Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Private Member Functions | Private Attributes | List of all members
SVF::CHGBuilder Class Reference

#include <CHGBuilder.h>

Public Types

typedef CHGraph::CHNodeSetTy CHNodeSetTy
 
typedef CHGraph::WorkList WorkList
 

Public Member Functions

 CHGBuilder (CHGraph *c)
 
void buildCHG ()
 
void buildCHGNodes (const GlobalValue *V)
 
void buildCHGNodes (const Function *F)
 
void buildCHGEdges (const Function *F)
 
void buildInternalMaps ()
 
void readInheritanceMetadataFromModule (const Module &M)
 
CHNodecreateNode (const std::string &name)
 
void connectInheritEdgeViaCall (const Function *caller, const CallBase *cs)
 
void connectInheritEdgeViaStore (const Function *caller, const StoreInst *store)
 
void buildClassNameToAncestorsDescendantsMap ()
 
const CHGraph::CHNodeSetTygetInstancesAndDescendants (const std::string &className)
 
void analyzeVTables (const Module &M)
 
void buildVirtualFunctionToIDMap ()
 
void buildCSToCHAVtblsAndVfnsMap ()
 
const CHNodeSetTygetCSClasses (const CallBase *cs)
 
void addFuncToFuncVector (CHNode::FuncVector &v, const Function *f)
 

Private Member Functions

LLVMModuleSetllvmModuleSet ()
 

Private Attributes

CHGraphchg
 

Detailed Description

Definition at line 38 of file CHGBuilder.h.

Member Typedef Documentation

◆ CHNodeSetTy

typedef CHGraph::CHNodeSetTy SVF::CHGBuilder::CHNodeSetTy

Definition at line 45 of file CHGBuilder.h.

◆ WorkList

typedef CHGraph::WorkList SVF::CHGBuilder::WorkList

Definition at line 46 of file CHGBuilder.h.

Constructor & Destructor Documentation

◆ CHGBuilder()

SVF::CHGBuilder::CHGBuilder ( CHGraph c)
inline

Definition at line 48 of file CHGBuilder.h.

48 : chg(c)
49 {
50
51 }
SVF::CHGBuilder::chg
CHGraph * chg
Definition CHGBuilder.h:42
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

Member Function Documentation

◆ addFuncToFuncVector()

void CHGBuilder::addFuncToFuncVector ( CHNode::FuncVector v,
const Function f 
)

Definition at line 737 of file CHGBuilder.cpp.

738{
739 if (cppUtil::isCPPThunkFunction(lf))
740 {
741 const auto* tf = cppUtil::getThunkTarget(lf);
742 const FunObjVar* pFunction =
743 llvmModuleSet()->getFunObjVar(tf ? tf : lf);
744 v.push_back(pFunction);
745 }
746 else
747 {
748 const FunObjVar* pFunction =
749 llvmModuleSet()->getFunObjVar(lf);
750 v.push_back(pFunction);
751 }
752}
SVF::CHGBuilder::llvmModuleSet
LLVMModuleSet * llvmModuleSet()
Definition CHGBuilder.cpp:59
SVF::LLVMModuleSet::getFunObjVar
const FunObjVar * getFunObjVar(const Function *fun) const
Definition LLVMModule.h:267
SVF::cppUtil::isCPPThunkFunction
bool isCPPThunkFunction(const Function *F)
Definition CppUtil.cpp:383
SVF::cppUtil::getThunkTarget
const Function * getThunkTarget(const Function *F)
Definition CppUtil.cpp:389

◆ analyzeVTables()

void CHGBuilder::analyzeVTables ( const Module M)

vtable in llvm 16 does not have bitcast: e.g., @_ZTV1B = linkonce_odr dso_local unnamed_addr constant { [4 x ptr] } { [4 x ptr] [ptr null, ptr @_ZTI1B, ptr @_ZN1B1fEPi, ptr @_ZN1B1gEPi] }, comdat, align 8 compared to its llvm 13 version: @_ZTV1B = linkonce_odr dso_local unnamed_addr constant { [4 x i8*] } { [4 x i8*] [i8* null, i8* bitcast ({ i8*, i8*, i8* }* @_ZTI1B to i8*), i8* bitcast (void (class.B*, i32*)* @_ZN1B1fEPi to i8*), i8* bitcast (void (class.B*, i32*)* @_ZN1B1gEPi to i8*)] }, comdat, align 8

For llvm 13, we need to cast the operand into a constant expr and then process the first operand of that constant expr For llvm 16, things get simpler. We can directly process each operand

for inttoptr in llvm 16, the handling method is the same as before

Definition at line 365 of file CHGBuilder.cpp.

