Static Value-Flow Analysis
Public Types | Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | Private Member Functions | Friends | List of all members
SVF::RelExeState Class Reference

#include <RelExeState.h>

Public Types

typedef Map< u32_t, Z3ExprVarToValMap
 
typedef VarToValMap AddrToValMap
 

Public Member Functions

 RelExeState ()=default
 
 RelExeState (VarToValMap &varToVal, AddrToValMap &locToVal)
 
 RelExeState (const RelExeState &rhs)
 
virtual ~RelExeState ()=default
 
RelExeStateoperator= (const RelExeState &rhs)
 
 RelExeState (RelExeState &&rhs) noexcept
 
RelExeStateoperator= (RelExeState &&rhs) noexcept
 
bool operator== (const RelExeState &rhs) const
 Overloading Operator==. More...
 
bool operator!= (const RelExeState &rhs) const
 Overloading Operator!=. More...
 
bool operator< (const RelExeState &rhs) const
 Overloading Operator==. More...
 
const VarToValMapgetVarToVal () const
 
const AddrToValMapgetLocToVal () const
 
Z3Exproperator[] (u32_t varId)
 
u32_t hash () const
 
bool existsVar (u32_t varId) const
 Return true if map has varId. More...
 
virtual Z3ExprgetZ3Expr (u32_t varId)
 Return Z3 expression eagerly based on SVFVar ID. More...
 
virtual Z3Expr toZ3Expr (u32_t varId) const
 Return Z3 expression lazily based on SVFVar ID. More...
 
void extractSubVars (const Z3Expr &expr, Set< u32_t > &res)
 Extract sub SVFVar IDs of a Z3Expr. More...
 
void extractCmpVars (const Z3Expr &expr, Set< u32_t > &res)
 Extract all related SVFVar IDs based on compare expr. More...
 
Z3Expr buildRelZ3Expr (u32_t cmp, s32_t succ, Set< u32_t > &vars, Set< u32_t > &initVars)
 Build relational Z3Expr. More...
 
void store (const Z3Expr &loc, const Z3Expr &value)
 Store value to location. More...
 
Z3Exprload (const Z3Expr &loc)
 Load value at location. More...
 
void printExprValues ()
 Print values of all expressions. More...
 

Static Public Member Functions

static z3::context & getContext ()
 
static u32_t getVirtualMemAddress (u32_t idx)
 The physical address starts with 0x7f...... + idx. More...
 
static bool isVirtualMemAddress (u32_t val)
 Check bit value of val start with 0x7F000000, filter by 0xFF000000. More...
 
static u32_t getInternalID (u32_t idx)
 Return the internal index if idx is an address otherwise return the value of idx. More...
 
static s32_t z3Expr2NumValue (const Z3Expr &e)
 Return int value from an expression if it is a numeral, otherwise return an approximate value. More...
 

Protected Member Functions

void store (u32_t objId, const Z3Expr &z3Expr)
 
Z3Exprload (u32_t objId)
 

Protected Attributes

VarToValMap _varToVal
 
AddrToValMap _addrToVal
 

Private Member Functions

bool eqVarToValMap (const VarToValMap &lhs, const VarToValMap &rhs) const
 
bool lessThanVarToValMap (const VarToValMap &lhs, const VarToValMap &rhs) const
 

Friends

class SVFIR2AbsState
 

Detailed Description

Definition at line 39 of file RelExeState.h.

Member Typedef Documentation

◆ AddrToValMap

typedef VarToValMap SVF::RelExeState::AddrToValMap

Definition at line 45 of file RelExeState.h.

◆ VarToValMap

typedef Map<u32_t, Z3Expr> SVF::RelExeState::VarToValMap

Definition at line 44 of file RelExeState.h.

Constructor & Destructor Documentation

◆ RelExeState() [1/4]

SVF::RelExeState::RelExeState ( )
default

◆ RelExeState() [2/4]

SVF::RelExeState::RelExeState ( VarToValMap varToVal,
AddrToValMap locToVal 
)
inline

Definition at line 54 of file RelExeState.h.

54 : _varToVal(varToVal), _addrToVal(locToVal) {}
SVF::RelExeState::_varToVal
VarToValMap _varToVal
Definition: RelExeState.h:48
SVF::RelExeState::_addrToVal
AddrToValMap _addrToVal
Definition: RelExeState.h:49

◆ RelExeState() [3/4]

SVF::RelExeState::RelExeState ( const RelExeState rhs)
inline

Definition at line 56 of file RelExeState.h.

