svf-tools 1.0.682 → 1.0.684
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/svf/include/AbstractExecution/BoundedZ3Expr.h +353 -0
- package/svf/include/AbstractExecution/IntervalValue.h +54 -46
- package/svf/include/AbstractExecution/NumericLiteral.h +117 -62
- package/svf/lib/SVFIR/SVFIRRW.cpp +3 -2
- package/svf-llvm/include/SVF-LLVM/LLVMModule.h +1 -1
- package/svf-llvm/lib/LLVMModule.cpp +123 -151
- package/svf-llvm/lib/SymbolTableBuilder.cpp +159 -116
|
@@ -48,7 +48,9 @@ MemObj* SymbolTableBuilder::createBlkObj(SymID symId)
|
|
|
48
48
|
assert(symInfo->isBlkObj(symId));
|
|
49
49
|
assert(symInfo->objMap.find(symId)==symInfo->objMap.end());
|
|
50
50
|
LLVMModuleSet* llvmset = LLVMModuleSet::getLLVMModuleSet();
|
|
51
|
-
MemObj* obj =
|
|
51
|
+
MemObj* obj =
|
|
52
|
+
new MemObj(symId, symInfo->createObjTypeInfo(llvmset->getSVFType(
|
|
53
|
+
IntegerType::get(llvmset->getContext(), 32))));
|
|
52
54
|
symInfo->objMap[symId] = obj;
|
|
53
55
|
return obj;
|
|
54
56
|
}
|
|
@@ -58,7 +60,9 @@ MemObj* SymbolTableBuilder::createConstantObj(SymID symId)
|
|
|
58
60
|
assert(symInfo->isConstantObj(symId));
|
|
59
61
|
assert(symInfo->objMap.find(symId)==symInfo->objMap.end());
|
|
60
62
|
LLVMModuleSet* llvmset = LLVMModuleSet::getLLVMModuleSet();
|
|
61
|
-
MemObj* obj =
|
|
63
|
+
MemObj* obj =
|
|
64
|
+
new MemObj(symId, symInfo->createObjTypeInfo(llvmset->getSVFType(
|
|
65
|
+
IntegerType::get(llvmset->getContext(), 32))));
|
|
62
66
|
symInfo->objMap[symId] = obj;
|
|
63
67
|
return obj;
|
|
64
68
|
}
|
|
@@ -90,64 +94,63 @@ void SymbolTableBuilder::buildMemModel(SVFModule* svfModule)
|
|
|
90
94
|
for (Module &M : LLVMModuleSet::getLLVMModuleSet()->getLLVMModules())
|
|
91
95
|
{
|
|
92
96
|
// Add symbols for all the globals .
|
|
93
|
-
for (
|
|
97
|
+
for (const GlobalVariable& gv : M.globals())
|
|
94
98
|
{
|
|
95
|
-
collectSym(
|
|
99
|
+
collectSym(&gv);
|
|
96
100
|
}
|
|
97
101
|
|
|
98
102
|
// Add symbols for all the global aliases
|
|
99
|
-
for (
|
|
103
|
+
for (const GlobalAlias& ga : M.aliases())
|
|
100
104
|
{
|
|
101
|
-
collectSym(
|
|
102
|
-
collectSym(
|
|
105
|
+
collectSym(&ga);
|
|
106
|
+
collectSym(ga.getAliasee());
|
|
103
107
|
}
|
|
104
108
|
|
|
105
109
|
// Add symbols for all of the functions and the instructions in them.
|
|
106
|
-
for (
|
|
110
|
+
for (const Function& fun : M.functions())
|
|
107
111
|
{
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
collectVararg(fun);
|
|
112
|
+
collectSym(&fun);
|
|
113
|
+
collectRet(&fun);
|
|
114
|
+
if (fun.getFunctionType()->isVarArg())
|
|
115
|
+
collectVararg(&fun);
|
|
113
116
|
|
|
114
117
|
// Add symbols for all formal parameters.
