svf-tools 1.0.699 → 1.0.700

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.699",
+  "version": "1.0.700",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/Util/SVFBugReport.h

@@ -37,6 +37,9 @@
 #include "Util/cJSON.h"
 #include <set>
 
+#define BRANCHFLAGMASK 0x00000010
+#define EVENTTYPEMASK 0x0000000f
+
 namespace SVF
 {
 
@@ -45,102 +48,50 @@ namespace SVF
  */
 
 
-class GenericEvent
-{
-public:
-    enum EventType {Branch, Caller, CallSite, Loop, SourceInst};
-
-protected:
-    EventType eventType;
-
-public:
-    GenericEvent(EventType eventType): eventType(eventType) { };
-    virtual ~GenericEvent() = default;
-
-    inline EventType getEventType() const
-    {
-        return eventType;
-    }
-    virtual const std::string getEventDescription() const = 0;
-    virtual const std::string getFuncName() const = 0;
-    virtual const std::string getEventLoc() const = 0;
-};
-
-class BranchEvent: public GenericEvent
-{
-    /// branch statement and branch condition true or false
-protected:
-    const SVFInstruction *branchInst;
-    bool branchSuccessFlg;
-
-public:
-    BranchEvent(const SVFInstruction *branchInst, bool branchSuccessFlg):
-        GenericEvent(GenericEvent::Branch), branchInst(branchInst), branchSuccessFlg(branchSuccessFlg) { }
-
-    const std::string getEventDescription() const;
-    const std::string getFuncName() const;
-    const std::string getEventLoc() const;
-
-    /// ClassOf
-    static inline bool classof(const GenericEvent* event)
-    {
-        return event->getEventType() == GenericEvent::Branch;
-    }
-};
-
-class CallSiteEvent: public GenericEvent
+class BugEvent
 {
-protected:
-    const CallICFGNode *callSite;
-
 public:
-    CallSiteEvent(const CallICFGNode *callSite): GenericEvent(GenericEvent::CallSite), callSite(callSite) { }
-    const std::string getEventDescription() const;
-    const std::string getFuncName() const;
-    const std::string getEventLoc() const;
-
-    /// ClassOf
-    static inline bool classof(const GenericEvent* event)
+    enum EventType
     {
-        return event->getEventType() == GenericEvent::CallSite;
-    }
-};
+        Branch = 0x1,
+        Caller = 0x2,
+        CallSite = 0x3,
+        Loop = 0x4,
+        SourceInst = 0x5
+    };
 
-class SourceInstEvent : public GenericEvent
-{
 protected:
-    const SVFInstruction *sourceSVFInst;
+    u32_t typeAndInfoFlag;
+    const SVFInstruction *eventInst;
 
 public:
-    SourceInstEvent(const SVFInstruction *sourceSVFInst):
-        GenericEvent(GenericEvent::SourceInst), sourceSVFInst(sourceSVFInst) { }
+    BugEvent(u32_t typeAndInfoFlag, const SVFInstruction *eventInst): typeAndInfoFlag(typeAndInfoFlag), eventInst(eventInst) { };
+    virtual ~BugEvent() = default;
 
-    const std::string getEventDescription() const;
-    const std::string getFuncName() const;
-    const std::string getEventLoc() const;
-
-    /// ClassOf
-    static inline bool classof(const GenericEvent* event)
+    inline u32_t getEventType() const
     {
-        return event->getEventType() == GenericEvent::SourceInst;
+        return typeAndInfoFlag & EVENTTYPEMASK;
     }
+    virtual const std::string getEventDescription() const;
+    virtual const std::string getFuncName() const;
+    virtual const std::string getEventLoc() const;
 };
 
 class GenericBug
 {
 public:
-    typedef std::vector<const GenericEvent *> EventStack;
+    typedef std::vector<BugEvent> EventStack;
 
 public:
     enum BugType {FULLBUFOVERFLOW, PARTIALBUFOVERFLOW, NEVERFREE, PARTIALLEAK, DOUBLEFREE, FILENEVERCLOSE, FILEPARTIALCLOSE};
 
 protected:
     BugType bugType;
-    EventStack bugEventStack;
+    const EventStack bugEventStack;
 
