Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | List of all members
SVF::SVFIRBuilder Class Reference

#include <SVFIRBuilder.h>

Inheritance diagram for SVF::SVFIRBuilder:

Public Member Functions

 SVFIRBuilder ()
 Constructor.
 
virtual ~SVFIRBuilder ()
 Destructor.
 
virtual SVFIRbuild ()
 Start building SVFIR here.
 
SVFIRgetPAG () const
 Return SVFIR.
 
void createFunObjVars ()
 
void initFunObjVar ()
 
void initialiseNodes ()
 Initialize nodes and edges.
 
void initialiseBaseObjVars ()
 
void initialiseValVars ()
 
void initSVFBasicBlock (const Function *func)
 
void initDomTree (FunObjVar *func, const Function *f)
 
void addEdge (NodeID src, NodeID dst, SVFStmt::PEDGEK kind, APOffset offset=0, Instruction *cs=nullptr)
 
void sanityCheck ()
 Sanity check for SVFIR.
 
NodeID getValueNode (const Value *V)
 Get different kinds of node.
 
NodeID getObjectNode (const Value *V)
 GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
 
NodeID getReturnNode (const FunObjVar *func)
 getReturnNode - Return the node representing the unique return value of a function.
 
NodeID getVarargNode (const FunObjVar *func)
 getVarargNode - Return the node representing the unique variadic argument of a function.
 
virtual void visitAllocaInst (AllocaInst &AI)
 Our visit overrides.
 
void visitPHINode (PHINode &I)
 
void visitStoreInst (StoreInst &I)
 
void visitLoadInst (LoadInst &I)
 
void visitGetElementPtrInst (GetElementPtrInst &I)
 
void visitCallInst (CallInst &I)
 
void visitInvokeInst (InvokeInst &II)
 
void visitCallBrInst (CallBrInst &I)
 
void visitCallSite (CallBase *cs)
 
void visitReturnInst (ReturnInst &I)
 
void visitCastInst (CastInst &I)
 
void visitSelectInst (SelectInst &I)
 
void visitExtractValueInst (ExtractValueInst &EVI)
 
void visitBranchInst (BranchInst &I)
 
void visitSwitchInst (SwitchInst &I)
 The following implementation follows ICFGBuilder::processFunBody.
 
void visitInsertValueInst (InsertValueInst &I)
 
void visitBinaryOperator (BinaryOperator &I)
 
void visitUnaryOperator (UnaryOperator &I)
 
void visitCmpInst (CmpInst &I)
 
void visitVAArgInst (VAArgInst &)
 
void visitVACopyInst (VACopyInst &)
 
void visitVAEndInst (VAEndInst &)
 
void visitVAStartInst (VAStartInst &)
 
void visitFreezeInst (FreezeInst &I)
 
void visitExtractElementInst (ExtractElementInst &I)
 
void visitInsertElementInst (InsertElementInst &I)
 
void visitShuffleVectorInst (ShuffleVectorInst &I)
 
void visitLandingPadInst (LandingPadInst &I)
 
void visitResumeInst (ResumeInst &)
 Instruction not that often.
 
void visitUnreachableInst (UnreachableInst &)
 
void visitFenceInst (FenceInst &I)
 
void visitAtomicCmpXchgInst (AtomicCmpXchgInst &I)
 
void visitAtomicRMWInst (AtomicRMWInst &I)
 
void visitInstruction (Instruction &)
 Provide base case for our instruction visit.
 
void updateCallGraph (CallGraph *callgraph)
 connect PAG edges based on callgraph
 

Protected Member Functions

void visitGlobal ()
 Handle globals including (global variable and functions)
 
void InitialGlobal (const GlobalVariable *gvar, Constant *C, u32_t offset)
 
NodeID getGlobalVarField (const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
 
void processCE (const Value *val)
 Process constant expression.
 
u32_t inferFieldIdxFromByteOffset (const llvm::GEPOperator *gepOp, DataLayout *dl, AccessPath &ap, APOffset idx)
 Infer field index from byteoffset.
 
bool computeGepOffset (const User *V, AccessPath &ap)
 Compute offset of a gep instruction or gep constant expression.
 
const ValuegetBaseValueForExtArg (const Value *V)
 Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))
 
void handleDirectCall (CallBase *cs, const Function *F)
 Handle direct call.
 
void handleIndCall (CallBase *cs)
 Handle indirect call.
 
virtual const TypegetBaseTypeAndFlattenedFields (const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
 Handle external call.
 
virtual void addComplexConsForExt (Value *D, Value *S, const Value *sz)
 
virtual void handleExtCall (const CallBase *cs, const Function *callee)
 
void setCurrentLocation (const Value *val, const BasicBlock *bb)
 Set current basic block in order to keep track of control flow information.
 
void setCurrentLocation (const Value *val, const SVFBasicBlock *bb)
 
const ValuegetCurrentValue () const
 
const SVFBasicBlockgetCurrentBB () const
 
void addGlobalBlackHoleAddrEdge (NodeID node, const ConstantExpr *int2Ptrce)
 Add global black hole Address edge.
 
NodeID addNullPtrNode ()
 Add NullPtr PAGNode.
 
NodeID getGepValVar (const Value *val, const AccessPath &ap, const SVFType *elementType)
 
void setCurrentBBAndValueForPAGEdge (PAGEdge *edge)
 
void addBlackHoleAddrEdge (NodeID node)
 
AddrStmtaddAddrEdge (NodeID src, NodeID dst)
 Add Address edge.
 
AddrStmtaddAddrWithStackArraySz (NodeID src, NodeID dst, llvm::AllocaInst &inst)
 Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
 
AddrStmtaddAddrWithHeapSz (NodeID src, NodeID dst, const CallBase *cs)
 Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
 
CopyStmtaddCopyEdge (NodeID src, NodeID dst, CopyStmt::CopyKind kind)
 
CopyStmt::CopyKind getCopyKind (const Value *val)
 
void addPhiStmt (NodeID res, NodeID opnd, const ICFGNode *pred)
 Add Copy edge.
 
void addSelectStmt (NodeID res, NodeID op1, NodeID op2, NodeID cond)
 Add SelectStmt.
 
void addCmpEdge (NodeID op1, NodeID op2, NodeID dst, u32_t predict)
 Add Copy edge.
 
void addBinaryOPEdge (NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
 Add Copy edge.
 
void addUnaryOPEdge (NodeID src, NodeID dst, u32_t opcode)
 Add Unary edge.
 
void addBranchStmt (NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
 Add Branch statement.
 
void addLoadEdge (NodeID src, NodeID dst)
 Add Load edge.
 
void addStoreEdge (NodeID src, NodeID dst)
 Add Store edge.
 
void addCallEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Call edge.
 
void addRetEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Return edge.
 
void addGepEdge (NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
 Add Gep edge.
 
void addNormalGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Offset(Gep) edge.
 
void addVariantGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Variant(Gep) edge.
 
void addThreadForkEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Thread fork edge for parameter passing.
 
void addThreadJoinEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Thread join edge for parameter passing.
 
AccessPath getAccessPathFromBaseNode (NodeID nodeId)
 

Private Member Functions

LLVMModuleSetllvmModuleSet ()
 

Private Attributes

SVFIRpag
 
const SVFBasicBlockcurBB
 Current basic block during SVFIR construction when visiting the module.
 
const ValuecurVal
 Current Value during SVFIR construction when visiting the module.
 

Detailed Description

SVFIR Builder to create SVF variables and statements and PAG

Definition at line 47 of file SVFIRBuilder.h.

Constructor & Destructor Documentation

◆ SVFIRBuilder()

SVF::SVFIRBuilder::SVFIRBuilder ( )
inline

Constructor.

Definition at line 57 of file SVFIRBuilder.h.

57 : pag(SVFIR::getPAG()), curBB(nullptr),curVal(nullptr)
58 {
59 }
SVF::SVFIRBuilder::curVal
const Value * curVal
Current Value during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:53
SVF::SVFIRBuilder::curBB
const SVFBasicBlock * curBB
Current basic block during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:52
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:114

◆ ~SVFIRBuilder()

virtual SVF::SVFIRBuilder::~SVFIRBuilder ( )
inlinevirtual

Destructor.

Definition at line 61 of file SVFIRBuilder.h.

62 {
63 }

Member Function Documentation

◆ addAddrEdge()

AddrStmt * SVF::SVFIRBuilder::addAddrEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Address edge.

Definition at line 301 of file SVFIRBuilder.h.

302 {
303 if(AddrStmt *edge = pag->addAddrStmt(src, dst))
304 {
305 setCurrentBBAndValueForPAGEdge(edge);
306 return edge;
307 }
308 return nullptr;
309 }
SVF::SVFIRBuilder::setCurrentBBAndValueForPAGEdge
void setCurrentBBAndValueForPAGEdge(PAGEdge *edge)
Definition SVFIRBuilder.cpp:1716
SVF::SVFIR::addAddrStmt
AddrStmt * addAddrStmt(NodeID src, NodeID dst)
Add an edge into SVFIR.
Definition SVFIR.cpp:63
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ addAddrWithHeapSz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithHeapSz ( NodeID  src,
NodeID  dst,
const CallBase cs 
)
inlineprotected

Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".

Definition at line 323 of file SVFIRBuilder.h.

324 {
325 // get name of called function
326 AddrStmt* edge = addAddrEdge(src, dst);
327
328 llvm::Function* calledFunc = cs->getCalledFunction();
329 std::string functionName;
330 if (calledFunc)
331 {
332 functionName = calledFunc->getName().str();
333 }
334 else
335 {
336 SVFUtil::wrnMsg("not support indirect call to add AddrStmt.\n");
337 }
338 if (functionName == "malloc")
339 {
340 if (cs->arg_size() > 0)
341 {
342 const llvm::Value* val = cs->getArgOperand(0);
343 edge->addArrSize(pag->getGNode(getValueNode(val)));
344 }
345 }
346 // Check if the function called is 'calloc' and process its arguments.
347 // e.g. "%5 = call i8* @calloc(1, 8)", edge should add two SVFValue (1 and 8)
348 else if (functionName == "calloc")
349 {
350 if (cs->arg_size() > 1)
351 {
352 edge->addArrSize(
353 pag->getGNode(getValueNode(cs->getArgOperand(0))));
354 edge->addArrSize(
355 pag->getGNode(getValueNode(cs->getArgOperand(1))));
356 }
357 }
358 else
359 {
360 if (cs->arg_size() > 0)
361 {
362 const llvm::Value* val = cs->getArgOperand(0);
363 edge->addArrSize(pag->getGNode(getValueNode(val)));
364 }
365 }
366 return edge;
367 }
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:397
SVF::SVFIRBuilder::addAddrEdge
AddrStmt * addAddrEdge(NodeID src, NodeID dst)
Add Address edge.
Definition SVFIRBuilder.h:301
SVF::SVFIRBuilder::getValueNode
NodeID getValueNode(const Value *V)
Get different kinds of node.
Definition SVFIRBuilder.h:97
SVF::SVFUtil::wrnMsg
std::string wrnMsg(const std::string &msg)
Returns warning message by converting a string into yellow string output.
Definition SVFUtil.cpp:63

◆ addAddrWithStackArraySz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithStackArraySz ( NodeID  src,
NodeID  dst,
llvm::AllocaInst &  inst 
)
inlineprotected

Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".

Definition at line 312 of file SVFIRBuilder.h.

313 {
314 AddrStmt* edge = addAddrEdge(src, dst);
315 if (inst.getArraySize())
316 {
317 edge->addArrSize(pag->getGNode(getValueNode(inst.getArraySize())));
318 }
319 return edge;
320 }

◆ addBinaryOPEdge()

void SVF::SVFIRBuilder::addBinaryOPEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Copy edge.

Definition at line 436 of file SVFIRBuilder.h.

437 {
438 if(BinaryOPStmt *edge = pag->addBinaryOPStmt(op1, op2, dst, opcode))
439 setCurrentBBAndValueForPAGEdge(edge);
440 }
SVF::SVFIR::addBinaryOPStmt
BinaryOPStmt * addBinaryOPStmt(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIR.cpp:165

◆ addBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addBlackHoleAddrEdge ( NodeID  node)
inlineprotected

Definition at line 294 of file SVFIRBuilder.h.

295 {
296 if(PAGEdge *edge = pag->addBlackHoleAddrStmt(node))
297 setCurrentBBAndValueForPAGEdge(edge);
298 }
SVF::SVFIR::addBlackHoleAddrStmt
SVFStmt * addBlackHoleAddrStmt(NodeID node)
Set a pointer points-to black hole (e.g. int2ptr)
Definition SVFIR.cpp:294
SVF::PAGEdge
SVFStmt PAGEdge
Definition IRGraph.h:43

◆ addBranchStmt()

void SVF::SVFIRBuilder::addBranchStmt ( NodeID  br,
NodeID  cond,
const BranchStmt::SuccAndCondPairVec succs 
)
inlineprotected

Add Branch statement.

Definition at line 448 of file SVFIRBuilder.h.

449 {
450 if(BranchStmt *edge = pag->addBranchStmt(br, cond, succs))
451 setCurrentBBAndValueForPAGEdge(edge);
452 }
SVF::SVFIR::addBranchStmt
BranchStmt * addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add BranchStmt.
Definition SVFIR.cpp:203

◆ addCallEdge()

void SVF::SVFIRBuilder::addCallEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Call edge.

Definition at line 472 of file SVFIRBuilder.h.

473 {
474 if (CallPE* edge = pag->addCallPE(src, dst, cs, entry))
475 setCurrentBBAndValueForPAGEdge(edge);
476 }
SVF::SVFIR::addCallPE
CallPE * addCallPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIR.cpp:258

◆ addCmpEdge()

void SVF::SVFIRBuilder::addCmpEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  predict 
)
inlineprotected

Add Copy edge.

Definition at line 430 of file SVFIRBuilder.h.

431 {
432 if(CmpStmt *edge = pag->addCmpStmt(op1, op2, dst, predict))
433 setCurrentBBAndValueForPAGEdge(edge);
434 }
SVF::SVFIR::addCmpStmt
CmpStmt * addCmpStmt(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIR.cpp:144

◆ addComplexConsForExt()

void SVFIRBuilder::addComplexConsForExt ( Value D,
Value S,
const Value szValue 
)
protectedvirtual

Add the load/store constraints and temp. nodes for the complex constraint *D = *S (where D/S may point to structs).

If sz is 0, we will add edges for all fields.

Definition at line 82 of file SVFIRExtAPI.cpp.

83{
84 assert(D && S);
85 NodeID vnD= getValueNode(D), vnS= getValueNode(S);
86 if(!vnD || !vnS)
87 return;
88
89 std::vector<AccessPath> fields;
90
91 //Get the max possible size of the copy, unless it was provided.
92 std::vector<AccessPath> srcFields;
93 std::vector<AccessPath> dstFields;
94 const Type* stype = getBaseTypeAndFlattenedFields(S, srcFields, szValue);
95 const Type* dtype = getBaseTypeAndFlattenedFields(D, dstFields, szValue);
96 if(srcFields.size() > dstFields.size())
97 fields = dstFields;
98 else
99 fields = srcFields;
100
102 u32_t sz = fields.size();
103
104 if (fields.size() == 1 && (LLVMUtil::isConstDataOrAggData(D) || LLVMUtil::isConstDataOrAggData(S)))
105 {
106 NodeID dummy = pag->addDummyValNode();
107 addLoadEdge(vnD,dummy);
108 addStoreEdge(dummy,vnS);
109 return;
110 }
111
112 //For each field (i), add (Ti = *S + i) and (*D + i = Ti).
113 for (u32_t index = 0; index < sz; index++)
114 {
115 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
116 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
117 fields[index].getConstantStructFldIdx());
118 const SVFType* sElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(stype),
119 fields[index].getConstantStructFldIdx());
120 NodeID dField = getGepValVar(D,fields[index],dElementType);
121 NodeID sField = getGepValVar(S,fields[index],sElementType);
122 NodeID dummy = pag->addDummyValNode();
123 addLoadEdge(sField,dummy);
124 addStoreEdge(dummy,dField);
125 }
126}
u32_t
unsigned u32_t
Definition CommandLine.h:18
index
int index
Definition cJSON.h:170
SVF::IRGraph::getFlatternedElemType
const SVFType * getFlatternedElemType(const SVFType *baseType, u32_t flatten_idx)
Return the type of a flattened element given a flattened index.
Definition IRGraph.cpp:123
SVF::LLVMModuleSet::getLLVMModuleSet
static LLVMModuleSet * getLLVMModuleSet()
Definition LLVMModule.h:131
SVF::SVFIRBuilder::addStoreEdge
void addStoreEdge(NodeID src, NodeID dst)
Add Store edge.
Definition SVFIRBuilder.h:460
SVF::SVFIRBuilder::addLoadEdge
void addLoadEdge(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIRBuilder.h:454
SVF::SVFIRBuilder::getBaseTypeAndFlattenedFields
virtual const Type * getBaseTypeAndFlattenedFields(const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
Handle external call.
Definition SVFIRExtAPI.cpp:44
SVF::SVFIRBuilder::getGepValVar
NodeID getGepValVar(const Value *val, const AccessPath &ap, const SVFType *elementType)
Definition SVFIRBuilder.cpp:1661
SVF::SVFIR::addDummyValNode
NodeID addDummyValNode()
Definition SVFIR.h:485
SVF::LLVMUtil::isConstDataOrAggData
bool isConstDataOrAggData(const Value *val)
Return true if the value refers to constant data, e.g., i32 0.
Definition LLVMUtil.h:368
SVF::Type
llvm::Type Type
Definition BasicTypes.h:83
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

◆ addCopyEdge()

CopyStmt * SVF::SVFIRBuilder::addCopyEdge ( NodeID  src,
NodeID  dst,
CopyStmt::CopyKind  kind 
)
inlineprotected

Definition at line 369 of file SVFIRBuilder.h.

