Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | Private Member Functions | Friends | List of all members
SVF::RelExeState Class Reference

#include <RelExeState.h>

Public Types

typedef Map< u32_t, Z3ExprVarToValMap
 
typedef VarToValMap AddrToValMap
 

Public Member Functions

 RelExeState ()=default
 
 RelExeState (VarToValMap &varToVal, AddrToValMap &locToVal)
 
 RelExeState (const RelExeState &rhs)
 
virtual ~RelExeState ()=default
 
RelExeStateoperator= (const RelExeState &rhs)
 
 RelExeState (RelExeState &&rhs) noexcept
 
RelExeStateoperator= (RelExeState &&rhs) noexcept
 
bool operator== (const RelExeState &rhs) const
 Overloading Operator==.
 
bool operator!= (const RelExeState &rhs) const
 Overloading Operator!=.
 
bool operator< (const RelExeState &rhs) const
 Overloading Operator==.
 
const VarToValMapgetVarToVal () const
 
const AddrToValMapgetLocToVal () const
 
Z3Exproperator[] (u32_t varId)
 
u32_t hash () const
 
bool existsVar (u32_t varId) const
 Return true if map has varId.
 
virtual Z3ExprgetZ3Expr (u32_t varId)
 Return Z3 expression eagerly based on SVFVar ID.
 
virtual Z3Expr toZ3Expr (u32_t varId) const
 Return Z3 expression lazily based on SVFVar ID.
 
void extractSubVars (const Z3Expr &expr, Set< u32_t > &res)
 Extract sub SVFVar IDs of a Z3Expr.
 
void extractCmpVars (const Z3Expr &expr, Set< u32_t > &res)
 Extract all related SVFVar IDs based on compare expr.
 
Z3Expr buildRelZ3Expr (u32_t cmp, s32_t succ, Set< u32_t > &vars, Set< u32_t > &initVars)
 Build relational Z3Expr.
 
void store (const Z3Expr &loc, const Z3Expr &value)
 Store value to location.
 
Z3Exprload (const Z3Expr &loc)
 Load value at location.
 
void printExprValues ()
 Print values of all expressions.
 

Static Public Member Functions

static z3::context & getContext ()
 
static u32_t getVirtualMemAddress (u32_t idx)
 The physical address starts with 0x7f...... + idx.
 
static bool isVirtualMemAddress (u32_t val)
 Check bit value of val start with 0x7F000000, filter by 0xFF000000.
 
static u32_t getInternalID (u32_t idx)
 Return the internal index if idx is an address otherwise return the value of idx.
 
static s32_t z3Expr2NumValue (const Z3Expr &e)
 Return int value from an expression if it is a numeral, otherwise return an approximate value.
 

Protected Member Functions

void store (u32_t objId, const Z3Expr &z3Expr)
 
Z3Exprload (u32_t objId)
 

Protected Attributes

VarToValMap _varToVal
 
AddrToValMap _addrToVal
 

Private Member Functions

bool eqVarToValMap (const VarToValMap &lhs, const VarToValMap &rhs) const
 
bool lessThanVarToValMap (const VarToValMap &lhs, const VarToValMap &rhs) const
 

Friends

class SVFIR2AbsState
 

Detailed Description

Definition at line 39 of file RelExeState.h.

Member Typedef Documentation

◆ AddrToValMap

typedef VarToValMap SVF::RelExeState::AddrToValMap

Definition at line 45 of file RelExeState.h.

◆ VarToValMap

typedef Map<u32_t, Z3Expr> SVF::RelExeState::VarToValMap

Definition at line 44 of file RelExeState.h.

Constructor & Destructor Documentation

◆ RelExeState() [1/4]

SVF::RelExeState::RelExeState ( )
default

◆ RelExeState() [2/4]

SVF::RelExeState::RelExeState ( VarToValMap varToVal,
AddrToValMap locToVal 
)
inline

Definition at line 54 of file RelExeState.h.