56  : _varToVal(rhs.getVarToVal()), _addrToVal(rhs.getLocToVal())
57  {
58 
59  }

◆ ~RelExeState()

virtual SVF::RelExeState::~RelExeState ( )
virtualdefault

◆ RelExeState() [4/4]

SVF::RelExeState::RelExeState ( RelExeState &&  rhs)
inlinenoexcept

Definition at line 65 of file RelExeState.h.

65  : _varToVal(std::move(rhs._varToVal)),
66  _addrToVal(std::move(rhs._addrToVal))
67  {
68 
69  }
SVF::SVFUtil::move
constexpr std::remove_reference< T >::type && move(T &&t) noexcept
Definition: SVFUtil.h:447

Member Function Documentation

◆ buildRelZ3Expr()

Z3Expr RelExeState::buildRelZ3Expr ( u32_t  cmp,
s32_t  succ,
Set< u32_t > &  vars,
Set< u32_t > &  initVars 
)

Build relational Z3Expr.

Build relational Z3Expr

Parameters
cmp
succ
varsreturn all the relational vars of a given variable
initVarsthe vars on the right hand side of cmp statement, e.g., {a} for "cmp = a > 1"
Returns

Definition at line 90 of file RelExeState.cpp.

91 {
92  Z3Expr res = (getZ3Expr(cmp) == succ).simplify();
93  extractSubVars(res, initVars);
94  extractCmpVars(res, vars);
95  for (const auto &id: vars)
96  {
97  res = (res && toZ3Expr(id) == getZ3Expr(id)).simplify();
98  }
99  res = (res && (toZ3Expr(cmp) == getZ3Expr(cmp))).simplify();
100  vars.insert(cmp);
101  return res;
102 }
SVF::RelExeState::extractSubVars
void extractSubVars(const Z3Expr &expr, Set< u32_t > &res)
Extract sub SVFVar IDs of a Z3Expr.
Definition: RelExeState.cpp:45
SVF::RelExeState::toZ3Expr
virtual Z3Expr toZ3Expr(u32_t varId) const
Return Z3 expression lazily based on SVFVar ID.
Definition: RelExeState.h:149
SVF::RelExeState::getZ3Expr
virtual Z3Expr & getZ3Expr(u32_t varId)
Return Z3 expression eagerly based on SVFVar ID.
Definition: RelExeState.h:143
SVF::RelExeState::extractCmpVars
void extractCmpVars(const Z3Expr &expr, Set< u32_t > &res)
Extract all related SVFVar IDs based on compare expr.
Definition: RelExeState.cpp:66
SVF::Z3Expr::simplify
Z3Expr simplify() const
Definition: Z3Expr.h:137

◆ eqVarToValMap()

bool RelExeState::eqVarToValMap ( const VarToValMap lhs,
const VarToValMap rhs 
) const
private

Definition at line 136 of file RelExeState.cpp.

137 {
138  if (lhs.size() != rhs.size()) return false;
139  for (const auto &item: lhs)
140  {
141  auto it = rhs.find(item.first);
142  // return false if SVFVar not exists in rhs or z3Expr not equal
143  if (it == rhs.end() || !eq(item.second, it->second))
144  return false;
145  }
146  return true;
147 }
item
cJSON * item
Definition: cJSON.h:222

◆ existsVar()

bool SVF::RelExeState::existsVar ( u32_t  varId) const
inline

Return true if map has varId.

Definition at line 137 of file RelExeState.h.

138  {
139  return _varToVal.count(varId);
140  }

◆ extractCmpVars()

void RelExeState::extractCmpVars ( const Z3Expr expr,
Set< u32_t > &  res 
)

Extract all related SVFVar IDs based on compare expr.

Extract all related SVFVar IDs based on compare expr

Parameters
expr
res

Definition at line 66 of file RelExeState.cpp.

67 {
68  Set<u32_t> r;
69  extractSubVars(expr, r);
70  res.insert(r.begin(), r.end());
71  assert(!r.empty() && "symbol not init?");
72  if (r.size() == 1 && eq(expr, toZ3Expr(*r.begin())))
73  {
74  return;
75  }
76  for (const auto &id: r)
77  {
78  extractCmpVars((*this)[id], res);
79  }
80 }
SVF::Set
std::unordered_set< Key, Hash, KeyEqual, Allocator > Set
Definition: GeneralType.h:96

◆ extractSubVars()

void RelExeState::extractSubVars ( const Z3Expr expr,
Set< u32_t > &  res 
)

Extract sub SVFVar IDs of a Z3Expr.