370 {
371 if(CopyStmt *edge = pag->addCopyStmt(src, dst, kind))
372 {
373 setCurrentBBAndValueForPAGEdge(edge);
374 return edge;
375 }
376 return nullptr;
377 }
SVF::SVFIR::addCopyStmt
CopyStmt * addCopyStmt(NodeID src, NodeID dst, CopyStmt::CopyKind type)
Add Copy edge.
Definition SVFIR.cpp:81

◆ addEdge()

void SVF::SVFIRBuilder::addEdge ( NodeID  src,
NodeID  dst,
SVFStmt::PEDGEK  kind,
APOffset  offset = 0,
Instruction cs = nullptr 
)

◆ addGepEdge()

void SVF::SVFIRBuilder::addGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap,
bool  constGep 
)
inlineprotected

Add Gep edge.

Definition at line 484 of file SVFIRBuilder.h.

485 {
486 if (GepStmt* edge = pag->addGepStmt(src, dst, ap, constGep))
487 setCurrentBBAndValueForPAGEdge(edge);
488 }
SVF::SVFIR::addGepStmt
GepStmt * addGepStmt(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIR.cpp:344

◆ addGlobalBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addGlobalBlackHoleAddrEdge ( NodeID  node,
const ConstantExpr int2Ptrce 
)
inlineprotected

Add global black hole Address edge.

Definition at line 269 of file SVFIRBuilder.h.

270 {
271 const Value* cval = getCurrentValue();
272 const SVFBasicBlock* cbb = getCurrentBB();
273 setCurrentLocation(int2Ptrce,(SVFBasicBlock*) nullptr);
274 addBlackHoleAddrEdge(node);
275 setCurrentLocation(cval,cbb);
276 }
SVF::SVFIRBuilder::setCurrentLocation
void setCurrentLocation(const Value *val, const BasicBlock *bb)
Set current basic block in order to keep track of control flow information.
Definition SVFIRBuilder.h:249
SVF::SVFIRBuilder::addBlackHoleAddrEdge
void addBlackHoleAddrEdge(NodeID node)
Definition SVFIRBuilder.h:294
SVF::SVFIRBuilder::getCurrentBB
const SVFBasicBlock * getCurrentBB() const
Definition SVFIRBuilder.h:263
SVF::SVFIRBuilder::getCurrentValue
const Value * getCurrentValue() const
Definition SVFIRBuilder.h:259
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition BasicTypes.h:82

◆ addLoadEdge()

void SVF::SVFIRBuilder::addLoadEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Load edge.

Definition at line 454 of file SVFIRBuilder.h.

455 {
456 if(LoadStmt *edge = pag->addLoadStmt(src, dst))
457 setCurrentBBAndValueForPAGEdge(edge);
458 }
SVF::SVFIR::addLoadStmt
LoadStmt * addLoadStmt(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIR.cpp:221

◆ addNormalGepEdge()

void SVF::SVFIRBuilder::addNormalGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Offset(Gep) edge.

Definition at line 490 of file SVFIRBuilder.h.

491 {
492 if (GepStmt* edge = pag->addNormalGepStmt(src, dst, ap))
493 setCurrentBBAndValueForPAGEdge(edge);
494 }
SVF::SVFIR::addNormalGepStmt
GepStmt * addNormalGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Offset(Gep) edge.
Definition SVFIR.cpp:363

◆ addNullPtrNode()

NodeID SVF::SVFIRBuilder::addNullPtrNode ( )
inlineprotected

Add NullPtr PAGNode.

Definition at line 279 of file SVFIRBuilder.h.

280 {
281 LLVMContext& cxt = llvmModuleSet()->getContext();
282 ConstantPointerNull* constNull = ConstantPointerNull::get(PointerType::getUnqual(cxt));
283 NodeID nullPtr = pag->addConstantNullPtrValNode(pag->getNullPtr(), nullptr, llvmModuleSet()->getSVFType(constNull->getType()));
284 llvmModuleSet()->addToSVFVar2LLVMValueMap(constNull, pag->getGNode(pag->getNullPtr()));
285 setCurrentLocation(constNull, (SVFBasicBlock*) nullptr);
286 addBlackHoleAddrEdge(pag->getBlkPtr());
287 return nullPtr;
288 }
SVF::IRGraph::getBlkPtr
NodeID getBlkPtr() const
Definition IRGraph.h:253
SVF::IRGraph::getNullPtr
NodeID getNullPtr() const
Definition IRGraph.h:257
SVF::LLVMModuleSet::addToSVFVar2LLVMValueMap
void addToSVFVar2LLVMValueMap(const Value *val, SVFValue *svfBaseNode)
Definition LLVMModule.cpp:1127
SVF::LLVMModuleSet::getContext
LLVMContext & getContext() const
Definition LLVMModule.h:381
SVF::SVFIRBuilder::llvmModuleSet
LLVMModuleSet * llvmModuleSet()
Definition SVFIRBuilder.h:518
SVF::SVFIR::addConstantNullPtrValNode
NodeID addConstantNullPtrValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:591
SVF::ConstantPointerNull
llvm::ConstantPointerNull ConstantPointerNull
Definition BasicTypes.h:127
SVF::LLVMContext
llvm::LLVMContext LLVMContext
Definition BasicTypes.h:70

◆ addPhiStmt()

void SVF::SVFIRBuilder::addPhiStmt ( NodeID  res,
NodeID  opnd,
const ICFGNode pred 
)
inlineprotected

Add Copy edge.

If we already added this phi node, then skip this adding

Definition at line 417 of file SVFIRBuilder.h.

418 {
420 if(PhiStmt *edge = pag->addPhiStmt(res,opnd,pred))
421 setCurrentBBAndValueForPAGEdge(edge);
422 }
SVF::SVFIR::addPhiStmt
PhiStmt * addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add phi node information.
Definition SVFIR.cpp:99

◆ addRetEdge()

void SVF::SVFIRBuilder::addRetEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Return edge.

Definition at line 478 of file SVFIRBuilder.h.

479 {
480 if (RetPE* edge = pag->addRetPE(src, dst, cs, exit))
481 setCurrentBBAndValueForPAGEdge(edge);
482 }
SVF::SVFIR::addRetPE
RetPE * addRetPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIR.cpp:276

◆ addSelectStmt()

void SVF::SVFIRBuilder::addSelectStmt ( NodeID  res,
NodeID  op1,
NodeID  op2,
NodeID  cond 
)
inlineprotected

Add SelectStmt.

Definition at line 424 of file SVFIRBuilder.h.

425 {
426 if(SelectStmt *edge = pag->addSelectStmt(res,op1,op2,cond))
427 setCurrentBBAndValueForPAGEdge(edge);
428 }
SVF::SVFIR::addSelectStmt
SelectStmt * addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIR.cpp:123

◆ addStoreEdge()

void SVF::SVFIRBuilder::addStoreEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Store edge.

Definition at line 460 of file SVFIRBuilder.h.

461 {
462 ICFGNode* node;
463 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
464 node = llvmModuleSet()->getICFGNode(
465 SVFUtil::cast<Instruction>(inst));
466 else
467 node = nullptr;
468 if (StoreStmt* edge = pag->addStoreStmt(src, dst, node))
469 setCurrentBBAndValueForPAGEdge(edge);
470 }
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition LLVMModule.cpp:1181
SVF::SVFIR::addStoreStmt
StoreStmt * addStoreStmt(NodeID src, NodeID dst, const ICFGNode *val)
Add Store edge.
Definition SVFIR.cpp:240
SVF::Instruction
llvm::Instruction Instruction
Definition BasicTypes.h:87

◆ addThreadForkEdge()

void SVF::SVFIRBuilder::addThreadForkEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Thread fork edge for parameter passing.

Definition at line 502 of file SVFIRBuilder.h.

503 {
504 if (TDForkPE* edge = pag->addThreadForkPE(src, dst, cs, entry))
505 setCurrentBBAndValueForPAGEdge(edge);
506 }
SVF::SVFIR::addThreadForkPE
TDForkPE * addThreadForkPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIR.cpp:305

◆ addThreadJoinEdge()

void SVF::SVFIRBuilder::addThreadJoinEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Thread join edge for parameter passing.

Definition at line 508 of file SVFIRBuilder.h.

509 {
510 if (TDJoinPE* edge = pag->addThreadJoinPE(src, dst, cs, exit))
511 setCurrentBBAndValueForPAGEdge(edge);
512 }
SVF::SVFIR::addThreadJoinPE
TDJoinPE * addThreadJoinPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Thread join edge for parameter passing.
Definition SVFIR.cpp:323

◆ addUnaryOPEdge()

void SVF::SVFIRBuilder::addUnaryOPEdge ( NodeID  src,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Unary edge.

Definition at line 442 of file SVFIRBuilder.h.

443 {
444 if(UnaryOPStmt *edge = pag->addUnaryOPStmt(src, dst, opcode))
445 setCurrentBBAndValueForPAGEdge(edge);
446 }
SVF::SVFIR::addUnaryOPStmt
UnaryOPStmt * addUnaryOPStmt(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIR.cpp:185

◆ addVariantGepEdge()

void SVF::SVFIRBuilder::addVariantGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Variant(Gep) edge.

Definition at line 496 of file SVFIRBuilder.h.

497 {
498 if (GepStmt* edge = pag->addVariantGepStmt(src, dst, ap))
499 setCurrentBBAndValueForPAGEdge(edge);
500 }
SVF::SVFIR::addVariantGepStmt
GepStmt * addVariantGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Variant(Gep) edge.
Definition SVFIR.cpp:382

◆ build()

SVFIR * SVFIRBuilder::build ( )
virtual

Start building SVFIR here.

Start building SVFIR here

build icfg

initial external library information initial SVFIR nodes

initial SVFIR edges: // handle globals

build callgraph

handle functions

collect return node of function fun

Return SVFIR node will not be created for function which can not reach the return instruction due to call to abort(), exit(), etc. In 176.gcc of SPEC 2000, function build_objc_string() from c-lang.c shows an example when fun.doesNotReturn() evaluates to TRUE because of abort().

To be noted, we do not record arguments which are in declared function without body TODO: what about external functions with SVFIR imported by commandline?

Definition at line 54 of file SVFIRBuilder.cpp.

55{
56 double startTime = SVFStat::getClk(true);
57
58 DBOUT(DGENERAL, outs() << pasMsg("\t Building SVFIR ...\n"));
59
60 // We read SVFIR from a user-defined txt instead of parsing SVFIR from LLVM IR
61 if (SVFIR::pagReadFromTXT())
62 {
63 PAGBuilderFromFile fileBuilder(SVFIR::pagFileName());
64 return fileBuilder.build();
65 }
66
67 // If the SVFIR has been built before, then we return the unique SVFIR of the program
68 if(pag->getNodeNumAfterPAGBuild() > 1)
69 return pag;
70
71
72 createFunObjVars();
73
75 ICFGBuilder icfgbuilder;
76 pag->icfg = icfgbuilder.build();
77
80 initialiseNodes();
83 visitGlobal();
85
86
87
89 CallGraphBuilder callGraphBuilder;
90 std::vector<const FunObjVar*> funset;
91 for (const auto& item: llvmModuleSet()->getFunctionSet())
92 {
93 funset.push_back(llvmModuleSet()->getFunObjVar(item));
94 }
95 pag->callGraph = callGraphBuilder.buildSVFIRCallGraph(funset);
96
97 CHGraph* chg = new CHGraph();
98 CHGBuilder chgbuilder(chg);
99 chgbuilder.buildCHG();
100 pag->setCHG(chg);
101
103 for (Module& M : llvmModuleSet()->getLLVMModules())
104 {
105 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
106 {
107 const Function& fun = *F;
108 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(&fun);
110 if(!fun.isDeclaration())
111 {
117 if (fun.doesNotReturn() == false &&
118 fun.getReturnType()->isVoidTy() == false)
119 {
120 pag->addFunRet(svffun,
121 pag->getGNode(pag->getReturnNode(svffun)));
122 }
123
126 for (Function::const_arg_iterator I = fun.arg_begin(), E = fun.arg_end();
127 I != E; ++I)
128 {
129 setCurrentLocation(&*I,&fun.getEntryBlock());
130 NodeID argValNodeId = llvmModuleSet()->getValueNode(&*I);
131 // if this is the function does not have caller (e.g. main)
132 // or a dead function, shall we create a black hole address edge for it?
133 // it is (1) too conservative, and (2) make FormalParmVFGNode defined at blackhole address PAGEdge.
134 // if(SVFUtil::ArgInNoCallerFunction(&*I)) {
135 // if(I->getType()->isPointerTy())
136 // addBlackHoleAddrEdge(argValNodeId);
137 //}
138 pag->addFunArgs(svffun,pag->getGNode(argValNodeId));
139 }
140 }
141 for (Function::const_iterator bit = fun.begin(), ebit = fun.end();
142 bit != ebit; ++bit)
143 {
144 const BasicBlock& bb = *bit;
145 for (BasicBlock::const_iterator it = bb.begin(), eit = bb.end();
146 it != eit; ++it)
147 {
148 const Instruction& inst = *it;
149 setCurrentLocation(&inst,&bb);
150 visit(const_cast<Instruction&>(inst));
151 }
152 }
153 }
154 }
155
156 sanityCheck();
157
158 pag->initialiseCandidatePointers();
159
160 pag->setNodeNumAfterPAGBuild(pag->getTotalNodeNum());
161
162 // dump SVFIR
163 if (Options::PAGDotGraph())
164 pag->dump("svfir_initial");
165
166 // print to command line of the SVFIR graph
167 if (Options::PAGPrint())
168 pag->print();
169
170 // dump ICFG
171 if (Options::DumpICFG())
172 pag->getICFG()->dump("icfg_initial");
173
174 if (Options::LoopAnalysis())
175 {
176 LLVMLoopAnalysis loopAnalysis;
177 loopAnalysis.build(pag->getICFG());
178 }
179
180 // dump SVFIR as JSON
181 if (!Options::DumpJson().empty())
182 {
183 assert(false && "please implement SVFIRWriter::writeJsonToPath");
184 }
185
186 double endTime = SVFStat::getClk(true);
187 SVFStat::timeOfBuildingSVFIR = (endTime - startTime) / TIMEINTERVAL;
188
189 return pag;
190}
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:497
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:525
DGENERAL
#define DGENERAL
Definition SVFType.h:503
item
cJSON * item
Definition cJSON.h:222
SVF::GenericGraph::getTotalNodeNum
u32_t getTotalNodeNum() const
Get total number of node/edge.
Definition GenericGraph.h:424
SVF::ICFG::dump
void dump(const std::string &file, bool simple=false)
Dump graph into dot file.
Definition ICFG.cpp:411
SVF::IRGraph::getNodeNumAfterPAGBuild
u32_t getNodeNumAfterPAGBuild() const
Definition IRGraph.h:311
SVF::IRGraph::dump
void dump(std::string name)
Dump SVFIR.
Definition IRGraph.cpp:310
SVF::IRGraph::getReturnNode
NodeID getReturnNode(const FunObjVar *func) const
GetReturnNode - Return the unique node representing the return value of a function.
Definition IRGraph.cpp:60
SVF::IRGraph::setNodeNumAfterPAGBuild
void setNodeNumAfterPAGBuild(u32_t num)
Definition IRGraph.h:315
SVF::LLVMLoopAnalysis::build
virtual void build(ICFG *icfg)
Start from here.
Definition LLVMLoopAnalysis.cpp:89
SVF::LLVMModuleSet::getValueNode
NodeID getValueNode(const Value *V)
Definition LLVMModule.cpp:1049
SVF::LLVMModuleSet::getFunObjVar
const FunObjVar * getFunObjVar(const Function *fun) const
Definition LLVMModule.h:267
SVF::Options::PAGDotGraph
static const Option< bool > PAGDotGraph
Definition Options.h:118
SVF::Options::DumpJson
static const Option< std::string > DumpJson
Definition Options.h:121
SVF::Options::PAGPrint
static const Option< bool > PAGPrint
Definition Options.h:124
SVF::Options::LoopAnalysis
static const Option< bool > LoopAnalysis
Definition Options.h:239
SVF::Options::DumpICFG
static const Option< bool > DumpICFG
Definition Options.h:120
SVF::SVFIRBuilder::sanityCheck
void sanityCheck()
Sanity check for SVFIR.
Definition SVFIRBuilder.cpp:1635
SVF::SVFIRBuilder::visitGlobal
void visitGlobal()
Handle globals including (global variable and functions)
Definition SVFIRBuilder.cpp:948
SVF::SVFIRBuilder::initialiseNodes
void initialiseNodes()
Initialize nodes and edges.
Definition SVFIRBuilder.cpp:533
SVF::SVFIR::print
void print()
Print SVFIR.
Definition SVFIR.cpp:557
SVF::SVFIR::addFunArgs
void addFunArgs(const FunObjVar *fun, const SVFVar *arg)
Get/set method for function/callsite arguments and returns.
Definition SVFIR.h:521
SVF::SVFIR::addFunRet
void addFunRet(const FunObjVar *fun, const SVFVar *ret)
Add function returns.
Definition SVFIR.h:528
SVF::SVFIR::pagFileName
static std::string pagFileName()
Definition SVFIR.h:200
SVF::SVFIR::pagReadFromTXT
static bool pagReadFromTXT()
Definition SVFIR.h:205
SVF::SVFIR::callGraph
CallGraph * callGraph
all the callsites of a program
Definition SVFIR.h:97
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:161
SVF::SVFIR::setCHG
void setCHG(CommonCHGraph *c)
Set/Get CHG.
Definition SVFIR.h:167
SVF::SVFIR::icfg
ICFG * icfg
Definition SVFIR.h:94
SVF::SVFIR::initialiseCandidatePointers
void initialiseCandidatePointers()
Initialize candidate pointers.
Definition SVFIR.cpp:642
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48
SVF::SVFStat::timeOfBuildingSVFIR
static double timeOfBuildingSVFIR
Definition SVFStat.h:95
SVF::LLVMUtil::getFunObjVar
const FunObjVar * getFunObjVar(const std::string &name)
Definition LLVMUtil.cpp:435
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF::BasicBlock
llvm::BasicBlock BasicBlock
Definition BasicTypes.h:86
SVF::Function
llvm::Function Function
Definition BasicTypes.h:85
SVF::Module
llvm::Module Module
Definition BasicTypes.h:84

◆ computeGepOffset()

bool SVFIRBuilder::computeGepOffset ( const User V,
AccessPath ap 
)
protected

Compute offset of a gep instruction or gep constant expression.

