Static Value-Flow Analysis
Loading...
Searching...
No Matches
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | List of all members
SVF::SVFIRBuilder Class Reference

#include <SVFIRBuilder.h>

Inheritance diagram for SVF::SVFIRBuilder:

Public Member Functions

 SVFIRBuilder ()
 Constructor.
 
virtual ~SVFIRBuilder ()
 Destructor.
 
virtual SVFIRbuild ()
 Start building SVFIR here.
 
SVFIRgetPAG () const
 Return SVFIR.
 
void createFunObjVars ()
 
void initFunObjVar ()
 
void initialiseNodes ()
 Initialize nodes and edges.
 
void initialiseBaseObjVars ()
 
void initialiseValVars ()
 
void initSVFBasicBlock (const Function *func)
 
void initDomTree (FunObjVar *func, const Function *f)
 
void addEdge (NodeID src, NodeID dst, SVFStmt::PEDGEK kind, APOffset offset=0, Instruction *cs=nullptr)
 
void sanityCheck ()
 Sanity check for SVFIR.
 
NodeID getValueNode (const Value *V)
 Get different kinds of node.
 
NodeID getObjectNode (const Value *V)
 GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
 
NodeID getReturnNode (const FunObjVar *func)
 getReturnNode - Return the node representing the unique return value of a function.
 
NodeID getVarargNode (const FunObjVar *func)
 getVarargNode - Return the node representing the unique variadic argument of a function.
 
virtual void visitAllocaInst (AllocaInst &AI)
 Our visit overrides.
 
void visitPHINode (PHINode &I)
 
void visitStoreInst (StoreInst &I)
 
void visitLoadInst (LoadInst &I)
 
void visitGetElementPtrInst (GetElementPtrInst &I)
 
void visitCallInst (CallInst &I)
 
void visitInvokeInst (InvokeInst &II)
 
void visitCallBrInst (CallBrInst &I)
 
void visitCallSite (CallBase *cs)
 
void visitReturnInst (ReturnInst &I)
 
void visitCastInst (CastInst &I)
 
void visitSelectInst (SelectInst &I)
 
void visitExtractValueInst (ExtractValueInst &EVI)
 
void visitBranchInst (BranchInst &I)
 
void visitSwitchInst (SwitchInst &I)
 The following implementation follows ICFGBuilder::processFunBody.
 
void visitInsertValueInst (InsertValueInst &I)
 
void visitBinaryOperator (BinaryOperator &I)
 
void visitUnaryOperator (UnaryOperator &I)
 
void visitCmpInst (CmpInst &I)
 
void visitVAArgInst (VAArgInst &)
 
void visitVACopyInst (VACopyInst &)
 
void visitVAEndInst (VAEndInst &)
 
void visitVAStartInst (VAStartInst &)
 
void visitFreezeInst (FreezeInst &I)
 
void visitExtractElementInst (ExtractElementInst &I)
 
void visitInsertElementInst (InsertElementInst &I)
 
void visitShuffleVectorInst (ShuffleVectorInst &I)
 
void visitLandingPadInst (LandingPadInst &I)
 
void visitResumeInst (ResumeInst &)
 Instruction not that often.
 
void visitUnreachableInst (UnreachableInst &)
 
void visitFenceInst (FenceInst &I)
 
void visitAtomicCmpXchgInst (AtomicCmpXchgInst &I)
 
void visitAtomicRMWInst (AtomicRMWInst &I)
 
void visitInstruction (Instruction &)
 Provide base case for our instruction visit.
 
void updateCallGraph (CallGraph *callgraph)
 connect PAG edges based on callgraph
 

Protected Member Functions

void visitGlobal ()
 Handle globals including (global variable and functions)
 
void InitialGlobal (const GlobalVariable *gvar, Constant *C, u32_t offset)
 
NodeID getGlobalVarField (const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
 
void processCE (const Value *val)
 Process constant expression.
 
u32_t inferFieldIdxFromByteOffset (const llvm::GEPOperator *gepOp, DataLayout *dl, AccessPath &ap, APOffset idx)
 Infer field index from byteoffset.
 
bool computeGepOffset (const User *V, AccessPath &ap)
 Compute offset of a gep instruction or gep constant expression.
 
const ValuegetBaseValueForExtArg (const Value *V)
 Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))
 
void handleDirectCall (CallBase *cs, const Function *F)
 Handle direct call.
 
void handleIndCall (CallBase *cs)
 Handle indirect call.
 
virtual const TypegetBaseTypeAndFlattenedFields (const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
 Handle external call.
 
virtual void addComplexConsForExt (Value *D, Value *S, const Value *sz)
 
virtual void handleExtCall (const CallBase *cs, const Function *callee)
 
void setCurrentLocation (const Value *val, const BasicBlock *bb)
 Set current basic block in order to keep track of control flow information.
 
void setCurrentLocation (const Value *val, const SVFBasicBlock *bb)
 
const ValuegetCurrentValue () const
 
const SVFBasicBlockgetCurrentBB () const
 
void addGlobalBlackHoleAddrEdge (NodeID node, const ConstantExpr *int2Ptrce)
 Add global black hole Address edge.
 
NodeID addNullPtrNode ()
 Add NullPtr PAGNode.
 
NodeID getGepValVar (const Value *val, const AccessPath &ap, const SVFType *elementType)
 
void setCurrentBBAndValueForPAGEdge (PAGEdge *edge)
 
void addBlackHoleAddrEdge (NodeID node)
 
AddrStmtaddAddrEdge (NodeID src, NodeID dst)
 Add Address edge.
 
AddrStmtaddAddrWithStackArraySz (NodeID src, NodeID dst, llvm::AllocaInst &inst)
 Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
 
AddrStmtaddAddrWithHeapSz (NodeID src, NodeID dst, const CallBase *cs)
 Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
 
CopyStmtaddCopyEdge (NodeID src, NodeID dst, CopyStmt::CopyKind kind)
 
CopyStmt::CopyKind getCopyKind (const Value *val)
 
void addPhiStmt (NodeID res, NodeID opnd, const ICFGNode *pred)
 Add Copy edge.
 
void addSelectStmt (NodeID res, NodeID op1, NodeID op2, NodeID cond)
 Add SelectStmt.
 
void addCmpEdge (NodeID op1, NodeID op2, NodeID dst, u32_t predict)
 Add Copy edge.
 
void addBinaryOPEdge (NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
 Add Copy edge.
 
void addUnaryOPEdge (NodeID src, NodeID dst, u32_t opcode)
 Add Unary edge.
 
void addBranchStmt (NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
 Add Branch statement.
 
void addLoadEdge (NodeID src, NodeID dst)
 Add Load edge.
 
void addStoreEdge (NodeID src, NodeID dst)
 Add Store edge.
 
void addCallEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Call edge.
 
void addRetEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Return edge.
 
void addGepEdge (NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
 Add Gep edge.
 
void addNormalGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Offset(Gep) edge.
 
void addVariantGepEdge (NodeID src, NodeID dst, const AccessPath &ap)
 Add Variant(Gep) edge.
 
void addThreadForkEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
 Add Thread fork edge for parameter passing.
 
void addThreadJoinEdge (NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
 Add Thread join edge for parameter passing.
 
AccessPath getAccessPathFromBaseNode (NodeID nodeId)
 

Private Member Functions

LLVMModuleSetllvmModuleSet ()
 

Private Attributes

SVFIRpag
 
const SVFBasicBlockcurBB
 Current basic block during SVFIR construction when visiting the module.
 
const ValuecurVal
 Current Value during SVFIR construction when visiting the module.
 

Detailed Description

SVFIR Builder to create SVF variables and statements and PAG

Definition at line 47 of file SVFIRBuilder.h.

Constructor & Destructor Documentation

◆ SVFIRBuilder()

SVF::SVFIRBuilder::SVFIRBuilder ( )
inline

Constructor.

Definition at line 57 of file SVFIRBuilder.h.

57 : pag(SVFIR::getPAG()), curBB(nullptr),curVal(nullptr)
58 {
59 }
SVF::SVFIRBuilder::curVal
const Value * curVal
Current Value during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:53
SVF::SVFIRBuilder::curBB
const SVFBasicBlock * curBB
Current basic block during SVFIR construction when visiting the module.
Definition SVFIRBuilder.h:52
SVF::SVFIR::getPAG
static SVFIR * getPAG(bool buildFromFile=false)
Singleton design here to make sure we only have one instance during any analysis.
Definition SVFIR.h:116

◆ ~SVFIRBuilder()

virtual SVF::SVFIRBuilder::~SVFIRBuilder ( )
inlinevirtual

Destructor.

Definition at line 61 of file SVFIRBuilder.h.

62 {
63 }

Member Function Documentation

◆ addAddrEdge()

AddrStmt * SVF::SVFIRBuilder::addAddrEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Address edge.

Definition at line 301 of file SVFIRBuilder.h.

302 {
303 if(AddrStmt *edge = pag->addAddrStmt(src, dst))
304 {
305 setCurrentBBAndValueForPAGEdge(edge);
306 return edge;
307 }
308 return nullptr;
309 }
SVF::SVFIRBuilder::setCurrentBBAndValueForPAGEdge
void setCurrentBBAndValueForPAGEdge(PAGEdge *edge)
Definition SVFIRBuilder.cpp:1719
SVF::SVFIR::addAddrStmt
AddrStmt * addAddrStmt(NodeID src, NodeID dst)
Add an edge into SVFIR.
Definition SVFIR.cpp:63
SVF::IRBuilder
llvm::IRBuilder IRBuilder
Definition BasicTypes.h:74

◆ addAddrWithHeapSz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithHeapSz ( NodeID  src,
NodeID  dst,
const CallBase cs 
)
inlineprotected

Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".

Definition at line 323 of file SVFIRBuilder.h.

324 {
325 // get name of called function
326 AddrStmt* edge = addAddrEdge(src, dst);
327
328 llvm::Function* calledFunc = cs->getCalledFunction();
329 std::string functionName;
330 if (calledFunc)
331 {
332 functionName = calledFunc->getName().str();
333 }
334 else
335 {
336 SVFUtil::wrnMsg("not support indirect call to add AddrStmt.\n");
337 }
338 if (functionName == "malloc")
339 {
340 if (cs->arg_size() > 0)
341 {
342 const llvm::Value* val = cs->getArgOperand(0);
343 edge->addArrSize(pag->getGNode(getValueNode(val)));
344 }
345 }
346 // Check if the function called is 'calloc' and process its arguments.
347 // e.g. "%5 = call i8* @calloc(1, 8)", edge should add two SVFValue (1 and 8)
348 else if (functionName == "calloc")
349 {
350 if (cs->arg_size() > 1)
351 {
352 edge->addArrSize(
353 pag->getGNode(getValueNode(cs->getArgOperand(0))));
354 edge->addArrSize(
355 pag->getGNode(getValueNode(cs->getArgOperand(1))));
356 }
357 }
358 else
359 {
360 if (cs->arg_size() > 0)
361 {
362 const llvm::Value* val = cs->getArgOperand(0);
363 edge->addArrSize(pag->getGNode(getValueNode(val)));
364 }
365 }
366 return edge;
367 }
SVF::GenericGraph::getGNode
NodeType * getGNode(NodeID id) const
Get a node.
Definition GenericGraph.h:403
SVF::SVFIRBuilder::addAddrEdge
AddrStmt * addAddrEdge(NodeID src, NodeID dst)
Add Address edge.
Definition SVFIRBuilder.h:301
SVF::SVFIRBuilder::getValueNode
NodeID getValueNode(const Value *V)
Get different kinds of node.
Definition SVFIRBuilder.h:97
SVF::SVFUtil::wrnMsg
std::string wrnMsg(const std::string &msg)
Returns warning message by converting a string into yellow string output.
Definition SVFUtil.cpp:63

◆ addAddrWithStackArraySz()

AddrStmt * SVF::SVFIRBuilder::addAddrWithStackArraySz ( NodeID  src,
NodeID  dst,
llvm::AllocaInst &  inst 
)
inlineprotected

Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".

Definition at line 312 of file SVFIRBuilder.h.

313 {
314 AddrStmt* edge = addAddrEdge(src, dst);
315 if (inst.getArraySize())
316 {
317 edge->addArrSize(pag->getGNode(getValueNode(inst.getArraySize())));
318 }
319 return edge;
320 }

◆ addBinaryOPEdge()

void SVF::SVFIRBuilder::addBinaryOPEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Copy edge.

Definition at line 436 of file SVFIRBuilder.h.

437 {
438 if(BinaryOPStmt *edge = pag->addBinaryOPStmt(op1, op2, dst, opcode))
439 setCurrentBBAndValueForPAGEdge(edge);
440 }
SVF::SVFIR::addBinaryOPStmt
BinaryOPStmt * addBinaryOPStmt(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIR.cpp:165

◆ addBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addBlackHoleAddrEdge ( NodeID  node)
inlineprotected

Definition at line 294 of file SVFIRBuilder.h.

295 {
296 if(PAGEdge *edge = pag->addBlackHoleAddrStmt(node))
297 setCurrentBBAndValueForPAGEdge(edge);
298 }
SVF::SVFIR::addBlackHoleAddrStmt
SVFStmt * addBlackHoleAddrStmt(NodeID node)
Set a pointer points-to black hole (e.g. int2ptr)
Definition SVFIR.cpp:294
SVF::PAGEdge
SVFStmt PAGEdge
Definition IRGraph.h:43

◆ addBranchStmt()

void SVF::SVFIRBuilder::addBranchStmt ( NodeID  br,
NodeID  cond,
const BranchStmt::SuccAndCondPairVec succs 
)
inlineprotected

Add Branch statement.

Definition at line 448 of file SVFIRBuilder.h.

449 {
450 if(BranchStmt *edge = pag->addBranchStmt(br, cond, succs))
451 setCurrentBBAndValueForPAGEdge(edge);
452 }
SVF::SVFIR::addBranchStmt
BranchStmt * addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add BranchStmt.
Definition SVFIR.cpp:203

◆ addCallEdge()

void SVF::SVFIRBuilder::addCallEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Call edge.

Definition at line 472 of file SVFIRBuilder.h.

473 {
474 if (CallPE* edge = pag->addCallPE(src, dst, cs, entry))
475 setCurrentBBAndValueForPAGEdge(edge);
476 }
SVF::SVFIR::addCallPE
CallPE * addCallPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIR.cpp:258

◆ addCmpEdge()

void SVF::SVFIRBuilder::addCmpEdge ( NodeID  op1,
NodeID  op2,
NodeID  dst,
u32_t  predict 
)
inlineprotected

Add Copy edge.

Definition at line 430 of file SVFIRBuilder.h.

431 {
432 if(CmpStmt *edge = pag->addCmpStmt(op1, op2, dst, predict))
433 setCurrentBBAndValueForPAGEdge(edge);
434 }
SVF::SVFIR::addCmpStmt
CmpStmt * addCmpStmt(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIR.cpp:144

◆ addComplexConsForExt()

void SVFIRBuilder::addComplexConsForExt ( Value D,
Value S,
const Value szValue 
)
protectedvirtual

Add the load/store constraints and temp. nodes for the complex constraint *D = *S (where D/S may point to structs).

If sz is 0, we will add edges for all fields.

Definition at line 82 of file SVFIRExtAPI.cpp.

83{
84 assert(D && S);
85 NodeID vnD= getValueNode(D), vnS= getValueNode(S);
86 if(!vnD || !vnS)
87 return;
88
89 std::vector<AccessPath> fields;
90
91 //Get the max possible size of the copy, unless it was provided.
92 std::vector<AccessPath> srcFields;
93 std::vector<AccessPath> dstFields;
94 const Type* stype = getBaseTypeAndFlattenedFields(S, srcFields, szValue);
95 const Type* dtype = getBaseTypeAndFlattenedFields(D, dstFields, szValue);
96 if(srcFields.size() > dstFields.size())
97 fields = dstFields;
98 else
99 fields = srcFields;
100
102 u32_t sz = fields.size();
103
104 if (fields.size() == 1 && (LLVMUtil::isConstDataOrAggData(D) || LLVMUtil::isConstDataOrAggData(S)))
105 {
106 NodeID dummy = pag->addDummyValNode();
107 addLoadEdge(vnD,dummy);
108 addStoreEdge(dummy,vnS);
109 return;
110 }
111
112 //For each field (i), add (Ti = *S + i) and (*D + i = Ti).
113 for (u32_t index = 0; index < sz; index++)
114 {
115 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
116 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
117 fields[index].getConstantStructFldIdx());
118 const SVFType* sElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(stype),
119 fields[index].getConstantStructFldIdx());
120 NodeID dField = getGepValVar(D,fields[index],dElementType);
121 NodeID sField = getGepValVar(S,fields[index],sElementType);
122 NodeID dummy = pag->addDummyValNode();
123 addLoadEdge(sField,dummy);
124 addStoreEdge(dummy,dField);
125 }
126}
u32_t
unsigned u32_t
Definition CommandLine.h:18
index
int index
Definition cJSON.h:170
SVF::IRGraph::getFlatternedElemType
const SVFType * getFlatternedElemType(const SVFType *baseType, u32_t flatten_idx)
Return the type of a flattened element given a flattened index.
Definition IRGraph.cpp:123
SVF::LLVMModuleSet::getLLVMModuleSet
static LLVMModuleSet * getLLVMModuleSet()
Definition LLVMModule.h:131
SVF::SVFIRBuilder::addStoreEdge
void addStoreEdge(NodeID src, NodeID dst)
Add Store edge.
Definition SVFIRBuilder.h:460
SVF::SVFIRBuilder::addLoadEdge
void addLoadEdge(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIRBuilder.h:454
SVF::SVFIRBuilder::getBaseTypeAndFlattenedFields
virtual const Type * getBaseTypeAndFlattenedFields(const Value *V, std::vector< AccessPath > &fields, const Value *szValue)
Handle external call.
Definition SVFIRExtAPI.cpp:44
SVF::SVFIRBuilder::getGepValVar
NodeID getGepValVar(const Value *val, const AccessPath &ap, const SVFType *elementType)
Definition SVFIRBuilder.cpp:1664
SVF::SVFIR::addDummyValNode
NodeID addDummyValNode()
Definition SVFIR.h:487
SVF::LLVMUtil::isConstDataOrAggData
bool isConstDataOrAggData(const Value *val)
Return true if the value refers to constant data, e.g., i32 0.
Definition LLVMUtil.h:368
SVF::Type
llvm::Type Type
Definition BasicTypes.h:83
SVF::NodeID
u32_t NodeID
Definition GeneralType.h:56

◆ addCopyEdge()

CopyStmt * SVF::SVFIRBuilder::addCopyEdge ( NodeID  src,
NodeID  dst,
CopyStmt::CopyKind  kind 
)
inlineprotected

Definition at line 369 of file SVFIRBuilder.h.

370 {
371 if(CopyStmt *edge = pag->addCopyStmt(src, dst, kind))
372 {
373 setCurrentBBAndValueForPAGEdge(edge);
374 return edge;
375 }
376 return nullptr;
377 }
SVF::SVFIR::addCopyStmt
CopyStmt * addCopyStmt(NodeID src, NodeID dst, CopyStmt::CopyKind type)
Add Copy edge.
Definition SVFIR.cpp:81

◆ addEdge()

void SVF::SVFIRBuilder::addEdge ( NodeID  src,
NodeID  dst,
SVFStmt::PEDGEK  kind,
APOffset  offset = 0,
Instruction cs = nullptr 
)

◆ addGepEdge()

void SVF::SVFIRBuilder::addGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap,
bool  constGep 
)
inlineprotected

Add Gep edge.

