Static Value-Flow Analysis
Loading...
Searching...
No Matches
SaberCondAllocator.cpp
Go to the documentation of this file.
1//===- PathAllocator.cpp -- Path condition analysis---------------------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22
23
24/*
25 * PathAllocator.cpp
26 *
27 * Created on: Apr 3, 2014
28 * Author: Yulei Sui
29 */
30
31#include "Util/Options.h"
32#include "SABER/SaberCondAllocator.h"
33#include "Util/DPItem.h"
34#include "Graphs/SVFG.h"
35#include <climits>
36#include <cmath>
37#include "SVFIR/SVFStatements.h"
38#include "Graphs/CallGraph.h"
39
40using namespace SVF;
41using namespace SVFUtil;
42
43u64_t DPItem::maximumBudget = ULONG_MAX - 1;
44u32_t ContextCond::maximumCxtLen = 0;
45u32_t ContextCond::maximumCxt = 0;
46u32_t ContextCond::maximumPathLen = 0;
47u32_t ContextCond::maximumPath = 0;
48u32_t SaberCondAllocator::totalCondNum = 0;
49
50
55
59void SaberCondAllocator::allocate(const SVFModule *M)
60{
61 DBOUT(DGENERAL, outs() << pasMsg("path condition allocation starts\n"));
62
63 CallGraph* svfirCallGraph = PAG::getPAG()->getCallGraph();
64 for (const auto& item: *svfirCallGraph)
65 {
66 const SVFFunction *func = (item.second)->getFunction();
67 if (!SVFUtil::isExtCall(func))
68 {
69 // Allocate conditions for a program.
70 for (SVFFunction::const_iterator bit = func->begin(), ebit = func->end();
71 bit != ebit; ++bit)
72 {
73 const SVFBasicBlock* bb = *bit;
74 collectBBCallingProgExit(*bb);
75 allocateForBB(*bb);
76 }
77 }
78 }
79
80 if (Options::PrintPathCond())
81 printPathCond();
82
83 DBOUT(DGENERAL, outs() << pasMsg("path condition allocation ends\n"));
84}
85
89void SaberCondAllocator::allocateForBB(const SVFBasicBlock &bb)
90{
91
92 u32_t succ_number = bb.getNumSuccessors();
93
94 // if successor number greater than 1, allocate new decision variable for successors
95 if (succ_number > 1)
96 {
97
98 //allocate log2(num_succ) decision variables
99 double num = log(succ_number) / log(2);
100 u32_t bit_num = (u32_t) ceil(num);
101 u32_t succ_index = 0;
102 std::vector<Condition> condVec;
103 for (u32_t i = 0; i < bit_num; i++)
104 {
105 condVec.push_back(newCond(bb.back()));
106 }
107
108 // iterate each successor
109 for (const SVFBasicBlock* svf_succ_bb : bb.getSuccessors())
110 {
111 Condition path_cond = getTrueCond();
112
114
115 // for each successor decide its bit representation
116 // decide whether each bit of succ_index is 1 or 0, if (three successor) succ_index is 000 then use C1^C2^C3
117 // if 001 use C1^C2^negC3
118 for (u32_t j = 0; j < bit_num; j++)
119 {
120 //test each bit of this successor's index (binary representation)
121 u32_t tool = 0x01 << j;
122 if (tool & succ_index)
123 {
124 path_cond = condAnd(path_cond, (condNeg(condVec.at(j))));
125 }
126 else
127 {
128 path_cond = condAnd(path_cond, condVec.at(j));
129 }
130 }
131 setBranchCond(&bb, svf_succ_bb, path_cond);
132
133 succ_index++;
134 }
135
136 }
137}
138
142SaberCondAllocator::Condition SaberCondAllocator::getBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ) const
143{
144 u32_t pos = bb->getBBSuccessorPos(succ);
145 if(bb->getNumSuccessors() == 1)
146 return getTrueCond();
147 else
148 {
149 BBCondMap::const_iterator it = bbConds.find(bb);
150 assert(it != bbConds.end() && "basic block does not have branch and conditions??");
151 CondPosMap::const_iterator cit = it->second.find(pos);
152 assert(cit != it->second.end() && "no condition on the branch??");
153 return cit->second;
154 }
155}
156
164
168void SaberCondAllocator::setBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ, const Condition &cond)
