Static Value-Flow Analysis
Loading...
Searching...
No Matches
SaberCondAllocator.h
Go to the documentation of this file.
1//===- SaberCondAllocator.h -- Path condition manipulation---------------------//
2//
3// SVF: Static Value-Flow Analysis
4//
5// Copyright (C) <2013-> <Yulei Sui>
6//
7
8// This program is free software: you can redistribute it and/or modify
9// it under the terms of the GNU Affero General Public License as published by
10// the Free Software Foundation, either version 3 of the License, or
11// (at your option) any later version.
12
13// This program is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16// GNU Affero General Public License for more details.
17
18// You should have received a copy of the GNU Affero General Public License
19// along with this program. If not, see <http://www.gnu.org/licenses/>.
20//
21//===----------------------------------------------------------------------===//
22
23/*
24 * PathAllocator.h
25 *
26 * Created on: Apr 3, 2014
27 * Author: Yulei Sui
28 */
29
30#ifndef PATHALLOCATOR_H_
31#define PATHALLOCATOR_H_
32
33#include "SVFIR/SVFModule.h"
34#include "SVFIR/SVFValue.h"
35#include "Util/WorkList.h"
36#include "Graphs/SVFG.h"
37#include "Util/Z3Expr.h"
38
39
40namespace SVF
41{
42
46class SaberCondAllocator
47{
48
49public:
50
51 typedef Z3Expr Condition;
52 typedef Map<u32_t, const ICFGNode*> IndexToTermInstMap;
53 typedef Map<u32_t,Condition> CondPosMap;
54 typedef Map<const SVFBasicBlock*, CondPosMap > BBCondMap;
55 typedef Set<const SVFBasicBlock*> BasicBlockSet;
56 typedef Map<const SVFFunction*, BasicBlockSet> FunToExitBBsMap;
57 typedef Map<const SVFBasicBlock*, Condition> BBToCondMap;
58 typedef FIFOWorkList<const SVFBasicBlock*> CFWorkList;
59 typedef Map<const SVFGNode*, Set<const SVFGNode*>> SVFGNodeToSVFGNodeSetMap;
60
61
63 SaberCondAllocator();
64
66 virtual ~SaberCondAllocator()
67 {
68 }
70
71 inline std::string getMemUsage()
72 {
73 u32_t vmrss, vmsize;
74 if (SVFUtil::getMemoryUsageKB(&vmrss, &vmsize))
75 return std::to_string(vmsize) + "KB";
76 else
77 return "cannot read memory usage";
78 }
79 inline u32_t getCondNum()
80 {
81 return totalCondNum;
82 }
84
86
87 inline Condition condAnd(const Condition& lhs, const Condition& rhs)
88 {
89 return Condition::AND(lhs,rhs);
90 }
91 inline Condition condOr(const Condition& lhs, const Condition& rhs)
92 {
93 return Condition::OR(lhs,rhs);
94 }
95 inline Condition condNeg(const Condition& cond)
96 {
97 return Condition::NEG(cond);
98 }
99 inline Condition getTrueCond() const
100 {
101 return Condition::getTrueCond();
102 }
103 inline Condition getFalseCond() const
104 {
105 return Condition::getFalseCond();
106 }
108 inline NodeBS exactCondElem(const Condition& cond)
109 {
110 NodeBS elems;
111 extractSubConds(cond, elems);
112 return elems;
113 }
114
115 inline std::string dumpCond(const Condition& cond) const
116 {
117 return Condition::dumpStr(cond);
118 }
119
121 Condition newCond(const ICFGNode* inst);
122
124 void allocate(const SVFModule* module);
125
127 //{@
128 inline const ICFGNode* getCondInst(u32_t id) const
129 {
130 IndexToTermInstMap::const_iterator it = idToTermInstMap.find(id);
131 assert(it != idToTermInstMap.end() && "this should be a fresh condition");
132 return it->second;
133 }
134
135 inline void setCondInst(const Condition &condition, const ICFGNode* inst)
