Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | Friends | List of all members
SVF::SVFIRBuilder Class Reference

#include <SVFIRBuilder.h>

Inheritance diagram for SVF::SVFIRBuilder:

Public Member Functions

 SVFIRBuilder ()
 Constructor.
 
virtual ~SVFIRBuilder ()
 Destructor.
 
virtual SVFIRbuild ()
 Start building SVFIR here.
 
SVFIRgetPAG () const
 Return SVFIR.
 
void createFunObjVars ()
 
void initFunObjVar ()
 
void initialiseNodes ()
 Initialize nodes and edges.
 
void initialiseBaseObjVars ()
 
void initialiseValVars ()
 
void initSVFBasicBlock (const Function *func)
 
void initDomTree (FunObjVar *func, const Function *f)
 
void addEdge (NodeID src, NodeID dst, SVFStmt::PEDGEK kind, APOffset offset=0, Instruction *cs=nullptr)
 
void sanityCheck ()
 Sanity check for SVFIR.
 
NodeID getValueNode (const Value *V)
 Get different kinds of node.
 
NodeID getObjectNode (const Value *V)
 GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
 
NodeID getReturnNode (const FunObjVar *func)
 getReturnNode - Return the node representing the unique return value of a function.
 
NodeID getVarargNode (const FunObjVar *func)
 getVarargNode - Return the node representing the unique variadic argument of a function.
 
virtual void visitAllocaInst (AllocaInst &AI)
 Our visit overrides.
 
void visitPHINode (PHINode &I)
 
void visitStoreInst (StoreInst &I)
 
void visitLoadInst (LoadInst &I)
 
void visitGetElementPtrInst (GetElementPtrInst &I)
 
void visitCallInst (CallInst &I)
 
void visitInvokeInst (InvokeInst &II)
 
void visitCallBrInst (CallBrInst &I)
 
void visitCallSite (CallBase *cs)
 
void visitReturnInst (ReturnInst &I)
 
void visitCastInst (CastInst &I)
 
void visitSelectInst (SelectInst &I)
 
void visitExtractValueInst (ExtractValueInst &EVI)
 
void visitBranchInst (BranchInst &I)
 
void visitSwitchInst (SwitchInst &I)
 The following implementation follows ICFGBuilder::processFunBody.
 
void visitInsertValueInst (InsertValueInst &I)
 
void visitBinaryOperator (BinaryOperator &I)
 
void visitUnaryOperator (UnaryOperator &I)
 
void visitCmpInst (CmpInst &I)
 
void visitVAArgInst (VAArgInst &)
 
void visitVACopyInst (VACopyInst &)
 
void visitVAEndInst (VAEndInst &)
 
void visitVAStartInst (VAStartInst &)
 
void visitFreezeInst (FreezeInst &I)
 
void visitExtractElementInst (ExtractElementInst &I)
 
void visitInsertElementInst (InsertElementInst &I)
 
void visitShuffleVectorInst (ShuffleVectorInst &I)
 
void visitLandingPadInst (LandingPadInst &I)
 
void visitResumeInst (ResumeInst &)
 Instruction not that often.
 
void visitUnreachableInst (UnreachableInst &)
 
void visitFenceInst (FenceInst &I)
 
void visitAtomicCmpXchgInst (AtomicCmpXchgInst &I)
 
void visitAtomicRMWInst (AtomicRMWInst &I)
 
void visitInstruction (Instruction &)
 Provide base case for our instruction visit.
 
void updateCallGraph (CallGraph *callgraph)
 connect PAG edges based on callgraph
 

Protected Member Functions

void visitGlobal ()
 Handle globals including (global variable and functions)
 
void InitialGlobal (const GlobalVariable *gvar, Constant *C, u32_t offset)
 
NodeID getGlobalVarField (const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
 
void processCE (const Value *val)
 Process constant expression.
 
u32_t inferFieldIdxFromByteOffset (const llvm::GEPOperator *gepOp, DataLayout *dl, AccessPath &ap, APOffset idx)
 Infer field index from byteoffset.
 
bool computeGepOffset (const User *V, AccessPath &ap)
 Compute offset of a gep instruction or gep constant expression.
 
const ValuegetBaseValueForExtArg (const Value *V)
 Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))
 
void handleDirectCall (CallBase *cs, const Function *F)
 Handle direct call.
 
void handleIndCall (CallBase *cs)
 Handle indirect call.
 
virtual const TypegetBaseTypeAndFlattenedFields (const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
 Handle external call.
 
virtual void addComplexConsForExt (Value *D, Value *S, const Value *sz)
 
virtual void handleExtCall (const CallBase *cs, const Function *callee)
 
void setCurrentLocation (const Value *val, const BasicBlock *bb)
 Set current basic block in order to keep track of control flow information.
 
void setCurrentLocation (const Value *val, const SVFBasicBlock *bb)
 
const ValuegetCurrentValue () const
 
const SVFBasicBlockgetCurrentBB () const
 
void addGlobalBlackHoleAddrEdge (NodeID node, const ConstantExpr *int2Ptrce)
 Add global black hole Address edge.
 
NodeID addNullPtrNode ()
 Add NullPtr PAGNode.
 
NodeID getGepValVar (const Value *val, const AccessPath &ap, const SVFType *elementType)
 
void setCurrentBBAndValueForPAGEdge (PAGEdge *edge)
 
void addBlackHoleAddrEdge (NodeID node)
 
AddrStmtaddAddrEdge (NodeID src, NodeID dst)
 Add Address edge.
 
AddrStmtaddAddrWithStackArraySz (NodeID src, NodeID dst, llvm::AllocaInst &inst)
 Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
 
AddrStmtaddAddrWithHeapSz (NodeID src, NodeID dst, const CallBase *cs)
 Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
 
CopyStmtaddCopyEdge (NodeID src, NodeID dst, CopyStmt::CopyKind kind)
 
CopyStmt::CopyKind getCopyKind (const Value *val)
 
void addPhiStmt (NodeID res, NodeID opnd, const ICFGNode *pred)
 Add Copy edge.
 
void addSelectStmt (NodeID res, NodeID op1, NodeID op2, NodeID cond)
 Add SelectStmt.
 
void addCmpEdge (NodeID op1, NodeID op2, NodeID dst, u32_t predict)
 Add Copy edge.
 
void addBinaryOPEdge (NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
 Add Copy edge.
 
void addUnaryOPEdge (NodeID src, NodeID dst, u32_t opcode)
 Add Unary edge.
 
void addBranchStmt (NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
 Add Branch statement.
 
void addLoadEdge (NodeID src, NodeID dst)
 Add Load edge.
 
void addStoreEdge (NodeID src, NodeID dst)
 Add Store edge.
 
void addCallEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Call edge.
 
void addRetEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Return edge.
 
void addGepEdge (NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
 Add Gep edge.
 
void addNormalGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Offset(Gep) edge.
 
void addVariantGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Variant(Gep) edge.
 
void addThreadForkEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Thread fork edge for parameter passing.
 
void addThreadJoinEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Thread join edge for parameter passing.
 
AccessPath getAccessPathFromBaseNode (NodeID nodeId)
 

Private Member Functions

LLVMModuleSetllvmModuleSet ()
 

Private Attributes

SVFIRpag
 
const SVFBasicBlockcurBB
 Current basic block during SVFIR construction when visiting the module.
 
const ValuecurVal
 Current Value during SVFIR construction when visiting the module.
 

Friends

class GraphDBSVFIRBuilder
 

Detailed Description

SVFIR Builder to create SVF variables and statements and PAG

Definition at line 47 of file SVFIRBuilder.h.

Constructor & Destructor Documentation

◆ SVFIRBuilder()

SVF::SVFIRBuilder::SVFIRBuilder ( )
inline

Constructor.

Definition at line 58 of file SVFIRBuilder.h.

58 : pag(SVFIR::getPAG()), curBB(nullptr),curVal(nullptr)
59 {
60 }
SVF::SVFIRBuilder::curVal
const Value * curVal
Current Value during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:54
SVF::SVFIRBuilder::curBB
const SVFBasicBlock * curBB
Current basic block during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:53
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116

◆ ~SVFIRBuilder()

virtual SVF::SVFIRBuilder::~SVFIRBuilder ( )
inlinevirtual

Destructor.

Definition at line 62 of file SVFIRBuilder.h.

63 {
64 }

Member Function Documentation

◆ addAddrEdge()

AddrStmt * SVF::SVFIRBuilder::addAddrEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Address edge.

Definition at line 302 of file SVFIRBuilder.h.

303 {
304 if(AddrStmt *edge = pag->addAddrStmt(src, dst))
305 {
306 setCurrentBBAndValueForPAGEdge(edge);
307 return edge;
308 }
309 return nullptr;
310 }
SVF::SVFIRBuilder::setCurrentBBAndValueForPAGEdge
void setCurrentBBAndValueForPAGEdge(PAGEdge *edge)
Definition SVFIRBuilder.cpp:1711
SVF::SVFIR::addAddrStmt
AddrStmt * addAddrStmt(NodeID src, NodeID dst)
Add an edge into SVFIR.
Definition SVFIR.cpp:63
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ addAddrWithHeapSz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithHeapSz ( NodeID  src,
NodeID  dst,
const CallBase cs 
)
inlineprotected

Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".

Definition at line 324 of file SVFIRBuilder.h.

325 {
326 // get name of called function
327 AddrStmt* edge = addAddrEdge(src, dst);
328
329 llvm::Function* calledFunc = cs->getCalledFunction();
330 std::string functionName;
331 if (calledFunc)
332 {
333 functionName = calledFunc->getName().str();
334 }
335 else
336 {
337 SVFUtil::wrnMsg("not support indirect call to add AddrStmt.\n");
338 }
339 if (functionName == "malloc")
340 {
341 if (cs->arg_size() > 0)
342 {
343 const llvm::Value* val = cs->getArgOperand(0);
344 edge->addArrSize(pag->getGNode(getValueNode(val)));
345 }
346 }
347 // Check if the function called is 'calloc' and process its arguments.
348 // e.g. "%5 = call i8* @calloc(1, 8)", edge should add two SVFValue (1 and 8)
349 else if (functionName == "calloc")
350 {
351 if (cs->arg_size() > 1)
352 {
353 edge->addArrSize(
354 pag->getGNode(getValueNode(cs->getArgOperand(0))));
355 edge->addArrSize(
356 pag->getGNode(getValueNode(cs->getArgOperand(1))));
357 }
358 }
359 else
360 {
361 if (cs->arg_size() > 0)
362 {
363 const llvm::Value* val = cs->getArgOperand(0);
364 edge->addArrSize(pag->getGNode(getValueNode(val)));
365 }
366 }
367 return edge;
368 }
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:397
SVF::SVFIRBuilder::addAddrEdge
AddrStmt * addAddrEdge(NodeID src, NodeID dst)
Add Address edge.
Definition SVFIRBuilder.h:302
SVF::SVFIRBuilder::getValueNode
NodeID getValueNode(const Value *V)
Get different kinds of node.
Definition SVFIRBuilder.h:98
SVF::SVFUtil::wrnMsg
std::string wrnMsg(const std::string &msg)
Returns warning message by converting a string into yellow string output.
Definition SVFUtil.cpp:63

◆ addAddrWithStackArraySz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithStackArraySz ( NodeID  src,
NodeID  dst,
llvm::AllocaInst &  inst 
)
inlineprotected

Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".

Definition at line 313 of file SVFIRBuilder.h.

314 {
315 AddrStmt* edge = addAddrEdge(src, dst);
316 if (inst.getArraySize())
317 {
318 edge->addArrSize(pag->getGNode(getValueNode(inst.getArraySize())));
319 }
320 return edge;
321 }

◆ addBinaryOPEdge()

void SVF::SVFIRBuilder::addBinaryOPEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Copy edge.

Definition at line 437 of file SVFIRBuilder.h.

438 {
439 if(BinaryOPStmt *edge = pag->addBinaryOPStmt(op1, op2, dst, opcode))
440 setCurrentBBAndValueForPAGEdge(edge);
441 }
SVF::SVFIR::addBinaryOPStmt
BinaryOPStmt * addBinaryOPStmt(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIR.cpp:193

◆ addBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addBlackHoleAddrEdge ( NodeID  node)
inlineprotected

Definition at line 295 of file SVFIRBuilder.h.

296 {
297 if(PAGEdge *edge = pag->addBlackHoleAddrStmt(node))
298 setCurrentBBAndValueForPAGEdge(edge);
299 }
SVF::SVFIR::addBlackHoleAddrStmt
SVFStmt * addBlackHoleAddrStmt(NodeID node)
Set a pointer points-to black hole (e.g. int2ptr)
Definition SVFIR.cpp:356
SVF::PAGEdge
SVFStmt PAGEdge
Definition IRGraph.h:43

◆ addBranchStmt()

void SVF::SVFIRBuilder::addBranchStmt ( NodeID  br,
NodeID  cond,
const BranchStmt::SuccAndCondPairVec succs 
)
inlineprotected

Add Branch statement.

Definition at line 449 of file SVFIRBuilder.h.

450 {
451 if(BranchStmt *edge = pag->addBranchStmt(br, cond, succs))
452 setCurrentBBAndValueForPAGEdge(edge);
453 }
SVF::SVFIR::addBranchStmt
BranchStmt * addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add BranchStmt.
Definition SVFIR.cpp:240

◆ addCallEdge()

void SVF::SVFIRBuilder::addCallEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Call edge.

Definition at line 473 of file SVFIRBuilder.h.

474 {
475 if (CallPE* edge = pag->addCallPE(src, dst, cs, entry))
476 setCurrentBBAndValueForPAGEdge(edge);
477 }
SVF::SVFIR::addCallPE
CallPE * addCallPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIR.cpp:310

◆ addCmpEdge()

void SVF::SVFIRBuilder::addCmpEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  predict 
)
inlineprotected

Add Copy edge.

Definition at line 431 of file SVFIRBuilder.h.

432 {
433 if(CmpStmt *edge = pag->addCmpStmt(op1, op2, dst, predict))
434 setCurrentBBAndValueForPAGEdge(edge);
435 }
SVF::SVFIR::addCmpStmt
CmpStmt * addCmpStmt(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIR.cpp:167

◆ addComplexConsForExt()

void SVFIRBuilder::addComplexConsForExt ( Value D,
Value S,
const Value szValue 
)
protectedvirtual

Add the load/store constraints and temp. nodes for the complex constraint *D = *S (where D/S may point to structs).

If sz is 0, we will add edges for all fields.

Definition at line 82 of file SVFIRExtAPI.cpp.

83{
84 assert(D && S);
85 NodeID vnD= getValueNode(D), vnS= getValueNode(S);
86 if(!vnD || !vnS)
87 return;
88
89 std::vector<AccessPath> fields;
90
91 //Get the max possible size of the copy, unless it was provided.
92 std::vector<AccessPath> srcFields;
93 std::vector<AccessPath> dstFields;
94 const Type* stype = getBaseTypeAndFlattenedFields(S, srcFields, szValue);
95 const Type* dtype = getBaseTypeAndFlattenedFields(D, dstFields, szValue);
96 if(srcFields.size() > dstFields.size())
97 fields = dstFields;
98 else
99 fields = srcFields;
100
102 u32_t sz = fields.size();
103
104 if (fields.size() == 1 && (LLVMUtil::isConstDataOrAggData(D) || LLVMUtil::isConstDataOrAggData(S)))
105 {
106 NodeID dummy = pag->addDummyValNode();
107 addLoadEdge(vnD,dummy);
108 addStoreEdge(dummy,vnS);
109 return;
110 }
111
112 //For each field (i), add (Ti = *S + i) and (*D + i = Ti).
113 for (u32_t index = 0; index < sz; index++)
114 {
115 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
116 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
117 fields[index].getConstantStructFldIdx());
118 const SVFType* sElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(stype),
119 fields[index].getConstantStructFldIdx());
120 NodeID dField = getGepValVar(D,fields[index],dElementType);
121 NodeID sField = getGepValVar(S,fields[index],sElementType);
122 NodeID dummy = pag->addDummyValNode();
123 addLoadEdge(sField,dummy);
124 addStoreEdge(dummy,dField);
125 }
126}
u32_t
unsigned u32_t
Definition CommandLine.h:18
index
int index
Definition cJSON.h:170
SVF::IRGraph::getFlatternedElemType
const SVFType * getFlatternedElemType(const SVFType *baseType, u32_t flatten_idx)
Return the type of a flattened element given a flattened index.
Definition IRGraph.cpp:123
SVF::LLVMModuleSet::getLLVMModuleSet
static LLVMModuleSet * getLLVMModuleSet()
Definition LLVMModule.h:131
SVF::SVFIRBuilder::addStoreEdge
void addStoreEdge(NodeID src, NodeID dst)
Add Store edge.
Definition SVFIRBuilder.h:461
SVF::SVFIRBuilder::addLoadEdge
void addLoadEdge(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIRBuilder.h:455
SVF::SVFIRBuilder::getBaseTypeAndFlattenedFields
virtual const Type * getBaseTypeAndFlattenedFields(const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
Handle external call.
Definition SVFIRExtAPI.cpp:44
SVF::SVFIRBuilder::getGepValVar
NodeID getGepValVar(const Value *val, const AccessPath &ap, const SVFType *elementType)
Definition SVFIRBuilder.cpp:1656
SVF::SVFIR::addDummyValNode
NodeID addDummyValNode()
Definition SVFIR.h:492
SVF::LLVMUtil::isConstDataOrAggData
bool isConstDataOrAggData(const Value *val)
Return true if the value refers to constant data, e.g., i32 0.
Definition LLVMUtil.h:368
SVF::Type
llvm::Type Type
Definition BasicTypes.h:83
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

◆ addCopyEdge()

CopyStmt * SVF::SVFIRBuilder::addCopyEdge ( NodeID  src,
NodeID  dst,
CopyStmt::CopyKind  kind 
)
inlineprotected

Definition at line 370 of file SVFIRBuilder.h.

