Static Value-Flow Analysis
SVFIRBuilder.cpp
Go to the documentation of this file.
1 //===- SVFIRBuilder.cpp -- SVFIR builder-----------------------------------------//
2 //
3 // SVF: Static Value-Flow Analysis
4 //
5 // Copyright (C) <2013-2017> <Yulei Sui>
6 //
7 
8 // This program is free software: you can redistribute it and/or modify
9 // it under the terms of the GNU Affero General Public License as published by
10 // the Free Software Foundation, either version 3 of the License, or
11 // (at your option) any later version.
12 
13 // This program is distributed in the hope that it will be useful,
14 // but WITHOUT ANY WARRANTY; without even the implied warranty of
15 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 // GNU Affero General Public License for more details.
17 
18 // You should have received a copy of the GNU Affero General Public License
19 // along with this program. If not, see <http://www.gnu.org/licenses/>.
20 //
21 //===----------------------------------------------------------------------===//
22 
23 /*
24  * SVFIRBuilder.cpp
25  *
26  * Created on: Nov 1, 2013
27  * Author: Yulei Sui
28  */
29 
30 #include "SVF-LLVM/SVFIRBuilder.h"
31 #include "SVF-LLVM/BasicTypes.h"
32 #include "SVF-LLVM/CHGBuilder.h"
33 #include "SVF-LLVM/CppUtil.h"
34 #include "SVF-LLVM/LLVMLoopAnalysis.h"
35 #include "SVF-LLVM/LLVMUtil.h"
36 #include "SVF-LLVM/SymbolTableBuilder.h"
37 #include "SVFIR/PAGBuilderFromFile.h"
38 #include "SVFIR/SVFFileSystem.h"
39 #include "SVFIR/SVFModule.h"
40 #include "SVFIR/SVFValue.h"
41 #include "Util/CallGraphBuilder.h"
42 #include "Util/Options.h"
43 #include "Util/SVFUtil.h"
44 
45 using namespace std;
46 using namespace SVF;
47 using namespace SVFUtil;
48 using namespace LLVMUtil;
49 
50 
54 SVFIR* SVFIRBuilder::build()
55 {
56  double startTime = SVFStat::getClk(true);
57 
58  DBOUT(DGENERAL, outs() << pasMsg("\t Building SVFIR ...\n"));
59 
60  // Set SVFModule from SVFIRBuilder
61  pag->setModule(svfModule);
62 
63  // Build ICFG
64  pag->setICFG(llvmModuleSet()->getICFG());
65 
66  // Set callgraph
67  pag->setCallGraph(llvmModuleSet()->callgraph);
68 
69  // Set icfgnode in memobj
70  for (auto& it : SymbolTableInfo::SymbolInfo()->idToObjMap())
71  {
72  if(!it.second->getValue())
73  continue;
74  if (const Instruction* inst =
75  SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(
76  it.second->getValue())))
77  {
78  if(llvmModuleSet()->hasICFGNode(inst))
79  it.second->gNode = llvmModuleSet()->getICFGNode(inst);
80  }
81  }
82 
83  CHGraph* chg = new CHGraph(pag->getModule());
84  CHGBuilder chgbuilder(chg);
85  chgbuilder.buildCHG();
86  pag->setCHG(chg);
87 
88  // We read SVFIR from a user-defined txt instead of parsing SVFIR from LLVM IR
89  if (SVFModule::pagReadFromTXT())
90  {
91  PAGBuilderFromFile fileBuilder(SVFModule::pagFileName());
92  return fileBuilder.build();
93  }
94 
95  // If the SVFIR has been built before, then we return the unique SVFIR of the program
96  if(pag->getNodeNumAfterPAGBuild() > 1)
97  return pag;
98 
101  initialiseNodes();
104  visitGlobal(svfModule);
106 
108  for (Module& M : llvmModuleSet()->getLLVMModules())
109  {
110  for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
111  {
112  const Function& fun = *F;
113  const SVFFunction* svffun = llvmModuleSet()->getSVFFunction(&fun);
115  if(!fun.isDeclaration())
116  {
122  if (fun.doesNotReturn() == false &&
123  fun.getReturnType()->isVoidTy() == false)
124  {
125  pag->addFunRet(svffun,
126  pag->getGNode(pag->getReturnNode(svffun)));
127  }
128 
131  for (Function::const_arg_iterator I = fun.arg_begin(), E = fun.arg_end();
132  I != E; ++I)
133  {
134  setCurrentLocation(&*I,&fun.getEntryBlock());
135  NodeID argValNodeId = pag->getValueNode(llvmModuleSet()->getSVFValue(&*I));
136  // if this is the function does not have caller (e.g. main)
137  // or a dead function, shall we create a black hole address edge for it?
138  // it is (1) too conservative, and (2) make FormalParmVFGNode defined at blackhole address PAGEdge.
139  // if(SVFUtil::ArgInNoCallerFunction(&*I)) {
140  // if(I->getType()->isPointerTy())
141  // addBlackHoleAddrEdge(argValNodeId);
142  //}
143  pag->addFunArgs(svffun,pag->getGNode(argValNodeId));
144  }
145  }
146  for (Function::const_iterator bit = fun.begin(), ebit = fun.end();
147  bit != ebit; ++bit)
148  {
149  const BasicBlock& bb = *bit;
150  for (BasicBlock::const_iterator it = bb.begin(), eit = bb.end();
151  it != eit; ++it)
152  {
153  const Instruction& inst = *it;
154  setCurrentLocation(&inst,&bb);
155  visit(const_cast<Instruction&>(inst));
156  }
157  }
158  }
159  }
160 
161  sanityCheck();
162 
163  pag->initialiseCandidatePointers();
164 
165  pag->setNodeNumAfterPAGBuild(pag->getTotalNodeNum());
166 
167  // dump SVFIR
168  if (Options::PAGDotGraph())
169  pag->dump("svfir_initial");
170 
171  // print to command line of the SVFIR graph
172  if (Options::PAGPrint())
173  pag->print();
174 
175  // dump ICFG
176  if (Options::DumpICFG())
177  pag->getICFG()->dump("icfg_initial");
178 
179  if (Options::LoopAnalysis())
180  {
181  LLVMLoopAnalysis loopAnalysis;
182  loopAnalysis.build(pag->getICFG());
183  }
184 
185  // dump SVFIR as JSON
186  if (!Options::DumpJson().empty())
187  {
188  SVFIRWriter::writeJsonToPath(pag, Options::DumpJson());
189  }
190 
191  double endTime = SVFStat::getClk(true);
192  SVFStat::timeOfBuildingSVFIR = (endTime - startTime) / TIMEINTERVAL;
193 
194  return pag;
195 }
196 
197 /*
198  * Initial all the nodes from symbol table
199  */
200 void SVFIRBuilder::initialiseNodes()
201 {
202  DBOUT(DPAGBuild, outs() << "Initialise SVFIR Nodes ...\n");
203 
204  SymbolTableInfo* symTable = pag->getSymbolInfo();
205 
206  pag->addBlackholeObjNode();
207  pag->addConstantObjNode();
208  pag->addBlackholePtrNode();
209  addNullPtrNode();
210 
211  for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
212  symTable->valSyms().begin(); iter != symTable->valSyms().end();
213  ++iter)
214  {
215  DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
216  if(iter->second == symTable->blkPtrSymID() || iter->second == symTable->nullPtrSymID())
217  continue;
218 
219  const SVFBaseNode* gNode = nullptr;
220  if (const Instruction* inst =
221  SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(iter->first)))
222  {
223  if (llvmModuleSet()->hasICFGNode(inst))
224  {
225  gNode = llvmModuleSet()->getICFGNode(inst);
226  }
227  }
228  pag->addValNode(iter->first, iter->second, gNode);
229  }
230 
231  for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
232  symTable->objSyms().begin(); iter != symTable->objSyms().end();
233  ++iter)
234  {
235  DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
236  if(iter->second == symTable->blackholeSymID() || iter->second == symTable->constantSymID())
237  continue;
238  pag->addObjNode(iter->first, iter->second);
239  }
240 
241  for (SymbolTableInfo::FunToIDMapTy::iterator iter =
242  symTable->retSyms().begin(); iter != symTable->retSyms().end();
243  ++iter)
244  {
245  DBOUT(DPAGBuild, outs() << "add ret node " << iter->second << "\n");
246  pag->addRetNode(iter->first, iter->second);
247  }
248 
249  for (SymbolTableInfo::FunToIDMapTy::iterator iter =
250  symTable->varargSyms().begin();
251  iter != symTable->varargSyms().end(); ++iter)
252  {
253  DBOUT(DPAGBuild, outs() << "add vararg node " << iter->second << "\n");
254  pag->addVarargNode(iter->first, iter->second);
255  }
256 
258  for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
259  symTable->objSyms().begin(); iter != symTable->objSyms().end(); ++iter)
260  {
261  DBOUT(DPAGBuild, outs() << "add address edges for constant node " << iter->second << "\n");
262  const SVFValue* val = iter->first;
263  if (isConstantObjSym(val))
264  {
265  NodeID ptr = pag->getValueNode(val);
266  if(ptr!= pag->getBlkPtr() && ptr!= pag->getNullPtr())
267  {
268  setCurrentLocation(val, nullptr);
269  addAddrEdge(iter->second, ptr);
270  }
271  }
272  }
273 
274  assert(pag->getTotalNodeNum() >= symTable->getTotalSymNum()
275  && "not all node have been initialized!!!");