Extract sub SVFVar IDs of a Z3Expr

e.g., Given an expr "a+b", return {a.id, b.id}

Parameters
expr
res

Definition at line 45 of file RelExeState.cpp.

46 {
47  if (expr.getExpr().num_args() == 0)
48  if (!expr.getExpr().is_true() && !expr.getExpr().is_false() && !expr.is_numeral())
49  {
50  const std::string &exprStr = expr.to_string();
51  res.insert(std::stoi(exprStr.substr(1, exprStr.size() - 1)));
52  }
53  for (u32_t i = 0; i < expr.getExpr().num_args(); ++i)
54  {
55  const z3::expr &e = expr.getExpr().arg(i);
56  extractSubVars(e, res);
57  }
58 }
u32_t
unsigned u32_t
Definition: CommandLine.h:18
string
const char *const string
Definition: cJSON.h:172
SVF::Z3Expr::to_string
const std::string to_string() const
Definition: Z3Expr.h:122
SVF::Z3Expr::getExpr
const z3::expr & getExpr() const
Definition: Z3Expr.h:86
SVF::Z3Expr::is_numeral
bool is_numeral() const
Definition: Z3Expr.h:127

◆ getContext()

static z3::context& SVF::RelExeState::getContext ( )
inlinestatic

Definition at line 94 of file RelExeState.h.

95  {
96  return Z3Expr::getContext();
97  }
SVF::Z3Expr::getContext
static z3::context & getContext()
Get z3 context, singleton design here to make sure we only have one context.
Definition: Z3Expr.cpp:66

◆ getInternalID()

static u32_t SVF::RelExeState::getInternalID ( u32_t  idx)
inlinestatic

Return the internal index if idx is an address otherwise return the value of idx.

Definition at line 184 of file RelExeState.h.

185  {
186  return AddressValue::getInternalID(idx);
187  }
SVF::AddressValue::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition: AddressValue.h:226

◆ getLocToVal()

const AddrToValMap& SVF::RelExeState::getLocToVal ( ) const
inline

Definition at line 104 of file RelExeState.h.

105  {
106  return _addrToVal;
107  }

◆ getVarToVal()

const VarToValMap& SVF::RelExeState::getVarToVal ( ) const
inline

Definition at line 99 of file RelExeState.h.

100  {
101  return _varToVal;
102  }

◆ getVirtualMemAddress()

static u32_t SVF::RelExeState::getVirtualMemAddress ( u32_t  idx)
inlinestatic

The physical address starts with 0x7f...... + idx.

Definition at line 170 of file RelExeState.h.

171  {
172  return AddressValue::getVirtualMemAddress(idx);
173  }
SVF::AddressValue::getVirtualMemAddress
static u32_t getVirtualMemAddress(u32_t idx)
The physical address starts with 0x7f...... + idx.
Definition: AddressValue.h:212

◆ getZ3Expr()

virtual Z3Expr& SVF::RelExeState::getZ3Expr ( u32_t  varId)
inlinevirtual

Return Z3 expression eagerly based on SVFVar ID.

Definition at line 143 of file RelExeState.h.

144  {
145  return _varToVal[varId];
146  }

◆ hash()

u32_t SVF::RelExeState::hash ( ) const
inline

Definition at line 114 of file RelExeState.h.

115  {
116  size_t h = getVarToVal().size() * 2;
117  SVF::Hash<SVF::u32_t> hf;
118  for (const auto &t: getVarToVal())
119  {
120  h ^= hf(t.first) + 0x9e3779b9 + (h << 6) + (h >> 2);
121  h ^= hf(t.second.id()) + 0x9e3779b9 + (h << 6) + (h >> 2);
122  }
123 
124  size_t h2 = getVarToVal().size() * 2;
125 
126  for (const auto &t: getLocToVal())
127  {
128  h2 ^= hf(t.first) + 0x9e3779b9 + (h2 << 6) + (h2 >> 2);
129  h2 ^= hf(t.second.id()) + 0x9e3779b9 + (h2 << 6) + (h2 >> 2);
130  }
131  SVF::Hash<std::pair<SVF::u32_t, SVF::u32_t>> pairH;
132 
133  return pairH(std::make_pair(h, h2));
134  }
SVF::RelExeState::getLocToVal
const AddrToValMap & getLocToVal() const
Definition: RelExeState.h:104
SVF::RelExeState::getVarToVal
const VarToValMap & getVarToVal() const
Definition: RelExeState.h:99
SVF::Hash
provide extra hash function for std::pair handling
Definition: GeneralType.h:85

◆ isVirtualMemAddress()

static bool SVF::RelExeState::isVirtualMemAddress ( u32_t  val)
inlinestatic

Check bit value of val start with 0x7F000000, filter by 0xFF000000.