|
|
115
|
-
for (
|
|
116
|
-
I != E; ++I)
|
|
118
|
+
for (const Argument& arg : fun.args())
|
|
117
119
|
{
|
|
118
|
-
collectSym(
|
|
120
|
+
collectSym(&arg);
|
|
119
121
|
}
|
|
120
122
|
|
|
121
123
|
// collect and create symbols inside the function body
|
|
122
|
-
for (
|
|
124
|
+
for (const Instruction& inst : instructions(fun))
|
|
123
125
|
{
|
|
124
|
-
|
|
125
|
-
collectSym(inst);
|
|
126
|
+
collectSym(&inst);
|
|
126
127
|
|
|
127
128
|
// initialization for some special instructions
|
|
128
129
|
//{@
|
|
129
|
-
if (const StoreInst
|
|
130
|
+
if (const StoreInst* st = SVFUtil::dyn_cast<StoreInst>(&inst))
|
|
130
131
|
{
|
|
131
132
|
collectSym(st->getPointerOperand());
|
|
132
133
|
collectSym(st->getValueOperand());
|
|
133
134
|
}
|
|
134
|
-
else if (const LoadInst
|
|
135
|
+
else if (const LoadInst* ld =
|
|
136
|
+
SVFUtil::dyn_cast<LoadInst>(&inst))
|
|
135
137
|
{
|
|
136
138
|
collectSym(ld->getPointerOperand());
|
|
137
139
|
}
|
|
138
|
-
else if (const AllocaInst
|
|
140
|
+
else if (const AllocaInst* alloc =
|
|
141
|
+
SVFUtil::dyn_cast<AllocaInst>(&inst))
|
|
139
142
|
{
|
|
140
143
|
collectSym(alloc->getArraySize());
|
|
141
144
|
}
|
|
142
|
-
else if (const PHINode
|
|
145
|
+
else if (const PHINode* phi = SVFUtil::dyn_cast<PHINode>(&inst))
|
|
143
146
|
{
|
|
144
147
|
for (u32_t i = 0; i < phi->getNumIncomingValues(); ++i)
|
|
145
148
|
{
|
|
146
149
|
collectSym(phi->getIncomingValue(i));
|
|
147
150
|
}
|
|
148
151
|
}
|
|
149
|
-
else if (const GetElementPtrInst
|
|
150
|
-
|
|
152
|
+
else if (const GetElementPtrInst* gep =
|
|
153
|
+
SVFUtil::dyn_cast<GetElementPtrInst>(&inst))
|
|
151
154
|
{
|
|
152
155
|
collectSym(gep->getPointerOperand());
|
|
153
156
|
for (u32_t i = 0; i < gep->getNumOperands(); ++i)
|
|
@@ -155,61 +158,67 @@ void SymbolTableBuilder::buildMemModel(SVFModule* svfModule)
|
|
|
155
158
|
collectSym(gep->getOperand(i));
|
|
156
159
|
}
|
|
157
160
|
}
|
|
158
|
-
else if (const SelectInst
|
|
161
|
+
else if (const SelectInst* sel =
|
|
162
|
+
SVFUtil::dyn_cast<SelectInst>(&inst))
|
|
159
163
|
{
|
|
160
164
|
collectSym(sel->getTrueValue());
|
|
161
165
|
collectSym(sel->getFalseValue());
|
|
162
166
|
collectSym(sel->getCondition());
|
|
163
167
|
}
|
|
164
|
-
else if (const BinaryOperator
|
|
168
|
+
else if (const BinaryOperator* binary =
|
|
169
|
+
SVFUtil::dyn_cast<BinaryOperator>(&inst))
|
|
165
170
|
{
|
|
166
171
|
for (u32_t i = 0; i < binary->getNumOperands(); i++)
|
|
167
172
|
collectSym(binary->getOperand(i));
|
|
168
173
|
}
|
|
169
|
-
else if (const UnaryOperator
|
|
174
|
+
else if (const UnaryOperator* unary =
|
|
175
|
+
SVFUtil::dyn_cast<UnaryOperator>(&inst))
|
|
170
176
|
{
|
|
171
177
|
for (u32_t i = 0; i < unary->getNumOperands(); i++)
|
|
172
178
|
collectSym(unary->getOperand(i));
|
|
173
179
|
}
|
|
174
|
-
else if (const CmpInst
|
|
180
|
+
else if (const CmpInst* cmp = SVFUtil::dyn_cast<CmpInst>(&inst))
|
|
175
181
|
{
|
|
176
182
|
for (u32_t i = 0; i < cmp->getNumOperands(); i++)
|
|
177
183
|
collectSym(cmp->getOperand(i));
|
|
178
184
|
}
|
|
179
|
-
else if (const CastInst
|
|
185
|
+
else if (const CastInst* cast =
|
|
186
|
+
SVFUtil::dyn_cast<CastInst>(&inst))
|
|
180
187
|
{
|
|
181
188
|
collectSym(cast->getOperand(0));