54: _varToVal(varToVal), _addrToVal(locToVal) {}
SVF::RelExeState::_varToVal
VarToValMap _varToVal
Definition RelExeState.h:48
SVF::RelExeState::_addrToVal
AddrToValMap _addrToVal
Definition RelExeState.h:49
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ RelExeState() [3/4]

SVF::RelExeState::RelExeState ( const RelExeState rhs)
inline

Definition at line 56 of file RelExeState.h.

56 : _varToVal(rhs.getVarToVal()), _addrToVal(rhs.getLocToVal())
57 {
58
59 }

◆ ~RelExeState()

virtual SVF::RelExeState::~RelExeState ( )
virtualdefault

◆ RelExeState() [4/4]

SVF::RelExeState::RelExeState ( RelExeState &&  rhs)
inlinenoexcept

Definition at line 65 of file RelExeState.h.

65 : _varToVal(std::move(rhs._varToVal)),
66 _addrToVal(std::move(rhs._addrToVal))
67 {
68
69 }

Member Function Documentation

◆ buildRelZ3Expr()

Z3Expr RelExeState::buildRelZ3Expr ( u32_t  cmp,
s32_t  succ,
Set< u32_t > &  vars,
Set< u32_t > &  initVars 
)

Build relational Z3Expr.

Build relational Z3Expr

Parameters
cmp
succ
varsreturn all the relational vars of a given variable
initVarsthe vars on the right hand side of cmp statement, e.g., {a} for "cmp = a > 1"
Returns

Definition at line 90 of file RelExeState.cpp.

91{
92 Z3Expr res = (getZ3Expr(cmp) == succ).simplify();
93 extractSubVars(res, initVars);
94 extractCmpVars(res, vars);
95 for (const auto &id: vars)
96 {
97 res = (res && toZ3Expr(id) == getZ3Expr(id)).simplify();
98 }
99 res = (res && (toZ3Expr(cmp) == getZ3Expr(cmp))).simplify();
100 vars.insert(cmp);
101 return res;
102}
SVF::RelExeState::extractSubVars
void extractSubVars(const Z3Expr &expr, Set< u32_t > &res)
Extract sub SVFVar IDs of a Z3Expr.
Definition RelExeState.cpp:45
SVF::RelExeState::toZ3Expr
virtual Z3Expr toZ3Expr(u32_t varId) const
Return Z3 expression lazily based on SVFVar ID.
Definition RelExeState.h:149
SVF::RelExeState::getZ3Expr
virtual Z3Expr & getZ3Expr(u32_t varId)
Return Z3 expression eagerly based on SVFVar ID.
Definition RelExeState.h:143
SVF::RelExeState::extractCmpVars
void extractCmpVars(const Z3Expr &expr, Set< u32_t > &res)
Extract all related SVFVar IDs based on compare expr.
Definition RelExeState.cpp:66
SVF::Z3Expr::simplify
Z3Expr simplify() const
Definition Z3Expr.h:137

◆ eqVarToValMap()

bool RelExeState::eqVarToValMap ( const VarToValMap lhs,
const VarToValMap rhs 
) const
private

Definition at line 136 of file RelExeState.cpp.

137{
138 if (lhs.size() != rhs.size()) return false;
139 for (const auto &item: lhs)
140 {
141 auto it = rhs.find(item.first);
142 // return false if SVFVar not exists in rhs or z3Expr not equal
143 if (it == rhs.end() || !eq(item.second, it->second))
144 return false;
145 }
146 return true;
147}
item
cJSON * item
Definition cJSON.h:222

◆ existsVar()

bool SVF::RelExeState::existsVar ( u32_t  varId) const
inline

Return true if map has varId.

Definition at line 137 of file RelExeState.h.

138 {
139 return _varToVal.count(varId);
140 }

◆ extractCmpVars()

void RelExeState::extractCmpVars ( const Z3Expr expr,
Set< u32_t > &  res 
)

Extract all related SVFVar IDs based on compare expr.

Extract all related SVFVar IDs based on compare expr

Parameters
expr
res

Definition at line 66 of file RelExeState.cpp.

