svf-tools 1.0.1048 → 1.0.1050

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.1048",
+  "version": "1.0.1050",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/lib/SVFIR/SVFVariables.cpp

@@ -169,7 +169,7 @@ const std::string GepValVar::toString() const
     if (Options::ShowSVFIRValue())
     {
         rawstr << "\n";
-        rawstr << valueOnlyToString();
+        rawstr << getBaseNode()->valueOnlyToString();
     }
     return rawstr.str();
 }
@@ -203,7 +203,7 @@ const std::string GepObjVar::toString() const
     if (Options::ShowSVFIRValue())
     {
         rawstr << "\n";
-        rawstr << valueOnlyToString();
+        rawstr << getBaseObj()->valueOnlyToString();
     }
     return rawstr.str();
 }

package/svf-llvm/include/SVF-LLVM/ObjTypeInference.h

@@ -70,6 +70,8 @@ public:
     /// get or infer the type of the object pointed by the value
     const Type *inferObjType(const Value *var);
 
+    const Type *inferPointsToType(const Value *var);
+
     /// validate type inference
     void validateTypeCheck(const CallBase *cs);
 

package/svf-llvm/lib/LLVMUtil.cpp

@@ -767,33 +767,17 @@ const std::string SVFValue::valueOnlyToString() const
 {
     std::string str;
     llvm::raw_string_ostream rawstr(str);
-    if (const SVF::CallGraphNode* fun = SVFUtil::dyn_cast<CallGraphNode>(this))
-    {
-        rawstr << "Function: " << fun->getFunction()->getName() << " ";
-    }
+    assert(
+        !SVFUtil::isa<GepObjVar>(this) && !SVFUtil::isa<GepValVar>(this) &&
+        !SVFUtil::isa<DummyObjVar>(this) &&!SVFUtil::isa<DummyValVar>(this) &&
+        !SVFUtil::isa<BlackHoleValVar>(this) &&
+        "invalid value, refer to their toString method");
+    auto llvmVal =
+        LLVMModuleSet::getLLVMModuleSet()->getLLVMValue(this);
+    if (llvmVal)
+        rawstr << " " << *llvmVal << " ";
     else
-    {
-        const SVFValue* baseNode = this;
-        if (const GepValVar* valVar = SVFUtil::dyn_cast<GepValVar>(this))
-        {
-            baseNode = valVar->getBaseNode();
-        }
-        else if (const GepObjVar* objVar = SVFUtil::dyn_cast<GepObjVar>(this))
-        {
-            baseNode = objVar->getBaseObj();
-        }
-        if (SVFUtil::isa<DummyObjVar, DummyValVar, BlackHoleValVar>(baseNode))
-            rawstr << "";
-        else
-        {
-            auto llvmVal =
-                LLVMModuleSet::getLLVMModuleSet()->getLLVMValue(baseNode);
-            if (llvmVal)
-                rawstr << " " << *llvmVal << " ";
-            else
-                rawstr << "";
-        }
-    }
+        rawstr << "";
     rawstr << getSourceLoc();
     return rawstr.str();
 }

package/svf-llvm/lib/ObjTypeInference.cpp

@@ -134,6 +134,45 @@ LLVMContext &ObjTypeInference::getLLVMCtx()
  * @param val
  */
 const Type *ObjTypeInference::inferObjType(const Value *var)
+{
+    const Type* res = inferPointsToType(var);
+    // infer type by leveraging the type alignment of src and dst in memcpy
+    // for example,
+    //
+    // %tmp = alloca %struct.outer
+    // %inner_v = alloca %struct.inner
+    // %ptr = getelementptr inbounds %struct.outer, ptr %tmp, i32 0, i32 1, !dbg !38
+    // %0 = load ptr, ptr %ptr, align 8, !dbg !38
+    // call void @llvm.memcpy.p0.p0.i64(ptr %inner_v, ptr %0, i64 24, i1 false)
+    //
+    //  It is difficult to infer the type of %0 without deep alias analysis,
+    //  but we can infer the obj type of %0 based on that of %inner_v.
+    if (res == defaultType(var))
+    {
+        for (const auto& use: var->users())
+        {
+            if (const CallBase* cs = SVFUtil::dyn_cast<CallBase>(use))
+            {
+                if (const Function* calledFun = cs->getCalledFunction())
+                    if (LLVMUtil::isMemcpyExtFun(LLVMModuleSet::getLLVMModuleSet()->getSVFFunction(calledFun)))
+                    {
+                        assert(cs->getNumOperands() > 1 && "arguments should be greater than 1");
+                        const Value* dst = cs->getArgOperand(0);
+                        const Value* src = cs->getArgOperand(1);
+                        if(calledFun->getName().find("iconv") != std::string::npos)
+                            dst = cs->getArgOperand(3), src = cs->getArgOperand(1);
+
+                        if (var == dst) return inferPointsToType(src);
+                        else if (var == src) return inferPointsToType(dst);
+                        else ABORT_MSG("invalid memcpy call");
+                    }
+            }
+        }
+    }
+    return res;
+}
+
+const Type *ObjTypeInference::inferPointsToType(const Value *var)
 {
     if (isAlloc(var)) return fwInferObjType(var);
     Set<const Value *> &sources = bwfindAllocOfVar(var);

