Static Value-Flow Analysis
Loading...
Searching...
No Matches
SaberCondAllocator.cpp
Go to the documentation of this file.
1//===- PathAllocator.cpp -- Path condition analysis---------------------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22
23
24/*
25 * PathAllocator.cpp
26 *
27 * Created on: Apr 3, 2014
28 * Author: Yulei Sui
29 */
30
31#include "Util/Options.h"
32#include "SABER/SaberCondAllocator.h"
33#include "Util/DPItem.h"
34#include "Graphs/SVFG.h"
35#include <climits>
36#include <cmath>
37#include "SVFIR/SVFStatements.h"
38#include "Graphs/CallGraph.h"
39
40using namespace SVF;
41using namespace SVFUtil;
42
43u64_t DPItem::maximumBudget = ULONG_MAX - 1;
44u32_t ContextCond::maximumCxtLen = 0;
45u32_t ContextCond::maximumCxt = 0;
46u32_t ContextCond::maximumPathLen = 0;
47u32_t ContextCond::maximumPath = 0;
48u32_t SaberCondAllocator::totalCondNum = 0;
49
50
55
59void SaberCondAllocator::allocate()
60{
61 DBOUT(DGENERAL, outs() << pasMsg("path condition allocation starts\n"));
62
63 CallGraph* svfirCallGraph = PAG::getPAG()->getCallGraph();
64 for (const auto& item: *svfirCallGraph)
65 {
66 const FunObjVar *func = (item.second)->getFunction();
67 if (!SVFUtil::isExtCall(func))
68 {
69 // Allocate conditions for a program.
70 for (FunObjVar::const_bb_iterator bit = func->begin(), ebit = func->end();
71 bit != ebit; ++bit)
72 {
73 const SVFBasicBlock* bb = bit->second;
74 collectBBCallingProgExit(*bb);
75 allocateForBB(*bb);
76 }
77 }
78 }
79
80 if (Options::PrintPathCond())
81 printPathCond();
82
83 DBOUT(DGENERAL, outs() << pasMsg("path condition allocation ends\n"));
84}
85
89void SaberCondAllocator::allocateForBB(const SVFBasicBlock &bb)
90{
91
92 u32_t succ_number = bb.getNumSuccessors();
93
94 // if successor number greater than 1, allocate new decision variable for successors
95 if (succ_number > 1)
96 {
97
98 //allocate log2(num_succ) decision variables
99 double num = log(succ_number) / log(2);
100 u32_t bit_num = (u32_t) ceil(num);
101 u32_t succ_index = 0;
102 std::vector<Condition> condVec;
103 for (u32_t i = 0; i < bit_num; i++)
104 {
105 condVec.push_back(newCond(bb.back()));
106 }
107
108 // iterate each successor
109 for (const SVFBasicBlock* svf_succ_bb : bb.getSuccessors())
110 {
111 Condition path_cond = getTrueCond();
112
114
115 // for each successor decide its bit representation
116 // decide whether each bit of succ_index is 1 or 0, if (three successor) succ_index is 000 then use C1^C2^C3
117 // if 001 use C1^C2^negC3
118 for (u32_t j = 0; j < bit_num; j++)
119 {
120 //test each bit of this successor's index (binary representation)
121 u32_t tool = 0x01 << j;
122 if (tool & succ_index)
123 {
124 path_cond = condAnd(path_cond, (condNeg(condVec.at(j))));
125 }
126 else
127 {
128 path_cond = condAnd(path_cond, condVec.at(j));
129 }
130 }
131 setBranchCond(&bb, svf_succ_bb, path_cond);
132
133 succ_index++;
134 }
135
136 }
137}
138
142SaberCondAllocator::Condition SaberCondAllocator::getBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ) const
143{
144 u32_t pos = bb->getBBSuccessorPos(succ);
145 if(bb->getNumSuccessors() == 1)
146 return getTrueCond();
147 else
148 {
149 BBCondMap::const_iterator it = bbConds.find(bb);
150 assert(it != bbConds.end() && "basic block does not have branch and conditions??");
151 CondPosMap::const_iterator cit = it->second.find(pos);
152 assert(cit != it->second.end() && "no condition on the branch??");
153 return cit->second;
154 }
155}
156
164
168void SaberCondAllocator::setBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ, const Condition &cond)