Return the object node offset according to GEP insn (V). Given a gep edge p = q + i, if "i" is a constant then we return its offset size otherwise if "i" is a variable determined by runtime, then it is a variant offset Return TRUE if the offset of this GEP insn is a constant.

Definition at line 639 of file SVFIRBuilder.cpp.

640{
641 assert(V);
642
643 const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
644 DataLayout * dataLayout = getDataLayout(llvmModuleSet()->getMainLLVMModule());
645 llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
646 if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
647 {
648 //s32_t bo = byteOffset.getSExtValue();
649 }
650
651 bool isConst = true;
652
653 bool prevPtrOperand = false;
654 for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
655 gi != ge; ++gi)
656 {
657 const Type* gepTy = *gi;
658 const SVFType* svfGepTy = llvmModuleSet()->getSVFType(gepTy);
659
660 assert((prevPtrOperand && svfGepTy->isPointerTy()) == false &&
661 "Expect no more than one gep operand to be of a pointer type");
662 if(!prevPtrOperand && svfGepTy->isPointerTy()) prevPtrOperand = true;
663 const Value* offsetVal = gi.getOperand();
664 assert(gepTy != offsetVal->getType() && "iteration and operand have the same type?");
665 ap.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offsetVal)), svfGepTy);
666
667 //The int value of the current index operand
668 const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
669
670 // if Options::ModelConsts() is disabled. We will treat whole array as one,
671 // but we can distinguish different field of an array of struct, e.g. s[1].f1 is different from s[0].f2
672 if(const ArrayType* arrTy = SVFUtil::dyn_cast<ArrayType>(gepTy))
673 {
674 if(!op || (arrTy->getArrayNumElements() <= (u32_t)LLVMUtil::getIntegerValue(op).first))
675 continue;
676 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
677 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(arrTy), idx);
678 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
679 }
680 else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
681 {
682 assert(op && "non-const offset accessing a struct");
683 //The actual index
684 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
685 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(ST), idx);
686 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
687 }
688 else if (gepTy->isSingleValueType())
689 {
690 // If it's a non-constant offset access
691 // If its point-to target is struct or array, it's likely an array accessing (%result = gep %struct.A* %a, i32 %non-const-index)
692 // If its point-to target is single value (pointer arithmetic), then it's a variant gep (%result = gep i8* %p, i32 %non-const-index)
693 if(!op && gepTy->isPointerTy() && gepOp->getSourceElementType()->isSingleValueType())
694 {
695 isConst = false;
696 }
697
698 // The actual index
699 //s32_t idx = op->getSExtValue();
700
701 // For pointer arithmetic we ignore the byte offset
702 // consider using inferFieldIdxFromByteOffset(geopOp,dataLayout,ap,idx)?
703 // ap.setFldIdx(ap.getConstantFieldIdx() + inferFieldIdxFromByteOffset(geopOp,idx));
704 }
705 }
706 return isConst;
707}
offset
buffer offset
Definition cJSON.cpp:1113
SVF::AccessPath::addOffsetVarAndGepTypePair
bool addOffsetVarAndGepTypePair(const SVFVar *var, const SVFType *gepIterType)
Definition AccessPath.cpp:42
SVF::AccessPath::getConstantStructFldIdx
APOffset getConstantStructFldIdx() const
Get methods.
Definition AccessPath.h:97
SVF::AccessPath::setFldIdx
void setFldIdx(APOffset idx)
Definition AccessPath.h:101
SVF::IRGraph::getFlattenedElemIdx
u32_t getFlattenedElemIdx(const SVFType *T, u32_t origId)
Flattened element idx of an array or struct by considering stride.
Definition IRGraph.cpp:144
SVF::LLVMModuleSet::getSVFType
SVFType * getSVFType(const Type *T)
Get or create SVFType and typeinfo.
Definition LLVMModule.cpp:1166
SVF::SVFIRBuilder::getPAG
SVFIR * getPAG() const
Return SVFIR.
Definition SVFIRBuilder.h:69
llvm::generic_bridge_gep_type_iterator
Definition GEPTypeBridgeIterator.h:18
SVF::LLVMUtil::getIntegerValue
std::pair< s64_t, u64_t > getIntegerValue(const ConstantInt *intValue)
Definition LLVMUtil.h:82
SVF::LLVMUtil::getDataLayout
static DataLayout * getDataLayout(Module *mod)
Definition LLVMUtil.h:313
SVF::DataLayout
llvm::DataLayout DataLayout
Definition BasicTypes.h:108
SVF::ArrayType
llvm::ArrayType ArrayType
Definition BasicTypes.h:95
SVF::StructType
llvm::StructType StructType
LLVM types.
Definition BasicTypes.h:94
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
SVF::ConstantInt
llvm::ConstantInt ConstantInt
Definition BasicTypes.h:125
llvm::bridge_gep_end
bridge_gep_iterator bridge_gep_end(const User *GEP)
Definition GEPTypeBridgeIterator.h:157
llvm::bridge_gep_begin
bridge_gep_iterator bridge_gep_begin(const User *GEP)
Definition GEPTypeBridgeIterator.h:149

◆ createFunObjVars()

void SVFIRBuilder::createFunObjVars ( )

set fun in bb

Definition at line 331 of file SVFIRBuilder.cpp.

332{
333 std::vector<FunObjVar*> funset;
334 // Iterate over all object symbols in the symbol table
335 for (const auto* fun: llvmModuleSet()->getFunctionSet())
336 {
337 u32_t id = llvmModuleSet()->objSyms()[fun];
338 // Debug output for adding object node
339 DBOUT(DPAGBuild, outs() << "add obj node " << id << "\n");
340
341 // Check if the value is a function and add a function object node
342 pag->addFunObjNode(id, pag->getObjTypeInfo(id), nullptr);
343 llvmModuleSet()->LLVMFun2FunObjVar[fun] = cast<FunObjVar>(pag->getGNode(id));
344
345 FunObjVar *funObjVar = SVFUtil::cast<FunObjVar>(pag->getGNode(id));
346 funset.push_back(funObjVar);
347
348 funObjVar->initFunObjVar(fun->isDeclaration(), LLVMUtil::isIntrinsicFun(fun), fun->hasAddressTaken(),
349 LLVMUtil::isUncalledFunction(fun), LLVMUtil::functionDoesNotRet(fun), fun->isVarArg(),
350 SVFUtil::cast<SVFFunctionType>(llvmModuleSet()->getSVFType(fun->getFunctionType())),
351 new SVFLoopAndDomInfo, nullptr, nullptr,
352 {}, nullptr);
353 BasicBlockGraph* bbGraph = new BasicBlockGraph();
354 funObjVar->setBasicBlockGraph(bbGraph);
355
356
357 for (const BasicBlock& bb : *fun)
358 {
359 llvmModuleSet()->addBasicBlock(funObjVar, &bb);
360 }
361
363 for (auto& bb: *funObjVar->bbGraph)
364 {
365 bb.second->setFun(funObjVar);
366 }
367 llvmModuleSet()->addToSVFVar2LLVMValueMap(fun, pag->getGNode(id));
368 }
369
370 initFunObjVar();
371}
DPAGBuild
#define DPAGBuild
Definition SVFType.h:505
SVF::FunObjVar::setBasicBlockGraph
void setBasicBlockGraph(BasicBlockGraph *graph)
Definition SVFVariables.h:1091
SVF::FunObjVar::initFunObjVar
void initFunObjVar(bool decl, bool intrinc, bool addr, bool uncalled, bool notret, bool vararg, const SVFFunctionType *ft, SVFLoopAndDomInfo *ld, const FunObjVar *real, BasicBlockGraph *bbg, const std::vector< const ArgValVar * > &allarg, const SVFBasicBlock *exit)
Definition SVFVariables.cpp:448
SVF::IRGraph::getObjTypeInfo
ObjTypeInfo * getObjTypeInfo(NodeID id) const
Definition IRGraph.h:232
SVF::LLVMModuleSet::LLVMFun2FunObjVar
LLVMFun2FunObjVarMap LLVMFun2FunObjVar
Map an LLVM Function to an SVF Funobjvar.
Definition LLVMModule.h:99
SVF::LLVMModuleSet::objSyms
ValueToIDMapTy & objSyms()
Definition LLVMModule.h:212
SVF::LLVMModuleSet::addBasicBlock
void addBasicBlock(FunObjVar *fun, const BasicBlock *bb)
Definition LLVMModule.h:232
SVF::SVFIR::addFunObjNode
NodeID addFunObjNode(NodeID id, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:642
SVF::LLVMUtil::isUncalledFunction
bool isUncalledFunction(const Function *fun)
whether this is a function without any possible caller?
Definition LLVMUtil.cpp:157
SVF::LLVMUtil::isIntrinsicFun
bool isIntrinsicFun(const Function *func)
Definition LLVMUtil.cpp:189
SVF::LLVMUtil::functionDoesNotRet
bool functionDoesNotRet(const Function *fun)
Definition LLVMUtil.cpp:122

◆ getAccessPathFromBaseNode()

AccessPath SVFIRBuilder::getAccessPathFromBaseNode ( NodeID  nodeId)
protected

Get a base SVFVar given a pointer Return the source node of its connected normal gep edge Otherwise return the node id itself s32_t offset : gep offset

if this node is already a base node

Definition at line 1803 of file SVFIRBuilder.cpp.

1804{
1805 SVFVar* node = pag->getGNode(nodeId);
1806 SVFStmt::SVFStmtSetTy& geps = node->getIncomingEdges(SVFStmt::Gep);
1808 if(geps.empty())
1809 return AccessPath(0);
1810
1811 assert(geps.size()==1 && "one node can only be connected by at most one gep edge!");
1812 SVFVar::iterator it = geps.begin();
1813 const GepStmt* gepEdge = SVFUtil::cast<GepStmt>(*it);
1814 if(gepEdge->isVariantFieldGep())
1815 return AccessPath(0);
1816 else
1817 return gepEdge->getAccessPath();
1818}
SVF::GenericNode::iterator
GEdgeSetTy::iterator iterator
Definition GenericGraph.h:151
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition SVFStatements.h:212
SVF::SVFVar::getIncomingEdges
SVFStmt::SVFStmtSetTy & getIncomingEdges(SVFStmt::PEDGEK kind)
Edge accessors and checkers.
Definition SVFVariables.h:112

◆ getBaseTypeAndFlattenedFields()

const Type * SVFIRBuilder::getBaseTypeAndFlattenedFields ( const Value V,
std::vector< AccessPath > &  fields,
const Value szValue 
)
protectedvirtual

Handle external call.

Find the base type and the max possible offset of an object pointed to by (V).

use user-specified size for this copy operation if the size is a constaint int

Definition at line 44 of file SVFIRExtAPI.cpp.

45{
46 assert(V);
47 const Value* value = getBaseValueForExtArg(V);
48 const Type *objType = LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->inferObjType(value);
49 u32_t numOfElems = pag->getNumOfFlattenElements(LLVMModuleSet::getLLVMModuleSet()->getSVFType(objType));
51 if(szValue && SVFUtil::isa<ConstantInt>(szValue))
52 {
53 auto szIntVal = LLVMUtil::getIntegerValue(SVFUtil::cast<ConstantInt>(szValue));
54 numOfElems = (numOfElems > szIntVal.first) ? szIntVal.first : numOfElems;
55 }
56
57 LLVMContext& context = LLVMModuleSet::getLLVMModuleSet()->getContext();
58 for(u32_t ei = 0; ei < numOfElems; ei++)
59 {
60 AccessPath ls(ei);
61 // make a ConstantInt and create char for the content type due to byte-wise copy
62 const ConstantInt* offset = ConstantInt::get(context, llvm::APInt(32, ei));
63 if (!llvmModuleSet()->hasValueNode(offset))
64 {
65 SymbolTableBuilder builder(pag);
66 builder.collectSym(offset);
67 NodeID id = llvmModuleSet()->getValueNode(offset);
68 pag->addConstantIntValNode(id, LLVMUtil::getIntegerValue(offset), nullptr, llvmModuleSet()->getSVFType(offset->getType()));
69 llvmModuleSet()->addToSVFVar2LLVMValueMap(offset,
70 pag->getGNode(id));
71 }
72 ls.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offset)), nullptr);
73 fields.push_back(ls);
74 }
75 return objType;
76}
SVF::IRGraph::getNumOfFlattenElements
u32_t getNumOfFlattenElements(const SVFType *T)
Definition IRGraph.cpp:169
SVF::LLVMModuleSet::getTypeInference
ObjTypeInference * getTypeInference()
Definition LLVMModule.cpp:94
SVF::ObjTypeInference::inferObjType
const Type * inferObjType(const Value *var)
get or infer the type of the object pointed by the value
Definition ObjTypeInference.cpp:136
SVF::SVFIRBuilder::getBaseValueForExtArg
const Value * getBaseValueForExtArg(const Value *V)
Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst,...
Definition SVFIRBuilder.cpp:1534
SVF::SVFIR::addConstantIntValNode
NodeID addConstantIntValNode(NodeID i, const std::pair< s64_t, u64_t > &intValue, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:584

◆ getBaseValueForExtArg()

const Value * SVFIRBuilder::getBaseValueForExtArg ( const Value V)
protected

Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))

Example 1:

%0 = getelementptr inbounds struct.outer, struct.inner base, i32 0, i32 0 call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false) The base value for %0 is base. Note: the base is recognized as the base value if the offset (field index) is 0

Example 2: https://github.com/SVF-tools/SVF/issues/1650 https://github.com/SVF-tools/SVF/pull/1652

@i1 = dso_local global struct.inner { i32 0, ptr @f1, ptr @f2 } @n1 = dso_local global struct.outer { i32 0, ptr @i1 }

inner = alloca struct.inner %0 = load ptr, ptr getelementptr inbounds (struct.outer, ptr @n1, i32 0, i32 1) call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false)

The base value for %0 is @i1

Example 3:

@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }> <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8

%0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>, ptr @conststruct, i64 0, i32 0, i64 16)

The base value for %0 is still %0

Definition at line 1534 of file SVFIRBuilder.cpp.

1535{
1536 const Value* value = stripAllCasts(V);
1537 assert(value && "null ptr?");
1538 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
1539 {
1540 APOffset totalidx = 0;
1541 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1542 {
1543 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1544 totalidx += LLVMUtil::getIntegerValue(op).first;
1545 }
1546 if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
1547 value = gep->getPointerOperand();
1548 }
1549 else if (const LoadInst* load = SVFUtil::dyn_cast<LoadInst>(value))
1550 {
1551 const Value* loadP = load->getPointerOperand();
1552 if (const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(loadP))
1553 {
1554 APOffset totalidx = 0;
1555 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1556 {
1557 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1558 totalidx += LLVMUtil::getIntegerValue(op).first;
1559 }
1560 const Value * pointer_operand = gep->getPointerOperand();
1561 if (auto *glob = SVFUtil::dyn_cast<GlobalVariable>(pointer_operand))
1562 {
1563 if (glob->hasInitializer())
1564 {
1565 if (auto *initializer = SVFUtil::dyn_cast<
1566 ConstantStruct>(glob->getInitializer()))
1567 {
1568 /*
1569 *@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>
1570 <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8
1571
1572 %0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>,
1573 ptr @conststruct, i64 0, i32 0, i64 16)
1574 in this case, totalidx is 16 while initializer->getNumOperands() is 4, so we return value as the base
1575 */
1576 if (totalidx >= initializer->getNumOperands()) return value;
1577 auto *ptrField = initializer->getOperand(totalidx);
1578 if (auto *ptrValue = SVFUtil::dyn_cast<llvm::GlobalVariable>(ptrField))
1579 {
1580 return ptrValue;
1581 }
1582 }
1583 }
1584 }
1585 }
1586 }
1587
1588 return value;
1589}
SVF::LLVMUtil::stripAllCasts
const Value * stripAllCasts(const Value *val)
Strip off the all casts.
Definition LLVMUtil.cpp:249
SVF::SVFUtil::dyn_cast
LLVM_NODISCARD std::enable_if_t<!is_simple_type< Y >::value, typename cast_retty< X, const Y >::ret_type > dyn_cast(const Y &Val)
Definition Casting.h:405
SVF::ConstantStruct
llvm::ConstantStruct ConstantStruct
Definition BasicTypes.h:106
SVF::LoadInst
llvm::LoadInst LoadInst
Definition BasicTypes.h:149
SVF::GetElementPtrInst
llvm::GetElementPtrInst GetElementPtrInst
Definition BasicTypes.h:162

◆ getCopyKind()

CopyStmt::CopyKind SVF::SVFIRBuilder::getCopyKind ( const Value val)
inlineprotected

Definition at line 379 of file SVFIRBuilder.h.

380 {
381 // COPYVAL, ZEXT, SEXT, BITCAST, FPTRUNC, FPTOUI, FPTOSI, UITOFP, SITOFP, INTTOPTR, PTRTOINT
382 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(val))
383 {
384 switch (inst->getOpcode())
385 {
386 case Instruction::ZExt:
387 return CopyStmt::ZEXT;
388 case Instruction::SExt:
389 return CopyStmt::SEXT;
390 case Instruction::BitCast:
391 return CopyStmt::BITCAST;
392 case Instruction ::Trunc:
393 return CopyStmt::TRUNC;
394 case Instruction::FPTrunc:
395 return CopyStmt::FPTRUNC;
396 case Instruction::FPToUI:
397 return CopyStmt::FPTOUI;
398 case Instruction::FPToSI:
399 return CopyStmt::FPTOSI;
400 case Instruction::UIToFP:
401 return CopyStmt::UITOFP;
402 case Instruction::SIToFP:
403 return CopyStmt::SITOFP;
404 case Instruction::IntToPtr:
405 return CopyStmt::INTTOPTR;
406 case Instruction::PtrToInt:
407 return CopyStmt::PTRTOINT;
408 default:
409 return CopyStmt::COPYVAL;
410 }
411 }
412 assert (false && "Unknown cast inst!");
413 abort();
414 }

◆ getCurrentBB()

const SVFBasicBlock * SVF::SVFIRBuilder::getCurrentBB ( ) const
inlineprotected

Definition at line 263 of file SVFIRBuilder.h.