276 
277 }
278 
279 /*
280  https://github.com/SVF-tools/SVF/issues/524
281  Handling single value types, for constant index, including pointer, integer, etc
282  e.g. field_idx = getelementptr i8, %i8* %p, i64 -4
283  We can obtain the field index by inferring the byteoffset if %p is casted from a pointer to a struct
284  For another example, the following can be an array access.
285  e.g. field_idx = getelementptr i8, %struct_type %p, i64 1
286 
287 */
288 u32_t SVFIRBuilder::inferFieldIdxFromByteOffset(const llvm::GEPOperator* gepOp, DataLayout *dl, AccessPath& ap, APOffset idx)
289 {
290  return 0;
291 }
292 
299 bool SVFIRBuilder::computeGepOffset(const User *V, AccessPath& ap)
300 {
301  assert(V);
302 
303  const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
304  DataLayout * dataLayout = getDataLayout(llvmModuleSet()->getMainLLVMModule());
305  llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
306  if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
307  {
308  //s32_t bo = byteOffset.getSExtValue();
309  }
310 
311  bool isConst = true;
312 
313  bool prevPtrOperand = false;
314  for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
315  gi != ge; ++gi)
316  {
317  const Type* gepTy = *gi;
318  const SVFType* svfGepTy = llvmModuleSet()->getSVFType(gepTy);
319 
320  assert((prevPtrOperand && svfGepTy->isPointerTy()) == false &&
321  "Expect no more than one gep operand to be of a pointer type");
322  if(!prevPtrOperand && svfGepTy->isPointerTy()) prevPtrOperand = true;
323  const Value* offsetVal = gi.getOperand();
324  const SVFValue* offsetSvfVal = llvmModuleSet()->getSVFValue(offsetVal);
325  assert(gepTy != offsetVal->getType() && "iteration and operand have the same type?");
326  ap.addOffsetVarAndGepTypePair(getPAG()->getGNode(getPAG()->getValueNode(offsetSvfVal)), svfGepTy);
327 
328  //The int value of the current index operand
329  const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
330 
331  // if Options::ModelConsts() is disabled. We will treat whole array as one,
332  // but we can distinguish different field of an array of struct, e.g. s[1].f1 is different from s[0].f2
333  if(const ArrayType* arrTy = SVFUtil::dyn_cast<ArrayType>(gepTy))
334  {
335  if(!op || (arrTy->getArrayNumElements() <= (u32_t)op->getSExtValue()))
336  continue;
337  APOffset idx = op->getSExtValue();
338  u32_t offset = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(arrTy), idx);
339  ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
340  }
341  else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
342  {
343  assert(op && "non-const offset accessing a struct");
344  //The actual index
345  APOffset idx = op->getSExtValue();
346  u32_t offset = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(ST), idx);
347  ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
348  }
349  else if (gepTy->isSingleValueType())
350  {
351  // If it's a non-constant offset access
352  // If its point-to target is struct or array, it's likely an array accessing (%result = gep %struct.A* %a, i32 %non-const-index)
353  // If its point-to target is single value (pointer arithmetic), then it's a variant gep (%result = gep i8* %p, i32 %non-const-index)
354  if(!op && gepTy->isPointerTy() && gepOp->getSourceElementType()->isSingleValueType())
355  {
356  isConst = false;
357  }
358 
359  // The actual index
360  //s32_t idx = op->getSExtValue();
361 
362  // For pointer arithmetic we ignore the byte offset
363  // consider using inferFieldIdxFromByteOffset(geopOp,dataLayout,ap,idx)?
364  // ap.setFldIdx(ap.getConstantFieldIdx() + inferFieldIdxFromByteOffset(geopOp,idx));
365  }
366  }
367  return isConst;
368 }
369 
373 void SVFIRBuilder::processCE(const Value* val)
374 {
375  if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
376  {
377  if (const ConstantExpr* gepce = isGepConstantExpr(ref))
378  {
379  DBOUT(DPAGBuild, outs() << "handle gep constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
380  const Constant* opnd = gepce->getOperand(0);
381  // handle recursive constant express case (gep (bitcast (gep X 1)) 1)
382  processCE(opnd);
383  auto &GEPOp = llvm::cast<llvm::GEPOperator>(*gepce);
384  Type *pType = GEPOp.getSourceElementType();
385  AccessPath ap(0, llvmModuleSet()->getSVFType(pType));
386  bool constGep = computeGepOffset(gepce, ap);
387  // must invoke pag methods here, otherwise it will be a dead recursion cycle
388  const SVFValue* cval = getCurrentValue();
389  const SVFBasicBlock* cbb = getCurrentBB();
390  setCurrentLocation(gepce, nullptr);
391  /*
392  * The gep edge created are like constexpr (same edge may appear at multiple callsites)
393  * so bb/inst of this edge may be rewritten several times, we treat it as global here.
