svf-tools 1.0.677 → 1.0.679

package/svf/include/SVFIR/SymbolTableInfo.h

@@ -47,6 +47,7 @@ class StInfo;
 class SymbolTableInfo
 {
     friend class SymbolTableBuilder;
+    friend class SVFIRWriter;
 
 public:
 
@@ -69,7 +70,7 @@ public:
     /// local (%) and global (@) identifiers are pointer types which have a value node id.
     typedef OrderedMap<const SVFValue*, SymID> ValueToIDMapTy;
     /// sym id to memory object map
-    typedef OrderedMap<SymID,MemObj*> IDToMemMapTy;
+    typedef OrderedMap<SymID, MemObj*> IDToMemMapTy;
     /// function to sym id map
     typedef OrderedMap<const SVFFunction*, SymID> FunToIDMapTy;
     /// struct type to struct info map
@@ -77,11 +78,11 @@ public:
     //@}
 
 private:
-    ValueToIDMapTy valSymMap;	///< map a value to its sym id
-    ValueToIDMapTy objSymMap;	///< map a obj reference to its sym id
-    FunToIDMapTy returnSymMap;		///< return  map
-    FunToIDMapTy varargSymMap;	    ///< vararg map
-    IDToMemMapTy		objMap;		///< map a memory sym id to its obj
+    ValueToIDMapTy valSymMap;  ///< map a value to its sym id
+    ValueToIDMapTy objSymMap;  ///< map a obj reference to its sym id
+    FunToIDMapTy returnSymMap; ///< return map
+    FunToIDMapTy varargSymMap; ///< vararg map
+    IDToMemMapTy objMap;       ///< map a memory sym id to its obj
 
     // Singleton pattern here to enable instance of SymbolTableInfo can only be created once.
     static SymbolTableInfo* symInfo;
@@ -100,8 +101,9 @@ private:
 
 protected:
     /// Constructor
-    SymbolTableInfo(void) :
-        mod(nullptr), modelConstants(false), totalSymNum(0), maxStruct(nullptr), maxStSize(0)
+    SymbolTableInfo(void)
+        : mod(nullptr), modelConstants(false), totalSymNum(0),
+          maxStruct(nullptr), maxStSize(0)
     {
     }
 
@@ -269,6 +271,11 @@ public:
         return objMap;
     }
 
+    inline const IDToMemMapTy& idToObjMap() const
+    {
+        return objMap;
+    }
+
     inline FunToIDMapTy& retSyms()
     {
         return returnSymMap;
@@ -347,6 +354,7 @@ protected:
  */
 class MemObj
 {
+    friend class SVFIRWriter;
 
 private:
     /// Type information of this object
@@ -424,7 +432,7 @@ public:
     //@}
 
     /// Operator overloading
-    inline bool operator==(const MemObj &mem) const
+    inline bool operator==(const MemObj& mem) const
     {
         return getValue() == mem.getValue();
     }
@@ -433,14 +441,14 @@ public:
     void destroy();
 };
 
-
-
 /*!
  * Type Info of an abstract memory object
  */
 class ObjTypeInfo
 {
+    friend class SVFIRWriter;
     friend class SymbolTableBuilder;
+
 public:
     typedef enum
     {

package/svf/include/Util/CommandLine.h

@@ -325,7 +325,7 @@ template <typename T>
 class Option : public OptionBase
 {
 public:
-    Option(std::string name, std::string description, T init)
+    Option(const std::string& name, const std::string& description, T init)
         : OptionBase(name, description), isExplicitlySet(false), value(init)
     {
         assert(!name.empty() && "Option: empty option name given");

package/svf/include/Util/Options.h

@@ -134,6 +134,7 @@ public:
     static const Option<bool> PAGDotGraph;
     static const Option<bool> ShowSVFIRValue;
     static const Option<bool> DumpICFG;
+    static const Option<std::string> DumpJson;
     static const Option<bool> CallGraphDotGraph;
     static const Option<bool> PAGPrint;
     static const Option<u32_t> IndirectCallLimit;

