Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | Protected Attributes | Friends | List of all members
SVF::AbstractState Class Reference

#include <AbstractState.h>

Public Types

typedef Map< u32_t, AbstractValueVarToAbsValMap
 
typedef VarToAbsValMap AddrToAbsValMap
 

Public Member Functions

 AbstractState ()
 default constructor
 
 AbstractState (VarToAbsValMap &_varToValMap, AddrToAbsValMap &_locToValMap)
 
 AbstractState (const AbstractState &rhs)
 copy constructor
 
virtual ~AbstractState ()=default
 
AddressValue getGepObjAddrs (u32_t pointer, IntervalValue offset)
 
void initObjVar (ObjVar *objVar)
 
IntervalValue getElementIndex (const GepStmt *gep)
 
IntervalValue getByteOffset (const GepStmt *gep)
 
AbstractValue loadValue (NodeID varId)
 
void storeValue (NodeID varId, AbstractValue val)
 
u32_t getAllocaInstByteSize (const AddrStmt *addr)
 
AbstractStateoperator= (const AbstractState &rhs)
 
 AbstractState (AbstractState &&rhs)
 move constructor
 
AbstractStateoperator= (AbstractState &&rhs)
 operator= move constructor
 
AbstractState bottom () const
 Set all value bottom.
 
AbstractState top () const
 Set all value top.
 
AbstractState sliceState (Set< u32_t > &sl)
 Copy some values and return a new IntervalExeState.
 
virtual AbstractValueoperator[] (u32_t varId)
 get abstract value of variable
 
virtual const AbstractValueoperator[] (u32_t varId) const
 get abstract value of variable
 
bool inVarToAddrsTable (u32_t id) const
 whether the variable is in varToAddrs table
 
virtual bool inVarToValTable (u32_t id) const
 whether the variable is in varToVal table
 
bool inAddrToAddrsTable (u32_t id) const
 whether the memory address stores memory addresses
 
virtual bool inAddrToValTable (u32_t id) const
 whether the memory address stores abstract value
 
const VarToAbsValMapgetVarToVal () const
 get var2val map
 
const AddrToAbsValMapgetLocToVal () const
 get loc2val map
 
AbstractState widening (const AbstractState &other)
 domain widen with other, and return the widened domain
 
AbstractState narrowing (const AbstractState &other)
 domain narrow with other, and return the narrowed domain
 
void joinWith (const AbstractState &other)
 domain join with other, important! other widen this.
 
void meetWith (const AbstractState &other)
 domain meet with other, important! other widen this.
 
const SVFTypegetPointeeElement (NodeID id)
 
u32_t hash () const
 
void store (u32_t addr, const AbstractValue &val)
 
virtual AbstractValueload (u32_t addr)
 
void printAbstractState () const
 
std::string toString () const
 
bool equals (const AbstractState &other) const
 
bool operator== (const AbstractState &rhs) const
 
bool operator!= (const AbstractState &rhs) const
 
bool operator< (const AbstractState &rhs) const
 
bool operator>= (const AbstractState &rhs) const
 
void clear ()
 

Static Public Member Functions

static u32_t getVirtualMemAddress (u32_t idx)
 The physical address starts with 0x7f...... + idx.
 
static bool isVirtualMemAddress (u32_t val)
 Check bit value of val start with 0x7F000000, filter by 0xFF000000.
 
static u32_t getInternalID (u32_t idx)
 Return the internal index if idx is an address otherwise return the value of idx.
 
static bool isNullPtr (u32_t addr)
 
static bool eqVarToValMap (const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
 
static bool lessThanVarToValMap (const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
 
static bool geqVarToValMap (const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
 

Protected Attributes

VarToAbsValMap _varToAbsVal
 Map a variable (symbol) to its abstract value.
 
AddrToAbsValMap _addrToAbsVal
 Map a memory address to its stored abstract value.
 

Friends

class SVFIR2AbsState
 
class RelationSolver
 

Detailed Description

Definition at line 58 of file AbstractState.h.

Member Typedef Documentation

◆ AddrToAbsValMap

typedef VarToAbsValMap SVF::AbstractState::AddrToAbsValMap

Definition at line 65 of file AbstractState.h.

◆ VarToAbsValMap

typedef Map<u32_t, AbstractValue> SVF::AbstractState::VarToAbsValMap

Definition at line 63 of file AbstractState.h.

Constructor & Destructor Documentation

◆ AbstractState() [1/4]

SVF::AbstractState::AbstractState ( )
inline

default constructor

Definition at line 69 of file AbstractState.h.

70 {
71 }

◆ AbstractState() [2/4]

SVF::AbstractState::AbstractState ( VarToAbsValMap _varToValMap,
AddrToAbsValMap _locToValMap 
)
inline

Definition at line 73 of file AbstractState.h.

73: _varToAbsVal(_varToValMap), _addrToAbsVal(_locToValMap) {}
SVF::AbstractState::_varToAbsVal
VarToAbsValMap _varToAbsVal
Map a variable (symbol) to its abstract value.
Definition AbstractState.h:188
SVF::AbstractState::_addrToAbsVal
AddrToAbsValMap _addrToAbsVal
Map a memory address to its stored abstract value.
Definition AbstractState.h:190
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ AbstractState() [3/4]

SVF::AbstractState::AbstractState ( const AbstractState rhs)
inline

copy constructor

Definition at line 76 of file AbstractState.h.