Definition at line 484 of file SVFIRBuilder.h.

485 {
486 if (GepStmt* edge = pag->addGepStmt(src, dst, ap, constGep))
487 setCurrentBBAndValueForPAGEdge(edge);
488 }
SVF::SVFIR::addGepStmt
GepStmt * addGepStmt(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIR.cpp:344

◆ addGlobalBlackHoleAddrEdge()

void SVF::SVFIRBuilder::addGlobalBlackHoleAddrEdge ( NodeID  node,
const ConstantExpr int2Ptrce 
)
inlineprotected

Add global black hole Address edge.

Definition at line 269 of file SVFIRBuilder.h.

270 {
271 const Value* cval = getCurrentValue();
272 const SVFBasicBlock* cbb = getCurrentBB();
273 setCurrentLocation(int2Ptrce,(SVFBasicBlock*) nullptr);
274 addBlackHoleAddrEdge(node);
275 setCurrentLocation(cval,cbb);
276 }
SVF::SVFIRBuilder::setCurrentLocation
void setCurrentLocation(const Value *val, const BasicBlock *bb)
Set current basic block in order to keep track of control flow information.
Definition SVFIRBuilder.h:249
SVF::SVFIRBuilder::addBlackHoleAddrEdge
void addBlackHoleAddrEdge(NodeID node)
Definition SVFIRBuilder.h:294
SVF::SVFIRBuilder::getCurrentBB
const SVFBasicBlock * getCurrentBB() const
Definition SVFIRBuilder.h:263
SVF::SVFIRBuilder::getCurrentValue
const Value * getCurrentValue() const
Definition SVFIRBuilder.h:259
SVF::Value
llvm::Value Value
LLVM Basic classes.
Definition BasicTypes.h:82

◆ addLoadEdge()

void SVF::SVFIRBuilder::addLoadEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Load edge.

Definition at line 454 of file SVFIRBuilder.h.

455 {
456 if(LoadStmt *edge = pag->addLoadStmt(src, dst))
457 setCurrentBBAndValueForPAGEdge(edge);
458 }
SVF::SVFIR::addLoadStmt
LoadStmt * addLoadStmt(NodeID src, NodeID dst)
Add Load edge.
Definition SVFIR.cpp:221

◆ addNormalGepEdge()

void SVF::SVFIRBuilder::addNormalGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Offset(Gep) edge.

Definition at line 490 of file SVFIRBuilder.h.

491 {
492 if (GepStmt* edge = pag->addNormalGepStmt(src, dst, ap))
493 setCurrentBBAndValueForPAGEdge(edge);
494 }
SVF::SVFIR::addNormalGepStmt
GepStmt * addNormalGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Offset(Gep) edge.
Definition SVFIR.cpp:363

◆ addNullPtrNode()

NodeID SVF::SVFIRBuilder::addNullPtrNode ( )
inlineprotected

Add NullPtr PAGNode.

Definition at line 279 of file SVFIRBuilder.h.

280 {
281 LLVMContext& cxt = llvmModuleSet()->getContext();
282 ConstantPointerNull* constNull = ConstantPointerNull::get(PointerType::getUnqual(cxt));
283 NodeID nullPtr = pag->addConstantNullPtrValNode(pag->getNullPtr(), nullptr, llvmModuleSet()->getSVFType(constNull->getType()));
284 llvmModuleSet()->addToSVFVar2LLVMValueMap(constNull, pag->getGNode(pag->getNullPtr()));
285 setCurrentLocation(constNull, (SVFBasicBlock*) nullptr);
286 addBlackHoleAddrEdge(pag->getBlkPtr());
287 return nullPtr;
288 }
SVF::IRGraph::getBlkPtr
NodeID getBlkPtr() const
Definition IRGraph.h:255
SVF::IRGraph::getNullPtr
NodeID getNullPtr() const
Definition IRGraph.h:259
SVF::LLVMModuleSet::addToSVFVar2LLVMValueMap
void addToSVFVar2LLVMValueMap(const Value *val, SVFValue *svfBaseNode)
Definition LLVMModule.cpp:1127
SVF::LLVMModuleSet::getContext
LLVMContext & getContext() const
Definition LLVMModule.h:381
SVF::SVFIRBuilder::llvmModuleSet
LLVMModuleSet * llvmModuleSet()
Definition SVFIRBuilder.h:518
SVF::SVFIR::addConstantNullPtrValNode
NodeID addConstantNullPtrValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:593
SVF::ConstantPointerNull
llvm::ConstantPointerNull ConstantPointerNull
Definition BasicTypes.h:127
SVF::LLVMContext
llvm::LLVMContext LLVMContext
Definition BasicTypes.h:70

◆ addPhiStmt()

void SVF::SVFIRBuilder::addPhiStmt ( NodeID  res,
NodeID  opnd,
const ICFGNode pred 
)
inlineprotected

Add Copy edge.

If we already added this phi node, then skip this adding

Definition at line 417 of file SVFIRBuilder.h.

418 {
420 if(PhiStmt *edge = pag->addPhiStmt(res,opnd,pred))
421 setCurrentBBAndValueForPAGEdge(edge);
422 }
SVF::SVFIR::addPhiStmt
PhiStmt * addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add phi node information.
Definition SVFIR.cpp:99

◆ addRetEdge()

void SVF::SVFIRBuilder::addRetEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Return edge.

Definition at line 478 of file SVFIRBuilder.h.

479 {
480 if (RetPE* edge = pag->addRetPE(src, dst, cs, exit))
481 setCurrentBBAndValueForPAGEdge(edge);
482 }
SVF::SVFIR::addRetPE
RetPE * addRetPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIR.cpp:276

◆ addSelectStmt()

void SVF::SVFIRBuilder::addSelectStmt ( NodeID  res,
NodeID  op1,
NodeID  op2,
NodeID  cond 
)
inlineprotected

Add SelectStmt.

Definition at line 424 of file SVFIRBuilder.h.

425 {
426 if(SelectStmt *edge = pag->addSelectStmt(res,op1,op2,cond))
427 setCurrentBBAndValueForPAGEdge(edge);
428 }
SVF::SVFIR::addSelectStmt
SelectStmt * addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIR.cpp:123

◆ addStoreEdge()

void SVF::SVFIRBuilder::addStoreEdge ( NodeID  src,
NodeID  dst 
)
inlineprotected

Add Store edge.

Definition at line 460 of file SVFIRBuilder.h.

461 {
462 ICFGNode* node;
463 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
464 node = llvmModuleSet()->getICFGNode(
465 SVFUtil::cast<Instruction>(inst));
466 else
467 node = nullptr;
468 if (StoreStmt* edge = pag->addStoreStmt(src, dst, node))
469 setCurrentBBAndValueForPAGEdge(edge);
470 }
SVF::LLVMModuleSet::getICFGNode
ICFGNode * getICFGNode(const Instruction *inst)
Get a basic block ICFGNode.
Definition LLVMModule.cpp:1181
SVF::SVFIR::addStoreStmt
StoreStmt * addStoreStmt(NodeID src, NodeID dst, const ICFGNode *val)
Add Store edge.
Definition SVFIR.cpp:240
SVF::Instruction
llvm::Instruction Instruction
Definition BasicTypes.h:87

◆ addThreadForkEdge()

void SVF::SVFIRBuilder::addThreadForkEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunEntryICFGNode entry 
)
inlineprotected

Add Thread fork edge for parameter passing.

Definition at line 502 of file SVFIRBuilder.h.

503 {
504 if (TDForkPE* edge = pag->addThreadForkPE(src, dst, cs, entry))
505 setCurrentBBAndValueForPAGEdge(edge);
506 }
SVF::SVFIR::addThreadForkPE
TDForkPE * addThreadForkPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIR.cpp:305

◆ addThreadJoinEdge()

void SVF::SVFIRBuilder::addThreadJoinEdge ( NodeID  src,
NodeID  dst,
const CallICFGNode cs,
const FunExitICFGNode exit 
)
inlineprotected

Add Thread join edge for parameter passing.

Definition at line 508 of file SVFIRBuilder.h.

509 {
510 if (TDJoinPE* edge = pag->addThreadJoinPE(src, dst, cs, exit))
511 setCurrentBBAndValueForPAGEdge(edge);
512 }
SVF::SVFIR::addThreadJoinPE
TDJoinPE * addThreadJoinPE(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Thread join edge for parameter passing.
Definition SVFIR.cpp:323

◆ addUnaryOPEdge()

void SVF::SVFIRBuilder::addUnaryOPEdge ( NodeID  src,
NodeID  dst,
u32_t  opcode 
)
inlineprotected

Add Unary edge.

Definition at line 442 of file SVFIRBuilder.h.

443 {
444 if(UnaryOPStmt *edge = pag->addUnaryOPStmt(src, dst, opcode))
445 setCurrentBBAndValueForPAGEdge(edge);
446 }
SVF::SVFIR::addUnaryOPStmt
UnaryOPStmt * addUnaryOPStmt(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIR.cpp:185

◆ addVariantGepEdge()

void SVF::SVFIRBuilder::addVariantGepEdge ( NodeID  src,
NodeID  dst,
const AccessPath ap 
)
inlineprotected

Add Variant(Gep) edge.

Definition at line 496 of file SVFIRBuilder.h.

497 {
498 if (GepStmt* edge = pag->addVariantGepStmt(src, dst, ap))
499 setCurrentBBAndValueForPAGEdge(edge);
500 }
SVF::SVFIR::addVariantGepStmt
GepStmt * addVariantGepStmt(NodeID src, NodeID dst, const AccessPath &ap)
Add Variant(Gep) edge.
Definition SVFIR.cpp:382

◆ build()

SVFIR * SVFIRBuilder::build ( )
virtual

Start building SVFIR here.

Start building SVFIR here

build icfg

initial external library information initial SVFIR nodes

initial SVFIR edges: // handle globals

build callgraph

handle functions

collect return node of function fun

Return SVFIR node will not be created for function which can not reach the return instruction due to call to abort(), exit(), etc. In 176.gcc of SPEC 2000, function build_objc_string() from c-lang.c shows an example when fun.doesNotReturn() evaluates to TRUE because of abort().

To be noted, we do not record arguments which are in declared function without body TODO: what about external functions with SVFIR imported by commandline?

Definition at line 54 of file SVFIRBuilder.cpp.

55{
56 double startTime = SVFStat::getClk(true);
57
58 DBOUT(DGENERAL, outs() << pasMsg("\t Building SVFIR ...\n"));
59
60 // We read SVFIR from a user-defined txt instead of parsing SVFIR from LLVM IR
61 if (SVFIR::pagReadFromTXT())
62 {
63 PAGBuilderFromFile fileBuilder(SVFIR::pagFileName());
64 return fileBuilder.build();
65 }
66
67 // If the SVFIR has been built before, then we return the unique SVFIR of the program
68 if(pag->getNodeNumAfterPAGBuild() > 1)
69 return pag;
70
71
72 createFunObjVars();
73
75 ICFGBuilder icfgbuilder;
76 pag->icfg = icfgbuilder.build();
77
80 initialiseNodes();
83 visitGlobal();
85
86
87
89 CallGraphBuilder callGraphBuilder;
90 std::vector<const FunObjVar*> funset;
91 for (const auto& item: llvmModuleSet()->getFunctionSet())
92 {
93 funset.push_back(llvmModuleSet()->getFunObjVar(item));
94 }
95 pag->callGraph = callGraphBuilder.buildSVFIRCallGraph(funset);
96
97 CHGraph* chg = new CHGraph();
98 CHGBuilder chgbuilder(chg);
99 chgbuilder.buildCHG();
100 pag->setCHG(chg);
101
103 for (Module& M : llvmModuleSet()->getLLVMModules())
104 {
105 for (Module::const_iterator F = M.begin(), E = M.end(); F != E; ++F)
106 {
107 const Function& fun = *F;
108 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(&fun);
110 if(!fun.isDeclaration())
111 {
117 if (fun.doesNotReturn() == false &&
118 fun.getReturnType()->isVoidTy() == false)
119 {
120 pag->addFunRet(svffun,
121 pag->getGNode(pag->getReturnNode(svffun)));
122 }
123
126 for (Function::const_arg_iterator I = fun.arg_begin(), E = fun.arg_end();
127 I != E; ++I)
128 {
129 setCurrentLocation(&*I,&fun.getEntryBlock());
130 NodeID argValNodeId = llvmModuleSet()->getValueNode(&*I);
131 // if this is the function does not have caller (e.g. main)
132 // or a dead function, shall we create a black hole address edge for it?
133 // it is (1) too conservative, and (2) make FormalParmVFGNode defined at blackhole address PAGEdge.
134 // if(SVFUtil::ArgInNoCallerFunction(&*I)) {
135 // if(I->getType()->isPointerTy())
136 // addBlackHoleAddrEdge(argValNodeId);
137 //}
138 pag->addFunArgs(svffun,pag->getGNode(argValNodeId));
139 }
140 }
141 for (Function::const_iterator bit = fun.begin(), ebit = fun.end();
142 bit != ebit; ++bit)
143 {
144 const BasicBlock& bb = *bit;
145 for (BasicBlock::const_iterator it = bb.begin(), eit = bb.end();
146 it != eit; ++it)
147 {
148 const Instruction& inst = *it;
149 setCurrentLocation(&inst,&bb);
150 visit(const_cast<Instruction&>(inst));
151 }
152 }
153 }
154 }
155
156 sanityCheck();
157
158 pag->initialiseCandidatePointers();
159
160 pag->setNodeNumAfterPAGBuild(pag->getTotalNodeNum());
161
162 // dump SVFIR
163 if (Options::PAGDotGraph())
164 pag->dump("svfir_initial");
165
166 // print to command line of the SVFIR graph
167 if (Options::PAGPrint())
168 pag->print();
169
170 // dump ICFG
171 if (Options::DumpICFG())
172 pag->getICFG()->dump("icfg_initial");
173
174 if (Options::LoopAnalysis())
175 {
176 LLVMLoopAnalysis loopAnalysis;
177 loopAnalysis.build(pag->getICFG());
178 }
179
180 // dump SVFIR as JSON
181 if (!Options::DumpJson().empty())
182 {
183 assert(false && "please implement SVFIRWriter::writeJsonToPath");
184 }
185
186 double endTime = SVFStat::getClk(true);
187 SVFStat::timeOfBuildingSVFIR = (endTime - startTime) / TIMEINTERVAL;
188
189 return pag;
190}
DBOUT
#define DBOUT(TYPE, X)
LLVM debug macros, define type of your DBUG model of each pass.
Definition SVFType.h:512
TIMEINTERVAL
#define TIMEINTERVAL
Definition SVFType.h:540
DGENERAL
#define DGENERAL
Definition SVFType.h:518
item
cJSON * item
Definition cJSON.h:222
SVF::GenericGraph::getTotalNodeNum
u32_t getTotalNodeNum() const
Get total number of node/edge.
Definition GenericGraph.h:430
SVF::ICFG::dump
void dump(const std::string &file, bool simple=false)
Dump graph into dot file.
Definition ICFG.cpp:411
SVF::IRGraph::getNodeNumAfterPAGBuild
u32_t getNodeNumAfterPAGBuild() const
Definition IRGraph.h:313
SVF::IRGraph::dump
void dump(std::string name)
Dump SVFIR.
Definition IRGraph.cpp:310
SVF::IRGraph::getReturnNode
NodeID getReturnNode(const FunObjVar *func) const
GetReturnNode - Return the unique node representing the return value of a function.
Definition IRGraph.cpp:60
SVF::IRGraph::setNodeNumAfterPAGBuild
void setNodeNumAfterPAGBuild(u32_t num)
Definition IRGraph.h:317
SVF::LLVMLoopAnalysis::build
virtual void build(ICFG *icfg)
Start from here.
Definition LLVMLoopAnalysis.cpp:89
SVF::LLVMModuleSet::getValueNode
NodeID getValueNode(const Value *V)
Definition LLVMModule.cpp:1049
SVF::LLVMModuleSet::getFunObjVar
const FunObjVar * getFunObjVar(const Function *fun) const
Definition LLVMModule.h:267
SVF::Options::PAGDotGraph
static const Option< bool > PAGDotGraph
Definition Options.h:118
SVF::Options::DumpJson
static const Option< std::string > DumpJson
Definition Options.h:121
SVF::Options::PAGPrint
static const Option< bool > PAGPrint
Definition Options.h:124
SVF::Options::LoopAnalysis
static const Option< bool > LoopAnalysis
Definition Options.h:239
SVF::Options::DumpICFG
static const Option< bool > DumpICFG
Definition Options.h:120
SVF::SVFIRBuilder::sanityCheck
void sanityCheck()
Sanity check for SVFIR.
Definition SVFIRBuilder.cpp:1638
SVF::SVFIRBuilder::visitGlobal
void visitGlobal()
Handle globals including (global variable and functions)
Definition SVFIRBuilder.cpp:951
SVF::SVFIRBuilder::initialiseNodes
void initialiseNodes()
Initialize nodes and edges.
Definition SVFIRBuilder.cpp:536
SVF::SVFIR::print
void print()
Print SVFIR.
Definition SVFIR.cpp:557
SVF::SVFIR::addFunArgs
void addFunArgs(const FunObjVar *fun, const SVFVar *arg)
Get/set method for function/callsite arguments and returns.
Definition SVFIR.h:523
SVF::SVFIR::addFunRet
void addFunRet(const FunObjVar *fun, const SVFVar *ret)
Add function returns.
Definition SVFIR.h:530
SVF::SVFIR::pagFileName
static std::string pagFileName()
Definition SVFIR.h:202
SVF::SVFIR::pagReadFromTXT
static bool pagReadFromTXT()
Definition SVFIR.h:207
SVF::SVFIR::callGraph
CallGraph * callGraph
all the callsites of a program
Definition SVFIR.h:99
SVF::SVFIR::getICFG
ICFG * getICFG() const
Definition SVFIR.h:163
SVF::SVFIR::setCHG
void setCHG(CommonCHGraph *c)
Set/Get CHG.
Definition SVFIR.h:169
SVF::SVFIR::icfg
ICFG * icfg
Definition SVFIR.h:96
SVF::SVFIR::initialiseCandidatePointers
void initialiseCandidatePointers()
Initialize candidate pointers.
Definition SVFIR.cpp:642
SVF::SVFStat::getClk
static double getClk(bool mark=false)
Definition SVFStat.cpp:48
SVF::SVFStat::timeOfBuildingSVFIR
static double timeOfBuildingSVFIR
Definition SVFStat.h:95
SVF::LLVMUtil::getFunObjVar
const FunObjVar * getFunObjVar(const std::string &name)
Definition LLVMUtil.cpp:435
SVF::SVFUtil::pasMsg
std::string pasMsg(const std::string &msg)
Print each pass/phase message by converting a string into blue string output.
Definition SVFUtil.cpp:101
SVF::SVFUtil::outs
std::ostream & outs()
Overwrite llvm::outs()
Definition SVFUtil.h:52
SVF::BasicBlock
llvm::BasicBlock BasicBlock
Definition BasicTypes.h:86
SVF::Function
llvm::Function Function
Definition BasicTypes.h:85
SVF::Module
llvm::Module Module
Definition BasicTypes.h:84

◆ computeGepOffset()

bool SVFIRBuilder::computeGepOffset ( const User V,
AccessPath ap 
)
protected

Compute offset of a gep instruction or gep constant expression.

