Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | List of all members
SVF::CDGBuilder Class Reference

#include <CDGBuilder.h>

Public Member Functions

 CDGBuilder ()
 constructor
 
 ~CDGBuilder ()
 destructor
 
void build ()
 start here
 
void buildControlDependence ()
 build control dependence for each function
 
void buildICFGNodeControlMap ()
 build map at icfg node level
 

Private Member Functions

void extractNodesBetweenPdomNodes (const SVFBasicBlock *succ, const SVFBasicBlock *LCA, std::vector< const SVFBasicBlock * > &tgtNodes)
 extract nodes between two nodes in pdom tree
 
void dfsNodesBetweenPdomNodes (const SVFBasicBlock *cur, const SVFBasicBlock *tgt, std::vector< const SVFBasicBlock * > &path, std::vector< const SVFBasicBlock * > &tgtNodes, SVFLoopAndDomInfo *ld)
 
s64_t getBBSuccessorBranchID (const SVFBasicBlock *BB, const SVFBasicBlock *Succ)
 
void updateMap (const SVFBasicBlock *pred, const SVFBasicBlock *bb, s32_t pos)
 update map
 

Static Private Member Functions

static void extractBBS (const FunObjVar *func, Map< const SVFBasicBlock *, std::vector< const SVFBasicBlock * > > &res)
 extract basic block edges to be processed
 

Private Attributes

CDG_controlDG
 
Map< const SVFBasicBlock *, Map< const SVFBasicBlock *, Set< s32_t > > > _svfcontrolMap
 map a basicblock to its controlling BBs (position, set of BBs)
 
Map< const SVFBasicBlock *, Map< const SVFBasicBlock *, Set< s32_t > > > _svfdependentOnMap
 map a basicblock to its dependent on BBs (position, set of BBs)
 
Map< const ICFGNode *, Map< const ICFGNode *, Set< s32_t > > > _nodeControlMap
 map an ICFG node to its controlling ICFG nodes (position, set of Nodes)
 
Map< const ICFGNode *, Map< const ICFGNode *, Set< s32_t > > > _nodeDependentOnMap
 map an ICFG node to its dependent on ICFG nodes (position, set of Nodes)
 

Detailed Description

Definition at line 38 of file CDGBuilder.h.

Constructor & Destructor Documentation

◆ CDGBuilder()

SVF::CDGBuilder::CDGBuilder ( )
inline

constructor

Definition at line 43 of file CDGBuilder.h.

43 : _controlDG(CDG::getCDG())
44 {
45
46 }
SVF::CDG::getCDG
static CDG * getCDG()
Singleton design here to make sure we only have one instance during any analysis.
Definition CDG.h:166

◆ ~CDGBuilder()

SVF::CDGBuilder::~CDGBuilder ( )
inline

destructor

Definition at line 49 of file CDGBuilder.h.

50 {
51
52 }

Member Function Documentation

◆ build()

void CDGBuilder::build ( )

start here

Start here

Definition at line 77 of file CDGBuilder.cpp.

78{
79 if (_controlDG->getTotalNodeNum() > 0)
80 return;
81 buildControlDependence();
82 buildICFGNodeControlMap();
83}
SVF::CDGBuilder::buildControlDependence
void buildControlDependence()
build control dependence for each function
Definition CDGBuilder.cpp:123
SVF::CDGBuilder::buildICFGNodeControlMap
void buildICFGNodeControlMap()
build map at icfg node level
Definition CDGBuilder.cpp:188
SVF::GenericGraph::getTotalNodeNum
u32_t getTotalNodeNum() const
Get total number of node/edge.
Definition GenericGraph.h:430

◆ buildControlDependence()

void CDGBuilder::buildControlDependence ( )

build control dependence for each function

Build control dependence for each function

(1) construct CFG for each function (2) extract basic block edges (pred->succ) on the CFG to be processed succ does not post-dominates pred (!postDT->dominates(succ, pred)) (3) extract nodes from succ to the least common ancestor LCA of pred and succ including LCA if LCA is pred, excluding LCA if LCA is not pred

Parameters
svfgModule

Definition at line 123 of file CDGBuilder.cpp.

