svf-tools 1.0.724 → 1.0.726

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.724",
+  "version": "1.0.726",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AbstractExecution/AddressValue.h

@@ -136,13 +136,22 @@ public:
     }
 
     /// Current AddressValue joins with another AddressValue
-    void join_with(const AddressValue &other)
+    bool join_with(const AddressValue &other)
     {
-        _addrs.insert(other.begin(), other.end());
+        bool changed = false;
+        for (const auto &addr: other)
+        {
+            if (!_addrs.count(addr))
+            {
+                if (insert(addr).second)
+                    changed = true;
+            }
+        }
+        return changed;
     }
 
     /// Return a intersected AddressValue
-    void meet_with(const AddressValue &other)
+    bool meet_with(const AddressValue &other)
     {
         AddrSet s;
         for (const auto &id: other._addrs)
@@ -152,7 +161,9 @@ public:
                 s.insert(id);
             }
         }
+        bool changed = (_addrs != s);
         _addrs = std::move(s);
+        return changed;
     }
 
     /// Return true if the AddressValue contains n

package/svf/include/AbstractExecution/BoundedZ3Expr.h

@@ -1,4 +1,4 @@
-//===- AddressValue.h ----Address Value Sets-------------------------//
+//===- BoundedZ3Expr.h ----Address Value Sets-------------------------//
 //
 //                     SVF: Static Value-Flow Analysis
 //
@@ -248,17 +248,20 @@ public:
 
     friend BoundedZ3Expr operator^(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(int2bv(64, lhs.getExpr()) ^ int2bv(64, rhs.getExpr()), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(int2bv(maxBvLen, lhs.getExpr()) ^ int2bv(maxBvLen, rhs.getExpr()), true);
     }
 
     friend BoundedZ3Expr operator&(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(int2bv(64, lhs.getExpr()) & int2bv(64, rhs.getExpr()), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(int2bv(maxBvLen, lhs.getExpr()) & int2bv(maxBvLen, rhs.getExpr()), true);
     }
 
     friend BoundedZ3Expr operator|(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(int2bv(64, lhs.getExpr()) | int2bv(64, rhs.getExpr()), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(int2bv(maxBvLen, lhs.getExpr()) | int2bv(maxBvLen, rhs.getExpr()), true);
     }
 
     friend BoundedZ3Expr ashr(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
@@ -270,7 +273,10 @@ public:
         else if (rhs.is_infinite())
             return ite(lhs.getExpr() >= 0, BoundedZ3Expr(0), BoundedZ3Expr(-1));
         else
-            return ashr(lhs.getExpr(), rhs.getExpr());
+        {
+            const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+            return bv2int(ashr(int2bv(maxBvLen, lhs.getExpr()), int2bv(maxBvLen, rhs.getExpr())), true);
+        }
     }
 
     friend BoundedZ3Expr shl(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
@@ -282,12 +288,16 @@ public:
         else if (rhs.is_infinite())
             return ite(lhs.getExpr() >= 0, plus_infinity(), minus_infinity());
         else
-            return shl(lhs.getExpr(), rhs.getExpr());
+        {
+            const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+            return bv2int(shl(int2bv(maxBvLen, lhs.getExpr()), int2bv(maxBvLen, rhs.getExpr())), true);
+        }
     }
 
     friend BoundedZ3Expr lshr(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return lshr(lhs.getExpr(), rhs.getExpr());
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(lshr(int2bv(maxBvLen, lhs.getExpr()), int2bv(maxBvLen, rhs.getExpr())), true);
     }
 
     friend BoundedZ3Expr int2bv(u32_t n, const BoundedZ3Expr &e)
@@ -340,6 +350,36 @@ public:
     {
         return getExpr().is_true();
     }
+
+    /// Return Numeral
+    inline int64_t getNumeral() const
+    {
+        if (is_numeral())
+        {
+            int64_t i;
+            if (getExpr().is_numeral_i64(i))
+                return get_numeral_int64();
+            else
+            {
+                return (getExpr() < 0).simplify().is_true() ? INT64_MIN : INT64_MAX;
+            }
+        }
+        if (is_minus_infinite())
+        {
+            return INT64_MIN;
+        }
+        else if (is_plus_infinite())
+        {
+            return INT64_MAX;
+        }
+        else
+        {
+            assert(false && "other literal?");
+            abort();
+        }
+    }
+
+    int64_t bvLen() const;
     //%}
 }; // end class ConZ3Expr
 } // end namespace SVF