|
|
182
189
|
}
|
|
183
|
-
else if (const ReturnInst
|
|
190
|
+
else if (const ReturnInst* ret =
|
|
191
|
+
SVFUtil::dyn_cast<ReturnInst>(&inst))
|
|
184
192
|
{
|
|
185
|
-
if(ret->getReturnValue())
|
|
193
|
+
if (ret->getReturnValue())
|
|
186
194
|
collectSym(ret->getReturnValue());
|
|
187
195
|
}
|
|
188
|
-
else if (const BranchInst
|
|
196
|
+
else if (const BranchInst* br =
|
|
197
|
+
SVFUtil::dyn_cast<BranchInst>(&inst))
|
|
189
198
|
{
|
|
190
199
|
Value* opnd = br->isConditional() ? br->getCondition() : br->getOperand(0);
|
|
191
200
|
collectSym(opnd);
|
|
192
201
|
}
|
|
193
|
-
else if (const SwitchInst
|
|
202
|
+
else if (const SwitchInst* sw =
|
|
203
|
+
SVFUtil::dyn_cast<SwitchInst>(&inst))
|
|
194
204
|
{
|
|
195
205
|
collectSym(sw->getCondition());
|
|
196
206
|
}
|
|
197
|
-
else if (isNonInstricCallSite(LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(inst)))
|
|
207
|
+
else if (isNonInstricCallSite(LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(&inst)))
|
|
198
208
|
{
|
|
199
209
|
|
|
200
|
-
const CallBase* cs = LLVMUtil::getLLVMCallSite(inst);
|
|
210
|
+
const CallBase* cs = LLVMUtil::getLLVMCallSite(&inst);
|
|
201
211
|
for (u32_t i = 0; i < cs->arg_size(); i++)
|
|
202
212
|
{
|
|
203
213
|
collectSym(cs->getArgOperand(i));
|
|
204
214
|
}
|
|
205
|
-
// Calls to inline asm need to be added as well because the
|
|
206
|
-
// referenced anywhere else.
|
|
207
|
-
const Value
|
|
215
|
+
// Calls to inline asm need to be added as well because the
|
|
216
|
+
// callee isn't referenced anywhere else.
|
|
217
|
+
const Value* Callee = cs->getCalledOperand();
|
|
208
218
|
collectSym(Callee);
|
|
209
219
|
|
|
210
|
-
//TODO handle inlineAsm
|
|
211
|
-
///if (SVFUtil::isa<InlineAsm>(Callee))
|
|
212
|
-
|
|
220
|
+
// TODO handle inlineAsm
|
|
221
|
+
/// if (SVFUtil::isa<InlineAsm>(Callee))
|
|
213
222
|
}
|
|
214
223
|
//@}
|
|
215
224
|
}
|
|
@@ -233,7 +242,9 @@ void SymbolTableBuilder::collectSVFTypeInfo(const Value* val)
|
|
|
233
242
|
}
|
|
234
243
|
if(isGepConstantExpr(val) || SVFUtil::isa<GetElementPtrInst>(val))
|
|
235
244
|
{
|
|
236
|
-
for (bridge_gep_iterator
|
|
245
|
+
for (bridge_gep_iterator
|
|
246
|
+
gi = bridge_gep_begin(SVFUtil::cast<User>(val)),
|
|
247
|
+
ge = bridge_gep_end(SVFUtil::cast<User>(val));
|
|
237
248
|
gi != ge; ++gi)
|
|
238
249
|
{
|
|
239
250
|
const Type* gepTy = *gi;
|
|
@@ -245,12 +256,16 @@ void SymbolTableBuilder::collectSVFTypeInfo(const Value* val)
|
|
|
245
256
|
/*!
|
|
246
257
|
* Collect symbols, including value and object syms
|
|
247
258
|
*/
|
|
248
|
-
void SymbolTableBuilder::collectSym(const Value
|
|
259
|
+
void SymbolTableBuilder::collectSym(const Value* val)
|
|
249
260
|
{
|
|
250
261
|
|
|
251
262
|
//TODO: filter the non-pointer type // if (!SVFUtil::isa<PointerType>(val->getType())) return;
|
|
252
263
|
|
|
253
|
-
DBOUT(DMemModel,
|
|
264
|
+
DBOUT(DMemModel,
|
|
265
|
+
outs()
|
|
266
|
+
<< "collect sym from ##"
|
|
267
|
+
<< LLVMModuleSet::getLLVMModuleSet()->getSVFValue(val)->toString()
|
|
268
|
+
<< " \n");
|
|
254
269
|
//TODO handle constant expression value here??
|
|
255
270
|
handleCE(val);
|
|
256
271
|
|
|
@@ -270,14 +285,15 @@ void SymbolTableBuilder::collectSym(const Value *val)
|
|
|
270
285
|
/*!
