Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Private Attributes | List of all members
SVF::CFLAlias Class Reference

#include <CFLAlias.h>

Inheritance diagram for SVF::CFLAlias:
SVF::CFLBase SVF::BVDataPTAImpl SVF::PointerAnalysis SVF::POCRAlias SVF::POCRHybrid

Public Types

typedef OrderedMap< const CallICFGNode *, NodeIDCallSite2DummyValPN
 
- Public Types inherited from SVF::BVDataPTAImpl
enum  PTBackingType { Mutable , Persistent }
 How the PTData used is implemented. More...
 
typedef PTData< NodeID, NodeSet, NodeID, PointsToPTDataTy
 
typedef DiffPTData< NodeID, NodeSet, NodeID, PointsToDiffPTDataTy
 
typedef DFPTData< NodeID, NodeSet, NodeID, PointsToDFPTDataTy
 
typedef VersionedPTData< NodeID, NodeSet, NodeID, PointsTo, VersionedVar, Set< VersionedVar > > VersionedPTDataTy
 
typedef MutablePTData< NodeID, NodeSet, NodeID, PointsToMutPTDataTy
 
typedef MutableDiffPTData< NodeID, NodeSet, NodeID, PointsToMutDiffPTDataTy
 
typedef MutableDFPTData< NodeID, NodeSet, NodeID, PointsToMutDFPTDataTy
 
typedef MutableIncDFPTData< NodeID, NodeSet, NodeID, PointsToMutIncDFPTDataTy
 
typedef MutableVersionedPTData< NodeID, NodeSet, NodeID, PointsTo, VersionedVar, Set< VersionedVar > > MutVersionedPTDataTy
 
typedef PersistentPTData< NodeID, NodeSet, NodeID, PointsToPersPTDataTy
 
typedef PersistentDiffPTData< NodeID, NodeSet, NodeID, PointsToPersDiffPTDataTy
 
typedef PersistentDFPTData< NodeID, NodeSet, NodeID, PointsToPersDFPTDataTy
 
typedef PersistentIncDFPTData< NodeID, NodeSet, NodeID, PointsToPersIncDFPTDataTy
 
typedef PersistentVersionedPTData< NodeID, NodeSet, NodeID, PointsTo, VersionedVar, Set< VersionedVar > > PersVersionedPTDataTy
 
- Public Types inherited from SVF::PointerAnalysis
enum  PTATY {
  Andersen_BASE , Andersen_WPA , AndersenSCD_WPA , AndersenSFR_WPA ,
  AndersenWaveDiff_WPA , Steensgaard_WPA , CSCallString_WPA , CSSummary_WPA ,
  FSDATAFLOW_WPA , FSSPARSE_WPA , VFS_WPA , FSCS_WPA ,
  CFLFICI_WPA , CFLFSCI_WPA , CFLFSCS_WPA , TypeCPP_WPA ,
  FieldS_DDA , FlowS_DDA , PathS_DDA , Cxt_DDA ,
  Default_PTA
}
 Pointer analysis type list. More...
 
enum  PTAImplTy { BaseImpl , BVDataImpl , CondImpl }
 Implementation type: BVDataPTAImpl or CondPTAImpl. More...
 
typedef Set< const CallICFGNode * > CallSiteSet
 Indirect call edges type, map a callsite to a set of callees.
 
typedef SVFIR::CallSiteToFunPtrMap CallSiteToFunPtrMap
 
typedef Set< const SVFFunction * > FunctionSet
 
typedef OrderedMap< const CallICFGNode *, FunctionSetCallEdgeMap
 
typedef SCCDetection< PTACallGraph * > CallGraphSCC
 
typedef Set< const SVFGlobalValue * > VTableSet
 
typedef Set< const SVFFunction * > VFunSet
 

Public Member Functions

 CFLAlias (SVFIR *ir)
 
virtual void initialize ()
 Initialize the grammar, graph, solver.
 
virtual void initializeSolver ()
 Initialize Solver.
 
virtual void finalize ()
 Print grammar and graph.
 
virtual void solve ()
 Solving CFL Reachability.
 
virtual AliasResult alias (const SVFValue *v1, const SVFValue *v2)
 Interface exposed to users of our Alias analysis, given Value infos.
 
virtual AliasResult alias (NodeID node1, NodeID node2)
 Interface exposed to users of our Alias analysis, given PAGNodeID.
 
virtual const PointsTogetCFLPts (NodeID ptr)
 Get points-to targets of a pointer. V In this context.
 
virtual bool addCopyEdge (NodeID src, NodeID dst)
 Need Original one for virtual table.
 
virtual const NodeSetgetRevPts (NodeID nodeId)
 Given an object, get all the nodes having whose pointsto contains the object.
 
virtual bool updateCallGraph (const CallSiteToFunPtrMap &callsites)
 Update call graph for the input indirect callsites.
 
virtual void onTheFlyCallGraphSolve (const CallSiteToFunPtrMap &callsites, CallEdgeMap &newEdges)
 On the fly call graph construction.
 
void connectCaller2CalleeParams (const CallICFGNode *cs, const SVFFunction *F)
 Connect formal and actual parameters for indirect callsites.
 
void heapAllocatorViaIndCall (const CallICFGNode *cs)
 
- Public Member Functions inherited from SVF::CFLBase
 CFLBase (SVFIR *ir, PointerAnalysis::PTATY pty)
 
virtual ~CFLBase ()
 Destructor.
 
virtual void checkParameter ()
 Parameter Checking.
 
virtual void buildCFLGrammar ()
 Build Grammar from text file.
 
virtual void buildCFLGraph ()
 Build CFLGraph based on Option.
 
virtual void normalizeCFLGrammar ()
 Normalize grammar.
 
