Static Value-Flow Analysis
Public Member Functions | Private Types | Private Attributes | List of all members
SVF::FunptrDDAClient Class Reference

#include <DDAClient.h>

Inheritance diagram for SVF::FunptrDDAClient:
SVF::DDAClient

Public Member Functions

 FunptrDDAClient (SVFModule *module)
 
 ~FunptrDDAClient ()
 
virtual OrderedNodeSetcollectCandidateQueries (SVFIR *p)
 Only collect function pointers as query candidates. More...
 
virtual void performStat (PointerAnalysis *pta)
 
- Public Member Functions inherited from SVF::DDAClient
 DDAClient (SVFModule *mod)
 
virtual ~DDAClient ()
 
virtual void initialise (SVFModule *)
 
const OrderedNodeSetgetCandidateQueries () const
 Get candidate queries. More...
 
virtual void handleStatement (const SVFGNode *, NodeID)
 Call back used by DDAVFSolver. More...
 
void setPAG (SVFIR *g)
 Set SVFIR graph. More...
 
void setCurrentQueryPtr (NodeID ptr)
 Set the pointer being queried. More...
 
void setQuery (NodeID ptr)
 Set pointer to be queried by DDA analysis. More...
 
SVFModulegetModule () const
 Get LLVM module. More...
 
virtual void answerQueries (PointerAnalysis *pta)
 
virtual void collectWPANum (SVFModule *)
 

Private Types

typedef OrderedMap< NodeID, const CallICFGNode * > VTablePtrToCallSiteMap
 

Private Attributes

VTablePtrToCallSiteMap vtableToCallSiteMap
 

Additional Inherited Members

- Protected Member Functions inherited from SVF::DDAClient
void addCandidate (NodeID id)
 
- Protected Attributes inherited from SVF::DDAClient
SVFIRpag
 SVFIR graph used by current DDA analysis. More...
 
SVFModulemodule
 LLVM module. More...
 
NodeID curPtr
 current pointer being queried More...
 
OrderedNodeSet candidateQueries
 store all candidate pointers to be queried More...
 

Detailed Description

DDA client with function pointers as query candidates.

Definition at line 125 of file DDAClient.h.

Member Typedef Documentation

◆ VTablePtrToCallSiteMap

typedef OrderedMap<NodeID,const CallICFGNode*> SVF::FunptrDDAClient::VTablePtrToCallSiteMap
private

Definition at line 128 of file DDAClient.h.

Constructor & Destructor Documentation

◆ FunptrDDAClient()

SVF::FunptrDDAClient::FunptrDDAClient ( SVFModule module)
inline

Definition at line 131 of file DDAClient.h.

131 : DDAClient(module) {}
SVF::DDAClient::DDAClient
DDAClient(SVFModule *mod)
Definition: DDAClient.h:51
SVF::DDAClient::module
SVFModule * module
LLVM module.
Definition: DDAClient.h:112

◆ ~FunptrDDAClient()

SVF::FunptrDDAClient::~FunptrDDAClient ( )
inline

Definition at line 132 of file DDAClient.h.

132 {}

Member Function Documentation

◆ collectCandidateQueries()

OrderedNodeSet & FunptrDDAClient::collectCandidateQueries ( SVFIR p)
virtual

Only collect function pointers as query candidates.

Reimplemented from SVF::DDAClient.

Definition at line 78 of file DDAClient.cpp.

79 {
80  setPAG(p);
81  for(SVFIR::CallSiteToFunPtrMap::const_iterator it = pag->getIndirectCallsites().begin(),
82  eit = pag->getIndirectCallsites().end(); it!=eit; ++it)
83  {
84  if (it->first->isVirtualCall())
85  {
86  const SVFVar* vtblPtr = it->first->getVtablePtr();
87  assert(vtblPtr != nullptr && "not a vtable pointer?");
88  NodeID vtblId = vtblPtr->getId();
89  addCandidate(vtblId);
90  vtableToCallSiteMap[vtblId] = it->first;
91  }
92  else
93  {
94  addCandidate(it->second);
95  }
96  }
97  return candidateQueries;
98 }
p
cJSON * p
Definition: cJSON.cpp:2559
SVF::DDAClient::setPAG
void setPAG(SVFIR *g)
Set SVFIR graph.
Definition: DDAClient.h:79
SVF::DDAClient::pag
SVFIR * pag
SVFIR graph used by current DDA analysis.
Definition: DDAClient.h:111
SVF::DDAClient::addCandidate
void addCandidate(NodeID id)
Definition: DDAClient.h:105
SVF::DDAClient::candidateQueries
OrderedNodeSet candidateQueries
store all candidate pointers to be queried
Definition: DDAClient.h:114
SVF::FunptrDDAClient::vtableToCallSiteMap
VTablePtrToCallSiteMap vtableToCallSiteMap
Definition: DDAClient.h:129
SVF::SVFBaseNode::getId
NodeID getId() const
Get ID.
Definition: GenericGraph.h:260
SVF::SVFIR::getIndirectCallsites
const CallSiteToFunPtrMap & getIndirectCallsites() const
Add/get indirect callsites.
Definition: SVFIR.h:350
SVF::NodeID
u32_t NodeID
Definition: GeneralType.h:55

◆ performStat()

void FunptrDDAClient::performStat ( PointerAnalysis pta)
virtual

Reimplemented from SVF::DDAClient.

Definition at line 100 of file DDAClient.cpp.