Return the object node offset according to GEP insn (V). Given a gep edge p = q + i, if "i" is a constant then we return its offset size otherwise if "i" is a variable determined by runtime, then it is a variant offset Return TRUE if the offset of this GEP insn is a constant.

Definition at line 642 of file SVFIRBuilder.cpp.

643{
644 assert(V);
645
646 const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
647 DataLayout * dataLayout = getDataLayout(llvmModuleSet()->getMainLLVMModule());
648 llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
649 if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
650 {
651 //s32_t bo = byteOffset.getSExtValue();
652 }
653
654 bool isConst = true;
655
656 bool prevPtrOperand = false;
657 for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
658 gi != ge; ++gi)
659 {
660 const Type* gepTy = *gi;
661 const SVFType* svfGepTy = llvmModuleSet()->getSVFType(gepTy);
662
663 assert((prevPtrOperand && svfGepTy->isPointerTy()) == false &&
664 "Expect no more than one gep operand to be of a pointer type");
665 if(!prevPtrOperand && svfGepTy->isPointerTy()) prevPtrOperand = true;
666 const Value* offsetVal = gi.getOperand();
667 assert(gepTy != offsetVal->getType() && "iteration and operand have the same type?");
668 ap.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offsetVal)), svfGepTy);
669
670 //The int value of the current index operand
671 const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(offsetVal);
672
673 // if Options::ModelConsts() is disabled. We will treat whole array as one,
674 // but we can distinguish different field of an array of struct, e.g. s[1].f1 is different from s[0].f2
675 if(const ArrayType* arrTy = SVFUtil::dyn_cast<ArrayType>(gepTy))
676 {
677 if(!op || (arrTy->getArrayNumElements() <= (u32_t)LLVMUtil::getIntegerValue(op).first))
678 continue;
679 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
680 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(arrTy), idx);
681 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
682 }
683 else if (const StructType *ST = SVFUtil::dyn_cast<StructType>(gepTy))
684 {
685 assert(op && "non-const offset accessing a struct");
686 //The actual index
687 APOffset idx = (u32_t)LLVMUtil::getIntegerValue(op).first;
688 u32_t offset = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(ST), idx);
689 ap.setFldIdx(ap.getConstantStructFldIdx() + offset);
690 }
691 else if (gepTy->isSingleValueType())
692 {
693 // If it's a non-constant offset access
694 // If its point-to target is struct or array, it's likely an array accessing (%result = gep %struct.A* %a, i32 %non-const-index)
695 // If its point-to target is single value (pointer arithmetic), then it's a variant gep (%result = gep i8* %p, i32 %non-const-index)
696 if(!op && gepTy->isPointerTy() && gepOp->getSourceElementType()->isSingleValueType())
697 {
698 isConst = false;
699 }
700
701 // The actual index
702 //s32_t idx = op->getSExtValue();
703
704 // For pointer arithmetic we ignore the byte offset
705 // consider using inferFieldIdxFromByteOffset(geopOp,dataLayout,ap,idx)?
706 // ap.setFldIdx(ap.getConstantFieldIdx() + inferFieldIdxFromByteOffset(geopOp,idx));
707 }
708 }
709 return isConst;
710}
offset
buffer offset
Definition cJSON.cpp:1113
SVF::AccessPath::addOffsetVarAndGepTypePair
bool addOffsetVarAndGepTypePair(const SVFVar *var, const SVFType *gepIterType)
Definition AccessPath.cpp:42
SVF::AccessPath::getConstantStructFldIdx
APOffset getConstantStructFldIdx() const
Get methods.
Definition AccessPath.h:99
SVF::AccessPath::setFldIdx
void setFldIdx(APOffset idx)
Definition AccessPath.h:103
SVF::IRGraph::getFlattenedElemIdx
u32_t getFlattenedElemIdx(const SVFType *T, u32_t origId)
Flattened element idx of an array or struct by considering stride.
Definition IRGraph.cpp:144
SVF::LLVMModuleSet::getSVFType
SVFType * getSVFType(const Type *T)
Get or create SVFType and typeinfo.
Definition LLVMModule.cpp:1166
SVF::SVFIRBuilder::getPAG
SVFIR * getPAG() const
Return SVFIR.
Definition SVFIRBuilder.h:69
llvm::generic_bridge_gep_type_iterator
Definition GEPTypeBridgeIterator.h:18
SVF::LLVMUtil::getIntegerValue
std::pair< s64_t, u64_t > getIntegerValue(const ConstantInt *intValue)
Definition LLVMUtil.h:82
SVF::LLVMUtil::getDataLayout
static DataLayout * getDataLayout(Module *mod)
Definition LLVMUtil.h:313
SVF::DataLayout
llvm::DataLayout DataLayout
Definition BasicTypes.h:108
SVF::ArrayType
llvm::ArrayType ArrayType
Definition BasicTypes.h:95
SVF::StructType
llvm::StructType StructType
LLVM types.
Definition BasicTypes.h:94
SVF::APOffset
s64_t APOffset
Definition GeneralType.h:60
SVF::u32_t
unsigned u32_t
Definition GeneralType.h:47
SVF::ConstantInt
llvm::ConstantInt ConstantInt
Definition BasicTypes.h:125
llvm::bridge_gep_end
bridge_gep_iterator bridge_gep_end(const User *GEP)
Definition GEPTypeBridgeIterator.h:157
llvm::bridge_gep_begin
bridge_gep_iterator bridge_gep_begin(const User *GEP)
Definition GEPTypeBridgeIterator.h:149

◆ createFunObjVars()

void SVFIRBuilder::createFunObjVars ( )

set fun in bb

Definition at line 331 of file SVFIRBuilder.cpp.

332{
333 std::vector<FunObjVar*> funset;
334 // Iterate over all object symbols in the symbol table
335 for (const auto* fun: llvmModuleSet()->getFunctionSet())
336 {
337 u32_t id = llvmModuleSet()->objSyms()[fun];
338 // Debug output for adding object node
339 DBOUT(DPAGBuild, outs() << "add obj node " << id << "\n");
340
341 // Check if the value is a function and add a function object node
342 pag->addFunObjNode(id, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(fun->getType()), nullptr);
343 llvmModuleSet()->LLVMFun2FunObjVar[fun] = cast<FunObjVar>(pag->getGNode(id));
344
345 FunObjVar *funObjVar = SVFUtil::cast<FunObjVar>(pag->getGNode(id));
346 funset.push_back(funObjVar);
347
348 funObjVar->initFunObjVar(fun->isDeclaration(), LLVMUtil::isIntrinsicFun(fun), fun->hasAddressTaken(),
349 LLVMUtil::isUncalledFunction(fun), LLVMUtil::functionDoesNotRet(fun), fun->isVarArg(),
350 SVFUtil::cast<SVFFunctionType>(llvmModuleSet()->getSVFType(fun->getFunctionType())),
351 new SVFLoopAndDomInfo, nullptr, nullptr,
352 {}, nullptr);
353 BasicBlockGraph* bbGraph = new BasicBlockGraph();
354 funObjVar->setBasicBlockGraph(bbGraph);
355
356
357 for (const BasicBlock& bb : *fun)
358 {
359 llvmModuleSet()->addBasicBlock(funObjVar, &bb);
360 }
361
363 for (auto& bb: *funObjVar->bbGraph)
364 {
365 bb.second->setFun(funObjVar);
366 }
367 llvmModuleSet()->addToSVFVar2LLVMValueMap(fun, pag->getGNode(id));
368 }
369
370 initFunObjVar();
371}
DPAGBuild
#define DPAGBuild
Definition SVFType.h:520
SVF::FunObjVar::setBasicBlockGraph
void setBasicBlockGraph(BasicBlockGraph *graph)
Definition SVFVariables.h:1152
SVF::FunObjVar::initFunObjVar
void initFunObjVar(bool decl, bool intrinc, bool addr, bool uncalled, bool notret, bool vararg, const SVFFunctionType *ft, SVFLoopAndDomInfo *ld, const FunObjVar *real, BasicBlockGraph *bbg, const std::vector< const ArgValVar * > &allarg, const SVFBasicBlock *exit)
Definition SVFVariables.cpp:448
SVF::IRGraph::getObjTypeInfo
ObjTypeInfo * getObjTypeInfo(NodeID id) const
Definition IRGraph.h:234
SVF::LLVMModuleSet::LLVMFun2FunObjVar
LLVMFun2FunObjVarMap LLVMFun2FunObjVar
Map an LLVM Function to an SVF Funobjvar.
Definition LLVMModule.h:99
SVF::LLVMModuleSet::objSyms
ValueToIDMapTy & objSyms()
Definition LLVMModule.h:212
SVF::LLVMModuleSet::addBasicBlock
void addBasicBlock(FunObjVar *fun, const BasicBlock *bb)
Definition LLVMModule.h:232
SVF::SVFIR::addFunObjNode
NodeID addFunObjNode(NodeID id, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:644
SVF::LLVMUtil::isUncalledFunction
bool isUncalledFunction(const Function *fun)
whether this is a function without any possible caller?
Definition LLVMUtil.cpp:157
SVF::LLVMUtil::isIntrinsicFun
bool isIntrinsicFun(const Function *func)
Definition LLVMUtil.cpp:189
SVF::LLVMUtil::functionDoesNotRet
bool functionDoesNotRet(const Function *fun)
Definition LLVMUtil.cpp:122

◆ getAccessPathFromBaseNode()

AccessPath SVFIRBuilder::getAccessPathFromBaseNode ( NodeID  nodeId)
protected

Get a base SVFVar given a pointer Return the source node of its connected normal gep edge Otherwise return the node id itself s32_t offset : gep offset

if this node is already a base node

Definition at line 1806 of file SVFIRBuilder.cpp.

1807{
1808 SVFVar* node = pag->getGNode(nodeId);
1809 SVFStmt::SVFStmtSetTy& geps = node->getIncomingEdges(SVFStmt::Gep);
1811 if(geps.empty())
1812 return AccessPath(0);
1813
1814 assert(geps.size()==1 && "one node can only be connected by at most one gep edge!");
1815 SVFVar::iterator it = geps.begin();
1816 const GepStmt* gepEdge = SVFUtil::cast<GepStmt>(*it);
1817 if(gepEdge->isVariantFieldGep())
1818 return AccessPath(0);
1819 else
1820 return gepEdge->getAccessPath();
1821}
SVF::GenericNode::iterator
GEdgeSetTy::iterator iterator
Definition GenericGraph.h:155
SVF::SVFStmt::SVFStmtSetTy
GenericNode< SVFVar, SVFStmt >::GEdgeSetTy SVFStmtSetTy
Definition SVFStatements.h:214
SVF::SVFVar::getIncomingEdges
SVFStmt::SVFStmtSetTy & getIncomingEdges(SVFStmt::PEDGEK kind)
Edge accessors and checkers.
Definition SVFVariables.h:113

◆ getBaseTypeAndFlattenedFields()

const Type * SVFIRBuilder::getBaseTypeAndFlattenedFields ( const Value V,
std::vector< AccessPath > &  fields,
const Value szValue 
)
protectedvirtual

Handle external call.

Find the base type and the max possible offset of an object pointed to by (V).

use user-specified size for this copy operation if the size is a constaint int

Definition at line 44 of file SVFIRExtAPI.cpp.

45{
46 assert(V);
47 const Value* value = getBaseValueForExtArg(V);
48 const Type *objType = LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->inferObjType(value);
49 u32_t numOfElems = pag->getNumOfFlattenElements(LLVMModuleSet::getLLVMModuleSet()->getSVFType(objType));
51 if(szValue && SVFUtil::isa<ConstantInt>(szValue))
52 {
53 auto szIntVal = LLVMUtil::getIntegerValue(SVFUtil::cast<ConstantInt>(szValue));
54 numOfElems = (numOfElems > szIntVal.first) ? szIntVal.first : numOfElems;
55 }
56
57 LLVMContext& context = LLVMModuleSet::getLLVMModuleSet()->getContext();
58 for(u32_t ei = 0; ei < numOfElems; ei++)
59 {
60 AccessPath ls(ei);
61 // make a ConstantInt and create char for the content type due to byte-wise copy
62 const ConstantInt* offset = ConstantInt::get(context, llvm::APInt(32, ei));
63 if (!llvmModuleSet()->hasValueNode(offset))
64 {
65 SymbolTableBuilder builder(pag);
66 builder.collectSym(offset);
67 NodeID id = llvmModuleSet()->getValueNode(offset);
68 pag->addConstantIntValNode(id, LLVMUtil::getIntegerValue(offset), nullptr, llvmModuleSet()->getSVFType(offset->getType()));
69 llvmModuleSet()->addToSVFVar2LLVMValueMap(offset,
70 pag->getGNode(id));
71 }
72 ls.addOffsetVarAndGepTypePair(getPAG()->getGNode(llvmModuleSet()->getValueNode(offset)), nullptr);
73 fields.push_back(ls);
74 }
75 return objType;
76}
SVF::IRGraph::getNumOfFlattenElements
u32_t getNumOfFlattenElements(const SVFType *T)
Definition IRGraph.cpp:169
SVF::LLVMModuleSet::getTypeInference
ObjTypeInference * getTypeInference()
Definition LLVMModule.cpp:94
SVF::ObjTypeInference::inferObjType
const Type * inferObjType(const Value *var)
get or infer the type of the object pointed by the value
Definition ObjTypeInference.cpp:136
SVF::SVFIRBuilder::getBaseValueForExtArg
const Value * getBaseValueForExtArg(const Value *V)
Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst,...
Definition SVFIRBuilder.cpp:1537
SVF::SVFIR::addConstantIntValNode
NodeID addConstantIntValNode(NodeID i, const std::pair< s64_t, u64_t > &intValue, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:586

◆ getBaseValueForExtArg()

const Value * SVFIRBuilder::getBaseValueForExtArg ( const Value V)
protected

Get the base value of (i8* src and i8* dst) for external argument (e.g. memcpy(i8* dst, i8* src, int size))

Example 1:

%0 = getelementptr inbounds struct.outer, struct.inner base, i32 0, i32 0 call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false) The base value for %0 is base. Note: the base is recognized as the base value if the offset (field index) is 0

Example 2: https://github.com/SVF-tools/SVF/issues/1650 https://github.com/SVF-tools/SVF/pull/1652

@i1 = dso_local global struct.inner { i32 0, ptr @f1, ptr @f2 } @n1 = dso_local global struct.outer { i32 0, ptr @i1 }

inner = alloca struct.inner %0 = load ptr, ptr getelementptr inbounds (struct.outer, ptr @n1, i32 0, i32 1) call void @llvm.memcpy(ptr inner, ptr %0, i64 24, i1 false)

The base value for %0 is @i1

Example 3:

@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }> <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8

%0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>, ptr @conststruct, i64 0, i32 0, i64 16)

The base value for %0 is still %0

Definition at line 1537 of file SVFIRBuilder.cpp.

1538{
1539 const Value* value = stripAllCasts(V);
1540 assert(value && "null ptr?");
1541 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(value))
1542 {
1543 APOffset totalidx = 0;
1544 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1545 {
1546 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1547 totalidx += LLVMUtil::getIntegerValue(op).first;
1548 }
1549 if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
1550 value = gep->getPointerOperand();
1551 }
1552 else if (const LoadInst* load = SVFUtil::dyn_cast<LoadInst>(value))
1553 {
1554 const Value* loadP = load->getPointerOperand();
1555 if (const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(loadP))
1556 {
1557 APOffset totalidx = 0;
1558 for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
1559 {
1560 if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
1561 totalidx += LLVMUtil::getIntegerValue(op).first;
1562 }
1563 const Value * pointer_operand = gep->getPointerOperand();
1564 if (auto *glob = SVFUtil::dyn_cast<GlobalVariable>(pointer_operand))
1565 {
1566 if (glob->hasInitializer())
1567 {
1568 if (auto *initializer = SVFUtil::dyn_cast<
1569 ConstantStruct>(glob->getInitializer()))
1570 {
1571 /*
1572 *@conststruct = internal global <{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>
1573 <{ [40 x i8] undef, [4 x i8] zeroinitializer, [4 x i8] undef, [2512 x i8] zeroinitializer }>, align 8
1574
1575 %0 = load ptr, ptr getelementptr inbounds (<{ [40 x i8], [4 x i8], [4 x i8], [2512 x i8] }>,
1576 ptr @conststruct, i64 0, i32 0, i64 16)
1577 in this case, totalidx is 16 while initializer->getNumOperands() is 4, so we return value as the base
1578 */
1579 if (totalidx >= initializer->getNumOperands()) return value;
1580 auto *ptrField = initializer->getOperand(totalidx);
1581 if (auto *ptrValue = SVFUtil::dyn_cast<llvm::GlobalVariable>(ptrField))
1582 {
1583 return ptrValue;
1584 }
1585 }
1586 }
1587 }
1588 }
1589 }
1590
1591 return value;
1592}
SVF::LLVMUtil::stripAllCasts
const Value * stripAllCasts(const Value *val)
Strip off the all casts.
Definition LLVMUtil.cpp:249
SVF::SVFUtil::dyn_cast
LLVM_NODISCARD std::enable_if_t<!is_simple_type< Y >::value, typename cast_retty< X, const Y >::ret_type > dyn_cast(const Y &Val)
Definition Casting.h:405
SVF::ConstantStruct
llvm::ConstantStruct ConstantStruct
Definition BasicTypes.h:106
SVF::LoadInst
llvm::LoadInst LoadInst
Definition BasicTypes.h:149
SVF::GetElementPtrInst
llvm::GetElementPtrInst GetElementPtrInst
Definition BasicTypes.h:162

◆ getCopyKind()

CopyStmt::CopyKind SVF::SVFIRBuilder::getCopyKind ( const Value val)
inlineprotected

Definition at line 379 of file SVFIRBuilder.h.

380 {
381 // COPYVAL, ZEXT, SEXT, BITCAST, FPTRUNC, FPTOUI, FPTOSI, UITOFP, SITOFP, INTTOPTR, PTRTOINT
382 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(val))
383 {
384 switch (inst->getOpcode())
385 {
386 case Instruction::ZExt:
387 return CopyStmt::ZEXT;
388 case Instruction::SExt:
389 return CopyStmt::SEXT;
390 case Instruction::BitCast:
391 return CopyStmt::BITCAST;
392 case Instruction ::Trunc:
393 return CopyStmt::TRUNC;
394 case Instruction::FPTrunc:
395 return CopyStmt::FPTRUNC;
396 case Instruction::FPToUI:
397 return CopyStmt::FPTOUI;
398 case Instruction::FPToSI:
399 return CopyStmt::FPTOSI;
400 case Instruction::UIToFP:
401 return CopyStmt::UITOFP;
402 case Instruction::SIToFP:
403 return CopyStmt::SITOFP;
404 case Instruction::IntToPtr:
405 return CopyStmt::INTTOPTR;
406 case Instruction::PtrToInt:
407 return CopyStmt::PTRTOINT;
408 default:
409 return CopyStmt::COPYVAL;
410 }
411 }
412 assert (false && "Unknown cast inst!");
413 abort();
414 }

◆ getCurrentBB()

const SVFBasicBlock * SVF::SVFIRBuilder::getCurrentBB ( ) const
inlineprotected

Definition at line 263 of file SVFIRBuilder.h.