169{
171 assert(bb->getNumSuccessors() > 1 && "not more than one successor??");
172 u32_t pos = bb->getBBSuccessorPos(succ);
173 CondPosMap& condPosMap = bbConds[bb];
174
177 //assert(condPosMap.find(pos) == condPosMap.end() && "this branch has already been set ");
178
179 condPosMap[pos] = cond;
180}
181
185SaberCondAllocator::Condition
186SaberCondAllocator::evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const SVFBasicBlock* succ)
187{
188
189 const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
190
191 const ValVar* condVar = SVFUtil::cast<ValVar>(branchStmt->getCondition());
192 if (condVar->isConstDataOrAggDataButNotNullPtr())
193 {
194 // branch condition is a constant value, return nullexpr because it cannot be test null
195 // br i1 false, label %44, label %75, !dbg !7669 { "ln": 2033, "cl": 7, "fl": "re_lexer.c" }
196 return Condition::nullExpr();
197 }
198 if (isTestNullExpr(SVFUtil::cast<ICFGNode>(condVar->getICFGNode())))
199 {
200 // succ is then branch
201 if (succ1 == succ)
202 return getFalseCond();
203 // succ is else branch
204 else
205 return getTrueCond();
206 }
207 if (isTestNotNullExpr(condVar->getICFGNode()))
208 {
209 // succ is then branch
210 if (succ1 == succ)
211 return getTrueCond();
212 // succ is else branch
213 else
214 return getFalseCond();
215 }
216 return Condition::nullExpr();
217}
218
222SaberCondAllocator::Condition SaberCondAllocator::evaluateProgExit(const BranchStmt *branchStmt, const SVFBasicBlock* succ)
223{
224 const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
225 const SVFBasicBlock* succ2 = branchStmt->getSuccessor(1)->getBB();
226
227 bool branch1 = isBBCallsProgExit(succ1);
228 bool branch2 = isBBCallsProgExit(succ2);
229
231 if (branch1 && !branch2)
232 {
233 // succ is then branch
234 if (succ1 == succ)
235 return getFalseCond();
236 // succ is else branch
237 else
238 return getTrueCond();
239 }
241 else if (!branch1 && branch2)
242 {
243 // succ is else branch
244 if (succ2 == succ)
245 return getFalseCond();
246 // succ is then branch
247 else
248 return getTrueCond();
249 }
250 // two branches both call program exit
251 else if (branch1 && branch2)
252 {
253 return getFalseCond();
254 }
256 else
257 return Condition::nullExpr();
258
259}
260
266SaberCondAllocator::Condition SaberCondAllocator::evaluateLoopExitBranch(const SVFBasicBlock* bb, const SVFBasicBlock* dst)
267{
268 const FunObjVar* svffun = bb->getParent();
269 assert(svffun == dst->getParent() && "two basic blocks should be in the same function");
270
271 if (svffun->isLoopHeader(bb))
272 {
273 Set<const SVFBasicBlock* > filteredbbs;
274 std::vector<const SVFBasicBlock*> exitbbs;
275 svffun->getExitBlocksOfLoop(bb,exitbbs);
277 for(const SVFBasicBlock* eb : exitbbs)
278 {
279 if(!isBBCallsProgExit(eb))
280 filteredbbs.insert(eb);
281 }
282
284 bool allPDT = true;
285 for (const auto &filteredbb: filteredbbs)
286 {
287 if (!postDominate(dst, filteredbb))
288 allPDT = false;
289 }
290
291 if (allPDT)
292 return getTrueCond();
293 }
294 return Condition::nullExpr();
295}
296
302SaberCondAllocator::Condition SaberCondAllocator::evaluateBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ)
303{
304 if(bb->getNumSuccessors() == 1)
305 {
306 return getTrueCond();
307 }
308
309 assert(!bb->getICFGNodeList().empty() && "bb not empty");
310 if (const ICFGNode* icfgNode = bb->back())
311 {
312 for (const auto &svfStmt: icfgNode->getSVFStmts())
313 {
314 if (const BranchStmt *branchStmt = SVFUtil::dyn_cast<BranchStmt>(svfStmt))