CFLGraphgetCFLGraph ()
 Get CFL graph.
 
virtual void countSumEdges ()
 Count the num of Nonterminal Edges.
 
virtual void analyze ()
 Perform analyze (main part of CFLR Analysis)
 
- Public Member Functions inherited from SVF::BVDataPTAImpl
 BVDataPTAImpl (SVFIR *pag, PointerAnalysis::PTATY type, bool alias_check=true)
 Constructor.
 
 ~BVDataPTAImpl () override=default
 Destructor.
 
PersistentPointsToCache< PointsTo > & getPtCache ()
 
const PointsTogetPts (NodeID id) override
 
virtual void clearPts (NodeID id, NodeID element)
 Remove element from the points-to set of id.
 
virtual void clearFullPts (NodeID id)
 Clear points-to set of id.
 
virtual bool unionPts (NodeID id, const PointsTo &target)
 
virtual bool unionPts (NodeID id, NodeID ptd)
 
virtual bool addPts (NodeID id, NodeID ptd)
 
virtual void clearAllPts ()
 Clear all data.
 
virtual void expandFIObjs (const PointsTo &pts, PointsTo &expandedPts)
 Expand FI objects.
 
virtual void expandFIObjs (const NodeBS &pts, NodeBS &expandedPts)
 TODO: remove repetition.
 
void remapPointsToSets (void)
 Remap all points-to sets to use the current mapping.
 
virtual void writeToFile (const std::string &filename)
 Interface for analysis result storage on filesystem.
 
virtual void writeObjVarToFile (const std::string &filename)
 
virtual void writePtsResultToFile (std::fstream &f)
 
virtual void writeGepObjVarMapToFile (std::fstream &f)
 
virtual bool readFromFile (const std::string &filename)
 
virtual void readPtsResultFromFile (std::ifstream &f)
 
virtual void readGepObjVarMapFromFile (std::ifstream &f)
 
virtual void readAndSetObjFieldSensitivity (std::ifstream &f, const std::string &delimiterStr)
 
virtual AliasResult alias (const PointsTo &pts1, const PointsTo &pts2)
 Interface expose to users of our pointer analysis, given two pts.
 
void dumpCPts () override
 dump and debug, print out conditional pts
 
void dumpTopLevelPtsTo () override
 
void dumpAllPts () override
 
- Public Member Functions inherited from SVF::PointerAnalysis
ICFGgetICFG () const
 Get ICFG.
 
u32_t getNumOfResolvedIndCallEdge () const
 Return number of resolved indirect call edges.
 
PTACallGraphgetCallGraph () const
 Return call graph.
 
CallGraphSCCgetCallGraphSCC () const
 Return call graph SCC.
 
 PointerAnalysis (SVFIR *pag, PTATY ty=Default_PTA, bool alias_check=true)
 Constructor.
 
PTATY getAnalysisTy () const
 Type of pointer analysis.
 
PTAImplTy getImplTy () const
 Return implementation type of the pointer analysis.
 
bool printStat ()
 Whether print statistics.
 
void disablePrintStat ()
 Whether print statistics.
 
CallEdgeMapgetIndCallMap ()
 Get callees from an indirect callsite.
 
bool hasIndCSCallees (const CallICFGNode *cs) const
 
const FunctionSetgetIndCSCallees (const CallICFGNode *cs) const
 
virtual void resolveIndCalls (const CallICFGNode *cs, const PointsTo &target, CallEdgeMap &newEdges)
 Resolve indirect call edges.
 
void callGraphSCCDetection ()
 PTACallGraph SCC related methods.
 
NodeID getCallGraphSCCRepNode (NodeID id) const
 Get SCC rep node of a SVFG node.
 
bool inSameCallGraphSCC (const SVFFunction *fun1, const SVFFunction *fun2)
 Return TRUE if this edge is inside a PTACallGraph SCC, i.e., src node and dst node are in the same SCC on the SVFG.
 
bool isInRecursion (const SVFFunction *fun) const
 
bool isLocalVarInRecursiveFun (NodeID id) const
 Whether a local variable is in function recursions.
 
virtual const std::string PTAName () const
 Return PTA name.
 