264 {
265 return curBB;
266 }

◆ getCurrentValue()

const Value * SVF::SVFIRBuilder::getCurrentValue ( ) const
inlineprotected

Definition at line 259 of file SVFIRBuilder.h.

260 {
261 return curVal;
262 }

◆ getGepValVar()

NodeID SVFIRBuilder::getGepValVar ( const Value val,
const AccessPath ap,
const SVFType elementType 
)
protected

Add a temp field value node according to base value and offset this node is after the initial node method, it is out of scope of symInfo table

Definition at line 1664 of file SVFIRBuilder.cpp.

1665{
1666 NodeID base = getValueNode(val);
1667 NodeID gepval = pag->getGepValVar(llvmModuleSet()->getValueNode(curVal), base, ap);
1668 if (gepval==UINT_MAX)
1669 {
1670 assert(((int) UINT_MAX)==-1 && "maximum limit of unsigned int is not -1?");
1671 /*
1672 * getGepValVar can only be called from two places:
1673 * 1. SVFIRBuilder::addComplexConsForExt to handle external calls
1674 * 2. SVFIRBuilder::getGlobalVarField to initialize global variable
1675 * so curVal can only be
1676 * 1. Instruction
1677 * 2. GlobalVariable
1678 */
1679 assert(
1680 (SVFUtil::isa<Instruction>(curVal) || SVFUtil::isa<GlobalVariable>(curVal)) && "curVal not an instruction or a globalvariable?");
1681
1682 // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
1683 // We preserve the current BB information to restore it after creating the gepNode
1684 const Value* cval = getCurrentValue();
1685 const SVFBasicBlock* cbb = getCurrentBB();
1686 setCurrentLocation(curVal, (SVFBasicBlock*) nullptr);
1687 LLVMModuleSet* llvmmodule = llvmModuleSet();
1688 const ICFGNode* node = nullptr;
1689 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(curVal))
1690 if (llvmmodule->hasICFGNode(inst))
1691 {
1692 node = llvmmodule->getICFGNode(inst);
1693 }
1694 NodeID gepNode = pag->addGepValNode(llvmModuleSet()->getValueNode(curVal), cast<ValVar>(pag->getGNode(getValueNode(val))), ap,
1695 NodeIDAllocator::get()->allocateValueId(),
1696 llvmmodule->getSVFType(PointerType::getUnqual(llvmmodule->getContext())), node);
1697 addGepEdge(base, gepNode, ap, true);
1698 setCurrentLocation(cval, cbb);
1699 return gepNode;
1700 }
1701 else
1702 return gepval;
1703}
SVF::NodeIDAllocator::get
static NodeIDAllocator * get(void)
Return (singleton) allocator.
Definition NodeIDAllocator.cpp:26
SVF::SVFIRBuilder::addGepEdge
void addGepEdge(NodeID src, NodeID dst, const AccessPath &ap, bool constGep)
Add Gep edge.
Definition SVFIRBuilder.h:484
SVF::SVFIR::getGepValVar
NodeID getGepValVar(NodeID curInst, NodeID base, const AccessPath &ap) const
Due to constraint expression, curInst is used to distinguish different instructions (e....
Definition SVFIR.cpp:522
SVF::SVFIR::addGepValNode
NodeID addGepValNode(NodeID curInst, const ValVar *base, const AccessPath &ap, NodeID i, const SVFType *type, const ICFGNode *node)
Add a temp field value node, this method can only invoked by getGepValVar.
Definition SVFIR.cpp:403

◆ getGlobalVarField()

NodeID SVFIRBuilder::getGlobalVarField ( const GlobalVariable gvar,
u32_t  offset,
SVFType tpy 
)
protected

Get the field of the global variable node FIXME:Here we only get the field that actually used in the program We ignore the initialization of global variable field that not used in the program

if we did not find the constant expression in the program, then we need to create a gep node for this field

Definition at line 846 of file SVFIRBuilder.cpp.

847{
848
849 // if the global variable do not have any field needs to be initialized
850 if (offset == 0 && gvar->getInitializer()->getType()->isSingleValueType())
851 {
852 return getValueNode(gvar);
853 }
856 else
857 {
858 return getGepValVar(gvar, AccessPath(offset), tpy);
859 }
860}

◆ getObjectNode()

NodeID SVF::SVFIRBuilder::getObjectNode ( const Value V)
inline

GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.

Definition at line 107 of file SVFIRBuilder.h.

108 {
109 return llvmModuleSet()->getObjectNode(V);
110 }
SVF::LLVMModuleSet::getObjectNode
NodeID getObjectNode(const Value *V)
Definition LLVMModule.cpp:1070

◆ getPAG()

SVFIR * SVF::SVFIRBuilder::getPAG ( ) const
inline

Return SVFIR.

Definition at line 69 of file SVFIRBuilder.h.

70 {
71 return pag;
72 }

◆ getReturnNode()

NodeID SVF::SVFIRBuilder::getReturnNode ( const FunObjVar func)
inline

getReturnNode - Return the node representing the unique return value of a function.

Definition at line 113 of file SVFIRBuilder.h.

114 {
115 return pag->getReturnNode(func);
116 }

◆ getValueNode()

NodeID SVF::SVFIRBuilder::getValueNode ( const Value V)
inline

Get different kinds of node.

Definition at line 97 of file SVFIRBuilder.h.

98 {
99 // first handle gep edge if val if a constant expression
100 processCE(V);
101
102 // strip off the constant cast and return the value node
103 return llvmModuleSet()->getValueNode(V);
104 }
SVF::SVFIRBuilder::processCE
void processCE(const Value *val)
Process constant expression.
Definition SVFIRBuilder.cpp:715

◆ getVarargNode()

NodeID SVF::SVFIRBuilder::getVarargNode ( const FunObjVar func)
inline

getVarargNode - Return the node representing the unique variadic argument of a function.

Definition at line 119 of file SVFIRBuilder.h.

120 {
121 return pag->getVarargNode(func);
122 }
SVF::IRGraph::getVarargNode
NodeID getVarargNode(const FunObjVar *func) const
getVarargNode - Return the unique node representing the variadic argument of a variadic function.
Definition IRGraph.cpp:67

◆ handleDirectCall()

void SVFIRBuilder::handleDirectCall ( CallBase cs,
const Function F 
)
protected

Handle direct call.

Add the constraints for a direct, non-external call.

FIXME: this assertion should be placed for correct checking except bug program like 188.ammp, 300.twolf

Definition at line 1443 of file SVFIRBuilder.cpp.

1444{
1445
1446 assert(F);
1447 CallICFGNode* callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
1448 const FunObjVar* svffun = llvmModuleSet()->getFunObjVar(F);
1449 DBOUT(DPAGBuild,
1450 outs() << "handle direct call " << LLVMUtil::dumpValue(cs) << " callee " << F->getName().str() << "\n");
1451
1452 //Only handle the ret.val. if it's used as a ptr.
1453 NodeID dstrec = getValueNode(cs);
1454 //Does it actually return a ptr?
1455 if (!cs->getType()->isVoidTy())
1456 {
1457 NodeID srcret = getReturnNode(svffun);
1458 FunExitICFGNode* exitICFGNode = pag->getICFG()->getFunExitICFGNode(svffun);
1459 addRetEdge(srcret, dstrec,callICFGNode, exitICFGNode);
1460 }
1461 //Iterators for the actual and formal parameters
1462 u32_t itA = 0, ieA = cs->arg_size();
1463 Function::const_arg_iterator itF = F->arg_begin(), ieF = F->arg_end();
1464 //Go through the fixed parameters.
1465 DBOUT(DPAGBuild, outs() << " args:");
1466 for (; itF != ieF; ++itA, ++itF)
1467 {
1468 //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
1469 if (itA == ieA)
1470 {
1471 DBOUT(DPAGBuild, outs() << " !! not enough args\n");
1472 break;
1473 }
1474 const Value* AA = cs->getArgOperand(itA), *FA = &*itF; //current actual/formal arg
1475
1476 DBOUT(DPAGBuild, outs() << "process actual parm " << llvmModuleSet()->getSVFValue(AA)->toString() << " \n");
1477
1478 NodeID dstFA = getValueNode(FA);
1479 NodeID srcAA = getValueNode(AA);
1480 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1481 addCallEdge(srcAA, dstFA, callICFGNode, entry);
1482 }
1483 //Any remaining actual args must be varargs.
1484 if (F->isVarArg())
1485 {
1486 NodeID vaF = getVarargNode(svffun);
1487 DBOUT(DPAGBuild, outs() << "\n varargs:");
1488 for (; itA != ieA; ++itA)
1489 {
1490 const Value* AA = cs->getArgOperand(itA);
1491 NodeID vnAA = getValueNode(AA);
1492 FunEntryICFGNode* entry = pag->getICFG()->getFunEntryICFGNode(svffun);
1493 addCallEdge(vnAA,vaF, callICFGNode,entry);
1494 }
1495 }
1496 if(itA != ieA)
1497 {
1500 writeWrnMsg("too many args to non-vararg func.");
1501 writeWrnMsg("(" + callICFGNode->getSourceLoc() + ")");
1502
1503 }
1504}
SVF::ICFG::getFunExitICFGNode
FunExitICFGNode * getFunExitICFGNode(const FunObjVar *fun)
Add a function exit node.
Definition ICFG.cpp:249
SVF::ICFG::getFunEntryICFGNode
FunEntryICFGNode * getFunEntryICFGNode(const FunObjVar *fun)
Add a function entry node.
Definition ICFG.cpp:242
SVF::LLVMModuleSet::getCallICFGNode
CallICFGNode * getCallICFGNode(const Instruction *cs)
get a call node
Definition LLVMModule.cpp:1208
SVF::SVFIRBuilder::getVarargNode
NodeID getVarargNode(const FunObjVar *func)
getVarargNode - Return the node representing the unique variadic argument of a function.
Definition SVFIRBuilder.h:119
SVF::SVFIRBuilder::getReturnNode
NodeID getReturnNode(const FunObjVar *func)
getReturnNode - Return the node representing the unique return value of a function.
Definition SVFIRBuilder.h:113
SVF::SVFIRBuilder::addRetEdge
void addRetEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunExitICFGNode *exit)
Add Return edge.
Definition SVFIRBuilder.h:478
SVF::SVFIRBuilder::addCallEdge
void addCallEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Call edge.
Definition SVFIRBuilder.h:472
SVF::LLVMUtil::dumpValue
std::string dumpValue(const Value *val)
Definition LLVMUtil.cpp:600
SVF::SVFUtil::writeWrnMsg
void writeWrnMsg(const std::string &msg)
Writes a message run through wrnMsg.
Definition SVFUtil.cpp:68

◆ handleExtCall()

void SVFIRBuilder::handleExtCall ( const CallBase cs,
const Function callee 
)
protectedvirtual

pthread_create has 1 arg. apr_thread_create has 2 arg.

Connect actual parameter to formal parameter of the start routine

handle indirect calls at pthread create APIs e.g., pthread_create(&t1, nullptr, fp, ...); const Value* fun = ThreadAPI::getThreadAPI()->getForkedFun(inst); if(!SVFUtilisa<Function>(fun)) pag->addIndirectCallsites(cs,pag->getValueNode(fun));

If forkedFun does not pass to spawnee as function type but as void pointer remember to update inter-procedural callgraph/SVFIR/SVFG etc. when indirect call targets are resolved We don't connect the callgraph here, further investigation is need to handle mod-ref during SVFG construction.

TODO: inter-procedural SVFIR edges for thread joins

Definition at line 128 of file SVFIRExtAPI.cpp.

129{
130 const CallICFGNode *callICFGNode = llvmModuleSet()->getCallICFGNode(cs);
131
132 if (isHeapAllocExtCallViaRet(callICFGNode))
133 {
134 NodeID val = llvmModuleSet()->getValueNode(cs);
135 NodeID obj = llvmModuleSet()->getObjectNode(cs);
136 addAddrWithHeapSz(obj, val, cs);
137 }
138 else if (isHeapAllocExtCallViaArg(callICFGNode))
139 {
140 u32_t arg_pos = LLVMUtil::getHeapAllocHoldingArgPosition(callee);
141 Value* arg = cs->getArgOperand(arg_pos);
142 if (cs->getArgOperand(arg_pos)->getType()->isPointerTy())
143 {
144 NodeID vnArg = llvmModuleSet()->getValueNode(arg);
145 NodeID dummy = pag->addDummyValNode();
146 NodeID obj = pag->addDummyObjNode(llvmModuleSet()->getSVFType(cs->getArgOperand(arg_pos)->getType()));
147 if (vnArg && dummy && obj)
148 {
149 addAddrWithHeapSz(obj, dummy, cs);
150 addStoreEdge(dummy, vnArg);
151 }
152 }
153 else
154 {
155 writeWrnMsg("Arg receiving new object must be pointer type");
156 }
157 }
158 else if (LLVMUtil::isMemcpyExtFun(callee))
159 {
160 // Side-effects similar to void *memcpy(void *dest, const void * src, size_t n)
161 // which copies n characters from memory area 'src' to memory area 'dest'.
162 if(callee->getName().find("iconv") != std::string::npos)
163 addComplexConsForExt(cs->getArgOperand(3), cs->getArgOperand(1), nullptr);
164 else if(callee->getName().find("bcopy") != std::string::npos)
165 addComplexConsForExt(cs->getArgOperand(1), cs->getArgOperand(0), cs->getArgOperand(2));
166 if(cs->arg_size() == 3)
167 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), cs->getArgOperand(2));
168 else
169 addComplexConsForExt(cs->getArgOperand(0), cs->getArgOperand(1), nullptr);
170 if(SVFUtil::isa<PointerType>(cs->getType()))
171 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
172 }
173 else if(LLVMUtil::isMemsetExtFun(callee))
174 {
175 // Side-effects similar to memset(void *str, int c, size_t n)
176 // which copies the character c (an unsigned char) to the first n characters of the string pointed to, by the argument str
177 std::vector<AccessPath> dstFields;
178 const Type *dtype = getBaseTypeAndFlattenedFields(cs->getArgOperand(0), dstFields, cs->getArgOperand(2));
179 u32_t sz = dstFields.size();
180 //For each field (i), add store edge *(arg0 + i) = arg1
181 for (u32_t index = 0; index < sz; index++)
182 {
183 LLVMModuleSet* llvmmodule = LLVMModuleSet::getLLVMModuleSet();
184 const SVFType* dElementType = pag->getFlatternedElemType(llvmmodule->getSVFType(dtype),
185 dstFields[index].getConstantStructFldIdx());
186 NodeID dField = getGepValVar(cs->getArgOperand(0), dstFields[index], dElementType);
187 addStoreEdge(getValueNode(cs->getArgOperand(1)),dField);
188 }
189 if(SVFUtil::isa<PointerType>(cs->getType()))
190 addCopyEdge(getValueNode(cs->getArgOperand(0)), getValueNode(cs), CopyStmt::COPYVAL);
191 }
192 else if(callee->getName().compare("dlsym") == 0)
193 {
194 /*
195 Side-effects of void* dlsym( void* handle, const char* funName),
196 Locate the function with the name "funName," then add a "copy" edge between the callsite and that function.
197 dlsym() example:
198 int main() {
199 // Open the shared library
200 void* handle = dlopen("./my_shared_library.so", RTLD_LAZY);
201 // Find the function address
202 void (*myFunctionPtr)() = (void (*)())dlsym(handle, "myFunction");
203 // Call the function
204 myFunctionPtr();
205 }
206 */
207 const Value* src = cs->getArgOperand(1);
208 if(const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(src))
209 src = stripConstantCasts(gep->getPointerOperand());
210
211 auto getHookFn = [](const Value* src)->const Function*
212 {
213 if (!SVFUtil::isa<GlobalVariable>(src))
214 return nullptr;
215
216 auto *glob = SVFUtil::cast<GlobalVariable>(src);
217 if (!glob->hasInitializer() || !SVFUtil::isa<ConstantDataArray>(glob->getInitializer()))
218 return nullptr;
219
220 auto *constarray = SVFUtil::cast<ConstantDataArray>(glob->getInitializer());
221 return LLVMUtil::getProgFunction(constarray->getAsCString().str());
222 };
223
224 if (const Function *fn = getHookFn(src))
225 {
226 NodeID srcNode = getValueNode(fn);
227 addCopyEdge(srcNode, getValueNode(cs), CopyStmt::COPYVAL);
228 }
229 }
230 else if(callee->getName().find("_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_") != std::string::npos)
231 {
232 // The purpose of this function is to insert a new node into the red-black tree and then rebalance the tree to ensure that the red-black tree properties are maintained.
233 assert(cs->arg_size() == 4 && "_Rb_tree_insert_and_rebalance should have 4 arguments.\n");
234
235 // We have vArg3 points to the entry of _Rb_tree_node_base { color; parent; left; right; }.
236 // Now we calculate the offset from base to vArg3
237 NodeID vnArg3 = llvmModuleSet()->getValueNode(cs->getArgOperand(3));
238 APOffset offset =
239 getAccessPathFromBaseNode(vnArg3).getConstantStructFldIdx();
240
241 // We get all flattened fields of base
242 vector<AccessPath> fields = pag->getTypeLocSetsMap(vnArg3).second;
243
244 // We summarize the side effects: arg3->parent = arg1, arg3->left = arg1, arg3->right = arg1
245 // Note that arg0 is aligned with "offset".
246 for (APOffset i = offset + 1; i <= offset + 3; ++i)
247 {
248 if((u32_t)i >= fields.size())
249 break;
250 const SVFType* elementType = pag->getFlatternedElemType(pag->getTypeLocSetsMap(vnArg3).first,
251 fields[i].getConstantStructFldIdx());
252 NodeID vnD = getGepValVar(cs->getArgOperand(3), fields[i], elementType);
253 NodeID vnS = llvmModuleSet()->getValueNode(cs->getArgOperand(1));
254 if(vnD && vnS)
255 addStoreEdge(vnS,vnD);
256 }
257 }
258
259 if (isThreadForkCall(callICFGNode))
260 {
261 const ValVar* valVar = getForkedFun(callICFGNode);
262 if (const FunValVar* funcValVar = SVFUtil::dyn_cast<FunValVar>(valVar))
263 {
264 const FunObjVar* forkedFun = funcValVar->getFunction()->getDefFunForMultipleModule();
265 const SVFVar* actualParm = getActualParmAtForkSite(callICFGNode);
268 assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
269 if (forkedFun->arg_size() <= 2 && forkedFun->arg_size() >= 1)
270 {
271 const ArgValVar* formalParm = forkedFun->getArg(0);
273 if (actualParm->isPointer() && formalParm->getType()->isPointerTy())
274 {
275 FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
276 addThreadForkEdge(actualParm->getId(), formalParm->getId(), callICFGNode, entry);
277 }
278 }
279 }
280 else
281 {
286 }
290 }
291
293}
SVF::ArgValVar
Class representing a function argument variable in the SVFIR.
Definition SVFVariables.h:356
SVF::FunObjVar::getFunction
virtual const FunObjVar * getFunction() const
Get containing function, or null for globals/constants.
Definition SVFVariables.cpp:472
SVF::FunObjVar::getDefFunForMultipleModule
const FunObjVar * getDefFunForMultipleModule() const
Definition SVFVariables.h:1145
SVF::SVFIRBuilder::addAddrWithHeapSz
AddrStmt * addAddrWithHeapSz(NodeID src, NodeID dst, const CallBase *cs)
Add Address edge from ext call with args like "%5 = call i8* @malloc(i64 noundef 5)".
Definition SVFIRBuilder.h:323
SVF::SVFIRBuilder::addThreadForkEdge
void addThreadForkEdge(NodeID src, NodeID dst, const CallICFGNode *cs, const FunEntryICFGNode *entry)
Add Thread fork edge for parameter passing.
Definition SVFIRBuilder.h:502
SVF::SVFIRBuilder::getAccessPathFromBaseNode
AccessPath getAccessPathFromBaseNode(NodeID nodeId)
Definition SVFIRBuilder.cpp:1806
SVF::SVFIRBuilder::addCopyEdge
CopyStmt * addCopyEdge(NodeID src, NodeID dst, CopyStmt::CopyKind kind)
Definition SVFIRBuilder.h:369
SVF::SVFIRBuilder::addComplexConsForExt
virtual void addComplexConsForExt(Value *D, Value *S, const Value *sz)
Definition SVFIRExtAPI.cpp:82
SVF::SVFIR::getTypeLocSetsMap
SVFTypeLocSetsPair & getTypeLocSetsMap(NodeID argId)
Given an arg NodeId, get its base SVFType* and all its field location sets.
Definition SVFIR.h:268
SVF::SVFIR::addDummyObjNode
NodeID addDummyObjNode(const SVFType *type)
Definition SVFIR.h:491
SVF::LLVMUtil::getProgFunction
const Function * getProgFunction(const std::string &funName)
Get program entry function from module.
Definition LLVMUtil.cpp:39
SVF::LLVMUtil::stripConstantCasts
const Value * stripConstantCasts(const Value *val)
Strip off the constant casts.
Definition LLVMUtil.cpp:218
SVF::LLVMUtil::isHeapAllocExtCallViaRet
bool isHeapAllocExtCallViaRet(const Instruction *inst)
Definition LLVMUtil.cpp:633
SVF::LLVMUtil::isMemcpyExtFun
bool isMemcpyExtFun(const Function *fun)
Definition LLVMUtil.cpp:388
SVF::LLVMUtil::isHeapAllocExtCallViaArg
bool isHeapAllocExtCallViaArg(const Instruction *inst)
Definition LLVMUtil.cpp:648
SVF::LLVMUtil::isMemsetExtFun
bool isMemsetExtFun(const Function *fun)
Definition LLVMUtil.cpp:394
SVF::LLVMUtil::getHeapAllocHoldingArgPosition
u32_t getHeapAllocHoldingArgPosition(const Function *fun)
Definition LLVMUtil.cpp:400
SVF::SVFUtil::isThreadForkCall
bool isThreadForkCall(const CallICFGNode *inst)
Definition SVFUtil.h:360
SVF::SVFUtil::getActualParmAtForkSite
const ValVar * getActualParmAtForkSite(const CallICFGNode *cs)
Return sole argument of the thread routine.
Definition SVFUtil.h:408
SVF::SVFUtil::getForkedFun
const ValVar * getForkedFun(const CallICFGNode *inst)
Return thread fork function.
Definition SVFUtil.h:331