366{
367 for (Module::const_global_iterator I = M.global_begin(),
368 E = M.global_end(); I != E; ++I)
369 {
370 const GlobalValue *globalvalue = SVFUtil::dyn_cast<const GlobalValue>(&(*I));
371 if (cppUtil::isValVtbl(globalvalue) && globalvalue->getNumOperands() > 0)
372 {
373 const ConstantStruct *vtblStruct = cppUtil::getVtblStruct(globalvalue);
374
375 string vtblClassName = getClassNameFromVtblObj(globalvalue->getName().str());
376 CHNode *node = chg->getNode(vtblClassName);
377 assert(node && "node not found?");
378 NodeID i = llvmModuleSet()->getObjectNode(globalvalue);
379 SVFVar* pVar = PAG::getPAG()->getGNode(i);
380 GlobalObjVar* globalObjVar = SVFUtil::cast<GlobalObjVar>(pVar);
381 globalObjVar->setName(vtblClassName);
382 node->setVTable(globalObjVar);
383
384 for (unsigned int ei = 0; ei < vtblStruct->getNumOperands(); ++ei)
385 {
386 const ConstantArray *vtbl =
387 SVFUtil::dyn_cast<ConstantArray>(vtblStruct->getOperand(ei));
388 assert(vtbl && "Element of initializer not an array?");
389
390 /*
391 * items in vtables can be classified into 3 categories:
392 * 1. i8* null
393 * 2. i8* inttoptr xxx
394 * 3. i8* bitcast xxx
395 */
396 bool pure_abstract = true;
397 u32_t i = 0;
398 while (i < vtbl->getNumOperands())
399 {
400 CHNode::FuncVector virtualFunctions;
401 bool is_virtual = false; // virtual inheritance
402 int null_ptr_num = 0;
403 for (; i < vtbl->getNumOperands(); ++i)
404 {
405 Constant* operand = vtbl->getOperand(i);
406 if (SVFUtil::isa<ConstantPointerNull>(operand))
407 {
408 if (i > 0 && !SVFUtil::isa<ConstantPointerNull>(vtbl->getOperand(i-1)))
409 {
410 auto foo = [&is_virtual, &null_ptr_num, &vtbl, &i](const Value* val)
411 {
412 if (val->getName().str().compare(0, ztiLabel.size(), ztiLabel) == 0)
413 {
414 is_virtual = true;
415 null_ptr_num = 1;
416 while (i+null_ptr_num < vtbl->getNumOperands())
417 {
418 if (SVFUtil::isa<ConstantPointerNull>(vtbl->getOperand(i+null_ptr_num)))
419 null_ptr_num++;
420 else
421 break;
422 }
423 }
424 };
425 if (const ConstantExpr *ce =
426 SVFUtil::dyn_cast<ConstantExpr>(vtbl->getOperand(i-1)))
427 {
428 if(ce->getOpcode() == Instruction::BitCast)
429 foo(ce->getOperand(0));
430 }
431 else
432 {
433 // opaque pointer mode
434 foo(vtbl->getOperand(i - 1));
435 }
436 }
437 continue;
438 }
439
440 auto foo = [this, &virtualFunctions, &pure_abstract, &vtblClassName](const Value* operand)
441 {
442 if (const Function* f = SVFUtil::dyn_cast<Function>(operand))
443 {
444 addFuncToFuncVector(virtualFunctions, f);
445 if (f->getName().str().compare(pureVirtualFunName) == 0)
446 {
447 pure_abstract &= true;
448 }
449 else
450 {
451 pure_abstract &= false;
452 }
453 struct DemangledName dname = demangle(f->getName().str());
454 if (dname.className.size() > 0 &&
455 vtblClassName.compare(dname.className) != 0)
456 {
457 if(!chg->getNode(dname.className)) createNode(dname.className);
458 chg->addEdge(vtblClassName, dname.className, CHEdge::INHERITANCE);
459 }
460 }
461 else
462 {
463 if (const GlobalAlias *alias =
464 SVFUtil::dyn_cast<GlobalAlias>(operand))
465 {
466 const Constant *aliasValue = alias->getAliasee();
467 if (const Function* aliasFunc =
468 SVFUtil::dyn_cast<Function>(aliasValue))
469 {
470 addFuncToFuncVector(virtualFunctions, aliasFunc);
471 }
472 else if (const ConstantExpr *aliasconst =
473 SVFUtil::dyn_cast<ConstantExpr>(aliasValue))
474 {
475 (void)aliasconst; // Suppress warning of unused variable under release build
476 assert(aliasconst->getOpcode() == Instruction::BitCast &&
477 "aliased constantexpr in vtable not a bitcast");
478 const Function* aliasbitcastfunc =
479 SVFUtil::dyn_cast<Function>(aliasconst->getOperand(0));
480 assert(aliasbitcastfunc &&
481 "aliased bitcast in vtable not a function");
482 addFuncToFuncVector(virtualFunctions, aliasbitcastfunc);
483 }
484 else
485 {
486 assert(false && "alias not function or bitcast");
487 }
488
489 pure_abstract &= false;
490 }
491 else if (operand->getName().str().compare(0, ztiLabel.size(),
492 ztiLabel) == 0)
493 {
494 }
495 else
496 {
497 assert("what else can be in bitcast of a vtable?");
498 }
499 }
500 };
501
517 if (const ConstantExpr *ce =
518 SVFUtil::dyn_cast<ConstantExpr>(operand))
519 {
520 u32_t opcode = ce->getOpcode();
521 assert(opcode == Instruction::IntToPtr);
522 assert(ce->getNumOperands() == 1 &&
523 "inttptr operand num not 1");
524 if (opcode == Instruction::IntToPtr)
525 {
526 node->setMultiInheritance();
527 ++i;
528 break;
529 }
530 }
531 else
532 {
533 foo(operand);
534 }
535 }
536 if (is_virtual && virtualFunctions.size() > 0)
537 {
538 for (int i = 0; i < null_ptr_num; ++i)
539 {
540 const FunObjVar* fun = virtualFunctions[i];
541 virtualFunctions.insert(virtualFunctions.begin(), fun);
542 }
543 }
544 if (virtualFunctions.size() > 0)
545 node->addVirtualFunctionVector(virtualFunctions);
546 }
547 if (pure_abstract == true)
548 {
549 node->setPureAbstract();
550 }
551 }
552 }
553 }
554}
ztiLabel
const string ztiLabel
Definition CHGBuilder.cpp:57
pureVirtualFunName
const string pureVirtualFunName
Definition CHGBuilder.cpp:55
u32_t
unsigned u32_t
Definition CommandLine.h:18
SVF::CHEdge::INHERITANCE
@ INHERITANCE
Definition CHG.h:84
SVF::CHGBuilder::addFuncToFuncVector
void addFuncToFuncVector(CHNode::FuncVector &v, const Function *f)
Definition CHGBuilder.cpp:737
SVF::CHGBuilder::createNode
CHNode * createNode(const std::string &name)
Definition CHGBuilder.cpp:239
SVF::CHGraph::addEdge
void addEdge(const std::string className, const std::string baseClassName, CHEdge::CHEDGETYPE edgeType)
Definition CHG.cpp:97
SVF::CHGraph::getNode
CHNode * getNode(const std::string name) const
Definition CHG.cpp:112
SVF::CHNode::setVTable
void setVTable(const GlobalObjVar *vtbl)
Definition CHG.h:185
SVF::CHNode::setMultiInheritance
void setMultiInheritance()
Definition CHG.h:148
SVF::CHNode::addVirtualFunctionVector
void addVirtualFunctionVector(FuncVector vfuncvec)
Definition CHG.h:170
SVF::CHNode::setPureAbstract
void setPureAbstract()
Attribute.
Definition CHG.h:144
SVF::CHNode::FuncVector
std::vector< const FunObjVar * > FuncVector
Definition CHG.h:117
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:397
SVF::LLVMModuleSet::getObjectNode
NodeID getObjectNode(const Value *V)
Definition LLVMModule.cpp:1070
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:114
SVF::cppUtil::demangle
struct DemangledName demangle(const std::string &name)
Definition CppUtil.cpp:195
SVF::cppUtil::getVtblStruct
const ConstantStruct * getVtblStruct(const GlobalValue *vtbl)
Definition CppUtil.cpp:323
SVF::cppUtil::getClassNameFromVtblObj
std::string getClassNameFromVtblObj(const std::string &vtblName)
Definition CppUtil.cpp:304
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition CppUtil.cpp:336
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition BasicTypes.h:128
SVF::ConstantStruct
llvm::ConstantStruct ConstantStruct
Definition BasicTypes.h:106
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56
SVF::ConstantArray
llvm::ConstantArray ConstantArray
Definition BasicTypes.h:123
SVF::Function
llvm::Function Function
Definition BasicTypes.h:85
SVF::GlobalValue
llvm::GlobalValue GlobalValue
Definition BasicTypes.h:88
SVF::Constant
llvm::Constant Constant
Definition BasicTypes.h:124
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition BasicTypes.h:82
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition BasicTypes.h:120