394  */
395  addGepEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(gepce)), ap, constGep);
396  setCurrentLocation(cval, cbb);
397  }
398  else if (const ConstantExpr* castce = isCastConstantExpr(ref))
399  {
400  DBOUT(DPAGBuild, outs() << "handle cast constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
401  const Constant* opnd = castce->getOperand(0);
402  processCE(opnd);
403  const SVFValue* cval = getCurrentValue();
404  const SVFBasicBlock* cbb = getCurrentBB();
405  setCurrentLocation(castce, nullptr);
406  addCopyEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(castce)), CopyStmt::BITCAST);
407  setCurrentLocation(cval, cbb);
408  }
409  else if (const ConstantExpr* selectce = isSelectConstantExpr(ref))
410  {
411  DBOUT(DPAGBuild, outs() << "handle select constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
412  const Constant* src1 = selectce->getOperand(1);
413  const Constant* src2 = selectce->getOperand(2);
414  processCE(src1);
415  processCE(src2);
416  const SVFValue* cval = getCurrentValue();
417  const SVFBasicBlock* cbb = getCurrentBB();
418  setCurrentLocation(selectce, nullptr);
419  NodeID cond = pag->getValueNode(llvmModuleSet()->getSVFValue(selectce->getOperand(0)));
420  NodeID nsrc1 = pag->getValueNode(llvmModuleSet()->getSVFValue(src1));
421  NodeID nsrc2 = pag->getValueNode(llvmModuleSet()->getSVFValue(src2));
422  NodeID nres = pag->getValueNode(llvmModuleSet()->getSVFValue(selectce));
423  addSelectStmt(nres,nsrc1, nsrc2, cond);
424  setCurrentLocation(cval, cbb);
425  }
426  // if we meet a int2ptr, then it points-to black hole
427  else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
428  {
429  const Constant* opnd = int2Ptrce->getOperand(0);
430  processCE(opnd);
431  const SVFBasicBlock* cbb = getCurrentBB();
432  const SVFValue* cval = getCurrentValue();
433  setCurrentLocation(int2Ptrce, nullptr);
434  addCopyEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(int2Ptrce)), CopyStmt::INTTOPTR);
435  setCurrentLocation(cval, cbb);
436  }
437  else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
438  {
439  const Constant* opnd = ptr2Intce->getOperand(0);
440  processCE(opnd);
441  const SVFBasicBlock* cbb = getCurrentBB();
442  const SVFValue* cval = getCurrentValue();
443  setCurrentLocation(ptr2Intce, nullptr);
444  addCopyEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(ptr2Intce)), CopyStmt::PTRTOINT);
445  setCurrentLocation(cval, cbb);
446  }
447  else if(isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
448  {
449  // we don't handle trunc and cmp instruction for now
450  const SVFValue* cval = getCurrentValue();
451  const SVFBasicBlock* cbb = getCurrentBB();
452  setCurrentLocation(ref, nullptr);
453  NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
454  addBlackHoleAddrEdge(dst);
455  setCurrentLocation(cval, cbb);
456  }
457  else if (isBinaryConstantExpr(ref))
458  {
459  // we don't handle binary constant expression like add(x,y) now
460  const SVFValue* cval = getCurrentValue();
461  const SVFBasicBlock* cbb = getCurrentBB();
462  setCurrentLocation(ref, nullptr);
463  NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
464  addBlackHoleAddrEdge(dst);
465  setCurrentLocation(cval, cbb);
466  }
467  else if (isUnaryConstantExpr(ref))
468  {
469  // we don't handle unary constant expression like fneg(x) now
470  const SVFValue* cval = getCurrentValue();
471  const SVFBasicBlock* cbb = getCurrentBB();
472  setCurrentLocation(ref, nullptr);
473  NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
474  addBlackHoleAddrEdge(dst);
475  setCurrentLocation(cval, cbb);
476  }
477  else if (SVFUtil::isa<ConstantAggregate>(ref))
478  {
479  // we don't handle constant aggregate like constant vectors
480  }
481  else if (SVFUtil::isa<BlockAddress>(ref))
482  {
483  // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
484  // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
485  const SVFValue* cval = getCurrentValue();
486  const SVFBasicBlock* cbb = getCurrentBB();
487  setCurrentLocation(ref, nullptr);
488  NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
489  addAddrEdge(pag->getConstantNode(), dst);
490  setCurrentLocation(cval, cbb);
491  }
492  else
493  {
494  if(SVFUtil::isa<ConstantExpr>(val))
495  assert(false && "we don't handle all other constant expression for now!");
496  }
497  }
498 }
504 NodeID SVFIRBuilder::getGlobalVarField(const GlobalVariable *gvar, u32_t offset, SVFType* tpy)
505 {
506 
507  // if the global variable do not have any field needs to be initialized
508  if (offset == 0 && gvar->getInitializer()->getType()->isSingleValueType())
509  {
510  return getValueNode(gvar);
511  }
514  else
515  {
516  return getGepValVar(gvar, AccessPath(offset), tpy);
517  }
518 }
519 
520 /*For global variable initialization
521  * Give a simple global variable
522  * int x = 10; // store 10 x (constant, non pointer) |
523  * int *y = &x; // store x y (pointer type)
524  * Given a struct
525  * struct Z { int s; int *t;};
526  * Global initialization:
527  * struct Z z = {10,&x}; // store x z.t (struct type)
528  * struct Z *m = &z; // store z m (pointer type)
529  * struct Z n = {10,&z.s}; // store z.s n , &z.s constant expression (constant expression)
530  */
531 void SVFIRBuilder::InitialGlobal(const GlobalVariable *gvar, Constant *C,
532  u32_t offset)
533 {
534  DBOUT(DPAGBuild, outs() << "global " << llvmModuleSet()->getSVFValue(gvar)->toString() << " constant initializer: " << llvmModuleSet()->getSVFValue(C)->toString() << "\n");
535  if (C->getType()->isSingleValueType())
536  {
537  NodeID src = getValueNode(C);
538  // get the field value if it is available, otherwise we create a dummy field node.
539  setCurrentLocation(gvar, nullptr);
540  NodeID field = getGlobalVarField(gvar, offset, llvmModuleSet()->getSVFType(C->getType()));
541 
542  if (SVFUtil::isa<GlobalVariable, Function>(C))
543  {
544  setCurrentLocation(C, nullptr);
545  addStoreEdge(src, field);
546  }
547  else if (SVFUtil::isa<ConstantExpr>(C))
548  {
549  // add gep edge of C1 itself is a constant expression
550  processCE(C);
551  setCurrentLocation(C, nullptr);
552  addStoreEdge(src, field);
553  }
554  else if (SVFUtil::isa<BlockAddress>(C))
555  {
556  // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
557  // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
558  processCE(C);
559  setCurrentLocation(C, nullptr);
560  addAddrEdge(pag->getConstantNode(), src);
561  }
562  else
563  {
564  setCurrentLocation(C, nullptr);
565  addStoreEdge(src, field);
567  if (C->getType()->isPtrOrPtrVectorTy() && src != pag->getNullPtr())
568  addCopyEdge(pag->getNullPtr(), src, CopyStmt::COPYVAL);
569  }
570  }
571  else if (SVFUtil::isa<ConstantArray, ConstantStruct>(C))
572  {
573  if(cppUtil::isValVtbl(gvar) && !Options::VtableInSVFIR())
574  return;
575  for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
576  {
577  u32_t off = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
578  InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
579  }
580  }
581  else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
582  {
583  if(Options::ModelConsts())
584  {
585  if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data))
586  {
587  for(u32_t i = 0; i < seq->getNumElements(); i++)
588  {
589  u32_t off = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
590  Constant* ct = seq->getElementAsConstant(i);
591  InitialGlobal(gvar, ct, offset + off);
592  }
593  }
594  else
595  {
596  assert((SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) && "Single value type data should have been handled!");
597  }
598  }
599  }
600  else
601  {
602  //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
603  }
604 }
605 
609 void SVFIRBuilder::visitGlobal(SVFModule* svfModule)
610 {
611 
613  for (Module &M : llvmModuleSet()->getLLVMModules())
614  {
615  for (Module::global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
616  {
617  GlobalVariable *gvar = &*I;
618  NodeID idx = getValueNode(gvar);
619  NodeID obj = getObjectNode(gvar);
620 
621  setCurrentLocation(gvar, nullptr);
622  addAddrEdge(obj, idx);
623 
624  if (gvar->hasInitializer())
625  {
626  Constant *C = gvar->getInitializer();
627  DBOUT(DPAGBuild, outs() << "add global var node " << llvmModuleSet()->getSVFValue(gvar)->toString() << "\n");
628  InitialGlobal(gvar, C, 0);
629  }
630  }
631 
632 
634  for (Module::const_iterator I = M.begin(), E = M.end(); I != E; ++I)
635  {
636  const Function* fun = &*I;
637  NodeID idx = getValueNode(fun);
638  NodeID obj = getObjectNode(fun);
639 
640  DBOUT(DPAGBuild, outs() << "add global function node " << fun->getName().str() << "\n");
641  setCurrentLocation(fun, nullptr);
642  addAddrEdge(obj, idx);
643  }
644 
645  // Handle global aliases (due to linkage of multiple bc files), e.g., @x = internal alias @y. We need to add a copy from y to x.