 public:
     /// note: should be initialized with a bugEventStack
-    GenericBug(BugType bugType, EventStack bugEventStack):
+    GenericBug(BugType bugType, const EventStack &bugEventStack):
         bugType(bugType), bugEventStack(bugEventStack)
     {
         assert(bugEventStack.size() != 0 && "bugEventStack should NOT be empty!");
@@ -307,13 +258,12 @@ public:
     SVFBugReport() = default;
     ~SVFBugReport();
     typedef SVF::Set<const GenericBug *> BugSet;
-    typedef SVF::Set<const GenericEvent *> EventSet;
 
 protected:
     BugSet bugSet;    // maintain bugs
-    EventSet eventSet;// maintain added events
 
 public:
+
     /*
      * function: pass bug type (i.e., GenericBug::NEVERFREE) and eventStack as parameter,
      *      it will add the bug into bugQueue.
@@ -321,12 +271,6 @@ public:
      */
     void addSaberBug(GenericBug::BugType bugType, const GenericBug::EventStack &eventStack)
     {
-        /// resign added events
-        for(auto eventPtr : eventStack)
-        {
-            eventSet.insert(eventPtr);
-        }
-
         /// create and add the bug
         GenericBug *newBug = nullptr;
         switch(bugType)
@@ -380,12 +324,6 @@ public:
     void addAbsExecBug(GenericBug::BugType bugType, const GenericBug::EventStack &eventStack,
                        s64_t allocLowerBound, s64_t allocUpperBound, s64_t accessLowerBound, s64_t accessUpperBound)
     {
-        /// resign added events
-        for(auto eventPtr : eventStack)
-        {
-            eventSet.insert(eventPtr);
-        }
-
         /// add bugs
         GenericBug *newBug = nullptr;
         switch(bugType)

package/svf/lib/SABER/DoubleFreeChecker.cpp

@@ -39,10 +39,10 @@ void DoubleFreeChecker::reportBug(ProgSlice* slice)
 
     if(slice->isSatisfiableForPairs() == false)
     {
-        SourceInstEvent*sourceInstEvent = new SourceInstEvent(getSrcCSID(slice->getSource())->getCallSite());
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
-        eventStack.push_back(sourceInstEvent);
+        eventStack.push_back(
+            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
         report.addSaberBug(GenericBug::DOUBLEFREE, eventStack);
     }
     if(Options::ValidateTests())

package/svf/lib/SABER/FileChecker.cpp

@@ -39,16 +39,18 @@ void FileChecker::reportBug(ProgSlice* slice)
     if(isAllPathReachable() == false && isSomePathReachable() == false)
     {
         // full leakage
-        SourceInstEvent*sourceInstEvent = new SourceInstEvent(getSrcCSID(slice->getSource())->getCallSite());
-        GenericBug::EventStack eventStack = {sourceInstEvent};
+        GenericBug::EventStack eventStack =
+        {
+            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
+        };
         report.addSaberBug(GenericBug::FILENEVERCLOSE, eventStack);
     }
     else if (isAllPathReachable() == false && isSomePathReachable() == true)
     {
-        SourceInstEvent*sourceInstEvent = new SourceInstEvent(getSrcCSID(slice->getSource())->getCallSite());
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
-        eventStack.push_back(sourceInstEvent);
+        eventStack.push_back(
+            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
         report.addSaberBug(GenericBug::FILEPARTIALCLOSE, eventStack);
     }
 }

package/svf/lib/SABER/LeakChecker.cpp

@@ -152,17 +152,19 @@ void LeakChecker::reportBug(ProgSlice* slice)
     if(isAllPathReachable() == false && isSomePathReachable() == false)
     {
         // full leakage
-        SourceInstEvent*sourceInstEvent = new SourceInstEvent(getSrcCSID(slice->getSource())->getCallSite());
-        GenericBug::EventStack eventStack = {sourceInstEvent};
+        GenericBug::EventStack eventStack =
+        {
+            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
+        };
         report.addSaberBug(GenericBug::NEVERFREE, eventStack);
     }
     else if (isAllPathReachable() == false && isSomePathReachable() == true)
     {
         // partial leakage
-        SourceInstEvent*sourceInstEvent = new SourceInstEvent(getSrcCSID(slice->getSource())->getCallSite());
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
-        eventStack.push_back(sourceInstEvent);
+        eventStack.push_back(
+            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
         report.addSaberBug(GenericBug::PARTIALLEAK, eventStack);
     }
 

