Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | List of all members
SVF::SVFIRBuilder Class Reference

#include <SVFIRBuilder.h>

Inheritance diagram for SVF::SVFIRBuilder:

Public Member Functions

 SVFIRBuilder ()
 Constructor.
 
virtual ~SVFIRBuilder ()
 Destructor.
 
virtual SVFIRbuild ()
 Start building SVFIR here.
 
SVFIRgetPAG () const
 Return SVFIR.
 
void createFunObjVars ()
 
void initFunObjVar ()
 
void initialiseNodes ()
 Initialize nodes and edges.
 
void initialiseBaseObjVars ()
 
void initialiseValVars ()
 
void initSVFBasicBlock (const Function *func)
 
void initDomTree (FunObjVar *func, const Function *f)
 
void addEdge (NodeID src, NodeID dst, SVFStmt::PEDGEK kind, APOffset offset=0, Instruction *cs=nullptr)
 
void sanityCheck ()
 Sanity check for SVFIR.
 
NodeID getValueNode (const Value *V)
 Get different kinds of node.
 
NodeID getObjectNode (const Value *V)
 GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
 
NodeID getReturnNode (const FunObjVar *func)
 getReturnNode - Return the node representing the unique return value of a function.
 
NodeID getVarargNode (const FunObjVar *func)
 getVarargNode - Return the node representing the unique variadic argument of a function.
 
virtual void visitAllocaInst (AllocaInst &AI)
 Our visit overrides.
 
void visitPHINode (PHINode &I)
 
void visitStoreInst (StoreInst &I)
 
void visitLoadInst (LoadInst &I)
 
void visitGetElementPtrInst (GetElementPtrInst &I)
 
void visitCallInst (CallInst &I)
 
void visitInvokeInst (InvokeInst &II)
 
void visitCallBrInst (CallBrInst &I)
 
void visitCallSite (CallBase *cs)
 
void visitReturnInst (ReturnInst &I)
 
void visitCastInst (CastInst &I)
 
void visitSelectInst (SelectInst &I)
 
void visitExtractValueInst (ExtractValueInst &EVI)
 
void visitBranchInst (BranchInst &I)
 
void visitSwitchInst (SwitchInst &I)
 The following implementation follows ICFGBuilder::processFunBody.
 
void visitInsertValueInst (InsertValueInst &I)
 
void visitBinaryOperator (BinaryOperator &I)
 
void visitUnaryOperator (UnaryOperator &I)
 
void visitCmpInst (CmpInst &I)
 
void visitVAArgInst (VAArgInst &)
 
void visitVACopyInst (VACopyInst &)
 
void visitVAEndInst (VAEndInst &)
 
void visitVAStartInst (VAStartInst &)
 
void visitFreezeInst (FreezeInst &I)
 
void visitExtractElementInst (ExtractElementInst &I)
 
void visitInsertElementInst (InsertElementInst &I)
 
void visitShuffleVectorInst (ShuffleVectorInst &I)
 
void visitLandingPadInst (LandingPadInst &I)
 
void visitResumeInst (ResumeInst &)
 Instruction not that often.
 
void visitUnreachableInst (UnreachableInst &)
 
void visitFenceInst (FenceInst &I)
 
void visitAtomicCmpXchgInst (AtomicCmpXchgInst &I)
 
void visitAtomicRMWInst (AtomicRMWInst &I)
 
void visitInstruction (Instruction &)
 Provide base case for our instruction visit.
 
void updateCallGraph (CallGraph *callgraph)
 connect PAG edges based on callgraph
 

Protected Member Functions

void visitGlobal ()
 Handle globals including (global variable and functions)
 
void InitialGlobal (const GlobalVariable *gvar, Constant *C, u32_t offset)
 
NodeID getGlobalVarField (const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
 
void processCE (const Value *val)
 Process constant expression.
 
u32_t inferFieldIdxFromByteOffset (const llvm::GEPOperator *gepOp, DataLayout *dl, AccessPath &ap, APOffset idx)
 Infer field index from byteoffset.
 
bool computeGepOffset (const User *V, AccessPath &ap)
 Compute offset of a gep instruction or gep constant expression.
 
const ValuegetBaseValueForExtArg (const Value *V)
 Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))
 
void handleDirectCall (CallBase *cs, const Function *F)
 Handle direct call.
 
void handleIndCall (CallBase *cs)
 Handle indirect call.
 
virtual const TypegetBaseTypeAndFlattenedFields (const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
 Handle external call.
 
virtual void addComplexConsForExt (Value *D, Value *S, const Value *sz)
 
virtual void handleExtCall (const CallBase *cs, const Function *callee)
 
void setCurrentLocation (const Value *val, const BasicBlock *bb)
 Set current basic block in order to keep track of control flow information.
 
void setCurrentLocation (const Value *val, const SVFBasicBlock *bb)
 
const ValuegetCurrentValue () const
 
const SVFBasicBlockgetCurrentBB () const
 
void addGlobalBlackHoleAddrEdge (NodeID node, const ConstantExpr *int2Ptrce)
 Add global black hole Address edge.
 
NodeID addNullPtrNode ()
 Add NullPtr PAGNode.
 
NodeID getGepValVar (const Value *val, const AccessPath &ap, const SVFType *elementType)
 
void setCurrentBBAndValueForPAGEdge (PAGEdge *edge)
 
void addBlackHoleAddrEdge (NodeID node)
 
AddrStmtaddAddrEdge (NodeID src, NodeID dst)
 Add Address edge.
 
AddrStmtaddAddrWithStackArraySz (NodeID src, NodeID dst, llvm::AllocaInst &inst)
 Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
 
AddrStmtaddAddrWithHeapSz (NodeID src, NodeID dst, const CallBase *cs)
 Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
 
CopyStmtaddCopyEdge (NodeID src, NodeID dst, CopyStmt::CopyKind kind)
 
CopyStmt::CopyKind getCopyKind (const Value *val)
 
void addPhiStmt (NodeID res, NodeID opnd, const ICFGNode *pred)
 Add Copy edge.
 
void addSelectStmt (NodeID res, NodeID op1, NodeID op2, NodeID cond)
 Add SelectStmt.
 
void addCmpEdge (NodeID op1, NodeID op2, NodeID dst, u32_t predict)
 Add Copy edge.
 
void addBinaryOPEdge (NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
 Add Copy edge.
 
void addUnaryOPEdge (NodeID src, NodeID dst, u32_t opcode)
 Add Unary edge.
 
void addBranchStmt (NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
 Add Branch statement.
 
void addLoadEdge (NodeID src, NodeID dst)
 Add Load edge.
 
void addStoreEdge (NodeID src, NodeID dst)
 Add Store edge.
 
void addCallEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Call edge.
 
void addRetEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Return edge.
 
void addGepEdge (NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
 Add Gep edge.
 
void addNormalGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Offset(Gep) edge.
 
void addVariantGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Variant(Gep) edge.
 
void addThreadForkEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Thread fork edge for parameter passing.
 
void addThreadJoinEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Thread join edge for parameter passing.
 
AccessPath getAccessPathFromBaseNode (NodeID nodeId)
 

Private Member Functions

LLVMModuleSetllvmModuleSet ()
 

Private Attributes

SVFIRpag
 
const SVFBasicBlockcurBB
 Current basic block during SVFIR construction when visiting the module.
 
const ValuecurVal
 Current Value during SVFIR construction when visiting the module.
 

Detailed Description

SVFIR Builder to create SVF variables and statements and PAG

Definition at line 45 of file SVFIRBuilder.h.

Constructor & Destructor Documentation

◆ SVFIRBuilder()

SVF::SVFIRBuilder::SVFIRBuilder ( )
inline

Constructor.

Definition at line 55 of file SVFIRBuilder.h.

55 : pag(SVFIR::getPAG()), curBB(nullptr),curVal(nullptr)
56 {
57 }
SVF::SVFIRBuilder::curVal
const Value * curVal
Current Value during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:51
SVF::SVFIRBuilder::curBB
const SVFBasicBlock * curBB
Current basic block during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:50
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116

◆ ~SVFIRBuilder()

virtual SVF::SVFIRBuilder::~SVFIRBuilder ( )
inlinevirtual

Destructor.

Definition at line 59 of file SVFIRBuilder.h.

60 {
61 }

Member Function Documentation

◆ addAddrEdge()

AddrStmt * SVF::SVFIRBuilder::addAddrEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Address edge.

Definition at line 299 of file SVFIRBuilder.h.

300 {
301 if(AddrStmt *edge = pag->addAddrStmt(src, dst))
302 {
303 setCurrentBBAndValueForPAGEdge(edge);
304 return edge;
305 }
306 return nullptr;
307 }
SVF::SVFIRBuilder::setCurrentBBAndValueForPAGEdge
void setCurrentBBAndValueForPAGEdge(PAGEdge *edge)
Definition SVFIRBuilder.cpp:1717
SVF::SVFIR::addAddrStmt
AddrStmt * addAddrStmt(NodeID src, NodeID dst)
Add an edge into SVFIR.
Definition SVFIR.cpp:63
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ addAddrWithHeapSz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithHeapSz ( NodeID  src,
NodeID  dst,
const CallBase cs 
)
inlineprotected

Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".

Definition at line 321 of file SVFIRBuilder.h.

322 {
323 // get name of called function
324 AddrStmt* edge = addAddrEdge(src, dst);
325
326 llvm::Function* calledFunc = cs->getCalledFunction();
327 std::string functionName;
328 if (calledFunc)
329 {
330 functionName = calledFunc->getName().str();
331 }
332 else
333 {
334 SVFUtil::wrnMsg("not support indirect call to add AddrStmt.\n");
335 }
336 if (functionName == "malloc")
337 {
338 if (cs->arg_size() > 0)
339 {
340 const llvm::Value* val = cs->getArgOperand(0);
341 edge->addArrSize(pag->getGNode(getValueNode(val)));
342 }
343 }
344 // Check if the function called is 'calloc' and process its arguments.
345 // e.g. "%5 = call i8* @calloc(1, 8)", edge should add two SVFValue (1 and 8)
346 else if (functionName == "calloc")
347 {
348 if (cs->arg_size() > 1)
349 {
350 edge->addArrSize(
351 pag->getGNode(getValueNode(cs->getArgOperand(0))));
352 edge->addArrSize(
353 pag->getGNode(getValueNode(cs->getArgOperand(1))));
354 }
355 }
356 else
357 {
358 if (cs->arg_size() > 0)
359 {
360 const llvm::Value* val = cs->getArgOperand(0);
361 edge->addArrSize(pag->getGNode(getValueNode(val)));
362 }
363 }
364 return edge;
365 }
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:403
SVF::SVFIRBuilder::addAddrEdge
AddrStmt * addAddrEdge(NodeID src, NodeID dst)
Add Address edge.
Definition SVFIRBuilder.h:299
SVF::SVFIRBuilder::getValueNode
NodeID getValueNode(const Value *V)
Get different kinds of node.
Definition SVFIRBuilder.h:95
SVF::SVFUtil::wrnMsg
std::string wrnMsg(const std::string &msg)
Returns warning message by converting a string into yellow string output.
Definition SVFUtil.cpp:63

◆ addAddrWithStackArraySz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithStackArraySz ( NodeID  src,
NodeID  dst,
llvm::AllocaInst &  inst 
)
inlineprotected

Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".

Definition at line 310 of file SVFIRBuilder.h.

311 {
312 AddrStmt* edge = addAddrEdge(src, dst);
313 if (inst.getArraySize())
314 {
315 edge->addArrSize(pag->getGNode(getValueNode(inst.getArraySize())));
316 }
317 return edge;
318 }

◆ addBinaryOPEdge()

void SVF::SVFIRBuilder::addBinaryOPEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Copy edge.

Definition at line 433 of file SVFIRBuilder.h.

434 {
435 if(BinaryOPStmt *edge = pag->addBinaryOPStmt(op1, op2, dst, opcode))
436 setCurrentBBAndValueForPAGEdge(edge);
437 }
SVF::SVFIR::addBinaryOPStmt
BinaryOPStmt * addBinaryOPStmt(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIR.cpp:165

◆ addBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addBlackHoleAddrEdge ( NodeID  node)
inlineprotected

Definition at line 292 of file SVFIRBuilder.h.

293 {
294 if(PAGEdge *edge = pag->addBlackHoleAddrStmt(node))
295 setCurrentBBAndValueForPAGEdge(edge);
296 }
SVF::SVFIR::addBlackHoleAddrStmt
SVFStmt * addBlackHoleAddrStmt(NodeID node)
Set a pointer points-to black hole (e.g. int2ptr)
Definition SVFIR.cpp:294
SVF::PAGEdge
SVFStmt PAGEdge
Definition IRGraph.h:43

◆ addBranchStmt()

void SVF::SVFIRBuilder::addBranchStmt ( NodeID  br,
NodeID  cond,
const BranchStmt::SuccAndCondPairVec succs 
)
inlineprotected

Add Branch statement.

Definition at line 445 of file SVFIRBuilder.h.

446 {
447 if(BranchStmt *edge = pag->addBranchStmt(br, cond, succs))
448 setCurrentBBAndValueForPAGEdge(edge);
449 }
SVF::SVFIR::addBranchStmt
BranchStmt * addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add BranchStmt.
Definition SVFIR.cpp:203

◆ addCallEdge()

void SVF::SVFIRBuilder::addCallEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Call edge.

Definition at line 469 of file SVFIRBuilder.h.

470 {
471 if (CallPE* edge = pag->addCallPE(src, dst, cs, entry))
472 setCurrentBBAndValueForPAGEdge(edge);
473 }
SVF::SVFIR::addCallPE
CallPE * addCallPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIR.cpp:258

◆ addCmpEdge()

void SVF::SVFIRBuilder::addCmpEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  predict 
)
inlineprotected

Add Copy edge.

Definition at line 427 of file SVFIRBuilder.h.

428 {
429 if(CmpStmt *edge = pag->addCmpStmt(op1, op2, dst, predict))
430 setCurrentBBAndValueForPAGEdge(edge);
431 }
SVF::SVFIR::addCmpStmt
CmpStmt * addCmpStmt(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIR.cpp:144

◆ addComplexConsForExt()

void SVFIRBuilder::addComplexConsForExt ( Value D,
Value S,
const Value szValue 
)
protectedvirtual

Add the load/store constraints and temp. nodes for the complex constraint *D = *S (where D/S may point to structs).

If sz is 0, we will add edges for all fields.

Definition at line 82 of file SVFIRExtAPI.cpp.

83{
84 assert(D && S);
85 NodeID vnD= getValueNode(D), vnS= getValueNode(S);
86 if(!vnD || !vnS)
87 return;
88
89 std::vector<AccessPath> fields;
90
91 //Get the max possible size of the copy, unless it was provided.
92 std::vector<AccessPath> srcFields;
93 std::vector<AccessPath> dstFields;
94 const Type* stype = getBaseTypeAndFlattenedFields(S, srcFields, szValue);
95 const Type* dtype = getBaseTypeAndFlattenedFields(D, dstFields, szValue);
96 if(srcFields.size() > dstFields.size())
97 fields = dstFields;
98 else
99 fields = srcFields;
100
102 u32_t sz = fields.size();
103
104 if (fields.size() == 1 && (LLVMUtil::isConstDataOrAggData(D) || LLVMUtil::isConstDataOrAggData(S)))
105 {
106 NodeID dummy = pag->addDummyValNode();
107 addLoadEdge(vnD,dummy);
108 addStoreEdge(dummy,vnS);
109 return;
110 }
111
112 //For each field (i), add (Ti = *S + i) and (*D + i = Ti).
113 for (u32_t index = 0; index < sz; index++)
114 {
115 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
116 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
117 fields[index].getConstantStructFldIdx());
118 const SVFType* sElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(stype),
119 fields[index].getConstantStructFldIdx());
120 NodeID dField = getGepValVar(D,fields[index],dElementType);
121 NodeID sField = getGepValVar(S,fields[index],sElementType);
122 NodeID dummy = pag->addDummyValNode();
123 addLoadEdge(sField,dummy);
124 addStoreEdge(dummy,dField);
125 }
126}
u32_t
unsigned u32_t
Definition CommandLine.h:18
index
int index
Definition cJSON.h:170
SVF::IRGraph::getFlatternedElemType
const SVFType * getFlatternedElemType(const SVFType *baseType, u32_t flatten_idx)
Return the type of a flattened element given a flattened index.
Definition IRGraph.cpp:123
SVF::LLVMModuleSet::getLLVMModuleSet
static LLVMModuleSet * getLLVMModuleSet()
Definition LLVMModule.h:129
SVF::SVFIRBuilder::addStoreEdge
void addStoreEdge(NodeID src, NodeID dst)
Add Store edge.
Definition SVFIRBuilder.h:457
SVF::SVFIRBuilder::addLoadEdge
void addLoadEdge(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIRBuilder.h:451
SVF::SVFIRBuilder::getBaseTypeAndFlattenedFields
virtual const Type * getBaseTypeAndFlattenedFields(const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
Handle external call.
Definition SVFIRExtAPI.cpp:44
SVF::SVFIRBuilder::getGepValVar
NodeID getGepValVar(const Value *val, const AccessPath &ap, const SVFType *elementType)
Definition SVFIRBuilder.cpp:1662
SVF::SVFIR::addDummyValNode
NodeID addDummyValNode()
Definition SVFIR.h:491
SVF::LLVMUtil::isConstDataOrAggData
bool isConstDataOrAggData(const Value *val)
Return true if the value refers to constant data, e.g., i32 0.
Definition LLVMUtil.h:368
SVF::Type
llvm::Type Type
Definition BasicTypes.h:83
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

◆ addCopyEdge()

CopyStmt * SVF::SVFIRBuilder::addCopyEdge ( NodeID  src,
NodeID  dst,
CopyStmt::CopyKind  kind 
)
inlineprotected

Definition at line 367 of file SVFIRBuilder.h.