646  for (Module::alias_iterator I = M.alias_begin(), E = M.alias_end(); I != E; I++)
647  {
648  const GlobalAlias* alias = &*I;
649  NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(alias));
650  NodeID src = pag->getValueNode(llvmModuleSet()->getSVFValue(alias->getAliasee()));
651  processCE(alias->getAliasee());
652  setCurrentLocation(alias, nullptr);
653  addCopyEdge(src, dst, CopyStmt::COPYVAL);
654  }
655  }
656 }
657 
662 void SVFIRBuilder::visitAllocaInst(AllocaInst &inst)
663 {
664 
665  // AllocaInst should always be a pointer type
666  assert(SVFUtil::isa<PointerType>(inst.getType()));
667 
668  DBOUT(DPAGBuild, outs() << "process alloca " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
669  NodeID dst = getValueNode(&inst);
670 
671  NodeID src = getObjectNode(&inst);
672 
673  addAddrWithStackArraySz(src, dst, inst);
674 
675 }
676 
680 void SVFIRBuilder::visitPHINode(PHINode &inst)
681 {
682 
683  DBOUT(DPAGBuild, outs() << "process phi " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
684 
685  NodeID dst = getValueNode(&inst);
686 
687  for (u32_t i = 0; i < inst.getNumIncomingValues(); ++i)
688  {
689  const Value* val = inst.getIncomingValue(i);
690  const Instruction* incomingInst = SVFUtil::dyn_cast<Instruction>(val);
691  bool matched = (incomingInst == nullptr ||
692  incomingInst->getFunction() == inst.getFunction());
693  (void) matched; // Suppress warning of unused variable under release build
694  assert(matched && "incomingInst's Function incorrect");
695  const Instruction* predInst = &inst.getIncomingBlock(i)->back();
696  const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(predInst);
697  NodeID src = getValueNode(val);
698  addPhiStmt(dst,src,icfgNode);
699  }
700 }
701 
702 /*
703  * Visit load instructions
704  */
705 void SVFIRBuilder::visitLoadInst(LoadInst &inst)
706 {
707  DBOUT(DPAGBuild, outs() << "process load " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
708 
709  NodeID dst = getValueNode(&inst);
710 
711  NodeID src = getValueNode(inst.getPointerOperand());
712 
713  addLoadEdge(src, dst);
714 }
715 
719 void SVFIRBuilder::visitStoreInst(StoreInst &inst)
720 {
721  // StoreInst itself should always not be a pointer type
722  assert(!SVFUtil::isa<PointerType>(inst.getType()));
723 
724  DBOUT(DPAGBuild, outs() << "process store " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
725 
726  NodeID dst = getValueNode(inst.getPointerOperand());
727 
728  NodeID src = getValueNode(inst.getValueOperand());
729 
730  addStoreEdge(src, dst);
731 
732 }
733 
737 void SVFIRBuilder::visitGetElementPtrInst(GetElementPtrInst &inst)
738 {
739 
740  NodeID dst = getValueNode(&inst);
741  // GetElementPtrInst should always be a pointer or a vector contains pointers
742  // for now we don't handle vector type here
743  if(SVFUtil::isa<VectorType>(inst.getType()))
744  {
745  addBlackHoleAddrEdge(dst);
746  return;
747  }
748 
749  assert(SVFUtil::isa<PointerType>(inst.getType()));
750 
751  DBOUT(DPAGBuild, outs() << "process gep " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
752 
753  NodeID src = getValueNode(inst.getPointerOperand());
754 
755  AccessPath ap(0, llvmModuleSet()->getSVFType(inst.getSourceElementType()));
756  bool constGep = computeGepOffset(&inst, ap);
757  addGepEdge(src, dst, ap, constGep);
758 }
759 
760 /*
761  * Visit cast instructions
762  */
763 void SVFIRBuilder::visitCastInst(CastInst &inst)
764 {
765 
766  DBOUT(DPAGBuild, outs() << "process cast " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
767  NodeID dst = getValueNode(&inst);
768 
769  const Value* opnd = inst.getOperand(0);
770  NodeID src = getValueNode(opnd);
771  addCopyEdge(src, dst, getCopyKind(&inst));
772 }
773 
777 void SVFIRBuilder::visitBinaryOperator(BinaryOperator &inst)
778 {
779  NodeID dst = getValueNode(&inst);
780  assert(inst.getNumOperands() == 2 && "not two operands for BinaryOperator?");
781  Value* op1 = inst.getOperand(0);
782  NodeID op1Node = getValueNode(op1);
783  Value* op2 = inst.getOperand(1);
784  NodeID op2Node = getValueNode(op2);
785  u32_t opcode = inst.getOpcode();
786  addBinaryOPEdge(op1Node, op2Node, dst, opcode);
787 }
788 
792 void SVFIRBuilder::visitUnaryOperator(UnaryOperator &inst)
793 {
794  NodeID dst = getValueNode(&inst);
795  assert(inst.getNumOperands() == 1 && "not one operand for Unary instruction?");
796  Value* opnd = inst.getOperand(0);
797  NodeID src = getValueNode(opnd);
798  u32_t opcode = inst.getOpcode();
799  addUnaryOPEdge(src, dst, opcode);
800 }
801 
805 void SVFIRBuilder::visitCmpInst(CmpInst &inst)
806 {
807  NodeID dst = getValueNode(&inst);
808  assert(inst.getNumOperands() == 2 && "not two operands for compare instruction?");
809  Value* op1 = inst.getOperand(0);
810  NodeID op1Node = getValueNode(op1);
811  Value* op2 = inst.getOperand(1);
812  NodeID op2Node = getValueNode(op2);
813  u32_t predicate = inst.getPredicate();
814  addCmpEdge(op1Node, op2Node, dst, predicate);
815 }
816 
817 
821 void SVFIRBuilder::visitSelectInst(SelectInst &inst)
822 {
823 
824  DBOUT(DPAGBuild, outs() << "process select " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
825 
826  NodeID dst = getValueNode(&inst);
827  NodeID src1 = getValueNode(inst.getTrueValue());
828  NodeID src2 = getValueNode(inst.getFalseValue());
829  NodeID cond = getValueNode(inst.getCondition());
831  addSelectStmt(dst,src1,src2, cond);
832 }
833 
834 void SVFIRBuilder::visitCallInst(CallInst &i)
835 {
836  visitCallSite(&i);
837 }
838 
839 void SVFIRBuilder::visitInvokeInst(InvokeInst &i)
840 {
841  visitCallSite(&i);
842 }
843 
844 void SVFIRBuilder::visitCallBrInst(CallBrInst &i)
845 {
846  visitCallSite(&i);
847 }
848 
849 /*
850  * Visit callsites
851  */
852 void SVFIRBuilder::visitCallSite(CallBase* cs)
853 {
854 
855  // skip llvm intrinsics
856  if(isIntrinsicInst(cs))
857  return;
858 
859  DBOUT(DPAGBuild,
860  outs() << "process callsite " << svfcall->valueOnlyToString() << "\n");
861 
862 
863  CallICFGNode* callBlockNode = llvmModuleSet()->getCallICFGNode(cs);
864  RetICFGNode* retBlockNode = llvmModuleSet()->getRetICFGNode(cs);
865 
866  pag->addCallSite(callBlockNode);
867 
869  for (u32_t i = 0; i < cs->arg_size(); i++)
870  pag->addCallSiteArgs(callBlockNode,pag->getGNode(getValueNode(cs->getArgOperand(i))));
871 
872  if(!cs->getType()->isVoidTy())
873  pag->addCallSiteRets(retBlockNode,pag->getGNode(getValueNode(cs)));
874 
875  if (callBlockNode->isVirtualCall())
876  {
877  const Value* value = cppUtil::getVCallVtblPtr(cs);
878  callBlockNode->setVtablePtr(pag->getGNode(getValueNode(value)));
879  }
880  if (const Function *callee = LLVMUtil::getCallee(cs))
881  {
882  const SVFFunction* svfcallee = llvmModuleSet()->getSVFFunction(callee);
883  if (isExtCall(svfcallee))
884  {
885  handleExtCall(cs, svfcallee);
886  }
887  else
888  {
889  handleDirectCall(cs, callee);
890  }
891  }
892  else
893  {
894  //If the callee was not identified as a function (null F), this is indirect.