|
|
271
286
|
* Get value sym, if not available create a new one
|
|
272
287
|
*/
|
|
273
|
-
void SymbolTableBuilder::collectVal(const Value
|
|
288
|
+
void SymbolTableBuilder::collectVal(const Value* val)
|
|
274
289
|
{
|
|
275
290
|
// collect and record special sym here
|
|
276
291
|
if (LLVMUtil::isNullPtrSym(val) || LLVMUtil::isBlackholeSym(val))
|
|
277
292
|
{
|
|
278
293
|
return;
|
|
279
294
|
}
|
|
280
|
-
SymbolTableInfo::ValueToIDMapTy::iterator iter = symInfo->valSymMap.find(
|
|
295
|
+
SymbolTableInfo::ValueToIDMapTy::iterator iter = symInfo->valSymMap.find(
|
|
296
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFValue(val));
|
|
281
297
|
if (iter == symInfo->valSymMap.end())
|
|
282
298
|
{
|
|
283
299
|
// create val sym and sym type
|
|
@@ -298,10 +314,11 @@ void SymbolTableBuilder::collectVal(const Value *val)
|
|
|
298
314
|
/*!
|
|
299
315
|
* Get memory object sym, if not available create a new one
|
|
300
316
|
*/
|
|
301
|
-
void SymbolTableBuilder::collectObj(const Value
|
|
317
|
+
void SymbolTableBuilder::collectObj(const Value* val)
|
|
302
318
|
{
|
|
303
319
|
val = LLVMUtil::getGlobalRep(val);
|
|
304
|
-
SymbolTableInfo::ValueToIDMapTy::iterator iter = symInfo->objSymMap.find(
|
|
320
|
+
SymbolTableInfo::ValueToIDMapTy::iterator iter = symInfo->objSymMap.find(
|
|
321
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFValue(val));
|
|
305
322
|
if (iter == symInfo->objSymMap.end())
|
|
306
323
|
{
|
|
307
324
|
SVFValue* svfVal = LLVMModuleSet::getLLVMModuleSet()->getSVFValue(val);
|
|
@@ -321,7 +338,9 @@ void SymbolTableBuilder::collectObj(const Value *val)
|
|
|
321
338
|
outs() << "create a new obj sym " << id << "\n");
|
|
322
339
|
|
|
323
340
|
// create a memory object
|
|
324
|
-
MemObj* mem =
|
|
341
|
+
MemObj* mem =
|
|
342
|
+
new MemObj(id, createObjTypeInfo(val),
|
|
343
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFValue(val));
|
|
325
344
|
assert(symInfo->objMap.find(id) == symInfo->objMap.end());
|
|
326
345
|
symInfo->objMap[id] = mem;
|
|
327
346
|
}
|
|
@@ -331,47 +350,51 @@ void SymbolTableBuilder::collectObj(const Value *val)
|
|
|
331
350
|
/*!
|
|
332
351
|
* Create unique return sym, if not available create a new one
|
|
333
352
|
*/
|
|
334
|
-
void SymbolTableBuilder::collectRet(const Function
|
|
353
|
+
void SymbolTableBuilder::collectRet(const Function* val)
|
|
335
354
|
{
|
|
336
|
-
const SVFFunction* svffun =
|
|
337
|
-
|
|
355
|
+
const SVFFunction* svffun =
|
|
356
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFFunction(val);
|
|
357
|
+
SymbolTableInfo::FunToIDMapTy::iterator iter =
|
|
358
|
+
symInfo->returnSymMap.find(svffun);
|
|
338
359
|
if (iter == symInfo->returnSymMap.end())
|
|
339
360
|
{
|
|
340
361
|
SymID id = NodeIDAllocator::get()->allocateValueId();
|
|
341
362
|
symInfo->returnSymMap.insert(std::make_pair(svffun, id));
|
|
342
|
-
DBOUT(DMemModel,
|
|
343
|
-
outs() << "create a return sym " << id << "\n");
|
|
363
|
+
DBOUT(DMemModel, outs() << "create a return sym " << id << "\n");
|
|
344
364
|
}
|
|
345
365
|
}
|
|
346
366
|
|
|
347
367
|
/*!
|
|
348
368
|
* Create vararg sym, if not available create a new one
|
|
349
369
|
*/
|
|
350
|
-
void SymbolTableBuilder::collectVararg(const Function
|
|
370
|
+
void SymbolTableBuilder::collectVararg(const Function* val)
|
|
351
371
|
{
|
|
352
|
-
const SVFFunction* svffun =
|
|
353
|
-
|
|
372
|
+
const SVFFunction* svffun =
|
|
373
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFFunction(val);
|
|
374
|
+
SymbolTableInfo::FunToIDMapTy::iterator iter =
|
|
375
|
+
symInfo->varargSymMap.find(svffun);
|
|
354
376
|
if (iter == symInfo->varargSymMap.end())
|
|
355
377
|
{
|
|
356
378
|
SymID id = NodeIDAllocator::get()->allocateValueId();
|
|
357
379
|
symInfo->varargSymMap.insert(std::make_pair(svffun, id));
|
|
358
|
-
DBOUT(DMemModel,
|
|
359
|
-
outs() << "create a vararg sym " << id << "\n");
|
|
380
|
+
DBOUT(DMemModel, outs() << "create a vararg sym " << id << "\n");
|
|
360
381
|
}
|
|
361
382
|
}
|
|
362
383
|
|
|
363
|
-
|
|
364
384
|
/*!
