SVF::SVFIRBuilder Class Reference

#include <SVFIRBuilder.h>

Inheritance diagram for SVF::SVFIRBuilder:

Public Member Functions
	SVFIRBuilder (SVFModule *mod)
	Constructor. More...
virtual	~SVFIRBuilder ()
	Destructor. More...
virtual SVFIR *	build ()
	Start building SVFIR here. More...
SVFIR *	getPAG () const
	Return SVFIR. More...
void	initialiseNodes ()
	Initialize nodes and edges. More...
void	addEdge (NodeID src, NodeID dst, SVFStmt::PEDGEK kind, APOffset offset=0, Instruction *cs=nullptr)
void	sanityCheck ()
	Sanity check for SVFIR. More...
NodeID	getValueNode (const Value *V)
	Get different kinds of node. More...
NodeID	getObjectNode (const Value *V)
	GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value. More...
NodeID	getReturnNode (const SVFFunction *func)
	getReturnNode - Return the node representing the unique return value of a function. More...
NodeID	getVarargNode (const SVFFunction *func)
	getVarargNode - Return the node representing the unique variadic argument of a function. More...
virtual void	visitAllocaInst (AllocaInst &AI)
	Our visit overrides. More...
void	visitPHINode (PHINode &I)
void	visitStoreInst (StoreInst &I)
void	visitLoadInst (LoadInst &I)
void	visitGetElementPtrInst (GetElementPtrInst &I)
void	visitCallInst (CallInst &I)
void	visitInvokeInst (InvokeInst &II)
void	visitCallBrInst (CallBrInst &I)
void	visitCallSite (CallBase *cs)
void	visitReturnInst (ReturnInst &I)
void	visitCastInst (CastInst &I)
void	visitSelectInst (SelectInst &I)
void	visitExtractValueInst (ExtractValueInst &EVI)
void	visitBranchInst (BranchInst &I)
void	visitSwitchInst (SwitchInst &I)
	The following implementation follows ICFGBuilder::processFunBody. More...
void	visitInsertValueInst (InsertValueInst &I)
void	visitBinaryOperator (BinaryOperator &I)
void	visitUnaryOperator (UnaryOperator &I)
void	visitCmpInst (CmpInst &I)
void	visitVAArgInst (VAArgInst &)
void	visitVACopyInst (VACopyInst &)
void	visitVAEndInst (VAEndInst &)
void	visitVAStartInst (VAStartInst &)
void	visitFreezeInst (FreezeInst &I)
void	visitExtractElementInst (ExtractElementInst &I)
void	visitInsertElementInst (InsertElementInst &I)
void	visitShuffleVectorInst (ShuffleVectorInst &I)
void	visitLandingPadInst (LandingPadInst &I)
void	visitResumeInst (ResumeInst &)
	Instruction not that often. More...
void	visitUnreachableInst (UnreachableInst &)
void	visitFenceInst (FenceInst &I)
void	visitAtomicCmpXchgInst (AtomicCmpXchgInst &I)
void	visitAtomicRMWInst (AtomicRMWInst &I)
void	visitInstruction (Instruction &)
	Provide base case for our instruction visit. More...
void	updateCallGraph (PTACallGraph *callgraph)
	connect PAG edges based on callgraph More...

Protected Member Functions
void	visitGlobal (SVFModule *svfModule)
	Handle globals including (global variable and functions) More...
void	InitialGlobal (const GlobalVariable *gvar, Constant *C, u32_t offset)
NodeID	getGlobalVarField (const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
void	processCE (const Value *val)
	Process constant expression. More...
u32_t	inferFieldIdxFromByteOffset (const llvm::GEPOperator *gepOp, DataLayout *dl, AccessPath &ap, APOffset idx)
	Infer field index from byteoffset. More...
bool	computeGepOffset (const User *V, AccessPath &ap)
	Compute offset of a gep instruction or gep constant expression. More...
const Value *	getBaseValueForExtArg (const Value *V)
	Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size)) More...
void	handleDirectCall (CallBase *cs, const Function *F)
	Handle direct call. More...
void	handleIndCall (CallBase *cs)
	Handle indirect call. More...
virtual const Type *	getBaseTypeAndFlattenedFields (const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
	Handle external call. More...
virtual void	addComplexConsForExt (Value *D, Value *S, const Value *sz)
virtual void	handleExtCall (const CallBase *cs, const SVFFunction *svfCallee)
void	setCurrentLocation (const Value *val, const BasicBlock *bb)
	Set current basic block in order to keep track of control flow information. More...
void	setCurrentLocation (const SVFValue *val, const SVFBasicBlock *bb)
const SVFValue *	getCurrentValue () const
const SVFBasicBlock *	getCurrentBB () const
void	addGlobalBlackHoleAddrEdge (NodeID node, const ConstantExpr *int2Ptrce)
	Add global black hole Address edge. More...
NodeID	addNullPtrNode ()
	Add NullPtr PAGNode. More...
NodeID	getGepValVar (const Value *val, const AccessPath &ap, const SVFType *elementType)
void	setCurrentBBAndValueForPAGEdge (PAGEdge *edge)
void	addBlackHoleAddrEdge (NodeID node)
AddrStmt *	addAddrEdge (NodeID src, NodeID dst)
	Add Address edge. More...
AddrStmt *	addAddrWithStackArraySz (NodeID src, NodeID dst, llvm::AllocaInst &inst)
	Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3". More...
AddrStmt *	addAddrWithHeapSz (NodeID src, NodeID dst, const CallBase *cs)
	Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)". More...
CopyStmt *	addCopyEdge (NodeID src, NodeID dst, CopyStmt::CopyKind kind)
CopyStmt::CopyKind	getCopyKind (const Value *val)
void	addPhiStmt (NodeID res, NodeID opnd, const ICFGNode *pred)
	Add Copy edge. More...
void	addSelectStmt (NodeID res, NodeID op1, NodeID op2, NodeID cond)
	Add SelectStmt. More...
void	addCmpEdge (NodeID op1, NodeID op2, NodeID dst, u32_t predict)
	Add Copy edge. More...
void	addBinaryOPEdge (NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
	Add Copy edge. More...
void	addUnaryOPEdge (NodeID src, NodeID dst, u32_t opcode)
	Add Unary edge. More...
void	addBranchStmt (NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
	Add Branch statement. More...
void	addLoadEdge (NodeID src, NodeID dst)
	Add Load edge. More...
void	addStoreEdge (NodeID src, NodeID dst)
	Add Store edge. More...
void	addCallEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
	Add Call edge. More...
void	addRetEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
	Add Return edge. More...
void	addGepEdge (NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
	Add Gep edge. More...
void	addNormalGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
	Add Offset(Gep) edge. More...
void	addVariantGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
	Add Variant(Gep) edge. More...
void	addThreadForkEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
	Add Thread fork edge for parameter passing. More...
void	addThreadJoinEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
	Add Thread join edge for parameter passing. More...
AccessPath	getAccessPathFromBaseNode (NodeID nodeId)

Private Member Functions
LLVMModuleSet *	llvmModuleSet ()

Private Attributes
SVFIR *	pag
SVFModule *	svfModule
const SVFBasicBlock *	curBB
	Current basic block during SVFIR construction when visiting the module. More...
const SVFValue *	curVal
	Current Value during SVFIR construction when visiting the module. More...

Detailed Description

SVFIR Builder to create SVF variables and statements and PAG

Definition at line 46 of file SVFIRBuilder.h.

Constructor & Destructor Documentation

SVFIRBuilder()

SVF::SVFIRBuilder::SVFIRBuilder ( SVFModule *  mod )

inline

Constructor.

Definition at line 57 of file SVFIRBuilder.h.

                                : pag(SVFIR::getPAG()), svfModule(mod), curBB(nullptr),curVal(nullptr)
    {
    }

~SVFIRBuilder()

virtual SVF::SVFIRBuilder::~SVFIRBuilder ( )

inlinevirtual

Destructor.

Definition at line 61 of file SVFIRBuilder.h.

    {
    }

Member Function Documentation

addAddrEdge()

AddrStmt* SVF::SVFIRBuilder::addAddrEdge ( NodeID  src, NodeID  dst  )

inlineprotected

Add Address edge.

Definition at line 292 of file SVFIRBuilder.h.

    {
        if(AddrStmt *edge = pag->addAddrStmt(src, dst))
        {
            setCurrentBBAndValueForPAGEdge(edge);
            return edge;
        }
        return nullptr;
    }

addAddrWithHeapSz()

AddrStmt* SVF::SVFIRBuilder::addAddrWithHeapSz ( NodeID  src, NodeID  dst, const CallBase *  cs  )

inlineprotected

Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".

Definition at line 315 of file SVFIRBuilder.h.

    {
        // get name of called function
        AddrStmt* edge = addAddrEdge(src, dst);
 
        llvm::Function* calledFunc = cs->getCalledFunction();
        std::string functionName;
        if (calledFunc)
        {
            functionName = calledFunc->getName().str();
        }
        else
        {
            SVFUtil::wrnMsg("not support indirect call to add AddrStmt.\n");
        }
        if (functionName == "malloc")
        {
            if (cs->arg_size() > 0)
            {
                const llvm::Value* val = cs->getArgOperand(0);
                SVFValue* svfval = llvmModuleSet()->getSVFValue(val);
                edge->addArrSize(svfval);
            }
        }
        // Check if the function called is 'calloc' and process its arguments.
        // e.g. "%5 = call i8* @calloc(1, 8)", edge should add two SVFValue (1 and 8)
        else if (functionName == "calloc")
        {
            if (cs->arg_size() > 1)
            {
                edge->addArrSize(llvmModuleSet()->getSVFValue(cs->getArgOperand(0)));
                edge->addArrSize(llvmModuleSet()->getSVFValue(cs->getArgOperand(1)));
            }
        }
        else
        {
            if (cs->arg_size() > 0)
            {
                const llvm::Value* val = cs->getArgOperand(0);
                SVFValue* svfval = llvmModuleSet()->getSVFValue(val);
                edge->addArrSize(svfval);
            }
        }
        return edge;
    }

addAddrWithStackArraySz()

AddrStmt* SVF::SVFIRBuilder::addAddrWithStackArraySz ( NodeID  src, NodeID  dst, llvm::AllocaInst &  inst  )

inlineprotected

Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".

Definition at line 303 of file SVFIRBuilder.h.

    {
        AddrStmt* edge = addAddrEdge(src, dst);
        if (inst.getArraySize())
        {
            SVFValue* arrSz = llvmModuleSet()->getSVFValue(inst.getArraySize());
            edge->addArrSize(arrSz);
        }
        return edge;
    }

addBinaryOPEdge()

void SVF::SVFIRBuilder::addBinaryOPEdge ( NodeID  op1, NodeID  op2, NodeID  dst, u32_t  opcode  )

inlineprotected

Add Copy edge.

Definition at line 427 of file SVFIRBuilder.h.