◆ handleIndCall()

void SVFIRBuilder::handleIndCall ( CallBase cs)
protected

Handle indirect call.

Indirect call is resolved on-the-fly during pointer analysis

Definition at line 1597 of file SVFIRBuilder.cpp.

1598{
1599 const CallICFGNode* cbn = llvmModuleSet()->getCallICFGNode(cs);
1600 pag->addIndirectCallsites(cbn,llvmModuleSet()->getValueNode(cs->getCalledOperand()));
1601}
SVF::SVFIR::addIndirectCallsites
void addIndirectCallsites(const CallICFGNode *cs, NodeID funPtr)
Add indirect callsites.
Definition SVFIR.h:549

◆ inferFieldIdxFromByteOffset()

u32_t SVFIRBuilder::inferFieldIdxFromByteOffset ( const llvm::GEPOperator *  gepOp,
DataLayout dl,
AccessPath ap,
APOffset  idx 
)
protected

Infer field index from byteoffset.

Definition at line 631 of file SVFIRBuilder.cpp.

632{
633 return 0;
634}

◆ initDomTree()

void SVFIRBuilder::initDomTree ( FunObjVar func,
const Function f 
)

Definition at line 263 of file SVFIRBuilder.cpp.

264{
265 if (fun->isDeclaration())
266 return;
267 //process and stored dt & df
268 DominanceFrontier df;
269 DominatorTree& dt = llvmModuleSet()->getDomTree(fun);
270 df.analyze(dt);
271 LoopInfo loopInfo = LoopInfo(dt);
272 PostDominatorTree pdt = PostDominatorTree(const_cast<Function&>(*fun));
273 SVFLoopAndDomInfo* ld = svffun->getLoopAndDomInfo();
274
275 Map<const SVFBasicBlock*,Set<const SVFBasicBlock*>> & dfBBsMap = ld->getDomFrontierMap();
276 for (DominanceFrontierBase::const_iterator dfIter = df.begin(), eDfIter = df.end(); dfIter != eDfIter; dfIter++)
277 {
278 const BasicBlock* keyBB = dfIter->first;
279 const std::set<BasicBlock* >& domSet = dfIter->second;
280 Set<const SVFBasicBlock*>& valueBasicBlocks = dfBBsMap[llvmModuleSet()->getSVFBasicBlock(keyBB)];
281 for (const BasicBlock* bbValue:domSet)
282 {
283 valueBasicBlocks.insert(llvmModuleSet()->getSVFBasicBlock(bbValue));
284 }
285 }
286 std::vector<const SVFBasicBlock*> reachableBBs;
287 LLVMUtil::getFunReachableBBs(fun, reachableBBs);
288 ld->setReachableBBs(reachableBBs);
289
290 for (Function::const_iterator bit = fun->begin(), beit = fun->end(); bit!=beit; ++bit)
291 {
292 const BasicBlock &bb = *bit;
293 SVFBasicBlock* svfBB = llvmModuleSet()->getSVFBasicBlock(&bb);
294 if (DomTreeNode* dtNode = dt.getNode(&bb))
295 {
296 SVFLoopAndDomInfo::BBSet& bbSet = ld->getDomTreeMap()[svfBB];
297 for (const auto domBB : *dtNode)
298 {
299 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
300 bbSet.insert(domSVFBB);
301 }
302 }
303
304 if (DomTreeNode* pdtNode = pdt.getNode(&bb))
305 {
306 u32_t level = pdtNode->getLevel();
307 ld->getBBPDomLevel()[svfBB] = level;
308 BasicBlock* idomBB = pdtNode->getIDom()->getBlock();
309 const SVFBasicBlock* idom = idomBB == NULL ? NULL: llvmModuleSet()->getSVFBasicBlock(idomBB);
310 ld->getBB2PIdom()[svfBB] = idom;
311
312 SVFLoopAndDomInfo::BBSet& bbSet = ld->getPostDomTreeMap()[svfBB];
313 for (const auto domBB : *pdtNode)
314 {
315 const auto* domSVFBB = llvmModuleSet()->getSVFBasicBlock(domBB->getBlock());
316 bbSet.insert(domSVFBB);
317 }
318 }
319
320 if (const Loop* loop = loopInfo.getLoopFor(&bb))
321 {
322 for (const BasicBlock* loopBlock : loop->getBlocks())
323 {
324 const SVFBasicBlock* loopbb = llvmModuleSet()->getSVFBasicBlock(loopBlock);
325 ld->addToBB2LoopMap(svfBB, loopbb);
326 }
327 }
328 }
329}
SVF::LLVMModuleSet::getSVFBasicBlock
SVFBasicBlock * getSVFBasicBlock(const BasicBlock *bb)
Definition LLVMModule.h:298
SVF::LLVMModuleSet::getDomTree
DominatorTree & getDomTree(const Function *fun)
Definition LLVMModule.cpp:99
SVF::SVFLoopAndDomInfo::getDomFrontierMap
const Map< const SVFBasicBlock *, BBSet > & getDomFrontierMap() const
Definition SVFLoopAndDomInfo.h:66
SVF::SVFLoopAndDomInfo::BBSet
Set< const SVFBasicBlock * > BBSet
Definition SVFLoopAndDomInfo.h:46
NULL
#define NULL
Definition extapi.c:5
SVF::LLVMUtil::getFunReachableBBs
void getFunReachableBBs(const Function *svfFun, std::vector< const SVFBasicBlock * > &bbs)
Get reachable basic block from function entry.
Definition LLVMUtil.cpp:74
SVF::LoopInfo
llvm::LoopInfo LoopInfo
Definition BasicTypes.h:141
SVF::DomTreeNode
llvm::DomTreeNode DomTreeNode
Definition BasicTypes.h:134
SVF::PostDominatorTree
llvm::PostDominatorTree PostDominatorTree
Definition BasicTypes.h:136
SVF::DominanceFrontier
llvm::DominanceFrontier DominanceFrontier
Definition BasicTypes.h:135
SVF::Loop
llvm::Loop Loop
LLVM Loop.
Definition BasicTypes.h:140
SVF::DominatorTree
llvm::DominatorTree DominatorTree
LLVM Dominators.
Definition BasicTypes.h:133

◆ initFunObjVar()

void SVFIRBuilder::initFunObjVar ( )

Function

set realDefFun for all functions

Definition at line 192 of file SVFIRBuilder.cpp.

193{
194 for (Module& mod : llvmModuleSet()->getLLVMModules())
195 {
197 for (const Function& f : mod.functions())
198 {
199 FunObjVar* svffun = const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(&f));
200 initSVFBasicBlock(&f);
201
202 if (!LLVMUtil::isExtCall(&f))
203 {
204 initDomTree(svffun, &f);
205 }
207 const Function *realfun = llvmModuleSet()->getRealDefFun(&f);
208 svffun->setRelDefFun(realfun == nullptr ? nullptr : llvmModuleSet()->getFunObjVar(realfun));
209 }
210 }
211
212 // Store annotations of functions in extapi.bc
213 for (const auto& pair : llvmModuleSet()->ExtFun2Annotations)
214 {
215 ExtAPI::getExtAPI()->setExtFuncAnnotations(llvmModuleSet()->getFunObjVar(pair.first), pair.second);
216 }
217
218}
SVF::ExtAPI::getExtAPI
static ExtAPI * getExtAPI()
Definition ExtAPI.cpp:44
SVF::ExtAPI::setExtFuncAnnotations
void setExtFuncAnnotations(const FunObjVar *fun, const std::vector< std::string > &funcAnnotations)
Definition ExtAPI.cpp:223
SVF::LLVMModuleSet::getRealDefFun
const Function * getRealDefFun(const Function *fun) const
Definition LLVMModule.h:185
SVF::SVFIRBuilder::initSVFBasicBlock
void initSVFBasicBlock(const Function *func)
Definition SVFIRBuilder.cpp:220
SVF::SVFIRBuilder::initDomTree
void initDomTree(FunObjVar *func, const Function *f)
Definition SVFIRBuilder.cpp:263
SVF::LLVMUtil::isExtCall
bool isExtCall(const Function *fun)
Definition LLVMUtil.cpp:383

◆ InitialGlobal()

void SVFIRBuilder::InitialGlobal ( const GlobalVariable gvar,
Constant C,
u32_t  offset 
)
protected

src should not point to anything yet

Definition at line 873 of file SVFIRBuilder.cpp.

875{
876 DBOUT(DPAGBuild, outs() << "global " << llvmModuleSet()->getSVFValue(gvar)->toString() << " constant initializer: " << llvmModuleSet()->getSVFValue(C)->toString() << "\n");
877 if (C->getType()->isSingleValueType())
878 {
879 NodeID src = getValueNode(C);
880 // get the field value if it is available, otherwise we create a dummy field node.
881 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
882 NodeID field = getGlobalVarField(gvar, offset, llvmModuleSet()->getSVFType(C->getType()));
883
884 if (SVFUtil::isa<GlobalVariable, Function>(C))
885 {
886 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
887 addStoreEdge(src, field);
888 }
889 else if (SVFUtil::isa<ConstantExpr>(C))
890 {
891 // add gep edge of C1 itself is a constant expression
892 processCE(C);
893 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
894 addStoreEdge(src, field);
895 }
896 else if (SVFUtil::isa<BlockAddress>(C))
897 {
898 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
899 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
900 processCE(C);
901 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
902 addAddrEdge(pag->getConstantNode(), src);
903 }
904 else
905 {
906 setCurrentLocation(C, (SVFBasicBlock*) nullptr);
907 addStoreEdge(src, field);
909 if (C->getType()->isPtrOrPtrVectorTy() && src != pag->getNullPtr())
910 addCopyEdge(pag->getNullPtr(), src, CopyStmt::COPYVAL);
911 }
912 }
913 else if (SVFUtil::isa<ConstantArray, ConstantStruct>(C))
914 {
915 if(cppUtil::isValVtbl(gvar) && !Options::VtableInSVFIR())
916 return;
917 for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
918 {
919 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
920 InitialGlobal(gvar, SVFUtil::cast<Constant>(C->getOperand(i)), offset + off);
921 }
922 }
923 else if(ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
924 {
925 if(Options::ModelConsts())
926 {
927 if(ConstantDataSequential* seq = SVFUtil::dyn_cast<ConstantDataSequential>(data))
928 {
929 for(u32_t i = 0; i < seq->getNumElements(); i++)
930 {
931 u32_t off = pag->getFlattenedElemIdx(llvmModuleSet()->getSVFType(C->getType()), i);
932 Constant* ct = seq->getElementAsConstant(i);
933 InitialGlobal(gvar, ct, offset + off);
934 }
935 }
936 else
937 {
938 assert((SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) && "Single value type data should have been handled!");
939 }
940 }
941 }
942 else
943 {
944 //TODO:assert(SVFUtil::isa<ConstantVector>(C),"what else do we have");
945 }
946}
SVF::IRGraph::getConstantNode
NodeID getConstantNode() const
Definition IRGraph.h:251
SVF::Options::ModelConsts
static Option< bool > ModelConsts
Definition Options.h:184
SVF::Options::VtableInSVFIR
static const Option< bool > VtableInSVFIR
Definition Options.h:214
SVF::SVFIRBuilder::InitialGlobal
void InitialGlobal(const GlobalVariable *gvar, Constant *C, u32_t offset)
Definition SVFIRBuilder.cpp:873
SVF::SVFIRBuilder::getGlobalVarField
NodeID getGlobalVarField(const GlobalVariable *gvar, u32_t offset, SVFType *tpy)
Definition SVFIRBuilder.cpp:846
SVF::cppUtil::isValVtbl
bool isValVtbl(const Value *val)
Definition CppUtil.cpp:336
SVF::ConstantData
llvm::ConstantData ConstantData
Definition BasicTypes.h:116
SVF::Constant
llvm::Constant Constant
Definition BasicTypes.h:124
SVF::ConstantDataSequential
llvm::ConstantDataSequential ConstantDataSequential
Definition BasicTypes.h:119

◆ initialiseBaseObjVars()

void SVFIRBuilder::initialiseBaseObjVars ( )

Definition at line 373 of file SVFIRBuilder.cpp.

374{
375 // Iterate over all object symbols in the symbol table
376 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
377 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end();
378 ++iter)
379 {
380 // Debug output for adding object node
381 DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
382
383 // Skip blackhole and constant symbols
384 if(iter->second == pag->blackholeSymID() || iter->second == pag->constantSymID())
385 continue;
386
387 // Get the LLVM value corresponding to the symbol
388 const Value* llvmValue = iter->first;
389
390 const ICFGNode* icfgNode = nullptr;
391 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
392 {
393 if(llvmModuleSet()->hasICFGNode(inst))
394 icfgNode = llvmModuleSet()->getICFGNode(inst);
395 }
396
397 // Check if the value is a function and add a function object node
398 if (SVFUtil::dyn_cast<Function>(llvmValue))
399 {
400 // already one
401 }
402 // Check if the value is a heap object and add a heap object node
403 else if (LLVMUtil::isHeapObj(llvmValue))
404 {
405 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
406 pag->addHeapObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
407 }
408 // Check if the value is an alloca instruction and add a stack object node
409 else if (LLVMUtil::isStackObj(llvmValue))
410 {
411 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
412 pag->addStackObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
413 }
414 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
415 {
416 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
417 pag->addConstantFPObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getDoubleValue(fpValue), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
418 }
419 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
420 {
421 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
422 pag->addConstantIntObjNode(iter->second, pag->getObjTypeInfo(id), LLVMUtil::getIntegerValue(intValue), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
423 }
424 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
425 {
426 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
427 pag->addConstantNullPtrObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
428 }
429 else if (SVFUtil::isa<GlobalValue>(llvmValue))
430 {
431 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
432 pag->addGlobalObjNode(iter->second,
433 pag->getObjTypeInfo(id),
434 llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
435 }
436 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
437 {
438 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
439 pag->addConstantDataObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
440 }
441 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
442 {
443 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
444 pag->addConstantAggObjNode(iter->second, pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
445 }
446 // Add a generic object node for other types of values
447 else
448 {
449 NodeID id = llvmModuleSet()->getObjectNode(iter->first);
450 pag->addObjNode(iter->second,
451 pag->getObjTypeInfo(id), llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
452 }
453 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
454 }
455
456}
SVF::IRGraph::constantSymID
NodeID constantSymID() const
Definition IRGraph.h:188
SVF::IRGraph::blackholeSymID
NodeID blackholeSymID() const
Definition IRGraph.h:193
SVF::SVFIR::addObjNode
NodeID addObjNode(NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Add a memory obj node.
Definition SVFIR.h:619
SVF::SVFIR::addGlobalObjNode
NodeID addGlobalObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:676
SVF::SVFIR::addConstantFPObjNode
NodeID addConstantFPObjNode(NodeID i, ObjTypeInfo *ti, double dval, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:652
SVF::SVFIR::addHeapObjNode
NodeID addHeapObjNode(NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:627
SVF::SVFIR::addStackObjNode
NodeID addStackObjNode(NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:637
SVF::SVFIR::addConstantDataObjNode
NodeID addConstantDataObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:688
SVF::SVFIR::addConstantAggObjNode
NodeID addConstantAggObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:682
SVF::SVFIR::addConstantNullPtrObjNode
NodeID addConstantNullPtrObjNode(const NodeID i, ObjTypeInfo *ti, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:669
SVF::SVFIR::addConstantIntObjNode
NodeID addConstantIntObjNode(NodeID i, ObjTypeInfo *ti, const std::pair< s64_t, u64_t > &intValue, const SVFType *type, const ICFGNode *node)
Definition SVFIR.h:660
SVF::LLVMUtil::getDoubleValue
double getDoubleValue(const ConstantFP *fpValue)
Definition LLVMUtil.h:54
SVF::LLVMUtil::isHeapObj
bool isHeapObj(const Value *val)
Definition LLVMUtil.cpp:682
SVF::LLVMUtil::isStackObj
bool isStackObj(const Value *val)
Definition LLVMUtil.cpp:704

◆ initialiseNodes()

void SVFIRBuilder::initialiseNodes ( )

Initialize nodes and edges.

add address edges for constant nodes.

add argvalvar for svffunctions

Definition at line 536 of file SVFIRBuilder.cpp.