371 {
372 if(CopyStmt *edge = pag->addCopyStmt(src, dst, kind))
373 {
374 setCurrentBBAndValueForPAGEdge(edge);
375 return edge;
376 }
377 return nullptr;
378 }
SVF::SVFIR::addCopyStmt
CopyStmt * addCopyStmt(NodeID src, NodeID dst, CopyStmt::CopyKind type)
Add Copy edge.
Definition SVFIR.cpp:85

◆ addEdge()

void SVF::SVFIRBuilder::addEdge ( NodeID  src,
NodeID  dst,
SVFStmt::PEDGEK  kind,
APOffset  offset = 0,
Instruction cs = nullptr 
)

◆ addGepEdge()

void SVF::SVFIRBuilder::addGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap,
bool  constGep 
)
inlineprotected

Add Gep edge.

Definition at line 485 of file SVFIRBuilder.h.

486 {
487 if (GepStmt* edge = pag->addGepStmt(src, dst, ap, constGep))
488 setCurrentBBAndValueForPAGEdge(edge);
489 }
SVF::SVFIR::addGepStmt
GepStmt * addGepStmt(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIR.cpp:404

◆ addGlobalBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addGlobalBlackHoleAddrEdge ( NodeID  node,
const ConstantExpr int2Ptrce 
)
inlineprotected

Add global black hole Address edge.

Definition at line 270 of file SVFIRBuilder.h.

271 {
272 const Value* cval = getCurrentValue();
273 const SVFBasicBlock* cbb = getCurrentBB();
274 setCurrentLocation(int2Ptrce,(SVFBasicBlock*) nullptr);
275 addBlackHoleAddrEdge(node);
276 setCurrentLocation(cval,cbb);
277 }
SVF::SVFIRBuilder::setCurrentLocation
void setCurrentLocation(const Value *val, const BasicBlock *bb)
Set current basic block in order to keep track of control flow information.
Definition SVFIRBuilder.h:250
SVF::SVFIRBuilder::addBlackHoleAddrEdge
void addBlackHoleAddrEdge(NodeID node)
Definition SVFIRBuilder.h:295
SVF::SVFIRBuilder::getCurrentBB
const SVFBasicBlock * getCurrentBB() const
Definition SVFIRBuilder.h:264
SVF::SVFIRBuilder::getCurrentValue
const Value * getCurrentValue() const
Definition SVFIRBuilder.h:260
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition BasicTypes.h:82

◆ addLoadEdge()

void SVF::SVFIRBuilder::addLoadEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Load edge.

Definition at line 455 of file SVFIRBuilder.h.

456 {
457 if(LoadStmt *edge = pag->addLoadStmt(src, dst))
458 setCurrentBBAndValueForPAGEdge(edge);
459 }
SVF::SVFIR::addLoadStmt
LoadStmt * addLoadStmt(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIR.cpp:263

◆ addNormalGepEdge()

void SVF::SVFIRBuilder::addNormalGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Offset(Gep) edge.

Definition at line 491 of file SVFIRBuilder.h.

492 {
493 if (GepStmt* edge = pag->addNormalGepStmt(src, dst, ap))
494 setCurrentBBAndValueForPAGEdge(edge);
495 }
SVF::SVFIR::addNormalGepStmt
GepStmt * addNormalGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Offset(Gep) edge.
Definition SVFIR.cpp:423

◆ addNullPtrNode()

NodeID SVF::SVFIRBuilder::addNullPtrNode ( )
inlineprotected

Add NullPtr PAGNode.

Definition at line 280 of file SVFIRBuilder.h.

281 {
282 LLVMContext& cxt = llvmModuleSet()->getContext();
283 ConstantPointerNull* constNull = ConstantPointerNull::get(PointerType::getUnqual(cxt));
284 NodeID nullPtr = pag->addConstantNullPtrValNode(pag->getNullPtr(), nullptr, llvmModuleSet()->getSVFType(constNull->getType()));
285 llvmModuleSet()->addToSVFVar2LLVMValueMap(constNull, pag->getGNode(pag->getNullPtr()));
286 setCurrentLocation(constNull, (SVFBasicBlock*) nullptr);
287 addBlackHoleAddrEdge(pag->getBlkPtr());
288 return nullPtr;
289 }
SVF::IRGraph::getBlkPtr
NodeID getBlkPtr() const
Definition IRGraph.h:255
SVF::IRGraph::getNullPtr
NodeID getNullPtr() const
Definition IRGraph.h:259
SVF::LLVMModuleSet::addToSVFVar2LLVMValueMap
void addToSVFVar2LLVMValueMap(const Value *val, SVFValue *svfBaseNode)
Definition LLVMModule.cpp:1127
SVF::LLVMModuleSet::getContext
LLVMContext & getContext() const
Definition LLVMModule.h:381
SVF::SVFIRBuilder::llvmModuleSet
LLVMModuleSet * llvmModuleSet()
Definition SVFIRBuilder.h:519
SVF::SVFIR::addConstantNullPtrValNode
NodeID addConstantNullPtrValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:624
SVF::ConstantPointerNull
llvm::ConstantPointerNull ConstantPointerNull
Definition BasicTypes.h:127
SVF::LLVMContext
llvm::LLVMContext LLVMContext
Definition BasicTypes.h:70

◆ addPhiStmt()

void SVF::SVFIRBuilder::addPhiStmt ( NodeID  res,
NodeID  opnd,
const ICFGNode pred 
)
inlineprotected

Add Copy edge.

If we already added this phi node, then skip this adding

Definition at line 418 of file SVFIRBuilder.h.

419 {
421 if(PhiStmt *edge = pag->addPhiStmt(res,opnd,pred))
422 setCurrentBBAndValueForPAGEdge(edge);
423 }
SVF::SVFIR::addPhiStmt
PhiStmt * addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add phi node information.
Definition SVFIR.cpp:108

◆ addRetEdge()

void SVF::SVFIRBuilder::addRetEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Return edge.

Definition at line 479 of file SVFIRBuilder.h.

480 {
481 if (RetPE* edge = pag->addRetPE(src, dst, cs, exit))
482 setCurrentBBAndValueForPAGEdge(edge);
483 }
SVF::SVFIR::addRetPE
RetPE * addRetPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIR.cpp:333

◆ addSelectStmt()

void SVF::SVFIRBuilder::addSelectStmt ( NodeID  res,
NodeID  op1,
NodeID  op2,
NodeID  cond 
)
inlineprotected

Add SelectStmt.

Definition at line 425 of file SVFIRBuilder.h.

426 {
427 if(SelectStmt *edge = pag->addSelectStmt(res,op1,op2,cond))
428 setCurrentBBAndValueForPAGEdge(edge);
429 }
SVF::SVFIR::addSelectStmt
SelectStmt * addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIR.cpp:141

◆ addStoreEdge()

void SVF::SVFIRBuilder::addStoreEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Store edge.

Definition at line 461 of file SVFIRBuilder.h.

462 {
463 ICFGNode* node;
464 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
465 node = llvmModuleSet()->getICFGNode(
466 SVFUtil::cast<Instruction>(inst));
467 else
468 node = nullptr;
469 if (StoreStmt* edge = pag->addStoreStmt(src, dst, node))
470 setCurrentBBAndValueForPAGEdge(edge);
471 }
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition LLVMModule.cpp:1181
SVF::SVFIR::addStoreStmt
StoreStmt * addStoreStmt(NodeID src, NodeID dst, const ICFGNode *val)
Add Store edge.
Definition SVFIR.cpp:287
SVF::Instruction
llvm::Instruction Instruction
Definition BasicTypes.h:87

◆ addThreadForkEdge()

void SVF::SVFIRBuilder::addThreadForkEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Thread fork edge for parameter passing.

Definition at line 503 of file SVFIRBuilder.h.

504 {
505 if (TDForkPE* edge = pag->addThreadForkPE(src, dst, cs, entry))
506 setCurrentBBAndValueForPAGEdge(edge);
507 }
SVF::SVFIR::addThreadForkPE
TDForkPE * addThreadForkPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIR.cpp:367

◆ addThreadJoinEdge()

void SVF::SVFIRBuilder::addThreadJoinEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Thread join edge for parameter passing.

Definition at line 509 of file SVFIRBuilder.h.

510 {
511 if (TDJoinPE* edge = pag->addThreadJoinPE(src, dst, cs, exit))
512 setCurrentBBAndValueForPAGEdge(edge);
513 }
SVF::SVFIR::addThreadJoinPE
TDJoinPE * addThreadJoinPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Thread join edge for parameter passing.
Definition SVFIR.cpp:384

◆ addUnaryOPEdge()

void SVF::SVFIRBuilder::addUnaryOPEdge ( NodeID  src,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Unary edge.

Definition at line 443 of file SVFIRBuilder.h.

444 {
445 if(UnaryOPStmt *edge = pag->addUnaryOPStmt(src, dst, opcode))
446 setCurrentBBAndValueForPAGEdge(edge);
447 }
SVF::SVFIR::addUnaryOPStmt
UnaryOPStmt * addUnaryOPStmt(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIR.cpp:217

◆ addVariantGepEdge()

void SVF::SVFIRBuilder::addVariantGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Variant(Gep) edge.

Definition at line 497 of file SVFIRBuilder.h.

498 {
499 if (GepStmt* edge = pag->addVariantGepStmt(src, dst, ap))
500 setCurrentBBAndValueForPAGEdge(edge);
501 }
SVF::SVFIR::addVariantGepStmt
GepStmt * addVariantGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Variant(Gep) edge.
Definition SVFIR.cpp:450

◆ build()

SVFIR * SVFIRBuilder::build ( )
virtual

Start building SVFIR here.

Start building SVFIR here

build icfg

initial external library information initial SVFIR nodes

initial SVFIR edges: // handle globals

build callgraph

handle functions

collect return node of function fun

Return SVFIR node will not be created for function which can not reach the return instruction due to call to abort(), exit(), etc. In 176.gcc of SPEC 2000, function build_objc_string() from c-lang.c shows an example when fun.doesNotReturn() evaluates to TRUE because of abort().

To be noted, we do not record arguments which are in declared function without body TODO: what about external functions with SVFIR imported by commandline?

Definition at line 54 of file SVFIRBuilder.cpp.

55{
56 double startTime = SVFStat::getClk(true);
57
58 DBOUT(DGENERAL, outs() << pasMsg("\t Building SVFIR ...\n"));
59
60 // If the SVFIR has been built before, then we return the unique SVFIR of the program
61 if(pag->getNodeNumAfterPAGBuild() > 1)
62 return pag;
63
64
65 createFunObjVars();
66
68 ICFGBuilder icfgbuilder;
69 pag->icfg = icfgbuilder.build();
70
73 initialiseNodes();
76 visitGlobal();
78
79
80
82 CallGraphBuilder callGraphBuilder;
83 std::vector<const FunObjVar*> funset;
84 for (const auto& item: llvmModuleSet()->getFunctionSet())
85 {
86 funset.push_back(llvmModuleSet()->getFunObjVar(item));
87 }
88 pag->callGraph = callGraphBuilder.buildSVFIRCallGraph(funset);
89
90 CHGraph* chg = new CHGraph();
91 CHGBuilder chgbuilder(chg);
92 chgbuilder.buildCHG();
93 pag->setCHG(chg);
94
96 for (Module& M : llvmModuleSet()->getLLVMModules())
97 {
98 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
99 {
100 const Function& fun = *F;
101 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(&fun);
103 if(!fun.isDeclaration())
104 {
110 if (fun.doesNotReturn() == false &&
111 fun.getReturnType()->isVoidTy() == false)
112 {
113 pag->addFunRet(svffun,
114 pag->getGNode(pag->getReturnNode(svffun)));
115 }
116
119 for (Function::const_arg_iterator I = fun.arg_begin(), E = fun.arg_end();
120 I != E; ++I)
121 {
122 setCurrentLocation(&*I,&fun.getEntryBlock());
123 NodeID argValNodeId = llvmModuleSet()->getValueNode(&*I);
124 // if this is the function does not have caller (e.g. main)
125 // or a dead function, shall we create a black hole address edge for it?
126 // it is (1) too conservative, and (2) make FormalParmVFGNode defined at blackhole address PAGEdge.
127 // if(SVFUtil::ArgInNoCallerFunction(&*I)) {
128 // if(I->getType()->isPointerTy())
129 // addBlackHoleAddrEdge(argValNodeId);
130 //}
131 pag->addFunArgs(svffun,pag->getGNode(argValNodeId));
132 }
133 }
134 for (Function::const_iterator bit = fun.begin(), ebit = fun.end();
135 bit != ebit; ++bit)
136 {
137 const BasicBlock& bb = *bit;
138 for (BasicBlock::const_iterator it = bb.begin(), eit = bb.end();
139 it != eit; ++it)
140 {
141 const Instruction& inst = *it;
142 setCurrentLocation(&inst,&bb);
143 visit(const_cast<Instruction&>(inst));
144 }
145 }
146 }
147 }
148
149 sanityCheck();
150
151 pag->initialiseCandidatePointers();
152
153 pag->setNodeNumAfterPAGBuild(pag->getTotalNodeNum());
154
155 // dump SVFIR
156 if (Options::PAGDotGraph())
157 pag->dump("svfir_initial");
158
159 // print to command line of the SVFIR graph
160 if (Options::PAGPrint())
161 pag->print();
162
163 // dump ICFG
164 if (Options::DumpICFG())
165 pag->getICFG()->dump("icfg_initial");
166
167 if (Options::LoopAnalysis())
168 {
169 LLVMLoopAnalysis loopAnalysis;
170 loopAnalysis.build(pag->getICFG());
171 }
172
173 // dump SVFIR as JSON
174 if (!Options::DumpJson().empty())
175 {
176 assert(false && "please implement SVFIRWriter::writeJsonToPath");
177 }
178
179 double endTime = SVFStat::getClk(true);
180 SVFStat::timeOfBuildingSVFIR = (endTime - startTime) / TIMEINTERVAL;
181
182 return pag;
183}
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:593
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:621
DGENERAL
#define DGENERAL
Definition SVFType.h:599
item
cJSON * item
Definition cJSON.h:222
SVF::GenericGraph::getTotalNodeNum
u32_t getTotalNodeNum() const
Get total number of node/edge.
Definition GenericGraph.h:424
SVF::ICFG::dump
void dump(const std::string &file, bool simple=false)
Dump graph into dot file.
Definition ICFG.cpp:411
SVF::IRGraph::getNodeNumAfterPAGBuild
u32_t getNodeNumAfterPAGBuild() const
Definition IRGraph.h:322
SVF::IRGraph::dump
void dump(std::string name)
Dump SVFIR.
Definition IRGraph.cpp:316
SVF::IRGraph::getReturnNode
NodeID getReturnNode(const FunObjVar *func) const
GetReturnNode - Return the unique node representing the return value of a function.
Definition IRGraph.cpp:60
SVF::IRGraph::setNodeNumAfterPAGBuild
void setNodeNumAfterPAGBuild(u32_t num)
Definition IRGraph.h:326
SVF::LLVMLoopAnalysis::build
virtual void build(ICFG *icfg)
Start from here.
Definition LLVMLoopAnalysis.cpp:89
SVF::LLVMModuleSet::getValueNode
NodeID getValueNode(const Value *V)
Definition LLVMModule.cpp:1049
SVF::LLVMModuleSet::getFunObjVar
const FunObjVar * getFunObjVar(const Function *fun) const
Definition LLVMModule.h:267
SVF::Options::PAGDotGraph
static const Option< bool > PAGDotGraph
Definition Options.h:118
SVF::Options::DumpJson
static const Option< std::string > DumpJson
Definition Options.h:121
SVF::Options::PAGPrint
static const Option< bool > PAGPrint
Definition Options.h:124
SVF::Options::LoopAnalysis
static const Option< bool > LoopAnalysis
Definition Options.h:239
SVF::Options::DumpICFG
static const Option< bool > DumpICFG
Definition Options.h:120
SVF::SVFIRBuilder::sanityCheck
void sanityCheck()
Sanity check for SVFIR.
Definition SVFIRBuilder.cpp:1630
SVF::SVFIRBuilder::visitGlobal
void visitGlobal()
Handle globals including (global variable and functions)
Definition SVFIRBuilder.cpp:941
SVF::SVFIRBuilder::initialiseNodes
void initialiseNodes()
Initialize nodes and edges.
Definition SVFIRBuilder.cpp:526
SVF::SVFIR::print
void print()
Print SVFIR.
Definition SVFIR.cpp:632
SVF::SVFIR::addFunArgs
void addFunArgs(const FunObjVar *fun, const SVFVar *arg)
Get/set method for function/callsite arguments and returns.
Definition SVFIR.h:544
SVF::SVFIR::addFunRet
void addFunRet(const FunObjVar *fun, const SVFVar *ret)
Add function returns.
Definition SVFIR.h:556
SVF::SVFIR::callGraph
CallGraph * callGraph
all the callsites of a program
Definition SVFIR.h:99
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:163
SVF::SVFIR::setCHG
void setCHG(CommonCHGraph *c)
Set/Get CHG.
Definition SVFIR.h:169
SVF::SVFIR::icfg
ICFG * icfg
Definition SVFIR.h:96
SVF::SVFIR::initialiseCandidatePointers
void initialiseCandidatePointers()
Initialize candidate pointers.
Definition SVFIR.cpp:717
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48
SVF::SVFStat::timeOfBuildingSVFIR
static double timeOfBuildingSVFIR
Definition SVFStat.h:95
SVF::LLVMUtil::getFunObjVar
const FunObjVar * getFunObjVar(const std::string &name)
Definition LLVMUtil.cpp:435
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF::BasicBlock
llvm::BasicBlock BasicBlock
Definition BasicTypes.h:86
SVF::Function
llvm::Function Function
Definition BasicTypes.h:85
SVF::Module
llvm::Module Module
Definition BasicTypes.h:84

◆ computeGepOffset()

bool SVFIRBuilder::computeGepOffset ( const User V,
AccessPath ap 
)
protected

Compute offset of a gep instruction or gep constant expression.

Return the object node offset according to GEP insn (V). Given a gep edge p = q + i, if "i" is a constant then we return its offset size otherwise if "i" is a variable determined by runtime, then it is a variant offset Return TRUE if the offset of this GEP insn is a constant.

Definition at line 632 of file SVFIRBuilder.cpp.

