SVF::cppUtil Namespace Reference

Namespaces
	ctir

Classes
struct	DemangledName

Functions
struct DemangledName	demangle (const std::string &name)
Set< std::string >	getClsNamesInBrackets (const std::string &name)
std::string	getBeforeBrackets (const std::string &name)
std::string	getClassNameFromVtblObj (const std::string &vtblName)
const ConstantStruct *	getVtblStruct (const GlobalValue *vtbl)
bool	isValVtbl (const Value *val)
bool	isVirtualCallSite (const CallBase *cs)
bool	isConstructor (const Function *F)
bool	isDestructor (const Function *F)
bool	isCPPThunkFunction (const Function *F)
const Function *	getThunkTarget (const Function *F)
const Argument *	getConstructorThisPtr (const Function *fun)
const Value *	getVCallThisPtr (const CallBase *cs)
const Value *	getVCallVtblPtr (const CallBase *cs)
s32_t	getVCallIdx (const CallBase *cs)
bool	classTyHasVTable (const StructType *ty)
std::string	getClassNameFromType (const StructType *ty)
Set< std::string >	getClassNameOfThisPtr (const CallBase *cs)
std::string	getFunNameOfVCallSite (const CallBase *cs)
bool	VCallInCtorOrDtor (const CallBase *cs)
bool	isSameThisPtrInConstructor (const Argument *thisPtr1, const Value *thisPtr2)
Set< std::string >	extractClsNamesFromFunc (const Function *foo)
	extract class name from the c++ function name, e.g., constructor/destructors More...
Set< std::string >	extractClsNamesFromTemplate (const std::string &oname)
	extract class names from template functions More...
bool	isClsNameSource (const Value *val)
bool	matchesLabel (const std::string &foo, const std::string &label)
	whether foo matches the mangler label More...
bool	isTemplateFunc (const Function *foo)
	whether foo is a cpp template function More...
bool	isDynCast (const Function *foo)
	whether foo is a cpp dyncast function More...
std::string	extractClsNameFromDynCast (const CallBase *callBase)
	extract class name from cpp dyncast function More...
const Type *	cppClsNameToType (const std::string &className)

Function Documentation

classTyHasVTable()

bool SVF::cppUtil::classTyHasVTable

(

const StructType *

ty

)

Definition at line 569 of file CppUtil.cpp.

{
    if(getClassNameFromType(ty).empty()==false)
    {
        for(auto it = ty->element_begin(); it!=ty->element_end(); it++)
        {
            const std::string& str = LLVMUtil::dumpType(*it);
            if (str.find(vtableType) != std::string::npos)
                return true;
        }
    }
    return false;
}

cppClsNameToType()

const Type * SVF::cppUtil::cppClsNameToType

(

const std::string &

className

)

Definition at line 937 of file CppUtil.cpp.

{
    StructType *classTy = StructType::getTypeByName(LLVMModuleSet::getLLVMModuleSet()->getContext(),
                          clsName + className);
    return classTy ? classTy : LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->ptrType();
}

demangle()

struct cppUtil::DemangledName SVF::cppUtil::demangle

(

const std::string &

name

)

Definition at line 146 of file CppUtil.cpp.

{
    struct cppUtil::DemangledName dname;
    dname.isThunkFunc = false;
 
    s32_t status;
    char* realname = abi::__cxa_demangle(name.c_str(), 0, 0, &status);
    if (realname == nullptr)
    {
        dname.className = "";
        dname.funcName = "";
    }
    else
    {
        std::string realnameStr = std::string(realname);
        std::string beforeParenthesis = getBeforeParenthesis(realnameStr);
        if (beforeParenthesis.find("::") == std::string::npos ||
                isOperOverload(beforeParenthesis))
        {
            dname.className = "";
            dname.funcName = "";
        }
        else
        {
            std::string beforeBracket = getBeforeBrackets(beforeParenthesis);
            size_t colon = beforeBracket.rfind("::");
            if (colon == std::string::npos)
            {
                dname.className = "";
                dname.funcName = "";
            }
            else
            {
                dname.className = beforeParenthesis.substr(0, colon);
                dname.funcName = beforeParenthesis.substr(colon + 2);
            }
        }
        std::free(realname);
    }
 
    handleThunkFunction(dname);
 
    return dname;
}

extractClsNameFromDynCast()

std::string SVF::cppUtil::extractClsNameFromDynCast

(

const CallBase *

callBase

)

extract class name from cpp dyncast function

extract class name from cpp dyncast function

Parameters

callBase

Returns

Definition at line 921 of file CppUtil.cpp.

