Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Private Member Functions | Private Attributes | List of all members
SVF::CHGBuilder Class Reference

#include <CHGBuilder.h>

Public Types

typedef CHGraph::CHNodeSetTy CHNodeSetTy
 
typedef CHGraph::WorkList WorkList
 

Public Member Functions

 CHGBuilder (CHGraph *c)
 
void buildCHG ()
 
void buildCHGNodes (const GlobalValue *V)
 
void buildCHGNodes (const Function *F)
 
void buildCHGEdges (const Function *F)
 
void buildInternalMaps ()
 
void readInheritanceMetadataFromModule (const Module &M)
 
CHNodecreateNode (const std::string &name)
 
void connectInheritEdgeViaCall (const Function *caller, const CallBase *cs)
 
void connectInheritEdgeViaStore (const Function *caller, const StoreInst *store)
 
void buildClassNameToAncestorsDescendantsMap ()
 
const CHGraph::CHNodeSetTygetInstancesAndDescendants (const std::string &className)
 
void analyzeVTables (const Module &M)
 
void buildVirtualFunctionToIDMap ()
 
void buildCSToCHAVtblsAndVfnsMap ()
 
const CHNodeSetTygetCSClasses (const CallBase *cs)
 
void addFuncToFuncVector (CHNode::FuncVector &v, const Function *f)
 

Private Member Functions

LLVMModuleSetllvmModuleSet ()
 

Private Attributes

CHGraphchg
 

Detailed Description

Definition at line 38 of file CHGBuilder.h.

Member Typedef Documentation

◆ CHNodeSetTy

typedef CHGraph::CHNodeSetTy SVF::CHGBuilder::CHNodeSetTy

Definition at line 45 of file CHGBuilder.h.

◆ WorkList

typedef CHGraph::WorkList SVF::CHGBuilder::WorkList

Definition at line 46 of file CHGBuilder.h.

Constructor & Destructor Documentation

◆ CHGBuilder()

SVF::CHGBuilder::CHGBuilder ( CHGraph c)
inline

Definition at line 48 of file CHGBuilder.h.

48 : chg(c)
49 {
50
51 }
SVF::CHGBuilder::chg
CHGraph * chg
Definition CHGBuilder.h:42
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

Member Function Documentation

◆ addFuncToFuncVector()

void CHGBuilder::addFuncToFuncVector ( CHNode::FuncVector v,
const Function f 
)

Definition at line 738 of file CHGBuilder.cpp.

739{
740 if (cppUtil::isCPPThunkFunction(lf))
741 {
742 if (const auto* tf = cppUtil::getThunkTarget(lf))
743 {
744 const FunObjVar* pFunction =
745 llvmModuleSet()->getFunObjVar(tf);
746 v.push_back(pFunction);
747 }
748 }
749 else
750 {
751 const FunObjVar* pFunction =
752 llvmModuleSet()->getFunObjVar(lf);
753 v.push_back(pFunction);
754 }
755}
SVF::CHGBuilder::llvmModuleSet
LLVMModuleSet * llvmModuleSet()
Definition CHGBuilder.cpp:59
SVF::LLVMModuleSet::getFunObjVar
const FunObjVar * getFunObjVar(const Function *fun) const
Definition LLVMModule.h:260
SVF::cppUtil::isCPPThunkFunction
bool isCPPThunkFunction(const Function *F)
Definition CppUtil.cpp:383
SVF::cppUtil::getThunkTarget
const Function * getThunkTarget(const Function *F)
Definition CppUtil.cpp:389

◆ analyzeVTables()

void CHGBuilder::analyzeVTables ( const Module M)

vtable in llvm 16 does not have bitcast: e.g., @_ZTV1B = linkonce_odr dso_local unnamed_addr constant { [4 x ptr] } { [4 x ptr] [ptr null, ptr @_ZTI1B, ptr @_ZN1B1fEPi, ptr @_ZN1B1gEPi] }, comdat, align 8 compared to its llvm 13 version: @_ZTV1B = linkonce_odr dso_local unnamed_addr constant { [4 x i8*] } { [4 x i8*] [i8* null, i8* bitcast ({ i8*, i8*, i8* }* @_ZTI1B to i8*), i8* bitcast (void (class.B*, i32*)* @_ZN1B1fEPi to i8*), i8* bitcast (void (class.B*, i32*)* @_ZN1B1gEPi to i8*)] }, comdat, align 8

For llvm 13, we need to cast the operand into a constant expr and then process the first operand of that constant expr For llvm 16, things get simpler. We can directly process each operand

for inttoptr in llvm 16, the handling method is the same as before

Definition at line 366 of file CHGBuilder.cpp.

