svf-tools 1.0.374 → 1.0.375

package/include/MemoryModel/SymbolTableInfo.h

@@ -389,7 +389,7 @@ protected:
     virtual void collectSimpleTypeInfo(const Type* T);
 
     /// Create an objectInfo based on LLVM type (value is null, and type could be null, representing a dummy object)
-    ObjTypeInfo* createObjTypeInfo(const Type *type = nullptr);
+    ObjTypeInfo* createObjTypeInfo(const Type *type);
 
     /// Every type T is mapped to StInfo
     /// which contains size (fsize) , offset(foffset)
@@ -592,7 +592,7 @@ public:
  */
 class ObjTypeInfo
 {
-
+friend class SymbolTableBuilder;
 public:
     typedef enum
     {
@@ -619,30 +619,18 @@ private:
     /// maximum number of field object can be created
     /// minimum number is 0 (field insensitive analysis)
     u32_t maxOffsetLimit;
+
+    void resetTypeForHeapStaticObj(const Type* type);
 public:
 
     /// Constructors
-    ObjTypeInfo(const Value*, const Type* t, u32_t max) :
-        type(t), flags(0), maxOffsetLimit(max)
-    {
-    }
-    /// Constructor
-    ObjTypeInfo(u32_t max, const Type* t) : type(t), flags(0), maxOffsetLimit(max)
-    {
+    ObjTypeInfo(const Type* t, u32_t max);
 
-    }
     /// Destructor
     virtual ~ObjTypeInfo()
     {
-
     }
-
-    /// Analyse types of heap and static objects
-    void analyzeHeapObjType(const Type* type);
-
-    /// Analyse types of heap and static objects
-    void analyzeStaticObjType(const Type* type);
-
+    
     /// Get LLVM type
     inline const Type* getType() const
     {

package/include/SVF-FE/SymbolTableBuilder.h

@@ -79,7 +79,14 @@ public:
     /// Initialize TypeInfo based on LLVM Value
     void initTypeInfo(ObjTypeInfo* typeinfo, const Value* value);
     /// Analyse types of all flattened fields of this object
-    void analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const Value* val);
+    void analyzeObjType(ObjTypeInfo* typeinfo, const Value* val);
+    /// Analyse types of heap and static objects
+    void analyzeHeapObjType(ObjTypeInfo* typeinfo, const Value* val);
+    /// Analyse types of heap and static objects
+    void analyzeStaticObjType(ObjTypeInfo* typeinfo, const Value* val);
+    /// Return the bitcast instruction which is val's only use site, otherwise return nullptr
+    const Value* getUniqueUseViaCastInst(const Value* val);
+
     /// Return size of this object based on LLVM value
     u32_t getObjSize(const Value* val);
 };

package/lib/MemoryModel/SVFIR.cpp

@@ -537,6 +537,24 @@ NodeID SVFIR::getBaseValVar(NodeID nodeId)
         return nodeId;
 }
 