67{
68 Set<u32_t> r;
69 extractSubVars(expr, r);
70 res.insert(r.begin(), r.end());
71 assert(!r.empty() && "symbol not init?");
72 if (r.size() == 1 && eq(expr, toZ3Expr(*r.begin())))
73 {
74 return;
75 }
76 for (const auto &id: r)
77 {
78 extractCmpVars((*this)[id], res);
79 }
80}

◆ extractSubVars()

void RelExeState::extractSubVars ( const Z3Expr expr,
Set< u32_t > &  res 
)

Extract sub SVFVar IDs of a Z3Expr.

Extract sub SVFVar IDs of a Z3Expr

e.g., Given an expr "a+b", return {a.id, b.id}

Parameters
expr
res

Definition at line 45 of file RelExeState.cpp.

46{
47 if (expr.getExpr().num_args() == 0)
48 if (!expr.getExpr().is_true() && !expr.getExpr().is_false() && !expr.is_numeral())
49 {
50 const std::string &exprStr = expr.to_string();
51 res.insert(std::stoi(exprStr.substr(1, exprStr.size() - 1)));
52 }
53 for (u32_t i = 0; i < expr.getExpr().num_args(); ++i)
54 {
55 const z3::expr &e = expr.getExpr().arg(i);
56 extractSubVars(e, res);
57 }
58}
u32_t
unsigned u32_t
Definition CommandLine.h:18

◆ getContext()

static z3::context & SVF::RelExeState::getContext ( )
inlinestatic

Definition at line 94 of file RelExeState.h.

95 {
96 return Z3Expr::getContext();
97 }
SVF::Z3Expr::getContext
static z3::context & getContext()
Get z3 context, singleton design here to make sure we only have one context.
Definition Z3Expr.cpp:66

◆ getInternalID()

static u32_t SVF::RelExeState::getInternalID ( u32_t  idx)
inlinestatic

Return the internal index if idx is an address otherwise return the value of idx.

Definition at line 184 of file RelExeState.h.

185 {
186 return AddressValue::getInternalID(idx);
187 }
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition AddressValue.h:226

◆ getLocToVal()

const AddrToValMap & SVF::RelExeState::getLocToVal ( ) const
inline

Definition at line 104 of file RelExeState.h.

105 {
106 return _addrToVal;
107 }

◆ getVarToVal()

const VarToValMap & SVF::RelExeState::getVarToVal ( ) const
inline

Definition at line 99 of file RelExeState.h.

100 {
101 return _varToVal;
102 }

◆ getVirtualMemAddress()

static u32_t SVF::RelExeState::getVirtualMemAddress ( u32_t  idx)
inlinestatic

The physical address starts with 0x7f...... + idx.

Definition at line 170 of file RelExeState.h.

171 {
172 return AddressValue::getVirtualMemAddress(idx);
173 }
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition AddressValue.h:212

◆ getZ3Expr()

virtual Z3Expr & SVF::RelExeState::getZ3Expr ( u32_t  varId)
inlinevirtual

Return Z3 expression eagerly based on SVFVar ID.

Definition at line 143 of file RelExeState.h.

144 {
145 return _varToVal[varId];
146 }

◆ hash()

u32_t SVF::RelExeState::hash ( ) const
inline

Definition at line 114 of file RelExeState.h.

115 {
116 size_t h = getVarToVal().size() * 2;
117 SVF::Hash<SVF::u32_t> hf;
118 for (const auto &t: getVarToVal())
119 {
120 h ^= hf(t.first) + 0x9e3779b9 + (h << 6) + (h >> 2);
121 h ^= hf(t.second.id()) + 0x9e3779b9 + (h << 6) + (h >> 2);
122 }
123
124 size_t h2 = getVarToVal().size() * 2;
125
126 for (const auto &t: getLocToVal())
127 {
128 h2 ^= hf(t.first) + 0x9e3779b9 + (h2 << 6) + (h2 >> 2);
129 h2 ^= hf(t.second.id()) + 0x9e3779b9 + (h2 << 6) + (h2 >> 2);
130 }
131 SVF::Hash<std::pair<SVF::u32_t, SVF::u32_t>> pairH;
132
133 return pairH(std::make_pair(h, h2));
134 }
SVF::RelExeState::getLocToVal
const AddrToValMap & getLocToVal() const
Definition RelExeState.h:104
SVF::RelExeState::getVarToVal
const VarToValMap & getVarToVal() const
Definition RelExeState.h:99

◆ isVirtualMemAddress()

static bool SVF::RelExeState::isVirtualMemAddress ( u32_t  val)
inlinestatic

Check bit value of val start with 0x7F000000, filter by 0xFF000000.

