svf-tools 1.0.1208 → 1.0.1209

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.1208",
+  "version": "1.0.1209",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Core/AbstractState.h

@@ -195,8 +195,7 @@ public:
 
 protected:
     VarToAbsValMap _varToAbsVal; ///< Map a variable (symbol) to its abstract value
-    AddrToAbsValMap
-    _addrToAbsVal; ///< Map a memory address to its stored abstract value
+    AddrToAbsValMap _addrToAbsVal; ///< Map a memory address to its stored abstract value
 
 public:
 

package/svf/include/AE/Svfexe/AbsExtAPI.h

@@ -106,7 +106,7 @@ public:
      * @return Reference to the abstract state.
      * @throws Assertion if no trace exists for the node.
      */
-    AbstractState& getAbsStateFromTrace(const ICFGNode* node);
+    AbstractState& getAbstractState(const ICFGNode* node);
 
     void collectCheckPoint();
     void checkPointAllSet();

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -109,128 +109,74 @@ public:
         detectors.push_back(std::move(detector));
     }
 
+    /// Retrieve the abstract state from the trace for a given ICFG node; asserts if no trace exists
+    AbstractState& getAbstractState(const ICFGNode* node);
 
+    /// Check if an abstract state exists in the trace for a given ICFG node
+    bool hasAbsStateFromTrace(const ICFGNode* node);
+
+    /// Retrieve abstract value for a top-level variable at a given ICFG node
+    AbstractValue& getAbstractValue(const ICFGNode* node, const ValVar* var);
+
+    /// Retrieve abstract value for an address-taken variable at a given ICFG node
+    AbstractValue& getAbstractValue(const ICFGNode* node, const ObjVar* var);
+
+    /// Retrieve abstract value for any SVF variable at a given ICFG node
+    AbstractValue& getAbstractValue(const ICFGNode* node, const SVFVar* var);
+
+    /// Retrieve abstract state filtered to specific top-level variables
+    void getAbstractState(const ICFGNode* node, const Set<const ValVar*>& vars, AbstractState& result);
+
+    /// Retrieve abstract state filtered to specific address-taken variables
+    void getAbstractState(const ICFGNode* node, const Set<const ObjVar*>& vars, AbstractState& result);
+
+    /// Retrieve abstract state filtered to specific SVF variables
+    void getAbstractState(const ICFGNode* node, const Set<const SVFVar*>& vars, AbstractState& result);
 
-    /**
-     * @brief Retrieves the abstract state from the trace for a given ICFG node.
-     * @param node Pointer to the ICFG node.
-     * @return Reference to the abstract state.
-     * @throws Assertion if no trace exists for the node.
-     */
-    AbstractState& getAbsStateFromTrace(const ICFGNode* node)
-    {
-        if (abstractTrace.count(node) == 0)
-        {
-            assert(false && "No preAbsTrace for this node");
-            abort();
-        }
-        else
-        {
-            return abstractTrace[node];
-        }
-    }
 
 private:
-    /// Global ICFGNode is handled at the entry of the program,
+    /// Initialize abstract state for the global ICFG node and process global statements
     virtual void handleGlobalNode();
 
-    /**
-     * Check if execution state exist by merging states of predecessor nodes
-     *
-     * @param icfgNode The icfg node to analyse
-     * @return if this node has preceding execution state
-     */
+    /// Merge abstract states from predecessor nodes; return true if icfgNode has feasible incoming state
     bool mergeStatesFromPredecessors(const ICFGNode * icfgNode);
 
-    /**
-     * Check if execution state exist at the branch edge
-     *
-     * @param intraEdge the edge from CmpStmt to the next node
-     * @return if this edge is feasible
-     */
+    /// Check if the branch on intraEdge is feasible under abstract state as
     bool isBranchFeasible(const IntraCFGEdge* intraEdge, AbstractState& as);
 
-    /**
-     * handle instructions in ICFGSingletonWTO
-     *
-     * @param block basic block that has one instruction or a series of instructions
-     */
+    /// Process all SVF statements in a singleton WTO component (single basic block)
     virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto);
 
