Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | Protected Attributes | Friends | List of all members
SVF::AbstractState Class Reference

#include <AbstractState.h>

Public Types

typedef Map< u32_t, AbstractValueVarToAbsValMap
 
typedef VarToAbsValMap AddrToAbsValMap
 

Public Member Functions

 AbstractState ()
 default constructor
 
 AbstractState (VarToAbsValMap &_varToValMap, AddrToAbsValMap &_locToValMap)
 
 AbstractState (const AbstractState &rhs)
 copy constructor
 
virtual ~AbstractState ()=default
 
AddressValue getGepObjAddrs (u32_t pointer, IntervalValue offset)
 
void initObjVar (const ObjVar *objVar)
 
IntervalValue getElementIndex (const GepStmt *gep)
 
IntervalValue getByteOffset (const GepStmt *gep)
 
AbstractValue loadValue (NodeID varId)
 
void storeValue (NodeID varId, AbstractValue val)
 
u32_t getAllocaInstByteSize (const AddrStmt *addr)
 
u32_t getIDFromAddr (u32_t addr) const
 Return the internal index if addr is an address otherwise return the value of idx.
 
 AbstractState (AbstractState &&rhs)
 move constructor
 
AbstractState bottom () const
 Set all value bottom.
 
AbstractState top () const
 Set all value top.
 
AbstractState sliceState (Set< u32_t > &sl)
 Copy some values and return a new IntervalExeState.
 
virtual AbstractValueoperator[] (u32_t varId)
 get abstract value of variable
 
virtual const AbstractValueoperator[] (u32_t varId) const
 get abstract value of variable
 
virtual AbstractValueload (u32_t addr)
 
virtual const AbstractValueload (u32_t addr) const
 
void store (u32_t addr, const AbstractValue &val)
 
bool inVarToAddrsTable (u32_t id) const
 whether the variable is in varToAddrs table
 
virtual bool inVarToValTable (u32_t id) const
 whether the variable is in varToVal table
 
bool inAddrToAddrsTable (u32_t id) const
 whether the memory address stores memory addresses
 
virtual bool inAddrToValTable (u32_t id) const
 whether the memory address stores abstract value
 
const VarToAbsValMapgetVarToVal () const
 get var2val map
 
const AddrToAbsValMapgetLocToVal () const
 get loc2val map
 
AbstractState widening (const AbstractState &other)
 domain widen with other, and return the widened domain
 
AbstractState narrowing (const AbstractState &other)
 domain narrow with other, and return the narrowed domain
 
void joinWith (const AbstractState &other)
 domain join with other, important! other widen this.
 
void meetWith (const AbstractState &other)
 domain meet with other, important! other widen this.
 
void addToFreedAddrs (NodeID addr)
 
bool isFreedMem (u32_t addr) const
 
const SVFTypegetPointeeElement (NodeID id)
 
void printAbstractState () const
 
std::string toString () const
 
u32_t hash () const
 
bool eqVarToValMap (const VarToAbsValMap &lhs, const VarToAbsValMap &rhs) const
 
bool geqVarToValMap (const VarToAbsValMap &lhs, const VarToAbsValMap &rhs) const
 
bool equals (const AbstractState &other) const
 
AbstractStateoperator= (const AbstractState &rhs)
 Assignment operator.
 
AbstractStateoperator= (AbstractState &&rhs)
 operator= move constructor
 
bool operator== (const AbstractState &rhs) const
 
bool operator!= (const AbstractState &rhs) const
 
bool operator< (const AbstractState &rhs) const
 
bool operator>= (const AbstractState &rhs) const
 
void clear ()
 

Static Public Member Functions

static u32_t getVirtualMemAddress (u32_t idx)
 The physical address starts with 0x7f...... + idx.
 
static bool isVirtualMemAddress (u32_t val)
 Check bit value of val start with 0x7F000000, filter by 0xFF000000.
 
static bool isNullMem (u32_t addr)
 
static bool isBlackHoleObjAddr (u32_t addr)
 

Protected Attributes

VarToAbsValMap _varToAbsVal
 Map a variable (symbol) to its abstract value.
 
AddrToAbsValMap _addrToAbsVal
 Map a memory address to its stored abstract value.
 
Set< NodeID_freedAddrs
 

Friends

class SVFIR2AbsState
 
class RelationSolver
 

Detailed Description

Definition at line 55 of file AbstractState.h.

Member Typedef Documentation

◆ AddrToAbsValMap

typedef VarToAbsValMap SVF::AbstractState::AddrToAbsValMap

Definition at line 61 of file AbstractState.h.

◆ VarToAbsValMap

typedef Map<u32_t, AbstractValue> SVF::AbstractState::VarToAbsValMap

Definition at line 60 of file AbstractState.h.

Constructor & Destructor Documentation

◆ AbstractState() [1/4]

SVF::AbstractState::AbstractState ( )
inline

default constructor

Definition at line 63 of file AbstractState.h.

64 {
65 }

◆ AbstractState() [2/4]

SVF::AbstractState::AbstractState ( VarToAbsValMap _varToValMap,
AddrToAbsValMap _locToValMap 
)
inline

Definition at line 67 of file AbstractState.h.

67: _varToAbsVal(_varToValMap), _addrToAbsVal(_locToValMap) {}
SVF::AbstractState::_varToAbsVal
VarToAbsValMap _varToAbsVal
Map a variable (symbol) to its abstract value.
Definition AbstractState.h:166
SVF::AbstractState::_addrToAbsVal
AddrToAbsValMap _addrToAbsVal
Map a memory address to its stored abstract value.
Definition AbstractState.h:167
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ AbstractState() [3/4]

SVF::AbstractState::AbstractState ( const AbstractState rhs)
inline

copy constructor

Definition at line 70 of file AbstractState.h.