537{
538 DBOUT(DPAGBuild, outs() << "Initialise SVFIR Nodes ...\n");
539
540
541 pag->addBlackholeObjNode();
542 pag->addConstantObjNode();
543 pag->addBlackholePtrNode();
544 addNullPtrNode();
545
546 initialiseBaseObjVars();
547 initialiseValVars();
548
549 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
550 llvmModuleSet()->retSyms().begin(); iter != llvmModuleSet()->retSyms().end();
551 ++iter)
552 {
553 const Value* llvmValue = iter->first;
554 const ICFGNode* icfgNode = nullptr;
555 if (const Instruction* inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
556 {
557 if(llvmModuleSet()->hasICFGNode(inst))
558 icfgNode = llvmModuleSet()->getICFGNode(inst);
559 }
560 DBOUT(DPAGBuild, outs() << "add ret node " << iter->second << "\n");
561 pag->addRetNode(iter->second,
562 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
563 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
564 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
565 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
566 pag->returnFunObjSymMap[funObjVar] = iter->second;
567 }
568
569 for (LLVMModuleSet::FunToIDMapTy::iterator iter =
570 llvmModuleSet()->varargSyms().begin();
571 iter != llvmModuleSet()->varargSyms().end(); ++iter)
572 {
573 const Value* llvmValue = iter->first;
574
575 const ICFGNode *icfgNode = nullptr;
576 if (const Instruction *inst = SVFUtil::dyn_cast<Instruction>(llvmValue))
577 {
578 if (llvmModuleSet()->hasICFGNode(inst))
579 icfgNode = llvmModuleSet()->getICFGNode(inst);
580 }
581 DBOUT(DPAGBuild, outs() << "add vararg node " << iter->second << "\n");
582 pag->addVarargNode(iter->second,
583 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue)),
584 llvmModuleSet()->getSVFType(iter->first->getType()), icfgNode);
585 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue, pag->getGNode(iter->second));
586 const FunObjVar* funObjVar = llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(llvmValue));
587 pag->varargFunObjSymMap[funObjVar] = iter->second;
588 }
589
591 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
592 llvmModuleSet()->objSyms().begin(); iter != llvmModuleSet()->objSyms().end(); ++iter)
593 {
594 DBOUT(DPAGBuild, outs() << "add address edges for constant node " << iter->second << "\n");
595 const Value* val = iter->first;
596 if (isConstantObjSym(val))
597 {
598 NodeID ptr = llvmModuleSet()->getValueNode(val);
599 if(ptr!= pag->getBlkPtr() && ptr!= pag->getNullPtr())
600 {
601 setCurrentLocation(val, (SVFBasicBlock*) nullptr);
602 addAddrEdge(iter->second, ptr);
603 }
604 }
605 }
606
607 assert(pag->getTotalNodeNum() >= pag->getTotalSymNum()
608 && "not all node have been initialized!!!");
609
611 for (auto& fun: llvmModuleSet()->getFunctionSet())
612 {
613 for (const Argument& arg : fun->args())
614 {
615 const_cast<FunObjVar*>(llvmModuleSet()->getFunObjVar(fun))->addArgument(SVFUtil::cast<ArgValVar>(
616 pag->getGNode(llvmModuleSet()->getValueNode(&arg))));
617 }
618 }
619
620}
SVF::IRGraph::getTotalSymNum
u32_t getTotalSymNum() const
Statistics.
Definition IRGraph.h:200
SVF::IRGraph::varargFunObjSymMap
FunObjVarToIDMapTy varargFunObjSymMap
vararg map
Definition IRGraph.h:87
SVF::IRGraph::returnFunObjSymMap
FunObjVarToIDMapTy returnFunObjSymMap
return map
Definition IRGraph.h:86
SVF::LLVMModuleSet::retSyms
FunToIDMapTy & retSyms()
Definition LLVMModule.h:274
SVF::LLVMModuleSet::hasICFGNode
bool hasICFGNode(const Instruction *inst)
Definition LLVMModule.cpp:1195
SVF::LLVMModuleSet::varargSyms
FunToIDMapTy & varargSyms()
Definition LLVMModule.h:279
SVF::SVFIRBuilder::addNullPtrNode
NodeID addNullPtrNode()
Add NullPtr PAGNode.
Definition SVFIRBuilder.h:279
SVF::SVFIR::addBlackholePtrNode
NodeID addBlackholePtrNode()
Definition SVFIR.h:751
SVF::SVFIR::addBlackholeObjNode
NodeID addBlackholeObjNode()
Definition SVFIR.h:743
SVF::SVFIR::addVarargNode
NodeID addVarargNode(NodeID i, const FunObjVar *val, const SVFType *type, const ICFGNode *n)
Add a unique vararg node for a procedure.
Definition SVFIR.h:702
SVF::SVFIR::addRetNode
NodeID addRetNode(NodeID i, const FunObjVar *callGraphNode, const SVFType *type, const ICFGNode *icn)
Add a unique return node for a procedure.
Definition SVFIR.h:696
SVF::SVFIR::addConstantObjNode
NodeID addConstantObjNode()
Definition SVFIR.h:747
SVF::LLVMUtil::isConstantObjSym
bool isConstantObjSym(const Value *val)
Check whether this value points-to a constant object.
Definition CppUtil.cpp:672
SVF::Argument
llvm::Argument Argument
Definition BasicTypes.h:145

◆ initialiseValVars()

void SVFIRBuilder::initialiseValVars ( )

Definition at line 458 of file SVFIRBuilder.cpp.

459{
460 // Iterate over all value symbols in the symbol table
461 for (LLVMModuleSet::ValueToIDMapTy::iterator iter =
462 llvmModuleSet()->valSyms().begin(); iter != llvmModuleSet()->valSyms().end();
463 ++iter)
464 {
465 // Debug output for adding value node
466 DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
467
468 // Skip blackhole and null pointer symbols
469 if(iter->second == pag->blkPtrSymID() || iter->second == pag->nullPtrSymID())
470 continue;
471
472 const ICFGNode* icfgNode = nullptr;
473 auto llvmValue = iter->first;
474 if (const Instruction* inst =
475 SVFUtil::dyn_cast<Instruction>(llvmValue))
476 {
477 if (llvmModuleSet()->hasICFGNode(inst))
478 {
479 icfgNode = llvmModuleSet()->getICFGNode(inst);
480 }
481 }
482
483 // Check if the value is a function and get its call graph node
484 if (const Function* func = SVFUtil::dyn_cast<Function>(llvmValue))
485 {
486 // add value node representing the function
487 pag->addFunValNode(iter->second, icfgNode, llvmModuleSet()->getFunObjVar(func), llvmModuleSet()->getSVFType(llvmValue->getType()));
488 }
489 else if (auto argval = SVFUtil::dyn_cast<Argument>(llvmValue))
490 {
491 pag->addArgValNode(
492 iter->second, argval->getArgNo(), icfgNode,
493 llvmModuleSet()->getFunObjVar(argval->getParent()),llvmModuleSet()->getSVFType(llvmValue->getType()));
494 if (!argval->hasName())
495 pag->getGNode(iter->second)->setName("arg_" + std::to_string(argval->getArgNo()));
496 }
497 else if (auto fpValue = SVFUtil::dyn_cast<ConstantFP>(llvmValue))
498 {
499 pag->addConstantFPValNode(iter->second, LLVMUtil::getDoubleValue(fpValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
500 }
501 else if (auto intValue = SVFUtil::dyn_cast<ConstantInt>(llvmValue))
502 {
503 pag->addConstantIntValNode(iter->second, LLVMUtil::getIntegerValue(intValue), icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
504 }
505 else if (SVFUtil::isa<ConstantPointerNull>(llvmValue))
506 {
507 pag->addConstantNullPtrValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
508 }
509 else if (SVFUtil::isa<GlobalValue>(llvmValue))
510 {
511 pag->addGlobalValNode(iter->second, icfgNode,
512 llvmModuleSet()->getSVFType(llvmValue->getType()));
513 }
514 else if (SVFUtil::isa<ConstantData, MetadataAsValue, BlockAddress>(llvmValue))
515 {
516 pag->addConstantDataValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
517 }
518 else if (SVFUtil::isa<ConstantAggregate>(llvmValue))
519 {
520 pag->addConstantAggValNode(iter->second, icfgNode, llvmModuleSet()->getSVFType(llvmValue->getType()));
521 }
522 else
523 {
524 // Add value node to PAG
525 pag->addValNode(iter->second, llvmModuleSet()->getSVFType(llvmValue->getType()), icfgNode);
526 }
527 llvmModuleSet()->addToSVFVar2LLVMValueMap(llvmValue,
528 pag->getGNode(iter->second));
529 }
530}
SVF::IRGraph::blkPtrSymID
NodeID blkPtrSymID() const
Definition IRGraph.h:178
SVF::IRGraph::nullPtrSymID
NodeID nullPtrSymID() const
Definition IRGraph.h:183
SVF::LLVMModuleSet::valSyms
ValueToIDMapTy & valSyms()
Definition LLVMModule.h:207
SVF::SVFIR::addGlobalValNode
NodeID addGlobalValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:599
SVF::SVFIR::addConstantDataValNode
NodeID addConstantDataValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:611
SVF::SVFIR::addFunValNode
NodeID addFunValNode(NodeID i, const ICFGNode *icfgNode, const FunObjVar *funObjVar, const SVFType *type)
Definition SVFIR.h:566
SVF::SVFIR::addConstantFPValNode
NodeID addConstantFPValNode(const NodeID i, double dval, const ICFGNode *icfgNode, const SVFType *type)
Definition SVFIR.h:579
SVF::SVFIR::addConstantAggValNode
NodeID addConstantAggValNode(const NodeID i, const ICFGNode *icfgNode, const SVFType *svfType)
Definition SVFIR.h:605
SVF::SVFIR::addValNode
NodeID addValNode(NodeID i, const SVFType *type, const ICFGNode *icfgNode)
add node into SVFIR
Definition SVFIR.h:560
SVF::SVFIR::addArgValNode
NodeID addArgValNode(NodeID i, u32_t argNo, const ICFGNode *icfgNode, const FunObjVar *callGraphNode, const SVFType *type)
Definition SVFIR.h:572
SVF::SVFValue::setName
virtual void setName(const std::string &nameInfo)
Definition SVFValue.h:176

◆ initSVFBasicBlock()

void SVFIRBuilder::initSVFBasicBlock ( const Function func)

set exit block: exit basic block must have no successors and have a return instruction

Definition at line 220 of file SVFIRBuilder.cpp.

221{
222 FunObjVar *svfFun = const_cast<FunObjVar *>(llvmModuleSet()->getFunObjVar(func));
223 for (Function::const_iterator bit = func->begin(), ebit = func->end(); bit != ebit; ++bit)
224 {
225 const BasicBlock* bb = &*bit;
226 SVFBasicBlock* svfbb = llvmModuleSet()->getSVFBasicBlock(bb);
227 for (succ_const_iterator succ_it = succ_begin(bb); succ_it != succ_end(bb); succ_it++)
228 {
229 const SVFBasicBlock* svf_scc_bb = llvmModuleSet()->getSVFBasicBlock(*succ_it);
230 svfbb->addSuccBasicBlock(svf_scc_bb);
231 }
232 for (const_pred_iterator pred_it = pred_begin(bb); pred_it != pred_end(bb); pred_it++)
233 {
234 const SVFBasicBlock* svf_pred_bb = llvmModuleSet()->getSVFBasicBlock(*pred_it);
235 svfbb->addPredBasicBlock(svf_pred_bb);
236 }
237
239 if (svfbb->getSuccessors().empty())
240 {
241 if (LLVMUtil::basicBlockHasRetInst(bb))
242 {
243 assert((LLVMUtil::functionDoesNotRet(func) ||
244 SVFUtil::isa<ReturnInst>(bb->back())) &&
245 "last inst must be return inst");
246 svfFun->setExitBlock(svfbb);
247 }
248 }
249 }
250 // For no return functions, we set the last block as exit BB
251 // This ensures that each function that has definition must have an exit BB
252 if (svfFun->hasBasicBlock() && svfFun->exitBlock == nullptr)
253 {
254 SVFBasicBlock* retBB = const_cast<SVFBasicBlock*>(svfFun->back());
255 assert((LLVMUtil::functionDoesNotRet(func) ||
256 SVFUtil::isa<ReturnInst>(&func->back().back())) &&
257 "last inst must be return inst");
258 svfFun->setExitBlock(retBB);
259 }
260}
SVF::SVFBasicBlock::addPredBasicBlock
void addPredBasicBlock(const SVFBasicBlock *pred2)
Definition BasicBlockG.h:175
SVF::SVFBasicBlock::addSuccBasicBlock
void addSuccBasicBlock(const SVFBasicBlock *succ2)
Definition BasicBlockG.h:158
SVF::LLVMUtil::basicBlockHasRetInst
bool basicBlockHasRetInst(const BasicBlock *bb)
Return true if the function has a return instruction.
Definition LLVMUtil.cpp:108
SVF::succ_const_iterator
llvm::succ_const_iterator succ_const_iterator
LLVM Iterators.
Definition BasicTypes.h:276
SVF::const_pred_iterator
llvm::const_pred_iterator const_pred_iterator
Definition BasicTypes.h:254

◆ llvmModuleSet()

LLVMModuleSet * SVF::SVFIRBuilder::llvmModuleSet ( )
inlineprivate

Definition at line 518 of file SVFIRBuilder.h.

519 {
520 return LLVMModuleSet::getLLVMModuleSet();
521 }

◆ processCE()

void SVFIRBuilder::processCE ( const Value val)
protected

Process constant expression.

Handle constant expression, and connect the gep edge

Definition at line 715 of file SVFIRBuilder.cpp.

716{
717 if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
718 {
719 if (const ConstantExpr* gepce = isGepConstantExpr(ref))
720 {
721 DBOUT(DPAGBuild, outs() << "handle gep constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
722 const Constant* opnd = gepce->getOperand(0);
723 // handle recursive constant express case (gep (bitcast (gep X 1)) 1)
724 processCE(opnd);
725 auto &GEPOp = llvm::cast<llvm::GEPOperator>(*gepce);
726 Type *pType = GEPOp.getSourceElementType();
727 AccessPath ap(0, llvmModuleSet()->getSVFType(pType));
728 bool constGep = computeGepOffset(gepce, ap);
729 // must invoke pag methods here, otherwise it will be a dead recursion cycle
730 const Value* cval = getCurrentValue();
731 const SVFBasicBlock* cbb = getCurrentBB();
732 setCurrentLocation(gepce, (SVFBasicBlock*) nullptr);
733 /*
734 * The gep edge created are like constexpr (same edge may appear at multiple callsites)
735 * so bb/inst of this edge may be rewritten several times, we treat it as global here.
736 */
737 addGepEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(gepce), ap, constGep);
738 setCurrentLocation(cval, cbb);
739 }
740 else if (const ConstantExpr* castce = isCastConstantExpr(ref))
741 {
742 DBOUT(DPAGBuild, outs() << "handle cast constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
743 const Constant* opnd = castce->getOperand(0);
744 processCE(opnd);
745 const Value* cval = getCurrentValue();
746 const SVFBasicBlock* cbb = getCurrentBB();
747 setCurrentLocation(castce, (SVFBasicBlock*) nullptr);
748 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(castce), CopyStmt::BITCAST);
749 setCurrentLocation(cval, cbb);
750 }
751 else if (const ConstantExpr* selectce = isSelectConstantExpr(ref))
752 {
753 DBOUT(DPAGBuild, outs() << "handle select constant expression " << llvmModuleSet()->getSVFValue(ref)->toString() << "\n");
754 const Constant* src1 = selectce->getOperand(1);
755 const Constant* src2 = selectce->getOperand(2);
756 processCE(src1);
757 processCE(src2);
758 const Value* cval = getCurrentValue();
759 const SVFBasicBlock* cbb = getCurrentBB();
760 setCurrentLocation(selectce, (SVFBasicBlock*) nullptr);
761 NodeID cond = llvmModuleSet()->getValueNode(selectce->getOperand(0));
762 NodeID nsrc1 = llvmModuleSet()->getValueNode(src1);
763 NodeID nsrc2 = llvmModuleSet()->getValueNode(src2);
764 NodeID nres = llvmModuleSet()->getValueNode(selectce);
765 addSelectStmt(nres,nsrc1, nsrc2, cond);
766 setCurrentLocation(cval, cbb);
767 }
768 // if we meet a int2ptr, then it points-to black hole
769 else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
770 {
771 const Constant* opnd = int2Ptrce->getOperand(0);
772 processCE(opnd);
773 const SVFBasicBlock* cbb = getCurrentBB();
774 const Value* cval = getCurrentValue();
775 setCurrentLocation(int2Ptrce, (SVFBasicBlock*) nullptr);
776 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(int2Ptrce), CopyStmt::INTTOPTR);
777 setCurrentLocation(cval, cbb);
778 }
779 else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
780 {
781 const Constant* opnd = ptr2Intce->getOperand(0);
782 processCE(opnd);
783 const SVFBasicBlock* cbb = getCurrentBB();
784 const Value* cval = getCurrentValue();
785 setCurrentLocation(ptr2Intce, (SVFBasicBlock*) nullptr);
786 addCopyEdge(llvmModuleSet()->getValueNode(opnd), llvmModuleSet()->getValueNode(ptr2Intce), CopyStmt::PTRTOINT);
787 setCurrentLocation(cval, cbb);
788 }
789 else if(isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
790 {
791 // we don't handle trunc and cmp instruction for now
792 const Value* cval = getCurrentValue();
793 const SVFBasicBlock* cbb = getCurrentBB();
794 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
795 NodeID dst = llvmModuleSet()->getValueNode(ref);
796 addBlackHoleAddrEdge(dst);
797 setCurrentLocation(cval, cbb);
798 }
799 else if (isBinaryConstantExpr(ref))
800 {
801 // we don't handle binary constant expression like add(x,y) now
802 const Value* cval = getCurrentValue();
803 const SVFBasicBlock* cbb = getCurrentBB();
804 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
805 NodeID dst = llvmModuleSet()->getValueNode(ref);
806 addBlackHoleAddrEdge(dst);
807 setCurrentLocation(cval, cbb);
808 }
809 else if (isUnaryConstantExpr(ref))
810 {
811 // we don't handle unary constant expression like fneg(x) now
812 const Value* cval = getCurrentValue();
813 const SVFBasicBlock* cbb = getCurrentBB();
814 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
815 NodeID dst = llvmModuleSet()->getValueNode(ref);
816 addBlackHoleAddrEdge(dst);
817 setCurrentLocation(cval, cbb);
818 }
819 else if (SVFUtil::isa<ConstantAggregate>(ref))
820 {
821 // we don't handle constant aggregate like constant vectors
822 }
823 else if (SVFUtil::isa<BlockAddress>(ref))
824 {
825 // blockaddress instruction (e.g. i8* blockaddress(@run_vm, %182))
826 // is treated as constant data object for now, see LLVMUtil.h:397, SymbolTableInfo.cpp:674 and SVFIRBuilder.cpp:183-194
827 const Value* cval = getCurrentValue();
828 const SVFBasicBlock* cbb = getCurrentBB();
829 setCurrentLocation(ref, (SVFBasicBlock*) nullptr);
830 NodeID dst = llvmModuleSet()->getValueNode(ref);
831 addAddrEdge(pag->getConstantNode(), dst);
832 setCurrentLocation(cval, cbb);
833 }
834 else
835 {
836 if(SVFUtil::isa<ConstantExpr>(val))
837 assert(false && "we don't handle all other constant expression for now!");
838 }
839 }
840}
SVF::SVFIRBuilder::addSelectStmt
void addSelectStmt(NodeID res, NodeID op1, NodeID op2, NodeID cond)
Add SelectStmt.
Definition SVFIRBuilder.h:424
SVF::SVFIRBuilder::computeGepOffset
bool computeGepOffset(const User *V, AccessPath &ap)
Compute offset of a gep instruction or gep constant expression.
Definition SVFIRBuilder.cpp:642
SVF::LLVMUtil::isBinaryConstantExpr
const ConstantExpr * isBinaryConstantExpr(const Value *val)
Definition LLVMUtil.h:290
SVF::LLVMUtil::isInt2PtrConstantExpr
const ConstantExpr * isInt2PtrConstantExpr(const Value *val)
Definition LLVMUtil.h:225
SVF::LLVMUtil::isSelectConstantExpr
const ConstantExpr * isSelectConstantExpr(const Value *val)
Definition LLVMUtil.h:255
SVF::LLVMUtil::isTruncConstantExpr
const ConstantExpr * isTruncConstantExpr(const Value *val)
Definition LLVMUtil.h:265
SVF::LLVMUtil::isPtr2IntConstantExpr
const ConstantExpr * isPtr2IntConstantExpr(const Value *val)
Definition LLVMUtil.h:235
SVF::LLVMUtil::isUnaryConstantExpr
const ConstantExpr * isUnaryConstantExpr(const Value *val)
Definition LLVMUtil.h:301
SVF::LLVMUtil::isCastConstantExpr
const ConstantExpr * isCastConstantExpr(const Value *val)
Definition LLVMUtil.h:245
SVF::LLVMUtil::isGepConstantExpr
const ConstantExpr * isGepConstantExpr(const Value *val)
Return corresponding constant expression, otherwise return nullptr.
Definition LLVMUtil.h:215
SVF::LLVMUtil::isCmpConstantExpr
const ConstantExpr * isCmpConstantExpr(const Value *val)
Definition LLVMUtil.h:279
SVF::ConstantExpr
llvm::ConstantExpr ConstantExpr
Definition BasicTypes.h:120

◆ sanityCheck()

void SVFIRBuilder::sanityCheck ( )

Sanity check for SVFIR.