{
    Value *tgtCast = callBase->getArgOperand(2);
    const std::string &valueStr = LLVMUtil::dumpValue(tgtCast);
    u32_t leftPos = valueStr.find(ztilabel);
    assert(leftPos != (u32_t) std::string::npos && "does not find ZTI for dyncast?");
    u32_t rightPos = leftPos;
    while (rightPos < valueStr.size() && valueStr[rightPos] != ' ') rightPos++;
    const std::string &substr = valueStr.substr(leftPos, rightPos - leftPos);
    std::string demangleName = llvm::demangle(substr);
    const std::string &realName = demangleName.substr(ztiprefix.size(),
                                  demangleName.size() - ztiprefix.size());
    assert(realName != "" && "real name for dyncast empty?");
    return realName;
}

extractClsNamesFromFunc()

Set< std::string > SVF::cppUtil::extractClsNamesFromFunc

(

const Function *

foo

)

extract class name from the c++ function name, e.g., constructor/destructors

extract class name from the c++ function name, e.g., constructor/destructors

Parameters

foo

Returns

Definition at line 706 of file CppUtil.cpp.

{
    assert(foo->hasName() && "foo does not have a name? possible indirect call");
    const std::string &name = foo->getName().str();
    if (isConstructor(foo) || isDestructor(foo))
    {
        // c++ constructor or destructor
        DemangledName demangledName = cppUtil::demangle(name);
        Set<std::string> clsNameInBrackets =
            cppUtil::getClsNamesInBrackets(name);
        clsNameInBrackets.insert(demangledName.className);
        return clsNameInBrackets;
    }
    else if (isTemplateFunc(foo))
    {
        // array index
        Set<std::string> classNames = extractClsNamesFromTemplate(name);
        assert(!classNames.empty() && "empty class names?");
        return classNames;
    }
    return {};
}

extractClsNamesFromTemplate()

Set< std::string > SVF::cppUtil::extractClsNamesFromTemplate

(

const std::string &

oname

)

extract class names from template functions

extract class names from template functions

Parameters

oname

Returns

Definition at line 821 of file CppUtil.cpp.

{
    // "std::array<A const*, 2ul>" -> A
    // "std::queue<A*, std::deque<A*, std::allocator<A*> > >" -> A
    // __gnu_cxx::__aligned_membuf<std::pair<int const, A> >::_M_ptr() const -> A
    Set<std::string> ans;
    std::string demangleName = llvm::demangle(oname);
    std::vector<std::string> innermosts = findInnermostBrackets(demangleName);
    for (const auto &innermost: innermosts)
    {
        const std::vector<std::string> &allstrs = splitAndStrip(innermost, ',');
        for (const auto &str: allstrs)
        {
            size_t spacePos = str.find(' ');
            if (spacePos != std::string::npos)
            {
                // A const* -> A
                ans.insert(str.substr(0, spacePos));
            }
            else
            {
                size_t starPos = str.find('*');
                if (starPos != std::string::npos)
                    // A* -> A
                    ans.insert(str.substr(0, starPos));
                else
                    ans.insert(str);
            }
        }
    }
    return ans;
}

getBeforeBrackets()

std::string SVF::cppUtil::getBeforeBrackets

(

const std::string &

name

)

get class name before brackets e.g., for ‘namespace::A<...::...>::f’, we get ‘namespace::A’

Definition at line 127 of file CppUtil.cpp.

{
    if (name.empty() || name[name.size() - 1] != '>')
    {
        return name;
    }
    s32_t bracket_num = 1, pos;
    for (pos = name.size() - 2; pos >= 0; pos--)
    {
        if (name[pos] == '>')
            bracket_num++;
        if (name[pos] == '<')
            bracket_num--;
        if (bracket_num == 0)
            break;
    }
    return name.substr(0, pos);
}

getClassNameFromType()

std::string SVF::cppUtil::getClassNameFromType

(

const StructType *

ty

)

Definition at line 583 of file CppUtil.cpp.