◆ buildCHG()

void CHGBuilder::buildCHG ( )

Definition at line 64 of file CHGBuilder.cpp.

65{
66
67 double timeStart, timeEnd;
68 timeStart = PTAStat::getClk(true);
69 for (Module &M : llvmModuleSet()->getLLVMModules())
70 {
71 DBOUT(DGENERAL, outs() << SVFUtil::pasMsg("construct CHGraph From module "
72 + M.getName().str() + "...\n"));
73 readInheritanceMetadataFromModule(M);
74 for (Module::const_global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
75 buildCHGNodes(&(*I));
76 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
77 buildCHGNodes(&(*F));
78 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
79 buildCHGEdges(&(*F));
80
81 analyzeVTables(M);
82 }
83
84 DBOUT(DGENERAL, outs() << SVFUtil::pasMsg("build Internal Maps ...\n"));
85 buildInternalMaps();
86
87 timeEnd = PTAStat::getClk(true);
88 chg->buildingCHGTime = (timeEnd - timeStart) / TIMEINTERVAL;
89
90 if (Options::DumpCHA())
91 chg->dump("cha");
92}
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:497
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:525
DGENERAL
#define DGENERAL
Definition SVFType.h:503
SVF::CHGBuilder::analyzeVTables
void analyzeVTables(const Module &M)
Definition CHGBuilder.cpp:365
SVF::CHGBuilder::readInheritanceMetadataFromModule
void readInheritanceMetadataFromModule(const Module &M)
Definition CHGBuilder.cpp:218
SVF::CHGBuilder::buildCHGNodes
void buildCHGNodes(const GlobalValue *V)
Definition CHGBuilder.cpp:94
SVF::CHGBuilder::buildCHGEdges
void buildCHGEdges(const Function *F)
Definition CHGBuilder.cpp:135
SVF::CHGBuilder::buildInternalMaps
void buildInternalMaps()
Definition CHGBuilder.cpp:157
SVF::CHGraph::dump
void dump(const std::string &filename)
Definition CHG.cpp:242
SVF::CHGraph::buildingCHGTime
double buildingCHGTime
Definition CHG.h:316
SVF::Options::DumpCHA
static const Option< bool > DumpCHA
Definition Options.h:173
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF::Module
llvm::Module Module
Definition BasicTypes.h:84