package/svf/include/AbstractExecution/NumericLiteral.h

@@ -119,29 +119,7 @@ public:
     /// Return Numeral
     inline int64_t getNumeral() const
     {
-        if (_n.is_numeral())
-        {
-            int64_t i;
-            if(_n.getExpr().is_numeral_i64(i))
-                return _n.get_numeral_int64();
-            else
-            {
-                return leq(0) ? INT64_MIN : INT64_MAX;
-            }
-        }
-        if (is_minus_infinity())
-        {
-            return INT64_MIN;
-        }
-        else if (is_plus_infinity())
-        {
-            return INT64_MAX;
-        }
-        else
-        {
-            assert(false && "other literal?");
-            abort();
-        }
+        return _n.getNumeral();
     }
 
     /// Check two object is equal

package/svf/include/AbstractExecution/SingleAbsValue.h

@@ -0,0 +1,477 @@
+//
+// Created by Xiao and Jiawei on 2023/5/29.
+//
+
+#ifndef SVF_SINGLEABSVALUE_H
+#define SVF_SINGLEABSVALUE_H
+
+#include "AbstractExecution/BoundedZ3Expr.h"
+
+namespace SVF
+{
+
+/*!
+ * Atom Z3 expr for constant execution state
+ */
+class SingleAbsValue : public BoundedZ3Expr
+{
+public:
+
+    SingleAbsValue() = default;
+
+    SingleAbsValue(const Z3Expr &z3Expr) : BoundedZ3Expr(z3Expr.getExpr()) {}
+
+    SingleAbsValue(const BoundedZ3Expr &z3Bound) : BoundedZ3Expr(z3Bound) {}
+
+    SingleAbsValue(const z3::expr &e) : BoundedZ3Expr(e) {}
+
+    SingleAbsValue(s32_t i) : BoundedZ3Expr(i) {}
+
+    SingleAbsValue(const SingleAbsValue &_z3Expr) : BoundedZ3Expr(_z3Expr) {}
+
+    inline SingleAbsValue &operator=(const SingleAbsValue &rhs)
+    {
+        BoundedZ3Expr::operator=(rhs);
+        return *this;
+    }
+
+    SingleAbsValue(SingleAbsValue &&_z3Expr) : BoundedZ3Expr(_z3Expr)
+    {
+    }
+
+    inline SingleAbsValue &operator=(SingleAbsValue &&rhs)
+    {
+        BoundedZ3Expr::operator=(rhs);
+        return *this;
+    }
+
+    static z3::context &getContext()
+    {
+        return BoundedZ3Expr::getContext();
+    }
+
+    static SingleAbsValue topConstant()
+    {
+        return getContext().int_const("⊤");
+    }
+
+    static SingleAbsValue bottomConstant()
+    {
+        return getContext().int_const("⊥");
+    }
+
+    void join_with(const SingleAbsValue& other)
+    {
+        if (this->isBottom())
+        {
+            if (other.isBottom())
+            {
+                return;
+            }
+            else
+            {
+                *this = other;
+            }
+        }
+        else if (other.isBottom())
+        {
+            return;
+        }
+        else
+        {
+            if (!eq(*this, other))
+            {
+                set_to_top();
+            }
+        }
+    }
+
+    void set_to_top()
+    {
+        *this = topConstant();
+    }
+
+    static bool isTopAbsValue(const SingleAbsValue &expr)
+    {
+        return eq(expr, topConstant());
+    }
+
+    static bool isBottomAbsValue(const SingleAbsValue &expr)
+    {
+        return eq(expr, bottomConstant());
+    }
+
+    inline bool isBottom() const
+    {
+        return isBottomAbsValue(*this);
+    }
+
+    inline bool isTop() const
+    {
+        return isTopAbsValue(*this);
+    }
+
+    inline bool isSym() const
+    {
+        return isSymbolAbsValue(*this);
+    }
+
+    static bool isSymbolAbsValue(const SingleAbsValue &expr)
+    {
+        return !eq(expr, topConstant()) && !eq(expr, bottomConstant()) && !expr.is_numeral();
+    }
+
+    /// Less then or equal
+    bool leq(const SingleAbsValue &rhs) const
+    {
+        assert(is_numeral() && rhs.is_numeral());
+        return (getExpr() <= rhs.getExpr()).simplify().is_true();
+    }
+
+    // Greater than or equal
+    bool geq(const SingleAbsValue &rhs) const
+    {
+        assert(is_numeral() && rhs.is_numeral());
+        return (getExpr() >= rhs.getExpr()).simplify().is_true();
+    }
+
+
+    /// Reload operator
+    //{%
+    friend SingleAbsValue operator==(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+        {
+            return topConstant();
+        }
+        else
+        {
+            return static_cast<BoundedZ3Expr>(lhs) == static_cast<BoundedZ3Expr>(rhs);
+        }
+    }
+
+    friend SingleAbsValue operator!=(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) != static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator>(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) > static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator<(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) < static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator<=(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) <= static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator>=(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) >= static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator+(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) + static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator-(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) - static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator*(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isZero(lhs) || isZero(rhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) * static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator/(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs) || isZero(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isZero(lhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) / static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator%(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs) || isZero(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isZero(lhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) % static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator^(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+            return bottomConstant();