136 {
137 assert(idToTermInstMap.find(condition.id()) == idToTermInstMap.end() && "this should be a fresh condition");
138 idToTermInstMap[condition.id()] = inst;
139 }
141
142 bool isNegCond(u32_t id) const
143 {
144 return negConds.test(id);
145 }
146
147 inline bool postDominate(const SVFBasicBlock* bbKey, const SVFBasicBlock* bbValue) const
148 {
149 const SVFFunction* keyFunc = bbKey->getParent();
150 const SVFFunction* valueFunc = bbValue->getParent();
151 bool funcEq = (keyFunc == valueFunc);
152 (void)funcEq; // Suppress warning of unused variable under release build
153 assert(funcEq && "two basicblocks should be in the same function!");
154 return keyFunc->postDominate(bbKey,bbValue);
155 }
156
157 inline bool dominate(const SVFBasicBlock* bbKey, const SVFBasicBlock* bbValue) const
158 {
159 const SVFFunction* keyFunc = bbKey->getParent();
160 const SVFFunction* valueFunc = bbValue->getParent();
161 bool funcEq = (keyFunc == valueFunc);
162 (void)funcEq; // Suppress warning of unused variable under release build
163 assert(funcEq && "two basicblocks should be in the same function!");
164 return keyFunc->dominate(bbKey,bbValue);
165 }
166
168
169 virtual Condition ComputeIntraVFGGuard(const SVFBasicBlock* src, const SVFBasicBlock* dst);
170 virtual Condition ComputeInterCallVFGGuard(const SVFBasicBlock* src, const SVFBasicBlock* dst, const SVFBasicBlock* callBB);
171 virtual Condition ComputeInterRetVFGGuard(const SVFBasicBlock* src, const SVFBasicBlock* dst, const SVFBasicBlock* retBB);
172
175 virtual Condition getPHIComplementCond(const SVFBasicBlock* BB1, const SVFBasicBlock* BB2, const SVFBasicBlock* BB0);
176
177 inline void clearCFCond()
178 {
179 bbToCondMap.clear();
180 }
182 inline void setCurEvalSVFGNode(const SVFGNode* node)
183 {
184 curEvalSVFGNode = node;
185 }
187 inline const SVFGNode* getCurEvalSVFGNode() const
188 {
189 return curEvalSVFGNode;
190 }
192
194 void printPathCond();
195
197 bool isSatisfiable(const Condition& condition);
198
200 inline bool isAllPathReachable(Condition& condition)
201 {
202 return isEquivalentBranchCond(condition, Condition::getTrueCond());
203 }
204
206 bool isEquivalentBranchCond(const Condition &lhs, const Condition &rhs) const;
207
208 inline ICFG* getICFG() const
209 {
210 return PAG::getPAG()->getICFG();
211 }
212
214
215 inline bool setCFCond(const SVFBasicBlock* bb, const Condition& cond)
216 {
217 BBToCondMap::iterator it = bbToCondMap.find(bb);
218 // until a fixed-point is reached (condition is not changed)
219 if(it!=bbToCondMap.end() && isEquivalentBranchCond(it->second, cond))
220 return false;
221
222 bbToCondMap[bb] = cond;
223 return true;
224 }
225 inline Condition getCFCond(const SVFBasicBlock* bb) const
226 {
227 BBToCondMap::const_iterator it = bbToCondMap.find(bb);
228 if(it==bbToCondMap.end())
229 {
230 return getFalseCond();
231 }
232 return it->second;
233 }
235
236
238 inline void setNegCondInst(const Condition &condition, const ICFGNode* inst)
239 {
240 setCondInst(condition, inst);
241 negConds.set(condition.id());
242 }
243
248
249private:
250
252 virtual void allocateForBB(const SVFBasicBlock& bb);
253
255
256
257 void setBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ, const Condition& cond);
259 Condition getBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ) const;