◆ buildCHGEdges()

void CHGBuilder::buildCHGEdges ( const Function F)

Definition at line 135 of file CHGBuilder.cpp.

136{
137 if (isConstructor(F) || isDestructor(F))
138 {
139 for (Function::const_iterator B = F->begin(), E = F->end(); B != E; ++B)
140 {
141 for (BasicBlock::const_iterator I = B->begin(), E = B->end(); I != E; ++I)
142 {
143 if (LLVMUtil::isCallSite(&(*I)))
144 {
145 connectInheritEdgeViaCall(F, SVFUtil::cast<CallBase>(&(*I)));
146 }
147 else if (const StoreInst *store = SVFUtil::dyn_cast<StoreInst>(&(*I)))
148 {
149 connectInheritEdgeViaStore(F, store);
150 }
151 }
152 }
153 }
154}
SVF::CHGBuilder::connectInheritEdgeViaStore
void connectInheritEdgeViaStore(const Function *caller, const StoreInst *store)
Definition CHGBuilder.cpp:191
SVF::CHGBuilder::connectInheritEdgeViaCall
void connectInheritEdgeViaCall(const Function *caller, const CallBase *cs)
Definition CHGBuilder.cpp:164
SVF::LLVMUtil::isCallSite
bool isCallSite(const Instruction *inst)
Whether an instruction is a call or invoke instruction.
Definition LLVMUtil.h:44
SVF::cppUtil::isConstructor
bool isConstructor(const Function *F)
Definition CppUtil.cpp:560
SVF::cppUtil::isDestructor
bool isDestructor(const Function *F)
Definition CppUtil.cpp:580
SVF::StoreInst
llvm::StoreInst StoreInst
Definition BasicTypes.h:148

◆ buildCHGNodes() [1/2]

void CHGBuilder::buildCHGNodes ( const Function F)

Definition at line 124 of file CHGBuilder.cpp.

125{
126 if (isConstructor(F) || isDestructor(F))
127 {
128 struct DemangledName dname = demangle(F->getName().str());
129 DBOUT(DCHA, outs() << "\t build CHANode for class " + dname.className + "...\n");
130 if (!chg->getNode(dname.className))
131 createNode(dname.className);
132 }
133}
DCHA
#define DCHA
Definition SVFType.h:519

◆ buildCHGNodes() [2/2]

void CHGBuilder::buildCHGNodes ( const GlobalValue V)

Definition at line 94 of file CHGBuilder.cpp.

95{
96 if (cppUtil::isValVtbl(globalvalue) && globalvalue->getNumOperands() > 0)
97 {
98 const ConstantStruct *vtblStruct = cppUtil::getVtblStruct(globalvalue);
99 string className = getClassNameFromVtblObj(globalvalue->getName().str());
100 if (!chg->getNode(className))
101 createNode(className);
102
103 for (unsigned int ei = 0; ei < vtblStruct->getNumOperands(); ++ei)
104 {
105 const ConstantArray *vtbl = SVFUtil::dyn_cast<ConstantArray>(vtblStruct->getOperand(ei));
106 assert(vtbl && "Element of initializer not an array?");
107 for (u32_t i = 0; i < vtbl->getNumOperands(); ++i)
108 {
109 if(const ConstantExpr *ce = isCastConstantExpr(vtbl->getOperand(i)))
110 {
111 const Value* bitcastValue = ce->getOperand(0);
112 if (const Function* func = SVFUtil::dyn_cast<Function>(bitcastValue))
113 {
114 struct DemangledName dname = demangle(func->getName().str());
115 if (!chg->getNode(dname.className))
116 createNode(dname.className);
117 }
118 }
119 }
120 }
121 }
122}
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition LLVMUtil.h:245

◆ buildClassNameToAncestorsDescendantsMap()

void CHGBuilder::buildClassNameToAncestorsDescendantsMap ( )

Definition at line 266 of file CHGBuilder.cpp.