package/svf/include/Util/SparseBitVector.h

@@ -216,12 +216,16 @@ inline unsigned countPopulation(T Value)
 /// kept up to date.  They are also significantly more memory intensive.
 template <unsigned ElementSize = 128> struct SparseBitVectorElement
 {
+    friend class SVFIRWriter;
+
 public:
     using BitWord = unsigned long;
     using size_type = unsigned;
     enum
     {
         BITWORD_SIZE = sizeof(BitWord) * CHAR_BIT,
+        // N.B. (+ BITWORD_SIZE - 1) is to round up, to ensure we can have
+        // sufficient bits to represent *at least* ElementSize bits.
         BITWORDS_PER_ELEMENT = (ElementSize + BITWORD_SIZE - 1) / BITWORD_SIZE,
         BITS_PER_ELEMENT = ElementSize
     };
@@ -453,6 +457,8 @@ public:
 template <unsigned ElementSize = 128>
 class SparseBitVector
 {
+    friend class SVFIRWriter;
+
     using ElementList = std::list<SparseBitVectorElement<ElementSize>>;
     using ElementListIter = typename ElementList::iterator;
     using ElementListConstIter = typename ElementList::const_iterator;

package/svf/include/Util/ThreadAPI.h

@@ -46,24 +46,24 @@ class ThreadAPI
 public:
     enum TD_TYPE
     {
-        TD_DUMMY = 0,		/// dummy type
-        TD_FORK,         /// create a new thread
-        TD_JOIN,         /// wait for a thread to join
-        TD_DETACH,       /// detach a thread directly instead wait for it to join
-        TD_ACQUIRE,      /// acquire a lock
-        TD_TRY_ACQUIRE,  /// try to acquire a lock
-        TD_RELEASE,      /// release a lock
-        TD_EXIT,		   /// exit/kill a thread
-        TD_CANCEL,	   /// cancel a thread by another
-        TD_COND_WAIT,    /// wait a condition
-        TD_COND_SIGNAL,    /// signal a condition
-        TD_COND_BROADCAST,    /// broadcast a condition
-        TD_MUTEX_INI,	     /// initial a mutex variable
+        TD_DUMMY = 0,   /// dummy type
+        TD_FORK,        /// create a new thread
+        TD_JOIN,        /// wait for a thread to join
+        TD_DETACH,      /// detach a thread directly instead wait for it to join
+        TD_ACQUIRE,     /// acquire a lock
+        TD_TRY_ACQUIRE, /// try to acquire a lock
+        TD_RELEASE,     /// release a lock
+        TD_EXIT,        /// exit/kill a thread
+        TD_CANCEL,      /// cancel a thread by another
+        TD_COND_WAIT,   /// wait a condition
+        TD_COND_SIGNAL, /// signal a condition
+        TD_COND_BROADCAST,  /// broadcast a condition
+        TD_MUTEX_INI,       /// initial a mutex variable
         TD_MUTEX_DESTROY,   /// initial a mutex variable
-        TD_CONDVAR_INI,	   /// initial a mutex variable
+        TD_CONDVAR_INI,     /// initial a mutex variable
         TD_CONDVAR_DESTROY, /// initial a mutex variable
         TD_BAR_INIT,        /// Barrier init
-        TD_BAR_WAIT,         /// Barrier wait
+        TD_BAR_WAIT,        /// Barrier wait
         HARE_PAR_FOR
     };
 

package/svf/lib/AbstractExecution/SVFIR2ItvExeState.cpp

@@ -101,14 +101,17 @@ SVFIR2ItvExeState::VAddrs SVFIR2ItvExeState::getGepObjAddress(u32_t pointer, u32
     return ret;
 }
 