76 : _varToAbsVal(rhs.getVarToVal()), _addrToAbsVal(rhs.getLocToVal())
77 {
78
79 }

◆ ~AbstractState()

virtual SVF::AbstractState::~AbstractState ( )
virtualdefault

◆ AbstractState() [4/4]

SVF::AbstractState::AbstractState ( AbstractState &&  rhs)
inline

move constructor

Definition at line 135 of file AbstractState.h.

135 : _varToAbsVal(std::move(rhs._varToAbsVal)),
136 _addrToAbsVal(std::move(rhs._addrToAbsVal))
137 {
138
139 }

Member Function Documentation

◆ bottom()

AbstractState SVF::AbstractState::bottom ( ) const
inline

Set all value bottom.

Definition at line 153 of file AbstractState.h.

154 {
155 AbstractState inv = *this;
156 for (auto &item: inv._varToAbsVal)
157 {
158 if (item.second.isInterval())
159 item.second.getInterval().set_to_bottom();
160 }
161 return inv;
162 }
item
cJSON * item
Definition cJSON.h:222
SVF::AbstractState::AbstractState
AbstractState()
default constructor
Definition AbstractState.h:69

◆ clear()

void SVF::AbstractState::clear ( )
inline

Definition at line 395 of file AbstractState.h.

396 {
397 _addrToAbsVal.clear();
398 _varToAbsVal.clear();
399 }

◆ equals()

bool AbstractState::equals ( const AbstractState other) const

Definition at line 37 of file AbstractState.cpp.

38{
39 return *this == other;
40}

◆ eqVarToValMap()

static bool SVF::AbstractState::eqVarToValMap ( const VarToAbsValMap lhs,
const VarToAbsValMap rhs 
)
inlinestatic

Definition at line 326 of file AbstractState.h.

327 {
328 if (lhs.size() != rhs.size()) return false;
329 for (const auto &item: lhs)
330 {
331 auto it = rhs.find(item.first);
332 if (it == rhs.end())
333 return false;
334 if (!item.second.equals(it->second))
335 return false;
336 else
337 {
338 }
339 }
340 return true;
341 }

◆ geqVarToValMap()

static bool SVF::AbstractState::geqVarToValMap ( const VarToAbsValMap lhs,
const VarToAbsValMap rhs 
)
inlinestatic

Definition at line 357 of file AbstractState.h.

358 {
359 if (rhs.empty()) return true;
360 for (const auto &item: rhs)
361 {
362 auto it = lhs.find(item.first);
363 if (it == lhs.end()) return false;
364 // judge from expr id
365 if (!it->second.getInterval().contain(
366 item.second.getInterval()))
367 return false;
368
369 }
370 return true;
371 }

◆ getAllocaInstByteSize()

u32_t AbstractState::getAllocaInstByteSize ( const AddrStmt addr)

Definition at line 486 of file AbstractState.cpp.

487{
488 SVFIR* svfir = PAG::getPAG();
489 if (const ObjVar* objvar = SVFUtil::dyn_cast<ObjVar>(addr->getRHSVar()))
490 {
491 objvar->getType();
492 if (objvar->getMemObj()->isConstantByteSize())
493 {
494 u32_t sz = objvar->getMemObj()->getByteSizeOfObj();
495 return sz;
496 }
497
498 else
499 {
500 const std::vector<SVFValue*>& sizes = addr->getArrSize();
501 // Default element size is set to 1.
502 u32_t elementSize = 1;
503 u64_t res = elementSize;
504 for (const SVFValue* value: sizes)
505 {
506 if (!inVarToValTable(svfir->getValueNode(value)))
507 {
508 (*this)[svfir->getValueNode(value)] = IntervalValue(Options::MaxFieldLimit());
509 }
510 IntervalValue itv =
511 (*this)[svfir->getValueNode(value)].getInterval();
512 res = res * itv.ub().getIntNumeral() > Options::MaxFieldLimit()? Options::MaxFieldLimit(): res * itv.ub().getIntNumeral();
513 }
514 return (u32_t)res;
515 }
516 }
517 assert (false && "Addr rhs value is not ObjVar");
518 abort();
519}
u32_t
unsigned u32_t
Definition CommandLine.h:18
SVF::AbstractState::inVarToValTable
virtual bool inVarToValTable(u32_t id) const
whether the variable is in varToVal table
Definition AbstractState.h:221
SVF::BoundedInt::getIntNumeral
s64_t getIntNumeral() const
Definition NumericValue.h:703
SVF::IRGraph::getValueNode
NodeID getValueNode(const SVFValue *V)
Definition IRGraph.h:137
SVF::IntervalValue::ub
const BoundedInt & ub() const
Return the upper bound.
Definition IntervalValue.h:227
SVF::Options::MaxFieldLimit
static const Option< u32_t > MaxFieldLimit
Maximum number of field derivations for an object.
Definition Options.h:38
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::u64_t
unsigned long long u64_t
Definition GeneralType.h:48

◆ getByteOffset()

IntervalValue AbstractState::getByteOffset ( const GepStmt gep)

Definition at line 298 of file AbstractState.cpp.