{
    std::string className = "";
    if (!((SVFUtil::cast<StructType>(ty))->isLiteral()))
    {
        std::string elemTypeName = ty->getStructName().str();
        if (elemTypeName.compare(0, clsName.size(), clsName) == 0)
        {
            className = elemTypeName.substr(clsName.size());
        }
        else if (elemTypeName.compare(0, structName.size(), structName) == 0)
        {
            className = elemTypeName.substr(structName.size());
        }
    }
    return className;
}

getClassNameFromVtblObj()

std::string SVF::cppUtil::getClassNameFromVtblObj

(

const std::string &

vtblName

)

Definition at line 304 of file CppUtil.cpp.

{
    std::string className = "";
 
    s32_t status;
    char* realname = abi::__cxa_demangle(vtblName.c_str(), 0, 0, &status);
    if (realname != nullptr)
    {
        std::string realnameStr = std::string(realname);
        if (realnameStr.compare(0, vtblLabelAfterDemangle.size(),
                                vtblLabelAfterDemangle) == 0)
        {
            className = realnameStr.substr(vtblLabelAfterDemangle.size());
        }
        std::free(realname);
    }
    return className;
}

getClassNameOfThisPtr()

Set< std::string > SVF::cppUtil::getClassNameOfThisPtr

(

const CallBase *

cs

)

Definition at line 601 of file CppUtil.cpp.

{
    Set<std::string> thisPtrNames;
    std::string thisPtrClassName = "";
    if (const MDNode* N = inst->getMetadata("VCallPtrType"))
    {
        const MDString* mdstr = SVFUtil::cast<MDString>(N->getOperand(0).get());
        thisPtrClassName = mdstr->getString().str();
    }
    if (thisPtrClassName.size() == 0)
    {
        const Value* thisPtr = getVCallThisPtr(inst);
        Set<std::string>& names = LLVMModuleSet::getLLVMModuleSet()->getTypeInference()->inferThisPtrClsName(thisPtr);
        thisPtrNames.insert(names.begin(), names.end());
    }
 
    Set<std::string> ans;
    std::transform(thisPtrNames.begin(), thisPtrNames.end(), std::inserter(ans, ans.begin()),
                   [](const std::string &thisPtrName) -> std::string
    {
        size_t found = thisPtrName.find_last_not_of("0123456789");
        if (found != std::string::npos)
        {
            if (found != thisPtrName.size() - 1 &&
                    thisPtrName[found] == '.')
            {
                return thisPtrName.substr(0, found);
            }
        }
        return thisPtrName;
    });
    return ans;
}

getClsNamesInBrackets()

Set< std::string > SVF::cppUtil::getClsNamesInBrackets

(

const std::string &

name

)

Definition at line 242 of file CppUtil.cpp.

{
    Set<std::string> res;
    // Lambda to trim whitespace from both ends of a string
    auto trim = [](std::string& s)
    {
        size_t first = s.find_first_not_of(' ');
        size_t last = s.find_last_not_of(' ');
        if (first != std::string::npos && last != std::string::npos)
        {
            s = s.substr(first, (last - first + 1));
        }
        else
        {
            s.clear();
        }
    };
 
    // Lambda to remove trailing '*' and '&' characters
    auto removePointerAndReference = [](std::string& s)
    {
        while (!s.empty() && (s.back() == '*' || s.back() == '&'))
        {
            s.pop_back();
        }
    };
 
    s32_t status;
    char* realname = abi::__cxa_demangle(name.c_str(), 0, 0, &status);
    if (realname == nullptr)
    {
        // do nothing
    }
    else
    {
        std::string realnameStr = std::string(realname);
 
        // Find the start and end of the parameter list
        size_t start = realnameStr.find('(');
        size_t end = realnameStr.find(')');
        if (start == std::string::npos || end == std::string::npos || start >= end)
        {
            return res; // Return empty set if the format is incorrect
        }
 
        // Extract the parameter list
        std::string paramList = realnameStr.substr(start + 1, end - start - 1);
 
        // Split the parameter list by commas
        std::istringstream ss(paramList);
        std::string param;
        while (std::getline(ss, param, ','))
        {
            trim(param);
            removePointerAndReference(param);
            res.insert(param);
        }
        std::free(realname);
    }
    return res;
}

getConstructorThisPtr()

const Argument * SVF::cppUtil::getConstructorThisPtr

(

const Function *

fun

)

Definition at line 461 of file CppUtil.cpp.

