svf-tools 1.0.716 → 1.0.718

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.716",
+  "version": "1.0.718",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/MemoryModel/PointerAnalysis.h

@@ -388,8 +388,6 @@ public:
 
     /// Resolve indirect call edges
     virtual void resolveIndCalls(const CallICFGNode* cs, const PointsTo& target, CallEdgeMap& newEdges);
-    /// Match arguments for callsite at caller and callee
-    bool matchArgs(const CallICFGNode* cs, const SVFFunction* callee);
 
     /// CallGraph SCC related methods
     //@{

package/svf/include/Util/SVFBugReport.h

@@ -48,7 +48,7 @@ namespace SVF
  */
 
 
-class BugEvent
+class SVFBugEvent
 {
 public:
     enum EventType
@@ -65,8 +65,8 @@ protected:
     const SVFInstruction *eventInst;
 
 public:
-    BugEvent(u32_t typeAndInfoFlag, const SVFInstruction *eventInst): typeAndInfoFlag(typeAndInfoFlag), eventInst(eventInst) { };
-    virtual ~BugEvent() = default;
+    SVFBugEvent(u32_t typeAndInfoFlag, const SVFInstruction *eventInst): typeAndInfoFlag(typeAndInfoFlag), eventInst(eventInst) { };
+    virtual ~SVFBugEvent() = default;
 
     inline u32_t getEventType() const
     {
@@ -80,7 +80,7 @@ public:
 class GenericBug
 {
 public:
-    typedef std::vector<BugEvent> EventStack;
+    typedef std::vector<SVFBugEvent> EventStack;
 
 public:
     enum BugType {FULLBUFOVERFLOW, PARTIALBUFOVERFLOW, NEVERFREE, PARTIALLEAK, DOUBLEFREE, FILENEVERCLOSE, FILEPARTIALCLOSE};

package/svf/include/Util/SVFUtil.h

@@ -200,6 +200,11 @@ inline CallSite getSVFCallSite(const SVFInstruction* inst)
     return cs;
 }
 
+/// Match arguments for callsite at caller and callee
+/// if the arg size does not match then we do not need to connect this parameter
+/// unless the callee is a variadic function (the first parameter of variadic function is its paramter number)
+bool matchArgs(const SVFInstruction* cs, const SVFFunction* callee);
+
 /// Return LLVM callsite given a value
 inline CallSite getSVFCallSite(const SVFValue* value)
 {

package/svf/lib/Graphs/VFG.cpp

@@ -976,7 +976,8 @@ void VFG::connectCallerAndCallee(const CallICFGNode* callBlockNode, const SVFFun
     CallSiteID csId = getCallSiteID(callBlockNode, callee);
     RetICFGNode* retBlockNode = icfg->getRetICFGNode(callBlockNode->getCallSite());
     // connect actual and formal param
-    if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(callee))
+    if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(callee) &&
+            matchArgs(callBlockNode->getCallSite(), callee))
     {
         const SVFIR::SVFVarList& csArgList = pag->getCallSiteArgsList(callBlockNode);
         const SVFIR::SVFVarList& funArgList = pag->getFunArgsList(callee);
@@ -990,6 +991,7 @@ void VFG::connectCallerAndCallee(const CallICFGNode* callBlockNode, const SVFFun
                 connectAParamAndFParam(cs_arg, fun_arg, callBlockNode, csId, edges);
         }
         assert(funArgIt == funArgEit && "function has more arguments than call site");
+
         if (callee->isVarArg())
         {
             NodeID varFunArg = pag->getVarargNode(callee);

package/svf/lib/MemoryModel/PointerAnalysis.cpp

@@ -408,9 +408,7 @@ void PointerAnalysis::resolveIndCalls(const CallICFGNode* cs, const PointsTo& ta
                 const SVFFunction* calleefun = SVFUtil::cast<SVFFunction>(obj->getValue());
                 const SVFFunction* callee = calleefun->getDefFunForMultipleModule();
 