264 {
265 return curBB;
266 }

◆ getCurrentValue()

const Value * SVF::SVFIRBuilder::getCurrentValue ( ) const
inlineprotected

Definition at line 259 of file SVFIRBuilder.h.

260 {
261 return curVal;
262 }

◆ getGepValVar()

NodeID SVFIRBuilder::getGepValVar ( const Value val,
const AccessPath ap,
const SVFType elementType 
)
protected

Add a temp field value node according to base value and offset this node is after the initial node method, it is out of scope of symInfo table

Definition at line 1661 of file SVFIRBuilder.cpp.

1662{
1663 NodeID base = getValueNode(val);
1664 NodeID gepval = pag->getGepValVar(llvmModuleSet()->getValueNode(curVal), base, ap);
1665 if (gepval==UINT_MAX)
1666 {
1667 assert(((int) UINT_MAX)==-1 && "maximum limit of unsigned int is not -1?");
1668 /*
1669 * getGepValVar can only be called from two places:
1670 * 1. SVFIRBuilder::addComplexConsForExt to handle external calls
1671 * 2. SVFIRBuilder::getGlobalVarField to initialize global variable
1672 * so curVal can only be
1673 * 1. Instruction
1674 * 2. GlobalVariable
1675 */
1676 assert(
1677 (SVFUtil::isa<Instruction>(curVal) || SVFUtil::isa<GlobalVariable>(curVal)) && "curVal not an instruction or a globalvariable?");
1678
1679 // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
1680 // We preserve the current BB information to restore it after creating the gepNode
1681 const Value* cval = getCurrentValue();
1682 const SVFBasicBlock* cbb = getCurrentBB();
1683 setCurrentLocation(curVal, (SVFBasicBlock*) nullptr);
1684 LLVMModuleSet* llvmmodule = llvmModuleSet();
1685 const ICFGNode* node = nullptr;
1686 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
1687 if (llvmmodule->hasICFGNode(inst))
1688 {
1689 node = llvmmodule->getICFGNode(inst);
1690 }
1691 NodeID gepNode = pag->addGepValNode(llvmModuleSet()->getValueNode(curVal), cast<ValVar>(pag->getGNode(getValueNode(val))), ap,
1692 NodeIDAllocator::get()->allocateValueId(),
1693 llvmmodule->getSVFType(PointerType::getUnqual(llvmmodule->getContext())), node);
1694 addGepEdge(base, gepNode, ap, true);
1695 setCurrentLocation(cval, cbb);
1696 return gepNode;
1697 }
1698 else
1699 return gepval;
1700}
SVF::NodeIDAllocator::get
static NodeIDAllocator * get(void)
Return (singleton) allocator.
Definition NodeIDAllocator.cpp:26
SVF::SVFIRBuilder::addGepEdge
void addGepEdge(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIRBuilder.h:484
SVF::SVFIR::getGepValVar
NodeID getGepValVar(NodeID curInst, NodeID base, const AccessPath &ap) const
Due to constraint expression, curInst is used to distinguish different instructions (e....
Definition SVFIR.cpp:522
SVF::SVFIR::addGepValNode
NodeID addGepValNode(NodeID curInst, const ValVar *base, const AccessPath &ap, NodeID i, const SVFType *type, const ICFGNode *node)
Add a temp field value node, this method can only invoked by getGepValVar.
Definition SVFIR.cpp:403

◆ getGlobalVarField()

NodeID SVFIRBuilder::getGlobalVarField ( const GlobalVariable gvar,
u32_t  offset,
SVFType tpy 
)
protected

Get the field of the global variable node FIXME:Here we only get the field that actually used in the program We ignore the initialization of global variable field that not used in the program

if we did not find the constant expression in the program, then we need to create a gep node for this field

Definition at line 843 of file SVFIRBuilder.cpp.

844{
845
846 // if the global variable do not have any field needs to be initialized
847 if (offset == 0 && gvar->getInitializer()->getType()->isSingleValueType())
848 {
849 return getValueNode(gvar);
850 }
853 else
854 {
855 return getGepValVar(gvar, AccessPath(offset), tpy);
856 }
857}

◆ getObjectNode()

NodeID SVF::SVFIRBuilder::getObjectNode ( const Value V)
inline

GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.

Definition at line 107 of file SVFIRBuilder.h.

108 {
109 return llvmModuleSet()->getObjectNode(V);
110 }
SVF::LLVMModuleSet::getObjectNode
NodeID getObjectNode(const Value *V)
Definition LLVMModule.cpp:1070

◆ getPAG()

SVFIR * SVF::SVFIRBuilder::getPAG ( ) const
inline

Return SVFIR.

Definition at line 69 of file SVFIRBuilder.h.

70 {
71 return pag;
72 }

◆ getReturnNode()

NodeID SVF::SVFIRBuilder::getReturnNode ( const FunObjVar func)
inline

getReturnNode - Return the node representing the unique return value of a function.

Definition at line 113 of file SVFIRBuilder.h.

114 {
115 return pag->getReturnNode(func);
116 }

◆ getValueNode()

NodeID SVF::SVFIRBuilder::getValueNode ( const Value V)
inline

Get different kinds of node.

Definition at line 97 of file SVFIRBuilder.h.

98 {
99 // first handle gep edge if val if a constant expression
100 processCE(V);
101
102 // strip off the constant cast and return the value node
103 return llvmModuleSet()->getValueNode(V);
104 }
SVF::SVFIRBuilder::processCE
void processCE(const Value *val)
Process constant expression.
Definition SVFIRBuilder.cpp:712

◆ getVarargNode()

NodeID SVF::SVFIRBuilder::getVarargNode ( const FunObjVar func)
inline

getVarargNode - Return the node representing the unique variadic argument of a function.

Definition at line 119 of file SVFIRBuilder.h.

120 {
121 return pag->getVarargNode(func);
122 }
SVF::IRGraph::getVarargNode
NodeID getVarargNode(const FunObjVar *func) const
getVarargNode - Return the unique node representing the variadic argument of a variadic function.
Definition IRGraph.cpp:67

◆ handleDirectCall()

void SVFIRBuilder::handleDirectCall ( CallBase cs,
const Function F 
)
protected

Handle direct call.

Add the constraints for a direct, non-external call.

FIXME: this assertion should be placed for correct checking except bug program like 188.ammp, 300.twolf

Definition at line 1440 of file SVFIRBuilder.cpp.

1441{
1442
1443 assert(F);
1444 CallICFGNode* callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
1445 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(F);
1446 DBOUT(DPAGBuild,
1447 outs() << "handle direct call " << LLVMUtil::dumpValue(cs) << " callee " << F->getName().str() << "\n");
1448
1449 //Only handle the ret.val. if it's used as a ptr.
1450 NodeID dstrec = getValueNode(cs);
1451 //Does it actually return a ptr?
1452 if (!cs->getType()->isVoidTy())
1453 {
1454 NodeID srcret = getReturnNode(svffun);
1455 FunExitICFGNode* exitICFGNode = pag->getICFG()->getFunExitICFGNode(svffun);
1456 addRetEdge(srcret, dstrec,callICFGNode, exitICFGNode);
1457 }
1458 //Iterators for the actual and formal parameters
1459 u32_t itA = 0, ieA = cs->arg_size();
1460 Function::const_arg_iterator itF = F->arg_begin(), ieF = F->arg_end();
1461 //Go through the fixed parameters.
1462 DBOUT(DPAGBuild, outs() << " args:");
1463 for (; itF != ieF; ++itA, ++itF)
1464 {
1465 //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
1466 if (itA == ieA)
1467 {
1468 DBOUT(DPAGBuild, outs() << " !! not enough args\n");
1469 break;
1470 }
1471 const Value* AA = cs->getArgOperand(itA), *FA = &*itF; //current actual/formal arg
1472
1473 DBOUT(DPAGBuild, outs() << "process actual parm " << llvmModuleSet()->getSVFValue(AA)->toString() << " \n");
1474
1475 NodeID dstFA = getValueNode(FA);
1476 NodeID srcAA = getValueNode(AA);
1477 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1478 addCallEdge(srcAA, dstFA, callICFGNode, entry);
1479 }
1480 //Any remaining actual args must be varargs.
1481 if (F->isVarArg())
1482 {
1483 NodeID vaF = getVarargNode(svffun);
1484 DBOUT(DPAGBuild, outs() << "\n varargs:");
1485 for (; itA != ieA; ++itA)
1486 {
1487 const Value* AA = cs->getArgOperand(itA);
1488 NodeID vnAA = getValueNode(AA);
1489 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1490 addCallEdge(vnAA,vaF, callICFGNode,entry);
1491 }
1492 }
1493 if(itA != ieA)
1494 {
1497 writeWrnMsg("too many args to non-vararg func.");
1498 writeWrnMsg("(" + callICFGNode->getSourceLoc() + ")");
1499
1500 }
1501}
SVF::ICFG::getFunExitICFGNode
FunExitICFGNode * getFunExitICFGNode(const FunObjVar *fun)
Add a function exit node.
Definition ICFG.cpp:249
SVF::ICFG::getFunEntryICFGNode
FunEntryICFGNode * getFunEntryICFGNode(const FunObjVar *fun)
Add a function entry node.
Definition ICFG.cpp:242
SVF::LLVMModuleSet::getCallICFGNode
CallICFGNode * getCallICFGNode(const Instruction *cs)
get a call node
Definition LLVMModule.cpp:1208
SVF::SVFIRBuilder::getVarargNode
NodeID getVarargNode(const FunObjVar *func)
getVarargNode - Return the node representing the unique variadic argument of a function.
Definition SVFIRBuilder.h:119
SVF::SVFIRBuilder::getReturnNode
NodeID getReturnNode(const FunObjVar *func)
getReturnNode - Return the node representing the unique return value of a function.
Definition SVFIRBuilder.h:113
SVF::SVFIRBuilder::addRetEdge
void addRetEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIRBuilder.h:478
SVF::SVFIRBuilder::addCallEdge
void addCallEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIRBuilder.h:472
SVF::LLVMUtil::dumpValue
std::string dumpValue(const Value *val)
Definition LLVMUtil.cpp:600
SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:68

◆ handleExtCall()

void SVFIRBuilder::handleExtCall ( const CallBase cs,
const Function callee 
)
protectedvirtual

pthread_create has 1 arg. apr_thread_create has 2 arg.

Connect actual parameter to formal parameter of the start routine

handle indirect calls at pthread create APIs e.g., pthread_create(&t1, nullptr, fp, ...); const Value* fun = ThreadAPI::getThreadAPI()->getForkedFun(inst); if(!SVFUtilisa<Function>(fun)) pag->addIndirectCallsites(cs,pag->getValueNode(fun));

If forkedFun does not pass to spawnee as function type but as void pointer remember to update inter-procedural callgraph/SVFIR/SVFG etc. when indirect call targets are resolved We don't connect the callgraph here, further investigation is need to handle mod-ref during SVFG construction.

TODO: inter-procedural SVFIR edges for thread joins

Definition at line 128 of file SVFIRExtAPI.cpp.

129{
130 const CallICFGNode *callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
131
132 if (isHeapAllocExtCallViaRet(callICFGNode))
133 {
134 NodeID val = llvmModuleSet()->getValueNode(cs);
135 NodeID obj = llvmModuleSet()->getObjectNode(cs);
136 addAddrWithHeapSz(obj, val, cs);
137 }
138 else if (isHeapAllocExtCallViaArg(callICFGNode))
139 {
140 u32_t arg_pos = LLVMUtil::getHeapAllocHoldingArgPosition(callee);
141 Value* arg = cs->getArgOperand(arg_pos);
142 if (cs->getArgOperand(arg_pos)->getType()->isPointerTy())
143 {
144 NodeID vnArg = llvmModuleSet()->getValueNode(arg);
145 NodeID dummy = pag->addDummyValNode();
146 NodeID obj = pag->addDummyObjNode(llvmModuleSet()->getSVFType(cs->getArgOperand(arg_pos)->getType()));
147 if (vnArg && dummy && obj)
148 {
149 addAddrWithHeapSz(obj, dummy, cs);
150 addStoreEdge(dummy, vnArg);
151 }
152 }
153 else
154 {
155 writeWrnMsg("Arg receiving new object must be pointer type");
156 }
157 }
158 else if (LLVMUtil::isMemcpyExtFun(callee))
159 {
160 // Side-effects similar to void *memcpy(void *dest, const void * src, size_t n)
161 // which copies n characters from memory area 'src' to memory area 'dest'.
162 if(callee->getName().find("iconv") != std::string::npos)
163 addComplexConsForExt(cs->getArgOperand(3), cs->getArgOperand(1), nullptr);
164 else if(callee->getName().find("bcopy") != std::string::npos)
165 addComplexConsForExt(cs->getArgOperand(1), cs->getArgOperand(0), cs->getArgOperand(2));
166 if(cs->arg_size() == 3)
167 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), cs->getArgOperand(2));
168 else
169 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), nullptr);
170 if(SVFUtil::isa<PointerType>(cs->getType()))
171 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
172 }
173 else if(LLVMUtil::isMemsetExtFun(callee))
174 {
175 // Side-effects similar to memset(void *str, int c, size_t n)
176 // which copies the character c (an unsigned char) to the first n characters of the string pointed to, by the argument str
177 std::vector<AccessPath> dstFields;
178 const Type *dtype = getBaseTypeAndFlattenedFields(cs->getArgOperand(0), dstFields, cs->getArgOperand(2));
179 u32_t sz = dstFields.size();
180 //For each field (i), add store edge *(arg0 + i) = arg1
181 for (u32_t index = 0; index < sz; index++)
182 {
183 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
184 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
185 dstFields[index].getConstantStructFldIdx());
186 NodeID dField = getGepValVar(cs->getArgOperand(0), dstFields[index], dElementType);
187 addStoreEdge(getValueNode(cs->getArgOperand(1)),dField);
188 }
189 if(SVFUtil::isa<PointerType>(cs->getType()))
190 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
191 }
192 else if(callee->getName().compare("dlsym") == 0)
193 {
194 /*
195 Side-effects of void* dlsym( void* handle, const char* funName),
196 Locate the function with the name "funName," then add a "copy" edge between the callsite and that function.
197 dlsym() example:
198 int main() {
199 // Open the shared library
200 void* handle = dlopen("./my_shared_library.so", RTLD_LAZY);
201 // Find the function address
202 void (*myFunctionPtr)() = (void (*)())dlsym(handle, "myFunction");
203 // Call the function
204 myFunctionPtr();
205 }
206 */
207 const Value* src = cs->getArgOperand(1);
208 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(src))
209 src = stripConstantCasts(gep->getPointerOperand());
210
211 auto getHookFn = [](const Value* src)->const Function*
212 {
213 if (!SVFUtil::isa<GlobalVariable>(src))
214 return nullptr;
215
216 auto *glob = SVFUtil::cast<GlobalVariable>(src);
217 if (!glob->hasInitializer() || !SVFUtil::isa<ConstantDataArray>(glob->getInitializer()))
218 return nullptr;
219
220 auto *constarray = SVFUtil::cast<ConstantDataArray>(glob->getInitializer());
221 return LLVMUtil::getProgFunction(constarray->getAsCString().str());
222 };
223
224 if (const Function *fn = getHookFn(src))
225 {
226 NodeID srcNode = getValueNode(fn);
227 addCopyEdge(srcNode, getValueNode(cs), CopyStmt::COPYVAL);
228 }
229 }
230 else if(callee->getName().find("_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_") != std::string::npos)
231 {
232 // The purpose of this function is to insert a new node into the red-black tree and then rebalance the tree to ensure that the red-black tree properties are maintained.
233 assert(cs->arg_size() == 4 && "_Rb_tree_insert_and_rebalance should have 4 arguments.\n");
234
235 // We have vArg3 points to the entry of _Rb_tree_node_base { color; parent; left; right; }.
236 // Now we calculate the offset from base to vArg3
237 NodeID vnArg3 = llvmModuleSet()->getValueNode(cs->getArgOperand(3));
238 APOffset offset =
239 getAccessPathFromBaseNode(vnArg3).getConstantStructFldIdx();
240
241 // We get all flattened fields of base
242 vector<AccessPath> fields = pag->getTypeLocSetsMap(vnArg3).second;
243
244 // We summarize the side effects: arg3->parent = arg1, arg3->left = arg1, arg3->right = arg1
245 // Note that arg0 is aligned with "offset".
246 for (APOffset i = offset + 1; i <= offset + 3; ++i)
247 {
248 if((u32_t)i >= fields.size())
249 break;
250 const SVFType* elementType = pag->getFlatternedElemType(pag->getTypeLocSetsMap(vnArg3).first,
251 fields[i].getConstantStructFldIdx());
252 NodeID vnD = getGepValVar(cs->getArgOperand(3), fields[i], elementType);
253 NodeID vnS = llvmModuleSet()->getValueNode(cs->getArgOperand(1));
254 if(vnD && vnS)
255 addStoreEdge(vnS,vnD);
256 }
257 }
258
259 if (isThreadForkCall(callICFGNode))
260 {
261 const ValVar* valVar = getForkedFun(callICFGNode);
262 if (const FunValVar* funcValVar = SVFUtil::dyn_cast<FunValVar>(valVar))
263 {
264 const FunObjVar* forkedFun = funcValVar->getFunction()->getDefFunForMultipleModule();
265 const SVFVar* actualParm = getActualParmAtForkSite(callICFGNode);
268 assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
269 if (forkedFun->arg_size() <= 2 && forkedFun->arg_size() >= 1)
270 {
271 const ArgValVar* formalParm = forkedFun->getArg(0);
273 if (actualParm->isPointer() && formalParm->getType()->isPointerTy())
274 {
275 FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
276 addThreadForkEdge(actualParm->getId(), formalParm->getId(), callICFGNode, entry);
277 }
278 }
279 }
280 else
281 {
286 }
290 }
291
293}
SVF::ArgValVar
Class representing a function argument variable in the SVFIR.
Definition SVFVariables.h:346
SVF::FunObjVar::getFunction
virtual const FunObjVar * getFunction() const
Get containing function, or null for globals/constants.
Definition SVFVariables.cpp:472
SVF::FunObjVar::getDefFunForMultipleModule
const FunObjVar * getDefFunForMultipleModule() const
Definition SVFVariables.h:1084
SVF::SVFIRBuilder::addAddrWithHeapSz
AddrStmt * addAddrWithHeapSz(NodeID src, NodeID dst, const CallBase *cs)
Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
Definition SVFIRBuilder.h:323
SVF::SVFIRBuilder::addThreadForkEdge
void addThreadForkEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIRBuilder.h:502
SVF::SVFIRBuilder::getAccessPathFromBaseNode
AccessPath getAccessPathFromBaseNode(NodeID nodeId)
Definition SVFIRBuilder.cpp:1803
SVF::SVFIRBuilder::addCopyEdge
CopyStmt * addCopyEdge(NodeID src, NodeID dst, CopyStmt::CopyKind kind)
Definition SVFIRBuilder.h:369
SVF::SVFIRBuilder::addComplexConsForExt
virtual void addComplexConsForExt(Value *D, Value *S, const Value *sz)
Definition SVFIRExtAPI.cpp:82
SVF::SVFIR::getTypeLocSetsMap
SVFTypeLocSetsPair & getTypeLocSetsMap(NodeID argId)
Given an arg NodeId, get its base SVFType* and all its field location sets.
Definition SVFIR.h:266
SVF::SVFIR::addDummyObjNode
NodeID addDummyObjNode(const SVFType *type)
Definition SVFIR.h:489
SVF::LLVMUtil::getProgFunction
const Function * getProgFunction(const std::string &funName)
Get program entry function from module.
Definition LLVMUtil.cpp:39
SVF::LLVMUtil::stripConstantCasts
const Value * stripConstantCasts(const Value *val)
Strip off the constant casts.
Definition LLVMUtil.cpp:218
SVF::LLVMUtil::isHeapAllocExtCallViaRet
bool isHeapAllocExtCallViaRet(const Instruction *inst)
Definition LLVMUtil.cpp:633
SVF::LLVMUtil::isMemcpyExtFun
bool isMemcpyExtFun(const Function *fun)
Definition LLVMUtil.cpp:388
SVF::LLVMUtil::isHeapAllocExtCallViaArg
bool isHeapAllocExtCallViaArg(const Instruction *inst)
Definition LLVMUtil.cpp:648
SVF::LLVMUtil::isMemsetExtFun
bool isMemsetExtFun(const Function *fun)
Definition LLVMUtil.cpp:394
SVF::LLVMUtil::getHeapAllocHoldingArgPosition
u32_t getHeapAllocHoldingArgPosition(const Function *fun)
Definition LLVMUtil.cpp:400
SVF::SVFUtil::isThreadForkCall
bool isThreadForkCall(const CallICFGNode *inst)
Definition SVFUtil.h:360
SVF::SVFUtil::getActualParmAtForkSite
const ValVar * getActualParmAtForkSite(const CallICFGNode *cs)
Return sole argument of the thread routine.
Definition SVFUtil.h:408
SVF::SVFUtil::getForkedFun
const ValVar * getForkedFun(const CallICFGNode *inst)
Return thread fork function.
Definition SVFUtil.h:331