+/*!
+ * It is used to create a dummy GepValVar during global initiailzation.
+ */
+NodeID SVFIR::getGepValVar(const Value* curInst, NodeID base, const LocationSet& ls) const
+{
+    GepValueVarMap::const_iterator iter = GepValObjMap.find(curInst);
+    if(iter==GepValObjMap.end()){
+        return UINT_MAX;
+    }
+    else{
+        NodeLocationSetMap::const_iterator lit = iter->second.find(std::make_pair(base, ls));
+        if(lit==iter->second.end())
+            return UINT_MAX;
+        else
+            return lit->second;
+    }
+}
+
 /*!
  * Get a base SVFVar given a pointer
  * Return the source node of its connected normal gep edge
@@ -669,7 +687,37 @@ void SVFIR::initialiseCandidatePointers()
         candidatePointers.insert(nodeId);
     }
 }
-
+/*!
+ * Return true if FIObjVar can point to any object 
+ * Or a field GepObjVar can point to any object.
+ */
+bool SVFIR::isNonPointerObj(NodeID id) const
+{
+    SVFVar* node = getGNode(id);
+    if (const FIObjVar* fiNode = SVFUtil::dyn_cast<FIObjVar>(node))
+    {
+        if(Options::FirstFieldEqBase)
+            return fiNode->getMemObj()->isNonPtrFieldObj(0);
+        else
+            return (fiNode->getMemObj()->hasPtrObj()==false);
+    }
+    else if (const GepObjVar* gepNode = SVFUtil::dyn_cast<GepObjVar>(node))
+    {
+        return (gepNode->getMemObj()->isNonPtrFieldObj(gepNode->getLocationSet()));
+    }
+    else if (const DummyObjVar* dummyNode = SVFUtil::dyn_cast<DummyObjVar>(node))
+    {
+        if(Options::FirstFieldEqBase)
+            return dummyNode->getMemObj()->isNonPtrFieldObj(0);
+        else
+            return (dummyNode->getMemObj()->hasPtrObj()==false);
+    }
+    else
+    {
+        assert(false && "expecting a object node");
+        abort();
+    }
+}
 /*
  * If this is a dummy node or node does not have incoming edges we assume it is not a pointer here
  */
@@ -683,7 +731,7 @@ bool SVFIR::isValidPointer(NodeID nodeId) const
 
 bool SVFIR::isValidTopLevelPtr(const SVFVar* node)
 {
-    if (node->isTopLevelPtr())
+    if (SVFUtil::isa<ValVar>(node))
     {
         if (isValidPointer(node->getId()) && node->hasValue())
         {

package/lib/MemoryModel/SVFVariables.cpp

@@ -40,36 +40,28 @@ using namespace SVFUtil;
 SVFVar::SVFVar(const Value* val, NodeID i, PNODEK k) :
     GenericPAGNodeTy(i,k), value(val)
 {
-
     assert( ValNode <= k && k <= CloneDummyObjNode && "new SVFIR node kind?");
-
     switch (k)
     {
     case ValNode:
     case GepValNode:
     {
         assert(val != nullptr && "value is nullptr for ValVar or GepValNode");
-        isTLPointer = val->getType()->isPointerTy();
-        isATPointer = false;
+        isPtr = val->getType()->isPointerTy();
         break;
     }
-
     case RetNode:
     {
         assert(val != nullptr && "value is nullptr for RetNode");
-        isTLPointer = SVFUtil::cast<Function>(val)->getReturnType()->isPointerTy();
-        isATPointer = false;
+        isPtr = SVFUtil::cast<Function>(val)->getReturnType()->isPointerTy();
         break;
     }
-
     case VarargNode:
     case DummyValNode:
     {
-        isTLPointer = true;
-        isATPointer = false;
+        isPtr = true;
         break;
     }
-
     case ObjNode:
     case GepObjNode:
     case FIObjNode:
@@ -78,8 +70,9 @@ SVFVar::SVFVar(const Value* val, NodeID i, PNODEK k) :
     case CloneFIObjNode:
     case CloneDummyObjNode:
     {
-        isTLPointer = false;
-        isATPointer = true;
+        isPtr = true;
+        if(val)
+            isPtr = val->getType()->isPointerTy();
         break;
     }
     }

package/lib/MemoryModel/SymbolTableInfo.cpp

@@ -44,6 +44,17 @@ SymbolTableInfo* SymbolTableInfo::symInfo = nullptr;
 u32_t StInfo::maxFieldLimit = 0;
 