367{
368 for (Module::const_global_iterator I = M.global_begin(),
369 E = M.global_end(); I != E; ++I)
370 {
371 const GlobalValue *globalvalue = SVFUtil::dyn_cast<const GlobalValue>(&(*I));
372 if (cppUtil::isValVtbl(globalvalue) && globalvalue->getNumOperands() > 0)
373 {
374 const ConstantStruct *vtblStruct = cppUtil::getVtblStruct(globalvalue);
375
376 string vtblClassName = getClassNameFromVtblObj(globalvalue->getName().str());
377 CHNode *node = chg->getNode(vtblClassName);
378 assert(node && "node not found?");
379 NodeID i = llvmModuleSet()->getObjectNode(globalvalue);
380 SVFVar* pVar = PAG::getPAG()->getGNode(i);
381 GlobalObjVar* globalObjVar = SVFUtil::cast<GlobalObjVar>(pVar);
382 globalObjVar->setName(vtblClassName);
383 node->setVTable(globalObjVar);
384
385 for (unsigned int ei = 0; ei < vtblStruct->getNumOperands(); ++ei)
386 {
387 const ConstantArray *vtbl =
388 SVFUtil::dyn_cast<ConstantArray>(vtblStruct->getOperand(ei));
389 assert(vtbl && "Element of initializer not an array?");
390
391 /*
392 * items in vtables can be classified into 3 categories:
393 * 1. i8* null
394 * 2. i8* inttoptr xxx
395 * 3. i8* bitcast xxx
396 */
397 bool pure_abstract = true;
398 u32_t i = 0;
399 while (i < vtbl->getNumOperands())
400 {
401 CHNode::FuncVector virtualFunctions;
402 bool is_virtual = false; // virtual inheritance
403 int null_ptr_num = 0;
404 for (; i < vtbl->getNumOperands(); ++i)
405 {
406 Constant* operand = vtbl->getOperand(i);
407 if (SVFUtil::isa<ConstantPointerNull>(operand))
408 {
409 if (i > 0 && !SVFUtil::isa<ConstantPointerNull>(vtbl->getOperand(i-1)))
410 {
411 auto foo = [&is_virtual, &null_ptr_num, &vtbl, &i](const Value* val)
412 {
413 if (val->getName().str().compare(0, ztiLabel.size(), ztiLabel) == 0)
414 {
415 is_virtual = true;
416 null_ptr_num = 1;
417 while (i+null_ptr_num < vtbl->getNumOperands())
418 {
419 if (SVFUtil::isa<ConstantPointerNull>(vtbl->getOperand(i+null_ptr_num)))
420 null_ptr_num++;
421 else
422 break;
423 }
424 }
425 };
426 if (const ConstantExpr *ce =
427 SVFUtil::dyn_cast<ConstantExpr>(vtbl->getOperand(i-1)))
428 {
429 if(ce->getOpcode() == Instruction::BitCast)
430 foo(ce->getOperand(0));
431 }
432 else
433 {
434 // opaque pointer mode
435 foo(vtbl->getOperand(i - 1));
436 }
437 }
438 continue;
439 }
440
441 auto foo = [this, &virtualFunctions, &pure_abstract, &vtblClassName](const Value* operand)
442 {
443 if (const Function* f = SVFUtil::dyn_cast<Function>(operand))
444 {
445 addFuncToFuncVector(virtualFunctions, f);
446 if (f->getName().str().compare(pureVirtualFunName) == 0)
447 {
448 pure_abstract &= true;
449 }
450 else
451 {
452 pure_abstract &= false;
453 }
454 struct DemangledName dname = demangle(f->getName().str());
455 if (dname.className.size() > 0 &&
456 vtblClassName.compare(dname.className) != 0)
457 {
458 if(!chg->getNode(dname.className)) createNode(dname.className);
459 chg->addEdge(vtblClassName, dname.className, CHEdge::INHERITANCE);
460 }
461 }
462 else
463 {
464 if (const GlobalAlias *alias =
465 SVFUtil::dyn_cast<GlobalAlias>(operand))
466 {
467 const Constant *aliasValue = alias->getAliasee();
468 if (const Function* aliasFunc =
469 SVFUtil::dyn_cast<Function>(aliasValue))
470 {
471 addFuncToFuncVector(virtualFunctions, aliasFunc);
472 }
473 else if (const ConstantExpr *aliasconst =
474 SVFUtil::dyn_cast<ConstantExpr>(aliasValue))
475 {
476 (void)aliasconst; // Suppress warning of unused variable under release build
477 assert(aliasconst->getOpcode() == Instruction::BitCast &&
478 "aliased constantexpr in vtable not a bitcast");
479 const Function* aliasbitcastfunc =
480 SVFUtil::dyn_cast<Function>(aliasconst->getOperand(0));
481 assert(aliasbitcastfunc &&
482 "aliased bitcast in vtable not a function");
483 addFuncToFuncVector(virtualFunctions, aliasbitcastfunc);
484 }
485 else
486 {
487 assert(false && "alias not function or bitcast");
488 }
489
490 pure_abstract &= false;
491 }
492 else if (operand->getName().str().compare(0, ztiLabel.size(),
493 ztiLabel) == 0)
494 {
495 }
496 else
497 {
498 assert("what else can be in bitcast of a vtable?");
499 }
500 }
501 };
502
518 if (const ConstantExpr *ce =
519 SVFUtil::dyn_cast<ConstantExpr>(operand))
520 {
521 u32_t opcode = ce->getOpcode();
522 assert(opcode == Instruction::IntToPtr);
523 assert(ce->getNumOperands() == 1 &&
524 "inttptr operand num not 1");
525 if (opcode == Instruction::IntToPtr)
526 {
527 node->setMultiInheritance();
528 ++i;
529 break;
530 }
531 }
532 else
533 {
534 foo(operand);
535 }
536 }
537 if (is_virtual && virtualFunctions.size() > 0)
538 {
539 for (int i = 0; i < null_ptr_num; ++i)
540 {
541 const FunObjVar* fun = virtualFunctions[i];
542 virtualFunctions.insert(virtualFunctions.begin(), fun);
543 }
544 }
545 if (virtualFunctions.size() > 0)
546 node->addVirtualFunctionVector(virtualFunctions);
547 }
548 if (pure_abstract == true)
549 {
550 node->setPureAbstract();
551 }
552 }
553 }
554 }
555}
ztiLabel
const string ztiLabel
Definition CHGBuilder.cpp:57
pureVirtualFunName
const string pureVirtualFunName
Definition CHGBuilder.cpp:55
u32_t
unsigned u32_t
Definition CommandLine.h:18
SVF::CHEdge::INHERITANCE
@ INHERITANCE
Definition CHG.h:86
SVF::CHGBuilder::addFuncToFuncVector
void addFuncToFuncVector(CHNode::FuncVector &v, const Function *f)
Definition CHGBuilder.cpp:738
SVF::CHGBuilder::createNode
CHNode * createNode(const std::string &name)
Definition CHGBuilder.cpp:240
SVF::CHGraph::addEdge
void addEdge(const std::string className, const std::string baseClassName, CHEdge::CHEDGETYPE edgeType)
Definition CHG.cpp:97
SVF::CHGraph::getNode
CHNode * getNode(const std::string name) const
Definition CHG.cpp:112
SVF::CHNode::setVTable
void setVTable(const GlobalObjVar *vtbl)
Definition CHG.h:189
SVF::CHNode::setMultiInheritance
void setMultiInheritance()
Definition CHG.h:152
SVF::CHNode::addVirtualFunctionVector
void addVirtualFunctionVector(FuncVector vfuncvec)
Definition CHG.h:174
SVF::CHNode::setPureAbstract
void setPureAbstract()
Attribute.
Definition CHG.h:148
SVF::CHNode::FuncVector
std::vector< const FunObjVar * > FuncVector
Definition CHG.h:121
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:403
SVF::LLVMModuleSet::getObjectNode
NodeID getObjectNode(const Value *V)
Definition LLVMModule.cpp:1007
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116
SVF::cppUtil::demangle
struct DemangledName demangle(const std::string &name)
Definition CppUtil.cpp:195
SVF::cppUtil::getVtblStruct
const ConstantStruct * getVtblStruct(const GlobalValue *vtbl)
Definition CppUtil.cpp:323
SVF::cppUtil::getClassNameFromVtblObj
std::string getClassNameFromVtblObj(const std::string &vtblName)
Definition CppUtil.cpp:304
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition CppUtil.cpp:336
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition BasicTypes.h:128
SVF::ConstantStruct
llvm::ConstantStruct ConstantStruct
Definition BasicTypes.h:106
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56
SVF::ConstantArray
llvm::ConstantArray ConstantArray
Definition BasicTypes.h:123
SVF::Function
llvm::Function Function
Definition BasicTypes.h:85
SVF::GlobalValue
llvm::GlobalValue GlobalValue
Definition BasicTypes.h:88
SVF::Constant
llvm::Constant Constant
Definition BasicTypes.h:124
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition BasicTypes.h:82
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition BasicTypes.h:120