169{
171 assert(bb->getNumSuccessors() > 1 && "not more than one successor??");
172 u32_t pos = bb->getBBSuccessorPos(succ);
173 CondPosMap& condPosMap = bbConds[bb];
174
177 //assert(condPosMap.find(pos) == condPosMap.end() && "this branch has already been set ");
178
179 condPosMap[pos] = cond;
180}
181
185SaberCondAllocator::Condition
186SaberCondAllocator::evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const SVFBasicBlock* succ)
187{
188
189 const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
190
191 const ValVar* condVar = SVFUtil::cast<ValVar>(branchStmt->getCondition());
192 if (condVar->isConstDataOrAggDataButNotNullPtr())
193 {
194 // branch condition is a constant value, return nullexpr because it cannot be test null
195 // br i1 false, label %44, label %75, !dbg !7669 { "ln": 2033, "cl": 7, "fl": "re_lexer.c" }
196 return Condition::nullExpr();
197 }
198 if (isTestNullExpr(SVFUtil::cast<ICFGNode>(condVar->getICFGNode())))
199 {
200 // succ is then branch
201 if (succ1 == succ)
202 return getFalseCond();
203 // succ is else branch
204 else
205 return getTrueCond();
206 }
207 if (isTestNotNullExpr(condVar->getICFGNode()))
208 {
209 // succ is then branch
210 if (succ1 == succ)
211 return getTrueCond();
212 // succ is else branch
213 else
214 return getFalseCond();
215 }
216 return Condition::nullExpr();
217}
218
222SaberCondAllocator::Condition SaberCondAllocator::evaluateProgExit(const BranchStmt *branchStmt, const SVFBasicBlock* succ)
223{
224 const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
225 const SVFBasicBlock* succ2 = branchStmt->getSuccessor(1)->getBB();
226
227 bool branch1 = isBBCallsProgExit(succ1);
228 bool branch2 = isBBCallsProgExit(succ2);
229
231 if (branch1 && !branch2)
232 {
233 // succ is then branch
234 if (succ1 == succ)
235 return getFalseCond();
236 // succ is else branch
237 else
238 return getTrueCond();
239 }
241 else if (!branch1 && branch2)
242 {
243 // succ is else branch
244 if (succ2 == succ)
245 return getFalseCond();
246 // succ is then branch
247 else
248 return getTrueCond();
249 }
250 // two branches both call program exit
251 else if (branch1 && branch2)
252 {
253 return getFalseCond();
254 }
256 else
257 return Condition::nullExpr();
258
259}
260
266SaberCondAllocator::Condition SaberCondAllocator::evaluateLoopExitBranch(const SVFBasicBlock* bb, const SVFBasicBlock* dst)
267{
268 const SVFFunction* svffun = bb->getParent();
269 assert(svffun == dst->getParent() && "two basic blocks should be in the same function");
270
271 if (svffun->isLoopHeader(bb))
272 {
273 Set<const SVFBasicBlock* > filteredbbs;
274 std::vector<const SVFBasicBlock*> exitbbs;
275 svffun->getExitBlocksOfLoop(bb,exitbbs);
277 for(const SVFBasicBlock* eb : exitbbs)
278 {
279 if(!isBBCallsProgExit(eb))
280 filteredbbs.insert(eb);
281 }
282
284 bool allPDT = true;
285 for (const auto &filteredbb: filteredbbs)
286 {
287 if (!postDominate(dst, filteredbb))
288 allPDT = false;
289 }
290
291 if (allPDT)
292 return getTrueCond();
293 }
294 return Condition::nullExpr();
295}
296
302SaberCondAllocator::Condition SaberCondAllocator::evaluateBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ)
303{
304 if(bb->getNumSuccessors() == 1)
305 {
306 return getTrueCond();
307 }
308
309 assert(!bb->getICFGNodeList().empty() && "bb not empty");
310 if (const ICFGNode* icfgNode = bb->back())
311 {
312 for (const auto &svfStmt: icfgNode->getSVFStmts())
313 {
314 if (const BranchStmt *branchStmt = SVFUtil::dyn_cast<BranchStmt>(svfStmt))
315 {
316 if (branchStmt->getNumSuccessors() == 2)
317 {