package/svf/lib/SABER/ProgSlice.cpp

@@ -149,14 +149,15 @@ const CallICFGNode* ProgSlice::getRetSite(const SVFGEdge* edge) const
 void ProgSlice::evalFinalCond2Event(GenericBug::EventStack &eventStack) const
 {
     NodeBS elems = pathAllocator->exactCondElem(finalCond);
-    Set<std::string> locations;
     for(NodeBS::iterator it = elems.begin(), eit = elems.end(); it!=eit; ++it)
     {
         const SVFInstruction* tinst = pathAllocator->getCondInst(*it);
         if(pathAllocator->isNegCond(*it))
-            eventStack.push_back(new BranchEvent(tinst, false));
+            eventStack.push_back(BugEvent(
+                                     BugEvent::Branch|((((u32_t)false) << 4) & BRANCHFLAGMASK), tinst));
         else
-            eventStack.push_back(new BranchEvent(tinst, true));
+            eventStack.push_back(BugEvent(
+                                     BugEvent::Branch|((((u32_t)true) << 4) & BRANCHFLAGMASK), tinst));
     }
 }
 

package/svf/lib/Util/SVFBugReport.cpp

@@ -37,16 +37,16 @@ using namespace SVF;
 
 const std::string GenericBug::getLoc() const
 {
-    const GenericEvent *sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
-    assert(SourceInstEvent::classof(sourceInstEvent) && "bugEventStack top should be a SourceInst event");
-    return sourceInstEvent->getEventLoc();
+    const BugEvent&sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
+    assert(sourceInstEvent.getEventType() == BugEvent::SourceInst && "bugEventStack top should be a SourceInst event");
+    return sourceInstEvent.getEventLoc();
 }
 
 const std::string GenericBug::getFuncName() const
 {
-    const GenericEvent *sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
-    assert(SourceInstEvent::classof(sourceInstEvent) && "bugEventStack top should be a SourceInst event");
-    return sourceInstEvent->getFuncName();
+    const BugEvent&sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
+    assert(sourceInstEvent.getEventType() == BugEvent::SourceInst && "bugEventStack top should be a SourceInst event");
+    return sourceInstEvent.getFuncName();
 }
 
 cJSON *BufferOverflowBug::getBugDescription() const
@@ -84,22 +84,22 @@ void BufferOverflowBug::printBugToTerminal() const
     SVFUtil::errs() << "\t\t Info : \n" << bugInfo.str();
     SVFUtil::errs() << "\t\t Events : \n";
 
-    for(auto eventPtr : bugEventStack)
+    for(auto event : bugEventStack)
     {
-        switch(eventPtr->getEventType())
+        switch(event.getEventType())
         {
-        case GenericEvent::CallSite:
+        case BugEvent::CallSite:
         {
-            SVFUtil::errs() << "\t\t  callsite at : ( " << eventPtr->getEventLoc() << " )\n";
+            SVFUtil::errs() << "\t\t  callsite at : ( " << event.getEventLoc() << " )\n";
             break;
         }
-        default:   // TODO: implement more events when needed
+        default:
         {
+            // TODO: implement more events when needed
             break;
         }
         }
     }
-
 }
 
 cJSON * NeverFreeBug::getBugDescription() const
@@ -122,9 +122,10 @@ cJSON * PartialLeakBug::getBugDescription() const
     for(auto eventIt = bugEventStack.begin(); eventIt != lastBranchEventIt; eventIt++)
     {
         cJSON *newBranch = cJSON_CreateObject();
-        cJSON *branchLoc = cJSON_Parse((*eventIt)->getEventLoc().c_str());
+        cJSON *branchLoc = cJSON_Parse((*eventIt).getEventLoc().c_str());
         if(branchLoc == nullptr) branchLoc = cJSON_CreateObject();
-        cJSON *branchCondition = cJSON_CreateString((*eventIt)->getEventDescription().c_str());
+
+        cJSON *branchCondition = cJSON_CreateString((*eventIt).getEventDescription().c_str());
 