70 : _varToAbsVal(rhs.getVarToVal()), _addrToAbsVal(rhs.getLocToVal()), _freedAddrs(rhs._freedAddrs)
71 {
72
73 }
SVF::AbstractState::_freedAddrs
Set< NodeID > _freedAddrs
Definition AbstractState.h:168

◆ ~AbstractState()

virtual SVF::AbstractState::~AbstractState ( )
virtualdefault

◆ AbstractState() [4/4]

SVF::AbstractState::AbstractState ( AbstractState &&  rhs)
inline

move constructor

Definition at line 114 of file AbstractState.h.

114 : _varToAbsVal(std::move(rhs._varToAbsVal)),
115 _addrToAbsVal(std::move(rhs._addrToAbsVal)),
116 _freedAddrs(std::move(rhs._freedAddrs))
117 {
118
119 }

Member Function Documentation

◆ addToFreedAddrs()

void SVF::AbstractState::addToFreedAddrs ( NodeID  addr)
inline

Definition at line 281 of file AbstractState.h.

282 {
283 _freedAddrs.insert(addr);
284 }

◆ bottom()

AbstractState SVF::AbstractState::bottom ( ) const
inline

Set all value bottom.

Definition at line 122 of file AbstractState.h.

123 {
124 AbstractState inv = *this;
125 for (auto &item: inv._varToAbsVal)
126 {
127 if (item.second.isInterval())
128 item.second.getInterval().set_to_bottom();
129 }
130 return inv;
131 }
item
cJSON * item
Definition cJSON.h:222
SVF::AbstractState::AbstractState
AbstractState()
default constructor
Definition AbstractState.h:63

◆ clear()

void SVF::AbstractState::clear ( )
inline

Definition at line 359 of file AbstractState.h.

360 {
361 _addrToAbsVal.clear();
362 _varToAbsVal.clear();
363 _freedAddrs.clear();
364 }

◆ equals()

bool AbstractState::equals ( const AbstractState other) const

Definition at line 37 of file AbstractState.cpp.

38{
39 return *this == other;
40}

◆ eqVarToValMap()

bool AbstractState::eqVarToValMap ( const VarToAbsValMap lhs,
const VarToAbsValMap rhs 
) const

Definition at line 552 of file AbstractState.cpp.

553{
554 if (lhs.size() != rhs.size()) return false;
555 for (const auto &item: lhs)
556 {
557 auto it = rhs.find(item.first);
558 if (it == rhs.end())
559 return false;
560 if (!item.second.equals(it->second))
561 return false;
562 }
563 return true;
564}

◆ geqVarToValMap()

bool AbstractState::geqVarToValMap ( const VarToAbsValMap lhs,
const VarToAbsValMap rhs 
) const

Definition at line 566 of file AbstractState.cpp.

567{
568 if (rhs.empty()) return true;
569 for (const auto &item: rhs)
570 {
571 auto it = lhs.find(item.first);
572 if (it == lhs.end()) return false;
573 if (!it->second.getInterval().contain(
574 item.second.getInterval()))
575 return false;
576 }
577 return true;
578}

◆ getAllocaInstByteSize()

u32_t AbstractState::getAllocaInstByteSize ( const AddrStmt addr)

Definition at line 519 of file AbstractState.cpp.

520{
521 if (const ObjVar* objvar = SVFUtil::dyn_cast<ObjVar>(addr->getRHSVar()))
522 {
523 if (PAG::getPAG()->getBaseObject(objvar->getId())->isConstantByteSize())
524 {
525 u32_t sz = PAG::getPAG()->getBaseObject(objvar->getId())->getByteSizeOfObj();
526 return sz;
527 }
528
529 else
530 {
531 const std::vector<SVFVar*>& sizes = addr->getArrSize();
532 // Default element size is set to 1.
533 u32_t elementSize = 1;
534 u64_t res = elementSize;
535 for (const SVFVar* value: sizes)
536 {
537 if (!inVarToValTable(value->getId()))
538 {
539 (*this)[value->getId()] = IntervalValue(Options::MaxFieldLimit());
540 }
541 IntervalValue itv =
542 (*this)[value->getId()].getInterval();
543 res = res * itv.ub().getIntNumeral() > Options::MaxFieldLimit()? Options::MaxFieldLimit(): res * itv.ub().getIntNumeral();
544 }
545 return (u32_t)res;
546 }
547 }
548 assert (false && "Addr rhs value is not ObjVar");
549 abort();
550}
u32_t
unsigned u32_t
Definition CommandLine.h:18
SVF::AbstractState::inVarToValTable
virtual bool inVarToValTable(u32_t id) const
whether the variable is in varToVal table
Definition AbstractState.h:221
SVF::BaseObjVar::getByteSizeOfObj
u32_t getByteSizeOfObj() const
Get the byte size of this object.
Definition SVFVariables.h:687
SVF::BoundedInt::getIntNumeral
s64_t getIntNumeral() const
Definition NumericValue.h:706
SVF::IntervalValue::ub
const BoundedInt & ub() const
Return the upper bound.
Definition IntervalValue.h:227
SVF::Options::MaxFieldLimit
static const Option< u32_t > MaxFieldLimit
Maximum number of field derivations for an object.
Definition Options.h:35
SVF::SVFIR::getBaseObject
const BaseObjVar * getBaseObject(NodeID id) const
Definition SVFIR.h:488
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::u64_t
unsigned long long u64_t
Definition GeneralType.h:49

◆ getByteOffset()

IntervalValue AbstractState::getByteOffset ( const GepStmt gep)

Definition at line 304 of file AbstractState.cpp.