315 {
316 if (branchStmt->getNumSuccessors() == 2)
317 {
318 const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
319 const SVFBasicBlock* succ2 = branchStmt->getSuccessor(1)->getBB();
320 bool is_succ = (succ1 == succ || succ2 == succ);
321 (void)is_succ; // Suppress warning of unused variable under release build
322 assert(is_succ && "not a successor??");
323 Condition evalLoopExit = evaluateLoopExitBranch(bb, succ);
324 if (!eq(evalLoopExit, Condition::nullExpr()))
325 return evalLoopExit;
326
327 Condition evalProgExit = evaluateProgExit(branchStmt, succ);
328 if (!eq(evalProgExit, Condition::nullExpr()))
329 return evalProgExit;
330
331 Condition evalTestNullLike = evaluateTestNullLikeExpr(branchStmt, succ);
332 if (!eq(evalTestNullLike, Condition::nullExpr()))
333 return evalTestNullLike;
334 break;
335 }
336 }
337 }
338 }
339
340 return getBranchCond(bb, succ);
341}
342
343bool SaberCondAllocator::isEQCmp(const CmpStmt *cmp) const
344{
345 return (cmp->getPredicate() == CmpStmt::ICMP_EQ);
346}
347
348bool SaberCondAllocator::isNECmp(const CmpStmt *cmp) const
349{
350 return (cmp->getPredicate() == CmpStmt::ICMP_NE);
351}
352
353bool SaberCondAllocator::isTestNullExpr(const ICFGNode* test) const
354{
355 if(!test) return false;
356 for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(test))
357 {
358 if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
359 {
360 return isTestContainsNullAndTheValue(cmp) && isEQCmp(cmp);
361 }
362 }
363 return false;
364}
365
366bool SaberCondAllocator::isTestNotNullExpr(const ICFGNode* test) const
367{
368 if(!test) return false;
369 for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(test))
370 {
371 if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
372 {
373 return isTestContainsNullAndTheValue(cmp) && isNECmp(cmp);
374 }
375 }
376 return false;
377}
378
399bool SaberCondAllocator::isTestContainsNullAndTheValue(const CmpStmt *cmp) const
400{
401
402 // must be val var?
403 const SVFVar* op0 = cmp->getOpVar(0);
404 const SVFVar* op1 = cmp->getOpVar(1);
405 if (SVFUtil::isa<ConstNullPtrValVar>(op1))
406 {
407 Set<const SVFVar* > inDirVal;
408 inDirVal.insert(getCurEvalSVFGNode()->getValue());
409 for (const auto &it: getCurEvalSVFGNode()->getOutEdges())
410 {
411 inDirVal.insert(it->getDstNode()->getValue());
412 }
413 return inDirVal.find(op0) != inDirVal.end();
414 }
415 else if (SVFUtil::isa<ConstNullPtrValVar>(op0))
416 {
417 Set<const SVFVar* > inDirVal;
418 inDirVal.insert(getCurEvalSVFGNode()->getValue());
419 for (const auto &it: getCurEvalSVFGNode()->getOutEdges())
420 {
421 inDirVal.insert(it->getDstNode()->getValue());
422 }
423 return inDirVal.find(op1) != inDirVal.end();
424 }
425 return false;
426}
427
431void SaberCondAllocator::collectBBCallingProgExit(const SVFBasicBlock &bb)
432{
433
434 for (const auto& icfgNode: bb.getICFGNodeList())
435 {
436 if (const CallICFGNode* cs = SVFUtil::dyn_cast<CallICFGNode>(icfgNode))
437 if (SVFUtil::isProgExitCall(cs))
438 {
439 const FunObjVar* svfun = bb.getParent();
440 funToExitBBsMap[svfun].insert(&bb);
441 }
442 }
443}
444
448bool SaberCondAllocator::isBBCallsProgExit(const SVFBasicBlock* bb)
449{
450 const FunObjVar* svfun = bb->getParent();
451 FunToExitBBsMap::const_iterator it = funToExitBBsMap.find(svfun);
452 if (it != funToExitBBsMap.end())
453 {
454 for (const auto &bit: it->second)
455 {
456 if (postDominate(bit, bb))
457 return true;
458 }
459 }
460 return false;
461}
462
469SaberCondAllocator::Condition