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) ^ static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator&(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (isZero(lhs) || isZero(rhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) & static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator|(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if ((lhs.is_numeral() && eq(lhs, -1)) ||
+                 (rhs.is_numeral() && eq(rhs, -1)))
+            return -1;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) | static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue ashr(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs) || (rhs.is_numeral() && !rhs.geq(0)))
+            return bottomConstant();
+        else if (isZero(lhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return ashr(static_cast<BoundedZ3Expr>(lhs), static_cast<BoundedZ3Expr>(rhs));
+    }
+
+    friend SingleAbsValue shl(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs) || (rhs.is_numeral() && !rhs.geq(0)))
+            return bottomConstant();
+        else if (isZero(lhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return shl(static_cast<BoundedZ3Expr>(lhs), static_cast<BoundedZ3Expr>(rhs));
+    }
+
+    friend SingleAbsValue lshr(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs) || (rhs.is_numeral() && !rhs.geq(0)))
+            return bottomConstant();
+        else if (isZero(lhs))
+            return 0;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return lshr(static_cast<BoundedZ3Expr>(lhs), static_cast<BoundedZ3Expr>(rhs));
+    }
+
+    friend SingleAbsValue int2bv(u32_t n, const SingleAbsValue &e)
+    {
+        if (isBottomAbsValue(e))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(e))
+            return topConstant();
+        else
+            return int2bv(n, static_cast<BoundedZ3Expr>(e));
+    }
+
+    friend SingleAbsValue bv2int(const SingleAbsValue &e, bool isSigned)
+    {
+        if (isBottomAbsValue(e))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(e))
+            return topConstant();
+        else
+            return bv2int(static_cast<BoundedZ3Expr>(e), isSigned);
+    }
+
+    friend SingleAbsValue operator&&(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (eq(lhs, getContext().bool_val(false)) || eq(rhs, getContext().bool_val(false)))
+            return getContext().bool_val(false);
+        else if (eq(lhs, getContext().bool_val(true)))
+            return rhs;
+        else if (eq(rhs, getContext().bool_val(true)))
+            return lhs;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) && static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator||(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs))
+        {
+            return bottomConstant();
+        }
+        else if (eq(lhs, getContext().bool_val(true)) || eq(rhs, getContext().bool_val(true)))
+            return getContext().bool_val(true);
+        else if (eq(lhs, getContext().bool_val(false)))
+            return rhs;
+        else if (eq(rhs, getContext().bool_val(false)))
+            return lhs;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs))
+            return topConstant();
+        else
+            return static_cast<BoundedZ3Expr>(lhs) || static_cast<BoundedZ3Expr>(rhs);
+    }
+
+    friend SingleAbsValue operator!(const SingleAbsValue &lhs)
+    {
+        if (isBottomAbsValue(lhs))
+        {
+            return bottomConstant();
+        }
+        else if (isTopAbsValue(lhs))
+            return topConstant();
+        else
+            return !static_cast<BoundedZ3Expr>(lhs);
+    }
+
+    friend SingleAbsValue ite(const SingleAbsValue &cond, const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        if (isBottomAbsValue(lhs) || isBottomAbsValue(rhs) || isBottomAbsValue(cond))
+        {
+            return bottomConstant();
+        }
+        else if (eq(cond, getContext().bool_val(true)))
+            return lhs;
+        else if (eq(cond, getContext().bool_val(false)))
+            return rhs;
+        else if (isTopAbsValue(lhs) || isTopAbsValue(rhs) || isTopAbsValue(cond))
+            return topConstant();
+        else
+            return ite(static_cast<BoundedZ3Expr>(cond), static_cast<BoundedZ3Expr>(lhs),
+                       static_cast<BoundedZ3Expr>(rhs));
+    }
+
+    friend std::ostream &operator<<(std::ostream &out, const SingleAbsValue &expr)
+    {
+        out << static_cast<BoundedZ3Expr>(expr);
+        return out;
+    }
+
+    friend bool eq(const SingleAbsValue &lhs, const SingleAbsValue &rhs)
+    {
+        return eq(static_cast<BoundedZ3Expr>(lhs), static_cast<BoundedZ3Expr>(rhs));
+    }
+
+    inline SingleAbsValue simplify() const
+    {
+        return getExpr().simplify();
+    }
+    //%}
+}; // end class ConZ3Expr
+} // end namespace SVF
+
+/// Specialise hash for ConZ3Expr
+template<>
+struct std::hash<SVF::SingleAbsValue>
+{
+    size_t operator()(const SVF::SingleAbsValue &z3Expr) const
+    {
+        return z3Expr.hash();
+    }
+};
+
+
+#endif //SVF_SINGLEABSVALUE_H