◆ buildCHG()

void CHGBuilder::buildCHG ( )

Definition at line 64 of file CHGBuilder.cpp.

65{
66
67 double timeStart, timeEnd;
68 timeStart = PTAStat::getClk(true);
69 for (Module &M : llvmModuleSet()->getLLVMModules())
70 {
71 DBOUT(DGENERAL, outs() << SVFUtil::pasMsg("construct CHGraph From module "
72 + M.getName().str() + "...\n"));
73 readInheritanceMetadataFromModule(M);
74 for (Module::const_global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
75 buildCHGNodes(&(*I));
76 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
77 buildCHGNodes(&(*F));
78 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
79 buildCHGEdges(&(*F));
80
81 analyzeVTables(M);
82 }
83
84 DBOUT(DGENERAL, outs() << SVFUtil::pasMsg("build Internal Maps ...\n"));
85 buildInternalMaps();
86
87 timeEnd = PTAStat::getClk(true);
88 chg->buildingCHGTime = (timeEnd - timeStart) / TIMEINTERVAL;
89
90 if (Options::DumpCHA())
91 chg->dump("cha");
92}
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:498
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:526
DGENERAL
#define DGENERAL
Definition SVFType.h:504
SVF::CHGBuilder::analyzeVTables
void analyzeVTables(const Module &M)
Definition CHGBuilder.cpp:366
SVF::CHGBuilder::readInheritanceMetadataFromModule
void readInheritanceMetadataFromModule(const Module &M)
Definition CHGBuilder.cpp:219
SVF::CHGBuilder::buildCHGNodes
void buildCHGNodes(const GlobalValue *V)
Definition CHGBuilder.cpp:94
SVF::CHGBuilder::buildCHGEdges
void buildCHGEdges(const Function *F)
Definition CHGBuilder.cpp:135
SVF::CHGBuilder::buildInternalMaps
void buildInternalMaps()
Definition CHGBuilder.cpp:157
SVF::CHGraph::dump
void dump(const std::string &filename)
Definition CHG.cpp:242
SVF::CHGraph::buildingCHGTime
double buildingCHGTime
Definition CHG.h:322
SVF::Options::DumpCHA
static const Option< bool > DumpCHA
Definition Options.h:176
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF::Module
llvm::Module Module
Definition BasicTypes.h:84