◆ handleIndCall()

void SVFIRBuilder::handleIndCall ( CallBase cs)
protected

Handle indirect call.

Indirect call is resolved on-the-fly during pointer analysis

Definition at line 1594 of file SVFIRBuilder.cpp.

1595{
1596 const CallICFGNode* cbn = llvmModuleSet()->getCallICFGNode(cs);
1597 pag->addIndirectCallsites(cbn,llvmModuleSet()->getValueNode(cs->getCalledOperand()));
1598}
SVF::SVFIR::addIndirectCallsites
void addIndirectCallsites(const CallICFGNode *cs, NodeID funPtr)
Add indirect callsites.
Definition SVFIR.h:547

◆ inferFieldIdxFromByteOffset()

u32_t SVFIRBuilder::inferFieldIdxFromByteOffset ( const llvm::GEPOperator *  gepOp,
DataLayout dl,
AccessPath ap,
APOffset  idx 
)
protected

Infer field index from byteoffset.

Definition at line 628 of file SVFIRBuilder.cpp.

629{
630 return 0;
631}

◆ initDomTree()

void SVFIRBuilder::initDomTree ( FunObjVar func,
const Function f 
)

Definition at line 263 of file SVFIRBuilder.cpp.

264{
265 if (fun->isDeclaration())
266 return;
267 //process and stored dt & df
268 DominanceFrontier df;
269 DominatorTree& dt = llvmModuleSet()->getDomTree(fun);
270 df.analyze(dt);
271 LoopInfo loopInfo = LoopInfo(dt);
272 PostDominatorTree pdt = PostDominatorTree(const_cast<Function&>(*fun));
273 SVFLoopAndDomInfo* ld = svffun->getLoopAndDomInfo();
274
275 Map<const SVFBasicBlock*,Set<const SVFBasicBlock*>> & dfBBsMap = ld->getDomFrontierMap();
276 for (DominanceFrontierBase::const_iterator dfIter = df.begin(), eDfIter = df.end(); dfIter != eDfIter; dfIter++)
277 {
278 const BasicBlock* keyBB = dfIter->first;
279 const std::set<BasicBlock* >& domSet = dfIter->second;
280 Set<const SVFBasicBlock*>& valueBasicBlocks = dfBBsMap[llvmModuleSet()->getSVFBasicBlock(keyBB)];
281 for (const BasicBlock* bbValue:domSet)
282 {
283 valueBasicBlocks.insert(llvmModuleSet()->getSVFBasicBlock(bbValue));
284 }
285 }
286 std::vector<const SVFBasicBlock*> reachableBBs;
287 LLVMUtil::getFunReachableBBs(fun, reachableBBs);
288 ld->setReachableBBs(reachableBBs);
289
290 for (Function::const_iterator bit = fun->begin(), beit = fun->end(); bit!=beit; ++bit)
291 {
292 const BasicBlock &bb = *bit;
293 SVFBasicBlock* svfBB = llvmModuleSet()->getSVFBasicBlock(&bb);
294 if (DomTreeNode* dtNode = dt.getNode(&bb))
295 {
296 SVFLoopAndDomInfo::BBSet& bbSet = ld->getDomTreeMap()[svfBB];
297 for (const auto domBB : *dtNode)
298 {
299 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
300 bbSet.insert(domSVFBB);
301 }
302 }
303
304 if (DomTreeNode* pdtNode = pdt.getNode(&bb))
305 {
306 u32_t level = pdtNode->getLevel();
307 ld->getBBPDomLevel()[svfBB] = level;
308 BasicBlock* idomBB = pdtNode->getIDom()->getBlock();
309 const SVFBasicBlock* idom = idomBB == NULL ? NULL: llvmModuleSet()->getSVFBasicBlock(idomBB);
310 ld->getBB2PIdom()[svfBB] = idom;
311
312 SVFLoopAndDomInfo::BBSet& bbSet = ld->getPostDomTreeMap()[svfBB];
313 for (const auto domBB : *pdtNode)
314 {
315 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
316 bbSet.insert(domSVFBB);
317 }
318 }
319
320 if (const Loop* loop = loopInfo.getLoopFor(&bb))
321 {
322 for (const BasicBlock* loopBlock : loop->getBlocks())
323 {
324 const SVFBasicBlock* loopbb = llvmModuleSet()->getSVFBasicBlock(loopBlock);
325 ld->addToBB2LoopMap(svfBB, loopbb);
326 }
327 }
328 }
329}
SVF::LLVMModuleSet::getSVFBasicBlock
SVFBasicBlock * getSVFBasicBlock(const BasicBlock *bb)
Definition LLVMModule.h:298
SVF::LLVMModuleSet::getDomTree
DominatorTree & getDomTree(const Function *fun)
Definition LLVMModule.cpp:99
SVF::SVFLoopAndDomInfo::getDomFrontierMap
const Map< const SVFBasicBlock *, BBSet > & getDomFrontierMap() const
Definition SVFLoopAndDomInfo.h:65
SVF::SVFLoopAndDomInfo::BBSet
Set< const SVFBasicBlock * > BBSet
Definition SVFLoopAndDomInfo.h:45
NULL
#define NULL
Definition extapi.c:5
SVF::LLVMUtil::getFunReachableBBs
void getFunReachableBBs(const Function *svfFun, std::vector< const SVFBasicBlock * > &bbs)
Get reachable basic block from function entry.
Definition LLVMUtil.cpp:74
SVF::LoopInfo
llvm::LoopInfo LoopInfo
Definition BasicTypes.h:141
SVF::DomTreeNode
llvm::DomTreeNode DomTreeNode
Definition BasicTypes.h:134
SVF::PostDominatorTree
llvm::PostDominatorTree PostDominatorTree
Definition BasicTypes.h:136
SVF::DominanceFrontier
llvm::DominanceFrontier DominanceFrontier
Definition BasicTypes.h:135
SVF::Loop
llvm::Loop Loop
LLVM Loop.
Definition BasicTypes.h:140
SVF::DominatorTree
llvm::DominatorTree DominatorTree
LLVM Dominators.
Definition BasicTypes.h:133

◆ initFunObjVar()

void SVFIRBuilder::initFunObjVar ( )

Function

set realDefFun for all functions

Definition at line 192 of file SVFIRBuilder.cpp.

193{
194 for (Module& mod : llvmModuleSet()->getLLVMModules())
195 {
197 for (const Function& f : mod.functions())
198 {
199 FunObjVar* svffun = const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(&f));
200 initSVFBasicBlock(&f);
201
202 if (!LLVMUtil::isExtCall(&f))
203 {
204 initDomTree(svffun, &f);
205 }
207 const Function *realfun = llvmModuleSet()->getRealDefFun(&f);
208 svffun->setRelDefFun(realfun == nullptr ? nullptr : llvmModuleSet()->getFunObjVar(realfun));
209 }
210 }
211
212 // Store annotations of functions in extapi.bc
213 for (const auto& pair : llvmModuleSet()->ExtFun2Annotations)
214 {
215 ExtAPI::getExtAPI()->setExtFuncAnnotations(llvmModuleSet()->getFunObjVar(pair.first), pair.second);
216 }
217
218}
SVF::ExtAPI::getExtAPI
static ExtAPI * getExtAPI()
Definition ExtAPI.cpp:44
SVF::ExtAPI::setExtFuncAnnotations
void setExtFuncAnnotations(const FunObjVar *fun, const std::vector< std::string > &funcAnnotations)
Definition ExtAPI.cpp:223
SVF::LLVMModuleSet::getRealDefFun
const Function * getRealDefFun(const Function *fun) const
Definition LLVMModule.h:185
SVF::SVFIRBuilder::initSVFBasicBlock
void initSVFBasicBlock(const Function *func)
Definition SVFIRBuilder.cpp:220
SVF::SVFIRBuilder::initDomTree
void initDomTree(FunObjVar *func, const Function *f)
Definition SVFIRBuilder.cpp:263
SVF::LLVMUtil::isExtCall
bool isExtCall(const Function *fun)
Definition LLVMUtil.cpp:383

◆ InitialGlobal()

void SVFIRBuilder::InitialGlobal ( const GlobalVariable gvar,
Constant C,
u32_t  offset 
)
protected

src should not point to anything yet

Definition at line 870 of file SVFIRBuilder.cpp.

872{
873 DBOUT(DPAGBuild, outs() << "global " << llvmModuleSet()->getSVFValue(gvar)->toString() << " constant initializer: " << llvmModuleSet()->getSVFValue(C)->toString() << "\n");
874 if (C->getType()->isSingleValueType())
875 {
876 NodeID src = getValueNode(C);
877 // get the field value if it is available, otherwise we create a dummy field node.
878 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
879 NodeID field = getGlobalVarField(gvar, offset, llvmModuleSet()->getSVFType(C->getType()));
880
881 if (SVFUtil::isa<GlobalVariable, Function>(C))
882 {
883 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
884 addStoreEdge(src, field);
885 }
886 else if (SVFUtil::isa<ConstantExpr>(C))
887 {
888 // add gep edge of C1 itself is a constant expression
889 processCE(C);
890 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
891 addStoreEdge(src, field);
892 }
893 else if (SVFUtil::isa<BlockAddress>(C))
894 {
895 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
896 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
897 processCE(C);
898 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
899 addAddrEdge(pag->getConstantNode(), src);
900 }
901 else
902 {
903 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
904 addStoreEdge(src, field);
906 if (C->getType()->isPtrOrPtrVectorTy() && src != pag->getNullPtr())
907 addCopyEdge(pag->getNullPtr(), src, CopyStmt::COPYVAL);
908 }
909 }
910 else if (SVFUtil::isa<ConstantArray, ConstantStruct>(C))
911 {
912 if(cppUtil::isValVtbl(gvar) && !Options::VtableInSVFIR())
913 return;
914 for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
915 {
916 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
917 InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
918 }
919 }
920 else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
921 {
922 if(Options::ModelConsts())
923 {
924 if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data))
925 {
926 for(u32_t i = 0; i < seq->getNumElements(); i++)
927 {
928 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
929 Constant* ct = seq->getElementAsConstant(i);
930 InitialGlobal(gvar, ct, offset + off);
931 }
932 }
933 else
934 {
935 assert((SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) && "Single value type data should have been handled!");
936 }
937 }
938 }
939 else
940 {
941 //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
942 }
943}
SVF::IRGraph::getConstantNode
NodeID getConstantNode() const
Definition IRGraph.h:249
SVF::Options::ModelConsts
static Option< bool > ModelConsts
Definition Options.h:184
SVF::Options::VtableInSVFIR
static const Option< bool > VtableInSVFIR
Definition Options.h:214
SVF::SVFIRBuilder::InitialGlobal
void InitialGlobal(const GlobalVariable *gvar, Constant *C, u32_t offset)
Definition SVFIRBuilder.cpp:870
SVF::SVFIRBuilder::getGlobalVarField
NodeID getGlobalVarField(const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
Definition SVFIRBuilder.cpp:843
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition CppUtil.cpp:336
SVF::ConstantData
llvm::ConstantData ConstantData
Definition BasicTypes.h:116
SVF::Constant
llvm::Constant Constant
Definition BasicTypes.h:124
SVF::ConstantDataSequential
llvm::ConstantDataSequential ConstantDataSequential
Definition BasicTypes.h:119

◆ initialiseBaseObjVars()

void SVFIRBuilder::initialiseBaseObjVars ( )

Definition at line 373 of file SVFIRBuilder.cpp.

374{
375 // Iterate over all object symbols in the symbol table
376 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
377 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end();
378 ++iter)
379 {
380 // Debug output for adding object node
381 DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
382
383 // Skip blackhole and constant symbols
384 if(iter->second == pag->blackholeSymID() || iter->second == pag->constantSymID())
385 continue;
386
387 // Get the LLVM value corresponding to the symbol
388 const Value* llvmValue = iter->first;
389
390 const ICFGNode* icfgNode = nullptr;
391 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
392 {
393 if(llvmModuleSet()->hasICFGNode(inst))
394 icfgNode = llvmModuleSet()->getICFGNode(inst);
395 }
396
397 // Check if the value is a function and add a function object node
398 if (SVFUtil::dyn_cast<Function>(llvmValue))
399 {
400 // already one
401 }
402 // Check if the value is a heap object and add a heap object node
403 else if (LLVMUtil::isHeapObj(llvmValue))
404 {
405 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
406 pag->addHeapObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
407 }
408 // Check if the value is an alloca instruction and add a stack object node
409 else if (LLVMUtil::isStackObj(llvmValue))
410 {
411 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
412 pag->addStackObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
413 }
414 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
415 {
416 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
417 pag->addConstantFPObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getDoubleValue(fpValue), icfgNode);
418 }
419 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
420 {
421 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
422 pag->addConstantIntObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getIntegerValue(intValue), icfgNode);
423 }
424 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
425 {
426 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
427 pag->addConstantNullPtrObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
428 }
429 else if (SVFUtil::isa<GlobalValue>(llvmValue))
430 {
431 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
432 pag->addGlobalObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
433 }
434 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
435 {
436 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
437 pag->addConstantDataObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
438 }
439 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
440 {
441 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
442 pag->addConstantAggObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
443 }
444 // Add a generic object node for other types of values
445 else
446 {
447 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
448 pag->addObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
449 }
450 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
451 }
452
453}
SVF::IRGraph::constantSymID
NodeID constantSymID() const
Definition IRGraph.h:186
SVF::IRGraph::blackholeSymID
NodeID blackholeSymID() const
Definition IRGraph.h:191
SVF::SVFIR::addConstantAggObjNode
NodeID addConstantAggObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:680
SVF::SVFIR::addGlobalObjNode
NodeID addGlobalObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:674
SVF::SVFIR::addConstantDataObjNode
NodeID addConstantDataObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:686
SVF::SVFIR::addConstantFPObjNode
NodeID addConstantFPObjNode(NodeID i, ObjTypeInfo *ti, double dval, const ICFGNode *node)
Definition SVFIR.h:650
SVF::SVFIR::addObjNode
NodeID addObjNode(NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Add a memory obj node.
Definition SVFIR.h:617
SVF::SVFIR::addHeapObjNode
NodeID addHeapObjNode(NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:625
SVF::SVFIR::addConstantNullPtrObjNode
NodeID addConstantNullPtrObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:667
SVF::SVFIR::addStackObjNode
NodeID addStackObjNode(NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:635
SVF::SVFIR::addConstantIntObjNode
NodeID addConstantIntObjNode(NodeID i, ObjTypeInfo *ti, const std::pair< s64_t, u64_t > &intValue, const ICFGNode *node)
Definition SVFIR.h:658
SVF::LLVMUtil::getDoubleValue
double getDoubleValue(const ConstantFP *fpValue)
Definition LLVMUtil.h:54
SVF::LLVMUtil::isHeapObj
bool isHeapObj(const Value *val)
Definition LLVMUtil.cpp:682
SVF::LLVMUtil::isStackObj
bool isStackObj(const Value *val)
Definition LLVMUtil.cpp:704

◆ initialiseNodes()

void SVFIRBuilder::initialiseNodes ( )

Initialize nodes and edges.

add address edges for constant nodes.

add argvalvar for svffunctions

Definition at line 533 of file SVFIRBuilder.cpp.