368 {
369 if(CopyStmt *edge = pag->addCopyStmt(src, dst, kind))
370 {
371 setCurrentBBAndValueForPAGEdge(edge);
372 return edge;
373 }
374 return nullptr;
375 }
SVF::SVFIR::addCopyStmt
CopyStmt * addCopyStmt(NodeID src, NodeID dst, CopyStmt::CopyKind type)
Add Copy edge.
Definition SVFIR.cpp:81

◆ addEdge()

void SVF::SVFIRBuilder::addEdge ( NodeID  src,
NodeID  dst,
SVFStmt::PEDGEK  kind,
APOffset  offset = 0,
Instruction cs = nullptr 
)

◆ addGepEdge()

void SVF::SVFIRBuilder::addGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap,
bool  constGep 
)
inlineprotected

Add Gep edge.

Definition at line 481 of file SVFIRBuilder.h.

482 {
483 if (GepStmt* edge = pag->addGepStmt(src, dst, ap, constGep))
484 setCurrentBBAndValueForPAGEdge(edge);
485 }
SVF::SVFIR::addGepStmt
GepStmt * addGepStmt(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIR.cpp:344

◆ addGlobalBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addGlobalBlackHoleAddrEdge ( NodeID  node,
const ConstantExpr int2Ptrce 
)
inlineprotected

Add global black hole Address edge.

Definition at line 267 of file SVFIRBuilder.h.

268 {
269 const Value* cval = getCurrentValue();
270 const SVFBasicBlock* cbb = getCurrentBB();
271 setCurrentLocation(int2Ptrce,(SVFBasicBlock*) nullptr);
272 addBlackHoleAddrEdge(node);
273 setCurrentLocation(cval,cbb);
274 }
SVF::SVFIRBuilder::setCurrentLocation
void setCurrentLocation(const Value *val, const BasicBlock *bb)
Set current basic block in order to keep track of control flow information.
Definition SVFIRBuilder.h:247
SVF::SVFIRBuilder::addBlackHoleAddrEdge
void addBlackHoleAddrEdge(NodeID node)
Definition SVFIRBuilder.h:292
SVF::SVFIRBuilder::getCurrentBB
const SVFBasicBlock * getCurrentBB() const
Definition SVFIRBuilder.h:261
SVF::SVFIRBuilder::getCurrentValue
const Value * getCurrentValue() const
Definition SVFIRBuilder.h:257
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition BasicTypes.h:82

◆ addLoadEdge()

void SVF::SVFIRBuilder::addLoadEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Load edge.

Definition at line 451 of file SVFIRBuilder.h.

452 {
453 if(LoadStmt *edge = pag->addLoadStmt(src, dst))
454 setCurrentBBAndValueForPAGEdge(edge);
455 }
SVF::SVFIR::addLoadStmt
LoadStmt * addLoadStmt(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIR.cpp:221

◆ addNormalGepEdge()

void SVF::SVFIRBuilder::addNormalGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Offset(Gep) edge.

Definition at line 487 of file SVFIRBuilder.h.

488 {
489 if (GepStmt* edge = pag->addNormalGepStmt(src, dst, ap))
490 setCurrentBBAndValueForPAGEdge(edge);
491 }
SVF::SVFIR::addNormalGepStmt
GepStmt * addNormalGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Offset(Gep) edge.
Definition SVFIR.cpp:363

◆ addNullPtrNode()

NodeID SVF::SVFIRBuilder::addNullPtrNode ( )
inlineprotected

Add NullPtr PAGNode.

Definition at line 277 of file SVFIRBuilder.h.

278 {
279 LLVMContext& cxt = llvmModuleSet()->getContext();
280 ConstantPointerNull* constNull = ConstantPointerNull::get(PointerType::getUnqual(cxt));
281 NodeID nullPtr = pag->addConstantNullPtrValNode(pag->getNullPtr(), nullptr, llvmModuleSet()->getSVFType(constNull->getType()));
282 llvmModuleSet()->addToSVFVar2LLVMValueMap(constNull, pag->getGNode(pag->getNullPtr()));
283 setCurrentLocation(constNull, (SVFBasicBlock*) nullptr);
284 addBlackHoleAddrEdge(pag->getBlkPtr());
285 return nullPtr;
286 }
SVF::IRGraph::getBlkPtr
NodeID getBlkPtr() const
Definition IRGraph.h:255
SVF::IRGraph::getNullPtr
NodeID getNullPtr() const
Definition IRGraph.h:259
SVF::LLVMModuleSet::addToSVFVar2LLVMValueMap
void addToSVFVar2LLVMValueMap(const Value *val, SVFValue *svfBaseNode)
Definition LLVMModule.cpp:1064
SVF::LLVMModuleSet::getContext
LLVMContext & getContext() const
Definition LLVMModule.h:374
SVF::SVFIRBuilder::llvmModuleSet
LLVMModuleSet * llvmModuleSet()
Definition SVFIRBuilder.h:515
SVF::SVFIR::addConstantNullPtrValNode
NodeID addConstantNullPtrValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:597
SVF::ConstantPointerNull
llvm::ConstantPointerNull ConstantPointerNull
Definition BasicTypes.h:127
SVF::LLVMContext
llvm::LLVMContext LLVMContext
Definition BasicTypes.h:70

◆ addPhiStmt()

void SVF::SVFIRBuilder::addPhiStmt ( NodeID  res,
NodeID  opnd,
const ICFGNode pred 
)
inlineprotected

Add Copy edge.

If we already added this phi node, then skip this adding

Definition at line 414 of file SVFIRBuilder.h.

415 {
417 if(PhiStmt *edge = pag->addPhiStmt(res,opnd,pred))
418 setCurrentBBAndValueForPAGEdge(edge);
419 }
SVF::SVFIR::addPhiStmt
PhiStmt * addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add phi node information.
Definition SVFIR.cpp:99

◆ addRetEdge()

void SVF::SVFIRBuilder::addRetEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Return edge.

Definition at line 475 of file SVFIRBuilder.h.

476 {
477 if (RetPE* edge = pag->addRetPE(src, dst, cs, exit))
478 setCurrentBBAndValueForPAGEdge(edge);
479 }
SVF::SVFIR::addRetPE
RetPE * addRetPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIR.cpp:276

◆ addSelectStmt()

void SVF::SVFIRBuilder::addSelectStmt ( NodeID  res,
NodeID  op1,
NodeID  op2,
NodeID  cond 
)
inlineprotected

Add SelectStmt.

Definition at line 421 of file SVFIRBuilder.h.

422 {
423 if(SelectStmt *edge = pag->addSelectStmt(res,op1,op2,cond))
424 setCurrentBBAndValueForPAGEdge(edge);
425 }
SVF::SVFIR::addSelectStmt
SelectStmt * addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIR.cpp:123

◆ addStoreEdge()

void SVF::SVFIRBuilder::addStoreEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Store edge.

Definition at line 457 of file SVFIRBuilder.h.

458 {
459 ICFGNode* node;
460 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
461 node = llvmModuleSet()->getICFGNode(
462 SVFUtil::cast<Instruction>(inst));
463 else
464 node = nullptr;
465 if (StoreStmt* edge = pag->addStoreStmt(src, dst, node))
466 setCurrentBBAndValueForPAGEdge(edge);
467 }
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition LLVMModule.cpp:1118
SVF::SVFIR::addStoreStmt
StoreStmt * addStoreStmt(NodeID src, NodeID dst, const ICFGNode *val)
Add Store edge.
Definition SVFIR.cpp:240
SVF::Instruction
llvm::Instruction Instruction
Definition BasicTypes.h:87

◆ addThreadForkEdge()

void SVF::SVFIRBuilder::addThreadForkEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Thread fork edge for parameter passing.

Definition at line 499 of file SVFIRBuilder.h.

500 {
501 if (TDForkPE* edge = pag->addThreadForkPE(src, dst, cs, entry))
502 setCurrentBBAndValueForPAGEdge(edge);
503 }
SVF::SVFIR::addThreadForkPE
TDForkPE * addThreadForkPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIR.cpp:305

◆ addThreadJoinEdge()

void SVF::SVFIRBuilder::addThreadJoinEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Thread join edge for parameter passing.

Definition at line 505 of file SVFIRBuilder.h.

506 {
507 if (TDJoinPE* edge = pag->addThreadJoinPE(src, dst, cs, exit))
508 setCurrentBBAndValueForPAGEdge(edge);
509 }
SVF::SVFIR::addThreadJoinPE
TDJoinPE * addThreadJoinPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Thread join edge for parameter passing.
Definition SVFIR.cpp:323

◆ addUnaryOPEdge()

void SVF::SVFIRBuilder::addUnaryOPEdge ( NodeID  src,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Unary edge.

Definition at line 439 of file SVFIRBuilder.h.

440 {
441 if(UnaryOPStmt *edge = pag->addUnaryOPStmt(src, dst, opcode))
442 setCurrentBBAndValueForPAGEdge(edge);
443 }
SVF::SVFIR::addUnaryOPStmt
UnaryOPStmt * addUnaryOPStmt(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIR.cpp:185

◆ addVariantGepEdge()

void SVF::SVFIRBuilder::addVariantGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Variant(Gep) edge.

Definition at line 493 of file SVFIRBuilder.h.

494 {
495 if (GepStmt* edge = pag->addVariantGepStmt(src, dst, ap))
496 setCurrentBBAndValueForPAGEdge(edge);
497 }
SVF::SVFIR::addVariantGepStmt
GepStmt * addVariantGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Variant(Gep) edge.
Definition SVFIR.cpp:382

◆ build()

SVFIR * SVFIRBuilder::build ( )
virtual

Start building SVFIR here.

Start building SVFIR here

build icfg

initial external library information initial SVFIR nodes

initial SVFIR edges: // handle globals

build callgraph

handle functions

collect return node of function fun

Return SVFIR node will not be created for function which can not reach the return instruction due to call to abort(), exit(), etc. In 176.gcc of SPEC 2000, function build_objc_string() from c-lang.c shows an example when fun.doesNotReturn() evaluates to TRUE because of abort().

To be noted, we do not record arguments which are in declared function without body TODO: what about external functions with SVFIR imported by commandline?

Definition at line 52 of file SVFIRBuilder.cpp.

53{
54 double startTime = SVFStat::getClk(true);
55
56 DBOUT(DGENERAL, outs() << pasMsg("\t Building SVFIR ...\n"));
57
58 // We read SVFIR from a user-defined txt instead of parsing SVFIR from LLVM IR
59 if (SVFIR::pagReadFromTXT())
60 {
61 PAGBuilderFromFile fileBuilder(SVFIR::pagFileName());
62 return fileBuilder.build();
63 }
64
65 // If the SVFIR has been built before, then we return the unique SVFIR of the program
66 if(pag->getNodeNumAfterPAGBuild() > 1)
67 return pag;
68
69
70 createFunObjVars();
71
73 ICFGBuilder icfgbuilder;
74 pag->icfg = icfgbuilder.build();
75
78 initialiseNodes();
81 visitGlobal();
83
84
85
87 CallGraphBuilder callGraphBuilder;
88 std::vector<const FunObjVar*> funset;
89 for (const auto& item: llvmModuleSet()->getFunctionSet())
90 {
91 funset.push_back(llvmModuleSet()->getFunObjVar(item));
92 }
93 pag->callGraph = callGraphBuilder.buildSVFIRCallGraph(funset);
94
95 CHGraph* chg = new CHGraph();
96 CHGBuilder chgbuilder(chg);
97 chgbuilder.buildCHG();
98 pag->setCHG(chg);
99
101 for (Module& M : llvmModuleSet()->getLLVMModules())
102 {
103 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
104 {
105 const Function& fun = *F;
106 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(&fun);
108 if(!fun.isDeclaration())
109 {
115 if (fun.doesNotReturn() == false &&
116 fun.getReturnType()->isVoidTy() == false)
117 {
118 pag->addFunRet(svffun,
119 pag->getGNode(pag->getReturnNode(svffun)));
120 }
121
124 for (Function::const_arg_iterator I = fun.arg_begin(), E = fun.arg_end();
125 I != E; ++I)
126 {
127 setCurrentLocation(&*I,&fun.getEntryBlock());
128 NodeID argValNodeId = llvmModuleSet()->getValueNode(&*I);
129 // if this is the function does not have caller (e.g. main)
130 // or a dead function, shall we create a black hole address edge for it?
131 // it is (1) too conservative, and (2) make FormalParmVFGNode defined at blackhole address PAGEdge.
132 // if(SVFUtil::ArgInNoCallerFunction(&*I)) {
133 // if(I->getType()->isPointerTy())
134 // addBlackHoleAddrEdge(argValNodeId);
135 //}
136 pag->addFunArgs(svffun,pag->getGNode(argValNodeId));
137 }
138 }
139 for (Function::const_iterator bit = fun.begin(), ebit = fun.end();
140 bit != ebit; ++bit)
141 {
142 const BasicBlock& bb = *bit;
143 for (BasicBlock::const_iterator it = bb.begin(), eit = bb.end();
144 it != eit; ++it)
145 {
146 const Instruction& inst = *it;
147 setCurrentLocation(&inst,&bb);
148 visit(const_cast<Instruction&>(inst));
149 }
150 }
151 }
152 }
153
154 sanityCheck();
155
156 pag->initialiseCandidatePointers();
157
158 pag->setNodeNumAfterPAGBuild(pag->getTotalNodeNum());
159
160 // dump SVFIR
161 if (Options::PAGDotGraph())
162 pag->dump("svfir_initial");
163
164 // print to command line of the SVFIR graph
165 if (Options::PAGPrint())
166 pag->print();
167
168 // dump ICFG
169 if (Options::DumpICFG())
170 pag->getICFG()->dump("icfg_initial");
171
172 if (Options::LoopAnalysis())
173 {
174 LLVMLoopAnalysis loopAnalysis;
175 loopAnalysis.build(pag->getICFG());
176 }
177
178 // dump SVFIR as JSON
179 if (!Options::DumpJson().empty())
180 {
181 assert(false && "please implement SVFIRWriter::writeJsonToPath");
182 }
183
184 double endTime = SVFStat::getClk(true);
185 SVFStat::timeOfBuildingSVFIR = (endTime - startTime) / TIMEINTERVAL;
186
187 return pag;
188}
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:498
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:526
DGENERAL
#define DGENERAL
Definition SVFType.h:504
item
cJSON * item
Definition cJSON.h:222
SVF::GenericGraph::getTotalNodeNum
u32_t getTotalNodeNum() const
Get total number of node/edge.
Definition GenericGraph.h:430
SVF::ICFG::dump
void dump(const std::string &file, bool simple=false)
Dump graph into dot file.
Definition ICFG.cpp:411
SVF::IRGraph::getNodeNumAfterPAGBuild
u32_t getNodeNumAfterPAGBuild() const
Definition IRGraph.h:313
SVF::IRGraph::dump
void dump(std::string name)
Dump SVFIR.
Definition IRGraph.cpp:310
SVF::IRGraph::getReturnNode
NodeID getReturnNode(const FunObjVar *func) const
GetReturnNode - Return the unique node representing the return value of a function.
Definition IRGraph.cpp:60
SVF::IRGraph::setNodeNumAfterPAGBuild
void setNodeNumAfterPAGBuild(u32_t num)
Definition IRGraph.h:317
SVF::LLVMLoopAnalysis::build
virtual void build(ICFG *icfg)
Start from here.
Definition LLVMLoopAnalysis.cpp:89
SVF::LLVMModuleSet::getValueNode
NodeID getValueNode(const Value *V)
Definition LLVMModule.cpp:986
SVF::LLVMModuleSet::getFunObjVar
const FunObjVar * getFunObjVar(const Function *fun) const
Definition LLVMModule.h:260
SVF::Options::PAGDotGraph
static const Option< bool > PAGDotGraph
Definition Options.h:121
SVF::Options::DumpJson
static const Option< std::string > DumpJson
Definition Options.h:124
SVF::Options::PAGPrint
static const Option< bool > PAGPrint
Definition Options.h:127
SVF::Options::LoopAnalysis
static const Option< bool > LoopAnalysis
Definition Options.h:242
SVF::Options::DumpICFG
static const Option< bool > DumpICFG
Definition Options.h:123
SVF::SVFIRBuilder::sanityCheck
void sanityCheck()
Sanity check for SVFIR.
Definition SVFIRBuilder.cpp:1636
SVF::SVFIRBuilder::visitGlobal
void visitGlobal()
Handle globals including (global variable and functions)
Definition SVFIRBuilder.cpp:949
SVF::SVFIRBuilder::initialiseNodes
void initialiseNodes()
Initialize nodes and edges.
Definition SVFIRBuilder.cpp:534
SVF::SVFIR::print
void print()
Print SVFIR.
Definition SVFIR.cpp:557
SVF::SVFIR::addFunArgs
void addFunArgs(const FunObjVar *fun, const SVFVar *arg)
Get/set method for function/callsite arguments and returns.
Definition SVFIR.h:527
SVF::SVFIR::addFunRet
void addFunRet(const FunObjVar *fun, const SVFVar *ret)
Add function returns.
Definition SVFIR.h:534
SVF::SVFIR::pagFileName
static std::string pagFileName()
Definition SVFIR.h:206
SVF::SVFIR::pagReadFromTXT
static bool pagReadFromTXT()
Definition SVFIR.h:211
SVF::SVFIR::callGraph
CallGraph * callGraph
all the callsites of a program
Definition SVFIR.h:99
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:163
SVF::SVFIR::setCHG
void setCHG(CommonCHGraph *c)
Set/Get CHG.
Definition SVFIR.h:169
SVF::SVFIR::icfg
ICFG * icfg
Definition SVFIR.h:96
SVF::SVFIR::initialiseCandidatePointers
void initialiseCandidatePointers()
Initialize candidate pointers.
Definition SVFIR.cpp:642
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48
SVF::SVFStat::timeOfBuildingSVFIR
static double timeOfBuildingSVFIR
Definition SVFStat.h:95
SVF::LLVMUtil::getFunObjVar
const FunObjVar * getFunObjVar(const std::string &name)
Definition LLVMUtil.cpp:435
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF::BasicBlock
llvm::BasicBlock BasicBlock
Definition BasicTypes.h:86
SVF::Function
llvm::Function Function
Definition BasicTypes.h:85
SVF::Module
llvm::Module Module
Definition BasicTypes.h:84

◆ computeGepOffset()

bool SVFIRBuilder::computeGepOffset ( const User V,
AccessPath ap 
)
protected

Compute offset of a gep instruction or gep constant expression.

