SVF-doxygen/html/CFLAlias_8cpp_source.html

//===----- CFLAlias.cpp -- CFL Alias Analysis Client--------------//

//

//                     SVF: Static Value-Flow Analysis

//

// Copyright (C) <2013->  <Yulei Sui>

//


// This program is free software: you can redistribute it and/or modify

// it under the terms of the GNU Affero General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.


// This program is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU Affero General Public License for more details.


// You should have received a copy of the GNU Affero General Public License

// along with this program.  If not, see <http://www.gnu.org/licenses/>.

//

//===----------------------------------------------------------------------===//


/*

 * CFLAlias.cpp

 *

 *  Created on: June 27 , 2022

 *      Author: Pei Xu

 */


#include "CFL/CFLAlias.h"

using namespace SVF;

using namespace SVFUtil;


void CFLAlias::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites, CallEdgeMap& newEdges)

{

    for(CallSiteToFunPtrMap::const_iterator iter = callsites.begin(), eiter = callsites.end(); iter!=eiter; ++iter)

    {

        const CallICFGNode* cs = iter->first;


        if (cs->isVirtualCall())

        {

            const SVFVar* vtbl = cs->getVtablePtr();


            assert(vtbl != nullptr);

            NodeID vtblId = vtbl->getId();

            resolveCPPIndCalls(cs, getCFLPts(vtblId), newEdges);

        }

        else

            resolveIndCalls(iter->first,getCFLPts(iter->second),newEdges);

    }

}


void CFLAlias::connectCaller2CalleeParams(const CallICFGNode* cs, const FunObjVar* F)

{

    assert(F);


    DBOUT(DAndersen, outs() << "connect parameters from indirect callsite " << cs->toString() << " to callee " << *F << "\n");


    const CallICFGNode* callBlockNode = cs;

    const RetICFGNode* retBlockNode = cs->getRetICFGNode();


    if(SVFUtil::isHeapAllocExtFunViaRet(F) && svfir->callsiteHasRet(retBlockNode))

    {

        heapAllocatorViaIndCall(cs);

    }


    if (svfir->funHasRet(F) && svfir->callsiteHasRet(retBlockNode))

    {

        const PAGNode* cs_return = svfir->getCallSiteRet(retBlockNode);

        const PAGNode* fun_return = svfir->getFunRet(F);

        if (cs_return->isPointer() && fun_return->isPointer())

        {

            NodeID dstrec = cs_return->getId();

            NodeID srcret = fun_return->getId();

            addCopyEdge(srcret, dstrec);

        }

        else

        {

            DBOUT(DAndersen, outs() << "not a pointer ignored\n");

        }

    }


    if (svfir->hasCallSiteArgsMap(callBlockNode) && svfir->hasFunArgsList(F))

    {


        // connect actual and formal param

        const SVFIR::SVFVarList& csArgList = svfir->getCallSiteArgsList(callBlockNode);

        const SVFIR::SVFVarList& funArgList = svfir->getFunArgsList(F);

        //Go through the fixed parameters.

        DBOUT(DPAGBuild, outs() << "      args:");

        SVFIR::SVFVarList::const_iterator funArgIt = funArgList.begin(), funArgEit = funArgList.end();

        SVFIR::SVFVarList::const_iterator csArgIt  = csArgList.begin(), csArgEit = csArgList.end();

        for (; funArgIt != funArgEit; ++csArgIt, ++funArgIt)

        {

            //Some programs (e.g. Linux kernel) leave unneeded parameters empty.

            if (csArgIt  == csArgEit)

            {

                DBOUT(DAndersen, outs() << " !! not enough args\n");

                break;

            }

            const PAGNode *cs_arg = *csArgIt ;

            const PAGNode *fun_arg = *funArgIt;


            if (cs_arg->isPointer() && fun_arg->isPointer())

            {

                DBOUT(DAndersen, outs() << "process actual parm  " << cs_arg->toString() << " \n");

                NodeID srcAA = cs_arg->getId();

                NodeID dstFA = fun_arg->getId();

                addCopyEdge(srcAA, dstFA);

            }

        }


        //Any remaining actual args must be varargs.

        if (F->isVarArg())

        {

            NodeID vaF = svfir->getVarargNode(F);

            DBOUT(DPAGBuild, outs() << "\n      varargs:");

            for (; csArgIt != csArgEit; ++csArgIt)

