SVF::SrcSnkDDA Class Reference

#include <SrcSnkDDA.h>

Inheritance diagram for SVF::SrcSnkDDA:

Public Types
typedef ProgSlice::SVFGNodeSet	SVFGNodeSet
typedef Map< const SVFGNode *, ProgSlice * >	SVFGNodeToSliceMap
typedef SVFGNodeSet::const_iterator	SVFGNodeSetIter
typedef CxtDPItem	DPIm
typedef Set< DPIm >	DPImSet
	dpitem set More...
typedef Map< const SVFGNode *, DPImSet >	SVFGNodeToDPItemsMap
	map a SVFGNode to its visited dpitems More...
typedef Set< const CallICFGNode * >	CallSiteSet
typedef NodeBS	SVFGNodeBS
typedef ProgSlice::VFWorkList	WorkList
Public Types inherited from SVF::GraphReachSolver< GraphType, DPIm >
typedef SVF::GenericGraphTraits< GraphType >	GTraits
	Define the GTraits and node iterator. More...
typedef GTraits::NodeType	GNODE
typedef GTraits::EdgeType	GEDGE
typedef GTraits::nodes_iterator	node_iterator
typedef GTraits::ChildIteratorType	child_iterator
typedef SVF::GenericGraphTraits< SVF::Inverse< GNODE * > >	InvGTraits
	Define inverse GTraits and note iterator. More...
typedef InvGTraits::ChildIteratorType	inv_child_iterator
typedef FIFOWorkList< DPIm >	WorkList
	Define worklist. More...

Public Member Functions
	SrcSnkDDA ()
	Bug Reporter. More...
	~SrcSnkDDA () override
	Destructor. More...
virtual void	analyze (SVFModule *module)
	Start analysis here. More...
virtual void	initialize (SVFModule *module)
	Initialize analysis. More...
virtual void	finalize ()
	Finalize analysis. More...
SVFIR *	getPAG () const
	Get SVFIR. More...
const SVFG *	getSVFG () const
	Get SVFG. More...
PTACallGraph *	getCallgraph () const
	Get Callgraph. More...
bool	isGlobalSVFGNode (const SVFGNode *node) const
	Whether this svfg node may access global variable. More...
virtual void	setCurSlice (const SVFGNode *src)
	Slice operations. More...
ProgSlice *	getCurSlice () const
void	addSinkToCurSlice (const SVFGNode *node)
bool	isInCurForwardSlice (const SVFGNode *node)
bool	isInCurBackwardSlice (const SVFGNode *node)
void	addToCurForwardSlice (const SVFGNode *node)
void	addToCurBackwardSlice (const SVFGNode *node)
bool	isInAWrapper (const SVFGNode *src, CallSiteSet &csIdSet)
	Identify allocation wrappers. More...
virtual void	reportBug (ProgSlice *slice)=0
	report bug on the current analyzed slice More...
const SVFGNodeSet &	getSources () const
	Get sources/sinks. More...
SVFGNodeSetIter	sourcesBegin () const
SVFGNodeSetIter	sourcesEnd () const
void	addToSources (const SVFGNode *node)
const SVFGNodeSet &	getSinks () const
SVFGNodeSetIter	sinksBegin () const
SVFGNodeSetIter	sinksEnd () const
void	addToSinks (const SVFGNode *node)
SaberCondAllocator *	getSaberCondAllocator () const
	Get saber condition allocator. More...
const SVFBugReport &	getBugReport () const
virtual void	initSrcs ()=0
virtual void	initSnks ()=0
virtual bool	isSourceLikeFun (const SVFFunction *fun)
virtual bool	isSinkLikeFun (const SVFFunction *fun)
bool	isSource (const SVFGNode *node) const
bool	isSink (const SVFGNode *node) const