305{
306 // If the GEP statement has a constant byte offset, return it directly as the interval value
307 if (gep->isConstantOffset())
308 return IntervalValue((s64_t)gep->accumulateConstantByteOffset());
309
310 IntervalValue res(0); // Initialize the result interval 'res' to 0.
311
312 // Loop through the offsetVarAndGepTypePairVec in reverse order.
313 for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
314 {
315 const ValVar* idxOperandVar = gep->getOffsetVarAndGepTypePairVec()[i].first;
316 const SVFType* idxOperandType = gep->getOffsetVarAndGepTypePairVec()[i].second;
317
318 // Calculate the byte offset for array or pointer types
319 if (SVFUtil::isa<SVFArrayType>(idxOperandType) || SVFUtil::isa<SVFPointerType>(idxOperandType))
320 {
321 u32_t elemByteSize = 1;
322 if (const SVFArrayType* arrOperandType = SVFUtil::dyn_cast<SVFArrayType>(idxOperandType))
323 elemByteSize = arrOperandType->getTypeOfElement()->getByteSize();
324 else if (SVFUtil::isa<SVFPointerType>(idxOperandType))
325 elemByteSize = gep->getAccessPath().gepSrcPointeeType()->getByteSize();
326 else
327 assert(false && "idxOperandType must be ArrType or PtrType");
328
329 if (const ConstIntValVar* op = SVFUtil::dyn_cast<ConstIntValVar>(idxOperandVar))
330 {
331 // Calculate the lower bound (lb) of the interval value
332 s64_t lb = (double)Options::MaxFieldLimit() / elemByteSize >= op->getSExtValue()
333 ? op->getSExtValue() * elemByteSize
334 : Options::MaxFieldLimit();
335 res = res + IntervalValue(lb, lb);
336 }
337 else
338 {
339 IntervalValue idxVal = (*this)[idxOperandVar->getId()].getInterval();
340
341 if (idxVal.isBottom())
342 res = res + IntervalValue(0, 0);
343 else
344 {
345 // Ensure the bounds are non-negative and within the field limit
346 s64_t ub = (idxVal.ub().getIntNumeral() < 0) ? 0
347 : (double)Options::MaxFieldLimit() / elemByteSize >= idxVal.ub().getIntNumeral()
348 ? elemByteSize * idxVal.ub().getIntNumeral()
349 : Options::MaxFieldLimit();
350 s64_t lb = (idxVal.lb().getIntNumeral() < 0) ? 0
351 : (double)Options::MaxFieldLimit() / elemByteSize >= idxVal.lb().getIntNumeral()
352 ? elemByteSize * idxVal.lb().getIntNumeral()
353 : Options::MaxFieldLimit();
354 res = res + IntervalValue(lb, ub);
355 }
356 }
357 }
358 // Process struct subtypes by calculating the byte offset from the beginning to the field of the struct
359 else if (const SVFStructType* structOperandType = SVFUtil::dyn_cast<SVFStructType>(idxOperandType))
360 {
361 res = res + IntervalValue(gep->getAccessPath().getStructFieldOffset(idxOperandVar, structOperandType));
362 }
363 else
364 {
365 assert(false && "gep type pair only support arr/ptr/struct");
366 }
367 }
368 return res; // Return the resulting byte offset as an IntervalValue.
369}
SVF::Options
Carries around command line options.
Definition Options.h:17
SVF::SVFType::getByteSize
u32_t getByteSize() const
Definition SVFType.h:289
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50

◆ getElementIndex()

IntervalValue AbstractState::getElementIndex ( const GepStmt gep)

Definition at line 231 of file AbstractState.cpp.