    {
        if(BinaryOPStmt *edge = pag->addBinaryOPStmt(op1, op2, dst, opcode))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addBlackHoleAddrEdge ( NodeID  node )

inlineprotected

Definition at line 285 of file SVFIRBuilder.h.

    {
        if(PAGEdge *edge = pag->addBlackHoleAddrStmt(node))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addBranchStmt()

void SVF::SVFIRBuilder::addBranchStmt ( NodeID  br, NodeID  cond, const BranchStmt::SuccAndCondPairVec &  succs  )

inlineprotected

Add Branch statement.

Definition at line 439 of file SVFIRBuilder.h.

    {
        if(BranchStmt *edge = pag->addBranchStmt(br, cond, succs))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addCallEdge()

void SVF::SVFIRBuilder::addCallEdge ( NodeID  src, NodeID  dst, const CallICFGNode *  cs, const FunEntryICFGNode *  entry  )

inlineprotected

Add Call edge.

Definition at line 463 of file SVFIRBuilder.h.

    {
        if (CallPE* edge = pag->addCallPE(src, dst, cs, entry))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addCmpEdge()

void SVF::SVFIRBuilder::addCmpEdge ( NodeID  op1, NodeID  op2, NodeID  dst, u32_t  predict  )

inlineprotected

Add Copy edge.

Definition at line 421 of file SVFIRBuilder.h.

    {
        if(CmpStmt *edge = pag->addCmpStmt(op1, op2, dst, predict))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addComplexConsForExt()

void SVFIRBuilder::addComplexConsForExt ( Value *  D, Value *  S, const Value *  szValue  )

protectedvirtual

Add the load/store constraints and temp. nodes for the complex constraint *D = *S (where D/S may point to structs).

If sz is 0, we will add edges for all fields.

Definition at line 78 of file SVFIRExtAPI.cpp.

{
    assert(D && S);
    NodeID vnD= getValueNode(D), vnS= getValueNode(S);
    if(!vnD || !vnS)
        return;
 
    std::vector<AccessPath> fields;
 
    //Get the max possible size of the copy, unless it was provided.
    std::vector<AccessPath> srcFields;
    std::vector<AccessPath> dstFields;
    const Type* stype = getBaseTypeAndFlattenedFields(S, srcFields, szValue);
    const Type* dtype = getBaseTypeAndFlattenedFields(D, dstFields, szValue);
    if(srcFields.size() > dstFields.size())
        fields = dstFields;
    else
        fields = srcFields;
 
    u32_t sz = fields.size();
 
    if (fields.size() == 1 && (LLVMUtil::isConstDataOrAggData(D) || LLVMUtil::isConstDataOrAggData(S)))
    {
        NodeID dummy = pag->addDummyValNode();
        addLoadEdge(vnD,dummy);
        addStoreEdge(dummy,vnS);
        return;
    }
 
    //For each field (i), add (Ti = *S + i) and (*D + i = Ti).
    for (u32_t index = 0; index < sz; index++)
    {
        LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
        const SVFType* dElementType = pag->getSymbolInfo()->getFlatternedElemType(llvmmodule->getSVFType(dtype),
                                      fields[index].getConstantStructFldIdx());
        const SVFType* sElementType = pag->getSymbolInfo()->getFlatternedElemType(llvmmodule->getSVFType(stype),
                                      fields[index].getConstantStructFldIdx());
        NodeID dField = getGepValVar(D,fields[index],dElementType);
        NodeID sField = getGepValVar(S,fields[index],sElementType);
        NodeID dummy = pag->addDummyValNode();
        addLoadEdge(sField,dummy);
        addStoreEdge(dummy,dField);
    }
}

addCopyEdge()

CopyStmt* SVF::SVFIRBuilder::addCopyEdge ( NodeID  src, NodeID  dst, CopyStmt::CopyKind  kind  )

inlineprotected

Definition at line 361 of file SVFIRBuilder.h.

    {
        if(CopyStmt *edge = pag->addCopyStmt(src, dst, kind))
        {
            setCurrentBBAndValueForPAGEdge(edge);
            return edge;
        }
        return nullptr;
    }

addEdge()

void SVF::SVFIRBuilder::addEdge	(	NodeID	src,
		NodeID	dst,
		SVFStmt::PEDGEK	kind,
		APOffset	offset = 0,
		Instruction *	cs = nullptr
	)

addGepEdge()

void SVF::SVFIRBuilder::addGepEdge ( NodeID  src, NodeID  dst, const AccessPath &  ap, bool  constGep  )

inlineprotected

Add Gep edge.

Definition at line 475 of file SVFIRBuilder.h.

    {
        if (GepStmt* edge = pag->addGepStmt(src, dst, ap, constGep))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addGlobalBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addGlobalBlackHoleAddrEdge ( NodeID  node, const ConstantExpr *  int2Ptrce  )

inlineprotected

Add global black hole Address edge.

Definition at line 261 of file SVFIRBuilder.h.

    {
        const SVFValue* cval = getCurrentValue();
        const SVFBasicBlock* cbb = getCurrentBB();
        setCurrentLocation(int2Ptrce,nullptr);
        addBlackHoleAddrEdge(node);
        setCurrentLocation(cval,cbb);
    }

addLoadEdge()

void SVF::SVFIRBuilder::addLoadEdge ( NodeID  src, NodeID  dst  )

inlineprotected

Add Load edge.

Definition at line 445 of file SVFIRBuilder.h.

    {
        if(LoadStmt *edge = pag->addLoadStmt(src, dst))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addNormalGepEdge()

void SVF::SVFIRBuilder::addNormalGepEdge ( NodeID  src, NodeID  dst, const AccessPath &  ap  )

inlineprotected

Add Offset(Gep) edge.

Definition at line 481 of file SVFIRBuilder.h.

    {
        if (GepStmt* edge = pag->addNormalGepStmt(src, dst, ap))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addNullPtrNode()

NodeID SVF::SVFIRBuilder::addNullPtrNode ( )

inlineprotected

Add NullPtr PAGNode.

Definition at line 271 of file SVFIRBuilder.h.

    {
        LLVMContext& cxt = llvmModuleSet()->getContext();
        ConstantPointerNull* constNull = ConstantPointerNull::get(PointerType::getUnqual(cxt));
        NodeID nullPtr = pag->addValNode(llvmModuleSet()->getSVFValue(constNull),pag->getNullPtr(), nullptr);
        setCurrentLocation(constNull, nullptr);
        addBlackHoleAddrEdge(pag->getBlkPtr());
        return nullPtr;
    }

addPhiStmt()

void SVF::SVFIRBuilder::addPhiStmt ( NodeID  res, NodeID  opnd, const ICFGNode *  pred  )

inlineprotected

Add Copy edge.

If we already added this phi node, then skip this adding

Definition at line 408 of file SVFIRBuilder.h.

    {
        if(PhiStmt *edge = pag->addPhiStmt(res,opnd,pred))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addRetEdge()

void SVF::SVFIRBuilder::addRetEdge ( NodeID  src, NodeID  dst, const CallICFGNode *  cs, const FunExitICFGNode *  exit  )

inlineprotected

Add Return edge.

Definition at line 469 of file SVFIRBuilder.h.

    {
        if (RetPE* edge = pag->addRetPE(src, dst, cs, exit))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addSelectStmt()

void SVF::SVFIRBuilder::addSelectStmt ( NodeID  res, NodeID  op1, NodeID  op2, NodeID  cond  )

inlineprotected

Add SelectStmt.

Definition at line 415 of file SVFIRBuilder.h.

    {
        if(SelectStmt *edge = pag->addSelectStmt(res,op1,op2,cond))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addStoreEdge()

void SVF::SVFIRBuilder::addStoreEdge ( NodeID  src, NodeID  dst  )

inlineprotected

Add Store edge.

Definition at line 451 of file SVFIRBuilder.h.

    {
        ICFGNode* node;
        if (const SVFInstruction* inst = SVFUtil::dyn_cast<SVFInstruction>(curVal))
            node = llvmModuleSet()->getICFGNode(
                       SVFUtil::cast<Instruction>(llvmModuleSet()->getLLVMValue(inst)));
        else
            node = nullptr;
        if (StoreStmt* edge = pag->addStoreStmt(src, dst, node))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addThreadForkEdge()

void SVF::SVFIRBuilder::addThreadForkEdge ( NodeID  src, NodeID  dst, const CallICFGNode *  cs, const FunEntryICFGNode *  entry  )

inlineprotected

Add Thread fork edge for parameter passing.

Definition at line 493 of file SVFIRBuilder.h.

    {
        if (TDForkPE* edge = pag->addThreadForkPE(src, dst, cs, entry))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addThreadJoinEdge()

void SVF::SVFIRBuilder::addThreadJoinEdge ( NodeID  src, NodeID  dst, const CallICFGNode *  cs, const FunExitICFGNode *  exit  )

inlineprotected

Add Thread join edge for parameter passing.

Definition at line 499 of file SVFIRBuilder.h.

    {
        if (TDJoinPE* edge = pag->addThreadJoinPE(src, dst, cs, exit))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addUnaryOPEdge()

void SVF::SVFIRBuilder::addUnaryOPEdge ( NodeID  src, NodeID  dst, u32_t  opcode  )

inlineprotected

Add Unary edge.

Definition at line 433 of file SVFIRBuilder.h.

    {
        if(UnaryOPStmt *edge = pag->addUnaryOPStmt(src, dst, opcode))
            setCurrentBBAndValueForPAGEdge(edge);
    }

addVariantGepEdge()

void SVF::SVFIRBuilder::addVariantGepEdge ( NodeID  src, NodeID  dst, const AccessPath &  ap  )

inlineprotected

Add Variant(Gep) edge.

Definition at line 487 of file SVFIRBuilder.h.

    {
        if (GepStmt* edge = pag->addVariantGepStmt(src, dst, ap))
            setCurrentBBAndValueForPAGEdge(edge);
    }

build()

SVFIR * SVFIRBuilder::build ( )

virtual

Start building SVFIR here.

Start building SVFIR here

initial external library information initial SVFIR nodes

initial SVFIR edges: // handle globals

handle functions

collect return node of function fun

Return SVFIR node will not be created for function which can not reach the return instruction due to call to abort(), exit(), etc. In 176.gcc of SPEC 2000, function build_objc_string() from c-lang.c shows an example when fun.doesNotReturn() evaluates to TRUE because of abort().

To be noted, we do not record arguments which are in declared function without body TODO: what about external functions with SVFIR imported by commandline?

Definition at line 54 of file SVFIRBuilder.cpp.