Protected Member Functions
void	FWProcessCurNode (const DPIm &item) override
	Forward traverse. More...
void	BWProcessCurNode (const DPIm &item) override
	Backward traverse. More...
void	FWProcessOutgoingEdge (const DPIm &item, SVFGEdge *edge) override
	Propagate information forward by matching context. More...
void	BWProcessIncomingEdge (const DPIm &item, SVFGEdge *edge) override
	Propagate information backward without matching context, as forward analysis already did it. More...
bool	forwardVisited (const SVFGNode *node, const DPIm &item)
	Whether has been visited or not, in order to avoid recursion on SVFG. More...
void	addForwardVisited (const SVFGNode *node, const DPIm &item)
bool	backwardVisited (const SVFGNode *node)
void	addBackwardVisited (const SVFGNode *node)
void	clearVisitedMap ()
virtual bool	isAllPathReachable ()
	Whether it is all path reachable from a source. More...
virtual bool	isSomePathReachable ()
	Whether it is some path reachable from a source. More...
void	dumpSlices ()
	Dump SVFG with annotated slice information. More...
void	annotateSlice (ProgSlice *slice)
void	printZ3Stat ()
Protected Member Functions inherited from SVF::GraphReachSolver< GraphType, DPIm >
	GraphReachSolver ()
	Constructor. More...
virtual	~GraphReachSolver ()
	Destructor. More...
const GraphType	graph () const
	Get/Set graph methods. More...
void	setGraph (GraphType g)
GNODE *	getNode (NodeID id) const
virtual NodeID	getNodeIDFromItem (const DPIm &item) const
virtual void	forwardTraverse (DPIm &it)
	CFL forward traverse solve. More...
virtual void	backwardTraverse (DPIm &it)
	CFL forward traverse solve. More...
virtual void	FWProcessCurNode (const DPIm &)
	Process the DP item. More...
virtual void	BWProcessCurNode (const DPIm &)
virtual void	FWProcessOutgoingEdge (const DPIm &item, GEDGE *edge)
	Propagation for the solving, to be implemented in the child class. More...
virtual void	BWProcessIncomingEdge (const DPIm &item, GEDGE *edge)
DPIm	popFromWorklist ()
	Worklist operations. More...
bool	pushIntoWorklist (DPIm &item)
bool	isWorklistEmpty ()
bool	isInWorklist (DPIm &item)

Protected Attributes
SaberSVFGBuilder	memSSA
SVFG *	svfg
PTACallGraph *	callgraph
SVFBugReport	report

Private Attributes
ProgSlice *	_curSlice
SVFGNodeSet	sources
	current program slice More...
SVFGNodeSet	sinks
	source nodes More...
std::unique_ptr< SaberCondAllocator >	saberCondAllocator
	source nodes More...
SVFGNodeToDPItemsMap	nodeToDPItemsMap
	record forward visited dpitems More...
SVFGNodeSet	visitedSet
	record backward visited nodes More...

Detailed Description

General source-sink analysis, which serves as a base analysis to be extended for various clients

Definition at line 54 of file SrcSnkDDA.h.

Member Typedef Documentation

CallSiteSet

typedef Set<const CallICFGNode*> SVF::SrcSnkDDA::CallSiteSet

Definition at line 64 of file SrcSnkDDA.h.

DPIm

typedef CxtDPItem SVF::SrcSnkDDA::DPIm

Definition at line 61 of file SrcSnkDDA.h.

DPImSet

typedef Set<DPIm> SVF::SrcSnkDDA::DPImSet

dpitem set

Definition at line 62 of file SrcSnkDDA.h.

SVFGNodeBS

typedef NodeBS SVF::SrcSnkDDA::SVFGNodeBS

Definition at line 65 of file SrcSnkDDA.h.

SVFGNodeSet

typedef ProgSlice::SVFGNodeSet SVF::SrcSnkDDA::SVFGNodeSet

Definition at line 58 of file SrcSnkDDA.h.

SVFGNodeSetIter

typedef SVFGNodeSet::const_iterator SVF::SrcSnkDDA::SVFGNodeSetIter

Definition at line 60 of file SrcSnkDDA.h.