895  handleIndCall(cs);
896  }
897 }
898 
902 void SVFIRBuilder::visitReturnInst(ReturnInst &inst)
903 {
904 
905  // ReturnInst itself should always not be a pointer type
906  assert(!SVFUtil::isa<PointerType>(inst.getType()));
907 
908  DBOUT(DPAGBuild, outs() << "process return " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
909 
910  if(Value* src = inst.getReturnValue())
911  {
912  const SVFFunction *F = llvmModuleSet()->getSVFFunction(inst.getParent()->getParent());
913 
914  NodeID rnF = getReturnNode(F);
915  NodeID vnS = getValueNode(src);
916  const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(&inst);
917  //vnS may be null if src is a null ptr
918  addPhiStmt(rnF,vnS,icfgNode);
919  }
920 }
921 
922 
931 void SVFIRBuilder::visitExtractValueInst(ExtractValueInst &inst)
932 {
933  NodeID dst = getValueNode(&inst);
934  addBlackHoleAddrEdge(dst);
935 }
936 
945 void SVFIRBuilder::visitExtractElementInst(ExtractElementInst &inst)
946 {
947  NodeID dst = getValueNode(&inst);
948  addBlackHoleAddrEdge(dst);
949 }
950 
955 void SVFIRBuilder::visitBranchInst(BranchInst &inst)
956 {
957  NodeID brinst = getValueNode(&inst);
958  NodeID cond;
959  if (inst.isConditional())
960  cond = getValueNode(inst.getCondition());
961  else
962  cond = pag->getNullPtr();
963 
964  assert(inst.getNumSuccessors() <= 2 && "if/else has more than two branches?");
965 
966  BranchStmt::SuccAndCondPairVec successors;
967  std::vector<const Instruction*> nextInsts;
968  LLVMUtil::getNextInsts(&inst, nextInsts);
969  u32_t branchID = 0;
970  for (const Instruction* succInst : nextInsts)
971  {
972  assert(branchID <= 1 && "if/else has more than two branches?");
973  const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
974  successors.push_back(std::make_pair(icfgNode, 1-branchID));
975  branchID++;
976  }
977  addBranchStmt(brinst, cond, successors);
979  if (inst.isConditional())
980  {
981  for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
982  {
983  if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
984  {
985  intraEdge->setConditionVar(pag->getGNode(cond));
986  }
987  }
988  }
989 }
990 
991 
1035 
1037 void SVFIRBuilder::visitSwitchInst(SwitchInst &inst)
1038 {
1039  NodeID brinst = getValueNode(&inst);
1040  NodeID cond = getValueNode(inst.getCondition());
1041 
1042  BranchStmt::SuccAndCondPairVec successors;
1043  std::vector<const Instruction*> nextInsts;
1044  LLVMUtil::getNextInsts(&inst, nextInsts);
1045  for (const Instruction* succInst : nextInsts)
1046  {
1048  const ConstantInt* condVal = inst.findCaseDest(const_cast<BasicBlock*>(succInst->getParent()));
1050  s64_t val = -1;
1051  if (condVal && condVal->getBitWidth() <= 64)
1052  val = condVal->getSExtValue();
1053  const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1054  successors.push_back(std::make_pair(icfgNode, val));
1055  }
1056  addBranchStmt(brinst, cond, successors);
1058  for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1059  {
1060  if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1061  {
1062  intraEdge->setConditionVar(pag->getGNode(cond));
1063  }
1064  }
1065 }
1066 
1067 
1073 void SVFIRBuilder::visitVAArgInst(VAArgInst &inst)
1074 {
1075  NodeID dst = getValueNode(&inst);
1076  Value* opnd = inst.getPointerOperand();
1077  NodeID src = getValueNode(opnd);
1078  addCopyEdge(src, dst, CopyStmt::COPYVAL);
1079 }
1080 
1085 void SVFIRBuilder::visitFreezeInst(FreezeInst &inst)
1086 {
1087  NodeID dst = getValueNode(&inst);
1088  for (u32_t i = 0; i < inst.getNumOperands(); i++)
1089  {
1090  Value* opnd = inst.getOperand(i);
1091  NodeID src = getValueNode(opnd);
1092  addCopyEdge(src, dst, CopyStmt::COPYVAL);
1093  }
1094 }
1095 
1096 
1100 void SVFIRBuilder::handleDirectCall(CallBase* cs, const Function *F)
1101 {
1102 
1103  assert(F);
1104  CallICFGNode* callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
1105  const SVFFunction* svffun = llvmModuleSet()->getSVFFunction(F);
1106  DBOUT(DPAGBuild,
1107  outs() << "handle direct call " << LLVMUtil::dumpValue(cs) << " callee " << F->getName().str() << "\n");
1108 
1109  //Only handle the ret.val. if it's used as a ptr.
1110  NodeID dstrec = getValueNode(cs);
1111  //Does it actually return a ptr?
1112  if (!cs->getType()->isVoidTy())
1113  {
1114  NodeID srcret = getReturnNode(svffun);
1115  FunExitICFGNode* exitICFGNode = pag->getICFG()->getFunExitICFGNode(svffun);
1116  addRetEdge(srcret, dstrec,callICFGNode, exitICFGNode);
1117  }
1118  //Iterators for the actual and formal parameters
1119  u32_t itA = 0, ieA = cs->arg_size();
1120  Function::const_arg_iterator itF = F->arg_begin(), ieF = F->arg_end();
1121  //Go through the fixed parameters.
1122  DBOUT(DPAGBuild, outs() << " args:");
1123  for (; itF != ieF; ++itA, ++itF)
1124  {
1125  //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
1126  if (itA == ieA)
1127  {
1128  DBOUT(DPAGBuild, outs() << " !! not enough args\n");
1129  break;
1130  }
1131  const Value* AA = cs->getArgOperand(itA), *FA = &*itF; //current actual/formal arg
1132 
1133  DBOUT(DPAGBuild, outs() << "process actual parm " << llvmModuleSet()->getSVFValue(AA)->toString() << " \n");
1134 
1135  NodeID dstFA = getValueNode(FA);
1136  NodeID srcAA = getValueNode(AA);
1137  FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1138  addCallEdge(srcAA, dstFA, callICFGNode, entry);
1139  }
1140  //Any remaining actual args must be varargs.