package/svf/include/Util/Options.h

@@ -223,6 +223,9 @@ public:
     // Conditions.cpp
     static const Option<u32_t> MaxZ3Size;
 
+    // BoundedZ3Expr.cpp
+    static const Option<u32_t> MaxBVLen;
+
     // SaberCondAllocator.cpp
     static const Option<bool> PrintPathCond;
 

package/svf/lib/AbstractExecution/BoundedZ3Expr.cpp

@@ -0,0 +1,64 @@
+//===- BoundedZ3Expr.cpp ----Address Value Sets-------------------------//
+//
+//                     SVF: Static Value-Flow Analysis
+//
+// Copyright (C) <2013-2022>  <Yulei Sui>
+//
+
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+//===----------------------------------------------------------------------===//
+/*
+ * BoundedZ3Expr.cpp
+ *
+ *  Created on: Mar 20, 2023
+ *      Author: Xiao Cheng
+ *
+ */
+#include "AbstractExecution/BoundedZ3Expr.h"
+#include "Util/Options.h"
+
+using namespace SVF;
+
+int64_t BoundedZ3Expr::bvLen() const
+{
+    if(is_infinite()) return Options::MaxBVLen();
+    // No overflow
+    if(getNumeral() != INT64_MIN && getNumeral() != INT64_MAX) return Options::MaxBVLen();
+    // Create a symbolic variable
+    Z3Expr x = getContext().real_const("x");
+    Z3Expr y = getContext().real_const("y");
+
+    // Add constraints and assertions
+    Z3Expr constraint1 = x > 0;                          // x > 0
+    Z3Expr constraint2 = x == z3::pw(2, y.getExpr()); // x = 2^y, where y is a real variable
+    Z3Expr assertions = constraint1 && constraint2;
+    Z3Expr::getSolver().push();
+    // Add assertions to the solver
+    Z3Expr::getSolver().add(assertions.getExpr());
+
+    // Check for a solution
+    if (solver->check() == z3::sat)
+    {
+        z3::model model = solver->get_model();
+        Z3Expr log2_x = model.eval(y.getExpr(), true);
+        Z3Expr::getSolver().pop();
+        return BoundedZ3Expr(log2_x + 1).simplify().getNumeral();
+    }
+    else
+    {
+        Z3Expr::getSolver().pop();
+        return Options::MaxBVLen();
+    }
+}

package/svf/lib/Util/Options.cpp

@@ -688,6 +688,14 @@ const Option<u32_t> Options::MaxZ3Size(
     30
 );
 
+// BoundedZ3Expr.cpp
+const Option<u32_t> Options::MaxBVLen(
+    "max-bv-len",
+    "Maximum length limit for Z3 bitvector",
+    64
+);
+
+
 
 // SaberCondAllocator.cpp
 const Option<bool> Options::PrintPathCond(