{
    double startTime = SVFStat::getClk(true);
 
    DBOUT(DGENERAL, outs() << pasMsg("\t Building SVFIR ...\n"));
 
    // Set SVFModule from SVFIRBuilder
    pag->setModule(svfModule);
 
    // Build ICFG
    pag->setICFG(llvmModuleSet()->getICFG());
 
    // Set callgraph
    pag->setCallGraph(llvmModuleSet()->callgraph);
 
    // Set icfgnode in memobj
    for (auto& it : SymbolTableInfo::SymbolInfo()->idToObjMap())
    {
        if(!it.second->getValue())
            continue;
        if (const Instruction* inst =
                    SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(
                                it.second->getValue())))
        {
            if(llvmModuleSet()->hasICFGNode(inst))
                it.second->gNode = llvmModuleSet()->getICFGNode(inst);
        }
    }
 
    CHGraph* chg = new CHGraph(pag->getModule());
    CHGBuilder chgbuilder(chg);
    chgbuilder.buildCHG();
    pag->setCHG(chg);
 
    // We read SVFIR from a user-defined txt instead of parsing SVFIR from LLVM IR
    if (SVFModule::pagReadFromTXT())
    {
        PAGBuilderFromFile fileBuilder(SVFModule::pagFileName());
        return fileBuilder.build();
    }
 
    // If the SVFIR has been built before, then we return the unique SVFIR of the program
    if(pag->getNodeNumAfterPAGBuild() > 1)
        return pag;
 
    initialiseNodes();
    visitGlobal(svfModule);
 
    for (Module& M : llvmModuleSet()->getLLVMModules())
    {
        for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
        {
            const Function& fun = *F;
            const SVFFunction* svffun = llvmModuleSet()->getSVFFunction(&fun);
            if(!fun.isDeclaration())
            {
                if (fun.doesNotReturn() == false &&
                        fun.getReturnType()->isVoidTy() == false)
                {
                    pag->addFunRet(svffun,
                                   pag->getGNode(pag->getReturnNode(svffun)));
                }
 
                for (Function::const_arg_iterator I = fun.arg_begin(), E = fun.arg_end();
                        I != E; ++I)
                {
                    setCurrentLocation(&*I,&fun.getEntryBlock());
                    NodeID argValNodeId = pag->getValueNode(llvmModuleSet()->getSVFValue(&*I));
                    // if this is the function does not have caller (e.g. main)
                    // or a dead function, shall we create a black hole address edge for it?
                    // it is (1) too conservative, and (2) make FormalParmVFGNode defined at blackhole address PAGEdge.
                    // if(SVFUtil::ArgInNoCallerFunction(&*I)) {
                    //    if(I->getType()->isPointerTy())
                    //        addBlackHoleAddrEdge(argValNodeId);
                    //}
                    pag->addFunArgs(svffun,pag->getGNode(argValNodeId));
                }
            }
            for (Function::const_iterator bit = fun.begin(), ebit = fun.end();
                    bit != ebit; ++bit)
            {
                const BasicBlock& bb = *bit;
                for (BasicBlock::const_iterator it = bb.begin(), eit = bb.end();
                        it != eit; ++it)
                {
                    const Instruction& inst = *it;
                    setCurrentLocation(&inst,&bb);
                    visit(const_cast<Instruction&>(inst));
                }
            }
        }
    }
 
    sanityCheck();
 
    pag->initialiseCandidatePointers();
 
    pag->setNodeNumAfterPAGBuild(pag->getTotalNodeNum());
 
    // dump SVFIR
    if (Options::PAGDotGraph())
        pag->dump("svfir_initial");
 
    // print to command line of the SVFIR graph
    if (Options::PAGPrint())
        pag->print();
 
    // dump ICFG
    if (Options::DumpICFG())
        pag->getICFG()->dump("icfg_initial");
 
    if (Options::LoopAnalysis())
    {
        LLVMLoopAnalysis loopAnalysis;
        loopAnalysis.build(pag->getICFG());
    }
 
    // dump SVFIR as JSON
    if (!Options::DumpJson().empty())
    {
        SVFIRWriter::writeJsonToPath(pag, Options::DumpJson());
    }
 
    double endTime = SVFStat::getClk(true);
    SVFStat::timeOfBuildingSVFIR = (endTime - startTime) / TIMEINTERVAL;
 
    return pag;
}

computeGepOffset()

bool SVFIRBuilder::computeGepOffset ( const User *  V, AccessPath &  ap  )

protected

Compute offset of a gep instruction or gep constant expression.

Return the object node offset according to GEP insn (V). Given a gep edge p = q + i, if "i" is a constant then we return its offset size otherwise if "i" is a variable determined by runtime, then it is a variant offset Return TRUE if the offset of this GEP insn is a constant.

Definition at line 299 of file SVFIRBuilder.cpp.

{
    assert(V);
 
    const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
    DataLayout * dataLayout = getDataLayout(llvmModuleSet()->getMainLLVMModule());
    llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
    if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
    {
        //s32_t bo = byteOffset.getSExtValue();
    }
 
    bool isConst = true;
 
    bool prevPtrOperand = false;
    for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
            gi != ge; ++gi)
    {
        const Type* gepTy = *gi;
        const SVFType* svfGepTy = llvmModuleSet()->getSVFType(gepTy);
 
        assert((prevPtrOperand && svfGepTy->isPointerTy()) == false &&
               "Expect no more than one gep operand to be of a pointer type");
        if(!prevPtrOperand && svfGepTy->isPointerTy()) prevPtrOperand = true;
        const Value* offsetVal = gi.getOperand();
        const SVFValue* offsetSvfVal = llvmModuleSet()->getSVFValue(offsetVal);
        assert(gepTy != offsetVal->getType() && "iteration and operand have the same type?");
        ap.addOffsetVarAndGepTypePair(getPAG()->getGNode(getPAG()->getValueNode(offsetSvfVal)), svfGepTy);
 
        //The int value of the current index operand
        const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
 
        // if Options::ModelConsts() is disabled. We will treat whole array as one,
        // but we can distinguish different field of an array of struct, e.g. s[1].f1 is different from s[0].f2
        if(const ArrayType* arrTy = SVFUtil::dyn_cast<ArrayType>(gepTy))
        {
            if(!op || (arrTy->getArrayNumElements() <= (u32_t)op->getSExtValue()))
                continue;
            APOffset idx = op->getSExtValue();
            u32_t offset = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(arrTy), idx);
            ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
        }
        else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
        {
            assert(op && "non-const offset accessing a struct");
            //The actual index
            APOffset idx = op->getSExtValue();
            u32_t offset = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(ST), idx);
            ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
        }
        else if (gepTy->isSingleValueType())
        {
            // If it's a non-constant offset access
            // If its point-to target is struct or array, it's likely an array accessing (%result = gep %struct.A* %a, i32 %non-const-index)
            // If its point-to target is single value (pointer arithmetic), then it's a variant gep (%result = gep i8* %p, i32 %non-const-index)
            if(!op && gepTy->isPointerTy() && gepOp->getSourceElementType()->isSingleValueType())
            {
                isConst = false;
            }
 
            // The actual index
            //s32_t idx = op->getSExtValue();
 
            // For pointer arithmetic we ignore the byte offset
            // consider using inferFieldIdxFromByteOffset(geopOp,dataLayout,ap,idx)?
            // ap.setFldIdx(ap.getConstantFieldIdx() + inferFieldIdxFromByteOffset(geopOp,idx));
        }
    }
    return isConst;
}

getAccessPathFromBaseNode()

AccessPath SVFIRBuilder::getAccessPathFromBaseNode ( NodeID  nodeId )

protected

Get a base SVFVar given a pointer Return the source node of its connected normal gep edge Otherwise return the node id itself s32_t offset : gep offset

if this node is already a base node

Definition at line 1390 of file SVFIRBuilder.cpp.

{
    SVFVar* node  = pag->getGNode(nodeId);
    SVFStmt::SVFStmtSetTy& geps = node->getIncomingEdges(SVFStmt::Gep);
    if(geps.empty())
        return AccessPath(0);
 
    assert(geps.size()==1 && "one node can only be connected by at most one gep edge!");
    SVFVar::iterator it = geps.begin();
    const GepStmt* gepEdge = SVFUtil::cast<GepStmt>(*it);
    if(gepEdge->isVariantFieldGep())
        return AccessPath(0);
    else
        return gepEdge->getAccessPath();
}

getBaseTypeAndFlattenedFields()

const Type * SVFIRBuilder::getBaseTypeAndFlattenedFields ( const Value *  V, std::vector< AccessPath > &  fields, const Value *  szValue  )

protectedvirtual

Handle external call.

Find the base type and the max possible offset of an object pointed to by (V).

use user-specified size for this copy operation if the size is a constaint int

Definition at line 43 of file SVFIRExtAPI.cpp.

{
    assert(V);
    const Value* value = getBaseValueForExtArg(V);
    const Type *objType = LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->inferObjType(value);
    u32_t numOfElems = pag->getSymbolInfo()->getNumOfFlattenElements(LLVMModuleSet::getLLVMModuleSet()->getSVFType(objType));
    if(szValue && SVFUtil::isa<ConstantInt>(szValue))
    {
        numOfElems = (numOfElems > SVFUtil::cast<ConstantInt>(szValue)->getSExtValue()) ? SVFUtil::cast<ConstantInt>(szValue)->getSExtValue() : numOfElems;
    }
 
    LLVMContext& context = LLVMModuleSet::getLLVMModuleSet()->getContext();
    for(u32_t ei = 0; ei < numOfElems; ei++)
    {
        AccessPath ls(ei);
        // make a ConstantInt and create char for the content type due to byte-wise copy
        const ConstantInt* offset = ConstantInt::get(context, llvm::APInt(32, ei));
        const SVFValue* svfOffset = LLVMModuleSet::getLLVMModuleSet()->getSVFValue(offset);
        if (!pag->getSymbolInfo()->hasValSym(svfOffset))
        {
            SymbolTableBuilder builder(pag->getSymbolInfo());
            builder.collectSym(offset);
            pag->addValNode(svfOffset, pag->getSymbolInfo()->getValSym(svfOffset), nullptr);
        }
        ls.addOffsetVarAndGepTypePair(getPAG()->getGNode(getPAG()->getValueNode(svfOffset)), nullptr);
        fields.push_back(ls);
    }
    return objType;
}

getBaseValueForExtArg()

const Value * SVFIRBuilder::getBaseValueForExtArg ( const Value *  V )

protected

Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))

Definition at line 1163 of file SVFIRBuilder.cpp.

{
    const Value*  value = stripAllCasts(V);
    assert(value && "null ptr?");
    if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
    {
        APOffset totalidx = 0;
        for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
        {
            if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
                totalidx += op->getSExtValue();
        }
        if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
            value = gep->getPointerOperand();
    }
    return value;
}

getCopyKind()

CopyStmt::CopyKind SVF::SVFIRBuilder::getCopyKind ( const Value *  val )

inlineprotected

Definition at line 371 of file SVFIRBuilder.h.