633{
634 assert(V);
635
636 const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
637 DataLayout * dataLayout = getDataLayout(llvmModuleSet()->getMainLLVMModule());
638 llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
639 if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
640 {
641 //s32_t bo = byteOffset.getSExtValue();
642 }
643
644 bool isConst = true;
645
646 bool prevPtrOperand = false;
647 for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
648 gi != ge; ++gi)
649 {
650 const Type* gepTy = *gi;
651 const SVFType* svfGepTy = llvmModuleSet()->getSVFType(gepTy);
652
653 assert((prevPtrOperand && svfGepTy->isPointerTy()) == false &&
654 "Expect no more than one gep operand to be of a pointer type");
655 if(!prevPtrOperand && svfGepTy->isPointerTy()) prevPtrOperand = true;
656 const Value* offsetVal = gi.getOperand();
657 assert(gepTy != offsetVal->getType() && "iteration and operand have the same type?");
658 ap.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offsetVal)), svfGepTy);
659
660 //The int value of the current index operand
661 const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
662
663 // if Options::ModelConsts() is disabled. We will treat whole array as one,
664 // but we can distinguish different field of an array of struct, e.g. s[1].f1 is different from s[0].f2
665 if(const ArrayType* arrTy = SVFUtil::dyn_cast<ArrayType>(gepTy))
666 {
667 if(!op || (arrTy->getArrayNumElements() <= (u32_t)LLVMUtil::getIntegerValue(op).first))
668 continue;
669 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
670 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(arrTy), idx);
671 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
672 }
673 else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
674 {
675 assert(op && "non-const offset accessing a struct");
676 //The actual index
677 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
678 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(ST), idx);
679 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
680 }
681 else if (gepTy->isSingleValueType())
682 {
683 // If it's a non-constant offset access
684 // If its point-to target is struct or array, it's likely an array accessing (%result = gep %struct.A* %a, i32 %non-const-index)
685 // If its point-to target is single value (pointer arithmetic), then it's a variant gep (%result = gep i8* %p, i32 %non-const-index)
686 if(!op && gepTy->isPointerTy() && gepOp->getSourceElementType()->isSingleValueType())
687 {
688 isConst = false;
689 }
690
691 // The actual index
692 //s32_t idx = op->getSExtValue();
693
694 // For pointer arithmetic we ignore the byte offset
695 // consider using inferFieldIdxFromByteOffset(geopOp,dataLayout,ap,idx)?
696 // ap.setFldIdx(ap.getConstantFieldIdx() + inferFieldIdxFromByteOffset(geopOp,idx));
697 }
698 }
699 return isConst;
700}
offset
buffer offset
Definition cJSON.cpp:1113
SVF::AccessPath::addOffsetVarAndGepTypePair
bool addOffsetVarAndGepTypePair(const SVFVar *var, const SVFType *gepIterType)
Definition AccessPath.cpp:42
SVF::AccessPath::getConstantStructFldIdx
APOffset getConstantStructFldIdx() const
Get methods.
Definition AccessPath.h:97
SVF::AccessPath::setFldIdx
void setFldIdx(APOffset idx)
Definition AccessPath.h:101
SVF::IRGraph::getFlattenedElemIdx
u32_t getFlattenedElemIdx(const SVFType *T, u32_t origId)
Flattened element idx of an array or struct by considering stride.
Definition IRGraph.cpp:144
SVF::LLVMModuleSet::getSVFType
SVFType * getSVFType(const Type *T)
Get or create SVFType and typeinfo.
Definition LLVMModule.cpp:1166
SVF::SVFIRBuilder::getPAG
SVFIR * getPAG() const
Return SVFIR.
Definition SVFIRBuilder.h:70
llvm::generic_bridge_gep_type_iterator
Definition GEPTypeBridgeIterator.h:18
SVF::LLVMUtil::getIntegerValue
std::pair< s64_t, u64_t > getIntegerValue(const ConstantInt *intValue)
Definition LLVMUtil.h:82
SVF::LLVMUtil::getDataLayout
static DataLayout * getDataLayout(Module *mod)
Definition LLVMUtil.h:313
SVF::DataLayout
llvm::DataLayout DataLayout
Definition BasicTypes.h:108
SVF::ArrayType
llvm::ArrayType ArrayType
Definition BasicTypes.h:95
SVF::StructType
llvm::StructType StructType
LLVM types.
Definition BasicTypes.h:94
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
SVF::ConstantInt
llvm::ConstantInt ConstantInt
Definition BasicTypes.h:125
llvm::bridge_gep_end
bridge_gep_iterator bridge_gep_end(const User *GEP)
Definition GEPTypeBridgeIterator.h:157
llvm::bridge_gep_begin
bridge_gep_iterator bridge_gep_begin(const User *GEP)
Definition GEPTypeBridgeIterator.h:149

◆ createFunObjVars()

void SVFIRBuilder::createFunObjVars ( )

set fun in bb

Definition at line 324 of file SVFIRBuilder.cpp.

325{
326 std::vector<FunObjVar*> funset;
327 // Iterate over all object symbols in the symbol table
328 for (const auto* fun: llvmModuleSet()->getFunctionSet())
329 {
330 u32_t id = llvmModuleSet()->objSyms()[fun];
331 // Debug output for adding object node
332 DBOUT(DPAGBuild, outs() << "add obj node " << id << "\n");
333
334 // Check if the value is a function and add a function object node
335 pag->addFunObjNode(id, pag->getObjTypeInfo(id), nullptr);
336 llvmModuleSet()->LLVMFun2FunObjVar[fun] = cast<FunObjVar>(pag->getGNode(id));
337
338 FunObjVar *funObjVar = SVFUtil::cast<FunObjVar>(pag->getGNode(id));
339 funset.push_back(funObjVar);
340
341 funObjVar->initFunObjVar(fun->isDeclaration(), LLVMUtil::isIntrinsicFun(fun), fun->hasAddressTaken(),
342 LLVMUtil::isUncalledFunction(fun), LLVMUtil::functionDoesNotRet(fun), fun->isVarArg(),
343 SVFUtil::cast<SVFFunctionType>(llvmModuleSet()->getSVFType(fun->getFunctionType())),
344 new SVFLoopAndDomInfo, nullptr, nullptr,
345 {}, nullptr);
346 BasicBlockGraph* bbGraph = new BasicBlockGraph();
347 funObjVar->setBasicBlockGraph(bbGraph);
348
349
350 for (const BasicBlock& bb : *fun)
351 {
352 llvmModuleSet()->addBasicBlock(funObjVar, &bb);
353 }
354
356 for (auto& bb: *funObjVar->bbGraph)
357 {
358 bb.second->setFun(funObjVar);
359 }
360 llvmModuleSet()->addToSVFVar2LLVMValueMap(fun, pag->getGNode(id));
361 }
362
363 initFunObjVar();
364}
DPAGBuild
#define DPAGBuild
Definition SVFType.h:601
SVF::FunObjVar::setBasicBlockGraph
void setBasicBlockGraph(BasicBlockGraph *graph)
Definition SVFVariables.h:1199
SVF::FunObjVar::initFunObjVar
void initFunObjVar(bool decl, bool intrinc, bool addr, bool uncalled, bool notret, bool vararg, const SVFFunctionType *ft, SVFLoopAndDomInfo *ld, const FunObjVar *real, BasicBlockGraph *bbg, const std::vector< const ArgValVar * > &allarg, const SVFBasicBlock *exit)
Definition SVFVariables.cpp:448
SVF::IRGraph::getObjTypeInfo
ObjTypeInfo * getObjTypeInfo(NodeID id) const
Definition IRGraph.h:234
SVF::LLVMModuleSet::LLVMFun2FunObjVar
LLVMFun2FunObjVarMap LLVMFun2FunObjVar
Map an LLVM Function to an SVF Funobjvar.
Definition LLVMModule.h:99
SVF::LLVMModuleSet::objSyms
ValueToIDMapTy & objSyms()
Definition LLVMModule.h:212
SVF::LLVMModuleSet::addBasicBlock
void addBasicBlock(FunObjVar *fun, const BasicBlock *bb)
Definition LLVMModule.h:232
SVF::SVFIR::addFunObjNode
NodeID addFunObjNode(NodeID id, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:673
SVF::LLVMUtil::isUncalledFunction
bool isUncalledFunction(const Function *fun)
whether this is a function without any possible caller?
Definition LLVMUtil.cpp:157
SVF::LLVMUtil::isIntrinsicFun
bool isIntrinsicFun(const Function *func)
Definition LLVMUtil.cpp:189
SVF::LLVMUtil::functionDoesNotRet
bool functionDoesNotRet(const Function *fun)
Definition LLVMUtil.cpp:122

◆ getAccessPathFromBaseNode()

AccessPath SVFIRBuilder::getAccessPathFromBaseNode ( NodeID  nodeId)
protected

Get a base SVFVar given a pointer Return the source node of its connected normal gep edge Otherwise return the node id itself s32_t offset : gep offset

if this node is already a base node

Definition at line 1798 of file SVFIRBuilder.cpp.

1799{
1800 SVFVar* node = pag->getGNode(nodeId);
1801 SVFStmt::SVFStmtSetTy& geps = node->getIncomingEdges(SVFStmt::Gep);
1803 if(geps.empty())
1804 return AccessPath(0);
1805
1806 assert(geps.size()==1 && "one node can only be connected by at most one gep edge!");
1807 SVFVar::iterator it = geps.begin();
1808 const GepStmt* gepEdge = SVFUtil::cast<GepStmt>(*it);
1809 if(gepEdge->isVariantFieldGep())
1810 return AccessPath(0);
1811 else
1812 return gepEdge->getAccessPath();
1813}
SVF::GenericNode::iterator
GEdgeSetTy::iterator iterator
Definition GenericGraph.h:151
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition SVFStatements.h:259
SVF::SVFVar::getIncomingEdges
SVFStmt::SVFStmtSetTy & getIncomingEdges(SVFStmt::PEDGEK kind)
Edge accessors and checkers.
Definition SVFVariables.h:121

◆ getBaseTypeAndFlattenedFields()

const Type * SVFIRBuilder::getBaseTypeAndFlattenedFields ( const Value V,
std::vector< AccessPath > &  fields,
const Value szValue 
)
protectedvirtual

Handle external call.

Find the base type and the max possible offset of an object pointed to by (V).

use user-specified size for this copy operation if the size is a constaint int

Definition at line 44 of file SVFIRExtAPI.cpp.

45{
46 assert(V);
47 const Value* value = getBaseValueForExtArg(V);
48 const Type *objType = LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->inferObjType(value);
49 u32_t numOfElems = pag->getNumOfFlattenElements(LLVMModuleSet::getLLVMModuleSet()->getSVFType(objType));
51 if(szValue && SVFUtil::isa<ConstantInt>(szValue))
52 {
53 auto szIntVal = LLVMUtil::getIntegerValue(SVFUtil::cast<ConstantInt>(szValue));
54 numOfElems = (numOfElems > szIntVal.first) ? szIntVal.first : numOfElems;
55 }
56
57 LLVMContext& context = LLVMModuleSet::getLLVMModuleSet()->getContext();
58 for(u32_t ei = 0; ei < numOfElems; ei++)
59 {
60 AccessPath ls(ei);
61 // make a ConstantInt and create char for the content type due to byte-wise copy
62 const ConstantInt* offset = ConstantInt::get(context, llvm::APInt(32, ei));
63 if (!llvmModuleSet()->hasValueNode(offset))
64 {
65 SymbolTableBuilder builder(pag);
66 builder.collectSym(offset);
67 NodeID id = llvmModuleSet()->getValueNode(offset);
68 pag->addConstantIntValNode(id, LLVMUtil::getIntegerValue(offset), nullptr, llvmModuleSet()->getSVFType(offset->getType()));
69 llvmModuleSet()->addToSVFVar2LLVMValueMap(offset,
70 pag->getGNode(id));
71 }
72 ls.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offset)), nullptr);
73 fields.push_back(ls);
74 }
75 return objType;
76}
SVF::IRGraph::getNumOfFlattenElements
u32_t getNumOfFlattenElements(const SVFType *T)
Definition IRGraph.cpp:169
SVF::LLVMModuleSet::getTypeInference
ObjTypeInference * getTypeInference()
Definition LLVMModule.cpp:94
SVF::ObjTypeInference::inferObjType
const Type * inferObjType(const Value *var)
get or infer the type of the object pointed by the value
Definition ObjTypeInference.cpp:136
SVF::SVFIRBuilder::getBaseValueForExtArg
const Value * getBaseValueForExtArg(const Value *V)
Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst,...
Definition SVFIRBuilder.cpp:1527
SVF::SVFIR::addConstantIntValNode
NodeID addConstantIntValNode(NodeID i, const std::pair< s64_t, u64_t > &intValue, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:617

◆ getBaseValueForExtArg()

const Value * SVFIRBuilder::getBaseValueForExtArg ( const Value V)
protected

Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))

Example 1:

%0 = getelementptr inbounds struct.outer, struct.inner base, i32 0, i32 0 call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false) The base value for %0 is base. Note: the base is recognized as the base value if the offset (field index) is 0

Example 2: https://github.com/SVF-tools/SVF/issues/1650 https://github.com/SVF-tools/SVF/pull/1652

@i1 = dso_local global struct.inner { i32 0, ptr @f1, ptr @f2 } @n1 = dso_local global struct.outer { i32 0, ptr @i1 }

inner = alloca struct.inner %0 = load ptr, ptr getelementptr inbounds (struct.outer, ptr @n1, i32 0, i32 1) call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false)

The base value for %0 is @i1

Example 3:

@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }> <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8

%0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>, ptr @conststruct, i64 0, i32 0, i64 16)

The base value for %0 is still %0

Definition at line 1527 of file SVFIRBuilder.cpp.

1528{
1529 const Value* value = stripAllCasts(V);
1530 assert(value && "null ptr?");
1531 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
1532 {
1533 APOffset totalidx = 0;
1534 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1535 {
1536 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1537 totalidx += LLVMUtil::getIntegerValue(op).first;
1538 }
1539 if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
1540 value = gep->getPointerOperand();
1541 }
1542 else if (const LoadInst* load = SVFUtil::dyn_cast<LoadInst>(value))
1543 {
1544 const Value* loadP = load->getPointerOperand();
1545 if (const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(loadP))
1546 {
1547 APOffset totalidx = 0;
1548 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1549 {
1550 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1551 totalidx += LLVMUtil::getIntegerValue(op).first;
1552 }
1553 const Value * pointer_operand = gep->getPointerOperand();
1554 if (auto *glob = SVFUtil::dyn_cast<GlobalVariable>(pointer_operand))
1555 {
1556 if (glob->hasInitializer())
1557 {
1558 if (auto *initializer = SVFUtil::dyn_cast<
1559 ConstantStruct>(glob->getInitializer()))
1560 {
1561 /*
1562 *@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>
1563 <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8
1564
1565 %0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>,
1566 ptr @conststruct, i64 0, i32 0, i64 16)
1567 in this case, totalidx is 16 while initializer->getNumOperands() is 4, so we return value as the base
1568 */
1569 if (totalidx >= initializer->getNumOperands()) return value;
1570 auto *ptrField = initializer->getOperand(totalidx);
1571 if (auto *ptrValue = SVFUtil::dyn_cast<llvm::GlobalVariable>(ptrField))
1572 {
1573 return ptrValue;
1574 }
1575 }
1576 }
1577 }
1578 }
1579 }
1580
1581 return value;
1582}
SVF::LLVMUtil::stripAllCasts
const Value * stripAllCasts(const Value *val)
Strip off the all casts.
Definition LLVMUtil.cpp:249
SVF::SVFUtil::dyn_cast
LLVM_NODISCARD std::enable_if_t<!is_simple_type< Y >::value, typename cast_retty< X, const Y >::ret_type > dyn_cast(const Y &Val)
Definition Casting.h:405
SVF::ConstantStruct
llvm::ConstantStruct ConstantStruct
Definition BasicTypes.h:106
SVF::LoadInst
llvm::LoadInst LoadInst
Definition BasicTypes.h:149
SVF::GetElementPtrInst
llvm::GetElementPtrInst GetElementPtrInst
Definition BasicTypes.h:162

◆ getCopyKind()

CopyStmt::CopyKind SVF::SVFIRBuilder::getCopyKind ( const Value val)
inlineprotected

Definition at line 380 of file SVFIRBuilder.h.

381 {
382 // COPYVAL, ZEXT, SEXT, BITCAST, FPTRUNC, FPTOUI, FPTOSI, UITOFP, SITOFP, INTTOPTR, PTRTOINT
383 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(val))
384 {
385 switch (inst->getOpcode())
386 {
387 case Instruction::ZExt:
388 return CopyStmt::ZEXT;
389 case Instruction::SExt:
390 return CopyStmt::SEXT;
391 case Instruction::BitCast:
392 return CopyStmt::BITCAST;
393 case Instruction ::Trunc:
394 return CopyStmt::TRUNC;
395 case Instruction::FPTrunc:
396 return CopyStmt::FPTRUNC;
397 case Instruction::FPToUI:
398 return CopyStmt::FPTOUI;
399 case Instruction::FPToSI:
400 return CopyStmt::FPTOSI;
401 case Instruction::UIToFP:
402 return CopyStmt::UITOFP;
403 case Instruction::SIToFP:
404 return CopyStmt::SITOFP;
405 case Instruction::IntToPtr:
406 return CopyStmt::INTTOPTR;
407 case Instruction::PtrToInt:
408 return CopyStmt::PTRTOINT;
409 default:
410 return CopyStmt::COPYVAL;
411 }
412 }
413 assert (false && "Unknown cast inst!");
414 abort();
415 }

◆ getCurrentBB()

const SVFBasicBlock * SVF::SVFIRBuilder::getCurrentBB ( ) const
inlineprotected

Definition at line 264 of file SVFIRBuilder.h.

265 {
266 return curBB;
267 }

◆ getCurrentValue()

const Value * SVF::SVFIRBuilder::getCurrentValue ( ) const
inlineprotected

Definition at line 260 of file SVFIRBuilder.h.