{
    assert((isConstructor(fun) || isDestructor(fun)) &&
           "not a constructor?");
    assert(fun->arg_size() >= 1 && "argument size >= 1?");
    const Argument* thisPtr = &*(fun->arg_begin());
    return thisPtr;
}

getFunNameOfVCallSite()

std::string SVF::cppUtil::getFunNameOfVCallSite

(

const CallBase *

cs

)

Definition at line 635 of file CppUtil.cpp.

{
    std::string funName;
    if (const MDNode* N = inst->getMetadata("VCallFunName"))
    {
        const MDString* mdstr = SVFUtil::cast<MDString>(N->getOperand(0).get());
        funName = mdstr->getString().str();
    }
    return funName;
}

getThunkTarget()

const Function * SVF::cppUtil::getThunkTarget

(

const Function *

F

)

Definition at line 389 of file CppUtil.cpp.

{
    const Function* ret = nullptr;
 
    for (auto& bb : *F)
    {
        for (auto& inst : bb)
        {
            if (const CallBase* callbase = SVFUtil::dyn_cast<CallBase>(&inst))
            {
                // assert(cs.getCalledFunction() &&
                //        "Indirect call detected in thunk func");
                // assert(ret == nullptr && "multiple callsites in thunk func");
 
                ret = callbase->getCalledFunction();
            }
        }
    }
 
    return ret;
}

getVCallIdx()

s32_t SVF::cppUtil::getVCallIdx

(

const CallBase *

cs

)

Definition at line 646 of file CppUtil.cpp.

{
    const LoadInst* vfuncloadinst =
        SVFUtil::dyn_cast<LoadInst>(cs->getCalledOperand());
    assert(vfuncloadinst != nullptr);
    const Value* vfuncptr = vfuncloadinst->getPointerOperand();
    const GetElementPtrInst* vfuncptrgepinst =
        SVFUtil::dyn_cast<GetElementPtrInst>(vfuncptr);
    User::const_op_iterator oi = vfuncptrgepinst->idx_begin();
    const ConstantInt* idx = SVFUtil::dyn_cast<ConstantInt>(oi->get());
    s32_t idx_value;
    if (idx == nullptr)
    {
        SVFUtil::errs() << "vcall gep idx not constantint\n";
        idx_value = 0;
    }
    else
    {
        idx_value = (s32_t)idx->getSExtValue();
    }
    return idx_value;
}

getVCallThisPtr()

const Value * SVF::cppUtil::getVCallThisPtr

(

const CallBase *

cs

)

Definition at line 411 of file CppUtil.cpp.

{
    if (cs->paramHasAttr(0, llvm::Attribute::StructRet))
    {
        return cs->getArgOperand(1);
    }
    else
    {
        return cs->getArgOperand(0);
    }
}

getVCallVtblPtr()

const Value * SVF::cppUtil::getVCallVtblPtr

(

const CallBase *

cs

)

Definition at line 537 of file CppUtil.cpp.

{
    const LoadInst* loadInst =
        SVFUtil::dyn_cast<LoadInst>(cs->getCalledOperand());
    assert(loadInst != nullptr);
    const Value* vfuncptr = loadInst->getPointerOperand();
    const GetElementPtrInst* gepInst =
        SVFUtil::dyn_cast<GetElementPtrInst>(vfuncptr);
    assert(gepInst != nullptr);
    const Value* vtbl = gepInst->getPointerOperand();
    return vtbl;
}

getVtblStruct()

const ConstantStruct * SVF::cppUtil::getVtblStruct

(

const GlobalValue *

vtbl

)

Definition at line 323 of file CppUtil.cpp.