CommonCHGraphgetCHGraph () const
 get CHGraph
 
void getVFnsFromCHA (const CallICFGNode *cs, VFunSet &vfns)
 
void getVFnsFromPts (const CallICFGNode *cs, const PointsTo &target, VFunSet &vfns)
 
void connectVCallToVFns (const CallICFGNode *cs, const VFunSet &vfns, CallEdgeMap &newEdges)
 
virtual void resolveCPPIndCalls (const CallICFGNode *cs, const PointsTo &target, CallEdgeMap &newEdges)
 Resolve cpp indirect call edges.
 
SVFIRgetPAG () const
 
PTAStatgetStat () const
 Get PTA stat.
 
SVFModulegetModule () const
 Module.
 
OrderedNodeSetgetAllValidPtrs ()
 Get all Valid Pointers for resolution.
 
virtual void computeDDAPts (NodeID)
 Compute points-to results on-demand, overridden by derived classes.
 
void printIndCSTargets (const CallICFGNode *cs, const FunctionSet &targets)
 Print targets of a function pointer.
 
virtual void dumpPts (NodeID ptr, const PointsTo &pts)
 
void printIndCSTargets ()
 
void dumpAllTypes ()
 
void dumpStat ()
 Dump the statistics.
 
bool containBlackHoleNode (const PointsTo &pts)
 Determine whether a points-to contains a black hole or constant node.
 
bool containConstantNode (const PointsTo &pts)
 
virtual bool isBlkObjOrConstantObj (NodeID ptd) const
 
bool isHeapMemObj (NodeID id) const
 Whether this object is heap or array.
 
bool isArrayMemObj (NodeID id) const
 
bool isFIObjNode (NodeID id) const
 
NodeID getBaseObjVar (NodeID id)
 
NodeID getFIObjVar (NodeID id)
 
NodeID getGepObjVar (NodeID id, const APOffset &ap)
 
virtual const NodeBSgetAllFieldsObjVars (NodeID id)
 
void setObjFieldInsensitive (NodeID id)
 
bool isFieldInsensitive (NodeID id) const
 

Private Attributes

CallSite2DummyValPN callsite2DummyValPN
 Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocator.
 

Additional Inherited Members

- Static Public Member Functions inherited from SVF::BVDataPTAImpl
static bool classof (const PointerAnalysis *pta)
 
- Static Public Attributes inherited from SVF::CFLBase
static double timeOfBuildCFLGrammar = 0
 Statistics.
 
static double timeOfNormalizeGrammar = 0
 
static double timeOfBuildCFLGraph = 0
 
static double numOfTerminalEdges = 0
 
static double numOfTemporaryNonterminalEdges = 0
 
static double numOfNonterminalEdges = 0
 
static double numOfStartEdges = 0
 
static double numOfIteration = 1
 
static double numOfChecks = 1
 
static double timeOfSolving = 0
 
- Static Public Attributes inherited from SVF::PointerAnalysis
static const std::string aliasTestMayAlias = "MAYALIAS"
 
static const std::string aliasTestMayAliasMangled = "_Z8MAYALIASPvS_"
 
static const std::string aliasTestNoAlias = "NOALIAS"
 
static const std::string aliasTestNoAliasMangled = "_Z7NOALIASPvS_"
 
static const std::string aliasTestPartialAlias = "PARTIALALIAS"
 
static const std::string aliasTestPartialAliasMangled = "_Z12PARTIALALIASPvS_"
 
static const std::string aliasTestMustAlias = "MUSTALIAS"
 
static const std::string aliasTestMustAliasMangled = "_Z9MUSTALIASPvS_"
 
static const std::string aliasTestFailMayAlias = "EXPECTEDFAIL_MAYALIAS"
 
static const std::string aliasTestFailMayAliasMangled = "_Z21EXPECTEDFAIL_MAYALIASPvS_"
 
static const std::string aliasTestFailNoAlias = "EXPECTEDFAIL_NOALIAS"
 
static const std::string aliasTestFailNoAliasMangled = "_Z20EXPECTEDFAIL_NOALIASPvS_"
 
- Protected Member Functions inherited from SVF::BVDataPTAImpl
PTDataTygetPTDataTy () const
 Get points-to data structure.
 
DiffPTDataTygetDiffPTDataTy () const
 
DFPTDataTygetDFPTDataTy () const
 
MutDFPTDataTygetMutDFPTDataTy () const
 
VersionedPTDataTygetVersionedPTDataTy () const
 
virtual void onTheFlyThreadCallGraphSolve (const CallSiteToFunPtrMap &callsites, CallEdgeMap &newForkEdges)
 On the fly thread call graph construction respecting forksite.
 
virtual void normalizePointsTo ()
 
- Protected Member Functions inherited from SVF::PointerAnalysis
const CallSiteToFunPtrMapgetIndirectCallsites () const
 Return all indirect callsites.
 
NodeID getFunPtr (const CallICFGNode *cs) const
 Return function pointer PAGNode at a callsite cs.
 
virtual void validateTests ()
 Alias check functions to verify correctness of pointer analysis.
 
virtual void validateSuccessTests (std::string fun)
 
virtual void validateExpectedFailureTests (std::string fun)
 
void resetObjFieldSensitive ()
 Reset all object node as field-sensitive.
 
