svf-tools 1.0.577 → 1.0.579

package/include/CFL/CFLStat.h

@@ -33,11 +33,13 @@
 
 #include "Util/PTAStat.h"
 #include "CFL/CFLAlias.h"
+#include "CFL/CFLVF.h"
 
 namespace SVF
 {
 
 class CFLAlias;
+class CFLVF;
 class SVFIR;
 class ConstraintGraph;
 
@@ -48,24 +50,13 @@ class CFLStat : public PTAStat
 {
 
 private:
-    CFLAlias* pta;
+    CFLBase* pta;
 
 public:
-    static const char* CollapseTime;
-
-    static u32_t _MaxPtsSize;
-    static u32_t _NumOfCycles;
-    static u32_t _NumOfPWCCycles;
-    static u32_t _NumOfNodesInCycles;
-    static u32_t _MaxNumOfNodesInSCC;
-    u32_t _NumOfNullPtr;
-    u32_t _NumOfConstantPtr;
-    u32_t _NumOfBlackholePtr;
-
     /// CFL Stat
     u32_t _NumofCFLGraphNode;
 
-    CFLStat(CFLAlias* p);
+    CFLStat(CFLBase* p);
 
     virtual ~CFLStat()
     {
@@ -74,15 +65,13 @@ public:
 
     virtual void performStat();
 
-    void collectCycleInfo(ConstraintGraph* consCG);
-
     void collectCFLInfo(CFLGraph* CFLGraph);
 
-    void statNullPtr();
-
     void constraintGraphStat();
+
+    void CFLGrammarStat();
 };
 
 } // End namespace SVF
 
-#endif /* FLOWSENSITIVESTAT_H_ */
+#endif /* CFL_CFLSTAT_H_ */

package/include/CFL/CFLVF.h

@@ -30,44 +30,32 @@
 #ifndef INCLUDE_CFL_CFLVF_H_
 #define INCLUDE_CFL_CFLVF_H_
 
-#include "CFL/CFLSolver.h"
-#include "CFL/CFGNormalizer.h"
-#include "CFL/GrammarBuilder.h"
-#include "CFL/CFLGraphBuilder.h"
-#include "CFL/CFLGramGraphChecker.h"
-#include "MemoryModel/PointerAnalysis.h"
-#include "Graphs/ConsG.h"
-#include "Util/Options.h"
+
+#include "CFL/CFLBase.h"
+#include "CFL/CFLStat.h"
 #include "SABER/SaberSVFGBuilder.h"
+#include "WPA/Andersen.h"
 
 namespace SVF
 {
-
-class CFLVF : public BVDataPTAImpl
+class CFLVF : public CFLBase
 {
 
 public:
-    typedef OrderedMap<CallSite, NodeID> CallSite2DummyValPN;
-
-    CFLVF(SVFIR* ir) : BVDataPTAImpl(ir, PointerAnalysis::CFLFSCS_WPA, false), svfir(ir), graph(nullptr), grammar(nullptr), solver(nullptr)
+    CFLVF(SVFIR* ir) : CFLBase(ir, PointerAnalysis::CFLFSCS_WPA)
     {
     }
 
-    /// Destructor
-    virtual ~CFLVF()
-    {
-        delete solver;
-    }
+    /// Initialize the grammar, graph, solver
+    virtual void initialize();
+
+    /// Print grammar and graph
+    virtual void finalize();
 
-    /// Start Analysis here (main part of pointer analysis).
-    virtual void analyze();
+    /// Build CFLGraph via VFG
+    void buildCFLGraph();
 
 private:
-    CallSite2DummyValPN callsite2DummyValPN;        ///< Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocator
-    SVFIR* svfir;
-    CFLGraph* graph;
-    CFLGrammar* grammar;
-    CFLSolver *solver;
     SaberSVFGBuilder memSSA;
     SVFG* svfg;
 };

package/include/Graphs/CFLGraph.h

@@ -109,6 +109,11 @@ public:
 
     void view();
 
+    inline const CFLEdgeSet& getCFLEdges() const
+    {
+        return cflEdgeSet;
+    }
+
 private:
     CFLEdgeSet cflEdgeSet;
 };

package/lib/CFL/CFLAlias.cpp

@@ -28,31 +28,11 @@
  */
 
 #include "CFL/CFLAlias.h"
-#include "Util/SVFBasicTypes.h"
 
 using namespace SVF;
 using namespace cppUtil;
 using namespace SVFUtil;
 