Return the object node offset according to GEP insn (V). Given a gep edge p = q + i, if "i" is a constant then we return its offset size otherwise if "i" is a variable determined by runtime, then it is a variant offset Return TRUE if the offset of this GEP insn is a constant.

Definition at line 640 of file SVFIRBuilder.cpp.

641{
642 assert(V);
643
644 const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
645 DataLayout * dataLayout = getDataLayout(llvmModuleSet()->getMainLLVMModule());
646 llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
647 if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
648 {
649 //s32_t bo = byteOffset.getSExtValue();
650 }
651
652 bool isConst = true;
653
654 bool prevPtrOperand = false;
655 for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
656 gi != ge; ++gi)
657 {
658 const Type* gepTy = *gi;
659 const SVFType* svfGepTy = llvmModuleSet()->getSVFType(gepTy);
660
661 assert((prevPtrOperand && svfGepTy->isPointerTy()) == false &&
662 "Expect no more than one gep operand to be of a pointer type");
663 if(!prevPtrOperand && svfGepTy->isPointerTy()) prevPtrOperand = true;
664 const Value* offsetVal = gi.getOperand();
665 assert(gepTy != offsetVal->getType() && "iteration and operand have the same type?");
666 ap.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offsetVal)), svfGepTy);
667
668 //The int value of the current index operand
669 const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
670
671 // if Options::ModelConsts() is disabled. We will treat whole array as one,
672 // but we can distinguish different field of an array of struct, e.g. s[1].f1 is different from s[0].f2
673 if(const ArrayType* arrTy = SVFUtil::dyn_cast<ArrayType>(gepTy))
674 {
675 if(!op || (arrTy->getArrayNumElements() <= (u32_t)LLVMUtil::getIntegerValue(op).first))
676 continue;
677 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
678 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(arrTy), idx);
679 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
680 }
681 else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
682 {
683 assert(op && "non-const offset accessing a struct");
684 //The actual index
685 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
686 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(ST), idx);
687 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
688 }
689 else if (gepTy->isSingleValueType())
690 {
691 // If it's a non-constant offset access
692 // If its point-to target is struct or array, it's likely an array accessing (%result = gep %struct.A* %a, i32 %non-const-index)
693 // If its point-to target is single value (pointer arithmetic), then it's a variant gep (%result = gep i8* %p, i32 %non-const-index)
694 if(!op && gepTy->isPointerTy() && gepOp->getSourceElementType()->isSingleValueType())
695 {
696 isConst = false;
697 }
698
699 // The actual index
700 //s32_t idx = op->getSExtValue();
701
702 // For pointer arithmetic we ignore the byte offset
703 // consider using inferFieldIdxFromByteOffset(geopOp,dataLayout,ap,idx)?
704 // ap.setFldIdx(ap.getConstantFieldIdx() + inferFieldIdxFromByteOffset(geopOp,idx));
705 }
706 }
707 return isConst;
708}
offset
buffer offset
Definition cJSON.cpp:1113
SVF::AccessPath::addOffsetVarAndGepTypePair
bool addOffsetVarAndGepTypePair(const SVFVar *var, const SVFType *gepIterType)
Definition AccessPath.cpp:42
SVF::AccessPath::getConstantStructFldIdx
APOffset getConstantStructFldIdx() const
Get methods.
Definition AccessPath.h:99
SVF::AccessPath::setFldIdx
void setFldIdx(APOffset idx)
Definition AccessPath.h:103
SVF::IRGraph::getFlattenedElemIdx
u32_t getFlattenedElemIdx(const SVFType *T, u32_t origId)
Flattened element idx of an array or struct by considering stride.
Definition IRGraph.cpp:144
SVF::LLVMModuleSet::getSVFType
SVFType * getSVFType(const Type *T)
Get or create SVFType and typeinfo.
Definition LLVMModule.cpp:1103
SVF::SVFIRBuilder::getPAG
SVFIR * getPAG() const
Return SVFIR.
Definition SVFIRBuilder.h:67
llvm::generic_bridge_gep_type_iterator
Definition GEPTypeBridgeIterator.h:18
SVF::LLVMUtil::getIntegerValue
std::pair< s64_t, u64_t > getIntegerValue(const ConstantInt *intValue)
Definition LLVMUtil.h:82
SVF::LLVMUtil::getDataLayout
static DataLayout * getDataLayout(Module *mod)
Definition LLVMUtil.h:313
SVF::DataLayout
llvm::DataLayout DataLayout
Definition BasicTypes.h:108
SVF::ArrayType
llvm::ArrayType ArrayType
Definition BasicTypes.h:95
SVF::StructType
llvm::StructType StructType
LLVM types.
Definition BasicTypes.h:94
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
SVF::ConstantInt
llvm::ConstantInt ConstantInt
Definition BasicTypes.h:125
llvm::bridge_gep_end
bridge_gep_iterator bridge_gep_end(const User *GEP)
Definition GEPTypeBridgeIterator.h:157
llvm::bridge_gep_begin
bridge_gep_iterator bridge_gep_begin(const User *GEP)
Definition GEPTypeBridgeIterator.h:149

◆ createFunObjVars()

void SVFIRBuilder::createFunObjVars ( )

set fun in bb

Definition at line 329 of file SVFIRBuilder.cpp.

330{
331 std::vector<FunObjVar*> funset;
332 // Iterate over all object symbols in the symbol table
333 for (const auto* fun: llvmModuleSet()->getFunctionSet())
334 {
335 u32_t id = llvmModuleSet()->objSyms()[fun];
336 // Debug output for adding object node
337 DBOUT(DPAGBuild, outs() << "add obj node " << id << "\n");
338
339 // Check if the value is a function and add a function object node
340 pag->addFunObjNode(id, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(fun->getType()), nullptr);
341 llvmModuleSet()->LLVMFun2FunObjVar[fun] = cast<FunObjVar>(pag->getGNode(id));
342
343 FunObjVar *funObjVar = SVFUtil::cast<FunObjVar>(pag->getGNode(id));
344 funset.push_back(funObjVar);
345
346 funObjVar->initFunObjVar(fun->isDeclaration(), LLVMUtil::isIntrinsicFun(fun), fun->hasAddressTaken(),
347 LLVMUtil::isUncalledFunction(fun), LLVMUtil::functionDoesNotRet(fun), fun->isVarArg(),
348 SVFUtil::cast<SVFFunctionType>(llvmModuleSet()->getSVFType(fun->getFunctionType())),
349 new SVFLoopAndDomInfo, nullptr, nullptr,
350 {}, nullptr);
351 BasicBlockGraph* bbGraph = new BasicBlockGraph();
352 funObjVar->setBasicBlockGraph(bbGraph);
353
354
355 for (const BasicBlock& bb : *fun)
356 {
357 llvmModuleSet()->addBasicBlock(funObjVar, &bb);
358 }
359
361 for (auto& bb: *funObjVar->bbGraph)
362 {
363 bb.second->setFun(funObjVar);
364 }
365 llvmModuleSet()->addToSVFVar2LLVMValueMap(fun, pag->getGNode(id));
366 }
367
368 initFunObjVar();
369}
DPAGBuild
#define DPAGBuild
Definition SVFType.h:506
SVF::FunObjVar::setBasicBlockGraph
void setBasicBlockGraph(BasicBlockGraph *graph)
Definition SVFVariables.h:1150
SVF::FunObjVar::initFunObjVar
void initFunObjVar(bool decl, bool intrinc, bool addr, bool uncalled, bool notret, bool vararg, const SVFFunctionType *ft, SVFLoopAndDomInfo *ld, const FunObjVar *real, BasicBlockGraph *bbg, const std::vector< const ArgValVar * > &allarg, const SVFBasicBlock *exit)
Definition SVFVariables.cpp:446
SVF::IRGraph::getObjTypeInfo
ObjTypeInfo * getObjTypeInfo(NodeID id) const
Definition IRGraph.h:234
SVF::LLVMModuleSet::LLVMFun2FunObjVar
LLVMFun2FunObjVarMap LLVMFun2FunObjVar
Map an LLVM Function to an SVF Funobjvar.
Definition LLVMModule.h:97
SVF::LLVMModuleSet::objSyms
ValueToIDMapTy & objSyms()
Definition LLVMModule.h:210
SVF::LLVMModuleSet::addBasicBlock
void addBasicBlock(FunObjVar *fun, const BasicBlock *bb)
Definition LLVMModule.h:230
SVF::SVFIR::addFunObjNode
NodeID addFunObjNode(NodeID id, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:648
SVF::LLVMUtil::isUncalledFunction
bool isUncalledFunction(const Function *fun)
whether this is a function without any possible caller?
Definition LLVMUtil.cpp:157
SVF::LLVMUtil::isIntrinsicFun
bool isIntrinsicFun(const Function *func)
Definition LLVMUtil.cpp:189
SVF::LLVMUtil::functionDoesNotRet
bool functionDoesNotRet(const Function *fun)
Definition LLVMUtil.cpp:122

◆ getAccessPathFromBaseNode()

AccessPath SVFIRBuilder::getAccessPathFromBaseNode ( NodeID  nodeId)
protected

Get a base SVFVar given a pointer Return the source node of its connected normal gep edge Otherwise return the node id itself s32_t offset : gep offset

if this node is already a base node

Definition at line 1804 of file SVFIRBuilder.cpp.

1805{
1806 SVFVar* node = pag->getGNode(nodeId);
1807 SVFStmt::SVFStmtSetTy& geps = node->getIncomingEdges(SVFStmt::Gep);
1809 if(geps.empty())
1810 return AccessPath(0);
1811
1812 assert(geps.size()==1 && "one node can only be connected by at most one gep edge!");
1813 SVFVar::iterator it = geps.begin();
1814 const GepStmt* gepEdge = SVFUtil::cast<GepStmt>(*it);
1815 if(gepEdge->isVariantFieldGep())
1816 return AccessPath(0);
1817 else
1818 return gepEdge->getAccessPath();
1819}
SVF::GenericNode::iterator
GEdgeSetTy::iterator iterator
Definition GenericGraph.h:155
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition SVFStatements.h:214
SVF::SVFVar::getIncomingEdges
SVFStmt::SVFStmtSetTy & getIncomingEdges(SVFStmt::PEDGEK kind)
Edge accessors and checkers.
Definition SVFVariables.h:111

◆ getBaseTypeAndFlattenedFields()

const Type * SVFIRBuilder::getBaseTypeAndFlattenedFields ( const Value V,
std::vector< AccessPath > &  fields,
const Value szValue 
)
protectedvirtual

Handle external call.

Find the base type and the max possible offset of an object pointed to by (V).

use user-specified size for this copy operation if the size is a constaint int

Definition at line 44 of file SVFIRExtAPI.cpp.

45{
46 assert(V);
47 const Value* value = getBaseValueForExtArg(V);
48 const Type *objType = LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->inferObjType(value);
49 u32_t numOfElems = pag->getNumOfFlattenElements(LLVMModuleSet::getLLVMModuleSet()->getSVFType(objType));
51 if(szValue && SVFUtil::isa<ConstantInt>(szValue))
52 {
53 auto szIntVal = LLVMUtil::getIntegerValue(SVFUtil::cast<ConstantInt>(szValue));
54 numOfElems = (numOfElems > szIntVal.first) ? szIntVal.first : numOfElems;
55 }
56
57 LLVMContext& context = LLVMModuleSet::getLLVMModuleSet()->getContext();
58 for(u32_t ei = 0; ei < numOfElems; ei++)
59 {
60 AccessPath ls(ei);
61 // make a ConstantInt and create char for the content type due to byte-wise copy
62 const ConstantInt* offset = ConstantInt::get(context, llvm::APInt(32, ei));
63 if (!llvmModuleSet()->hasValueNode(offset))
64 {
65 SymbolTableBuilder builder(pag);
66 builder.collectSym(offset);
67 NodeID id = llvmModuleSet()->getValueNode(offset);
68 pag->addConstantIntValNode(id, LLVMUtil::getIntegerValue(offset), nullptr, llvmModuleSet()->getSVFType(offset->getType()));
69 llvmModuleSet()->addToSVFVar2LLVMValueMap(offset,
70 pag->getGNode(id));
71 }
72 ls.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offset)), nullptr);
73 fields.push_back(ls);
74 }
75 return objType;
76}
SVF::IRGraph::getNumOfFlattenElements
u32_t getNumOfFlattenElements(const SVFType *T)
Definition IRGraph.cpp:169
SVF::LLVMModuleSet::getTypeInference
ObjTypeInference * getTypeInference()
Definition LLVMModule.cpp:92
SVF::ObjTypeInference::inferObjType
const Type * inferObjType(const Value *var)
get or infer the type of the object pointed by the value
Definition ObjTypeInference.cpp:136
SVF::SVFIRBuilder::getBaseValueForExtArg
const Value * getBaseValueForExtArg(const Value *V)
Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst,...
Definition SVFIRBuilder.cpp:1535
SVF::SVFIR::addConstantIntValNode
NodeID addConstantIntValNode(NodeID i, const std::pair< s64_t, u64_t > &intValue, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:590

◆ getBaseValueForExtArg()

const Value * SVFIRBuilder::getBaseValueForExtArg ( const Value V)
protected

Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))

Example 1:

%0 = getelementptr inbounds struct.outer, struct.inner base, i32 0, i32 0 call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false) The base value for %0 is base. Note: the base is recognized as the base value if the offset (field index) is 0

Example 2: https://github.com/SVF-tools/SVF/issues/1650 https://github.com/SVF-tools/SVF/pull/1652

@i1 = dso_local global struct.inner { i32 0, ptr @f1, ptr @f2 } @n1 = dso_local global struct.outer { i32 0, ptr @i1 }

inner = alloca struct.inner %0 = load ptr, ptr getelementptr inbounds (struct.outer, ptr @n1, i32 0, i32 1) call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false)

The base value for %0 is @i1

Example 3:

@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }> <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8

%0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>, ptr @conststruct, i64 0, i32 0, i64 16)

The base value for %0 is still %0

Definition at line 1535 of file SVFIRBuilder.cpp.

1536{
1537 const Value* value = stripAllCasts(V);
1538 assert(value && "null ptr?");
1539 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
1540 {
1541 APOffset totalidx = 0;
1542 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1543 {
1544 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1545 totalidx += LLVMUtil::getIntegerValue(op).first;
1546 }
1547 if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
1548 value = gep->getPointerOperand();
1549 }
1550 else if (const LoadInst* load = SVFUtil::dyn_cast<LoadInst>(value))
1551 {
1552 const Value* loadP = load->getPointerOperand();
1553 if (const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(loadP))
1554 {
1555 APOffset totalidx = 0;
1556 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1557 {
1558 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1559 totalidx += LLVMUtil::getIntegerValue(op).first;
1560 }
1561 const Value * pointer_operand = gep->getPointerOperand();
1562 if (auto *glob = SVFUtil::dyn_cast<GlobalVariable>(pointer_operand))
1563 {
1564 if (glob->hasInitializer())
1565 {
1566 if (auto *initializer = SVFUtil::dyn_cast<
1567 ConstantStruct>(glob->getInitializer()))
1568 {
1569 /*
1570 *@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>
1571 <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8
1572
1573 %0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>,
1574 ptr @conststruct, i64 0, i32 0, i64 16)
1575 in this case, totalidx is 16 while initializer->getNumOperands() is 4, so we return value as the base
1576 */
1577 if (totalidx >= initializer->getNumOperands()) return value;
1578 auto *ptrField = initializer->getOperand(totalidx);
1579 if (auto *ptrValue = SVFUtil::dyn_cast<llvm::GlobalVariable>(ptrField))
1580 {
1581 return ptrValue;
1582 }
1583 }
1584 }
1585 }
1586 }
1587 }
1588
1589 return value;
1590}
SVF::LLVMUtil::stripAllCasts
const Value * stripAllCasts(const Value *val)
Strip off the all casts.
Definition LLVMUtil.cpp:249
SVF::SVFUtil::dyn_cast
LLVM_NODISCARD std::enable_if_t<!is_simple_type< Y >::value, typename cast_retty< X, const Y >::ret_type > dyn_cast(const Y &Val)
Definition Casting.h:405
SVF::ConstantStruct
llvm::ConstantStruct ConstantStruct
Definition BasicTypes.h:106
SVF::LoadInst
llvm::LoadInst LoadInst
Definition BasicTypes.h:149
SVF::GetElementPtrInst
llvm::GetElementPtrInst GetElementPtrInst
Definition BasicTypes.h:162

◆ getCopyKind()

CopyStmt::CopyKind SVF::SVFIRBuilder::getCopyKind ( const Value val)
inlineprotected

Definition at line 377 of file SVFIRBuilder.h.

378 {
379 // COPYVAL, ZEXT, SEXT, BITCAST, FPTRUNC, FPTOUI, FPTOSI, UITOFP, SITOFP, INTTOPTR, PTRTOINT
380 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(val))
381 {
382 switch (inst->getOpcode())
383 {
384 case Instruction::ZExt:
385 return CopyStmt::ZEXT;
386 case Instruction::SExt:
387 return CopyStmt::SEXT;
388 case Instruction::BitCast:
389 return CopyStmt::BITCAST;
390 case Instruction ::Trunc:
391 return CopyStmt::TRUNC;
392 case Instruction::FPTrunc:
393 return CopyStmt::FPTRUNC;
394 case Instruction::FPToUI:
395 return CopyStmt::FPTOUI;
396 case Instruction::FPToSI:
397 return CopyStmt::FPTOSI;
398 case Instruction::UIToFP:
399 return CopyStmt::UITOFP;
400 case Instruction::SIToFP:
401 return CopyStmt::SITOFP;
402 case Instruction::IntToPtr:
403 return CopyStmt::INTTOPTR;
404 case Instruction::PtrToInt:
405 return CopyStmt::PTRTOINT;
406 default:
407 return CopyStmt::COPYVAL;
408 }
409 }
410 assert (false && "Unknown cast inst!");
411 }

◆ getCurrentBB()

const SVFBasicBlock * SVF::SVFIRBuilder::getCurrentBB ( ) const
inlineprotected

Definition at line 261 of file SVFIRBuilder.h.

