svf-tools 1.0.725 → 1.0.727

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.725",
+  "version": "1.0.727",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AbstractExecution/AddressValue.h

@@ -136,13 +136,22 @@ public:
     }
 
     /// Current AddressValue joins with another AddressValue
-    void join_with(const AddressValue &other)
+    bool join_with(const AddressValue &other)
     {
-        _addrs.insert(other.begin(), other.end());
+        bool changed = false;
+        for (const auto &addr: other)
+        {
+            if (!_addrs.count(addr))
+            {
+                if (insert(addr).second)
+                    changed = true;
+            }
+        }
+        return changed;
     }
 
     /// Return a intersected AddressValue
-    void meet_with(const AddressValue &other)
+    bool meet_with(const AddressValue &other)
     {
         AddrSet s;
         for (const auto &id: other._addrs)
@@ -152,7 +161,9 @@ public:
                 s.insert(id);
             }
         }
+        bool changed = (_addrs != s);
         _addrs = std::move(s);
+        return changed;
     }
 
     /// Return true if the AddressValue contains n

package/svf/include/AbstractExecution/BoundedZ3Expr.h

@@ -1,4 +1,4 @@
-//===- AddressValue.h ----Address Value Sets-------------------------//
+//===- BoundedZ3Expr.h ----Address Value Sets-------------------------//
 //
 //                     SVF: Static Value-Flow Analysis
 //
@@ -248,17 +248,20 @@ public:
 
     friend BoundedZ3Expr operator^(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(int2bv(64, lhs.getExpr()) ^ int2bv(64, rhs.getExpr()), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(int2bv(maxBvLen, lhs.getExpr()) ^ int2bv(maxBvLen, rhs.getExpr()), true);
     }
 
     friend BoundedZ3Expr operator&(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(int2bv(64, lhs.getExpr()) & int2bv(64, rhs.getExpr()), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(int2bv(maxBvLen, lhs.getExpr()) & int2bv(maxBvLen, rhs.getExpr()), true);
     }
 
     friend BoundedZ3Expr operator|(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(int2bv(64, lhs.getExpr()) | int2bv(64, rhs.getExpr()), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(int2bv(maxBvLen, lhs.getExpr()) | int2bv(maxBvLen, rhs.getExpr()), true);
     }
 
     friend BoundedZ3Expr ashr(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
@@ -270,7 +273,10 @@ public:
         else if (rhs.is_infinite())
             return ite(lhs.getExpr() >= 0, BoundedZ3Expr(0), BoundedZ3Expr(-1));
         else
-            return bv2int(ashr(int2bv(64, lhs.getExpr()), int2bv(64, rhs.getExpr())), true);
+        {
+            const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+            return bv2int(ashr(int2bv(maxBvLen, lhs.getExpr()), int2bv(maxBvLen, rhs.getExpr())), true);
+        }
     }
 
     friend BoundedZ3Expr shl(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
@@ -282,12 +288,16 @@ public:
         else if (rhs.is_infinite())
             return ite(lhs.getExpr() >= 0, plus_infinity(), minus_infinity());
         else
-            return bv2int(shl(int2bv(64, lhs.getExpr()), int2bv(64, rhs.getExpr())), true);
+        {
+            const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+            return bv2int(shl(int2bv(maxBvLen, lhs.getExpr()), int2bv(maxBvLen, rhs.getExpr())), true);
+        }
     }
 
     friend BoundedZ3Expr lshr(const BoundedZ3Expr &lhs, const BoundedZ3Expr &rhs)
     {
-        return bv2int(lshr(int2bv(64, lhs.getExpr()), int2bv(64, rhs.getExpr())), true);
+        const auto &maxBvLen = std::max(lhs.bvLen(), rhs.bvLen());
+        return bv2int(lshr(int2bv(maxBvLen, lhs.getExpr()), int2bv(maxBvLen, rhs.getExpr())), true);
     }
 