261 Condition getEvalBrCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ);
263
265
266 Condition evaluateBranchCond(const SVFBasicBlock* bb, const SVFBasicBlock* succ) ;
268 Condition evaluateLoopExitBranch(const SVFBasicBlock* bb, const SVFBasicBlock* succ);
270 Condition evaluateTestNullLikeExpr(const BranchStmt* branchStmt, const SVFBasicBlock* succ);
272 Condition evaluateProgExit(const BranchStmt* branchStmt, const SVFBasicBlock* succ);
274 void collectBBCallingProgExit(const SVFBasicBlock& bb);
275 bool isBBCallsProgExit(const SVFBasicBlock* bb);
277
279
280
281 bool isEQCmp(const CmpStmt* cmp) const;
283 bool isNECmp(const CmpStmt* cmp) const;
285 bool isTestNullExpr(const ICFGNode* test) const;
287 bool isTestNotNullExpr(const ICFGNode* test) const;
289 bool isTestContainsNullAndTheValue(const CmpStmt* cmp) const;
291
293 void destroy()
294 {
295
296 }
297
299 void extractSubConds(const Condition &condition, NodeBS &support) const;
300
301
302 FunToExitBBsMap funToExitBBsMap;
303 BBToCondMap bbToCondMap;
304 const SVFGNode* curEvalSVFGNode{};
305 IndexToTermInstMap idToTermInstMap;
306 NodeBS negConds;
307 std::vector<Condition> conditionVec;
308 static u32_t totalCondNum;
309 SVFGNodeToSVFGNodeSetMap removedSUVFEdges;
310
311protected:
312 BBCondMap bbConds;
313
314};
315
316} // End namespace SVF
317
318#endif /* PATHALLOCATOR_H_ */
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:172
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::SaberCondAllocator::allocate
void allocate(const SVFModule *module)
Perform path allocation.
Definition SaberCondAllocator.cpp:59
SVF::SaberCondAllocator::~SaberCondAllocator
virtual ~SaberCondAllocator()
Destructor.
Definition SaberCondAllocator.h:66
SVF::SaberCondAllocator::allocateForBB
virtual void allocateForBB(const SVFBasicBlock &bb)
Allocate path condition for every basic block.
Definition SaberCondAllocator.cpp:89
SVF::SaberCondAllocator::removedSUVFEdges
SVFGNodeToSVFGNodeSetMap removedSUVFEdges
a counter for fresh condition
Definition SaberCondAllocator.h:309
SVF::SaberCondAllocator::dumpCond
std::string dumpCond(const Condition &cond) const
Definition SaberCondAllocator.h:115
SVF::SaberCondAllocator::newCond
Condition newCond(const ICFGNode *inst)
Allocate a new condition.
Definition SaberCondAllocator.cpp:601
SVF::SaberCondAllocator::SVFGNodeToSVFGNodeSetMap
Map< const SVFGNode *, Set< const SVFGNode * > > SVFGNodeToSVFGNodeSetMap
Definition SaberCondAllocator.h:59
SVF::SaberCondAllocator::FunToExitBBsMap
Map< const SVFFunction *, BasicBlockSet > FunToExitBBsMap
map a function to all its basic blocks calling program exit
Definition SaberCondAllocator.h:56
SVF::SaberCondAllocator::isAllPathReachable
bool isAllPathReachable(Condition &condition)
whether condition is satisfiable for all possible boolean guards
Definition SaberCondAllocator.h:200
SVF::SaberCondAllocator::evaluateTestNullLikeExpr
Condition evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const SVFBasicBlock *succ)
Return branch condition after evaluating test null like expression.
Definition SaberCondAllocator.cpp:186
SVF::SaberCondAllocator::evaluateProgExit
Condition evaluateProgExit(const BranchStmt *branchStmt, const SVFBasicBlock *succ)
Return condition when there is a branch calls program exit.
