svf-tools 1.0.327 → 1.0.331

package/lib/MemoryModel/SymbolTableInfo.cpp

@@ -101,22 +101,18 @@ void SymbolTableInfo::collectArrayInfo(const ArrayType* ty)
     }
 
     /// Array itself only has one field which is the inner most element
-    stinfo->addFldWithType(0, 0, elemTy);
+    stinfo->addFldWithType(0,elemTy);
 
     /// Array's flatten field infor is the same as its element's
     /// flatten infor.
     StInfo* elemStInfo = getStructInfo(elemTy);
-    u32_t nfE = elemStInfo->getFlattenFieldInfoVec().size();
+    u32_t nfE = elemStInfo->getFlattenedFieldInfoVec().size();
     for (u32_t j = 0; j < nfE; j++)
     {
-        u32_t idx = elemStInfo->getFlattenFieldInfoVec()[j].getFlattenFldIdx();
-        u32_t off = elemStInfo->getFlattenFieldInfoVec()[j].getFlattenByteOffset();
-        const Type* fieldTy = elemStInfo->getFlattenFieldInfoVec()[j].getFlattenElemTy();
-        FieldInfo::ElemNumStridePairVec pair = elemStInfo->getFlattenFieldInfoVec()[j].getElemNumStridePairVect();
-        /// append the additional number
-        pair.push_back(std::make_pair(out_num, out_stride));
-        FieldInfo field(idx, off, fieldTy, pair);
-        stinfo->getFlattenFieldInfoVec().push_back(field);
+        u32_t idx = elemStInfo->getFlattenedFieldInfoVec()[j].getFlattenFldIdx();
+        const Type* fieldTy = elemStInfo->getFlattenedFieldInfoVec()[j].getFlattenElemTy();
+        FlattenedFieldInfo field(idx, fieldTy);
+        stinfo->getFlattenedFieldInfoVec().push_back(field);
     }
 }
 
@@ -139,36 +135,27 @@ void SymbolTableInfo::collectStructInfo(const StructType *sty)
                 sty->element_end(); it != ie; ++it, ++field_idx)
     {
         const Type *et = *it;
-        // This offset is computed after alignment with the current struct
-        u64_t eOffsetInBytes = getTypeSizeInBytes(sty, field_idx);
-        //The offset is where this element will be placed in the exp. struct.
-        /// FIXME: As the layout size is uint_64, here we assume
         /// offset with uint_32 (Size_t) is large enough and will not cause overflow
-        stinfo->addFldWithType(nf, static_cast<u32_t>(eOffsetInBytes), et);
+        stinfo->addFldWithType(nf, et);
 
         if (SVFUtil::isa<StructType>(et) || SVFUtil::isa<ArrayType>(et))
         {
             StInfo * subStinfo = getStructInfo(et);
-            u32_t nfE = subStinfo->getFlattenFieldInfoVec().size();
+            u32_t nfE = subStinfo->getFlattenedFieldInfoVec().size();
             //Copy ST's info, whose element 0 is the size of ST itself.
             for (u32_t j = 0; j < nfE; j++)
             {
-                u32_t fldIdx = nf + subStinfo->getFlattenFieldInfoVec()[j].getFlattenFldIdx();
-                u32_t off = eOffsetInBytes + subStinfo->getFlattenFieldInfoVec()[j].getFlattenByteOffset();
-                const Type* elemTy = subStinfo->getFlattenFieldInfoVec()[j].getFlattenElemTy();
-                FieldInfo::ElemNumStridePairVec pair = subStinfo->getFlattenFieldInfoVec()[j].getElemNumStridePairVect();
-                pair.push_back(std::make_pair(1, 0));
-                FieldInfo field(fldIdx, off,elemTy,pair);
-                stinfo->getFlattenFieldInfoVec().push_back(field);
+                u32_t fldIdx = nf + subStinfo->getFlattenedFieldInfoVec()[j].getFlattenFldIdx();
+                const Type* elemTy = subStinfo->getFlattenedFieldInfoVec()[j].getFlattenElemTy();
+                FlattenedFieldInfo field(fldIdx, elemTy);
+                stinfo->getFlattenedFieldInfoVec().push_back(field);
             }
             nf += nfE;
         }
         else     //simple type
         {
-            FieldInfo::ElemNumStridePairVec pair;
-            pair.push_back(std::make_pair(1,0));
-            FieldInfo field(nf, eOffsetInBytes, et,pair);
-            stinfo->getFlattenFieldInfoVec().push_back(field);
+            FlattenedFieldInfo field(nf, et);
+            stinfo->getFlattenedFieldInfoVec().push_back(field);
             ++nf;
         }
     }
@@ -191,162 +178,13 @@ void SymbolTableInfo::collectSimpleTypeInfo(const Type* ty)
     typeToFieldInfo[ty] = stinfo;
 