     friend BoundedZ3Expr int2bv(u32_t n, const BoundedZ3Expr &e)
@@ -340,6 +350,36 @@ public:
     {
         return getExpr().is_true();
     }
+
+    /// Return Numeral
+    inline int64_t getNumeral() const
+    {
+        if (is_numeral())
+        {
+            int64_t i;
+            if (getExpr().is_numeral_i64(i))
+                return get_numeral_int64();
+            else
+            {
+                return (getExpr() < 0).simplify().is_true() ? INT64_MIN : INT64_MAX;
+            }
+        }
+        if (is_minus_infinite())
+        {
+            return INT64_MIN;
+        }
+        else if (is_plus_infinite())
+        {
+            return INT64_MAX;
+        }
+        else
+        {
+            assert(false && "other literal?");
+            abort();
+        }
+    }
+
+    int64_t bvLen() const;
     //%}
 }; // end class ConZ3Expr
 } // end namespace SVF

package/svf/include/AbstractExecution/NumericLiteral.h

@@ -119,29 +119,7 @@ public:
     /// Return Numeral
     inline int64_t getNumeral() const
     {
-        if (_n.is_numeral())
-        {
-            int64_t i;
-            if(_n.getExpr().is_numeral_i64(i))
-                return _n.get_numeral_int64();
-            else
-            {
-                return leq(0) ? INT64_MIN : INT64_MAX;
-            }
-        }
-        if (is_minus_infinity())
-        {
-            return INT64_MIN;
-        }
-        else if (is_plus_infinity())
-        {
-            return INT64_MAX;
-        }
-        else
-        {
-            assert(false && "other literal?");
-            abort();
-        }
+        return _n.getNumeral();
     }
 
     /// Check two object is equal

package/svf/include/SVFIR/SVFType.h

@@ -471,6 +471,12 @@ public:
     void print(std::ostream& OS) const override;
 };
 
+/// [FOR DEBUG ONLY, DON'T USE IT UNSIDE `svf`!]
+/// Converts an SVFType to corresponding LLVM::Type, then get the string
+/// representation of it. Use it only when you are debugging. Don't use
+/// it in any SVF algorithm because it relies on information stored in LLVM bc.
+std::string dumpLLVMType(const SVFType* svfType);
+
 // TODO: be explicit that this is a pair of 32-bit unsigneds?
 template <> struct Hash<NodePair>
 {

package/svf/include/SVFIR/SVFValue.h

@@ -1140,6 +1140,12 @@ public:
     }
 };
 
+/// [FOR DEBUG ONLY, DON'T USE IT UNSIDE `svf`!]
+/// Converts an SVFValue to corresponding LLVM::Value, then get the string
+/// representation of it. Use it only when you are debugging. Don't use
+/// it in any SVF algorithm because it relies on information stored in LLVM bc.
+std::string dumpLLVMValue(const SVFValue* svfValue);
+
 template <typename F, typename S>
 OutStream& operator<< (OutStream &o, const std::pair<F, S> &var)
 {

package/svf/include/Util/Options.h

@@ -223,6 +223,9 @@ public:
     // Conditions.cpp
     static const Option<u32_t> MaxZ3Size;
 
+    // BoundedZ3Expr.cpp
+    static const Option<u32_t> MaxBVLen;
+
     // SaberCondAllocator.cpp
     static const Option<bool> PrintPathCond;
 