SVFGNodeToDPItemsMap

typedef Map<const SVFGNode*, DPImSet> SVF::SrcSnkDDA::SVFGNodeToDPItemsMap

map a SVFGNode to its visited dpitems

Definition at line 63 of file SrcSnkDDA.h.

SVFGNodeToSliceMap

typedef Map<const SVFGNode*,ProgSlice*> SVF::SrcSnkDDA::SVFGNodeToSliceMap

Definition at line 59 of file SrcSnkDDA.h.

WorkList

typedef ProgSlice::VFWorkList SVF::SrcSnkDDA::WorkList

Definition at line 66 of file SrcSnkDDA.h.

Constructor & Destructor Documentation

SrcSnkDDA()

SVF::SrcSnkDDA::SrcSnkDDA ( )

inline

Bug Reporter.

Constructor

Definition at line 85 of file SrcSnkDDA.h.

                : _curSlice(nullptr), svfg(nullptr), callgraph(nullptr)
    {
        saberCondAllocator = std::make_unique<SaberCondAllocator>();
    }

~SrcSnkDDA()

SVF::SrcSnkDDA::~SrcSnkDDA ( )

inlineoverride

Destructor.

the following shared by multiple checkers, thus can not be released.

Definition at line 90 of file SrcSnkDDA.h.

    {
        svfg = nullptr;
 
        delete _curSlice;
        _curSlice = nullptr;
 
        //if (callgraph != nullptr)
        //    delete callgraph;
        //callgraph = nullptr;
 
        //if(pathCondAllocator)
        //    delete pathCondAllocator;
        //pathCondAllocator = nullptr;
    }

Member Function Documentation

addBackwardVisited()

void SVF::SrcSnkDDA::addBackwardVisited ( const SVFGNode *  node )

inlineprotected

Definition at line 295 of file SrcSnkDDA.h.

    {
        visitedSet.insert(node);
    }

addForwardVisited()

void SVF::SrcSnkDDA::addForwardVisited ( const SVFGNode *  node, const DPIm &  item  )

inlineprotected

Definition at line 287 of file SrcSnkDDA.h.

    {
        nodeToDPItemsMap[node].insert(item);
    }

addSinkToCurSlice()

void SVF::SrcSnkDDA::addSinkToCurSlice ( const SVFGNode *  node )

inline

Definition at line 150 of file SrcSnkDDA.h.

    {
        _curSlice->addToSinks(node);
        addToCurForwardSlice(node);
    }

addToCurBackwardSlice()

void SVF::SrcSnkDDA::addToCurBackwardSlice ( const SVFGNode *  node )

inline

Definition at line 167 of file SrcSnkDDA.h.

    {
        _curSlice->addToBackwardSlice(node);
    }

addToCurForwardSlice()

void SVF::SrcSnkDDA::addToCurForwardSlice ( const SVFGNode *  node )

inline

Definition at line 163 of file SrcSnkDDA.h.

    {
        _curSlice->addToForwardSlice(node);
    }

addToSinks()

void SVF::SrcSnkDDA::addToSinks ( const SVFGNode *  node )

inline

Definition at line 234 of file SrcSnkDDA.h.

    {
        sinks.insert(node);
    }

addToSources()

void SVF::SrcSnkDDA::addToSources ( const SVFGNode *  node )

inline

Definition at line 218 of file SrcSnkDDA.h.

    {
        sources.insert(node);
    }

analyze()

void SrcSnkDDA::analyze ( SVFModule *  module )

virtual

Start analysis here.

do not consider there is bug when reaching a global SVFGNode if we touch a global, then we assume the client uses this memory until the program exits.

Definition at line 61 of file SrcSnkDDA.cpp.