     /// Only one field
-    stinfo->addFldWithType(0,0, ty);
+    stinfo->addFldWithType(0, ty);
 
-    FieldInfo::ElemNumStridePairVec pair;
-    pair.push_back(std::make_pair(1,0));
-    FieldInfo field(0, 0, ty, pair);
-    stinfo->getFlattenFieldInfoVec().push_back(field);
-}
-
-/*!
- * Compute gep offset
- */
-bool SymbolTableInfo::computeGepOffset(const User *V, LocationSet& ls)
-{
-    assert(V);
-
-    const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
-    DataLayout * dataLayout = getDataLayout(LLVMModuleSet::getLLVMModuleSet()->getMainLLVMModule());
-    llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
-    if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
-    {
-        Size_t bo = byteOffset.getSExtValue();
-        ls.setByteOffset(bo + ls.getByteOffset());
-    }
-
-    for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
-            gi != ge; ++gi)
-    {
-
-        // Handling array types, skipe array handling here
-        // We treat whole array as one, then we can distinguish different field of an array of struct
-        // e.g. s[1].f1 is differet from s[0].f2
-        if(SVFUtil::isa<ArrayType>(*gi))
-            continue;
-
-        //The int-value object of the current index operand
-        //  (may not be constant for arrays).
-        ConstantInt *op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand());
-
-        /// given a gep edge p = q + i,
-        if(!op)
-        {
-            return false;
-        }
-        //The actual index
-        Size_t idx = op->getSExtValue();
-
-
-        // Handling pointer types
-        // These GEP instructions are simply making address computations from the base pointer address
-        // e.g. idx = (char*) &p + 4,  at this case gep only one offset index (idx)
-        // Case 1: This operation is likely accessing an array through pointer p.
-        // Case 2: It may also be used to access a field of a struct (which is not ANSI-compliant)
-        // Since this is a field-index based memory model,
-        // for case 1: we consider the whole array as one element, This can be improved by LocMemModel as it can distinguish different
-        // elements of the same array.
-        // for case 2: we treat idx the same as &p by ignoring const 4 (This handling is unsound since the program itself is not ANSI-compliant).
-        if (SVFUtil::isa<PointerType>(*gi))
-        {
-            //off += idx;
-        }
-
-
-        // Handling struct here
-        if (const StructType *ST = SVFUtil::dyn_cast<StructType>(*gi) )
-        {
-            assert(op && "non-const struct index in GEP");
-            const vector<u32_t> &so = SymbolTableInfo::SymbolInfo()->getFattenFieldIdxVec(ST);
-            if ((unsigned)idx >= so.size())
-            {
-                outs() << "!! Struct index out of bounds" << idx << "\n";
-                assert(0);
-            }
-            //add the translated offset
-            ls.setFldIdx(ls.getOffset() + so[idx]);
-        }
-    }
-    return true;
-}
-
-
-/*!
- * Replace fields with flatten fields of T if the number of its fields is larger than msz.
- */
-u32_t SymbolTableInfo::getFields(std::vector<LocationSet>& fields, const Type* T, u32_t msz)
-{
-    if (!SVFUtil::isa<PointerType>(T))
-        return 0;
-
-    T = T->getContainedType(0);
-    const std::vector<FieldInfo>& stVec = SymbolTableInfo::SymbolInfo()->getFlattenFieldInfoVec(T);
-    u32_t sz = stVec.size();
-    if (msz < sz)
-    {
-        /// Replace fields with T's flatten fields.
-        fields.clear();
-        for(std::vector<FieldInfo>::const_iterator it = stVec.begin(), eit = stVec.end(); it!=eit; ++it)
-            fields.push_back(LocationSet(*it));
-    }
-
-    return sz;
+    FlattenedFieldInfo field(0, ty);
+    stinfo->getFlattenedFieldInfoVec().push_back(field);
 }
 