Definition at line 176 of file RelExeState.h.

177  {
178  if (val == 0)
179  assert(false && "val cannot be 0");
180  return AddressValue::isVirtualMemAddress(val);
181  }
SVF::AddressValue::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition: AddressValue.h:220

◆ lessThanVarToValMap()

bool RelExeState::lessThanVarToValMap ( const VarToValMap lhs,
const VarToValMap rhs 
) const
private

Definition at line 149 of file RelExeState.cpp.

150 {
151  if (lhs.size() != rhs.size()) return lhs.size() < rhs.size();
152  for (const auto &item: lhs)
153  {
154  auto it = rhs.find(item.first);
155  // lhs > rhs if SVFVar not exists in rhs
156  if (it == rhs.end())
157  return false;
158  // judge from expr id
159  if (!eq(item.second, it->second))
160  return item.second.id() < it->second.id();
161  }
162  return false;
163 }

◆ load() [1/2]

Z3Expr & RelExeState::load ( const Z3Expr loc)

Load value at location.

Load value at location

Parameters
loclocation, e.g., int_val(0x7f..01)
Returns

Definition at line 183 of file RelExeState.cpp.

184 {
185  assert(loc.is_numeral() && "location must be numeral");
186  s32_t virAddr = z3Expr2NumValue(loc);
187  assert(isVirtualMemAddress(virAddr) && "Pointer operand is not a physical address?");
188  u32_t objId = getInternalID(virAddr);
189  assert(getInternalID(objId) == objId && "SVFVar idx overflow > 0x7f000000?");
190  return load(objId);
191 }
SVF::RelExeState::load
Z3Expr & load(const Z3Expr &loc)
Load value at location.
Definition: RelExeState.cpp:183
SVF::RelExeState::getInternalID
static u32_t getInternalID(u32_t idx)
Return the internal index if idx is an address otherwise return the value of idx.
Definition: RelExeState.h:184
SVF::RelExeState::z3Expr2NumValue
static s32_t z3Expr2NumValue(const Z3Expr &e)
Return int value from an expression if it is a numeral, otherwise return an approximate value.
Definition: RelExeState.h:190
SVF::RelExeState::isVirtualMemAddress
static bool isVirtualMemAddress(u32_t val)
Check bit value of val start with 0x7F000000, filter by 0xFF000000.
Definition: RelExeState.h:176
SVF::s32_t
signed s32_t
Definition: GeneralType.h:47

◆ load() [2/2]

Z3Expr& SVF::RelExeState::load ( u32_t  objId)
inlineprotected

Definition at line 210 of file RelExeState.h.

211  {
212  return _addrToVal[objId];
213  }

◆ operator!=()

bool SVF::RelExeState::operator!= ( const RelExeState rhs) const
inline

Overloading Operator!=.

Definition at line 85 of file RelExeState.h.

86  {
87  return !(*this == rhs);
88  }

◆ operator<()

bool RelExeState::operator< ( const RelExeState rhs) const

Overloading Operator==.

Overloading Operator<

Parameters
rhs
Returns

Definition at line 130 of file RelExeState.cpp.

131 {
132  return lessThanVarToValMap(_varToVal, rhs.getVarToVal()) ||
133  lessThanVarToValMap(_addrToVal, rhs.getLocToVal());
134 }
SVF::RelExeState::lessThanVarToValMap
bool lessThanVarToValMap(const VarToValMap &lhs, const VarToValMap &rhs) const
Definition: RelExeState.cpp:149

◆ operator=() [1/2]

RelExeState & RelExeState::operator= ( const RelExeState rhs)

Definition at line 104 of file RelExeState.cpp.