    {
        // COPYVAL, ZEXT, SEXT, BITCAST, FPTRUNC, FPTOUI, FPTOSI, UITOFP, SITOFP, INTTOPTR, PTRTOINT
        if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(val))
        {
            switch (inst->getOpcode())
            {
            case Instruction::ZExt:
                return CopyStmt::ZEXT;
            case Instruction::SExt:
                return CopyStmt::SEXT;
            case Instruction::BitCast:
                return CopyStmt::BITCAST;
            case Instruction ::Trunc:
                return CopyStmt::TRUNC;
            case Instruction::FPTrunc:
                return CopyStmt::FPTRUNC;
            case Instruction::FPToUI:
                return CopyStmt::FPTOUI;
            case Instruction::FPToSI:
                return CopyStmt::FPTOSI;
            case Instruction::UIToFP:
                return CopyStmt::UITOFP;
            case Instruction::SIToFP:
                return CopyStmt::SITOFP;
            case Instruction::IntToPtr:
                return CopyStmt::INTTOPTR;
            case Instruction::PtrToInt:
                return CopyStmt::PTRTOINT;
            default:
                return CopyStmt::COPYVAL;
            }
        }
        assert (false && "Unknown cast inst!");
    }

getCurrentBB()

const SVFBasicBlock* SVF::SVFIRBuilder::getCurrentBB ( ) const

inlineprotected

Definition at line 255 of file SVFIRBuilder.h.

    {
        return curBB;
    }

getCurrentValue()

const SVFValue* SVF::SVFIRBuilder::getCurrentValue ( ) const

inlineprotected

Definition at line 251 of file SVFIRBuilder.h.

    {
        return curVal;
    }

getGepValVar()

NodeID SVFIRBuilder::getGepValVar ( const Value *  val, const AccessPath &  ap, const SVFType *  elementType  )

protected

Add a temp field value node according to base value and offset this node is after the initial node method, it is out of scope of symInfo table

Definition at line 1254 of file SVFIRBuilder.cpp.

{
    NodeID base = getValueNode(val);
    NodeID gepval = pag->getGepValVar(curVal, base, ap);
    if (gepval==UINT_MAX)
    {
        assert(((int) UINT_MAX)==-1 && "maximum limit of unsigned int is not -1?");
        /*
         * getGepValVar can only be called from two places:
         * 1. SVFIRBuilder::addComplexConsForExt to handle external calls
         * 2. SVFIRBuilder::getGlobalVarField to initialize global variable
         * so curVal can only be
         * 1. Instruction
         * 2. GlobalVariable
         */
        assert((SVFUtil::isa<SVFInstruction, SVFGlobalValue>(curVal)) && "curVal not an instruction or a globalvariable?");
 
        // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
        // We preserve the current BB information to restore it after creating the gepNode
        const SVFValue* cval = getCurrentValue();
        const SVFBasicBlock* cbb = getCurrentBB();
        setCurrentLocation(curVal, nullptr);
        LLVMModuleSet* llvmmodule = llvmModuleSet();
        NodeID gepNode = pag->addGepValNode(curVal, llvmmodule->getSVFValue(val), ap,
                                            NodeIDAllocator::get()->allocateValueId(),
                                            llvmmodule->getSVFType(PointerType::getUnqual(llvmmodule->getContext())));
        addGepEdge(base, gepNode, ap, true);
        setCurrentLocation(cval, cbb);
        return gepNode;
    }
    else
        return gepval;
}

getGlobalVarField()

NodeID SVFIRBuilder::getGlobalVarField ( const GlobalVariable *  gvar, u32_t  offset, SVFType *  tpy  )

protected

Get the field of the global variable node FIXME:Here we only get the field that actually used in the program We ignore the initialization of global variable field that not used in the program

if we did not find the constant expression in the program, then we need to create a gep node for this field

Definition at line 504 of file SVFIRBuilder.cpp.

{
 
    // if the global variable do not have any field needs to be initialized
    if (offset == 0 && gvar->getInitializer()->getType()->isSingleValueType())
    {
        return getValueNode(gvar);
    }
    else
    {
        return getGepValVar(gvar, AccessPath(offset), tpy);
    }
}

getObjectNode()

NodeID SVF::SVFIRBuilder::getObjectNode ( const Value *  V )

inline

GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.

Definition at line 98 of file SVFIRBuilder.h.

    {
        SVFValue* svfVal = llvmModuleSet()->getSVFValue(V);
        return pag->getObjectNode(svfVal);
    }

getPAG()

SVFIR* SVF::SVFIRBuilder::getPAG ( ) const

inline

Return SVFIR.

Definition at line 69 of file SVFIRBuilder.h.

    {
        return pag;
    }

getReturnNode()

NodeID SVF::SVFIRBuilder::getReturnNode ( const SVFFunction *  func )

inline

getReturnNode - Return the node representing the unique return value of a function.

Definition at line 105 of file SVFIRBuilder.h.

    {
        return pag->getReturnNode(func);
    }

getValueNode()

NodeID SVF::SVFIRBuilder::getValueNode ( const Value *  V )

inline

Get different kinds of node.

Definition at line 87 of file SVFIRBuilder.h.

    {
        // first handle gep edge if val if a constant expression
        processCE(V);
 
        // strip off the constant cast and return the value node
        SVFValue* svfVal = llvmModuleSet()->getSVFValue(V);
        return pag->getValueNode(svfVal);
    }

getVarargNode()

NodeID SVF::SVFIRBuilder::getVarargNode ( const SVFFunction *  func )

inline

getVarargNode - Return the node representing the unique variadic argument of a function.

Definition at line 111 of file SVFIRBuilder.h.

    {
        return pag->getVarargNode(func);
    }

handleDirectCall()

void SVFIRBuilder::handleDirectCall ( CallBase *  cs, const Function *  F  )

protected

Handle direct call.

Add the constraints for a direct, non-external call.

FIXME: this assertion should be placed for correct checking except bug program like 188.ammp, 300.twolf

Definition at line 1100 of file SVFIRBuilder.cpp.

{
 
    assert(F);
    CallICFGNode* callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
    const SVFFunction* svffun = llvmModuleSet()->getSVFFunction(F);
    DBOUT(DPAGBuild,
          outs() << "handle direct call " << LLVMUtil::dumpValue(cs) << " callee " << F->getName().str() << "\n");
 
    //Only handle the ret.val. if it's used as a ptr.
    NodeID dstrec = getValueNode(cs);
    //Does it actually return a ptr?
    if (!cs->getType()->isVoidTy())
    {
        NodeID srcret = getReturnNode(svffun);
        FunExitICFGNode* exitICFGNode = pag->getICFG()->getFunExitICFGNode(svffun);
        addRetEdge(srcret, dstrec,callICFGNode, exitICFGNode);
    }
    //Iterators for the actual and formal parameters
    u32_t itA = 0, ieA = cs->arg_size();
    Function::const_arg_iterator itF = F->arg_begin(), ieF = F->arg_end();
    //Go through the fixed parameters.
    DBOUT(DPAGBuild, outs() << "      args:");
    for (; itF != ieF; ++itA, ++itF)
    {
        //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
        if (itA == ieA)
        {
            DBOUT(DPAGBuild, outs() << " !! not enough args\n");
            break;
        }
        const Value* AA = cs->getArgOperand(itA), *FA = &*itF; //current actual/formal arg
 
        DBOUT(DPAGBuild, outs() << "process actual parm  " << llvmModuleSet()->getSVFValue(AA)->toString() << " \n");
 
        NodeID dstFA = getValueNode(FA);
        NodeID srcAA = getValueNode(AA);
        FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
        addCallEdge(srcAA, dstFA, callICFGNode, entry);
    }
    //Any remaining actual args must be varargs.
    if (F->isVarArg())
    {
        NodeID vaF = getVarargNode(svffun);
        DBOUT(DPAGBuild, outs() << "\n      varargs:");
        for (; itA != ieA; ++itA)
        {
            const Value* AA = cs->getArgOperand(itA);
            NodeID vnAA = getValueNode(AA);
            FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
            addCallEdge(vnAA,vaF, callICFGNode,entry);
        }
    }
    if(itA != ieA)
    {
        writeWrnMsg("too many args to non-vararg func.");
        writeWrnMsg("(" + callICFGNode->getSourceLoc() + ")");
 
    }
}

handleExtCall()

void SVFIRBuilder::handleExtCall ( const CallBase *  cs, const SVFFunction *  svfCallee  )

protectedvirtual

pthread_create has 1 arg. apr_thread_create has 2 arg.

Connect actual parameter to formal parameter of the start routine

handle indirect calls at pthread create APIs e.g., pthread_create(&t1, nullptr, fp, ...); const Value* fun = ThreadAPI::getThreadAPI()->getForkedFun(inst); if(!SVFUtil::isa<Function>(fun)) pag->addIndirectCallsites(cs,pag->getValueNode(fun));

If forkedFun does not pass to spawnee as function type but as void pointer remember to update inter-procedural callgraph/SVFIR/SVFG etc. when indirect call targets are resolved We don't connect the callgraph here, further investigation is need to handle mod-ref during SVFG construction.

TODO: inter-procedural SVFIR edges for thread joins

Definition at line 124 of file SVFIRExtAPI.cpp.

{
    const SVFInstruction* svfInst = LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(cs);
    const SVFCallInst* svfCall = SVFUtil::cast<SVFCallInst>(svfInst);
    const CallICFGNode *callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
 
