Static Value-Flow Analysis
Loading...
Searching...
No Matches
CDGBuilder.cpp
Go to the documentation of this file.
1//===----- CDGBuilder.cpp -- Control Dependence Graph Builder -------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22
23/*
24 * CDGBuilder.cpp
25 *
26 * Created on: Sep 27, 2023
27 * Author: Xiao Cheng
28 */
29#include "Util/CDGBuilder.h"
30#include "Graphs/CallGraph.h"
31
32using namespace SVF;
33using namespace SVFUtil;
34
35void CDGBuilder::dfsNodesBetweenPdomNodes(const SVFBasicBlock *cur,
36 const SVFBasicBlock *tgt,
37 std::vector<const SVFBasicBlock *> &path,
38 std::vector<const SVFBasicBlock *> &tgtNodes,
39 SVFLoopAndDomInfo *ld)
40{
41 path.push_back(cur);
42 if (cur == tgt)
43 {
44 tgtNodes.insert(tgtNodes.end(), path.begin() + 1, path.end());
45 }
46 else
47 {
48 auto it = ld->getPostDomTreeMap().find(cur);
49 for (const auto &nxt: it->second)
50 {
51 dfsNodesBetweenPdomNodes(nxt, tgt, path, tgtNodes, ld);
52 }
53 }
54 path.pop_back();
55}
56
64void
65CDGBuilder::extractNodesBetweenPdomNodes(const SVFBasicBlock *succ, const SVFBasicBlock *LCA,
66 std::vector<const SVFBasicBlock *> &tgtNodes)
67{
68 if (succ == LCA) return;
69 std::vector<const SVFBasicBlock *> path;
70 SVFLoopAndDomInfo *ld = const_cast<FunObjVar *>(LCA->getFunction())->getLoopAndDomInfo();
71 dfsNodesBetweenPdomNodes(LCA, succ, path, tgtNodes, ld);
72}
73
84
85
86s64_t CDGBuilder::getBBSuccessorBranchID(const SVFBasicBlock *BB, const SVFBasicBlock *Succ)
87{
88 ICFG *icfg = PAG::getPAG()->getICFG();
89 assert(!BB->getICFGNodeList().empty() && "empty bb?");
90 const ICFGNode *pred = BB->back();
91 if (const CallICFGNode* callNode = dyn_cast<CallICFGNode>(pred))
92 {
93 // not a branch statement:
94 // invoke void %3(ptr noundef nonnull align 8 dereferenceable(8) %1, ptr noundef %2)
95 // to label %invoke.cont1 unwind label %lpad
96 pred = callNode->getRetICFGNode();
97 }
98 const ICFGEdge *edge = icfg->getICFGEdge(pred, Succ->front(), ICFGEdge::ICFGEdgeK::IntraCF);
99 if (const IntraCFGEdge *intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
100 {
101 if(intraEdge->getCondition())
102 return intraEdge->getSuccessorCondValue();
103 else
104 return 0;
105 }
106 else
107 {
108 assert(false && "not intra edge?");
109 abort();
110 }
111}
112
123void CDGBuilder::buildControlDependence()
124{
125 CallGraph* svfirCallGraph = PAG::getPAG()->getCallGraph();
126 for (const auto& item: *svfirCallGraph)
127 {
128 const FunObjVar *svfFun = (item.second)->getFunction();
129 if (SVFUtil::isExtCall(svfFun)) continue;
130 // extract basic block edges to be processed
131 Map<const SVFBasicBlock *, std::vector<const SVFBasicBlock *>> BBS;
132 extractBBS(svfFun, BBS);
133
134 for (const auto &item: BBS)
135 {
136 const SVFBasicBlock *pred = item.first;
137 // for each bb pair
138 for (const SVFBasicBlock *succ: item.second)
139 {
140 const SVFBasicBlock *SVFLCA = const_cast<FunObjVar *>(svfFun)->
141 getLoopAndDomInfo()->findNearestCommonPDominator(pred, succ);
142 std::vector<const SVFBasicBlock *> tgtNodes;
143 // no common ancestor, may be exit()
144 if (SVFLCA == NULL)
145 tgtNodes.push_back(succ);
146 else
147 {
148 if (SVFLCA == pred) tgtNodes.push_back(SVFLCA);
149 // from succ to LCA
150 extractNodesBetweenPdomNodes(succ, SVFLCA, tgtNodes);
151 }
152
153 s64_t pos = getBBSuccessorBranchID(pred, succ);
154 for (const SVFBasicBlock *bb: tgtNodes)
155 {
156 updateMap(pred, bb, pos);
157 }
158 }
159 }
160 }
161}
162
163
170void CDGBuilder::extractBBS(const SVF::FunObjVar *func,
171 Map<const SVF::SVFBasicBlock *, std::vector<const SVFBasicBlock *>> &res)
172{
173 for (const auto &it: *func)
174 {
175 const SVFBasicBlock* bb = it.second;
176 for (const auto &succ: bb->getSuccessors())
177 {
178 if (func->postDominate(succ, bb))
179 continue;
180 res[bb].push_back(succ);
181 }
182 }
183}
184
188void CDGBuilder::buildICFGNodeControlMap()
189{
190 for (const auto &it: _svfcontrolMap)
191 {
192 for (const auto &it2: it.second)
193 {
194 const SVFBasicBlock *controllingBB = it2.first;
195 const ICFGNode *controlNode = it.first->getICFGNodeList().back();
196 if (const CallICFGNode* callNode =
197 SVFUtil::dyn_cast<CallICFGNode>(controlNode))
198 {
199 // not a branch statement:
200 // invoke void %3(ptr noundef nonnull align 8 dereferenceable(8) %1, ptr noundef %2)
201 // to label %invoke.cont1 unwind label %lpad
202 controlNode = callNode->getRetICFGNode();
203 }
204 if (!controlNode) continue;
205 // controlNode control at pos