-u32_t CFLAlias::numOfProcessedAddr = 0;
-u32_t CFLAlias::numOfProcessedCopy = 0;
-u32_t CFLAlias::numOfProcessedGep = 0;
-u32_t CFLAlias::numOfProcessedLoad = 0;
-u32_t CFLAlias::numOfProcessedStore = 0;
-u32_t CFLAlias::numOfSfrs = 0;
-u32_t CFLAlias::numOfFieldExpand = 0;
-
-u32_t CFLAlias::numOfSCCDetection = 0;
-double CFLAlias::timeOfSCCDetection = 0;
-double CFLAlias::timeOfSCCMerges = 0;
-double CFLAlias::timeOfCollapse = 0;
-
-u32_t CFLAlias::AveragePointsToSetSize = 0;
-u32_t CFLAlias::MaxPointsToSetSize = 0;
-double CFLAlias::timeOfProcessCopyGep = 0;
-double CFLAlias::timeOfProcessLoadStore = 0;
-double CFLAlias::timeOfUpdateCallGraph = 0;
-
 /*!
  * On the fly call graph construction
  * callsites is candidate indirect callsites need to be analyzed based on points-to results
@@ -193,9 +173,6 @@ void CFLAlias::heapAllocatorViaIndCall(CallSite cs)
  */
 bool CFLAlias::updateCallGraph(const CallSiteToFunPtrMap& callsites)
 {
-
-    // double cgUpdateStart = stat->getClk();
-
     CallEdgeMap newEdges;
     onTheFlyCallGraphSolve(callsites,newEdges);
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
@@ -203,65 +180,55 @@ bool CFLAlias::updateCallGraph(const CallSiteToFunPtrMap& callsites)
         CallSite cs = SVFUtil::getLLVMCallSite(it->first->getCallSite());
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
-            std::cout << cs.arg_size();
             connectCaller2CalleeParams(cs,*cit);
         }
     }
 
-    // double cgUpdateEnd = stat->getClk();
-    //timeOfUpdateCallGraph += (cgUpdateEnd - cgUpdateStart) / TIMEINTERVAL;
-
     return (!solver->isWorklistEmpty());
 }
 
-void CFLAlias::analyze()
+void CFLAlias::initialize()
 {
     stat = new CFLStat(this);
-    GrammarBuilder grammarBuilder = GrammarBuilder(Options::GrammarFilename);
-    CFGNormalizer normalizer = CFGNormalizer();
-    AliasCFLGraphBuilder cflGraphBuilder = AliasCFLGraphBuilder();
-    CFLGramGraphChecker cflChecker = CFLGramGraphChecker();
-    if (Options::CFLGraph.empty())
-    {
-        PointerAnalysis::initialize();
-        GrammarBase *grammarBase = grammarBuilder.build();
-        ConstraintGraph *consCG = new ConstraintGraph(svfir);
-        if (Options::PEGTransfer)
-        {
-            graph = cflGraphBuilder.buildBiPEGgraph(consCG, grammarBase->getStartKind(), grammarBase, svfir);
-        }
-        else
-        {
-            graph = cflGraphBuilder.buildBigraph(consCG, grammarBase->getStartKind(), grammarBase);
-        }
 
-        cflChecker.check(grammarBase, &cflGraphBuilder, graph);
-        grammar = normalizer.normalize(grammarBase);
-        cflChecker.check(grammar, &cflGraphBuilder, graph);
-        delete consCG;
-        delete grammarBase;
-    }
-    else
-    {
-        GrammarBase *grammarBase = grammarBuilder.build();
-        graph = cflGraphBuilder.buildFromDot(Options::CFLGraph, grammarBase);
-        cflChecker.check(grammarBase, &cflGraphBuilder, graph);
-        grammar = normalizer.normalize(grammarBase);
-        cflChecker.check(grammar, &cflGraphBuilder, graph);
-        delete grammarBase;
-    }
+    // Build CFL Grammar
+    buildCFLGrammar();
+
+    // Build CFL Graph
+    buildCFLGraph();
+
+    // Normalize CFL Grammar
+    normalizeCFLGrammar();
+
+    // Initialize sovler
     solver = new CFLSolver(graph, grammar);
-    solver->solve();
-    while (updateCallGraph(svfir->getIndirectCallsites()))
-        solver->solve();
+}
+
+void CFLAlias::finalize()
+{
     if(Options::PrintCFL == true)
     {
-        svfir->dump("IR");
+        if (Options::CFLGraph.empty())
+            svfir->dump("IR");
         grammar->dump("Grammar");
         graph->dump("CFLGraph");
     }
     if (Options::CFLGraph.empty())
-    {
         PointerAnalysis::finalize();
-    }
+}
+
+void CFLAlias::solve()
+{
+    // Start solving
+    double start = stat->getClk(true);
+
+    solver->solve();
+    if (Options::CFLGraph.empty())
+    {
+        while (updateCallGraph(svfir->getIndirectCallsites()))
+            solver->solve();
+    } // Only cflgraph built from bc could reanlyze by update call graph
+
+    double end = stat->getClk(true);
+    timeOfSolving += (end - start) / TIMEINTERVAL;
 }