◆ buildCHGEdges()

void CHGBuilder::buildCHGEdges ( const Function F)

Definition at line 135 of file CHGBuilder.cpp.

136{
137 if (isConstructor(F) || isDestructor(F))
138 {
139 for (Function::const_iterator B = F->begin(), E = F->end(); B != E; ++B)
140 {
141 for (BasicBlock::const_iterator I = B->begin(), E = B->end(); I != E; ++I)
142 {
143 if (LLVMUtil::isCallSite(&(*I)))
144 {
145 connectInheritEdgeViaCall(F, SVFUtil::cast<CallBase>(&(*I)));
146 }
147 else if (const StoreInst *store = SVFUtil::dyn_cast<StoreInst>(&(*I)))
148 {
149 connectInheritEdgeViaStore(F, store);
150 }
151 }
152 }
153 }
154}
SVF::CHGBuilder::connectInheritEdgeViaStore
void connectInheritEdgeViaStore(const Function *caller, const StoreInst *store)
Definition CHGBuilder.cpp:192
SVF::CHGBuilder::connectInheritEdgeViaCall
void connectInheritEdgeViaCall(const Function *caller, const CallBase *cs)
Definition CHGBuilder.cpp:164
SVF::LLVMUtil::isCallSite
bool isCallSite(const Instruction *inst)
Whether an instruction is a call or invoke instruction.
Definition LLVMUtil.h:44
SVF::cppUtil::isConstructor
bool isConstructor(const Function *F)
Definition CppUtil.cpp:489
SVF::cppUtil::isDestructor
bool isDestructor(const Function *F)
Definition CppUtil.cpp:509
SVF::StoreInst
llvm::StoreInst StoreInst
Definition BasicTypes.h:148

◆ buildCHGNodes() [1/2]

void CHGBuilder::buildCHGNodes ( const Function F)

Definition at line 124 of file CHGBuilder.cpp.

125{
126 if (isConstructor(F) || isDestructor(F))
127 {
128 struct DemangledName dname = demangle(F->getName().str());
129 DBOUT(DCHA, outs() << "\t build CHANode for class " + dname.className + "...\n");
130 if (!chg->getNode(dname.className))
131 createNode(dname.className);
132 }
133}
DCHA
#define DCHA
Definition SVFType.h:520

◆ buildCHGNodes() [2/2]

void CHGBuilder::buildCHGNodes ( const GlobalValue V)

Definition at line 94 of file CHGBuilder.cpp.

95{
96 if (cppUtil::isValVtbl(globalvalue) && globalvalue->getNumOperands() > 0)
97 {
98 const ConstantStruct *vtblStruct = cppUtil::getVtblStruct(globalvalue);
99 string className = getClassNameFromVtblObj(globalvalue->getName().str());
100 if (!chg->getNode(className))
101 createNode(className);
102
103 for (unsigned int ei = 0; ei < vtblStruct->getNumOperands(); ++ei)
104 {
105 const ConstantArray *vtbl = SVFUtil::dyn_cast<ConstantArray>(vtblStruct->getOperand(ei));
106 assert(vtbl && "Element of initializer not an array?");
107 for (u32_t i = 0; i < vtbl->getNumOperands(); ++i)
108 {
109 if(const ConstantExpr *ce = isCastConstantExpr(vtbl->getOperand(i)))
110 {
111 const Value* bitcastValue = ce->getOperand(0);
112 if (const Function* func = SVFUtil::dyn_cast<Function>(bitcastValue))
113 {
114 struct DemangledName dname = demangle(func->getName().str());
115 if (!chg->getNode(dname.className))
116 createNode(dname.className);
117 }
118 }
119 }
120 }
121 }
122}
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition LLVMUtil.h:245

◆ buildClassNameToAncestorsDescendantsMap()

void CHGBuilder::buildClassNameToAncestorsDescendantsMap ( )

Definition at line 267 of file CHGBuilder.cpp.