232{
233 // If the GEP statement has a constant offset, return it directly as the interval value
234 if (gep->isConstantOffset())
235 return IntervalValue((s64_t)gep->accumulateConstantOffset());
236
237 IntervalValue res(0);
238 // Iterate over the list of offset variable and type pairs in reverse order
239 for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
240 {
241 AccessPath::IdxOperandPair IdxVarAndType = gep->getOffsetVarAndGepTypePairVec()[i];
242 const ValVar* var = gep->getOffsetVarAndGepTypePairVec()[i].first;
243 const SVFType* type = IdxVarAndType.second;
244
245 // Variables to store the lower and upper bounds of the index value
246 s64_t idxLb;
247 s64_t idxUb;
248
249 // Determine the lower and upper bounds based on whether the value is a constant
250 if (const ConstIntValVar* constInt = SVFUtil::dyn_cast<ConstIntValVar>(var))
251 idxLb = idxUb = constInt->getSExtValue();
252 else
253 {
254 IntervalValue idxItv = (*this)[var->getId()].getInterval();
255 if (idxItv.isBottom())
256 idxLb = idxUb = 0;
257 else
258 {
259 idxLb = idxItv.lb().getIntNumeral();
260 idxUb = idxItv.ub().getIntNumeral();
261 }
262 }
263
264 // Adjust the bounds if the type is a pointer
265 if (SVFUtil::isa<SVFPointerType>(type))
266 {
267 u32_t elemNum = gep->getAccessPath().getElementNum(gep->getAccessPath().gepSrcPointeeType());
268 idxLb = (double)Options::MaxFieldLimit() / elemNum < idxLb ? Options::MaxFieldLimit() : idxLb * elemNum;
269 idxUb = (double)Options::MaxFieldLimit() / elemNum < idxUb ? Options::MaxFieldLimit() : idxUb * elemNum;
270 }
271 // Adjust the bounds for array or struct types using the symbol table info
272 else
273 {
274 if (Options::ModelArrays())
275 {
276 const std::vector<u32_t>& so = PAG::getPAG()->getTypeInfo(type)->getFlattenedElemIdxVec();
277 if (so.empty() || idxUb >= (APOffset)so.size() || idxLb < 0)
278 {
279 idxLb = idxUb = 0;
280 }
281 else
282 {
283 idxLb = PAG::getPAG()->getFlattenedElemIdx(type, idxLb);
284 idxUb = PAG::getPAG()->getFlattenedElemIdx(type, idxUb);
285 }
286 }
287 else
288 idxLb = idxUb = 0;
289 }
290
291 // Add the calculated interval to the result
292 res = res + IntervalValue(idxLb, idxUb);
293 }
294
295 // Ensure the result is within the bounds of [0, MaxFieldLimit]
296 res.meet_with(IntervalValue((s64_t)0, (s64_t)Options::MaxFieldLimit()));
297 if (res.isBottom())
298 {
299 res = IntervalValue(0);
300 }
301 return res;
302}
type
newitem type
Definition cJSON.cpp:2739
SVF::AccessPath::IdxOperandPair
std::pair< const ValVar *, const SVFType * > IdxOperandPair
Definition AccessPath.h:62
SVF::IRGraph::getFlattenedElemIdx
u32_t getFlattenedElemIdx(const SVFType *T, u32_t origId)
Flattened element idx of an array or struct by considering stride.
Definition IRGraph.cpp:144
SVF::IRGraph::getTypeInfo
const StInfo * getTypeInfo(const SVFType *T) const
Get struct info.
Definition IRGraph.cpp:242
SVF::IntervalValue::lb
const BoundedInt & lb() const
Return the lower bound.
Definition IntervalValue.h:220
SVF::Options::ModelArrays
static Option< bool > ModelArrays
Definition Options.h:185
SVF::StInfo::getFlattenedElemIdxVec
std::vector< u32_t > & getFlattenedElemIdxVec()
Definition SVFType.h:125
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60

◆ getGepObjAddrs()

AddressValue AbstractState::getGepObjAddrs ( u32_t  pointer,
IntervalValue  offset 
)

Definition at line 162 of file AbstractState.cpp.

163{
164 AddressValue gepAddrs;
165 APOffset lb = offset.lb().getIntNumeral() < Options::MaxFieldLimit() ? offset.lb().getIntNumeral()
166 : Options::MaxFieldLimit();
167 APOffset ub = offset.ub().getIntNumeral() < Options::MaxFieldLimit() ? offset.ub().getIntNumeral()
168 : Options::MaxFieldLimit();
169 for (APOffset i = lb; i <= ub; i++)
170 {
171 AbstractValue addrs = (*this)[pointer];
172 for (const auto& addr : addrs.getAddrs())
173 {
174 s64_t baseObj = getIDFromAddr(addr);
175 assert(SVFUtil::isa<ObjVar>(PAG::getPAG()->getSVFVar(baseObj)) && "Fail to get the base object address!");
176 NodeID gepObj = PAG::getPAG()->getGepObjVar(baseObj, i);
177 (*this)[gepObj] = AddressValue(AbstractState::getVirtualMemAddress(gepObj));
178 gepAddrs.insert(AbstractState::getVirtualMemAddress(gepObj));
179 }
180 }
181
182 return gepAddrs;
183}
offset
buffer offset
Definition cJSON.cpp:1113
SVF::AbstractState::getIDFromAddr
u32_t getIDFromAddr(u32_t addr) const
Return the internal index if addr is an address otherwise return the value of idx.
Definition AbstractState.h:108
SVF::AbstractState::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AbstractState.h:96
SVF::SVFIR::getGepObjVar
const GepObjVar * getGepObjVar(NodeID id) const
Definition SVFIR.h:165
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

◆ getIDFromAddr()

u32_t SVF::AbstractState::getIDFromAddr ( u32_t  addr) const
inline

Return the internal index if addr is an address otherwise return the value of idx.

Definition at line 108 of file AbstractState.h.

109 {
110 return _freedAddrs.count(addr) ? AddressValue::getInternalID(BlackHoleObjAddr) : AddressValue::getInternalID(addr);
111 }
BlackHoleObjAddr
#define BlackHoleObjAddr
Definition AddressValue.h:36
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AddressValue.h:57

◆ getLocToVal()

const AddrToAbsValMap & SVF::AbstractState::getLocToVal ( ) const
inline

get loc2val map

Definition at line 264 of file AbstractState.h.

265 {
266 return _addrToAbsVal;
267 }

◆ getPointeeElement()

const SVFType * AbstractState::getPointeeElement ( NodeID  id)

if this NodeID in SVFIR is a pointer, get the pointee type e.g arr = (int*) malloc(10*sizeof(int)) getPointeeType(arr) -> return int we can set arr[0]='c', arr[1]='c', arr[2]='\0'

Parameters
callcallnode of memset like api

Definition at line 498 of file AbstractState.cpp.