 
-/*!
- * Find the base type and the max possible offset for an object pointed to by (V).
- */
-const Type *SymbolTableInfo::getBaseTypeAndFlattenedFields(const Value *V, std::vector<LocationSet> &fields)
-{
-    assert(V);
-    fields.push_back(LocationSet(0));
-
-    const Type *T = V->getType();
-    // Use the biggest struct type out of all operands.
-    if (const User *U = SVFUtil::dyn_cast<User>(V))
-    {
-        u32_t msz = 1;      //the max size seen so far
-        // In case of BitCast, try the target type itself
-        if (SVFUtil::isa<BitCastInst>(V))
-        {
-            u32_t sz = getFields(fields, T, msz);
-            if (msz < sz)
-            {
-                msz = sz;
-            }
-        }
-        // Try the types of all operands
-        for (User::const_op_iterator it = U->op_begin(), ie = U->op_end();
-                it != ie; ++it)
-        {
-            const Type *operandtype = it->get()->getType();
-
-            u32_t sz = getFields(fields, operandtype, msz);
-            if (msz < sz)
-            {
-                msz = sz;
-                T = operandtype;
-            }
-        }
-    }
-    // If V is a CE, the actual pointer type is its operand.
-    else if (const ConstantExpr *E = SVFUtil::dyn_cast<ConstantExpr>(V))
-    {
-        T = E->getOperand(0)->getType();
-        getFields(fields, T, 0);
-    }
-    // Handle Argument case
-    else if (SVFUtil::isa<Argument>(V))
-    {
-        getFields(fields, T, 0);
-    }
-
-    while (const PointerType *ptype = SVFUtil::dyn_cast<PointerType>(T))
-        T = ptype->getElementType();
-    return T;
-}
-
 /*!
  * Get modulus offset given the type information
  */
@@ -357,7 +195,7 @@ LocationSet SymbolTableInfo::getModulusOffset(const MemObj* obj, const LocationS
     /// of current struct. Make the offset positive so we can still get a node within current
     /// struct to represent this obj.
 
-    Size_t offset = ls.getOffset();
+    Size_t offset = ls.accumulateConstantOffset();
     if(offset < 0)
     {
         writeWrnMsg("try to create a gep node with negative offset.");
@@ -393,8 +231,14 @@ void SymbolTableInfo::destroy()
             delete iter->second;
     }
 
-    delete dl;
-    dl = nullptr;
+    if(dl){
+        delete dl;
+        dl = nullptr;
+    }
+    if(mod){
+        delete mod;
+        mod = nullptr;
+    }
 }
 
 /*!
@@ -435,10 +279,10 @@ bool SymbolTableInfo::isConstantObjSym(const Value *val)
         else
         {
             StInfo *stInfo = getStructInfo(v->getInitializer()->getType());
-            const std::vector<FieldInfo> &fields = stInfo->getFlattenFieldInfoVec();
-            for (std::vector<FieldInfo>::const_iterator it = fields.begin(), eit = fields.end(); it != eit; ++it)
+            const std::vector<FlattenedFieldInfo> &fields = stInfo->getFlattenedFieldInfoVec();
+            for (std::vector<FlattenedFieldInfo>::const_iterator it = fields.begin(), eit = fields.end(); it != eit; ++it)
             {
-                const FieldInfo &field = *it;
+                const FlattenedFieldInfo &field = *it;
                 const Type *elemTy = field.getFlattenElemTy();
                 assert(!SVFUtil::isa<FunctionType>(elemTy) && "Initializer of a global is a function?");
                 if (SVFUtil::isa<PointerType>(elemTy))
@@ -478,29 +322,23 @@ const MemObj* SymbolTableInfo::createDummyObj(SymID symId, const Type* type)
     return memObj;
 }
 