299{
300 // If the GEP statement has a constant byte offset, return it directly as the interval value
301 if (gep->isConstantOffset())
302 return IntervalValue((s64_t)gep->accumulateConstantByteOffset());
303
304 IntervalValue res(0); // Initialize the result interval 'res' to 0.
305
306 // Loop through the offsetVarAndGepTypePairVec in reverse order.
307 for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
308 {
309 const SVFVar* idxOperandVar = gep->getOffsetVarAndGepTypePairVec()[i].first;
310 const SVFType* idxOperandType = gep->getOffsetVarAndGepTypePairVec()[i].second;
311
312 // Calculate the byte offset for array or pointer types
313 if (SVFUtil::isa<SVFArrayType>(idxOperandType) || SVFUtil::isa<SVFPointerType>(idxOperandType))
314 {
315 u32_t elemByteSize = 1;
316 if (const SVFArrayType* arrOperandType = SVFUtil::dyn_cast<SVFArrayType>(idxOperandType))
317 elemByteSize = arrOperandType->getTypeOfElement()->getByteSize();
318 else if (SVFUtil::isa<SVFPointerType>(idxOperandType))
319 elemByteSize = gep->getAccessPath().gepSrcPointeeType()->getByteSize();
320 else
321 assert(false && "idxOperandType must be ArrType or PtrType");
322
323 if (const ConstantIntValVar* op = SVFUtil::dyn_cast<ConstantIntValVar>(idxOperandVar))
324 {
325 // Calculate the lower bound (lb) of the interval value
326 s64_t lb = (double)Options::MaxFieldLimit() / elemByteSize >= op->getSExtValue()
327 ? op->getSExtValue() * elemByteSize
328 : Options::MaxFieldLimit();
329 res = res + IntervalValue(lb, lb);
330 }
331 else
332 {
333 IntervalValue idxVal = (*this)[idxOperandVar->getId()].getInterval();
334
335 if (idxVal.isBottom())
336 res = res + IntervalValue(0, 0);
337 else
338 {
339 // Ensure the bounds are non-negative and within the field limit
340 s64_t ub = (idxVal.ub().getIntNumeral() < 0) ? 0
341 : (double)Options::MaxFieldLimit() / elemByteSize >= idxVal.ub().getIntNumeral()
342 ? elemByteSize * idxVal.ub().getIntNumeral()
343 : Options::MaxFieldLimit();
344 s64_t lb = (idxVal.lb().getIntNumeral() < 0) ? 0
345 : (double)Options::MaxFieldLimit() / elemByteSize >= idxVal.lb().getIntNumeral()
346 ? elemByteSize * idxVal.lb().getIntNumeral()
347 : Options::MaxFieldLimit();
348 res = res + IntervalValue(lb, ub);
349 }
350 }
351 }
352 // Process struct subtypes by calculating the byte offset from the beginning to the field of the struct
353 else if (const SVFStructType* structOperandType = SVFUtil::dyn_cast<SVFStructType>(idxOperandType))
354 {
355 res = res + IntervalValue(gep->getAccessPath().getStructFieldOffset(idxOperandVar, structOperandType));
356 }
357 else
358 {
359 assert(false && "gep type pair only support arr/ptr/struct");
360 }
361 }
362 return res; // Return the resulting byte offset as an IntervalValue.
363}
SVF::Options
Carries around command line options.
Definition Options.h:20
SVF::SVFType::getByteSize
u32_t getByteSize() const
Definition SVFType.h:244
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:49

◆ getElementIndex()

IntervalValue AbstractState::getElementIndex ( const GepStmt gep)

Definition at line 225 of file AbstractState.cpp.