|
|
365
385
|
* Handle constant expression
|
|
366
386
|
*/
|
|
367
|
-
void SymbolTableBuilder::handleCE(const Value
|
|
387
|
+
void SymbolTableBuilder::handleCE(const Value* val)
|
|
368
388
|
{
|
|
369
389
|
if (const Constant* ref = SVFUtil::dyn_cast<Constant>(val))
|
|
370
390
|
{
|
|
371
391
|
if (const ConstantExpr* ce = isGepConstantExpr(ref))
|
|
372
392
|
{
|
|
373
|
-
DBOUT(DMemModelCE,
|
|
374
|
-
|
|
393
|
+
DBOUT(DMemModelCE, outs() << "handle constant expression "
|
|
394
|
+
<< LLVMModuleSet::getLLVMModuleSet()
|
|
395
|
+
->getSVFValue(ref)
|
|
396
|
+
->toString()
|
|
397
|
+
<< "\n");
|
|
375
398
|
collectVal(ce);
|
|
376
399
|
|
|
377
400
|
// handle the recursive constant express case
|
|
@@ -384,8 +407,11 @@ void SymbolTableBuilder::handleCE(const Value *val)
|
|
|
384
407
|
}
|
|
385
408
|
else if (const ConstantExpr* ce = isCastConstantExpr(ref))
|
|
386
409
|
{
|
|
387
|
-
DBOUT(DMemModelCE,
|
|
388
|
-
|
|
410
|
+
DBOUT(DMemModelCE, outs() << "handle constant expression "
|
|
411
|
+
<< LLVMModuleSet::getLLVMModuleSet()
|
|
412
|
+
->getSVFValue(ref)
|
|
413
|
+
->toString()
|
|
414
|
+
<< "\n");
|
|
389
415
|
collectVal(ce);
|
|
390
416
|
collectVal(ce->getOperand(0));
|
|
391
417
|
// handle the recursive constant express case
|
|
@@ -394,8 +420,11 @@ void SymbolTableBuilder::handleCE(const Value *val)
|
|
|
394
420
|
}
|
|
395
421
|
else if (const ConstantExpr* ce = isSelectConstantExpr(ref))
|
|
396
422
|
{
|
|
397
|
-
DBOUT(DMemModelCE,
|
|
398
|
-
|
|
423
|
+
DBOUT(DMemModelCE, outs() << "handle constant expression "
|
|
424
|
+
<< LLVMModuleSet::getLLVMModuleSet()
|
|
425
|
+
->getSVFValue(ref)
|
|
426
|
+
->toString()
|
|
427
|
+
<< "\n");
|
|
399
428
|
collectVal(ce);
|
|
400
429
|
collectVal(ce->getOperand(0));
|
|
401
430
|
collectVal(ce->getOperand(1));
|
|
@@ -407,14 +436,14 @@ void SymbolTableBuilder::handleCE(const Value *val)
|
|
|
407
436
|
handleCE(ce->getOperand(2));
|
|
408
437
|
}
|
|
409
438
|
// if we meet a int2ptr, then it points-to black hole
|
|
410
|
-
else if (const ConstantExpr
|
|
439
|
+
else if (const ConstantExpr* int2Ptrce = isInt2PtrConstantExpr(ref))
|
|
411
440
|
{
|
|
412
441
|
collectVal(int2Ptrce);
|
|
413
442
|
}
|
|
414
|
-
else if (const ConstantExpr
|
|
443
|
+
else if (const ConstantExpr* ptr2Intce = isPtr2IntConstantExpr(ref))
|
|
415
444
|
{
|
|
416
445
|
collectVal(ptr2Intce);
|
|
417
|
-
const Constant
|
|
446
|
+
const Constant* opnd = ptr2Intce->getOperand(0);
|
|
418
447
|
handleCE(opnd);
|
|
419
448
|
}
|
|
420
449
|
else if (isTruncConstantExpr(ref) || isCmpConstantExpr(ref))
|
|
@@ -437,8 +466,8 @@ void SymbolTableBuilder::handleCE(const Value *val)
|
|
|
437
466
|
}
|
|
438
467
|
else
|
|
439
468
|
{
|
|
440
|
-
|
|
441
|
-
|
|
469
|
+
assert(!SVFUtil::isa<ConstantExpr>(val) &&
|
|
470
|
+
"we don't handle all other constant expression for now!");
|
|
442
471
|
collectVal(ref);
|
|
443
472
|
}
|
|
444
473
|
}
|
|
@@ -447,7 +476,7 @@ void SymbolTableBuilder::handleCE(const Value *val)
|
|
|
447
476
|
/*!