-    /**
-     * handle call node in ICFGNode
-     *
-     * @param node ICFGNode which has a single CallICFGNode
-     */
+    /// Handle a call site node: dispatch to ext-call, direct-call, or indirect-call handling
     virtual void handleCallSite(const ICFGNode* node);
 
-    /**
-     * handle wto cycle (loop)
-     *
-     * @param cycle WTOCycle which has weak topo order of basic blocks and nested cycles
-     */
+    /// Handle a WTO cycle (loop or recursive function) using widening/narrowing iteration
     virtual void handleLoopOrRecursion(const ICFGCycleWTO* cycle, const CallICFGNode* caller = nullptr);
 
-    /**
-     * Handle a function using worklist algorithm
-     *
-     * @param funEntry The entry node of the function to handle
-     */
+    /// Handle a function body via worklist-driven WTO traversal starting from funEntry
     void handleFunction(const ICFGNode* funEntry, const CallICFGNode* caller = nullptr);
 
-    /**
-     * Handle an ICFG node by merging states and processing statements
-     *
-     * @param node The ICFG node to handle
-     * @return true if state changed, false if fixpoint reached or infeasible
-     */
+    /// Merge predecessor states, process statements and callsites; return true if state changed
     bool handleICFGNode(const ICFGNode* node);
 
-    /**
-     * Get the next nodes of a node within the same function
-     *
-     * @param node The node to get successors for
-     * @return Vector of successor nodes
-     */
+    /// Get intra-procedural successor nodes (including call-to-ret shortcut) within the same function
     std::vector<const ICFGNode*> getNextNodes(const ICFGNode* node) const;
 
-    /**
-     * Get the next nodes outside a cycle
-     *
-     * @param cycle The cycle to get exit successors for
-     * @return Vector of successor nodes outside the cycle
-     */
+    /// Get successor nodes that exit the given WTO cycle (skipping inner sub-cycles)
     std::vector<const ICFGNode*> getNextNodesOfCycle(const ICFGCycleWTO* cycle) const;
 
-    /**
-     * handle SVF Statement like CmpStmt, CallStmt, GepStmt, LoadStmt, StoreStmt, etc.
-     *
-     * @param stmt SVFStatement which is a value flow of instruction
-     */
+    /// Dispatch an SVF statement (Addr/Binary/Cmp/Load/Store/Copy/Gep/Select/Phi/Call/Ret) to its handler
     virtual void handleSVFStatement(const SVFStmt* stmt);
 
+    /// Set all store targets and return value to TOP for a recursive call node
     virtual void setTopToObjInRecursion(const CallICFGNode* callnode);
 
-
-    /**
-    * Check if this cmpStmt and succ are satisfiable to the execution state.
-    *
-    * @param cmpStmt CmpStmt is a conditional branch statement
-    * @param succ the value of cmpStmt (True or False)
-    * @return if this ICFGNode has preceding execution state
-    */
+    /// Check if cmpStmt with successor value succ is feasible; refine intervals in as accordingly
     bool isCmpBranchFeasible(const CmpStmt* cmpStmt, s64_t succ,
                              AbstractState& as);
 
-    /**
-    * Check if this SwitchInst and succ are satisfiable to the execution state.
-    *
-    * @param var var in switch inst
-    * @param succ the case value of switch inst
-    * @return if this ICFGNode has preceding execution state
-    */
-    bool isSwitchBranchFeasible(const SVFVar* var, s64_t succ,
-                                AbstractState& as);
+    /// Check if switch branch with case value succ is feasible; refine intervals in as accordingly
+    bool isSwitchBranchFeasible(const SVFVar* var, s64_t succ, AbstractState& as);
 
     void updateStateOnAddr(const AddrStmt *addr);
 
@@ -266,12 +212,6 @@ private:
 
     PreAnalysis* preAnalysis{nullptr};
 
-
-    bool hasAbsStateFromTrace(const ICFGNode* node)
-    {
-        return abstractTrace.count(node) != 0;
-    }
-
     AbsExtAPI* getUtils()
     {
         return utils;