105 {
106  if (*this != rhs)
107  {
108  _varToVal = rhs.getVarToVal();
109  _addrToVal = rhs.getLocToVal();
110  }
111  return *this;
112 }

◆ operator=() [2/2]

RelExeState& SVF::RelExeState::operator= ( RelExeState &&  rhs)
inlinenoexcept

Definition at line 71 of file RelExeState.h.

72  {
73  if (&rhs != this)
74  {
75  _varToVal = std::move(rhs._varToVal);
76  _addrToVal = std::move(rhs._addrToVal);
77  }
78  return *this;
79  }

◆ operator==()

bool RelExeState::operator== ( const RelExeState rhs) const

Overloading Operator==.

Overloading Operator==

Parameters
rhs
Returns

Definition at line 119 of file RelExeState.cpp.

120 {
121  return eqVarToValMap(_varToVal, rhs.getVarToVal()) &&
122  eqVarToValMap(_addrToVal, rhs.getLocToVal());
123 }
SVF::RelExeState::eqVarToValMap
bool eqVarToValMap(const VarToValMap &lhs, const VarToValMap &rhs) const
Definition: RelExeState.cpp:136

◆ operator[]()

Z3Expr& SVF::RelExeState::operator[] ( u32_t  varId)
inline

Definition at line 109 of file RelExeState.h.

110  {
111  return getZ3Expr(varId);
112  }

◆ printExprValues()

void RelExeState::printExprValues ( )

Print values of all expressions.

Print values of all expressions

Definition at line 196 of file RelExeState.cpp.

197 {
198  std::cout.flags(std::ios::left);
199  std::cout << "-----------Var and Value-----------\n";
200  for (const auto &item: getVarToVal())
201  {
202  std::stringstream exprName;
203  exprName << "Var" << item.first;
204  std::cout << std::setw(25) << exprName.str();
205  const Z3Expr &sim = item.second.simplify();
206  if (sim.is_numeral() && isVirtualMemAddress(z3Expr2NumValue(sim)))
207  {
208  std::cout << "\t Value: " << std::hex << "0x" << z3Expr2NumValue(sim) << "\n";
209  }
210  else
211  {
212  std::cout << "\t Value: " << std::dec << sim << "\n";
213  }
214  }
215  std::cout << "-----------------------------------------\n";
216 }

◆ store() [1/2]

void RelExeState::store ( const Z3Expr loc,
const Z3Expr value 
)

Store value to location.

Store value to location

Parameters
loclocation, e.g., int_val(0x7f..01)
value

Definition at line 170 of file RelExeState.cpp.

171 {
172  assert(loc.is_numeral() && "location must be numeral");
173  s32_t virAddr = z3Expr2NumValue(loc);
174  assert(isVirtualMemAddress(virAddr) && "Pointer operand is not a physical address?");
175  store(getInternalID(virAddr), value);
176 }
SVF::RelExeState::store
void store(const Z3Expr &loc, const Z3Expr &value)
Store value to location.
Definition: RelExeState.cpp:170

◆ store() [2/2]

void SVF::RelExeState::store ( u32_t  objId,
const Z3Expr z3Expr 
)
inlineprotected

Definition at line 205 of file RelExeState.h.

206  {
207  _addrToVal[objId] = z3Expr.simplify();
208  }

◆ toZ3Expr()

virtual Z3Expr SVF::RelExeState::toZ3Expr ( u32_t  varId) const
inlinevirtual

Return Z3 expression lazily based on SVFVar ID.

Definition at line 149 of file RelExeState.h.

150  {
151  return getContext().int_const(std::to_string(varId).c_str());
152  }
SVF::RelExeState::getContext
static z3::context & getContext()
Definition: RelExeState.h:94

◆ z3Expr2NumValue()

static s32_t SVF::RelExeState::z3Expr2NumValue ( const Z3Expr e)
inlinestatic

Return int value from an expression if it is a numeral, otherwise return an approximate value.

Definition at line 190 of file RelExeState.h.

191  {
192  assert(e.is_numeral() && "not numeral?");
193  return e.get_numeral_int64();
194  }

Friends And Related Function Documentation

◆ SVFIR2AbsState

friend class SVFIR2AbsState
friend

Definition at line 41 of file RelExeState.h.

Member Data Documentation

◆ _addrToVal

AddrToValMap SVF::RelExeState::_addrToVal
protected

Definition at line 49 of file RelExeState.h.

◆ _varToVal

VarToValMap SVF::RelExeState::_varToVal
protected

Definition at line 48 of file RelExeState.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.1