package/svf-llvm/lib/SVFIRBuilder.cpp

@@ -1384,6 +1384,27 @@ void SVFIRBuilder::handleDirectCall(CallBase* cs, const Function *F)
     }
 }
 
+/*!
+ * Example 1:
+
+    %0 = getelementptr inbounds %struct.outer, %struct.inner %base, i32 0, i32 0
+    call void @llvm.memcpy(ptr %inner, ptr %0, i64 24, i1 false)
+    The base value for %0 is %base.
+    Note: the %base is recognized as the base value if the offset (field index) is 0
+
+ * Example 2:
+ *     https://github.com/SVF-tools/SVF/issues/1650
+       https://github.com/SVF-tools/SVF/pull/1652
+
+    @i1 = dso_local global %struct.inner { i32 0, ptr @f1, ptr @f2 }
+    @n1 = dso_local global %struct.outer { i32 0, ptr @i1 }
+
+    %inner = alloca %struct.inner
+    %0 = load ptr, ptr getelementptr inbounds (%struct.outer, ptr @n1, i32 0, i32 1)
+    call void @llvm.memcpy(ptr %inner, ptr %0, i64 24, i1 false)
+
+    The base value for %0 is @i1
+ */
 const Value* SVFIRBuilder::getBaseValueForExtArg(const Value* V)
 {
     const Value*  value = stripAllCasts(V);
@@ -1399,6 +1420,36 @@ const Value* SVFIRBuilder::getBaseValueForExtArg(const Value* V)
         if(totalidx == 0 && !SVFUtil::isa<StructType>(value->getType()))
             value = gep->getPointerOperand();
     }
+    else if (const LoadInst* load = SVFUtil::dyn_cast<LoadInst>(value))
+    {
+        const Value* loadP = load->getPointerOperand();
+        if (const GetElementPtrInst* gep = SVFUtil::dyn_cast<GetElementPtrInst>(loadP))
+        {
+            APOffset totalidx = 0;
+            for (bridge_gep_iterator gi = bridge_gep_begin(gep), ge = bridge_gep_end(gep); gi != ge; ++gi)
+            {
+                if(const ConstantInt* op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand()))
+                    totalidx += LLVMUtil::getIntegerValue(op).first;
+            }
+            const Value * pointer_operand = gep->getPointerOperand();
+            if (auto *glob = SVFUtil::dyn_cast<GlobalVariable>(pointer_operand))
+            {
+                if (glob->hasInitializer())
+                {
+                    if (auto *initializer = SVFUtil::dyn_cast<
+                                            ConstantStruct>(glob->getInitializer()))
+                    {
+                        auto *ptrField = initializer->getOperand(totalidx);
+                        if (auto *ptrValue = SVFUtil::dyn_cast<llvm::GlobalVariable>(ptrField))
+                        {
+                            return ptrValue;
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     return value;
 }
 

package/svf-llvm/tools/Example/svf-ex.cpp

@@ -62,7 +62,7 @@ std::string printPts(PointerAnalysis* pta, const SVFVar* svfval)
     {
         rawstr << " " << *ii << " ";
         PAGNode* targetObj = pta->getPAG()->getGNode(*ii);
-        rawstr << "(" << targetObj->valueOnlyToString() << ")\t ";
+        rawstr << "(" << targetObj->toString() << ")\t ";
     }
 
     return rawstr.str();