            {

                const PAGNode *cs_arg = *csArgIt;

                if (cs_arg->isPointer())

                {

                    NodeID vnAA = cs_arg->getId();

                    addCopyEdge(vnAA,vaF);

                }

            }

        }

        if(csArgIt != csArgEit)

        {

            writeWrnMsg("too many args to non-vararg func.");

            writeWrnMsg("(" + cs->getSourceLoc() + ")");

        }

    }

}


void CFLAlias::heapAllocatorViaIndCall(const CallICFGNode* cs)

{

    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");

    const RetICFGNode* retBlockNode = cs->getRetICFGNode();

    const PAGNode* cs_return = svfir->getCallSiteRet(retBlockNode);

    NodeID srcret;

    CallSite2DummyValPN::const_iterator it = callsite2DummyValPN.find(cs);

    if(it != callsite2DummyValPN.end())

    {

        srcret = it->second;

    }

    else

    {

        NodeID valNode = svfir->addDummyValNode();

        NodeID objNode = svfir->addDummyObjNode(cs->getType());

        callsite2DummyValPN.insert(std::make_pair(cs,valNode));

        graph->addCFLNode(valNode, new CFLNode(valNode));

        graph->addCFLNode(objNode, new CFLNode(objNode));

        srcret = valNode;

    }


    NodeID dstrec = cs_return->getId();

    addCopyEdge(srcret, dstrec);

}


bool CFLAlias::updateCallGraph(const CallSiteToFunPtrMap& callsites)

{

    CallEdgeMap newEdges;

    onTheFlyCallGraphSolve(callsites,newEdges);

    for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )

    {

        for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)

        {

            connectCaller2CalleeParams(it->first,*cit);

        }

    }


    return (!solver->isWorklistEmpty());

}


void CFLAlias::initialize()

{

    stat = new CFLStat(this);


    // Parameter Checking

    checkParameter();


    // Build CFL Grammar

    buildCFLGrammar();


    // Build CFL Graph

    buildCFLGraph();


    // Normalize CFL Grammar

    normalizeCFLGrammar();


    // Initialize solver

    initializeSolver();

}


void CFLAlias::initializeSolver()

{

    solver = new CFLSolver(graph, grammar);

}


void CFLAlias::finalize()

{

    numOfChecks = solver->numOfChecks;


    if(Options::PrintCFL() == true)

    {

        if (Options::CFLGraph().empty())

            svfir->dump("IR");

        grammar->dump("Grammar");

        graph->dump("CFLGraph");

    }

    if (Options::CFLGraph().empty())

        PointerAnalysis::finalize();

}


void CFLAlias::solve()

{

    // Start solving

    double start = stat->getClk(true);


    solver->solve();

    if (Options::CFLGraph().empty())

    {

        while (updateCallGraph(svfir->getIndirectCallsites()))

        {

            numOfIteration++;

            solver->solve();

        }

    } // Only cflgraph built from bc could reanalyze by update call graph


    double end = stat->getClk(true);

    timeOfSolving += (end - start) / TIMEINTERVAL;

}


void POCRAlias::initializeSolver()

{

    solver = new POCRSolver(graph, grammar);

}


void POCRHybrid::initializeSolver()

{

    solver = new POCRHybridSolver(graph, grammar);

}


CFLAlias.h

DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:498

TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:526

DPAGBuild
#define DPAGBuild
Definition SVFType.h:506

DAndersen
#define DAndersen
Definition SVFType.h:517

SVF::CFGrammar::dump
void dump() const
Definition CFGrammar.cpp:346

SVF::CFLAlias::connectCaller2CalleeParams
void connectCaller2CalleeParams(const CallICFGNode *cs, const FunObjVar *F)
Connect formal and actual parameters for indirect callsites.
Definition CFLAlias.cpp:62

SVF::CFLAlias::finalize
virtual void finalize()
Print grammar and graph.
Definition CFLAlias.cpp:213

SVF::CFLAlias::addCopyEdge
virtual bool addCopyEdge(NodeID src, NodeID dst)
Need Original one for virtual table.
Definition CFLAlias.h:110

SVF::CFLAlias::onTheFlyCallGraphSolve
virtual void onTheFlyCallGraphSolve(const CallSiteToFunPtrMap &callsites, CallEdgeMap &newEdges)
On the fly call graph construction.
Definition CFLAlias.cpp:39

SVF::CFLAlias::initializeSolver
virtual void initializeSolver()
Initialize Solver.
Definition CFLAlias.cpp:208