Definition SaberCondAllocator.cpp:222
SVF::SaberCondAllocator::condOr
Condition condOr(const Condition &lhs, const Condition &rhs)
Definition SaberCondAllocator.h:91
SVF::SaberCondAllocator::isTestContainsNullAndTheValue
bool isTestContainsNullAndTheValue(const CmpStmt *cmp) const
Return true if two values on the predicate are what we want.
Definition SaberCondAllocator.cpp:399
SVF::SaberCondAllocator::isTestNullExpr
bool isTestNullExpr(const ICFGNode *test) const
Return true if this is a test null expression.
Definition SaberCondAllocator.cpp:353
SVF::SaberCondAllocator::printPathCond
void printPathCond()
Print out the path condition information.
Definition SaberCondAllocator.cpp:574
SVF::SaberCondAllocator::postDominate
bool postDominate(const SVFBasicBlock *bbKey, const SVFBasicBlock *bbValue) const
Definition SaberCondAllocator.h:147
SVF::SaberCondAllocator::negConds
NodeBS negConds
key: z3 expression id, value: instruction
Definition SaberCondAllocator.h:306
SVF::SaberCondAllocator::BasicBlockSet
Set< const SVFBasicBlock * > BasicBlockSet
map bb to a Condition
Definition SaberCondAllocator.h:55
SVF::SaberCondAllocator::curEvalSVFGNode
const SVFGNode * curEvalSVFGNode
current llvm value to evaluate branch condition when computing guards
Definition SaberCondAllocator.h:304
SVF::SaberCondAllocator::setBranchCond
void setBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ, const Condition &cond)
Get/Set a branch condition, and its terminator instruction.
Definition SaberCondAllocator.cpp:168
SVF::SaberCondAllocator::BBCondMap
Map< const SVFBasicBlock *, CondPosMap > BBCondMap
Definition SaberCondAllocator.h:54
SVF::SaberCondAllocator::destroy
void destroy()
Release memory.
Definition SaberCondAllocator.h:293
SVF::SaberCondAllocator::getPHIComplementCond
virtual Condition getPHIComplementCond(const SVFBasicBlock *BB1, const SVFBasicBlock *BB2, const SVFBasicBlock *BB0)
Definition SaberCondAllocator.cpp:469
SVF::SaberCondAllocator::bbConds
BBCondMap bbConds
map basic block to its successors/predecessors branch conditions
Definition SaberCondAllocator.h:312
SVF::SaberCondAllocator::condNeg
Condition condNeg(const Condition &cond)
Definition SaberCondAllocator.h:95
SVF::SaberCondAllocator::bbToCondMap
BBToCondMap bbToCondMap
map a basic block to its path condition starting from root
Definition SaberCondAllocator.h:303
SVF::SaberCondAllocator::totalCondNum
static u32_t totalCondNum
vector storing z3expression
Definition SaberCondAllocator.h:308
SVF::SaberCondAllocator::condAnd
Condition condAnd(const Condition &lhs, const Condition &rhs)
Condition operations.
Definition SaberCondAllocator.h:87
SVF::SaberCondAllocator::isSatisfiable
bool isSatisfiable(const Condition &condition)
whether condition is satisfiable
Definition SaberCondAllocator.cpp:625
SVF::SaberCondAllocator::getBranchCond
Condition getBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ) const
Get branch condition.
Definition SaberCondAllocator.cpp:142
SVF::SaberCondAllocator::IndexToTermInstMap
Map< u32_t, const ICFGNode * > IndexToTermInstMap
z3 condition
Definition SaberCondAllocator.h:52
SVF::SaberCondAllocator::exactCondElem
NodeBS exactCondElem(const Condition &cond)
Iterator every element of the condition.