261 {
262 return curVal;
263 }

◆ getGepValVar()

NodeID SVFIRBuilder::getGepValVar ( const Value val,
const AccessPath ap,
const SVFType elementType 
)
protected

Add a temp field value node according to base value and offset this node is after the initial node method, it is out of scope of symInfo table

Definition at line 1656 of file SVFIRBuilder.cpp.

1657{
1658 NodeID base = getValueNode(val);
1659 NodeID gepval = pag->getGepValVar(llvmModuleSet()->getValueNode(curVal), base, ap);
1660 if (gepval==UINT_MAX)
1661 {
1662 assert(((int) UINT_MAX)==-1 && "maximum limit of unsigned int is not -1?");
1663 /*
1664 * getGepValVar can only be called from two places:
1665 * 1. SVFIRBuilder::addComplexConsForExt to handle external calls
1666 * 2. SVFIRBuilder::getGlobalVarField to initialize global variable
1667 * so curVal can only be
1668 * 1. Instruction
1669 * 2. GlobalVariable
1670 */
1671 assert(
1672 (SVFUtil::isa<Instruction>(curVal) || SVFUtil::isa<GlobalVariable>(curVal)) && "curVal not an instruction or a globalvariable?");
1673
1674 // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
1675 // We preserve the current BB information to restore it after creating the gepNode
1676 const Value* cval = getCurrentValue();
1677 const SVFBasicBlock* cbb = getCurrentBB();
1678 setCurrentLocation(curVal, (SVFBasicBlock*) nullptr);
1679 LLVMModuleSet* llvmmodule = llvmModuleSet();
1680 const ICFGNode* node = nullptr;
1681 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
1682 if (llvmmodule->hasICFGNode(inst))
1683 {
1684 node = llvmmodule->getICFGNode(inst);
1685 }
1686 NodeID gepNode = pag->addGepValNode(llvmModuleSet()->getValueNode(curVal), cast<ValVar>(pag->getGNode(getValueNode(val))), ap,
1687 NodeIDAllocator::get()->allocateValueId(),
1688 llvmmodule->getSVFType(PointerType::getUnqual(llvmmodule->getContext())), node);
1689 addGepEdge(base, gepNode, ap, true);
1690 setCurrentLocation(cval, cbb);
1691 return gepNode;
1692 }
1693 else
1694 return gepval;
1695}
SVF::NodeIDAllocator::get
static NodeIDAllocator * get(void)
Return (singleton) allocator.
Definition NodeIDAllocator.cpp:26
SVF::SVFIRBuilder::addGepEdge
void addGepEdge(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIRBuilder.h:485
SVF::SVFIR::getGepValVar
NodeID getGepValVar(NodeID curInst, NodeID base, const AccessPath &ap) const
Due to constraint expression, curInst is used to distinguish different instructions (e....
Definition SVFIR.cpp:597
SVF::SVFIR::addGepValNode
NodeID addGepValNode(NodeID curInst, const ValVar *base, const AccessPath &ap, NodeID i, const SVFType *type, const ICFGNode *node)
Add a temp field value node, this method can only invoked by getGepValVar.
Definition SVFIR.cpp:471

◆ getGlobalVarField()

NodeID SVFIRBuilder::getGlobalVarField ( const GlobalVariable gvar,
u32_t  offset,
SVFType tpy 
)
protected

Get the field of the global variable node FIXME:Here we only get the field that actually used in the program We ignore the initialization of global variable field that not used in the program

if we did not find the constant expression in the program, then we need to create a gep node for this field

Definition at line 836 of file SVFIRBuilder.cpp.

837{
838
839 // if the global variable do not have any field needs to be initialized
840 if (offset == 0 && gvar->getInitializer()->getType()->isSingleValueType())
841 {
842 return getValueNode(gvar);
843 }
846 else
847 {
848 return getGepValVar(gvar, AccessPath(offset), tpy);
849 }
850}

◆ getObjectNode()

NodeID SVF::SVFIRBuilder::getObjectNode ( const Value V)
inline

GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.

Definition at line 108 of file SVFIRBuilder.h.

109 {
110 return llvmModuleSet()->getObjectNode(V);
111 }
SVF::LLVMModuleSet::getObjectNode
NodeID getObjectNode(const Value *V)
Definition LLVMModule.cpp:1070

◆ getPAG()

SVFIR * SVF::SVFIRBuilder::getPAG ( ) const
inline

Return SVFIR.

Definition at line 70 of file SVFIRBuilder.h.

71 {
72 return pag;
73 }

◆ getReturnNode()

NodeID SVF::SVFIRBuilder::getReturnNode ( const FunObjVar func)
inline

getReturnNode - Return the node representing the unique return value of a function.

Definition at line 114 of file SVFIRBuilder.h.

115 {
116 return pag->getReturnNode(func);
117 }

◆ getValueNode()

NodeID SVF::SVFIRBuilder::getValueNode ( const Value V)
inline

Get different kinds of node.

Definition at line 98 of file SVFIRBuilder.h.

99 {
100 // first handle gep edge if val if a constant expression
101 processCE(V);
102
103 // strip off the constant cast and return the value node
104 return llvmModuleSet()->getValueNode(V);
105 }
SVF::SVFIRBuilder::processCE
void processCE(const Value *val)
Process constant expression.
Definition SVFIRBuilder.cpp:705

◆ getVarargNode()

NodeID SVF::SVFIRBuilder::getVarargNode ( const FunObjVar func)
inline

getVarargNode - Return the node representing the unique variadic argument of a function.

Definition at line 120 of file SVFIRBuilder.h.

121 {
122 return pag->getVarargNode(func);
123 }
SVF::IRGraph::getVarargNode
NodeID getVarargNode(const FunObjVar *func) const
getVarargNode - Return the unique node representing the variadic argument of a variadic function.
Definition IRGraph.cpp:67

◆ handleDirectCall()

void SVFIRBuilder::handleDirectCall ( CallBase cs,
const Function F 
)
protected

Handle direct call.

Add the constraints for a direct, non-external call.

FIXME: this assertion should be placed for correct checking except bug program like 188.ammp, 300.twolf

Definition at line 1433 of file SVFIRBuilder.cpp.

1434{
1435
1436 assert(F);
1437 CallICFGNode* callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
1438 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(F);
1439 DBOUT(DPAGBuild,
1440 outs() << "handle direct call " << LLVMUtil::dumpValue(cs) << " callee " << F->getName().str() << "\n");
1441
1442 //Only handle the ret.val. if it's used as a ptr.
1443 NodeID dstrec = getValueNode(cs);
1444 //Does it actually return a ptr?
1445 if (!cs->getType()->isVoidTy())
1446 {
1447 NodeID srcret = getReturnNode(svffun);
1448 FunExitICFGNode* exitICFGNode = pag->getICFG()->getFunExitICFGNode(svffun);
1449 addRetEdge(srcret, dstrec,callICFGNode, exitICFGNode);
1450 }
1451 //Iterators for the actual and formal parameters
1452 u32_t itA = 0, ieA = cs->arg_size();
1453 Function::const_arg_iterator itF = F->arg_begin(), ieF = F->arg_end();
1454 //Go through the fixed parameters.
1455 DBOUT(DPAGBuild, outs() << " args:");
1456 for (; itF != ieF; ++itA, ++itF)
1457 {
1458 //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
1459 if (itA == ieA)
1460 {
1461 DBOUT(DPAGBuild, outs() << " !! not enough args\n");
1462 break;
1463 }
1464 const Value* AA = cs->getArgOperand(itA), *FA = &*itF; //current actual/formal arg
1465
1466 DBOUT(DPAGBuild, outs() << "process actual parm " << llvmModuleSet()->getSVFValue(AA)->toString() << " \n");
1467
1468 NodeID dstFA = getValueNode(FA);
1469 NodeID srcAA = getValueNode(AA);
1470 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1471 addCallEdge(srcAA, dstFA, callICFGNode, entry);
1472 }
1473 //Any remaining actual args must be varargs.
1474 if (F->isVarArg())
1475 {
1476 NodeID vaF = getVarargNode(svffun);
1477 DBOUT(DPAGBuild, outs() << "\n varargs:");
1478 for (; itA != ieA; ++itA)
1479 {
1480 const Value* AA = cs->getArgOperand(itA);
1481 NodeID vnAA = getValueNode(AA);
1482 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1483 addCallEdge(vnAA,vaF, callICFGNode,entry);
1484 }
1485 }
1486 if(itA != ieA)
1487 {
1490 writeWrnMsg("too many args to non-vararg func.");
1491 writeWrnMsg("(" + callICFGNode->getSourceLoc() + ")");
1492
1493 }
1494}
SVF::ICFG::getFunExitICFGNode
FunExitICFGNode * getFunExitICFGNode(const FunObjVar *fun)
Add a function exit node.
Definition ICFG.cpp:249
SVF::ICFG::getFunEntryICFGNode
FunEntryICFGNode * getFunEntryICFGNode(const FunObjVar *fun)
Add a function entry node.
Definition ICFG.cpp:242
SVF::LLVMModuleSet::getCallICFGNode
CallICFGNode * getCallICFGNode(const Instruction *cs)
get a call node
Definition LLVMModule.cpp:1208
SVF::SVFIRBuilder::getVarargNode
NodeID getVarargNode(const FunObjVar *func)
getVarargNode - Return the node representing the unique variadic argument of a function.
Definition SVFIRBuilder.h:120
SVF::SVFIRBuilder::getReturnNode
NodeID getReturnNode(const FunObjVar *func)
getReturnNode - Return the node representing the unique return value of a function.
Definition SVFIRBuilder.h:114
SVF::SVFIRBuilder::addRetEdge
void addRetEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIRBuilder.h:479
SVF::SVFIRBuilder::addCallEdge
void addCallEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIRBuilder.h:473
SVF::LLVMUtil::dumpValue
std::string dumpValue(const Value *val)
Definition LLVMUtil.cpp:600
SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:68

◆ handleExtCall()

void SVFIRBuilder::handleExtCall ( const CallBase cs,
const Function callee 
)
protectedvirtual

pthread_create has 1 arg. apr_thread_create has 2 arg.

Connect actual parameter to formal parameter of the start routine

handle indirect calls at pthread create APIs e.g., pthread_create(&t1, nullptr, fp, ...); const Value* fun = ThreadAPI::getThreadAPI()->getForkedFun(inst); if(!SVFUtilisa<Function>(fun)) pag->addIndirectCallsites(cs,pag->getValueNode(fun));

If forkedFun does not pass to spawnee as function type but as void pointer remember to update inter-procedural callgraph/SVFIR/SVFG etc. when indirect call targets are resolved We don't connect the callgraph here, further investigation is need to handle mod-ref during SVFG construction.

TODO: inter-procedural SVFIR edges for thread joins

Definition at line 128 of file SVFIRExtAPI.cpp.

129{
130 const CallICFGNode *callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
131
132 if (isHeapAllocExtCallViaRet(callICFGNode))
133 {
134 NodeID val = llvmModuleSet()->getValueNode(cs);
135 NodeID obj = llvmModuleSet()->getObjectNode(cs);
136 addAddrWithHeapSz(obj, val, cs);
137 }
138 else if (isHeapAllocExtCallViaArg(callICFGNode))
139 {
140 u32_t arg_pos = LLVMUtil::getHeapAllocHoldingArgPosition(callee);
141 Value* arg = cs->getArgOperand(arg_pos);
142 if (cs->getArgOperand(arg_pos)->getType()->isPointerTy())
143 {
144 NodeID vnArg = llvmModuleSet()->getValueNode(arg);
145 NodeID dummy = pag->addDummyValNode();
146 NodeID obj = pag->addDummyObjNode(llvmModuleSet()->getSVFType(cs->getArgOperand(arg_pos)->getType()));
147 if (vnArg && dummy && obj)
148 {
149 addAddrWithHeapSz(obj, dummy, cs);
150 addStoreEdge(dummy, vnArg);
151 }
152 }
153 else
154 {
155 writeWrnMsg("Arg receiving new object must be pointer type");
156 }
157 }
158 else if (LLVMUtil::isMemcpyExtFun(callee))
159 {
160 // Side-effects similar to void *memcpy(void *dest, const void * src, size_t n)
161 // which copies n characters from memory area 'src' to memory area 'dest'.
162 if(callee->getName().find("iconv") != std::string::npos)
163 addComplexConsForExt(cs->getArgOperand(3), cs->getArgOperand(1), nullptr);
164 else if(callee->getName().find("bcopy") != std::string::npos)
165 addComplexConsForExt(cs->getArgOperand(1), cs->getArgOperand(0), cs->getArgOperand(2));
166 if(cs->arg_size() == 3)
167 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), cs->getArgOperand(2));
168 else
169 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), nullptr);
170 if(SVFUtil::isa<PointerType>(cs->getType()))
171 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
172 }
173 else if(LLVMUtil::isMemsetExtFun(callee))
174 {
175 // Side-effects similar to memset(void *str, int c, size_t n)
176 // which copies the character c (an unsigned char) to the first n characters of the string pointed to, by the argument str
177 std::vector<AccessPath> dstFields;
178 const Type *dtype = getBaseTypeAndFlattenedFields(cs->getArgOperand(0), dstFields, cs->getArgOperand(2));
179 u32_t sz = dstFields.size();
180 //For each field (i), add store edge *(arg0 + i) = arg1
181 for (u32_t index = 0; index < sz; index++)
182 {
183 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
184 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
185 dstFields[index].getConstantStructFldIdx());
186 NodeID dField = getGepValVar(cs->getArgOperand(0), dstFields[index], dElementType);
187 addStoreEdge(getValueNode(cs->getArgOperand(1)),dField);
188 }
189 if(SVFUtil::isa<PointerType>(cs->getType()))
190 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
191 }
192 else if(callee->getName().compare("dlsym") == 0)
193 {
194 /*
195 Side-effects of void* dlsym( void* handle, const char* funName),
196 Locate the function with the name "funName," then add a "copy" edge between the callsite and that function.
197 dlsym() example:
198 int main() {
199 // Open the shared library
200 void* handle = dlopen("./my_shared_library.so", RTLD_LAZY);
201 // Find the function address
202 void (*myFunctionPtr)() = (void (*)())dlsym(handle, "myFunction");
203 // Call the function
204 myFunctionPtr();
205 }
206 */
207 const Value* src = cs->getArgOperand(1);
208 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(src))
209 src = stripConstantCasts(gep->getPointerOperand());
210
211 auto getHookFn = [](const Value* src)->const Function*
212 {
213 if (!SVFUtil::isa<GlobalVariable>(src))
214 return nullptr;
215
216 auto *glob = SVFUtil::cast<GlobalVariable>(src);
217 if (!glob->hasInitializer() || !SVFUtil::isa<ConstantDataArray>(glob->getInitializer()))
218 return nullptr;
219
220 auto *constarray = SVFUtil::cast<ConstantDataArray>(glob->getInitializer());
221 return LLVMUtil::getProgFunction(constarray->getAsCString().str());
222 };
223
224 if (const Function *fn = getHookFn(src))
225 {
226 NodeID srcNode = getValueNode(fn);
227 addCopyEdge(srcNode, getValueNode(cs), CopyStmt::COPYVAL);
228 }
229 }
230 else if(callee->getName().find("_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_") != std::string::npos)
231 {
232 // The purpose of this function is to insert a new node into the red-black tree and then rebalance the tree to ensure that the red-black tree properties are maintained.
233 assert(cs->arg_size() == 4 && "_Rb_tree_insert_and_rebalance should have 4 arguments.\n");
234
235 // We have vArg3 points to the entry of _Rb_tree_node_base { color; parent; left; right; }.
236 // Now we calculate the offset from base to vArg3
237 NodeID vnArg3 = llvmModuleSet()->getValueNode(cs->getArgOperand(3));
238 APOffset offset =
239 getAccessPathFromBaseNode(vnArg3).getConstantStructFldIdx();
240
241 // We get all flattened fields of base
242 vector<AccessPath> fields = pag->getTypeLocSetsMap(vnArg3).second;
243
244 // We summarize the side effects: arg3->parent = arg1, arg3->left = arg1, arg3->right = arg1
245 // Note that arg0 is aligned with "offset".
246 for (APOffset i = offset + 1; i <= offset + 3; ++i)
247 {
248 if((u32_t)i >= fields.size())
249 break;
250 const SVFType* elementType = pag->getFlatternedElemType(pag->getTypeLocSetsMap(vnArg3).first,
251 fields[i].getConstantStructFldIdx());
252 NodeID vnD = getGepValVar(cs->getArgOperand(3), fields[i], elementType);
253 NodeID vnS = llvmModuleSet()->getValueNode(cs->getArgOperand(1));
254 if(vnD && vnS)
255 addStoreEdge(vnS,vnD);
256 }
257 }
258
259 if (isThreadForkCall(callICFGNode))
260 {
261 const ValVar* valVar = getForkedFun(callICFGNode);
262 if (const FunValVar* funcValVar = SVFUtil::dyn_cast<FunValVar>(valVar))
263 {
264 const FunObjVar* forkedFun = funcValVar->getFunction()->getDefFunForMultipleModule();
265 const SVFVar* actualParm = getActualParmAtForkSite(callICFGNode);
268 assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
269 if (forkedFun->arg_size() <= 2 && forkedFun->arg_size() >= 1)
270 {
271 const ArgValVar* formalParm = forkedFun->getArg(0);
273 if (actualParm->isPointer() && formalParm->getType()->isPointerTy())
274 {
275 FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
276 addThreadForkEdge(actualParm->getId(), formalParm->getId(), callICFGNode, entry);
277 }
278 }
279 }
280 else
281 {
286 }
290 }
291
293}
SVF::ArgValVar
Class representing a function argument variable in the SVFIR.
Definition SVFVariables.h:368
SVF::FunObjVar::getFunction
virtual const FunObjVar * getFunction() const
Get containing function, or null for globals/constants.
Definition SVFVariables.cpp:472
SVF::FunObjVar::getDefFunForMultipleModule
const FunObjVar * getDefFunForMultipleModule() const
Definition SVFVariables.h:1192
SVF::SVFIRBuilder::addAddrWithHeapSz
AddrStmt * addAddrWithHeapSz(NodeID src, NodeID dst, const CallBase *cs)
Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
Definition SVFIRBuilder.h:324
SVF::SVFIRBuilder::addThreadForkEdge
void addThreadForkEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIRBuilder.h:503
SVF::SVFIRBuilder::getAccessPathFromBaseNode
AccessPath getAccessPathFromBaseNode(NodeID nodeId)
Definition SVFIRBuilder.cpp:1798
SVF::SVFIRBuilder::addCopyEdge
CopyStmt * addCopyEdge(NodeID src, NodeID dst, CopyStmt::CopyKind kind)
Definition SVFIRBuilder.h:370
SVF::SVFIRBuilder::addComplexConsForExt
virtual void addComplexConsForExt(Value *D, Value *S, const Value *sz)
Definition SVFIRExtAPI.cpp:82
SVF::SVFIR::getTypeLocSetsMap
SVFTypeLocSetsPair & getTypeLocSetsMap(NodeID argId)
Given an arg NodeId, get its base SVFType* and all its field location sets.
Definition SVFIR.h:273
SVF::SVFIR::addDummyObjNode
NodeID addDummyObjNode(const SVFType *type)
Definition SVFIR.h:496
SVF::LLVMUtil::getProgFunction
const Function * getProgFunction(const std::string &funName)
Get program entry function from module.
Definition LLVMUtil.cpp:39
SVF::LLVMUtil::stripConstantCasts
const Value * stripConstantCasts(const Value *val)
Strip off the constant casts.
Definition LLVMUtil.cpp:218
SVF::LLVMUtil::isHeapAllocExtCallViaRet
bool isHeapAllocExtCallViaRet(const Instruction *inst)
Definition LLVMUtil.cpp:633
SVF::LLVMUtil::isMemcpyExtFun
bool isMemcpyExtFun(const Function *fun)
Definition LLVMUtil.cpp:388
SVF::LLVMUtil::isHeapAllocExtCallViaArg
bool isHeapAllocExtCallViaArg(const Instruction *inst)
Definition LLVMUtil.cpp:648
SVF::LLVMUtil::isMemsetExtFun
bool isMemsetExtFun(const Function *fun)
Definition LLVMUtil.cpp:394
SVF::LLVMUtil::getHeapAllocHoldingArgPosition
u32_t getHeapAllocHoldingArgPosition(const Function *fun)
Definition LLVMUtil.cpp:400
SVF::SVFUtil::isThreadForkCall
bool isThreadForkCall(const CallICFGNode *inst)
Definition SVFUtil.h:360
SVF::SVFUtil::getActualParmAtForkSite
const ValVar * getActualParmAtForkSite(const CallICFGNode *cs)
Return sole argument of the thread routine.
Definition SVFUtil.h:408
SVF::SVFUtil::getForkedFun
const ValVar * getForkedFun(const CallICFGNode *inst)
Return thread fork function.
Definition SVFUtil.h:331