SVF::CFLAlias::heapAllocatorViaIndCall
void heapAllocatorViaIndCall(const CallICFGNode *cs)
Definition CFLAlias.cpp:145

SVF::CFLAlias::solve
virtual void solve()
Solving CFL Reachability.
Definition CFLAlias.cpp:228

SVF::CFLAlias::getCFLPts
virtual const PointsTo & getCFLPts(NodeID ptr)
Get points-to targets of a pointer. V In this context.
Definition CFLAlias.h:74

SVF::CFLAlias::updateCallGraph
virtual bool updateCallGraph(const CallSiteToFunPtrMap &callsites)
Update call graph for the input indirect callsites.
Definition CFLAlias.cpp:173

SVF::CFLAlias::callsite2DummyValPN
CallSite2DummyValPN callsite2DummyValPN
Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocat...
Definition CFLAlias.h:143

SVF::CFLAlias::initialize
virtual void initialize()
Initialize the grammar, graph, solver.
Definition CFLAlias.cpp:188

SVF::CFLBase::buildCFLGraph
virtual void buildCFLGraph()
Build CFLGraph based on Option.
Definition CFLBase.cpp:78

SVF::CFLBase::solver
CFLSolver * solver
Definition CFLBase.h:113

SVF::CFLBase::normalizeCFLGrammar
virtual void normalizeCFLGrammar()
Normalize grammar.
Definition CFLBase.cpp:105

SVF::CFLBase::numOfChecks
static double numOfChecks
Definition CFLBase.h:104

SVF::CFLBase::checkParameter
virtual void checkParameter()
Parameter Checking.
Definition CFLBase.cpp:49

SVF::CFLBase::buildCFLGrammar
virtual void buildCFLGrammar()
Build Grammar from text file.
Definition CFLBase.cpp:65

SVF::CFLBase::graph
CFLGraph * graph
Definition CFLBase.h:110

SVF::CFLBase::timeOfSolving
static double timeOfSolving
Definition CFLBase.h:105

SVF::CFLBase::grammar
CFGrammar * grammar
Definition CFLBase.h:112

SVF::CFLBase::svfir
SVFIR * svfir
Definition CFLBase.h:109

SVF::CFLBase::numOfIteration
static double numOfIteration
Definition CFLBase.h:103

SVF::CFLGraph::addCFLNode
virtual void addCFLNode(NodeID id, CFLNode *node)
Definition CFLGraph.cpp:42

SVF::CFLGraph::dump
void dump(const std::string &filename)
Definition CFLGraph.cpp:73

SVF::CFLNode
Definition CFLGraph.h:76

SVF::CFLSolver
Definition CFLSolver.h:44

SVF::CFLSolver::solve
virtual void solve()
Start solving.
Definition CFLSolver.cpp:119

SVF::CFLSolver::numOfChecks
static double numOfChecks
Definition CFLSolver.h:52

SVF::CFLSolver::isWorklistEmpty
virtual bool isWorklistEmpty()
Definition CFLSolver.h:88

SVF::CFLStat
Definition CFLStat.h:45

SVF::CallICFGNode
Definition ICFGNode.h:417

SVF::CallICFGNode::toString
const std::string toString() const override
Definition ICFG.cpp:139

SVF::CallICFGNode::getVtablePtr
const SVFVar * getVtablePtr() const
Definition ICFGNode.h:531

SVF::CallICFGNode::getCalledFunction
const FunObjVar * getCalledFunction() const
Definition ICFGNode.h:512

SVF::CallICFGNode::getRetICFGNode
const RetICFGNode * getRetICFGNode() const
Return callsite.
Definition ICFGNode.h:451

SVF::CallICFGNode::getSourceLoc
const std::string getSourceLoc() const override
Definition ICFGNode.h:582

SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition ICFGNode.h:521

SVF::FunObjVar
Definition SVFVariables.h:954

SVF::FunObjVar::isVarArg
bool isVarArg() const
Definition SVFVariables.h:1056

SVF::IRGraph::dump
void dump(std::string name)
Dump SVFIR.
Definition IRGraph.cpp:310

SVF::IRGraph::getVarargNode
NodeID getVarargNode(const FunObjVar *func) const
getVarargNode - Return the unique node representing the variadic argument of a variadic function.
Definition IRGraph.cpp:67