101 {
102 
103  AndersenWaveDiff* ander = AndersenWaveDiff::createAndersenWaveDiff(pta->getPAG());
104  u32_t totalCallsites = 0;
105  u32_t morePreciseCallsites = 0;
106  u32_t zeroTargetCallsites = 0;
107  u32_t oneTargetCallsites = 0;
108  u32_t twoTargetCallsites = 0;
109  u32_t moreThanTwoCallsites = 0;
110 
111  for (VTablePtrToCallSiteMap::iterator nIter = vtableToCallSiteMap.begin();
112  nIter != vtableToCallSiteMap.end(); ++nIter)
113  {
114  NodeID vtptr = nIter->first;
115  const PointsTo& ddaPts = pta->getPts(vtptr);
116  const PointsTo& anderPts = ander->getPts(vtptr);
117 
118  PTACallGraph* callgraph = ander->getCallGraph();
119  const CallICFGNode* cbn = nIter->second;
120 
121  if(!callgraph->hasIndCSCallees(cbn))
122  {
123  //outs() << "virtual callsite has no callee" << *(nIter->second.getInstruction()) << "\n";
124  continue;
125  }
126 
127  const PTACallGraph::FunctionSet& callees = callgraph->getIndCSCallees(cbn);
128  totalCallsites++;
129  if(callees.size() == 0)
130  zeroTargetCallsites++;
131  else if(callees.size() == 1)
132  oneTargetCallsites++;
133  else if(callees.size() == 2)
134  twoTargetCallsites++;
135  else
136  moreThanTwoCallsites++;
137 
138  if(ddaPts.count() >= anderPts.count() || ddaPts.empty())
139  continue;
140 
141  Set<const SVFFunction*> ander_vfns;
142  Set<const SVFFunction*> dda_vfns;
143  ander->getVFnsFromPts(cbn,anderPts, ander_vfns);
144  pta->getVFnsFromPts(cbn,ddaPts, dda_vfns);
145 
146  ++morePreciseCallsites;
147  outs() << "============more precise callsite =================\n";
148  outs() << (nIter->second)->toString() << "\n";
149  outs() << (nIter->second)->getSourceLoc() << "\n";
150  outs() << "\n";
151  outs() << "------ander pts or vtable num---(" << anderPts.count() << ")--\n";
152  outs() << "------DDA vfn num---(" << ander_vfns.size() << ")--\n";
153  //ander->dumpPts(vtptr, anderPts);
154  outs() << "------DDA pts or vtable num---(" << ddaPts.count() << ")--\n";
155  outs() << "------DDA vfn num---(" << dda_vfns.size() << ")--\n";
156  //pta->dumpPts(vtptr, ddaPts);
157  outs() << "-------------------------\n";
158  outs() << "\n";
159  outs() << "=================================================\n";
160  }
161 
162  outs() << "=================================================\n";
163  outs() << "Total virtual callsites: " << vtableToCallSiteMap.size() << "\n";
164  outs() << "Total analyzed virtual callsites: " << totalCallsites << "\n";
165  outs() << "Indirect call map size: " << ander->getCallGraph()->getIndCallMap().size() << "\n";
166  outs() << "Precise callsites: " << morePreciseCallsites << "\n";
167  outs() << "Zero target callsites: " << zeroTargetCallsites << "\n";
168  outs() << "One target callsites: " << oneTargetCallsites << "\n";
169  outs() << "Two target callsites: " << twoTargetCallsites << "\n";
170  outs() << "More than two target callsites: " << moreThanTwoCallsites << "\n";
171  outs() << "=================================================\n";
172 }
u32_t
unsigned u32_t
Definition: CommandLine.h:18
SVF::AndersenWaveDiff::createAndersenWaveDiff
static AndersenWaveDiff * createAndersenWaveDiff(SVFIR *_pag)
Create an singleton instance directly instead of invoking llvm pass manager.
Definition: Andersen.h:408
SVF::Andersen::getPts
virtual const PointsTo & getPts(NodeID id)
Operation of points-to set.
Definition: Andersen.h:239
SVF::PTACallGraph::FunctionSet
Set< const SVFFunction * > FunctionSet
Definition: PTACallGraph.h:251
SVF::PTACallGraph::hasIndCSCallees
bool hasIndCSCallees(const CallICFGNode *cs) const
Definition: PTACallGraph.h:308
SVF::PTACallGraph::getIndCSCallees
const FunctionSet & getIndCSCallees(const CallICFGNode *cs) const
Definition: PTACallGraph.h:312
SVF::PTACallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition: PTACallGraph.h:304
SVF::PointerAnalysis::getVFnsFromPts
void getVFnsFromPts(const CallICFGNode *cs, const PointsTo &target, VFunSet &vfns)
Definition: PointerAnalysis.cpp:436
SVF::PointerAnalysis::getPAG
SVFIR * getPAG() const
Definition: PointerAnalysis.h:198
SVF::PointerAnalysis::getPts
virtual const PointsTo & getPts(NodeID ptr)=0
Get points-to targets of a pointer. It needs to be implemented in child class.
SVF::PointerAnalysis::getCallGraph
PTACallGraph * getCallGraph() const
Return call graph.
Definition: PointerAnalysis.h:171
SVF::PointsTo::empty
bool empty() const
Returns true if set is empty.
Definition: PointsTo.cpp:98
SVF::PointsTo::count
u32_t count() const
Returns number of elements.
Definition: PointsTo.cpp:111
SVF::LLVMUtil::getSourceLoc
const std::string getSourceLoc(const Value *val)
Definition: LLVMUtil.cpp:430
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition: SVFUtil.h:50
SVF::Set
std::unordered_set< Key, Hash, KeyEqual, Allocator > Set
Definition: GeneralType.h:96

Member Data Documentation

◆ vtableToCallSiteMap

VTablePtrToCallSiteMap SVF::FunptrDDAClient::vtableToCallSiteMap
private

Definition at line 129 of file DDAClient.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.1