         cJSON_AddItemToObject(newBranch, "BranchLoc", branchLoc);
         cJSON_AddItemToObject(newBranch, "BranchCond", branchCondition);
@@ -146,7 +147,7 @@ void PartialLeakBug::printBugToTerminal() const
     auto lastBranchEventIt = bugEventStack.end() - 1;
     for(auto eventIt = bugEventStack.begin(); eventIt != lastBranchEventIt; eventIt++)
     {
-        SVFUtil::errs() << "\t\t  --> (" << (*eventIt)->getEventLoc() << "|" << (*eventIt)->getEventDescription() << ") \n";
+        SVFUtil::errs() << "\t\t  --> (" << (*eventIt).getEventLoc() << "|" << (*eventIt).getEventDescription() << ") \n";
     }
     SVFUtil::errs() << "\n";
 }
@@ -160,9 +161,9 @@ cJSON * DoubleFreeBug::getBugDescription() const
     for(auto eventIt = bugEventStack.begin(); eventIt != lastBranchEventIt; eventIt++)
     {
         cJSON *newBranch = cJSON_CreateObject();
-        cJSON *branchLoc = cJSON_Parse((*eventIt)->getEventLoc().c_str());
+        cJSON *branchLoc = cJSON_Parse((*eventIt).getEventLoc().c_str());
         if(branchLoc == nullptr) branchLoc = cJSON_CreateObject();
-        cJSON *branchCondition = cJSON_CreateString((*eventIt)->getEventDescription().c_str());
+        cJSON *branchCondition = cJSON_CreateString((*eventIt).getEventDescription().c_str());
 
         cJSON_AddItemToObject(newBranch, "BranchLoc", branchLoc);
         cJSON_AddItemToObject(newBranch, "BranchCond", branchCondition);
@@ -183,7 +184,7 @@ void DoubleFreeBug::printBugToTerminal() const
     auto lastBranchEventIt = bugEventStack.end() - 1;
     for(auto eventIt = bugEventStack.begin(); eventIt != lastBranchEventIt; eventIt++)
     {
-        SVFUtil::errs() << "\t\t  --> (" << (*eventIt)->getEventLoc() << "|" << (*eventIt)->getEventDescription() << ") \n";
+        SVFUtil::errs() << "\t\t  --> (" << (*eventIt).getEventLoc() << "|" << (*eventIt).getEventDescription() << ") \n";
     }
     SVFUtil::errs() << "\n";
 }
@@ -210,9 +211,9 @@ cJSON * FilePartialCloseBug::getBugDescription() const
     for(auto eventIt = bugEventStack.begin(); eventIt != lastBranchEventIt; eventIt++)
     {
         cJSON *newBranch = cJSON_CreateObject();
-        cJSON *branchLoc = cJSON_Parse((*eventIt)->getEventLoc().c_str());
+        cJSON *branchLoc = cJSON_Parse((*eventIt).getEventLoc().c_str());
         if(branchLoc == nullptr) branchLoc = cJSON_CreateObject();
-        cJSON *branchCondition = cJSON_CreateString((*eventIt)->getEventDescription().c_str());
+        cJSON *branchCondition = cJSON_CreateString((*eventIt).getEventDescription().c_str());
 
         cJSON_AddItemToObject(newBranch, "BranchLoc", branchLoc);
         cJSON_AddItemToObject(newBranch, "BranchCond", branchCondition);
@@ -233,71 +234,61 @@ void FilePartialCloseBug::printBugToTerminal() const
     auto lastBranchEventIt = bugEventStack.end() - 1;
     for(auto eventIt = bugEventStack.begin(); eventIt != lastBranchEventIt; eventIt++)
     {
-        SVFUtil::errs() << "\t\t  --> (" << (*eventIt)->getEventLoc() << "|" << (*eventIt)->getEventDescription() << ") \n";
+        SVFUtil::errs() << "\t\t  --> (" << (*eventIt).getEventLoc() << "|" << (*eventIt).getEventDescription() << ") \n";
     }
     SVFUtil::errs() << "\n";
 }
 
-const std::string CallSiteEvent::getFuncName() const
+const std::string BugEvent::getFuncName() const
 {
-    return callSite->getCallSite()->getFunction()->getName();
+    return eventInst->getFunction()->getName();
 }
 
-const std::string CallSiteEvent::getEventLoc() const
+const std::string BugEvent::getEventLoc() const
 {
-    return callSite->getCallSite()->getSourceLoc();
+    return eventInst->getSourceLoc();
 }
 