318 const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
319 const SVFBasicBlock* succ2 = branchStmt->getSuccessor(1)->getBB();
320 bool is_succ = (succ1 == succ || succ2 == succ);
321 (void)is_succ; // Suppress warning of unused variable under release build
322 assert(is_succ && "not a successor??");
323 Condition evalLoopExit = evaluateLoopExitBranch(bb, succ);
324 if (!eq(evalLoopExit, Condition::nullExpr()))
325 return evalLoopExit;
326
327 Condition evalProgExit = evaluateProgExit(branchStmt, succ);
328 if (!eq(evalProgExit, Condition::nullExpr()))
329 return evalProgExit;
330
331 Condition evalTestNullLike = evaluateTestNullLikeExpr(branchStmt, succ);
332 if (!eq(evalTestNullLike, Condition::nullExpr()))
333 return evalTestNullLike;
334 break;
335 }
336 }
337 }
338 }
339
340 return getBranchCond(bb, succ);
341}
342
343bool SaberCondAllocator::isEQCmp(const CmpStmt *cmp) const
344{
345 return (cmp->getPredicate() == CmpStmt::ICMP_EQ);
346}
347
348bool SaberCondAllocator::isNECmp(const CmpStmt *cmp) const
349{
350 return (cmp->getPredicate() == CmpStmt::ICMP_NE);
351}
352
353bool SaberCondAllocator::isTestNullExpr(const ICFGNode* test) const
354{
355 if(!test) return false;
356 for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(test))
357 {
358 if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
359 {
360 return isTestContainsNullAndTheValue(cmp) && isEQCmp(cmp);
361 }
362 }
363 return false;
364}
365
366bool SaberCondAllocator::isTestNotNullExpr(const ICFGNode* test) const
367{
368 if(!test) return false;
369 for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(test))
370 {
371 if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
372 {
373 return isTestContainsNullAndTheValue(cmp) && isNECmp(cmp);
374 }
375 }
376 return false;
377}
378
399bool SaberCondAllocator::isTestContainsNullAndTheValue(const CmpStmt *cmp) const
400{
401
402 const SVFVar* op0 = cmp->getOpVar(0);
403 const SVFVar* op1 = cmp->getOpVar(1);
404 if (SVFUtil::isa<ConstantNullPtrValVar>(op1))
405 {
406 Set<const SVFValue* > inDirVal;
407 inDirVal.insert(getCurEvalSVFGNode()->getValue());
408 for (const auto &it: getCurEvalSVFGNode()->getOutEdges())
409 {
410 inDirVal.insert(it->getDstNode()->getValue());
411 }
412 return inDirVal.find(op0->getValue()) != inDirVal.end();
413 }
414 else if (SVFUtil::isa<ConstantNullPtrValVar>(op0))
415 {
416 Set<const SVFValue* > inDirVal;
417 inDirVal.insert(getCurEvalSVFGNode()->getValue());
418 for (const auto &it: getCurEvalSVFGNode()->getOutEdges())
419 {
420 inDirVal.insert(it->getDstNode()->getValue());
421 }
422 return inDirVal.find(op1->getValue()) != inDirVal.end();
423 }
424 return false;
425}
426
430void SaberCondAllocator::collectBBCallingProgExit(const SVFBasicBlock &bb)
431{
432
433 for (const auto& icfgNode: bb.getICFGNodeList())
434 {
435 if (const CallICFGNode* cs = SVFUtil::dyn_cast<CallICFGNode>(icfgNode))
436 if (SVFUtil::isProgExitCall(cs))
437 {
438 const SVFFunction* svfun = bb.getParent();
439 funToExitBBsMap[svfun].insert(&bb);
440 }
441 }
442}
443
447bool SaberCondAllocator::isBBCallsProgExit(const SVFBasicBlock* bb)
448{
449 const SVFFunction* svfun = bb->getParent();
450 FunToExitBBsMap::const_iterator it = funToExitBBsMap.find(svfun);
451 if (it != funToExitBBsMap.end())
452 {
453 for (const auto &bit: it->second)
454 {
455 if (postDominate(bit, bb))
456 return true;
457 }
458 }
459 return false;
460}
461
468SaberCondAllocator::Condition
469SaberCondAllocator::getPHIComplementCond(const SVFBasicBlock* BB1, const SVFBasicBlock* BB2, const SVFBasicBlock* BB0)
470{