-                /// if the arg size does not match then we do not need to connect this parameter
-                /// unless the callee is a variadic function (the first parameter of variadic function is its paramter number)
-                if(matchArgs(cs, callee) == false)
+                if(SVFUtil::matchArgs(cs->getCallSite(), callee) == false)
                     continue;
 
                 if(0 == getIndCallMap()[cs].count(callee))
@@ -429,17 +427,6 @@ void PointerAnalysis::resolveIndCalls(const CallICFGNode* cs, const PointsTo& ta
     }
 }
 
-/*!
- * Match arguments for callsite at caller and callee
- */
-bool PointerAnalysis::matchArgs(const CallICFGNode* cs, const SVFFunction* callee)
-{
-    if(callee->isVarArg() || ThreadAPI::getThreadAPI()->isTDFork(cs->getCallSite()))
-        return true;
-    else
-        return SVFUtil::getSVFCallSite(cs->getCallSite()).arg_size() == callee->arg_size();
-}
-
 /*
  * Get virtual functions "vfns" based on CHA
  */

package/svf/lib/SABER/DoubleFreeChecker.cpp

@@ -42,7 +42,7 @@ void DoubleFreeChecker::reportBug(ProgSlice* slice)
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
         eventStack.push_back(
-            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
         report.addSaberBug(GenericBug::DOUBLEFREE, eventStack);
     }
     if(Options::ValidateTests())

package/svf/lib/SABER/FileChecker.cpp

@@ -41,7 +41,7 @@ void FileChecker::reportBug(ProgSlice* slice)
         // full leakage
         GenericBug::EventStack eventStack =
         {
-            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
         };
         report.addSaberBug(GenericBug::FILENEVERCLOSE, eventStack);
     }
@@ -50,7 +50,7 @@ void FileChecker::reportBug(ProgSlice* slice)
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
         eventStack.push_back(
-            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
         report.addSaberBug(GenericBug::FILEPARTIALCLOSE, eventStack);
     }
 }

package/svf/lib/SABER/LeakChecker.cpp

@@ -154,7 +154,7 @@ void LeakChecker::reportBug(ProgSlice* slice)
         // full leakage
         GenericBug::EventStack eventStack =
         {
-            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
         };
         report.addSaberBug(GenericBug::NEVERFREE, eventStack);
     }
@@ -164,7 +164,7 @@ void LeakChecker::reportBug(ProgSlice* slice)
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
         eventStack.push_back(
-            BugEvent(BugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
         report.addSaberBug(GenericBug::PARTIALLEAK, eventStack);
     }
 

package/svf/lib/SABER/ProgSlice.cpp

@@ -153,11 +153,11 @@ void ProgSlice::evalFinalCond2Event(GenericBug::EventStack &eventStack) const
     {
         const SVFInstruction* tinst = pathAllocator->getCondInst(*it);
         if(pathAllocator->isNegCond(*it))
-            eventStack.push_back(BugEvent(
-                                     BugEvent::Branch|((((u32_t)false) << 4) & BRANCHFLAGMASK), tinst));
+            eventStack.push_back(SVFBugEvent(
+                                     SVFBugEvent::Branch|((((u32_t)false) << 4) & BRANCHFLAGMASK), tinst));
         else
-            eventStack.push_back(BugEvent(
-                                     BugEvent::Branch|((((u32_t)true) << 4) & BRANCHFLAGMASK), tinst));
+            eventStack.push_back(SVFBugEvent(
+                                     SVFBugEvent::Branch|((((u32_t)true) << 4) & BRANCHFLAGMASK), tinst));
     }
 }
 

package/svf/lib/Util/SVFBugReport.cpp

@@ -37,15 +37,15 @@ using namespace SVF;
 
 const std::string GenericBug::getLoc() const
 {
-    const BugEvent&sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
-    assert(sourceInstEvent.getEventType() == BugEvent::SourceInst && "bugEventStack top should be a SourceInst event");
+    const SVFBugEvent&sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
+    assert(sourceInstEvent.getEventType() == SVFBugEvent::SourceInst && "bugEventStack top should be a SourceInst event");
     return sourceInstEvent.getEventLoc();
 }
 
 const std::string GenericBug::getFuncName() const
 {
-    const BugEvent&sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
-    assert(sourceInstEvent.getEventType() == BugEvent::SourceInst && "bugEventStack top should be a SourceInst event");
+    const SVFBugEvent&sourceInstEvent = bugEventStack.at(bugEventStack.size() -1);
+    assert(sourceInstEvent.getEventType() == SVFBugEvent::SourceInst && "bugEventStack top should be a SourceInst event");
     return sourceInstEvent.getFuncName();
 }
 