{
 
    initialize(module);
 
    ContextCond::setMaxCxtLen(Options::CxtLimit());
 
    for (SVFGNodeSetIter iter = sourcesBegin(), eiter = sourcesEnd();
            iter != eiter; ++iter)
    {
        setCurSlice(*iter);
 
        DBOUT(DGENERAL, outs() << "Analysing slice:" << (*iter)->getId() << ")\n");
        ContextCond cxt;
        DPIm item((*iter)->getId(),cxt);
        forwardTraverse(item);
 
        if (getCurSlice()->isReachGlobal())
        {
            DBOUT(DSaber, outs() << "Forward analysis reaches globals for slice:" << (*iter)->getId() << ")\n");
        }
        else
        {
            DBOUT(DSaber, outs() << "Forward process for slice:" << (*iter)->getId() << " (size = " << getCurSlice()->getForwardSliceSize() << ")\n");
 
            for (SVFGNodeSetIter sit = getCurSlice()->sinksBegin(), esit =
                        getCurSlice()->sinksEnd(); sit != esit; ++sit)
            {
                ContextCond cxt;
                DPIm item((*sit)->getId(),cxt);
                backwardTraverse(item);
            }
 
            DBOUT(DSaber, outs() << "Backward process for slice:" << (*iter)->getId() << " (size = " << getCurSlice()->getBackwardSliceSize() << ")\n");
 
            if(Options::DumpSlice())
                annotateSlice(_curSlice);
 
            if(_curSlice->AllPathReachableSolve())
                _curSlice->setAllReachable();
 
            DBOUT(DSaber, outs() << "Guard computation for slice:" << (*iter)->getId() << ")\n");
        }
 
        reportBug(getCurSlice());
    }
    finalize();
 
}

annotateSlice()

void SrcSnkDDA::annotateSlice ( ProgSlice *  slice )

protected

Definition at line 284 of file SrcSnkDDA.cpp.

{
    getSVFG()->getStat()->addToSources(slice->getSource());
    for(SVFGNodeSetIter it = slice->sinksBegin(), eit = slice->sinksEnd(); it!=eit; ++it )
        getSVFG()->getStat()->addToSinks(*it);
    for(SVFGNodeSetIter it = slice->forwardSliceBegin(), eit = slice->forwardSliceEnd(); it!=eit; ++it )
        getSVFG()->getStat()->addToForwardSlice(*it);
    for(SVFGNodeSetIter it = slice->backwardSliceBegin(), eit = slice->backwardSliceEnd(); it!=eit; ++it )
        getSVFG()->getStat()->addToBackwardSlice(*it);
}

backwardVisited()

bool SVF::SrcSnkDDA::backwardVisited ( const SVFGNode *  node )

inlineprotected

Definition at line 291 of file SrcSnkDDA.h.

    {
        return visitedSet.find(node)!=visitedSet.end();
    }

BWProcessCurNode()

void SVF::SrcSnkDDA::BWProcessCurNode ( const DPIm &  item )

inlineoverrideprotected

Backward traverse.

Definition at line 265 of file SrcSnkDDA.h.

    {
        const SVFGNode* node = getNode(item.getCurNodeID());
        if(isInCurForwardSlice(node))
        {
            addToCurBackwardSlice(node);
        }
    }

BWProcessIncomingEdge()

void SrcSnkDDA::BWProcessIncomingEdge ( const DPIm &  item, SVFGEdge *  edge  )

overrideprotected

Propagate information backward without matching context, as forward analysis already did it.

Propagate information backward without matching context, as forward analysis already did it

Definition at line 257 of file SrcSnkDDA.cpp.

{
    DBOUT(DSaber,outs() << "backward propagate from (" << edge->getDstID() << " --> " << edge->getSrcID() << ")\n");
    const SVFGNode* srcNode = edge->getSrcNode();
    if(backwardVisited(srcNode))
        return;
    else
        addBackwardVisited(srcNode);
 
    ContextCond cxt;
    DPIm newItem(srcNode->getId(), cxt);
    pushIntoWorklist(newItem);
}

clearVisitedMap()

void SVF::SrcSnkDDA::clearVisitedMap ( )

inlineprotected

Definition at line 299 of file SrcSnkDDA.h.

    {
        nodeToDPItemsMap.clear();
        visitedSet.clear();
    }

dumpSlices()

void SrcSnkDDA::dumpSlices ( )

protected

Dump SVFG with annotated slice information.