471 assert(BB1 && BB2 && "expect nullptr BB here!");
472
474 if (dominate(BB1, BB2) && ! dominate(BB0, BB2))
475 {
476 Condition cond = ComputeIntraVFGGuard(BB1, BB2);
477 return condNeg(cond);
478 }
479
480 return getTrueCond();
481}
482
488SaberCondAllocator::Condition
499
505SaberCondAllocator::Condition
516
520SaberCondAllocator::Condition SaberCondAllocator::ComputeIntraVFGGuard(const SVFBasicBlock* srcBB, const SVFBasicBlock* dstBB)
521{
522
523 assert(srcBB->getParent() == dstBB->getParent() && "two basic blocks are not in the same function??");
524
525 if (postDominate(dstBB, srcBB))
526 return getTrueCond();
527
528 CFWorkList worklist;
529 worklist.push(srcBB);
530 setCFCond(srcBB, getTrueCond());
531
532 while (!worklist.empty())
533 {
534 const SVFBasicBlock* bb = worklist.pop();
535 Condition cond = getCFCond(bb);
536
539 Condition loopExitCond = evaluateLoopExitBranch(bb, dstBB);
540 if (!eq(loopExitCond, Condition::nullExpr()))
541 return condAnd(cond, loopExitCond);
542
543 for (const SVFBasicBlock* succ : bb->getSuccessors())
544 {
549 Condition brCond;
550 if (postDominate(succ, bb))
551 brCond = getTrueCond();
552 else
553 brCond = getEvalBrCond(bb, succ);
554
555 DBOUT(DSaber, outs() << " bb (" << bb->getName() <<
556 ") --> " << "succ_bb (" << succ->getName() << ") condition: " << brCond << "\n");
557 Condition succPathCond = condAnd(cond, brCond);
558 if (setCFCond(succ, condOr(getCFCond(succ), succPathCond)))
559 worklist.push(succ);
560 }
561 }
562
563 DBOUT(DSaber, outs() << " src_bb (" << srcBB->getName() <<
564 ") --> " << "dst_bb (" << dstBB->getName() << ") condition: " << getCFCond(dstBB)
565 << "\n");
566
567 return getCFCond(dstBB);
568}
569
570
574void SaberCondAllocator::printPathCond()
575{
576
577 outs() << "print path condition\n";
578
579 for (const auto &bbCond: bbConds)
580 {
581 const SVFBasicBlock* bb = bbCond.first;
582 for (const auto &cit: bbCond.second)
583 {
584 u32_t i = 0;
585 for (const SVFBasicBlock* succ: bb->getSuccessors())
586 {
587 if (i == cit.first)
588 {
589 Condition cond = cit.second;
590 outs() << bb->getName() << "-->" << succ->getName() << ":";
591 outs() << dumpCond(cond) << "\n";
592 break;
593 }
594 i++;
595 }
596 }
597 }
598}
599
601SaberCondAllocator::Condition SaberCondAllocator::newCond(const ICFGNode* inst)
602{
603 u32_t condCountIdx = totalCondNum++;
604 Condition expr = Condition::getContext().bool_const(("c" + std::to_string(condCountIdx)).c_str());
605 Condition negCond = Condition::NEG(expr);
606 setCondInst(expr, inst);
607 setNegCondInst(negCond, inst);
608 conditionVec.push_back(expr);
609 conditionVec.push_back(negCond);
610 return expr;
611}
612
614bool SaberCondAllocator::isEquivalentBranchCond(const Condition &lhs,
615 const Condition &rhs) const
616{
617 Condition::getSolver().push();
618 Condition::getSolver().add(lhs.getExpr() != rhs.getExpr());
619 z3::check_result res = Condition::getSolver().check();
620 Condition::getSolver().pop();
621 return res == z3::unsat;
622}
623
625bool SaberCondAllocator::isSatisfiable(const Condition &condition)
626{
627 Condition::getSolver().add(condition.getExpr());
628 z3::check_result result = Condition::getSolver().check();
629 Condition::getSolver().pop();
630 if (result == z3::sat || result == z3::unknown)
631 return true;
632 else
633 return false;
634}
635
637void SaberCondAllocator::extractSubConds(const Condition &condition, NodeBS &support) const
638{
639 if (condition.getExpr().num_args() == 1 && isNegCond(condition.id()))
640 {
641 support.set(condition.getExpr().id());
642 return;
643 }
644 if (condition.getExpr().num_args() == 0)