268{
269
270 for (CHGraph::const_iterator it = chg->begin(), eit = chg->end();
271 it != eit; ++it)
272 {
273 const CHNode *node = it->second;
274 WorkList worklist;
275 CHNodeSetTy visitedNodes;
276 worklist.push(node);
277 while (!worklist.empty())
278 {
279 const CHNode *curnode = worklist.pop();
280 if (visitedNodes.find(curnode) == visitedNodes.end())
281 {
282 for (CHEdge::CHEdgeSetTy::const_iterator it =
283 curnode->getOutEdges().begin(), eit =
284 curnode->getOutEdges().end(); it != eit; ++it)
285 {
286 if ((*it)->getEdgeType() == CHEdge::INHERITANCE)
287 {
288 CHNode *succnode = (*it)->getDstNode();
289 chg->classNameToAncestorsMap[node->getName()].insert(succnode);
290 chg->classNameToDescendantsMap[succnode->getName()].insert(node);
291 worklist.push(succnode);
292 }
293 }
294 visitedNodes.insert(curnode);
295 }
296 }
297 }
298}
SVF::CHGBuilder::WorkList
CHGraph::WorkList WorkList
Definition CHGBuilder.h:46
SVF::CHGBuilder::CHNodeSetTy
CHGraph::CHNodeSetTy CHNodeSetTy
Definition CHGBuilder.h:45
SVF::CHGraph::classNameToAncestorsMap
NameToCHNodesMap classNameToAncestorsMap
Definition CHG.h:325
SVF::CHGraph::classNameToDescendantsMap
NameToCHNodesMap classNameToDescendantsMap
Definition CHG.h:324
SVF::CHNode::getName
virtual const std::string & getName() const
Definition CHG.h:130
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:377
SVF::GenericGraph::const_iterator
IDToNodeMapTy::const_iterator const_iterator
Definition GenericGraph.h:357

◆ buildCSToCHAVtblsAndVfnsMap()

void CHGBuilder::buildCSToCHAVtblsAndVfnsMap ( )

Definition at line 657 of file CHGBuilder.cpp.

658{
659
660 for (Module &M : llvmModuleSet()->getLLVMModules())
661 {
662 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
663 {
664 for (const_inst_iterator II = inst_begin(*F), E = inst_end(*F); II != E; ++II)
665 {
666 if(const CallBase* callInst = SVFUtil::dyn_cast<CallBase>(&*II))
667 {
668 if (cppUtil::isVirtualCallSite(callInst) == false)
669 continue;
670
671 VTableSet vtbls;
672 const CHNodeSetTy& chClasses = getCSClasses(callInst);
673 for (CHNodeSetTy::const_iterator it = chClasses.begin(), eit = chClasses.end(); it != eit; ++it)
674 {
675 const CHNode *child = *it;
676 const GlobalObjVar *vtbl = child->getVTable();
677 if (vtbl != nullptr)
678 {
679 vtbls.insert(vtbl);
680 }
681 }
682 if (vtbls.size() > 0)
683 {
684 ICFGNode* icfgNode =
685 llvmModuleSet()->getICFGNode(callInst);
686 chg->callNodeToCHAVtblsMap[icfgNode] = vtbls;
687 VFunSet virtualFunctions;
688 chg->getVFnsFromVtbls(SVFUtil::cast<CallICFGNode>(icfgNode), vtbls, virtualFunctions);
689 if (virtualFunctions.size() > 0)
690 chg->callNodeToCHAVFnsMap[icfgNode] = virtualFunctions;
691 }
692 }
693 }
694 }
695 }
696}
child
cJSON * child
Definition cJSON.cpp:2723
SVF::CHGBuilder::getCSClasses
const CHNodeSetTy & getCSClasses(const CallBase *cs)
Definition CHGBuilder.cpp:699
SVF::CHGraph::callNodeToCHAVFnsMap
CallNodeToVFunSetMap callNodeToCHAVFnsMap
Definition CHG.h:333
SVF::CHGraph::getVFnsFromVtbls
void getVFnsFromVtbls(const CallICFGNode *cs, const VTableSet &vtbls, VFunSet &virtualFunctions) override
Definition CHG.cpp:124
SVF::CHGraph::callNodeToCHAVtblsMap
CallNodeToVTableSetMap callNodeToCHAVtblsMap
Definition CHG.h:332
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition LLVMModule.cpp:1118
SVF::cppUtil::isVirtualCallSite
bool isVirtualCallSite(const CallBase *cs)
Definition CppUtil.cpp:352
SVF::const_inst_iterator
llvm::const_inst_iterator const_inst_iterator
Definition BasicTypes.h:250
SVF::CallBase
llvm::CallBase CallBase
Definition BasicTypes.h:146
SVF::VTableSet
Set< const GlobalObjVar * > VTableSet
Definition CHG.h:46
SVF::VFunSet
Set< const FunObjVar * > VFunSet
Definition CHG.h:47

◆ buildInternalMaps()

void CHGBuilder::buildInternalMaps ( )

Definition at line 157 of file CHGBuilder.cpp.

158{
159 buildClassNameToAncestorsDescendantsMap();
160 buildVirtualFunctionToIDMap();
161 buildCSToCHAVtblsAndVfnsMap();
162}
SVF::CHGBuilder::buildVirtualFunctionToIDMap
void buildVirtualFunctionToIDMap()
Definition CHGBuilder.cpp:558
SVF::CHGBuilder::buildCSToCHAVtblsAndVfnsMap
void buildCSToCHAVtblsAndVfnsMap()
Definition CHGBuilder.cpp:657
SVF::CHGBuilder::buildClassNameToAncestorsDescendantsMap
void buildClassNameToAncestorsDescendantsMap()
Definition CHGBuilder.cpp:267

◆ buildVirtualFunctionToIDMap()

void CHGBuilder::buildVirtualFunctionToIDMap ( )

Definition at line 558 of file CHGBuilder.cpp.