Definition at line 295 of file SrcSnkDDA.cpp.

{
 
    if(Options::DumpSlice())
        const_cast<SVFG*>(getSVFG())->dump("Slice",true);
}

finalize()

virtual void SVF::SrcSnkDDA::finalize ( )

inlinevirtual

Finalize analysis.

Definition at line 114 of file SrcSnkDDA.h.

    {
        dumpSlices();
    }

forwardVisited()

bool SVF::SrcSnkDDA::forwardVisited ( const SVFGNode *  node, const DPIm &  item  )

inlineprotected

Whether has been visited or not, in order to avoid recursion on SVFG.

Definition at line 279 of file SrcSnkDDA.h.

    {
        SVFGNodeToDPItemsMap::const_iterator it = nodeToDPItemsMap.find(node);
        if(it!=nodeToDPItemsMap.end())
            return it->second.find(item)!=it->second.end();
        else
            return false;
    }

FWProcessCurNode()

void SVF::SrcSnkDDA::FWProcessCurNode ( const DPIm &  item )

inlineoverrideprotected

Forward traverse.

Definition at line 253 of file SrcSnkDDA.h.

    {
        const SVFGNode* node = getNode(item.getCurNodeID());
        if(isSink(node))
        {
            addSinkToCurSlice(node);
            _curSlice->setPartialReachable();
        }
        else
            addToCurForwardSlice(node);
    }

FWProcessOutgoingEdge()

void SrcSnkDDA::FWProcessOutgoingEdge ( const DPIm &  item, SVFGEdge *  edge  )

overrideprotected

Propagate information forward by matching context.

Propagate information forward by matching context

handle globals here

perform context sensitive reachability

whether this dstNode has been visited or not

Definition at line 192 of file SrcSnkDDA.cpp.

{
    DBOUT(DSaber,outs() << "\n##processing source: " << getCurSlice()->getSource()->getId() <<" forward propagate from (" << edge->getSrcID());
 
    // for indirect SVFGEdge, the propagation should follow the def-use chains
    // points-to on the edge indicate whether the object of source node can be propagated
 
    const SVFGNode* dstNode = edge->getDstNode();
    DPIm newItem(dstNode->getId(),item.getContexts());
 
    if(isGlobalSVFGNode(dstNode) || getCurSlice()->isReachGlobal())
    {
        getCurSlice()->setReachGlobal();
        return;
    }
 
 
    // push context for calling
    if (edge->isCallVFGEdge())
    {
        CallSiteID csId = 0;
        if(const CallDirSVFGEdge* callEdge = SVFUtil::dyn_cast<CallDirSVFGEdge>(edge))
            csId = callEdge->getCallSiteId();
        else
            csId = SVFUtil::cast<CallIndSVFGEdge>(edge)->getCallSiteId();
 
        newItem.pushContext(csId);
        DBOUT(DSaber, outs() << " push cxt [" << csId << "] ");
    }
    // match context for return
    else if (edge->isRetVFGEdge())
    {
        CallSiteID csId = 0;
        if(const RetDirSVFGEdge* callEdge = SVFUtil::dyn_cast<RetDirSVFGEdge>(edge))
            csId = callEdge->getCallSiteId();
        else
            csId = SVFUtil::cast<RetIndSVFGEdge>(edge)->getCallSiteId();
 
        if (newItem.matchContext(csId) == false)
        {
            DBOUT(DSaber, outs() << "-|-\n");
            return;
        }
        DBOUT(DSaber, outs() << " pop cxt [" << csId << "] ");
    }
 
    if(forwardVisited(dstNode,newItem))
    {
        DBOUT(DSaber,outs() << " node "<< dstNode->getId() <<" has been visited\n");
        return;
    }
    else
        addForwardVisited(dstNode, newItem);
 
    if(pushIntoWorklist(newItem))
        DBOUT(DSaber,outs() << " --> " << edge->getDstID() << ", cxt size: " << newItem.getContexts().cxtSize() <<")\n");
 
}

getBugReport()

const SVFBugReport& SVF::SrcSnkDDA::getBugReport ( ) const

inline

Definition at line 246 of file SrcSnkDDA.h.