◆ handleIndCall()

void SVFIRBuilder::handleIndCall ( CallBase cs)
protected

Handle indirect call.

Indirect call is resolved on-the-fly during pointer analysis

Definition at line 1587 of file SVFIRBuilder.cpp.

1588{
1589 const CallICFGNode* cbn = llvmModuleSet()->getCallICFGNode(cs);
1590 NodeID indFunPtrId = llvmModuleSet()->getValueNode(cs->getCalledOperand());
1591 const_cast<CallICFGNode*>(cbn)->setIndFunPtr(pag->getGNode(indFunPtrId));
1592 pag->addIndirectCallsites(cbn,indFunPtrId);
1593}
SVF::SVFIR::addIndirectCallsites
void addIndirectCallsites(const CallICFGNode *cs, NodeID funPtr)
Add indirect callsites.
Definition SVFIR.h:580

◆ inferFieldIdxFromByteOffset()

u32_t SVFIRBuilder::inferFieldIdxFromByteOffset ( const llvm::GEPOperator *  gepOp,
DataLayout dl,
AccessPath ap,
APOffset  idx 
)
protected

Infer field index from byteoffset.

Definition at line 621 of file SVFIRBuilder.cpp.

622{
623 return 0;
624}

◆ initDomTree()

void SVFIRBuilder::initDomTree ( FunObjVar func,
const Function f 
)

Definition at line 256 of file SVFIRBuilder.cpp.

257{
258 if (fun->isDeclaration())
259 return;
260 //process and stored dt & df
261 DominanceFrontier df;
262 DominatorTree& dt = llvmModuleSet()->getDomTree(fun);
263 df.analyze(dt);
264 LoopInfo loopInfo = LoopInfo(dt);
265 PostDominatorTree pdt = PostDominatorTree(const_cast<Function&>(*fun));
266 SVFLoopAndDomInfo* ld = svffun->getLoopAndDomInfo();
267
268 Map<const SVFBasicBlock*,Set<const SVFBasicBlock*>> & dfBBsMap = ld->getDomFrontierMap();
269 for (DominanceFrontierBase::const_iterator dfIter = df.begin(), eDfIter = df.end(); dfIter != eDfIter; dfIter++)
270 {
271 const BasicBlock* keyBB = dfIter->first;
272 const std::set<BasicBlock* >& domSet = dfIter->second;
273 Set<const SVFBasicBlock*>& valueBasicBlocks = dfBBsMap[llvmModuleSet()->getSVFBasicBlock(keyBB)];
274 for (const BasicBlock* bbValue:domSet)
275 {
276 valueBasicBlocks.insert(llvmModuleSet()->getSVFBasicBlock(bbValue));
277 }
278 }
279 std::vector<const SVFBasicBlock*> reachableBBs;
280 LLVMUtil::getFunReachableBBs(fun, reachableBBs);
281 ld->setReachableBBs(reachableBBs);
282
283 for (Function::const_iterator bit = fun->begin(), beit = fun->end(); bit!=beit; ++bit)
284 {
285 const BasicBlock &bb = *bit;
286 SVFBasicBlock* svfBB = llvmModuleSet()->getSVFBasicBlock(&bb);
287 if (DomTreeNode* dtNode = dt.getNode(&bb))
288 {
289 SVFLoopAndDomInfo::BBSet& bbSet = ld->getDomTreeMap()[svfBB];
290 for (const auto domBB : *dtNode)
291 {
292 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
293 bbSet.insert(domSVFBB);
294 }
295 }
296
297 if (DomTreeNode* pdtNode = pdt.getNode(&bb))
298 {
299 u32_t level = pdtNode->getLevel();
300 ld->getBBPDomLevel()[svfBB] = level;
301 BasicBlock* idomBB = pdtNode->getIDom()->getBlock();
302 const SVFBasicBlock* idom = idomBB == NULL ? NULL: llvmModuleSet()->getSVFBasicBlock(idomBB);
303 ld->getBB2PIdom()[svfBB] = idom;
304
305 SVFLoopAndDomInfo::BBSet& bbSet = ld->getPostDomTreeMap()[svfBB];
306 for (const auto domBB : *pdtNode)
307 {
308 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
309 bbSet.insert(domSVFBB);
310 }
311 }
312
313 if (const Loop* loop = loopInfo.getLoopFor(&bb))
314 {
315 for (const BasicBlock* loopBlock : loop->getBlocks())
316 {
317 const SVFBasicBlock* loopbb = llvmModuleSet()->getSVFBasicBlock(loopBlock);
318 ld->addToBB2LoopMap(svfBB, loopbb);
319 }
320 }
321 }
322}
SVF::LLVMModuleSet::getSVFBasicBlock
SVFBasicBlock * getSVFBasicBlock(const BasicBlock *bb)
Definition LLVMModule.h:298
SVF::LLVMModuleSet::getDomTree
DominatorTree & getDomTree(const Function *fun)
Definition LLVMModule.cpp:99
SVF::SVFLoopAndDomInfo::getDomFrontierMap
const Map< const SVFBasicBlock *, BBSet > & getDomFrontierMap() const
Definition SVFLoopAndDomInfo.h:102
SVF::SVFLoopAndDomInfo::BBSet
Set< const SVFBasicBlock * > BBSet
Definition SVFLoopAndDomInfo.h:46
NULL
#define NULL
Definition extapi.c:5
SVF::LLVMUtil::getFunReachableBBs
void getFunReachableBBs(const Function *svfFun, std::vector< const SVFBasicBlock * > &bbs)
Get reachable basic block from function entry.
Definition LLVMUtil.cpp:74
SVF::LoopInfo
llvm::LoopInfo LoopInfo
Definition BasicTypes.h:141
SVF::DomTreeNode
llvm::DomTreeNode DomTreeNode
Definition BasicTypes.h:134
SVF::PostDominatorTree
llvm::PostDominatorTree PostDominatorTree
Definition BasicTypes.h:136
SVF::DominanceFrontier
llvm::DominanceFrontier DominanceFrontier
Definition BasicTypes.h:135
SVF::Loop
llvm::Loop Loop
LLVM Loop.
Definition BasicTypes.h:140
SVF::DominatorTree
llvm::DominatorTree DominatorTree
LLVM Dominators.
Definition BasicTypes.h:133

◆ initFunObjVar()

void SVFIRBuilder::initFunObjVar ( )

Function

set realDefFun for all functions

Definition at line 185 of file SVFIRBuilder.cpp.

186{
187 for (Module& mod : llvmModuleSet()->getLLVMModules())
188 {
190 for (const Function& f : mod.functions())
191 {
192 FunObjVar* svffun = const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(&f));
193 initSVFBasicBlock(&f);
194
195 if (!LLVMUtil::isExtCall(&f))
196 {
197 initDomTree(svffun, &f);
198 }
200 const Function *realfun = llvmModuleSet()->getRealDefFun(&f);
201 svffun->setRelDefFun(realfun == nullptr ? nullptr : llvmModuleSet()->getFunObjVar(realfun));
202 }
203 }
204
205 // Store annotations of functions in extapi.bc
206 for (const auto& pair : llvmModuleSet()->ExtFun2Annotations)
207 {
208 ExtAPI::getExtAPI()->setExtFuncAnnotations(llvmModuleSet()->getFunObjVar(pair.first), pair.second);
209 }
210
211}
SVF::ExtAPI::getExtAPI
static ExtAPI * getExtAPI()
Definition ExtAPI.cpp:44
SVF::ExtAPI::setExtFuncAnnotations
void setExtFuncAnnotations(const FunObjVar *fun, const std::vector< std::string > &funcAnnotations)
Definition ExtAPI.cpp:223
SVF::LLVMModuleSet::getRealDefFun
const Function * getRealDefFun(const Function *fun) const
Definition LLVMModule.h:185
SVF::SVFIRBuilder::initSVFBasicBlock
void initSVFBasicBlock(const Function *func)
Definition SVFIRBuilder.cpp:213
SVF::SVFIRBuilder::initDomTree
void initDomTree(FunObjVar *func, const Function *f)
Definition SVFIRBuilder.cpp:256
SVF::LLVMUtil::isExtCall
bool isExtCall(const Function *fun)
Definition LLVMUtil.cpp:383

◆ InitialGlobal()

void SVFIRBuilder::InitialGlobal ( const GlobalVariable gvar,
Constant C,
u32_t  offset 
)
protected

src should not point to anything yet

Definition at line 863 of file SVFIRBuilder.cpp.

865{
866 DBOUT(DPAGBuild, outs() << "global " << llvmModuleSet()->getSVFValue(gvar)->toString() << " constant initializer: " << llvmModuleSet()->getSVFValue(C)->toString() << "\n");
867 if (C->getType()->isSingleValueType())
868 {
869 NodeID src = getValueNode(C);
870 // get the field value if it is available, otherwise we create a dummy field node.
871 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
872 NodeID field = getGlobalVarField(gvar, offset, llvmModuleSet()->getSVFType(C->getType()));
873
874 if (SVFUtil::isa<GlobalVariable, Function>(C))
875 {
876 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
877 addStoreEdge(src, field);
878 }
879 else if (SVFUtil::isa<ConstantExpr>(C))
880 {
881 // add gep edge of C1 itself is a constant expression
882 processCE(C);
883 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
884 addStoreEdge(src, field);
885 }
886 else if (SVFUtil::isa<BlockAddress>(C))
887 {
888 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
889 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
890 processCE(C);
891 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
892 addAddrEdge(pag->getConstantNode(), src);
893 }
894 else
895 {
896 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
897 addStoreEdge(src, field);
899 if (C->getType()->isPtrOrPtrVectorTy() && src != pag->getNullPtr())
900 addCopyEdge(pag->getNullPtr(), src, CopyStmt::COPYVAL);
901 }
902 }
903 else if (SVFUtil::isa<ConstantArray, ConstantStruct>(C))
904 {
905 if(cppUtil::isValVtbl(gvar) && !Options::VtableInSVFIR())
906 return;
907 for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
908 {
909 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
910 InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
911 }
912 }
913 else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
914 {
915 if(Options::ModelConsts())
916 {
917 if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data))
918 {
919 for(u32_t i = 0; i < seq->getNumElements(); i++)
920 {
921 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
922 Constant* ct = seq->getElementAsConstant(i);
923 InitialGlobal(gvar, ct, offset + off);
924 }
925 }
926 else
927 {
928 assert((SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) && "Single value type data should have been handled!");
929 }
930 }
931 }
932 else
933 {
934 //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
935 }
936}
SVF::IRGraph::getConstantNode
NodeID getConstantNode() const
Definition IRGraph.h:251
SVF::Options::ModelConsts
static Option< bool > ModelConsts
Definition Options.h:184
SVF::Options::VtableInSVFIR
static const Option< bool > VtableInSVFIR
Definition Options.h:214
SVF::SVFIRBuilder::InitialGlobal
void InitialGlobal(const GlobalVariable *gvar, Constant *C, u32_t offset)
Definition SVFIRBuilder.cpp:863
SVF::SVFIRBuilder::getGlobalVarField
NodeID getGlobalVarField(const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
Definition SVFIRBuilder.cpp:836
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition CppUtil.cpp:336
SVF::ConstantData
llvm::ConstantData ConstantData
Definition BasicTypes.h:116
SVF::Constant
llvm::Constant Constant
Definition BasicTypes.h:124
SVF::ConstantDataSequential
llvm::ConstantDataSequential ConstantDataSequential
Definition BasicTypes.h:119

◆ initialiseBaseObjVars()

void SVFIRBuilder::initialiseBaseObjVars ( )

Definition at line 366 of file SVFIRBuilder.cpp.

367{
368 // Iterate over all object symbols in the symbol table
369 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
370 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end();
371 ++iter)
372 {
373 // Debug output for adding object node
374 DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
375
376 // Skip blackhole and constant symbols
377 if(iter->second == pag->blackholeSymID() || iter->second == pag->constantSymID())
378 continue;
379
380 // Get the LLVM value corresponding to the symbol
381 const Value* llvmValue = iter->first;
382
383 const ICFGNode* icfgNode = nullptr;
384 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
385 {
386 if(llvmModuleSet()->hasICFGNode(inst))
387 icfgNode = llvmModuleSet()->getICFGNode(inst);
388 }
389
390 // Check if the value is a function and add a function object node
391 if (SVFUtil::dyn_cast<Function>(llvmValue))
392 {
393 // already one
394 }
395 // Check if the value is a heap object and add a heap object node
396 else if (LLVMUtil::isHeapObj(llvmValue))
397 {
398 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
399 pag->addHeapObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
400 }
401 // Check if the value is an alloca instruction and add a stack object node
402 else if (LLVMUtil::isStackObj(llvmValue))
403 {
404 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
405 pag->addStackObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
406 }
407 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
408 {
409 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
410 pag->addConstantFPObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getDoubleValue(fpValue), icfgNode);
411 }
412 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
413 {
414 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
415 pag->addConstantIntObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getIntegerValue(intValue), icfgNode);
416 }
417 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
418 {
419 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
420 pag->addConstantNullPtrObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
421 }
422 else if (SVFUtil::isa<GlobalValue>(llvmValue))
423 {
424 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
425 pag->addGlobalObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
426 }
427 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
428 {
429 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
430 pag->addConstantDataObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
431 }
432 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
433 {
434 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
435 pag->addConstantAggObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
436 }
437 // Add a generic object node for other types of values
438 else
439 {
440 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
441 pag->addObjNode(iter->second, pag->getObjTypeInfo(id), icfgNode);
442 }
443 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
444 }
445
446}
SVF::IRGraph::constantSymID
NodeID constantSymID() const
Definition IRGraph.h:188
SVF::IRGraph::blackholeSymID
NodeID blackholeSymID() const
Definition IRGraph.h:193
SVF::SVFIR::addConstantAggObjNode
NodeID addConstantAggObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:706
SVF::SVFIR::addGlobalObjNode
NodeID addGlobalObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:701
SVF::SVFIR::addConstantDataObjNode
NodeID addConstantDataObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:711
SVF::SVFIR::addConstantFPObjNode
NodeID addConstantFPObjNode(NodeID i, ObjTypeInfo *ti, double dval, const ICFGNode *node)
Definition SVFIR.h:680
SVF::SVFIR::addObjNode
NodeID addObjNode(NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Add a memory obj node.
Definition SVFIR.h:650
SVF::SVFIR::addHeapObjNode
NodeID addHeapObjNode(NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:658
SVF::SVFIR::addConstantNullPtrObjNode
NodeID addConstantNullPtrObjNode(const NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:695
SVF::SVFIR::addStackObjNode
NodeID addStackObjNode(NodeID i, ObjTypeInfo *ti, const ICFGNode *node)
Definition SVFIR.h:667
SVF::SVFIR::addConstantIntObjNode
NodeID addConstantIntObjNode(NodeID i, ObjTypeInfo *ti, const std::pair< s64_t, u64_t > &intValue, const ICFGNode *node)
Definition SVFIR.h:687
SVF::LLVMUtil::getDoubleValue
double getDoubleValue(const ConstantFP *fpValue)
Definition LLVMUtil.h:54
SVF::LLVMUtil::isHeapObj
bool isHeapObj(const Value *val)
Definition LLVMUtil.cpp:682
SVF::LLVMUtil::isStackObj
bool isStackObj(const Value *val)
Definition LLVMUtil.cpp:704

◆ initialiseNodes()

void SVFIRBuilder::initialiseNodes ( )

Initialize nodes and edges.

add address edges for constant nodes.

add argvalvar for svffunctions

Definition at line 526 of file SVFIRBuilder.cpp.