-const std::string CallSiteEvent::getEventDescription() const
+const std::string BugEvent::getEventDescription() const
 {
-    std::string description("calls ");
-    const SVFFunction *callee = SVFUtil::getCallee(callSite->getCallSite());
-    if(callee == nullptr)
+    switch(getEventType())
+    {
+    case BugEvent::Branch:
     {
-        description += "<unknown>";
+        if (typeAndInfoFlag & BRANCHFLAGMASK)
+        {
+            return "True";
+        }
+        else
+        {
+            return "False";
+        }
+        break;
     }
-    else
+    case BugEvent::CallSite:
     {
-        description += callee->getName();
+        std::string description("calls ");
+        const SVFFunction *callee = SVFUtil::getCallee(eventInst);
+        if(callee == nullptr)
+        {
+            description += "<unknown>";
+        }
+        else
+        {
+            description += callee->getName();
+        }
+        return description;
+        break;
     }
-    return description;
-}
-
-const std::string BranchEvent::getFuncName() const
-{
-    return branchInst->getFunction()->getName();
-}
-
-const std::string BranchEvent::getEventLoc() const
-{
-    return branchInst->getSourceLoc();
-}
-
-const std::string BranchEvent::getEventDescription() const
-{
-    if (branchSuccessFlg)
+    case BugEvent::SourceInst:
     {
-        return "True";
+        return "None";
     }
-    else
+    default:
     {
-        return "False";
+        assert(false && "No such type of event!");
+    }
     }
-}
-
-const std::string SourceInstEvent::getFuncName() const
-{
-    return sourceSVFInst->getFunction()->getName();
-}
-
-const std::string SourceInstEvent::getEventLoc() const
-{
-    return sourceSVFInst->getSourceLoc();
-}
-
-const std::string SourceInstEvent::getEventDescription() const
-{
-    return "None";
 }
 
 SVFBugReport::~SVFBugReport()
@@ -306,20 +297,16 @@ SVFBugReport::~SVFBugReport()
     {
         delete bugIt;
     }
-    for(auto eventPtr:eventSet)
-    {
-        delete eventPtr;
-    }
 }
 
 void SVFBugReport::dumpToJsonFile(const std::string& filePath)
 {
-    std::map<GenericEvent::EventType, std::string> eventType2Str =
+    std::map<u32_t, std::string> eventType2Str =
     {
-        {GenericEvent::CallSite, "call site"},
-        {GenericEvent::Caller, "caller"},
-        {GenericEvent::Loop, "loop"},
-        {GenericEvent::Branch, "branch"}
+        {BugEvent::CallSite, "call site"},
+        {BugEvent::Caller, "caller"},
+        {BugEvent::Loop, "loop"},
+        {BugEvent::Branch, "branch"}
     };
 
     std::map<GenericBug::BugType, std::string> bugType2Str =
@@ -360,32 +347,33 @@ void SVFBugReport::dumpToJsonFile(const std::string& filePath)
 
         /// add event information to json
         cJSON *eventList = cJSON_CreateArray();
-        const GenericBug::EventStack bugEventStack = bugPtr->getEventStack();
-        if(BufferOverflowBug::classof(bugPtr))   // add only when bug is context sensitive
+        const GenericBug::EventStack &bugEventStack = bugPtr->getEventStack();
+        if(BufferOverflowBug::classof(bugPtr))
         {
-            for(auto eventPtr : bugEventStack)
+            // add only when bug is context sensitive
+            for(const BugEvent&event : bugEventStack)
             {
-                if (SourceInstEvent::classof(eventPtr))
+                if (event.getEventType() == BugEvent::SourceInst)
                 {
                     continue;
                 }
 
                 cJSON *singleEvent = cJSON_CreateObject();
                 //event type
-                cJSON *eventType = cJSON_CreateString(eventType2Str[eventPtr->getEventType()].c_str());
+                cJSON *eventType = cJSON_CreateString(eventType2Str[event.getEventType()].c_str());
                 cJSON_AddItemToObject(singleEvent, "EventType", eventType);
                 //function name
-                cJSON *eventFunc = cJSON_CreateString(eventPtr->getFuncName().c_str());
+                cJSON *eventFunc = cJSON_CreateString(event.getFuncName().c_str());
                 cJSON_AddItemToObject(singleEvent, "Function", eventFunc);
                 //event loc
-                cJSON *eventLoc = cJSON_Parse(eventPtr->getEventLoc().c_str());
+                cJSON *eventLoc = cJSON_Parse(event.getEventLoc().c_str());
                 if(eventLoc == nullptr)
                 {
                     eventLoc = cJSON_CreateObject();
                 }
                 cJSON_AddItemToObject(singleEvent, "Location", eventLoc);
                 //event description
-                cJSON *eventDescription = cJSON_CreateString(eventPtr->getEventDescription().c_str());
+                cJSON *eventDescription = cJSON_CreateString(event.getEventDescription().c_str());
                 cJSON_AddItemToObject(singleEvent, "Description", eventDescription);
 
                 cJSON_AddItemToArray(eventList, singleEvent);