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -123,7 +123,7 @@ void BufOverflowDetector::handleStubFunctions(const SVF::CallICFGNode* callNode)
         if (callNode->arg_size() < 2)
             return;
         AbstractState& as =
-            AbstractInterpretation::getAEInstance().getAbsStateFromTrace(
+            AbstractInterpretation::getAEInstance().getAbstractState(
                 callNode);
         u32_t size_id = callNode->getArgument(1)->getId();
         IntervalValue val = as[size_id].getInterval();
@@ -152,7 +152,7 @@ void BufOverflowDetector::handleStubFunctions(const SVF::CallICFGNode* callNode)
         // void UNSAFE_BUFACCESS(void* data, int size);
         AbstractInterpretation::getAEInstance().getUtils()->checkpoints.erase(callNode);
         if (callNode->arg_size() < 2) return;
-        AbstractState&as = AbstractInterpretation::getAEInstance().getAbsStateFromTrace(callNode);
+        AbstractState&as = AbstractInterpretation::getAEInstance().getAbstractState(callNode);
         u32_t size_id = callNode->getArgument(1)->getId();
         IntervalValue val = as[size_id].getInterval();
         if (val.isBottom())
@@ -591,7 +591,7 @@ void NullptrDerefDetector::handleStubFunctions(const CallICFGNode* callNode)
         AbstractInterpretation::getAEInstance().getUtils()->checkpoints.erase(callNode);
         if (callNode->arg_size() < 1)
             return;
-        AbstractState& as = AbstractInterpretation::getAEInstance().getAbsStateFromTrace(callNode);
+        AbstractState& as = AbstractInterpretation::getAEInstance().getAbstractState(callNode);
 
         const SVFVar* arg0Val = callNode->getArgument(0);
         // opt may directly dereference a null pointer and call UNSAFE_LOAD(null)
@@ -614,7 +614,7 @@ void NullptrDerefDetector::handleStubFunctions(const CallICFGNode* callNode)
         // void SAFE_LOAD(void* ptr);
         AbstractInterpretation::getAEInstance().getUtils()->checkpoints.erase(callNode);
         if (callNode->arg_size() < 1) return;
-        AbstractState&as = AbstractInterpretation::getAEInstance().getAbsStateFromTrace(callNode);
+        AbstractState&as = AbstractInterpretation::getAEInstance().getAbstractState(callNode);
         const SVFVar* arg0Val = callNode->getArgument(0);
         // opt may directly dereference a null pointer and call UNSAFE_LOAD(null)ols
         bool isSafe = canSafelyDerefPtr(as, arg0Val) && arg0Val->getId() != 0;

package/svf/lib/AE/Svfexe/AbsExtAPI.cpp

@@ -44,7 +44,7 @@ void AbsExtAPI::initExtFunMap()
 #define SSE_FUNC_PROCESS(LLVM_NAME ,FUNC_NAME) \
         auto sse_##FUNC_NAME = [this](const CallICFGNode *callNode) { \
         /* run real ext function */            \
-        AbstractState& as = getAbsStateFromTrace(callNode); \
+        AbstractState& as = getAbstractState(callNode); \
         u32_t rhs_id = callNode->getArgument(0)->getId(); \
         if (!as.inVarToValTable(rhs_id)) return; \
         u32_t rhs = as[rhs_id].getInterval().lb().getIntNumeral(); \
@@ -78,7 +78,7 @@ void AbsExtAPI::initExtFunMap()
     {
         checkpoints.erase(callNode);
         u32_t arg0 = callNode->getArgument(0)->getId();
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         if (as[arg0].getInterval().equals(IntervalValue(1, 1)))
         {
             SVFUtil::errs() << SVFUtil::sucMsg("The assertion is successfully verified!!\n");
@@ -96,7 +96,7 @@ void AbsExtAPI::initExtFunMap()
     {
         u32_t arg0 = callNode->getArgument(0)->getId();
         u32_t arg1 = callNode->getArgument(1)->getId();
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         if (as[arg0].getInterval().equals(as[arg1].getInterval()))
         {
             SVFUtil::errs() << SVFUtil::sucMsg("The assertion is successfully verified!!\n");
@@ -113,7 +113,7 @@ void AbsExtAPI::initExtFunMap()
     auto svf_print = [&](const CallICFGNode* callNode)
     {
         if (callNode->arg_size() < 2) return;
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         u32_t num_id = callNode->getArgument(0)->getId();
         std::string text = strRead(as, callNode->getArgument(1));
         assert(as.inVarToValTable(num_id) && "print() should pass integer");
@@ -127,7 +127,7 @@ void AbsExtAPI::initExtFunMap()
     auto svf_set_value = [&](const CallICFGNode* callNode)
     {
         if (callNode->arg_size() < 2) return;
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         AbstractValue& num = as[callNode->getArgument(0)->getId()];
         AbstractValue& lb = as[callNode->getArgument(1)->getId()];
         AbstractValue& ub = as[callNode->getArgument(2)->getId()];
@@ -150,7 +150,7 @@ void AbsExtAPI::initExtFunMap()
 
