svf-tools 1.0.658 → 1.0.660
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/svf/include/SVFIR/SVFType.h +4 -4
- package/svf/include/SVFIR/SVFValue.h +3 -3
- package/svf/include/Util/Options.h +3 -0
- package/svf/lib/AbstractExecution/SVFIR2ItvExeState.cpp +6 -3
- package/svf/lib/SABER/SaberSVFGBuilder.cpp +33 -2
- package/svf/lib/SVFIR/SVFValue.cpp +6 -2
- package/svf/lib/Util/Options.cpp +8 -0
- package/svf-llvm/lib/LLVMModule.cpp +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "svf-tools",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.660",
|
|
4
4
|
"description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -243,7 +243,7 @@ public:
|
|
|
243
243
|
{
|
|
244
244
|
SVFTy,
|
|
245
245
|
SVFPointerTy,
|
|
246
|
-
|
|
246
|
+
SVFIntegerTy,
|
|
247
247
|
SVFFunctionTy,
|
|
248
248
|
SVFStructTy,
|
|
249
249
|
SVFArrayTy,
|
|
@@ -337,13 +337,13 @@ public:
|
|
|
337
337
|
}
|
|
338
338
|
};
|
|
339
339
|
|
|
340
|
-
class
|
|
340
|
+
class SVFIntegerType : public SVFType
|
|
341
341
|
{
|
|
342
342
|
public:
|
|
343
|
-
|
|
343
|
+
SVFIntegerType() : SVFType(true, SVFIntegerTy) {}
|
|
344
344
|
static inline bool classof(const SVFType* node)
|
|
345
345
|
{
|
|
346
|
-
return node->getKind() ==
|
|
346
|
+
return node->getKind() == SVFIntegerTy;
|
|
347
347
|
}
|
|
348
348
|
};
|
|
349
349
|
|
|
@@ -266,7 +266,7 @@ public:
|
|
|
266
266
|
|
|
267
267
|
private:
|
|
268
268
|
bool isDecl; /// return true if this function does not have a body
|
|
269
|
-
bool
|
|
269
|
+
bool intrinsic; /// return true if this function is an intrinsic function (e.g., llvm.dbg), which does not reside in the application code
|
|
270
270
|
bool addrTaken; /// return true if this function is address-taken (for indirect call purposes)
|
|
271
271
|
bool isUncalled; /// return true if this function is never called
|
|
272
272
|
bool isNotRet; /// return true if this function never returns
|
|
@@ -307,7 +307,7 @@ protected:
|
|
|
307
307
|
/// @}
|
|
308
308
|
|
|
309
309
|
public:
|
|
310
|
-
SVFFunction(const std::string& f, const SVFType* ty,const SVFFunctionType* ft, bool declare, bool
|
|
310
|
+
SVFFunction(const std::string& f, const SVFType* ty,const SVFFunctionType* ft, bool declare, bool intrinsic, bool addrTaken, bool varg, SVFLoopAndDomInfo* ld);
|
|
311
311
|
SVFFunction(const std::string& f) = delete;
|
|
312
312
|
SVFFunction(void) = delete;
|
|
313
313
|
virtual ~SVFFunction();
|
|
@@ -328,7 +328,7 @@ public:
|
|
|
328
328
|
|
|
329
329
|
inline bool isIntrinsic() const
|
|
330
330
|
{
|
|
331
|
-
return
|
|
331
|
+
return intrinsic;
|
|
332
332
|
}
|
|
333
333
|
|
|
334
334
|
inline bool hasAddressTaken() const
|
|
@@ -176,9 +176,12 @@ void SVFIR2ItvExeState::initValVar(const ValVar *valVar, u32_t varId)
|
|
|
176
176
|
|
|
177
177
|
if (const SVFType *type = valVar->getType())
|
|
178
178
|
{
|
|
179
|
-
//TODO:miss floatpointerty, voidty, labelty, matadataty
|
|
180
|
-
if (type->getKind() == SVFType::
|
|
181
|
-
|
|
179
|
+
// TODO:miss floatpointerty, voidty, labelty, matadataty
|
|
180
|
+
if (type->getKind() == SVFType::SVFIntegerTy ||
|
|
181
|
+
type->getKind() == SVFType::SVFPointerTy ||
|
|
182
|
+
type->getKind() == SVFType::SVFFunctionTy ||
|
|
183
|
+
type->getKind() == SVFType::SVFStructTy ||
|
|
184
|
+
type->getKind() == SVFType::SVFArrayTy)
|
|
182
185
|
// continue with null expression
|
|
183
186
|
_es[varId] = IntervalValue::top();
|
|
184
187
|
else
|
|
@@ -31,6 +31,7 @@
|
|
|
31
31
|
#include "SABER/SaberCheckerAPI.h"
|
|
32
32
|
#include "MemoryModel/PointerAnalysisImpl.h"
|
|
33
33
|
#include "Graphs/SVFG.h"
|
|
34
|
+
#include "Util/Options.h"
|
|
34
35
|
|
|
35
36
|
using namespace SVF;
|
|
36
37
|
using namespace SVFUtil;
|
|
@@ -99,17 +100,48 @@ void SaberSVFGBuilder::collectGlobals(BVDataPTAImpl* pta)
|
|
|
99
100
|
}
|
|
100
101
|
}
|
|
101
102
|
|
|
102
|
-
|
|
103
|
+
|
|
104
|
+
/*
|
|
105
|
+
* https://github.com/SVF-tools/SVF/issues/991
|
|
106
|
+
*
|
|
107
|
+
* Originally, this function will collect all base pointers with all their fields
|
|
108
|
+
* inside the points-to set of global variables. But if a global variable points
|
|
109
|
+
* to the pointer returned by malloc() at some program points, then all pointers
|
|
110
|
+
* returned by malloc() will be included in the global set because of the
|
|
111
|
+
* context-insensitive pointer analysis results. This will make saber abandon
|
|
112
|
+
* too many slicing thus miss potential bugs.