|
|
448
477
|
* Handle global constant expression
|
|
449
478
|
*/
|
|
450
|
-
void SymbolTableBuilder::handleGlobalCE(const GlobalVariable
|
|
479
|
+
void SymbolTableBuilder::handleGlobalCE(const GlobalVariable* G)
|
|
451
480
|
{
|
|
452
481
|
assert(G);
|
|
453
482
|
|
|
@@ -455,30 +484,25 @@ void SymbolTableBuilder::handleGlobalCE(const GlobalVariable *G)
|
|
|
455
484
|
const Type* T = G->getValueType();
|
|
456
485
|
bool is_array = 0;
|
|
457
486
|
//An array is considered a single variable of its type.
|
|
458
|
-
while (const ArrayType
|
|
487
|
+
while (const ArrayType* AT = SVFUtil::dyn_cast<ArrayType>(T))
|
|
459
488
|
{
|
|
460
489
|
T = AT->getElementType();
|
|
461
|
-
is_array =
|
|
490
|
+
is_array = true;
|
|
462
491
|
}
|
|
463
492
|
|
|
464
493
|
if (SVFUtil::isa<StructType>(T))
|
|
465
494
|
{
|
|
466
495
|
//A struct may be used in constant GEP expr.
|
|
467
|
-
for (
|
|
468
|
-
it != ie; ++it)
|
|
496
|
+
for (const User* user : G->users())
|
|
469
497
|
{
|
|
470
|
-
handleCE(
|
|
498
|
+
handleCE(user);
|
|
471
499
|
}
|
|
472
500
|
}
|
|
473
|
-
else
|
|
501
|
+
else if (is_array)
|
|
474
502
|
{
|
|
475
|
-
|
|
503
|
+
for (const User* user : G->users())
|
|
476
504
|
{
|
|
477
|
-
|
|
478
|
-
G->user_end(); it != ie; ++it)
|
|
479
|
-
{
|
|
480
|
-
handleCE(*it);
|
|
481
|
-
}
|
|
505
|
+
handleCE(user);
|
|
482
506
|
}
|
|
483
507
|
}
|
|
484
508
|
|
|
@@ -491,12 +515,12 @@ void SymbolTableBuilder::handleGlobalCE(const GlobalVariable *G)
|
|
|
491
515
|
/*!
|
|
492
516
|
* Handle global variable initialization
|
|
493
517
|
*/
|
|
494
|
-
void SymbolTableBuilder::handleGlobalInitializerCE(const Constant
|
|
518
|
+
void SymbolTableBuilder::handleGlobalInitializerCE(const Constant* C)
|
|
495
519
|
{
|
|
496
520
|
|
|
497
521
|
if (C->getType()->isSingleValueType())
|
|
498
522
|
{
|
|
499
|
-
if (const ConstantExpr
|
|
523
|
+
if (const ConstantExpr* E = SVFUtil::dyn_cast<ConstantExpr>(C))
|
|
500
524
|
{
|
|
501
525
|
handleCE(E);
|
|
502
526
|
}
|
|
@@ -521,9 +545,10 @@ void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C)
|
|
|
521
545
|
}
|
|
522
546
|
else if(const ConstantData* data = SVFUtil::dyn_cast<ConstantData>(C))
|
|
523
547
|
{
|
|
524
|
-
if(Options::ModelConsts())
|
|
548
|
+
if (Options::ModelConsts())
|
|
525
549
|
{
|
|
526
|
-
if(const ConstantDataSequential* seq =
|
|
550
|
+
if (const ConstantDataSequential* seq =
|
|
551
|
+
SVFUtil::dyn_cast<ConstantDataSequential>(data))
|
|
527
552
|
{
|
|
528
553
|
for(u32_t i = 0; i < seq->getNumElements(); i++)
|
|
529
554
|
{
|
|
@@ -533,8 +558,9 @@ void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C)
|
|
|
533
558
|
}
|
|
534
559
|
else
|
|
535
560
|
{
|
|
536
|
-
assert(
|
|
537
|
-
|
|
561
|
+
assert(
|
|
562
|
+
(SVFUtil::isa<ConstantAggregateZero, UndefValue>(data)) &&
|
|
563
|
+
"Single value type data should have been handled!");
|
|
538
564
|
}
|
|
539
565
|
}
|
|
540
566
|
}
|
|
@@ -547,9 +573,9 @@ void SymbolTableBuilder::handleGlobalInitializerCE(const Constant *C)
|
|
|
547
573
|
/*
|
|
548
574
|
* Initial the memory object here
|
|
549
575
|
*/
|
|
550
|
-
ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value
|
|
576
|
+
ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value* val)
|
|
551
577
|
{
|
|
552
|
-
const PointerType
|
|
578
|
+
const PointerType* refTy = nullptr;
|
|
553
579
|
|
|
554
580
|
const Instruction* I = SVFUtil::dyn_cast<Instruction>(val);
|
|
555
581
|
|
|
@@ -566,7 +592,9 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
|
|
|
566
592
|
if (refTy)
|
|
567
593
|
{
|
|
568
594
|
Type* objTy = getPtrElementType(refTy);
|
|
569
|
-
ObjTypeInfo* typeInfo = new ObjTypeInfo(
|
|
595
|
+
ObjTypeInfo* typeInfo = new ObjTypeInfo(
|
|
596
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFType(objTy),
|
|
597
|
+
Options::MaxFieldLimit());
|
|
570
598
|
initTypeInfo(typeInfo,val, objTy);
|
|
571
599
|
return typeInfo;
|
|
572
600
|
}
|
|
@@ -575,9 +603,11 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
|
|
|
575
603
|
writeWrnMsg("try to create an object with a non-pointer type.");
|
|
576
604
|
writeWrnMsg(val->getName().str());
|
|
577
605
|
writeWrnMsg("(" + LLVMModuleSet::getLLVMModuleSet()->getSVFValue(val)->getSourceLoc() + ")");
|
|
578
|
-
if(isConstantObjSym(val))
|
|
606
|
+
if (isConstantObjSym(val))
|
|
579
607
|
{
|
|
580
|
-
ObjTypeInfo* typeInfo = new ObjTypeInfo(
|
|
608
|
+
ObjTypeInfo* typeInfo = new ObjTypeInfo(
|
|
609
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFType(val->getType()),
|
|
610
|
+
0);
|
|
581
611
|
initTypeInfo(typeInfo,val, val->getType());
|
|
582
612
|
return typeInfo;
|
|
583
613
|
}
|
|
@@ -595,33 +625,37 @@ ObjTypeInfo* SymbolTableBuilder::createObjTypeInfo(const Value *val)
|
|
|
595
625
|
void SymbolTableBuilder::analyzeObjType(ObjTypeInfo* typeinfo, const Value* val)
|
|
596
626
|
{
|
|
597
627
|
|
|
598
|
-
const PointerType
|
|
628
|
+
const PointerType* refty = SVFUtil::dyn_cast<PointerType>(val->getType());
|
|
599
629
|
assert(refty && "this value should be a pointer type!");
|
|
600
630
|
Type* elemTy = getPtrElementType(refty);
|
|
601
631
|
bool isPtrObj = false;
|
|
602
632
|
// Find the inter nested array element
|
|
603
|
-
while (const ArrayType
|
|
633
|
+
while (const ArrayType* AT = SVFUtil::dyn_cast<ArrayType>(elemTy))
|
|
604
634
|
{
|
|
605
635
|
elemTy = AT->getElementType();
|
|
606
|
-
if(elemTy->isPointerTy())
|
|
636
|
+
if (elemTy->isPointerTy())
|
|
607
637
|
isPtrObj = true;
|
|
608
|
-
if(SVFUtil::isa<GlobalVariable>(val) &&
|
|
609
|
-
|
|
638
|
+
if (SVFUtil::isa<GlobalVariable>(val) &&
|
|
639
|
+
SVFUtil::cast<GlobalVariable>(val)->hasInitializer() &&
|
|
640
|
+
SVFUtil::isa<ConstantArray>(
|
|
641
|
+
SVFUtil::cast<GlobalVariable>(val)->getInitializer()))
|
|
610
642
|
typeinfo->setFlag(ObjTypeInfo::CONST_ARRAY_OBJ);
|
|
611
643
|
else
|
|
612
644
|
typeinfo->setFlag(ObjTypeInfo::VAR_ARRAY_OBJ);
|
|
613
645
|
}
|
|
614
|
-
if (const StructType
|
|
646
|
+
if (const StructType* ST = SVFUtil::dyn_cast<StructType>(elemTy))
|
|
615
647
|
{
|
|
616
|
-
const std::vector<const SVFType*>& flattenFields =
|
|
617
|
-
|
|
618
|
-
|
|
648
|
+
const std::vector<const SVFType*>& flattenFields =
|
|
649
|
+
getOrAddSVFTypeInfo(ST)->getFlattenFieldTypes();
|
|
650