470SaberCondAllocator::getPHIComplementCond(const SVFBasicBlock* BB1, const SVFBasicBlock* BB2, const SVFBasicBlock* BB0)
471{
472 assert(BB1 && BB2 && "expect nullptr BB here!");
473
475 if (dominate(BB1, BB2) && ! dominate(BB0, BB2))
476 {
477 Condition cond = ComputeIntraVFGGuard(BB1, BB2);
478 return condNeg(cond);
479 }
480
481 return getTrueCond();
482}
483
489SaberCondAllocator::Condition
500
506SaberCondAllocator::Condition
517
521SaberCondAllocator::Condition SaberCondAllocator::ComputeIntraVFGGuard(const SVFBasicBlock* srcBB, const SVFBasicBlock* dstBB)
522{
523
524 assert(srcBB->getParent() == dstBB->getParent() && "two basic blocks are not in the same function??");
525
526 if (postDominate(dstBB, srcBB))
527 return getTrueCond();
528
529 CFWorkList worklist;
530 worklist.push(srcBB);
531 setCFCond(srcBB, getTrueCond());
532
533 while (!worklist.empty())
534 {
535 const SVFBasicBlock* bb = worklist.pop();
536 Condition cond = getCFCond(bb);
537
540 Condition loopExitCond = evaluateLoopExitBranch(bb, dstBB);
541 if (!eq(loopExitCond, Condition::nullExpr()))
542 return condAnd(cond, loopExitCond);
543
544 for (const SVFBasicBlock* succ : bb->getSuccessors())
545 {
550 Condition brCond;
551 if (postDominate(succ, bb))
552 brCond = getTrueCond();
553 else
554 brCond = getEvalBrCond(bb, succ);
555
556 DBOUT(DSaber, outs() << " bb (" << bb->getName() <<
557 ") --> " << "succ_bb (" << succ->getName() << ") condition: " << brCond << "\n");
558 Condition succPathCond = condAnd(cond, brCond);
559 if (setCFCond(succ, condOr(getCFCond(succ), succPathCond)))
560 worklist.push(succ);
561 }
562 }
563
564 DBOUT(DSaber, outs() << " src_bb (" << srcBB->getName() <<
565 ") --> " << "dst_bb (" << dstBB->getName() << ") condition: " << getCFCond(dstBB)
566 << "\n");
567
568 return getCFCond(dstBB);
569}
570
571
575void SaberCondAllocator::printPathCond()
576{
577
578 outs() << "print path condition\n";
579
580 for (const auto &bbCond: bbConds)
581 {
582 const SVFBasicBlock* bb = bbCond.first;
583 for (const auto &cit: bbCond.second)
584 {
585 u32_t i = 0;
586 for (const SVFBasicBlock* succ: bb->getSuccessors())
587 {
588 if (i == cit.first)
589 {
590 Condition cond = cit.second;
591 outs() << bb->getName() << "-->" << succ->getName() << ":";
592 outs() << dumpCond(cond) << "\n";
593 break;
594 }
595 i++;
596 }
597 }
598 }
599}
600
602SaberCondAllocator::Condition SaberCondAllocator::newCond(const ICFGNode* inst)
603{
604 u32_t condCountIdx = totalCondNum++;
605 Condition expr = Condition::getContext().bool_const(("c" + std::to_string(condCountIdx)).c_str());
606 Condition negCond = Condition::NEG(expr);
607 setCondInst(expr, inst);
608 setNegCondInst(negCond, inst);
609 conditionVec.push_back(expr);
610 conditionVec.push_back(negCond);
611 return expr;
612}
613
615bool SaberCondAllocator::isEquivalentBranchCond(const Condition &lhs,
616 const Condition &rhs) const
617{
618 Condition::getSolver().push();
619 Condition::getSolver().add(lhs.getExpr() != rhs.getExpr());
620 z3::check_result res = Condition::getSolver().check();
621 Condition::getSolver().pop();
622 return res == z3::unsat;
623}
624
626bool SaberCondAllocator::isSatisfiable(const Condition &condition)
627{
628 Condition::getSolver().add(condition.getExpr());
629 z3::check_result result = Condition::getSolver().check();
630 Condition::getSolver().pop();
631 if (result == z3::sat || result == z3::unknown)
632 return true;
633 else
634 return false;
635}
636
638void SaberCondAllocator::extractSubConds(const Condition &condition, NodeBS &support) const