package/svf/lib/AbstractExecution/BoundedZ3Expr.cpp

@@ -0,0 +1,64 @@
+//===- BoundedZ3Expr.cpp ----Address Value Sets-------------------------//
+//
+//                     SVF: Static Value-Flow Analysis
+//
+// Copyright (C) <2013-2022>  <Yulei Sui>
+//
+
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+//===----------------------------------------------------------------------===//
+/*
+ * BoundedZ3Expr.cpp
+ *
+ *  Created on: Mar 20, 2023
+ *      Author: Xiao Cheng
+ *
+ */
+#include "AbstractExecution/BoundedZ3Expr.h"
+#include "Util/Options.h"
+
+using namespace SVF;
+
+int64_t BoundedZ3Expr::bvLen() const
+{
+    if(is_infinite()) return Options::MaxBVLen();
+    // No overflow
+    if(getNumeral() != INT64_MIN && getNumeral() != INT64_MAX) return Options::MaxBVLen();
+    // Create a symbolic variable
+    Z3Expr x = getContext().real_const("x");
+    Z3Expr y = getContext().real_const("y");
+
+    // Add constraints and assertions
+    Z3Expr constraint1 = x > 0;                          // x > 0
+    Z3Expr constraint2 = x == z3::pw(2, y.getExpr()); // x = 2^y, where y is a real variable
+    Z3Expr assertions = constraint1 && constraint2;
+    Z3Expr::getSolver().push();
+    // Add assertions to the solver
+    Z3Expr::getSolver().add(assertions.getExpr());
+
+    // Check for a solution
+    if (solver->check() == z3::sat)
+    {
+        z3::model model = solver->get_model();
+        Z3Expr log2_x = model.eval(y.getExpr(), true);
+        Z3Expr::getSolver().pop();
+        return BoundedZ3Expr(log2_x + 1).simplify().getNumeral();
+    }
+    else
+    {
+        Z3Expr::getSolver().pop();
+        return Options::MaxBVLen();
+    }
+}

package/svf/lib/Util/Options.cpp

@@ -688,6 +688,14 @@ const Option<u32_t> Options::MaxZ3Size(
     30
 );
 
+// BoundedZ3Expr.cpp
+const Option<u32_t> Options::MaxBVLen(
+    "max-bv-len",
+    "Maximum length limit for Z3 bitvector",
+    64
+);
+
+
 
 // SaberCondAllocator.cpp
 const Option<bool> Options::PrintPathCond(

package/svf-llvm/lib/LLVMUtil.cpp

@@ -1027,25 +1027,40 @@ s32_t LLVMUtil::getVCallIdx(const CallBase* cs)
 namespace SVF
 {
 const std::string SVFValue::toString() const
+{
+    // TODO: Should only use info in SVFValue. Refactor it later.
+    return dumpLLVMValue(this);
+}
+
+std::string dumpLLVMValue(const SVFValue* svfValue)
 {
     std::string str;
     llvm::raw_string_ostream rawstr(str);
-    if (const SVF::SVFFunction* fun = SVFUtil::dyn_cast<SVFFunction>(this))
+    if (const SVF::SVFFunction* fun = SVFUtil::dyn_cast<SVFFunction>(svfValue))
     {
         rawstr << "Function: " << fun->getName() << " ";
     }
-    else if (const SVFBasicBlock* bb = SVFUtil::dyn_cast<SVFBasicBlock>(this))
+    else if (const SVFBasicBlock* bb = SVFUtil::dyn_cast<SVFBasicBlock>(svfValue))
     {
         rawstr << "BasicBlock: " << bb->getName() << " ";
     }
     else
     {
         const Value* val =
-            LLVMModuleSet::getLLVMModuleSet()->getLLVMValue(this);
+            LLVMModuleSet::getLLVMModuleSet()->getLLVMValue(svfValue);
         rawstr << " " << *val << " ";
     }
-    rawstr << this->getSourceLoc();
+    rawstr << svfValue->getSourceLoc();
     return rawstr.str();
 }
 
+std::string dumpLLVMType(const SVFType* svfType)
+{
+    std::string str;
+    llvm::raw_string_ostream rawstr(str);
+    const Type* ty = LLVMModuleSet::getLLVMModuleSet()->getLLVMType(svfType);
+    rawstr << *ty;
+    return rawstr.str();
 }
+
+} // namespace SVF