527{
528 DBOUT(DPAGBuild, outs() << "Initialise SVFIR Nodes ...\n");
529
530
531 pag->addBlackholeObjNode();
532 pag->addConstantObjNode();
533 pag->addBlackholePtrNode();
534 addNullPtrNode();
535
536 initialiseBaseObjVars();
537 initialiseValVars();
538
539 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
540 llvmModuleSet()->retSyms().begin(); iter != llvmModuleSet()->retSyms().end();
541 ++iter)
542 {
543 const Value* llvmValue = iter->first;
544 const ICFGNode* icfgNode = nullptr;
545 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
546 {
547 if(llvmModuleSet()->hasICFGNode(inst))
548 icfgNode = llvmModuleSet()->getICFGNode(inst);
549 }
550 DBOUT(DPAGBuild, outs() << "add ret node " << iter->second << "\n");
551 pag->addRetNode(iter->second,
552 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
553 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
554 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
555 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
556 pag->returnFunObjSymMap[funObjVar] = iter->second;
557 }
558
559 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
560 llvmModuleSet()->varargSyms().begin();
561 iter != llvmModuleSet()->varargSyms().end(); ++iter)
562 {
563 const Value* llvmValue = iter->first;
564
565 const ICFGNode *icfgNode = nullptr;
566 if (const Instruction *inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
567 {
568 if (llvmModuleSet()->hasICFGNode(inst))
569 icfgNode = llvmModuleSet()->getICFGNode(inst);
570 }
571 DBOUT(DPAGBuild, outs() << "add vararg node " << iter->second << "\n");
572 pag->addVarargNode(iter->second,
573 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
574 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
575 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
576 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
577 pag->varargFunObjSymMap[funObjVar] = iter->second;
578 }
579
581 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
582 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end(); ++iter)
583 {
584 DBOUT(DPAGBuild, outs() << "add address edges for constant node " << iter->second << "\n");
585 const Value* val = iter->first;
586 if (isConstantObjSym(val))
587 {
588 NodeID ptr = llvmModuleSet()->getValueNode(val);
589 if(ptr!= pag->getBlkPtr() && ptr!= pag->getNullPtr())
590 {
591 setCurrentLocation(val, (SVFBasicBlock*) nullptr);
592 addAddrEdge(iter->second, ptr);
593 }
594 }
595 }
596
597 assert(pag->getTotalNodeNum() >= pag->getTotalSymNum()
598 && "not all node have been initialized!!!");
599
601 for (auto& fun: llvmModuleSet()->getFunctionSet())
602 {
603 for (const Argument& arg : fun->args())
604 {
605 const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(fun))->addArgument(SVFUtil::cast<ArgValVar>(
606 pag->getGNode(llvmModuleSet()->getValueNode(&arg))));
607 }
608 }
609
610}
SVF::IRGraph::getTotalSymNum
u32_t getTotalSymNum() const
Statistics.
Definition IRGraph.h:200
SVF::IRGraph::varargFunObjSymMap
FunObjVarToIDMapTy varargFunObjSymMap
vararg map
Definition IRGraph.h:86
SVF::IRGraph::returnFunObjSymMap
FunObjVarToIDMapTy returnFunObjSymMap
return map
Definition IRGraph.h:85
SVF::LLVMModuleSet::retSyms
FunToIDMapTy & retSyms()
Definition LLVMModule.h:274
SVF::LLVMModuleSet::hasICFGNode
bool hasICFGNode(const Instruction *inst)
Definition LLVMModule.cpp:1195
SVF::LLVMModuleSet::varargSyms
FunToIDMapTy & varargSyms()
Definition LLVMModule.h:279
SVF::SVFIRBuilder::addNullPtrNode
NodeID addNullPtrNode()
Add NullPtr PAGNode.
Definition SVFIRBuilder.h:280
SVF::SVFIR::addBlackholePtrNode
NodeID addBlackholePtrNode()
Definition SVFIR.h:772
SVF::SVFIR::addBlackholeObjNode
NodeID addBlackholeObjNode()
Definition SVFIR.h:764
SVF::SVFIR::addVarargNode
NodeID addVarargNode(NodeID i, const FunObjVar *val, const SVFType *type, const ICFGNode *n)
Add a unique vararg node for a procedure.
Definition SVFIR.h:724
SVF::SVFIR::addRetNode
NodeID addRetNode(NodeID i, const FunObjVar *callGraphNode, const SVFType *type, const ICFGNode *icn)
Add a unique return node for a procedure.
Definition SVFIR.h:718
SVF::SVFIR::addConstantObjNode
NodeID addConstantObjNode()
Definition SVFIR.h:768
SVF::LLVMUtil::isConstantObjSym
bool isConstantObjSym(const Value *val)
Check whether this value points-to a constant object.
Definition CppUtil.cpp:743
SVF::Argument
llvm::Argument Argument
Definition BasicTypes.h:145

◆ initialiseValVars()

void SVFIRBuilder::initialiseValVars ( )

Definition at line 448 of file SVFIRBuilder.cpp.

449{
450 // Iterate over all value symbols in the symbol table
451 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
452 llvmModuleSet()->valSyms().begin(); iter != llvmModuleSet()->valSyms().end();
453 ++iter)
454 {
455 // Debug output for adding value node
456 DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
457
458 // Skip blackhole and null pointer symbols
459 if(iter->second == pag->blkPtrSymID() || iter->second == pag->nullPtrSymID())
460 continue;
461
462 const ICFGNode* icfgNode = nullptr;
463 auto llvmValue = iter->first;
464 if (const Instruction* inst =
465 SVFUtil::dyn_cast<Instruction>(llvmValue))
466 {
467 if (llvmModuleSet()->hasICFGNode(inst))
468 {
469 icfgNode = llvmModuleSet()->getICFGNode(inst);
470 }
471 }
472
473 // Check if the value is a function and get its call graph node
474 if (const Function* func = SVFUtil::dyn_cast<Function>(llvmValue))
475 {
476 // add value node representing the function
477 pag->addFunValNode(iter->second, icfgNode, llvmModuleSet()->getFunObjVar(func), llvmModuleSet()->getSVFType(llvmValue->getType()));
478 }
479 else if (auto argval = SVFUtil::dyn_cast<Argument>(llvmValue))
480 {
481 pag->addArgValNode(
482 iter->second, argval->getArgNo(), icfgNode,
483 llvmModuleSet()->getFunObjVar(argval->getParent()),llvmModuleSet()->getSVFType(llvmValue->getType()));
484 if (!argval->hasName())
485 pag->getGNode(iter->second)->setName("arg_" + std::to_string(argval->getArgNo()));
486 }
487 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
488 {
489 pag->addConstantFPValNode(iter->second, LLVMUtil::getDoubleValue(fpValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
490 }
491 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
492 {
493 pag->addConstantIntValNode(iter->second, LLVMUtil::getIntegerValue(intValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
494 }
495 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
496 {
497 pag->addConstantNullPtrValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
498 }
499 else if (SVFUtil::isa<GlobalValue>(llvmValue))
500 {
501 pag->addGlobalValNode(iter->second, icfgNode,
502 llvmModuleSet()->getSVFType(llvmValue->getType()));
503 }
504 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
505 {
506 pag->addConstantDataValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
507 }
508 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
509 {
510 pag->addConstantAggValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
511 }
512 else
513 {
514 // Add value node to PAG
515 pag->addValNode(iter->second, llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
516 }
517 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue,
518 pag->getGNode(iter->second));
519 }
520}
SVF::IRGraph::blkPtrSymID
NodeID blkPtrSymID() const
Definition IRGraph.h:178
SVF::IRGraph::nullPtrSymID
NodeID nullPtrSymID() const
Definition IRGraph.h:183
SVF::LLVMModuleSet::valSyms
ValueToIDMapTy & valSyms()
Definition LLVMModule.h:207
SVF::SVFIR::addGlobalValNode
NodeID addGlobalValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:630
SVF::SVFIR::addConstantDataValNode
NodeID addConstantDataValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:642
SVF::SVFIR::addFunValNode
NodeID addFunValNode(NodeID i, const ICFGNode *icfgNode, const FunObjVar *funObjVar, const SVFType *type)
Definition SVFIR.h:597
SVF::SVFIR::addConstantFPValNode
NodeID addConstantFPValNode(const NodeID i, double dval, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:610
SVF::SVFIR::addConstantAggValNode
NodeID addConstantAggValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:636
SVF::SVFIR::addValNode
NodeID addValNode(NodeID i, const SVFType *type, const ICFGNode *icfgNode)
add node into SVFIR
Definition SVFIR.h:591
SVF::SVFIR::addArgValNode
NodeID addArgValNode(NodeID i, u32_t argNo, const ICFGNode *icfgNode, const FunObjVar *callGraphNode, const SVFType *type)
Definition SVFIR.h:603
SVF::SVFValue::setName
virtual void setName(const std::string &nameInfo)
Definition SVFValue.h:176

◆ initSVFBasicBlock()

void SVFIRBuilder::initSVFBasicBlock ( const Function func)

set exit block: exit basic block must have no successors and have a return instruction

Definition at line 213 of file SVFIRBuilder.cpp.

214{
215 FunObjVar *svfFun = const_cast<FunObjVar *>(llvmModuleSet()->getFunObjVar(func));
216 for (Function::const_iterator bit = func->begin(), ebit = func->end(); bit != ebit; ++bit)
217 {
218 const BasicBlock* bb = &*bit;
219 SVFBasicBlock* svfbb = llvmModuleSet()->getSVFBasicBlock(bb);
220 for (succ_const_iterator succ_it = succ_begin(bb); succ_it != succ_end(bb); succ_it++)
221 {
222 const SVFBasicBlock* svf_scc_bb = llvmModuleSet()->getSVFBasicBlock(*succ_it);
223 svfbb->addSuccBasicBlock(svf_scc_bb);
224 }
225 for (const_pred_iterator pred_it = pred_begin(bb); pred_it != pred_end(bb); pred_it++)
226 {
227 const SVFBasicBlock* svf_pred_bb = llvmModuleSet()->getSVFBasicBlock(*pred_it);
228 svfbb->addPredBasicBlock(svf_pred_bb);
229 }
230
232 if (svfbb->getSuccessors().empty())
233 {
234 if (LLVMUtil::basicBlockHasRetInst(bb))
235 {
236 assert((LLVMUtil::functionDoesNotRet(func) ||
237 SVFUtil::isa<ReturnInst>(bb->back())) &&
238 "last inst must be return inst");
239 svfFun->setExitBlock(svfbb);
240 }
241 }
242 }
243 // For no return functions, we set the last block as exit BB
244 // This ensures that each function that has definition must have an exit BB
245 if (svfFun->hasBasicBlock() && svfFun->exitBlock == nullptr)
246 {
247 SVFBasicBlock* retBB = const_cast<SVFBasicBlock*>(svfFun->back());
248 assert((LLVMUtil::functionDoesNotRet(func) ||
249 SVFUtil::isa<ReturnInst>(&func->back().back())) &&
250 "last inst must be return inst");
251 svfFun->setExitBlock(retBB);
252 }
253}
SVF::SVFBasicBlock::addPredBasicBlock
void addPredBasicBlock(const SVFBasicBlock *pred2)
Definition BasicBlockG.h:182
SVF::SVFBasicBlock::addSuccBasicBlock
void addSuccBasicBlock(const SVFBasicBlock *succ2)
Definition BasicBlockG.h:165
SVF::LLVMUtil::basicBlockHasRetInst
bool basicBlockHasRetInst(const BasicBlock *bb)
Return true if the function has a return instruction.
Definition LLVMUtil.cpp:108
SVF::succ_const_iterator
llvm::succ_const_iterator succ_const_iterator
LLVM Iterators.
Definition BasicTypes.h:276
SVF::const_pred_iterator
llvm::const_pred_iterator const_pred_iterator
Definition BasicTypes.h:254

◆ llvmModuleSet()

LLVMModuleSet * SVF::SVFIRBuilder::llvmModuleSet ( )
inlineprivate

Definition at line 519 of file SVFIRBuilder.h.

520 {
521 return LLVMModuleSet::getLLVMModuleSet();
522 }

◆ processCE()

void SVFIRBuilder::processCE ( const Value val)
protected

Process constant expression.

Handle constant expression, and connect the gep edge

Definition at line 705 of file SVFIRBuilder.cpp.

706{
707 if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
708 {
709 if (const ConstantExpr* gepce = isGepConstantExpr(ref))
710 {
711 DBOUT(DPAGBuild, outs() << "handle gep constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
712 const Constant* opnd = gepce->getOperand(0);
713 // handle recursive constant express case (gep (bitcast (gep X 1)) 1)
714 processCE(opnd);
715 auto &GEPOp = llvm::cast<llvm::GEPOperator>(*gepce);
716 Type *pType = GEPOp.getSourceElementType();
717 AccessPath ap(0, llvmModuleSet()->getSVFType(pType));
718 bool constGep = computeGepOffset(gepce, ap);
719 // must invoke pag methods here, otherwise it will be a dead recursion cycle
720 const Value* cval = getCurrentValue();
721 const SVFBasicBlock* cbb = getCurrentBB();
722 setCurrentLocation(gepce, (SVFBasicBlock*) nullptr);
723 /*
724 * The gep edge created are like constexpr (same edge may appear at multiple callsites)
725 * so bb/inst of this edge may be rewritten several times, we treat it as global here.
726 */
727 addGepEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(gepce), ap, constGep);
728 setCurrentLocation(cval, cbb);
729 }
730 else if (const ConstantExpr* castce = isCastConstantExpr(ref))
731 {
732 DBOUT(DPAGBuild, outs() << "handle cast constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
733 const Constant* opnd = castce->getOperand(0);
734 processCE(opnd);
735 const Value* cval = getCurrentValue();
736 const SVFBasicBlock* cbb = getCurrentBB();
737 setCurrentLocation(castce, (SVFBasicBlock*) nullptr);
738 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(castce), CopyStmt::BITCAST);
739 setCurrentLocation(cval, cbb);
740 }
741 else if (const ConstantExpr* selectce = isSelectConstantExpr(ref))
742 {
743 DBOUT(DPAGBuild, outs() << "handle select constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
744 const Constant* src1 = selectce->getOperand(1);
745 const Constant* src2 = selectce->getOperand(2);
746 processCE(src1);
747 processCE(src2);
748 const Value* cval = getCurrentValue();
749 const SVFBasicBlock* cbb = getCurrentBB();
750 setCurrentLocation(selectce, (SVFBasicBlock*) nullptr);
751 NodeID cond = llvmModuleSet()->getValueNode(selectce->getOperand(0));
752 NodeID nsrc1 = llvmModuleSet()->getValueNode(src1);
753 NodeID nsrc2 = llvmModuleSet()->getValueNode(src2);
754 NodeID nres = llvmModuleSet()->getValueNode(selectce);
755 addSelectStmt(nres,nsrc1, nsrc2, cond);
756 setCurrentLocation(cval, cbb);
757 }
758 // if we meet a int2ptr, then it points-to black hole
759 else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
760 {
761 const Constant* opnd = int2Ptrce->getOperand(0);
762 processCE(opnd);
763 const SVFBasicBlock* cbb = getCurrentBB();
764 const Value* cval = getCurrentValue();
765 setCurrentLocation(int2Ptrce, (SVFBasicBlock*) nullptr);
766 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(int2Ptrce), CopyStmt::INTTOPTR);
767 setCurrentLocation(cval, cbb);
768 }
769 else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
770 {
771 const Constant* opnd = ptr2Intce->getOperand(0);
772 processCE(opnd);
773 const SVFBasicBlock* cbb = getCurrentBB();
774 const Value* cval = getCurrentValue();
775 setCurrentLocation(ptr2Intce, (SVFBasicBlock*) nullptr);
776 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(ptr2Intce), CopyStmt::PTRTOINT);
777 setCurrentLocation(cval, cbb);
778 }
779 else if(isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
780 {
781 // we don't handle trunc and cmp instruction for now
782 const Value* cval = getCurrentValue();
783 const SVFBasicBlock* cbb = getCurrentBB();
784 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
785 NodeID dst = llvmModuleSet()->getValueNode(ref);
786 addBlackHoleAddrEdge(dst);
787 setCurrentLocation(cval, cbb);
788 }
789 else if (isBinaryConstantExpr(ref))
790 {
791 // we don't handle binary constant expression like add(x,y) now
792 const Value* cval = getCurrentValue();
793 const SVFBasicBlock* cbb = getCurrentBB();
794 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
795 NodeID dst = llvmModuleSet()->getValueNode(ref);
796 addBlackHoleAddrEdge(dst);
797 setCurrentLocation(cval, cbb);
798 }
799 else if (isUnaryConstantExpr(ref))
800 {
801 // we don't handle unary constant expression like fneg(x) now
802 const Value* cval = getCurrentValue();
803 const SVFBasicBlock* cbb = getCurrentBB();
804 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
805 NodeID dst = llvmModuleSet()->getValueNode(ref);
806 addBlackHoleAddrEdge(dst);
807 setCurrentLocation(cval, cbb);
808 }
809 else if (SVFUtil::isa<ConstantAggregate>(ref))
810 {
811 // we don't handle constant aggregate like constant vectors
812 }
813 else if (SVFUtil::isa<BlockAddress>(ref))
814 {
815 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
816 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
817 const Value* cval = getCurrentValue();
818 const SVFBasicBlock* cbb = getCurrentBB();
819 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
820 NodeID dst = llvmModuleSet()->getValueNode(ref);
821 addAddrEdge(pag->getConstantNode(), dst);
822 setCurrentLocation(cval, cbb);
823 }
824 else
825 {
826 if(SVFUtil::isa<ConstantExpr>(val))
827 assert(false && "we don't handle all other constant expression for now!");
828 }
829 }
830}
SVF::SVFIRBuilder::addSelectStmt
void addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIRBuilder.h:425
SVF::SVFIRBuilder::computeGepOffset
bool computeGepOffset(const User *V, AccessPath &ap)
Compute offset of a gep instruction or gep constant expression.
Definition SVFIRBuilder.cpp:632
SVF::LLVMUtil::isBinaryConstantExpr
const ConstantExpr * isBinaryConstantExpr(const Value *val)
Definition LLVMUtil.h:290
SVF::LLVMUtil::isInt2PtrConstantExpr
const ConstantExpr * isInt2PtrConstantExpr(const Value *val)
Definition LLVMUtil.h:225
SVF::LLVMUtil::isSelectConstantExpr
const ConstantExpr * isSelectConstantExpr(const Value *val)
Definition LLVMUtil.h:255
SVF::LLVMUtil::isTruncConstantExpr
const ConstantExpr * isTruncConstantExpr(const Value *val)
Definition LLVMUtil.h:265
SVF::LLVMUtil::isPtr2IntConstantExpr
const ConstantExpr * isPtr2IntConstantExpr(const Value *val)
Definition LLVMUtil.h:235
SVF::LLVMUtil::isUnaryConstantExpr
const ConstantExpr * isUnaryConstantExpr(const Value *val)
Definition LLVMUtil.h:301
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition LLVMUtil.h:245
SVF::LLVMUtil::isGepConstantExpr
const ConstantExpr * isGepConstantExpr(const Value *val)
Return corresponding constant expression, otherwise return nullptr.
Definition LLVMUtil.h:215
SVF::LLVMUtil::isCmpConstantExpr
const ConstantExpr * isCmpConstantExpr(const Value *val)
Definition LLVMUtil.h:279
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition BasicTypes.h:120

◆ sanityCheck()

void SVFIRBuilder::sanityCheck ( )

Sanity check for SVFIR.