 
+ObjTypeInfo::ObjTypeInfo(const Type* t, u32_t max) : type(t), flags(0), maxOffsetLimit(max)
+{
+    assert(t && "no type information for this object?");
+}
+
+
+void ObjTypeInfo::resetTypeForHeapStaticObj(const Type* t){
+    assert((isStaticObj() || isHeap()) && "can only reset the inferred type for heap and static objects!");
+    type = t;
+}
+
 /// Add field (index and offset) with its corresponding type
 void StInfo::addFldWithType(u32_t fldIdx, const Type* type, u32_t elemIdx)
 {
@@ -90,8 +101,11 @@ SymbolTableInfo::TypeToFieldInfoMap::iterator SymbolTableInfo::getStructInfoIter
  */
 ObjTypeInfo* SymbolTableInfo::createObjTypeInfo(const Type* type)
 {
-    ObjTypeInfo* typeInfo = new ObjTypeInfo(StInfo::getMaxFieldLimit(),type);
-    typeInfo->analyzeHeapObjType(type);
+    ObjTypeInfo* typeInfo = new ObjTypeInfo(type, StInfo::getMaxFieldLimit());
+    if(type && type->isPointerTy()){
+        typeInfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeInfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
+    }
     return typeInfo;
 }
 
@@ -360,7 +374,7 @@ MemObj* SymbolTableInfo::createBlkObj(SymID symId)
 {
     assert(isBlkObj(symId));
     assert(objMap.find(symId)==objMap.end());
-    MemObj* obj = new MemObj(symId, createObjTypeInfo());
+    MemObj* obj = new MemObj(symId, createObjTypeInfo(IntegerType::get(LLVMModuleSet::getLLVMModuleSet()->getContext(), 32)));
     objMap[symId] = obj;
     return obj;
 }
@@ -369,7 +383,7 @@ MemObj* SymbolTableInfo::createConstantObj(SymID symId)
 {
     assert(isConstantObj(symId));
     assert(objMap.find(symId)==objMap.end());
-    MemObj* obj = new MemObj(symId, createObjTypeInfo());
+    MemObj* obj = new MemObj(symId, createObjTypeInfo(IntegerType::get(LLVMModuleSet::getLLVMModuleSet()->getContext(), 32)));
     objMap[symId] = obj;
     return obj;
 }
@@ -595,36 +609,13 @@ u32_t SymbolTableInfo::getTypeSizeInBytes(const StructType *sty, u32_t field_idx
 }
 
 
-
-/*!
- * Analyse types of heap and static objects
- */
-void ObjTypeInfo::analyzeHeapObjType(const Type*)
-{
-    // TODO: Heap and static objects are considered as pointers right now.
-    //       Refine this function to get more details about heap and static objects.
-    setFlag(HEAP_OBJ);
-    setFlag(HASPTR_OBJ);
-}
-
-/*!
- * Analyse types of heap and static objects
- */
-void ObjTypeInfo::analyzeStaticObjType(const Type*)
-{
-    // TODO: Heap and static objects are considered as pointers right now.
-    //       Refine this function to get more details about heap and static objects.
-    setFlag(STATIC_OBJ);
-    setFlag(HASPTR_OBJ);
-}
-
 /*!
  * Whether a location set is a pointer type or not
  */
 bool ObjTypeInfo::isNonPtrFieldObj(const LocationSet& ls)
 {
-    if (isHeap() || isStaticObj())
-        return false;
+    if (hasPtrObj() == false)
+        return true;
 
     const Type* ety = getType();
     while (const ArrayType *AT= SVFUtil::dyn_cast<ArrayType>(ety))
@@ -653,28 +644,10 @@ bool ObjTypeInfo::isNonPtrFieldObj(const LocationSet& ls)
     }
     else
     {
-        if (isStaticObj() || isHeap())
-        {
-            // TODO: Objects which cannot find proper field for a certain offset including
-            //       arguments in main(), static objects allocated before main and heap
-            //       objects. Right now they're considered to have infinite fields and we
-            //       treat each field as pointers conservatively.
-            //       Try to model static and heap objects more accurately in the future.
-            return false;
-        }
-        else
-        {
-            // TODO: Using new memory model (locMM) may create objects with spurious offset
-            //       as we simply return new offset by mod operation without checking its
-            //       correctness in LocSymTableInfo::getModulusOffset(). So the following
-            //       assertion may fail. Try to refine the new memory model.
-            //assert(ls.getConstantFieldIdx() == 0 && "cannot get a field from a non-struct type");
-            return (hasPtrObj() == false);
-        }
+        return (hasPtrObj() == false);
     }
 }
 