262 {
263 return curBB;
264 }

◆ getCurrentValue()

const Value * SVF::SVFIRBuilder::getCurrentValue ( ) const
inlineprotected

Definition at line 257 of file SVFIRBuilder.h.

258 {
259 return curVal;
260 }

◆ getGepValVar()

NodeID SVFIRBuilder::getGepValVar ( const Value val,
const AccessPath ap,
const SVFType elementType 
)
protected

Add a temp field value node according to base value and offset this node is after the initial node method, it is out of scope of symInfo table

Definition at line 1662 of file SVFIRBuilder.cpp.

1663{
1664 NodeID base = getValueNode(val);
1665 NodeID gepval = pag->getGepValVar(llvmModuleSet()->getValueNode(curVal), base, ap);
1666 if (gepval==UINT_MAX)
1667 {
1668 assert(((int) UINT_MAX)==-1 && "maximum limit of unsigned int is not -1?");
1669 /*
1670 * getGepValVar can only be called from two places:
1671 * 1. SVFIRBuilder::addComplexConsForExt to handle external calls
1672 * 2. SVFIRBuilder::getGlobalVarField to initialize global variable
1673 * so curVal can only be
1674 * 1. Instruction
1675 * 2. GlobalVariable
1676 */
1677 assert(
1678 (SVFUtil::isa<Instruction>(curVal) || SVFUtil::isa<GlobalVariable>(curVal)) && "curVal not an instruction or a globalvariable?");
1679
1680 // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
1681 // We preserve the current BB information to restore it after creating the gepNode
1682 const Value* cval = getCurrentValue();
1683 const SVFBasicBlock* cbb = getCurrentBB();
1684 setCurrentLocation(curVal, (SVFBasicBlock*) nullptr);
1685 LLVMModuleSet* llvmmodule = llvmModuleSet();
1686 const ICFGNode* node = nullptr;
1687 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
1688 if (llvmmodule->hasICFGNode(inst))
1689 {
1690 node = llvmmodule->getICFGNode(inst);
1691 }
1692 NodeID gepNode = pag->addGepValNode(llvmModuleSet()->getValueNode(curVal), cast<ValVar>(pag->getGNode(getValueNode(val))), ap,
1693 NodeIDAllocator::get()->allocateValueId(),
1694 llvmmodule->getSVFType(PointerType::getUnqual(llvmmodule->getContext())), node);
1695 addGepEdge(base, gepNode, ap, true);
1696 setCurrentLocation(cval, cbb);
1697 return gepNode;
1698 }
1699 else
1700 return gepval;
1701}
SVF::NodeIDAllocator::get
static NodeIDAllocator * get(void)
Return (singleton) allocator.
Definition NodeIDAllocator.cpp:26
SVF::SVFIRBuilder::addGepEdge
void addGepEdge(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIRBuilder.h:481
SVF::SVFIR::getGepValVar
NodeID getGepValVar(NodeID curInst, NodeID base, const AccessPath &ap) const
Due to constraint expression, curInst is used to distinguish different instructions (e....
Definition SVFIR.cpp:522
SVF::SVFIR::addGepValNode
NodeID addGepValNode(NodeID curInst, const ValVar *base, const AccessPath &ap, NodeID i, const SVFType *type, const ICFGNode *node)
Add a temp field value node, this method can only invoked by getGepValVar.
Definition SVFIR.cpp:403

◆ getGlobalVarField()

NodeID SVFIRBuilder::getGlobalVarField ( const GlobalVariable gvar,
u32_t  offset,
SVFType tpy 
)
protected

Get the field of the global variable node FIXME:Here we only get the field that actually used in the program We ignore the initialization of global variable field that not used in the program

if we did not find the constant expression in the program, then we need to create a gep node for this field

Definition at line 844 of file SVFIRBuilder.cpp.

845{
846
847 // if the global variable do not have any field needs to be initialized
848 if (offset == 0 && gvar->getInitializer()->getType()->isSingleValueType())
849 {
850 return getValueNode(gvar);
851 }
854 else
855 {
856 return getGepValVar(gvar, AccessPath(offset), tpy);
857 }
858}

◆ getObjectNode()

NodeID SVF::SVFIRBuilder::getObjectNode ( const Value V)
inline

GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.

Definition at line 105 of file SVFIRBuilder.h.

106 {
107 return llvmModuleSet()->getObjectNode(V);
108 }
SVF::LLVMModuleSet::getObjectNode
NodeID getObjectNode(const Value *V)
Definition LLVMModule.cpp:1007

◆ getPAG()

SVFIR * SVF::SVFIRBuilder::getPAG ( ) const
inline

Return SVFIR.

Definition at line 67 of file SVFIRBuilder.h.

68 {
69 return pag;
70 }

◆ getReturnNode()

NodeID SVF::SVFIRBuilder::getReturnNode ( const FunObjVar func)
inline

getReturnNode - Return the node representing the unique return value of a function.

Definition at line 111 of file SVFIRBuilder.h.

112 {
113 return pag->getReturnNode(func);
114 }

◆ getValueNode()

NodeID SVF::SVFIRBuilder::getValueNode ( const Value V)
inline

Get different kinds of node.

Definition at line 95 of file SVFIRBuilder.h.

96 {
97 // first handle gep edge if val if a constant expression
98 processCE(V);
99
100 // strip off the constant cast and return the value node
101 return llvmModuleSet()->getValueNode(V);
102 }
SVF::SVFIRBuilder::processCE
void processCE(const Value *val)
Process constant expression.
Definition SVFIRBuilder.cpp:713

◆ getVarargNode()

NodeID SVF::SVFIRBuilder::getVarargNode ( const FunObjVar func)
inline

getVarargNode - Return the node representing the unique variadic argument of a function.

Definition at line 117 of file SVFIRBuilder.h.

118 {
119 return pag->getVarargNode(func);
120 }
SVF::IRGraph::getVarargNode
NodeID getVarargNode(const FunObjVar *func) const
getVarargNode - Return the unique node representing the variadic argument of a variadic function.
Definition IRGraph.cpp:67

◆ handleDirectCall()

void SVFIRBuilder::handleDirectCall ( CallBase cs,
const Function F 
)
protected

Handle direct call.

Add the constraints for a direct, non-external call.

FIXME: this assertion should be placed for correct checking except bug program like 188.ammp, 300.twolf

Definition at line 1441 of file SVFIRBuilder.cpp.

1442{
1443
1444 assert(F);
1445 CallICFGNode* callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
1446 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(F);
1447 DBOUT(DPAGBuild,
1448 outs() << "handle direct call " << LLVMUtil::dumpValue(cs) << " callee " << F->getName().str() << "\n");
1449
1450 //Only handle the ret.val. if it's used as a ptr.
1451 NodeID dstrec = getValueNode(cs);
1452 //Does it actually return a ptr?
1453 if (!cs->getType()->isVoidTy())
1454 {
1455 NodeID srcret = getReturnNode(svffun);
1456 FunExitICFGNode* exitICFGNode = pag->getICFG()->getFunExitICFGNode(svffun);
1457 addRetEdge(srcret, dstrec,callICFGNode, exitICFGNode);
1458 }
1459 //Iterators for the actual and formal parameters
1460 u32_t itA = 0, ieA = cs->arg_size();
1461 Function::const_arg_iterator itF = F->arg_begin(), ieF = F->arg_end();
1462 //Go through the fixed parameters.
1463 DBOUT(DPAGBuild, outs() << " args:");
1464 for (; itF != ieF; ++itA, ++itF)
1465 {
1466 //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
1467 if (itA == ieA)
1468 {
1469 DBOUT(DPAGBuild, outs() << " !! not enough args\n");
1470 break;
1471 }
1472 const Value* AA = cs->getArgOperand(itA), *FA = &*itF; //current actual/formal arg
1473
1474 DBOUT(DPAGBuild, outs() << "process actual parm " << llvmModuleSet()->getSVFValue(AA)->toString() << " \n");
1475
1476 NodeID dstFA = getValueNode(FA);
1477 NodeID srcAA = getValueNode(AA);
1478 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1479 addCallEdge(srcAA, dstFA, callICFGNode, entry);
1480 }
1481 //Any remaining actual args must be varargs.
1482 if (F->isVarArg())
1483 {
1484 NodeID vaF = getVarargNode(svffun);
1485 DBOUT(DPAGBuild, outs() << "\n varargs:");
1486 for (; itA != ieA; ++itA)
1487 {
1488 const Value* AA = cs->getArgOperand(itA);
1489 NodeID vnAA = getValueNode(AA);
1490 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1491 addCallEdge(vnAA,vaF, callICFGNode,entry);
1492 }
1493 }
1494 if(itA != ieA)
1495 {
1498 writeWrnMsg("too many args to non-vararg func.");
1499 writeWrnMsg("(" + callICFGNode->getSourceLoc() + ")");
1500
1501 }
1502}
SVF::ICFG::getFunExitICFGNode
FunExitICFGNode * getFunExitICFGNode(const FunObjVar *fun)
Add a function exit node.
Definition ICFG.cpp:249
SVF::ICFG::getFunEntryICFGNode
FunEntryICFGNode * getFunEntryICFGNode(const FunObjVar *fun)
Add a function entry node.
Definition ICFG.cpp:242
SVF::LLVMModuleSet::getCallICFGNode
CallICFGNode * getCallICFGNode(const Instruction *cs)
get a call node
Definition LLVMModule.cpp:1145
SVF::SVFIRBuilder::getVarargNode
NodeID getVarargNode(const FunObjVar *func)
getVarargNode - Return the node representing the unique variadic argument of a function.
Definition SVFIRBuilder.h:117
SVF::SVFIRBuilder::getReturnNode
NodeID getReturnNode(const FunObjVar *func)
getReturnNode - Return the node representing the unique return value of a function.
Definition SVFIRBuilder.h:111
SVF::SVFIRBuilder::addRetEdge
void addRetEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIRBuilder.h:475
SVF::SVFIRBuilder::addCallEdge
void addCallEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIRBuilder.h:469
SVF::LLVMUtil::dumpValue
std::string dumpValue(const Value *val)
Definition LLVMUtil.cpp:600
SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:68

◆ handleExtCall()

void SVFIRBuilder::handleExtCall ( const CallBase cs,
const Function callee 
)
protectedvirtual

pthread_create has 1 arg. apr_thread_create has 2 arg.

Connect actual parameter to formal parameter of the start routine

handle indirect calls at pthread create APIs e.g., pthread_create(&t1, nullptr, fp, ...); const Value* fun = ThreadAPI::getThreadAPI()->getForkedFun(inst); if(!SVFUtilisa<Function>(fun)) pag->addIndirectCallsites(cs,pag->getValueNode(fun));

If forkedFun does not pass to spawnee as function type but as void pointer remember to update inter-procedural callgraph/SVFIR/SVFG etc. when indirect call targets are resolved We don't connect the callgraph here, further investigation is need to handle mod-ref during SVFG construction.

TODO: inter-procedural SVFIR edges for thread joins

Definition at line 128 of file SVFIRExtAPI.cpp.

129{
130 const CallICFGNode *callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
131
132 if (isHeapAllocExtCallViaRet(callICFGNode))
133 {
134 NodeID val = llvmModuleSet()->getValueNode(cs);
135 NodeID obj = llvmModuleSet()->getObjectNode(cs);
136 addAddrWithHeapSz(obj, val, cs);
137 }
138 else if (isHeapAllocExtCallViaArg(callICFGNode))
139 {
140 u32_t arg_pos = LLVMUtil::getHeapAllocHoldingArgPosition(callee);
141 Value* arg = cs->getArgOperand(arg_pos);
142 if (cs->getArgOperand(arg_pos)->getType()->isPointerTy())
143 {
144 NodeID vnArg = llvmModuleSet()->getValueNode(arg);
145 NodeID dummy = pag->addDummyValNode();
146 NodeID obj = pag->addDummyObjNode(llvmModuleSet()->getSVFType(cs->getArgOperand(arg_pos)->getType()));
147 if (vnArg && dummy && obj)
148 {
149 addAddrWithHeapSz(obj, dummy, cs);
150 addStoreEdge(dummy, vnArg);
151 }
152 }
153 else
154 {
155 writeWrnMsg("Arg receiving new object must be pointer type");
156 }
157 }
158 else if (LLVMUtil::isMemcpyExtFun(callee))
159 {
160 // Side-effects similar to void *memcpy(void *dest, const void * src, size_t n)
161 // which copies n characters from memory area 'src' to memory area 'dest'.
162 if(callee->getName().find("iconv") != std::string::npos)
163 addComplexConsForExt(cs->getArgOperand(3), cs->getArgOperand(1), nullptr);
164 else if(callee->getName().find("bcopy") != std::string::npos)
165 addComplexConsForExt(cs->getArgOperand(1), cs->getArgOperand(0), cs->getArgOperand(2));
166 if(cs->arg_size() == 3)
167 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), cs->getArgOperand(2));
168 else
169 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), nullptr);
170 if(SVFUtil::isa<PointerType>(cs->getType()))
171 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
172 }
173 else if(LLVMUtil::isMemsetExtFun(callee))
174 {
175 // Side-effects similar to memset(void *str, int c, size_t n)
176 // which copies the character c (an unsigned char) to the first n characters of the string pointed to, by the argument str
177 std::vector<AccessPath> dstFields;
178 const Type *dtype = getBaseTypeAndFlattenedFields(cs->getArgOperand(0), dstFields, cs->getArgOperand(2));
179 u32_t sz = dstFields.size();
180 //For each field (i), add store edge *(arg0 + i) = arg1
181 for (u32_t index = 0; index < sz; index++)
182 {
183 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
184 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
185 dstFields[index].getConstantStructFldIdx());
186 NodeID dField = getGepValVar(cs->getArgOperand(0), dstFields[index], dElementType);
187 addStoreEdge(getValueNode(cs->getArgOperand(1)),dField);
188 }
189 if(SVFUtil::isa<PointerType>(cs->getType()))
190 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
191 }
192 else if(callee->getName().compare("dlsym") == 0)
193 {
194 /*
195 Side-effects of void* dlsym( void* handle, const char* funName),
196 Locate the function with the name "funName," then add a "copy" edge between the callsite and that function.
197 dlsym() example:
198 int main() {
199 // Open the shared library
200 void* handle = dlopen("./my_shared_library.so", RTLD_LAZY);
201 // Find the function address
202 void (*myFunctionPtr)() = (void (*)())dlsym(handle, "myFunction");
203 // Call the function
204 myFunctionPtr();
205 }
206 */
207 const Value* src = cs->getArgOperand(1);
208 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(src))
209 src = stripConstantCasts(gep->getPointerOperand());
210
211 auto getHookFn = [](const Value* src)->const Function*
212 {
213 if (!SVFUtil::isa<GlobalVariable>(src))
214 return nullptr;
215
216 auto *glob = SVFUtil::cast<GlobalVariable>(src);
217 if (!glob->hasInitializer() || !SVFUtil::isa<ConstantDataArray>(glob->getInitializer()))
218 return nullptr;
219
220 auto *constarray = SVFUtil::cast<ConstantDataArray>(glob->getInitializer());
221 return LLVMUtil::getProgFunction(constarray->getAsCString().str());
222 };
223
224 if (const Function *fn = getHookFn(src))
225 {
226 NodeID srcNode = getValueNode(fn);
227 addCopyEdge(srcNode, getValueNode(cs), CopyStmt::COPYVAL);
228 }
229 }
230 else if(callee->getName().find("_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_") != std::string::npos)
231 {
232 // The purpose of this function is to insert a new node into the red-black tree and then rebalance the tree to ensure that the red-black tree properties are maintained.
233 assert(cs->arg_size() == 4 && "_Rb_tree_insert_and_rebalance should have 4 arguments.\n");
234
235 // We have vArg3 points to the entry of _Rb_tree_node_base { color; parent; left; right; }.
236 // Now we calculate the offset from base to vArg3
237 NodeID vnArg3 = llvmModuleSet()->getValueNode(cs->getArgOperand(3));
238 APOffset offset =
239 getAccessPathFromBaseNode(vnArg3).getConstantStructFldIdx();
240
241 // We get all flattened fields of base
242 vector<AccessPath> fields = pag->getTypeLocSetsMap(vnArg3).second;
243
244 // We summarize the side effects: arg3->parent = arg1, arg3->left = arg1, arg3->right = arg1
245 // Note that arg0 is aligned with "offset".
246 for (APOffset i = offset + 1; i <= offset + 3; ++i)
247 {
248 if((u32_t)i >= fields.size())
249 break;
250 const SVFType* elementType = pag->getFlatternedElemType(pag->getTypeLocSetsMap(vnArg3).first,
251 fields[i].getConstantStructFldIdx());
252 NodeID vnD = getGepValVar(cs->getArgOperand(3), fields[i], elementType);
253 NodeID vnS = llvmModuleSet()->getValueNode(cs->getArgOperand(1));
254 if(vnD && vnS)
255 addStoreEdge(vnS,vnD);
256 }
257 }
258
259 if (isThreadForkCall(callICFGNode))
260 {
261 const ValVar* valVar = getForkedFun(callICFGNode);
262 if (const FunValVar* funcValVar = SVFUtil::dyn_cast<FunValVar>(valVar))
263 {
264 const FunObjVar* forkedFun = funcValVar->getFunction()->getDefFunForMultipleModule();
265 const SVFVar* actualParm = getActualParmAtForkSite(callICFGNode);
268 assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
269 if (forkedFun->arg_size() <= 2 && forkedFun->arg_size() >= 1)
270 {
271 const ArgValVar* formalParm = forkedFun->getArg(0);
273 if (actualParm->isPointer() && formalParm->getType()->isPointerTy())
274 {
275 FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
276 addThreadForkEdge(actualParm->getId(), formalParm->getId(), callICFGNode, entry);
277 }
278 }
279 }
280 else
281 {
286 }
290 }
291
293}
SVF::ArgValVar
Class representing a function argument variable in the SVFIR.
Definition SVFVariables.h:354
SVF::FunObjVar::getFunction
virtual const FunObjVar * getFunction() const
Get containing function, or null for globals/constants.
Definition SVFVariables.cpp:470
SVF::FunObjVar::getDefFunForMultipleModule
const FunObjVar * getDefFunForMultipleModule() const
Definition SVFVariables.h:1143
SVF::SVFIRBuilder::addAddrWithHeapSz
AddrStmt * addAddrWithHeapSz(NodeID src, NodeID dst, const CallBase *cs)
Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
Definition SVFIRBuilder.h:321
SVF::SVFIRBuilder::addThreadForkEdge
void addThreadForkEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIRBuilder.h:499
SVF::SVFIRBuilder::getAccessPathFromBaseNode
AccessPath getAccessPathFromBaseNode(NodeID nodeId)
Definition SVFIRBuilder.cpp:1804
SVF::SVFIRBuilder::addCopyEdge
CopyStmt * addCopyEdge(NodeID src, NodeID dst, CopyStmt::CopyKind kind)
Definition SVFIRBuilder.h:367
SVF::SVFIRBuilder::addComplexConsForExt
virtual void addComplexConsForExt(Value *D, Value *S, const Value *sz)
Definition SVFIRExtAPI.cpp:82
SVF::SVFIR::getTypeLocSetsMap
SVFTypeLocSetsPair & getTypeLocSetsMap(NodeID argId)
Given an arg NodeId, get its base SVFType* and all its field location sets.
Definition SVFIR.h:272
SVF::SVFIR::addDummyObjNode
NodeID addDummyObjNode(const SVFType *type)
Definition SVFIR.h:495
SVF::LLVMUtil::getProgFunction
const Function * getProgFunction(const std::string &funName)
Get program entry function from module.
Definition LLVMUtil.cpp:39
SVF::LLVMUtil::stripConstantCasts
const Value * stripConstantCasts(const Value *val)
Strip off the constant casts.
Definition LLVMUtil.cpp:218
SVF::LLVMUtil::isHeapAllocExtCallViaRet
bool isHeapAllocExtCallViaRet(const Instruction *inst)
Definition LLVMUtil.cpp:633
SVF::LLVMUtil::isMemcpyExtFun
bool isMemcpyExtFun(const Function *fun)
Definition LLVMUtil.cpp:388
SVF::LLVMUtil::isHeapAllocExtCallViaArg
bool isHeapAllocExtCallViaArg(const Instruction *inst)
Definition LLVMUtil.cpp:648
SVF::LLVMUtil::isMemsetExtFun
bool isMemsetExtFun(const Function *fun)
Definition LLVMUtil.cpp:394
SVF::LLVMUtil::getHeapAllocHoldingArgPosition
u32_t getHeapAllocHoldingArgPosition(const Function *fun)
Definition LLVMUtil.cpp:400
SVF::SVFUtil::isThreadForkCall
bool isThreadForkCall(const CallICFGNode *inst)
Definition SVFUtil.h:360
SVF::SVFUtil::getActualParmAtForkSite
const ValVar * getActualParmAtForkSite(const CallICFGNode *cs)
Return sole argument of the thread routine.
Definition SVFUtil.h:408
SVF::SVFUtil::getForkedFun
const ValVar * getForkedFun(const CallICFGNode *inst)
Return thread fork function.
Definition SVFUtil.h:331

