#include <SparseAbstractInterpretation.h>
Protected Attributes | |
| SVFG * | svfg {nullptr} |
 Protected Attributes inherited from SVF::AbstractInterpretation | |
| SVFIR * | svfir {nullptr} |
| Data and helpers reachable from SparseAbstractInterpretation. | |
| AEWTO * | preAnalysis {nullptr} |
| Map< const ICFGNode *, AbstractState > | abstractTrace |
| per-node trace; owned here | |
Additional Inherited Members | |
| Public Types inherited from SVF::AbstractInterpretation | |
| enum | AESparsity { Dense , SemiSparse , Sparse } |
| enum | HandleRecur { TOP , WIDEN_ONLY , WIDEN_NARROW } |
| Static Public Member Functions inherited from SVF::AbstractInterpretation | |
| static AbstractInterpretation & | getAEInstance () |
Detailed Description
Abstract Interpretation for Options::AESparsity::Sparse (full-sparse).
In full-sparse mode both ValVars and ObjVars live at their SVFG def-sites; reads query the SVFG for the reaching-def site, writes happen at def-sites. ValVar reads currently assert(false) until the SVFG-backed resolution lands (see doc/plan-full-sparse.md); cycle helpers are inherited from the semi-sparse parent and will also need extension for ObjVars.
Definition at line 83 of file SparseAbstractInterpretation.h.
Constructor & Destructor Documentation
◆ FullSparseAbstractInterpretation()
|
inline |
Definition at line 86 of file SparseAbstractInterpretation.h.
◆ ~FullSparseAbstractInterpretation()
|
override |
Definition at line 42 of file SparseAbstractInterpretation.cpp.
Member Function Documentation
◆ buildSVFG()
|
protected |
Build the SVFG on top of the semi-sparse precompute.
Definition at line 47 of file SparseAbstractInterpretation.cpp.
◆ getAbsValue() [1/5]
|
virtual |
Reimplemented from SVF::AbstractInterpretation.
Definition at line 60 of file AbstractStateManager.cpp.
◆ getAbsValue() [2/5]
|
virtual |
Reimplemented from SVF::AbstractInterpretation.
Definition at line 60 of file AbstractStateManager.cpp.
◆ getAbsValue() [3/5]
|
virtual |
Read a top-level variable's abstract value. Dense base does a direct trace lookup; sparse subclasses override with their own resolution chain (def-site walk, call-result fallback, etc.). All three overloads are virtual so full-sparse can route ObjVar reads through the SVFG.
Dense base: direct trace lookup, with a top sentinel for genuinely missing entries (e.g. function parameters like argc, never written before first read). Sparse subclasses override with a def-site resolution chain.
The "in map" check is a raw map.count — NOT inVarToValTable / inVarToAddrsTable, which gate on isInterval / isAddr. SVF canonically represents uninit and null-pointer shapes as (interval=bottom ∧ addrs=∅); those predicates would falsely report such an entry as "not present", and the top fallback below would then clobber the very signal NullptrDerefDetector::isUninit keys off.
Reimplemented from SVF::AbstractInterpretation.
Definition at line 60 of file AbstractStateManager.cpp.
◆ getAbsValue() [4/5]
|
overridevirtual |
Read a top-level variable's abstract value. Dense base does a direct trace lookup; sparse subclasses override with their own resolution chain (def-site walk, call-result fallback, etc.). All three overloads are virtual so full-sparse can route ObjVar reads through the SVFG.
Dense base: direct trace lookup, with a top sentinel for genuinely missing entries (e.g. function parameters like argc, never written before first read). Sparse subclasses override with a def-site resolution chain.
The "in map" check is a raw map.count — NOT inVarToValTable / inVarToAddrsTable, which gate on isInterval / isAddr. SVF canonically represents uninit and null-pointer shapes as (interval=bottom ∧ addrs=∅); those predicates would falsely report such an entry as "not present", and the top fallback below would then clobber the very signal NullptrDerefDetector::isUninit keys off.
Reimplemented from SVF::AbstractInterpretation.
Definition at line 63 of file SparseAbstractInterpretation.cpp.