559{
560 /*
561 * 1. Divide classes into groups
562 * 2. Get all virtual functions in a group
563 * 3. Assign consecutive IDs to virtual functions that have
564 * the same name (after demangling) in a group
565 */
566 CHGraph::CHNodeSetTy visitedNodes;
567 for (CHGraph::const_iterator nit = chg->begin(),
568 neit = chg->end(); nit != neit; ++nit)
569 {
570 CHNode *node = nit->second;
571 if (visitedNodes.find(node) != visitedNodes.end())
572 continue;
573
574 string className = node->getName();
575
576 /*
577 * get all the classes in a specific group
578 */
579 CHGraph::CHNodeSetTy group;
580 stack<const CHNode*> nodeStack;
581 nodeStack.push(node);
582 while (!nodeStack.empty())
583 {
584 const CHNode *curnode = nodeStack.top();
585 nodeStack.pop();
586 group.insert(curnode);
587 if (visitedNodes.find(curnode) != visitedNodes.end())
588 continue;
589 for (CHEdge::CHEdgeSetTy::const_iterator it = curnode->getOutEdges().begin(),
590 eit = curnode->getOutEdges().end(); it != eit; ++it)
591 {
592 CHNode *tmpnode = (*it)->getDstNode();
593 nodeStack.push(tmpnode);
594 group.insert(tmpnode);
595 }
596 for (CHEdge::CHEdgeSetTy::const_iterator it = curnode->getInEdges().begin(),
597 eit = curnode->getInEdges().end(); it != eit; ++it)
598 {
599 CHNode *tmpnode = (*it)->getSrcNode();
600 nodeStack.push(tmpnode);
601 group.insert(tmpnode);
602 }
603 visitedNodes.insert(curnode);
604 }
605
606 /*
607 * get all virtual functions in a specific group
608 */
609 set<const FunObjVar*> virtualFunctions;
610 for (CHGraph::CHNodeSetTy::iterator it = group.begin(),
611 eit = group.end(); it != eit; ++it)
612 {
613 const vector<CHNode::FuncVector> &vecs = (*it)->getVirtualFunctionVectors();
614 for (vector<CHNode::FuncVector>::const_iterator vit = vecs.begin(),
615 veit = vecs.end(); vit != veit; ++vit)
616 {
617 for (vector<const FunObjVar*>::const_iterator fit = (*vit).begin(),
618 feit = (*vit).end(); fit != feit; ++fit)
619 {
620 virtualFunctions.insert(*fit);
621 }
622 }
623 }
624
625 /*
626 * build a set of pairs of demangled function name and function in a
627 * specific group, items in the set will be sort by the first item of the
628 * pair, so all the virtual functions in a group will be sorted by the
629 * demangled function name
630 * <f, A::f>
631 * <f, B::f>
632 * <g, A::g>
633 * <g, B::g>
634 * <g, C::g>
635 * <~A, A::~A>
636 * <~B, B::~B>
637 * <~C, C::~C>
638 * ...
639 */
640 set<pair<string, const FunObjVar*> > fNameSet;
641 for (set<const FunObjVar*>::iterator fit = virtualFunctions.begin(),
642 feit = virtualFunctions.end(); fit != feit; ++fit)
643 {
644 const FunObjVar* f = *fit;
645 struct DemangledName dname = demangle(f->getName());
646 fNameSet.insert(pair<string, const FunObjVar*>(dname.funcName, f));
647 }
648 for (set<pair<string, const FunObjVar*>>::iterator it = fNameSet.begin(),
649 eit = fNameSet.end(); it != eit; ++it)
650 {
651 chg->virtualFunctionToIDMap[it->second] = chg->vfID++;
652 }
653 }
654}
set
set(THREADS_PREFER_PTHREAD_FLAG ON) find_package(Threads REQUIRED) add_llvm_executable(wpa wpa.cpp) target_link_libraries(wpa PUBLIC $
Definition CMakeLists.txt:1
SVF::CHGraph::virtualFunctionToIDMap
Map< const FunObjVar *, u32_t > virtualFunctionToIDMap
Definition CHG.h:330
SVF::CHGraph::vfID
u32_t vfID
Definition CHG.h:321
SVF::CHGraph::CHNodeSetTy
Set< const CHNode * > CHNodeSetTy
Definition CHG.h:240
SVF::CHNode::getVirtualFunctionVectors
const std::vector< FuncVector > & getVirtualFunctionVectors() const
Definition CHG.h:178

◆ connectInheritEdgeViaCall()

void CHGBuilder::connectInheritEdgeViaCall ( const Function caller,
const CallBase cs 
)

Definition at line 164 of file CHGBuilder.cpp.