534{
535 DBOUT(DPAGBuild, outs() << "Initialise SVFIR Nodes ...\n");
536
537
538 pag->addBlackholeObjNode();
539 pag->addConstantObjNode();
540 pag->addBlackholePtrNode();
541 addNullPtrNode();
542
543 initialiseBaseObjVars();
544 initialiseValVars();
545
546 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
547 llvmModuleSet()->retSyms().begin(); iter != llvmModuleSet()->retSyms().end();
548 ++iter)
549 {
550 const Value* llvmValue = iter->first;
551 const ICFGNode* icfgNode = nullptr;
552 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
553 {
554 if(llvmModuleSet()->hasICFGNode(inst))
555 icfgNode = llvmModuleSet()->getICFGNode(inst);
556 }
557 DBOUT(DPAGBuild, outs() << "add ret node " << iter->second << "\n");
558 pag->addRetNode(iter->second,
559 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
560 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
561 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
562 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
563 pag->returnFunObjSymMap[funObjVar] = iter->second;
564 }
565
566 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
567 llvmModuleSet()->varargSyms().begin();
568 iter != llvmModuleSet()->varargSyms().end(); ++iter)
569 {
570 const Value* llvmValue = iter->first;
571
572 const ICFGNode *icfgNode = nullptr;
573 if (const Instruction *inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
574 {
575 if (llvmModuleSet()->hasICFGNode(inst))
576 icfgNode = llvmModuleSet()->getICFGNode(inst);
577 }
578 DBOUT(DPAGBuild, outs() << "add vararg node " << iter->second << "\n");
579 pag->addVarargNode(iter->second,
580 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
581 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
582 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
583 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
584 pag->varargFunObjSymMap[funObjVar] = iter->second;
585 }
586
588 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
589 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end(); ++iter)
590 {
591 DBOUT(DPAGBuild, outs() << "add address edges for constant node " << iter->second << "\n");
592 const Value* val = iter->first;
593 if (isConstantObjSym(val))
594 {
595 NodeID ptr = llvmModuleSet()->getValueNode(val);
596 if(ptr!= pag->getBlkPtr() && ptr!= pag->getNullPtr())
597 {
598 setCurrentLocation(val, (SVFBasicBlock*) nullptr);
599 addAddrEdge(iter->second, ptr);
600 }
601 }
602 }
603
604 assert(pag->getTotalNodeNum() >= pag->getTotalSymNum()
605 && "not all node have been initialized!!!");
606
608 for (auto& fun: llvmModuleSet()->getFunctionSet())
609 {
610 for (const Argument& arg : fun->args())
611 {
612 const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(fun))->addArgument(SVFUtil::cast<ArgValVar>(
613 pag->getGNode(llvmModuleSet()->getValueNode(&arg))));
614 }
615 }
616
617}
SVF::IRGraph::getTotalSymNum
u32_t getTotalSymNum() const
Statistics.
Definition IRGraph.h:198
SVF::IRGraph::varargFunObjSymMap
FunObjVarToIDMapTy varargFunObjSymMap
vararg map
Definition IRGraph.h:85
SVF::IRGraph::returnFunObjSymMap
FunObjVarToIDMapTy returnFunObjSymMap
return map
Definition IRGraph.h:84
SVF::LLVMModuleSet::retSyms
FunToIDMapTy & retSyms()
Definition LLVMModule.h:274
SVF::LLVMModuleSet::hasICFGNode
bool hasICFGNode(const Instruction *inst)
Definition LLVMModule.cpp:1195
SVF::LLVMModuleSet::varargSyms
FunToIDMapTy & varargSyms()
Definition LLVMModule.h:279
SVF::SVFIRBuilder::addNullPtrNode
NodeID addNullPtrNode()
Add NullPtr PAGNode.
Definition SVFIRBuilder.h:279
SVF::SVFIR::addBlackholePtrNode
NodeID addBlackholePtrNode()
Definition SVFIR.h:749
SVF::SVFIR::addBlackholeObjNode
NodeID addBlackholeObjNode()
Definition SVFIR.h:741
SVF::SVFIR::addVarargNode
NodeID addVarargNode(NodeID i, const FunObjVar *val, const SVFType *type, const ICFGNode *n)
Add a unique vararg node for a procedure.
Definition SVFIR.h:700
SVF::SVFIR::addRetNode
NodeID addRetNode(NodeID i, const FunObjVar *callGraphNode, const SVFType *type, const ICFGNode *icn)
Add a unique return node for a procedure.
Definition SVFIR.h:694
SVF::SVFIR::addConstantObjNode
NodeID addConstantObjNode()
Definition SVFIR.h:745
SVF::LLVMUtil::isConstantObjSym
bool isConstantObjSym(const Value *val)
Check whether this value points-to a constant object.
Definition CppUtil.cpp:672
SVF::Argument
llvm::Argument Argument
Definition BasicTypes.h:145

◆ initialiseValVars()

void SVFIRBuilder::initialiseValVars ( )

Definition at line 455 of file SVFIRBuilder.cpp.

456{
457 // Iterate over all value symbols in the symbol table
458 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
459 llvmModuleSet()->valSyms().begin(); iter != llvmModuleSet()->valSyms().end();
460 ++iter)
461 {
462 // Debug output for adding value node
463 DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
464
465 // Skip blackhole and null pointer symbols
466 if(iter->second == pag->blkPtrSymID() || iter->second == pag->nullPtrSymID())
467 continue;
468
469 const ICFGNode* icfgNode = nullptr;
470 auto llvmValue = iter->first;
471 if (const Instruction* inst =
472 SVFUtil::dyn_cast<Instruction>(llvmValue))
473 {
474 if (llvmModuleSet()->hasICFGNode(inst))
475 {
476 icfgNode = llvmModuleSet()->getICFGNode(inst);
477 }
478 }
479
480 // Check if the value is a function and get its call graph node
481 if (const Function* func = SVFUtil::dyn_cast<Function>(llvmValue))
482 {
483 // add value node representing the function
484 pag->addFunValNode(iter->second, icfgNode, llvmModuleSet()->getFunObjVar(func), llvmModuleSet()->getSVFType(llvmValue->getType()));
485 }
486 else if (auto argval = SVFUtil::dyn_cast<Argument>(llvmValue))
487 {
488 pag->addArgValNode(
489 iter->second, argval->getArgNo(), icfgNode,
490 llvmModuleSet()->getFunObjVar(argval->getParent()),llvmModuleSet()->getSVFType(llvmValue->getType()));
491 if (!argval->hasName())
492 pag->getGNode(iter->second)->setName("arg_" + std::to_string(argval->getArgNo()));
493 }
494 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
495 {
496 pag->addConstantFPValNode(iter->second, LLVMUtil::getDoubleValue(fpValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
497 }
498 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
499 {
500 pag->addConstantIntValNode(iter->second, LLVMUtil::getIntegerValue(intValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
501 }
502 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
503 {
504 pag->addConstantNullPtrValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
505 }
506 else if (SVFUtil::isa<GlobalValue>(llvmValue))
507 {
508 pag->addGlobalValNode(iter->second, icfgNode,
509 llvmModuleSet()->getSVFType(llvmValue->getType()));
510 }
511 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
512 {
513 pag->addConstantDataValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
514 }
515 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
516 {
517 pag->addConstantAggValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
518 }
519 else
520 {
521 // Add value node to PAG
522 pag->addValNode(iter->second, llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
523 }
524 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue,
525 pag->getGNode(iter->second));
526 }
527}
SVF::IRGraph::blkPtrSymID
NodeID blkPtrSymID() const
Definition IRGraph.h:176
SVF::IRGraph::nullPtrSymID
NodeID nullPtrSymID() const
Definition IRGraph.h:181
SVF::LLVMModuleSet::valSyms
ValueToIDMapTy & valSyms()
Definition LLVMModule.h:207
SVF::SVFIR::addGlobalValNode
NodeID addGlobalValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:597
SVF::SVFIR::addConstantDataValNode
NodeID addConstantDataValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:609
SVF::SVFIR::addFunValNode
NodeID addFunValNode(NodeID i, const ICFGNode *icfgNode, const FunObjVar *funObjVar, const SVFType *type)
Definition SVFIR.h:564
SVF::SVFIR::addConstantFPValNode
NodeID addConstantFPValNode(const NodeID i, double dval, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:577
SVF::SVFIR::addConstantAggValNode
NodeID addConstantAggValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:603
SVF::SVFIR::addValNode
NodeID addValNode(NodeID i, const SVFType *type, const ICFGNode *icfgNode)
add node into SVFIR
Definition SVFIR.h:558
SVF::SVFIR::addArgValNode
NodeID addArgValNode(NodeID i, u32_t argNo, const ICFGNode *icfgNode, const FunObjVar *callGraphNode, const SVFType *type)
Definition SVFIR.h:570
SVF::SVFValue::setName
virtual void setName(const std::string &nameInfo)
Definition SVFValue.h:176

◆ initSVFBasicBlock()

void SVFIRBuilder::initSVFBasicBlock ( const Function func)

set exit block: exit basic block must have no successors and have a return instruction

Definition at line 220 of file SVFIRBuilder.cpp.

221{
222 FunObjVar *svfFun = const_cast<FunObjVar *>(llvmModuleSet()->getFunObjVar(func));
223 for (Function::const_iterator bit = func->begin(), ebit = func->end(); bit != ebit; ++bit)
224 {
225 const BasicBlock* bb = &*bit;
226 SVFBasicBlock* svfbb = llvmModuleSet()->getSVFBasicBlock(bb);
227 for (succ_const_iterator succ_it = succ_begin(bb); succ_it != succ_end(bb); succ_it++)
228 {
229 const SVFBasicBlock* svf_scc_bb = llvmModuleSet()->getSVFBasicBlock(*succ_it);
230 svfbb->addSuccBasicBlock(svf_scc_bb);
231 }
232 for (const_pred_iterator pred_it = pred_begin(bb); pred_it != pred_end(bb); pred_it++)
233 {
234 const SVFBasicBlock* svf_pred_bb = llvmModuleSet()->getSVFBasicBlock(*pred_it);
235 svfbb->addPredBasicBlock(svf_pred_bb);
236 }
237
239 if (svfbb->getSuccessors().empty())
240 {
241 if (LLVMUtil::basicBlockHasRetInst(bb))
242 {
243 assert((LLVMUtil::functionDoesNotRet(func) ||
244 SVFUtil::isa<ReturnInst>(bb->back())) &&
245 "last inst must be return inst");
246 svfFun->setExitBlock(svfbb);
247 }
248 }
249 }
250 // For no return functions, we set the last block as exit BB
251 // This ensures that each function that has definition must have an exit BB
252 if (svfFun->hasBasicBlock() && svfFun->exitBlock == nullptr)
253 {
254 SVFBasicBlock* retBB = const_cast<SVFBasicBlock*>(svfFun->back());
255 assert((LLVMUtil::functionDoesNotRet(func) ||
256 SVFUtil::isa<ReturnInst>(&func->back().back())) &&
257 "last inst must be return inst");
258 svfFun->setExitBlock(retBB);
259 }
260}
SVF::SVFBasicBlock::addPredBasicBlock
void addPredBasicBlock(const SVFBasicBlock *pred2)
Definition BasicBlockG.h:170
SVF::SVFBasicBlock::addSuccBasicBlock
void addSuccBasicBlock(const SVFBasicBlock *succ2)
Definition BasicBlockG.h:153
SVF::LLVMUtil::basicBlockHasRetInst
bool basicBlockHasRetInst(const BasicBlock *bb)
Return true if the function has a return instruction.
Definition LLVMUtil.cpp:108
SVF::succ_const_iterator
llvm::succ_const_iterator succ_const_iterator
LLVM Iterators.
Definition BasicTypes.h:276
SVF::const_pred_iterator
llvm::const_pred_iterator const_pred_iterator
Definition BasicTypes.h:254

◆ llvmModuleSet()

LLVMModuleSet * SVF::SVFIRBuilder::llvmModuleSet ( )
inlineprivate

Definition at line 518 of file SVFIRBuilder.h.

519 {
520 return LLVMModuleSet::getLLVMModuleSet();
521 }

◆ processCE()

void SVFIRBuilder::processCE ( const Value val)
protected

Process constant expression.

Handle constant expression, and connect the gep edge

Definition at line 712 of file SVFIRBuilder.cpp.

713{
714 if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
715 {
716 if (const ConstantExpr* gepce = isGepConstantExpr(ref))
717 {
718 DBOUT(DPAGBuild, outs() << "handle gep constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
719 const Constant* opnd = gepce->getOperand(0);
720 // handle recursive constant express case (gep (bitcast (gep X 1)) 1)
721 processCE(opnd);
722 auto &GEPOp = llvm::cast<llvm::GEPOperator>(*gepce);
723 Type *pType = GEPOp.getSourceElementType();
724 AccessPath ap(0, llvmModuleSet()->getSVFType(pType));
725 bool constGep = computeGepOffset(gepce, ap);
726 // must invoke pag methods here, otherwise it will be a dead recursion cycle
727 const Value* cval = getCurrentValue();
728 const SVFBasicBlock* cbb = getCurrentBB();
729 setCurrentLocation(gepce, (SVFBasicBlock*) nullptr);
730 /*
731 * The gep edge created are like constexpr (same edge may appear at multiple callsites)
732 * so bb/inst of this edge may be rewritten several times, we treat it as global here.
733 */
734 addGepEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(gepce), ap, constGep);
735 setCurrentLocation(cval, cbb);
736 }
737 else if (const ConstantExpr* castce = isCastConstantExpr(ref))
738 {
739 DBOUT(DPAGBuild, outs() << "handle cast constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
740 const Constant* opnd = castce->getOperand(0);
741 processCE(opnd);
742 const Value* cval = getCurrentValue();
743 const SVFBasicBlock* cbb = getCurrentBB();
744 setCurrentLocation(castce, (SVFBasicBlock*) nullptr);
745 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(castce), CopyStmt::BITCAST);
746 setCurrentLocation(cval, cbb);
747 }
748 else if (const ConstantExpr* selectce = isSelectConstantExpr(ref))
749 {
750 DBOUT(DPAGBuild, outs() << "handle select constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
751 const Constant* src1 = selectce->getOperand(1);
752 const Constant* src2 = selectce->getOperand(2);
753 processCE(src1);
754 processCE(src2);
755 const Value* cval = getCurrentValue();
756 const SVFBasicBlock* cbb = getCurrentBB();
757 setCurrentLocation(selectce, (SVFBasicBlock*) nullptr);
758 NodeID cond = llvmModuleSet()->getValueNode(selectce->getOperand(0));
759 NodeID nsrc1 = llvmModuleSet()->getValueNode(src1);
760 NodeID nsrc2 = llvmModuleSet()->getValueNode(src2);
761 NodeID nres = llvmModuleSet()->getValueNode(selectce);
762 addSelectStmt(nres,nsrc1, nsrc2, cond);
763 setCurrentLocation(cval, cbb);
764 }
765 // if we meet a int2ptr, then it points-to black hole
766 else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
767 {
768 const Constant* opnd = int2Ptrce->getOperand(0);
769 processCE(opnd);
770 const SVFBasicBlock* cbb = getCurrentBB();
771 const Value* cval = getCurrentValue();
772 setCurrentLocation(int2Ptrce, (SVFBasicBlock*) nullptr);
773 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(int2Ptrce), CopyStmt::INTTOPTR);
774 setCurrentLocation(cval, cbb);
775 }
776 else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
777 {
778 const Constant* opnd = ptr2Intce->getOperand(0);
779 processCE(opnd);
780 const SVFBasicBlock* cbb = getCurrentBB();
781 const Value* cval = getCurrentValue();
782 setCurrentLocation(ptr2Intce, (SVFBasicBlock*) nullptr);
783 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(ptr2Intce), CopyStmt::PTRTOINT);
784 setCurrentLocation(cval, cbb);
785 }
786 else if(isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
787 {
788 // we don't handle trunc and cmp instruction for now
789 const Value* cval = getCurrentValue();
790 const SVFBasicBlock* cbb = getCurrentBB();
791 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
792 NodeID dst = llvmModuleSet()->getValueNode(ref);
793 addBlackHoleAddrEdge(dst);
794 setCurrentLocation(cval, cbb);
795 }
796 else if (isBinaryConstantExpr(ref))
797 {
798 // we don't handle binary constant expression like add(x,y) now
799 const Value* cval = getCurrentValue();
800 const SVFBasicBlock* cbb = getCurrentBB();
801 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
802 NodeID dst = llvmModuleSet()->getValueNode(ref);
803 addBlackHoleAddrEdge(dst);
804 setCurrentLocation(cval, cbb);
805 }
806 else if (isUnaryConstantExpr(ref))
807 {
808 // we don't handle unary constant expression like fneg(x) now
809 const Value* cval = getCurrentValue();
810 const SVFBasicBlock* cbb = getCurrentBB();
811 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
812 NodeID dst = llvmModuleSet()->getValueNode(ref);
813 addBlackHoleAddrEdge(dst);
814 setCurrentLocation(cval, cbb);
815 }
816 else if (SVFUtil::isa<ConstantAggregate>(ref))
817 {
818 // we don't handle constant aggregate like constant vectors
819 }
820 else if (SVFUtil::isa<BlockAddress>(ref))
821 {
822 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
823 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
824 const Value* cval = getCurrentValue();
825 const SVFBasicBlock* cbb = getCurrentBB();
826 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
827 NodeID dst = llvmModuleSet()->getValueNode(ref);
828 addAddrEdge(pag->getConstantNode(), dst);
829 setCurrentLocation(cval, cbb);
830 }
831 else
832 {
833 if(SVFUtil::isa<ConstantExpr>(val))
834 assert(false && "we don't handle all other constant expression for now!");
835 }
836 }
837}
SVF::SVFIRBuilder::addSelectStmt
void addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIRBuilder.h:424
SVF::SVFIRBuilder::computeGepOffset
bool computeGepOffset(const User *V, AccessPath &ap)
Compute offset of a gep instruction or gep constant expression.
Definition SVFIRBuilder.cpp:639
SVF::LLVMUtil::isBinaryConstantExpr
const ConstantExpr * isBinaryConstantExpr(const Value *val)
Definition LLVMUtil.h:290
SVF::LLVMUtil::isInt2PtrConstantExpr
const ConstantExpr * isInt2PtrConstantExpr(const Value *val)
Definition LLVMUtil.h:225
SVF::LLVMUtil::isSelectConstantExpr
const ConstantExpr * isSelectConstantExpr(const Value *val)
Definition LLVMUtil.h:255
SVF::LLVMUtil::isTruncConstantExpr
const ConstantExpr * isTruncConstantExpr(const Value *val)
Definition LLVMUtil.h:265
SVF::LLVMUtil::isPtr2IntConstantExpr
const ConstantExpr * isPtr2IntConstantExpr(const Value *val)
Definition LLVMUtil.h:235
SVF::LLVMUtil::isUnaryConstantExpr
const ConstantExpr * isUnaryConstantExpr(const Value *val)
Definition LLVMUtil.h:301
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition LLVMUtil.h:245
SVF::LLVMUtil::isGepConstantExpr
const ConstantExpr * isGepConstantExpr(const Value *val)
Return corresponding constant expression, otherwise return nullptr.
Definition LLVMUtil.h:215
SVF::LLVMUtil::isCmpConstantExpr
const ConstantExpr * isCmpConstantExpr(const Value *val)
Definition LLVMUtil.h:279
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition BasicTypes.h:120

◆ sanityCheck()

void SVFIRBuilder::sanityCheck ( )

Sanity check for SVFIR.

