svf-tools 1.0.1258 → 1.0.1260

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.1258",
+  "version": "1.0.1260",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -37,9 +37,9 @@
 #include "AE/Svfexe/AEStat.h"
 #include "SVFIR/SVFIR.h"
 #include "Util/SVFBugReport.h"
+#include "Util/WorkList.h"
 #include "Graphs/SCC.h"
 #include "Graphs/CallGraph.h"
-#include <deque>
 
 namespace SVF
 {
@@ -94,6 +94,12 @@ public:
         WIDEN_NARROW
     };
 
+    enum AEFunEntryMode
+    {
+        MAIN,
+        NO_MAIN
+    };
+
     virtual void runOnModule();
 
     /// Destructor
@@ -106,7 +112,7 @@ public:
     void analyzeFromAllProgEntries();
 
     /// Get all entry point functions (functions without callers)
-    std::deque<const FunObjVar*> collectProgEntryFuns();
+    FIFOWorkList<const FunObjVar*> collectProgEntryFuns();
 
     /// Factory: returns the singleton instance.  The concrete class is
     /// chosen once, on first call, from `Options::AESparsity()`:
@@ -254,10 +260,10 @@ private:
     virtual void handleCallSite(const ICFGNode* node);
 
     /// Handle a WTO cycle (loop or recursive function) using widening/narrowing iteration
-    virtual void handleLoopOrRecursion(const ICFGCycleWTO* cycle, const CallICFGNode* caller = nullptr);
+    virtual void handleLoopOrRecursion(const ICFGCycleWTO* cycle, const CallICFGNode* caller);
 
     /// Handle a function body via worklist-driven WTO traversal starting from funEntry
-    void handleFunction(const ICFGNode* funEntry, const CallICFGNode* caller = nullptr);
+    void handleFunction(const ICFGNode* funEntry, const CallICFGNode* caller);
 
     /// Handle an ICFG node: execute statements; return true if state changed
     bool handleICFGNode(const ICFGNode* node);

package/svf/include/Util/Options.h

@@ -241,6 +241,7 @@ public:
 
     // Abstract Execution
     static const OptionMap<u32_t> AESparsity;
+    static const OptionMap<u32_t> AEFunEntry;
     static const Option<u32_t> WidenDelay;
     /// recursion handling mode, Default: TOP
     static const OptionMap<u32_t> HandleRecur;

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -35,7 +35,6 @@
 #include "Graphs/CallGraph.h"
 #include "WPA/Andersen.h"
 #include <cmath>
-#include <deque>
 #include <memory>
 
 using namespace SVF;
@@ -118,11 +117,14 @@ AbstractInterpretation::~AbstractInterpretation()
 }
 
 /// Collect entry point functions for analysis.
-/// Entry points are functions without callers (no incoming edges in CallGraph).
-/// Uses a deque to allow efficient insertion at front for prioritizing main()
-std::deque<const FunObjVar*> AbstractInterpretation::collectProgEntryFuns()
+/// In main mode, entry is main/svf.main. In no-main mode,
+/// entries are SCCs with no external caller in the Andersen-resolved CallGraph.
+FIFOWorkList<const FunObjVar*> AbstractInterpretation::collectProgEntryFuns()
 {
-    std::deque<const FunObjVar*> entryFunctions;
+    FIFOWorkList<const FunObjVar*> entryFunctions;
+    const bool mainEntry = Options::AEFunEntry() == AEFunEntryMode::MAIN;
+    Set<NodeID> visitedEntrySCCs;
+    auto* callGraphSCC = preAnalysis->getCallGraphSCC();
 
     for (auto it = callGraph->begin(); it != callGraph->end(); ++it)
     {
@@ -133,39 +135,80 @@ std::deque<const FunObjVar*> AbstractInterpretation::collectProgEntryFuns()
         if (fun->isDeclaration())
             continue;
 