-
 /*!
  * Set mem object to be field sensitive (up to maximum field limit)
  */

package/lib/SVF-FE/SVFIRBuilder.cpp

@@ -1111,7 +1111,7 @@ void SVFIRBuilder::handleExtCall(CallSite cs, const SVFFunction *callee)
             {
                 NodeID vnArg = getValueNode(arg);
                 NodeID dummy = pag->addDummyValNode();
-                NodeID obj = pag->addDummyObjNode();
+                NodeID obj = pag->addDummyObjNode(arg->getType());
                 if (vnArg && dummy && obj)
                 {
                     addAddrEdge(obj, dummy);

package/lib/SVF-FE/SymbolTableBuilder.cpp

@@ -486,7 +486,7 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
     if (refTy)
     {
         Type *objTy = refTy->getElementType();
-        ObjTypeInfo* typeInfo = new ObjTypeInfo(val, objTy, Options::MaxFieldLimit);
+        ObjTypeInfo* typeInfo = new ObjTypeInfo(objTy, Options::MaxFieldLimit);
         initTypeInfo(typeInfo,val);
         return typeInfo;
     }
@@ -496,7 +496,7 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
         writeWrnMsg(val->getName().str());
         writeWrnMsg("(" + getSourceLoc(val) + ")");
         if(symInfo->isConstantObjSym(val)){
-            ObjTypeInfo* typeInfo = new ObjTypeInfo(val, val->getType(), 0);
+            ObjTypeInfo* typeInfo = new ObjTypeInfo(val->getType(), 0);
             initTypeInfo(typeInfo,val);
             return typeInfo;
         }
@@ -507,15 +507,14 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
     }
 }
 
-
 /*!
  * Analyse types of all flattened fields of this object
  */
-void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const Value* val)
+void SymbolTableBuilder::analyzeObjType(ObjTypeInfo* typeinfo, const Value* val)
 {
 
     const PointerType * refty = SVFUtil::dyn_cast<PointerType>(val->getType());
-    assert(SVFUtil::isa<PointerType>(refty) && "this value should be a pointer type!");
+    assert(refty && "this value should be a pointer type!");
     Type* elemTy = refty->getElementType();
     bool isPtrObj = false;
     // Find the inter nested array element
@@ -526,9 +525,7 @@ void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const
             isPtrObj = true;
         if(SVFUtil::isa<GlobalVariable>(val) && SVFUtil::cast<GlobalVariable>(val)->hasInitializer()
                 && SVFUtil::isa<ConstantArray>(SVFUtil::cast<GlobalVariable>(val)->getInitializer()))
-        {
             typeinfo->setFlag(ObjTypeInfo::CONST_ARRAY_OBJ);
-        }
         else
             typeinfo->setFlag(ObjTypeInfo::VAR_ARRAY_OBJ);
     }
@@ -556,6 +553,56 @@ void SymbolTableBuilder::analyzeGlobalStackObjType(ObjTypeInfo* typeinfo, const
         typeinfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
 }
 