     auto sse_scanf = [&](const CallICFGNode* callNode)
     {
-        AbstractState& as = getAbsStateFromTrace(callNode);
+        AbstractState& as = getAbstractState(callNode);
         //scanf("%d", &data);
         if (callNode->arg_size() < 2) return;
 
@@ -174,7 +174,7 @@ void AbsExtAPI::initExtFunMap()
     {
         //fscanf(stdin, "%d", &data);
         if (callNode->arg_size() < 3) return;
-        AbstractState& as = getAbsStateFromTrace(callNode);
+        AbstractState& as = getAbstractState(callNode);
         u32_t dst_id = callNode->getArgument(2)->getId();
         if (!as.inVarToAddrsTable(dst_id))
         {
@@ -203,7 +203,7 @@ void AbsExtAPI::initExtFunMap()
     auto sse_fread = [&](const CallICFGNode *callNode)
     {
         if (callNode->arg_size() < 3) return;
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         u32_t block_count_id = callNode->getArgument(2)->getId();
         u32_t block_size_id = callNode->getArgument(1)->getId();
         IntervalValue block_count = as[block_count_id].getInterval();
@@ -220,7 +220,7 @@ void AbsExtAPI::initExtFunMap()
     auto sse_snprintf = [&](const CallICFGNode *callNode)
     {
         if (callNode->arg_size() < 2) return;
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         u32_t size_id = callNode->getArgument(1)->getId();
         u32_t dst_id = callNode->getArgument(0)->getId();
         // get elem size of arg2
@@ -261,7 +261,7 @@ void AbsExtAPI::initExtFunMap()
         // itoa(num, ch, 10);
         // num: int, ch: char*, 10 is decimal
         if (callNode->arg_size() < 3) return;
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         u32_t num_id = callNode->getArgument(0)->getId();
 
         u32_t num = (u32_t) as[num_id].getInterval().getNumeral();
@@ -273,7 +273,7 @@ void AbsExtAPI::initExtFunMap()
     auto sse_strlen = [&](const CallICFGNode *callNode)
     {
         if (callNode->arg_size() < 1) return;
-        AbstractState& as = getAbsStateFromTrace(callNode);
+        AbstractState& as = getAbstractState(callNode);
         u32_t lhsId = callNode->getRetICFGNode()->getActualRet()->getId();
         // strlen/wcslen return the number of characters (not bytes).
         // getStrlen returns byte-scaled length (len * elemSize) for use
@@ -293,7 +293,7 @@ void AbsExtAPI::initExtFunMap()
     {
         // recv(sockfd, buf, len, flags);
         if (callNode->arg_size() < 4) return;
-        AbstractState&as = getAbsStateFromTrace(callNode);
+        AbstractState&as = getAbstractState(callNode);
         u32_t len_id = callNode->getArgument(2)->getId();
         IntervalValue len = as[len_id].getInterval() - IntervalValue(1);
         u32_t lhsId = callNode->getRetICFGNode()->getActualRet()->getId();
@@ -305,7 +305,7 @@ void AbsExtAPI::initExtFunMap()
     auto sse_free = [&](const CallICFGNode *callNode)
     {
         if (callNode->arg_size() < 1) return;
-        AbstractState& as = getAbsStateFromTrace(callNode);
+        AbstractState& as = getAbstractState(callNode);
         const u32_t freePtr = callNode->getArgument(0)->getId();
         for (auto addr: as[freePtr].getAddrs())
         {
@@ -335,7 +335,7 @@ void AbsExtAPI::initExtFunMap()
     }
 };
 