◆ handleIndCall()

void SVFIRBuilder::handleIndCall ( CallBase cs)
protected

Handle indirect call.

Indirect call is resolved on-the-fly during pointer analysis

Definition at line 1595 of file SVFIRBuilder.cpp.

1596{
1597 const CallICFGNode* cbn = llvmModuleSet()->getCallICFGNode(cs);
1598 pag->addIndirectCallsites(cbn,llvmModuleSet()->getValueNode(cs->getCalledOperand()));
1599}
SVF::SVFIR::addIndirectCallsites
void addIndirectCallsites(const CallICFGNode *cs, NodeID funPtr)
Add indirect callsites.
Definition SVFIR.h:553

◆ inferFieldIdxFromByteOffset()

u32_t SVFIRBuilder::inferFieldIdxFromByteOffset ( const llvm::GEPOperator *  gepOp,
DataLayout dl,
AccessPath ap,
APOffset  idx 
)
protected

Infer field index from byteoffset.

Definition at line 629 of file SVFIRBuilder.cpp.

630{
631 return 0;
632}

◆ initDomTree()

void SVFIRBuilder::initDomTree ( FunObjVar func,
const Function f 
)

Definition at line 261 of file SVFIRBuilder.cpp.

262{
263 if (fun->isDeclaration())
264 return;
265 //process and stored dt & df
266 DominanceFrontier df;
267 DominatorTree& dt = llvmModuleSet()->getDomTree(fun);
268 df.analyze(dt);
269 LoopInfo loopInfo = LoopInfo(dt);
270 PostDominatorTree pdt = PostDominatorTree(const_cast<Function&>(*fun));
271 SVFLoopAndDomInfo* ld = svffun->getLoopAndDomInfo();
272
273 Map<const SVFBasicBlock*,Set<const SVFBasicBlock*>> & dfBBsMap = ld->getDomFrontierMap();
274 for (DominanceFrontierBase::const_iterator dfIter = df.begin(), eDfIter = df.end(); dfIter != eDfIter; dfIter++)
275 {
276 const BasicBlock* keyBB = dfIter->first;
277 const std::set<BasicBlock* >& domSet = dfIter->second;
278 Set<const SVFBasicBlock*>& valueBasicBlocks = dfBBsMap[llvmModuleSet()->getSVFBasicBlock(keyBB)];
279 for (const BasicBlock* bbValue:domSet)
280 {
281 valueBasicBlocks.insert(llvmModuleSet()->getSVFBasicBlock(bbValue));
282 }
283 }
284 std::vector<const SVFBasicBlock*> reachableBBs;
285 LLVMUtil::getFunReachableBBs(fun, reachableBBs);
286 ld->setReachableBBs(reachableBBs);
287
288 for (Function::const_iterator bit = fun->begin(), beit = fun->end(); bit!=beit; ++bit)
289 {
290 const BasicBlock &bb = *bit;
291 SVFBasicBlock* svfBB = llvmModuleSet()->getSVFBasicBlock(&bb);
292 if (DomTreeNode* dtNode = dt.getNode(&bb))
293 {
294 SVFLoopAndDomInfo::BBSet& bbSet = ld->getDomTreeMap()[svfBB];
295 for (const auto domBB : *dtNode)
296 {
297 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
298 bbSet.insert(domSVFBB);
299 }
300 }
301
302 if (DomTreeNode* pdtNode = pdt.getNode(&bb))
303 {
304 u32_t level = pdtNode->getLevel();
305 ld->getBBPDomLevel()[svfBB] = level;
306 BasicBlock* idomBB = pdtNode->getIDom()->getBlock();
307 const SVFBasicBlock* idom = idomBB == NULL ? NULL: llvmModuleSet()->getSVFBasicBlock(idomBB);
308 ld->getBB2PIdom()[svfBB] = idom;
309
310 SVFLoopAndDomInfo::BBSet& bbSet = ld->getPostDomTreeMap()[svfBB];
311 for (const auto domBB : *pdtNode)
312 {
313 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
314 bbSet.insert(domSVFBB);
315 }
316 }
317
318 if (const Loop* loop = loopInfo.getLoopFor(&bb))
319 {
320 for (const BasicBlock* loopBlock : loop->getBlocks())
321 {
322 const SVFBasicBlock* loopbb = llvmModuleSet()->getSVFBasicBlock(loopBlock);
323 ld->addToBB2LoopMap(svfBB, loopbb);
324 }
325 }
326 }
327}
SVF::LLVMModuleSet::getSVFBasicBlock
SVFBasicBlock * getSVFBasicBlock(const BasicBlock *bb)
Definition LLVMModule.h:291
SVF::LLVMModuleSet::getDomTree
DominatorTree & getDomTree(const Function *fun)
Definition LLVMModule.cpp:97
SVF::SVFLoopAndDomInfo::getDomFrontierMap
const Map< const SVFBasicBlock *, BBSet > & getDomFrontierMap() const
Definition SVFLoopAndDomInfo.h:66
SVF::SVFLoopAndDomInfo::BBSet
Set< const SVFBasicBlock * > BBSet
Definition SVFLoopAndDomInfo.h:46
NULL
#define NULL
Definition extapi.c:2
SVF::LLVMUtil::getFunReachableBBs
void getFunReachableBBs(const Function *svfFun, std::vector< const SVFBasicBlock * > &bbs)
Get reachable basic block from function entry.
Definition LLVMUtil.cpp:74
SVF::LoopInfo
llvm::LoopInfo LoopInfo
Definition BasicTypes.h:141
SVF::DomTreeNode
llvm::DomTreeNode DomTreeNode
Definition BasicTypes.h:134
SVF::PostDominatorTree
llvm::PostDominatorTree PostDominatorTree
Definition BasicTypes.h:136
SVF::DominanceFrontier
llvm::DominanceFrontier DominanceFrontier
Definition BasicTypes.h:135
SVF::Loop
llvm::Loop Loop
LLVM Loop.
Definition BasicTypes.h:140
SVF::DominatorTree
llvm::DominatorTree DominatorTree
LLVM Dominators.
Definition BasicTypes.h:133

◆ initFunObjVar()

void SVFIRBuilder::initFunObjVar ( )

Function

set realDefFun for all functions

Definition at line 190 of file SVFIRBuilder.cpp.

191{
192 for (Module& mod : llvmModuleSet()->getLLVMModules())
193 {
195 for (const Function& f : mod.functions())
196 {
197 FunObjVar* svffun = const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(&f));
198 initSVFBasicBlock(&f);
199
200 if (!LLVMUtil::isExtCall(&f))
201 {
202 initDomTree(svffun, &f);
203 }
205 const Function *realfun = llvmModuleSet()->getRealDefFun(&f);
206 svffun->setRelDefFun(realfun == nullptr ? nullptr : llvmModuleSet()->getFunObjVar(realfun));
207 }
208 }
209
210 // Store annotations of functions in extapi.bc
211 for (const auto& pair : llvmModuleSet()->ExtFun2Annotations)
212 {
213 ExtAPI::getExtAPI()->setExtFuncAnnotations(llvmModuleSet()->getFunObjVar(pair.first), pair.second);
214 }
215
216}
SVF::ExtAPI::getExtAPI
static ExtAPI * getExtAPI()
Definition ExtAPI.cpp:43
SVF::ExtAPI::setExtFuncAnnotations
void setExtFuncAnnotations(const FunObjVar *fun, const std::vector< std::string > &funcAnnotations)
Definition ExtAPI.cpp:166
SVF::LLVMModuleSet::getRealDefFun
const Function * getRealDefFun(const Function *fun) const
Definition LLVMModule.h:183
SVF::SVFIRBuilder::initSVFBasicBlock
void initSVFBasicBlock(const Function *func)
Definition SVFIRBuilder.cpp:218
SVF::SVFIRBuilder::initDomTree
void initDomTree(FunObjVar *func, const Function *f)
Definition SVFIRBuilder.cpp:261
SVF::LLVMUtil::isExtCall
bool isExtCall(const Function *fun)
Definition LLVMUtil.cpp:383

◆ InitialGlobal()

void SVFIRBuilder::InitialGlobal ( const GlobalVariable gvar,
Constant C,
u32_t  offset 
)
protected

src should not point to anything yet

Definition at line 871 of file SVFIRBuilder.cpp.

873{
874 DBOUT(DPAGBuild, outs() << "global " << llvmModuleSet()->getSVFValue(gvar)->toString() << " constant initializer: " << llvmModuleSet()->getSVFValue(C)->toString() << "\n");
875 if (C->getType()->isSingleValueType())
876 {
877 NodeID src = getValueNode(C);
878 // get the field value if it is available, otherwise we create a dummy field node.
879 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
880 NodeID field = getGlobalVarField(gvar, offset, llvmModuleSet()->getSVFType(C->getType()));
881
882 if (SVFUtil::isa<GlobalVariable, Function>(C))
883 {
884 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
885 addStoreEdge(src, field);
886 }
887 else if (SVFUtil::isa<ConstantExpr>(C))
888 {
889 // add gep edge of C1 itself is a constant expression
890 processCE(C);
891 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
892 addStoreEdge(src, field);
893 }
894 else if (SVFUtil::isa<BlockAddress>(C))
895 {
896 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
897 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
898 processCE(C);
899 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
900 addAddrEdge(pag->getConstantNode(), src);
901 }
902 else
903 {
904 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
905 addStoreEdge(src, field);
907 if (C->getType()->isPtrOrPtrVectorTy() && src != pag->getNullPtr())
908 addCopyEdge(pag->getNullPtr(), src, CopyStmt::COPYVAL);
909 }
910 }
911 else if (SVFUtil::isa<ConstantArray, ConstantStruct>(C))
912 {
913 if(cppUtil::isValVtbl(gvar) && !Options::VtableInSVFIR())
914 return;
915 for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
916 {
917 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
918 InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
919 }
920 }
921 else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
922 {
923 if(Options::ModelConsts())
924 {
925 if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data))
926 {
927 for(u32_t i = 0; i < seq->getNumElements(); i++)
928 {
929 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
930 Constant* ct = seq->getElementAsConstant(i);
931 InitialGlobal(gvar, ct, offset + off);
932 }
933 }
934 else
935 {
936 assert((SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) && "Single value type data should have been handled!");
937 }
938 }
939 }
940 else
941 {
942 //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
943 }
944}
SVF::IRGraph::getConstantNode
NodeID getConstantNode() const
Definition IRGraph.h:251
SVF::Options::ModelConsts
static Option< bool > ModelConsts
Definition Options.h:187
SVF::Options::VtableInSVFIR
static const Option< bool > VtableInSVFIR
Definition Options.h:217
SVF::SVFIRBuilder::InitialGlobal
void InitialGlobal(const GlobalVariable *gvar, Constant *C, u32_t offset)
Definition SVFIRBuilder.cpp:871
SVF::SVFIRBuilder::getGlobalVarField
NodeID getGlobalVarField(const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
Definition SVFIRBuilder.cpp:844
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition CppUtil.cpp:336
SVF::ConstantData
llvm::ConstantData ConstantData
Definition BasicTypes.h:116
SVF::Constant
llvm::Constant Constant
Definition BasicTypes.h:124
SVF::ConstantDataSequential
llvm::ConstantDataSequential ConstantDataSequential
Definition BasicTypes.h:119

◆ initialiseBaseObjVars()

void SVFIRBuilder::initialiseBaseObjVars ( )

Definition at line 371 of file SVFIRBuilder.cpp.

372{
373 // Iterate over all object symbols in the symbol table
374 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
375 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end();
376 ++iter)
377 {
378 // Debug output for adding object node
379 DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
380
381 // Skip blackhole and constant symbols
382 if(iter->second == pag->blackholeSymID() || iter->second == pag->constantSymID())
383 continue;
384
385 // Get the LLVM value corresponding to the symbol
386 const Value* llvmValue = iter->first;
387
388 const ICFGNode* icfgNode = nullptr;
389 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
390 {
391 if(llvmModuleSet()->hasICFGNode(inst))
392 icfgNode = llvmModuleSet()->getICFGNode(inst);
393 }
394
395 // Check if the value is a function and add a function object node
396 if (SVFUtil::dyn_cast<Function>(llvmValue))
397 {
398 // already one
399 }
400 // Check if the value is a heap object and add a heap object node
401 else if (LLVMUtil::isHeapObj(llvmValue))
402 {
403 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
404 pag->addHeapObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
405 }
406 // Check if the value is an alloca instruction and add a stack object node
407 else if (LLVMUtil::isStackObj(llvmValue))
408 {
409 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
410 pag->addStackObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
411 }
412 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
413 {
414 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
415 pag->addConstantFPObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getDoubleValue(fpValue), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
416 }
417 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
418 {
419 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
420 pag->addConstantIntObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getIntegerValue(intValue), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
421 }
422 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
423 {
424 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
425 pag->addConstantNullPtrObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
426 }
427 else if (SVFUtil::isa<GlobalValue>(llvmValue))
428 {
429 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
430 pag->addGlobalObjNode(iter->second,
431 pag->getObjTypeInfo(id),
432 llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
433 }
434 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
435 {
436 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
437 pag->addConstantDataObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
438 }
439 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
440 {
441 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
442 pag->addConstantAggObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
443 }
444 // Add a generic object node for other types of values
445 else
446 {
447 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
448 pag->addObjNode(iter->second,
449 pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
450 }
451 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
452 }
453
454}
SVF::IRGraph::constantSymID
NodeID constantSymID() const
Definition IRGraph.h:188
SVF::IRGraph::blackholeSymID
NodeID blackholeSymID() const
Definition IRGraph.h:193
SVF::SVFIR::addObjNode
NodeID addObjNode(NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Add a memory obj node.
Definition SVFIR.h:623
SVF::SVFIR::addGlobalObjNode
NodeID addGlobalObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:680
SVF::SVFIR::addConstantFPObjNode
NodeID addConstantFPObjNode(NodeID i, ObjTypeInfo *ti, double dval, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:656
SVF::SVFIR::addHeapObjNode
NodeID addHeapObjNode(NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:631
SVF::SVFIR::addStackObjNode
NodeID addStackObjNode(NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:641
SVF::SVFIR::addConstantDataObjNode
NodeID addConstantDataObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:692
SVF::SVFIR::addConstantAggObjNode
NodeID addConstantAggObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:686
SVF::SVFIR::addConstantNullPtrObjNode
NodeID addConstantNullPtrObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:673
SVF::SVFIR::addConstantIntObjNode
NodeID addConstantIntObjNode(NodeID i, ObjTypeInfo *ti, const std::pair< s64_t, u64_t > &intValue, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:664
SVF::LLVMUtil::getDoubleValue
double getDoubleValue(const ConstantFP *fpValue)
Definition LLVMUtil.h:54
SVF::LLVMUtil::isHeapObj
bool isHeapObj(const Value *val)
Definition LLVMUtil.cpp:682
SVF::LLVMUtil::isStackObj
bool isStackObj(const Value *val)
Definition LLVMUtil.cpp:704

◆ initialiseNodes()

void SVFIRBuilder::initialiseNodes ( )

Initialize nodes and edges.

add address edges for constant nodes.

add argvalvar for svffunctions

Definition at line 534 of file SVFIRBuilder.cpp.

