Static Value-Flow Analysis
Loading...
Searching...
No Matches
DDAClient.cpp
Go to the documentation of this file.
1//===- DDAClient.cpp -- Clients of demand-driven analysis-------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22
23/*
24 * @file: DDAClient.cpp
25 * @author: yesen
26 * @date: 16 Feb 2015
27 *
28 * LICENSE
29 *
30 */
31
32
33#include "Util/Options.h"
34#include "Util/SVFUtil.h"
35#include "MemoryModel/PointsTo.h"
36
37#include "DDA/DDAClient.h"
38#include "DDA/FlowDDA.h"
39#include <iostream>
40#include <iomanip> // for std::setw
41
42using namespace SVF;
43using namespace SVFUtil;
44
45
46void DDAClient::answerQueries(PointerAnalysis* pta)
47{
48
49 DDAStat* stat = static_cast<DDAStat*>(pta->getStat());
50 u32_t vmrss = 0;
51 u32_t vmsize = 0;
52 SVFUtil::getMemoryUsageKB(&vmrss, &vmsize);
53 stat->setMemUsageBefore(vmrss, vmsize);
54
55 collectCandidateQueries(pta->getPAG());
56
57 // We tell the compiler count is used as DBOUT ignores the statement on some builds.
58 u32_t count = 0;
59 (void)count;
60 for (OrderedNodeSet::iterator nIter = candidateQueries.begin();
61 nIter != candidateQueries.end(); ++nIter,++count)
62 {
63 const SVFVar* node = pta->getPAG()->getSVFVar(*nIter);
64 if(pta->getPAG()->isValidTopLevelPtr(node))
65 {
66 DBOUT(DGENERAL,outs() << "\n@@Computing PointsTo for :" << node->getId() <<
67 " [" << count + 1<< "/" << candidateQueries.size() << "]" << " \n");
68 DBOUT(DDDA,outs() << "\n@@Computing PointsTo for :" << node->getId() <<
69 " [" << count + 1<< "/" << candidateQueries.size() << "]" << " \n");
70 setCurrentQueryPtr(node->getId());
71 pta->computeDDAPts(node->getId());
72 }
73 }
74
75 vmrss = vmsize = 0;
76 SVFUtil::getMemoryUsageKB(&vmrss, &vmsize);
77 stat->setMemUsageAfter(vmrss, vmsize);
78}
79
80OrderedNodeSet& FunptrDDAClient::collectCandidateQueries(SVFIR* p)
81{
82 setPAG(p);
83 for(SVFIR::CallSiteToFunPtrMap::const_iterator it = pag->getIndirectCallsites().begin(),
84 eit = pag->getIndirectCallsites().end(); it!=eit; ++it)
85 {
86 if (it->first->isVirtualCall())
87 {
88 const SVFVar* vtblPtr = it->first->getVtablePtr();
89 assert(vtblPtr != nullptr && "not a vtable pointer?");
90 NodeID vtblId = vtblPtr->getId();
91 addCandidate(vtblId);
92 vtableToCallSiteMap[vtblId] = it->first;
93 }
94 else
95 {
96 addCandidate(it->second);
97 }
98 }
99 return candidateQueries;
100}
101
102void FunptrDDAClient::performStat(PointerAnalysis* pta)
103{
104
105 AndersenWaveDiff* ander = AndersenWaveDiff::createAndersenWaveDiff(pta->getPAG());
106 u32_t totalCallsites = 0;
107 u32_t morePreciseCallsites = 0;
108 u32_t zeroTargetCallsites = 0;
109 u32_t oneTargetCallsites = 0;
110 u32_t twoTargetCallsites = 0;
111 u32_t moreThanTwoCallsites = 0;
112
113 for (VTablePtrToCallSiteMap::iterator nIter = vtableToCallSiteMap.begin();
114 nIter != vtableToCallSiteMap.end(); ++nIter)
115 {
116 NodeID vtptr = nIter->first;
117 const PointsTo& ddaPts = pta->getPts(vtptr);
118 const PointsTo& anderPts = ander->getPts(vtptr);
119
120 CallGraph* callgraph = ander->getCallGraph();