- Protected Attributes inherited from SVF::CFLBase
SVFIRsvfir
 
CFLGraphgraph
 
GrammarBasegrammarBase
 
CFGrammargrammar
 
CFLSolversolver
 
- Protected Attributes inherited from SVF::PointerAnalysis
bool print_stat
 User input flags.
 
bool alias_validation
 Flag for validating points-to/alias results.
 
u32_t OnTheFlyIterBudgetForStat
 Flag for iteration budget for on-the-fly statistics.
 
SVFModulesvfMod
 Module.
 
PTATY ptaTy
 Pointer analysis Type.
 
PTAImplTy ptaImplTy
 PTA implementation type.
 
PTAStatstat
 Statistics.
 
PTACallGraphcallgraph
 Call graph used for pointer analysis.
 
CallGraphSCCcallGraphSCC
 SCC for PTACallGraph.
 
ICFGicfg
 Interprocedural control-flow graph.
 
CommonCHGraphchgraph
 CHGraph.
 
- Static Protected Attributes inherited from SVF::PointerAnalysis
static SVFIRpag = nullptr
 SVFIR.
 

Detailed Description

Definition at line 41 of file CFLAlias.h.

Member Typedef Documentation

◆ CallSite2DummyValPN

typedef OrderedMap<const CallICFGNode*, NodeID> SVF::CFLAlias::CallSite2DummyValPN

Definition at line 45 of file CFLAlias.h.

Constructor & Destructor Documentation

◆ CFLAlias()

SVF::CFLAlias::CFLAlias ( SVFIR ir)
inline

Definition at line 47 of file CFLAlias.h.

47 : CFLBase(ir, PointerAnalysis::CFLFICI_WPA)
48 {
49 }
SVF::CFLBase::CFLBase
CFLBase(SVFIR *ir, PointerAnalysis::PTATY pty)
Definition CFLBase.h:53
SVF::PointerAnalysis::CFLFICI_WPA
@ CFLFICI_WPA
Flow-, context-, insensitive CFL-reachability-based analysis.
Definition PointerAnalysis.h:77
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

Member Function Documentation

◆ addCopyEdge()

virtual bool SVF::CFLAlias::addCopyEdge ( NodeID  src,
NodeID  dst 
)
inlinevirtual

Need Original one for virtual table.

Add copy edge on constraint graph

Definition at line 118 of file CFLAlias.h.

119 {
120 const CFLEdge *edge = graph->hasEdge(graph->getGNode(src),graph->getGNode(dst), 1);
121 if (edge != nullptr )
122 {
123 return false;
124 }
125 CFGrammar::Kind copyKind = grammar->strToKind("copy");
126 CFGrammar::Kind copybarKind = grammar->strToKind("copybar");
127 solver->pushIntoWorklist(graph->addCFLEdge(graph->getGNode(src),graph->getGNode(dst), copyKind));
128 solver->pushIntoWorklist(graph->addCFLEdge(graph->getGNode(dst),graph->getGNode(src), copybarKind));
129 return true;
130 }
SVF::CFLBase::solver
CFLSolver * solver
Definition CFLBase.h:113
SVF::CFLBase::graph
CFLGraph * graph
Definition CFLBase.h:110
SVF::CFLBase::grammar
CFGrammar * grammar
Definition CFLBase.h:112
SVF::CFLGraph::addCFLEdge
virtual const CFLEdge * addCFLEdge(CFLNode *src, CFLNode *dst, CFLEdge::GEdgeFlag label)
Definition CFLGraph.cpp:47
SVF::CFLGraph::hasEdge
virtual const CFLEdge * hasEdge(CFLNode *src, CFLNode *dst, CFLEdge::GEdgeFlag label)
Definition CFLGraph.cpp:63
SVF::CFLSolver::pushIntoWorklist
virtual bool pushIntoWorklist(const CFLEdge *item)
Definition CFLSolver.h:84
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:654
SVF::GrammarBase::strToKind
Kind strToKind(std::string str) const
Definition CFGrammar.cpp:55

◆ alias() [1/2]

virtual AliasResult SVF::CFLAlias::alias ( const SVFValue v1,
const SVFValue v2 
)
inlinevirtual

Interface exposed to users of our Alias analysis, given Value infos.

Reimplemented from SVF::BVDataPTAImpl.

Definition at line 65 of file CFLAlias.h.

66 {
67 NodeID n1 = svfir->getValueNode(v1);
68 NodeID n2 = svfir->getValueNode(v2);
69 return alias(n1,n2);
70 }
SVF::CFLAlias::alias
virtual AliasResult alias(const SVFValue *v1, const SVFValue *v2)
Interface exposed to users of our Alias analysis, given Value infos.
Definition CFLAlias.h:65
SVF::CFLBase::svfir
SVFIR * svfir
Definition CFLBase.h:109
SVF::IRGraph::getValueNode
NodeID getValueNode(const SVFValue *V)
Definition IRGraph.h:137
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:55

◆ alias() [2/2]

virtual AliasResult SVF::CFLAlias::alias ( NodeID  node1,
NodeID  node2 
)
inlinevirtual

Interface exposed to users of our Alias analysis, given PAGNodeID.