226{
227 // If the GEP statement has a constant offset, return it directly as the interval value
228 if (gep->isConstantOffset())
229 return IntervalValue((s64_t)gep->accumulateConstantOffset());
230
231 IntervalValue res(0);
232 // Iterate over the list of offset variable and type pairs in reverse order
233 for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
234 {
235 AccessPath::IdxOperandPair IdxVarAndType = gep->getOffsetVarAndGepTypePairVec()[i];
236 const SVFVar* var = gep->getOffsetVarAndGepTypePairVec()[i].first;
237 const SVFType* type = IdxVarAndType.second;
238
239 // Variables to store the lower and upper bounds of the index value
240 s64_t idxLb;
241 s64_t idxUb;
242
243 // Determine the lower and upper bounds based on whether the value is a constant
244 if (const ConstantIntValVar* constInt = SVFUtil::dyn_cast<ConstantIntValVar>(var))
245 idxLb = idxUb = constInt->getSExtValue();
246 else
247 {
248 IntervalValue idxItv = (*this)[var->getId()].getInterval();
249 if (idxItv.isBottom())
250 idxLb = idxUb = 0;
251 else
252 {
253 idxLb = idxItv.lb().getIntNumeral();
254 idxUb = idxItv.ub().getIntNumeral();
255 }
256 }
257
258 // Adjust the bounds if the type is a pointer
259 if (SVFUtil::isa<SVFPointerType>(type))
260 {
261 u32_t elemNum = gep->getAccessPath().getElementNum(gep->getAccessPath().gepSrcPointeeType());
262 idxLb = (double)Options::MaxFieldLimit() / elemNum < idxLb ? Options::MaxFieldLimit() : idxLb * elemNum;
263 idxUb = (double)Options::MaxFieldLimit() / elemNum < idxUb ? Options::MaxFieldLimit() : idxUb * elemNum;
264 }
265 // Adjust the bounds for array or struct types using the symbol table info
266 else
267 {
268 if (Options::ModelArrays())
269 {
270 const std::vector<u32_t>& so = SymbolTableInfo::SymbolInfo()->getTypeInfo(type)->getFlattenedElemIdxVec();
271 if (so.empty() || idxUb >= (APOffset)so.size() || idxLb < 0)
272 {
273 idxLb = idxUb = 0;
274 }
275 else
276 {
277 idxLb = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, idxLb);
278 idxUb = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, idxUb);
279 }
280 }
281 else
282 idxLb = idxUb = 0;
283 }
284
285 // Add the calculated interval to the result
286 res = res + IntervalValue(idxLb, idxUb);
287 }
288
289 // Ensure the result is within the bounds of [0, MaxFieldLimit]
290 res.meet_with(IntervalValue((s64_t)0, (s64_t)Options::MaxFieldLimit()));
291 if (res.isBottom())
292 {
293 res = IntervalValue(0);
294 }
295 return res;
296}
type
newitem type
Definition cJSON.cpp:2739
SVF::AccessPath::IdxOperandPair
std::pair< const SVFVar *, const SVFType * > IdxOperandPair
Definition AccessPath.h:64
SVF::IntervalValue::lb
const BoundedInt & lb() const
Return the lower bound.
Definition IntervalValue.h:220
SVF::Options::ModelArrays
static const Option< bool > ModelArrays
Definition Options.h:188
SVF::StInfo::getFlattenedElemIdxVec
std::vector< u32_t > & getFlattenedElemIdxVec()
Definition SVFType.h:98
SVF::SymbolTableInfo::getFlattenedElemIdx
u32_t getFlattenedElemIdx(const SVFType *T, u32_t origId)
Flattened element idx of an array or struct by considering stride.
Definition SymbolTableInfo.cpp:181
SVF::SymbolTableInfo::SymbolInfo
static SymbolTableInfo * SymbolInfo()
Singleton design here to make sure we only have one instance during any analysis.
Definition SymbolTableInfo.cpp:81
SVF::SymbolTableInfo::getTypeInfo
const StInfo * getTypeInfo(const SVFType *T) const
Get struct info.
Definition SymbolTableInfo.cpp:57
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60

◆ getGepObjAddrs()

AddressValue AbstractState::getGepObjAddrs ( u32_t  pointer,
IntervalValue  offset 
)

Definition at line 156 of file AbstractState.cpp.

157{
158 AddressValue gepAddrs;
159 APOffset lb = offset.lb().getIntNumeral() < Options::MaxFieldLimit() ? offset.lb().getIntNumeral()
160 : Options::MaxFieldLimit();
161 APOffset ub = offset.ub().getIntNumeral() < Options::MaxFieldLimit() ? offset.ub().getIntNumeral()
162 : Options::MaxFieldLimit();
163 for (APOffset i = lb; i <= ub; i++)
164 {
165 AbstractValue addrs = (*this)[pointer];
166 for (const auto& addr : addrs.getAddrs())
167 {
168 s64_t baseObj = AbstractState::getInternalID(addr);
169 assert(SVFUtil::isa<ObjVar>(PAG::getPAG()->getGNode(baseObj)) && "Fail to get the base object address!");
170 NodeID gepObj = PAG::getPAG()->getGepObjVar(baseObj, i);
171 (*this)[gepObj] = AddressValue(AbstractState::getVirtualMemAddress(gepObj));
172 gepAddrs.insert(AbstractState::getVirtualMemAddress(gepObj));
173 }
174 }
175
176 return gepAddrs;
177}
offset
buffer offset
Definition cJSON.cpp:1113
SVF::AbstractState::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AbstractState.h:102
SVF::AbstractState::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AbstractState.h:114
SVF::SVFIR::getGepObjVar
NodeID getGepObjVar(const MemObj *obj, const APOffset &ap)
Get a field SVFIR Object node according to base mem obj and offset.
Definition SVFIR.cpp:423
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:55

◆ getInternalID()

static u32_t SVF::AbstractState::getInternalID ( u32_t  idx)
inlinestatic

Return the internal index if idx is an address otherwise return the value of idx.

Definition at line 114 of file AbstractState.h.

115 {
116 return AddressValue::getInternalID(idx);
117 }
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AddressValue.h:226

◆ getLocToVal()

const AddrToAbsValMap & SVF::AbstractState::getLocToVal ( ) const
inline

get loc2val map

Definition at line 266 of file AbstractState.h.