Definition at line 176 of file RelExeState.h.

177 {
178 if (val == 0)
179 assert(false && "val cannot be 0");
180 return AddressValue::isVirtualMemAddress(val);
181 }
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition AddressValue.h:220

◆ lessThanVarToValMap()

bool RelExeState::lessThanVarToValMap ( const VarToValMap lhs,
const VarToValMap rhs 
) const
private

Definition at line 149 of file RelExeState.cpp.

150{
151 if (lhs.size() != rhs.size()) return lhs.size() < rhs.size();
152 for (const auto &item: lhs)
153 {
154 auto it = rhs.find(item.first);
155 // lhs > rhs if SVFVar not exists in rhs
156 if (it == rhs.end())
157 return false;
158 // judge from expr id
159 if (!eq(item.second, it->second))
160 return item.second.id() < it->second.id();
161 }
162 return false;
163}

◆ load() [1/2]

Z3Expr & RelExeState::load ( const Z3Expr loc)

Load value at location.

Load value at location

Parameters
loclocation, e.g., int_val(0x7f..01)
Returns

Definition at line 183 of file RelExeState.cpp.

184{
185 assert(loc.is_numeral() && "location must be numeral");
186 s32_t virAddr = z3Expr2NumValue(loc);
187 assert(isVirtualMemAddress(virAddr) && "Pointer operand is not a physical address?");
188 u32_t objId = getInternalID(virAddr);
189 assert(getInternalID(objId) == objId && "SVFVar idx overflow > 0x7f000000?");
190 return load(objId);
191}
SVF::RelExeState::load
Z3Expr & load(const Z3Expr &loc)
Load value at location.
Definition RelExeState.cpp:183
SVF::RelExeState::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition RelExeState.h:184
SVF::RelExeState::z3Expr2NumValue
static s32_t z3Expr2NumValue(const Z3Expr &e)
Return int value from an expression if it is a numeral, otherwise return an approximate value.
Definition RelExeState.h:190
SVF::RelExeState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition RelExeState.h:176
SVF::s32_t
signed s32_t
Definition GeneralType.h:47

◆ load() [2/2]

Z3Expr & SVF::RelExeState::load ( u32_t  objId)
inlineprotected

Definition at line 210 of file RelExeState.h.

211 {
212 return _addrToVal[objId];
213 }

◆ operator!=()

bool SVF::RelExeState::operator!= ( const RelExeState rhs) const
inline

Overloading Operator!=.

Definition at line 85 of file RelExeState.h.

86 {
87 return !(*this == rhs);
88 }

◆ operator<()

bool RelExeState::operator< ( const RelExeState rhs) const

Overloading Operator==.

Overloading Operator<

Parameters
rhs
Returns

Definition at line 130 of file RelExeState.cpp.

131{
132 return lessThanVarToValMap(_varToVal, rhs.getVarToVal()) ||
133 lessThanVarToValMap(_addrToVal, rhs.getLocToVal());
134}
SVF::RelExeState::lessThanVarToValMap
bool lessThanVarToValMap(const VarToValMap &lhs, const VarToValMap &rhs) const
Definition RelExeState.cpp:149

◆ operator=() [1/2]

RelExeState & RelExeState::operator= ( const RelExeState rhs)

Definition at line 104 of file RelExeState.cpp.

105{
106 if (*this != rhs)
107 {
108 _varToVal = rhs.getVarToVal();
109 _addrToVal = rhs.getLocToVal();
110 }
111 return *this;
112}

◆ operator=() [2/2]

RelExeState & SVF::RelExeState::operator= ( RelExeState &&  rhs)
inlinenoexcept

Definition at line 71 of file RelExeState.h.