Definition at line 1638 of file SVFIRBuilder.cpp.

1639{
1640 for (SVFIR::iterator nIter = pag->begin(); nIter != pag->end(); ++nIter)
1641 {
1642 (void) pag->getGNode(nIter->first);
1643 //TODO::
1644 // (1) every source(root) node of a pag tree should be object node
1645 // if a node has no incoming edge, but has outgoing edges
1646 // then it has to be an object node.
1647 // (2) make sure every variable should be initialized
1648 // otherwise it causes the a null pointer, the aliasing relation may not be captured
1649 // when loading a pointer value should make sure
1650 // some value has been store into this pointer before
1651 // q = load p, some value should stored into p first like store w p;
1652 // (3) make sure PAGNode should not have a const expr value (pointer should have unique def)
1653 // (4) look closely into addComplexConsForExt, make sure program locations(e.g.,inst bb)
1654 // are set correctly for dummy gepval node
1655 // (5) reduce unnecessary copy edge (const casts) and ensure correctness.
1656 }
1657}
SVF::GenericGraph::begin
iterator begin()
Iterators.
Definition GenericGraph.h:377
SVF::GenericGraph< SVFVar, SVFStmt >::iterator
IDToNodeMapTy::iterator iterator
Node Iterators.
Definition GenericGraph.h:356

◆ setCurrentBBAndValueForPAGEdge()

void SVFIRBuilder::setCurrentBBAndValueForPAGEdge ( PAGEdge edge)
protected

We assume every GepValVar and its GepStmt are unique across whole program

We will have one unique function exit ICFGNode for all returns

Definition at line 1719 of file SVFIRBuilder.cpp.

1720{
1721 if (SVFIR::pagReadFromTXT())
1722 return;
1723
1724 assert(curVal && "current Val is nullptr?");
1725 edge->setBB(curBB!=nullptr ? curBB : nullptr);
1726 edge->setValue(pag->getGNode(llvmModuleSet()->getValueNode(curVal)));
1727 ICFGNode* icfgNode = pag->getICFG()->getGlobalICFGNode();
1728 LLVMModuleSet* llvmMS = llvmModuleSet();
1729 if (const Instruction* curInst = SVFUtil::dyn_cast<Instruction>(curVal))
1730 {
1731 const FunObjVar* srcFun = edge->getSrcNode()->getFunction();
1732 const FunObjVar* dstFun = edge->getDstNode()->getFunction();
1733 if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<FunValVar>(edge->getSrcNode()) && !SVFUtil::isa<FunObjVar>(edge->getSrcNode()))
1734 {
1735 assert(srcFun==llvmMS->getFunObjVar(curInst->getFunction()) && "SrcNode of the PAGEdge not in the same function?");
1736 }
1737 if(dstFun!=nullptr && !SVFUtil::isa<CallPE>(edge) && !SVFUtil::isa<RetValPN>(edge->getDstNode()))
1738 {
1739 assert(dstFun==llvmMS->getFunObjVar(curInst->getFunction()) && "DstNode of the PAGEdge not in the same function?");
1740 }
1741
1743 if (!(SVFUtil::isa<GepStmt>(edge) && SVFUtil::isa<GepValVar>(edge->getDstNode())))
1744 assert(curBB && "instruction does not have a basic block??");
1745
1747 if(SVFUtil::isa<ReturnInst>(curInst))
1748 {
1749 icfgNode = pag->getICFG()->getFunExitICFGNode(llvmMS->getFunObjVar(curInst->getFunction()));
1750 }
1751 else
1752 {
1753 if(SVFUtil::isa<RetPE>(edge))
1754 icfgNode = llvmMS->getRetICFGNode(SVFUtil::cast<Instruction>(curInst));
1755 else
1756 icfgNode = llvmMS->getICFGNode(SVFUtil::cast<Instruction>(curInst));
1757 }
1758 }
1759 else if (const Argument* arg = SVFUtil::dyn_cast<Argument>(curVal))
1760 {
1761 assert(curBB && (curBB->getParent()->getEntryBlock() == curBB));
1762 icfgNode = pag->getICFG()->getFunEntryICFGNode(
1763 llvmModuleSet()->getFunObjVar(SVFUtil::cast<Function>(arg->getParent())));
1764 }
1765 else if (SVFUtil::isa<Constant>(curVal) ||
1766 SVFUtil::isa<Function>(curVal) ||
1767 SVFUtil::isa<MetadataAsValue>(curVal))
1768 {
1769 if (!curBB)
1770 pag->addGlobalPAGEdge(edge);
1771 else
1772 {
1773 icfgNode = const_cast<ICFGNode*>(curBB->front());
1774 }
1775 }
1776 else
1777 {
1778 assert(false && "what else value can we have?");
1779 }
1780
1781 pag->addToSVFStmtList(icfgNode,edge);
1782 icfgNode->addSVFStmt(edge);
1783 if(const CallPE* callPE = SVFUtil::dyn_cast<CallPE>(edge))
1784 {
1785 CallICFGNode* callNode = const_cast<CallICFGNode*>(callPE->getCallSite());
1786 FunEntryICFGNode* entryNode = const_cast<FunEntryICFGNode*>(callPE->getFunEntryICFGNode());
1787 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(callNode,entryNode, ICFGEdge::CallCF))
1788 SVFUtil::cast<CallCFGEdge>(edge)->addCallPE(callPE);
1789 }
1790 else if(const RetPE* retPE = SVFUtil::dyn_cast<RetPE>(edge))
1791 {
1792 RetICFGNode* retNode = const_cast<RetICFGNode*>(retPE->getCallSite()->getRetICFGNode());
1793 FunExitICFGNode* exitNode = const_cast<FunExitICFGNode*>(retPE->getFunExitICFGNode());
1794 if(ICFGEdge* edge = pag->getICFG()->hasInterICFGEdge(exitNode, retNode, ICFGEdge::RetCF))
1795 SVFUtil::cast<RetCFGEdge>(edge)->addRetPE(retPE);
1796 }
1797}
SVF::FunObjVar::getEntryBlock
const SVFBasicBlock * getEntryBlock() const
Definition SVFVariables.h:1172
SVF::ICFGNode::addSVFStmt
void addSVFStmt(const SVFStmt *edge)
Definition ICFGNode.h:112
SVF::ICFG::hasInterICFGEdge
ICFGEdge * hasInterICFGEdge(ICFGNode *src, ICFGNode *dst, ICFGEdge::ICFGEdgeK kind)
Definition ICFG.cpp:276
SVF::ICFG::getGlobalICFGNode
GlobalICFGNode * getGlobalICFGNode() const
Definition ICFG.h:230
SVF::SVFBasicBlock::getParent
const FunObjVar * getParent() const
Definition BasicBlockG.h:191
SVF::SVFBasicBlock::front
const ICFGNode * front() const
Definition BasicBlockG.h:203
SVF::SVFIR::addToSVFStmtList
void addToSVFStmtList(ICFGNode *inst, SVFStmt *edge)
Add a SVFStmt into instruction map.
Definition SVFIR.h:255
SVF::SVFIR::addGlobalPAGEdge
void addGlobalPAGEdge(const SVFStmt *edge)
Add global PAGEdges (not in a procedure)
Definition SVFIR.h:787

◆ setCurrentLocation() [1/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const BasicBlock bb 
)
inlineprotected

Set current basic block in order to keep track of control flow information.

Definition at line 249 of file SVFIRBuilder.h.

250 {
251 curBB = (bb == nullptr? nullptr : llvmModuleSet()->getSVFBasicBlock(bb));
252 curVal = (val == nullptr ? nullptr: val);
253 }

◆ setCurrentLocation() [2/2]

void SVF::SVFIRBuilder::setCurrentLocation ( const Value val,
const SVFBasicBlock bb 
)
inlineprotected

Definition at line 254 of file SVFIRBuilder.h.

255 {
256 curBB = bb;
257 curVal = val;
258 }

◆ updateCallGraph()

void SVFIRBuilder::updateCallGraph ( CallGraph callgraph)

connect PAG edges based on callgraph

Definition at line 1603 of file SVFIRBuilder.cpp.

1604{
1605 CallGraph::CallEdgeMap::const_iterator iter = callgraph->getIndCallMap().begin();
1606 CallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
1607 for (; iter != eiter; iter++)
1608 {
1609 const CallICFGNode* callBlock = iter->first;
1610 const CallBase* callbase = SVFUtil::cast<CallBase>(llvmModuleSet()->getLLVMValue(callBlock));
1611 assert(callBlock->isIndirectCall() && "this is not an indirect call?");
1612 const CallGraph::FunctionSet& functions = iter->second;
1613 for (CallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
1614 {
1615 const Function* callee = SVFUtil::cast<Function>(llvmModuleSet()->getLLVMValue(*func_iter));
1616
1617 if (isExtCall(*func_iter))
1618 {
1619 setCurrentLocation(callee, callee->empty() ? nullptr : &callee->getEntryBlock());
1620 handleExtCall(callbase, callee);
1621 }
1622 else
1623 {
1624 setCurrentLocation(llvmModuleSet()->getLLVMValue(callBlock), callBlock->getBB());
1625 handleDirectCall(const_cast<CallBase*>(callbase), callee);
1626 }
1627 }
1628 }
1629
1630 // dump SVFIR
1631 if (Options::PAGDotGraph())
1632 pag->dump("svfir_final");
1633}
SVF::CallGraph::getIndCallMap
CallEdgeMap & getIndCallMap()
Get callees from an indirect callsite.
Definition CallGraph.h:319
SVF::CallGraph::FunctionSet
Set< const FunObjVar * > FunctionSet
Definition CallGraph.h:244
SVF::SVFIRBuilder::handleDirectCall
void handleDirectCall(CallBase *cs, const Function *F)
Handle direct call.
Definition SVFIRBuilder.cpp:1443
SVF::SVFIRBuilder::handleExtCall
virtual void handleExtCall(const CallBase *cs, const Function *callee)
Definition SVFIRExtAPI.cpp:128
SVF::CallBase
llvm::CallBase CallBase
Definition BasicTypes.h:146

◆ visitAllocaInst()

void SVFIRBuilder::visitAllocaInst ( AllocaInst inst)
virtual

Our visit overrides.

Visit alloca instructions Add edge V (dst) <– O (src), V here is a value node on SVFIR, O is object node on SVFIR

Definition at line 1004 of file SVFIRBuilder.cpp.

1005{
1006
1007 // AllocaInst should always be a pointer type
1008 assert(SVFUtil::isa<PointerType>(inst.getType()));
1009
1010 DBOUT(DPAGBuild, outs() << "process alloca " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1011 NodeID dst = getValueNode(&inst);
1012
1013 NodeID src = getObjectNode(&inst);
1014
1015 addAddrWithStackArraySz(src, dst, inst);
1016
1017}
SVF::SVFIRBuilder::getObjectNode
NodeID getObjectNode(const Value *V)
GetObject - Return the object node (stack/global/heap/function) according to a LLVM Value.
Definition SVFIRBuilder.h:107
SVF::SVFIRBuilder::addAddrWithStackArraySz
AddrStmt * addAddrWithStackArraySz(NodeID src, NodeID dst, llvm::AllocaInst &inst)
Add Address edge from allocinst with arraysize like "%4 = alloca i8, i64 3".
Definition SVFIRBuilder.h:312

◆ visitAtomicCmpXchgInst()

void SVF::SVFIRBuilder::visitAtomicCmpXchgInst ( AtomicCmpXchgInst I)
inline

Definition at line 194 of file SVFIRBuilder.h.

195 {
196 addBlackHoleAddrEdge(getValueNode(&I));
197 }

◆ visitAtomicRMWInst()

void SVF::SVFIRBuilder::visitAtomicRMWInst ( AtomicRMWInst I)
inline

Definition at line 198 of file SVFIRBuilder.h.

199 {
200 addBlackHoleAddrEdge(getValueNode(&I));
201 }

◆ visitBinaryOperator()

void SVFIRBuilder::visitBinaryOperator ( BinaryOperator inst)

Visit Binary Operator

Definition at line 1119 of file SVFIRBuilder.cpp.

1120{
1121 NodeID dst = getValueNode(&inst);
1122 assert(inst.getNumOperands() == 2 && "not two operands for BinaryOperator?");
1123 Value* op1 = inst.getOperand(0);
1124 NodeID op1Node = getValueNode(op1);
1125 Value* op2 = inst.getOperand(1);
1126 NodeID op2Node = getValueNode(op2);
1127 u32_t opcode = inst.getOpcode();
1128 addBinaryOPEdge(op1Node, op2Node, dst, opcode);
1129}
SVF::SVFIRBuilder::addBinaryOPEdge
void addBinaryOPEdge(NodeID op1, NodeID op2, NodeID dst, u32_t opcode)
Add Copy edge.
Definition SVFIRBuilder.h:436

◆ visitBranchInst()

void SVFIRBuilder::visitBranchInst ( BranchInst inst)

Branch and switch instructions are treated as UnaryOP br cmp label if.then, label if.else

set conditional svf var

Definition at line 1298 of file SVFIRBuilder.cpp.

1299{
1300 NodeID brinst = getValueNode(&inst);
1301 NodeID cond;
1302 if (inst.isConditional())
1303 cond = getValueNode(inst.getCondition());
1304 else
1305 cond = pag->getNullPtr();
1306
1307 assert(inst.getNumSuccessors() <= 2 && "if/else has more than two branches?");
1308
1309 BranchStmt::SuccAndCondPairVec successors;
1310 std::vector<const Instruction*> nextInsts;
1311 LLVMUtil::getNextInsts(&inst, nextInsts);
1312 u32_t branchID = 0;
1313 for (const Instruction* succInst : nextInsts)
1314 {
1315 assert(branchID <= 1 && "if/else has more than two branches?");
1316 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1317 successors.push_back(std::make_pair(icfgNode, 1-branchID));
1318 branchID++;
1319 }
1320 addBranchStmt(brinst, cond, successors);
1322 if (inst.isConditional())
1323 {
1324 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1325 {
1326 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1327 {
1328 intraEdge->setConditionVar(pag->getGNode(cond));
1329 }
1330 }
1331 }
1332}
SVF::BranchStmt::SuccAndCondPairVec
std::vector< std::pair< const ICFGNode *, s32_t > > SuccAndCondPairVec
Definition SVFStatements.h:1163
SVF::SVFIRBuilder::addBranchStmt
void addBranchStmt(NodeID br, NodeID cond, const BranchStmt::SuccAndCondPairVec &succs)
Add Branch statement.
Definition SVFIRBuilder.h:448
SVF::LLVMUtil::getNextInsts
void getNextInsts(const Instruction *curInst, std::vector< const Instruction * > &instList)
Get the next instructions following control flow.
Definition LLVMUtil.cpp:573

◆ visitCallBrInst()

void SVFIRBuilder::visitCallBrInst ( CallBrInst I)

Definition at line 1186 of file SVFIRBuilder.cpp.

1187{
1188 visitCallSite(&i);
1189}
SVF::SVFIRBuilder::visitCallSite
void visitCallSite(CallBase *cs)
Definition SVFIRBuilder.cpp:1194

◆ visitCallInst()

void SVFIRBuilder::visitCallInst ( CallInst I)

Definition at line 1176 of file SVFIRBuilder.cpp.

1177{
1178 visitCallSite(&i);
1179}

◆ visitCallSite()

void SVFIRBuilder::visitCallSite ( CallBase cs)

Collect callsite arguments and returns

Definition at line 1194 of file SVFIRBuilder.cpp.

1195{
1196
1197 // skip llvm intrinsics
1198 if(isIntrinsicInst(cs))
1199 return;
1200
1201 DBOUT(DPAGBuild,
1202 outs() << "process callsite " << svfcall->valueOnlyToString() << "\n");
1203
1204
1205 CallICFGNode* callBlockNode = llvmModuleSet()->getCallICFGNode(cs);
1206 RetICFGNode* retBlockNode = llvmModuleSet()->getRetICFGNode(cs);
1207
1208 pag->addCallSite(callBlockNode);
1209
1211 for (u32_t i = 0; i < cs->arg_size(); i++)
1212 pag->addCallSiteArgs(
1213 callBlockNode,
1214 SVFUtil::cast<ValVar>(pag->getGNode(getValueNode(cs->getArgOperand(i)))));
1215
1216 if(!cs->getType()->isVoidTy())
1217 pag->addCallSiteRets(retBlockNode,pag->getGNode(getValueNode(cs)));
1218
1219 if (callBlockNode->isVirtualCall())
1220 {
1221 const Value* value = cppUtil::getVCallVtblPtr(cs);
1222 callBlockNode->setVtablePtr(pag->getGNode(getValueNode(value)));
1223 }
1224 if (const Function *callee = LLVMUtil::getCallee(cs))
1225 {
1226 if (LLVMUtil::isExtCall(callee))
1227 {
1228 handleExtCall(cs, callee);
1229 }
1230 else
1231 {
1232 handleDirectCall(cs, callee);
1233 }
1234 }
1235 else
1236 {
1237 //If the callee was not identified as a function (null F), this is indirect.
1238 handleIndCall(cs);
1239 }
1240}
SVF::CallICFGNode::isVirtualCall
bool isVirtualCall() const
Definition ICFGNode.h:521
SVF::CallICFGNode::setVtablePtr
void setVtablePtr(SVFVar *v)
Definition ICFGNode.h:526
SVF::LLVMModuleSet::getRetICFGNode
RetICFGNode * getRetICFGNode(const Instruction *cs)
get a return node
Definition LLVMModule.cpp:1217
SVF::SVFIRBuilder::handleIndCall
void handleIndCall(CallBase *cs)
Handle indirect call.
Definition SVFIRBuilder.cpp:1597
SVF::SVFIR::addCallSiteRets
void addCallSiteRets(RetICFGNode *retBlockNode, const SVFVar *arg)
Add callsite returns.
Definition SVFIR.h:543
SVF::SVFIR::addCallSiteArgs
void addCallSiteArgs(CallICFGNode *callBlockNode, const ValVar *arg)
Add callsite arguments.
Definition SVFIR.h:537
SVF::SVFIR::addCallSite
void addCallSite(const CallICFGNode *call)
Add callsites.
Definition SVFIR.h:792
SVF::LLVMUtil::isIntrinsicInst
bool isIntrinsicInst(const Instruction *inst)
Return true if it is an intrinsic instruction.
Definition LLVMUtil.cpp:202
SVF::LLVMUtil::getCallee
const Function * getCallee(const CallBase *cs)
Definition LLVMUtil.h:97
SVF::cppUtil::getVCallVtblPtr
const Value * getVCallVtblPtr(const CallBase *cs)
Definition CppUtil.cpp:537

◆ visitCastInst()

void SVFIRBuilder::visitCastInst ( CastInst I)

Definition at line 1105 of file SVFIRBuilder.cpp.