267 {
268 return _addrToAbsVal;
269 }

◆ getPointeeElement()

const SVFType * AbstractState::getPointeeElement ( NodeID  id)

if this NodeID in SVFIR is a pointer, get the pointee type e.g arr = (int*) malloc(10*sizeof(int)) getPointeeType(arr) -> return int we can set arr[0]='c', arr[1]='c', arr[2]='\0'

Parameters
callcallnode of memset like api

Definition at line 465 of file AbstractState.cpp.

466{
467 SVFIR* svfir = PAG::getPAG();
468 if (inVarToAddrsTable(id))
469 {
470 const AbstractValue& addrs = (*this)[id];
471 for (auto addr: addrs.getAddrs())
472 {
473 NodeID addr_id = AbstractState::getInternalID(addr);
474 if (addr_id == 0) // nullptr has no memobj, skip
475 continue;
476 return SVFUtil::dyn_cast<ObjVar>(svfir->getGNode(addr_id))->getMemObj()->getType();
477 }
478 }
479 else
480 {
481 // do nothing if no record in addrs table.
482 }
483 return nullptr;
484}
SVF::AbstractState::inVarToAddrsTable
bool inVarToAddrsTable(u32_t id) const
whether the variable is in varToAddrs table
Definition AbstractState.h:208
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:654

◆ getVarToVal()

const VarToAbsValMap & SVF::AbstractState::getVarToVal ( ) const
inline

get var2val map

Definition at line 260 of file AbstractState.h.

261 {
262 return _varToAbsVal;
263 }

◆ getVirtualMemAddress()

static u32_t SVF::AbstractState::getVirtualMemAddress ( u32_t  idx)
inlinestatic

The physical address starts with 0x7f...... + idx.

Definition at line 102 of file AbstractState.h.

103 {
104 return AddressValue::getVirtualMemAddress(idx);
105 }
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AddressValue.h:212

◆ hash()

u32_t AbstractState::hash ( ) const

Definition at line 42 of file AbstractState.cpp.

43{
44 size_t h = getVarToVal().size() * 2;
45 Hash<u32_t> hf;
46 for (const auto &t: getVarToVal())
47 {
48 h ^= hf(t.first) + 0x9e3779b9 + (h << 6) + (h >> 2);
49 }
50 size_t h2 = getLocToVal().size() * 2;
51 for (const auto &t: getLocToVal())
52 {
53 h2 ^= hf(t.first) + 0x9e3779b9 + (h2 << 6) + (h2 >> 2);
54 }
55 Hash<std::pair<u32_t, u32_t>> pairH;
56 return pairH({h, h2});
57}
SVF::AbstractState::getLocToVal
const AddrToAbsValMap & getLocToVal() const
get loc2val map
Definition AbstractState.h:266
SVF::AbstractState::getVarToVal
const VarToAbsValMap & getVarToVal() const
get var2val map
Definition AbstractState.h:260

◆ inAddrToAddrsTable()

bool SVF::AbstractState::inAddrToAddrsTable ( u32_t  id) const
inline

whether the memory address stores memory addresses

Definition at line 234 of file AbstractState.h.

235 {
236 if (_addrToAbsVal.find(id)!= _addrToAbsVal.end())
237 {
238 if (_addrToAbsVal.at(id).isAddr())
239 {
240 return true;
241 }
242 }
243 return false;
244 }

◆ inAddrToValTable()

virtual bool SVF::AbstractState::inAddrToValTable ( u32_t  id) const
inlinevirtual

whether the memory address stores abstract value

Definition at line 247 of file AbstractState.h.

248 {
249 if (_addrToAbsVal.find(id) != _addrToAbsVal.end())
250 {
251 if (_addrToAbsVal.at(id).isInterval())
252 {
253 return true;
254 }
255 }
256 return false;
257 }

◆ initObjVar()

void AbstractState::initObjVar ( ObjVar objVar)

Definition at line 179 of file AbstractState.cpp.

180{
181 NodeID varId = objVar->getId();
182
183 // Check if the object variable has an associated value
184
185 const MemObj* obj = objVar->getMemObj();
186
187 // Handle constant data, arrays, and structures
188 if (obj->isConstDataOrConstGlobal() || obj->isConstantArray() || obj->isConstantStruct())
189 {
190 if (const ConstantIntObjVar* consInt = SVFUtil::dyn_cast<ConstantIntObjVar>(objVar))
191 {
192 s64_t numeral = consInt->getSExtValue();
193 (*this)[varId] = IntervalValue(numeral, numeral);
194 }
195 else if (const ConstantFPObjVar* consFP = SVFUtil::dyn_cast<ConstantFPObjVar>(objVar))
196 {
197 (*this)[varId] = IntervalValue(consFP->getFPValue(), consFP->getFPValue());
198 }
199 else if (SVFUtil::isa<ConstantNullPtrObjVar>(objVar))
200 {
201 (*this)[varId] = IntervalValue(0, 0);
202 }
203 else if (SVFUtil::isa<GlobalObjVar>(objVar))
204 {
205 (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
206 }
207 else if (obj->isConstantArray() || obj->isConstantStruct())
208 {
209 (*this)[varId] = IntervalValue::top();
210 }
211 else
212 {
213 (*this)[varId] = IntervalValue::top();
214 }
215 }
216 // Handle non-constant memory objects
217 else
218 {
219 (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
220 }
221 return;
222}
SVF::IntervalValue::top
static IntervalValue top()
Create the IntervalValue [-inf, +inf].
Definition IntervalValue.h:94

◆ inVarToAddrsTable()

bool SVF::AbstractState::inVarToAddrsTable ( u32_t  id) const
inline

whether the variable is in varToAddrs table

Definition at line 208 of file AbstractState.h.