-AbstractState& AbsExtAPI::getAbsStateFromTrace(const SVF::ICFGNode* node)
+AbstractState& AbsExtAPI::getAbstractState(const SVF::ICFGNode* node)
 {
     if (abstractTrace.count(node) == 0)
     {
@@ -435,7 +435,7 @@ std::string AbsExtAPI::strRead(AbstractState& as, const SVFVar* rhs)
 
 void AbsExtAPI::handleExtAPI(const CallICFGNode *call)
 {
-    AbstractState& as = getAbsStateFromTrace(call);
+    AbstractState& as = getAbstractState(call);
     const FunObjVar *fun = call->getCalledFunction();
     assert(fun && "FunObjVar* is nullptr");
     ExtAPIType extType = UNCLASSIFIED;
@@ -611,7 +611,7 @@ IntervalValue AbsExtAPI::getStrlen(AbstractState& as, const SVF::SVFVar *strValu
 /// Covers: strcpy, __strcpy_chk, stpcpy, wcscpy, __wcscpy_chk
 void AbsExtAPI::handleStrcpy(const CallICFGNode *call)
 {
-    AbstractState& as = getAbsStateFromTrace(call);
+    AbstractState& as = getAbstractState(call);
     const SVFVar* dst = call->getArgument(0);
     const SVFVar* src = call->getArgument(1);
     IntervalValue srcLen = getStrlen(as, src);
@@ -624,7 +624,7 @@ void AbsExtAPI::handleStrcpy(const CallICFGNode *call)
 /// Covers: strcat, __strcat_chk, wcscat, __wcscat_chk
 void AbsExtAPI::handleStrcat(const CallICFGNode *call)
 {
-    AbstractState& as = getAbsStateFromTrace(call);
+    AbstractState& as = getAbstractState(call);
     const SVFVar* dst = call->getArgument(0);
     const SVFVar* src = call->getArgument(1);
     IntervalValue dstLen = getStrlen(as, dst);
@@ -637,7 +637,7 @@ void AbsExtAPI::handleStrcat(const CallICFGNode *call)
 /// Covers: strncat, __strncat_chk, wcsncat, __wcsncat_chk
 void AbsExtAPI::handleStrncat(const CallICFGNode *call)
 {
-    AbstractState& as = getAbsStateFromTrace(call);
+    AbstractState& as = getAbstractState(call);
     const SVFVar* dst = call->getArgument(0);
     const SVFVar* src = call->getArgument(1);
     IntervalValue n = as[call->getArgument(2)->getId()].getInterval();