Reimplemented from SVF::BVDataPTAImpl.

Definition at line 73 of file CFLAlias.h.

74 {
75 if(graph->hasEdge(graph->getGNode(node1), graph->getGNode(node2), graph->startKind))
76 return AliasResult::MayAlias;
77 else
78 return AliasResult::NoAlias;
79 }
SVF::MayAlias
@ MayAlias
Definition SVFType.h:529
SVF::NoAlias
@ NoAlias
Definition SVFType.h:528

◆ connectCaller2CalleeParams()

void CFLAlias::connectCaller2CalleeParams ( const CallICFGNode cs,
const SVFFunction F 
)

Connect formal and actual parameters for indirect callsites.

Connect formal and actual parameters for indirect callsites

Definition at line 62 of file CFLAlias.cpp.

63{
64 assert(F);
65
66 DBOUT(DAndersen, outs() << "connect parameters from indirect callsite " << cs->toString() << " to callee " << *F << "\n");
67
68 const CallICFGNode* callBlockNode = cs;
69 const RetICFGNode* retBlockNode = cs->getRetICFGNode();
70
71 if(SVFUtil::isHeapAllocExtFunViaRet(F) && svfir->callsiteHasRet(retBlockNode))
72 {
73 heapAllocatorViaIndCall(cs);
74 }
75
76 if (svfir->funHasRet(F) && svfir->callsiteHasRet(retBlockNode))
77 {
78 const PAGNode* cs_return = svfir->getCallSiteRet(retBlockNode);
79 const PAGNode* fun_return = svfir->getFunRet(F);
80 if (cs_return->isPointer() && fun_return->isPointer())
81 {
82 NodeID dstrec = cs_return->getId();
83 NodeID srcret = fun_return->getId();
84 addCopyEdge(srcret, dstrec);
85 }
86 else
87 {
88 DBOUT(DAndersen, outs() << "not a pointer ignored\n");
89 }
90 }
91
92 if (svfir->hasCallSiteArgsMap(callBlockNode) && svfir->hasFunArgsList(F))
93 {
94
95 // connect actual and formal param
96 const SVFIR::SVFVarList& csArgList = svfir->getCallSiteArgsList(callBlockNode);
97 const SVFIR::SVFVarList& funArgList = svfir->getFunArgsList(F);
98 //Go through the fixed parameters.
99 DBOUT(DPAGBuild, outs() << " args:");
100 SVFIR::SVFVarList::const_iterator funArgIt = funArgList.begin(), funArgEit = funArgList.end();
101 SVFIR::SVFVarList::const_iterator csArgIt = csArgList.begin(), csArgEit = csArgList.end();
102 for (; funArgIt != funArgEit; ++csArgIt, ++funArgIt)
103 {
104 //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
105 if (csArgIt == csArgEit)
106 {
107 DBOUT(DAndersen, outs() << " !! not enough args\n");
108 break;
109 }
110 const PAGNode *cs_arg = *csArgIt ;
111 const PAGNode *fun_arg = *funArgIt;
112
113 if (cs_arg->isPointer() && fun_arg->isPointer())
114 {
115 DBOUT(DAndersen, outs() << "process actual parm " << cs_arg->toString() << " \n");
116 NodeID srcAA = cs_arg->getId();
117 NodeID dstFA = fun_arg->getId();
118 addCopyEdge(srcAA, dstFA);
119 }
120 }
121
122 //Any remaining actual args must be varargs.
123 if (F->isVarArg())
124 {
125 NodeID vaF = svfir->getVarargNode(F);
126 DBOUT(DPAGBuild, outs() << "\n varargs:");
127 for (; csArgIt != csArgEit; ++csArgIt)
128 {
129 const PAGNode *cs_arg = *csArgIt;
130 if (cs_arg->isPointer())
131 {
132 NodeID vnAA = cs_arg->getId();
133 addCopyEdge(vnAA,vaF);
134 }
135 }
136 }
137 if(csArgIt != csArgEit)
138 {
139 writeWrnMsg("too many args to non-vararg func.");
140 writeWrnMsg("(" + cs->getSourceLoc() + ")");
141 }
142 }
143}
F
#define F(f)
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:484
DPAGBuild
#define DPAGBuild
Definition SVFType.h:492
DAndersen
#define DAndersen
Definition SVFType.h:503
SVF::CFLAlias::addCopyEdge
virtual bool addCopyEdge(NodeID src, NodeID dst)
Need Original one for virtual table.
Definition CFLAlias.h:118
SVF::CFLAlias::heapAllocatorViaIndCall
void heapAllocatorViaIndCall(const CallICFGNode *cs)
Definition CFLAlias.cpp:145
SVF::CallICFGNode::toString
const std::string toString() const override
Definition ICFG.cpp:131
SVF::CallICFGNode::getRetICFGNode
const RetICFGNode * getRetICFGNode() const
Return callsite.
Definition ICFGNode.h:457
SVF::CallICFGNode::getSourceLoc
const std::string getSourceLoc() const override
Definition ICFGNode.h:588
SVF::IRGraph::getVarargNode
NodeID getVarargNode(const SVFFunction *func) const
getVarargNode - Return the unique node representing the variadic argument of a variadic function.
Definition IRGraph.h:157
SVF::SVFBaseNode::getId
NodeID getId() const
Get ID.
Definition GenericGraph.h:236
SVF::SVFIR::SVFVarList
std::vector< const SVFVar * > SVFVarList
Definition SVFIR.h:60
SVF::SVFIR::getFunArgsList
const SVFVarList & getFunArgsList(const SVFFunction *func) const
Get function arguments list.
Definition SVFIR.h:276
SVF::SVFIR::getFunRet
const SVFVar * getFunRet(const SVFFunction *func) const
Get function return list.
Definition SVFIR.h:321
SVF::SVFIR::hasCallSiteArgsMap
bool hasCallSiteArgsMap(const CallICFGNode *cs) const
Callsite has argument list.
Definition SVFIR.h:283
SVF::SVFIR::callsiteHasRet
bool callsiteHasRet(const RetICFGNode *cs) const
Definition SVFIR.h:311
SVF::SVFIR::hasFunArgsList
bool hasFunArgsList(const SVFFunction *func) const
Function has arguments list.
Definition SVFIR.h:266
SVF::SVFIR::getCallSiteArgsList
const SVFVarList & getCallSiteArgsList(const CallICFGNode *cs) const
Get callsite argument list.
Definition SVFIR.h:293
SVF::SVFIR::getCallSiteRet
const SVFVar * getCallSiteRet(const RetICFGNode *cs) const
Get callsite return.
Definition SVFIR.h:305
SVF::SVFIR::funHasRet
bool funHasRet(const SVFFunction *func) const
Definition SVFIR.h:327
SVF::SVFUtil::isHeapAllocExtFunViaRet
bool isHeapAllocExtFunViaRet(const SVFFunction *fun)
Return true if the call is a heap allocator/reallocator.
Definition SVFUtil.h:296
SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:67
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:50