@@ -88,7 +88,7 @@ void BufferOverflowBug::printBugToTerminal() const
     {
         switch(event.getEventType())
         {
-        case BugEvent::CallSite:
+        case SVFBugEvent::CallSite:
         {
             SVFUtil::errs() << "\t\t  callsite at : ( " << event.getEventLoc() << " )\n";
             break;
@@ -239,21 +239,21 @@ void FilePartialCloseBug::printBugToTerminal() const
     SVFUtil::errs() << "\n";
 }
 
-const std::string BugEvent::getFuncName() const
+const std::string SVFBugEvent::getFuncName() const
 {
     return eventInst->getFunction()->getName();
 }
 
-const std::string BugEvent::getEventLoc() const
+const std::string SVFBugEvent::getEventLoc() const
 {
     return eventInst->getSourceLoc();
 }
 
-const std::string BugEvent::getEventDescription() const
+const std::string SVFBugEvent::getEventDescription() const
 {
     switch(getEventType())
     {
-    case BugEvent::Branch:
+    case SVFBugEvent::Branch:
     {
         if (typeAndInfoFlag & BRANCHFLAGMASK)
         {
@@ -265,7 +265,7 @@ const std::string BugEvent::getEventDescription() const
         }
         break;
     }
-    case BugEvent::CallSite:
+    case SVFBugEvent::CallSite:
     {
         std::string description("calls ");
         const SVFFunction *callee = SVFUtil::getCallee(eventInst);
@@ -280,7 +280,7 @@ const std::string BugEvent::getEventDescription() const
         return description;
         break;
     }
-    case BugEvent::SourceInst:
+    case SVFBugEvent::SourceInst:
     {
         return "None";
     }
@@ -303,10 +303,10 @@ void SVFBugReport::dumpToJsonFile(const std::string& filePath)
 {
     std::map<u32_t, std::string> eventType2Str =
     {
-        {BugEvent::CallSite, "call site"},
-        {BugEvent::Caller, "caller"},
-        {BugEvent::Loop, "loop"},
-        {BugEvent::Branch, "branch"}
+        {SVFBugEvent::CallSite, "call site"},
+        {SVFBugEvent::Caller, "caller"},
+        {SVFBugEvent::Loop, "loop"},
+        {SVFBugEvent::Branch, "branch"}
     };
 
     std::map<GenericBug::BugType, std::string> bugType2Str =
@@ -351,9 +351,9 @@ void SVFBugReport::dumpToJsonFile(const std::string& filePath)
         if(BufferOverflowBug::classof(bugPtr))
         {
             // add only when bug is context sensitive
-            for(const BugEvent&event : bugEventStack)
+            for(const SVFBugEvent&event : bugEventStack)
             {
-                if (event.getEventType() == BugEvent::SourceInst)
+                if (event.getEventType() == SVFBugEvent::SourceInst)
                 {
                     continue;
                 }

package/svf/lib/Util/SVFUtil.cpp

@@ -311,3 +311,16 @@ void SVFUtil::stopAnalysisLimitTimer(bool limitTimerSet)
 {
     if (limitTimerSet) alarm(0);
 }
+
+/// Match arguments for callsite at caller and callee
+/// if the arg size does not match then we do not need to connect this parameter
+/// unless the callee is a variadic function (the first parameter of variadic function is its paramter number)
+/// e.g., void variadicFoo(int num, ...); variadicFoo(5, 1,2,3,4,5)
+/// for variadic function, callsite arg size must be greater than or equal to callee arg size
+bool SVFUtil::matchArgs(const SVFInstruction* cs, const SVFFunction* callee)
+{
+    if (callee->isVarArg() || ThreadAPI::getThreadAPI()->isTDFork(cs))
+        return getSVFCallSite(cs).arg_size() >= callee->arg_size();
+    else
+        return getSVFCallSite(cs).arg_size() == callee->arg_size();
+}