-const std::vector<u32_t>& SymbolTableInfo::getFattenFieldIdxVec(const Type *T)
-{
-    return getStructInfoIter(T)->second->getFieldIdxVec();
-}
-
-const std::vector<u32_t>& SymbolTableInfo::getFattenFieldOffsetVec(const Type *T)
+const std::vector<u32_t>& SymbolTableInfo::getFlattenedFieldIdxVec(const Type *T)
 {
-    return getStructInfoIter(T)->second->getFieldOffsetVec();
+    return getStructInfoIter(T)->second->getFlattenedFieldIdxVec();
 }
 
-const std::vector<FieldInfo>& SymbolTableInfo::getFlattenFieldInfoVec(const Type *T)
+const std::vector<FlattenedFieldInfo>& SymbolTableInfo::getFlattenedFieldInfoVec(const Type *T)
 {
-    return getStructInfoIter(T)->second->getFlattenFieldInfoVec();
+    return getStructInfoIter(T)->second->getFlattenedFieldInfoVec();
 }
 
-const Type* SymbolTableInfo::getOrigSubTypeWithFldInx(const Type* baseType, u32_t field_idx)
+const Type* SymbolTableInfo::getOriginalFieldType(const Type* baseType, u32_t field_idx)
 {
-    return getStructInfoIter(baseType)->second->getFieldTypeWithFldIdx(field_idx);
+    return getStructInfoIter(baseType)->second->getOriginalFieldType(field_idx);
 }
 
-const Type* SymbolTableInfo::getOrigSubTypeWithByteOffset(const Type* baseType, u32_t byteOffset)
-{
-    return getStructInfoIter(baseType)->second->getFieldTypeWithByteOffset(byteOffset);
+const Type* SymbolTableInfo::getFlatternedFieldType(const Type* baseType, u32_t field_idx){
+        return getStructInfoIter(baseType)->second->getFlatternedFieldType(field_idx);
 }
 
 /*
@@ -524,21 +362,15 @@ void SymbolTableInfo::printFlattenFields(const Type* type)
         outs() <<"  {Type: ";
         st->print(outs());
         outs() << "}\n";
-        std::vector<FieldInfo>& finfo = getStructInfo(st)->getFlattenFieldInfoVec();
+        std::vector<FlattenedFieldInfo>& finfo = getStructInfo(st)->getFlattenedFieldInfoVec();
         int field_idx = 0;
-        for(std::vector<FieldInfo>::iterator it = finfo.begin(), eit = finfo.end();
+        for(std::vector<FlattenedFieldInfo>::iterator it = finfo.begin(), eit = finfo.end();
                 it!=eit; ++it, field_idx++)
         {
-            outs() << " \tField_idx = " << (*it).getFlattenFldIdx() << " [offset: " << (*it).getFlattenByteOffset();
+            outs() << " \tField_idx = " << (*it).getFlattenFldIdx();
             outs() << ", field type: ";
             (*it).getFlattenElemTy()->print(outs());
             outs() << ", field size: " << getTypeSizeInBytes((*it).getFlattenElemTy());
-            outs() << ", field stride pair: ";
-            for(FieldInfo::ElemNumStridePairVec::const_iterator pit = (*it).elemStridePairBegin(),
-                    peit = (*it).elemStridePairEnd(); pit!=peit; ++pit)
-            {
-                outs() << "[ " << pit->first << ", " << pit->second << " ] ";
-            }
             outs() << "\n";
         }
         outs() << "\n";
@@ -717,12 +549,12 @@ bool ObjTypeInfo::isNonPtrFieldObj(const LocationSet& ls)
     if (SVFUtil::isa<StructType>(ety) || SVFUtil::isa<ArrayType>(ety))
     {
         bool hasIntersection = false;
-        const vector<FieldInfo> &infovec = SymbolTableInfo::SymbolInfo()->getFlattenFieldInfoVec(ety);
-        vector<FieldInfo>::const_iterator it = infovec.begin();
-        vector<FieldInfo>::const_iterator eit = infovec.end();
+        const vector<FlattenedFieldInfo> &infovec = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(ety);
+        vector<FlattenedFieldInfo>::const_iterator it = infovec.begin();
+        vector<FlattenedFieldInfo>::const_iterator eit = infovec.end();
         for (; it != eit; ++it)
         {
-            const FieldInfo& fieldLS = *it;
+            const FlattenedFieldInfo& fieldLS = *it;
             if (ls.intersects(LocationSet(fieldLS)))
             {
                 hasIntersection = true;