    if (isHeapAllocExtCallViaRet(callICFGNode))
    {
        NodeID val = pag->getValueNode(svfInst);
        NodeID obj = pag->getObjectNode(svfInst);
        addAddrWithHeapSz(obj, val, cs);
    }
    else if (isHeapAllocExtCallViaArg(callICFGNode))
    {
        u32_t arg_pos = getHeapAllocHoldingArgPosition(svfCallee);
        const SVFValue* arg = svfCall->getArgOperand(arg_pos);
        if (arg->getType()->isPointerTy())
        {
            NodeID vnArg = pag->getValueNode(arg);
            NodeID dummy = pag->addDummyValNode();
            NodeID obj = pag->addDummyObjNode(arg->getType());
            if (vnArg && dummy && obj)
            {
                addAddrWithHeapSz(obj, dummy, cs);
                addStoreEdge(dummy, vnArg);
            }
        }
        else
        {
            writeWrnMsg("Arg receiving new object must be pointer type");
        }
    }
    else if (isMemcpyExtFun(svfCallee))
    {
        // Side-effects similar to void *memcpy(void *dest, const void * src, size_t n)
        // which  copies n characters from memory area 'src' to memory area 'dest'.
        if(svfCallee->getName().find("iconv") != std::string::npos)
            addComplexConsForExt(cs->getArgOperand(3), cs->getArgOperand(1), nullptr);
        else if(svfCallee->getName().find("bcopy") != std::string::npos)
            addComplexConsForExt(cs->getArgOperand(1), cs->getArgOperand(0), cs->getArgOperand(2));
        if(svfCall->arg_size() == 3)
            addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), cs->getArgOperand(2));
        else
            addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), nullptr);
        if(SVFUtil::isa<PointerType>(cs->getType()))
            addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
    }
    else if(isMemsetExtFun(svfCallee))
    {
        // Side-effects similar to memset(void *str, int c, size_t n)
        // which copies the character c (an unsigned char) to the first n characters of the string pointed to, by the argument str
        std::vector<AccessPath> dstFields;
        const Type *dtype = getBaseTypeAndFlattenedFields(cs->getArgOperand(0), dstFields, cs->getArgOperand(2));
        u32_t sz = dstFields.size();
        //For each field (i), add store edge *(arg0 + i) = arg1
        for (u32_t index = 0; index < sz; index++)
        {
            LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
            const SVFType* dElementType = pag->getSymbolInfo()->getFlatternedElemType(llvmmodule->getSVFType(dtype),
                                          dstFields[index].getConstantStructFldIdx());
            NodeID dField = getGepValVar(cs->getArgOperand(0), dstFields[index], dElementType);
            addStoreEdge(getValueNode(cs->getArgOperand(1)),dField);
        }
        if(SVFUtil::isa<PointerType>(cs->getType()))
            addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
    }
    else if(svfCallee->getName().compare("dlsym") == 0)
    {
        /*
        Side-effects of void* dlsym( void* handle, const char* funName),
        Locate the function with the name "funName," then add a "copy" edge between the callsite and that function.
        dlsym() example:
            int main() {
                // Open the shared library
                void* handle = dlopen("./my_shared_library.so", RTLD_LAZY);
                // Find the function address
                void (*myFunctionPtr)() = (void (*)())dlsym(handle, "myFunction");
                // Call the function
                myFunctionPtr();
            }
        */
        const Value* src = cs->getArgOperand(1);
        if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(src))
            src = stripConstantCasts(gep->getPointerOperand());
 
        auto getHookFn = [](const Value* src)->const Function*
        {
            if (!SVFUtil::isa<GlobalVariable>(src))
                return nullptr;
 
            auto *glob = SVFUtil::cast<GlobalVariable>(src);
            if (!glob->hasInitializer() || !SVFUtil::isa<ConstantDataArray>(glob->getInitializer()))
                return nullptr;
 
            auto *constarray = SVFUtil::cast<ConstantDataArray>(glob->getInitializer());
            return LLVMUtil::getProgFunction(constarray->getAsCString().str());
        };
 
        if (const Function *fn = getHookFn(src))
        {
            NodeID srcNode = getValueNode(fn);
            addCopyEdge(srcNode,  getValueNode(cs), CopyStmt::COPYVAL);
        }
    }
    else if(svfCallee->getName().find("_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_") != std::string::npos)
    {
        // The purpose of this function is to insert a new node into the red-black tree and then rebalance the tree to ensure that the red-black tree properties are maintained.
        assert(svfCall->arg_size() == 4 && "_Rb_tree_insert_and_rebalance should have 4 arguments.\n");
 
        // We have vArg3 points to the entry of _Rb_tree_node_base { color; parent; left; right; }.
        // Now we calculate the offset from base to vArg3
        NodeID vnArg3 = pag->getValueNode(svfCall->getArgOperand(3));
        APOffset offset =
            getAccessPathFromBaseNode(vnArg3).getConstantStructFldIdx();
 
        // We get all flattened fields of base
        vector<AccessPath> fields =  pag->getTypeLocSetsMap(vnArg3).second;
 
        // We summarize the side effects: arg3->parent = arg1, arg3->left = arg1, arg3->right = arg1
        // Note that arg0 is aligned with "offset".
        for (APOffset i = offset + 1; i <= offset + 3; ++i)
        {
            if((u32_t)i >= fields.size())
                break;
            const SVFType* elementType = pag->getSymbolInfo()->getFlatternedElemType(pag->getTypeLocSetsMap(vnArg3).first,
                                         fields[i].getConstantStructFldIdx());
            NodeID vnD = getGepValVar(cs->getArgOperand(3), fields[i], elementType);
            NodeID vnS = pag->getValueNode(svfCall->getArgOperand(1));
            if(vnD && vnS)
                addStoreEdge(vnS,vnD);
        }
    }
 
    if (isThreadForkCall(callICFGNode))
    {
        if (const SVFFunction* forkedFun = SVFUtil::dyn_cast<SVFFunction>(getForkedFun(callICFGNode)->getValue()))
        {
            forkedFun = forkedFun->getDefFunForMultipleModule();
            const SVFVar* actualParm = getActualParmAtForkSite(callICFGNode);
            assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
            if (forkedFun->arg_size() <= 2 && forkedFun->arg_size() >= 1)
            {
                const SVFArgument* formalParm = forkedFun->getArg(0);
                if (actualParm->isPointer() && formalParm->getType()->isPointerTy())
                {
                    FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
                    addThreadForkEdge(actualParm->getId(), pag->getValueNode(formalParm), callICFGNode, entry);
                }
            }
        }
        else
        {
        }
    }
 
}

handleIndCall()

void SVFIRBuilder::handleIndCall ( CallBase *  cs )

protected

Handle indirect call.

Indirect call is resolved on-the-fly during pointer analysis

Definition at line 1184 of file SVFIRBuilder.cpp.

{
    const SVFValue* svfcalledval = llvmModuleSet()->getSVFValue(cs->getCalledOperand());
 
    const CallICFGNode* cbn = llvmModuleSet()->getCallICFGNode(cs);
    pag->addIndirectCallsites(cbn,pag->getValueNode(svfcalledval));
}

inferFieldIdxFromByteOffset()

u32_t SVFIRBuilder::inferFieldIdxFromByteOffset ( const llvm::GEPOperator *  gepOp, DataLayout *  dl, AccessPath &  ap, APOffset  idx  )

protected

Infer field index from byteoffset.

Definition at line 288 of file SVFIRBuilder.cpp.

{
    return 0;
}

InitialGlobal()

void SVFIRBuilder::InitialGlobal ( const GlobalVariable *  gvar, Constant *  C, u32_t  offset  )

protected

src should not point to anything yet

Definition at line 531 of file SVFIRBuilder.cpp.

{
    DBOUT(DPAGBuild, outs() << "global " << llvmModuleSet()->getSVFValue(gvar)->toString() << " constant initializer: " << llvmModuleSet()->getSVFValue(C)->toString() << "\n");
    if (C->getType()->isSingleValueType())
    {
        NodeID src = getValueNode(C);
        // get the field value if it is available, otherwise we create a dummy field node.
        setCurrentLocation(gvar, nullptr);
        NodeID field = getGlobalVarField(gvar, offset, llvmModuleSet()->getSVFType(C->getType()));
 
        if (SVFUtil::isa<GlobalVariable, Function>(C))
        {
            setCurrentLocation(C, nullptr);
            addStoreEdge(src, field);
        }
        else if (SVFUtil::isa<ConstantExpr>(C))
        {
            // add gep edge of C1 itself is a constant expression
            processCE(C);
            setCurrentLocation(C, nullptr);
            addStoreEdge(src, field);
        }
        else if (SVFUtil::isa<BlockAddress>(C))
        {
            // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
            // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
            processCE(C);
            setCurrentLocation(C, nullptr);
            addAddrEdge(pag->getConstantNode(), src);
        }
        else
        {
            setCurrentLocation(C, nullptr);
            addStoreEdge(src, field);
            if (C->getType()->isPtrOrPtrVectorTy() && src != pag->getNullPtr())
                addCopyEdge(pag->getNullPtr(), src, CopyStmt::COPYVAL);
        }
    }
    else if (SVFUtil::isa<ConstantArray, ConstantStruct>(C))
    {
        if(cppUtil::isValVtbl(gvar) && !Options::VtableInSVFIR())
            return;
        for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
        {
            u32_t off = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
            InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
        }
    }
    else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
    {
        if(Options::ModelConsts())
        {
            if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data))
            {
                for(u32_t i = 0; i < seq->getNumElements(); i++)
                {
                    u32_t off = pag->getSymbolInfo()->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
                    Constant* ct = seq->getElementAsConstant(i);
                    InitialGlobal(gvar, ct, offset + off);
                }
            }
            else
            {
                assert((SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) && "Single value type data should have been handled!");
            }
        }
    }
    else
    {
        //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
    }
}

initialiseNodes()

void SVFIRBuilder::initialiseNodes

(

)

Initialize nodes and edges.

add address edges for constant nodes.

Definition at line 200 of file SVFIRBuilder.cpp.

{
    DBOUT(DPAGBuild, outs() << "Initialise SVFIR Nodes ...\n");
 
    SymbolTableInfo* symTable = pag->getSymbolInfo();
 
    pag->addBlackholeObjNode();
    pag->addConstantObjNode();
    pag->addBlackholePtrNode();
    addNullPtrNode();
 
    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
                symTable->valSyms().begin(); iter != symTable->valSyms().end();
            ++iter)
    {
        DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
        if(iter->second == symTable->blkPtrSymID() || iter->second == symTable->nullPtrSymID())
            continue;
 
        const SVFBaseNode* gNode = nullptr;
        if (const Instruction* inst =
                    SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(iter->first)))
        {
            if (llvmModuleSet()->hasICFGNode(inst))
            {
                gNode = llvmModuleSet()->getICFGNode(inst);
            }
        }
        pag->addValNode(iter->first, iter->second, gNode);
    }
 
    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
                symTable->objSyms().begin(); iter != symTable->objSyms().end();
            ++iter)
    {
        DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
        if(iter->second == symTable->blackholeSymID() || iter->second == symTable->constantSymID())
            continue;
        pag->addObjNode(iter->first, iter->second);
    }
 
    for (SymbolTableInfo::FunToIDMapTy::iterator iter =
                symTable->retSyms().begin(); iter != symTable->retSyms().end();
            ++iter)
    {
        DBOUT(DPAGBuild, outs() << "add ret node " << iter->second << "\n");
        pag->addRetNode(iter->first, iter->second);
    }
 
    for (SymbolTableInfo::FunToIDMapTy::iterator iter =
                symTable->varargSyms().begin();
            iter != symTable->varargSyms().end(); ++iter)
    {
        DBOUT(DPAGBuild, outs() << "add vararg node " << iter->second << "\n");
        pag->addVarargNode(iter->first, iter->second);
    }
 
    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
                symTable->objSyms().begin(); iter != symTable->objSyms().end(); ++iter)
    {
        DBOUT(DPAGBuild, outs() << "add address edges for constant node " << iter->second << "\n");
        const SVFValue* val = iter->first;
        if (isConstantObjSym(val))
        {
            NodeID ptr = pag->getValueNode(val);
            if(ptr!= pag->getBlkPtr() && ptr!= pag->getNullPtr())
            {
                setCurrentLocation(val, nullptr);
                addAddrEdge(iter->second, ptr);
            }
        }
    }
 
    assert(pag->getTotalNodeNum() >= symTable->getTotalSymNum()
           && "not all node have been initialized!!!");
 
}

llvmModuleSet()

LLVMModuleSet* SVF::SVFIRBuilder::llvmModuleSet ( )

inlineprivate

Definition at line 509 of file SVFIRBuilder.h.