121 const CallICFGNode* cbn = nIter->second;
122
123 if(!callgraph->hasIndCSCallees(cbn))
124 {
125 //outs() << "virtual callsite has no callee" << *(nIter->second.getInstruction()) << "\n";
126 continue;
127 }
128
129 const CallGraph::FunctionSet& callees = callgraph->getIndCSCallees(cbn);
130 totalCallsites++;
131 if(callees.size() == 0)
132 zeroTargetCallsites++;
133 else if(callees.size() == 1)
134 oneTargetCallsites++;
135 else if(callees.size() == 2)
136 twoTargetCallsites++;
137 else
138 moreThanTwoCallsites++;
139
140 if(ddaPts.count() >= anderPts.count() || ddaPts.empty())
141 continue;
142
143 Set<const FunObjVar*> ander_vfns;
144 Set<const FunObjVar*> dda_vfns;
145 ander->getVFnsFromPts(cbn,anderPts, ander_vfns);
146 pta->getVFnsFromPts(cbn,ddaPts, dda_vfns);
147
148 ++morePreciseCallsites;
149 outs() << "============more precise callsite =================\n";
150 outs() << (nIter->second)->toString() << "\n";
151 outs() << (nIter->second)->getSourceLoc() << "\n";
152 outs() << "\n";
153 outs() << "------ander pts or vtable num---(" << anderPts.count() << ")--\n";
154 outs() << "------DDA vfn num---(" << ander_vfns.size() << ")--\n";
155 //ander->dumpPts(vtptr, anderPts);
156 outs() << "------DDA pts or vtable num---(" << ddaPts.count() << ")--\n";
157 outs() << "------DDA vfn num---(" << dda_vfns.size() << ")--\n";
158 //pta->dumpPts(vtptr, ddaPts);
159 outs() << "-------------------------\n";
160 outs() << "\n";
161 outs() << "=================================================\n";
162 }
163
164 outs() << "=================================================\n";
165 outs() << "Total virtual callsites: " << vtableToCallSiteMap.size() << "\n";
166 outs() << "Total analyzed virtual callsites: " << totalCallsites << "\n";
167 outs() << "Indirect call map size: " << ander->getCallGraph()->getIndCallMap().size() << "\n";
168 outs() << "Precise callsites: " << morePreciseCallsites << "\n";
169 outs() << "Zero target callsites: " << zeroTargetCallsites << "\n";
170 outs() << "One target callsites: " << oneTargetCallsites << "\n";
171 outs() << "Two target callsites: " << twoTargetCallsites << "\n";
172 outs() << "More than two target callsites: " << moreThanTwoCallsites << "\n";
173 outs() << "=================================================\n";
174}
175
176
178OrderedNodeSet& AliasDDAClient::collectCandidateQueries(SVFIR* pag)
179{
180 setPAG(pag);
181 SVFStmt::SVFStmtSetTy& loads = pag->getSVFStmtSet(SVFStmt::Load);
182 for (SVFStmt::SVFStmtSetTy::iterator iter = loads.begin(), eiter =
183 loads.end(); iter != eiter; ++iter)
184 {
185 PAGNode* loadsrc = (*iter)->getSrcNode();
186 loadSrcNodes.insert(loadsrc);
187 addCandidate(loadsrc->getId());
188 }
189
190 SVFStmt::SVFStmtSetTy& stores = pag->getSVFStmtSet(SVFStmt::Store);
191 for (SVFStmt::SVFStmtSetTy::iterator iter = stores.begin(), eiter =
192 stores.end(); iter != eiter; ++iter)
193 {
194 PAGNode* storedst = (*iter)->getDstNode();
195 storeDstNodes.insert(storedst);
196 addCandidate(storedst->getId());
197 }