|
|
113
|
+
*
|
|
114
|
+
* We add an option "saber-collect-extret-globals" to control whether this function
|
|
115
|
+
* will collect external functions' returned pointers. This option is true by default,
|
|
116
|
+
* making it to be false will let saber analyze more slicing but cause performance downgrade.
|
|
117
|
+
*
|
|
118
|
+
*/
|
|
119
|
+
PointsTo& SaberSVFGBuilder::CollectPtsChain(BVDataPTAImpl* pta, NodeID id, NodeToPTSSMap& cachedPtsMap)
|
|
103
120
|
{
|
|
104
121
|
SVFIR* pag = svfg->getPAG();
|
|
105
122
|
|
|
106
123
|
NodeID baseId = pag->getBaseObjVar(id);
|
|
107
124
|
NodeToPTSSMap::iterator it = cachedPtsMap.find(baseId);
|
|
108
125
|
if(it!=cachedPtsMap.end())
|
|
126
|
+
{
|
|
109
127
|
return it->second;
|
|
128
|
+
}
|
|
110
129
|
else
|
|
111
130
|
{
|
|
112
131
|
PointsTo& pts = cachedPtsMap[baseId];
|
|
132
|
+
// base object
|
|
133
|
+
if (!Options::CollectExtRetGlobals())
|
|
134
|
+
{
|
|
135
|
+
if(pta->isFIObjNode(baseId) && pag->getGNode(baseId)->hasValue())
|
|
136
|
+
{
|
|
137
|
+
const SVFCallInst* inst = SVFUtil::dyn_cast<SVFCallInst>(pag->getGNode(baseId)->getValue());
|
|
138
|
+
if(inst && SVFUtil::isExtCall(inst))
|
|
139
|
+
{
|
|
140
|
+
return pts;
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
|
|
113
145
|
pts |= pag->getFieldsAfterCollapse(baseId);
|
|
114
146
|
|
|
115
147
|
WorkList worklist;
|
|
@@ -127,7 +159,6 @@ PointsTo& SaberSVFGBuilder::CollectPtsChain(BVDataPTAImpl* pta,NodeID id, NodeTo
|
|
|
127
159
|
}
|
|
128
160
|
return pts;
|
|
129
161
|
}
|
|
130
|
-
|
|
131
162
|
}
|
|
132
163
|
|
|
133
164
|
/*!
|
|
@@ -122,8 +122,12 @@ bool SVFLoopAndDomInfo::isLoopHeader(const SVFBasicBlock* bb) const
|
|
|
122
122
|
return false;
|
|
123
123
|
}
|
|
124
124
|
|
|
125
|
-
SVFFunction::SVFFunction(const std::string& f, const SVFType* ty,
|
|
126
|
-
|
|
125
|
+
SVFFunction::SVFFunction(const std::string& f, const SVFType* ty,
|
|
126
|
+
const SVFFunctionType* ft, bool declare, bool intrinsic,
|
|
127
|
+
bool adt, bool varg, SVFLoopAndDomInfo* ld)
|
|
128
|
+
: SVFValue(f, ty, SVFValue::SVFFunc), isDecl(declare), intrinsic(intrinsic),
|
|
129
|
+
addrTaken(adt), isUncalled(false), isNotRet(false), varArg(varg),
|
|
130
|
+
funcType(ft), loopAndDom(ld), realDefFun(nullptr)
|
|
127
131
|
{
|
|
128
132
|
}
|
|
129
133
|
|
package/svf/lib/Util/Options.cpp
CHANGED
|
@@ -679,6 +679,14 @@ const Option<bool> Options::PrintPathCond(
|
|
|
679
679
|
);
|
|
680
680
|
|
|
681
681
|
|
|
682
|
+
// SaberSVFGBuilder.cpp
|
|
683
|
+
const Option<bool> Options::CollectExtRetGlobals(
|
|
684
|
+
"saber-collect-extret-globals",
|
|
685
|
+
"Don't include pointers returned by external function during collecting globals",
|
|
686
|
+
true
|
|
687
|
+
);
|
|
688
|
+
|
|
689
|
+
|
|
682
690
|
// SVFUtil.cpp
|
|
683
691
|
const Option<bool> Options::DisableWarn(
|
|
684
692
|
"dwarn",
|
|
@@ -1045,7 +1045,7 @@ SVFType* LLVMModuleSet::addSVFTypeInfo(const Type* T)
|
|
|
1045
1045
|
if (const PointerType* pt = SVFUtil::dyn_cast<PointerType>(T))
|
|
1046
1046
|
svftype = new SVFPointerType(getSVFType(LLVMUtil::getPtrElementType(pt)));
|
|
1047
1047
|
else if (SVFUtil::isa<IntegerType>(T))
|
|
1048
|
-
svftype = new
|
|
1048
|
+
svftype = new SVFIntegerType();
|
|
1049
1049
|
else if (const FunctionType* ft = SVFUtil::dyn_cast<FunctionType>(T))
|
|
1050
1050
|
svftype = new SVFFunctionType(getSVFType(ft->getReturnType()));
|
|
1051
1051
|
else if (SVFUtil::isa<StructType>(T))
|