{
    const ConstantStruct *vtblStruct = SVFUtil::dyn_cast<ConstantStruct>(vtbl->getOperand(0));
    assert(vtblStruct && "Initializer of a vtable not a struct?");
 
    if (vtblStruct->getNumOperands() == 2 &&
            SVFUtil::isa<ConstantStruct>(vtblStruct->getOperand(0)) &&
            vtblStruct->getOperand(1)->getType()->isArrayTy())
        return SVFUtil::cast<ConstantStruct>(vtblStruct->getOperand(0));
 
    return vtblStruct;
}

isClsNameSource()

bool SVF::cppUtil::isClsNameSource

(

const Value *

val

)

class sources can be heap allocation or functions where we can extract the class name (constructors/destructors or template functions)

class sources are functions where we can extract the class name (constructors/destructors or template functions)

Parameters

val

Returns

Definition at line 861 of file CppUtil.cpp.

{
    if (const auto *callBase = SVFUtil::dyn_cast<CallBase>(val))
    {
        const Function *foo = callBase->getCalledFunction();
        // indirect call
        if(!foo) return false;
        return isConstructor(foo) || isDestructor(foo) || isTemplateFunc(foo) || isDynCast(foo);
    }
    else if (const auto *func = SVFUtil::dyn_cast<Function>(val))
    {
        return isConstructor(func) || isDestructor(func) || isTemplateFunc(func);
    }
    return false;
}

isConstructor()

bool SVF::cppUtil::isConstructor

(

const Function *

F

)

TODO: on mac os function name is an empty string after demangling

Definition at line 489 of file CppUtil.cpp.

{
    if (F->isDeclaration())
        return false;
    std::string funcName = F->getName().str();
    if (funcName.compare(0, vfunPreLabel.size(), vfunPreLabel) != 0)
    {
        return false;
    }
    struct cppUtil::DemangledName dname = cppUtil::demangle(funcName.c_str());
    if (dname.className.size() == 0)
    {
        return false;
    }
    stripBracketsAndNamespace(dname);
    return dname.className.size() > 0 &&
           dname.className.compare(dname.funcName) == 0;
}

isCPPThunkFunction()

bool SVF::cppUtil::isCPPThunkFunction

(

const Function *

F

)

Definition at line 383 of file CppUtil.cpp.

{
    cppUtil::DemangledName dname = cppUtil::demangle(F->getName().str());
    return dname.isThunkFunc;
}

isDestructor()

bool SVF::cppUtil::isDestructor

(

const Function *

F

)

Definition at line 509 of file CppUtil.cpp.

{
    if (F->isDeclaration())
        return false;
    std::string funcName = F->getName().str();
    if (funcName.compare(0, vfunPreLabel.size(), vfunPreLabel) != 0)
    {
        return false;
    }
    struct cppUtil::DemangledName dname = cppUtil::demangle(funcName.c_str());
    if (dname.className.size() == 0)
    {
        return false;
    }
    stripBracketsAndNamespace(dname);
    return (dname.className.size() > 0 && dname.funcName.size() > 0 &&
            dname.className.size() + 1 == dname.funcName.size() &&
            dname.funcName.compare(0, 1, "~") == 0 &&
            dname.className.compare(dname.funcName.substr(1)) == 0);
}

isDynCast()

bool SVF::cppUtil::isDynCast

(

const Function *

foo

)

whether foo is a cpp dyncast function

whether foo is a cpp dyncast function

Parameters

foo

Returns

Definition at line 910 of file CppUtil.cpp.

{
    assert(foo->hasName() && "foo does not have a name? possible indirect call");
    return foo->getName().str() == dyncast;
}

isSameThisPtrInConstructor()

bool SVF::cppUtil::isSameThisPtrInConstructor	(	const Argument *	thisPtr1,
		const Value *	thisPtr2
	)

Given a inheritance relation B is a child of A We assume B::B(thisPtr1){ A::A(thisPtr2) } such that thisPtr1 == thisPtr2 In the following code thisPtr1 is "%class.B1* %this" and thisPtr2 is "%class.A* %0".

define linkonce_odr dso_local void @B1::B1()(class.B1* this) unnamed_addr #6 comdat this.addr = alloca class.B1*, align 8 store class.B1* this, class.B1** this.addr, align 8 this1 = load class.B1*, class.B1** this.addr, align 8 %0 = bitcast class.B1* this1 to class.A* call void @A::A()(class.A* %0)

Definition at line 437 of file CppUtil.cpp.