198 SVFStmt::SVFStmtSetTy& geps = pag->getSVFStmtSet(SVFStmt::Gep);
199 for (SVFStmt::SVFStmtSetTy::iterator iter = geps.begin(), eiter =
200 geps.end(); iter != eiter; ++iter)
201 {
202 PAGNode* gepsrc = (*iter)->getSrcNode();
203 gepSrcNodes.insert(gepsrc);
204 addCandidate(gepsrc->getId());
205 }
206 return candidateQueries;
207}
208
209void AliasDDAClient::performStat(PointerAnalysis* pta)
210{
211
212 for(PAGNodeSet::const_iterator lit = loadSrcNodes.begin(); lit!=loadSrcNodes.end(); lit++)
213 {
214 for(PAGNodeSet::const_iterator sit = storeDstNodes.begin(); sit!=storeDstNodes.end(); sit++)
215 {
216 const PAGNode* node1 = *lit;
217 const PAGNode* node2 = *sit;
218 AliasResult result = pta->alias(node1->getId(), node2->getId());
219 outs() << "\n=================================================\n";
220 outs() << "Alias Query for (" << node1->valueOnlyToString() << ",";
221 outs() << node2->valueOnlyToString() << ") \n";
222 outs() << "[NodeID:" << node1->getId() << ", NodeID:" << node2->getId() << " " << result << "]\n";
223 outs() << "=================================================\n";
224 }
225 }
226}
227
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:593
DGENERAL
#define DGENERAL
Definition SVFType.h:599
DDDA
#define DDDA
Definition SVFType.h:605
p
cJSON * p
Definition cJSON.cpp:2559
count
int count
Definition cJSON.h:216
SVF::AliasDDAClient::collectCandidateQueries
virtual OrderedNodeSet & collectCandidateQueries(SVFIR *pag)
Only collect function pointers as query candidates.
Definition DDAClient.cpp:178
SVF::AliasDDAClient::loadSrcNodes
PAGNodeSet loadSrcNodes
Definition DDAClient.h:156
SVF::AliasDDAClient::performStat
virtual void performStat(PointerAnalysis *pta)
Definition DDAClient.cpp:209
SVF::AliasDDAClient::storeDstNodes
PAGNodeSet storeDstNodes
Definition DDAClient.h:157
SVF::AliasDDAClient::gepSrcNodes
PAGNodeSet gepSrcNodes
Definition DDAClient.h:158
SVF::AndersenWaveDiff::createAndersenWaveDiff
static AndersenWaveDiff * createAndersenWaveDiff(SVFIR *_pag)
Create an singleton instance directly instead of invoking llvm pass manager.
Definition Andersen.h:407
SVF::Andersen::getPts
virtual const PointsTo & getPts(NodeID id)
Operation of points-to set.
Definition Andersen.h:238
SVF::CallGraph::hasIndCSCallees
bool hasIndCSCallees(const CallICFGNode *cs) const
Definition CallGraph.h:335
SVF::CallGraph::getIndCSCallees
const FunctionSet & getIndCSCallees(const CallICFGNode *cs) const
Definition CallGraph.h:339
SVF::CallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition CallGraph.h:331
SVF::CallGraph::FunctionSet
Set< const FunObjVar * > FunctionSet
Definition CallGraph.h:247
SVF::DDAClient::setPAG
void setPAG(SVFIR *g)
Set SVFIR graph.
Definition DDAClient.h:79
SVF::DDAClient::answerQueries
virtual void answerQueries(PointerAnalysis *pta)
Definition DDAClient.cpp:46
SVF::DDAClient::setCurrentQueryPtr
void setCurrentQueryPtr(NodeID ptr)
Set the pointer being queried.
Definition DDAClient.h:84
SVF::DDAClient::pag
SVFIR * pag
SVFIR graph used by current DDA analysis.