1106{
1107
1108 DBOUT(DPAGBuild, outs() << "process cast " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1109 NodeID dst = getValueNode(&inst);
1110
1111 const Value* opnd = inst.getOperand(0);
1112 NodeID src = getValueNode(opnd);
1113 addCopyEdge(src, dst, getCopyKind(&inst));
1114}
SVF::SVFIRBuilder::getCopyKind
CopyStmt::CopyKind getCopyKind(const Value *val)
Definition SVFIRBuilder.h:379

◆ visitCmpInst()

void SVFIRBuilder::visitCmpInst ( CmpInst inst)

Visit compare instruction

Definition at line 1147 of file SVFIRBuilder.cpp.

1148{
1149 NodeID dst = getValueNode(&inst);
1150 assert(inst.getNumOperands() == 2 && "not two operands for compare instruction?");
1151 Value* op1 = inst.getOperand(0);
1152 NodeID op1Node = getValueNode(op1);
1153 Value* op2 = inst.getOperand(1);
1154 NodeID op2Node = getValueNode(op2);
1155 u32_t predicate = inst.getPredicate();
1156 addCmpEdge(op1Node, op2Node, dst, predicate);
1157}
SVF::SVFIRBuilder::addCmpEdge
void addCmpEdge(NodeID op1, NodeID op2, NodeID dst, u32_t predict)
Add Copy edge.
Definition SVFIRBuilder.h:430

◆ visitExtractElementInst()

void SVFIRBuilder::visitExtractElementInst ( ExtractElementInst inst)

The �extractelement� instruction extracts a single scalar element from a vector at a specified index. TODO: for now we just assume the pointer after extraction points to blackhole The first operand of an �extractelement� instruction is a value of vector type. The second operand is an index indicating the position from which to extract the element.

<result> = extractelement <4 x i32> vec, i32 0 ; yields i32

Definition at line 1288 of file SVFIRBuilder.cpp.

1289{
1290 NodeID dst = getValueNode(&inst);
1291 addBlackHoleAddrEdge(dst);
1292}

◆ visitExtractValueInst()

void SVFIRBuilder::visitExtractValueInst ( ExtractValueInst inst)

visit extract value instructions for structures in registers TODO: for now we just assume the pointer after extraction points to blackhole for example %24 = extractvalue { i32, struct.s_hash* } call34, 0 %24 is a pointer points to first field of a register value call34 however we can not create call34 as an memory object, as it is register value. Is that necessary treat extract value as getelementptr instruction later to get more precise results?

Definition at line 1274 of file SVFIRBuilder.cpp.

1275{
1276 NodeID dst = getValueNode(&inst);
1277 addBlackHoleAddrEdge(dst);
1278}

◆ visitFenceInst()

void SVF::SVFIRBuilder::visitFenceInst ( FenceInst I)
inline

Definition at line 190 of file SVFIRBuilder.h.

191 {
192 addBlackHoleAddrEdge(getValueNode(&I));
193 }

◆ visitFreezeInst()

void SVFIRBuilder::visitFreezeInst ( FreezeInst inst)

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val>

<result> = freeze ty <val> If <val> is undef or poison, ‘freeze’ returns an arbitrary, but fixed value of type ty Otherwise, this instruction is a no-op and returns the input <val> For now, we assume <val> is never a poison or undef.

Definition at line 1428 of file SVFIRBuilder.cpp.

1429{
1430 NodeID dst = getValueNode(&inst);
1431 for (u32_t i = 0; i < inst.getNumOperands(); i++)
1432 {
1433 Value* opnd = inst.getOperand(i);
1434 NodeID src = getValueNode(opnd);
1435 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1436 }
1437}

◆ visitGetElementPtrInst()

void SVFIRBuilder::visitGetElementPtrInst ( GetElementPtrInst inst)

Visit getelementptr instructions

Definition at line 1079 of file SVFIRBuilder.cpp.

1080{
1081
1082 NodeID dst = getValueNode(&inst);
1083 // GetElementPtrInst should always be a pointer or a vector contains pointers
1084 // for now we don't handle vector type here
1085 if(SVFUtil::isa<VectorType>(inst.getType()))
1086 {
1087 addBlackHoleAddrEdge(dst);
1088 return;
1089 }
1090
1091 assert(SVFUtil::isa<PointerType>(inst.getType()));
1092
1093 DBOUT(DPAGBuild, outs() << "process gep " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1094
1095 NodeID src = getValueNode(inst.getPointerOperand());
1096
1097 AccessPath ap(0, llvmModuleSet()->getSVFType(inst.getSourceElementType()));
1098 bool constGep = computeGepOffset(&inst, ap);
1099 addGepEdge(src, dst, ap, constGep);
1100}

◆ visitGlobal()

void SVFIRBuilder::visitGlobal ( )
protected

Handle globals including (global variable and functions)

Visit global variables for building SVFIR

initialize global variable

initialize global functions

Definition at line 951 of file SVFIRBuilder.cpp.

952{
953
955 for (Module &M : llvmModuleSet()->getLLVMModules())
956 {
957 for (Module::global_iterator I = M.global_begin(), E = M.global_end(); I != E; ++I)
958 {
959 GlobalVariable *gvar = &*I;
960 NodeID idx = getValueNode(gvar);
961 NodeID obj = getObjectNode(gvar);
962
963 setCurrentLocation(gvar, (SVFBasicBlock*) nullptr);
964 addAddrEdge(obj, idx);
965
966 if (gvar->hasInitializer())
967 {
968 Constant *C = gvar->getInitializer();
969 DBOUT(DPAGBuild, outs() << "add global var node " << llvmModuleSet()->getSVFValue(gvar)->toString() << "\n");
970 InitialGlobal(gvar, C, 0);
971 }
972 }
973
974
976 for (Module::const_iterator I = M.begin(), E = M.end(); I != E; ++I)
977 {
978 const Function* fun = &*I;
979 NodeID idx = getValueNode(fun);
980 NodeID obj = getObjectNode(fun);
981
982 DBOUT(DPAGBuild, outs() << "add global function node " << fun->getName().str() << "\n");
983 setCurrentLocation(fun, (SVFBasicBlock*) nullptr);
984 addAddrEdge(obj, idx);
985 }
986
987 // Handle global aliases (due to linkage of multiple bc files), e.g., @x = internal alias @y. We need to add a copy from y to x.
988 for (Module::alias_iterator I = M.alias_begin(), E = M.alias_end(); I != E; I++)
989 {
990 const GlobalAlias* alias = &*I;
991 NodeID dst = llvmModuleSet()->getValueNode(alias);
992 NodeID src = llvmModuleSet()->getValueNode(alias->getAliasee());
993 processCE(alias->getAliasee());
994 setCurrentLocation(alias, (SVFBasicBlock*) nullptr);
995 addCopyEdge(src, dst, CopyStmt::COPYVAL);
996 }
997 }
998}
SVF::GlobalVariable
llvm::GlobalVariable GlobalVariable
Definition BasicTypes.h:130
SVF::GlobalAlias
llvm::GlobalAlias GlobalAlias
Definition BasicTypes.h:128

◆ visitInsertElementInst()

void SVF::SVFIRBuilder::visitInsertElementInst ( InsertElementInst I)
inline

Definition at line 170 of file SVFIRBuilder.h.

171 {
172 addBlackHoleAddrEdge(getValueNode(&I));
173 }

◆ visitInsertValueInst()

void SVF::SVFIRBuilder::visitInsertValueInst ( InsertValueInst I)
inline

Definition at line 144 of file SVFIRBuilder.h.

145 {
146 addBlackHoleAddrEdge(getValueNode(&I));
147 }

◆ visitInstruction()

void SVF::SVFIRBuilder::visitInstruction ( Instruction )
inline

Provide base case for our instruction visit.

Definition at line 204 of file SVFIRBuilder.h.

205 {
206 // If a new instruction is added to LLVM that we don't handle.
207 // TODO: ignore here:
208 }

◆ visitInvokeInst()

void SVFIRBuilder::visitInvokeInst ( InvokeInst II)

Definition at line 1181 of file SVFIRBuilder.cpp.

1182{
1183 visitCallSite(&i);
1184}

◆ visitLandingPadInst()

void SVF::SVFIRBuilder::visitLandingPadInst ( LandingPadInst I)
inline

Definition at line 178 of file SVFIRBuilder.h.

179 {
180 addBlackHoleAddrEdge(getValueNode(&I));
181 }

◆ visitLoadInst()

void SVFIRBuilder::visitLoadInst ( LoadInst I)

Definition at line 1047 of file SVFIRBuilder.cpp.

1048{
1049 DBOUT(DPAGBuild, outs() << "process load " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1050
1051 NodeID dst = getValueNode(&inst);
1052
1053 NodeID src = getValueNode(inst.getPointerOperand());
1054
1055 addLoadEdge(src, dst);
1056}

◆ visitPHINode()

void SVFIRBuilder::visitPHINode ( PHINode inst)

Visit phi instructions

Definition at line 1022 of file SVFIRBuilder.cpp.

1023{
1024
1025 DBOUT(DPAGBuild, outs() << "process phi " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1026
1027 NodeID dst = getValueNode(&inst);
1028
1029 for (u32_t i = 0; i < inst.getNumIncomingValues(); ++i)
1030 {
1031 const Value* val = inst.getIncomingValue(i);
1032 const Instruction* incomingInst = SVFUtil::dyn_cast<Instruction>(val);
1033 bool matched = (incomingInst == nullptr ||
1034 incomingInst->getFunction() == inst.getFunction());
1035 (void) matched; // Suppress warning of unused variable under release build
1036 assert(matched && "incomingInst's Function incorrect");
1037 const Instruction* predInst = &inst.getIncomingBlock(i)->back();
1038 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(predInst);
1039 NodeID src = getValueNode(val);
1040 addPhiStmt(dst,src,icfgNode);
1041 }
1042}
SVF::SVFIRBuilder::addPhiStmt
void addPhiStmt(NodeID res, NodeID opnd, const ICFGNode *pred)
Add Copy edge.
Definition SVFIRBuilder.h:417

◆ visitResumeInst()

void SVF::SVFIRBuilder::visitResumeInst ( ResumeInst )
inline

Instruction not that often.

Definition at line 184 of file SVFIRBuilder.h.

185 {
186 }

◆ visitReturnInst()

void SVFIRBuilder::visitReturnInst ( ReturnInst inst)

Visit return instructions of a function

Definition at line 1245 of file SVFIRBuilder.cpp.

1246{
1247
1248 // ReturnInst itself should always not be a pointer type
1249 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1250
1251 DBOUT(DPAGBuild, outs() << "process return " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1252
1253 if(Value* src = inst.getReturnValue())
1254 {
1255 const FunObjVar *F = llvmModuleSet()->getFunObjVar(inst.getParent()->getParent());
1256
1257 NodeID rnF = getReturnNode(F);
1258 NodeID vnS = getValueNode(src);
1259 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(&inst);
1260 //vnS may be null if src is a null ptr
1261 addPhiStmt(rnF,vnS,icfgNode);
1262 }
1263}

◆ visitSelectInst()

void SVFIRBuilder::visitSelectInst ( SelectInst inst)

Visit select instructions

Two operands have same incoming basic block, both are the current BB

Definition at line 1163 of file SVFIRBuilder.cpp.

1164{
1165
1166 DBOUT(DPAGBuild, outs() << "process select " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1167
1168 NodeID dst = getValueNode(&inst);
1169 NodeID src1 = getValueNode(inst.getTrueValue());
1170 NodeID src2 = getValueNode(inst.getFalseValue());
1171 NodeID cond = getValueNode(inst.getCondition());
1173 addSelectStmt(dst,src1,src2, cond);
1174}

◆ visitShuffleVectorInst()

void SVF::SVFIRBuilder::visitShuffleVectorInst ( ShuffleVectorInst I)
inline

Definition at line 174 of file SVFIRBuilder.h.

175 {
176 addBlackHoleAddrEdge(getValueNode(&I));
177 }

◆ visitStoreInst()

void SVFIRBuilder::visitStoreInst ( StoreInst inst)

Visit store instructions

Definition at line 1061 of file SVFIRBuilder.cpp.

1062{
1063 // StoreInst itself should always not be a pointer type
1064 assert(!SVFUtil::isa<PointerType>(inst.getType()));
1065
1066 DBOUT(DPAGBuild, outs() << "process store " << llvmModuleSet()->getSVFValue(&inst)->toString() << " \n");
1067
1068 NodeID dst = getValueNode(inst.getPointerOperand());
1069
1070 NodeID src = getValueNode(inst.getValueOperand());
1071
1072 addStoreEdge(src, dst);
1073
1074}

◆ visitSwitchInst()

void SVFIRBuilder::visitSwitchInst ( SwitchInst inst)

The following implementation follows ICFGBuilder::processFunBody.

See more: https://github.com/SVF-tools/SVF/pull/1191

Given the code:

switch (a) { case 0: printf("0\n"); break; case 1: case 2: case 3: printf("a >=1 && a <= 3\n"); break; case 4: case 6: case 7: printf("a >= 4 && a <=7\n"); break; default: printf("a < 0 || a > 7"); break; }

Generate the IR:

switch i32 %0, label sw.default [ i32 0, label sw.bb i32 1, label sw.bb1 i32 2, label sw.bb1 i32 3, label sw.bb1 i32 4, label sw.bb3 i32 6, label sw.bb3 i32 7, label sw.bb3 ]

We can get every case basic block and related case value: [ {sw.default, -1}, {sw.bb, 0}, {sw.bb1, 1}, {sw.bb1, 2}, {sw.bb1, 3}, {sw.bb3, 4}, {sw.bb3, 6}, {sw.bb3, 7}, ] Note: default case value is nullptr For larger number, we preserve case value just -1 now see more: https://github.com/SVF-tools/SVF/pull/992

branch condition value

default case is set to -1;

set conditional svf var

Definition at line 1380 of file SVFIRBuilder.cpp.

1381{
1382 NodeID brinst = getValueNode(&inst);
1383 NodeID cond = getValueNode(inst.getCondition());
1384
1385 BranchStmt::SuccAndCondPairVec successors;
1386 std::vector<const Instruction*> nextInsts;
1387 LLVMUtil::getNextInsts(&inst, nextInsts);
1388 for (const Instruction* succInst : nextInsts)
1389 {
1391 const ConstantInt* condVal = inst.findCaseDest(const_cast<BasicBlock*>(succInst->getParent()));
1393 s64_t val = -1;
1394 if (condVal && condVal->getBitWidth() <= 64)
1395 val = (u32_t)LLVMUtil::getIntegerValue(condVal).first;
1396 const ICFGNode* icfgNode = llvmModuleSet()->getICFGNode(succInst);
1397 successors.push_back(std::make_pair(icfgNode, val));
1398 }
1399 addBranchStmt(brinst, cond, successors);
1401 for (auto& edge : llvmModuleSet()->getICFGNode(&inst)->getOutEdges())
1402 {
1403 if (IntraCFGEdge* intraEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge))
1404 {
1405 intraEdge->setConditionVar(pag->getGNode(cond));
1406 }
1407 }
1408}
SVF::s64_t
signed long long s64_t
Definition GeneralType.h:50

◆ visitUnaryOperator()

void SVFIRBuilder::visitUnaryOperator ( UnaryOperator inst)

Visit Unary Operator

Definition at line 1134 of file SVFIRBuilder.cpp.

1135{
1136 NodeID dst = getValueNode(&inst);
1137 assert(inst.getNumOperands() == 1 && "not one operand for Unary instruction?");
1138 Value* opnd = inst.getOperand(0);
1139 NodeID src = getValueNode(opnd);
1140 u32_t opcode = inst.getOpcode();
1141 addUnaryOPEdge(src, dst, opcode);
1142}
SVF::SVFIRBuilder::addUnaryOPEdge
void addUnaryOPEdge(NodeID src, NodeID dst, u32_t opcode)
Add Unary edge.
Definition SVFIRBuilder.h:442

◆ visitUnreachableInst()

void SVF::SVFIRBuilder::visitUnreachableInst ( UnreachableInst )
inline

Definition at line 187 of file SVFIRBuilder.h.

188 {
189 }

◆ visitVAArgInst()

void SVFIRBuilder::visitVAArgInst ( VAArgInst inst)

TODO: var arguments need to be handled. https://llvm.org/docs/LangRef.html#id1911

ap = alloca struct.va_list ap2 = bitcast struct.va_list* ap to i8* ; Read a single integer argument from ap2 tmp = va_arg i8* ap2, i32 (VAArgInst) TODO: for now, create a copy edge from ap2 to tmp, we assume here tmp should point to the n-th argument of the var_args

Definition at line 1416 of file SVFIRBuilder.cpp.

1417{
1418 NodeID dst = getValueNode(&inst);
1419 Value* opnd = inst.getPointerOperand();
1420 NodeID src = getValueNode(opnd);
1421 addCopyEdge(src, dst, CopyStmt::COPYVAL);
1422}

◆ visitVACopyInst()

void SVF::SVFIRBuilder::visitVACopyInst ( VACopyInst )
inline

Definition at line 159 of file SVFIRBuilder.h.

159{}

◆ visitVAEndInst()

void SVF::SVFIRBuilder::visitVAEndInst ( VAEndInst )
inline

Definition at line 160 of file SVFIRBuilder.h.

160{}

◆ visitVAStartInst()

void SVF::SVFIRBuilder::visitVAStartInst ( VAStartInst )
inline

Definition at line 161 of file SVFIRBuilder.h.

161{}

Member Data Documentation

◆ curBB

const SVFBasicBlock* SVF::SVFIRBuilder::curBB
private

Current basic block during SVFIR construction when visiting the module.

Definition at line 52 of file SVFIRBuilder.h.

◆ curVal

const Value* SVF::SVFIRBuilder::curVal
private

Current Value during SVFIR construction when visiting the module.

Definition at line 53 of file SVFIRBuilder.h.

◆ pag

SVFIR* SVF::SVFIRBuilder::pag
private

Definition at line 51 of file SVFIRBuilder.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8