1141  if (F->isVarArg())
1142  {
1143  NodeID vaF = getVarargNode(svffun);
1144  DBOUT(DPAGBuild, outs() << "\n varargs:");
1145  for (; itA != ieA; ++itA)
1146  {
1147  const Value* AA = cs->getArgOperand(itA);
1148  NodeID vnAA = getValueNode(AA);
1149  FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1150  addCallEdge(vnAA,vaF, callICFGNode,entry);
1151  }
1152  }
1153  if(itA != ieA)
1154  {
1157  writeWrnMsg("too many args to non-vararg func.");
1158  writeWrnMsg("(" + callICFGNode->getSourceLoc() + ")");
1159 
1160  }
1161 }
1162 
1163 const Value* SVFIRBuilder::getBaseValueForExtArg(const Value* V)
1164 {
1165  const Value* value = stripAllCasts(V);
1166  assert(value && "null ptr?");
1167  if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
1168  {
1169  APOffset totalidx = 0;
1170  for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1171  {
1172  if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1173  totalidx += op->getSExtValue();
1174  }
1175  if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
1176  value = gep->getPointerOperand();
1177  }
1178  return value;
1179 }
1180 
1184 void SVFIRBuilder::handleIndCall(CallBase* cs)
1185 {
1186  const SVFValue* svfcalledval = llvmModuleSet()->getSVFValue(cs->getCalledOperand());
1187 
1188  const CallICFGNode* cbn = llvmModuleSet()->getCallICFGNode(cs);
1189  pag->addIndirectCallsites(cbn,pag->getValueNode(svfcalledval));
1190 }
1191 
1192 void SVFIRBuilder::updateCallGraph(PTACallGraph* callgraph)
1193 {
1194  PTACallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
1195  PTACallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
1196  for (; iter != eiter; iter++)
1197  {
1198  const CallICFGNode* callBlock = iter->first;
1199  const CallBase* callbase = SVFUtil::cast<CallBase>(llvmModuleSet()->getLLVMValue(callBlock));
1200  assert(callBlock->isIndirectCall() && "this is not an indirect call?");
1201  const PTACallGraph::FunctionSet& functions = iter->second;
1202  for (PTACallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
1203  {
1204  const Function* callee = SVFUtil::cast<Function>(llvmModuleSet()->getLLVMValue(*func_iter));
1205 
1206  if (isExtCall(*func_iter))
1207  {
1208  setCurrentLocation(callee, callee->empty() ? nullptr : &callee->getEntryBlock());
1209  const SVFFunction* svfcallee = llvmModuleSet()->getSVFFunction(callee);
1210  handleExtCall(callbase, svfcallee);
1211  }
1212  else
1213  {
1214  setCurrentLocation(llvmModuleSet()->getSVFValue(llvmModuleSet()->getLLVMValue(callBlock)), callBlock->getBB());
1215  handleDirectCall(const_cast<CallBase*>(callbase), callee);
1216  }
1217  }
1218  }
1219 
1220  // dump SVFIR
1221  if (Options::PAGDotGraph())
1222  pag->dump("svfir_final");
1223 }
1224 
1225 /*
1226  * TODO: more sanity checks might be needed here
1227  */
1228 void SVFIRBuilder::sanityCheck()
1229 {
1230  for (SVFIR::iterator nIter = pag->begin(); nIter != pag->end(); ++nIter)
1231  {
1232  (void) pag->getGNode(nIter->first);
1233  //TODO::
1234  // (1) every source(root) node of a pag tree should be object node
1235  // if a node has no incoming edge, but has outgoing edges
1236  // then it has to be an object node.
1237  // (2) make sure every variable should be initialized
1238  // otherwise it causes the a null pointer, the aliasing relation may not be captured
1239  // when loading a pointer value should make sure
1240  // some value has been store into this pointer before
1241  // q = load p, some value should stored into p first like store w p;
1242  // (3) make sure PAGNode should not have a const expr value (pointer should have unique def)
1243  // (4) look closely into addComplexConsForExt, make sure program locations(e.g.,inst bb)
1244  // are set correctly for dummy gepval node
1245  // (5) reduce unnecessary copy edge (const casts) and ensure correctness.
1246  }
1247 }
1248 
1249 
1254 NodeID SVFIRBuilder::getGepValVar(const Value* val, const AccessPath& ap, const SVFType* elementType)
1255 {
1256  NodeID base = getValueNode(val);
1257  NodeID gepval = pag->getGepValVar(curVal, base, ap);
1258  if (gepval==UINT_MAX)
1259  {
1260  assert(((int) UINT_MAX)==-1 && "maximum limit of unsigned int is not -1?");
1261  /*
1262  * getGepValVar can only be called from two places:
1263  * 1. SVFIRBuilder::addComplexConsForExt to handle external calls
1264  * 2. SVFIRBuilder::getGlobalVarField to initialize global variable
1265  * so curVal can only be
1266  * 1. Instruction
1267  * 2. GlobalVariable
1268  */
1269  assert((SVFUtil::isa<SVFInstruction, SVFGlobalValue>(curVal)) && "curVal not an instruction or a globalvariable?");
1270 
1271  // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
1272  // We preserve the current BB information to restore it after creating the gepNode
1273  const SVFValue* cval = getCurrentValue();
1274  const SVFBasicBlock* cbb = getCurrentBB();
1275  setCurrentLocation(curVal, nullptr);
1276  LLVMModuleSet* llvmmodule = llvmModuleSet();
1277  NodeID gepNode = pag->addGepValNode(curVal, llvmmodule->getSVFValue(val), ap,
1278  NodeIDAllocator::get()->allocateValueId(),
1279  llvmmodule->getSVFType(PointerType::getUnqual(llvmmodule->getContext())));
1280  addGepEdge(base, gepNode, ap, true);
1281  setCurrentLocation(cval, cbb);
1282  return gepNode;
1283  }
1284  else
1285  return gepval;
1286 }
1287 
1288 
1289 /*
1290  * curVal <--------> PAGEdge
1291  * Instruction Any Edge
1292  * Argument CopyEdge (SVFIR::addFormalParamBlackHoleAddrEdge)
1293  * ConstantExpr CopyEdge (Int2PtrConstantExpr CastConstantExpr SVFIRBuilder::processCE)
1294  * GepEdge (GepConstantExpr SVFIRBuilder::processCE)
1295  * ConstantPointerNull CopyEdge (3-->2 NullPtr-->BlkPtr SVFIR::addNullPtrNode)
1296  * AddrEdge (0-->2 BlkObj-->BlkPtr SVFIR::addNullPtrNode)
1297  * GlobalVariable AddrEdge (SVFIRBuilder::visitGlobal)
1298  * GepEdge (SVFIRBuilder::getGlobalVarField)
1299  * Function AddrEdge (SVFIRBuilder::visitGlobal)
1300  * Constant StoreEdge (SVFIRBuilder::InitialGlobal)
1301  */
1302 void SVFIRBuilder::setCurrentBBAndValueForPAGEdge(PAGEdge* edge)
1303 {
1304  if (SVFModule::pagReadFromTXT())
1305  return;
1306 
1307  assert(curVal && "current Val is nullptr?");
1308  edge->setBB(curBB!=nullptr ? curBB : nullptr);
1309  edge->setValue(curVal);
1310  // backmap in valuToEdgeMap
1311  pag->mapValueToEdge(curVal, edge);
1312  ICFGNode* icfgNode = pag->getICFG()->getGlobalICFGNode();
1313  LLVMModuleSet* llvmMS = llvmModuleSet();
1314  if (const SVFInstruction* curInst = SVFUtil::dyn_cast<SVFInstruction>(curVal))
1315  {
1316  const SVFFunction* srcFun = edge->getSrcNode()->getFunction();
1317  const SVFFunction* dstFun = edge->getDstNode()->getFunction();
1318  if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<SVFFunction>(edge->getSrcNode()->getValue()))
1319  {
1320  assert(srcFun==curInst->getFunction() && "SrcNode of the PAGEdge not in the same function?");
1321  }
1322  if(dstFun!=nullptr && !SVFUtil::isa<CallPE>(edge) && !SVFUtil::isa<SVFFunction>(edge->getDstNode()->getValue()))