Definition at line 1635 of file SVFIRBuilder.cpp.

1636{
1637 for (SVFIR::iterator nIter = pag->begin(); nIter != pag->end(); ++nIter)
1638 {
1639 (void) pag->getGNode(nIter->first);
1640 //TODO::
1641 // (1) every source(root) node of a pag tree should be object node
1642 // if a node has no incoming edge, but has outgoing edges
1643 // then it has to be an object node.
1644 // (2) make sure every variable should be initialized
1645 // otherwise it causes the a null pointer, the aliasing relation may not be captured
1646 // when loading a pointer value should make sure
1647 // some value has been store into this pointer before
1648 // q = load p, some value should stored into p first like store w p;
1649 // (3) make sure PAGNode should not have a const expr value (pointer should have unique def)
1650 // (4) look closely into addComplexConsForExt, make sure program locations(e.g.,inst bb)
1651 // are set correctly for dummy gepval node
1652 // (5) reduce unnecessary copy edge (const casts) and ensure correctness.
1653 }
1654}
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:371
SVF::GenericGraph< SVFVar, SVFStmt >::iterator
IDToNodeMapTy::iterator iterator
Node Iterators.
Definition GenericGraph.h:350

◆ setCurrentBBAndValueForPAGEdge()

void SVFIRBuilder::setCurrentBBAndValueForPAGEdge ( PAGEdge edge)
protected

We assume every GepValVar and its GepStmt are unique across whole program

We will have one unique function exit ICFGNode for all returns

Definition at line 1716 of file SVFIRBuilder.cpp.

1717{
1718 if (SVFIR::pagReadFromTXT())
1719 return;
1720
1721 assert(curVal && "current Val is nullptr?");
1722 edge->setBB(curBB!=nullptr ? curBB : nullptr);
1723 edge->setValue(pag->getGNode(llvmModuleSet()->getValueNode(curVal)));
1724 ICFGNode* icfgNode = pag->getICFG()->getGlobalICFGNode();
1725 LLVMModuleSet* llvmMS = llvmModuleSet();
1726 if (const Instruction* curInst = SVFUtil::dyn_cast<Instruction>(curVal))
1727 {
1728 const FunObjVar* srcFun = edge->getSrcNode()->getFunction();
1729 const FunObjVar* dstFun = edge->getDstNode()->getFunction();
1730 if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<FunValVar>(edge->getSrcNode()) && !SVFUtil::isa<FunObjVar>(edge->getSrcNode()))
1731 {
1732 assert(srcFun==llvmMS->getFunObjVar(curInst->getFunction()) && "SrcNode of the PAGEdge not in the same function?");
1733 }
1734 if(dstFun!=nullptr && !SVFUtil::isa<CallPE>(edge) && !SVFUtil::isa<RetValPN>(edge->getDstNode()))
1735 {
1736 assert(dstFun==llvmMS->getFunObjVar(curInst->getFunction()) && "DstNode of the PAGEdge not in the same function?");
1737 }
1738
1740 if (!(SVFUtil::isa<GepStmt>(edge) && SVFUtil::isa<GepValVar>(edge->getDstNode())))
1741 assert(curBB && "instruction does not have a basic block??");
1742
1744 if(SVFUtil::isa<ReturnInst>(curInst))
1745 {
1746 icfgNode = pag->getICFG()->getFunExitICFGNode(llvmMS->getFunObjVar(curInst->getFunction()));
1747 }
1748 else
1749 {
1750 if(SVFUtil::isa<RetPE>(edge))
1751 icfgNode = llvmMS->getRetICFGNode(SVFUtil::cast<Instruction>(curInst));
1752 else
1753 icfgNode = llvmMS->getICFGNode(SVFUtil::cast<Instruction>(curInst));
1754 }
1755 }
1756 else if (const Argument* arg = SVFUtil::dyn_cast<Argument>(curVal))
1757 {
1758 assert(curBB && (curBB->getParent()->getEntryBlock() == curBB));
1759 icfgNode = pag->getICFG()->getFunEntryICFGNode(
1760 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(arg->getParent())));
1761 }
1762 else if (SVFUtil::isa<Constant>(curVal) ||
1763 SVFUtil::isa<Function>(curVal) ||
1764 SVFUtil::isa<MetadataAsValue>(curVal))
1765 {
1766 if (!curBB)
1767 pag->addGlobalPAGEdge(edge);
1768 else
1769 {
1770 icfgNode = const_cast<ICFGNode*>(curBB->front());
1771 }
1772 }
1773 else
1774 {
1775 assert(false && "what else value can we have?");
1776 }
1777
1778 pag->addToSVFStmtList(icfgNode,edge);
1779 icfgNode->addSVFStmt(edge);
1780 if(const CallPE* callPE = SVFUtil::dyn_cast<CallPE>(edge))
1781 {
1782 CallICFGNode* callNode = const_cast<CallICFGNode*>(callPE->getCallSite());
1783 FunEntryICFGNode* entryNode = const_cast<FunEntryICFGNode*>(callPE->getFunEntryICFGNode());
1784 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(callNode,entryNode, ICFGEdge::CallCF))
1785 SVFUtil::cast<CallCFGEdge>(edge)->addCallPE(callPE);
1786 }
1787 else if(const RetPE* retPE = SVFUtil::dyn_cast<RetPE>(edge))
1788 {
1789 RetICFGNode* retNode = const_cast<RetICFGNode*>(retPE->getCallSite()->getRetICFGNode());
1790 FunExitICFGNode* exitNode = const_cast<FunExitICFGNode*>(retPE->getFunExitICFGNode());
1791 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(exitNode, retNode, ICFGEdge::RetCF))
1792 SVFUtil::cast<RetCFGEdge>(edge)->addRetPE(retPE);
1793 }
1794}
SVF::FunObjVar::getEntryBlock
const SVFBasicBlock * getEntryBlock() const
Definition SVFVariables.h:1111
SVF::ICFGNode::addSVFStmt
void addSVFStmt(const SVFStmt *edge)
Definition ICFGNode.h:110
SVF::ICFG::hasInterICFGEdge
ICFGEdge * hasInterICFGEdge(ICFGNode *src, ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Definition ICFG.cpp:276
SVF::ICFG::getGlobalICFGNode
GlobalICFGNode * getGlobalICFGNode() const
Definition ICFG.h:228
SVF::SVFBasicBlock::getParent
const FunObjVar * getParent() const
Definition BasicBlockG.h:186
SVF::SVFBasicBlock::front
const ICFGNode * front() const
Definition BasicBlockG.h:198
SVF::SVFIR::addToSVFStmtList
void addToSVFStmtList(ICFGNode *inst, SVFStmt *edge)
Add a SVFStmt into instruction map.
Definition SVFIR.h:253
SVF::SVFIR::addGlobalPAGEdge
void addGlobalPAGEdge(const SVFStmt *edge)
Add global PAGEdges (not in a procedure)
Definition SVFIR.h:785

◆ setCurrentLocation() [1/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const BasicBlock bb 
)
inlineprotected

Set current basic block in order to keep track of control flow information.

Definition at line 249 of file SVFIRBuilder.h.

250 {
251 curBB = (bb == nullptr? nullptr : llvmModuleSet()->getSVFBasicBlock(bb));
252 curVal = (val == nullptr ? nullptr: val);
253 }

◆ setCurrentLocation() [2/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const SVFBasicBlock bb 
)
inlineprotected

Definition at line 254 of file SVFIRBuilder.h.

255 {
256 curBB = bb;
257 curVal = val;
258 }

◆ updateCallGraph()

void SVFIRBuilder::updateCallGraph ( CallGraph callgraph)

connect PAG edges based on callgraph

Definition at line 1600 of file SVFIRBuilder.cpp.

1601{
1602 CallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
1603 CallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
1604 for (; iter != eiter; iter++)
1605 {
1606 const CallICFGNode* callBlock = iter->first;
1607 const CallBase* callbase = SVFUtil::cast<CallBase>(llvmModuleSet()->getLLVMValue(callBlock));
1608 assert(callBlock->isIndirectCall() && "this is not an indirect call?");
1609 const CallGraph::FunctionSet& functions = iter->second;
1610 for (CallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
1611 {
1612 const Function* callee = SVFUtil::cast<Function>(llvmModuleSet()->getLLVMValue(*func_iter));
1613
1614 if (isExtCall(*func_iter))
1615 {
1616 setCurrentLocation(callee, callee->empty() ? nullptr : &callee->getEntryBlock());
1617 handleExtCall(callbase, callee);
1618 }
1619 else
1620 {
1621 setCurrentLocation(llvmModuleSet()->getLLVMValue(callBlock), callBlock->getBB());
1622 handleDirectCall(const_cast<CallBase*>(callbase), callee);
1623 }
1624 }
1625 }
1626
1627 // dump SVFIR
1628 if (Options::PAGDotGraph())
1629 pag->dump("svfir_final");
1630}
SVF::CallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition CallGraph.h:319
SVF::CallGraph::FunctionSet
Set< const FunObjVar * > FunctionSet
Definition CallGraph.h:244
SVF::SVFIRBuilder::handleDirectCall
void handleDirectCall(CallBase *cs, const Function *F)
Handle direct call.
Definition SVFIRBuilder.cpp:1440
SVF::SVFIRBuilder::handleExtCall
virtual void handleExtCall(const CallBase *cs, const Function *callee)
Definition SVFIRExtAPI.cpp:128
SVF::CallBase
llvm::CallBase CallBase
Definition BasicTypes.h:146

◆ visitAllocaInst()

void SVFIRBuilder::visitAllocaInst ( AllocaInst inst)
virtual

Our visit overrides.

Visit alloca instructions Add edge V (dst) <– O (src), V here is a value node on SVFIR, O is object node on SVFIR

Definition at line 1001 of file SVFIRBuilder.cpp.

1002{
1003
1004 // AllocaInst should always be a pointer type
1005 assert(SVFUtil::isa<PointerType>(inst.getType()));
1006
1007 DBOUT(DPAGBuild, outs() << "process alloca " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1008 NodeID dst = getValueNode(&inst);
1009
1010 NodeID src = getObjectNode(&inst);
1011
1012 addAddrWithStackArraySz(src, dst, inst);
1013
1014}
SVF::SVFIRBuilder::getObjectNode
NodeID getObjectNode(const Value *V)
GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
Definition SVFIRBuilder.h:107
SVF::SVFIRBuilder::addAddrWithStackArraySz
AddrStmt * addAddrWithStackArraySz(NodeID src, NodeID dst, llvm::AllocaInst &inst)
Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
Definition SVFIRBuilder.h:312

◆ visitAtomicCmpXchgInst()

void SVF::SVFIRBuilder::visitAtomicCmpXchgInst ( AtomicCmpXchgInst I)
inline

Definition at line 194 of file SVFIRBuilder.h.

195 {
196 addBlackHoleAddrEdge(getValueNode(&I));
197 }

◆ visitAtomicRMWInst()

void SVF::SVFIRBuilder::visitAtomicRMWInst ( AtomicRMWInst I)
inline

Definition at line 198 of file SVFIRBuilder.h.

199 {
200 addBlackHoleAddrEdge(getValueNode(&I));
201 }

◆ visitBinaryOperator()

void SVFIRBuilder::visitBinaryOperator ( BinaryOperator inst)

Visit Binary Operator

Definition at line 1116 of file SVFIRBuilder.cpp.

1117{
1118 NodeID dst = getValueNode(&inst);
1119 assert(inst.getNumOperands() == 2 && "not two operands for BinaryOperator?");
1120 Value* op1 = inst.getOperand(0);
1121 NodeID op1Node = getValueNode(op1);
1122 Value* op2 = inst.getOperand(1);
1123 NodeID op2Node = getValueNode(op2);
1124 u32_t opcode = inst.getOpcode();
1125 addBinaryOPEdge(op1Node, op2Node, dst, opcode);
1126}
SVF::SVFIRBuilder::addBinaryOPEdge
void addBinaryOPEdge(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIRBuilder.h:436

◆ visitBranchInst()

void SVFIRBuilder::visitBranchInst ( BranchInst inst)

Branch and switch instructions are treated as UnaryOP br cmp label if.then, label if.else

set conditional svf var

Definition at line 1295 of file SVFIRBuilder.cpp.

1296{
1297 NodeID brinst = getValueNode(&inst);
1298 NodeID cond;
1299 if (inst.isConditional())
1300 cond = getValueNode(inst.getCondition());
1301 else
1302 cond = pag->getNullPtr();
1303
1304 assert(inst.getNumSuccessors() <= 2 && "if/else has more than two branches?");
1305
1306 BranchStmt::SuccAndCondPairVec successors;
1307 std::vector<const Instruction*> nextInsts;
1308 LLVMUtil::getNextInsts(&inst, nextInsts);
1309 u32_t branchID = 0;
1310 for (const Instruction* succInst : nextInsts)
1311 {
1312 assert(branchID <= 1 && "if/else has more than two branches?");
1313 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1314 successors.push_back(std::make_pair(icfgNode, 1-branchID));
1315 branchID++;
1316 }
1317 addBranchStmt(brinst, cond, successors);
1319 if (inst.isConditional())
1320 {
1321 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1322 {
1323 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1324 {
1325 intraEdge->setConditionVar(pag->getGNode(cond));
1326 }
1327 }
1328 }
1329}
SVF::BranchStmt::SuccAndCondPairVec
std::vector< std::pair< const ICFGNode *, s32_t > > SuccAndCondPairVec
Definition SVFStatements.h:1105
SVF::SVFIRBuilder::addBranchStmt
void addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add Branch statement.
Definition SVFIRBuilder.h:448
SVF::LLVMUtil::getNextInsts
void getNextInsts(const Instruction *curInst, std::vector< const Instruction * > &instList)
Get the next instructions following control flow.
Definition LLVMUtil.cpp:573

◆ visitCallBrInst()

void SVFIRBuilder::visitCallBrInst ( CallBrInst I)

Definition at line 1183 of file SVFIRBuilder.cpp.

1184{
1185 visitCallSite(&i);
1186}
SVF::SVFIRBuilder::visitCallSite
void visitCallSite(CallBase *cs)
Definition SVFIRBuilder.cpp:1191

◆ visitCallInst()

void SVFIRBuilder::visitCallInst ( CallInst I)

Definition at line 1173 of file SVFIRBuilder.cpp.

1174{
1175 visitCallSite(&i);
1176}

◆ visitCallSite()

void SVFIRBuilder::visitCallSite ( CallBase cs)

Collect callsite arguments and returns

Definition at line 1191 of file SVFIRBuilder.cpp.

1192{
1193
1194 // skip llvm intrinsics
1195 if(isIntrinsicInst(cs))
1196 return;
1197
1198 DBOUT(DPAGBuild,
1199 outs() << "process callsite " << svfcall->valueOnlyToString() << "\n");
1200
1201
1202 CallICFGNode* callBlockNode = llvmModuleSet()->getCallICFGNode(cs);
1203 RetICFGNode* retBlockNode = llvmModuleSet()->getRetICFGNode(cs);
1204
1205 pag->addCallSite(callBlockNode);
1206
1208 for (u32_t i = 0; i < cs->arg_size(); i++)
1209 pag->addCallSiteArgs(
1210 callBlockNode,
1211 SVFUtil::cast<ValVar>(pag->getGNode(getValueNode(cs->getArgOperand(i)))));
1212
1213 if(!cs->getType()->isVoidTy())
1214 pag->addCallSiteRets(retBlockNode,pag->getGNode(getValueNode(cs)));
1215
1216 if (callBlockNode->isVirtualCall())
1217 {
1218 const Value* value = cppUtil::getVCallVtblPtr(cs);
1219 callBlockNode->setVtablePtr(pag->getGNode(getValueNode(value)));
1220 }
1221 if (const Function *callee = LLVMUtil::getCallee(cs))
1222 {
1223 if (LLVMUtil::isExtCall(callee))
1224 {
1225 handleExtCall(cs, callee);
1226 }
1227 else
1228 {
1229 handleDirectCall(cs, callee);
1230 }
1231 }
1232 else
1233 {
1234 //If the callee was not identified as a function (null F), this is indirect.
1235 handleIndCall(cs);
1236 }
1237}
SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition ICFGNode.h:499
SVF::CallICFGNode::setVtablePtr
void setVtablePtr(SVFVar *v)
Definition ICFGNode.h:504
SVF::LLVMModuleSet::getRetICFGNode
RetICFGNode * getRetICFGNode(const Instruction *cs)
get a return node
Definition LLVMModule.cpp:1217
SVF::SVFIRBuilder::handleIndCall
void handleIndCall(CallBase *cs)
Handle indirect call.
Definition SVFIRBuilder.cpp:1594
SVF::SVFIR::addCallSiteRets
void addCallSiteRets(RetICFGNode *retBlockNode, const SVFVar *arg)
Add callsite returns.
Definition SVFIR.h:541
SVF::SVFIR::addCallSiteArgs
void addCallSiteArgs(CallICFGNode *callBlockNode, const ValVar *arg)
Add callsite arguments.
Definition SVFIR.h:535
SVF::SVFIR::addCallSite
void addCallSite(const CallICFGNode *call)
Add callsites.
Definition SVFIR.h:790
SVF::LLVMUtil::isIntrinsicInst
bool isIntrinsicInst(const Instruction *inst)
Return true if it is an intrinsic instruction.
Definition LLVMUtil.cpp:202
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition LLVMUtil.h:97
SVF::cppUtil::getVCallVtblPtr
const Value * getVCallVtblPtr(const CallBase *cs)
Definition CppUtil.cpp:537

◆ visitCastInst()

void SVFIRBuilder::visitCastInst ( CastInst I)

Definition at line 1102 of file SVFIRBuilder.cpp.