package/lib/CFL/CFLBase.cpp

@@ -0,0 +1,133 @@
+//===----- CFLBase.cpp -- CFL Analysis Client Base--------------//
+//
+//                     SVF: Static Value-Flow Analysis
+//
+// Copyright (C) <2013->  <Yulei Sui>
+//
+
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+//===----------------------------------------------------------------------===//
+
+/*
+ * CFLBase.cpp
+ *
+ *  Created on: Oct 13, 2022
+ *      Author: Pei Xu
+ */
+
+
+#include "CFL/CFLBase.h"
+
+namespace SVF
+{
+
+class CFLStat;
+
+double CFLBase::timeOfBuildCFLGrammar = 0;
+double CFLBase::timeOfNormalizeGrammar = 0;
+double CFLBase::timeOfBuildCFLGraph = 0;
+double CFLBase::timeOfSolving = 0;
+double CFLBase::numOfStartEdges = 0;
+
+void CFLBase::buildCFLGrammar()
+{
+    // Start building grammar
+    double start = stat->getClk(true);
+
+    GrammarBuilder grammarBuilder = GrammarBuilder(Options::GrammarFilename);
+    grammarBase = grammarBuilder.build();
+
+    // Get time of build grammar
+    double end = stat->getClk(true);
+    timeOfBuildCFLGrammar += (end - start) / TIMEINTERVAL;
+}
+
+void CFLBase::buildCFLGraph()
+{
+    // Start building CFLGraph
+    double start = stat->getClk(true);
+
+    AliasCFLGraphBuilder cflGraphBuilder = AliasCFLGraphBuilder();
+    if (Options::CFLGraph.empty()) // built from svfir
+    {
+        PointerAnalysis::initialize();
+        ConstraintGraph *consCG = new ConstraintGraph(svfir);
+        if (Options::PEGTransfer)
+            graph = cflGraphBuilder.buildBiPEGgraph(consCG, grammarBase->getStartKind(), grammarBase, svfir);
+        else
+            graph = cflGraphBuilder.buildBigraph(consCG, grammarBase->getStartKind(), grammarBase);
+        delete consCG;
+    }
+    else
+        graph = cflGraphBuilder.buildFromDot(Options::CFLGraph, grammarBase);
+
+    // Check CFL Graph and Grammar are accordance with grammar
+    CFLGramGraphChecker cflChecker = CFLGramGraphChecker();
+    cflChecker.check(grammarBase, &cflGraphBuilder, graph);
+
+    // Get time of build graph
+    double end = stat->getClk(true);
+    timeOfBuildCFLGraph += (end - start) / TIMEINTERVAL;
+}
+
+void CFLBase::normalizeCFLGrammar()
+{
+    // Start normalize grammar
+    double start = stat->getClk(true);
+
+    CFGNormalizer normalizer = CFGNormalizer();
+    grammar = normalizer.normalize(grammarBase);
+
+    // Get time of normalize grammar
+    double end = stat->getClk(true);
+    timeOfNormalizeGrammar += (end - start) / TIMEINTERVAL;
+}
+
+void CFLBase::solve()
+{
+    // Start solving
+    double start = stat->getClk(true);
+
+    solver->solve();
+
+    double end = stat->getClk(true);
+    timeOfSolving += (end - start) / TIMEINTERVAL;
+}
+
+void CFLBase::analyze()
+{
+    initialize();
+
+    solve();
+
+    finalize();
+}
+
+CFLGraph* CFLBase::getCFLGraph()
+{
+    return graph;
+}
+
+void CFLBase::countSumEdges()
+{
+    numOfStartEdges = 0;
+    for(auto it = getCFLGraph()->getCFLEdges().begin(); it != getCFLGraph()->getCFLEdges().end(); it++ )
+    {
+        if ((*it)->getEdgeKind() == grammar->getStartKind())
+            numOfStartEdges++;
+    }
+}
+
+} // End namespace SVF

package/lib/CFL/CFLStat.cpp

@@ -33,22 +33,11 @@ using namespace SVF;
 using namespace SVFUtil;
 using namespace std;
 