639{
640 if (condition.getExpr().num_args() == 1 && isNegCond(condition.id()))
641 {
642 support.set(condition.getExpr().id());
643 return;
644 }
645 if (condition.getExpr().num_args() == 0)
646 if (!condition.getExpr().is_true() && !condition.getExpr().is_false())
647 support.set(condition.getExpr().id());
648 for (u32_t i = 0; i < condition.getExpr().num_args(); ++i)
649 {
650 Condition expr = condition.getExpr().arg(i);
651 extractSubConds(expr, support);
652 }
653
654}
u32_t
unsigned u32_t
Definition CommandLine.h:18
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:498
DGENERAL
#define DGENERAL
Definition SVFType.h:504
DSaber
#define DSaber
Definition SVFType.h:518
item
cJSON * item
Definition cJSON.h:222
SVF::CmpStmt::ICMP_NE
@ ICMP_NE
not equal
Definition SVFStatements.h:972
SVF::ContextCond::maximumCxt
static u32_t maximumCxt
Definition DPItem.h:378
SVF::ContextCond::maximumCxtLen
static u32_t maximumCxtLen
Definition DPItem.h:374
SVF::ContextCond::maximumPath
static u32_t maximumPath
Definition DPItem.h:379
SVF::ContextCond::maximumPathLen
static u32_t maximumPathLen
Definition DPItem.h:375
SVF::DPItem::maximumBudget
static u64_t maximumBudget
Definition DPItem.h:48
SVF::FunObjVar::const_bb_iterator
BasicBlockGraph::IDToNodeMapTy::const_iterator const_bb_iterator
Definition SVFVariables.h:965
SVF::FunObjVar::getEntryBlock
const SVFBasicBlock * getEntryBlock() const
Definition SVFVariables.h:1170
SVF::GenericNode::getOutEdges
const GEdgeSetTy & getOutEdges() const
Definition GenericGraph.h:180
SVF::Options::PrintPathCond
static const Option< bool > PrintPathCond
Definition Options.h:199
SVF::SVFBasicBlock::getParent
const FunObjVar * getParent() const
Definition BasicBlockG.h:191
SVF::SVFBasicBlock::getICFGNodeList
const std::vector< const ICFGNode * > & getICFGNodeList() const
Definition BasicBlockG.h:137
SVF::SVFBasicBlock::getBBSuccessorPos
u32_t getBBSuccessorPos(const SVFBasicBlock *Succ)
Definition BasicBlockG.h:238
SVF::SVFBasicBlock::getNumSuccessors
u32_t getNumSuccessors() const
Definition BasicBlockG.h:234
SVF::SVFBasicBlock::back
const ICFGNode * back() const
Definition BasicBlockG.h:209
SVF::SVFBasicBlock::getSuccessors
std::vector< const SVFBasicBlock * > getSuccessors() const
Definition BasicBlockG.h:215
SVF::SVFIR::getCallGraph
CallGraph * getCallGraph()
Definition SVFIR.h:184
SVF::SVFIR::getSVFStmtList
SVFStmtList & getSVFStmtList(const ICFGNode *inst)
Given an instruction, get all its PAGEdges.
Definition SVFIR.h:249
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::SVFValue::getName
virtual const std::string & getName() const
Definition SVFValue.h:184
SVF::SaberCondAllocator::allocateForBB
virtual void allocateForBB(const SVFBasicBlock &bb)
Allocate path condition for every basic block.
Definition SaberCondAllocator.cpp:89
SVF::SaberCondAllocator::dumpCond
std::string dumpCond(const Condition &cond) const
Definition SaberCondAllocator.h:114
SVF::SaberCondAllocator::newCond
Condition newCond(const ICFGNode *inst)
Allocate a new condition.
Definition SaberCondAllocator.cpp:602
SVF::SaberCondAllocator::evaluateTestNullLikeExpr
Condition evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const SVFBasicBlock *succ)
Return branch condition after evaluating test null like expression.
Definition SaberCondAllocator.cpp:186
SVF::SaberCondAllocator::evaluateProgExit
Condition evaluateProgExit(const BranchStmt *branchStmt, const SVFBasicBlock *succ)
Return condition when there is a branch calls program exit.