package/lib/SABER/SaberSVFGBuilder.cpp

@@ -73,7 +73,7 @@ void SaberSVFGBuilder::collectGlobals(BVDataPTAImpl* pta)
         if(SVFUtil::isa<DummyValVar>(pagNode) || SVFUtil::isa<DummyObjVar>(pagNode))
             continue;
 
-        if(GepObjPN* gepobj = SVFUtil::dyn_cast<GepObjPN>(pagNode)) {
+        if(GepObjVar* gepobj = SVFUtil::dyn_cast<GepObjVar>(pagNode)) {
             if(SVFUtil::isa<DummyObjVar>(pag->getGNode(gepobj->getBaseNode())))
                 continue;
         }

package/lib/SVF-FE/SVFIRBuilder.cpp

@@ -204,7 +204,69 @@ void SVFIRBuilder::initialiseNodes()
  */
 bool SVFIRBuilder::computeGepOffset(const User *V, LocationSet& ls)
 {
-    return SymbolTableInfo::SymbolInfo()->computeGepOffset(V,ls);
+    assert(V);
+
+    const llvm::GEPOperator *gepOp = SVFUtil::dyn_cast<const llvm::GEPOperator>(V);
+    DataLayout * dataLayout = SymbolTableInfo::getDataLayout(LLVMModuleSet::getLLVMModuleSet()->getMainLLVMModule());
+    llvm::APInt byteOffset(dataLayout->getIndexSizeInBits(gepOp->getPointerAddressSpace()),0,true);
+    if(gepOp && dataLayout && gepOp->accumulateConstantOffset(*dataLayout,byteOffset))
+    {
+        Size_t bo = byteOffset.getSExtValue();
+    }
+
+    for (bridge_gep_iterator gi = bridge_gep_begin(*V), ge = bridge_gep_end(*V);
+            gi != ge; ++gi)
+    {
+        ls.addOffsetValue(gi.getOperand());
+        // Handling array types, skipe array handling here
+        // We treat whole array as one, then we can distinguish different field of an array of struct
+        // e.g. s[1].f1 is differet from s[0].f2
+        if(SVFUtil::isa<ArrayType>(*gi))
+            continue;
+
+        //The int-value object of the current index operand
+        //  (may not be constant for arrays).
+        ConstantInt *op = SVFUtil::dyn_cast<ConstantInt>(gi.getOperand());
+
+        /// given a gep edge p = q + i,
+        if(!op)
+        {
+            return false;
+        }
+        //The actual index
+        Size_t idx = op->getSExtValue();
+
+
+        // Handling pointer types
+        // These GEP instructions are simply making address computations from the base pointer address
+        // e.g. idx = (char*) &p + 4,  at this case gep only one offset index (idx)
+        // Case 1: This operation is likely accessing an array through pointer p.
+        // Case 2: It may also be used to access a field of a struct (which is not ANSI-compliant)
+        // Since this is a field-index based memory model,
+        // for case 1: we consider the whole array as one element, This can be improved by LocMemModel as it can distinguish different
+        // elements of the same array.
+        // for case 2: we treat idx the same as &p by ignoring const 4 (This handling is unsound since the program itself is not ANSI-compliant).
+        if (SVFUtil::isa<PointerType>(*gi))
+        {
+            //off += idx;
+        }
+
+
+        // Handling struct here
+        if (const StructType *ST = SVFUtil::dyn_cast<StructType>(*gi) )
+        {
+            assert(op && "non-const struct index in GEP");
+            const vector<u32_t> &so = SymbolTableInfo::SymbolInfo()->getFlattenedFieldIdxVec(ST);
+            if ((unsigned)idx >= so.size())
+            {
+                outs() << "!! Struct index out of bounds" << idx << "\n";
+                assert(0);
+            }
+            //add the translated offset
+            ls.setFldIdx(ls.accumulateConstantOffset() + so[idx]);
+        }
+    }
+    return true;
 }
 