SVF::Options::CFLGraph
static const Option< std::string > CFLGraph
Definition Options.h:232

SVF::Options::PrintCFL
static const Option< bool > PrintCFL
Definition Options.h:233

SVF::POCRAlias::initializeSolver
virtual void initializeSolver()
Initialize POCR Solver.
Definition CFLAlias.cpp:247

SVF::POCRHybridSolver
Solver Utilize Hybrid Representation of Graph.
Definition CFLSolver.h:295

SVF::POCRHybrid::initializeSolver
virtual void initializeSolver()
Initialize POCRHybrid Solver.
Definition CFLAlias.cpp:252

SVF::POCRSolver
Solver Utilize CFLData.
Definition CFLSolver.h:117

SVF::PointerAnalysis::finalize
virtual void finalize()
Finalization of a pointer analysis, including checking alias correctness.
Definition PointerAnalysis.cpp:176

SVF::PointerAnalysis::CallEdgeMap
OrderedMap< const CallICFGNode *, FunctionSet > CallEdgeMap
Definition PointerAnalysis.h:104

SVF::PointerAnalysis::stat
PTAStat * stat
Statistics.
Definition PointerAnalysis.h:146

SVF::PointerAnalysis::resolveIndCalls
virtual void resolveIndCalls(const CallICFGNode *cs, const PointsTo &target, CallEdgeMap &newEdges)
Resolve indirect call edges.
Definition PointerAnalysis.cpp:375

SVF::PointerAnalysis::resolveCPPIndCalls
virtual void resolveCPPIndCalls(const CallICFGNode *cs, const PointsTo &target, CallEdgeMap &newEdges)
Resolve cpp indirect call edges.
Definition PointerAnalysis.cpp:487

SVF::PointerAnalysis::CallSiteToFunPtrMap
SVFIR::CallSiteToFunPtrMap CallSiteToFunPtrMap
Definition PointerAnalysis.h:102

SVF::RetICFGNode
Definition ICFGNode.h:593

SVF::SVFIR::funHasRet
bool funHasRet(const FunObjVar *func) const
Definition SVFIR.h:354

SVF::SVFIR::hasFunArgsList
bool hasFunArgsList(const FunObjVar *func) const
Function has arguments list.
Definition SVFIR.h:293

SVF::SVFIR::SVFVarList
std::vector< const SVFVar * > SVFVarList
Definition SVFIR.h:58

SVF::SVFIR::hasCallSiteArgsMap
bool hasCallSiteArgsMap(const CallICFGNode *cs) const
Callsite has argument list.
Definition SVFIR.h:310

SVF::SVFIR::getIndirectCallsites
const CallSiteToFunPtrMap & getIndirectCallsites() const
Add/get indirect callsites.
Definition SVFIR.h:378

SVF::SVFIR::callsiteHasRet
bool callsiteHasRet(const RetICFGNode *cs) const
Definition SVFIR.h:338

SVF::SVFIR::addDummyValNode
NodeID addDummyValNode()
Definition SVFIR.h:491

SVF::SVFIR::getCallSiteArgsList
const SVFVarList & getCallSiteArgsList(const CallICFGNode *cs) const
Get callsite argument list.
Definition SVFIR.h:320

SVF::SVFIR::getCallSiteRet
const SVFVar * getCallSiteRet(const RetICFGNode *cs) const
Get callsite return.
Definition SVFIR.h:332

SVF::SVFIR::getFunArgsList
const SVFVarList & getFunArgsList(const FunObjVar *func) const
Get function arguments list.
Definition SVFIR.h:303

SVF::SVFIR::getFunRet
const SVFVar * getFunRet(const FunObjVar *func) const
Get function return list.
Definition SVFIR.h:348

SVF::SVFIR::addDummyObjNode
NodeID addDummyObjNode(const SVFType *type)
Definition SVFIR.h:495

SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48

SVF::SVFValue::getId
NodeID getId() const
Get ID.
Definition SVFValue.h:158

SVF::SVFValue::getType
virtual const SVFType * getType() const
Definition SVFValue.h:169

SVF::SVFVar
Definition SVFVariables.h:47

SVF::SVFUtil::isHeapAllocExtFunViaRet
bool isHeapAllocExtFunViaRet(const FunObjVar *fun)
Return true if the call is a heap allocator/reallocator.
Definition SVFUtil.h:279

SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:68

SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52

SVF
for isBitcode
Definition BasicTypes.h:68

SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74