206 for (const auto &controllee: controllingBB->getICFGNodeList())
207 {
208 _nodeControlMap[controlNode][controllee].insert(it2.second.begin(), it2.second.end());
209 _nodeDependentOnMap[controllee][controlNode].insert(it2.second.begin(), it2.second.end());
210 for (s32_t pos: it2.second)
211 {
212 if (const IntraICFGNode* intraNode =
213 dyn_cast<IntraICFGNode>(controlNode))
214 {
215 assert(intraNode->getSVFStmts().size() == 1 &&
216 "not a branch stmt?");
217 const SVFVar* condition =
218 SVFUtil::cast<BranchStmt>(
219 intraNode->getSVFStmts().front())
220 ->getCondition();
221 _controlDG->addCDGEdgeFromSrcDst(controlNode, controllee,
222 condition,
223 pos);
224 }
225 else
226 {
227 // not a branch statement:
228 // invoke void %3(ptr noundef nonnull align 8 dereferenceable(8) %1, ptr noundef %2)
229 // to label %invoke.cont1 unwind label %lpad
230 SVFIR* pag = PAG::getPAG();
231 _controlDG->addCDGEdgeFromSrcDst(
232 controlNode, controllee,
233 pag->getGNode(pag->getNullPtr()), pos);
234 }
235
236 }
237 }
238 }
239 }
240}
item
cJSON * item
Definition cJSON.h:222
SVF::CDGBuilder::buildControlDependence
void buildControlDependence()
build control dependence for each function
Definition CDGBuilder.cpp:123
SVF::CDGBuilder::_nodeControlMap
Map< const ICFGNode *, Map< const ICFGNode *, Set< s32_t > > > _nodeControlMap
map an ICFG node to its controlling ICFG nodes (position, set of Nodes)
Definition CDGBuilder.h:101
SVF::CDGBuilder::extractBBS
static void extractBBS(const FunObjVar *func, Map< const SVFBasicBlock *, std::vector< const SVFBasicBlock * > > &res)
extract basic block edges to be processed
Definition CDGBuilder.cpp:170
SVF::CDGBuilder::updateMap
void updateMap(const SVFBasicBlock *pred, const SVFBasicBlock *bb, s32_t pos)
update map
Definition CDGBuilder.h:90
SVF::CDGBuilder::extractNodesBetweenPdomNodes
void extractNodesBetweenPdomNodes(const SVFBasicBlock *succ, const SVFBasicBlock *LCA, std::vector< const SVFBasicBlock * > &tgtNodes)
extract nodes between two nodes in pdom tree
Definition CDGBuilder.cpp:65
SVF::CDGBuilder::dfsNodesBetweenPdomNodes
void dfsNodesBetweenPdomNodes(const SVFBasicBlock *cur, const SVFBasicBlock *tgt, std::vector< const SVFBasicBlock * > &path, std::vector< const SVFBasicBlock * > &tgtNodes, SVFLoopAndDomInfo *ld)
Definition CDGBuilder.cpp:35
SVF::CDGBuilder::_svfcontrolMap
Map< const SVFBasicBlock *, Map< const SVFBasicBlock *, Set< s32_t > > > _svfcontrolMap
map a basicblock to its controlling BBs (position, set of BBs)
Definition CDGBuilder.h:99
SVF::CDGBuilder::buildICFGNodeControlMap
void buildICFGNodeControlMap()
build map at icfg node level
Definition CDGBuilder.cpp:188
SVF::CDGBuilder::_nodeDependentOnMap
Map< const ICFGNode *, Map< const ICFGNode *, Set< s32_t > > > _nodeDependentOnMap
map an ICFG node to its dependent on ICFG nodes (position, set of Nodes)
Definition CDGBuilder.h:102
SVF::CDGBuilder::build
void build()
start here
Definition CDGBuilder.cpp:77
SVF::CDGBuilder::getBBSuccessorBranchID
s64_t getBBSuccessorBranchID(const SVFBasicBlock *BB, const SVFBasicBlock *Succ)
Definition CDGBuilder.cpp:86
SVF::CDG::addCDGEdgeFromSrcDst
void addCDGEdgeFromSrcDst(const ICFGNode *src, const ICFGNode *dst, const SVFVar *pNode, s32_t branchID)
Add CDG edges from nodeid pair.
Definition CDG.cpp:35
SVF::GenericGraph::getTotalNodeNum
u32_t getTotalNodeNum() const
Get total number of node/edge.
Definition GenericGraph.h:430
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:403
SVF::ICFG::getICFGEdge
ICFGEdge * getICFGEdge(const ICFGNode *src, const ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Get a SVFG edge according to src and dst.
Definition ICFG.cpp:311
SVF::IRGraph::getNullPtr
NodeID getNullPtr() const
Definition IRGraph.h:259
SVF::SVFBasicBlock::getSuccessors
std::vector< const SVFBasicBlock * > getSuccessors() const
Definition BasicBlockG.h:215
SVF::SVFIR::getCallGraph
CallGraph * getCallGraph()
Definition SVFIR.h:184
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:163
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
NULL
#define NULL
Definition extapi.c:2
SVF::SVFUtil::isExtCall
bool isExtCall(const FunObjVar *fun)
Definition SVFUtil.cpp:437
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::Map
std::unordered_map< Key, Value, Hash, KeyEqual, Allocator > Map
Definition GeneralType.h:101
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::s32_t
signed s32_t
Definition GeneralType.h:48
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50
Generated by doxygen 1.9.8