Definition SaberCondAllocator.cpp:222
SVF::SaberCondAllocator::condOr
Condition condOr(const Condition &lhs, const Condition &rhs)
Definition SaberCondAllocator.h:90
SVF::SaberCondAllocator::isTestContainsNullAndTheValue
bool isTestContainsNullAndTheValue(const CmpStmt *cmp) const
Return true if two values on the predicate are what we want.
Definition SaberCondAllocator.cpp:399
SVF::SaberCondAllocator::isTestNullExpr
bool isTestNullExpr(const ICFGNode *test) const
Return true if this is a test null expression.
Definition SaberCondAllocator.cpp:353
SVF::SaberCondAllocator::printPathCond
void printPathCond()
Print out the path condition information.
Definition SaberCondAllocator.cpp:575
SVF::SaberCondAllocator::postDominate
bool postDominate(const SVFBasicBlock *bbKey, const SVFBasicBlock *bbValue) const
Definition SaberCondAllocator.h:146
SVF::SaberCondAllocator::setBranchCond
void setBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ, const Condition &cond)
Get/Set a branch condition, and its terminator instruction.
Definition SaberCondAllocator.cpp:168
SVF::SaberCondAllocator::getPHIComplementCond
virtual Condition getPHIComplementCond(const SVFBasicBlock *BB1, const SVFBasicBlock *BB2, const SVFBasicBlock *BB0)
Definition SaberCondAllocator.cpp:470
SVF::SaberCondAllocator::bbConds
BBCondMap bbConds
map basic block to its successors/predecessors branch conditions
Definition SaberCondAllocator.h:311
SVF::SaberCondAllocator::condNeg
Condition condNeg(const Condition &cond)
Definition SaberCondAllocator.h:94
SVF::SaberCondAllocator::allocate
void allocate()
Perform path allocation.
Definition SaberCondAllocator.cpp:59
SVF::SaberCondAllocator::totalCondNum
static u32_t totalCondNum
vector storing z3expression
Definition SaberCondAllocator.h:307
SVF::SaberCondAllocator::condAnd
Condition condAnd(const Condition &lhs, const Condition &rhs)
Condition operations.
Definition SaberCondAllocator.h:86
SVF::SaberCondAllocator::isSatisfiable
bool isSatisfiable(const Condition &condition)
whether condition is satisfiable
Definition SaberCondAllocator.cpp:626
SVF::SaberCondAllocator::getBranchCond
Condition getBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ) const
Get branch condition.
Definition SaberCondAllocator.cpp:142
SVF::SaberCondAllocator::ComputeInterRetVFGGuard
virtual Condition ComputeInterRetVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst, const SVFBasicBlock *retBB)
Definition SaberCondAllocator.cpp:507
SVF::SaberCondAllocator::getCurEvalSVFGNode
const SVFGNode * getCurEvalSVFGNode() const
Get current value for branch condition evaluation.
Definition SaberCondAllocator.h:186
SVF::SaberCondAllocator::getFalseCond
Condition getFalseCond() const
Definition SaberCondAllocator.h:102
SVF::SaberCondAllocator::setCFCond
bool setCFCond(const SVFBasicBlock *bb, const Condition &cond)
Get/Set control-flow conditions.
Definition SaberCondAllocator.h:214
SVF::SaberCondAllocator::collectBBCallingProgExit
void collectBBCallingProgExit(const SVFBasicBlock &bb)
Collect basic block contains program exit function call.
Definition SaberCondAllocator.cpp:431
SVF::SaberCondAllocator::isBBCallsProgExit
bool isBBCallsProgExit(const SVFBasicBlock *bb)
Definition SaberCondAllocator.cpp:448
SVF::SaberCondAllocator::extractSubConds
void extractSubConds(const Condition &condition, NodeBS &support) const
extract subexpression from a Z3 expression
Definition SaberCondAllocator.cpp:638
SVF::SaberCondAllocator::CondPosMap
Map< u32_t, Condition > CondPosMap
id to instruction map for z3
Definition SaberCondAllocator.h:52
SVF::SaberCondAllocator::isEquivalentBranchCond
bool isEquivalentBranchCond(const Condition &lhs, const Condition &rhs) const
Whether lhs and rhs are equivalent branch conditions.
Definition SaberCondAllocator.cpp:615
SVF::SaberCondAllocator::isEQCmp
bool isEQCmp(const CmpStmt *cmp) const
Evaluate test null/not null like expressions.