-        // Entry points are functions without callers (no incoming edges)
-        if (cgNode->getInEdges().empty())
+        if (mainEntry)
         {
-            // If main exists, put it first for priority using deque's push_front
             if (SVFUtil::isProgEntryFunction(fun))
             {
-                entryFunctions.push_front(fun);
+                entryFunctions.push(fun);
+                break;
             }
-            else
+        }
+        else
+        {
+            NodeID repNodeId = callGraphSCC->repNode(cgNode->getId());
+            if (visitedEntrySCCs.count(repNodeId))
+                continue;
+
+            const NodeBS& cgSCCNodes = callGraphSCC->subNodes(repNodeId);
+            bool hasExternalCaller = false;
+            for (NodeID nodeId : cgSCCNodes)
+            {
+                const CallGraphNode* sccNode = callGraph->getGNode(nodeId);
+                for (auto inEdge : sccNode->getInEdges())
+                {
+                    if (!cgSCCNodes.test(inEdge->getSrcID()))
+                    {
+                        hasExternalCaller = true;
+                        break;
+                    }
+                }
+                if (hasExternalCaller)
+                    break;
+            }
+
+            if (hasExternalCaller)
+                continue;
+
+            visitedEntrySCCs.insert(repNodeId);
+            const FunObjVar* entryFun = fun;
+            for (NodeID nodeId : cgSCCNodes)
             {
-                entryFunctions.push_back(fun);
+                const FunObjVar* sccFun = callGraph->getGNode(nodeId)->getFunction();
+                if (SVFUtil::isProgEntryFunction(sccFun))
+                {
+                    entryFun = sccFun;
+                    break;
+                }
             }
+            entryFunctions.push(entryFun);
         }
     }
 
+    if (mainEntry && entryFunctions.empty())
+    {
+        SVFUtil::errs() << SVFUtil::errMsg(
+                            "AE -ae-fun-entry=main requires a program entry function, but main/svf.main was not found.\n");
+        assert(false && "No program entry function found for -ae-fun-entry=main");
+        abort();
+    }
+
     return entryFunctions;
 }
 
 
-/// Program entry - analyze from all entry points (multi-entry analysis is the default)
+/// Program entry - entry policy is selected by -ae-fun-entry.
 void AbstractInterpretation::analyse()
 {
-    // Always use multi-entry analysis from all entry points
     analyzeFromAllProgEntries();
 }
 
-/// Analyze all entry points (functions without callers) - for whole-program analysis.
+/// Analyze the entry functions selected by collectProgEntryFuns().
 /// Abstract state is shared across entry points so that functions analyzed from
 /// earlier entries are not re-analyzed from scratch.
 void AbstractInterpretation::analyzeFromAllProgEntries()
 {
     // Collect all entry point functions
-    std::deque<const FunObjVar*> entryFunctions = collectProgEntryFuns();
+    FIFOWorkList<const FunObjVar*> entryFunctions = collectProgEntryFuns();
 
     if (entryFunctions.empty())
     {
@@ -174,10 +217,13 @@ void AbstractInterpretation::analyzeFromAllProgEntries()
     }
     // handle Global ICFGNode of SVFModule
     handleGlobalNode();
-    for (const FunObjVar* entryFun : entryFunctions)
+    const ICFGNode* globalNode = icfg->getGlobalICFGNode();
+    while (!entryFunctions.empty())
     {
+        const FunObjVar* entryFun = entryFunctions.pop();
         const ICFGNode* funEntry = icfg->getFunEntryICFGNode(entryFun);
-        handleFunction(funEntry);
+        updateAbsState(funEntry, getAbsState(globalNode));
+        handleFunction(funEntry, nullptr);
     }
 }
 
@@ -736,8 +782,7 @@ bool AbstractInterpretation::handleICFGNode(const ICFGNode* node)
 void AbstractInterpretation::handleFunction(const ICFGNode* funEntry, const CallICFGNode* caller)
 {
     auto it = preAnalysis->getFuncToWTO().find(funEntry->getFun());
-    if (it == preAnalysis->getFuncToWTO().end())
-        return;
+    assert(it != preAnalysis->getFuncToWTO().end() && "Missing WTO for function");
 
     // Push all top-level WTO components into the worklist in WTO order
     FIFOWorkList<const ICFGWTOComp*> worklist(it->second->getWTOComponents());

package/svf/lib/Util/Options.cpp

@@ -799,6 +799,20 @@ const OptionMap<u32_t> Options::AESparsity(
         "Sparse abstract execution via SVFG."
     }
 });
+const OptionMap<u32_t> Options::AEFunEntry(
+    "ae-fun-entry",
+    "Abstract execution function entry mode (Default: main)",
+    AbstractInterpretation::AEFunEntryMode::MAIN,
+{
+    {
+        AbstractInterpretation::AEFunEntryMode::MAIN, "main",
+        "Analyze from the program entry function only."
+    },
+    {
+        AbstractInterpretation::AEFunEntryMode::NO_MAIN, "no-main",
+        "Analyze from every no-external-caller SCC after Andersen resolves the call graph."
+    }
+});
 const Option<u32_t> Options::WidenDelay(
     "widen-delay", "Loop Widen Delay", 3);
 const OptionMap<u32_t> Options::HandleRecur(