Definition at line 1630 of file SVFIRBuilder.cpp.

1631{
1632 for (SVFIR::iterator nIter = pag->begin(); nIter != pag->end(); ++nIter)
1633 {
1634 (void) pag->getGNode(nIter->first);
1635 //TODO::
1636 // (1) every source(root) node of a pag tree should be object node
1637 // if a node has no incoming edge, but has outgoing edges
1638 // then it has to be an object node.
1639 // (2) make sure every variable should be initialized
1640 // otherwise it causes the a null pointer, the aliasing relation may not be captured
1641 // when loading a pointer value should make sure
1642 // some value has been store into this pointer before
1643 // q = load p, some value should stored into p first like store w p;
1644 // (3) make sure PAGNode should not have a const expr value (pointer should have unique def)
1645 // (4) look closely into addComplexConsForExt, make sure program locations(e.g.,inst bb)
1646 // are set correctly for dummy gepval node
1647 // (5) reduce unnecessary copy edge (const casts) and ensure correctness.
1648 }
1649}
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:371
SVF::GenericGraph< SVFVar, SVFStmt >::iterator
IDToNodeMapTy::iterator iterator
Node Iterators.
Definition GenericGraph.h:350

◆ setCurrentBBAndValueForPAGEdge()

void SVFIRBuilder::setCurrentBBAndValueForPAGEdge ( PAGEdge edge)
protected

We assume every GepValVar and its GepStmt are unique across whole program

We will have one unique function exit ICFGNode for all returns

Definition at line 1711 of file SVFIRBuilder.cpp.

1712{
1713 if (SVFIR::pagReadFromTXT())
1714 return;
1715
1716 assert(curVal && "current Val is nullptr?");
1717 edge->setBB(curBB!=nullptr ? curBB : nullptr);
1718 edge->setValue(pag->getGNode(llvmModuleSet()->getValueNode(curVal)));
1719 ICFGNode* icfgNode = pag->getICFG()->getGlobalICFGNode();
1720 LLVMModuleSet* llvmMS = llvmModuleSet();
1721 if (const Instruction* curInst = SVFUtil::dyn_cast<Instruction>(curVal))
1722 {
1723 const FunObjVar* srcFun = edge->getSrcNode()->getFunction();
1724 const FunObjVar* dstFun = edge->getDstNode()->getFunction();
1725 if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<FunValVar>(edge->getSrcNode()) && !SVFUtil::isa<FunObjVar>(edge->getSrcNode()))
1726 {
1727 assert(srcFun==llvmMS->getFunObjVar(curInst->getFunction()) && "SrcNode of the PAGEdge not in the same function?");
1728 }
1729 if(dstFun!=nullptr && !SVFUtil::isa<CallPE>(edge) && !SVFUtil::isa<RetValPN>(edge->getDstNode()))
1730 {
1731 assert(dstFun==llvmMS->getFunObjVar(curInst->getFunction()) && "DstNode of the PAGEdge not in the same function?");
1732 }
1733
1735 if (!(SVFUtil::isa<GepStmt>(edge) && SVFUtil::isa<GepValVar>(edge->getDstNode())))
1736 assert(curBB && "instruction does not have a basic block??");
1737
1739 if(SVFUtil::isa<ReturnInst>(curInst))
1740 {
1741 icfgNode = pag->getICFG()->getFunExitICFGNode(llvmMS->getFunObjVar(curInst->getFunction()));
1742 }
1743 else
1744 {
1745 if(SVFUtil::isa<RetPE>(edge))
1746 icfgNode = llvmMS->getRetICFGNode(SVFUtil::cast<Instruction>(curInst));
1747 else
1748 icfgNode = llvmMS->getICFGNode(SVFUtil::cast<Instruction>(curInst));
1749 }
1750 }
1751 else if (const Argument* arg = SVFUtil::dyn_cast<Argument>(curVal))
1752 {
1753 assert(curBB && (curBB->getParent()->getEntryBlock() == curBB));
1754 icfgNode = pag->getICFG()->getFunEntryICFGNode(
1755 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(arg->getParent())));
1756 }
1757 else if (SVFUtil::isa<Constant>(curVal) ||
1758 SVFUtil::isa<Function>(curVal) ||
1759 SVFUtil::isa<MetadataAsValue>(curVal))
1760 {
1761 if (!curBB)
1762 pag->addGlobalPAGEdge(edge);
1763 else
1764 {
1765 icfgNode = const_cast<ICFGNode*>(curBB->front());
1766 }
1767 }
1768 else
1769 {
1770 assert(false && "what else value can we have?");
1771 }
1772
1773 pag->addToSVFStmtList(icfgNode,edge);
1774 icfgNode->addSVFStmt(edge);
1775 if(const CallPE* callPE = SVFUtil::dyn_cast<CallPE>(edge))
1776 {
1777 CallICFGNode* callNode = const_cast<CallICFGNode*>(callPE->getCallSite());
1778 FunEntryICFGNode* entryNode = const_cast<FunEntryICFGNode*>(callPE->getFunEntryICFGNode());
1779 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(callNode,entryNode, ICFGEdge::CallCF))
1780 SVFUtil::cast<CallCFGEdge>(edge)->addCallPE(callPE);
1781 }
1782 else if(const RetPE* retPE = SVFUtil::dyn_cast<RetPE>(edge))
1783 {
1784 RetICFGNode* retNode = const_cast<RetICFGNode*>(retPE->getCallSite()->getRetICFGNode());
1785 FunExitICFGNode* exitNode = const_cast<FunExitICFGNode*>(retPE->getFunExitICFGNode());
1786 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(exitNode, retNode, ICFGEdge::RetCF))
1787 SVFUtil::cast<RetCFGEdge>(edge)->addRetPE(retPE);
1788 }
1789}
SVF::FunObjVar::getEntryBlock
const SVFBasicBlock * getEntryBlock() const
Definition SVFVariables.h:1219
SVF::ICFGNode::addSVFStmt
void addSVFStmt(const SVFStmt *edge)
Definition ICFGNode.h:110
SVF::ICFG::hasInterICFGEdge
ICFGEdge * hasInterICFGEdge(ICFGNode *src, ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Definition ICFG.cpp:276
SVF::ICFG::getGlobalICFGNode
GlobalICFGNode * getGlobalICFGNode() const
Definition ICFG.h:244
SVF::SVFBasicBlock::getParent
const FunObjVar * getParent() const
Definition BasicBlockG.h:198
SVF::SVFBasicBlock::front
const ICFGNode * front() const
Definition BasicBlockG.h:210
SVF::SVFIR::pagReadFromTXT
static bool pagReadFromTXT()
Definition SVFIR.h:212
SVF::SVFIR::addToSVFStmtList
void addToSVFStmtList(ICFGNode *inst, SVFStmt *edge)
Add a SVFStmt into instruction map.
Definition SVFIR.h:260
SVF::SVFIR::addGlobalPAGEdge
void addGlobalPAGEdge(const SVFStmt *edge)
Add global PAGEdges (not in a procedure)
Definition SVFIR.h:794

◆ setCurrentLocation() [1/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const BasicBlock bb 
)
inlineprotected

Set current basic block in order to keep track of control flow information.

Definition at line 250 of file SVFIRBuilder.h.

251 {
252 curBB = (bb == nullptr? nullptr : llvmModuleSet()->getSVFBasicBlock(bb));
253 curVal = (val == nullptr ? nullptr: val);
254 }

◆ setCurrentLocation() [2/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const SVFBasicBlock bb 
)
inlineprotected

Definition at line 255 of file SVFIRBuilder.h.

256 {
257 curBB = bb;
258 curVal = val;
259 }

◆ updateCallGraph()

void SVFIRBuilder::updateCallGraph ( CallGraph callgraph)

connect PAG edges based on callgraph

Definition at line 1595 of file SVFIRBuilder.cpp.

1596{
1597 CallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
1598 CallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
1599 for (; iter != eiter; iter++)
1600 {
1601 const CallICFGNode* callBlock = iter->first;
1602 const CallBase* callbase = SVFUtil::cast<CallBase>(llvmModuleSet()->getLLVMValue(callBlock));
1603 assert(callBlock->isIndirectCall() && "this is not an indirect call?");
1604 const CallGraph::FunctionSet& functions = iter->second;
1605 for (CallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
1606 {
1607 const Function* callee = SVFUtil::cast<Function>(llvmModuleSet()->getLLVMValue(*func_iter));
1608
1609 if (isExtCall(*func_iter))
1610 {
1611 setCurrentLocation(callee, callee->empty() ? nullptr : &callee->getEntryBlock());
1612 handleExtCall(callbase, callee);
1613 }
1614 else
1615 {
1616 setCurrentLocation(llvmModuleSet()->getLLVMValue(callBlock), callBlock->getBB());
1617 handleDirectCall(const_cast<CallBase*>(callbase), callee);
1618 }
1619 }
1620 }
1621
1622 // dump SVFIR
1623 if (Options::PAGDotGraph())
1624 pag->dump("svfir_final");
1625}
SVF::CallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition CallGraph.h:331
SVF::CallGraph::FunctionSet
Set< const FunObjVar * > FunctionSet
Definition CallGraph.h:247
SVF::SVFIRBuilder::handleDirectCall
void handleDirectCall(CallBase *cs, const Function *F)
Handle direct call.
Definition SVFIRBuilder.cpp:1433
SVF::SVFIRBuilder::handleExtCall
virtual void handleExtCall(const CallBase *cs, const Function *callee)
Definition SVFIRExtAPI.cpp:128
SVF::CallBase
llvm::CallBase CallBase
Definition BasicTypes.h:146

◆ visitAllocaInst()

void SVFIRBuilder::visitAllocaInst ( AllocaInst inst)
virtual

Our visit overrides.

Visit alloca instructions Add edge V (dst) <– O (src), V here is a value node on SVFIR, O is object node on SVFIR

Definition at line 994 of file SVFIRBuilder.cpp.

995{
996
997 // AllocaInst should always be a pointer type
998 assert(SVFUtil::isa<PointerType>(inst.getType()));
999
1000 DBOUT(DPAGBuild, outs() << "process alloca " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1001 NodeID dst = getValueNode(&inst);
1002
1003 NodeID src = getObjectNode(&inst);
1004
1005 addAddrWithStackArraySz(src, dst, inst);
1006
1007}
SVF::SVFIRBuilder::getObjectNode
NodeID getObjectNode(const Value *V)
GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
Definition SVFIRBuilder.h:108
SVF::SVFIRBuilder::addAddrWithStackArraySz
AddrStmt * addAddrWithStackArraySz(NodeID src, NodeID dst, llvm::AllocaInst &inst)
Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
Definition SVFIRBuilder.h:313

◆ visitAtomicCmpXchgInst()

void SVF::SVFIRBuilder::visitAtomicCmpXchgInst ( AtomicCmpXchgInst I)
inline

Definition at line 195 of file SVFIRBuilder.h.

196 {
197 addBlackHoleAddrEdge(getValueNode(&I));
198 }

◆ visitAtomicRMWInst()

void SVF::SVFIRBuilder::visitAtomicRMWInst ( AtomicRMWInst I)
inline

Definition at line 199 of file SVFIRBuilder.h.

200 {
201 addBlackHoleAddrEdge(getValueNode(&I));
202 }

◆ visitBinaryOperator()

void SVFIRBuilder::visitBinaryOperator ( BinaryOperator inst)

Visit Binary Operator

Definition at line 1109 of file SVFIRBuilder.cpp.

1110{
1111 NodeID dst = getValueNode(&inst);
1112 assert(inst.getNumOperands() == 2 && "not two operands for BinaryOperator?");
1113 Value* op1 = inst.getOperand(0);
1114 NodeID op1Node = getValueNode(op1);
1115 Value* op2 = inst.getOperand(1);
1116 NodeID op2Node = getValueNode(op2);
1117 u32_t opcode = inst.getOpcode();
1118 addBinaryOPEdge(op1Node, op2Node, dst, opcode);
1119}
SVF::SVFIRBuilder::addBinaryOPEdge
void addBinaryOPEdge(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIRBuilder.h:437

◆ visitBranchInst()

void SVFIRBuilder::visitBranchInst ( BranchInst inst)

Branch and switch instructions are treated as UnaryOP br cmp label if.then, label if.else

set conditional svf var

Definition at line 1288 of file SVFIRBuilder.cpp.

1289{
1290 NodeID brinst = getValueNode(&inst);
1291 NodeID cond;
1292 if (inst.isConditional())
1293 cond = getValueNode(inst.getCondition());
1294 else
1295 cond = pag->getNullPtr();
1296
1297 assert(inst.getNumSuccessors() <= 2 && "if/else has more than two branches?");
1298
1299 BranchStmt::SuccAndCondPairVec successors;
1300 std::vector<const Instruction*> nextInsts;
1301 LLVMUtil::getNextInsts(&inst, nextInsts);
1302 u32_t branchID = 0;
1303 for (const Instruction* succInst : nextInsts)
1304 {
1305 assert(branchID <= 1 && "if/else has more than two branches?");
1306 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1307 successors.push_back(std::make_pair(icfgNode, 1-branchID));
1308 branchID++;
1309 }
1310 addBranchStmt(brinst, cond, successors);
1312 if (inst.isConditional())
1313 {
1314 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1315 {
1316 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1317 {
1318 intraEdge->setConditionVar(pag->getGNode(cond));
1319 }
1320 }
1321 }
1322}
SVF::BranchStmt::SuccAndCondPairVec
std::vector< std::pair< const ICFGNode *, s32_t > > SuccAndCondPairVec
Definition SVFStatements.h:1215
SVF::SVFIRBuilder::addBranchStmt
void addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add Branch statement.
Definition SVFIRBuilder.h:449
SVF::LLVMUtil::getNextInsts
void getNextInsts(const Instruction *curInst, std::vector< const Instruction * > &instList)
Get the next instructions following control flow.
Definition LLVMUtil.cpp:573

◆ visitCallBrInst()

void SVFIRBuilder::visitCallBrInst ( CallBrInst I)

Definition at line 1176 of file SVFIRBuilder.cpp.

1177{
1178 visitCallSite(&i);
1179}
SVF::SVFIRBuilder::visitCallSite
void visitCallSite(CallBase *cs)
Definition SVFIRBuilder.cpp:1184

◆ visitCallInst()

void SVFIRBuilder::visitCallInst ( CallInst I)

Definition at line 1166 of file SVFIRBuilder.cpp.

1167{
1168 visitCallSite(&i);
1169}

◆ visitCallSite()

void SVFIRBuilder::visitCallSite ( CallBase cs)

Collect callsite arguments and returns

Definition at line 1184 of file SVFIRBuilder.cpp.

1185{
1186
1187 // skip llvm intrinsics
1188 if(isIntrinsicInst(cs))
1189 return;
1190
1191 DBOUT(DPAGBuild,
1192 outs() << "process callsite " << svfcall->valueOnlyToString() << "\n");
1193
1194
1195 CallICFGNode* callBlockNode = llvmModuleSet()->getCallICFGNode(cs);
1196 RetICFGNode* retBlockNode = llvmModuleSet()->getRetICFGNode(cs);
1197
1198 pag->addCallSite(callBlockNode);
1199
1201 for (u32_t i = 0; i < cs->arg_size(); i++)
1202 pag->addCallSiteArgs(
1203 callBlockNode,
1204 SVFUtil::cast<ValVar>(pag->getGNode(getValueNode(cs->getArgOperand(i)))));
1205
1206 if(!cs->getType()->isVoidTy())
1207 pag->addCallSiteRets(retBlockNode,pag->getGNode(getValueNode(cs)));
1208
1209 if (callBlockNode->isVirtualCall())
1210 {
1211 const Value* value = cppUtil::getVCallVtblPtr(cs);
1212 callBlockNode->setVtablePtr(pag->getGNode(getValueNode(value)));
1213 }
1214 if (const Function *callee = LLVMUtil::getCallee(cs))
1215 {
1216 if (LLVMUtil::isExtCall(callee))
1217 {
1218 handleExtCall(cs, callee);
1219 }
1220 else
1221 {
1222 handleDirectCall(cs, callee);
1223 }
1224 }
1225 else
1226 {
1227 //If the callee was not identified as a function (null F), this is indirect.
1228 handleIndCall(cs);
1229 }
1230}
SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition ICFGNode.h:509
SVF::CallICFGNode::setVtablePtr
void setVtablePtr(SVFVar *v)
Definition ICFGNode.h:514
SVF::LLVMModuleSet::getRetICFGNode
RetICFGNode * getRetICFGNode(const Instruction *cs)
get a return node
Definition LLVMModule.cpp:1217
SVF::SVFIRBuilder::handleIndCall
void handleIndCall(CallBase *cs)
Handle indirect call.
Definition SVFIRBuilder.cpp:1587
SVF::SVFIR::addCallSiteRets
void addCallSiteRets(RetICFGNode *retBlockNode, const SVFVar *arg)
Add callsite returns.
Definition SVFIR.h:574
SVF::SVFIR::addCallSiteArgs
void addCallSiteArgs(CallICFGNode *callBlockNode, const ValVar *arg)
Add callsite arguments.
Definition SVFIR.h:568
SVF::SVFIR::addCallSite
void addCallSite(const CallICFGNode *call)
Add callsites.
Definition SVFIR.h:799
SVF::LLVMUtil::isIntrinsicInst
bool isIntrinsicInst(const Instruction *inst)
Return true if it is an intrinsic instruction.
Definition LLVMUtil.cpp:202
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition LLVMUtil.h:97
SVF::cppUtil::getVCallVtblPtr
const Value * getVCallVtblPtr(const CallBase *cs)
Definition CppUtil.cpp:608

◆ visitCastInst()

void SVFIRBuilder::visitCastInst ( CastInst I)

Definition at line 1095 of file SVFIRBuilder.cpp.