-u32_t CFLStat::_MaxPtsSize = 0;
-u32_t CFLStat::_NumOfCycles = 0;
-u32_t CFLStat::_NumOfPWCCycles = 0;
-u32_t CFLStat::_NumOfNodesInCycles = 0;
-u32_t CFLStat::_MaxNumOfNodesInSCC = 0;
-
-const char* CFLStat::CollapseTime = "CollapseTime";
-
 /*!
  * Constructor
  */
-CFLStat::CFLStat(CFLAlias* p): PTAStat(p),pta(p)
+CFLStat::CFLStat(CFLBase* p): PTAStat(p),pta(p)
 {
-    _NumOfNullPtr = 0;
-    _NumOfConstantPtr= 0;
-    _NumOfBlackholePtr = 0;
     startClk();
 }
 
@@ -57,56 +46,11 @@ CFLStat::CFLStat(CFLAlias* p): PTAStat(p),pta(p)
  */
 void  CFLStat::collectCFLInfo(CFLGraph* CFLGraph)
 {
-    _NumOfCycles = 0;
-    _NumOfPWCCycles = 0;
-    _NumOfNodesInCycles = 0;
-    NodeSet repNodes;
-    repNodes.clear();
-}
+    timeStatMap["timeOfBuildCFLGraph"] = pta->timeOfBuildCFLGraph;
+    PTNumStatMap["NumOfNodes"] = CFLGraph->getTotalNodeNum();
+    PTNumStatMap["NumOfEdges"] = CFLGraph->getCFLEdges().size();
 
-
-
-/*!
- * Collect cycle information
- */
-void  CFLStat::collectCycleInfo(ConstraintGraph* consCG)
-{
-    _NumOfCycles = 0;
-    _NumOfPWCCycles = 0;
-    _NumOfNodesInCycles = 0;
-    NodeSet repNodes;
-    repNodes.clear();
-    for(ConstraintGraph::iterator it = consCG->begin(), eit = consCG->end(); it!=eit; ++it)
-    {
-        // sub nodes have been removed from the constraint graph, only rep nodes are left.
-        NodeID repNode = consCG->sccRepNode(it->first);
-        NodeBS& subNodes = consCG->sccSubNodes(repNode);
-        NodeBS clone = subNodes;
-        for (NodeBS::iterator it = subNodes.begin(), eit = subNodes.end(); it != eit; ++it)
-        {
-            NodeID nodeId = *it;
-            PAGNode* pagNode = pta->getPAG()->getGNode(nodeId);
-            if (SVFUtil::isa<ObjVar>(pagNode) && pta->isFieldInsensitive(nodeId))
-            {
-                NodeID baseId = consCG->getBaseObjVar(nodeId);
-                clone.reset(nodeId);
-                clone.set(baseId);
-            }
-        }
-        u32_t num = clone.count();
-        if (num > 1)
-        {
-            if(repNodes.insert(repNode).second)
-            {
-                _NumOfNodesInCycles += num;
-                if(consCG->isPWCNode(repNode))
-                    _NumOfPWCCycles ++;
-            }
-            if( num > _MaxNumOfNodesInSCC)
-                _MaxNumOfNodesInSCC = num;
-        }
-    }
-    _NumOfCycles += repNodes.size();
+    PTAStat::printStat("CFLGraph Stats");
 }
 
 void CFLStat::constraintGraphStat()
@@ -160,58 +104,12 @@ void CFLStat::constraintGraphStat()
 