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -71,6 +71,86 @@ AbstractInterpretation::AbstractInterpretation()
 {
     stat = new AEStat(this);
 }
+
+AbstractState& AbstractInterpretation::getAbstractState(const ICFGNode* node)
+{
+    if (abstractTrace.count(node) == 0)
+    {
+        assert(false && "No preAbsTrace for this node");
+        abort();
+    }
+    else
+    {
+        return abstractTrace[node];
+    }
+}
+
+bool AbstractInterpretation::hasAbsStateFromTrace(const ICFGNode* node)
+{
+    return abstractTrace.count(node) != 0;
+}
+
+AbstractValue& AbstractInterpretation::getAbstractValue(const ICFGNode* node, const ValVar* var)
+{
+    AbstractState& as = getAbstractState(node);
+    return as[var->getId()];
+}
+
+AbstractValue& AbstractInterpretation::getAbstractValue(const ICFGNode* node, const ObjVar* var)
+{
+    AbstractState& as = getAbstractState(node);
+    u32_t addr = AbstractState::getVirtualMemAddress(var->getId());
+    return as.load(addr);
+}
+
+AbstractValue& AbstractInterpretation::getAbstractValue(const ICFGNode* node, const SVFVar* var)
+{
+    if (const ValVar* valVar = SVFUtil::dyn_cast<ValVar>(var))
+        return getAbstractValue(node, valVar);
+    else if (const ObjVar* objVar = SVFUtil::dyn_cast<ObjVar>(var))
+        return getAbstractValue(node, objVar);
+    assert(false && "Unknown SVFVar kind");
+    abort();
+}
+
+void AbstractInterpretation::getAbstractState(const ICFGNode* node, const Set<const ValVar*>& vars, AbstractState& result)
+{
+    AbstractState& as = getAbstractState(node);
+    for (const ValVar* var : vars)
+    {
+        u32_t id = var->getId();
+        result[id] = as[id];
+    }
+}
+
+void AbstractInterpretation::getAbstractState(const ICFGNode* node, const Set<const ObjVar*>& vars, AbstractState& result)
+{
+    AbstractState& as = getAbstractState(node);
+    for (const ObjVar* var : vars)
+    {
+        u32_t addr = AbstractState::getVirtualMemAddress(var->getId());
+        result.store(addr, as.load(addr));
+    }
+}
+
+void AbstractInterpretation::getAbstractState(const ICFGNode* node, const Set<const SVFVar*>& vars, AbstractState& result)
+{
+    AbstractState& as = getAbstractState(node);
+    for (const SVFVar* var : vars)
+    {
+        if (const ValVar* valVar = SVFUtil::dyn_cast<ValVar>(var))
+        {
+            u32_t id = valVar->getId();
+            result[id] = as[id];
+        }
+        else if (const ObjVar* objVar = SVFUtil::dyn_cast<ObjVar>(var))
+        {
+            u32_t addr = AbstractState::getVirtualMemAddress(objVar->getId());
+            result.store(addr, as.load(addr));
+        }
+    }
+}
+
 /// Destructor
 AbstractInterpretation::~AbstractInterpretation()
 {
@@ -566,7 +646,7 @@ void AbstractInterpretation::handleSingletonWTO(const ICFGSingletonWTO *icfgSing
         handleCallSite(callnode);
     }
     for (auto& detector: detectors)
-        detector->detect(getAbsStateFromTrace(node), node);
+        detector->detect(getAbstractState(node), node);
     stat->countStateSize();
 }
 
@@ -625,7 +705,7 @@ bool AbstractInterpretation::handleICFGNode(const ICFGNode* node)
 
     // Run detectors
     for (auto& detector: detectors)
-        detector->detect(getAbsStateFromTrace(node), node);
+        detector->detect(getAbstractState(node), node);
     stat->countStateSize();
 
     // Track this node as analyzed (for coverage statistics across all entry points)
@@ -792,7 +872,7 @@ bool AbstractInterpretation::isRecursiveFun(const FunObjVar* fun)
 /// Handle recursive call in TOP mode: set all stores and return value to TOP
 void AbstractInterpretation::handleRecursiveCall(const CallICFGNode *callNode)
 {
-    AbstractState& as = getAbsStateFromTrace(callNode);
+    AbstractState& as = getAbstractState(callNode);
     setTopToObjInRecursion(callNode);
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     if (retNode->getSVFStmts().size() > 0)
@@ -834,7 +914,7 @@ const FunObjVar* AbstractInterpretation::getCallee(const CallICFGNode* callNode)
     if (!hasAbsStateFromTrace(callNode))
         return nullptr;
 
-    AbstractState& as = getAbsStateFromTrace(callNode);
+    AbstractState& as = getAbstractState(callNode);
     if (!as.inVarToAddrsTable(call_id))
         return nullptr;
 