◆ finalize()

void CFLAlias::finalize ( )
virtual

Print grammar and graph.

Reimplemented from SVF::CFLBase.

Definition at line 213 of file CFLAlias.cpp.

214{
215 numOfChecks = solver->numOfChecks;
216
217 if(Options::PrintCFL() == true)
218 {
219 if (Options::CFLGraph().empty())
220 svfir->dump("IR");
221 grammar->dump("Grammar");
222 graph->dump("CFLGraph");
223 }
224 if (Options::CFLGraph().empty())
225 PointerAnalysis::finalize();
226}
SVF::CFGrammar::dump
void dump() const
Definition CFGrammar.cpp:346
SVF::CFLBase::numOfChecks
static double numOfChecks
Definition CFLBase.h:104
SVF::CFLGraph::dump
void dump(const std::string &filename)
Definition CFLGraph.cpp:73
SVF::CFLSolver::numOfChecks
static double numOfChecks
Definition CFLSolver.h:52
SVF::IRGraph::dump
void dump(std::string name)
Dump SVFIR.
Definition IRGraph.cpp:102
SVF::Options::CFLGraph
static const Option< std::string > CFLGraph
Definition Options.h:232
SVF::Options::PrintCFL
static const Option< bool > PrintCFL
Definition Options.h:233
SVF::PointerAnalysis::finalize
virtual void finalize()
Finalization of a pointer analysis, including checking alias correctness.
Definition PointerAnalysis.cpp:177

◆ getCFLPts()

virtual const PointsTo & SVF::CFLAlias::getCFLPts ( NodeID  ptr)
inlinevirtual

Get points-to targets of a pointer. V In this context.

Check V Dst of ptr.

Definition at line 82 of file CFLAlias.h.

83 {
85 CFLNode *funNode = graph->getGNode(ptr);
86 for(auto outedge = funNode->getOutEdges().begin(); outedge!=funNode->getOutEdges().end(); outedge++)
87 {
88 if((*outedge)->getEdgeKind() == graph->getStartKind())
89 {
90 // Need to Find dst addr src
91 SVFVar *vNode = svfir->getGNode((*outedge)->getDstID());
92 NodeID basevNodeID;
93 // Remove svfir->getBaseValVar, SVF IR api change
94 if (vNode->hasIncomingEdges(SVFStmt::Gep))
95 {
96 SVFStmt::SVFStmtSetTy& geps = vNode->getIncomingEdges(SVFStmt::Gep);
97 SVFVar::iterator it = geps.begin();
98 basevNodeID = (*it)->getSrcID();
99 }
100 else
101 basevNodeID = vNode->getId();
102 addPts(ptr, basevNodeID);
103 for(auto inEdge = vNode->getInEdges().begin(); inEdge!=vNode->getInEdges().end(); inEdge++)
104 {
105 if((*inEdge)->getEdgeKind() == 0)
106 {
107 addPts(ptr, (*inEdge)->getSrcID());
108 }
109 }
110 }
111 }
112 return getPts(ptr);
113 }
SVF::BVDataPTAImpl::getPts
const PointsTo & getPts(NodeID id) override
Definition PointerAnalysisImpl.h:88
SVF::BVDataPTAImpl::addPts
virtual bool addPts(NodeID id, NodeID ptd)
Definition PointerAnalysisImpl.h:121
SVF::CFLGraph::getStartKind
Kind getStartKind() const
Definition CFLGraph.cpp:37
SVF::GenericNode::iterator
GEdgeSetTy::iterator iterator
Definition GenericGraph.h:406
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition SVFStatements.h:217
SVF::SVFVar::getIncomingEdges
SVFStmt::SVFStmtSetTy & getIncomingEdges(SVFStmt::PEDGEK kind)
Get incoming SVFIR statements (edges)
Definition SVFVariables.h:148