    {
        return LLVMModuleSet::getLLVMModuleSet();
    }

processCE()

void SVFIRBuilder::processCE ( const Value *  val )

protected

Process constant expression.

Handle constant expression, and connect the gep edge

Definition at line 373 of file SVFIRBuilder.cpp.

{
    if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
    {
        if (const ConstantExpr* gepce = isGepConstantExpr(ref))
        {
            DBOUT(DPAGBuild, outs() << "handle gep constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
            const Constant* opnd = gepce->getOperand(0);
            // handle recursive constant express case (gep (bitcast (gep X 1)) 1)
            processCE(opnd);
            auto &GEPOp = llvm::cast<llvm::GEPOperator>(*gepce);
            Type *pType = GEPOp.getSourceElementType();
            AccessPath ap(0, llvmModuleSet()->getSVFType(pType));
            bool constGep = computeGepOffset(gepce, ap);
            // must invoke pag methods here, otherwise it will be a dead recursion cycle
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(gepce, nullptr);
            /*
             * The gep edge created are like constexpr (same edge may appear at multiple callsites)
             * so bb/inst of this edge may be rewritten several times, we treat it as global here.
             */
            addGepEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(gepce)), ap, constGep);
            setCurrentLocation(cval, cbb);
        }
        else if (const ConstantExpr* castce = isCastConstantExpr(ref))
        {
            DBOUT(DPAGBuild, outs() << "handle cast constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
            const Constant* opnd = castce->getOperand(0);
            processCE(opnd);
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(castce, nullptr);
            addCopyEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(castce)), CopyStmt::BITCAST);
            setCurrentLocation(cval, cbb);
        }
        else if (const ConstantExpr* selectce = isSelectConstantExpr(ref))
        {
            DBOUT(DPAGBuild, outs() << "handle select constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
            const Constant* src1 = selectce->getOperand(1);
            const Constant* src2 = selectce->getOperand(2);
            processCE(src1);
            processCE(src2);
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(selectce, nullptr);
            NodeID cond = pag->getValueNode(llvmModuleSet()->getSVFValue(selectce->getOperand(0)));
            NodeID nsrc1 = pag->getValueNode(llvmModuleSet()->getSVFValue(src1));
            NodeID nsrc2 = pag->getValueNode(llvmModuleSet()->getSVFValue(src2));
            NodeID nres = pag->getValueNode(llvmModuleSet()->getSVFValue(selectce));
            addSelectStmt(nres,nsrc1, nsrc2, cond);
            setCurrentLocation(cval, cbb);
        }
        // if we meet a int2ptr, then it points-to black hole
        else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
        {
            const Constant* opnd = int2Ptrce->getOperand(0);
            processCE(opnd);
            const SVFBasicBlock* cbb = getCurrentBB();
            const SVFValue* cval = getCurrentValue();
            setCurrentLocation(int2Ptrce, nullptr);
            addCopyEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(int2Ptrce)), CopyStmt::INTTOPTR);
            setCurrentLocation(cval, cbb);
        }
        else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
        {
            const Constant* opnd = ptr2Intce->getOperand(0);
            processCE(opnd);
            const SVFBasicBlock* cbb = getCurrentBB();
            const SVFValue* cval = getCurrentValue();
            setCurrentLocation(ptr2Intce, nullptr);
            addCopyEdge(pag->getValueNode(llvmModuleSet()->getSVFValue(opnd)), pag->getValueNode(llvmModuleSet()->getSVFValue(ptr2Intce)), CopyStmt::PTRTOINT);
            setCurrentLocation(cval, cbb);
        }
        else if(isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
        {
            // we don't handle trunc and cmp instruction for now
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(ref, nullptr);
            NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
            addBlackHoleAddrEdge(dst);
            setCurrentLocation(cval, cbb);
        }
        else if (isBinaryConstantExpr(ref))
        {
            // we don't handle binary constant expression like add(x,y) now
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(ref, nullptr);
            NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
            addBlackHoleAddrEdge(dst);
            setCurrentLocation(cval, cbb);
        }
        else if (isUnaryConstantExpr(ref))
        {
            // we don't handle unary constant expression like fneg(x) now
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(ref, nullptr);
            NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
            addBlackHoleAddrEdge(dst);
            setCurrentLocation(cval, cbb);
        }
        else if (SVFUtil::isa<ConstantAggregate>(ref))
        {
            // we don't handle constant aggregate like constant vectors
        }
        else if (SVFUtil::isa<BlockAddress>(ref))
        {
            // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
            // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
            const SVFValue* cval = getCurrentValue();
            const SVFBasicBlock* cbb = getCurrentBB();
            setCurrentLocation(ref, nullptr);
            NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(ref));
            addAddrEdge(pag->getConstantNode(), dst);
            setCurrentLocation(cval, cbb);
        }
        else
        {
            if(SVFUtil::isa<ConstantExpr>(val))
                assert(false && "we don't handle all other constant expression for now!");
        }
    }
}

sanityCheck()

void SVFIRBuilder::sanityCheck

(

)

Sanity check for SVFIR.

Definition at line 1228 of file SVFIRBuilder.cpp.

{
    for (SVFIR::iterator nIter = pag->begin(); nIter != pag->end(); ++nIter)
    {
        (void) pag->getGNode(nIter->first);
        //TODO::
        // (1)  every source(root) node of a pag tree should be object node
        //       if a node has no incoming edge, but has outgoing edges
        //       then it has to be an object node.
        // (2)  make sure every variable should be initialized
        //      otherwise it causes the a null pointer, the aliasing relation may not be captured
        //      when loading a pointer value should make sure
        //      some value has been store into this pointer before
        //      q = load p, some value should stored into p first like store w p;
        // (3)  make sure PAGNode should not have a const expr value (pointer should have unique def)
        // (4)  look closely into addComplexConsForExt, make sure program locations(e.g.,inst bb)
        //      are set correctly for dummy gepval node
        // (5)  reduce unnecessary copy edge (const casts) and ensure correctness.
    }
}

setCurrentBBAndValueForPAGEdge()

void SVFIRBuilder::setCurrentBBAndValueForPAGEdge ( PAGEdge *  edge )

protected

We assume every GepValVar and its GepStmt are unique across whole program

We will have one unique function exit ICFGNode for all returns

Definition at line 1302 of file SVFIRBuilder.cpp.

{
    if (SVFModule::pagReadFromTXT())
        return;
 
    assert(curVal && "current Val is nullptr?");
    edge->setBB(curBB!=nullptr ? curBB : nullptr);
    edge->setValue(curVal);
    // backmap in valuToEdgeMap
    pag->mapValueToEdge(curVal, edge);
    ICFGNode* icfgNode = pag->getICFG()->getGlobalICFGNode();
    LLVMModuleSet* llvmMS = llvmModuleSet();
    if (const SVFInstruction* curInst = SVFUtil::dyn_cast<SVFInstruction>(curVal))
    {
        const SVFFunction* srcFun = edge->getSrcNode()->getFunction();
        const SVFFunction* dstFun = edge->getDstNode()->getFunction();
        if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<SVFFunction>(edge->getSrcNode()->getValue()))
        {
            assert(srcFun==curInst->getFunction() && "SrcNode of the PAGEdge not in the same function?");
        }
        if(dstFun!=nullptr && !SVFUtil::isa<CallPE>(edge) && !SVFUtil::isa<SVFFunction>(edge->getDstNode()->getValue()))
        {
            assert(dstFun==curInst->getFunction() && "DstNode of the PAGEdge not in the same function?");
        }
 
        if (!(SVFUtil::isa<GepStmt>(edge) && SVFUtil::isa<GepValVar>(edge->getDstNode())))
            assert(curBB && "instruction does not have a basic block??");
 
        if(curInst->isRetInst())
        {
            icfgNode = pag->getICFG()->getFunExitICFGNode(curInst->getFunction());
        }
        else
        {
            if(SVFUtil::isa<RetPE>(edge))
                icfgNode = llvmMS->getRetICFGNode(SVFUtil::cast<Instruction>(llvmMS->getLLVMValue(curInst)));
            else
                icfgNode = llvmMS->getICFGNode(SVFUtil::cast<Instruction>(llvmMS->getLLVMValue(curInst)));
        }
    }
    else if (const SVFArgument* arg = SVFUtil::dyn_cast<SVFArgument>(curVal))
    {
        assert(curBB && (curBB->getParent()->getEntryBlock() == curBB));
        icfgNode = pag->getICFG()->getFunEntryICFGNode(arg->getParent());
    }
    else if (SVFUtil::isa<SVFConstant>(curVal) ||
             SVFUtil::isa<SVFFunction>(curVal) ||
             SVFUtil::isa<SVFMetadataAsValue>(curVal))
    {
        if (!curBB)
            pag->addGlobalPAGEdge(edge);
        else
        {
            icfgNode = const_cast<ICFGNode*>(curBB->front());
        }
    }
    else
    {
        assert(false && "what else value can we have?");
    }
 
    pag->addToSVFStmtList(icfgNode,edge);
    icfgNode->addSVFStmt(edge);
    if(const CallPE* callPE = SVFUtil::dyn_cast<CallPE>(edge))
    {
        CallICFGNode* callNode = const_cast<CallICFGNode*>(callPE->getCallSite());
        FunEntryICFGNode* entryNode = const_cast<FunEntryICFGNode*>(callPE->getFunEntryICFGNode());
        if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(callNode,entryNode, ICFGEdge::CallCF))
            SVFUtil::cast<CallCFGEdge>(edge)->addCallPE(callPE);
    }
    else if(const RetPE* retPE = SVFUtil::dyn_cast<RetPE>(edge))
    {
        RetICFGNode* retNode = const_cast<RetICFGNode*>(retPE->getCallSite()->getRetICFGNode());
        FunExitICFGNode* exitNode = const_cast<FunExitICFGNode*>(retPE->getFunExitICFGNode());
        if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(exitNode, retNode, ICFGEdge::RetCF))
            SVFUtil::cast<RetCFGEdge>(edge)->addRetPE(retPE);
    }
}

setCurrentLocation() [1/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const SVFValue *  val, const SVFBasicBlock *  bb  )

inlineprotected

Definition at line 246 of file SVFIRBuilder.h.

    {
        curBB = bb;
        curVal = val;
    }

setCurrentLocation() [2/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value *  val, const BasicBlock *  bb  )

inlineprotected

Set current basic block in order to keep track of control flow information.

Definition at line 241 of file SVFIRBuilder.h.

    {
        curBB = (bb == nullptr? nullptr : llvmModuleSet()->getSVFBasicBlock(bb));
        curVal = (val == nullptr ? nullptr: llvmModuleSet()->getSVFValue(val));
    }

updateCallGraph()

void SVFIRBuilder::updateCallGraph

(

PTACallGraph *

callgraph

)

connect PAG edges based on callgraph

Definition at line 1192 of file SVFIRBuilder.cpp.