499{
500 SVFIR* svfir = PAG::getPAG();
501 if (inVarToAddrsTable(id))
502 {
503 const AbstractValue& addrs = (*this)[id];
504 for (auto addr: addrs.getAddrs())
505 {
506 NodeID addr_id = getIDFromAddr(addr);
507 if (addr_id == 0) // nullptr skip
508 continue;
509 return svfir->getBaseObject(addr_id)->getType();
510 }
511 }
512 else
513 {
514 // do nothing if no record in addrs table.
515 }
516 return nullptr;
517}
SVF::AbstractState::inVarToAddrsTable
bool inVarToAddrsTable(u32_t id) const
whether the variable is in varToAddrs table
Definition AbstractState.h:210
SVF::BaseObjVar::getType
const SVFType * getType() const
Get obj type.
Definition SVFVariables.h:640

◆ getVarToVal()

const VarToAbsValMap & SVF::AbstractState::getVarToVal ( ) const
inline

get var2val map

Definition at line 258 of file AbstractState.h.

259 {
260 return _varToAbsVal;
261 }

◆ getVirtualMemAddress()

static u32_t SVF::AbstractState::getVirtualMemAddress ( u32_t  idx)
inlinestatic

The physical address starts with 0x7f...... + idx.

Definition at line 96 of file AbstractState.h.

97 {
98 return AddressValue::getVirtualMemAddress(idx);
99 }
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AddressValue.h:210

◆ hash()

u32_t AbstractState::hash ( ) const

Definition at line 42 of file AbstractState.cpp.

43{
44 size_t h = getVarToVal().size() * 2;
45 Hash<u32_t> hf;
46 for (const auto &t: getVarToVal())
47 {
48 h ^= hf(t.first) + 0x9e3779b9 + (h << 6) + (h >> 2);
49 }
50 size_t h2 = getLocToVal().size() * 2;
51 for (const auto &t: getLocToVal())
52 {
53 h2 ^= hf(t.first) + 0x9e3779b9 + (h2 << 6) + (h2 >> 2);
54 }
55 Hash<std::pair<u32_t, u32_t>> pairH;
56 return pairH({h, h2});
57}
SVF::AbstractState::getLocToVal
const AddrToAbsValMap & getLocToVal() const
get loc2val map
Definition AbstractState.h:264
SVF::AbstractState::getVarToVal
const VarToAbsValMap & getVarToVal() const
get var2val map
Definition AbstractState.h:258

◆ inAddrToAddrsTable()

bool SVF::AbstractState::inAddrToAddrsTable ( u32_t  id) const
inline

whether the memory address stores memory addresses

Definition at line 232 of file AbstractState.h.

233 {
234 if (_addrToAbsVal.find(id)!= _addrToAbsVal.end())
235 {
236 if (_addrToAbsVal.at(id).isAddr())
237 {
238 return true;
239 }
240 }
241 return false;
242 }

◆ inAddrToValTable()

virtual bool SVF::AbstractState::inAddrToValTable ( u32_t  id) const
inlinevirtual

whether the memory address stores abstract value

Definition at line 245 of file AbstractState.h.

246 {
247 if (_addrToAbsVal.find(id) != _addrToAbsVal.end())
248 {
249 if (_addrToAbsVal.at(id).isInterval())
250 {
251 return true;
252 }
253 }
254 return false;
255 }

◆ initObjVar()

void AbstractState::initObjVar ( const ObjVar objVar)

Definition at line 185 of file AbstractState.cpp.

186{
187 NodeID varId = objVar->getId();
188
189 // Check if the object variable has an associated value
190
191 const BaseObjVar* obj = PAG::getPAG()->getBaseObject(objVar->getId());
192
193 // Handle constant data, arrays, and structures
194 if (obj->isConstDataOrConstGlobal() || obj->isConstantArray() || obj->isConstantStruct())
195 {
196 if (const ConstIntObjVar* consInt = SVFUtil::dyn_cast<ConstIntObjVar>(objVar))
197 {
198 s64_t numeral = consInt->getSExtValue();
199 (*this)[varId] = IntervalValue(numeral, numeral);
200 }
201 else if (const ConstFPObjVar* consFP = SVFUtil::dyn_cast<ConstFPObjVar>(objVar))
202 {
203 (*this)[varId] = IntervalValue(consFP->getFPValue(), consFP->getFPValue());
204 }
205 else if (SVFUtil::isa<ConstNullPtrObjVar>(objVar))
206 {
207 (*this)[varId] = IntervalValue(0, 0);
208 }
209 else if (SVFUtil::isa<GlobalObjVar>(objVar))
210 {
211 (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
212 }
213 else if (obj->isConstantArray() || obj->isConstantStruct())
214 {
215 (*this)[varId] = IntervalValue::top();
216 }
217 else
218 {
219 (*this)[varId] = IntervalValue::top();
220 }
221 }
222 // Handle non-constant memory objects
223 else
224 {
225 (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
226 }
227 return;
228}
SVF::IntervalValue::top
static IntervalValue top()
Create the IntervalValue [-inf, +inf].
Definition IntervalValue.h:94

◆ inVarToAddrsTable()

bool SVF::AbstractState::inVarToAddrsTable ( u32_t  id) const
inline

whether the variable is in varToAddrs table

Definition at line 210 of file AbstractState.h.

211 {
212 if (_varToAbsVal.find(id)!= _varToAbsVal.end())
213 {
214 if (_varToAbsVal.at(id).isAddr())
215 return true;
216 }
217 return false;
218 }

◆ inVarToValTable()

virtual bool SVF::AbstractState::inVarToValTable ( u32_t  id) const
inlinevirtual

whether the variable is in varToVal table

Definition at line 221 of file AbstractState.h.

222 {
223 if (_varToAbsVal.find(id) != _varToAbsVal.end())
224 {
225 if (_varToAbsVal.at(id).isInterval())
226 return true;
227 }
228 return false;
229 }

◆ isBlackHoleObjAddr()

static bool SVF::AbstractState::isBlackHoleObjAddr ( u32_t  addr)
inlinestatic

Definition at line 159 of file AbstractState.h.