◆ getAbsValue() [5/5]
|
overridevirtual |
Read a top-level variable's abstract value. Dense base does a direct trace lookup; sparse subclasses override with their own resolution chain (def-site walk, call-result fallback, etc.). All three overloads are virtual so full-sparse can route ObjVar reads through the SVFG.
Dense base: direct trace lookup, with a top sentinel for genuinely missing entries (e.g. function parameters like argc, never written before first read). Sparse subclasses override with a def-site resolution chain.
The "in map" check is a raw map.count — NOT inVarToValTable / inVarToAddrsTable, which gate on isInterval / isAddr. SVF canonically represents uninit and null-pointer shapes as (interval=bottom ∧ addrs=∅); those predicates would falsely report such an entry as "not present", and the top fallback below would then clobber the very signal NullptrDerefDetector::isUninit keys off.
Reimplemented from SVF::AbstractInterpretation.
Definition at line 59 of file AbstractStateManager.cpp.
◆ getDefSiteOfObjVar()
| const Set< const ICFGNode * > FullSparseAbstractInterpretation::getDefSiteOfObjVar | ( | const ObjVar * | obj, |
| const ICFGNode * | node | ||
| ) | const |
Given an ObjVar and its def-site ICFGNode, find all use-site ICFGNodes by following outgoing IndirectSVFGEdges whose pts contains the ObjVar
Definition at line 96 of file SparseAbstractInterpretation.cpp.
◆ getDefSiteOfValVar()
Definition at line 89 of file SparseAbstractInterpretation.cpp.
◆ getUseSitesOfObjVar()
| const Set< const ICFGNode * > FullSparseAbstractInterpretation::getUseSitesOfObjVar | ( | const ObjVar * | obj, |
| const ICFGNode * | node | ||
| ) | const |
Given an ObjVar and its def-site ICFGNode, find all use-site ICFGNodes by following outgoing IndirectSVFGEdges whose pts contains the ObjVar
Definition at line 111 of file SparseAbstractInterpretation.cpp.
◆ getUseSitesOfValVar()
| const Set< const ICFGNode * > FullSparseAbstractInterpretation::getUseSitesOfValVar | ( | const ValVar * | var | ) | const |
Definition at line 77 of file SparseAbstractInterpretation.cpp.
◆ hasAbsValue() [1/5]
|
virtual |
Reimplemented from SVF::AbstractInterpretation.
Definition at line 63 of file AbstractStateManager.cpp.
◆ hasAbsValue() [2/5]
|
virtual |
Reimplemented from SVF::AbstractInterpretation.
Definition at line 63 of file AbstractStateManager.cpp.
◆ hasAbsValue() [3/5]
|
virtual |
Side-effect-free existence check.
Dense base: direct existence check at node. Mirrors the simplified getAbsValue lookup — uses raw map.contains rather than inVar*Table predicates, which would falsely report neutral (interval=bottom ∧ addrs=∅) entries as "not present".
Reimplemented from SVF::AbstractInterpretation.
Definition at line 63 of file AbstractStateManager.cpp.
◆ hasAbsValue() [4/5]
|
overridevirtual |
Side-effect-free existence check.
Dense base: direct existence check at node. Mirrors the simplified getAbsValue lookup — uses raw map.contains rather than inVar*Table predicates, which would falsely report neutral (interval=bottom ∧ addrs=∅) entries as "not present".
Reimplemented from SVF::AbstractInterpretation.
Definition at line 70 of file SparseAbstractInterpretation.cpp.
◆ hasAbsValue() [5/5]
|
overridevirtual |
Side-effect-free existence check.
Dense base: direct existence check at node. Mirrors the simplified getAbsValue lookup — uses raw map.contains rather than inVar*Table predicates, which would falsely report neutral (interval=bottom ∧ addrs=∅) entries as "not present".
Reimplemented from SVF::AbstractInterpretation.
Definition at line 62 of file AbstractStateManager.cpp.
Member Data Documentation
◆ svfg
Definition at line 114 of file SparseAbstractInterpretation.h.
The documentation for this class was generated from the following files:
- /home/runner/work/SVF/SVF/svf/include/AE/Svfexe/SparseAbstractInterpretation.h
- /home/runner/work/SVF/SVF/svf/lib/AE/Svfexe/SparseAbstractInterpretation.cpp