1323  {
1324  assert(dstFun==curInst->getFunction() && "DstNode of the PAGEdge not in the same function?");
1325  }
1326 
1328  if (!(SVFUtil::isa<GepStmt>(edge) && SVFUtil::isa<GepValVar>(edge->getDstNode())))
1329  assert(curBB && "instruction does not have a basic block??");
1330 
1332  if(curInst->isRetInst())
1333  {
1334  icfgNode = pag->getICFG()->getFunExitICFGNode(curInst->getFunction());
1335  }
1336  else
1337  {
1338  if(SVFUtil::isa<RetPE>(edge))
1339  icfgNode = llvmMS->getRetICFGNode(SVFUtil::cast<Instruction>(llvmMS->getLLVMValue(curInst)));
1340  else
1341  icfgNode = llvmMS->getICFGNode(SVFUtil::cast<Instruction>(llvmMS->getLLVMValue(curInst)));
1342  }
1343  }
1344  else if (const SVFArgument* arg = SVFUtil::dyn_cast<SVFArgument>(curVal))
1345  {
1346  assert(curBB && (curBB->getParent()->getEntryBlock() == curBB));
1347  icfgNode = pag->getICFG()->getFunEntryICFGNode(arg->getParent());
1348  }
1349  else if (SVFUtil::isa<SVFConstant>(curVal) ||
1350  SVFUtil::isa<SVFFunction>(curVal) ||
1351  SVFUtil::isa<SVFMetadataAsValue>(curVal))
1352  {
1353  if (!curBB)
1354  pag->addGlobalPAGEdge(edge);
1355  else
1356  {
1357  icfgNode = const_cast<ICFGNode*>(curBB->front());
1358  }
1359  }
1360  else
1361  {
1362  assert(false && "what else value can we have?");
1363  }
1364 
1365  pag->addToSVFStmtList(icfgNode,edge);
1366  icfgNode->addSVFStmt(edge);
1367  if(const CallPE* callPE = SVFUtil::dyn_cast<CallPE>(edge))
1368  {
1369  CallICFGNode* callNode = const_cast<CallICFGNode*>(callPE->getCallSite());
1370  FunEntryICFGNode* entryNode = const_cast<FunEntryICFGNode*>(callPE->getFunEntryICFGNode());
1371  if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(callNode,entryNode, ICFGEdge::CallCF))
1372  SVFUtil::cast<CallCFGEdge>(edge)->addCallPE(callPE);
1373  }
1374  else if(const RetPE* retPE = SVFUtil::dyn_cast<RetPE>(edge))
1375  {
1376  RetICFGNode* retNode = const_cast<RetICFGNode*>(retPE->getCallSite()->getRetICFGNode());
1377  FunExitICFGNode* exitNode = const_cast<FunExitICFGNode*>(retPE->getFunExitICFGNode());
1378  if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(exitNode, retNode, ICFGEdge::RetCF))
1379  SVFUtil::cast<RetCFGEdge>(edge)->addRetPE(retPE);
1380  }
1381 }
1382 
1383 
1390 AccessPath SVFIRBuilder::getAccessPathFromBaseNode(NodeID nodeId)
1391 {
1392  SVFVar* node = pag->getGNode(nodeId);
1393  SVFStmt::SVFStmtSetTy& geps = node->getIncomingEdges(SVFStmt::Gep);
1395  if(geps.empty())
1396  return AccessPath(0);
1397 
1398  assert(geps.size()==1 && "one node can only be connected by at most one gep edge!");
1399  SVFVar::iterator it = geps.begin();
1400  const GepStmt* gepEdge = SVFUtil::cast<GepStmt>(*it);
1401  if(gepEdge->isVariantFieldGep())
1402  return AccessPath(0);
1403  else
1404  return gepEdge->getAccessPath();
1405 }
F
#define F(f)
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition: SVFType.h:484
TIMEINTERVAL
#define TIMEINTERVAL
Definition: SVFType.h:512
DGENERAL
#define DGENERAL
Definition: SVFType.h:490
DPAGBuild
#define DPAGBuild
Definition: SVFType.h:492
offset
buffer offset
Definition: cJSON.cpp:1113
SVF::AccessPath::addOffsetVarAndGepTypePair
bool addOffsetVarAndGepTypePair(const SVFVar *var, const SVFType *gepIterType)
Definition: AccessPath.cpp:42
SVF::AccessPath::getConstantStructFldIdx
APOffset getConstantStructFldIdx() const
Get methods.
Definition: AccessPath.h:100
SVF::AccessPath::setFldIdx
void setFldIdx(APOffset idx)
Definition: AccessPath.h:104
SVF::BranchStmt::SuccAndCondPairVec
std::vector< std::pair< const ICFGNode *, s32_t > > SuccAndCondPairVec
Definition: SVFStatements.h:1166
SVF::CallICFGNode::getSourceLoc
const std::string getSourceLoc() const override
Definition: ICFGNode.h:588
SVF::CallICFGNode::isIndirectCall
bool isIndirectCall() const
Return true if this is an indirect call.
Definition: ICFGNode.h:482
SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition: ICFGNode.h:527
SVF::CallICFGNode::setVtablePtr
void setVtablePtr(SVFVar *v)
Definition: ICFGNode.h:532
SVF::GenericEdge::getSrcNode
NodeType * getSrcNode() const
Definition: GenericGraph.h:97
SVF::GenericEdge::getDstNode
NodeType * getDstNode() const
Definition: GenericGraph.h:101
SVF::GenericGraph< SVFVar, SVFStmt >::iterator
IDToNodeMapTy::iterator iterator
Node Iterators.
Definition: GenericGraph.h:606
SVF::GenericNode::iterator
GEdgeSetTy::iterator iterator
Definition: GenericGraph.h:405
SVF::GepStmt::isVariantFieldGep
bool isVariantFieldGep() const
Gep statement with a variant field index (pointer arithmetic) for struct field access.
Definition: SVFStatements.h:592
SVF::GepStmt::getAccessPath
const AccessPath & getAccessPath() const
Definition: SVFStatements.h:556
SVF::ICFGNode::addSVFStmt
void addSVFStmt(const SVFStmt *edge)
Definition: ICFGNode.h:112
SVF::ICFGNode::getBB
virtual const SVFBasicBlock * getBB() const
Return the basic block of this ICFGNode.
Definition: ICFGNode.h:82
SVF::LLVMLoopAnalysis::build
virtual void build(ICFG *icfg)
Start from here.
Definition: LLVMLoopAnalysis.cpp:90
SVF::LLVMModuleSet::getSVFType
SVFType * getSVFType(const Type *T)
Get or create SVFType and typeinfo.
Definition: LLVMModule.cpp:1384
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition: LLVMModule.cpp:1399
SVF::LLVMModuleSet::getRetICFGNode
RetICFGNode * getRetICFGNode(const Instruction *cs)
get a return node
Definition: LLVMModule.cpp:1435
SVF::LLVMModuleSet::getLLVMValue
const Value * getLLVMValue(const SVFValue *value) const
Definition: LLVMModule.h:216
SVF::LLVMModuleSet::getContext
LLVMContext & getContext() const
Definition: LLVMModule.h:349
SVF::LLVMModuleSet::getSVFValue
SVFValue * getSVFValue(const Value *value)
Definition: LLVMModule.cpp:1347
SVF::PAGBuilderFromFile::build
SVFIR * build()
Start building.
Definition: PAGBuilderFromFile.cpp:61
SVF::PTACallGraph::FunctionSet
Set< const SVFFunction * > FunctionSet
Definition: PTACallGraph.h:251
SVF::PTACallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition: PTACallGraph.h:304
SVF::SVFStmt::setBB
void setBB(const SVFBasicBlock *bb)
Definition: SVFStatements.h:151
SVF::SVFStmt::setValue
void setValue(const SVFValue *val)
Definition: SVFStatements.h:143
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition: SVFStatements.h:217
SVF::SVFType::isPointerTy
bool isPointerTy() const
Definition: SVFType.h:249
SVF::SVFVar::getIncomingEdges
SVFStmt::SVFStmtSetTy & getIncomingEdges(SVFStmt::PEDGEK kind)
Get incoming SVFIR statements (edges)
Definition: SVFVariables.h:137
SVF::SymbolTableInfo::blackholeSymID
SymID blackholeSymID() const
Definition: SymbolTableInfo.h:198
SVF::SymbolTableInfo::blkPtrSymID
SymID blkPtrSymID() const
Definition: SymbolTableInfo.h:183
SVF::SymbolTableInfo::getTotalSymNum
u32_t getTotalSymNum() const
Statistics.
Definition: SymbolTableInfo.h:248
SVF::SymbolTableInfo::objSyms
ValueToIDMapTy & objSyms()
Definition: SymbolTableInfo.h:265
SVF::SymbolTableInfo::valSyms
ValueToIDMapTy & valSyms()
Get different kinds of syms maps.