160 {
161 return addr == BlackHoleObjAddr;
162 }

◆ isFreedMem()

bool SVF::AbstractState::isFreedMem ( u32_t  addr) const
inline

Definition at line 286 of file AbstractState.h.

287 {
288 return _freedAddrs.find(addr) != _freedAddrs.end();
289 }

◆ isNullMem()

static bool SVF::AbstractState::isNullMem ( u32_t  addr)
inlinestatic

Definition at line 154 of file AbstractState.h.

155 {
156 return addr == NullMemAddr;
157 }
NullMemAddr
#define NullMemAddr
Definition AddressValue.h:38

◆ isVirtualMemAddress()

static bool SVF::AbstractState::isVirtualMemAddress ( u32_t  val)
inlinestatic

Check bit value of val start with 0x7F000000, filter by 0xFF000000.

Definition at line 102 of file AbstractState.h.

103 {
104 return AddressValue::isVirtualMemAddress(val);
105 }
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AddressValue.h:218

◆ joinWith()

void AbstractState::joinWith ( const AbstractState other)

domain join with other, important! other widen this.

Definition at line 102 of file AbstractState.cpp.

103{
104 for (auto it = other._varToAbsVal.begin(); it != other._varToAbsVal.end(); ++it)
105 {
106 auto key = it->first;
107 auto oit = _varToAbsVal.find(key);
108 if (oit != _varToAbsVal.end())
109 {
110 oit->second.join_with(it->second);
111 }
112 else
113 {
114 _varToAbsVal.emplace(key, it->second);
115 }
116 }
117 for (auto it = other._addrToAbsVal.begin(); it != other._addrToAbsVal.end(); ++it)
118 {
119 auto key = it->first;
120 auto oit = _addrToAbsVal.find(key);
121 if (oit != _addrToAbsVal.end())
122 {
123 oit->second.join_with(it->second);
124 }
125 else
126 {
127 _addrToAbsVal.emplace(key, it->second);
128 }
129 }
130 _freedAddrs.insert(other._freedAddrs.begin(), other._freedAddrs.end());
131}

◆ load() [1/2]

virtual AbstractValue & SVF::AbstractState::load ( u32_t  addr)
inlinevirtual

Definition at line 187 of file AbstractState.h.

188 {
189 assert(isVirtualMemAddress(addr) && "not virtual address?");
190 u32_t objId = getIDFromAddr(addr);
191 return _addrToAbsVal[objId];
192 }
SVF::AbstractState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AbstractState.h:102

◆ load() [2/2]

virtual const AbstractValue & SVF::AbstractState::load ( u32_t  addr) const
inlinevirtual

Definition at line 194 of file AbstractState.h.

195 {
196 assert(isVirtualMemAddress(addr) && "not virtual address?");
197 u32_t objId = getIDFromAddr(addr);
198 return _addrToAbsVal.at(objId);
199 }

◆ loadValue()

AbstractValue AbstractState::loadValue ( NodeID  varId)

Definition at line 371 of file AbstractState.cpp.

372{
373 AbstractValue res;
374 for (auto addr : (*this)[varId].getAddrs())
375 {
376 res.join_with(load(addr)); // q = *p
377 }
378 return res;
379}
SVF::AbstractState::load
virtual AbstractValue & load(u32_t addr)
Definition AbstractState.h:187
SVF::AbstractValue::join_with
void join_with(const AbstractValue &other)
Definition AbstractValue.h:128

◆ meetWith()

void AbstractState::meetWith ( const AbstractState other)

domain meet with other, important! other widen this.

Definition at line 134 of file AbstractState.cpp.

135{
136 for (auto it = other._varToAbsVal.begin(); it != other._varToAbsVal.end(); ++it)
137 {
138 auto key = it->first;
139 auto oit = _varToAbsVal.find(key);
140 if (oit != _varToAbsVal.end())
141 {
142 oit->second.meet_with(it->second);
143 }
144 }
145 for (auto it = other._addrToAbsVal.begin(); it != other._addrToAbsVal.end(); ++it)
146 {
147 auto key = it->first;
148 auto oit = _addrToAbsVal.find(key);
149 if (oit != _addrToAbsVal.end())
150 {
151 oit->second.meet_with(it->second);
152 }
153 }
154 Set<NodeID> intersection;
155 std::set_intersection(_freedAddrs.begin(), _freedAddrs.end(),
156 other._freedAddrs.begin(), other._freedAddrs.end(),
157 std::inserter(intersection, intersection.begin()));
158 _freedAddrs = std::move(intersection);
159}

◆ narrowing()

AbstractState AbstractState::narrowing ( const AbstractState other)

domain narrow with other, and return the narrowed domain

Definition at line 80 of file AbstractState.cpp.

81{
82 AbstractState es = *this;
83 for (auto it = es._varToAbsVal.begin(); it != es._varToAbsVal.end(); ++it)
84 {
85 auto key = it->first;
86 if (other._varToAbsVal.find(key) != other._varToAbsVal.end())
87 if (it->second.isInterval() && other._varToAbsVal.at(key).isInterval())
88 it->second.getInterval().narrow_with(other._varToAbsVal.at(key).getInterval());
89 }
90 for (auto it = es._addrToAbsVal.begin(); it != es._addrToAbsVal.end(); ++it)
91 {
92 auto key = it->first;
93 if (other._addrToAbsVal.find(key) != other._addrToAbsVal.end())
94 if (it->second.isInterval() && other._addrToAbsVal.at(key).isInterval())
95 it->second.getInterval().narrow_with(other._addrToAbsVal.at(key).getInterval());
96 }
97 return es;
98
99}

◆ operator!=()

bool SVF::AbstractState::operator!= ( const AbstractState rhs) const
inline

Definition at line 344 of file AbstractState.h.