 /*!
@@ -420,7 +482,7 @@ void SVFIRBuilder::InitialGlobal(const GlobalVariable *gvar, Constant *C,
     {
         const StructType *sty = SVFUtil::cast<StructType>(C->getType());
         const std::vector<u32_t>& offsetvect =
-            SymbolTableInfo::SymbolInfo()->getFattenFieldIdxVec(sty);
+            SymbolTableInfo::SymbolInfo()->getFlattenedFieldIdxVec(sty);
         for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
         {
             u32_t off = offsetvect[i];
@@ -895,9 +957,54 @@ void SVFIRBuilder::handleDirectCall(CallSite cs, const SVFFunction *F)
 /*!
  * Find the base type and the max possible offset of an object pointed to by (V).
  */
-const Type *SVFIRBuilder::getBaseTypeAndFlattenedFields(Value *V, std::vector<LocationSet> &fields)
+const Type *SVFIRBuilder::getBaseTypeAndFlattenedFields(const Value *V, std::vector<LocationSet> &fields)
 {
-    return SymbolTableInfo::SymbolInfo()->getBaseTypeAndFlattenedFields(V, fields);
+    assert(V);
+    fields.push_back(LocationSet(0));
+
+    const Type *T = V->getType();
+    // Use the biggest struct type out of all operands.
+    if (const User *U = SVFUtil::dyn_cast<User>(V))
+    {
+        u32_t msz = 1;      //the max size seen so far
+        // In case of BitCast, try the target type itself
+        if (SVFUtil::isa<BitCastInst>(V))
+        {
+            u32_t sz = getFields(fields, T, msz);
+            if (msz < sz)
+            {
+                msz = sz;
+            }
+        }
+        // Try the types of all operands
+        for (User::const_op_iterator it = U->op_begin(), ie = U->op_end();
+                it != ie; ++it)
+        {
+            const Type *operandtype = it->get()->getType();
+
+            u32_t sz = getFields(fields, operandtype, msz);
+            if (msz < sz)
+            {
+                msz = sz;
+                T = operandtype;
+            }
+        }
+    }
+    // If V is a CE, the actual pointer type is its operand.
+    else if (const ConstantExpr *E = SVFUtil::dyn_cast<ConstantExpr>(V))
+    {
+        T = E->getOperand(0)->getType();
+        getFields(fields, T, 0);
+    }
+    // Handle Argument case
+    else if (SVFUtil::isa<Argument>(V))
+    {
+        getFields(fields, T, 0);
+    }
+
+    while (const PointerType *ptype = SVFUtil::dyn_cast<PointerType>(T))
+        T = ptype->getElementType();
+    return T;
 }
 
 /*!
@@ -1182,7 +1289,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
                 // We have vArg3 points to the entry of _Rb_tree_node_base { color; parent; left; right; }.
                 // Now we calculate the offset from base to vArg3
                 NodeID vnArg3 = pag->getValueNode(vArg3);
-                Size_t offset = pag->getLocationSetFromBaseNode(vnArg3).getOffset();
+                Size_t offset = pag->getLocationSetFromBaseNode(vnArg3).accumulateConstantOffset();
 
                 // We get all flattened fields of base
                 vector<LocationSet> fields;
@@ -1206,7 +1313,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
 
                 Value *vArg = cs.getArgument(0);
                 NodeID vnArg = pag->getValueNode(vArg);
-                Size_t offset = pag->getLocationSetFromBaseNode(vnArg).getOffset();
+                Size_t offset = pag->getLocationSetFromBaseNode(vnArg).accumulateConstantOffset();
 
                 // We get all fields
                 vector<LocationSet> fields;
@@ -1415,7 +1522,7 @@ NodeID SVFIRBuilder::getGepValVar(const Value* val, const LocationSet& ls, const
          * 2. GlobalVariable
          */
         assert((SVFUtil::isa<Instruction>(curVal) || SVFUtil::isa<GlobalVariable>(curVal)) && "curVal not an instruction or a globalvariable?");
-        const std::vector<FieldInfo> &fieldinfo = SymbolTableInfo::SymbolInfo()->getFlattenFieldInfoVec(baseType);
+        const std::vector<FlattenedFieldInfo> &fieldinfo = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(baseType);
         const Type *type = fieldinfo[fieldidx].getFlattenElemTy();
 