    {
        return report;
    }

getCallgraph()

PTACallGraph* SVF::SrcSnkDDA::getCallgraph ( ) const

inline

Get Callgraph.

Definition at line 132 of file SrcSnkDDA.h.

    {
        return callgraph;
    }

getCurSlice()

ProgSlice* SVF::SrcSnkDDA::getCurSlice ( ) const

inline

Definition at line 146 of file SrcSnkDDA.h.

    {
        return _curSlice;
    }

getPAG()

SVFIR* SVF::SrcSnkDDA::getPAG ( ) const

inline

Get SVFIR.

Definition at line 120 of file SrcSnkDDA.h.

    {
        return SVFIR::getPAG();
    }

getSaberCondAllocator()

SaberCondAllocator* SVF::SrcSnkDDA::getSaberCondAllocator ( ) const

inline

Get saber condition allocator.

Definition at line 241 of file SrcSnkDDA.h.

    {
        return saberCondAllocator.get();
    }

getSinks()

const SVFGNodeSet& SVF::SrcSnkDDA::getSinks ( ) const

inline

Definition at line 222 of file SrcSnkDDA.h.

    {
        return sinks;
    }

getSources()

const SVFGNodeSet& SVF::SrcSnkDDA::getSources ( ) const

inline

Get sources/sinks.

Definition at line 206 of file SrcSnkDDA.h.

    {
        return sources;
    }

getSVFG()

const SVFG* SVF::SrcSnkDDA::getSVFG ( ) const

inline

Get SVFG.

Definition at line 126 of file SrcSnkDDA.h.

    {
        return graph();
    }

initialize()

void SrcSnkDDA::initialize ( SVFModule *  module )

virtual

Initialize analysis.

allocate control-flow graph branch conditions

Definition at line 41 of file SrcSnkDDA.cpp.

{
    SVFIR* pag = PAG::getPAG();
 
    AndersenWaveDiff* ander = AndersenWaveDiff::createAndersenWaveDiff(pag);
    memSSA.setSaberCondAllocator(getSaberCondAllocator());
    if(Options::SABERFULLSVFG())
        svfg =  memSSA.buildFullSVFG(ander);
    else
        svfg =  memSSA.buildPTROnlySVFG(ander);
    setGraph(memSSA.getSVFG());
    callgraph = ander->getCallGraph();
    //AndersenWaveDiff::releaseAndersenWaveDiff();
    getSaberCondAllocator()->allocate(getPAG()->getModule());
 
    initSrcs();
    initSnks();
}

initSnks()

virtual void SVF::SrcSnkDDA::initSnks ( )

pure virtual

Implemented in SVF::LeakChecker.

initSrcs()

virtual void SVF::SrcSnkDDA::initSrcs ( )

pure virtual

Initialize sources and sinks

Implemented in SVF::LeakChecker.

isAllPathReachable()

virtual bool SVF::SrcSnkDDA::isAllPathReachable ( )

inlineprotectedvirtual

Whether it is all path reachable from a source.

Definition at line 307 of file SrcSnkDDA.h.

    {
        return _curSlice->isAllReachable();
    }

isGlobalSVFGNode()

bool SVF::SrcSnkDDA::isGlobalSVFGNode ( const SVFGNode *  node ) const

inline

Whether this svfg node may access global variable.

Definition at line 138 of file SrcSnkDDA.h.

    {
        return memSSA.isGlobalSVFGNode(node);
    }

isInAWrapper()

bool SrcSnkDDA::isInAWrapper	(	const SVFGNode *	src,
		CallSiteSet &	csIdSet
	)

Identify allocation wrappers.

determine whether a SVFGNode n is in a allocation wrapper function, if so, return all SVFGNodes which receive the value of node n

Definition at line 118 of file SrcSnkDDA.cpp.