209 {
210 if (_varToAbsVal.find(id)!= _varToAbsVal.end())
211 {
212 if (_varToAbsVal.at(id).isAddr())
213 {
214 return true;
215 }
216 }
217 return false;
218 }

◆ inVarToValTable()

virtual bool SVF::AbstractState::inVarToValTable ( u32_t  id) const
inlinevirtual

whether the variable is in varToVal table

Definition at line 221 of file AbstractState.h.

222 {
223 if (_varToAbsVal.find(id) != _varToAbsVal.end())
224 {
225 if (_varToAbsVal.at(id).isInterval())
226 {
227 return true;
228 }
229 }
230 return false;
231 }

◆ isNullPtr()

static bool SVF::AbstractState::isNullPtr ( u32_t  addr)
inlinestatic

Definition at line 119 of file AbstractState.h.

120 {
121 return getInternalID(addr) == 0;
122 }

◆ isVirtualMemAddress()

static bool SVF::AbstractState::isVirtualMemAddress ( u32_t  val)
inlinestatic

Check bit value of val start with 0x7F000000, filter by 0xFF000000.

Definition at line 108 of file AbstractState.h.

109 {
110 return AddressValue::isVirtualMemAddress(val);
111 }
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AddressValue.h:220

◆ joinWith()

void AbstractState::joinWith ( const AbstractState other)

domain join with other, important! other widen this.

Definition at line 102 of file AbstractState.cpp.

103{
104 for (auto it = other._varToAbsVal.begin(); it != other._varToAbsVal.end(); ++it)
105 {
106 auto key = it->first;
107 auto oit = _varToAbsVal.find(key);
108 if (oit != _varToAbsVal.end())
109 {
110 oit->second.join_with(it->second);
111 }
112 else
113 {
114 _varToAbsVal.emplace(key, it->second);
115 }
116 }
117 for (auto it = other._addrToAbsVal.begin(); it != other._addrToAbsVal.end(); ++it)
118 {
119 auto key = it->first;
120 auto oit = _addrToAbsVal.find(key);
121 if (oit != _addrToAbsVal.end())
122 {
123 oit->second.join_with(it->second);
124 }
125 else
126 {
127 _addrToAbsVal.emplace(key, it->second);
128 }
129 }
130}

◆ lessThanVarToValMap()

static bool SVF::AbstractState::lessThanVarToValMap ( const VarToAbsValMap lhs,
const VarToAbsValMap rhs 
)
inlinestatic

Definition at line 343 of file AbstractState.h.

344 {
345 if (lhs.empty()) return !rhs.empty();
346 for (const auto &item: lhs)
347 {
348 auto it = rhs.find(item.first);
349 if (it == rhs.end()) return false;
350 // judge from expr id
351 if (item.second.getInterval().contain(it->second.getInterval())) return false;
352 }
353 return true;
354 }

◆ load()

virtual AbstractValue & SVF::AbstractState::load ( u32_t  addr)
inlinevirtual

Definition at line 307 of file AbstractState.h.

308 {
309 assert(isVirtualMemAddress(addr) && "not virtual address?");
310 u32_t objId = getInternalID(addr);
311 return _addrToAbsVal[objId];
312
313 }
SVF::AbstractState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AbstractState.h:108

◆ loadValue()

AbstractValue AbstractState::loadValue ( NodeID  varId)

Definition at line 365 of file AbstractState.cpp.

366{
367 AbstractValue res;
368 for (auto addr : (*this)[varId].getAddrs())
369 {
370 res.join_with(load(addr)); // q = *p
371 }
372 return res;
373}
SVF::AbstractState::load
virtual AbstractValue & load(u32_t addr)
Definition AbstractState.h:307
SVF::AbstractValue::join_with
void join_with(const AbstractValue &other)
Definition AbstractValue.h:128

◆ meetWith()

void AbstractState::meetWith ( const AbstractState other)

domain meet with other, important! other widen this.

Definition at line 133 of file AbstractState.cpp.

134{
135 for (auto it = other._varToAbsVal.begin(); it != other._varToAbsVal.end(); ++it)
136 {
137 auto key = it->first;
138 auto oit = _varToAbsVal.find(key);
139 if (oit != _varToAbsVal.end())
140 {
141 oit->second.meet_with(it->second);
142 }
143 }
144 for (auto it = other._addrToAbsVal.begin(); it != other._addrToAbsVal.end(); ++it)
145 {
146 auto key = it->first;
147 auto oit = _addrToAbsVal.find(key);
148 if (oit != _addrToAbsVal.end())
149 {
150 oit->second.meet_with(it->second);
151 }
152 }
153}

◆ narrowing()

AbstractState AbstractState::narrowing ( const AbstractState other)

domain narrow with other, and return the narrowed domain

Definition at line 80 of file AbstractState.cpp.

81{
82 AbstractState es = *this;
83 for (auto it = es._varToAbsVal.begin(); it != es._varToAbsVal.end(); ++it)
84 {
85 auto key = it->first;
86 if (other._varToAbsVal.find(key) != other._varToAbsVal.end())
87 if (it->second.isInterval() && other._varToAbsVal.at(key).isInterval())
88 it->second.getInterval().narrow_with(other._varToAbsVal.at(key).getInterval());
89 }
90 for (auto it = es._addrToAbsVal.begin(); it != es._addrToAbsVal.end(); ++it)
91 {
92 auto key = it->first;
93 if (other._addrToAbsVal.find(key) != other._addrToAbsVal.end())
94 if (it->second.isInterval() && other._addrToAbsVal.at(key).isInterval())
95 it->second.getInterval().narrow_with(other._addrToAbsVal.at(key).getInterval());
96 }
97 return es;
98
99}

◆ operator!=()

bool SVF::AbstractState::operator!= ( const AbstractState rhs) const
inline

Definition at line 379 of file AbstractState.h.

380 {
381 return !(*this == rhs);
382 }

◆ operator<()

bool SVF::AbstractState::operator< ( const AbstractState rhs) const
inline

Definition at line 384 of file AbstractState.h.

385 {
386 return !(*this >= rhs);
387 }

◆ operator=() [1/2]

AbstractState & SVF::AbstractState::operator= ( AbstractState &&  rhs)
inline

operator= move constructor

Definition at line 142 of file AbstractState.h.

143 {
144 if (&rhs != this)
145 {
146 _varToAbsVal = std::move(rhs._varToAbsVal);
147 _addrToAbsVal = std::move(rhs._addrToAbsVal);
148 }
149 return *this;
150 }

◆ operator=() [2/2]

AbstractState & SVF::AbstractState::operator= ( const AbstractState rhs)
inline

Definition at line 124 of file AbstractState.h.

125 {
126 if (rhs != *this)
127 {
128 _varToAbsVal = rhs._varToAbsVal;
129 _addrToAbsVal = rhs._addrToAbsVal;
130 }
131 return *this;
132 }

◆ operator==()

bool SVF::AbstractState::operator== ( const AbstractState rhs) const
inline

Definition at line 373 of file AbstractState.h.

374 {
375 return eqVarToValMap(_varToAbsVal, rhs.getVarToVal()) &&
376 eqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
377 }
SVF::AbstractState::eqVarToValMap
static bool eqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:326

◆ operator>=()

bool SVF::AbstractState::operator>= ( const AbstractState rhs) const
inline

Definition at line 390 of file AbstractState.h.

391 {
392 return geqVarToValMap(_varToAbsVal, rhs.getVarToVal()) && geqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
393 }
SVF::AbstractState::geqVarToValMap
static bool geqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs)
Definition AbstractState.h:357

◆ operator[]() [1/2]

virtual AbstractValue & SVF::AbstractState::operator[] ( u32_t  varId)
inlinevirtual

get abstract value of variable

Definition at line 196 of file AbstractState.h.

197 {
198 return _varToAbsVal[varId];
199 }

◆ operator[]() [2/2]

virtual const AbstractValue & SVF::AbstractState::operator[] ( u32_t  varId) const
inlinevirtual

get abstract value of variable

Definition at line 202 of file AbstractState.h.

203 {
204 return _varToAbsVal.at(varId);
205 }

◆ printAbstractState()

void AbstractState::printAbstractState ( ) const

Definition at line 383 of file AbstractState.cpp.