345 {
346 return !(*this == rhs);
347 }

◆ operator<()

bool SVF::AbstractState::operator< ( const AbstractState rhs) const
inline

Definition at line 349 of file AbstractState.h.

350 {
351 return !(*this >= rhs);
352 }

◆ operator=() [1/2]

AbstractState & SVF::AbstractState::operator= ( AbstractState &&  rhs)
inline

operator= move constructor

Definition at line 327 of file AbstractState.h.

328 {
329 if (&rhs != this)
330 {
331 _varToAbsVal = std::move(rhs._varToAbsVal);
332 _addrToAbsVal = std::move(rhs._addrToAbsVal);
333 _freedAddrs = std::move(rhs._freedAddrs);
334 }
335 return *this;
336 }

◆ operator=() [2/2]

AbstractState & SVF::AbstractState::operator= ( const AbstractState rhs)
inline

Assignment operator.

Definition at line 315 of file AbstractState.h.

316 {
317 if (&rhs != this)
318 {
319 _varToAbsVal = rhs._varToAbsVal;
320 _addrToAbsVal = rhs._addrToAbsVal;
321 _freedAddrs = rhs._freedAddrs;
322 }
323 return *this;
324 }

◆ operator==()

bool SVF::AbstractState::operator== ( const AbstractState rhs) const
inline

Definition at line 338 of file AbstractState.h.

339 {
340 return eqVarToValMap(_varToAbsVal, rhs.getVarToVal()) &&
341 eqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
342 }
SVF::AbstractState::eqVarToValMap
bool eqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs) const
Definition AbstractState.cpp:552

◆ operator>=()

bool SVF::AbstractState::operator>= ( const AbstractState rhs) const
inline

Definition at line 354 of file AbstractState.h.

355 {
356 return geqVarToValMap(_varToAbsVal, rhs.getVarToVal()) && geqVarToValMap(_addrToAbsVal, rhs.getLocToVal());
357 }
SVF::AbstractState::geqVarToValMap
bool geqVarToValMap(const VarToAbsValMap &lhs, const VarToAbsValMap &rhs) const
Definition AbstractState.cpp:566

◆ operator[]() [1/2]

virtual AbstractValue & SVF::AbstractState::operator[] ( u32_t  varId)
inlinevirtual

get abstract value of variable

Definition at line 174 of file AbstractState.h.

175 {
176 assert(!isVirtualMemAddress(varId) && "varId is a virtual memory address, use load() instead");
177 return _varToAbsVal[varId];
178 }

◆ operator[]() [2/2]

virtual const AbstractValue & SVF::AbstractState::operator[] ( u32_t  varId) const
inlinevirtual

get abstract value of variable

Definition at line 181 of file AbstractState.h.

182 {
183 assert(!isVirtualMemAddress(varId) && "varId is a virtual memory address, use load() instead");
184 return _varToAbsVal.at(varId);
185 }

◆ printAbstractState()

void AbstractState::printAbstractState ( ) const

Definition at line 389 of file AbstractState.cpp.

390{
391 SVFUtil::outs() << "-----------Var and Value-----------\n";
392 u32_t fieldWidth = 20;
393 SVFUtil::outs().flags(std::ios::left);
394 std::vector<std::pair<u32_t, AbstractValue>> varToAbsValVec(_varToAbsVal.begin(), _varToAbsVal.end());
395 std::sort(varToAbsValVec.begin(), varToAbsValVec.end(), [](const auto &a, const auto &b)
396 {
397 return a.first < b.first;
398 });
399 for (const auto &item: varToAbsValVec)
400 {
401 SVFUtil::outs() << std::left << std::setw(fieldWidth) << ("Var" + std::to_string(item.first));
402 if (item.second.isInterval())
403 {
404 SVFUtil::outs() << " Value: " << item.second.getInterval().toString() << "\n";
405 }
406 else if (item.second.isAddr())
407 {
408 SVFUtil::outs() << " Value: {";
409 u32_t i = 0;
410 for (const auto& addr: item.second.getAddrs())
411 {
412 ++i;
413 if (i < item.second.getAddrs().size())
414 {
415 SVFUtil::outs() << "0x" << std::hex << addr << ", ";
416 }
417 else
418 {
419 SVFUtil::outs() << "0x" << std::hex << addr;
420 }
421 }
422 SVFUtil::outs() << "}\n";
423 }
424 else
425 {
426 SVFUtil::outs() << " Value: ⊥\n";
427 }
428 }
429
430 std::vector<std::pair<u32_t, AbstractValue>> addrToAbsValVec(_addrToAbsVal.begin(), _addrToAbsVal.end());
431 std::sort(addrToAbsValVec.begin(), addrToAbsValVec.end(), [](const auto &a, const auto &b)
432 {
433 return a.first < b.first;
434 });
435
436 for (const auto& item: addrToAbsValVec)
437 {
438 std::ostringstream oss;
439 oss << "0x" << std::hex << AbstractState::getVirtualMemAddress(item.first);
440 SVFUtil::outs() << std::left << std::setw(fieldWidth) << oss.str();
441 if (item.second.isInterval())
442 {
443 SVFUtil::outs() << " Value: " << item.second.getInterval().toString() << "\n";
444 }
445 else if (item.second.isAddr())
446 {
447 SVFUtil::outs() << " Value: {";
448 u32_t i = 0;
449 for (const auto& addr: item.second.getAddrs())
450 {
451 ++i;
452 if (i < item.second.getAddrs().size())
453 {
454 SVFUtil::outs() << "0x" << std::hex << addr << ", ";
455 }
456 else
457 {
458 SVFUtil::outs() << "0x" << std::hex << addr;
459 }
460 }
461 SVFUtil::outs() << "}\n";
462 }
463 else
464 {
465 SVFUtil::outs() << " Value: ⊥\n";
466 }
467 }
468 SVFUtil::outs() << "-----------------------------------------\n";
469}
a
cJSON * a
Definition cJSON.cpp:2560
b
const cJSON *const b
Definition cJSON.h:255
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52