-
 std::pair<s32_t, s32_t> SVFIR2ItvExeState::getGepOffset(const GepStmt *gep)
 {
+    /// for instant constant index, e.g.  gep arr, 1
     if (gep->getOffsetVarAndGepTypePairVec().empty())
         return std::make_pair(gep->getConstantFieldIdx(), gep->getConstantFieldIdx());
 
     s32_t totalOffsetLb = 0;
     s32_t totalOffsetUb = 0;
+    /// default value of MaxFieldLimit is 512
+    u32_t maxFieldLimit = Options::MaxFieldLimit() - 1;
+    /// for variable index and nested indexes, e.g. 1) gep arr, idx  2) gep arr idx0, idx1
     for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
     {
         const SVFValue *value = gep->getOffsetVarAndGepTypePairVec()[i].first->getValue();
@@ -116,50 +119,88 @@ std::pair<s32_t, s32_t> SVFIR2ItvExeState::getGepOffset(const GepStmt *gep)
         const SVFConstantInt *op = SVFUtil::dyn_cast<SVFConstantInt>(value);
         s32_t offsetLb = 0;
         s32_t offsetUb = 0;
-        /// constant as the offset
+        /// offset is constant but stored in variable
         if (op)
         {
             offsetLb = offsetUb = op->getSExtValue();
         }
-        /// variable as the offset
+        /// offset is variable, the concrete value isn't sure util runtime, and maybe not a concrete value.
+        /// e.g.
         else
         {
             u32_t idx = _svfir->getValueNode(value);
             if (!inVarToIValTable(idx)) return std::make_pair(-1, -1);
             IntervalValue &idxVal = _es[idx];
-            if(idxVal.isBottom() || idxVal.isTop()) return std::make_pair(0, (s32_t)Options::MaxFieldLimit());
+            if (idxVal.isBottom() || idxVal.isTop()) return std::make_pair(0, (s32_t)Options::MaxFieldLimit());
+            // if idxVal is a concrete value
             if (idxVal.is_numeral())
             {
                 offsetLb = offsetUb = idxVal.lb().getNumeral();
             }
             else
             {
+                // if inxVal is an interval. we should make sure that idxVal.lb>0 && idxVal.ub<MaxFieldLimit
                 offsetLb = idxVal.lb().getNumeral() < 0 ? 0 : idxVal.lb().getNumeral();
+                offsetLb = idxVal.lb().getNumeral() > maxFieldLimit ? maxFieldLimit : offsetLb;
                 offsetUb = idxVal.ub().getNumeral() < 0 ? 0 : idxVal.ub().getNumeral();
+                offsetUb = idxVal.ub().getNumeral() > maxFieldLimit ? maxFieldLimit : offsetUb;
             }
         }
         if (type == nullptr)
         {
-            totalOffsetLb += offsetLb;
-            totalOffsetUb += offsetUb;
+            if ((long long) (totalOffsetLb + offsetLb) > maxFieldLimit)
+            {
+                totalOffsetLb = maxFieldLimit;
+            }
+            else
+            {
+                totalOffsetLb += offsetLb;
+            }
+
+            if ((long long) (totalOffsetUb + offsetUb) > maxFieldLimit)
+            {
+                totalOffsetUb = maxFieldLimit;
+            }
+            else
+            {
+                totalOffsetUb += offsetUb;
+            }
             continue;
         }
-        /// Caculate the offset
+
         if (const SVFPointerType *pty = SVFUtil::dyn_cast<SVFPointerType>(type))
         {
-            totalOffsetLb += offsetLb * gep->getLocationSet().getElementNum(pty->getPtrElementType());
-            totalOffsetUb += offsetUb * gep->getLocationSet().getElementNum(pty->getPtrElementType());
+            offsetLb = offsetLb * gep->getLocationSet().getElementNum(pty->getPtrElementType());