535{
536 DBOUT(DPAGBuild, outs() << "Initialise SVFIR Nodes ...\n");
537
538
539 pag->addBlackholeObjNode();
540 pag->addConstantObjNode();
541 pag->addBlackholePtrNode();
542 addNullPtrNode();
543
544 initialiseBaseObjVars();
545 initialiseValVars();
546
547 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
548 llvmModuleSet()->retSyms().begin(); iter != llvmModuleSet()->retSyms().end();
549 ++iter)
550 {
551 const Value* llvmValue = iter->first;
552 const ICFGNode* icfgNode = nullptr;
553 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
554 {
555 if(llvmModuleSet()->hasICFGNode(inst))
556 icfgNode = llvmModuleSet()->getICFGNode(inst);
557 }
558 DBOUT(DPAGBuild, outs() << "add ret node " << iter->second << "\n");
559 pag->addRetNode(iter->second,
560 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
561 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
562 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
563 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
564 pag->returnFunObjSymMap[funObjVar] = iter->second;
565 }
566
567 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
568 llvmModuleSet()->varargSyms().begin();
569 iter != llvmModuleSet()->varargSyms().end(); ++iter)
570 {
571 const Value* llvmValue = iter->first;
572
573 const ICFGNode *icfgNode = nullptr;
574 if (const Instruction *inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
575 {
576 if (llvmModuleSet()->hasICFGNode(inst))
577 icfgNode = llvmModuleSet()->getICFGNode(inst);
578 }
579 DBOUT(DPAGBuild, outs() << "add vararg node " << iter->second << "\n");
580 pag->addVarargNode(iter->second,
581 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
582 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
583 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
584 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
585 pag->varargFunObjSymMap[funObjVar] = iter->second;
586 }
587
589 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
590 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end(); ++iter)
591 {
592 DBOUT(DPAGBuild, outs() << "add address edges for constant node " << iter->second << "\n");
593 const Value* val = iter->first;
594 if (isConstantObjSym(val))
595 {
596 NodeID ptr = llvmModuleSet()->getValueNode(val);
597 if(ptr!= pag->getBlkPtr() && ptr!= pag->getNullPtr())
598 {
599 setCurrentLocation(val, (SVFBasicBlock*) nullptr);
600 addAddrEdge(iter->second, ptr);
601 }
602 }
603 }
604
605 assert(pag->getTotalNodeNum() >= pag->getTotalSymNum()
606 && "not all node have been initialized!!!");
607
609 for (auto& fun: llvmModuleSet()->getFunctionSet())
610 {
611 for (const Argument& arg : fun->args())
612 {
613 const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(fun))->addArgument(SVFUtil::cast<ArgValVar>(
614 pag->getGNode(llvmModuleSet()->getValueNode(&arg))));
615 }
616 }
617
618}
SVF::IRGraph::getTotalSymNum
u32_t getTotalSymNum() const
Statistics.
Definition IRGraph.h:200
SVF::IRGraph::varargFunObjSymMap
FunObjVarToIDMapTy varargFunObjSymMap
vararg map
Definition IRGraph.h:87
SVF::IRGraph::returnFunObjSymMap
FunObjVarToIDMapTy returnFunObjSymMap
return map
Definition IRGraph.h:86
SVF::LLVMModuleSet::retSyms
FunToIDMapTy & retSyms()
Definition LLVMModule.h:267
SVF::LLVMModuleSet::hasICFGNode
bool hasICFGNode(const Instruction *inst)
Definition LLVMModule.cpp:1132
SVF::LLVMModuleSet::varargSyms
FunToIDMapTy & varargSyms()
Definition LLVMModule.h:272
SVF::SVFIRBuilder::addNullPtrNode
NodeID addNullPtrNode()
Add NullPtr PAGNode.
Definition SVFIRBuilder.h:277
SVF::SVFIR::addBlackholePtrNode
NodeID addBlackholePtrNode()
Definition SVFIR.h:755
SVF::SVFIR::addBlackholeObjNode
NodeID addBlackholeObjNode()
Definition SVFIR.h:747
SVF::SVFIR::addVarargNode
NodeID addVarargNode(NodeID i, const FunObjVar *val, const SVFType *type, const ICFGNode *n)
Add a unique vararg node for a procedure.
Definition SVFIR.h:706
SVF::SVFIR::addRetNode
NodeID addRetNode(NodeID i, const FunObjVar *callGraphNode, const SVFType *type, const ICFGNode *icn)
Add a unique return node for a procedure.
Definition SVFIR.h:700
SVF::SVFIR::addConstantObjNode
NodeID addConstantObjNode()
Definition SVFIR.h:751
SVF::LLVMUtil::isConstantObjSym
bool isConstantObjSym(const Value *val)
Check whether this value points-to a constant object.
Definition CppUtil.cpp:672
SVF::Argument
llvm::Argument Argument
Definition BasicTypes.h:145

◆ initialiseValVars()

void SVFIRBuilder::initialiseValVars ( )

Definition at line 456 of file SVFIRBuilder.cpp.

457{
458 // Iterate over all value symbols in the symbol table
459 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
460 llvmModuleSet()->valSyms().begin(); iter != llvmModuleSet()->valSyms().end();
461 ++iter)
462 {
463 // Debug output for adding value node
464 DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
465
466 // Skip blackhole and null pointer symbols
467 if(iter->second == pag->blkPtrSymID() || iter->second == pag->nullPtrSymID())
468 continue;
469
470 const ICFGNode* icfgNode = nullptr;
471 auto llvmValue = iter->first;
472 if (const Instruction* inst =
473 SVFUtil::dyn_cast<Instruction>(llvmValue))
474 {
475 if (llvmModuleSet()->hasICFGNode(inst))
476 {
477 icfgNode = llvmModuleSet()->getICFGNode(inst);
478 }
479 }
480
481 // Check if the value is a function and get its call graph node
482 if (const Function* func = SVFUtil::dyn_cast<Function>(llvmValue))
483 {
484 // add value node representing the function
485 pag->addFunValNode(iter->second, icfgNode, llvmModuleSet()->getFunObjVar(func), llvmModuleSet()->getSVFType(llvmValue->getType()));
486 }
487 else if (auto argval = SVFUtil::dyn_cast<Argument>(llvmValue))
488 {
489 pag->addArgValNode(
490 iter->second, argval->getArgNo(), icfgNode,
491 llvmModuleSet()->getFunObjVar(argval->getParent()),llvmModuleSet()->getSVFType(llvmValue->getType()));
492 if (!argval->hasName())
493 pag->getGNode(iter->second)->setName("arg_" + std::to_string(argval->getArgNo()));
494 }
495 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
496 {
497 pag->addConstantFPValNode(iter->second, LLVMUtil::getDoubleValue(fpValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
498 }
499 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
500 {
501 pag->addConstantIntValNode(iter->second, LLVMUtil::getIntegerValue(intValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
502 }
503 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
504 {
505 pag->addConstantNullPtrValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
506 }
507 else if (SVFUtil::isa<GlobalValue>(llvmValue))
508 {
509 pag->addGlobalValNode(iter->second, icfgNode,
510 llvmModuleSet()->getSVFType(llvmValue->getType()));
511 }
512 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
513 {
514 pag->addConstantDataValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
515 }
516 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
517 {
518 pag->addConstantAggValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
519 }
520 else
521 {
522 // Add value node to PAG
523 pag->addValNode(iter->second, llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
524 }
525 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue,
526 pag->getGNode(iter->second));
527 }
528}
SVF::IRGraph::blkPtrSymID
NodeID blkPtrSymID() const
Definition IRGraph.h:178
SVF::IRGraph::nullPtrSymID
NodeID nullPtrSymID() const
Definition IRGraph.h:183
SVF::LLVMModuleSet::valSyms
ValueToIDMapTy & valSyms()
Definition LLVMModule.h:205
SVF::SVFIR::addGlobalValNode
NodeID addGlobalValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:603
SVF::SVFIR::addConstantDataValNode
NodeID addConstantDataValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:615
SVF::SVFIR::addFunValNode
NodeID addFunValNode(NodeID i, const ICFGNode *icfgNode, const FunObjVar *funObjVar, const SVFType *type)
Definition SVFIR.h:570
SVF::SVFIR::addConstantFPValNode
NodeID addConstantFPValNode(const NodeID i, double dval, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:583
SVF::SVFIR::addConstantAggValNode
NodeID addConstantAggValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:609
SVF::SVFIR::addValNode
NodeID addValNode(NodeID i, const SVFType *type, const ICFGNode *icfgNode)
add node into SVFIR
Definition SVFIR.h:564
SVF::SVFIR::addArgValNode
NodeID addArgValNode(NodeID i, u32_t argNo, const ICFGNode *icfgNode, const FunObjVar *callGraphNode, const SVFType *type)
Definition SVFIR.h:576
SVF::SVFValue::setName
virtual void setName(const std::string &nameInfo)
Definition SVFValue.h:174

◆ initSVFBasicBlock()

void SVFIRBuilder::initSVFBasicBlock ( const Function func)

set exit block: exit basic block must have no successors and have a return instruction

Definition at line 218 of file SVFIRBuilder.cpp.

219{
220 FunObjVar *svfFun = const_cast<FunObjVar *>(llvmModuleSet()->getFunObjVar(func));
221 for (Function::const_iterator bit = func->begin(), ebit = func->end(); bit != ebit; ++bit)
222 {
223 const BasicBlock* bb = &*bit;
224 SVFBasicBlock* svfbb = llvmModuleSet()->getSVFBasicBlock(bb);
225 for (succ_const_iterator succ_it = succ_begin(bb); succ_it != succ_end(bb); succ_it++)
226 {
227 const SVFBasicBlock* svf_scc_bb = llvmModuleSet()->getSVFBasicBlock(*succ_it);
228 svfbb->addSuccBasicBlock(svf_scc_bb);
229 }
230 for (const_pred_iterator pred_it = pred_begin(bb); pred_it != pred_end(bb); pred_it++)
231 {
232 const SVFBasicBlock* svf_pred_bb = llvmModuleSet()->getSVFBasicBlock(*pred_it);
233 svfbb->addPredBasicBlock(svf_pred_bb);
234 }
235
237 if (svfbb->getSuccessors().empty())
238 {
239 if (LLVMUtil::basicBlockHasRetInst(bb))
240 {
241 assert((LLVMUtil::functionDoesNotRet(func) ||
242 SVFUtil::isa<ReturnInst>(bb->back())) &&
243 "last inst must be return inst");
244 svfFun->setExitBlock(svfbb);
245 }
246 }
247 }
248 // For no return functions, we set the last block as exit BB
249 // This ensures that each function that has definition must have an exit BB
250 if (svfFun->hasBasicBlock() && svfFun->exitBlock == nullptr)
251 {
252 SVFBasicBlock* retBB = const_cast<SVFBasicBlock*>(svfFun->back());
253 assert((LLVMUtil::functionDoesNotRet(func) ||
254 SVFUtil::isa<ReturnInst>(&func->back().back())) &&
255 "last inst must be return inst");
256 svfFun->setExitBlock(retBB);
257 }
258}
SVF::SVFBasicBlock::addPredBasicBlock
void addPredBasicBlock(const SVFBasicBlock *pred2)
Definition BasicBlockG.h:175
SVF::SVFBasicBlock::addSuccBasicBlock
void addSuccBasicBlock(const SVFBasicBlock *succ2)
Definition BasicBlockG.h:158
SVF::LLVMUtil::basicBlockHasRetInst
bool basicBlockHasRetInst(const BasicBlock *bb)
Return true if the function has a return instruction.
Definition LLVMUtil.cpp:108
SVF::succ_const_iterator
llvm::succ_const_iterator succ_const_iterator
LLVM Iterators.
Definition BasicTypes.h:276
SVF::const_pred_iterator
llvm::const_pred_iterator const_pred_iterator
Definition BasicTypes.h:254

◆ llvmModuleSet()

LLVMModuleSet * SVF::SVFIRBuilder::llvmModuleSet ( )
inlineprivate

Definition at line 515 of file SVFIRBuilder.h.

516 {
517 return LLVMModuleSet::getLLVMModuleSet();
518 }

◆ processCE()

void SVFIRBuilder::processCE ( const Value val)
protected

Process constant expression.

Handle constant expression, and connect the gep edge

Definition at line 713 of file SVFIRBuilder.cpp.

714{
715 if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
716 {
717 if (const ConstantExpr* gepce = isGepConstantExpr(ref))
718 {
719 DBOUT(DPAGBuild, outs() << "handle gep constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
720 const Constant* opnd = gepce->getOperand(0);
721 // handle recursive constant express case (gep (bitcast (gep X 1)) 1)
722 processCE(opnd);
723 auto &GEPOp = llvm::cast<llvm::GEPOperator>(*gepce);
724 Type *pType = GEPOp.getSourceElementType();
725 AccessPath ap(0, llvmModuleSet()->getSVFType(pType));
726 bool constGep = computeGepOffset(gepce, ap);
727 // must invoke pag methods here, otherwise it will be a dead recursion cycle
728 const Value* cval = getCurrentValue();
729 const SVFBasicBlock* cbb = getCurrentBB();
730 setCurrentLocation(gepce, (SVFBasicBlock*) nullptr);
731 /*
732 * The gep edge created are like constexpr (same edge may appear at multiple callsites)
733 * so bb/inst of this edge may be rewritten several times, we treat it as global here.
734 */
735 addGepEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(gepce), ap, constGep);
736 setCurrentLocation(cval, cbb);
737 }
738 else if (const ConstantExpr* castce = isCastConstantExpr(ref))
739 {
740 DBOUT(DPAGBuild, outs() << "handle cast constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
741 const Constant* opnd = castce->getOperand(0);
742 processCE(opnd);
743 const Value* cval = getCurrentValue();
744 const SVFBasicBlock* cbb = getCurrentBB();
745 setCurrentLocation(castce, (SVFBasicBlock*) nullptr);
746 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(castce), CopyStmt::BITCAST);
747 setCurrentLocation(cval, cbb);
748 }
749 else if (const ConstantExpr* selectce = isSelectConstantExpr(ref))
750 {
751 DBOUT(DPAGBuild, outs() << "handle select constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
752 const Constant* src1 = selectce->getOperand(1);
753 const Constant* src2 = selectce->getOperand(2);
754 processCE(src1);
755 processCE(src2);
756 const Value* cval = getCurrentValue();
757 const SVFBasicBlock* cbb = getCurrentBB();
758 setCurrentLocation(selectce, (SVFBasicBlock*) nullptr);
759 NodeID cond = llvmModuleSet()->getValueNode(selectce->getOperand(0));
760 NodeID nsrc1 = llvmModuleSet()->getValueNode(src1);
761 NodeID nsrc2 = llvmModuleSet()->getValueNode(src2);
762 NodeID nres = llvmModuleSet()->getValueNode(selectce);
763 addSelectStmt(nres,nsrc1, nsrc2, cond);
764 setCurrentLocation(cval, cbb);
765 }
766 // if we meet a int2ptr, then it points-to black hole
767 else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
768 {
769 const Constant* opnd = int2Ptrce->getOperand(0);
770 processCE(opnd);
771 const SVFBasicBlock* cbb = getCurrentBB();
772 const Value* cval = getCurrentValue();
773 setCurrentLocation(int2Ptrce, (SVFBasicBlock*) nullptr);
774 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(int2Ptrce), CopyStmt::INTTOPTR);
775 setCurrentLocation(cval, cbb);
776 }
777 else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
778 {
779 const Constant* opnd = ptr2Intce->getOperand(0);
780 processCE(opnd);
781 const SVFBasicBlock* cbb = getCurrentBB();
782 const Value* cval = getCurrentValue();
783 setCurrentLocation(ptr2Intce, (SVFBasicBlock*) nullptr);
784 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(ptr2Intce), CopyStmt::PTRTOINT);
785 setCurrentLocation(cval, cbb);
786 }
787 else if(isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
788 {
789 // we don't handle trunc and cmp instruction for now
790 const Value* cval = getCurrentValue();
791 const SVFBasicBlock* cbb = getCurrentBB();
792 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
793 NodeID dst = llvmModuleSet()->getValueNode(ref);
794 addBlackHoleAddrEdge(dst);
795 setCurrentLocation(cval, cbb);
796 }
797 else if (isBinaryConstantExpr(ref))
798 {
799 // we don't handle binary constant expression like add(x,y) now
800 const Value* cval = getCurrentValue();
801 const SVFBasicBlock* cbb = getCurrentBB();
802 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
803 NodeID dst = llvmModuleSet()->getValueNode(ref);
804 addBlackHoleAddrEdge(dst);
805 setCurrentLocation(cval, cbb);
806 }
807 else if (isUnaryConstantExpr(ref))
808 {
809 // we don't handle unary constant expression like fneg(x) now
810 const Value* cval = getCurrentValue();
811 const SVFBasicBlock* cbb = getCurrentBB();
812 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
813 NodeID dst = llvmModuleSet()->getValueNode(ref);
814 addBlackHoleAddrEdge(dst);
815 setCurrentLocation(cval, cbb);
816 }
817 else if (SVFUtil::isa<ConstantAggregate>(ref))
818 {
819 // we don't handle constant aggregate like constant vectors
820 }
821 else if (SVFUtil::isa<BlockAddress>(ref))
822 {
823 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
824 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
825 const Value* cval = getCurrentValue();
826 const SVFBasicBlock* cbb = getCurrentBB();
827 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
828 NodeID dst = llvmModuleSet()->getValueNode(ref);
829 addAddrEdge(pag->getConstantNode(), dst);
830 setCurrentLocation(cval, cbb);
831 }
832 else
833 {
834 if(SVFUtil::isa<ConstantExpr>(val))
835 assert(false && "we don't handle all other constant expression for now!");
836 }
837 }
838}
SVF::SVFIRBuilder::addSelectStmt
void addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIRBuilder.h:421
SVF::SVFIRBuilder::computeGepOffset
bool computeGepOffset(const User *V, AccessPath &ap)
Compute offset of a gep instruction or gep constant expression.
Definition SVFIRBuilder.cpp:640
SVF::LLVMUtil::isBinaryConstantExpr
const ConstantExpr * isBinaryConstantExpr(const Value *val)
Definition LLVMUtil.h:290
SVF::LLVMUtil::isInt2PtrConstantExpr
const ConstantExpr * isInt2PtrConstantExpr(const Value *val)
Definition LLVMUtil.h:225
SVF::LLVMUtil::isSelectConstantExpr
const ConstantExpr * isSelectConstantExpr(const Value *val)
Definition LLVMUtil.h:255
SVF::LLVMUtil::isTruncConstantExpr
const ConstantExpr * isTruncConstantExpr(const Value *val)
Definition LLVMUtil.h:265
SVF::LLVMUtil::isPtr2IntConstantExpr
const ConstantExpr * isPtr2IntConstantExpr(const Value *val)
Definition LLVMUtil.h:235
SVF::LLVMUtil::isUnaryConstantExpr
const ConstantExpr * isUnaryConstantExpr(const Value *val)
Definition LLVMUtil.h:301
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition LLVMUtil.h:245
SVF::LLVMUtil::isGepConstantExpr
const ConstantExpr * isGepConstantExpr(const Value *val)
Return corresponding constant expression, otherwise return nullptr.
Definition LLVMUtil.h:215
SVF::LLVMUtil::isCmpConstantExpr
const ConstantExpr * isCmpConstantExpr(const Value *val)
Definition LLVMUtil.h:279
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition BasicTypes.h:120

◆ sanityCheck()

void SVFIRBuilder::sanityCheck ( )

Sanity check for SVFIR.