384{
385 SVFUtil::outs() << "-----------Var and Value-----------\n";
386 u32_t fieldWidth = 20;
387 SVFUtil::outs().flags(std::ios::left);
388 std::vector<std::pair<u32_t, AbstractValue>> varToAbsValVec(_varToAbsVal.begin(), _varToAbsVal.end());
389 std::sort(varToAbsValVec.begin(), varToAbsValVec.end(), [](const auto &a, const auto &b)
390 {
391 return a.first < b.first;
392 });
393 for (const auto &item: varToAbsValVec)
394 {
395 SVFUtil::outs() << std::left << std::setw(fieldWidth) << ("Var" + std::to_string(item.first));
396 if (item.second.isInterval())
397 {
398 SVFUtil::outs() << " Value: " << item.second.getInterval().toString() << "\n";
399 }
400 else if (item.second.isAddr())
401 {
402 SVFUtil::outs() << " Value: {";
403 u32_t i = 0;
404 for (const auto& addr: item.second.getAddrs())
405 {
406 ++i;
407 if (i < item.second.getAddrs().size())
408 {
409 SVFUtil::outs() << "0x" << std::hex << addr << ", ";
410 }
411 else
412 {
413 SVFUtil::outs() << "0x" << std::hex << addr;
414 }
415 }
416 SVFUtil::outs() << "}\n";
417 }
418 else
419 {
420 SVFUtil::outs() << " Value: ⊥\n";
421 }
422 }
423
424 std::vector<std::pair<u32_t, AbstractValue>> addrToAbsValVec(_addrToAbsVal.begin(), _addrToAbsVal.end());
425 std::sort(addrToAbsValVec.begin(), addrToAbsValVec.end(), [](const auto &a, const auto &b)
426 {
427 return a.first < b.first;
428 });
429
430 for (const auto& item: addrToAbsValVec)
431 {
432 std::ostringstream oss;
433 oss << "0x" << std::hex << AbstractState::getVirtualMemAddress(item.first);
434 SVFUtil::outs() << std::left << std::setw(fieldWidth) << oss.str();
435 if (item.second.isInterval())
436 {
437 SVFUtil::outs() << " Value: " << item.second.getInterval().toString() << "\n";
438 }
439 else if (item.second.isAddr())
440 {
441 SVFUtil::outs() << " Value: {";
442 u32_t i = 0;
443 for (const auto& addr: item.second.getAddrs())
444 {
445 ++i;
446 if (i < item.second.getAddrs().size())
447 {
448 SVFUtil::outs() << "0x" << std::hex << addr << ", ";
449 }
450 else
451 {
452 SVFUtil::outs() << "0x" << std::hex << addr;
453 }
454 }
455 SVFUtil::outs() << "}\n";
456 }
457 else
458 {
459 SVFUtil::outs() << " Value: ⊥\n";
460 }
461 }
462 SVFUtil::outs() << "-----------------------------------------\n";
463}
a
cJSON * a
Definition cJSON.cpp:2560
b
const cJSON *const b
Definition cJSON.h:255
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:50

◆ sliceState()

AbstractState SVF::AbstractState::sliceState ( Set< u32_t > &  sl)
inline

Copy some values and return a new IntervalExeState.

Definition at line 177 of file AbstractState.h.

178 {
179 AbstractState inv;
180 for (u32_t id: sl)
181 {
182 inv._varToAbsVal[id] = _varToAbsVal[id];
183 }
184 return inv;
185 }

◆ store()

void SVF::AbstractState::store ( u32_t  addr,
const AbstractValue val 
)
inline

Definition at line 299 of file AbstractState.h.

300 {
301 assert(isVirtualMemAddress(addr) && "not virtual address?");
302 if (isNullPtr(addr)) return;
303 u32_t objId = getInternalID(addr);
304 _addrToAbsVal[objId] = val;
305 }
SVF::AbstractState::isNullPtr
static bool isNullPtr(u32_t addr)
Definition AbstractState.h:119

◆ storeValue()

void AbstractState::storeValue ( NodeID  varId,
AbstractValue  val 
)

Definition at line 375 of file AbstractState.cpp.

376{
377 for (auto addr : (*this)[varId].getAddrs())
378 {
379 store(addr, val); // *p = q
380 }
381}
SVF::AbstractState::store
void store(u32_t addr, const AbstractValue &val)
Definition AbstractState.h:299

◆ top()

AbstractState SVF::AbstractState::top ( ) const
inline

Set all value top.

Definition at line 165 of file AbstractState.h.

166 {
167 AbstractState inv = *this;
168 for (auto &item: inv._varToAbsVal)
169 {
170 if (item.second.isInterval())
171 item.second.getInterval().set_to_top();
172 }
173 return inv;
174 }

◆ toString()

std::string SVF::AbstractState::toString ( ) const
inline

Definition at line 318 of file AbstractState.h.

319 {
320 return "";
321 }

◆ widening()

AbstractState AbstractState::widening ( const AbstractState other)

domain widen with other, and return the widened domain

Definition at line 59 of file AbstractState.cpp.

60{
61 // widen interval
62 AbstractState es = *this;
63 for (auto it = es._varToAbsVal.begin(); it != es._varToAbsVal.end(); ++it)
64 {
65 auto key = it->first;
66 if (other._varToAbsVal.find(key) != other._varToAbsVal.end())
67 if (it->second.isInterval() && other._varToAbsVal.at(key).isInterval())
68 it->second.getInterval().widen_with(other._varToAbsVal.at(key).getInterval());
69 }
70 for (auto it = es._addrToAbsVal.begin(); it != es._addrToAbsVal.end(); ++it)
71 {
72 auto key = it->first;
73 if (other._addrToAbsVal.find(key) != other._addrToAbsVal.end())
74 if (it->second.isInterval() && other._addrToAbsVal.at(key).isInterval())
75 it->second.getInterval().widen_with(other._addrToAbsVal.at(key).getInterval());
76 }
77 return es;
78}

Friends And Related Symbol Documentation

◆ RelationSolver

friend class RelationSolver
friend

Definition at line 61 of file AbstractState.h.

◆ SVFIR2AbsState

friend class SVFIR2AbsState
friend

Definition at line 60 of file AbstractState.h.

Member Data Documentation

◆ _addrToAbsVal

AddrToAbsValMap SVF::AbstractState::_addrToAbsVal
protected

Map a memory address to its stored abstract value.

Definition at line 190 of file AbstractState.h.

◆ _varToAbsVal

VarToAbsValMap SVF::AbstractState::_varToAbsVal
protected

Map a variable (symbol) to its abstract value.

Definition at line 188 of file AbstractState.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8