         // We assume every GepValNode and its GepEdge to the baseNode are unique across the whole program
@@ -1510,3 +1617,24 @@ void SVFIRBuilder::setCurrentBBAndValueForPAGEdge(PAGEdge* edge)
 }
 
 
+/*!
+ * Replace fields with flatten fields of T if the number of its fields is larger than msz.
+ */
+u32_t SVFIRBuilder::getFields(std::vector<LocationSet>& fields, const Type* T, u32_t msz)
+{
+    if (!SVFUtil::isa<PointerType>(T))
+        return 0;
+
+    T = T->getContainedType(0);
+    const std::vector<FlattenedFieldInfo>& stVec = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(T);
+    u32_t sz = stVec.size();
+    if (msz < sz)
+    {
+        /// Replace fields with T's flatten fields.
+        fields.clear();
+        for(std::vector<FlattenedFieldInfo>::const_iterator it = stVec.begin(), eit = stVec.end(); it!=eit; ++it)
+            fields.push_back(LocationSet(*it));
+    }
+
+    return sz;
+}

package/lib/SVF-FE/SymbolTableBuilder.cpp

@@ -444,7 +444,7 @@ void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C,
     {
         const StructType *sty = SVFUtil::cast<StructType>(C->getType());
         const std::vector<u32_t>& offsetvect =
-            SymbolTableInfo::SymbolInfo()->getFattenFieldIdxVec(sty);
+            SymbolTableInfo::SymbolInfo()->getFlattenedFieldIdxVec(sty);
         for (u32_t i = 0, e = C->getNumOperands(); i != e; i++)
         {
             u32_t off = offsetvect[i];
@@ -515,8 +515,8 @@ void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const
     }
     if (const StructType *ST= SVFUtil::dyn_cast<StructType>(elemTy))
     {
-        const std::vector<FieldInfo>& flattenFields = SymbolTableInfo::SymbolInfo()->getFlattenFieldInfoVec(ST);
-        for(std::vector<FieldInfo>::const_iterator it = flattenFields.begin(), eit = flattenFields.end();
+        const std::vector<FlattenedFieldInfo>& flattenFields = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(ST);
+        for(std::vector<FlattenedFieldInfo>::const_iterator it = flattenFields.begin(), eit = flattenFields.end();
                 it!=eit; ++it)
         {
             if((*it).getFlattenElemTy()->isPointerTy())
@@ -600,7 +600,7 @@ u32_t SymbolTableBuilder::getObjSize(const Value* val)
     u32_t numOfFields = 1;
     if (SVFUtil::isa<StructType>(ety) || SVFUtil::isa<ArrayType>(ety))
     {
-        numOfFields = SymbolTableInfo::SymbolInfo()->getFlattenFieldInfoVec(ety).size();
+        numOfFields = SymbolTableInfo::SymbolInfo()->getFlattenedFieldInfoVec(ety).size();
     }
     return numOfFields;
 }

package/lib/Util/TypeBasedHeapCloning.cpp

@@ -153,9 +153,9 @@ const NodeBS TypeBasedHeapCloning::getGepObjClones(NodeID base, unsigned offset)
     // totalOffset is the offset from the real base (i.e. base of base),
     // offset is the offset into base, whether it is a field itself or not.
     unsigned totalOffset = offset;
-    if (const GepObjPN *baseGep = SVFUtil::dyn_cast<GepObjPN>(baseNode))
+    if (const GepObjVar *baseGep = SVFUtil::dyn_cast<GepObjVar>(baseNode))
     {
-        totalOffset += baseGep->getLocationSet().getOffset();
+        totalOffset += baseGep->getOffset();
     }
 
     const DIType *baseType = getType(base);
@@ -184,12 +184,12 @@ const NodeBS TypeBasedHeapCloning::getGepObjClones(NodeID base, unsigned offset)
     {
         PAGNode *node = ppag->getGNode(gep);
         assert(node && "TBHC: expected gep node doesn't exist.");
-        assert((SVFUtil::isa<GepObjPN>(node) || SVFUtil::isa<FIObjVar>(node))
+        assert((SVFUtil::isa<GepObjVar>(node) || SVFUtil::isa<FIObjVar>(node))
                && "TBHC: expected a GEP or FI object.");
 