Definition DDAClient.h:107
SVF::DDAClient::addCandidate
void addCandidate(NodeID id)
Definition DDAClient.h:101
SVF::DDAClient::candidateQueries
OrderedNodeSet candidateQueries
store all candidate pointers to be queried
Definition DDAClient.h:109
SVF::DDAClient::collectCandidateQueries
virtual OrderedNodeSet & collectCandidateQueries(SVFIR *p)
Collect candidate pointers for query.
Definition DDAClient.h:58
SVF::FunptrDDAClient::vtableToCallSiteMap
VTablePtrToCallSiteMap vtableToCallSiteMap
Definition DDAClient.h:124
SVF::FunptrDDAClient::collectCandidateQueries
virtual OrderedNodeSet & collectCandidateQueries(SVFIR *p)
Only collect function pointers as query candidates.
Definition DDAClient.cpp:80
SVF::FunptrDDAClient::performStat
virtual void performStat(PointerAnalysis *pta)
Definition DDAClient.cpp:102
SVF::PTAStat::setMemUsageBefore
void setMemUsageBefore(u32_t vmrss, u32_t vmsize)
Definition PTAStat.h:56
SVF::PTAStat::setMemUsageAfter
void setMemUsageAfter(u32_t vmrss, u32_t vmsize)
Definition PTAStat.h:62
SVF::PointerAnalysis::getVFnsFromPts
void getVFnsFromPts(const CallICFGNode *cs, const PointsTo &target, VFunSet &vfns)
Definition PointerAnalysis.cpp:430
SVF::PointerAnalysis::getPts
virtual const PointsTo & getPts(NodeID ptr)=0
Get points-to targets of a pointer. It needs to be implemented in child class.
SVF::PointerAnalysis::computeDDAPts
virtual void computeDDAPts(NodeID)
Compute points-to results on-demand, overridden by derived classes.
Definition PointerAnalysis.h:226
SVF::PointerAnalysis::getPAG
SVFIR * getPAG() const
Definition PointerAnalysis.h:195
SVF::PointerAnalysis::getCallGraph
CallGraph * getCallGraph() const
Return call graph.
Definition PointerAnalysis.h:168
SVF::PointerAnalysis::alias
virtual AliasResult alias(const SVFVar *V1, const SVFVar *V2)=0
Interface exposed to users of our pointer analysis, given Value infos.
SVF::PointerAnalysis::getStat
PTAStat * getStat() const
Get PTA stat.
Definition PointerAnalysis.h:202
SVF::SVFIR::getSVFStmtSet
SVFStmt::SVFStmtSetTy & getSVFStmtSet(SVFStmt::PEDGEK kind)
Get/set methods to get SVFStmts based on their kinds and ICFGNodes.
Definition SVFIR.h:296
SVF::SVFIR::isValidTopLevelPtr
bool isValidTopLevelPtr(const SVFVar *node)
Definition SVFIR.cpp:764
SVF::SVFIR::getIndirectCallsites
const CallSiteToFunPtrMap & getIndirectCallsites() const
Add/get indirect callsites.
Definition SVFIR.h:451
SVF::SVFIR::getSVFVar
const SVFVar * getSVFVar(NodeID id) const
ObjVar/GepObjVar/BaseObjVar.
Definition SVFIR.h:133
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition SVFStatements.h:261
SVF::SVFValue::getId
NodeID getId() const
Get ID.
Definition SVFValue.h:163
SVF::SVFUtil::getMemoryUsageKB
bool getMemoryUsageKB(u32_t *vmrss_kb, u32_t *vmsize_kb)
Get memory usage from system file. Return TRUE if succeed.
Definition SVFUtil.cpp:179
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF
for isBitcode
Definition BasicTypes.h:70
SVF::OrderedNodeSet
OrderedSet< NodeID > OrderedNodeSet
Definition GeneralType.h:112
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56
SVF::AliasResult
AliasResult
Definition SVFType.h:636
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:76
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
Generated by doxygen 1.9.8