267{
268
269 for (CHGraph::const_iterator it = chg->begin(), eit = chg->end();
270 it != eit; ++it)
271 {
272 const CHNode *node = it->second;
273 WorkList worklist;
274 CHNodeSetTy visitedNodes;
275 worklist.push(node);
276 while (!worklist.empty())
277 {
278 const CHNode *curnode = worklist.pop();
279 if (visitedNodes.find(curnode) == visitedNodes.end())
280 {
281 for (CHEdge::CHEdgeSetTy::const_iterator it =
282 curnode->getOutEdges().begin(), eit =
283 curnode->getOutEdges().end(); it != eit; ++it)
284 {
285 if ((*it)->getEdgeType() == CHEdge::INHERITANCE)
286 {
287 CHNode *succnode = (*it)->getDstNode();
288 chg->classNameToAncestorsMap[node->getName()].insert(succnode);
289 chg->classNameToDescendantsMap[succnode->getName()].insert(node);
290 worklist.push(succnode);
291 }
292 }
293 visitedNodes.insert(curnode);
294 }
295 }
296 }
297}
SVF::CHGBuilder::WorkList
CHGraph::WorkList WorkList
Definition CHGBuilder.h:46
SVF::CHGBuilder::CHNodeSetTy
CHGraph::CHNodeSetTy CHNodeSetTy
Definition CHGBuilder.h:45
SVF::CHGraph::classNameToAncestorsMap
NameToCHNodesMap classNameToAncestorsMap
Definition CHG.h:319
SVF::CHGraph::classNameToDescendantsMap
NameToCHNodesMap classNameToDescendantsMap
Definition CHG.h:318
SVF::CHNode::getName
virtual const std::string & getName() const
Definition CHG.h:126
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:371
SVF::GenericGraph::const_iterator
IDToNodeMapTy::const_iterator const_iterator
Definition GenericGraph.h:351

◆ buildCSToCHAVtblsAndVfnsMap()

void CHGBuilder::buildCSToCHAVtblsAndVfnsMap ( )

Definition at line 656 of file CHGBuilder.cpp.

657{
658
659 for (Module &M : llvmModuleSet()->getLLVMModules())
660 {
661 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
662 {
663 for (const_inst_iterator II = inst_begin(*F), E = inst_end(*F); II != E; ++II)
664 {
665 if(const CallBase* callInst = SVFUtil::dyn_cast<CallBase>(&*II))
666 {
667 if (cppUtil::isVirtualCallSite(callInst) == false)
668 continue;
669
670 VTableSet vtbls;
671 const CHNodeSetTy& chClasses = getCSClasses(callInst);
672 for (CHNodeSetTy::const_iterator it = chClasses.begin(), eit = chClasses.end(); it != eit; ++it)
673 {
674 const CHNode *child = *it;
675 const GlobalObjVar *vtbl = child->getVTable();
676 if (vtbl != nullptr)
677 {
678 vtbls.insert(vtbl);
679 }
680 }
681 if (vtbls.size() > 0)
682 {
683 ICFGNode* icfgNode =
684 llvmModuleSet()->getICFGNode(callInst);
685 chg->callNodeToCHAVtblsMap[icfgNode] = vtbls;
686 VFunSet virtualFunctions;
687 chg->getVFnsFromVtbls(SVFUtil::cast<CallICFGNode>(icfgNode), vtbls, virtualFunctions);
688 if (virtualFunctions.size() > 0)
689 chg->callNodeToCHAVFnsMap[icfgNode] = virtualFunctions;
690 }
691 }
692 }
693 }
694 }
695}
child
cJSON * child
Definition cJSON.cpp:2723
SVF::CHGBuilder::getCSClasses
const CHNodeSetTy & getCSClasses(const CallBase *cs)
Definition CHGBuilder.cpp:698
SVF::CHGraph::callNodeToCHAVFnsMap
CallNodeToVFunSetMap callNodeToCHAVFnsMap
Definition CHG.h:327
SVF::CHGraph::getVFnsFromVtbls
void getVFnsFromVtbls(const CallICFGNode *cs, const VTableSet &vtbls, VFunSet &virtualFunctions) override
Definition CHG.cpp:124
SVF::CHGraph::callNodeToCHAVtblsMap
CallNodeToVTableSetMap callNodeToCHAVtblsMap
Definition CHG.h:326
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition LLVMModule.cpp:1181
SVF::cppUtil::isVirtualCallSite
bool isVirtualCallSite(const CallBase *cs)
Definition CppUtil.cpp:352
SVF::const_inst_iterator
llvm::const_inst_iterator const_inst_iterator
Definition BasicTypes.h:250
SVF::CallBase
llvm::CallBase CallBase
Definition BasicTypes.h:146
SVF::VTableSet
Set< const GlobalObjVar * > VTableSet
Definition CHG.h:46
SVF::VFunSet
Set< const FunObjVar * > VFunSet
Definition CHG.h:47

◆ buildInternalMaps()

void CHGBuilder::buildInternalMaps ( )

Definition at line 157 of file CHGBuilder.cpp.

158{
159 buildClassNameToAncestorsDescendantsMap();
160 buildVirtualFunctionToIDMap();
161 buildCSToCHAVtblsAndVfnsMap();
162}
SVF::CHGBuilder::buildVirtualFunctionToIDMap
void buildVirtualFunctionToIDMap()
Definition CHGBuilder.cpp:557
SVF::CHGBuilder::buildCSToCHAVtblsAndVfnsMap
void buildCSToCHAVtblsAndVfnsMap()
Definition CHGBuilder.cpp:656
SVF::CHGBuilder::buildClassNameToAncestorsDescendantsMap
void buildClassNameToAncestorsDescendantsMap()
Definition CHGBuilder.cpp:266

◆ buildVirtualFunctionToIDMap()

void CHGBuilder::buildVirtualFunctionToIDMap ( )

Definition at line 557 of file CHGBuilder.cpp.