Definition SaberCondAllocator.h:108
SVF::SaberCondAllocator::ComputeInterRetVFGGuard
virtual Condition ComputeInterRetVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst, const SVFBasicBlock *retBB)
Definition SaberCondAllocator.cpp:506
SVF::SaberCondAllocator::getCurEvalSVFGNode
const SVFGNode * getCurEvalSVFGNode() const
Get current value for branch condition evaluation.
Definition SaberCondAllocator.h:187
SVF::SaberCondAllocator::getFalseCond
Condition getFalseCond() const
Definition SaberCondAllocator.h:103
SVF::SaberCondAllocator::setCFCond
bool setCFCond(const SVFBasicBlock *bb, const Condition &cond)
Get/Set control-flow conditions.
Definition SaberCondAllocator.h:215
SVF::SaberCondAllocator::collectBBCallingProgExit
void collectBBCallingProgExit(const SVFBasicBlock &bb)
Collect basic block contains program exit function call.
Definition SaberCondAllocator.cpp:430
SVF::SaberCondAllocator::isBBCallsProgExit
bool isBBCallsProgExit(const SVFBasicBlock *bb)
Definition SaberCondAllocator.cpp:447
SVF::SaberCondAllocator::extractSubConds
void extractSubConds(const Condition &condition, NodeBS &support) const
extract subexpression from a Z3 expression
Definition SaberCondAllocator.cpp:637
SVF::SaberCondAllocator::CondPosMap
Map< u32_t, Condition > CondPosMap
id to instruction map for z3
Definition SaberCondAllocator.h:53
SVF::SaberCondAllocator::isEquivalentBranchCond
bool isEquivalentBranchCond(const Condition &lhs, const Condition &rhs) const
Whether lhs and rhs are equivalent branch conditions.
Definition SaberCondAllocator.cpp:614
SVF::SaberCondAllocator::isEQCmp
bool isEQCmp(const CmpStmt *cmp) const
Evaluate test null/not null like expressions.
Definition SaberCondAllocator.cpp:343
SVF::SaberCondAllocator::isNECmp
bool isNECmp(const CmpStmt *cmp) const
Return true if the predicate of this compare instruction is not equal.
Definition SaberCondAllocator.cpp:348
SVF::SaberCondAllocator::evaluateBranchCond
Condition evaluateBranchCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Evaluate branch conditions.
Definition SaberCondAllocator.cpp:302
SVF::SaberCondAllocator::evaluateLoopExitBranch
Condition evaluateLoopExitBranch(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Evaluate loop exit branch.
Definition SaberCondAllocator.cpp:266
SVF::SaberCondAllocator::getTrueCond
Condition getTrueCond() const
Definition SaberCondAllocator.h:99
SVF::SaberCondAllocator::CFWorkList
FIFOWorkList< const SVFBasicBlock * > CFWorkList
worklist for control-flow guard computation
Definition SaberCondAllocator.h:58
SVF::SaberCondAllocator::isTestNotNullExpr
bool isTestNotNullExpr(const ICFGNode *test) const
Return true if this is a test not null expression.
Definition SaberCondAllocator.cpp:366
SVF::SaberCondAllocator::getMemUsage
std::string getMemUsage()
Statistics.
Definition SaberCondAllocator.h:71
SVF::SaberCondAllocator::getCFCond
Condition getCFCond(const SVFBasicBlock *bb) const
Definition SaberCondAllocator.h:225
SVF::SaberCondAllocator::getCondInst
const ICFGNode * getCondInst(u32_t id) const
Get/Set instruction based on Z3 expression id.