|
+
isPtrObj |= std::any_of(flattenFields.begin(), flattenFields.end(),
|
|
651
|
+
[](const SVFType* ty)
|
|
619
652
|
{
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
653
|
+
return ty->isPointerTy();
|
|
654
|
+
});
|
|
655
|
+
if (SVFUtil::isa<GlobalVariable>(val) &&
|
|
656
|
+
SVFUtil::cast<GlobalVariable>(val)->hasInitializer() &&
|
|
657
|
+
SVFUtil::isa<ConstantStruct>(
|
|
658
|
+
SVFUtil::cast<GlobalVariable>(val)->getInitializer()))
|
|
625
659
|
typeinfo->setFlag(ObjTypeInfo::CONST_STRUCT_OBJ);
|
|
626
660
|
else
|
|
627
661
|
typeinfo->setFlag(ObjTypeInfo::VAR_STRUCT_OBJ);
|
|
@@ -643,7 +677,8 @@ void SymbolTableBuilder::analyzeHeapObjType(ObjTypeInfo* typeinfo, const Value*
|
|
|
643
677
|
if(const Value* castUse = getUniqueUseViaCastInst(val))
|
|
644
678
|
{
|
|
645
679
|
typeinfo->setFlag(ObjTypeInfo::HEAP_OBJ);
|
|
646
|
-
typeinfo->resetTypeForHeapStaticObj(
|
|
680
|
+
typeinfo->resetTypeForHeapStaticObj(
|
|
681
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFType(castUse->getType()));
|
|
647
682
|
analyzeObjType(typeinfo,castUse);
|
|
648
683
|
}
|
|
649
684
|
else
|
|
@@ -661,7 +696,8 @@ void SymbolTableBuilder::analyzeStaticObjType(ObjTypeInfo* typeinfo, const Value
|
|
|
661
696
|
if(const Value* castUse = getUniqueUseViaCastInst(val))
|
|
662
697
|
{
|
|
663
698
|
typeinfo->setFlag(ObjTypeInfo::STATIC_OBJ);
|
|
664
|
-
typeinfo->resetTypeForHeapStaticObj(
|
|
699
|
+
typeinfo->resetTypeForHeapStaticObj(
|
|
700
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFType(castUse->getType()));
|
|
665
701
|
analyzeObjType(typeinfo,castUse);
|
|
666
702
|
}
|
|
667
703
|
else
|
|
@@ -674,7 +710,8 @@ void SymbolTableBuilder::analyzeStaticObjType(ObjTypeInfo* typeinfo, const Value
|
|
|
674
710
|
/*!
|
|
675
711
|
* Initialize the type info of an object
|
|
676
712
|
*/
|
|
677
|
-
void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val,
|
|
713
|
+
void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val,
|
|
714
|
+
const Type* objTy)
|
|
678
715
|
{
|
|
679
716
|
|
|
680
717
|
u32_t objSize = 1;
|
|
@@ -704,13 +741,19 @@ void SymbolTableBuilder::initTypeInfo(ObjTypeInfo* typeinfo, const Value* val, c
|
|
|
704
741
|
analyzeObjType(typeinfo,val);
|
|
705
742
|
objSize = getObjSize(objTy);
|
|
706
743
|
}
|
|
707
|
-
else if (SVFUtil::isa<Instruction>(val) &&
|
|
744
|
+
else if (SVFUtil::isa<Instruction>(val) &&
|
|
745
|
+
isHeapAllocExtCall(
|
|
746
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(
|
|
747
|
+
SVFUtil::cast<Instruction>(val))))
|
|
708
748
|
{
|
|
709
749
|
analyzeHeapObjType(typeinfo,val);
|
|
710
750
|
// Heap object, label its field as infinite here
|
|
711
751
|
objSize = typeinfo->getMaxFieldOffsetLimit();
|
|
712
752
|
}
|
|
713
|
-
else if (SVFUtil::isa<Instruction>(val) &&
|
|
753
|
+
else if (SVFUtil::isa<Instruction>(val) &&
|
|
754
|
+
isStaticExtCall(
|
|
755
|
+
LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(
|
|
756
|
+
SVFUtil::cast<Instruction>(val))))
|
|
714
757
|
{
|
|
715
758
|
analyzeStaticObjType(typeinfo,val);
|
|
716
759
|
// static object allocated before main, label its field as infinite here
|