@@ -899,7 +979,7 @@ bool AbstractInterpretation::shouldApplyNarrowing(const FunObjVar* fun)
 /// possible indirect call targets.
 void AbstractInterpretation::handleFunCall(const CallICFGNode *callNode)
 {
-    AbstractState& as = getAbsStateFromTrace(callNode);
+    AbstractState& as = getAbstractState(callNode);
     abstractTrace[callNode] = as;
 
     // Skip recursive callsites (within SCC); entry calls are not skipped
@@ -1110,14 +1190,14 @@ void AbstractInterpretation::handleSVFStatement(const SVFStmt *stmt)
     else
         assert(false && "implement this part");
     // NullPtr is index 0, it should not be changed
-    assert(!getAbsStateFromTrace(stmt->getICFGNode())[IRGraph::NullPtr].isInterval() &&
-           !getAbsStateFromTrace(stmt->getICFGNode())[IRGraph::NullPtr].isAddr());
+    assert(!getAbstractState(stmt->getICFGNode())[IRGraph::NullPtr].isInterval() &&
+           !getAbstractState(stmt->getICFGNode())[IRGraph::NullPtr].isAddr());
 }
 
 /// Set all store values in a recursive function to TOP (used in TOP mode)
 void AbstractInterpretation::setTopToObjInRecursion(const CallICFGNode *callNode)
 {
-    AbstractState& as = getAbsStateFromTrace(callNode);
+    AbstractState& as = getAbstractState(callNode);
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     if (retNode->getSVFStmts().size() > 0)
     {
@@ -1170,7 +1250,7 @@ void AbstractInterpretation::setTopToObjInRecursion(const CallICFGNode *callNode
 
 void AbstractInterpretation::updateStateOnGep(const GepStmt *gep)
 {
-    AbstractState& as = getAbsStateFromTrace(gep->getICFGNode());
+    AbstractState& as = getAbstractState(gep->getICFGNode());
     u32_t rhs = gep->getRHSVarID();
     u32_t lhs = gep->getLHSVarID();
     IntervalValue offsetPair = as.getElementIndex(gep);
@@ -1186,7 +1266,7 @@ void AbstractInterpretation::updateStateOnGep(const GepStmt *gep)
 
 void AbstractInterpretation::updateStateOnSelect(const SelectStmt *select)
 {
-    AbstractState& as = getAbsStateFromTrace(select->getICFGNode());
+    AbstractState& as = getAbstractState(select->getICFGNode());
     u32_t res = select->getResID();
     u32_t tval = select->getTrueValue()->getId();
     u32_t fval = select->getFalseValue()->getId();
@@ -1205,7 +1285,7 @@ void AbstractInterpretation::updateStateOnSelect(const SelectStmt *select)
 void AbstractInterpretation::updateStateOnPhi(const PhiStmt *phi)
 {
     const ICFGNode* icfgNode = phi->getICFGNode();
-    AbstractState& as = getAbsStateFromTrace(icfgNode);
+    AbstractState& as = getAbstractState(icfgNode);
     u32_t res = phi->getResID();
     AbstractValue rhs;
     for (u32_t i = 0; i < phi->getOpVarNum(); i++)
@@ -1215,7 +1295,7 @@ void AbstractInterpretation::updateStateOnPhi(const PhiStmt *phi)
         if (hasAbsStateFromTrace(opICFGNode))
         {
             AbstractState tmpEs = abstractTrace[opICFGNode];
-            AbstractState& opAs = getAbsStateFromTrace(opICFGNode);
+            AbstractState& opAs = getAbstractState(opICFGNode);
             const ICFGEdge* edge =  icfg->getICFGEdge(opICFGNode, icfgNode, ICFGEdge::IntraCF);
             // if IntraEdge, check the condition, if it is feasible, join the value
             // if IntraEdge but not conditional edge, join the value
@@ -1243,7 +1323,7 @@ void AbstractInterpretation::updateStateOnPhi(const PhiStmt *phi)
 