{
    PTACallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
    PTACallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
    for (; iter != eiter; iter++)
    {
        const CallICFGNode* callBlock = iter->first;
        const CallBase* callbase = SVFUtil::cast<CallBase>(llvmModuleSet()->getLLVMValue(callBlock));
        assert(callBlock->isIndirectCall() && "this is not an indirect call?");
        const PTACallGraph::FunctionSet& functions = iter->second;
        for (PTACallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
        {
            const Function* callee = SVFUtil::cast<Function>(llvmModuleSet()->getLLVMValue(*func_iter));
 
            if (isExtCall(*func_iter))
            {
                setCurrentLocation(callee, callee->empty() ? nullptr : &callee->getEntryBlock());
                const SVFFunction* svfcallee = llvmModuleSet()->getSVFFunction(callee);
                handleExtCall(callbase, svfcallee);
            }
            else
            {
                setCurrentLocation(llvmModuleSet()->getSVFValue(llvmModuleSet()->getLLVMValue(callBlock)), callBlock->getBB());
                handleDirectCall(const_cast<CallBase*>(callbase), callee);
            }
        }
    }
 
    // dump SVFIR
    if (Options::PAGDotGraph())
        pag->dump("svfir_final");
}

visitAllocaInst()

void SVFIRBuilder::visitAllocaInst ( AllocaInst &  inst )

virtual

Our visit overrides.

Visit alloca instructions Add edge V (dst) <– O (src), V here is a value node on SVFIR, O is object node on SVFIR

Definition at line 662 of file SVFIRBuilder.cpp.

{
 
    // AllocaInst should always be a pointer type
    assert(SVFUtil::isa<PointerType>(inst.getType()));
 
    DBOUT(DPAGBuild, outs() << "process alloca  " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
    NodeID dst = getValueNode(&inst);
 
    NodeID src = getObjectNode(&inst);
 
    addAddrWithStackArraySz(src, dst, inst);
 
}

visitAtomicCmpXchgInst()

void SVF::SVFIRBuilder::visitAtomicCmpXchgInst ( AtomicCmpXchgInst &  I )

inline

Definition at line 186 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitAtomicRMWInst()

void SVF::SVFIRBuilder::visitAtomicRMWInst ( AtomicRMWInst &  I )

inline

Definition at line 190 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitBinaryOperator()

void SVFIRBuilder::visitBinaryOperator

(

BinaryOperator &

inst

)

Visit Binary Operator

Definition at line 777 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    assert(inst.getNumOperands() == 2 && "not two operands for BinaryOperator?");
    Value* op1 = inst.getOperand(0);
    NodeID op1Node = getValueNode(op1);
    Value* op2 = inst.getOperand(1);
    NodeID op2Node = getValueNode(op2);
    u32_t opcode = inst.getOpcode();
    addBinaryOPEdge(op1Node, op2Node, dst, opcode);
}

visitBranchInst()

void SVFIRBuilder::visitBranchInst

(

BranchInst &

inst

)

Branch and switch instructions are treated as UnaryOP br cmp label if.then, label if.else

set conditional svf var

Definition at line 955 of file SVFIRBuilder.cpp.

{
    NodeID brinst = getValueNode(&inst);
    NodeID cond;
    if (inst.isConditional())
        cond = getValueNode(inst.getCondition());
    else
        cond = pag->getNullPtr();
 
    assert(inst.getNumSuccessors() <= 2 && "if/else has more than two branches?");
 
    BranchStmt::SuccAndCondPairVec successors;
    std::vector<const Instruction*> nextInsts;
    LLVMUtil::getNextInsts(&inst, nextInsts);
    u32_t branchID = 0;
    for (const Instruction* succInst : nextInsts)
    {
        assert(branchID <= 1 && "if/else has more than two branches?");
        const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
        successors.push_back(std::make_pair(icfgNode, 1-branchID));
        branchID++;
    }
    addBranchStmt(brinst, cond, successors);
    if (inst.isConditional())
    {
        for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
        {
            if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
            {
                intraEdge->setConditionVar(pag->getGNode(cond));
            }
        }
    }
}

visitCallBrInst()

void SVFIRBuilder::visitCallBrInst

(

CallBrInst &

I

)

Definition at line 844 of file SVFIRBuilder.cpp.

{
    visitCallSite(&i);
}

visitCallInst()

void SVFIRBuilder::visitCallInst

(

CallInst &

I

)

Definition at line 834 of file SVFIRBuilder.cpp.

{
    visitCallSite(&i);
}

visitCallSite()

void SVFIRBuilder::visitCallSite

(

CallBase *

cs

)

Collect callsite arguments and returns

Definition at line 852 of file SVFIRBuilder.cpp.

{
 
    // skip llvm intrinsics
    if(isIntrinsicInst(cs))
        return;
 
    DBOUT(DPAGBuild,
          outs() << "process callsite " << svfcall->valueOnlyToString() << "\n");
 
 
    CallICFGNode* callBlockNode = llvmModuleSet()->getCallICFGNode(cs);
    RetICFGNode* retBlockNode = llvmModuleSet()->getRetICFGNode(cs);
 
    pag->addCallSite(callBlockNode);
 
    for (u32_t i = 0; i < cs->arg_size(); i++)
        pag->addCallSiteArgs(callBlockNode,pag->getGNode(getValueNode(cs->getArgOperand(i))));
 
    if(!cs->getType()->isVoidTy())
        pag->addCallSiteRets(retBlockNode,pag->getGNode(getValueNode(cs)));
 
    if (callBlockNode->isVirtualCall())
    {
        const Value* value = cppUtil::getVCallVtblPtr(cs);
        callBlockNode->setVtablePtr(pag->getGNode(getValueNode(value)));
    }
    if (const Function *callee = LLVMUtil::getCallee(cs))
    {
        const SVFFunction* svfcallee = llvmModuleSet()->getSVFFunction(callee);
        if (isExtCall(svfcallee))
        {
            handleExtCall(cs, svfcallee);
        }
        else
        {
            handleDirectCall(cs, callee);
        }
    }
    else
    {
        //If the callee was not identified as a function (null F), this is indirect.
        handleIndCall(cs);
    }
}

visitCastInst()

void SVFIRBuilder::visitCastInst

(

CastInst &

I

)

Definition at line 763 of file SVFIRBuilder.cpp.

{
 
    DBOUT(DPAGBuild, outs() << "process cast  " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
    NodeID dst = getValueNode(&inst);
 
    const Value* opnd = inst.getOperand(0);
    NodeID src = getValueNode(opnd);
    addCopyEdge(src, dst, getCopyKind(&inst));
}

visitCmpInst()

void SVFIRBuilder::visitCmpInst

(

CmpInst &

inst

)

Visit compare instruction

Definition at line 805 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    assert(inst.getNumOperands() == 2 && "not two operands for compare instruction?");
    Value* op1 = inst.getOperand(0);
    NodeID op1Node = getValueNode(op1);
    Value* op2 = inst.getOperand(1);
    NodeID op2Node = getValueNode(op2);
    u32_t predicate = inst.getPredicate();
    addCmpEdge(op1Node, op2Node, dst, predicate);
}

visitExtractElementInst()

void SVFIRBuilder::visitExtractElementInst

(

ExtractElementInst &

inst

)

The �extractelement� instruction extracts a single scalar element from a vector at a specified index. TODO: for now we just assume the pointer after extraction points to blackhole The first operand of an �extractelement� instruction is a value of vector type. The second operand is an index indicating the position from which to extract the element.

<result> = extractelement <4 x i32> vec, i32 0 ; yields i32

Definition at line 945 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    addBlackHoleAddrEdge(dst);
}

visitExtractValueInst()

void SVFIRBuilder::visitExtractValueInst

(

ExtractValueInst &

inst

)

visit extract value instructions for structures in registers TODO: for now we just assume the pointer after extraction points to blackhole for example %24 = extractvalue { i32, struct.s_hash* } call34, 0 %24 is a pointer points to first field of a register value call34 however we can not create call34 as an memory object, as it is register value. Is that necessary treat extract value as getelementptr instruction later to get more precise results?

Definition at line 931 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    addBlackHoleAddrEdge(dst);
}

visitFenceInst()

void SVF::SVFIRBuilder::visitFenceInst ( FenceInst &  I )

inline

Definition at line 182 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitFreezeInst()

void SVFIRBuilder::visitFreezeInst

(

FreezeInst &

inst

)

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val>

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val> For now, we assume <val> is never a poison or undef.

Definition at line 1085 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    for (u32_t i = 0; i < inst.getNumOperands(); i++)
    {
        Value* opnd = inst.getOperand(i);
        NodeID src = getValueNode(opnd);
        addCopyEdge(src, dst, CopyStmt::COPYVAL);
    }
}

visitGetElementPtrInst()

void SVFIRBuilder::visitGetElementPtrInst

(

GetElementPtrInst &

inst

)

Visit getelementptr instructions

Definition at line 737 of file SVFIRBuilder.cpp.

{
 
    NodeID dst = getValueNode(&inst);
    // GetElementPtrInst should always be a pointer or a vector contains pointers
    // for now we don't handle vector type here
    if(SVFUtil::isa<VectorType>(inst.getType()))
    {
        addBlackHoleAddrEdge(dst);
        return;
    }
 
    assert(SVFUtil::isa<PointerType>(inst.getType()));
 
    DBOUT(DPAGBuild, outs() << "process gep  " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
 
    NodeID src = getValueNode(inst.getPointerOperand());
 
    AccessPath ap(0, llvmModuleSet()->getSVFType(inst.getSourceElementType()));
    bool constGep = computeGepOffset(&inst, ap);
    addGepEdge(src, dst, ap, constGep);
}

visitGlobal()

void SVFIRBuilder::visitGlobal ( SVFModule *  svfModule )

protected

Handle globals including (global variable and functions)

Visit global variables for building SVFIR

initialize global variable

initialize global functions

Definition at line 609 of file SVFIRBuilder.cpp.