124{
125 CallGraph* svfirCallGraph = PAG::getPAG()->getCallGraph();
126 for (const auto& item: *svfirCallGraph)
127 {
128 const FunObjVar *svfFun = (item.second)->getFunction();
129 if (SVFUtil::isExtCall(svfFun)) continue;
130 // extract basic block edges to be processed
131 Map<const SVFBasicBlock *, std::vector<const SVFBasicBlock *>> BBS;
132 extractBBS(svfFun, BBS);
133
134 for (const auto &item: BBS)
135 {
136 const SVFBasicBlock *pred = item.first;
137 // for each bb pair
138 for (const SVFBasicBlock *succ: item.second)
139 {
140 const SVFBasicBlock *SVFLCA = const_cast<FunObjVar *>(svfFun)->
141 getLoopAndDomInfo()->findNearestCommonPDominator(pred, succ);
142 std::vector<const SVFBasicBlock *> tgtNodes;
143 // no common ancestor, may be exit()
144 if (SVFLCA == NULL)
145 tgtNodes.push_back(succ);
146 else
147 {
148 if (SVFLCA == pred) tgtNodes.push_back(SVFLCA);
149 // from succ to LCA
150 extractNodesBetweenPdomNodes(succ, SVFLCA, tgtNodes);
151 }
152
153 s64_t pos = getBBSuccessorBranchID(pred, succ);
154 for (const SVFBasicBlock *bb: tgtNodes)
155 {
156 updateMap(pred, bb, pos);
157 }
158 }
159 }
160 }
161}
item
cJSON * item
Definition cJSON.h:222
SVF::CDGBuilder::extractBBS
static void extractBBS(const FunObjVar *func, Map< const SVFBasicBlock *, std::vector< const SVFBasicBlock * > > &res)
extract basic block edges to be processed
Definition CDGBuilder.cpp:170
SVF::CDGBuilder::updateMap
void updateMap(const SVFBasicBlock *pred, const SVFBasicBlock *bb, s32_t pos)
update map
Definition CDGBuilder.h:90
SVF::CDGBuilder::extractNodesBetweenPdomNodes
void extractNodesBetweenPdomNodes(const SVFBasicBlock *succ, const SVFBasicBlock *LCA, std::vector< const SVFBasicBlock * > &tgtNodes)
extract nodes between two nodes in pdom tree
Definition CDGBuilder.cpp:65
SVF::CDGBuilder::getBBSuccessorBranchID
s64_t getBBSuccessorBranchID(const SVFBasicBlock *BB, const SVFBasicBlock *Succ)
Definition CDGBuilder.cpp:86
SVF::SVFIR::getCallGraph
CallGraph * getCallGraph()
Definition SVFIR.h:184
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
NULL
#define NULL
Definition extapi.c:2
SVF::SVFUtil::isExtCall
bool isExtCall(const FunObjVar *fun)
Definition SVFUtil.cpp:437
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50

◆ buildICFGNodeControlMap()

void CDGBuilder::buildICFGNodeControlMap ( )

build map at icfg node level

Build map at ICFG node level

Definition at line 188 of file CDGBuilder.cpp.