Definition SaberCondAllocator.cpp:343
SVF::SaberCondAllocator::isNECmp
bool isNECmp(const CmpStmt *cmp) const
Return true if the predicate of this compare instruction is not equal.
Definition SaberCondAllocator.cpp:348
SVF::SaberCondAllocator::evaluateBranchCond
Condition evaluateBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Evaluate branch conditions.
Definition SaberCondAllocator.cpp:302
SVF::SaberCondAllocator::evaluateLoopExitBranch
Condition evaluateLoopExitBranch(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Evaluate loop exit branch.
Definition SaberCondAllocator.cpp:266
SVF::SaberCondAllocator::getTrueCond
Condition getTrueCond() const
Definition SaberCondAllocator.h:98
SVF::SaberCondAllocator::CFWorkList
FIFOWorkList< const SVFBasicBlock * > CFWorkList
worklist for control-flow guard computation
Definition SaberCondAllocator.h:57
SVF::SaberCondAllocator::isTestNotNullExpr
bool isTestNotNullExpr(const ICFGNode *test) const
Return true if this is a test not null expression.
Definition SaberCondAllocator.cpp:366
SVF::SaberCondAllocator::getCFCond
Condition getCFCond(const SVFBasicBlock *bb) const
Definition SaberCondAllocator.h:224
SVF::SaberCondAllocator::funToExitBBsMap
FunToExitBBsMap funToExitBBsMap
map a function to all its basic blocks calling program exit
Definition SaberCondAllocator.h:301
SVF::SaberCondAllocator::isNegCond
bool isNegCond(u32_t id) const
Definition SaberCondAllocator.h:141
SVF::SaberCondAllocator::getEvalBrCond
Condition getEvalBrCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Get a condition, evaluate the value for conditions if necessary (e.g., testNull like express)
Definition SaberCondAllocator.cpp:157
SVF::SaberCondAllocator::ComputeInterCallVFGGuard
virtual Condition ComputeInterCallVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst, const SVFBasicBlock *callBB)
Definition SaberCondAllocator.cpp:490
SVF::SaberCondAllocator::setNegCondInst
void setNegCondInst(const Condition &condition, const ICFGNode *inst)
mark neg Z3 expression
Definition SaberCondAllocator.h:237
SVF::SaberCondAllocator::dominate
bool dominate(const SVFBasicBlock *bbKey, const SVFBasicBlock *bbValue) const
Definition SaberCondAllocator.h:156
SVF::SaberCondAllocator::setCondInst
void setCondInst(const Condition &condition, const ICFGNode *inst)
Definition SaberCondAllocator.h:134
SVF::SaberCondAllocator::ComputeIntraVFGGuard
virtual Condition ComputeIntraVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst)
Guard Computation for a value-flow (between two basic blocks)
Definition SaberCondAllocator.cpp:521
SVF::SaberCondAllocator::conditionVec
std::vector< Condition > conditionVec
bit vector for distinguish neg
Definition SaberCondAllocator.h:306
SVF::VFGNode::getValue
virtual const SVFVar * getValue() const
Return the corresponding LLVM value, if possible, nullptr otherwise.
Definition VFGNode.h:85
SVF::Z3Expr::getExpr
const z3::expr & getExpr() const
Definition Z3Expr.h:86
SVF::Z3Expr::getSolver
static z3::solver & getSolver()
Get z3 solver, singleton design here to make sure we only have one context.
Definition Z3Expr.cpp:56
SVF::Z3Expr::NEG
static Z3Expr NEG(const Z3Expr &z3Expr)
compute NEG
Definition Z3Expr.h:301
SVF::Z3Expr::nullExpr
static z3::expr nullExpr()
null expression
Definition Z3Expr.h:105
SVF::Z3Expr::id
u32_t id() const
get id
Definition Z3Expr.h:111
SVF::Z3Expr::getContext
static z3::context & getContext()
Get z3 context, singleton design here to make sure we only have one context.
Definition Z3Expr.cpp:66
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::isExtCall
bool isExtCall(const FunObjVar *fun)
Definition SVFUtil.cpp:437
SVF::SVFUtil::isProgExitCall
bool isProgExitCall(const CallICFGNode *cs)
Definition SVFUtil.cpp:391
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::u64_t
unsigned long long u64_t
Definition GeneralType.h:49
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
Generated by doxygen 1.9.8