558{
559 /*
560 * 1. Divide classes into groups
561 * 2. Get all virtual functions in a group
562 * 3. Assign consecutive IDs to virtual functions that have
563 * the same name (after demangling) in a group
564 */
565 CHGraph::CHNodeSetTy visitedNodes;
566 for (CHGraph::const_iterator nit = chg->begin(),
567 neit = chg->end(); nit != neit; ++nit)
568 {
569 CHNode *node = nit->second;
570 if (visitedNodes.find(node) != visitedNodes.end())
571 continue;
572
573 string className = node->getName();
574
575 /*
576 * get all the classes in a specific group
577 */
578 CHGraph::CHNodeSetTy group;
579 stack<const CHNode*> nodeStack;
580 nodeStack.push(node);
581 while (!nodeStack.empty())
582 {
583 const CHNode *curnode = nodeStack.top();
584 nodeStack.pop();
585 group.insert(curnode);
586 if (visitedNodes.find(curnode) != visitedNodes.end())
587 continue;
588 for (CHEdge::CHEdgeSetTy::const_iterator it = curnode->getOutEdges().begin(),
589 eit = curnode->getOutEdges().end(); it != eit; ++it)
590 {
591 CHNode *tmpnode = (*it)->getDstNode();
592 nodeStack.push(tmpnode);
593 group.insert(tmpnode);
594 }
595 for (CHEdge::CHEdgeSetTy::const_iterator it = curnode->getInEdges().begin(),
596 eit = curnode->getInEdges().end(); it != eit; ++it)
597 {
598 CHNode *tmpnode = (*it)->getSrcNode();
599 nodeStack.push(tmpnode);
600 group.insert(tmpnode);
601 }
602 visitedNodes.insert(curnode);
603 }
604
605 /*
606 * get all virtual functions in a specific group
607 */
608 set<const FunObjVar*> virtualFunctions;
609 for (CHGraph::CHNodeSetTy::iterator it = group.begin(),
610 eit = group.end(); it != eit; ++it)
611 {
612 const vector<CHNode::FuncVector> &vecs = (*it)->getVirtualFunctionVectors();
613 for (vector<CHNode::FuncVector>::const_iterator vit = vecs.begin(),
614 veit = vecs.end(); vit != veit; ++vit)
615 {
616 for (vector<const FunObjVar*>::const_iterator fit = (*vit).begin(),
617 feit = (*vit).end(); fit != feit; ++fit)
618 {
619 virtualFunctions.insert(*fit);
620 }
621 }
622 }
623
624 /*
625 * build a set of pairs of demangled function name and function in a
626 * specific group, items in the set will be sort by the first item of the
627 * pair, so all the virtual functions in a group will be sorted by the
628 * demangled function name
629 * <f, A::f>
630 * <f, B::f>
631 * <g, A::g>
632 * <g, B::g>
633 * <g, C::g>
634 * <~A, A::~A>
635 * <~B, B::~B>
636 * <~C, C::~C>
637 * ...
638 */
639 set<pair<string, const FunObjVar*> > fNameSet;
640 for (set<const FunObjVar*>::iterator fit = virtualFunctions.begin(),
641 feit = virtualFunctions.end(); fit != feit; ++fit)
642 {
643 const FunObjVar* f = *fit;
644 struct DemangledName dname = demangle(f->getName());
645 fNameSet.insert(pair<string, const FunObjVar*>(dname.funcName, f));
646 }
647 for (set<pair<string, const FunObjVar*>>::iterator it = fNameSet.begin(),
648 eit = fNameSet.end(); it != eit; ++it)
649 {
650 chg->virtualFunctionToIDMap[it->second] = chg->vfID++;
651 }
652 }
653}
SVF::CHGraph::virtualFunctionToIDMap
Map< const FunObjVar *, u32_t > virtualFunctionToIDMap
Definition CHG.h:324
SVF::CHGraph::vfID
u32_t vfID
Definition CHG.h:315
SVF::CHGraph::CHNodeSetTy
Set< const CHNode * > CHNodeSetTy
Definition CHG.h:234
SVF::CHNode::getVirtualFunctionVectors
const std::vector< FuncVector > & getVirtualFunctionVectors() const
Definition CHG.h:174

◆ connectInheritEdgeViaCall()

void CHGBuilder::connectInheritEdgeViaCall ( const Function caller,
const CallBase cs 
)

Definition at line 164 of file CHGBuilder.cpp.