◆ getRevPts()

virtual const NodeSet & SVF::CFLAlias::getRevPts ( NodeID  nodeId)
inlinevirtual

Given an object, get all the nodes having whose pointsto contains the object.

Check Outgoing flowtobar edge dst of ptr

Reimplemented from SVF::BVDataPTAImpl.

Definition at line 133 of file CFLAlias.h.

134 {
136 abort(); // to be implemented
137 }

◆ heapAllocatorViaIndCall()

void CFLAlias::heapAllocatorViaIndCall ( const CallICFGNode cs)

Definition at line 145 of file CFLAlias.cpp.

146{
147 assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
148 const RetICFGNode* retBlockNode = cs->getRetICFGNode();
149 const PAGNode* cs_return = svfir->getCallSiteRet(retBlockNode);
150 NodeID srcret;
151 CallSite2DummyValPN::const_iterator it = callsite2DummyValPN.find(cs);
152 if(it != callsite2DummyValPN.end())
153 {
154 srcret = it->second;
155 }
156 else
157 {
158 NodeID valNode = svfir->addDummyValNode();
159 NodeID objNode = svfir->addDummyObjNode(cs->getType());
160 callsite2DummyValPN.insert(std::make_pair(cs,valNode));
161 graph->addCFLNode(valNode, new CFLNode(valNode));
162 graph->addCFLNode(objNode, new CFLNode(objNode));
163 srcret = valNode;
164 }
165
166 NodeID dstrec = cs_return->getId();
167 addCopyEdge(srcret, dstrec);
168}
SVF::CFLAlias::callsite2DummyValPN
CallSite2DummyValPN callsite2DummyValPN
Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocat...
Definition CFLAlias.h:151
SVF::CFLGraph::addCFLNode
virtual void addCFLNode(NodeID id, CFLNode *node)
Definition CFLGraph.cpp:42
SVF::CallICFGNode::getCalledFunction
const SVFFunction * getCalledFunction() const
Definition ICFGNode.h:518
SVF::SVFBaseNode::getType
virtual const SVFType * getType() const
Definition GenericGraph.h:247
SVF::SVFIR::addDummyValNode
NodeID addDummyValNode()
Definition SVFIR.h:496
SVF::SVFIR::addDummyObjNode
NodeID addDummyObjNode(const SVFType *type)
Definition SVFIR.h:500

◆ initialize()

void CFLAlias::initialize ( )
virtual

Initialize the grammar, graph, solver.

Reimplemented from SVF::PointerAnalysis.

Definition at line 188 of file CFLAlias.cpp.

189{
190 stat = new CFLStat(this);
191
192 // Parameter Checking
193 checkParameter();
194
195 // Build CFL Grammar
196 buildCFLGrammar();
197
198 // Build CFL Graph
199 buildCFLGraph();
200
201 // Normalize CFL Grammar
202 normalizeCFLGrammar();
203
204 // Initialize solver
205 initializeSolver();
206}
SVF::CFLAlias::initializeSolver
virtual void initializeSolver()
Initialize Solver.
Definition CFLAlias.cpp:208
SVF::CFLBase::buildCFLGraph
virtual void buildCFLGraph()
Build CFLGraph based on Option.
Definition CFLBase.cpp:78
SVF::CFLBase::normalizeCFLGrammar
virtual void normalizeCFLGrammar()
Normalize grammar.
Definition CFLBase.cpp:105
SVF::CFLBase::checkParameter
virtual void checkParameter()
Parameter Checking.
Definition CFLBase.cpp:49
SVF::CFLBase::buildCFLGrammar
virtual void buildCFLGrammar()
Build Grammar from text file.
Definition CFLBase.cpp:65
SVF::PointerAnalysis::stat
PTAStat * stat
Statistics.
Definition PointerAnalysis.h:149

◆ initializeSolver()

void CFLAlias::initializeSolver ( )
virtual

Initialize Solver.

Reimplemented in SVF::POCRAlias, and SVF::POCRHybrid.

Definition at line 208 of file CFLAlias.cpp.