645 if (!condition.getExpr().is_true() && !condition.getExpr().is_false())
646 support.set(condition.getExpr().id());
647 for (u32_t i = 0; i < condition.getExpr().num_args(); ++i)
648 {
649 Condition expr = condition.getExpr().arg(i);
650 extractSubConds(expr, support);
651 }
652
653}
u32_t
unsigned u32_t
Definition CommandLine.h:18
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:484
DGENERAL
#define DGENERAL
Definition SVFType.h:490
DSaber
#define DSaber
Definition SVFType.h:504
item
cJSON * item
Definition cJSON.h:222
SVF::CmpStmt::ICMP_NE
@ ICMP_NE
not equal
Definition SVFStatements.h:975
SVF::ContextCond::maximumCxt
static u32_t maximumCxt
Definition DPItem.h:378
SVF::ContextCond::maximumCxtLen
static u32_t maximumCxtLen
Definition DPItem.h:374
SVF::ContextCond::maximumPath
static u32_t maximumPath
Definition DPItem.h:379
SVF::ContextCond::maximumPathLen
static u32_t maximumPathLen
Definition DPItem.h:375
SVF::DPItem::maximumBudget
static u64_t maximumBudget
Definition DPItem.h:48
SVF::GenericNode::getOutEdges
const GEdgeSetTy & getOutEdges() const
Definition GenericGraph.h:431
SVF::Options::PrintPathCond
static const Option< bool > PrintPathCond
Definition Options.h:199
SVF::SVFBasicBlock::getParent
const SVFFunction * getParent() const
Definition SVFValue.h:595
SVF::SVFBasicBlock::getICFGNodeList
const std::vector< const ICFGNode * > & getICFGNodeList() const
Definition SVFValue.h:580
SVF::SVFBasicBlock::getSuccessors
const std::vector< const SVFBasicBlock * > & getSuccessors() const
Definition SVFValue.h:617
SVF::SVFBasicBlock::getBBSuccessorPos
u32_t getBBSuccessorPos(const SVFBasicBlock *succbb)
Definition SVFValue.cpp:212
SVF::SVFBasicBlock::getNumSuccessors
u32_t getNumSuccessors() const
Definition SVFValue.h:626
SVF::SVFBasicBlock::back
const ICFGNode * back() const
Definition SVFValue.h:611
SVF::SVFFunction::end
const_iterator end() const
Definition SVFValue.h:451
SVF::SVFFunction::begin
const_iterator begin() const
Definition SVFValue.h:446
SVF::SVFFunction::const_iterator
std::vector< constSVFBasicBlock * >::const_iterator const_iterator
Definition SVFValue.h:305
SVF::SVFFunction::getEntryBlock
const SVFBasicBlock * getEntryBlock() const
Definition SVFValue.h:420
SVF::SVFIR::getCallGraph
CallGraph * getCallGraph()
Definition SVFIR.h:193
SVF::SVFIR::getSVFStmtList
SVFStmtList & getSVFStmtList(const ICFGNode *inst)
Given an instruction, get all its PAGEdges.
Definition SVFIR.h:222
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::SVFValue::getName
const std::string & getName() const
Definition SVFValue.h:243
SVF::SaberCondAllocator::allocate
void allocate(const SVFModule *module)
Perform path allocation.
Definition SaberCondAllocator.cpp:59
SVF::SaberCondAllocator::allocateForBB
virtual void allocateForBB(const SVFBasicBlock &bb)
Allocate path condition for every basic block.
Definition SaberCondAllocator.cpp:89
SVF::SaberCondAllocator::dumpCond
std::string dumpCond(const Condition &cond) const
Definition SaberCondAllocator.h:115
SVF::SaberCondAllocator::newCond
Condition newCond(const ICFGNode *inst)
Allocate a new condition.
Definition SaberCondAllocator.cpp:601
SVF::SaberCondAllocator::evaluateTestNullLikeExpr
Condition evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const SVFBasicBlock *succ)
Return branch condition after evaluating test null like expression.
Definition SaberCondAllocator.cpp:186
SVF::SaberCondAllocator::evaluateProgExit
Condition evaluateProgExit(const BranchStmt *branchStmt, const SVFBasicBlock *succ)
Return condition when there is a branch calls program exit.