165{
166 if (getCallee(cs) == nullptr)
167 return;
168
169 const Function* callee = getCallee(cs);
170
171 struct DemangledName dname = demangle(caller->getName().str());
172 if ((isConstructor(caller) && isConstructor(callee)) || (isDestructor(caller) && isDestructor(callee)))
173 {
174 if (cs->arg_size() < 1 || (cs->arg_size() < 2 && cs->paramHasAttr(0, llvm::Attribute::StructRet)))
175 return;
176 const Value* csThisPtr = cppUtil::getVCallThisPtr(cs);
177 const Argument* consThisPtr = getConstructorThisPtr(caller);
178 bool samePtr = isSameThisPtrInConstructor(consThisPtr, csThisPtr);
179 if (csThisPtr != nullptr && samePtr)
180 {
181 struct DemangledName basename = demangle(callee->getName().str());
182 if (!LLVMUtil::isCallSite(csThisPtr) &&
183 basename.className.size() > 0)
184 {
185 chg->addEdge(dname.className, basename.className, CHEdge::INHERITANCE);
186 }
187 }
188 }
189}
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition LLVMUtil.h:97
SVF::cppUtil::getConstructorThisPtr
const Argument * getConstructorThisPtr(const Function *fun)
Definition CppUtil.cpp:528
SVF::cppUtil::isSameThisPtrInConstructor
bool isSameThisPtrInConstructor(const Argument *thisPtr1, const Value *thisPtr2)
Definition CppUtil.cpp:484
SVF::cppUtil::getVCallThisPtr
const Value * getVCallThisPtr(const CallBase *cs)
Definition CppUtil.cpp:411
SVF::Argument
llvm::Argument Argument
Definition BasicTypes.h:145

◆ connectInheritEdgeViaStore()

void CHGBuilder::connectInheritEdgeViaStore ( const Function caller,
const StoreInst store 
)

Definition at line 191 of file CHGBuilder.cpp.

192{
193 struct DemangledName dname = demangle(caller->getName().str());
194 if (const ConstantExpr *ce = SVFUtil::dyn_cast<ConstantExpr>(storeInst->getValueOperand()))
195 {
196 if (ce->getOpcode() == Instruction::BitCast)
197 {
198 const Value* bitcastval = ce->getOperand(0);
199 if (const ConstantExpr *bcce = SVFUtil::dyn_cast<ConstantExpr>(bitcastval))
200 {
201 if (bcce->getOpcode() == Instruction::GetElementPtr)
202 {
203 const Value* gepval = bcce->getOperand(0);
204 if (cppUtil::isValVtbl(gepval))
205 {
206 string vtblClassName = getClassNameFromVtblObj(gepval->getName().str());
207 if (vtblClassName.size() > 0 && dname.className.compare(vtblClassName) != 0)
208 {
209 chg->addEdge(dname.className, vtblClassName, CHEdge::INHERITANCE);
210 }
211 }
212 }
213 }
214 }
215 }
216}

◆ createNode()

CHNode * CHGBuilder::createNode ( const std::string &  name)

Definition at line 239 of file CHGBuilder.cpp.

240{
241 assert(!chg->getNode(className) && "this node should never be created before!");
242 CHNode * node = new CHNode(className, chg->classNum++);
243 chg->classNameToNodeMap[className] = node;
244 chg->addGNode(node->getId(), node);
245 if (className.size() > 0 && className[className.size() - 1] == '>')
246 {
247 string templateName = getBeforeBrackets(className);
248 CHNode* templateNode = chg->getNode(templateName);
249 if (!templateNode)
250 {
251 DBOUT(DCHA, outs() << "\t Create Template CHANode " + templateName + " for class " + className + "...\n");
252 templateNode = createNode(templateName);
253 templateNode->setTemplate();
254 }
255 chg->addEdge(className, templateName, CHEdge::INSTANTCE);
256 chg->addInstances(templateName,node);
257 }
258 return node;
259}
SVF::CHEdge::INSTANTCE
@ INSTANTCE
Definition CHG.h:85
SVF::CHGraph::addInstances
void addInstances(const std::string templateName, CHNode *node)
Definition CHG.h:284
SVF::CHGraph::classNum
u32_t classNum
Definition CHG.h:314
SVF::CHGraph::classNameToNodeMap
Map< std::string, CHNode * > classNameToNodeMap
Definition CHG.h:317
SVF::GenericGraph::addGNode
void addGNode(NodeID id, NodeType *node)
Add a Node.
Definition GenericGraph.h:390
SVF::SVFValue::getId
NodeID getId() const
Get ID.
Definition SVFValue.h:160
SVF::cppUtil::getBeforeBrackets
std::string getBeforeBrackets(const std::string &name)
Definition CppUtil.cpp:127

◆ getCSClasses()

const CHGraph::CHNodeSetTy & CHGBuilder::getCSClasses ( const CallBase cs)

Definition at line 698 of file CHGBuilder.cpp.