 void AbstractInterpretation::updateStateOnCall(const CallPE *callPE)
 {
-    AbstractState& as = getAbsStateFromTrace(callPE->getICFGNode());
+    AbstractState& as = getAbstractState(callPE->getICFGNode());
     NodeID lhs = callPE->getLHSVarID();
     NodeID rhs = callPE->getRHSVarID();
     as[lhs] = as[rhs];
@@ -1251,7 +1331,7 @@ void AbstractInterpretation::updateStateOnCall(const CallPE *callPE)
 
 void AbstractInterpretation::updateStateOnRet(const RetPE *retPE)
 {
-    AbstractState& as = getAbsStateFromTrace(retPE->getICFGNode());
+    AbstractState& as = getAbstractState(retPE->getICFGNode());
     NodeID lhs = retPE->getLHSVarID();
     NodeID rhs = retPE->getRHSVarID();
     as[lhs] = as[rhs];
@@ -1260,7 +1340,7 @@ void AbstractInterpretation::updateStateOnRet(const RetPE *retPE)
 
 void AbstractInterpretation::updateStateOnAddr(const AddrStmt *addr)
 {
-    AbstractState& as = getAbsStateFromTrace(addr->getICFGNode());
+    AbstractState& as = getAbstractState(addr->getICFGNode());
     as.initObjVar(SVFUtil::cast<ObjVar>(addr->getRHSVar()));
     if (addr->getRHSVar()->getType()->getKind() == SVFType::SVFIntegerTy)
         as[addr->getRHSVarID()].getInterval().meet_with(utils->getRangeLimitFromType(addr->getRHSVar()->getType()));
@@ -1274,7 +1354,7 @@ void AbstractInterpretation::updateStateOnBinary(const BinaryOPStmt *binary)
     /// You are only required to handle integer predicates, including Add, FAdd, Sub, FSub, Mul, FMul, SDiv, FDiv, UDiv,
     /// SRem, FRem, URem, Xor, And, Or, AShr, Shl, LShr
     const ICFGNode* node = binary->getICFGNode();
-    AbstractState& as = getAbsStateFromTrace(node);
+    AbstractState& as = getAbstractState(node);
     u32_t op0 = binary->getOpVarID(0);
     u32_t op1 = binary->getOpVarID(1);
     u32_t res = binary->getResID();
@@ -1332,7 +1412,7 @@ void AbstractInterpretation::updateStateOnBinary(const BinaryOPStmt *binary)
 
 void AbstractInterpretation::updateStateOnCmp(const CmpStmt *cmp)
 {
-    AbstractState& as = getAbsStateFromTrace(cmp->getICFGNode());
+    AbstractState& as = getAbstractState(cmp->getICFGNode());
     u32_t op0 = cmp->getOpVarID(0);
     u32_t op1 = cmp->getOpVarID(1);
     // if it is address
@@ -1561,7 +1641,7 @@ void AbstractInterpretation::updateStateOnCmp(const CmpStmt *cmp)
 
 void AbstractInterpretation::updateStateOnLoad(const LoadStmt *load)
 {
-    AbstractState& as = getAbsStateFromTrace(load->getICFGNode());
+    AbstractState& as = getAbstractState(load->getICFGNode());
     u32_t rhs = load->getRHSVarID();
     u32_t lhs = load->getLHSVarID();
     as[lhs] = as.loadValue(rhs);
@@ -1569,7 +1649,7 @@ void AbstractInterpretation::updateStateOnLoad(const LoadStmt *load)
 
 void AbstractInterpretation::updateStateOnStore(const StoreStmt *store)
 {
-    AbstractState& as = getAbsStateFromTrace(store->getICFGNode());
+    AbstractState& as = getAbstractState(store->getICFGNode());
     u32_t rhs = store->getRHSVarID();
     u32_t lhs = store->getLHSVarID();
     as.storeValue(lhs, as[rhs]);
@@ -1673,7 +1753,7 @@ void AbstractInterpretation::updateStateOnCopy(const CopyStmt *copy)
         }
     };
 
-    AbstractState& as = getAbsStateFromTrace(copy->getICFGNode());
+    AbstractState& as = getAbstractState(copy->getICFGNode());
     u32_t lhs = copy->getLHSVarID();
     u32_t rhs = copy->getRHSVarID();