+            offsetUb = offsetUb * gep->getLocationSet().getElementNum(pty->getPtrElementType());
+
         }
         else
         {
             const std::vector<u32_t> &so = SymbolTableInfo::SymbolInfo()->getTypeInfo(type)->getFlattenedElemIdxVec();
-            if(so.empty() || (u32_t)offsetUb >= so.size() || (u32_t)offsetLb >= so.size()) return std::make_pair(-1, -1);
-            totalOffsetLb += SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, offsetLb);
-            totalOffsetUb += SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, offsetUb);
+            if (so.empty() || (u32_t) offsetUb >= so.size() || (u32_t) offsetLb >= so.size())
+                return std::make_pair(-1, -1);
+            offsetLb = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, offsetLb);
+            offsetUb = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, offsetUb);
+        }
+        if ((long long) (totalOffsetLb + offsetLb) > maxFieldLimit)
+        {
+            totalOffsetLb = maxFieldLimit;
+        }
+        else
+        {
+            totalOffsetLb += offsetLb;
+        }
+        if ((long long) (totalOffsetUb + offsetUb) > maxFieldLimit)
+        {
+            totalOffsetUb = maxFieldLimit;
+        }
+        else
+        {
+            totalOffsetUb += offsetUb;
         }
     }
     std::pair<s32_t, s32_t> offSetPair;
-    offSetPair.first =  totalOffsetLb;
+    offSetPair.first = totalOffsetLb;
     offSetPair.second = totalOffsetUb;
     return offSetPair;
 }
@@ -646,10 +687,12 @@ void SVFIR2ItvExeState::translateGep(const GepStmt *gep)
 {
     u32_t rhs = gep->getRHSVarID();
     u32_t lhs = gep->getLHSVarID();
+    if (!inVarToAddrsTable(rhs)) return;
+    assert(!getVAddrs(rhs).empty());
     VAddrs &rhsVal = getVAddrs(rhs);
     if (rhsVal.empty()) return;
     std::pair<s32_t, s32_t> offsetPair = getGepOffset(gep);
-    if(offsetPair.first == -1 && offsetPair.second == -1) return;
+    if (offsetPair.first == -1 && offsetPair.second == -1) return;
     if (!isVirtualMemAddress(*rhsVal.begin()))
     {
         return;
@@ -658,15 +701,16 @@ void SVFIR2ItvExeState::translateGep(const GepStmt *gep)
     {
         VAddrs gepAddrs;
         s32_t ub = offsetPair.second;
-        if (offsetPair.second - offsetPair.first > (s32_t)Options::MaxFieldLimit() - 1)
+        if (offsetPair.second > (s32_t) Options::MaxFieldLimit() - 1)
         {
-            ub = offsetPair.first + (s32_t)Options::MaxFieldLimit() - 1;
+            ub = Options::MaxFieldLimit() - 1;
         }
         for (s32_t i = offsetPair.first; i <= ub; i++)
         {
             gepAddrs.join_with(getGepObjAddress(rhs, i));
         }
-        getEs().getVAddrs(lhs) = gepAddrs;
+        if(gepAddrs.empty()) return;
+        _es.getVAddrs(lhs) = gepAddrs;
         return;
     }
 }

package/svf/lib/Graphs/ICFG.cpp

@@ -47,7 +47,8 @@ FunEntryICFGNode::FunEntryICFGNode(NodeID id, const SVFFunction* f) : InterICFGN
     }
 }
 
-FunExitICFGNode::FunExitICFGNode(NodeID id, const SVFFunction* f) : InterICFGNode(id, FunExitBlock), formalRet(nullptr)
+FunExitICFGNode::FunExitICFGNode(NodeID id, const SVFFunction* f)
+    : InterICFGNode(id, FunExitBlock), formalRet(nullptr)
 {
     fun = f;
     // if function is implemented
@@ -55,10 +56,8 @@ FunExitICFGNode::FunExitICFGNode(NodeID id, const SVFFunction* f) : InterICFGNod
     {
         bb = f->getExitBB();
     }
-
 }
 
-
 const std::string ICFGNode::toString() const
 {
     std::string str;