     PTAStat::printStat("CFL Graph Stats");
 }
-/*!
- * Stat null pointers
- */
-void CFLStat::statNullPtr()
-{
-
-    _NumOfNullPtr = 0;
-    for (SVFIR::iterator iter = pta->getPAG()->begin(), eiter = pta->getPAG()->end();
-            iter != eiter; ++iter)
-    {
-        NodeID pagNodeId = iter->first;
-        PAGNode* pagNode = iter->second;
-        if (SVFUtil::isa<ValVar>(pagNode) == false)
-            continue;
-        SVFStmt::SVFStmtSetTy& inComingStore = pagNode->getIncomingEdges(SVFStmt::Store);
-        SVFStmt::SVFStmtSetTy& outGoingLoad = pagNode->getOutgoingEdges(SVFStmt::Load);
-        if (inComingStore.empty()==false || outGoingLoad.empty()==false)
-        {
-            ///TODO: change the condition here to fetch the points-to set
-            const PointsTo& pts = pta->getPts(pagNodeId);
-            if (pta->containBlackHoleNode(pts))
-                _NumOfBlackholePtr++;
-
-            if (pta->containConstantNode(pts))
-                _NumOfConstantPtr++;
-
-            if(pts.empty())
-            {
-                std::string str;
-                raw_string_ostream rawstr(str);
-                if (!SVFUtil::isa<DummyValVar>(pagNode) && !SVFUtil::isa<DummyObjVar>(pagNode) )
-                {
-                    // if a pointer is in dead function, we do not care
-                    if(SymbolTableInfo::isPtrInUncalledFunction(pagNode->getValue()) == false)
-                    {
-                        _NumOfNullPtr++;
-                        rawstr << "##Null Pointer : (NodeID " << pagNode->getId()
-                               << ") PtrName:" << pagNode->getValue()->getName();
-                        writeWrnMsg(rawstr.str());
-                        //pagNode->getValue()->dump();
-                    }
-                }
-                else
-                {
-                    _NumOfNullPtr++;
-                    rawstr << "##Null Pointer : (NodeID " << pagNode->getId() << ")";
-                    writeWrnMsg(rawstr.str());
-                }
-            }
-        }
-    }
 
+void CFLStat::CFLGrammarStat()
+{
+    timeStatMap["timeOfBuildCFLGrammar"] = pta->timeOfBuildCFLGrammar;
+    timeStatMap["timeOfNormalizeGrammar"] = pta->timeOfNormalizeGrammar;
+    PTAStat::printStat("CFLGrammar Stats");
 }
 
 /*!
@@ -219,51 +117,26 @@ void CFLStat::statNullPtr()
  */
 void CFLStat::performStat()
 {
-
-    assert(SVFUtil::isa<CFLAlias>(pta) && "not an CFLAlias pass!! what else??");
+    assert((SVFUtil::isa<CFLAlias>(pta)||SVFUtil::isa<CFLVF>(pta)) && "not an CFLAlias pass!! what else??");
     endClk();
-    // SVFIR* pag = pta->getPAG();
-    CFLGraph* CFLGraph = pta->getCFLGraph();
-    // collect cfl graph infor
-    collectCFLInfo(CFLGraph);
-    // delete CFLGraph;
-    // collect constraint graph cycles
-    // collectCycleInfo(consCG);
 
-    // stat null ptr number
-    statNullPtr();
+    pta->countSumEdges();
 
-    u32_t totalPointers = 0;
-    u32_t totalTopLevPointers = 0;
-    u32_t totalPtsSize = 0;
-    u32_t totalTopLevPtsSize = 0;
-    for (SVFIR::iterator iter = pta->getPAG()->begin(), eiter = pta->getPAG()->end();
-            iter != eiter; ++iter)
-    {
-        NodeID node = iter->first;
-        const PointsTo& pts = pta->getPts(node);
-        u32_t size = pts.count();
-        totalPointers++;
-        totalPtsSize+=size;
-
-        if(pta->getPAG()->isValidTopLevelPtr(pta->getPAG()->getGNode(node)))
-        {
-            totalTopLevPointers++;
-            totalTopLevPtsSize+=size;
-        }
+    // CFLGraph stat
+    CFLGraph* CFLGraph = pta->getCFLGraph();
+    collectCFLInfo(CFLGraph);
 
-        if(size > _MaxPtsSize )
-            _MaxPtsSize = size;
-    }
+    // Solver stat
+    timeStatMap["AnalysisTime"] = pta->timeOfSolving;
+    PTNumStatMap["SumEdges"] = pta->numOfStartEdges;
+    PTAStat::printStat("CFL-reachability analysis Stats");
 
+    // Grammar stat
+    CFLGrammarStat();
 
     PTAStat::performStat();
 
+    // ConstraintGraph stat
     constraintGraphStat();
-
-    PTNumStatMap["PointsToConstPtr"] = _NumOfConstantPtr;
-    PTNumStatMap["PointsToBlkPtr"] = _NumOfBlackholePtr;
-
-    PTAStat::printStat("CFL Alias Analysis Stats");
 }