1096{
1097
1098 DBOUT(DPAGBuild, outs() << "process cast " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1099 NodeID dst = getValueNode(&inst);
1100
1101 const Value* opnd = inst.getOperand(0);
1102 NodeID src = getValueNode(opnd);
1103 addCopyEdge(src, dst, getCopyKind(&inst));
1104}
SVF::SVFIRBuilder::getCopyKind
CopyStmt::CopyKind getCopyKind(const Value *val)
Definition SVFIRBuilder.h:380

◆ visitCmpInst()

void SVFIRBuilder::visitCmpInst ( CmpInst inst)

Visit compare instruction

Definition at line 1137 of file SVFIRBuilder.cpp.

1138{
1139 NodeID dst = getValueNode(&inst);
1140 assert(inst.getNumOperands() == 2 && "not two operands for compare instruction?");
1141 Value* op1 = inst.getOperand(0);
1142 NodeID op1Node = getValueNode(op1);
1143 Value* op2 = inst.getOperand(1);
1144 NodeID op2Node = getValueNode(op2);
1145 u32_t predicate = inst.getPredicate();
1146 addCmpEdge(op1Node, op2Node, dst, predicate);
1147}
SVF::SVFIRBuilder::addCmpEdge
void addCmpEdge(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIRBuilder.h:431

◆ visitExtractElementInst()

void SVFIRBuilder::visitExtractElementInst ( ExtractElementInst inst)

The �extractelement� instruction extracts a single scalar element from a vector at a specified index. TODO: for now we just assume the pointer after extraction points to blackhole The first operand of an �extractelement� instruction is a value of vector type. The second operand is an index indicating the position from which to extract the element.

<result> = extractelement <4 x i32> vec, i32 0 ; yields i32

Definition at line 1278 of file SVFIRBuilder.cpp.

1279{
1280 NodeID dst = getValueNode(&inst);
1281 addBlackHoleAddrEdge(dst);
1282}

◆ visitExtractValueInst()

void SVFIRBuilder::visitExtractValueInst ( ExtractValueInst inst)

visit extract value instructions for structures in registers TODO: for now we just assume the pointer after extraction points to blackhole for example %24 = extractvalue { i32, struct.s_hash* } call34, 0 %24 is a pointer points to first field of a register value call34 however we can not create call34 as an memory object, as it is register value. Is that necessary treat extract value as getelementptr instruction later to get more precise results?

Definition at line 1264 of file SVFIRBuilder.cpp.

1265{
1266 NodeID dst = getValueNode(&inst);
1267 addBlackHoleAddrEdge(dst);
1268}

◆ visitFenceInst()

void SVF::SVFIRBuilder::visitFenceInst ( FenceInst I)
inline

Definition at line 191 of file SVFIRBuilder.h.

192 {
193 addBlackHoleAddrEdge(getValueNode(&I));
194 }

◆ visitFreezeInst()

void SVFIRBuilder::visitFreezeInst ( FreezeInst inst)

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val>

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val> For now, we assume <val> is never a poison or undef.

Definition at line 1418 of file SVFIRBuilder.cpp.

1419{
1420 NodeID dst = getValueNode(&inst);
1421 for (u32_t i = 0; i < inst.getNumOperands(); i++)
1422 {
1423 Value* opnd = inst.getOperand(i);
1424 NodeID src = getValueNode(opnd);
1425 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1426 }
1427}

◆ visitGetElementPtrInst()

void SVFIRBuilder::visitGetElementPtrInst ( GetElementPtrInst inst)

Visit getelementptr instructions

Definition at line 1069 of file SVFIRBuilder.cpp.

1070{
1071
1072 NodeID dst = getValueNode(&inst);
1073 // GetElementPtrInst should always be a pointer or a vector contains pointers
1074 // for now we don't handle vector type here
1075 if(SVFUtil::isa<VectorType>(inst.getType()))
1076 {
1077 addBlackHoleAddrEdge(dst);
1078 return;
1079 }
1080
1081 assert(SVFUtil::isa<PointerType>(inst.getType()));
1082
1083 DBOUT(DPAGBuild, outs() << "process gep " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1084
1085 NodeID src = getValueNode(inst.getPointerOperand());
1086
1087 AccessPath ap(0, llvmModuleSet()->getSVFType(inst.getSourceElementType()));
1088 bool constGep = computeGepOffset(&inst, ap);
1089 addGepEdge(src, dst, ap, constGep);
1090}

◆ visitGlobal()

void SVFIRBuilder::visitGlobal ( )
protected

Handle globals including (global variable and functions)

Visit global variables for building SVFIR

initialize global variable

initialize global functions

Definition at line 941 of file SVFIRBuilder.cpp.

942{
943
945 for (Module &M : llvmModuleSet()->getLLVMModules())
946 {
947 for (Module::global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
948 {
949 GlobalVariable *gvar = &*I;
950 NodeID idx = getValueNode(gvar);
951 NodeID obj = getObjectNode(gvar);
952
953 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
954 addAddrEdge(obj, idx);
955
956 if (gvar->hasInitializer())
957 {
958 Constant *C = gvar->getInitializer();
959 DBOUT(DPAGBuild, outs() << "add global var node " << llvmModuleSet()->getSVFValue(gvar)->toString() << "\n");
960 InitialGlobal(gvar, C, 0);
961 }
962 }
963
964
966 for (Module::const_iterator I = M.begin(), E = M.end(); I != E; ++I)
967 {
968 const Function* fun = &*I;
969 NodeID idx = getValueNode(fun);
970 NodeID obj = getObjectNode(fun);
971
972 DBOUT(DPAGBuild, outs() << "add global function node " << fun->getName().str() << "\n");
973 setCurrentLocation(fun, (SVFBasicBlock*) nullptr);
974 addAddrEdge(obj, idx);
975 }
976
977 // Handle global aliases (due to linkage of multiple bc files), e.g., @x = internal alias @y. We need to add a copy from y to x.
978 for (Module::alias_iterator I = M.alias_begin(), E = M.alias_end(); I != E; I++)
979 {
980 const GlobalAlias* alias = &*I;
981 NodeID dst = llvmModuleSet()->getValueNode(alias);
982 NodeID src = llvmModuleSet()->getValueNode(alias->getAliasee());
983 processCE(alias->getAliasee());
984 setCurrentLocation(alias, (SVFBasicBlock*) nullptr);
985 addCopyEdge(src, dst, CopyStmt::COPYVAL);
986 }
987 }
988}
SVF::GlobalVariable
llvm::GlobalVariable GlobalVariable
Definition BasicTypes.h:130
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition BasicTypes.h:128

◆ visitInsertElementInst()

void SVF::SVFIRBuilder::visitInsertElementInst ( InsertElementInst I)
inline

Definition at line 171 of file SVFIRBuilder.h.

172 {
173 addBlackHoleAddrEdge(getValueNode(&I));
174 }

◆ visitInsertValueInst()

void SVF::SVFIRBuilder::visitInsertValueInst ( InsertValueInst I)
inline

Definition at line 145 of file SVFIRBuilder.h.

146 {
147 addBlackHoleAddrEdge(getValueNode(&I));
148 }

◆ visitInstruction()

void SVF::SVFIRBuilder::visitInstruction ( Instruction )
inline

Provide base case for our instruction visit.

Definition at line 205 of file SVFIRBuilder.h.

206 {
207 // If a new instruction is added to LLVM that we don't handle.
208 // TODO: ignore here:
209 }

◆ visitInvokeInst()

void SVFIRBuilder::visitInvokeInst ( InvokeInst II)

Definition at line 1171 of file SVFIRBuilder.cpp.

1172{
1173 visitCallSite(&i);
1174}

◆ visitLandingPadInst()

void SVF::SVFIRBuilder::visitLandingPadInst ( LandingPadInst I)
inline

Definition at line 179 of file SVFIRBuilder.h.

180 {
181 addBlackHoleAddrEdge(getValueNode(&I));
182 }

◆ visitLoadInst()

void SVFIRBuilder::visitLoadInst ( LoadInst I)

Definition at line 1037 of file SVFIRBuilder.cpp.

1038{
1039 DBOUT(DPAGBuild, outs() << "process load " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1040
1041 NodeID dst = getValueNode(&inst);
1042
1043 NodeID src = getValueNode(inst.getPointerOperand());
1044
1045 addLoadEdge(src, dst);
1046}

◆ visitPHINode()

void SVFIRBuilder::visitPHINode ( PHINode inst)

Visit phi instructions

Definition at line 1012 of file SVFIRBuilder.cpp.

1013{
1014
1015 DBOUT(DPAGBuild, outs() << "process phi " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1016
1017 NodeID dst = getValueNode(&inst);
1018
1019 for (u32_t i = 0; i < inst.getNumIncomingValues(); ++i)
1020 {
1021 const Value* val = inst.getIncomingValue(i);
1022 const Instruction* incomingInst = SVFUtil::dyn_cast<Instruction>(val);
1023 bool matched = (incomingInst == nullptr ||
1024 incomingInst->getFunction() == inst.getFunction());
1025 (void) matched; // Suppress warning of unused variable under release build
1026 assert(matched && "incomingInst's Function incorrect");
1027 const Instruction* predInst = &inst.getIncomingBlock(i)->back();
1028 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(predInst);
1029 NodeID src = getValueNode(val);
1030 addPhiStmt(dst,src,icfgNode);
1031 }
1032}
SVF::SVFIRBuilder::addPhiStmt
void addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add Copy edge.
Definition SVFIRBuilder.h:418

◆ visitResumeInst()

void SVF::SVFIRBuilder::visitResumeInst ( ResumeInst )
inline

Instruction not that often.

Definition at line 185 of file SVFIRBuilder.h.

186 {
187 }

◆ visitReturnInst()

void SVFIRBuilder::visitReturnInst ( ReturnInst inst)

Visit return instructions of a function

Definition at line 1235 of file SVFIRBuilder.cpp.

1236{
1237
1238 // ReturnInst itself should always not be a pointer type
1239 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1240
1241 DBOUT(DPAGBuild, outs() << "process return " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1242
1243 if(Value* src = inst.getReturnValue())
1244 {
1245 const FunObjVar *F = llvmModuleSet()->getFunObjVar(inst.getParent()->getParent());
1246
1247 NodeID rnF = getReturnNode(F);
1248 NodeID vnS = getValueNode(src);
1249 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(&inst);
1250 //vnS may be null if src is a null ptr
1251 addPhiStmt(rnF,vnS,icfgNode);
1252 }
1253}

◆ visitSelectInst()

void SVFIRBuilder::visitSelectInst ( SelectInst inst)

Visit select instructions

Two operands have same incoming basic block, both are the current BB

Definition at line 1153 of file SVFIRBuilder.cpp.

1154{
1155
1156 DBOUT(DPAGBuild, outs() << "process select " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1157
1158 NodeID dst = getValueNode(&inst);
1159 NodeID src1 = getValueNode(inst.getTrueValue());
1160 NodeID src2 = getValueNode(inst.getFalseValue());
1161 NodeID cond = getValueNode(inst.getCondition());
1163 addSelectStmt(dst,src1,src2, cond);
1164}

◆ visitShuffleVectorInst()

void SVF::SVFIRBuilder::visitShuffleVectorInst ( ShuffleVectorInst I)
inline

Definition at line 175 of file SVFIRBuilder.h.

176 {
177 addBlackHoleAddrEdge(getValueNode(&I));
178 }

◆ visitStoreInst()

void SVFIRBuilder::visitStoreInst ( StoreInst inst)

Visit store instructions

Definition at line 1051 of file SVFIRBuilder.cpp.

1052{
1053 // StoreInst itself should always not be a pointer type
1054 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1055
1056 DBOUT(DPAGBuild, outs() << "process store " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1057
1058 NodeID dst = getValueNode(inst.getPointerOperand());
1059
1060 NodeID src = getValueNode(inst.getValueOperand());
1061
1062 addStoreEdge(src, dst);
1063
1064}

◆ visitSwitchInst()

void SVFIRBuilder::visitSwitchInst ( SwitchInst inst)

The following implementation follows ICFGBuilder::processFunBody.

See more: https://github.com/SVF-tools/SVF/pull/1191

Given the code:

switch (a) { case 0: printf("0\n"); break; case 1: case 2: case 3: printf("a >=1 && a <= 3\n"); break; case 4: case 6: case 7: printf("a >= 4 && a <=7\n"); break; default: printf("a < 0 || a > 7"); break; }

Generate the IR:

switch i32 %0, label sw.default [ i32 0, label sw.bb i32 1, label sw.bb1 i32 2, label sw.bb1 i32 3, label sw.bb1 i32 4, label sw.bb3 i32 6, label sw.bb3 i32 7, label sw.bb3 ]

We can get every case basic block and related case value: [ {sw.default, -1}, {sw.bb, 0}, {sw.bb1, 1}, {sw.bb1, 2}, {sw.bb1, 3}, {sw.bb3, 4}, {sw.bb3, 6}, {sw.bb3, 7}, ] Note: default case value is nullptr For larger number, we preserve case value just -1 now see more: https://github.com/SVF-tools/SVF/pull/992

branch condition value

default case is set to -1;

set conditional svf var

Definition at line 1370 of file SVFIRBuilder.cpp.

1371{
1372 NodeID brinst = getValueNode(&inst);
1373 NodeID cond = getValueNode(inst.getCondition());
1374
1375 BranchStmt::SuccAndCondPairVec successors;
1376 std::vector<const Instruction*> nextInsts;
1377 LLVMUtil::getNextInsts(&inst, nextInsts);
1378 for (const Instruction* succInst : nextInsts)
1379 {
1381 const ConstantInt* condVal = inst.findCaseDest(const_cast<BasicBlock*>(succInst->getParent()));
1383 s64_t val = -1;
1384 if (condVal && condVal->getBitWidth() <= 64)
1385 val = (u32_t)LLVMUtil::getIntegerValue(condVal).first;
1386 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1387 successors.push_back(std::make_pair(icfgNode, val));
1388 }
1389 addBranchStmt(brinst, cond, successors);
1391 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1392 {
1393 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1394 {
1395 intraEdge->setConditionVar(pag->getGNode(cond));
1396 }
1397 }
1398}
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50

◆ visitUnaryOperator()

void SVFIRBuilder::visitUnaryOperator ( UnaryOperator inst)

Visit Unary Operator

Definition at line 1124 of file SVFIRBuilder.cpp.

1125{
1126 NodeID dst = getValueNode(&inst);
1127 assert(inst.getNumOperands() == 1 && "not one operand for Unary instruction?");
1128 Value* opnd = inst.getOperand(0);
1129 NodeID src = getValueNode(opnd);
1130 u32_t opcode = inst.getOpcode();
1131 addUnaryOPEdge(src, dst, opcode);
1132}
SVF::SVFIRBuilder::addUnaryOPEdge
void addUnaryOPEdge(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIRBuilder.h:443

◆ visitUnreachableInst()

void SVF::SVFIRBuilder::visitUnreachableInst ( UnreachableInst )
inline

Definition at line 188 of file SVFIRBuilder.h.

189 {
190 }

◆ visitVAArgInst()

void SVFIRBuilder::visitVAArgInst ( VAArgInst inst)

TODO: var arguments need to be handled. https://llvm.org/docs/LangRef.html#id1911

ap = alloca struct.va_list ap2 = bitcast struct.va_list* ap to i8* ; Read a single integer argument from ap2 tmp = va_arg i8* ap2, i32 (VAArgInst) TODO: for now, create a copy edge from ap2 to tmp, we assume here tmp should point to the n-th argument of the var_args

Definition at line 1406 of file SVFIRBuilder.cpp.

1407{
1408 NodeID dst = getValueNode(&inst);
1409 Value* opnd = inst.getPointerOperand();
1410 NodeID src = getValueNode(opnd);
1411 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1412}

◆ visitVACopyInst()

void SVF::SVFIRBuilder::visitVACopyInst ( VACopyInst )
inline

Definition at line 160 of file SVFIRBuilder.h.

160{}

◆ visitVAEndInst()

void SVF::SVFIRBuilder::visitVAEndInst ( VAEndInst )
inline

Definition at line 161 of file SVFIRBuilder.h.

161{}

◆ visitVAStartInst()

void SVF::SVFIRBuilder::visitVAStartInst ( VAStartInst )
inline

Definition at line 162 of file SVFIRBuilder.h.

162{}

Friends And Related Symbol Documentation

◆ GraphDBSVFIRBuilder

friend class GraphDBSVFIRBuilder
friend

Definition at line 49 of file SVFIRBuilder.h.

Member Data Documentation

◆ curBB

const SVFBasicBlock* SVF::SVFIRBuilder::curBB
private

Current basic block during SVFIR construction when visiting the module.

Definition at line 53 of file SVFIRBuilder.h.

◆ curVal

const Value* SVF::SVFIRBuilder::curVal
private

Current Value during SVFIR construction when visiting the module.

Definition at line 54 of file SVFIRBuilder.h.

◆ pag

SVFIR* SVF::SVFIRBuilder::pag
private

Definition at line 52 of file SVFIRBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8