{
 
    for (Module &M : llvmModuleSet()->getLLVMModules())
    {
        for (Module::global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
        {
            GlobalVariable *gvar = &*I;
            NodeID idx = getValueNode(gvar);
            NodeID obj = getObjectNode(gvar);
 
            setCurrentLocation(gvar, nullptr);
            addAddrEdge(obj, idx);
 
            if (gvar->hasInitializer())
            {
                Constant *C = gvar->getInitializer();
                DBOUT(DPAGBuild, outs() << "add global var node " << llvmModuleSet()->getSVFValue(gvar)->toString() << "\n");
                InitialGlobal(gvar, C, 0);
            }
        }
 
 
        for (Module::const_iterator I = M.begin(), E = M.end(); I != E; ++I)
        {
            const Function* fun = &*I;
            NodeID idx = getValueNode(fun);
            NodeID obj = getObjectNode(fun);
 
            DBOUT(DPAGBuild, outs() << "add global function node " << fun->getName().str() << "\n");
            setCurrentLocation(fun, nullptr);
            addAddrEdge(obj, idx);
        }
 
        // Handle global aliases (due to linkage of multiple bc files), e.g., @x = internal alias @y. We need to add a copy from y to x.
        for (Module::alias_iterator I = M.alias_begin(), E = M.alias_end(); I != E; I++)
        {
            const GlobalAlias* alias = &*I;
            NodeID dst = pag->getValueNode(llvmModuleSet()->getSVFValue(alias));
            NodeID src = pag->getValueNode(llvmModuleSet()->getSVFValue(alias->getAliasee()));
            processCE(alias->getAliasee());
            setCurrentLocation(alias, nullptr);
            addCopyEdge(src, dst, CopyStmt::COPYVAL);
        }
    }
}

visitInsertElementInst()

void SVF::SVFIRBuilder::visitInsertElementInst ( InsertElementInst &  I )

inline

Definition at line 162 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitInsertValueInst()

void SVF::SVFIRBuilder::visitInsertValueInst ( InsertValueInst &  I )

inline

Definition at line 136 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitInstruction()

void SVF::SVFIRBuilder::visitInstruction ( Instruction &  )

inline

Provide base case for our instruction visit.

Definition at line 196 of file SVFIRBuilder.h.

    {
        // If a new instruction is added to LLVM that we don't handle.
        // TODO: ignore here:
    }

visitInvokeInst()

void SVFIRBuilder::visitInvokeInst

(

InvokeInst &

II

)

Definition at line 839 of file SVFIRBuilder.cpp.

{
    visitCallSite(&i);
}

visitLandingPadInst()

void SVF::SVFIRBuilder::visitLandingPadInst ( LandingPadInst &  I )

inline

Definition at line 170 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitLoadInst()

void SVFIRBuilder::visitLoadInst

(

LoadInst &

I

)

Definition at line 705 of file SVFIRBuilder.cpp.

{
    DBOUT(DPAGBuild, outs() << "process load  " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
 
    NodeID dst = getValueNode(&inst);
 
    NodeID src = getValueNode(inst.getPointerOperand());
 
    addLoadEdge(src, dst);
}

visitPHINode()

void SVFIRBuilder::visitPHINode

(

PHINode &

inst

)

Visit phi instructions

Definition at line 680 of file SVFIRBuilder.cpp.

{
 
    DBOUT(DPAGBuild, outs() << "process phi " << llvmModuleSet()->getSVFValue(&inst)->toString() << "  \n");
 
    NodeID dst = getValueNode(&inst);
 
    for (u32_t i = 0; i < inst.getNumIncomingValues(); ++i)
    {
        const Value* val = inst.getIncomingValue(i);
        const Instruction* incomingInst = SVFUtil::dyn_cast<Instruction>(val);
        bool matched = (incomingInst == nullptr ||
                        incomingInst->getFunction() == inst.getFunction());
        (void) matched; // Suppress warning of unused variable under release build
        assert(matched && "incomingInst's Function incorrect");
        const Instruction* predInst = &inst.getIncomingBlock(i)->back();
        const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(predInst);
        NodeID src = getValueNode(val);
        addPhiStmt(dst,src,icfgNode);
    }
}

visitResumeInst()

void SVF::SVFIRBuilder::visitResumeInst ( ResumeInst &  )

inline

Instruction not that often.

Definition at line 176 of file SVFIRBuilder.h.

    {
    }

visitReturnInst()

void SVFIRBuilder::visitReturnInst

(

ReturnInst &

inst

)

Visit return instructions of a function

Definition at line 902 of file SVFIRBuilder.cpp.

{
 
    // ReturnInst itself should always not be a pointer type
    assert(!SVFUtil::isa<PointerType>(inst.getType()));
 
    DBOUT(DPAGBuild, outs() << "process return  " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
 
    if(Value* src = inst.getReturnValue())
    {
        const SVFFunction *F = llvmModuleSet()->getSVFFunction(inst.getParent()->getParent());
 
        NodeID rnF = getReturnNode(F);
        NodeID vnS = getValueNode(src);
        const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(&inst);
        //vnS may be null if src is a null ptr
        addPhiStmt(rnF,vnS,icfgNode);
    }
}

visitSelectInst()

void SVFIRBuilder::visitSelectInst

(

SelectInst &

inst

)

Visit select instructions

Two operands have same incoming basic block, both are the current BB

Definition at line 821 of file SVFIRBuilder.cpp.

{
 
    DBOUT(DPAGBuild, outs() << "process select  " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
 
    NodeID dst = getValueNode(&inst);
    NodeID src1 = getValueNode(inst.getTrueValue());
    NodeID src2 = getValueNode(inst.getFalseValue());
    NodeID cond = getValueNode(inst.getCondition());
    addSelectStmt(dst,src1,src2, cond);
}

visitShuffleVectorInst()

void SVF::SVFIRBuilder::visitShuffleVectorInst ( ShuffleVectorInst &  I )

inline

Definition at line 166 of file SVFIRBuilder.h.

    {
        addBlackHoleAddrEdge(getValueNode(&I));
    }

visitStoreInst()

void SVFIRBuilder::visitStoreInst

(

StoreInst &

inst

)

Visit store instructions

Definition at line 719 of file SVFIRBuilder.cpp.

{
    // StoreInst itself should always not be a pointer type
    assert(!SVFUtil::isa<PointerType>(inst.getType()));
 
    DBOUT(DPAGBuild, outs() << "process store " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
 
    NodeID dst = getValueNode(inst.getPointerOperand());
 
    NodeID src = getValueNode(inst.getValueOperand());
 
    addStoreEdge(src, dst);
 
}

visitSwitchInst()

void SVFIRBuilder::visitSwitchInst

(

SwitchInst &

inst

)

The following implementation follows ICFGBuilder::processFunBody.

See more: https://github.com/SVF-tools/SVF/pull/1191

Given the code:

switch (a) { case 0: printf("0\n"); break; case 1: case 2: case 3: printf("a >=1 && a <= 3\n"); break; case 4: case 6: case 7: printf("a >= 4 && a <=7\n"); break; default: printf("a < 0 || a > 7"); break; }

Generate the IR:

switch i32 %0, label sw.default [ i32 0, label sw.bb i32 1, label sw.bb1 i32 2, label sw.bb1 i32 3, label sw.bb1 i32 4, label sw.bb3 i32 6, label sw.bb3 i32 7, label sw.bb3 ]

We can get every case basic block and related case value: [ {sw.default, -1}, {sw.bb, 0}, {sw.bb1, 1}, {sw.bb1, 2}, {sw.bb1, 3}, {sw.bb3, 4}, {sw.bb3, 6}, {sw.bb3, 7}, ] Note: default case value is nullptr For larger number, we preserve case value just -1 now see more: https://github.com/SVF-tools/SVF/pull/992

branch condition value

default case is set to -1;

set conditional svf var

Definition at line 1037 of file SVFIRBuilder.cpp.

{
    NodeID brinst = getValueNode(&inst);
    NodeID cond = getValueNode(inst.getCondition());
 
    BranchStmt::SuccAndCondPairVec successors;
    std::vector<const Instruction*> nextInsts;
    LLVMUtil::getNextInsts(&inst, nextInsts);
    for (const Instruction* succInst : nextInsts)
    {
        const ConstantInt* condVal = inst.findCaseDest(const_cast<BasicBlock*>(succInst->getParent()));
        s64_t val = -1;
        if (condVal && condVal->getBitWidth() <= 64)
            val = condVal->getSExtValue();
        const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
        successors.push_back(std::make_pair(icfgNode, val));
    }
    addBranchStmt(brinst, cond, successors);
    for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
    {
        if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
        {
            intraEdge->setConditionVar(pag->getGNode(cond));
        }
    }
}

visitUnaryOperator()

void SVFIRBuilder::visitUnaryOperator

(

UnaryOperator &

inst

)

Visit Unary Operator

Definition at line 792 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    assert(inst.getNumOperands() == 1 && "not one operand for Unary instruction?");
    Value* opnd = inst.getOperand(0);
    NodeID src = getValueNode(opnd);
    u32_t opcode = inst.getOpcode();
    addUnaryOPEdge(src, dst, opcode);
}

visitUnreachableInst()

void SVF::SVFIRBuilder::visitUnreachableInst ( UnreachableInst &  )

inline

Definition at line 179 of file SVFIRBuilder.h.

    {
    }

visitVAArgInst()

void SVFIRBuilder::visitVAArgInst

(

VAArgInst &

inst

)

TODO: var arguments need to be handled. https://llvm.org/docs/LangRef.html#id1911

ap = alloca struct.va_list ap2 = bitcast struct.va_list* ap to i8* ; Read a single integer argument from ap2 tmp = va_arg i8* ap2, i32 (VAArgInst) TODO: for now, create a copy edge from ap2 to tmp, we assume here tmp should point to the n-th argument of the var_args

Definition at line 1073 of file SVFIRBuilder.cpp.

{
    NodeID dst = getValueNode(&inst);
    Value* opnd = inst.getPointerOperand();
    NodeID src = getValueNode(opnd);
    addCopyEdge(src, dst, CopyStmt::COPYVAL);
}

visitVACopyInst()

void SVF::SVFIRBuilder::visitVACopyInst ( VACopyInst &  )

inline

Definition at line 151 of file SVFIRBuilder.h.

{}

visitVAEndInst()

void SVF::SVFIRBuilder::visitVAEndInst ( VAEndInst &  )

inline

Definition at line 152 of file SVFIRBuilder.h.

{}

visitVAStartInst()

void SVF::SVFIRBuilder::visitVAStartInst ( VAStartInst &  )

inline

Definition at line 153 of file SVFIRBuilder.h.

{}

Member Data Documentation

curBB

const SVFBasicBlock* SVF::SVFIRBuilder::curBB

private

Current basic block during SVFIR construction when visiting the module.

Definition at line 52 of file SVFIRBuilder.h.

curVal

const SVFValue* SVF::SVFIRBuilder::curVal

private

Current Value during SVFIR construction when visiting the module.

Definition at line 53 of file SVFIRBuilder.h.

pag

SVFIR* SVF::SVFIRBuilder::pag

private

Definition at line 50 of file SVFIRBuilder.h.

svfModule

SVFModule* SVF::SVFIRBuilder::svfModule

private

Definition at line 51 of file SVFIRBuilder.h.

---

The documentation for this class was generated from the following files:

• /home/runner/work/SVF/SVF/svf-llvm/include/SVF-LLVM/SVFIRBuilder.h
• /home/runner/work/SVF/SVF/svf-llvm/lib/SVFIRBuilder.cpp
• /home/runner/work/SVF/SVF/svf-llvm/lib/SVFIRExtAPI.cpp