189{
190 for (const auto &it: _svfcontrolMap)
191 {
192 for (const auto &it2: it.second)
193 {
194 const SVFBasicBlock *controllingBB = it2.first;
195 const ICFGNode *controlNode = it.first->getICFGNodeList().back();
196 if (const CallICFGNode* callNode =
197 SVFUtil::dyn_cast<CallICFGNode>(controlNode))
198 {
199 // not a branch statement:
200 // invoke void %3(ptr noundef nonnull align 8 dereferenceable(8) %1, ptr noundef %2)
201 // to label %invoke.cont1 unwind label %lpad
202 controlNode = callNode->getRetICFGNode();
203 }
204 if (!controlNode) continue;
205 // controlNode control at pos
206 for (const auto &controllee: controllingBB->getICFGNodeList())
207 {
208 _nodeControlMap[controlNode][controllee].insert(it2.second.begin(), it2.second.end());
209 _nodeDependentOnMap[controllee][controlNode].insert(it2.second.begin(), it2.second.end());
210 for (s32_t pos: it2.second)
211 {
212 if (const IntraICFGNode* intraNode =
213 dyn_cast<IntraICFGNode>(controlNode))
214 {
215 assert(intraNode->getSVFStmts().size() == 1 &&
216 "not a branch stmt?");
217 const SVFVar* condition =
218 SVFUtil::cast<BranchStmt>(
219 intraNode->getSVFStmts().front())
220 ->getCondition();
221 _controlDG->addCDGEdgeFromSrcDst(controlNode, controllee,
222 condition,
223 pos);
224 }
225 else
226 {
227 // not a branch statement:
228 // invoke void %3(ptr noundef nonnull align 8 dereferenceable(8) %1, ptr noundef %2)
229 // to label %invoke.cont1 unwind label %lpad
230 SVFIR* pag = PAG::getPAG();
231 _controlDG->addCDGEdgeFromSrcDst(
232 controlNode, controllee,
233 pag->getGNode(pag->getNullPtr()), pos);
234 }
235
236 }
237 }
238 }
239 }
240}
SVF::CDGBuilder::_nodeControlMap
Map< const ICFGNode *, Map< const ICFGNode *, Set< s32_t > > > _nodeControlMap
map an ICFG node to its controlling ICFG nodes (position, set of Nodes)
Definition CDGBuilder.h:101
SVF::CDGBuilder::_svfcontrolMap
Map< const SVFBasicBlock *, Map< const SVFBasicBlock *, Set< s32_t > > > _svfcontrolMap
map a basicblock to its controlling BBs (position, set of BBs)
Definition CDGBuilder.h:99
SVF::CDGBuilder::_nodeDependentOnMap
Map< const ICFGNode *, Map< const ICFGNode *, Set< s32_t > > > _nodeDependentOnMap
map an ICFG node to its dependent on ICFG nodes (position, set of Nodes)
Definition CDGBuilder.h:102
SVF::CDG::addCDGEdgeFromSrcDst
void addCDGEdgeFromSrcDst(const ICFGNode *src, const ICFGNode *dst, const SVFVar *pNode, s32_t branchID)
Add CDG edges from nodeid pair.
Definition CDG.cpp:35
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:403
SVF::IRGraph::getNullPtr
NodeID getNullPtr() const
Definition IRGraph.h:259
SVF::s32_t
signed s32_t
Definition GeneralType.h:48

◆ dfsNodesBetweenPdomNodes()

void CDGBuilder::dfsNodesBetweenPdomNodes ( const SVFBasicBlock cur,
const SVFBasicBlock tgt,
std::vector< const SVFBasicBlock * > &  path,
std::vector< const SVFBasicBlock * > &  tgtNodes,
SVFLoopAndDomInfo ld 
)
private

Definition at line 35 of file CDGBuilder.cpp.

40{
41 path.push_back(cur);
42 if (cur == tgt)
43 {
44 tgtNodes.insert(tgtNodes.end(), path.begin() + 1, path.end());
45 }
46 else
47 {
48 auto it = ld->getPostDomTreeMap().find(cur);
49 for (const auto &nxt: it->second)
50 {
51 dfsNodesBetweenPdomNodes(nxt, tgt, path, tgtNodes, ld);
52 }
53 }
54 path.pop_back();
55}
SVF::CDGBuilder::dfsNodesBetweenPdomNodes
void dfsNodesBetweenPdomNodes(const SVFBasicBlock *cur, const SVFBasicBlock *tgt, std::vector< const SVFBasicBlock * > &path, std::vector< const SVFBasicBlock * > &tgtNodes, SVFLoopAndDomInfo *ld)
Definition CDGBuilder.cpp:35

◆ extractBBS()

void CDGBuilder::extractBBS ( const FunObjVar func,
Map< const SVFBasicBlock *, std::vector< const SVFBasicBlock * > > &  res 
)
staticprivate

extract basic block edges to be processed

(2) extract basic block edges on the CFG (pred->succ) to be processed succ does not post-dominates pred (!postDT->dominates(succ, pred))

Parameters
func
res

Definition at line 170 of file CDGBuilder.cpp.

172{
173 for (const auto &it: *func)
174 {
175 const SVFBasicBlock* bb = it.second;
176 for (const auto &succ: bb->getSuccessors())
177 {
178 if (func->postDominate(succ, bb))
179 continue;
180 res[bb].push_back(succ);
181 }
182 }
183}

◆ extractNodesBetweenPdomNodes()

void CDGBuilder::extractNodesBetweenPdomNodes ( const SVFBasicBlock succ,
const SVFBasicBlock LCA,
std::vector< const SVFBasicBlock * > &  tgtNodes 
)
private

extract nodes between two nodes in pdom tree

(3) extract nodes from succ to the least common ancestor LCA of pred and succ including LCA if LCA is pred, excluding LCA if LCA is not pred

Parameters
succ
LCA
tgtNodes

Definition at line 65 of file CDGBuilder.cpp.