Definition SaberCondAllocator.cpp:222
SVF::SaberCondAllocator::condOr
Condition condOr(const Condition &lhs, const Condition &rhs)
Definition SaberCondAllocator.h:91
SVF::SaberCondAllocator::isTestContainsNullAndTheValue
bool isTestContainsNullAndTheValue(const CmpStmt *cmp) const
Return true if two values on the predicate are what we want.
Definition SaberCondAllocator.cpp:399
SVF::SaberCondAllocator::isTestNullExpr
bool isTestNullExpr(const ICFGNode *test) const
Return true if this is a test null expression.
Definition SaberCondAllocator.cpp:353
SVF::SaberCondAllocator::printPathCond
void printPathCond()
Print out the path condition information.
Definition SaberCondAllocator.cpp:574
SVF::SaberCondAllocator::postDominate
bool postDominate(const SVFBasicBlock *bbKey, const SVFBasicBlock *bbValue) const
Definition SaberCondAllocator.h:147
SVF::SaberCondAllocator::setBranchCond
void setBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ, const Condition &cond)
Get/Set a branch condition, and its terminator instruction.
Definition SaberCondAllocator.cpp:168
SVF::SaberCondAllocator::getPHIComplementCond
virtual Condition getPHIComplementCond(const SVFBasicBlock *BB1, const SVFBasicBlock *BB2, const SVFBasicBlock *BB0)
Definition SaberCondAllocator.cpp:469
SVF::SaberCondAllocator::bbConds
BBCondMap bbConds
map basic block to its successors/predecessors branch conditions
Definition SaberCondAllocator.h:312
SVF::SaberCondAllocator::condNeg
Condition condNeg(const Condition &cond)
Definition SaberCondAllocator.h:95
SVF::SaberCondAllocator::totalCondNum
static u32_t totalCondNum
vector storing z3expression
Definition SaberCondAllocator.h:308
SVF::SaberCondAllocator::condAnd
Condition condAnd(const Condition &lhs, const Condition &rhs)
Condition operations.
Definition SaberCondAllocator.h:87
SVF::SaberCondAllocator::isSatisfiable
bool isSatisfiable(const Condition &condition)
whether condition is satisfiable
Definition SaberCondAllocator.cpp:625
SVF::SaberCondAllocator::getBranchCond
Condition getBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ) const
Get branch condition.
Definition SaberCondAllocator.cpp:142
SVF::SaberCondAllocator::ComputeInterRetVFGGuard
virtual Condition ComputeInterRetVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst, const SVFBasicBlock *retBB)
Definition SaberCondAllocator.cpp:506
SVF::SaberCondAllocator::getCurEvalSVFGNode
const SVFGNode * getCurEvalSVFGNode() const
Get current value for branch condition evaluation.
Definition SaberCondAllocator.h:187
SVF::SaberCondAllocator::getFalseCond
Condition getFalseCond() const
Definition SaberCondAllocator.h:103
SVF::SaberCondAllocator::setCFCond
bool setCFCond(const SVFBasicBlock *bb, const Condition &cond)
Get/Set control-flow conditions.
Definition SaberCondAllocator.h:215
SVF::SaberCondAllocator::collectBBCallingProgExit
void collectBBCallingProgExit(const SVFBasicBlock &bb)
Collect basic block contains program exit function call.
Definition SaberCondAllocator.cpp:430
SVF::SaberCondAllocator::isBBCallsProgExit
bool isBBCallsProgExit(const SVFBasicBlock *bb)
Definition SaberCondAllocator.cpp:447
SVF::SaberCondAllocator::extractSubConds
void extractSubConds(const Condition &condition, NodeBS &support) const
extract subexpression from a Z3 expression
Definition SaberCondAllocator.cpp:637
SVF::SaberCondAllocator::CondPosMap
Map< u32_t, Condition > CondPosMap
id to instruction map for z3
Definition SaberCondAllocator.h:53
SVF::SaberCondAllocator::isEquivalentBranchCond
bool isEquivalentBranchCond(const Condition &lhs, const Condition &rhs) const
Whether lhs and rhs are equivalent branch conditions.
Definition SaberCondAllocator.cpp:614
SVF::SaberCondAllocator::isEQCmp
bool isEQCmp(const CmpStmt *cmp) const
Evaluate test null/not null like expressions.