Definition at line 1636 of file SVFIRBuilder.cpp.

1637{
1638 for (SVFIR::iterator nIter = pag->begin(); nIter != pag->end(); ++nIter)
1639 {
1640 (void) pag->getGNode(nIter->first);
1641 //TODO::
1642 // (1) every source(root) node of a pag tree should be object node
1643 // if a node has no incoming edge, but has outgoing edges
1644 // then it has to be an object node.
1645 // (2) make sure every variable should be initialized
1646 // otherwise it causes the a null pointer, the aliasing relation may not be captured
1647 // when loading a pointer value should make sure
1648 // some value has been store into this pointer before
1649 // q = load p, some value should stored into p first like store w p;
1650 // (3) make sure PAGNode should not have a const expr value (pointer should have unique def)
1651 // (4) look closely into addComplexConsForExt, make sure program locations(e.g.,inst bb)
1652 // are set correctly for dummy gepval node
1653 // (5) reduce unnecessary copy edge (const casts) and ensure correctness.
1654 }
1655}
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:377
SVF::GenericGraph< SVFVar, SVFStmt >::iterator
IDToNodeMapTy::iterator iterator
Node Iterators.
Definition GenericGraph.h:356

◆ setCurrentBBAndValueForPAGEdge()

void SVFIRBuilder::setCurrentBBAndValueForPAGEdge ( PAGEdge edge)
protected

We assume every GepValVar and its GepStmt are unique across whole program

We will have one unique function exit ICFGNode for all returns

Definition at line 1717 of file SVFIRBuilder.cpp.

1718{
1719 if (SVFIR::pagReadFromTXT())
1720 return;
1721
1722 assert(curVal && "current Val is nullptr?");
1723 edge->setBB(curBB!=nullptr ? curBB : nullptr);
1724 edge->setValue(pag->getGNode(llvmModuleSet()->getValueNode(curVal)));
1725 ICFGNode* icfgNode = pag->getICFG()->getGlobalICFGNode();
1726 LLVMModuleSet* llvmMS = llvmModuleSet();
1727 if (const Instruction* curInst = SVFUtil::dyn_cast<Instruction>(curVal))
1728 {
1729 const FunObjVar* srcFun = edge->getSrcNode()->getFunction();
1730 const FunObjVar* dstFun = edge->getDstNode()->getFunction();
1731 if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<FunValVar>(edge->getSrcNode()) && !SVFUtil::isa<FunObjVar>(edge->getSrcNode()))
1732 {
1733 assert(srcFun==llvmMS->getFunObjVar(curInst->getFunction()) && "SrcNode of the PAGEdge not in the same function?");
1734 }
1735 if(dstFun!=nullptr && !SVFUtil::isa<CallPE>(edge) && !SVFUtil::isa<RetValPN>(edge->getDstNode()))
1736 {
1737 assert(dstFun==llvmMS->getFunObjVar(curInst->getFunction()) && "DstNode of the PAGEdge not in the same function?");
1738 }
1739
1741 if (!(SVFUtil::isa<GepStmt>(edge) && SVFUtil::isa<GepValVar>(edge->getDstNode())))
1742 assert(curBB && "instruction does not have a basic block??");
1743
1745 if(SVFUtil::isa<ReturnInst>(curInst))
1746 {
1747 icfgNode = pag->getICFG()->getFunExitICFGNode(llvmMS->getFunObjVar(curInst->getFunction()));
1748 }
1749 else
1750 {
1751 if(SVFUtil::isa<RetPE>(edge))
1752 icfgNode = llvmMS->getRetICFGNode(SVFUtil::cast<Instruction>(curInst));
1753 else
1754 icfgNode = llvmMS->getICFGNode(SVFUtil::cast<Instruction>(curInst));
1755 }
1756 }
1757 else if (const Argument* arg = SVFUtil::dyn_cast<Argument>(curVal))
1758 {
1759 assert(curBB && (curBB->getParent()->getEntryBlock() == curBB));
1760 icfgNode = pag->getICFG()->getFunEntryICFGNode(
1761 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(arg->getParent())));
1762 }
1763 else if (SVFUtil::isa<Constant>(curVal) ||
1764 SVFUtil::isa<Function>(curVal) ||
1765 SVFUtil::isa<MetadataAsValue>(curVal))
1766 {
1767 if (!curBB)
1768 pag->addGlobalPAGEdge(edge);
1769 else
1770 {
1771 icfgNode = const_cast<ICFGNode*>(curBB->front());
1772 }
1773 }
1774 else
1775 {
1776 assert(false && "what else value can we have?");
1777 }
1778
1779 pag->addToSVFStmtList(icfgNode,edge);
1780 icfgNode->addSVFStmt(edge);
1781 if(const CallPE* callPE = SVFUtil::dyn_cast<CallPE>(edge))
1782 {
1783 CallICFGNode* callNode = const_cast<CallICFGNode*>(callPE->getCallSite());
1784 FunEntryICFGNode* entryNode = const_cast<FunEntryICFGNode*>(callPE->getFunEntryICFGNode());
1785 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(callNode,entryNode, ICFGEdge::CallCF))
1786 SVFUtil::cast<CallCFGEdge>(edge)->addCallPE(callPE);
1787 }
1788 else if(const RetPE* retPE = SVFUtil::dyn_cast<RetPE>(edge))
1789 {
1790 RetICFGNode* retNode = const_cast<RetICFGNode*>(retPE->getCallSite()->getRetICFGNode());
1791 FunExitICFGNode* exitNode = const_cast<FunExitICFGNode*>(retPE->getFunExitICFGNode());
1792 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(exitNode, retNode, ICFGEdge::RetCF))
1793 SVFUtil::cast<RetCFGEdge>(edge)->addRetPE(retPE);
1794 }
1795}
SVF::FunObjVar::getEntryBlock
const SVFBasicBlock * getEntryBlock() const
Definition SVFVariables.h:1170
SVF::ICFGNode::addSVFStmt
void addSVFStmt(const SVFStmt *edge)
Definition ICFGNode.h:112
SVF::ICFG::hasInterICFGEdge
ICFGEdge * hasInterICFGEdge(ICFGNode *src, ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Definition ICFG.cpp:276
SVF::ICFG::getGlobalICFGNode
GlobalICFGNode * getGlobalICFGNode() const
Definition ICFG.h:236
SVF::SVFBasicBlock::getParent
const FunObjVar * getParent() const
Definition BasicBlockG.h:191
SVF::SVFBasicBlock::front
const ICFGNode * front() const
Definition BasicBlockG.h:203
SVF::SVFIR::addToSVFStmtList
void addToSVFStmtList(ICFGNode *inst, SVFStmt *edge)
Add a SVFStmt into instruction map.
Definition SVFIR.h:259
SVF::SVFIR::addGlobalPAGEdge
void addGlobalPAGEdge(const SVFStmt *edge)
Add global PAGEdges (not in a procedure)
Definition SVFIR.h:791

◆ setCurrentLocation() [1/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const BasicBlock bb 
)
inlineprotected

Set current basic block in order to keep track of control flow information.

Definition at line 247 of file SVFIRBuilder.h.

248 {
249 curBB = (bb == nullptr? nullptr : llvmModuleSet()->getSVFBasicBlock(bb));
250 curVal = (val == nullptr ? nullptr: val);
251 }

◆ setCurrentLocation() [2/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const SVFBasicBlock bb 
)
inlineprotected

Definition at line 252 of file SVFIRBuilder.h.

253 {
254 curBB = bb;
255 curVal = val;
256 }

◆ updateCallGraph()

void SVFIRBuilder::updateCallGraph ( CallGraph callgraph)

connect PAG edges based on callgraph

Definition at line 1601 of file SVFIRBuilder.cpp.

1602{
1603 CallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
1604 CallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
1605 for (; iter != eiter; iter++)
1606 {
1607 const CallICFGNode* callBlock = iter->first;
1608 const CallBase* callbase = SVFUtil::cast<CallBase>(llvmModuleSet()->getLLVMValue(callBlock));
1609 assert(callBlock->isIndirectCall() && "this is not an indirect call?");
1610 const CallGraph::FunctionSet& functions = iter->second;
1611 for (CallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
1612 {
1613 const Function* callee = SVFUtil::cast<Function>(llvmModuleSet()->getLLVMValue(*func_iter));
1614
1615 if (isExtCall(*func_iter))
1616 {
1617 setCurrentLocation(callee, callee->empty() ? nullptr : &callee->getEntryBlock());
1618 handleExtCall(callbase, callee);
1619 }
1620 else
1621 {
1622 setCurrentLocation(llvmModuleSet()->getLLVMValue(callBlock), callBlock->getBB());
1623 handleDirectCall(const_cast<CallBase*>(callbase), callee);
1624 }
1625 }
1626 }
1627
1628 // dump SVFIR
1629 if (Options::PAGDotGraph())
1630 pag->dump("svfir_final");
1631}
SVF::CallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition CallGraph.h:319
SVF::CallGraph::FunctionSet
Set< const FunObjVar * > FunctionSet
Definition CallGraph.h:244
SVF::SVFIRBuilder::handleDirectCall
void handleDirectCall(CallBase *cs, const Function *F)
Handle direct call.
Definition SVFIRBuilder.cpp:1441
SVF::SVFIRBuilder::handleExtCall
virtual void handleExtCall(const CallBase *cs, const Function *callee)
Definition SVFIRExtAPI.cpp:128
SVF::CallBase
llvm::CallBase CallBase
Definition BasicTypes.h:146

◆ visitAllocaInst()

void SVFIRBuilder::visitAllocaInst ( AllocaInst inst)
virtual

Our visit overrides.

Visit alloca instructions Add edge V (dst) <– O (src), V here is a value node on SVFIR, O is object node on SVFIR

Definition at line 1002 of file SVFIRBuilder.cpp.

1003{
1004
1005 // AllocaInst should always be a pointer type
1006 assert(SVFUtil::isa<PointerType>(inst.getType()));
1007
1008 DBOUT(DPAGBuild, outs() << "process alloca " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1009 NodeID dst = getValueNode(&inst);
1010
1011 NodeID src = getObjectNode(&inst);
1012
1013 addAddrWithStackArraySz(src, dst, inst);
1014
1015}
SVF::SVFIRBuilder::getObjectNode
NodeID getObjectNode(const Value *V)
GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
Definition SVFIRBuilder.h:105
SVF::SVFIRBuilder::addAddrWithStackArraySz
AddrStmt * addAddrWithStackArraySz(NodeID src, NodeID dst, llvm::AllocaInst &inst)
Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
Definition SVFIRBuilder.h:310

◆ visitAtomicCmpXchgInst()

void SVF::SVFIRBuilder::visitAtomicCmpXchgInst ( AtomicCmpXchgInst I)
inline

Definition at line 192 of file SVFIRBuilder.h.

193 {
194 addBlackHoleAddrEdge(getValueNode(&I));
195 }

◆ visitAtomicRMWInst()

void SVF::SVFIRBuilder::visitAtomicRMWInst ( AtomicRMWInst I)
inline

Definition at line 196 of file SVFIRBuilder.h.

197 {
198 addBlackHoleAddrEdge(getValueNode(&I));
199 }

◆ visitBinaryOperator()

void SVFIRBuilder::visitBinaryOperator ( BinaryOperator inst)

Visit Binary Operator

Definition at line 1117 of file SVFIRBuilder.cpp.

1118{
1119 NodeID dst = getValueNode(&inst);
1120 assert(inst.getNumOperands() == 2 && "not two operands for BinaryOperator?");
1121 Value* op1 = inst.getOperand(0);
1122 NodeID op1Node = getValueNode(op1);
1123 Value* op2 = inst.getOperand(1);
1124 NodeID op2Node = getValueNode(op2);
1125 u32_t opcode = inst.getOpcode();
1126 addBinaryOPEdge(op1Node, op2Node, dst, opcode);
1127}
SVF::SVFIRBuilder::addBinaryOPEdge
void addBinaryOPEdge(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIRBuilder.h:433

◆ visitBranchInst()

void SVFIRBuilder::visitBranchInst ( BranchInst inst)

Branch and switch instructions are treated as UnaryOP br cmp label if.then, label if.else

set conditional svf var

Definition at line 1296 of file SVFIRBuilder.cpp.

1297{
1298 NodeID brinst = getValueNode(&inst);
1299 NodeID cond;
1300 if (inst.isConditional())
1301 cond = getValueNode(inst.getCondition());
1302 else
1303 cond = pag->getNullPtr();
1304
1305 assert(inst.getNumSuccessors() <= 2 && "if/else has more than two branches?");
1306
1307 BranchStmt::SuccAndCondPairVec successors;
1308 std::vector<const Instruction*> nextInsts;
1309 LLVMUtil::getNextInsts(&inst, nextInsts);
1310 u32_t branchID = 0;
1311 for (const Instruction* succInst : nextInsts)
1312 {
1313 assert(branchID <= 1 && "if/else has more than two branches?");
1314 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1315 successors.push_back(std::make_pair(icfgNode, 1-branchID));
1316 branchID++;
1317 }
1318 addBranchStmt(brinst, cond, successors);
1320 if (inst.isConditional())
1321 {
1322 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1323 {
1324 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1325 {
1326 intraEdge->setConditionVar(pag->getGNode(cond));
1327 }
1328 }
1329 }
1330}
SVF::BranchStmt::SuccAndCondPairVec
std::vector< std::pair< const ICFGNode *, s32_t > > SuccAndCondPairVec
Definition SVFStatements.h:1163
SVF::SVFIRBuilder::addBranchStmt
void addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add Branch statement.
Definition SVFIRBuilder.h:445
SVF::LLVMUtil::getNextInsts
void getNextInsts(const Instruction *curInst, std::vector< const Instruction * > &instList)
Get the next instructions following control flow.
Definition LLVMUtil.cpp:573

◆ visitCallBrInst()

void SVFIRBuilder::visitCallBrInst ( CallBrInst I)

Definition at line 1184 of file SVFIRBuilder.cpp.

1185{
1186 visitCallSite(&i);
1187}
SVF::SVFIRBuilder::visitCallSite
void visitCallSite(CallBase *cs)
Definition SVFIRBuilder.cpp:1192

◆ visitCallInst()

void SVFIRBuilder::visitCallInst ( CallInst I)

Definition at line 1174 of file SVFIRBuilder.cpp.

1175{
1176 visitCallSite(&i);
1177}

◆ visitCallSite()

void SVFIRBuilder::visitCallSite ( CallBase cs)

Collect callsite arguments and returns

Definition at line 1192 of file SVFIRBuilder.cpp.

1193{
1194
1195 // skip llvm intrinsics
1196 if(isIntrinsicInst(cs))
1197 return;
1198
1199 DBOUT(DPAGBuild,
1200 outs() << "process callsite " << svfcall->valueOnlyToString() << "\n");
1201
1202
1203 CallICFGNode* callBlockNode = llvmModuleSet()->getCallICFGNode(cs);
1204 RetICFGNode* retBlockNode = llvmModuleSet()->getRetICFGNode(cs);
1205
1206 pag->addCallSite(callBlockNode);
1207
1209 for (u32_t i = 0; i < cs->arg_size(); i++)
1210 pag->addCallSiteArgs(
1211 callBlockNode,
1212 SVFUtil::cast<ValVar>(pag->getGNode(getValueNode(cs->getArgOperand(i)))));
1213
1214 if(!cs->getType()->isVoidTy())
1215 pag->addCallSiteRets(retBlockNode,pag->getGNode(getValueNode(cs)));
1216
1217 if (callBlockNode->isVirtualCall())
1218 {
1219 const Value* value = cppUtil::getVCallVtblPtr(cs);
1220 callBlockNode->setVtablePtr(pag->getGNode(getValueNode(value)));
1221 }
1222 if (const Function *callee = LLVMUtil::getCallee(cs))
1223 {
1224 if (LLVMUtil::isExtCall(callee))
1225 {
1226 handleExtCall(cs, callee);
1227 }
1228 else
1229 {
1230 handleDirectCall(cs, callee);
1231 }
1232 }
1233 else
1234 {
1235 //If the callee was not identified as a function (null F), this is indirect.
1236 handleIndCall(cs);
1237 }
1238}
SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition ICFGNode.h:521
SVF::CallICFGNode::setVtablePtr
void setVtablePtr(SVFVar *v)
Definition ICFGNode.h:526
SVF::LLVMModuleSet::getRetICFGNode
RetICFGNode * getRetICFGNode(const Instruction *cs)
get a return node
Definition LLVMModule.cpp:1154
SVF::SVFIRBuilder::handleIndCall
void handleIndCall(CallBase *cs)
Handle indirect call.
Definition SVFIRBuilder.cpp:1595
SVF::SVFIR::addCallSiteRets
void addCallSiteRets(RetICFGNode *retBlockNode, const SVFVar *arg)
Add callsite returns.
Definition SVFIR.h:547
SVF::SVFIR::addCallSiteArgs
void addCallSiteArgs(CallICFGNode *callBlockNode, const ValVar *arg)
Add callsite arguments.
Definition SVFIR.h:541
SVF::SVFIR::addCallSite
void addCallSite(const CallICFGNode *call)
Add callsites.
Definition SVFIR.h:796
SVF::LLVMUtil::isIntrinsicInst
bool isIntrinsicInst(const Instruction *inst)
Return true if it is an intrinsic instruction.
Definition LLVMUtil.cpp:202
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition LLVMUtil.h:97
SVF::cppUtil::getVCallVtblPtr
const Value * getVCallVtblPtr(const CallBase *cs)
Definition CppUtil.cpp:537

◆ visitCastInst()

void SVFIRBuilder::visitCastInst ( CastInst I)

Definition at line 1103 of file SVFIRBuilder.cpp.