72 {
73 if (&rhs != this)
74 {
75 _varToVal = std::move(rhs._varToVal);
76 _addrToVal = std::move(rhs._addrToVal);
77 }
78 return *this;
79 }

◆ operator==()

bool RelExeState::operator== ( const RelExeState rhs) const

Overloading Operator==.

Overloading Operator==

Parameters
rhs
Returns

Definition at line 119 of file RelExeState.cpp.

120{
121 return eqVarToValMap(_varToVal, rhs.getVarToVal()) &&
122 eqVarToValMap(_addrToVal, rhs.getLocToVal());
123}
SVF::RelExeState::eqVarToValMap
bool eqVarToValMap(const VarToValMap &lhs, const VarToValMap &rhs) const
Definition RelExeState.cpp:136

◆ operator[]()

Z3Expr & SVF::RelExeState::operator[] ( u32_t  varId)
inline

Definition at line 109 of file RelExeState.h.

110 {
111 return getZ3Expr(varId);
112 }

◆ printExprValues()

void RelExeState::printExprValues ( )

Print values of all expressions.

Print values of all expressions

Definition at line 196 of file RelExeState.cpp.

197{
198 std::cout.flags(std::ios::left);
199 std::cout << "-----------Var and Value-----------\n";
200 for (const auto &item: getVarToVal())
201 {
202 std::stringstream exprName;
203 exprName << "Var" << item.first;
204 std::cout << std::setw(25) << exprName.str();
205 const Z3Expr &sim = item.second.simplify();
206 if (sim.is_numeral() && isVirtualMemAddress(z3Expr2NumValue(sim)))
207 {
208 std::cout << "\t Value: " << std::hex << "0x" << z3Expr2NumValue(sim) << "\n";
209 }
210 else
211 {
212 std::cout << "\t Value: " << std::dec << sim << "\n";
213 }
214 }
215 std::cout << "-----------------------------------------\n";
216}

◆ store() [1/2]

void RelExeState::store ( const Z3Expr loc,
const Z3Expr value 
)

Store value to location.

Store value to location

Parameters
loclocation, e.g., int_val(0x7f..01)
value

Definition at line 170 of file RelExeState.cpp.

171{
172 assert(loc.is_numeral() && "location must be numeral");
173 s32_t virAddr = z3Expr2NumValue(loc);
174 assert(isVirtualMemAddress(virAddr) && "Pointer operand is not a physical address?");
175 store(getInternalID(virAddr), value);
176}
SVF::RelExeState::store
void store(const Z3Expr &loc, const Z3Expr &value)
Store value to location.
Definition RelExeState.cpp:170

◆ store() [2/2]

void SVF::RelExeState::store ( u32_t  objId,
const Z3Expr z3Expr 
)
inlineprotected

Definition at line 205 of file RelExeState.h.

206 {
207 _addrToVal[objId] = z3Expr.simplify();
208 }

◆ toZ3Expr()

virtual Z3Expr SVF::RelExeState::toZ3Expr ( u32_t  varId) const
inlinevirtual

Return Z3 expression lazily based on SVFVar ID.

Definition at line 149 of file RelExeState.h.

150 {
151 return getContext().int_const(std::to_string(varId).c_str());
152 }
SVF::RelExeState::getContext
static z3::context & getContext()
Definition RelExeState.h:94

◆ z3Expr2NumValue()

static s32_t SVF::RelExeState::z3Expr2NumValue ( const Z3Expr e)
inlinestatic

Return int value from an expression if it is a numeral, otherwise return an approximate value.

Definition at line 190 of file RelExeState.h.

191 {
192 assert(e.is_numeral() && "not numeral?");
193 return e.get_numeral_int64();
194 }

Friends And Related Symbol Documentation

◆ SVFIR2AbsState

friend class SVFIR2AbsState
friend

Definition at line 41 of file RelExeState.h.

Member Data Documentation

◆ _addrToVal

AddrToValMap SVF::RelExeState::_addrToVal
protected

Definition at line 49 of file RelExeState.h.

◆ _varToVal

VarToValMap SVF::RelExeState::_varToVal
protected

Definition at line 48 of file RelExeState.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8