Definition: SymbolTableInfo.h:260
SVF::SymbolTableInfo::retSyms
FunToIDMapTy & retSyms()
Definition: SymbolTableInfo.h:280
SVF::SymbolTableInfo::constantSymID
SymID constantSymID() const
Definition: SymbolTableInfo.h:193
SVF::SymbolTableInfo::varargSyms
FunToIDMapTy & varargSyms()
Definition: SymbolTableInfo.h:285
SVF::SymbolTableInfo::nullPtrSymID
SymID nullPtrSymID() const
Definition: SymbolTableInfo.h:188
llvm::generic_bridge_gep_type_iterator
Definition: GEPTypeBridgeIterator.h:18
SVF::LLVMUtil::isIntrinsicInst
bool isIntrinsicInst(const Instruction *inst)
Return true if it is an intrinsic instruction.
Definition: LLVMUtil.cpp:204
SVF::LLVMUtil::getDataLayout
static DataLayout * getDataLayout(Module *mod)
Definition: LLVMUtil.h:279
SVF::LLVMUtil::isUnaryConstantExpr
const ConstantExpr * isUnaryConstantExpr(const Value *val)
Definition: LLVMUtil.h:267
SVF::LLVMUtil::isPtr2IntConstantExpr
const ConstantExpr * isPtr2IntConstantExpr(const Value *val)
Definition: LLVMUtil.h:201
SVF::LLVMUtil::isBinaryConstantExpr
const ConstantExpr * isBinaryConstantExpr(const Value *val)
Definition: LLVMUtil.h:256
SVF::LLVMUtil::stripAllCasts
const Value * stripAllCasts(const Value *val)
Strip off the all casts.
Definition: LLVMUtil.cpp:251
SVF::LLVMUtil::getNextInsts
void getNextInsts(const Instruction *curInst, std::vector< const Instruction * > &instList)
Get the next instructions following control flow.
Definition: LLVMUtil.cpp:551
SVF::LLVMUtil::isTruncConstantExpr
const ConstantExpr * isTruncConstantExpr(const Value *val)
Definition: LLVMUtil.h:231
SVF::LLVMUtil::isCmpConstantExpr
const ConstantExpr * isCmpConstantExpr(const Value *val)
Definition: LLVMUtil.h:245
SVF::LLVMUtil::isGepConstantExpr
const ConstantExpr * isGepConstantExpr(const Value *val)
Return corresponding constant expression, otherwise return nullptr.
Definition: LLVMUtil.h:181
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition: LLVMUtil.h:63
SVF::LLVMUtil::isConstantObjSym
bool isConstantObjSym(const SVFValue *val)
Check whether this value points-to a constant object.
Definition: LLVMUtil.cpp:579
SVF::LLVMUtil::isInt2PtrConstantExpr
const ConstantExpr * isInt2PtrConstantExpr(const Value *val)
Definition: LLVMUtil.h:191
SVF::LLVMUtil::isSelectConstantExpr
const ConstantExpr * isSelectConstantExpr(const Value *val)
Definition: LLVMUtil.h:221
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition: LLVMUtil.h:211
SVF::LLVMUtil::dumpValue
std::string dumpValue(const Value *val)
Definition: LLVMUtil.cpp:585
SVF::SVFUtil::isExtCall
bool isExtCall(const SVFFunction *fun)
Definition: SVFUtil.h:278
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition: SVFUtil.cpp:99
SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition: SVFUtil.cpp:66
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition: SVFUtil.h:50
SVF::cppUtil::getVCallVtblPtr
const Value * getVCallVtblPtr(const CallBase *cs)
Definition: CppUtil.cpp:537
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition: CppUtil.cpp:336
SVF
for isBitcode
Definition: BasicTypes.h:68
SVF::DataLayout
llvm::DataLayout DataLayout
Definition: BasicTypes.h:108
SVF::GlobalVariable
llvm::GlobalVariable GlobalVariable
Definition: BasicTypes.h:130
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition: BasicTypes.h:128
SVF::ArrayType
llvm::ArrayType ArrayType
Definition: BasicTypes.h:95
SVF::Type
llvm::Type Type
Definition: BasicTypes.h:83
SVF::CallBase
llvm::CallBase CallBase
Definition: BasicTypes.h:146
SVF::BasicBlock
llvm::BasicBlock BasicBlock
Definition: BasicTypes.h:86
SVF::UnaryOperator
llvm::UnaryOperator UnaryOperator
Definition: BasicTypes.h:180
SVF::StructType
llvm::StructType StructType
LLVM types.
Definition: BasicTypes.h:94
SVF::AllocaInst
llvm::AllocaInst AllocaInst
Definition: BasicTypes.h:150
SVF::SwitchInst
llvm::SwitchInst SwitchInst
Definition: BasicTypes.h:155
SVF::NodeID
u32_t NodeID
Definition: GeneralType.h:55
SVF::InvokeInst
llvm::InvokeInst InvokeInst
Definition: BasicTypes.h:163
SVF::LoadInst
llvm::LoadInst LoadInst
Definition: BasicTypes.h:149
SVF::APOffset
s64_t APOffset
Definition: GeneralType.h:60
SVF::CmpInst
llvm::CmpInst CmpInst
Definition: BasicTypes.h:159
SVF::Function
llvm::Function Function
Definition: BasicTypes.h:85
SVF::ConstantData
llvm::ConstantData ConstantData
Definition: BasicTypes.h:116
SVF::Instruction
llvm::Instruction Instruction
Definition: BasicTypes.h:87
SVF::Constant
llvm::Constant Constant
Definition: BasicTypes.h:124
SVF::GEPOperator
llvm::GEPOperator GEPOperator
Definition: BasicTypes.h:182
SVF::ConstantDataSequential
llvm::ConstantDataSequential ConstantDataSequential
Definition: BasicTypes.h:119
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition: BasicTypes.h:82
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition: BasicTypes.h:120
SVF::CastInst
llvm::CastInst CastInst
Definition: BasicTypes.h:158
SVF::FreezeInst
llvm::FreezeInst FreezeInst
Definition: BasicTypes.h:169
SVF::Module
llvm::Module Module
Definition: BasicTypes.h:84
SVF::BinaryOperator
llvm::BinaryOperator BinaryOperator
Definition: BasicTypes.h:179
SVF::StoreInst
llvm::StoreInst StoreInst
Definition: BasicTypes.h:148
SVF::SelectInst
llvm::SelectInst SelectInst
Definition: BasicTypes.h:174
SVF::VAArgInst
llvm::VAArgInst VAArgInst
Definition: BasicTypes.h:175
SVF::GetElementPtrInst
llvm::GetElementPtrInst GetElementPtrInst
Definition: BasicTypes.h:162
SVF::CallBrInst
llvm::CallBrInst CallBrInst
Definition: BasicTypes.h:156
SVF::ReturnInst
llvm::ReturnInst ReturnInst
Definition: BasicTypes.h:157
SVF::PHINode
llvm::PHINode PHINode
Definition: BasicTypes.h:165
SVF::BranchInst
llvm::BranchInst BranchInst
Definition: BasicTypes.h:154
SVF::ExtractValueInst
llvm::ExtractValueInst ExtractValueInst
Definition: BasicTypes.h:160
SVF::u32_t
unsigned u32_t
Definition: GeneralType.h:46
SVF::s64_t
signed long long s64_t
Definition: GeneralType.h:49
SVF::CallInst
llvm::CallInst CallInst
Definition: BasicTypes.h:147
SVF::ConstantInt
llvm::ConstantInt ConstantInt
Definition: BasicTypes.h:125
SVF::ExtractElementInst
llvm::ExtractElementInst ExtractElementInst
Definition: BasicTypes.h:161
SVF::User
llvm::User User
Definition: BasicTypes.h:142
llvm::bridge_gep_end
bridge_gep_iterator bridge_gep_end(const User *GEP)
Definition: GEPTypeBridgeIterator.h:157
llvm::bridge_gep_begin
bridge_gep_iterator bridge_gep_begin(const User *GEP)
Definition: GEPTypeBridgeIterator.h:149
Generated by doxygen 1.9.1