1103{
1104
1105 DBOUT(DPAGBuild, outs() << "process cast " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1106 NodeID dst = getValueNode(&inst);
1107
1108 const Value* opnd = inst.getOperand(0);
1109 NodeID src = getValueNode(opnd);
1110 addCopyEdge(src, dst, getCopyKind(&inst));
1111}
SVF::SVFIRBuilder::getCopyKind
CopyStmt::CopyKind getCopyKind(const Value *val)
Definition SVFIRBuilder.h:379

◆ visitCmpInst()

void SVFIRBuilder::visitCmpInst ( CmpInst inst)

Visit compare instruction

Definition at line 1144 of file SVFIRBuilder.cpp.

1145{
1146 NodeID dst = getValueNode(&inst);
1147 assert(inst.getNumOperands() == 2 && "not two operands for compare instruction?");
1148 Value* op1 = inst.getOperand(0);
1149 NodeID op1Node = getValueNode(op1);
1150 Value* op2 = inst.getOperand(1);
1151 NodeID op2Node = getValueNode(op2);
1152 u32_t predicate = inst.getPredicate();
1153 addCmpEdge(op1Node, op2Node, dst, predicate);
1154}
SVF::SVFIRBuilder::addCmpEdge
void addCmpEdge(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIRBuilder.h:430

◆ visitExtractElementInst()

void SVFIRBuilder::visitExtractElementInst ( ExtractElementInst inst)

The �extractelement� instruction extracts a single scalar element from a vector at a specified index. TODO: for now we just assume the pointer after extraction points to blackhole The first operand of an �extractelement� instruction is a value of vector type. The second operand is an index indicating the position from which to extract the element.

<result> = extractelement <4 x i32> vec, i32 0 ; yields i32

Definition at line 1285 of file SVFIRBuilder.cpp.

1286{
1287 NodeID dst = getValueNode(&inst);
1288 addBlackHoleAddrEdge(dst);
1289}

◆ visitExtractValueInst()

void SVFIRBuilder::visitExtractValueInst ( ExtractValueInst inst)

visit extract value instructions for structures in registers TODO: for now we just assume the pointer after extraction points to blackhole for example %24 = extractvalue { i32, struct.s_hash* } call34, 0 %24 is a pointer points to first field of a register value call34 however we can not create call34 as an memory object, as it is register value. Is that necessary treat extract value as getelementptr instruction later to get more precise results?

Definition at line 1271 of file SVFIRBuilder.cpp.

1272{
1273 NodeID dst = getValueNode(&inst);
1274 addBlackHoleAddrEdge(dst);
1275}

◆ visitFenceInst()

void SVF::SVFIRBuilder::visitFenceInst ( FenceInst I)
inline

Definition at line 190 of file SVFIRBuilder.h.

191 {
192 addBlackHoleAddrEdge(getValueNode(&I));
193 }

◆ visitFreezeInst()

void SVFIRBuilder::visitFreezeInst ( FreezeInst inst)

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val>

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val> For now, we assume <val> is never a poison or undef.

Definition at line 1425 of file SVFIRBuilder.cpp.

1426{
1427 NodeID dst = getValueNode(&inst);
1428 for (u32_t i = 0; i < inst.getNumOperands(); i++)
1429 {
1430 Value* opnd = inst.getOperand(i);
1431 NodeID src = getValueNode(opnd);
1432 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1433 }
1434}

◆ visitGetElementPtrInst()

void SVFIRBuilder::visitGetElementPtrInst ( GetElementPtrInst inst)

Visit getelementptr instructions

Definition at line 1076 of file SVFIRBuilder.cpp.

1077{
1078
1079 NodeID dst = getValueNode(&inst);
1080 // GetElementPtrInst should always be a pointer or a vector contains pointers
1081 // for now we don't handle vector type here
1082 if(SVFUtil::isa<VectorType>(inst.getType()))
1083 {
1084 addBlackHoleAddrEdge(dst);
1085 return;
1086 }
1087
1088 assert(SVFUtil::isa<PointerType>(inst.getType()));
1089
1090 DBOUT(DPAGBuild, outs() << "process gep " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1091
1092 NodeID src = getValueNode(inst.getPointerOperand());
1093
1094 AccessPath ap(0, llvmModuleSet()->getSVFType(inst.getSourceElementType()));
1095 bool constGep = computeGepOffset(&inst, ap);
1096 addGepEdge(src, dst, ap, constGep);
1097}

◆ visitGlobal()

void SVFIRBuilder::visitGlobal ( )
protected

Handle globals including (global variable and functions)

Visit global variables for building SVFIR

initialize global variable

initialize global functions

Definition at line 948 of file SVFIRBuilder.cpp.

949{
950
952 for (Module &M : llvmModuleSet()->getLLVMModules())
953 {
954 for (Module::global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
955 {
956 GlobalVariable *gvar = &*I;
957 NodeID idx = getValueNode(gvar);
958 NodeID obj = getObjectNode(gvar);
959
960 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
961 addAddrEdge(obj, idx);
962
963 if (gvar->hasInitializer())
964 {
965 Constant *C = gvar->getInitializer();
966 DBOUT(DPAGBuild, outs() << "add global var node " << llvmModuleSet()->getSVFValue(gvar)->toString() << "\n");
967 InitialGlobal(gvar, C, 0);
968 }
969 }
970
971
973 for (Module::const_iterator I = M.begin(), E = M.end(); I != E; ++I)
974 {
975 const Function* fun = &*I;
976 NodeID idx = getValueNode(fun);
977 NodeID obj = getObjectNode(fun);
978
979 DBOUT(DPAGBuild, outs() << "add global function node " << fun->getName().str() << "\n");
980 setCurrentLocation(fun, (SVFBasicBlock*) nullptr);
981 addAddrEdge(obj, idx);
982 }
983
984 // Handle global aliases (due to linkage of multiple bc files), e.g., @x = internal alias @y. We need to add a copy from y to x.
985 for (Module::alias_iterator I = M.alias_begin(), E = M.alias_end(); I != E; I++)
986 {
987 const GlobalAlias* alias = &*I;
988 NodeID dst = llvmModuleSet()->getValueNode(alias);
989 NodeID src = llvmModuleSet()->getValueNode(alias->getAliasee());
990 processCE(alias->getAliasee());
991 setCurrentLocation(alias, (SVFBasicBlock*) nullptr);
992 addCopyEdge(src, dst, CopyStmt::COPYVAL);
993 }
994 }
995}
SVF::GlobalVariable
llvm::GlobalVariable GlobalVariable
Definition BasicTypes.h:130
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition BasicTypes.h:128

◆ visitInsertElementInst()

void SVF::SVFIRBuilder::visitInsertElementInst ( InsertElementInst I)
inline

Definition at line 170 of file SVFIRBuilder.h.

171 {
172 addBlackHoleAddrEdge(getValueNode(&I));
173 }

◆ visitInsertValueInst()

void SVF::SVFIRBuilder::visitInsertValueInst ( InsertValueInst I)
inline

Definition at line 144 of file SVFIRBuilder.h.

145 {
146 addBlackHoleAddrEdge(getValueNode(&I));
147 }

◆ visitInstruction()

void SVF::SVFIRBuilder::visitInstruction ( Instruction )
inline

Provide base case for our instruction visit.

Definition at line 204 of file SVFIRBuilder.h.

205 {
206 // If a new instruction is added to LLVM that we don't handle.
207 // TODO: ignore here:
208 }

◆ visitInvokeInst()

void SVFIRBuilder::visitInvokeInst ( InvokeInst II)

Definition at line 1178 of file SVFIRBuilder.cpp.

1179{
1180 visitCallSite(&i);
1181}

◆ visitLandingPadInst()

void SVF::SVFIRBuilder::visitLandingPadInst ( LandingPadInst I)
inline

Definition at line 178 of file SVFIRBuilder.h.

179 {
180 addBlackHoleAddrEdge(getValueNode(&I));
181 }

◆ visitLoadInst()

void SVFIRBuilder::visitLoadInst ( LoadInst I)

Definition at line 1044 of file SVFIRBuilder.cpp.

1045{
1046 DBOUT(DPAGBuild, outs() << "process load " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1047
1048 NodeID dst = getValueNode(&inst);
1049
1050 NodeID src = getValueNode(inst.getPointerOperand());
1051
1052 addLoadEdge(src, dst);
1053}

◆ visitPHINode()

void SVFIRBuilder::visitPHINode ( PHINode inst)

Visit phi instructions

Definition at line 1019 of file SVFIRBuilder.cpp.

1020{
1021
1022 DBOUT(DPAGBuild, outs() << "process phi " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1023
1024 NodeID dst = getValueNode(&inst);
1025
1026 for (u32_t i = 0; i < inst.getNumIncomingValues(); ++i)
1027 {
1028 const Value* val = inst.getIncomingValue(i);
1029 const Instruction* incomingInst = SVFUtil::dyn_cast<Instruction>(val);
1030 bool matched = (incomingInst == nullptr ||
1031 incomingInst->getFunction() == inst.getFunction());
1032 (void) matched; // Suppress warning of unused variable under release build
1033 assert(matched && "incomingInst's Function incorrect");
1034 const Instruction* predInst = &inst.getIncomingBlock(i)->back();
1035 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(predInst);
1036 NodeID src = getValueNode(val);
1037 addPhiStmt(dst,src,icfgNode);
1038 }
1039}
SVF::SVFIRBuilder::addPhiStmt
void addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add Copy edge.
Definition SVFIRBuilder.h:417

◆ visitResumeInst()

void SVF::SVFIRBuilder::visitResumeInst ( ResumeInst )
inline

Instruction not that often.

Definition at line 184 of file SVFIRBuilder.h.

185 {
186 }

◆ visitReturnInst()

void SVFIRBuilder::visitReturnInst ( ReturnInst inst)

Visit return instructions of a function

Definition at line 1242 of file SVFIRBuilder.cpp.

1243{
1244
1245 // ReturnInst itself should always not be a pointer type
1246 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1247
1248 DBOUT(DPAGBuild, outs() << "process return " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1249
1250 if(Value* src = inst.getReturnValue())
1251 {
1252 const FunObjVar *F = llvmModuleSet()->getFunObjVar(inst.getParent()->getParent());
1253
1254 NodeID rnF = getReturnNode(F);
1255 NodeID vnS = getValueNode(src);
1256 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(&inst);
1257 //vnS may be null if src is a null ptr
1258 addPhiStmt(rnF,vnS,icfgNode);
1259 }
1260}

◆ visitSelectInst()

void SVFIRBuilder::visitSelectInst ( SelectInst inst)

Visit select instructions

Two operands have same incoming basic block, both are the current BB

Definition at line 1160 of file SVFIRBuilder.cpp.

1161{
1162
1163 DBOUT(DPAGBuild, outs() << "process select " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1164
1165 NodeID dst = getValueNode(&inst);
1166 NodeID src1 = getValueNode(inst.getTrueValue());
1167 NodeID src2 = getValueNode(inst.getFalseValue());
1168 NodeID cond = getValueNode(inst.getCondition());
1170 addSelectStmt(dst,src1,src2, cond);
1171}

◆ visitShuffleVectorInst()

void SVF::SVFIRBuilder::visitShuffleVectorInst ( ShuffleVectorInst I)
inline

Definition at line 174 of file SVFIRBuilder.h.

175 {
176 addBlackHoleAddrEdge(getValueNode(&I));
177 }

◆ visitStoreInst()

void SVFIRBuilder::visitStoreInst ( StoreInst inst)

Visit store instructions

Definition at line 1058 of file SVFIRBuilder.cpp.

1059{
1060 // StoreInst itself should always not be a pointer type
1061 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1062
1063 DBOUT(DPAGBuild, outs() << "process store " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1064
1065 NodeID dst = getValueNode(inst.getPointerOperand());
1066
1067 NodeID src = getValueNode(inst.getValueOperand());
1068
1069 addStoreEdge(src, dst);
1070
1071}

◆ visitSwitchInst()

void SVFIRBuilder::visitSwitchInst ( SwitchInst inst)

The following implementation follows ICFGBuilder::processFunBody.

See more: https://github.com/SVF-tools/SVF/pull/1191

Given the code:

switch (a) { case 0: printf("0\n"); break; case 1: case 2: case 3: printf("a >=1 && a <= 3\n"); break; case 4: case 6: case 7: printf("a >= 4 && a <=7\n"); break; default: printf("a < 0 || a > 7"); break; }

Generate the IR:

switch i32 %0, label sw.default [ i32 0, label sw.bb i32 1, label sw.bb1 i32 2, label sw.bb1 i32 3, label sw.bb1 i32 4, label sw.bb3 i32 6, label sw.bb3 i32 7, label sw.bb3 ]

We can get every case basic block and related case value: [ {sw.default, -1}, {sw.bb, 0}, {sw.bb1, 1}, {sw.bb1, 2}, {sw.bb1, 3}, {sw.bb3, 4}, {sw.bb3, 6}, {sw.bb3, 7}, ] Note: default case value is nullptr For larger number, we preserve case value just -1 now see more: https://github.com/SVF-tools/SVF/pull/992

branch condition value

default case is set to -1;

set conditional svf var

Definition at line 1377 of file SVFIRBuilder.cpp.

1378{
1379 NodeID brinst = getValueNode(&inst);
1380 NodeID cond = getValueNode(inst.getCondition());
1381
1382 BranchStmt::SuccAndCondPairVec successors;
1383 std::vector<const Instruction*> nextInsts;
1384 LLVMUtil::getNextInsts(&inst, nextInsts);
1385 for (const Instruction* succInst : nextInsts)
1386 {
1388 const ConstantInt* condVal = inst.findCaseDest(const_cast<BasicBlock*>(succInst->getParent()));
1390 s64_t val = -1;
1391 if (condVal && condVal->getBitWidth() <= 64)
1392 val = (u32_t)LLVMUtil::getIntegerValue(condVal).first;
1393 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1394 successors.push_back(std::make_pair(icfgNode, val));
1395 }
1396 addBranchStmt(brinst, cond, successors);
1398 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1399 {
1400 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1401 {
1402 intraEdge->setConditionVar(pag->getGNode(cond));
1403 }
1404 }
1405}
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50

◆ visitUnaryOperator()

void SVFIRBuilder::visitUnaryOperator ( UnaryOperator inst)

Visit Unary Operator

Definition at line 1131 of file SVFIRBuilder.cpp.

1132{
1133 NodeID dst = getValueNode(&inst);
1134 assert(inst.getNumOperands() == 1 && "not one operand for Unary instruction?");
1135 Value* opnd = inst.getOperand(0);
1136 NodeID src = getValueNode(opnd);
1137 u32_t opcode = inst.getOpcode();
1138 addUnaryOPEdge(src, dst, opcode);
1139}
SVF::SVFIRBuilder::addUnaryOPEdge
void addUnaryOPEdge(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIRBuilder.h:442

◆ visitUnreachableInst()

void SVF::SVFIRBuilder::visitUnreachableInst ( UnreachableInst )
inline

Definition at line 187 of file SVFIRBuilder.h.

188 {
189 }

◆ visitVAArgInst()

void SVFIRBuilder::visitVAArgInst ( VAArgInst inst)

TODO: var arguments need to be handled. https://llvm.org/docs/LangRef.html#id1911

ap = alloca struct.va_list ap2 = bitcast struct.va_list* ap to i8* ; Read a single integer argument from ap2 tmp = va_arg i8* ap2, i32 (VAArgInst) TODO: for now, create a copy edge from ap2 to tmp, we assume here tmp should point to the n-th argument of the var_args

Definition at line 1413 of file SVFIRBuilder.cpp.

1414{
1415 NodeID dst = getValueNode(&inst);
1416 Value* opnd = inst.getPointerOperand();
1417 NodeID src = getValueNode(opnd);
1418 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1419}

◆ visitVACopyInst()

void SVF::SVFIRBuilder::visitVACopyInst ( VACopyInst )
inline

Definition at line 159 of file SVFIRBuilder.h.

159{}

◆ visitVAEndInst()

void SVF::SVFIRBuilder::visitVAEndInst ( VAEndInst )
inline

Definition at line 160 of file SVFIRBuilder.h.

160{}

◆ visitVAStartInst()

void SVF::SVFIRBuilder::visitVAStartInst ( VAStartInst )
inline

Definition at line 161 of file SVFIRBuilder.h.

161{}

Member Data Documentation

◆ curBB

const SVFBasicBlock* SVF::SVFIRBuilder::curBB
private

Current basic block during SVFIR construction when visiting the module.

Definition at line 52 of file SVFIRBuilder.h.

◆ curVal

const Value* SVF::SVFIRBuilder::curVal
private

Current Value during SVFIR construction when visiting the module.

Definition at line 53 of file SVFIRBuilder.h.

◆ pag

SVFIR* SVF::SVFIRBuilder::pag
private

Definition at line 51 of file SVFIRBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8