{
 
    bool reachFunExit = false;
 
    WorkList worklist;
    worklist.push(src);
    SVFGNodeBS visited;
    u32_t step = 0;
    while (!worklist.empty())
    {
        const SVFGNode* node  = worklist.pop();
 
        if(visited.test(node->getId())==0)
            visited.set(node->getId());
        else
            continue;
        // reaching maximum steps when traversing on SVFG to identify a memory allocation wrapper
        if (step++ > Options::MaxStepInWrapper())
            return false;
 
        for (SVFGNode::const_iterator it = node->OutEdgeBegin(), eit =
                    node->OutEdgeEnd(); it != eit; ++it)
        {
            const SVFGEdge* edge = (*it);
            //assert(edge->isDirectVFGEdge() && "the edge should always be direct VF");
            // if this is a call edge
            if(edge->isCallDirectVFGEdge())
            {
                return false;
            }
            // if this is a return edge
            else if(edge->isRetDirectVFGEdge())
            {
                reachFunExit = true;
                csIdSet.insert(getSVFG()->getCallSite(SVFUtil::cast<RetDirSVFGEdge>(edge)->getCallSiteId()));
            }
            // (1) an intra direct edge, we will keep tracking
            // (2) an intra indirect edge, we only track if the succ SVFGNode is a load, which means we only track one level store-load pair .
            // (3) do not track for all other interprocedural edges.
            else
            {
                const SVFGNode* succ = edge->getDstNode();
                if(SVFUtil::isa<IntraDirSVFGEdge>(edge))
                {
                    if (SVFUtil::isa<CopySVFGNode, GepSVFGNode, PHISVFGNode,
                            FormalRetSVFGNode, ActualRetSVFGNode,
                            StoreSVFGNode>(succ))
                    {
                        worklist.push(succ);
                    }
                }
                else if(SVFUtil::isa<IntraIndSVFGEdge>(edge))
                {
                    if(SVFUtil::isa<LoadSVFGNode, IntraMSSAPHISVFGNode>(succ))
                    {
                        worklist.push(succ);
                    }
                }
                else
                    return false;
            }
        }
    }
    if(reachFunExit)
        return true;
    else
        return false;
}

isInCurBackwardSlice()

bool SVF::SrcSnkDDA::isInCurBackwardSlice ( const SVFGNode *  node )

inline

Definition at line 159 of file SrcSnkDDA.h.

    {
        return _curSlice->inBackwardSlice(node);
    }

isInCurForwardSlice()

bool SVF::SrcSnkDDA::isInCurForwardSlice ( const SVFGNode *  node )

inline

Definition at line 155 of file SrcSnkDDA.h.

    {
        return _curSlice->inForwardSlice(node);
    }

isSink()

bool SVF::SrcSnkDDA::isSink ( const SVFGNode *  node ) const

inline

Definition at line 192 of file SrcSnkDDA.h.

    {
        return getSinks().find(node)!=getSinks().end();
    }

isSinkLikeFun()

virtual bool SVF::SrcSnkDDA::isSinkLikeFun ( const SVFFunction *  fun )

inlinevirtual

Reimplemented in SVF::LeakChecker, and SVF::FileChecker.

Definition at line 182 of file SrcSnkDDA.h.

    {
        return false;
    }

isSomePathReachable()

virtual bool SVF::SrcSnkDDA::isSomePathReachable ( )

inlineprotectedvirtual

Whether it is some path reachable from a source.

Definition at line 312 of file SrcSnkDDA.h.

    {
        return _curSlice->isPartialReachable();
    }

isSource()

bool SVF::SrcSnkDDA::isSource ( const SVFGNode *  node ) const

inline

Definition at line 187 of file SrcSnkDDA.h.

    {
        return getSources().find(node)!=getSources().end();
    }

isSourceLikeFun()

virtual bool SVF::SrcSnkDDA::isSourceLikeFun ( const SVFFunction *  fun )

inlinevirtual

Reimplemented in SVF::LeakChecker, and SVF::FileChecker.