165{
166 if (getCallee(cs) == nullptr)
167 return;
168
169 const Function* callee = getCallee(cs);
170
171 struct DemangledName dname = demangle(caller->getName().str());
172 if ((isConstructor(caller) && isConstructor(callee)) || (isDestructor(caller) && isDestructor(callee)))
173 {
174 if (cs->arg_size() < 1 || (cs->arg_size() < 2 && cs->paramHasAttr(0, llvm::Attribute::StructRet)))
175 return;
176 const Value* csThisPtr = cppUtil::getVCallThisPtr(cs);
177 //const Argument* consThisPtr = getConstructorThisPtr(caller);
178 //bool samePtr = isSameThisPtrInConstructor(consThisPtr, csThisPtr);
179 bool samePtrTrue = true;
180 if (csThisPtr != nullptr && samePtrTrue)
181 {
182 struct DemangledName basename = demangle(callee->getName().str());
183 if (!LLVMUtil::isCallSite(csThisPtr) &&
184 basename.className.size() > 0)
185 {
186 chg->addEdge(dname.className, basename.className, CHEdge::INHERITANCE);
187 }
188 }
189 }
190}
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition LLVMUtil.h:97
SVF::cppUtil::getVCallThisPtr
const Value * getVCallThisPtr(const CallBase *cs)
Definition CppUtil.cpp:411

◆ connectInheritEdgeViaStore()

void CHGBuilder::connectInheritEdgeViaStore ( const Function caller,
const StoreInst store 
)

Definition at line 192 of file CHGBuilder.cpp.

193{
194 struct DemangledName dname = demangle(caller->getName().str());
195 if (const ConstantExpr *ce = SVFUtil::dyn_cast<ConstantExpr>(storeInst->getValueOperand()))
196 {
197 if (ce->getOpcode() == Instruction::BitCast)
198 {
199 const Value* bitcastval = ce->getOperand(0);
200 if (const ConstantExpr *bcce = SVFUtil::dyn_cast<ConstantExpr>(bitcastval))
201 {
202 if (bcce->getOpcode() == Instruction::GetElementPtr)
203 {
204 const Value* gepval = bcce->getOperand(0);
205 if (cppUtil::isValVtbl(gepval))
206 {
207 string vtblClassName = getClassNameFromVtblObj(gepval->getName().str());
208 if (vtblClassName.size() > 0 && dname.className.compare(vtblClassName) != 0)
209 {
210 chg->addEdge(dname.className, vtblClassName, CHEdge::INHERITANCE);
211 }
212 }
213 }
214 }
215 }
216 }
217}

◆ createNode()

CHNode * CHGBuilder::createNode ( const std::string &  name)

Definition at line 240 of file CHGBuilder.cpp.

241{
242 assert(!chg->getNode(className) && "this node should never be created before!");
243 CHNode * node = new CHNode(className, chg->classNum++);
244 chg->classNameToNodeMap[className] = node;
245 chg->addGNode(node->getId(), node);
246 if (className.size() > 0 && className[className.size() - 1] == '>')
247 {
248 string templateName = getBeforeBrackets(className);
249 CHNode* templateNode = chg->getNode(templateName);
250 if (!templateNode)
251 {
252 DBOUT(DCHA, outs() << "\t Create Template CHANode " + templateName + " for class " + className + "...\n");
253 templateNode = createNode(templateName);
254 templateNode->setTemplate();
255 }
256 chg->addEdge(className, templateName, CHEdge::INSTANTCE);
257 chg->addInstances(templateName,node);
258 }
259 return node;
260}
SVF::CHEdge::INSTANTCE
@ INSTANTCE
Definition CHG.h:87
SVF::CHGraph::addInstances
void addInstances(const std::string templateName, CHNode *node)
Definition CHG.h:290
SVF::CHGraph::classNum
u32_t classNum
Definition CHG.h:320
SVF::CHGraph::classNameToNodeMap
Map< std::string, CHNode * > classNameToNodeMap
Definition CHG.h:323
SVF::GenericGraph::addGNode
void addGNode(NodeID id, NodeType *node)
Add a Node.
Definition GenericGraph.h:396
SVF::SVFValue::getId
NodeID getId() const
Get ID.
Definition SVFValue.h:158
SVF::cppUtil::getBeforeBrackets
std::string getBeforeBrackets(const std::string &name)
Definition CppUtil.cpp:127

◆ getCSClasses()

const CHGraph::CHNodeSetTy & CHGBuilder::getCSClasses ( const CallBase cs)

Definition at line 699 of file CHGBuilder.cpp.

