVF::AbstractState::operator<
bool operator<(const AbstractState &rhs) const
Definition AbstractState.h:349

SVF::AbstractState::getGepObjAddrs
AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset)
Definition AbstractState.cpp:162

SVF::AbstractState::sliceState
AbstractState sliceState(Set< u32_t > &sl)
Copy some values and return a new IntervalExeState.
Definition AbstractState.h:146

SVF::AbstractState::widening
AbstractState widening(const AbstractState &other)
domain widen with other, and return the widened domain
Definition AbstractState.cpp:59

SVF::AbstractValue
Definition AbstractValue.h:35

SVF::AddrStmt
Definition SVFStatements.h:382

SVF::AddressValue
Definition AddressValue.h:48

SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AddressValue.h:57

SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AddressValue.h:210

SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AddressValue.h:218

SVF::GepStmt
Definition SVFStatements.h:611

SVF::IntervalValue
Definition IntervalValue.h:46

SVF::ObjVar
Definition SVFVariables.h:318

SVF::RelationSolver
Definition RelationSolver.h:39

SVF::SVFType
Definition SVFType.h:184

SVF
for isBitcode
Definition BasicTypes.h:68

SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47