699{
700 assert(cppUtil::isVirtualCallSite(cs) && "not virtual callsite!");
701
702 ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(cs);
703
704 CHGraph::CallNodeToCHNodesMap::const_iterator it = chg->callNodeToClassesMap.find(icfgNode);
705 if (it != chg->callNodeToClassesMap.end())
706 {
707 return it->second;
708 }
709 else
710 {
711 Set<string> thisPtrClassNames = getClassNameOfThisPtr(cs);
712
713 if(thisPtrClassNames.empty())
714 {
715 // if we cannot infer classname, conservatively push all class nodes
716 for (const auto &node: *chg)
717 {
718 chg->callNodeToClassesMap[icfgNode].insert(node.second);
719 }
720 return chg->callNodeToClassesMap[icfgNode];
721 }
722
723 for (const auto &thisPtrClassName: thisPtrClassNames)
724 {
725 if (const CHNode* thisNode = chg->getNode(thisPtrClassName))
726 {
727 const CHGraph::CHNodeSetTy& instAndDesces = getInstancesAndDescendants(thisPtrClassName);
728 chg->callNodeToClassesMap[icfgNode].insert(thisNode);
729 for (CHGraph::CHNodeSetTy::const_iterator it2 = instAndDesces.begin(), eit = instAndDesces.end(); it2 != eit; ++it2)
730 chg->callNodeToClassesMap[icfgNode].insert(*it2);
731 }
732 }
733 return chg->callNodeToClassesMap[icfgNode];
734 }
735}
SVF::CHGBuilder::getInstancesAndDescendants
const CHGraph::CHNodeSetTy & getInstancesAndDescendants(const std::string &className)
Definition CHGBuilder.cpp:299
SVF::CHGraph::callNodeToClassesMap
CallNodeToCHNodesMap callNodeToClassesMap
Definition CHG.h:322
SVF::cppUtil::getClassNameOfThisPtr
Set< std::string > getClassNameOfThisPtr(const CallBase *cs)
Definition CppUtil.cpp:672

◆ getInstancesAndDescendants()

const CHGraph::CHNodeSetTy & CHGBuilder::getInstancesAndDescendants ( const std::string &  className)

Definition at line 299 of file CHGBuilder.cpp.

301{
302
303 CHGraph::NameToCHNodesMap::const_iterator it = chg->classNameToInstAndDescsMap.find(className);
304 if (it != chg->classNameToInstAndDescsMap.end())
305 {
306 return it->second;
307 }
308 else
309 {
310 chg->classNameToInstAndDescsMap[className] = chg->getDescendants(className);
311 if (chg->getNode(className)->isTemplate())
312 {
313 const CHNodeSetTy& instances = chg->getInstances(className);
314 for (CHNodeSetTy::const_iterator it = instances.begin(), eit = instances.end(); it != eit; ++it)
315 {
316 const CHNode *node = *it;
317 chg->classNameToInstAndDescsMap[className].insert(node);
318 const CHNodeSetTy& instance_descendants = chg->getDescendants(node->getName());
319 for (CHNodeSetTy::const_iterator dit =
320 instance_descendants.begin(), deit =
321 instance_descendants.end(); dit != deit; ++dit)
322 {
323 chg->classNameToInstAndDescsMap[className].insert(*dit);
324 }
325 }
326 }
327 return chg->classNameToInstAndDescsMap[className];
328 }
329}
SVF::CHGraph::getInstances
const CHNodeSetTy & getInstances(const std::string className)
Definition CHG.h:297
SVF::CHGraph::classNameToInstAndDescsMap
NameToCHNodesMap classNameToInstAndDescsMap
Definition CHG.h:320
SVF::CHGraph::getDescendants
const CHNodeSetTy & getDescendants(const std::string className)
Definition CHG.h:293
SVF::CHNode::isTemplate
bool isTemplate() const
Definition CHG.h:164

◆ llvmModuleSet()

LLVMModuleSet * CHGBuilder::llvmModuleSet ( )
private

Definition at line 59 of file CHGBuilder.cpp.

60{
61 return LLVMModuleSet::getLLVMModuleSet();
62}
SVF::LLVMModuleSet::getLLVMModuleSet
static LLVMModuleSet * getLLVMModuleSet()
Definition LLVMModule.h:131

◆ readInheritanceMetadataFromModule()

void CHGBuilder::readInheritanceMetadataFromModule ( const Module M)

Definition at line 218 of file CHGBuilder.cpp.

219{
220 for (Module::const_named_metadata_iterator mdit = M.named_metadata_begin(),
221 mdeit = M.named_metadata_end(); mdit != mdeit; ++mdit)
222 {
223 const NamedMDNode *md = &*mdit;
224 string mdname = md->getName().str();
225 if (mdname.compare(0, 15, "__cxx_bases_of_") != 0)
226 continue;
227 string className = mdname.substr(15);
228 for (NamedMDNode::const_op_iterator opit = md->op_begin(),
229 opeit = md->op_end(); opit != opeit; ++opit)
230 {
231 const MDNode *N = *opit;
232 const MDString* mdstr = SVFUtil::cast<MDString>(N->getOperand(0).get());
233 string baseName = mdstr->getString().str();
234 chg->addEdge(className, baseName, CHEdge::INHERITANCE);
235 }
236 }
237}
SVF::MDString
llvm::MDString MDString
Definition BasicTypes.h:101
SVF::NamedMDNode
llvm::NamedMDNode NamedMDNode
LLVM metadata and debug information.
Definition BasicTypes.h:111
SVF::MDNode
llvm::MDNode MDNode
Definition BasicTypes.h:112

Member Data Documentation

◆ chg

CHGraph* SVF::CHGBuilder::chg
private

Definition at line 42 of file CHGBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8