700{
701 assert(cppUtil::isVirtualCallSite(cs) && "not virtual callsite!");
702
703 ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(cs);
704
705 CHGraph::CallNodeToCHNodesMap::const_iterator it = chg->callNodeToClassesMap.find(icfgNode);
706 if (it != chg->callNodeToClassesMap.end())
707 {
708 return it->second;
709 }
710 else
711 {
712 Set<string> thisPtrClassNames = getClassNameOfThisPtr(cs);
713
714 if(thisPtrClassNames.empty())
715 {
716 // if we cannot infer classname, conservatively push all class nodes
717 for (const auto &node: *chg)
718 {
719 chg->callNodeToClassesMap[icfgNode].insert(node.second);
720 }
721 return chg->callNodeToClassesMap[icfgNode];
722 }
723
724 for (const auto &thisPtrClassName: thisPtrClassNames)
725 {
726 if (const CHNode* thisNode = chg->getNode(thisPtrClassName))
727 {
728 const CHGraph::CHNodeSetTy& instAndDesces = getInstancesAndDescendants(thisPtrClassName);
729 chg->callNodeToClassesMap[icfgNode].insert(thisNode);
730 for (CHGraph::CHNodeSetTy::const_iterator it2 = instAndDesces.begin(), eit = instAndDesces.end(); it2 != eit; ++it2)
731 chg->callNodeToClassesMap[icfgNode].insert(*it2);
732 }
733 }
734 return chg->callNodeToClassesMap[icfgNode];
735 }
736}
SVF::CHGBuilder::getInstancesAndDescendants
const CHGraph::CHNodeSetTy & getInstancesAndDescendants(const std::string &className)
Definition CHGBuilder.cpp:300
SVF::CHGraph::callNodeToClassesMap
CallNodeToCHNodesMap callNodeToClassesMap
Definition CHG.h:328
SVF::cppUtil::getClassNameOfThisPtr
Set< std::string > getClassNameOfThisPtr(const CallBase *cs)
Definition CppUtil.cpp:601

◆ getInstancesAndDescendants()

const CHGraph::CHNodeSetTy & CHGBuilder::getInstancesAndDescendants ( const std::string &  className)

Definition at line 300 of file CHGBuilder.cpp.

302{
303
304 CHGraph::NameToCHNodesMap::const_iterator it = chg->classNameToInstAndDescsMap.find(className);
305 if (it != chg->classNameToInstAndDescsMap.end())
306 {
307 return it->second;
308 }
309 else
310 {
311 chg->classNameToInstAndDescsMap[className] = chg->getDescendants(className);
312 if (chg->getNode(className)->isTemplate())
313 {
314 const CHNodeSetTy& instances = chg->getInstances(className);
315 for (CHNodeSetTy::const_iterator it = instances.begin(), eit = instances.end(); it != eit; ++it)
316 {
317 const CHNode *node = *it;
318 chg->classNameToInstAndDescsMap[className].insert(node);
319 const CHNodeSetTy& instance_descendants = chg->getDescendants(node->getName());
320 for (CHNodeSetTy::const_iterator dit =
321 instance_descendants.begin(), deit =
322 instance_descendants.end(); dit != deit; ++dit)
323 {
324 chg->classNameToInstAndDescsMap[className].insert(*dit);
325 }
326 }
327 }
328 return chg->classNameToInstAndDescsMap[className];
329 }
330}
SVF::CHGraph::getInstances
const CHNodeSetTy & getInstances(const std::string className)
Definition CHG.h:303
SVF::CHGraph::classNameToInstAndDescsMap
NameToCHNodesMap classNameToInstAndDescsMap
Definition CHG.h:326
SVF::CHGraph::getDescendants
const CHNodeSetTy & getDescendants(const std::string className)
Definition CHG.h:299
SVF::CHNode::isTemplate
bool isTemplate() const
Definition CHG.h:168

◆ llvmModuleSet()

LLVMModuleSet * CHGBuilder::llvmModuleSet ( )
private

Definition at line 59 of file CHGBuilder.cpp.

60{
61 return LLVMModuleSet::getLLVMModuleSet();
62}
SVF::LLVMModuleSet::getLLVMModuleSet
static LLVMModuleSet * getLLVMModuleSet()
Definition LLVMModule.h:129

◆ readInheritanceMetadataFromModule()

void CHGBuilder::readInheritanceMetadataFromModule ( const Module M)

Definition at line 219 of file CHGBuilder.cpp.

220{
221 for (Module::const_named_metadata_iterator mdit = M.named_metadata_begin(),
222 mdeit = M.named_metadata_end(); mdit != mdeit; ++mdit)
223 {
224 const NamedMDNode *md = &*mdit;
225 string mdname = md->getName().str();
226 if (mdname.compare(0, 15, "__cxx_bases_of_") != 0)
227 continue;
228 string className = mdname.substr(15);
229 for (NamedMDNode::const_op_iterator opit = md->op_begin(),
230 opeit = md->op_end(); opit != opeit; ++opit)
231 {
232 const MDNode *N = *opit;
233 const MDString* mdstr = SVFUtil::cast<MDString>(N->getOperand(0).get());
234 string baseName = mdstr->getString().str();
235 chg->addEdge(className, baseName, CHEdge::INHERITANCE);
236 }
237 }
238}
SVF::MDString
llvm::MDString MDString
Definition BasicTypes.h:101
SVF::NamedMDNode
llvm::NamedMDNode NamedMDNode
LLVM metadata and debug information.
Definition BasicTypes.h:111
SVF::MDNode
llvm::MDNode MDNode
Definition BasicTypes.h:112

Member Data Documentation

◆ chg

CHGraph* SVF::CHGBuilder::chg
private

Definition at line 42 of file CHGBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8