Definition SaberCondAllocator.cpp:343
SVF::SaberCondAllocator::isNECmp
bool isNECmp(const CmpStmt *cmp) const
Return true if the predicate of this compare instruction is not equal.
Definition SaberCondAllocator.cpp:348
SVF::SaberCondAllocator::evaluateBranchCond
Condition evaluateBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Evaluate branch conditions.
Definition SaberCondAllocator.cpp:302
SVF::SaberCondAllocator::evaluateLoopExitBranch
Condition evaluateLoopExitBranch(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Evaluate loop exit branch.
Definition SaberCondAllocator.cpp:266
SVF::SaberCondAllocator::getTrueCond
Condition getTrueCond() const
Definition SaberCondAllocator.h:99
SVF::SaberCondAllocator::CFWorkList
FIFOWorkList< const SVFBasicBlock * > CFWorkList
worklist for control-flow guard computation
Definition SaberCondAllocator.h:58
SVF::SaberCondAllocator::isTestNotNullExpr
bool isTestNotNullExpr(const ICFGNode *test) const
Return true if this is a test not null expression.
Definition SaberCondAllocator.cpp:366
SVF::SaberCondAllocator::getCFCond
Condition getCFCond(const SVFBasicBlock *bb) const
Definition SaberCondAllocator.h:225
SVF::SaberCondAllocator::funToExitBBsMap
FunToExitBBsMap funToExitBBsMap
map a function to all its basic blocks calling program exit
Definition SaberCondAllocator.h:302
SVF::SaberCondAllocator::isNegCond
bool isNegCond(u32_t id) const
Definition SaberCondAllocator.h:142
SVF::SaberCondAllocator::getEvalBrCond
Condition getEvalBrCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Get a condition, evaluate the value for conditions if necessary (e.g., testNull like express)
Definition SaberCondAllocator.cpp:157
SVF::SaberCondAllocator::ComputeInterCallVFGGuard
virtual Condition ComputeInterCallVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst, const SVFBasicBlock *callBB)
Definition SaberCondAllocator.cpp:489
SVF::SaberCondAllocator::setNegCondInst
void setNegCondInst(const Condition &condition, const ICFGNode *inst)
mark neg Z3 expression
Definition SaberCondAllocator.h:238
SVF::SaberCondAllocator::dominate
bool dominate(const SVFBasicBlock *bbKey, const SVFBasicBlock *bbValue) const
Definition SaberCondAllocator.h:157
SVF::SaberCondAllocator::setCondInst
void setCondInst(const Condition &condition, const ICFGNode *inst)
Definition SaberCondAllocator.h:135
SVF::SaberCondAllocator::ComputeIntraVFGGuard
virtual Condition ComputeIntraVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst)
Guard Computation for a value-flow (between two basic blocks)
Definition SaberCondAllocator.cpp:520
SVF::SaberCondAllocator::conditionVec
std::vector< Condition > conditionVec
bit vector for distinguish neg
Definition SaberCondAllocator.h:307
SVF::VFGNode::getValue
virtual const SVFValue * getValue() const
Return the corresponding LLVM value, if possible, nullptr otherwise.
Definition VFGNode.h:85
SVF::Z3Expr::getExpr
const z3::expr & getExpr() const
Definition Z3Expr.h:86
SVF::Z3Expr::getSolver
static z3::solver & getSolver()
Get z3 solver, singleton design here to make sure we only have one context.
Definition Z3Expr.cpp:56
SVF::Z3Expr::NEG
static Z3Expr NEG(const Z3Expr &z3Expr)
compute NEG
Definition Z3Expr.h:301
SVF::Z3Expr::nullExpr
static z3::expr nullExpr()
null expression
Definition Z3Expr.h:105
SVF::Z3Expr::id
u32_t id() const
get id
Definition Z3Expr.h:111
SVF::Z3Expr::getContext
static z3::context & getContext()
Get z3 context, singleton design here to make sure we only have one context.
Definition Z3Expr.cpp:66
SVF::SVFUtil::isExtCall
bool isExtCall(const SVFFunction *fun)
Definition SVFUtil.h:278
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:100
SVF::SVFUtil::isProgExitCall
bool isProgExitCall(const CallICFGNode *cs)
Definition SVFUtil.cpp:397
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:50
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::u64_t
unsigned long long u64_t
Definition GeneralType.h:48
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:46
Generated by doxygen 1.9.8