1104{
1105
1106 DBOUT(DPAGBuild, outs() << "process cast " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1107 NodeID dst = getValueNode(&inst);
1108
1109 const Value* opnd = inst.getOperand(0);
1110 NodeID src = getValueNode(opnd);
1111 addCopyEdge(src, dst, getCopyKind(&inst));
1112}
SVF::SVFIRBuilder::getCopyKind
CopyStmt::CopyKind getCopyKind(const Value *val)
Definition SVFIRBuilder.h:377

◆ visitCmpInst()

void SVFIRBuilder::visitCmpInst ( CmpInst inst)

Visit compare instruction

Definition at line 1145 of file SVFIRBuilder.cpp.

1146{
1147 NodeID dst = getValueNode(&inst);
1148 assert(inst.getNumOperands() == 2 && "not two operands for compare instruction?");
1149 Value* op1 = inst.getOperand(0);
1150 NodeID op1Node = getValueNode(op1);
1151 Value* op2 = inst.getOperand(1);
1152 NodeID op2Node = getValueNode(op2);
1153 u32_t predicate = inst.getPredicate();
1154 addCmpEdge(op1Node, op2Node, dst, predicate);
1155}
SVF::SVFIRBuilder::addCmpEdge
void addCmpEdge(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIRBuilder.h:427

◆ visitExtractElementInst()

void SVFIRBuilder::visitExtractElementInst ( ExtractElementInst inst)

The �extractelement� instruction extracts a single scalar element from a vector at a specified index. TODO: for now we just assume the pointer after extraction points to blackhole The first operand of an �extractelement� instruction is a value of vector type. The second operand is an index indicating the position from which to extract the element.

<result> = extractelement <4 x i32> vec, i32 0 ; yields i32

Definition at line 1286 of file SVFIRBuilder.cpp.

1287{
1288 NodeID dst = getValueNode(&inst);
1289 addBlackHoleAddrEdge(dst);
1290}

◆ visitExtractValueInst()

void SVFIRBuilder::visitExtractValueInst ( ExtractValueInst inst)

visit extract value instructions for structures in registers TODO: for now we just assume the pointer after extraction points to blackhole for example %24 = extractvalue { i32, struct.s_hash* } call34, 0 %24 is a pointer points to first field of a register value call34 however we can not create call34 as an memory object, as it is register value. Is that necessary treat extract value as getelementptr instruction later to get more precise results?

Definition at line 1272 of file SVFIRBuilder.cpp.

1273{
1274 NodeID dst = getValueNode(&inst);
1275 addBlackHoleAddrEdge(dst);
1276}

◆ visitFenceInst()

void SVF::SVFIRBuilder::visitFenceInst ( FenceInst I)
inline

Definition at line 188 of file SVFIRBuilder.h.

189 {
190 addBlackHoleAddrEdge(getValueNode(&I));
191 }

◆ visitFreezeInst()

void SVFIRBuilder::visitFreezeInst ( FreezeInst inst)

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val>

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val> For now, we assume <val> is never a poison or undef.

Definition at line 1426 of file SVFIRBuilder.cpp.

1427{
1428 NodeID dst = getValueNode(&inst);
1429 for (u32_t i = 0; i < inst.getNumOperands(); i++)
1430 {
1431 Value* opnd = inst.getOperand(i);
1432 NodeID src = getValueNode(opnd);
1433 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1434 }
1435}

◆ visitGetElementPtrInst()

void SVFIRBuilder::visitGetElementPtrInst ( GetElementPtrInst inst)

Visit getelementptr instructions

Definition at line 1077 of file SVFIRBuilder.cpp.

1078{
1079
1080 NodeID dst = getValueNode(&inst);
1081 // GetElementPtrInst should always be a pointer or a vector contains pointers
1082 // for now we don't handle vector type here
1083 if(SVFUtil::isa<VectorType>(inst.getType()))
1084 {
1085 addBlackHoleAddrEdge(dst);
1086 return;
1087 }
1088
1089 assert(SVFUtil::isa<PointerType>(inst.getType()));
1090
1091 DBOUT(DPAGBuild, outs() << "process gep " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1092
1093 NodeID src = getValueNode(inst.getPointerOperand());
1094
1095 AccessPath ap(0, llvmModuleSet()->getSVFType(inst.getSourceElementType()));
1096 bool constGep = computeGepOffset(&inst, ap);
1097 addGepEdge(src, dst, ap, constGep);
1098}

◆ visitGlobal()

void SVFIRBuilder::visitGlobal ( )
protected

Handle globals including (global variable and functions)

Visit global variables for building SVFIR

initialize global variable

initialize global functions

Definition at line 949 of file SVFIRBuilder.cpp.

950{
951
953 for (Module &M : llvmModuleSet()->getLLVMModules())
954 {
955 for (Module::global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
956 {
957 GlobalVariable *gvar = &*I;
958 NodeID idx = getValueNode(gvar);
959 NodeID obj = getObjectNode(gvar);
960
961 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
962 addAddrEdge(obj, idx);
963
964 if (gvar->hasInitializer())
965 {
966 Constant *C = gvar->getInitializer();
967 DBOUT(DPAGBuild, outs() << "add global var node " << llvmModuleSet()->getSVFValue(gvar)->toString() << "\n");
968 InitialGlobal(gvar, C, 0);
969 }
970 }
971
972
974 for (Module::const_iterator I = M.begin(), E = M.end(); I != E; ++I)
975 {
976 const Function* fun = &*I;
977 NodeID idx = getValueNode(fun);
978 NodeID obj = getObjectNode(fun);
979
980 DBOUT(DPAGBuild, outs() << "add global function node " << fun->getName().str() << "\n");
981 setCurrentLocation(fun, (SVFBasicBlock*) nullptr);
982 addAddrEdge(obj, idx);
983 }
984
985 // Handle global aliases (due to linkage of multiple bc files), e.g., @x = internal alias @y. We need to add a copy from y to x.
986 for (Module::alias_iterator I = M.alias_begin(), E = M.alias_end(); I != E; I++)
987 {
988 const GlobalAlias* alias = &*I;
989 NodeID dst = llvmModuleSet()->getValueNode(alias);
990 NodeID src = llvmModuleSet()->getValueNode(alias->getAliasee());
991 processCE(alias->getAliasee());
992 setCurrentLocation(alias, (SVFBasicBlock*) nullptr);
993 addCopyEdge(src, dst, CopyStmt::COPYVAL);
994 }
995 }
996}
SVF::GlobalVariable
llvm::GlobalVariable GlobalVariable
Definition BasicTypes.h:130
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition BasicTypes.h:128

◆ visitInsertElementInst()

void SVF::SVFIRBuilder::visitInsertElementInst ( InsertElementInst I)
inline

Definition at line 168 of file SVFIRBuilder.h.

169 {
170 addBlackHoleAddrEdge(getValueNode(&I));
171 }

◆ visitInsertValueInst()

void SVF::SVFIRBuilder::visitInsertValueInst ( InsertValueInst I)
inline

Definition at line 142 of file SVFIRBuilder.h.

143 {
144 addBlackHoleAddrEdge(getValueNode(&I));
145 }

◆ visitInstruction()

void SVF::SVFIRBuilder::visitInstruction ( Instruction )
inline

Provide base case for our instruction visit.

Definition at line 202 of file SVFIRBuilder.h.

203 {
204 // If a new instruction is added to LLVM that we don't handle.
205 // TODO: ignore here:
206 }

◆ visitInvokeInst()

void SVFIRBuilder::visitInvokeInst ( InvokeInst II)

Definition at line 1179 of file SVFIRBuilder.cpp.

1180{
1181 visitCallSite(&i);
1182}

◆ visitLandingPadInst()

void SVF::SVFIRBuilder::visitLandingPadInst ( LandingPadInst I)
inline

Definition at line 176 of file SVFIRBuilder.h.

177 {
178 addBlackHoleAddrEdge(getValueNode(&I));
179 }

◆ visitLoadInst()

void SVFIRBuilder::visitLoadInst ( LoadInst I)

Definition at line 1045 of file SVFIRBuilder.cpp.

1046{
1047 DBOUT(DPAGBuild, outs() << "process load " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1048
1049 NodeID dst = getValueNode(&inst);
1050
1051 NodeID src = getValueNode(inst.getPointerOperand());
1052
1053 addLoadEdge(src, dst);
1054}

◆ visitPHINode()

void SVFIRBuilder::visitPHINode ( PHINode inst)

Visit phi instructions

Definition at line 1020 of file SVFIRBuilder.cpp.

1021{
1022
1023 DBOUT(DPAGBuild, outs() << "process phi " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1024
1025 NodeID dst = getValueNode(&inst);
1026
1027 for (u32_t i = 0; i < inst.getNumIncomingValues(); ++i)
1028 {
1029 const Value* val = inst.getIncomingValue(i);
1030 const Instruction* incomingInst = SVFUtil::dyn_cast<Instruction>(val);
1031 bool matched = (incomingInst == nullptr ||
1032 incomingInst->getFunction() == inst.getFunction());
1033 (void) matched; // Suppress warning of unused variable under release build
1034 assert(matched && "incomingInst's Function incorrect");
1035 const Instruction* predInst = &inst.getIncomingBlock(i)->back();
1036 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(predInst);
1037 NodeID src = getValueNode(val);
1038 addPhiStmt(dst,src,icfgNode);
1039 }
1040}
SVF::SVFIRBuilder::addPhiStmt
void addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add Copy edge.
Definition SVFIRBuilder.h:414

◆ visitResumeInst()

void SVF::SVFIRBuilder::visitResumeInst ( ResumeInst )
inline

Instruction not that often.

Definition at line 182 of file SVFIRBuilder.h.

183 {
184 }

◆ visitReturnInst()

void SVFIRBuilder::visitReturnInst ( ReturnInst inst)

Visit return instructions of a function

Definition at line 1243 of file SVFIRBuilder.cpp.

1244{
1245
1246 // ReturnInst itself should always not be a pointer type
1247 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1248
1249 DBOUT(DPAGBuild, outs() << "process return " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1250
1251 if(Value* src = inst.getReturnValue())
1252 {
1253 const FunObjVar *F = llvmModuleSet()->getFunObjVar(inst.getParent()->getParent());
1254
1255 NodeID rnF = getReturnNode(F);
1256 NodeID vnS = getValueNode(src);
1257 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(&inst);
1258 //vnS may be null if src is a null ptr
1259 addPhiStmt(rnF,vnS,icfgNode);
1260 }
1261}

◆ visitSelectInst()

void SVFIRBuilder::visitSelectInst ( SelectInst inst)

Visit select instructions

Two operands have same incoming basic block, both are the current BB

Definition at line 1161 of file SVFIRBuilder.cpp.

1162{
1163
1164 DBOUT(DPAGBuild, outs() << "process select " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1165
1166 NodeID dst = getValueNode(&inst);
1167 NodeID src1 = getValueNode(inst.getTrueValue());
1168 NodeID src2 = getValueNode(inst.getFalseValue());
1169 NodeID cond = getValueNode(inst.getCondition());
1171 addSelectStmt(dst,src1,src2, cond);
1172}

◆ visitShuffleVectorInst()

void SVF::SVFIRBuilder::visitShuffleVectorInst ( ShuffleVectorInst I)
inline

Definition at line 172 of file SVFIRBuilder.h.

173 {
174 addBlackHoleAddrEdge(getValueNode(&I));
175 }

◆ visitStoreInst()

void SVFIRBuilder::visitStoreInst ( StoreInst inst)

Visit store instructions

Definition at line 1059 of file SVFIRBuilder.cpp.

1060{
1061 // StoreInst itself should always not be a pointer type
1062 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1063
1064 DBOUT(DPAGBuild, outs() << "process store " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1065
1066 NodeID dst = getValueNode(inst.getPointerOperand());
1067
1068 NodeID src = getValueNode(inst.getValueOperand());
1069
1070 addStoreEdge(src, dst);
1071
1072}

◆ visitSwitchInst()

void SVFIRBuilder::visitSwitchInst ( SwitchInst inst)

The following implementation follows ICFGBuilder::processFunBody.

See more: https://github.com/SVF-tools/SVF/pull/1191

Given the code:

switch (a) { case 0: printf("0\n"); break; case 1: case 2: case 3: printf("a >=1 && a <= 3\n"); break; case 4: case 6: case 7: printf("a >= 4 && a <=7\n"); break; default: printf("a < 0 || a > 7"); break; }

Generate the IR:

switch i32 %0, label sw.default [ i32 0, label sw.bb i32 1, label sw.bb1 i32 2, label sw.bb1 i32 3, label sw.bb1 i32 4, label sw.bb3 i32 6, label sw.bb3 i32 7, label sw.bb3 ]

We can get every case basic block and related case value: [ {sw.default, -1}, {sw.bb, 0}, {sw.bb1, 1}, {sw.bb1, 2}, {sw.bb1, 3}, {sw.bb3, 4}, {sw.bb3, 6}, {sw.bb3, 7}, ] Note: default case value is nullptr For larger number, we preserve case value just -1 now see more: https://github.com/SVF-tools/SVF/pull/992

branch condition value

default case is set to -1;

set conditional svf var

Definition at line 1378 of file SVFIRBuilder.cpp.

1379{
1380 NodeID brinst = getValueNode(&inst);
1381 NodeID cond = getValueNode(inst.getCondition());
1382
1383 BranchStmt::SuccAndCondPairVec successors;
1384 std::vector<const Instruction*> nextInsts;
1385 LLVMUtil::getNextInsts(&inst, nextInsts);
1386 for (const Instruction* succInst : nextInsts)
1387 {
1389 const ConstantInt* condVal = inst.findCaseDest(const_cast<BasicBlock*>(succInst->getParent()));
1391 s64_t val = -1;
1392 if (condVal && condVal->getBitWidth() <= 64)
1393 val = (u32_t)LLVMUtil::getIntegerValue(condVal).first;
1394 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1395 successors.push_back(std::make_pair(icfgNode, val));
1396 }
1397 addBranchStmt(brinst, cond, successors);
1399 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1400 {
1401 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1402 {
1403 intraEdge->setConditionVar(pag->getGNode(cond));
1404 }
1405 }
1406}
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50

◆ visitUnaryOperator()

void SVFIRBuilder::visitUnaryOperator ( UnaryOperator inst)

Visit Unary Operator

Definition at line 1132 of file SVFIRBuilder.cpp.

1133{
1134 NodeID dst = getValueNode(&inst);
1135 assert(inst.getNumOperands() == 1 && "not one operand for Unary instruction?");
1136 Value* opnd = inst.getOperand(0);
1137 NodeID src = getValueNode(opnd);
1138 u32_t opcode = inst.getOpcode();
1139 addUnaryOPEdge(src, dst, opcode);
1140}
SVF::SVFIRBuilder::addUnaryOPEdge
void addUnaryOPEdge(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIRBuilder.h:439

◆ visitUnreachableInst()

void SVF::SVFIRBuilder::visitUnreachableInst ( UnreachableInst )
inline

Definition at line 185 of file SVFIRBuilder.h.

186 {
187 }

◆ visitVAArgInst()

void SVFIRBuilder::visitVAArgInst ( VAArgInst inst)

TODO: var arguments need to be handled. https://llvm.org/docs/LangRef.html#id1911

ap = alloca struct.va_list ap2 = bitcast struct.va_list* ap to i8* ; Read a single integer argument from ap2 tmp = va_arg i8* ap2, i32 (VAArgInst) TODO: for now, create a copy edge from ap2 to tmp, we assume here tmp should point to the n-th argument of the var_args

Definition at line 1414 of file SVFIRBuilder.cpp.

1415{
1416 NodeID dst = getValueNode(&inst);
1417 Value* opnd = inst.getPointerOperand();
1418 NodeID src = getValueNode(opnd);
1419 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1420}

◆ visitVACopyInst()

void SVF::SVFIRBuilder::visitVACopyInst ( VACopyInst )
inline

Definition at line 157 of file SVFIRBuilder.h.

157{}

◆ visitVAEndInst()

void SVF::SVFIRBuilder::visitVAEndInst ( VAEndInst )
inline

Definition at line 158 of file SVFIRBuilder.h.

158{}

◆ visitVAStartInst()

void SVF::SVFIRBuilder::visitVAStartInst ( VAStartInst )
inline

Definition at line 159 of file SVFIRBuilder.h.

159{}

Member Data Documentation

◆ curBB

const SVFBasicBlock* SVF::SVFIRBuilder::curBB
private

Current basic block during SVFIR construction when visiting the module.

Definition at line 50 of file SVFIRBuilder.h.

◆ curVal

const Value* SVF::SVFIRBuilder::curVal
private

Current Value during SVFIR construction when visiting the module.

Definition at line 51 of file SVFIRBuilder.h.

◆ pag

SVFIR* SVF::SVFIRBuilder::pag
private

Definition at line 49 of file SVFIRBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8