Definition SaberCondAllocator.h:128
SVF::SaberCondAllocator::funToExitBBsMap
FunToExitBBsMap funToExitBBsMap
map a function to all its basic blocks calling program exit
Definition SaberCondAllocator.h:302
SVF::SaberCondAllocator::isNegCond
bool isNegCond(u32_t id) const
Definition SaberCondAllocator.h:142
SVF::SaberCondAllocator::getRemovedSUVFEdges
SVFGNodeToSVFGNodeSetMap & getRemovedSUVFEdges()
Definition SaberCondAllocator.h:244
SVF::SaberCondAllocator::BBToCondMap
Map< const SVFBasicBlock *, Condition > BBToCondMap
map a basic block to its condition during control-flow guard computation
Definition SaberCondAllocator.h:57
SVF::SaberCondAllocator::setCurEvalSVFGNode
void setCurEvalSVFGNode(const SVFGNode *node)
Set current value for branch condition evaluation.
Definition SaberCondAllocator.h:182
SVF::SaberCondAllocator::getEvalBrCond
Condition getEvalBrCond(const SVFBasicBlock *bb, const SVFBasicBlock *succ)
Get a condition, evaluate the value for conditions if necessary (e.g., testNull like express)
Definition SaberCondAllocator.cpp:157
SVF::SaberCondAllocator::ComputeInterCallVFGGuard
virtual Condition ComputeInterCallVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst, const SVFBasicBlock *callBB)
Definition SaberCondAllocator.cpp:489
SVF::SaberCondAllocator::idToTermInstMap
IndexToTermInstMap idToTermInstMap
Definition SaberCondAllocator.h:305
SVF::SaberCondAllocator::setNegCondInst
void setNegCondInst(const Condition &condition, const ICFGNode *inst)
mark neg Z3 expression
Definition SaberCondAllocator.h:238
SVF::SaberCondAllocator::dominate
bool dominate(const SVFBasicBlock *bbKey, const SVFBasicBlock *bbValue) const
Definition SaberCondAllocator.h:157
SVF::SaberCondAllocator::setCondInst
void setCondInst(const Condition &condition, const ICFGNode *inst)
Definition SaberCondAllocator.h:135
SVF::SaberCondAllocator::ComputeIntraVFGGuard
virtual Condition ComputeIntraVFGGuard(const SVFBasicBlock *src, const SVFBasicBlock *dst)
Guard Computation for a value-flow (between two basic blocks)
Definition SaberCondAllocator.cpp:520
SVF::SaberCondAllocator::conditionVec
std::vector< Condition > conditionVec
bit vector for distinguish neg
Definition SaberCondAllocator.h:307
SVF::SparseBitVector::test
bool test(unsigned Idx) const
Definition SparseBitVector.h:750
SVF::SparseBitVector::set
void set(unsigned Idx)
Definition SparseBitVector.h:789
SVF::Z3Expr::AND
static Z3Expr AND(const Z3Expr &lhs, const Z3Expr &rhs)
compute AND, used for branch condition
Definition Z3Expr.cpp:92
SVF::Z3Expr::dumpStr
static std::string dumpStr(const Z3Expr &z3Expr)
output Z3 expression as a string
Definition Z3Expr.cpp:168
SVF::Z3Expr::NEG
static Z3Expr NEG(const Z3Expr &z3Expr)
compute NEG
Definition Z3Expr.h:301
SVF::Z3Expr::getTrueCond
static Z3Expr getTrueCond()
Return the unique true condition.
Definition Z3Expr.h:288
SVF::Z3Expr::OR
static Z3Expr OR(const Z3Expr &lhs, const Z3Expr &rhs)
compute OR, used for branch condition
Definition Z3Expr.cpp:130
SVF::Z3Expr::id
u32_t id() const
get id
Definition Z3Expr.h:111
SVF::Z3Expr::getFalseCond
static Z3Expr getFalseCond()
Return the unique false condition.
Definition Z3Expr.h:295
SVF::SVFUtil::getMemoryUsageKB
bool getMemoryUsageKB(u32_t *vmrss_kb, u32_t *vmsize_kb)
Get memory usage from system file. Return TRUE if succeed.
Definition SVFUtil.cpp:178
SVF
for isBitcode
Definition BasicTypes.h:68
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:46
Generated by doxygen 1.9.8