{
    if (thisPtr1 == thisPtr2)
        return true;
    for (const Value* thisU : thisPtr1->users())
    {
        if (const StoreInst* store = SVFUtil::dyn_cast<StoreInst>(thisU))
        {
            for (const Value* storeU : store->getPointerOperand()->users())
            {
                if (const LoadInst* load = SVFUtil::dyn_cast<LoadInst>(storeU))
                {
                    if (load->getNextNode() &&
                            SVFUtil::isa<CastInst>(load->getNextNode()))
                        return SVFUtil::cast<CastInst>(load->getNextNode()) ==
                               (thisPtr2->stripPointerCasts());
                }
            }
        }
    }
    return false;
}

isTemplateFunc()

bool SVF::cppUtil::isTemplateFunc

(

const Function *

foo

)

whether foo is a cpp template function

whether foo is a cpp template function TODO: we only consider limited label for now (see the very beginning of CppUtil.cpp)

Parameters

foo

Returns

Definition at line 894 of file CppUtil.cpp.

{
    assert(foo->hasName() && "foo does not have a name? possible indirect call");
    const std::string &name = foo->getName().str();
    bool matchedLabel = matchesLabel(name, znstLabel) || matchesLabel(name, znkstLabel) ||
                        matchesLabel(name, znkLabel);
    // we exclude "_ZNK6cArray3dupEv" -> cArray::dup() const
    const std::string &demangledName = llvm::demangle(name);
    return matchedLabel && demangledName.find('<') != std::string::npos && demangledName.find('>') != std::string::npos;
}

isValVtbl()

bool SVF::cppUtil::isValVtbl

(

const Value *

val

)

Definition at line 336 of file CppUtil.cpp.

{
    if (!SVFUtil::isa<GlobalVariable>(val))
        return false;
    std::string valName = val->getName().str();
    return valName.compare(0, vtblLabelBeforeDemangle.size(),
                           vtblLabelBeforeDemangle) == 0;
}

isVirtualCallSite()

bool SVF::cppUtil::isVirtualCallSite

(

const CallBase *

cs

)

Definition at line 352 of file CppUtil.cpp.

{
    // the callsite must be an indirect one with at least one argument (this
    // ptr)
    if (cs->getCalledFunction() != nullptr || cs->arg_empty())
        return false;
 
    // the first argument (this pointer) must be a pointer type and must be a
    // class name
    if (cs->getArgOperand(0)->getType()->isPointerTy() == false)
        return false;
 
    const Value* vfunc = cs->getCalledOperand();
    if (const LoadInst* vfuncloadinst = SVFUtil::dyn_cast<LoadInst>(vfunc))
    {
        const Value* vfuncptr = vfuncloadinst->getPointerOperand();
        if (const GetElementPtrInst* vfuncptrgepinst =
                    SVFUtil::dyn_cast<GetElementPtrInst>(vfuncptr))
        {
            if (vfuncptrgepinst->getNumIndices() != 1)
                return false;
            const Value* vtbl = vfuncptrgepinst->getPointerOperand();
            if (SVFUtil::isa<LoadInst>(vtbl))
            {
                return true;
            }
        }
    }
    return false;
}

matchesLabel()

bool SVF::cppUtil::matchesLabel	(	const std::string &	foo,
		const std::string &	label
	)

whether foo matches the mangler label

whether fooName matches the mangler label

Parameters

foo
label

Returns

Definition at line 883 of file CppUtil.cpp.

{
    return foo.compare(0, label.size(), label) == 0;
}

VCallInCtorOrDtor()

bool SVF::cppUtil::VCallInCtorOrDtor

(

const CallBase *

cs

)

Definition at line 553 of file CppUtil.cpp.

{
    Set<std::string> classNameOfThisPtrs = cppUtil::getClassNameOfThisPtr(cs);
    const Function* func = cs->getCaller();
    for (const auto &classNameOfThisPtr: classNameOfThisPtrs)
    {
        if (cppUtil::isConstructor(func) || cppUtil::isDestructor(func))
        {
            cppUtil::DemangledName dname = cppUtil::demangle(func->getName().str());
            if (classNameOfThisPtr.compare(dname.className) == 0)
                return true;
        }
    }
    return false;
}