-        if (GepObjPN *gepNode = SVFUtil::dyn_cast<GepObjPN>(node))
+        if (GepObjVar *gepNode = SVFUtil::dyn_cast<GepObjVar>(node))
         {
-            if (gepNode->getLocationSet().getOffset() == totalOffset)
+            if (gepNode->getOffset() == totalOffset)
             {
                 geps.set(gep);
             }
@@ -225,7 +225,7 @@ const NodeBS TypeBasedHeapCloning::getGepObjClones(NodeID base, unsigned offset)
             newGep = ppag->getGepObjVar(base, newLS);
         }
 
-        if (GepObjPN *gep = SVFUtil::dyn_cast<GepObjPN>(ppag->getGNode(newGep)))
+        if (GepObjVar *gep = SVFUtil::dyn_cast<GepObjVar>(ppag->getGNode(newGep)))
         {
             gep->setBaseNode(base);
         }
@@ -412,9 +412,9 @@ NodeID TypeBasedHeapCloning::cloneObject(NodeID o, const DIType *type, bool)
 {
     NodeID clone;
     const PAGNode *obj = ppag->getGNode(o);
-    if (const GepObjPN *gepObj = SVFUtil::dyn_cast<GepObjPN>(obj))
+    if (const GepObjVar *gepObj = SVFUtil::dyn_cast<GepObjVar>(obj))
     {
-        const NodeBS &clones = getGepObjClones(gepObj->getBaseNode(), gepObj->getLocationSet().getOffset());
+        const NodeBS &clones = getGepObjClones(gepObj->getBaseNode(), gepObj->getOffset());
         // TODO: a bit of repetition.
         for (NodeID clone : clones)
         {
@@ -427,7 +427,7 @@ NodeID TypeBasedHeapCloning::cloneObject(NodeID o, const DIType *type, bool)
         clone = addCloneGepObjNode(gepObj->getMemObj(), gepObj->getLocationSet());
 
         // The base needs to know about the new clone.
-        addGepToObj(clone, gepObj->getBaseNode(), gepObj->getLocationSet().getOffset());
+        addGepToObj(clone, gepObj->getBaseNode(), gepObj->getOffset());
 
         addClone(o, clone);
         addClone(getOriginalObj(o), clone);
@@ -539,7 +539,7 @@ const DIType *TypeBasedHeapCloning::getTypeFromCTirMetadata(const Value *v)
 bool TypeBasedHeapCloning::isGep(const PAGNode *n) const
 {
     assert(n != nullptr && "TBHC: testing if null is a GEP object!");
-    return SVFUtil::isa<GepObjPN>(n);
+    return SVFUtil::isa<GepObjVar>(n);
 }
 
 /// Returns true if the function name matches MAYALIAS, NOALIAS, etc.

package/lib/WPA/Andersen.cpp

@@ -64,10 +64,6 @@ AndersenBase::~AndersenBase()
 {
   delete consCG;
   consCG = nullptr;
-
-  auto * chg = getCHGraph();
-  delete chg;
-  chg = nullptr;
 }
 
 /*!
@@ -170,7 +166,7 @@ void AndersenBase::normalizePointsTo()
     // for redundant gepnodes and remove those nodes from pag
     for (NodeID n: redundantGepNodes) {
         NodeID base = pag->getBaseObjVar(n);
-        GepObjPN *gepNode = SVFUtil::dyn_cast<GepObjPN>(pag->getGNode(n));
+        GepObjVar *gepNode = SVFUtil::dyn_cast<GepObjVar>(pag->getGNode(n));
         assert(gepNode && "Not a gep node in redundantGepNodes set");
         const LocationSet ls = gepNode->getLocationSet();
         GepObjVarMap.erase(std::make_pair(base, ls));