Definition at line 177 of file SrcSnkDDA.h.

    {
        return false;
    }

printZ3Stat()

void SrcSnkDDA::printZ3Stat ( )

protected

Definition at line 302 of file SrcSnkDDA.cpp.

{
 
    outs() << "Z3 Mem usage: " << getSaberCondAllocator()->getMemUsage() << "\n";
    outs() << "Z3 Number: " << getSaberCondAllocator()->getCondNum() << "\n";
}

reportBug()

virtual void SVF::SrcSnkDDA::reportBug ( ProgSlice *  slice )

pure virtual

report bug on the current analyzed slice

Implemented in SVF::LeakChecker, SVF::DoubleFreeChecker, and SVF::FileChecker.

setCurSlice()

void SrcSnkDDA::setCurSlice ( const SVFGNode *  src )

virtual

Slice operations.

Set current slice.

Definition at line 272 of file SrcSnkDDA.cpp.

{
    if(_curSlice!=nullptr)
    {
        delete _curSlice;
        _curSlice = nullptr;
        clearVisitedMap();
    }
 
    _curSlice = new ProgSlice(src,getSaberCondAllocator(), getSVFG());
}

sinksBegin()

SVFGNodeSetIter SVF::SrcSnkDDA::sinksBegin ( ) const

inline

Definition at line 226 of file SrcSnkDDA.h.

    {
        return sinks.begin();
    }

sinksEnd()

SVFGNodeSetIter SVF::SrcSnkDDA::sinksEnd ( ) const

inline

Definition at line 230 of file SrcSnkDDA.h.

    {
        return sinks.end();
    }

sourcesBegin()

SVFGNodeSetIter SVF::SrcSnkDDA::sourcesBegin ( ) const

inline

Definition at line 210 of file SrcSnkDDA.h.

    {
        return sources.begin();
    }

sourcesEnd()

SVFGNodeSetIter SVF::SrcSnkDDA::sourcesEnd ( ) const

inline

Definition at line 214 of file SrcSnkDDA.h.

    {
        return sources.end();
    }

Member Data Documentation

_curSlice

ProgSlice* SVF::SrcSnkDDA::_curSlice

private

Definition at line 69 of file SrcSnkDDA.h.

callgraph

PTACallGraph* SVF::SrcSnkDDA::callgraph

protected

Definition at line 79 of file SrcSnkDDA.h.

memSSA

SaberSVFGBuilder SVF::SrcSnkDDA::memSSA

protected

Definition at line 77 of file SrcSnkDDA.h.

nodeToDPItemsMap

SVFGNodeToDPItemsMap SVF::SrcSnkDDA::nodeToDPItemsMap

private

record forward visited dpitems

Definition at line 73 of file SrcSnkDDA.h.

report

SVFBugReport SVF::SrcSnkDDA::report

protected

Definition at line 80 of file SrcSnkDDA.h.

saberCondAllocator

std::unique_ptr<SaberCondAllocator> SVF::SrcSnkDDA::saberCondAllocator

private

source nodes

Definition at line 72 of file SrcSnkDDA.h.

sinks

SVFGNodeSet SVF::SrcSnkDDA::sinks

private

source nodes

Definition at line 71 of file SrcSnkDDA.h.

sources

SVFGNodeSet SVF::SrcSnkDDA::sources

private

current program slice

Definition at line 70 of file SrcSnkDDA.h.

svfg

SVFG* SVF::SrcSnkDDA::svfg

protected

Definition at line 78 of file SrcSnkDDA.h.

visitedSet

SVFGNodeSet SVF::SrcSnkDDA::visitedSet

private

record backward visited nodes

Definition at line 74 of file SrcSnkDDA.h.

---

The documentation for this class was generated from the following files:

• /home/runner/work/SVF/SVF/svf/include/SABER/SrcSnkDDA.h
• /home/runner/work/SVF/SVF/svf/lib/SABER/SrcSnkDDA.cpp