67{
68 if (succ == LCA) return;
69 std::vector<const SVFBasicBlock *> path;
70 SVFLoopAndDomInfo *ld = const_cast<FunObjVar *>(LCA->getFunction())->getLoopAndDomInfo();
71 dfsNodesBetweenPdomNodes(LCA, succ, path, tgtNodes, ld);
72}

◆ getBBSuccessorBranchID()

s64_t CDGBuilder::getBBSuccessorBranchID ( const SVFBasicBlock BB,
const SVFBasicBlock Succ 
)
private

Definition at line 86 of file CDGBuilder.cpp.

87{
88 ICFG *icfg = PAG::getPAG()->getICFG();
89 assert(!BB->getICFGNodeList().empty() && "empty bb?");
90 const ICFGNode *pred = BB->back();
91 if (const CallICFGNode* callNode = dyn_cast<CallICFGNode>(pred))
92 {
93 // not a branch statement:
94 // invoke void %3(ptr noundef nonnull align 8 dereferenceable(8) %1, ptr noundef %2)
95 // to label %invoke.cont1 unwind label %lpad
96 pred = callNode->getRetICFGNode();
97 }
98 const ICFGEdge *edge = icfg->getICFGEdge(pred, Succ->front(), ICFGEdge::ICFGEdgeK::IntraCF);
99 if (const IntraCFGEdge *intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
100 {
101 if(intraEdge->getCondition())
102 return intraEdge->getSuccessorCondValue();
103 else
104 return 0;
105 }
106 else
107 {
108 assert(false && "not intra edge?");
109 abort();
110 }
111}
SVF::ICFG::getICFGEdge
ICFGEdge * getICFGEdge(const ICFGNode *src, const ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Get a SVFG edge according to src and dst.
Definition ICFG.cpp:311
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:163

◆ updateMap()

void SVF::CDGBuilder::updateMap ( const SVFBasicBlock pred,
const SVFBasicBlock bb,
s32_t  pos 
)
inlineprivate

update map

Definition at line 90 of file CDGBuilder.h.

91 {
92 _svfcontrolMap[pred][bb].insert(pos);
93 _svfdependentOnMap[bb][pred].insert(pos);
94 }
SVF::CDGBuilder::_svfdependentOnMap
Map< const SVFBasicBlock *, Map< const SVFBasicBlock *, Set< s32_t > > > _svfdependentOnMap
map a basicblock to its dependent on BBs (position, set of BBs)
Definition CDGBuilder.h:100

Member Data Documentation

◆ _controlDG

CDG* SVF::CDGBuilder::_controlDG
private

Definition at line 98 of file CDGBuilder.h.

◆ _nodeControlMap

Map<const ICFGNode *, Map<const ICFGNode *, Set<s32_t> > > SVF::CDGBuilder::_nodeControlMap
private

map an ICFG node to its controlling ICFG nodes (position, set of Nodes)

Definition at line 101 of file CDGBuilder.h.

◆ _nodeDependentOnMap

Map<const ICFGNode *, Map<const ICFGNode *, Set<s32_t> > > SVF::CDGBuilder::_nodeDependentOnMap
private

map an ICFG node to its dependent on ICFG nodes (position, set of Nodes)

Definition at line 102 of file CDGBuilder.h.

◆ _svfcontrolMap

Map<const SVFBasicBlock *, Map<const SVFBasicBlock *, Set<s32_t> > > SVF::CDGBuilder::_svfcontrolMap
private

map a basicblock to its controlling BBs (position, set of BBs)

Definition at line 99 of file CDGBuilder.h.

◆ _svfdependentOnMap

Map<const SVFBasicBlock *, Map<const SVFBasicBlock *, Set<s32_t> > > SVF::CDGBuilder::_svfdependentOnMap
private

map a basicblock to its dependent on BBs (position, set of BBs)

Definition at line 100 of file CDGBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8