209{
210 solver = new CFLSolver(graph, grammar);
211}

◆ onTheFlyCallGraphSolve()

void CFLAlias::onTheFlyCallGraphSolve ( const CallSiteToFunPtrMap callsites,
CallEdgeMap newEdges 
)
virtual

On the fly call graph construction.

On the fly call graph construction callsites is candidate indirect callsites need to be analyzed based on points-to results newEdges is the new indirect call edges discovered

Reimplemented from SVF::BVDataPTAImpl.

Definition at line 39 of file CFLAlias.cpp.

40{
41 for(CallSiteToFunPtrMap::const_iterator iter = callsites.begin(), eiter = callsites.end(); iter!=eiter; ++iter)
42 {
43 const CallICFGNode* cs = iter->first;
44
45 if (cs->isVirtualCall())
46 {
47 const SVFVar* vtbl = cs->getVtablePtr();
48
49 assert(vtbl != nullptr);
50 NodeID vtblId = vtbl->getId();
51 resolveCPPIndCalls(cs, getCFLPts(vtblId), newEdges);
52 }
53 else
54 resolveIndCalls(iter->first,getCFLPts(iter->second),newEdges);
55 }
56}
SVF::CFLAlias::getCFLPts
virtual const PointsTo & getCFLPts(NodeID ptr)
Get points-to targets of a pointer. V In this context.
Definition CFLAlias.h:82
SVF::CallICFGNode::getVtablePtr
const SVFVar * getVtablePtr() const
Definition ICFGNode.h:537
SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition ICFGNode.h:527
SVF::PointerAnalysis::resolveIndCalls
virtual void resolveIndCalls(const CallICFGNode *cs, const PointsTo &target, CallEdgeMap &newEdges)
Resolve indirect call edges.
Definition PointerAnalysis.cpp:382
SVF::PointerAnalysis::resolveCPPIndCalls
virtual void resolveCPPIndCalls(const CallICFGNode *cs, const PointsTo &target, CallEdgeMap &newEdges)
Resolve cpp indirect call edges.
Definition PointerAnalysis.cpp:488

◆ solve()

void CFLAlias::solve ( )
virtual

Solving CFL Reachability.

Reimplemented from SVF::CFLBase.

Definition at line 228 of file CFLAlias.cpp.

229{
230 // Start solving
231 double start = stat->getClk(true);
232
233 solver->solve();
234 if (Options::CFLGraph().empty())
235 {
236 while (updateCallGraph(svfir->getIndirectCallsites()))
237 {
238 numOfIteration++;
239 solver->solve();
240 }
241 } // Only cflgraph built from bc could reanalyze by update call graph
242
243 double end = stat->getClk(true);
244 timeOfSolving += (end - start) / TIMEINTERVAL;
245}
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:512
SVF::CFLAlias::updateCallGraph
virtual bool updateCallGraph(const CallSiteToFunPtrMap &callsites)
Update call graph for the input indirect callsites.
Definition CFLAlias.cpp:173
SVF::CFLBase::timeOfSolving
static double timeOfSolving
Definition CFLBase.h:105
SVF::CFLBase::numOfIteration
static double numOfIteration
Definition CFLBase.h:103
SVF::CFLSolver::solve
virtual void solve()
Start solving.
Definition CFLSolver.cpp:119
SVF::SVFIR::getIndirectCallsites
const CallSiteToFunPtrMap & getIndirectCallsites() const
Add/get indirect callsites.
Definition SVFIR.h:351
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48

◆ updateCallGraph()

bool CFLAlias::updateCallGraph ( const CallSiteToFunPtrMap callsites)
virtual

Update call graph for the input indirect callsites.

Update call graph for the input indirect callsites

Reimplemented from SVF::BVDataPTAImpl.

Definition at line 173 of file CFLAlias.cpp.

174{
175 CallEdgeMap newEdges;
176 onTheFlyCallGraphSolve(callsites,newEdges);
177 for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
178 {
179 for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
180 {
181 connectCaller2CalleeParams(it->first,*cit);
182 }
183 }
184
185 return (!solver->isWorklistEmpty());
186}
SVF::CFLAlias::onTheFlyCallGraphSolve
virtual void onTheFlyCallGraphSolve(const CallSiteToFunPtrMap &callsites, CallEdgeMap &newEdges)
On the fly call graph construction.
Definition CFLAlias.cpp:39
SVF::CFLAlias::connectCaller2CalleeParams
void connectCaller2CalleeParams(const CallICFGNode *cs, const SVFFunction *F)
Connect formal and actual parameters for indirect callsites.
Definition CFLAlias.cpp:62
SVF::CFLSolver::isWorklistEmpty
virtual bool isWorklistEmpty()
Definition CFLSolver.h:88
SVF::PointerAnalysis::CallEdgeMap
OrderedMap< const CallICFGNode *, FunctionSet > CallEdgeMap
Definition PointerAnalysis.h:105

Member Data Documentation

◆ callsite2DummyValPN

CallSite2DummyValPN SVF::CFLAlias::callsite2DummyValPN
private

Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocator.

Definition at line 151 of file CFLAlias.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8