◆ sliceState()

AbstractState SVF::AbstractState::sliceState ( Set< u32_t > &  sl)
inline

Copy some values and return a new IntervalExeState.

Definition at line 146 of file AbstractState.h.

147 {
148 AbstractState inv;
149 for (u32_t id: sl)
150 inv._varToAbsVal[id] = _varToAbsVal[id];
151 return inv;
152 }

◆ store()

void SVF::AbstractState::store ( u32_t  addr,
const AbstractValue val 
)
inline

Definition at line 201 of file AbstractState.h.

202 {
203 assert(isVirtualMemAddress(addr) && "not virtual address?");
204 u32_t objId = getIDFromAddr(addr);
205 if (isNullMem(addr)) return;
206 _addrToAbsVal[objId] = val;
207 }
SVF::AbstractState::isNullMem
static bool isNullMem(u32_t addr)
Definition AbstractState.h:154

◆ storeValue()

void AbstractState::storeValue ( NodeID  varId,
AbstractValue  val 
)

Definition at line 381 of file AbstractState.cpp.

382{
383 for (auto addr : (*this)[varId].getAddrs())
384 {
385 store(addr, val); // *p = q
386 }
387}
SVF::AbstractState::store
void store(u32_t addr, const AbstractValue &val)
Definition AbstractState.h:201

◆ top()

AbstractState SVF::AbstractState::top ( ) const
inline

Set all value top.

Definition at line 134 of file AbstractState.h.

135 {
136 AbstractState inv = *this;
137 for (auto &item: inv._varToAbsVal)
138 {
139 if (item.second.isInterval())
140 item.second.getInterval().set_to_top();
141 }
142 return inv;
143 }

◆ toString()

std::string AbstractState::toString ( ) const

Definition at line 471 of file AbstractState.cpp.

472{
473 u32_t varIntervals = 0, varAddrs = 0, varBottom = 0;
474 for (const auto& item : _varToAbsVal)
475 {
476 if (item.second.isInterval()) ++varIntervals;
477 else if (item.second.isAddr()) ++varAddrs;
478 else ++varBottom;
479 }
480 u32_t addrIntervals = 0, addrAddrs = 0, addrBottom = 0;
481 for (const auto& item : _addrToAbsVal)
482 {
483 if (item.second.isInterval()) ++addrIntervals;
484 else if (item.second.isAddr()) ++addrAddrs;
485 else ++addrBottom;
486 }
487 std::ostringstream oss;
488 oss << "AbstractState {\n"
489 << " VarToAbsVal: " << _varToAbsVal.size() << " entries ("
490 << varIntervals << " intervals, " << varAddrs << " addresses, " << varBottom << " bottom)\n"
491 << " AddrToAbsVal: " << _addrToAbsVal.size() << " entries ("
492 << addrIntervals << " intervals, " << addrAddrs << " addresses, " << addrBottom << " bottom)\n"
493 << " FreedAddrs: " << _freedAddrs.size() << "\n"
494 << "}";
495 return oss.str();
496}

◆ widening()

AbstractState AbstractState::widening ( const AbstractState other)

domain widen with other, and return the widened domain

Definition at line 59 of file AbstractState.cpp.

60{
61 // widen interval
62 AbstractState es = *this;
63 for (auto it = es._varToAbsVal.begin(); it != es._varToAbsVal.end(); ++it)
64 {
65 auto key = it->first;
66 if (other._varToAbsVal.find(key) != other._varToAbsVal.end())
67 if (it->second.isInterval() && other._varToAbsVal.at(key).isInterval())
68 it->second.getInterval().widen_with(other._varToAbsVal.at(key).getInterval());
69 }
70 for (auto it = es._addrToAbsVal.begin(); it != es._addrToAbsVal.end(); ++it)
71 {
72 auto key = it->first;
73 if (other._addrToAbsVal.find(key) != other._addrToAbsVal.end())
74 if (it->second.isInterval() && other._addrToAbsVal.at(key).isInterval())
75 it->second.getInterval().widen_with(other._addrToAbsVal.at(key).getInterval());
76 }
77 return es;
78}

Friends And Related Symbol Documentation

◆ RelationSolver

friend class RelationSolver
friend

Definition at line 58 of file AbstractState.h.

◆ SVFIR2AbsState

friend class SVFIR2AbsState
friend

Definition at line 57 of file AbstractState.h.

Member Data Documentation

◆ _addrToAbsVal

AddrToAbsValMap SVF::AbstractState::_addrToAbsVal
protected

Map a memory address to its stored abstract value.

Definition at line 167 of file AbstractState.h.

◆ _freedAddrs

Set<NodeID> SVF::AbstractState::_freedAddrs
protected

Definition at line 168 of file AbstractState.h.

◆ _varToAbsVal

VarToAbsValMap SVF::AbstractState::_varToAbsVal
protected

Map a variable (symbol) to its abstract value.

Definition at line 166 of file AbstractState.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8