+/*!
+ * Analyse types of heap and static objects
+ */
+void SymbolTableBuilder::analyzeHeapObjType(ObjTypeInfo* typeinfo, const Value* val)
+{
+    if(const Value* castUse = getUniqueUseViaCastInst(val)){
+        typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeinfo->resetTypeForHeapStaticObj(castUse->getType());
+        analyzeObjType(typeinfo,castUse);
+    }
+    else{
+        typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeinfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
+    }
+}
+
+/*!
+ * Analyse types of heap and static objects
+ */
+void SymbolTableBuilder::analyzeStaticObjType(ObjTypeInfo* typeinfo, const Value* val)
+{
+    if(const Value* castUse = getUniqueUseViaCastInst(val)){
+        typeinfo->setFlag(ObjTypeInfo::STATIC_OBJ);
+        typeinfo->resetTypeForHeapStaticObj(castUse->getType());
+        analyzeObjType(typeinfo,castUse);
+    }
+    else{
+        typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
+        typeinfo->setFlag(ObjTypeInfo::HASPTR_OBJ);
+    }
+}
+
+/*
+ * Get the first dominated cast instruction for heap allocations since they typically come from void* (i8*) 
+ * for example, %4 = call align 16 i8* @malloc(i64 10); %5 = bitcast i8* %4 to i32*
+ * return %5 whose type is i32* but not %4 whose type is i8*
+ */
+const Value* SymbolTableBuilder::getUniqueUseViaCastInst(const Value* val){
+    const PointerType * type = SVFUtil::dyn_cast<PointerType>(val->getType());
+    assert(type && "this value should be a pointer type!");
+    /// If type is void* (i8*) and val is only used at a bitcast instruction
+    if (IntegerType *IT = SVFUtil::dyn_cast<IntegerType>(type->getPointerElementType())){
+        if (IT->getBitWidth() == 8 && val->getNumUses()==1){
+            const Use *u = &*val->use_begin();
+            return SVFUtil::dyn_cast<BitCastInst>(u->getUser());
+        }
+    }
+    return nullptr;
+}
+
 /*!
  * Initialize the type info of an object
  */
@@ -566,13 +613,13 @@ void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val){
     if (SVFUtil::isa<Function>(val))
     {
         typeinfo->setFlag(ObjTypeInfo::FUNCTION_OBJ);
-        analyzeGlobalStackObjType(typeinfo,val);
+        analyzeObjType(typeinfo,val);
         objSize = getObjSize(val);
     }
     else if(SVFUtil::isa<AllocaInst>(val))
     {
         typeinfo->setFlag(ObjTypeInfo::STACK_OBJ);
-        analyzeGlobalStackObjType(typeinfo,val);
+        analyzeObjType(typeinfo,val);
         objSize = getObjSize(val);
     }
     else if(SVFUtil::isa<GlobalVariable>(val))
@@ -580,24 +627,24 @@ void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val){
         typeinfo->setFlag(ObjTypeInfo::GLOBVAR_OBJ);
         if(SymbolTableInfo::SymbolInfo()->isConstantObjSym(val))
             typeinfo->setFlag(ObjTypeInfo::CONST_GLOBAL_OBJ);
-        analyzeGlobalStackObjType(typeinfo,val);
+        analyzeObjType(typeinfo,val);
         objSize = getObjSize(val);
     }
     else if (SVFUtil::isa<Instruction>(val) && isHeapAllocExtCall(SVFUtil::cast<Instruction>(val)))
     {
-        typeinfo->analyzeHeapObjType(val->getType());
+        analyzeHeapObjType(typeinfo,val);
         // Heap object, label its field as infinite here
         objSize = -1;
     }
     else if (SVFUtil::isa<Instruction>(val) && isStaticExtCall(SVFUtil::cast<Instruction>(val)))
     {
-        typeinfo->analyzeStaticObjType(val->getType());
+        analyzeStaticObjType(typeinfo,val);
         // static object allocated before main, label its field as infinite here
         objSize = -1;
     }
     else if(ArgInProgEntryFunction(val))
     {
-        typeinfo->analyzeStaticObjType(val->getType());
+        analyzeStaticObjType(typeinfo,val);
         // user input data, label its field as infinite here
         objSize = -1;
     }

package/lib/WPA/AndersenStat.cpp

@@ -226,7 +226,7 @@ void AndersenStat::statNullPtr()
     {
         NodeID pagNodeId = iter->first;
         PAGNode* pagNode = iter->second;
-        if (pagNode->isTopLevelPtr() == false)
+        if (SVFUtil::isa<ValVar>(pagNode) == false)
             continue;
         SVFStmt::SVFStmtSetTy& inComingStore = pagNode->getIncomingEdges(SVFStmt::Store);
         SVFStmt::SVFStmtSetTy& outGoingLoad = pagNode->getOutgoingEdges(SVFStmt::Load);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.374",
+  "version": "1.0.375",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {