svf-tools 1.0.892 → 1.0.894
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SVF-doxygen/html/AbstractExecution_8cpp.html +3 -3
- package/SVF-doxygen/html/AbstractExecution_8cpp_source.html +1746 -1753
- package/SVF-doxygen/html/AbstractExecution_8h.html +0 -2
- package/SVF-doxygen/html/AbstractExecution_8h_source.html +284 -335
- package/SVF-doxygen/html/BufOverflowChecker_8cpp_source.html +773 -791
- package/SVF-doxygen/html/BufOverflowChecker_8h.html +0 -2
- package/SVF-doxygen/html/BufOverflowChecker_8h_source.html +48 -81
- package/SVF-doxygen/html/ae_8cpp.html +16 -19
- package/SVF-doxygen/html/ae_8cpp_source.html +16 -19
- package/SVF-doxygen/html/annotated.html +434 -436
- package/SVF-doxygen/html/classSVF_1_1AEStat.html +168 -168
- package/SVF-doxygen/html/classSVF_1_1AbstractExecution-members.html +49 -24
- package/SVF-doxygen/html/classSVF_1_1AbstractExecution.html +2533 -1041
- package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker-members.html +71 -41
- package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker.html +777 -63
- package/SVF-doxygen/html/classes.html +418 -421
- package/SVF-doxygen/html/functions.html +8 -12
- package/SVF-doxygen/html/functions_a.html +10 -11
- package/SVF-doxygen/html/functions_b.html +5 -9
- package/SVF-doxygen/html/functions_c.html +26 -28
- package/SVF-doxygen/html/functions_d.html +2 -2
- package/SVF-doxygen/html/functions_e.html +2 -2
- package/SVF-doxygen/html/functions_enum.html +1 -1
- package/SVF-doxygen/html/functions_eval_m.html +2 -2
- package/SVF-doxygen/html/functions_eval_s.html +2 -2
- package/SVF-doxygen/html/functions_eval_u.html +1 -1
- package/SVF-doxygen/html/functions_func.html +9 -12
- package/SVF-doxygen/html/functions_func_b.html +2 -5
- package/SVF-doxygen/html/functions_func_c.html +25 -27
- package/SVF-doxygen/html/functions_func_d.html +2 -2
- package/SVF-doxygen/html/functions_func_g.html +15 -16
- package/SVF-doxygen/html/functions_func_h.html +6 -6
- package/SVF-doxygen/html/functions_func_i.html +9 -13
- package/SVF-doxygen/html/functions_func_p.html +1 -1
- package/SVF-doxygen/html/functions_func_s.html +19 -20
- package/SVF-doxygen/html/functions_func_t.html +1 -1
- package/SVF-doxygen/html/functions_func_~.html +0 -3
- package/SVF-doxygen/html/functions_g.html +21 -22
- package/SVF-doxygen/html/functions_h.html +6 -6
- package/SVF-doxygen/html/functions_i.html +15 -19
- package/SVF-doxygen/html/functions_l.html +5 -5
- package/SVF-doxygen/html/functions_m.html +2 -2
- package/SVF-doxygen/html/functions_o.html +15 -15
- package/SVF-doxygen/html/functions_p.html +13 -13
- package/SVF-doxygen/html/functions_r.html +4 -2
- package/SVF-doxygen/html/functions_s.html +21 -22
- package/SVF-doxygen/html/functions_t.html +5 -5
- package/SVF-doxygen/html/functions_type_c.html +1 -1
- package/SVF-doxygen/html/functions_u.html +1 -1
- package/SVF-doxygen/html/functions_vars.html +8 -12
- package/SVF-doxygen/html/functions_vars_b.html +0 -3
- package/SVF-doxygen/html/functions_w.html +7 -13
- package/SVF-doxygen/html/functions_~.html +0 -3
- package/SVF-doxygen/html/hierarchy.html +629 -631
- package/SVF-doxygen/html/namespaceSVF.html +5 -9
- package/SVF-doxygen/html/search/all_0.js +11 -11
- package/SVF-doxygen/html/search/all_1.js +5 -5
- package/SVF-doxygen/html/search/all_10.js +325 -325
- package/SVF-doxygen/html/search/all_11.js +226 -226
- package/SVF-doxygen/html/search/all_12.js +570 -570
- package/SVF-doxygen/html/search/all_13.js +207 -207
- package/SVF-doxygen/html/search/all_14.js +70 -70
- package/SVF-doxygen/html/search/all_15.js +176 -176
- package/SVF-doxygen/html/search/all_16.js +77 -77
- package/SVF-doxygen/html/search/all_17.js +1 -1
- package/SVF-doxygen/html/search/all_18.js +1 -1
- package/SVF-doxygen/html/search/all_19.js +26 -26
- package/SVF-doxygen/html/search/all_1a.js +179 -180
- package/SVF-doxygen/html/search/all_2.js +65 -66
- package/SVF-doxygen/html/search/all_3.js +640 -640
- package/SVF-doxygen/html/search/all_4.js +235 -235
- package/SVF-doxygen/html/search/all_5.js +126 -126
- package/SVF-doxygen/html/search/all_6.js +232 -232
- package/SVF-doxygen/html/search/all_7.js +1047 -1047
- package/SVF-doxygen/html/search/all_8.js +215 -215
- package/SVF-doxygen/html/search/all_9.js +629 -630
- package/SVF-doxygen/html/search/all_a.js +46 -46
- package/SVF-doxygen/html/search/all_b.js +26 -26
- package/SVF-doxygen/html/search/all_c.js +115 -115
- package/SVF-doxygen/html/search/all_d.js +204 -204
- package/SVF-doxygen/html/search/all_e.js +209 -209
- package/SVF-doxygen/html/search/all_f.js +122 -122
- package/SVF-doxygen/html/search/classes_0.js +28 -29
- package/SVF-doxygen/html/search/classes_1.js +11 -12
- package/SVF-doxygen/html/search/classes_10.js +74 -74
- package/SVF-doxygen/html/search/classes_11.js +14 -14
- package/SVF-doxygen/html/search/classes_12.js +2 -2
- package/SVF-doxygen/html/search/classes_13.js +10 -10
- package/SVF-doxygen/html/search/classes_14.js +19 -19
- package/SVF-doxygen/html/search/classes_15.js +1 -1
- package/SVF-doxygen/html/search/classes_2.js +73 -73
- package/SVF-doxygen/html/search/classes_3.js +35 -35
- package/SVF-doxygen/html/search/classes_4.js +8 -8
- package/SVF-doxygen/html/search/classes_5.js +28 -28
- package/SVF-doxygen/html/search/classes_6.js +98 -98
- package/SVF-doxygen/html/search/classes_7.js +38 -38
- package/SVF-doxygen/html/search/classes_8.js +59 -59
- package/SVF-doxygen/html/search/classes_9.js +1 -1
- package/SVF-doxygen/html/search/classes_a.js +12 -12
- package/SVF-doxygen/html/search/classes_b.js +29 -29
- package/SVF-doxygen/html/search/classes_c.js +6 -6
- package/SVF-doxygen/html/search/classes_d.js +19 -19
- package/SVF-doxygen/html/search/classes_e.js +36 -36
- package/SVF-doxygen/html/search/classes_f.js +25 -25
- package/SVF-doxygen/html/search/defines_0.js +3 -3
- package/SVF-doxygen/html/search/defines_1.js +3 -3
- package/SVF-doxygen/html/search/defines_10.js +2 -2
- package/SVF-doxygen/html/search/defines_2.js +30 -30
- package/SVF-doxygen/html/search/defines_3.js +20 -20
- package/SVF-doxygen/html/search/defines_4.js +3 -3
- package/SVF-doxygen/html/search/defines_5.js +4 -4
- package/SVF-doxygen/html/search/defines_6.js +2 -2
- package/SVF-doxygen/html/search/defines_7.js +5 -5
- package/SVF-doxygen/html/search/defines_8.js +11 -11
- package/SVF-doxygen/html/search/defines_9.js +9 -9
- package/SVF-doxygen/html/search/defines_a.js +2 -2
- package/SVF-doxygen/html/search/defines_b.js +1 -1
- package/SVF-doxygen/html/search/defines_c.js +4 -4
- package/SVF-doxygen/html/search/defines_d.js +2 -2
- package/SVF-doxygen/html/search/defines_e.js +8 -8
- package/SVF-doxygen/html/search/defines_f.js +4 -4
- package/SVF-doxygen/html/search/enums_0.js +4 -4
- package/SVF-doxygen/html/search/enums_1.js +2 -2
- package/SVF-doxygen/html/search/enums_10.js +1 -1
- package/SVF-doxygen/html/search/enums_11.js +1 -1
- package/SVF-doxygen/html/search/enums_2.js +8 -8
- package/SVF-doxygen/html/search/enums_3.js +1 -1
- package/SVF-doxygen/html/search/enums_4.js +4 -4
- package/SVF-doxygen/html/search/enums_5.js +1 -1
- package/SVF-doxygen/html/search/enums_6.js +2 -2
- package/SVF-doxygen/html/search/enums_7.js +2 -2
- package/SVF-doxygen/html/search/enums_8.js +4 -4
- package/SVF-doxygen/html/search/enums_9.js +1 -1
- package/SVF-doxygen/html/search/enums_a.js +1 -1
- package/SVF-doxygen/html/search/enums_b.js +7 -7
- package/SVF-doxygen/html/search/enums_c.js +1 -1
- package/SVF-doxygen/html/search/enums_d.js +4 -4
- package/SVF-doxygen/html/search/enums_e.js +2 -2
- package/SVF-doxygen/html/search/enums_f.js +4 -4
- package/SVF-doxygen/html/search/enumvalues_0.js +15 -15
- package/SVF-doxygen/html/search/enumvalues_1.js +15 -15
- package/SVF-doxygen/html/search/enumvalues_10.js +35 -35
- package/SVF-doxygen/html/search/enumvalues_11.js +4 -4
- package/SVF-doxygen/html/search/enumvalues_12.js +10 -10
- package/SVF-doxygen/html/search/enumvalues_13.js +1 -1
- package/SVF-doxygen/html/search/enumvalues_14.js +1 -1
- package/SVF-doxygen/html/search/enumvalues_15.js +3 -3
- package/SVF-doxygen/html/search/enumvalues_2.js +36 -36
- package/SVF-doxygen/html/search/enumvalues_3.js +13 -13
- package/SVF-doxygen/html/search/enumvalues_4.js +2 -2
- package/SVF-doxygen/html/search/enumvalues_5.js +47 -47
- package/SVF-doxygen/html/search/enumvalues_6.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_7.js +8 -8
- package/SVF-doxygen/html/search/enumvalues_8.js +23 -23
- package/SVF-doxygen/html/search/enumvalues_9.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_a.js +17 -17
- package/SVF-doxygen/html/search/enumvalues_b.js +11 -11
- package/SVF-doxygen/html/search/enumvalues_c.js +5 -5
- package/SVF-doxygen/html/search/enumvalues_d.js +18 -18
- package/SVF-doxygen/html/search/enumvalues_e.js +9 -9
- package/SVF-doxygen/html/search/enumvalues_f.js +47 -47
- package/SVF-doxygen/html/search/files_0.js +16 -16
- package/SVF-doxygen/html/search/files_1.js +9 -9
- package/SVF-doxygen/html/search/files_10.js +8 -8
- package/SVF-doxygen/html/search/files_11.js +8 -8
- package/SVF-doxygen/html/search/files_12.js +2 -2
- package/SVF-doxygen/html/search/files_2.js +53 -53
- package/SVF-doxygen/html/search/files_3.js +14 -14
- package/SVF-doxygen/html/search/files_4.js +5 -5
- package/SVF-doxygen/html/search/files_5.js +13 -13
- package/SVF-doxygen/html/search/files_6.js +10 -10
- package/SVF-doxygen/html/search/files_7.js +17 -17
- package/SVF-doxygen/html/search/files_8.js +13 -13
- package/SVF-doxygen/html/search/files_9.js +18 -18
- package/SVF-doxygen/html/search/files_a.js +3 -3
- package/SVF-doxygen/html/search/files_b.js +4 -4
- package/SVF-doxygen/html/search/files_c.js +20 -20
- package/SVF-doxygen/html/search/files_d.js +4 -4
- package/SVF-doxygen/html/search/files_e.js +62 -62
- package/SVF-doxygen/html/search/files_f.js +8 -8
- package/SVF-doxygen/html/search/functions_0.js +13 -13
- package/SVF-doxygen/html/search/functions_1.js +368 -369
- package/SVF-doxygen/html/search/functions_10.js +140 -140
- package/SVF-doxygen/html/search/functions_11.js +140 -140
- package/SVF-doxygen/html/search/functions_12.js +299 -299
- package/SVF-doxygen/html/search/functions_13.js +73 -73
- package/SVF-doxygen/html/search/functions_14.js +41 -41
- package/SVF-doxygen/html/search/functions_15.js +72 -72
- package/SVF-doxygen/html/search/functions_16.js +38 -38
- package/SVF-doxygen/html/search/functions_17.js +3 -3
- package/SVF-doxygen/html/search/functions_18.js +179 -180
- package/SVF-doxygen/html/search/functions_2.js +94 -95
- package/SVF-doxygen/html/search/functions_3.js +261 -261
- package/SVF-doxygen/html/search/functions_4.js +84 -84
- package/SVF-doxygen/html/search/functions_5.js +57 -57
- package/SVF-doxygen/html/search/functions_6.js +65 -65
- package/SVF-doxygen/html/search/functions_7.js +863 -863
- package/SVF-doxygen/html/search/functions_8.js +162 -162
- package/SVF-doxygen/html/search/functions_9.js +438 -439
- package/SVF-doxygen/html/search/functions_a.js +30 -30
- package/SVF-doxygen/html/search/functions_b.js +2 -2
- package/SVF-doxygen/html/search/functions_c.js +25 -25
- package/SVF-doxygen/html/search/functions_d.js +82 -82
- package/SVF-doxygen/html/search/functions_e.js +36 -36
- package/SVF-doxygen/html/search/functions_f.js +58 -58
- package/SVF-doxygen/html/search/namespaces_0.js +1 -1
- package/SVF-doxygen/html/search/namespaces_1.js +7 -7
- package/SVF-doxygen/html/search/related_0.js +4 -4
- package/SVF-doxygen/html/search/related_1.js +2 -2
- package/SVF-doxygen/html/search/related_2.js +2 -2
- package/SVF-doxygen/html/search/related_3.js +2 -2
- package/SVF-doxygen/html/search/related_4.js +2 -2
- package/SVF-doxygen/html/search/related_5.js +1 -1
- package/SVF-doxygen/html/search/related_6.js +2 -2
- package/SVF-doxygen/html/search/related_7.js +5 -5
- package/SVF-doxygen/html/search/related_8.js +2 -2
- package/SVF-doxygen/html/search/related_9.js +4 -4
- package/SVF-doxygen/html/search/related_a.js +19 -19
- package/SVF-doxygen/html/search/related_b.js +4 -4
- package/SVF-doxygen/html/search/related_c.js +2 -2
- package/SVF-doxygen/html/search/related_d.js +12 -12
- package/SVF-doxygen/html/search/related_e.js +2 -2
- package/SVF-doxygen/html/search/related_f.js +2 -2
- package/SVF-doxygen/html/search/typedefs_0.js +19 -19
- package/SVF-doxygen/html/search/typedefs_1.js +27 -27
- package/SVF-doxygen/html/search/typedefs_10.js +63 -63
- package/SVF-doxygen/html/search/typedefs_11.js +13 -13
- package/SVF-doxygen/html/search/typedefs_12.js +11 -11
- package/SVF-doxygen/html/search/typedefs_13.js +40 -40
- package/SVF-doxygen/html/search/typedefs_14.js +11 -11
- package/SVF-doxygen/html/search/typedefs_2.js +125 -125
- package/SVF-doxygen/html/search/typedefs_3.js +39 -39
- package/SVF-doxygen/html/search/typedefs_4.js +17 -17
- package/SVF-doxygen/html/search/typedefs_5.js +42 -42
- package/SVF-doxygen/html/search/typedefs_6.js +54 -54
- package/SVF-doxygen/html/search/typedefs_7.js +47 -47
- package/SVF-doxygen/html/search/typedefs_8.js +1 -1
- package/SVF-doxygen/html/search/typedefs_9.js +6 -6
- package/SVF-doxygen/html/search/typedefs_a.js +29 -29
- package/SVF-doxygen/html/search/typedefs_b.js +29 -29
- package/SVF-doxygen/html/search/typedefs_c.js +41 -41
- package/SVF-doxygen/html/search/typedefs_d.js +15 -15
- package/SVF-doxygen/html/search/typedefs_e.js +52 -52
- package/SVF-doxygen/html/search/typedefs_f.js +14 -14
- package/SVF-doxygen/html/search/variables_0.js +177 -177
- package/SVF-doxygen/html/search/variables_1.js +76 -76
- package/SVF-doxygen/html/search/variables_10.js +98 -98
- package/SVF-doxygen/html/search/variables_11.js +46 -46
- package/SVF-doxygen/html/search/variables_12.js +93 -93
- package/SVF-doxygen/html/search/variables_13.js +76 -76
- package/SVF-doxygen/html/search/variables_14.js +14 -14
- package/SVF-doxygen/html/search/variables_15.js +49 -49
- package/SVF-doxygen/html/search/variables_16.js +11 -11
- package/SVF-doxygen/html/search/variables_17.js +1 -1
- package/SVF-doxygen/html/search/variables_18.js +17 -17
- package/SVF-doxygen/html/search/variables_2.js +40 -41
- package/SVF-doxygen/html/search/variables_3.js +142 -142
- package/SVF-doxygen/html/search/variables_4.js +51 -51
- package/SVF-doxygen/html/search/variables_5.js +39 -39
- package/SVF-doxygen/html/search/variables_6.js +66 -66
- package/SVF-doxygen/html/search/variables_7.js +34 -34
- package/SVF-doxygen/html/search/variables_8.js +8 -8
- package/SVF-doxygen/html/search/variables_9.js +79 -79
- package/SVF-doxygen/html/search/variables_a.js +4 -4
- package/SVF-doxygen/html/search/variables_b.js +10 -10
- package/SVF-doxygen/html/search/variables_c.js +45 -45
- package/SVF-doxygen/html/search/variables_d.js +57 -57
- package/SVF-doxygen/html/search/variables_e.js +123 -123
- package/SVF-doxygen/html/search/variables_f.js +31 -31
- package/package.json +1 -1
- package/setup.sh +1 -1
- package/svf/include/AE/Svfexe/AbstractExecution.h +55 -102
- package/svf/include/AE/Svfexe/BufOverflowChecker.h +12 -33
- package/svf/lib/AE/Svfexe/AbstractExecution.cpp +59 -64
- package/svf/lib/AE/Svfexe/BufOverflowChecker.cpp +44 -59
- package/svf-llvm/tools/AE/ae.cpp +1 -2
|
@@ -139,780 +139,763 @@ $(function() {
|
|
|
139
139
|
<div class="line"><a name="l00068"></a><span class="lineno"> 68</span>  <span class="keywordflow">for</span> (<a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> addrID: <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a48fec38aad1c2a9a140ee94e9fdd7e9b">getAddrs</a>(gep->getLHSVarID()))</div>
|
|
140
140
|
<div class="line"><a name="l00069"></a><span class="lineno"> 69</span>  {</div>
|
|
141
141
|
<div class="line"><a name="l00070"></a><span class="lineno"> 70</span>  <a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> objId = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a66c426719f583653cb70189f01d6fda5">getInternalID</a>(addrID);</div>
|
|
142
|
-
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  <
|
|
143
|
-
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span> 
|
|
144
|
-
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span> 
|
|
145
|
-
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span> 
|
|
146
|
-
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span> 
|
|
147
|
-
<div class="line"><a name="l00076"></a><span class="lineno"> 76</span> 
|
|
148
|
-
<div class="line"><a name="l00077"></a><span class="lineno"
|
|
149
|
-
<div class="line"><a name="l00078"></a><span class="lineno"> 78</span> {</div>
|
|
150
|
-
<div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  <span class="
|
|
151
|
-
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <
|
|
152
|
-
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <span class="
|
|
153
|
-
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  <
|
|
154
|
-
<div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <span class="
|
|
155
|
-
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>  <
|
|
156
|
-
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  <span class="
|
|
157
|
-
<div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <
|
|
158
|
-
<div class="line"><a name="l00087"></a><span class="lineno"> 87</span>  <span class="
|
|
159
|
-
<div class="line"><a name="l00088"></a><span class="lineno"> 88</span>  <
|
|
160
|
-
<div class="line"><a name="l00089"></a><span class="lineno"> 89</span>  <span class="
|
|
161
|
-
<div class="line"><a name="l00090"></a><span class="lineno"> 90</span>  <
|
|
162
|
-
<div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <span class="
|
|
163
|
-
<div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  <
|
|
164
|
-
<div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  <span class="
|
|
165
|
-
<div class="line"><a name="l00094"></a><span class="lineno"> 94</span>  <
|
|
166
|
-
<div class="line"><a name="l00095"></a><span class="lineno"> 95</span>  <span class="
|
|
167
|
-
<div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  <
|
|
168
|
-
<div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <span class="
|
|
169
|
-
<div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <
|
|
170
|
-
<div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <span class="
|
|
171
|
-
<div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  <
|
|
172
|
-
<div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <span class="
|
|
173
|
-
<div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  <
|
|
174
|
-
<div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  <span class="
|
|
175
|
-
<div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  <
|
|
176
|
-
<div class="line"><a name="l00105"></a><span class="lineno"> 105</span>  <span class="
|
|
177
|
-
<div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  <
|
|
178
|
-
<div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  <span class="
|
|
179
|
-
<div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  <
|
|
180
|
-
<div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  <span class="
|
|
181
|
-
<div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <
|
|
182
|
-
<div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  <span class="
|
|
183
|
-
<div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <
|
|
184
|
-
<div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  <span class="
|
|
185
|
-
<div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  <
|
|
186
|
-
<div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  <span class="
|
|
187
|
-
<div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  <
|
|
188
|
-
<div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  <span class="
|
|
189
|
-
<div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  <
|
|
190
|
-
<div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  <
|
|
191
|
-
<div class="line"><a name="l00120"></a><span class="lineno"> 120</span> 
|
|
192
|
-
<div class="line"><a name="l00121"></a><span class="lineno"> 121</span> 
|
|
142
|
+
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>[objId] = gep;</div>
|
|
143
|
+
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  }</div>
|
|
144
|
+
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span>  }</div>
|
|
145
|
+
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span> }</div>
|
|
146
|
+
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span>  </div>
|
|
147
|
+
<div class="line"><a name="l00076"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82"> 76</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">BufOverflowChecker::initExtAPIBufOverflowCheckRules</a>()</div>
|
|
148
|
+
<div class="line"><a name="l00077"></a><span class="lineno"> 77</span> {</div>
|
|
149
|
+
<div class="line"><a name="l00078"></a><span class="lineno"> 78</span>  <span class="comment">//void llvm_memcpy_p0i8_p0i8_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
150
|
+
<div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0i8_p0i8_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
151
|
+
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <span class="comment">//void llvm_memcpy_p0_p0_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
152
|
+
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0_p0_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
153
|
+
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  <span class="comment">//void llvm_memcpy_p0i8_p0i8_i32(char* dst, char* src, int sz, int flag){}</span></div>
|
|
154
|
+
<div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0i8_p0i8_i32"</span>] = {{0, 2}, {1,2}};</div>
|
|
155
|
+
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>  <span class="comment">//void llvm_memcpy(char* dst, char* src, int sz, int flag){}</span></div>
|
|
156
|
+
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy"</span>] = {{0, 2}, {1,2}};</div>
|
|
157
|
+
<div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <span class="comment">//void llvm_memmove(char* dst, char* src, int sz, int flag){}</span></div>
|
|
158
|
+
<div class="line"><a name="l00087"></a><span class="lineno"> 87</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove"</span>] = {{0, 2}, {1,2}};</div>
|
|
159
|
+
<div class="line"><a name="l00088"></a><span class="lineno"> 88</span>  <span class="comment">//void llvm_memmove_p0i8_p0i8_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
160
|
+
<div class="line"><a name="l00089"></a><span class="lineno"> 89</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0i8_p0i8_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
161
|
+
<div class="line"><a name="l00090"></a><span class="lineno"> 90</span>  <span class="comment">//void llvm_memmove_p0_p0_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
162
|
+
<div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0_p0_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
163
|
+
<div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  <span class="comment">//void llvm_memmove_p0i8_p0i8_i32(char* dst, char* src, int sz, int flag){}</span></div>
|
|
164
|
+
<div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0i8_p0i8_i32"</span>] = {{0, 2}, {1,2}};</div>
|
|
165
|
+
<div class="line"><a name="l00094"></a><span class="lineno"> 94</span>  <span class="comment">//void __memcpy_chk(char* dst, char* src, int sz, int flag){}</span></div>
|
|
166
|
+
<div class="line"><a name="l00095"></a><span class="lineno"> 95</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memcpy_chk"</span>] = {{0, 2}, {1,2}};</div>
|
|
167
|
+
<div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  <span class="comment">//void *memmove(void *str1, const void *str2, unsigned long n)</span></div>
|
|
168
|
+
<div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"memmove"</span>] = {{0, 2}, {1,2}};</div>
|
|
169
|
+
<div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <span class="comment">//void bcopy(const void *s1, void *s2, unsigned long n){}</span></div>
|
|
170
|
+
<div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"bcopy"</span>] = {{0, 2}, {1,2}};</div>
|
|
171
|
+
<div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  <span class="comment">//void *memccpy( void * restrict dest, const void * restrict src, int c, unsigned long count)</span></div>
|
|
172
|
+
<div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"memccpy"</span>] = {{0, 3}, {1,3}};</div>
|
|
173
|
+
<div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  <span class="comment">//void __memmove_chk(char* dst, char* src, int sz){}</span></div>
|
|
174
|
+
<div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memmove_chk"</span>] = {{0, 2}, {1,2}};</div>
|
|
175
|
+
<div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  <span class="comment">//void llvm_memset(char* dst, char elem, int sz, int flag){}</span></div>
|
|
176
|
+
<div class="line"><a name="l00105"></a><span class="lineno"> 105</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset"</span>] = {{0, 2}};</div>
|
|
177
|
+
<div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  <span class="comment">//void llvm_memset_p0i8_i32(char* dst, char elem, int sz, int flag){}</span></div>
|
|
178
|
+
<div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0i8_i32"</span>] = {{0, 2}};</div>
|
|
179
|
+
<div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  <span class="comment">//void llvm_memset_p0i8_i64(char* dst, char elem, int sz, int flag){}</span></div>
|
|
180
|
+
<div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0i8_i64"</span>] = {{0, 2}};</div>
|
|
181
|
+
<div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <span class="comment">//void llvm_memset_p0_i64(char* dst, char elem, int sz, int flag){}</span></div>
|
|
182
|
+
<div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0_i64"</span>] = {{0, 2}};</div>
|
|
183
|
+
<div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <span class="comment">//char *__memset_chk(char * dest, int c, unsigned long destlen, int flag)</span></div>
|
|
184
|
+
<div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memset_chk"</span>] = {{0, 2}};</div>
|
|
185
|
+
<div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  <span class="comment">//char *wmemset(wchar_t * dst, wchar_t elem, int sz, int flag) {</span></div>
|
|
186
|
+
<div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"wmemset"</span>] = {{0, 2}};</div>
|
|
187
|
+
<div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  <span class="comment">//char *strncpy(char *dest, const char *src, unsigned long n)</span></div>
|
|
188
|
+
<div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"strncpy"</span>] = {{0, 2}, {1,2}};</div>
|
|
189
|
+
<div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  <span class="comment">//unsigned long iconv(void* cd, char **restrict inbuf, unsigned long *restrict inbytesleft, char **restrict outbuf, unsigned long *restrict outbytesleft)</span></div>
|
|
190
|
+
<div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"iconv"</span>] = {{1, 2}, {3, 4}};</div>
|
|
191
|
+
<div class="line"><a name="l00120"></a><span class="lineno"> 120</span> }</div>
|
|
192
|
+
<div class="line"><a name="l00121"></a><span class="lineno"> 121</span>  </div>
|
|
193
193
|
<div class="line"><a name="l00122"></a><span class="lineno"> 122</span>  </div>
|
|
194
|
-
<div class="line"><a name="l00123"></a><span class="lineno"> 123</span> 
|
|
195
|
-
<div class="line"><a name="l00124"></a><span class="lineno"
|
|
196
|
-
<div class="line"><a name="l00125"></a><span class="lineno"> 125</span> 
|
|
197
|
-
<div class="line"><a name="l00126"></a><span class="lineno"> 126</span>  <
|
|
198
|
-
<div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>*
|
|
199
|
-
<div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  <
|
|
200
|
-
<div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  <
|
|
201
|
-
<div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <span class="
|
|
202
|
-
<div class="line"><a name="l00131"></a><span class="lineno"> 131</span> 
|
|
203
|
-
<div class="line"><a name="l00132"></a><span class="lineno"> 132</span> 
|
|
204
|
-
<div class="line"><a name="l00133"></a><span class="lineno"> 133</span> 
|
|
205
|
-
<div class="line"><a name="l00134"></a><span class="lineno"
|
|
206
|
-
<div class="line"><a name="l00135"></a><span class="lineno"> 135</span> 
|
|
207
|
-
<div class="line"><a name="l00136"></a><span class="lineno"> 136</span>  </div>
|
|
208
|
-
<div class="line"><a name="l00137"></a><span class="lineno"> 137</span> 
|
|
209
|
-
<div class="line"><a name="l00138"></a><span class="lineno"> 138</span> 
|
|
210
|
-
<div class="line"><a name="l00139"></a><span class="lineno"> 139</span>  <span class="
|
|
211
|
-
<div class="line"><a name="l00140"></a><span class="lineno"> 140</span>  <a class="code" href="
|
|
212
|
-
<div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  <
|
|
213
|
-
<div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  <
|
|
214
|
-
<div class="line"><a name="l00143"></a><span class="lineno"> 143</span> 
|
|
215
|
-
<div class="line"><a name="l00144"></a><span class="lineno"> 144</span> 
|
|
216
|
-
<div class="line"><a name="l00145"></a><span class="lineno"> 145</span> 
|
|
217
|
-
<div class="line"><a name="l00146"></a><span class="lineno"> 146</span>  <
|
|
218
|
-
<div class="line"><a name="l00147"></a><span class="lineno"> 147</span> 
|
|
219
|
-
<div class="line"><a name="l00148"></a><span class="lineno"> 148</span> 
|
|
220
|
-
<div class="line"><a name="l00149"></a><span class="lineno"> 149</span> 
|
|
221
|
-
<div class="line"><a name="l00150"></a><span class="lineno"> 150</span> 
|
|
222
|
-
<div class="line"><a name="l00151"></a><span class="lineno"> 151</span> 
|
|
223
|
-
<div class="line"><a name="l00152"></a><span class="lineno"> 152</span> 
|
|
224
|
-
<div class="line"><a name="l00153"></a><span class="lineno"> 153</span> 
|
|
225
|
-
<div class="line"><a name="l00154"></a><span class="lineno"> 154</span> 
|
|
226
|
-
<div class="line"><a name="l00155"></a><span class="lineno"> 155</span> 
|
|
227
|
-
<div class="line"><a name="l00156"></a><span class="lineno"> 156</span> 
|
|
228
|
-
<div class="line"><a name="l00157"></a><span class="lineno"> 157</span> 
|
|
229
|
-
<div class="line"><a name="l00158"></a><span class="lineno"> 158</span> 
|
|
230
|
-
<div class="line"><a name="l00159"></a><span class="lineno"> 159</span> 
|
|
231
|
-
<div class="line"><a name="l00160"></a><span class="lineno"> 160</span> 
|
|
232
|
-
<div class="line"><a name="l00161"></a><span class="lineno"> 161</span> 
|
|
233
|
-
<div class="line"><a name="l00162"></a><span class="lineno"> 162</span> 
|
|
234
|
-
<div class="line"><a name="l00163"></a><span class="lineno"> 163</span>  <
|
|
235
|
-
<div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  <a class="code" href="
|
|
236
|
-
<div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  <span class="keywordflow">if</span> (
|
|
237
|
-
<div class="line"><a name="l00166"></a><span class="lineno"> 166</span> 
|
|
238
|
-
<div class="line"><a name="l00167"></a><span class="lineno"> 167</span> 
|
|
239
|
-
<div class="line"><a name="l00168"></a><span class="lineno"> 168</span> 
|
|
240
|
-
<div class="line"><a name="l00169"></a><span class="lineno"> 169</span> 
|
|
241
|
-
<div class="line"><a name="l00170"></a><span class="lineno"> 170</span> 
|
|
242
|
-
<div class="line"><a name="l00171"></a><span class="lineno"> 171</span> 
|
|
243
|
-
<div class="line"><a name="l00172"></a><span class="lineno"> 172</span> 
|
|
244
|
-
<div class="line"><a name="l00173"></a><span class="lineno"> 173</span> 
|
|
245
|
-
<div class="line"><a name="l00174"></a><span class="lineno"> 174</span> 
|
|
246
|
-
<div class="line"><a name="l00175"></a><span class="lineno"> 175</span> 
|
|
247
|
-
<div class="line"><a name="l00176"></a><span class="lineno"> 176</span> 
|
|
248
|
-
<div class="line"><a name="l00177"></a><span class="lineno"> 177</span> 
|
|
249
|
-
<div class="line"><a name="l00178"></a><span class="lineno"> 178</span> 
|
|
250
|
-
<div class="line"><a name="l00179"></a><span class="lineno"> 179</span> 
|
|
251
|
-
<div class="line"><a name="l00180"></a><span class="lineno"> 180</span> 
|
|
252
|
-
<div class="line"><a name="l00181"></a><span class="lineno"> 181</span> 
|
|
253
|
-
<div class="line"><a name="l00182"></a><span class="lineno"> 182</span> 
|
|
254
|
-
<div class="line"><a name="l00183"></a><span class="lineno"> 183</span> 
|
|
255
|
-
<div class="line"><a name="l00184"></a><span class="lineno"> 184</span> 
|
|
256
|
-
<div class="line"><a name="l00185"></a><span class="lineno"> 185</span>  </div>
|
|
257
|
-
<div class="line"><a name="l00186"></a><span class="lineno"> 186</span>  <a class="code" href="
|
|
258
|
-
<div class="line"><a name="l00187"></a><span class="lineno"> 187</span>  <a class="code" href="
|
|
259
|
-
<div class="line"><a name="l00188"></a><span class="lineno"> 188</span>  <a class="code" href="
|
|
260
|
-
<div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  <a class="code" href="
|
|
261
|
-
<div class="line"><a name="l00190"></a><span class="lineno"> 190</span>  <a class="code" href="
|
|
262
|
-
<div class="line"><a name="l00191"></a><span class="lineno"> 191</span> 
|
|
263
|
-
<div class="line"><a name="l00192"></a><span class="lineno"> 192</span>  <
|
|
264
|
-
<div class="line"><a name="l00193"></a><span class="lineno"> 193</span> 
|
|
265
|
-
<div class="line"><a name="l00194"></a><span class="lineno"> 194</span>  </div>
|
|
266
|
-
<div class="line"><a name="l00195"></a><span class="lineno"> 195</span> 
|
|
267
|
-
<div class="line"><a name="l00196"></a><span class="lineno"> 196</span> 
|
|
268
|
-
<div class="line"><a name="l00197"></a><span class="lineno"> 197</span>  <a class="code" href="
|
|
269
|
-
<div class="line"><a name="l00198"></a><span class="lineno"> 198</span>  <
|
|
270
|
-
<div class="line"><a name="l00199"></a><span class="lineno"> 199</span>  <a class="code" href="
|
|
271
|
-
<div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  <a class="code" href="
|
|
272
|
-
<div class="line"><a name="l00201"></a><span class="lineno"> 201</span>  <a class="code" href="
|
|
273
|
-
<div class="line"><a name="l00202"></a><span class="lineno"> 202</span> 
|
|
274
|
-
<div class="line"><a name="l00203"></a><span class="lineno"> 203</span> 
|
|
275
|
-
<div class="line"><a name="l00204"></a><span class="lineno"> 204</span> 
|
|
276
|
-
<div class="line"><a name="l00205"></a><span class="lineno"> 205</span> 
|
|
277
|
-
<div class="line"><a name="l00206"></a><span class="lineno"> 206</span> 
|
|
278
|
-
<div class="line"><a name="l00207"></a><span class="lineno"> 207</span> 
|
|
279
|
-
<div class="line"><a name="l00208"></a><span class="lineno"> 208</span> 
|
|
280
|
-
<div class="line"><a name="l00209"></a><span class="lineno"> 209</span> 
|
|
281
|
-
<div class="line"><a name="l00210"></a><span class="lineno"> 210</span> 
|
|
282
|
-
<div class="line"><a name="l00211"></a><span class="lineno"> 211</span> 
|
|
283
|
-
<div class="line"><a name="l00212"></a><span class="lineno"> 212</span> 
|
|
284
|
-
<div class="line"><a name="l00213"></a><span class="lineno"> 213</span>  </div>
|
|
285
|
-
<div class="line"><a name="l00214"></a><span class="lineno"> 214</span> 
|
|
286
|
-
<div class="line"><a name="l00215"></a><span class="lineno"> 215</span> 
|
|
287
|
-
<div class="line"><a name="l00216"></a><span class="lineno"> 216</span>  <
|
|
288
|
-
<div class="line"><a name="l00217"></a><span class="lineno"> 217</span>  <
|
|
289
|
-
<div class="line"><a name="l00218"></a><span class="lineno"> 218</span>  <
|
|
290
|
-
<div class="line"><a name="l00219"></a><span class="lineno"> 219</span> 
|
|
291
|
-
<div class="line"><a name="l00220"></a><span class="lineno"> 220</span> 
|
|
292
|
-
<div class="line"><a name="l00221"></a><span class="lineno"> 221</span> 
|
|
293
|
-
<div class="line"><a name="l00222"></a><span class="lineno"> 222</span>  <
|
|
294
|
-
<div class="line"><a name="l00223"></a><span class="lineno"> 223</span> 
|
|
295
|
-
<div class="line"><a name="l00224"></a><span class="lineno"> 224</span> 
|
|
296
|
-
<div class="line"><a name="l00225"></a><span class="lineno"> 225</span> 
|
|
297
|
-
<div class="line"><a name="l00226"></a><span class="lineno"> 226</span> 
|
|
298
|
-
<div class="line"><a name="l00227"></a><span class="lineno"> 227</span> 
|
|
299
|
-
<div class="line"><a name="l00228"></a><span class="lineno"> 228</span> 
|
|
300
|
-
<div class="line"><a name="l00229"></a><span class="lineno"> 229</span> 
|
|
194
|
+
<div class="line"><a name="l00123"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a"> 123</a></span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">BufOverflowChecker::detectStrcpy</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
|
|
195
|
+
<div class="line"><a name="l00124"></a><span class="lineno"> 124</span> {</div>
|
|
196
|
+
<div class="line"><a name="l00125"></a><span class="lineno"> 125</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
197
|
+
<div class="line"><a name="l00126"></a><span class="lineno"> 126</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
|
|
198
|
+
<div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg1Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(1);</div>
|
|
199
|
+
<div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> strLen = <a class="code" href="classSVF_1_1AbstractExecution.html#a99be86146ad4ddbdb900cdb6b324f943">getStrlen</a>(arg1Val);</div>
|
|
200
|
+
<div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  <span class="comment">// no need to -1, since it has \0 as the last byte</span></div>
|
|
201
|
+
<div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(arg0Val, strLen, call);</div>
|
|
202
|
+
<div class="line"><a name="l00131"></a><span class="lineno"> 131</span> }</div>
|
|
203
|
+
<div class="line"><a name="l00132"></a><span class="lineno"> 132</span>  </div>
|
|
204
|
+
<div class="line"><a name="l00133"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b"> 133</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">BufOverflowChecker::initExtFunMap</a>()</div>
|
|
205
|
+
<div class="line"><a name="l00134"></a><span class="lineno"> 134</span> {</div>
|
|
206
|
+
<div class="line"><a name="l00135"></a><span class="lineno"> 135</span>  </div>
|
|
207
|
+
<div class="line"><a name="l00136"></a><span class="lineno"> 136</span>  <span class="keyword">auto</span> sse_scanf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
208
|
+
<div class="line"><a name="l00137"></a><span class="lineno"> 137</span>  {</div>
|
|
209
|
+
<div class="line"><a name="l00138"></a><span class="lineno"> 138</span>  <span class="comment">//scanf("%d", &data);</span></div>
|
|
210
|
+
<div class="line"><a name="l00139"></a><span class="lineno"> 139</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
211
|
+
<div class="line"><a name="l00140"></a><span class="lineno"> 140</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
212
|
+
<div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
213
|
+
<div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a999c358b80dd07591b0432eaa41c20c9">inVarToAddrsTable</a>(dst_id))</div>
|
|
214
|
+
<div class="line"><a name="l00143"></a><span class="lineno"> 143</span>  {</div>
|
|
215
|
+
<div class="line"><a name="l00144"></a><span class="lineno"> 144</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<span class="stringliteral">"scanf may cause buffer overflow.\n"</span>, 0, 0, 0, 0, cs.getArgument(1));</div>
|
|
216
|
+
<div class="line"><a name="l00145"></a><span class="lineno"> 145</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
217
|
+
<div class="line"><a name="l00146"></a><span class="lineno"> 146</span>  <span class="keywordflow">return</span>;</div>
|
|
218
|
+
<div class="line"><a name="l00147"></a><span class="lineno"> 147</span>  }</div>
|
|
219
|
+
<div class="line"><a name="l00148"></a><span class="lineno"> 148</span>  <span class="keywordflow">else</span></div>
|
|
220
|
+
<div class="line"><a name="l00149"></a><span class="lineno"> 149</span>  {</div>
|
|
221
|
+
<div class="line"><a name="l00150"></a><span class="lineno"> 150</span>  <a class="code" href="classSVF_1_1AddressValue.html">ExeState::Addrs</a> Addrs = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a48fec38aad1c2a9a140ee94e9fdd7e9b">getAddrs</a>(dst_id);</div>
|
|
222
|
+
<div class="line"><a name="l00151"></a><span class="lineno"> 151</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs)</div>
|
|
223
|
+
<div class="line"><a name="l00152"></a><span class="lineno"> 152</span>  {</div>
|
|
224
|
+
<div class="line"><a name="l00153"></a><span class="lineno"> 153</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a66c426719f583653cb70189f01d6fda5">getInternalID</a>(vaddr);</div>
|
|
225
|
+
<div class="line"><a name="l00154"></a><span class="lineno"> 154</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> range = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#afbb9ff1f2c47d2afda117bf63a80a1a7">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-><a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
|
|
226
|
+
<div class="line"><a name="l00155"></a><span class="lineno"> 155</span>  es.<a class="code" href="classSVF_1_1IntervalESBase.html#adb26b186ee31bce7449a7b36faa24cc2">store</a>(vaddr, range);</div>
|
|
227
|
+
<div class="line"><a name="l00156"></a><span class="lineno"> 156</span>  }</div>
|
|
228
|
+
<div class="line"><a name="l00157"></a><span class="lineno"> 157</span>  }</div>
|
|
229
|
+
<div class="line"><a name="l00158"></a><span class="lineno"> 158</span>  };</div>
|
|
230
|
+
<div class="line"><a name="l00159"></a><span class="lineno"> 159</span>  <span class="keyword">auto</span> sse_fscanf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
231
|
+
<div class="line"><a name="l00160"></a><span class="lineno"> 160</span>  {</div>
|
|
232
|
+
<div class="line"><a name="l00161"></a><span class="lineno"> 161</span>  <span class="comment">//fscanf(stdin, "%d", &data);</span></div>
|
|
233
|
+
<div class="line"><a name="l00162"></a><span class="lineno"> 162</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
234
|
+
<div class="line"><a name="l00163"></a><span class="lineno"> 163</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
235
|
+
<div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
236
|
+
<div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a999c358b80dd07591b0432eaa41c20c9">inVarToAddrsTable</a>(dst_id))</div>
|
|
237
|
+
<div class="line"><a name="l00166"></a><span class="lineno"> 166</span>  {</div>
|
|
238
|
+
<div class="line"><a name="l00167"></a><span class="lineno"> 167</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<span class="stringliteral">"scanf may cause buffer overflow.\n"</span>, 0, 0, 0, 0, cs.getArgument(2));</div>
|
|
239
|
+
<div class="line"><a name="l00168"></a><span class="lineno"> 168</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
240
|
+
<div class="line"><a name="l00169"></a><span class="lineno"> 169</span>  <span class="keywordflow">return</span>;</div>
|
|
241
|
+
<div class="line"><a name="l00170"></a><span class="lineno"> 170</span>  }</div>
|
|
242
|
+
<div class="line"><a name="l00171"></a><span class="lineno"> 171</span>  <span class="keywordflow">else</span></div>
|
|
243
|
+
<div class="line"><a name="l00172"></a><span class="lineno"> 172</span>  {</div>
|
|
244
|
+
<div class="line"><a name="l00173"></a><span class="lineno"> 173</span>  <a class="code" href="classSVF_1_1AddressValue.html">ExeState::Addrs</a> Addrs = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a48fec38aad1c2a9a140ee94e9fdd7e9b">getAddrs</a>(dst_id);</div>
|
|
245
|
+
<div class="line"><a name="l00174"></a><span class="lineno"> 174</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs)</div>
|
|
246
|
+
<div class="line"><a name="l00175"></a><span class="lineno"> 175</span>  {</div>
|
|
247
|
+
<div class="line"><a name="l00176"></a><span class="lineno"> 176</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a66c426719f583653cb70189f01d6fda5">getInternalID</a>(vaddr);</div>
|
|
248
|
+
<div class="line"><a name="l00177"></a><span class="lineno"> 177</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> range = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#afbb9ff1f2c47d2afda117bf63a80a1a7">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-><a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
|
|
249
|
+
<div class="line"><a name="l00178"></a><span class="lineno"> 178</span>  es.<a class="code" href="classSVF_1_1IntervalESBase.html#adb26b186ee31bce7449a7b36faa24cc2">store</a>(vaddr, range);</div>
|
|
250
|
+
<div class="line"><a name="l00179"></a><span class="lineno"> 179</span>  }</div>
|
|
251
|
+
<div class="line"><a name="l00180"></a><span class="lineno"> 180</span>  }</div>
|
|
252
|
+
<div class="line"><a name="l00181"></a><span class="lineno"> 181</span>  };</div>
|
|
253
|
+
<div class="line"><a name="l00182"></a><span class="lineno"> 182</span>  </div>
|
|
254
|
+
<div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__isoc99_fscanf"</span>] = sse_fscanf;</div>
|
|
255
|
+
<div class="line"><a name="l00184"></a><span class="lineno"> 184</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__isoc99_scanf"</span>] = sse_scanf;</div>
|
|
256
|
+
<div class="line"><a name="l00185"></a><span class="lineno"> 185</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__isoc99_vscanf"</span>] = sse_scanf;</div>
|
|
257
|
+
<div class="line"><a name="l00186"></a><span class="lineno"> 186</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"fscanf"</span>] = sse_fscanf;</div>
|
|
258
|
+
<div class="line"><a name="l00187"></a><span class="lineno"> 187</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"scanf"</span>] = sse_scanf;</div>
|
|
259
|
+
<div class="line"><a name="l00188"></a><span class="lineno"> 188</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"sscanf"</span>] = sse_scanf;</div>
|
|
260
|
+
<div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__isoc99_sscanf"</span>] = sse_scanf;</div>
|
|
261
|
+
<div class="line"><a name="l00190"></a><span class="lineno"> 190</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"vscanf"</span>] = sse_scanf;</div>
|
|
262
|
+
<div class="line"><a name="l00191"></a><span class="lineno"> 191</span>  </div>
|
|
263
|
+
<div class="line"><a name="l00192"></a><span class="lineno"> 192</span>  <span class="keyword">auto</span> sse_fread = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
264
|
+
<div class="line"><a name="l00193"></a><span class="lineno"> 193</span>  {</div>
|
|
265
|
+
<div class="line"><a name="l00194"></a><span class="lineno"> 194</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
266
|
+
<div class="line"><a name="l00195"></a><span class="lineno"> 195</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
267
|
+
<div class="line"><a name="l00196"></a><span class="lineno"> 196</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> block_count_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
268
|
+
<div class="line"><a name="l00197"></a><span class="lineno"> 197</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> block_size_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
269
|
+
<div class="line"><a name="l00198"></a><span class="lineno"> 198</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> block_count = es[block_count_id];</div>
|
|
270
|
+
<div class="line"><a name="l00199"></a><span class="lineno"> 199</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> block_size = es[block_size_id];</div>
|
|
271
|
+
<div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> block_byte = block_count * block_size;</div>
|
|
272
|
+
<div class="line"><a name="l00201"></a><span class="lineno"> 201</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.getArgument(0), block_byte, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
273
|
+
<div class="line"><a name="l00202"></a><span class="lineno"> 202</span>  };</div>
|
|
274
|
+
<div class="line"><a name="l00203"></a><span class="lineno"> 203</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"fread"</span>] = sse_fread;</div>
|
|
275
|
+
<div class="line"><a name="l00204"></a><span class="lineno"> 204</span>  </div>
|
|
276
|
+
<div class="line"><a name="l00205"></a><span class="lineno"> 205</span>  <span class="keyword">auto</span> sse_sprintf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
277
|
+
<div class="line"><a name="l00206"></a><span class="lineno"> 206</span>  {</div>
|
|
278
|
+
<div class="line"><a name="l00207"></a><span class="lineno"> 207</span>  <span class="comment">// printf is difficult to predict since it has no byte size arguments</span></div>
|
|
279
|
+
<div class="line"><a name="l00208"></a><span class="lineno"> 208</span>  };</div>
|
|
280
|
+
<div class="line"><a name="l00209"></a><span class="lineno"> 209</span>  </div>
|
|
281
|
+
<div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  <span class="keyword">auto</span> sse_snprintf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
282
|
+
<div class="line"><a name="l00211"></a><span class="lineno"> 211</span>  {</div>
|
|
283
|
+
<div class="line"><a name="l00212"></a><span class="lineno"> 212</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
284
|
+
<div class="line"><a name="l00213"></a><span class="lineno"> 213</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
285
|
+
<div class="line"><a name="l00214"></a><span class="lineno"> 214</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
286
|
+
<div class="line"><a name="l00215"></a><span class="lineno"> 215</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
|
|
287
|
+
<div class="line"><a name="l00216"></a><span class="lineno"> 216</span>  <span class="comment">// get elem size of arg2</span></div>
|
|
288
|
+
<div class="line"><a name="l00217"></a><span class="lineno"> 217</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> elemSize = 1;</div>
|
|
289
|
+
<div class="line"><a name="l00218"></a><span class="lineno"> 218</span>  <span class="keywordflow">if</span> (cs.getArgument(2)->getType()->isArrayTy())</div>
|
|
290
|
+
<div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  {</div>
|
|
291
|
+
<div class="line"><a name="l00220"></a><span class="lineno"> 220</span>  elemSize = SVFUtil::dyn_cast<SVFArrayType>(cs.getArgument(2)->getType())->getTypeOfElement()->getByteSize();</div>
|
|
292
|
+
<div class="line"><a name="l00221"></a><span class="lineno"> 221</span>  }</div>
|
|
293
|
+
<div class="line"><a name="l00222"></a><span class="lineno"> 222</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (cs.getArgument(2)->getType()->isPointerTy())</div>
|
|
294
|
+
<div class="line"><a name="l00223"></a><span class="lineno"> 223</span>  {</div>
|
|
295
|
+
<div class="line"><a name="l00224"></a><span class="lineno"> 224</span>  elemSize = <a class="code" href="classSVF_1_1AbstractExecution.html#a888fd56160afe0d431c47bcf10674dc0">getPointeeElement</a>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2)))-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
296
|
+
<div class="line"><a name="l00225"></a><span class="lineno"> 225</span>  }</div>
|
|
297
|
+
<div class="line"><a name="l00226"></a><span class="lineno"> 226</span>  <span class="keywordflow">else</span></div>
|
|
298
|
+
<div class="line"><a name="l00227"></a><span class="lineno"> 227</span>  {</div>
|
|
299
|
+
<div class="line"><a name="l00228"></a><span class="lineno"> 228</span>  <span class="keywordflow">return</span>;</div>
|
|
300
|
+
<div class="line"><a name="l00229"></a><span class="lineno"> 229</span>  <span class="comment">// assert(false && "we cannot support this type");</span></div>
|
|
301
301
|
<div class="line"><a name="l00230"></a><span class="lineno"> 230</span>  }</div>
|
|
302
|
-
<div class="line"><a name="l00231"></a><span class="lineno"> 231</span>  <
|
|
303
|
-
<div class="line"><a name="l00232"></a><span class="lineno"> 232</span> 
|
|
304
|
-
<div class="line"><a name="l00233"></a><span class="lineno"> 233</span> 
|
|
305
|
-
<div class="line"><a name="l00234"></a><span class="lineno"> 234</span>  <span class="
|
|
306
|
-
<div class="line"><a name="l00235"></a><span class="lineno"> 235</span> 
|
|
307
|
-
<div class="line"><a name="l00236"></a><span class="lineno"> 236</span> 
|
|
308
|
-
<div class="line"><a name="l00237"></a><span class="lineno"> 237</span> 
|
|
309
|
-
<div class="line"><a name="l00238"></a><span class="lineno"> 238</span> 
|
|
310
|
-
<div class="line"><a name="l00239"></a><span class="lineno"> 239</span> 
|
|
311
|
-
<div class="line"><a name="l00240"></a><span class="lineno"> 240</span> 
|
|
312
|
-
<div class="line"><a name="l00241"></a><span class="lineno"> 241</span> 
|
|
313
|
-
<div class="line"><a name="l00242"></a><span class="lineno"> 242</span> 
|
|
314
|
-
<div class="line"><a name="l00243"></a><span class="lineno"> 243</span> 
|
|
315
|
-
<div class="line"><a name="l00244"></a><span class="lineno"> 244</span> 
|
|
316
|
-
<div class="line"><a name="l00245"></a><span class="lineno"> 245</span> 
|
|
317
|
-
<div class="line"><a name="l00246"></a><span class="lineno"> 246</span> 
|
|
318
|
-
<div class="line"><a name="l00247"></a><span class="lineno"> 247</span> 
|
|
319
|
-
<div class="line"><a name="l00248"></a><span class="lineno"> 248</span> 
|
|
320
|
-
<div class="line"><a name="l00249"></a><span class="lineno"> 249</span> 
|
|
321
|
-
<div class="line"><a name="l00250"></a><span class="lineno"> 250</span>  <a class="code" href="
|
|
322
|
-
<div class="line"><a name="l00251"></a><span class="lineno"> 251</span>  <a class="code" href="
|
|
323
|
-
<div class="line"><a name="l00252"></a><span class="lineno"> 252</span>  <a class="code" href="
|
|
324
|
-
<div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  <a class="code" href="
|
|
325
|
-
<div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <a class="code" href="
|
|
326
|
-
<div class="line"><a name="l00255"></a><span class="lineno"> 255</span> 
|
|
327
|
-
<div class="line"><a name="l00256"></a><span class="lineno"> 256</span> 
|
|
328
|
-
<div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  <
|
|
329
|
-
<div class="line"><a name="l00258"></a><span class="lineno"> 258</span> 
|
|
330
|
-
<div class="line"><a name="l00259"></a><span class="lineno"> 259</span> 
|
|
331
|
-
<div class="line"><a name="l00260"></a><span class="lineno"> 260</span>  </div>
|
|
332
|
-
<div class="line"><a name="l00261"></a><span class="lineno"> 261</span>  </div>
|
|
333
|
-
<div class="line"><a name="l00262"></a><span class="lineno"> 262</span> 
|
|
334
|
-
<div class="line"><a name="l00263"></a><span class="lineno"> 263</span> 
|
|
335
|
-
<div class="line"><a name="l00264"></a><span class="lineno"> 264</span> 
|
|
336
|
-
<div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  <
|
|
337
|
-
<div class="line"><a name="l00266"></a><span class="lineno"> 266</span>  <a class="code" href="
|
|
338
|
-
<div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  <
|
|
339
|
-
<div class="line"><a name="l00268"></a><span class="lineno"> 268</span> 
|
|
340
|
-
<div class="line"><a name="l00269"></a><span class="lineno"> 269</span> 
|
|
302
|
+
<div class="line"><a name="l00231"></a><span class="lineno"> 231</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> size = es[size_id] * <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(elemSize) - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
303
|
+
<div class="line"><a name="l00232"></a><span class="lineno"> 232</span>  <span class="keywordflow">if</span> (!es.<a class="code" href="classSVF_1_1IntervalExeState.html#ad485a35730353c0e945bc84a034d9e45">inVarToAddrsTable</a>(dst_id))</div>
|
|
304
|
+
<div class="line"><a name="l00233"></a><span class="lineno"> 233</span>  {</div>
|
|
305
|
+
<div class="line"><a name="l00234"></a><span class="lineno"> 234</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">Options::BufferOverflowCheck</a>())</div>
|
|
306
|
+
<div class="line"><a name="l00235"></a><span class="lineno"> 235</span>  {</div>
|
|
307
|
+
<div class="line"><a name="l00236"></a><span class="lineno"> 236</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(</div>
|
|
308
|
+
<div class="line"><a name="l00237"></a><span class="lineno"> 237</span>  <span class="stringliteral">"snprintf dst_id or dst is not defined nor initializesd.\n"</span>,</div>
|
|
309
|
+
<div class="line"><a name="l00238"></a><span class="lineno"> 238</span>  0, 0, 0, 0, cs.getArgument(0));</div>
|
|
310
|
+
<div class="line"><a name="l00239"></a><span class="lineno"> 239</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
311
|
+
<div class="line"><a name="l00240"></a><span class="lineno"> 240</span>  <span class="keywordflow">return</span>;</div>
|
|
312
|
+
<div class="line"><a name="l00241"></a><span class="lineno"> 241</span>  }</div>
|
|
313
|
+
<div class="line"><a name="l00242"></a><span class="lineno"> 242</span>  }</div>
|
|
314
|
+
<div class="line"><a name="l00243"></a><span class="lineno"> 243</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.getArgument(0), size, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
315
|
+
<div class="line"><a name="l00244"></a><span class="lineno"> 244</span>  };</div>
|
|
316
|
+
<div class="line"><a name="l00245"></a><span class="lineno"> 245</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__snprintf_chk"</span>] = sse_snprintf;</div>
|
|
317
|
+
<div class="line"><a name="l00246"></a><span class="lineno"> 246</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__vsprintf_chk"</span>] = sse_sprintf;</div>
|
|
318
|
+
<div class="line"><a name="l00247"></a><span class="lineno"> 247</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__sprintf_chk"</span>] = sse_sprintf;</div>
|
|
319
|
+
<div class="line"><a name="l00248"></a><span class="lineno"> 248</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"snprintf"</span>] = sse_snprintf;</div>
|
|
320
|
+
<div class="line"><a name="l00249"></a><span class="lineno"> 249</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"sprintf"</span>] = sse_sprintf;</div>
|
|
321
|
+
<div class="line"><a name="l00250"></a><span class="lineno"> 250</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"vsprintf"</span>] = sse_sprintf;</div>
|
|
322
|
+
<div class="line"><a name="l00251"></a><span class="lineno"> 251</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"vsnprintf"</span>] = sse_snprintf;</div>
|
|
323
|
+
<div class="line"><a name="l00252"></a><span class="lineno"> 252</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__vsnprintf_chk"</span>] = sse_snprintf;</div>
|
|
324
|
+
<div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"swprintf"</span>] = sse_snprintf;</div>
|
|
325
|
+
<div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"_snwprintf"</span>] = sse_snprintf;</div>
|
|
326
|
+
<div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  </div>
|
|
327
|
+
<div class="line"><a name="l00256"></a><span class="lineno"> 256</span>  </div>
|
|
328
|
+
<div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  <span class="keyword">auto</span> sse_itoa = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
329
|
+
<div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  {</div>
|
|
330
|
+
<div class="line"><a name="l00259"></a><span class="lineno"> 259</span>  <span class="comment">// itoa(num, ch, 10);</span></div>
|
|
331
|
+
<div class="line"><a name="l00260"></a><span class="lineno"> 260</span>  <span class="comment">// num: int, ch: char*, 10 is decimal</span></div>
|
|
332
|
+
<div class="line"><a name="l00261"></a><span class="lineno"> 261</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
333
|
+
<div class="line"><a name="l00262"></a><span class="lineno"> 262</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
334
|
+
<div class="line"><a name="l00263"></a><span class="lineno"> 263</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> num_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
|
|
335
|
+
<div class="line"><a name="l00264"></a><span class="lineno"> 264</span>  </div>
|
|
336
|
+
<div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> num = (<a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a>) es[num_id].getNumeral();</div>
|
|
337
|
+
<div class="line"><a name="l00266"></a><span class="lineno"> 266</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> snum = std::to_string(num);</div>
|
|
338
|
+
<div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.getArgument(1), <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>((<a class="code" href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">s32_t</a>)snum.size()), <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
339
|
+
<div class="line"><a name="l00268"></a><span class="lineno"> 268</span>  };</div>
|
|
340
|
+
<div class="line"><a name="l00269"></a><span class="lineno"> 269</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"itoa"</span>] = sse_itoa;</div>
|
|
341
341
|
<div class="line"><a name="l00270"></a><span class="lineno"> 270</span>  </div>
|
|
342
|
-
<div class="line"><a name="l00271"></a><span class="lineno"> 271</span> 
|
|
343
|
-
<div class="line"><a name="l00272"></a><span class="lineno"> 272</span> 
|
|
344
|
-
<div class="line"><a name="l00273"></a><span class="lineno"> 273</span> 
|
|
345
|
-
<div class="line"><a name="l00274"></a><span class="lineno"> 274</span> 
|
|
346
|
-
<div class="line"><a name="l00275"></a><span class="lineno"> 275</span> 
|
|
347
|
-
<div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  </div>
|
|
348
|
-
<div class="line"><a name="l00277"></a><span class="lineno"> 277</span>  </div>
|
|
349
|
-
<div class="line"><a name="l00278"></a><span class="lineno"> 278</span> 
|
|
350
|
-
<div class="line"><a name="l00279"></a><span class="lineno"> 279</span> 
|
|
351
|
-
<div class="line"><a name="l00280"></a><span class="lineno"> 280</span>  <span class="
|
|
352
|
-
<div class="line"><a name="l00281"></a><span class="lineno"> 281</span> 
|
|
353
|
-
<div class="line"><a name="l00282"></a><span class="lineno"> 282</span> 
|
|
354
|
-
<div class="line"><a name="l00283"></a><span class="lineno"> 283</span> 
|
|
355
|
-
<div class="line"><a name="l00284"></a><span class="lineno"> 284</span>  <
|
|
356
|
-
<div class="line"><a name="l00285"></a><span class="lineno"> 285</span> 
|
|
357
|
-
<div class="line"><a name="l00286"></a><span class="lineno"> 286</span> 
|
|
358
|
-
<div class="line"><a name="l00287"></a><span class="lineno"> 287</span> 
|
|
359
|
-
<div class="line"><a name="l00288"></a><span class="lineno"> 288</span> 
|
|
360
|
-
<div class="line"><a name="l00289"></a><span class="lineno"> 289</span> 
|
|
361
|
-
<div class="line"><a name="l00290"></a><span class="lineno"> 290</span> 
|
|
362
|
-
<div class="line"><a name="l00291"></a><span class="lineno"> 291</span> 
|
|
363
|
-
<div class="line"><a name="l00292"></a><span class="lineno"> 292</span> 
|
|
364
|
-
<div class="line"><a name="l00293"></a><span class="lineno"> 293</span> 
|
|
365
|
-
<div class="line"><a name="l00294"></a><span class="lineno"> 294</span> 
|
|
366
|
-
<div class="line"><a name="l00295"></a><span class="lineno"> 295</span> 
|
|
367
|
-
<div class="line"><a name="l00296"></a><span class="lineno"> 296</span> 
|
|
368
|
-
<div class="line"><a name="l00297"></a><span class="lineno"> 297</span> 
|
|
369
|
-
<div class="line"><a name="l00298"></a><span class="lineno"> 298</span> 
|
|
370
|
-
<div class="line"><a name="l00299"></a><span class="lineno"> 299</span> 
|
|
371
|
-
<div class="line"><a name="l00300"></a><span class="lineno"> 300</span>  </div>
|
|
372
|
-
<div class="line"><a name="l00301"></a><span class="lineno"> 301</span> 
|
|
373
|
-
<div class="line"><a name="l00302"></a><span class="lineno"> 302</span> 
|
|
374
|
-
<div class="line"><a name="l00303"></a><span class="lineno"> 303</span>  <
|
|
375
|
-
<div class="line"><a name="l00304"></a><span class="lineno"> 304</span> 
|
|
376
|
-
<div class="line"><a name="l00305"></a><span class="lineno"> 305</span> 
|
|
377
|
-
<div class="line"><a name="l00306"></a><span class="lineno"> 306</span> 
|
|
378
|
-
<div class="line"><a name="l00307"></a><span class="lineno"> 307</span> 
|
|
379
|
-
<div class="line"><a name="l00308"></a><span class="lineno"> 308</span> 
|
|
380
|
-
<div class="line"><a name="l00309"></a><span class="lineno"> 309</span>  <a class="code" href="
|
|
381
|
-
<div class="line"><a name="l00310"></a><span class="lineno"> 310</span> 
|
|
382
|
-
<div class="line"><a name="l00311"></a><span class="lineno"> 311</span>  <
|
|
383
|
-
<div class="line"><a name="l00312"></a><span class="lineno"> 312</span> 
|
|
384
|
-
<div class="line"><a name="l00313"></a><span class="lineno"> 313</span> 
|
|
385
|
-
<div class="line"><a name="l00314"></a><span class="lineno"> 314</span> 
|
|
386
|
-
<div class="line"><a name="l00315"></a><span class="lineno"> 315</span> 
|
|
387
|
-
<div class="line"><a name="l00316"></a><span class="lineno"> 316</span> 
|
|
388
|
-
<div class="line"><a name="l00317"></a><span class="lineno"> 317</span> 
|
|
389
|
-
<div class="line"><a name="l00318"></a><span class="lineno"> 318</span> 
|
|
390
|
-
<div class="line"><a name="l00319"></a><span class="lineno"> 319</span> 
|
|
391
|
-
<div class="line"><a name="l00320"></a><span class="lineno"> 320</span> 
|
|
392
|
-
<div class="line"><a name="l00321"></a><span class="lineno"> 321</span>  <span class="
|
|
393
|
-
<div class="line"><a name="l00322"></a><span class="lineno"> 322</span>  <
|
|
394
|
-
<div class="line"><a name="l00323"></a><span class="lineno"> 323</span> 
|
|
395
|
-
<div class="line"><a name="l00324"></a><span class="lineno"> 324</span> 
|
|
396
|
-
<div class="line"><a name="l00325"></a><span class="lineno"> 325</span> 
|
|
397
|
-
<div class="line"><a name="l00326"></a><span class="lineno"> 326</span> 
|
|
398
|
-
<div class="line"><a name="l00327"></a><span class="lineno"> 327</span> 
|
|
399
|
-
<div class="line"><a name="l00328"></a><span class="lineno"> 328</span> 
|
|
400
|
-
<div class="line"><a name="l00329"></a><span class="lineno"> 329</span> 
|
|
401
|
-
<div class="line"><a name="l00330"></a><span class="lineno"> 330</span> 
|
|
402
|
-
<div class="line"><a name="l00331"></a><span class="lineno"> 331</span> 
|
|
403
|
-
<div class="line"><a name="l00332"></a><span class="lineno"> 332</span> 
|
|
404
|
-
<div class="line"><a name="l00333"></a><span class="lineno"> 333</span> 
|
|
405
|
-
<div class="line"><a name="l00334"></a><span class="lineno"> 334</span> 
|
|
406
|
-
<div class="line"><a name="l00335"></a><span class="lineno"> 335</span> 
|
|
407
|
-
<div class="line"><a name="l00336"></a><span class="lineno"> 336</span> 
|
|
408
|
-
<div class="line"><a name="l00337"></a><span class="lineno"> 337</span> 
|
|
409
|
-
<div class="line"><a name="l00338"></a><span class="lineno"> 338</span> 
|
|
410
|
-
<div class="line"><a name="l00339"></a><span class="lineno"> 339</span> 
|
|
411
|
-
<div class="line"><a name="l00340"></a><span class="lineno"> 340</span> 
|
|
412
|
-
<div class="line"><a name="l00341"></a><span class="lineno"> 341</span> 
|
|
413
|
-
<div class="line"><a name="l00342"></a><span class="lineno"> 342</span> 
|
|
414
|
-
<div class="line"><a name="l00343"></a><span class="lineno"> 343</span> 
|
|
415
|
-
<div class="line"><a name="l00344"></a><span class="lineno"> 344</span> 
|
|
416
|
-
<div class="line"><a name="l00345"></a><span class="lineno"> 345</span>  </div>
|
|
417
|
-
<div class="line"><a name="l00346"></a><span class="lineno"> 346</span> 
|
|
418
|
-
<div class="line"><a name="l00347"></a><span class="lineno"> 347</span> 
|
|
419
|
-
<div class="line"><a name="l00348"></a><span class="lineno"> 348</span> 
|
|
420
|
-
<div class="line"><a name="l00349"></a><span class="lineno"> 349</span> 
|
|
421
|
-
<div class="line"><a name="l00350"></a><span class="lineno"> 350</span>  <span class="
|
|
422
|
-
<div class="line"><a name="l00351"></a><span class="lineno"> 351</span>  <
|
|
423
|
-
<div class="line"><a name="l00352"></a><span class="lineno"> 352</span> 
|
|
424
|
-
<div class="line"><a name="l00353"></a><span class="lineno"> 353</span> 
|
|
425
|
-
<div class="line"><a name="l00354"></a><span class="lineno"> 354</span> 
|
|
426
|
-
<div class="line"><a name="l00355"></a><span class="lineno"> 355</span> 
|
|
427
|
-
<div class="line"><a name="l00356"></a><span class="lineno"> 356</span>  <span class="keywordflow">
|
|
342
|
+
<div class="line"><a name="l00271"></a><span class="lineno"> 271</span>  </div>
|
|
343
|
+
<div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  <span class="keyword">auto</span> sse_strlen = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
344
|
+
<div class="line"><a name="l00273"></a><span class="lineno"> 273</span>  {</div>
|
|
345
|
+
<div class="line"><a name="l00274"></a><span class="lineno"> 274</span>  <span class="comment">// check the arg size</span></div>
|
|
346
|
+
<div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  <span class="keywordflow">if</span> (cs.arg_size() < 1) <span class="keywordflow">return</span>;</div>
|
|
347
|
+
<div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* strValue = cs.getArgument(0);</div>
|
|
348
|
+
<div class="line"><a name="l00277"></a><span class="lineno"> 277</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
349
|
+
<div class="line"><a name="l00278"></a><span class="lineno"> 278</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> dst_size = <a class="code" href="classSVF_1_1AbstractExecution.html#a99be86146ad4ddbdb900cdb6b324f943">getStrlen</a>(strValue);</div>
|
|
350
|
+
<div class="line"><a name="l00279"></a><span class="lineno"> 279</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> elemSize = 1;</div>
|
|
351
|
+
<div class="line"><a name="l00280"></a><span class="lineno"> 280</span>  <span class="keywordflow">if</span> (strValue-><a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>()-><a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
|
|
352
|
+
<div class="line"><a name="l00281"></a><span class="lineno"> 281</span>  {</div>
|
|
353
|
+
<div class="line"><a name="l00282"></a><span class="lineno"> 282</span>  elemSize = SVFUtil::dyn_cast<SVFArrayType>(strValue-><a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>())->getTypeOfElement()->getByteSize();</div>
|
|
354
|
+
<div class="line"><a name="l00283"></a><span class="lineno"> 283</span>  }</div>
|
|
355
|
+
<div class="line"><a name="l00284"></a><span class="lineno"> 284</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (strValue-><a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>()-><a class="code" href="classSVF_1_1SVFType.html#a870b63af2bf9fe43cdf1df3d56b20f6c">isPointerTy</a>())</div>
|
|
356
|
+
<div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  {</div>
|
|
357
|
+
<div class="line"><a name="l00286"></a><span class="lineno"> 286</span>  elemSize = <a class="code" href="classSVF_1_1AbstractExecution.html#a888fd56160afe0d431c47bcf10674dc0">getPointeeElement</a>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(strValue))-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
358
|
+
<div class="line"><a name="l00287"></a><span class="lineno"> 287</span>  }</div>
|
|
359
|
+
<div class="line"><a name="l00288"></a><span class="lineno"> 288</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
|
|
360
|
+
<div class="line"><a name="l00289"></a><span class="lineno"> 289</span>  es[lhsId] = dst_size / <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(elemSize);</div>
|
|
361
|
+
<div class="line"><a name="l00290"></a><span class="lineno"> 290</span>  };</div>
|
|
362
|
+
<div class="line"><a name="l00291"></a><span class="lineno"> 291</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"strlen"</span>] = sse_strlen;</div>
|
|
363
|
+
<div class="line"><a name="l00292"></a><span class="lineno"> 292</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"wcslen"</span>] = sse_strlen;</div>
|
|
364
|
+
<div class="line"><a name="l00293"></a><span class="lineno"> 293</span>  </div>
|
|
365
|
+
<div class="line"><a name="l00294"></a><span class="lineno"> 294</span>  <span class="keyword">auto</span> sse_recv = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
366
|
+
<div class="line"><a name="l00295"></a><span class="lineno"> 295</span>  {</div>
|
|
367
|
+
<div class="line"><a name="l00296"></a><span class="lineno"> 296</span>  <span class="comment">// recv(sockfd, buf, len, flags);</span></div>
|
|
368
|
+
<div class="line"><a name="l00297"></a><span class="lineno"> 297</span>  <span class="keywordflow">if</span> (cs.arg_size() < 4) <span class="keywordflow">return</span>;</div>
|
|
369
|
+
<div class="line"><a name="l00298"></a><span class="lineno"> 298</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
370
|
+
<div class="line"><a name="l00299"></a><span class="lineno"> 299</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> len_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
371
|
+
<div class="line"><a name="l00300"></a><span class="lineno"> 300</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> len = es[len_id] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
372
|
+
<div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
|
|
373
|
+
<div class="line"><a name="l00302"></a><span class="lineno"> 302</span>  es[lhsId] = len;</div>
|
|
374
|
+
<div class="line"><a name="l00303"></a><span class="lineno"> 303</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.getArgument(1), len, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));;</div>
|
|
375
|
+
<div class="line"><a name="l00304"></a><span class="lineno"> 304</span>  };</div>
|
|
376
|
+
<div class="line"><a name="l00305"></a><span class="lineno"> 305</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"recv"</span>] = sse_recv;</div>
|
|
377
|
+
<div class="line"><a name="l00306"></a><span class="lineno"> 306</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"__recv"</span>] = sse_recv;</div>
|
|
378
|
+
<div class="line"><a name="l00307"></a><span class="lineno"> 307</span>  <span class="keyword">auto</span> safe_bufaccess = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
379
|
+
<div class="line"><a name="l00308"></a><span class="lineno"> 308</span>  {</div>
|
|
380
|
+
<div class="line"><a name="l00309"></a><span class="lineno"> 309</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
381
|
+
<div class="line"><a name="l00310"></a><span class="lineno"> 310</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a0a64bef0cc898059c50f6aec470cc6d9">_checkpoints</a>.erase(callNode);</div>
|
|
382
|
+
<div class="line"><a name="l00311"></a><span class="lineno"> 311</span>  <span class="comment">//void SAFE_BUFACCESS(void* data, int size);</span></div>
|
|
383
|
+
<div class="line"><a name="l00312"></a><span class="lineno"> 312</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
384
|
+
<div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
385
|
+
<div class="line"><a name="l00314"></a><span class="lineno"> 314</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
386
|
+
<div class="line"><a name="l00315"></a><span class="lineno"> 315</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> val = es[size_id];</div>
|
|
387
|
+
<div class="line"><a name="l00316"></a><span class="lineno"> 316</span>  <span class="keywordflow">if</span> (val.<a class="code" href="classSVF_1_1IntervalValue.html#af8be90fc1b61103187908dce4ba68001">isBottom</a>())</div>
|
|
388
|
+
<div class="line"><a name="l00317"></a><span class="lineno"> 317</span>  {</div>
|
|
389
|
+
<div class="line"><a name="l00318"></a><span class="lineno"> 318</span>  val = <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(0);</div>
|
|
390
|
+
<div class="line"><a name="l00319"></a><span class="lineno"> 319</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"SAFE_BUFACCESS size is bottom"</span>);</div>
|
|
391
|
+
<div class="line"><a name="l00320"></a><span class="lineno"> 320</span>  }</div>
|
|
392
|
+
<div class="line"><a name="l00321"></a><span class="lineno"> 321</span>  <span class="keywordtype">bool</span> isSafe = <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.getArgument(0), val, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
393
|
+
<div class="line"><a name="l00322"></a><span class="lineno"> 322</span>  <span class="keywordflow">if</span> (isSafe)</div>
|
|
394
|
+
<div class="line"><a name="l00323"></a><span class="lineno"> 323</span>  {</div>
|
|
395
|
+
<div class="line"><a name="l00324"></a><span class="lineno"> 324</span>  std::cout << <span class="stringliteral">"safe buffer access success\n"</span>;</div>
|
|
396
|
+
<div class="line"><a name="l00325"></a><span class="lineno"> 325</span>  <span class="keywordflow">return</span>;</div>
|
|
397
|
+
<div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  }</div>
|
|
398
|
+
<div class="line"><a name="l00327"></a><span class="lineno"> 327</span>  <span class="keywordflow">else</span></div>
|
|
399
|
+
<div class="line"><a name="l00328"></a><span class="lineno"> 328</span>  {</div>
|
|
400
|
+
<div class="line"><a name="l00329"></a><span class="lineno"> 329</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> err_msg = <span class="stringliteral">"this SAFE_BUFACCESS should be a safe access but detected buffer overflow. Pos: "</span>;</div>
|
|
401
|
+
<div class="line"><a name="l00330"></a><span class="lineno"> 330</span>  err_msg += cs.getInstruction()->getSourceLoc();</div>
|
|
402
|
+
<div class="line"><a name="l00331"></a><span class="lineno"> 331</span>  std::cerr << err_msg << std::endl;</div>
|
|
403
|
+
<div class="line"><a name="l00332"></a><span class="lineno"> 332</span>  assert(<span class="keyword">false</span>);</div>
|
|
404
|
+
<div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  }</div>
|
|
405
|
+
<div class="line"><a name="l00334"></a><span class="lineno"> 334</span>  };</div>
|
|
406
|
+
<div class="line"><a name="l00335"></a><span class="lineno"> 335</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"SAFE_BUFACCESS"</span>] = safe_bufaccess;</div>
|
|
407
|
+
<div class="line"><a name="l00336"></a><span class="lineno"> 336</span>  </div>
|
|
408
|
+
<div class="line"><a name="l00337"></a><span class="lineno"> 337</span>  <span class="keyword">auto</span> unsafe_bufaccess = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
409
|
+
<div class="line"><a name="l00338"></a><span class="lineno"> 338</span>  {</div>
|
|
410
|
+
<div class="line"><a name="l00339"></a><span class="lineno"> 339</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
411
|
+
<div class="line"><a name="l00340"></a><span class="lineno"> 340</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a0a64bef0cc898059c50f6aec470cc6d9">_checkpoints</a>.erase(callNode);</div>
|
|
412
|
+
<div class="line"><a name="l00341"></a><span class="lineno"> 341</span>  <span class="comment">//void UNSAFE_BUFACCESS(void* data, int size);</span></div>
|
|
413
|
+
<div class="line"><a name="l00342"></a><span class="lineno"> 342</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
414
|
+
<div class="line"><a name="l00343"></a><span class="lineno"> 343</span>  <a class="code" href="classSVF_1_1IntervalExeState.html">IntervalExeState</a> &es = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>();</div>
|
|
415
|
+
<div class="line"><a name="l00344"></a><span class="lineno"> 344</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
416
|
+
<div class="line"><a name="l00345"></a><span class="lineno"> 345</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> val = es[size_id];</div>
|
|
417
|
+
<div class="line"><a name="l00346"></a><span class="lineno"> 346</span>  <span class="keywordflow">if</span> (val.<a class="code" href="classSVF_1_1IntervalValue.html#af8be90fc1b61103187908dce4ba68001">isBottom</a>())</div>
|
|
418
|
+
<div class="line"><a name="l00347"></a><span class="lineno"> 347</span>  {</div>
|
|
419
|
+
<div class="line"><a name="l00348"></a><span class="lineno"> 348</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"UNSAFE_BUFACCESS size is bottom"</span>);</div>
|
|
420
|
+
<div class="line"><a name="l00349"></a><span class="lineno"> 349</span>  }</div>
|
|
421
|
+
<div class="line"><a name="l00350"></a><span class="lineno"> 350</span>  <span class="keywordtype">bool</span> isSafe = <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.getArgument(0), val, <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
422
|
+
<div class="line"><a name="l00351"></a><span class="lineno"> 351</span>  <span class="keywordflow">if</span> (!isSafe)</div>
|
|
423
|
+
<div class="line"><a name="l00352"></a><span class="lineno"> 352</span>  {</div>
|
|
424
|
+
<div class="line"><a name="l00353"></a><span class="lineno"> 353</span>  std::cout << <span class="stringliteral">"detect buffer overflow success\n"</span>;</div>
|
|
425
|
+
<div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  <span class="keywordflow">return</span>;</div>
|
|
426
|
+
<div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  }</div>
|
|
427
|
+
<div class="line"><a name="l00356"></a><span class="lineno"> 356</span>  <span class="keywordflow">else</span></div>
|
|
428
428
|
<div class="line"><a name="l00357"></a><span class="lineno"> 357</span>  {</div>
|
|
429
|
-
<div class="line"><a name="l00358"></a><span class="lineno"> 358</span> 
|
|
430
|
-
<div class="line"><a name="l00359"></a><span class="lineno"> 359</span> 
|
|
431
|
-
<div class="line"><a name="l00360"></a><span class="lineno"> 360</span> 
|
|
432
|
-
<div class="line"><a name="l00361"></a><span class="lineno"> 361</span> 
|
|
433
|
-
<div class="line"><a name="l00362"></a><span class="lineno"> 362</span> 
|
|
434
|
-
<div class="line"><a name="l00363"></a><span class="lineno"> 363</span> 
|
|
435
|
-
<div class="line"><a name="l00364"></a><span class="lineno"> 364</span> 
|
|
436
|
-
<div class="line"><a name="l00365"></a><span class="lineno"> 365</span> 
|
|
437
|
-
<div class="line"><a name="l00366"></a><span class="lineno"> 366</span> 
|
|
438
|
-
<div class="line"><a name="l00367"></a><span class="lineno"> 367</span> 
|
|
439
|
-
<div class="line"><a name="l00368"></a><span class="lineno"> 368</span> 
|
|
440
|
-
<div class="line"><a name="l00369"></a><span class="lineno"> 369</span> 
|
|
441
|
-
<div class="line"><a name="l00370"></a><span class="lineno"> 370</span> 
|
|
442
|
-
<div class="line"><a name="l00371"></a><span class="lineno"> 371</span> 
|
|
443
|
-
<div class="line"><a name="l00372"></a><span class="lineno"> 372</span> 
|
|
444
|
-
<div class="line"><a name="l00373"></a><span class="lineno"> 373</span> 
|
|
445
|
-
<div class="line"><a name="l00374"></a><span class="lineno"> 374</span> 
|
|
446
|
-
<div class="line"><a name="l00375"></a><span class="lineno"> 375</span>  <
|
|
447
|
-
<div class="line"><a name="l00376"></a><span class="lineno"> 376</span> 
|
|
448
|
-
<div class="line"><a name="l00377"></a><span class="lineno"> 377</span>  <span class="comment">//
|
|
449
|
-
<div class="line"><a name="l00378"></a><span class="lineno"> 378</span>  <
|
|
450
|
-
<div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  <
|
|
451
|
-
<div class="line"><a name="l00380"></a><span class="lineno"> 380</span> 
|
|
452
|
-
<div class="line"><a name="l00381"></a><span class="lineno"> 381</span>  </div>
|
|
453
|
-
<div class="line"><a name="l00382"></a><span class="lineno"
|
|
454
|
-
<div class="line"><a name="l00383"></a><span class="lineno"> 383</span> 
|
|
455
|
-
<div class="line"><a name="l00384"></a><span class="lineno"> 384</span> 
|
|
456
|
-
<div class="line"><a name="l00385"></a><span class="lineno"> 385</span> 
|
|
457
|
-
<div class="line"><a name="l00386"></a><span class="lineno"> 386</span> 
|
|
458
|
-
<div class="line"><a name="l00387"></a><span class="lineno"> 387</span> 
|
|
459
|
-
<div class="line"><a name="l00388"></a><span class="lineno"> 388</span> 
|
|
460
|
-
<div class="line"><a name="l00389"></a><span class="lineno"> 389</span> 
|
|
461
|
-
<div class="line"><a name="l00390"></a><span class="lineno"> 390</span> 
|
|
462
|
-
<div class="line"><a name="l00391"></a><span class="lineno"> 391</span>  </div>
|
|
463
|
-
<div class="line"><a name="l00392"></a><span class="lineno"> 392</span> 
|
|
464
|
-
<div class="line"><a name="l00393"></a><span class="lineno"> 393</span>  <span class="
|
|
465
|
-
<div class="line"><a name="l00394"></a><span class="lineno"> 394</span> 
|
|
466
|
-
<div class="line"><a name="l00395"></a><span class="lineno"> 395</span> 
|
|
467
|
-
<div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  <
|
|
468
|
-
<div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>*
|
|
469
|
-
<div class="line"><a name="l00398"></a><span class="lineno"> 398</span>  <
|
|
470
|
-
<div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> strLen0 = <a class="code" href="
|
|
471
|
-
<div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>
|
|
472
|
-
<div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <a class="code" href="
|
|
473
|
-
<div class="line"><a name="l00402"></a><span class="lineno"> 402</span> 
|
|
474
|
-
<div class="line"><a name="l00403"></a><span class="lineno"> 403</span> 
|
|
475
|
-
<div class="line"><a name="l00404"></a><span class="lineno"> 404</span> 
|
|
476
|
-
<div class="line"><a name="l00405"></a><span class="lineno"> 405</span> 
|
|
477
|
-
<div class="line"><a name="l00406"></a><span class="lineno"> 406</span> 
|
|
478
|
-
<div class="line"><a name="l00407"></a><span class="lineno"> 407</span> 
|
|
479
|
-
<div class="line"><a name="l00408"></a><span class="lineno"> 408</span> 
|
|
480
|
-
<div class="line"><a name="l00409"></a><span class="lineno"> 409</span> 
|
|
481
|
-
<div class="line"><a name="l00410"></a><span class="lineno"> 410</span> 
|
|
482
|
-
<div class="line"><a name="l00411"></a><span class="lineno"> 411</span> 
|
|
483
|
-
<div class="line"><a name="l00412"></a><span class="lineno"> 412</span> 
|
|
484
|
-
<div class="line"><a name="l00413"></a><span class="lineno"> 413</span> 
|
|
485
|
-
<div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  <span class="
|
|
486
|
-
<div class="line"><a name="l00415"></a><span class="lineno"> 415</span> 
|
|
487
|
-
<div class="line"><a name="l00416"></a><span class="lineno"> 416</span> 
|
|
488
|
-
<div class="line"><a name="l00417"></a><span class="lineno"> 417</span> 
|
|
489
|
-
<div class="line"><a name="l00418"></a><span class="lineno"> 418</span> 
|
|
490
|
-
<div class="line"><a name="l00419"></a><span class="lineno"> 419</span> 
|
|
491
|
-
<div class="line"><a name="l00420"></a><span class="lineno"> 420</span> 
|
|
492
|
-
<div class="line"><a name="l00421"></a><span class="lineno"
|
|
493
|
-
<div class="line"><a name="l00422"></a><span class="lineno"> 422</span> 
|
|
494
|
-
<div class="line"><a name="l00423"></a><span class="lineno"> 423</span>  <
|
|
495
|
-
<div class="line"><a name="l00424"></a><span class="lineno"> 424</span>  <a class="code" href="
|
|
496
|
-
<div class="line"><a name="l00425"></a><span class="lineno"> 425</span> 
|
|
497
|
-
<div class="line"><a name="l00426"></a><span class="lineno"> 426</span> 
|
|
498
|
-
<div class="line"><a name="l00427"></a><span class="lineno"> 427</span> 
|
|
499
|
-
<div class="line"><a name="l00428"></a><span class="lineno"> 428</span> 
|
|
500
|
-
<div class="line"><a name="l00429"></a><span class="lineno"> 429</span> 
|
|
501
|
-
<div class="line"><a name="l00430"></a><span class="lineno"> 430</span> 
|
|
502
|
-
<div class="line"><a name="l00431"></a><span class="lineno"> 431</span> 
|
|
503
|
-
<div class="line"><a name="l00432"></a><span class="lineno"> 432</span> 
|
|
504
|
-
<div class="line"><a name="l00433"></a><span class="lineno"> 433</span> 
|
|
505
|
-
<div class="line"><a name="l00434"></a><span class="lineno"> 434</span> 
|
|
506
|
-
<div class="line"><a name="l00435"></a><span class="lineno"> 435</span>  <span class="comment">//
|
|
507
|
-
<div class="line"><a name="l00436"></a><span class="lineno"> 436</span>  <span class="keywordflow">
|
|
429
|
+
<div class="line"><a name="l00358"></a><span class="lineno"> 358</span>  <span class="comment">// if it is safe, it means it is wrongly labeled, assert false.</span></div>
|
|
430
|
+
<div class="line"><a name="l00359"></a><span class="lineno"> 359</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> err_msg = <span class="stringliteral">"this UNSAFE_BUFACCESS should be a buffer overflow but not detected. Pos: "</span>;</div>
|
|
431
|
+
<div class="line"><a name="l00360"></a><span class="lineno"> 360</span>  err_msg += cs.getInstruction()->getSourceLoc();</div>
|
|
432
|
+
<div class="line"><a name="l00361"></a><span class="lineno"> 361</span>  std::cerr << err_msg << std::endl;</div>
|
|
433
|
+
<div class="line"><a name="l00362"></a><span class="lineno"> 362</span>  assert(<span class="keyword">false</span>);</div>
|
|
434
|
+
<div class="line"><a name="l00363"></a><span class="lineno"> 363</span>  }</div>
|
|
435
|
+
<div class="line"><a name="l00364"></a><span class="lineno"> 364</span>  };</div>
|
|
436
|
+
<div class="line"><a name="l00365"></a><span class="lineno"> 365</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">_func_map</a>[<span class="stringliteral">"UNSAFE_BUFACCESS"</span>] = unsafe_bufaccess;</div>
|
|
437
|
+
<div class="line"><a name="l00366"></a><span class="lineno"> 366</span>  </div>
|
|
438
|
+
<div class="line"><a name="l00367"></a><span class="lineno"> 367</span>  <span class="comment">// init _checkpoint_names</span></div>
|
|
439
|
+
<div class="line"><a name="l00368"></a><span class="lineno"> 368</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a32abc52bc54745027aa2daa67a8278f3">_checkpoint_names</a>.insert(<span class="stringliteral">"SAFE_BUFACCESS"</span>);</div>
|
|
440
|
+
<div class="line"><a name="l00369"></a><span class="lineno"> 369</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a32abc52bc54745027aa2daa67a8278f3">_checkpoint_names</a>.insert(<span class="stringliteral">"UNSAFE_BUFACCESS"</span>);</div>
|
|
441
|
+
<div class="line"><a name="l00370"></a><span class="lineno"> 370</span> }</div>
|
|
442
|
+
<div class="line"><a name="l00371"></a><span class="lineno"> 371</span>  </div>
|
|
443
|
+
<div class="line"><a name="l00372"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822"> 372</a></span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">BufOverflowChecker::detectStrcat</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
|
|
444
|
+
<div class="line"><a name="l00373"></a><span class="lineno"> 373</span> {</div>
|
|
445
|
+
<div class="line"><a name="l00374"></a><span class="lineno"> 374</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFFunction.html">SVFFunction</a> *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
446
|
+
<div class="line"><a name="l00375"></a><span class="lineno"> 375</span>  <span class="comment">// check the arg size</span></div>
|
|
447
|
+
<div class="line"><a name="l00376"></a><span class="lineno"> 376</span>  <span class="comment">// if it is strcat group, we need to check the length of string,</span></div>
|
|
448
|
+
<div class="line"><a name="l00377"></a><span class="lineno"> 377</span>  <span class="comment">// e.g. strcat(str1, str2); which checks AllocSize(str1) >= Strlen(str1) + Strlen(str2);</span></div>
|
|
449
|
+
<div class="line"><a name="l00378"></a><span class="lineno"> 378</span>  <span class="comment">// if it is strncat group, we do not need to check the length of string,</span></div>
|
|
450
|
+
<div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  <span class="comment">// e.g. strncat(str1, str2, n); which checks AllocSize(str1) >= Strlen(str1) + n;</span></div>
|
|
451
|
+
<div class="line"><a name="l00380"></a><span class="lineno"> 380</span>  </div>
|
|
452
|
+
<div class="line"><a name="l00381"></a><span class="lineno"> 381</span>  <span class="keyword">const</span> std::vector<std::string> strcatGroup = {<span class="stringliteral">"__strcat_chk"</span>, <span class="stringliteral">"strcat"</span>, <span class="stringliteral">"__wcscat_chk"</span>, <span class="stringliteral">"wcscat"</span>};</div>
|
|
453
|
+
<div class="line"><a name="l00382"></a><span class="lineno"> 382</span>  <span class="keyword">const</span> std::vector<std::string> strncatGroup = {<span class="stringliteral">"__strncat_chk"</span>, <span class="stringliteral">"strncat"</span>, <span class="stringliteral">"__wcsncat_chk"</span>, <span class="stringliteral">"wcsncat"</span>};</div>
|
|
454
|
+
<div class="line"><a name="l00383"></a><span class="lineno"> 383</span>  <span class="keywordflow">if</span> (std::find(strcatGroup.begin(), strcatGroup.end(), fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) != strcatGroup.end())</div>
|
|
455
|
+
<div class="line"><a name="l00384"></a><span class="lineno"> 384</span>  {</div>
|
|
456
|
+
<div class="line"><a name="l00385"></a><span class="lineno"> 385</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
457
|
+
<div class="line"><a name="l00386"></a><span class="lineno"> 386</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
|
|
458
|
+
<div class="line"><a name="l00387"></a><span class="lineno"> 387</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg1Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(1);</div>
|
|
459
|
+
<div class="line"><a name="l00388"></a><span class="lineno"> 388</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> strLen0 = <a class="code" href="classSVF_1_1AbstractExecution.html#a99be86146ad4ddbdb900cdb6b324f943">getStrlen</a>(arg0Val);</div>
|
|
460
|
+
<div class="line"><a name="l00389"></a><span class="lineno"> 389</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> strLen1 = <a class="code" href="classSVF_1_1AbstractExecution.html#a99be86146ad4ddbdb900cdb6b324f943">getStrlen</a>(arg1Val);</div>
|
|
461
|
+
<div class="line"><a name="l00390"></a><span class="lineno"> 390</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> totalLen = strLen0 + strLen1;</div>
|
|
462
|
+
<div class="line"><a name="l00391"></a><span class="lineno"> 391</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
|
|
463
|
+
<div class="line"><a name="l00392"></a><span class="lineno"> 392</span>  }</div>
|
|
464
|
+
<div class="line"><a name="l00393"></a><span class="lineno"> 393</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (std::find(strncatGroup.begin(), strncatGroup.end(), fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) != strncatGroup.end())</div>
|
|
465
|
+
<div class="line"><a name="l00394"></a><span class="lineno"> 394</span>  {</div>
|
|
466
|
+
<div class="line"><a name="l00395"></a><span class="lineno"> 395</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
467
|
+
<div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
|
|
468
|
+
<div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg2Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(2);</div>
|
|
469
|
+
<div class="line"><a name="l00398"></a><span class="lineno"> 398</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> arg2Num = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>()[<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(arg2Val)];</div>
|
|
470
|
+
<div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> strLen0 = <a class="code" href="classSVF_1_1AbstractExecution.html#a99be86146ad4ddbdb900cdb6b324f943">getStrlen</a>(arg0Val);</div>
|
|
471
|
+
<div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> totalLen = strLen0 + arg2Num;</div>
|
|
472
|
+
<div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
|
|
473
|
+
<div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  }</div>
|
|
474
|
+
<div class="line"><a name="l00403"></a><span class="lineno"> 403</span>  <span class="keywordflow">else</span></div>
|
|
475
|
+
<div class="line"><a name="l00404"></a><span class="lineno"> 404</span>  {</div>
|
|
476
|
+
<div class="line"><a name="l00405"></a><span class="lineno"> 405</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"unknown strcat function, please add it to strcatGroup or strncatGroup"</span>);</div>
|
|
477
|
+
<div class="line"><a name="l00406"></a><span class="lineno"> 406</span>  abort();</div>
|
|
478
|
+
<div class="line"><a name="l00407"></a><span class="lineno"> 407</span>  }</div>
|
|
479
|
+
<div class="line"><a name="l00408"></a><span class="lineno"> 408</span> }</div>
|
|
480
|
+
<div class="line"><a name="l00409"></a><span class="lineno"> 409</span>  </div>
|
|
481
|
+
<div class="line"><a name="l00410"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde"> 410</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">BufOverflowChecker::handleExtAPI</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
|
|
482
|
+
<div class="line"><a name="l00411"></a><span class="lineno"> 411</span> {</div>
|
|
483
|
+
<div class="line"><a name="l00412"></a><span class="lineno"> 412</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ae002abb8711300ff52200f78f1463369">AbstractExecution::handleExtAPI</a>(call);</div>
|
|
484
|
+
<div class="line"><a name="l00413"></a><span class="lineno"> 413</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFFunction.html">SVFFunction</a> *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
485
|
+
<div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  assert(fun && <span class="stringliteral">"SVFFunction* is nullptr"</span>);</div>
|
|
486
|
+
<div class="line"><a name="l00415"></a><span class="lineno"> 415</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
487
|
+
<div class="line"><a name="l00416"></a><span class="lineno"> 416</span>  <span class="comment">// check the type of mem api,</span></div>
|
|
488
|
+
<div class="line"><a name="l00417"></a><span class="lineno"> 417</span>  <span class="comment">// MEMCPY: like memcpy, memcpy_chk, llvm.memcpy etc.</span></div>
|
|
489
|
+
<div class="line"><a name="l00418"></a><span class="lineno"> 418</span>  <span class="comment">// MEMSET: like memset, memset_chk, llvm.memset etc.</span></div>
|
|
490
|
+
<div class="line"><a name="l00419"></a><span class="lineno"> 419</span>  <span class="comment">// STRCPY: like strcpy, strcpy_chk, wcscpy etc.</span></div>
|
|
491
|
+
<div class="line"><a name="l00420"></a><span class="lineno"> 420</span>  <span class="comment">// STRCAT: like strcat, strcat_chk, wcscat etc.</span></div>
|
|
492
|
+
<div class="line"><a name="l00421"></a><span class="lineno"> 421</span>  <span class="comment">// for other ext api like printf, scanf, etc., they have their own handlers</span></div>
|
|
493
|
+
<div class="line"><a name="l00422"></a><span class="lineno"> 422</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43af">ExtAPIType</a> extType = <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa12d7009fd0108df805ee49182fe12ccc">UNCLASSIFIED</a>;</div>
|
|
494
|
+
<div class="line"><a name="l00423"></a><span class="lineno"> 423</span>  <span class="comment">// get type of mem api</span></div>
|
|
495
|
+
<div class="line"><a name="l00424"></a><span class="lineno"> 424</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> &annotation: fun-><a class="code" href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">getAnnotations</a>())</div>
|
|
496
|
+
<div class="line"><a name="l00425"></a><span class="lineno"> 425</span>  {</div>
|
|
497
|
+
<div class="line"><a name="l00426"></a><span class="lineno"> 426</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"MEMCPY"</span>) != std::string::npos)</div>
|
|
498
|
+
<div class="line"><a name="l00427"></a><span class="lineno"> 427</span>  extType = <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa622ab5082468499be675c2783aaf3dcf">MEMCPY</a>;</div>
|
|
499
|
+
<div class="line"><a name="l00428"></a><span class="lineno"> 428</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"MEMSET"</span>) != std::string::npos)</div>
|
|
500
|
+
<div class="line"><a name="l00429"></a><span class="lineno"> 429</span>  extType = <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa45836a81adf553b872a061e5fe4c5be8">MEMSET</a>;</div>
|
|
501
|
+
<div class="line"><a name="l00430"></a><span class="lineno"> 430</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"STRCPY"</span>) != std::string::npos)</div>
|
|
502
|
+
<div class="line"><a name="l00431"></a><span class="lineno"> 431</span>  extType = <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afac9539311eec734c966b719990e869b12">STRCPY</a>;</div>
|
|
503
|
+
<div class="line"><a name="l00432"></a><span class="lineno"> 432</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"STRCAT"</span>) != std::string::npos)</div>
|
|
504
|
+
<div class="line"><a name="l00433"></a><span class="lineno"> 433</span>  extType = <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afadcda19decab7b2d85523b1fdbceb23e6">STRCAT</a>;</div>
|
|
505
|
+
<div class="line"><a name="l00434"></a><span class="lineno"> 434</span>  }</div>
|
|
506
|
+
<div class="line"><a name="l00435"></a><span class="lineno"> 435</span>  <span class="comment">// 1. memcpy functions like memcpy_chk, strncpy, annotate("MEMCPY"), annotate("BUF_CHECK:Arg0, Arg2"), annotate("BUF_CHECK:Arg1, Arg2")</span></div>
|
|
507
|
+
<div class="line"><a name="l00436"></a><span class="lineno"> 436</span>  <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa622ab5082468499be675c2783aaf3dcf">MEMCPY</a>)</div>
|
|
508
508
|
<div class="line"><a name="l00437"></a><span class="lineno"> 437</span>  {</div>
|
|
509
|
-
<div class="line"><a name="l00438"></a><span class="lineno"> 438</span>  <span class="keywordflow">if</span> (
|
|
510
|
-
<div class="line"><a name="l00439"></a><span class="lineno"> 439</span> 
|
|
511
|
-
<div class="line"><a name="l00440"></a><span class="lineno"> 440</span> 
|
|
512
|
-
<div class="line"><a name="l00441"></a><span class="lineno"> 441</span> 
|
|
513
|
-
<div class="line"><a name="l00442"></a><span class="lineno"> 442</span> 
|
|
514
|
-
<div class="line"><a name="l00443"></a><span class="lineno"> 443</span> 
|
|
515
|
-
<div class="line"><a name="l00444"></a><span class="lineno"> 444</span>  <span class="
|
|
516
|
-
<div class="line"><a name="l00445"></a><span class="lineno"> 445</span> 
|
|
517
|
-
<div class="line"><a name="l00446"></a><span class="lineno"> 446</span> 
|
|
518
|
-
<div class="line"><a name="l00447"></a><span class="lineno"> 447</span> 
|
|
519
|
-
<div class="line"><a name="l00448"></a><span class="lineno"> 448</span> 
|
|
520
|
-
<div class="line"><a name="l00449"></a><span class="lineno"> 449</span> 
|
|
521
|
-
<div class="line"><a name="l00450"></a><span class="lineno"> 450</span> 
|
|
522
|
-
<div class="line"><a name="l00451"></a><span class="lineno"> 451</span> 
|
|
523
|
-
<div class="line"><a name="l00452"></a><span class="lineno"> 452</span> 
|
|
524
|
-
<div class="line"><a name="l00453"></a><span class="lineno"> 453</span> 
|
|
525
|
-
<div class="line"><a name="l00454"></a><span class="lineno"> 454</span> 
|
|
526
|
-
<div class="line"><a name="l00455"></a><span class="lineno"> 455</span> 
|
|
527
|
-
<div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  <span class="
|
|
528
|
-
<div class="line"><a name="l00457"></a><span class="lineno"> 457</span> 
|
|
529
|
-
<div class="line"><a name="l00458"></a><span class="lineno"> 458</span> 
|
|
530
|
-
<div class="line"><a name="l00459"></a><span class="lineno"> 459</span> 
|
|
531
|
-
<div class="line"><a name="l00460"></a><span class="lineno"> 460</span> 
|
|
532
|
-
<div class="line"><a name="l00461"></a><span class="lineno"> 461</span> 
|
|
533
|
-
<div class="line"><a name="l00462"></a><span class="lineno"> 462</span> 
|
|
534
|
-
<div class="line"><a name="l00463"></a><span class="lineno"> 463</span> 
|
|
535
|
-
<div class="line"><a name="l00464"></a><span class="lineno"> 464</span> 
|
|
536
|
-
<div class="line"><a name="l00465"></a><span class="lineno"> 465</span> 
|
|
537
|
-
<div class="line"><a name="l00466"></a><span class="lineno"> 466</span> 
|
|
538
|
-
<div class="line"><a name="l00467"></a><span class="lineno"> 467</span> 
|
|
539
|
-
<div class="line"><a name="l00468"></a><span class="lineno"> 468</span> 
|
|
540
|
-
<div class="line"><a name="l00469"></a><span class="lineno"> 469</span> 
|
|
541
|
-
<div class="line"><a name="l00470"></a><span class="lineno"> 470</span> 
|
|
542
|
-
<div class="line"><a name="l00471"></a><span class="lineno"> 471</span> 
|
|
543
|
-
<div class="line"><a name="l00472"></a><span class="lineno"> 472</span> 
|
|
544
|
-
<div class="line"><a name="l00473"></a><span class="lineno"> 473</span> 
|
|
545
|
-
<div class="line"><a name="l00474"></a><span class="lineno"> 474</span> 
|
|
546
|
-
<div class="line"><a name="l00475"></a><span class="lineno"> 475</span> 
|
|
547
|
-
<div class="line"><a name="l00476"></a><span class="lineno"> 476</span>  <
|
|
548
|
-
<div class="line"><a name="l00477"></a><span class="lineno"> 477</span> 
|
|
549
|
-
<div class="line"><a name="l00478"></a><span class="lineno"> 478</span> 
|
|
550
|
-
<div class="line"><a name="l00479"></a><span class="lineno"> 479</span> 
|
|
551
|
-
<div class="line"><a name="l00480"></a><span class="lineno"> 480</span> 
|
|
509
|
+
<div class="line"><a name="l00438"></a><span class="lineno"> 438</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
|
|
510
|
+
<div class="line"><a name="l00439"></a><span class="lineno"> 439</span>  {</div>
|
|
511
|
+
<div class="line"><a name="l00440"></a><span class="lineno"> 440</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
512
|
+
<div class="line"><a name="l00441"></a><span class="lineno"> 441</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
513
|
+
<div class="line"><a name="l00442"></a><span class="lineno"> 442</span>  <span class="keywordflow">return</span>;</div>
|
|
514
|
+
<div class="line"><a name="l00443"></a><span class="lineno"> 443</span>  }</div>
|
|
515
|
+
<div class="line"><a name="l00444"></a><span class="lineno"> 444</span>  <span class="comment">// call parseMemcpyBufferCheckArgs to parse the BUF_CHECK annotation</span></div>
|
|
516
|
+
<div class="line"><a name="l00445"></a><span class="lineno"> 445</span>  std::vector<std::pair<u32_t, u32_t>> args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
|
|
517
|
+
<div class="line"><a name="l00446"></a><span class="lineno"> 446</span>  <span class="comment">// loop the args and check the offset</span></div>
|
|
518
|
+
<div class="line"><a name="l00447"></a><span class="lineno"> 447</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
|
|
519
|
+
<div class="line"><a name="l00448"></a><span class="lineno"> 448</span>  {</div>
|
|
520
|
+
<div class="line"><a name="l00449"></a><span class="lineno"> 449</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>()[<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
521
|
+
<div class="line"><a name="l00450"></a><span class="lineno"> 450</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
|
|
522
|
+
<div class="line"><a name="l00451"></a><span class="lineno"> 451</span>  }</div>
|
|
523
|
+
<div class="line"><a name="l00452"></a><span class="lineno"> 452</span>  }</div>
|
|
524
|
+
<div class="line"><a name="l00453"></a><span class="lineno"> 453</span>  <span class="comment">// 2. memset functions like memset, memset_chk, annotate("MEMSET"), annotate("BUF_CHECK:Arg0, Arg2")</span></div>
|
|
525
|
+
<div class="line"><a name="l00454"></a><span class="lineno"> 454</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa45836a81adf553b872a061e5fe4c5be8">MEMSET</a>)</div>
|
|
526
|
+
<div class="line"><a name="l00455"></a><span class="lineno"> 455</span>  {</div>
|
|
527
|
+
<div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
|
|
528
|
+
<div class="line"><a name="l00457"></a><span class="lineno"> 457</span>  {</div>
|
|
529
|
+
<div class="line"><a name="l00458"></a><span class="lineno"> 458</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
530
|
+
<div class="line"><a name="l00459"></a><span class="lineno"> 459</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
531
|
+
<div class="line"><a name="l00460"></a><span class="lineno"> 460</span>  <span class="keywordflow">return</span>;</div>
|
|
532
|
+
<div class="line"><a name="l00461"></a><span class="lineno"> 461</span>  }</div>
|
|
533
|
+
<div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  std::vector<std::pair<u32_t, u32_t>> args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
|
|
534
|
+
<div class="line"><a name="l00463"></a><span class="lineno"> 463</span>  <span class="comment">// loop the args and check the offset</span></div>
|
|
535
|
+
<div class="line"><a name="l00464"></a><span class="lineno"> 464</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
|
|
536
|
+
<div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  {</div>
|
|
537
|
+
<div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>()[<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
538
|
+
<div class="line"><a name="l00467"></a><span class="lineno"> 467</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
|
|
539
|
+
<div class="line"><a name="l00468"></a><span class="lineno"> 468</span>  }</div>
|
|
540
|
+
<div class="line"><a name="l00469"></a><span class="lineno"> 469</span>  }</div>
|
|
541
|
+
<div class="line"><a name="l00470"></a><span class="lineno"> 470</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afac9539311eec734c966b719990e869b12">STRCPY</a>)</div>
|
|
542
|
+
<div class="line"><a name="l00471"></a><span class="lineno"> 471</span>  {</div>
|
|
543
|
+
<div class="line"><a name="l00472"></a><span class="lineno"> 472</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">detectStrcpy</a>(call);</div>
|
|
544
|
+
<div class="line"><a name="l00473"></a><span class="lineno"> 473</span>  }</div>
|
|
545
|
+
<div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afadcda19decab7b2d85523b1fdbceb23e6">STRCAT</a>)</div>
|
|
546
|
+
<div class="line"><a name="l00475"></a><span class="lineno"> 475</span>  {</div>
|
|
547
|
+
<div class="line"><a name="l00476"></a><span class="lineno"> 476</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">detectStrcat</a>(call);</div>
|
|
548
|
+
<div class="line"><a name="l00477"></a><span class="lineno"> 477</span>  }</div>
|
|
549
|
+
<div class="line"><a name="l00478"></a><span class="lineno"> 478</span>  <span class="keywordflow">else</span></div>
|
|
550
|
+
<div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  {</div>
|
|
551
|
+
<div class="line"><a name="l00480"></a><span class="lineno"> 480</span>  </div>
|
|
552
552
|
<div class="line"><a name="l00481"></a><span class="lineno"> 481</span>  }</div>
|
|
553
|
-
<div class="line"><a name="l00482"></a><span class="lineno"> 482</span>  <span class="keywordflow">
|
|
554
|
-
<div class="line"><a name="l00483"></a><span class="lineno"> 483</span> 
|
|
555
|
-
<div class="line"><a name="l00484"></a><span class="lineno"> 484</span> 
|
|
556
|
-
<div class="line"><a name="l00485"></a><span class="lineno"> 485</span> 
|
|
557
|
-
<div class="line"><a name="l00486"></a><span class="lineno"> 486</span> 
|
|
558
|
-
<div class="line"><a name="l00487"></a><span class="lineno"> 487</span> 
|
|
559
|
-
<div class="line"><a name="
|
|
560
|
-
<div class="line"><a name="
|
|
561
|
-
<div class="line"><a name="
|
|
562
|
-
<div class="line"><a name="
|
|
563
|
-
<div class="line"><a name="
|
|
564
|
-
<div class="line"><a name="
|
|
565
|
-
<div class="line"><a name="
|
|
566
|
-
<div class="line"><a name="
|
|
567
|
-
<div class="line"><a name="
|
|
568
|
-
<div class="line"><a name="
|
|
569
|
-
<div class="line"><a name="
|
|
570
|
-
<div class="line"><a name="
|
|
571
|
-
<div class="line"><a name="
|
|
572
|
-
<div class="line"><a name="
|
|
573
|
-
<div class="line"><a name="l00509"></a><span class="lineno"> 509</span> 
|
|
574
|
-
<div class="line"><a name="l00510"></a><span class="lineno"> 510</span> 
|
|
575
|
-
<div class="line"><a name="l00511"></a><span class="lineno"> 511</span> 
|
|
576
|
-
<div class="line"><a name="l00512"></a><span class="lineno"> 512</span> 
|
|
577
|
-
<div class="line"><a name="l00513"></a><span class="lineno"> 513</span> 
|
|
578
|
-
<div class="line"><a name="l00514"></a><span class="lineno"> 514</span> 
|
|
579
|
-
<div class="line"><a name="l00515"></a><span class="lineno"> 515</span> 
|
|
580
|
-
<div class="line"><a name="l00516"></a><span class="lineno"> 516</span> 
|
|
581
|
-
<div class="line"><a name="l00517"></a><span class="lineno"> 517</span> 
|
|
582
|
-
<div class="line"><a name="l00518"></a><span class="lineno"> 518</span> 
|
|
583
|
-
<div class="line"><a name="l00519"></a><span class="lineno"> 519</span> 
|
|
584
|
-
<div class="line"><a name="l00520"></a><span class="lineno"> 520</span> 
|
|
585
|
-
<div class="line"><a name="l00521"></a><span class="lineno"> 521</span> 
|
|
586
|
-
<div class="line"><a name="l00522"></a><span class="lineno"> 522</span> 
|
|
587
|
-
<div class="line"><a name="l00523"></a><span class="lineno"> 523</span> 
|
|
588
|
-
<div class="line"><a name="l00524"></a><span class="lineno"> 524</span> 
|
|
589
|
-
<div class="line"><a name="l00525"></a><span class="lineno"> 525</span> 
|
|
590
|
-
<div class="line"><a name="l00526"></a><span class="lineno"> 526</span> 
|
|
591
|
-
<div class="line"><a name="l00527"></a><span class="lineno"> 527</span> 
|
|
592
|
-
<div class="line"><a name="l00528"></a><span class="lineno"> 528</span> 
|
|
593
|
-
<div class="line"><a name="l00529"></a><span class="lineno"> 529</span> 
|
|
594
|
-
<div class="line"><a name="l00530"></a><span class="lineno"> 530</span>  <
|
|
595
|
-
<div class="line"><a name="l00531"></a><span class="lineno"> 531</span> 
|
|
596
|
-
<div class="line"><a name="l00532"></a><span class="lineno"> 532</span> 
|
|
597
|
-
<div class="line"><a name="l00533"></a><span class="lineno"> 533</span> 
|
|
598
|
-
<div class="line"><a name="l00534"></a><span class="lineno"> 534</span>  <
|
|
599
|
-
<div class="line"><a name="l00535"></a><span class="lineno"> 535</span> 
|
|
600
|
-
<div class="line"><a name="l00536"></a><span class="lineno"> 536</span> 
|
|
601
|
-
<div class="line"><a name="l00537"></a><span class="lineno"> 537</span> 
|
|
602
|
-
<div class="line"><a name="l00538"></a><span class="lineno"> 538</span>  <span class="comment">//
|
|
603
|
-
<div class="line"><a name="l00539"></a><span class="lineno"> 539</span>  <span class="comment">//
|
|
604
|
-
<div class="line"><a name="l00540"></a><span class="lineno"> 540</span>  <span class="comment">//
|
|
605
|
-
<div class="line"><a name="l00541"></a><span class="lineno"> 541</span>  <span class="comment">//
|
|
606
|
-
<div class="line"><a name="l00542"></a><span class="lineno"> 542</span> 
|
|
607
|
-
<div class="line"><a name="l00543"></a><span class="lineno"> 543</span>  <span class="comment">//
|
|
608
|
-
<div class="line"><a name="l00544"></a><span class="lineno"> 544</span>  <span class="comment">//
|
|
609
|
-
<div class="line"><a name="l00545"></a><span class="lineno"> 545</span>  <span class="comment">//
|
|
610
|
-
<div class="line"><a name="l00546"></a><span class="lineno"> 546</span>  <span class="comment">//
|
|
611
|
-
<div class="line"><a name="l00547"></a><span class="lineno"> 547</span>  <
|
|
612
|
-
<div class="line"><a name="l00548"></a><span class="lineno"> 548</span>  <span class="
|
|
613
|
-
<div class="line"><a name="l00549"></a><span class="lineno"> 549</span> 
|
|
614
|
-
<div class="line"><a name="l00550"></a><span class="lineno"> 550</span>  </div>
|
|
615
|
-
<div class="line"><a name="l00551"></a><span class="lineno"> 551</span> 
|
|
616
|
-
<div class="line"><a name="l00552"></a><span class="lineno"> 552</span>  <span class="
|
|
617
|
-
<div class="line"><a name="l00553"></a><span class="lineno"> 553</span> 
|
|
618
|
-
<div class="line"><a name="l00554"></a><span class="lineno"> 554</span> 
|
|
619
|
-
<div class="line"><a name="l00555"></a><span class="lineno"> 555</span> 
|
|
620
|
-
<div class="line"><a name="l00556"></a><span class="lineno"> 556</span>  <span class="comment">//
|
|
621
|
-
<div class="line"><a name="l00557"></a><span class="lineno"> 557</span> 
|
|
622
|
-
<div class="line"><a name="l00558"></a><span class="lineno"> 558</span>  <span class="
|
|
623
|
-
<div class="line"><a name="l00559"></a><span class="lineno"> 559</span> 
|
|
624
|
-
<div class="line"><a name="l00560"></a><span class="lineno"> 560</span> 
|
|
625
|
-
<div class="line"><a name="l00561"></a><span class="lineno"> 561</span> 
|
|
626
|
-
<div class="line"><a name="l00562"></a><span class="lineno"> 562</span> 
|
|
627
|
-
<div class="line"><a name="l00563"></a><span class="lineno"> 563</span> 
|
|
628
|
-
<div class="line"><a name="l00564"></a><span class="lineno"> 564</span> 
|
|
629
|
-
<div class="line"><a name="l00565"></a><span class="lineno"> 565</span> 
|
|
630
|
-
<div class="line"><a name="l00566"></a><span class="lineno"> 566</span> 
|
|
631
|
-
<div class="line"><a name="l00567"></a><span class="lineno"> 567</span> 
|
|
632
|
-
<div class="line"><a name="l00568"></a><span class="lineno"> 568</span> 
|
|
633
|
-
<div class="line"><a name="l00569"></a><span class="lineno"> 569</span> 
|
|
634
|
-
<div class="line"><a name="l00570"></a><span class="lineno"> 570</span> 
|
|
635
|
-
<div class="line"><a name="l00571"></a><span class="lineno"> 571</span> 
|
|
636
|
-
<div class="line"><a name="l00572"></a><span class="lineno"> 572</span> 
|
|
637
|
-
<div class="line"><a name="l00573"></a><span class="lineno"> 573</span> 
|
|
638
|
-
<div class="line"><a name="l00574"></a><span class="lineno"> 574</span> 
|
|
639
|
-
<div class="line"><a name="l00575"></a><span class="lineno"> 575</span> 
|
|
640
|
-
<div class="line"><a name="l00576"></a><span class="lineno"> 576</span> 
|
|
641
|
-
<div class="line"><a name="l00577"></a><span class="lineno"> 577</span> 
|
|
642
|
-
<div class="line"><a name="l00578"></a><span class="lineno"> 578</span> 
|
|
643
|
-
<div class="line"><a name="l00579"></a><span class="lineno"> 579</span> 
|
|
644
|
-
<div class="line"><a name="l00580"></a><span class="lineno"> 580</span>  </div>
|
|
645
|
-
<div class="line"><a name="l00581"></a><span class="lineno"> 581</span> 
|
|
646
|
-
<div class="line"><a name="l00582"></a><span class="lineno"> 582</span> 
|
|
647
|
-
<div class="line"><a name="l00583"></a><span class="lineno"> 583</span> 
|
|
648
|
-
<div class="line"><a name="l00584"></a><span class="lineno"> 584</span> 
|
|
649
|
-
<div class="line"><a name="l00585"></a><span class="lineno"> 585</span> 
|
|
650
|
-
<div class="line"><a name="l00586"></a><span class="lineno"> 586</span> 
|
|
651
|
-
<div class="line"><a name="l00587"></a><span class="lineno"> 587</span> 
|
|
652
|
-
<div class="line"><a name="l00588"></a><span class="lineno"> 588</span> 
|
|
653
|
-
<div class="line"><a name="l00589"></a><span class="lineno"> 589</span> 
|
|
654
|
-
<div class="line"><a name="l00590"></a><span class="lineno"> 590</span> 
|
|
655
|
-
<div class="line"><a name="l00591"></a><span class="lineno"> 591</span> 
|
|
656
|
-
<div class="line"><a name="l00592"></a><span class="lineno"> 592</span> 
|
|
657
|
-
<div class="line"><a name="l00593"></a><span class="lineno"> 593</span> 
|
|
658
|
-
<div class="line"><a name="l00594"></a><span class="lineno"> 594</span> 
|
|
659
|
-
<div class="line"><a name="l00595"></a><span class="lineno"> 595</span> 
|
|
660
|
-
<div class="line"><a name="l00596"></a><span class="lineno"> 596</span> 
|
|
661
|
-
<div class="line"><a name="l00597"></a><span class="lineno"> 597</span> 
|
|
662
|
-
<div class="line"><a name="l00598"></a><span class="lineno"> 598</span> 
|
|
663
|
-
<div class="line"><a name="l00599"></a><span class="lineno"> 599</span> 
|
|
664
|
-
<div class="line"><a name="l00600"></a><span class="lineno"> 600</span> 
|
|
665
|
-
<div class="line"><a name="l00601"></a><span class="lineno"> 601</span> 
|
|
666
|
-
<div class="line"><a name="l00602"></a><span class="lineno"> 602</span> 
|
|
667
|
-
<div class="line"><a name="l00603"></a><span class="lineno"> 603</span> 
|
|
668
|
-
<div class="line"><a name="l00604"></a><span class="lineno"> 604</span> 
|
|
669
|
-
<div class="line"><a name="l00605"></a><span class="lineno"> 605</span> 
|
|
670
|
-
<div class="line"><a name="l00606"></a><span class="lineno"> 606</span> 
|
|
671
|
-
<div class="line"><a name="l00607"></a><span class="lineno"> 607</span>  <
|
|
672
|
-
<div class="line"><a name="l00608"></a><span class="lineno"> 608</span> 
|
|
673
|
-
<div class="line"><a name="l00609"></a><span class="lineno"> 609</span> 
|
|
674
|
-
<div class="line"><a name="l00610"></a><span class="lineno"> 610</span> 
|
|
675
|
-
<div class="line"><a name="l00611"></a><span class="lineno"> 611</span> 
|
|
676
|
-
<div class="line"><a name="l00612"></a><span class="lineno"> 612</span> 
|
|
677
|
-
<div class="line"><a name="l00613"></a><span class="lineno"> 613</span> 
|
|
678
|
-
<div class="line"><a name="l00614"></a><span class="lineno"> 614</span> 
|
|
679
|
-
<div class="line"><a name="l00615"></a><span class="lineno"> 615</span> 
|
|
680
|
-
<div class="line"><a name="l00616"></a><span class="lineno"> 616</span> 
|
|
681
|
-
<div class="line"><a name="l00617"></a><span class="lineno"> 617</span> 
|
|
682
|
-
<div class="line"><a name="l00618"></a><span class="lineno"> 618</span> 
|
|
683
|
-
<div class="line"><a name="l00619"></a><span class="lineno"> 619</span> 
|
|
684
|
-
<div class="line"><a name="l00620"></a><span class="lineno"> 620</span> 
|
|
685
|
-
<div class="line"><a name="l00621"></a><span class="lineno"> 621</span> 
|
|
686
|
-
<div class="line"><a name="l00622"></a><span class="lineno"> 622</span> 
|
|
687
|
-
<div class="line"><a name="l00623"></a><span class="lineno"> 623</span> 
|
|
688
|
-
<div class="line"><a name="l00624"></a><span class="lineno"> 624</span> 
|
|
689
|
-
<div class="line"><a name="l00625"></a><span class="lineno"> 625</span> 
|
|
690
|
-
<div class="line"><a name="l00626"></a><span class="lineno"> 626</span> 
|
|
691
|
-
<div class="line"><a name="l00627"></a><span class="lineno"> 627</span> 
|
|
692
|
-
<div class="line"><a name="l00628"></a><span class="lineno"> 628</span> 
|
|
693
|
-
<div class="line"><a name="l00629"></a><span class="lineno"> 629</span> 
|
|
694
|
-
<div class="line"><a name="l00630"></a><span class="lineno"> 630</span> 
|
|
695
|
-
<div class="line"><a name="l00631"></a><span class="lineno"> 631</span> 
|
|
696
|
-
<div class="line"><a name="l00632"></a><span class="lineno"> 632</span> 
|
|
697
|
-
<div class="line"><a name="l00633"></a><span class="lineno"> 633</span> 
|
|
698
|
-
<div class="line"><a name="l00634"></a><span class="lineno"> 634</span> 
|
|
699
|
-
<div class="line"><a name="l00635"></a><span class="lineno"> 635</span> 
|
|
700
|
-
<div class="line"><a name="l00636"></a><span class="lineno"> 636</span> 
|
|
701
|
-
<div class="line"><a name="l00637"></a><span class="lineno"> 637</span> 
|
|
702
|
-
<div class="line"><a name="l00638"></a><span class="lineno"> 638</span> 
|
|
703
|
-
<div class="line"><a name="l00639"></a><span class="lineno"> 639</span> 
|
|
704
|
-
<div class="line"><a name="l00640"></a><span class="lineno"> 640</span> 
|
|
705
|
-
<div class="line"><a name="l00641"></a><span class="lineno"> 641</span> 
|
|
706
|
-
<div class="line"><a name="l00642"></a><span class="lineno"> 642</span> 
|
|
707
|
-
<div class="line"><a name="l00643"></a><span class="lineno"> 643</span> 
|
|
708
|
-
<div class="line"><a name="l00644"></a><span class="lineno"> 644</span> 
|
|
709
|
-
<div class="line"><a name="l00645"></a><span class="lineno"> 645</span> 
|
|
710
|
-
<div class="line"><a name="l00646"></a><span class="lineno"> 646</span> 
|
|
711
|
-
<div class="line"><a name="l00647"></a><span class="lineno"> 647</span> 
|
|
712
|
-
<div class="line"><a name="l00648"></a><span class="lineno"> 648</span>  </div>
|
|
713
|
-
<div class="line"><a name="l00649"></a><span class="lineno"> 649</span> 
|
|
714
|
-
<div class="line"><a name="l00650"></a><span class="lineno"> 650</span> 
|
|
715
|
-
<div class="line"><a name="l00651"></a><span class="lineno"> 651</span> 
|
|
716
|
-
<div class="line"><a name="l00652"></a><span class="lineno"> 652</span> 
|
|
717
|
-
<div class="line"><a name="l00653"></a><span class="lineno"> 653</span> 
|
|
718
|
-
<div class="line"><a name="l00654"></a><span class="lineno"> 654</span> 
|
|
719
|
-
<div class="line"><a name="l00655"></a><span class="lineno"> 655</span> 
|
|
720
|
-
<div class="line"><a name="l00656"></a><span class="lineno"> 656</span> 
|
|
721
|
-
<div class="line"><a name="l00657"></a><span class="lineno"> 657</span> 
|
|
722
|
-
<div class="line"><a name="l00658"></a><span class="lineno"> 658</span> 
|
|
723
|
-
<div class="line"><a name="l00659"></a><span class="lineno"> 659</span> 
|
|
724
|
-
<div class="line"><a name="l00660"></a><span class="lineno"> 660</span> 
|
|
725
|
-
<div class="line"><a name="l00661"></a><span class="lineno"> 661</span> 
|
|
726
|
-
<div class="line"><a name="l00662"></a><span class="lineno"> 662</span> 
|
|
727
|
-
<div class="line"><a name="l00663"></a><span class="lineno"> 663</span>  <a class="code" href="
|
|
728
|
-
<div class="line"><a name="l00664"></a><span class="lineno"> 664</span> 
|
|
729
|
-
<div class="line"><a name="l00665"></a><span class="lineno"> 665</span> 
|
|
730
|
-
<div class="line"><a name="l00666"></a><span class="lineno"> 666</span> 
|
|
731
|
-
<div class="line"><a name="l00667"></a><span class="lineno"> 667</span> 
|
|
732
|
-
<div class="line"><a name="l00668"></a><span class="lineno"> 668</span> 
|
|
733
|
-
<div class="line"><a name="l00669"></a><span class="lineno"> 669</span> 
|
|
734
|
-
<div class="line"><a name="l00670"></a><span class="lineno"> 670</span> 
|
|
735
|
-
<div class="line"><a name="l00671"></a><span class="lineno"> 671</span> 
|
|
736
|
-
<div class="line"><a name="l00672"></a><span class="lineno"> 672</span> 
|
|
737
|
-
<div class="line"><a name="l00673"></a><span class="lineno"> 673</span> 
|
|
738
|
-
<div class="line"><a name="l00674"></a><span class="lineno"> 674</span> 
|
|
739
|
-
<div class="line"><a name="l00675"></a><span class="lineno"> 675</span> 
|
|
740
|
-
<div class="line"><a name="l00676"></a><span class="lineno"> 676</span> 
|
|
741
|
-
<div class="line"><a name="l00677"></a><span class="lineno"> 677</span> 
|
|
742
|
-
<div class="line"><a name="l00678"></a><span class="lineno"> 678</span> 
|
|
743
|
-
<div class="line"><a name="l00679"></a><span class="lineno"> 679</span> 
|
|
744
|
-
<div class="line"><a name="l00680"></a><span class="lineno"> 680</span> 
|
|
745
|
-
<div class="line"><a name="l00681"></a><span class="lineno"> 681</span>  </div>
|
|
746
|
-
<div class="line"><a name="l00682"></a><span class="lineno"> 682</span> 
|
|
747
|
-
<div class="line"><a name="l00683"></a><span class="lineno"> 683</span> 
|
|
748
|
-
<div class="line"><a name="l00684"></a><span class="lineno"> 684</span> 
|
|
553
|
+
<div class="line"><a name="l00482"></a><span class="lineno"> 482</span>  <span class="keywordflow">return</span>;</div>
|
|
554
|
+
<div class="line"><a name="l00483"></a><span class="lineno"> 483</span> }</div>
|
|
555
|
+
<div class="line"><a name="l00484"></a><span class="lineno"> 484</span>  </div>
|
|
556
|
+
<div class="line"><a name="l00485"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e"> 485</a></span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">BufOverflowChecker::canSafelyAccessMemory</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *value, <span class="keyword">const</span> <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> &len, <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *curNode)</div>
|
|
557
|
+
<div class="line"><a name="l00486"></a><span class="lineno"> 486</span> {</div>
|
|
558
|
+
<div class="line"><a name="l00487"></a><span class="lineno"> 487</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *firstValue = value;</div>
|
|
559
|
+
<div class="line"><a name="l00493"></a><span class="lineno"> 493</span>  </div>
|
|
560
|
+
<div class="line"><a name="l00496"></a><span class="lineno"> 496</span>  <a class="code" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList<const SVFValue *></a> worklist;</div>
|
|
561
|
+
<div class="line"><a name="l00497"></a><span class="lineno"> 497</span>  <a class="code" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set<const SVFValue *></a> visited;</div>
|
|
562
|
+
<div class="line"><a name="l00498"></a><span class="lineno"> 498</span>  visited.insert(value);</div>
|
|
563
|
+
<div class="line"><a name="l00499"></a><span class="lineno"> 499</span>  <a class="code" href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">Map<const ICFGNode *, IntervalValue></a> gep_offsets;</div>
|
|
564
|
+
<div class="line"><a name="l00500"></a><span class="lineno"> 500</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> total_bytes = len;</div>
|
|
565
|
+
<div class="line"><a name="l00501"></a><span class="lineno"> 501</span>  worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(value);</div>
|
|
566
|
+
<div class="line"><a name="l00502"></a><span class="lineno"> 502</span>  std::vector<const CallICFGNode *> callstack = <a class="code" href="classSVF_1_1AbstractExecution.html#ab9d6ebcf67ec473ce7ad5910c74eddc1">_callSiteStack</a>;</div>
|
|
567
|
+
<div class="line"><a name="l00503"></a><span class="lineno"> 503</span>  <span class="keywordflow">while</span> (!worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">empty</a>())</div>
|
|
568
|
+
<div class="line"><a name="l00504"></a><span class="lineno"> 504</span>  {</div>
|
|
569
|
+
<div class="line"><a name="l00505"></a><span class="lineno"> 505</span>  value = worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">pop</a>();</div>
|
|
570
|
+
<div class="line"><a name="l00506"></a><span class="lineno"> 506</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFInstruction.html">SVFInstruction</a> *ins = SVFUtil::dyn_cast<SVFInstruction>(value))</div>
|
|
571
|
+
<div class="line"><a name="l00507"></a><span class="lineno"> 507</span>  {</div>
|
|
572
|
+
<div class="line"><a name="l00508"></a><span class="lineno"> 508</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *node = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(ins);</div>
|
|
573
|
+
<div class="line"><a name="l00509"></a><span class="lineno"> 509</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *callnode = SVFUtil::dyn_cast<CallICFGNode>(node))</div>
|
|
574
|
+
<div class="line"><a name="l00510"></a><span class="lineno"> 510</span>  {</div>
|
|
575
|
+
<div class="line"><a name="l00511"></a><span class="lineno"> 511</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a140acf4733b46855c8627cf10dbb0bd5">AccessMemoryViaRetNode</a>(callnode, worklist, visited);</div>
|
|
576
|
+
<div class="line"><a name="l00512"></a><span class="lineno"> 512</span>  }</div>
|
|
577
|
+
<div class="line"><a name="l00513"></a><span class="lineno"> 513</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFStmt.html">SVFStmt</a> *stmt: node-><a class="code" href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">getSVFStmts</a>())</div>
|
|
578
|
+
<div class="line"><a name="l00514"></a><span class="lineno"> 514</span>  {</div>
|
|
579
|
+
<div class="line"><a name="l00515"></a><span class="lineno"> 515</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CopyStmt.html">CopyStmt</a> *<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a> = SVFUtil::dyn_cast<CopyStmt>(stmt))</div>
|
|
580
|
+
<div class="line"><a name="l00516"></a><span class="lineno"> 516</span>  {</div>
|
|
581
|
+
<div class="line"><a name="l00517"></a><span class="lineno"> 517</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a20df87d2a269c3feab3acc40e4cd8801">AccessMemoryViaCopyStmt</a>(<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a>, worklist, visited);</div>
|
|
582
|
+
<div class="line"><a name="l00518"></a><span class="lineno"> 518</span>  }</div>
|
|
583
|
+
<div class="line"><a name="l00519"></a><span class="lineno"> 519</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1LoadStmt.html">LoadStmt</a> *load = SVFUtil::dyn_cast<LoadStmt>(stmt))</div>
|
|
584
|
+
<div class="line"><a name="l00520"></a><span class="lineno"> 520</span>  {</div>
|
|
585
|
+
<div class="line"><a name="l00521"></a><span class="lineno"> 521</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a98f3c7d5e4b3722b717071cd320c8a60">AccessMemoryViaLoadStmt</a>(load, worklist, visited);</div>
|
|
586
|
+
<div class="line"><a name="l00522"></a><span class="lineno"> 522</span>  }</div>
|
|
587
|
+
<div class="line"><a name="l00523"></a><span class="lineno"> 523</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1GepStmt.html">GepStmt</a> *gep = SVFUtil::dyn_cast<GepStmt>(stmt))</div>
|
|
588
|
+
<div class="line"><a name="l00524"></a><span class="lineno"> 524</span>  {</div>
|
|
589
|
+
<div class="line"><a name="l00525"></a><span class="lineno"> 525</span>  <span class="comment">// there are 3 type of gepStmt</span></div>
|
|
590
|
+
<div class="line"><a name="l00526"></a><span class="lineno"> 526</span>  <span class="comment">// 1. ptr get offset</span></div>
|
|
591
|
+
<div class="line"><a name="l00527"></a><span class="lineno"> 527</span>  <span class="comment">// 2. struct get field</span></div>
|
|
592
|
+
<div class="line"><a name="l00528"></a><span class="lineno"> 528</span>  <span class="comment">// 3. array get element</span></div>
|
|
593
|
+
<div class="line"><a name="l00529"></a><span class="lineno"> 529</span>  <span class="comment">// for array gep, there are two kind of overflow checking</span></div>
|
|
594
|
+
<div class="line"><a name="l00530"></a><span class="lineno"> 530</span>  <span class="comment">// Arr [Struct.C * 10] arr, Struct.C {i32 a, i32 b}</span></div>
|
|
595
|
+
<div class="line"><a name="l00531"></a><span class="lineno"> 531</span>  <span class="comment">// arr[11].a = **, it is "lhs = gep *arr, 0 (ptr), 11 (arrIdx), 0 (ptr), 0(struct field)"</span></div>
|
|
596
|
+
<div class="line"><a name="l00532"></a><span class="lineno"> 532</span>  <span class="comment">// 1) in this case arrIdx 11 is overflow.</span></div>
|
|
597
|
+
<div class="line"><a name="l00533"></a><span class="lineno"> 533</span>  <span class="comment">// Other case,</span></div>
|
|
598
|
+
<div class="line"><a name="l00534"></a><span class="lineno"> 534</span>  <span class="comment">// Struct.C {i32 a, [i32*10] b, i32 c}, C.b[11] = 1</span></div>
|
|
599
|
+
<div class="line"><a name="l00535"></a><span class="lineno"> 535</span>  <span class="comment">// it is "lhs - gep *C, 0(ptr), 1(struct field), 0(ptr), 11(arrIdx)"</span></div>
|
|
600
|
+
<div class="line"><a name="l00536"></a><span class="lineno"> 536</span>  <span class="comment">// 2) in this case arrIdx 11 is larger than its getOffsetVar.Type Array([i32*10])</span></div>
|
|
601
|
+
<div class="line"><a name="l00537"></a><span class="lineno"> 537</span>  </div>
|
|
602
|
+
<div class="line"><a name="l00538"></a><span class="lineno"> 538</span>  <span class="comment">// therefore, if last getOffsetVar.Type is not the Array, just check the overall offset and its</span></div>
|
|
603
|
+
<div class="line"><a name="l00539"></a><span class="lineno"> 539</span>  <span class="comment">// gep source type size (together with totalOffset along the value flow).</span></div>
|
|
604
|
+
<div class="line"><a name="l00540"></a><span class="lineno"> 540</span>  <span class="comment">// so if curgepOffset + totalOffset >= gepSrc (overflow)</span></div>
|
|
605
|
+
<div class="line"><a name="l00541"></a><span class="lineno"> 541</span>  <span class="comment">// else totalOffset += curgepOffset</span></div>
|
|
606
|
+
<div class="line"><a name="l00542"></a><span class="lineno"> 542</span>  </div>
|
|
607
|
+
<div class="line"><a name="l00543"></a><span class="lineno"> 543</span>  <span class="comment">// otherwise, if last getOffsetVar.Type is the Array, check the last idx and array. (just offset,</span></div>
|
|
608
|
+
<div class="line"><a name="l00544"></a><span class="lineno"> 544</span>  <span class="comment">// not with totalOffset during check)</span></div>
|
|
609
|
+
<div class="line"><a name="l00545"></a><span class="lineno"> 545</span>  <span class="comment">// so if getOffsetVarVal > getOffsetVar.TypeSize (overflow)</span></div>
|
|
610
|
+
<div class="line"><a name="l00546"></a><span class="lineno"> 546</span>  <span class="comment">// else safe and return.</span></div>
|
|
611
|
+
<div class="line"><a name="l00547"></a><span class="lineno"> 547</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> byteOffset;</div>
|
|
612
|
+
<div class="line"><a name="l00548"></a><span class="lineno"> 548</span>  <span class="keywordflow">if</span> (gep->isConstantOffset())</div>
|
|
613
|
+
<div class="line"><a name="l00549"></a><span class="lineno"> 549</span>  {</div>
|
|
614
|
+
<div class="line"><a name="l00550"></a><span class="lineno"> 550</span>  byteOffset = <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(gep->accumulateConstantByteOffset());</div>
|
|
615
|
+
<div class="line"><a name="l00551"></a><span class="lineno"> 551</span>  }</div>
|
|
616
|
+
<div class="line"><a name="l00552"></a><span class="lineno"> 552</span>  <span class="keywordflow">else</span></div>
|
|
617
|
+
<div class="line"><a name="l00553"></a><span class="lineno"> 553</span>  {</div>
|
|
618
|
+
<div class="line"><a name="l00554"></a><span class="lineno"> 554</span>  byteOffset = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a335922caf105ee72cd9d66a451ae3d4e">getByteOffset</a>(gep);</div>
|
|
619
|
+
<div class="line"><a name="l00555"></a><span class="lineno"> 555</span>  }</div>
|
|
620
|
+
<div class="line"><a name="l00556"></a><span class="lineno"> 556</span>  <span class="comment">// for variable offset, join with accumulate gep offset</span></div>
|
|
621
|
+
<div class="line"><a name="l00557"></a><span class="lineno"> 557</span>  gep_offsets[gep->getICFGNode()] = byteOffset;</div>
|
|
622
|
+
<div class="line"><a name="l00558"></a><span class="lineno"> 558</span>  <span class="keywordflow">if</span> (byteOffset.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() && <a class="code" href="classSVF_1_1Options.html#a6450b984f67d3cfa3f44892e8eea555e">Options::GepUnknownIdx</a>())</div>
|
|
623
|
+
<div class="line"><a name="l00559"></a><span class="lineno"> 559</span>  {</div>
|
|
624
|
+
<div class="line"><a name="l00560"></a><span class="lineno"> 560</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
625
|
+
<div class="line"><a name="l00561"></a><span class="lineno"> 561</span>  }</div>
|
|
626
|
+
<div class="line"><a name="l00562"></a><span class="lineno"> 562</span>  </div>
|
|
627
|
+
<div class="line"><a name="l00563"></a><span class="lineno"> 563</span>  <span class="keywordflow">if</span> (gep->getOffsetVarAndGepTypePairVec().size() > 0)</div>
|
|
628
|
+
<div class="line"><a name="l00564"></a><span class="lineno"> 564</span>  {</div>
|
|
629
|
+
<div class="line"><a name="l00565"></a><span class="lineno"> 565</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFVar.html">SVFVar</a> *gepVal = gep->getOffsetVarAndGepTypePairVec().back().first;</div>
|
|
630
|
+
<div class="line"><a name="l00566"></a><span class="lineno"> 566</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *gepType = gep->getOffsetVarAndGepTypePairVec().back().second;</div>
|
|
631
|
+
<div class="line"><a name="l00567"></a><span class="lineno"> 567</span>  </div>
|
|
632
|
+
<div class="line"><a name="l00568"></a><span class="lineno"> 568</span>  <span class="keywordflow">if</span> (gepType-><a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
|
|
633
|
+
<div class="line"><a name="l00569"></a><span class="lineno"> 569</span>  {</div>
|
|
634
|
+
<div class="line"><a name="l00570"></a><span class="lineno"> 570</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *gepArrType = SVFUtil::dyn_cast<SVFArrayType>(gepType);</div>
|
|
635
|
+
<div class="line"><a name="l00571"></a><span class="lineno"> 571</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> gepArrTotalByte(0);</div>
|
|
636
|
+
<div class="line"><a name="l00572"></a><span class="lineno"> 572</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *idxValue = gepVal-><a class="code" href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">getValue</a>();</div>
|
|
637
|
+
<div class="line"><a name="l00573"></a><span class="lineno"> 573</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arrElemSize = gepArrType-><a class="code" href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">getTypeOfElement</a>()-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
638
|
+
<div class="line"><a name="l00574"></a><span class="lineno"> 574</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFConstantInt.html">SVFConstantInt</a> *op = SVFUtil::dyn_cast<SVFConstantInt>(idxValue))</div>
|
|
639
|
+
<div class="line"><a name="l00575"></a><span class="lineno"> 575</span>  {</div>
|
|
640
|
+
<div class="line"><a name="l00576"></a><span class="lineno"> 576</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (double) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize >= op->getSExtValue() ?</div>
|
|
641
|
+
<div class="line"><a name="l00577"></a><span class="lineno"> 577</span>  op->getSExtValue() * arrElemSize : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
|
|
642
|
+
<div class="line"><a name="l00578"></a><span class="lineno"> 578</span>  gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, lb);</div>
|
|
643
|
+
<div class="line"><a name="l00579"></a><span class="lineno"> 579</span>  }</div>
|
|
644
|
+
<div class="line"><a name="l00580"></a><span class="lineno"> 580</span>  <span class="keywordflow">else</span></div>
|
|
645
|
+
<div class="line"><a name="l00581"></a><span class="lineno"> 581</span>  {</div>
|
|
646
|
+
<div class="line"><a name="l00582"></a><span class="lineno"> 582</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> idx = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(idxValue);</div>
|
|
647
|
+
<div class="line"><a name="l00583"></a><span class="lineno"> 583</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> idxVal = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">getEs</a>()[idx];</div>
|
|
648
|
+
<div class="line"><a name="l00584"></a><span class="lineno"> 584</span>  <span class="keywordflow">if</span> (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#af8be90fc1b61103187908dce4ba68001">isBottom</a>())</div>
|
|
649
|
+
<div class="line"><a name="l00585"></a><span class="lineno"> 585</span>  {</div>
|
|
650
|
+
<div class="line"><a name="l00586"></a><span class="lineno"> 586</span>  gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(0, 0);</div>
|
|
651
|
+
<div class="line"><a name="l00587"></a><span class="lineno"> 587</span>  }</div>
|
|
652
|
+
<div class="line"><a name="l00588"></a><span class="lineno"> 588</span>  <span class="keywordflow">else</span></div>
|
|
653
|
+
<div class="line"><a name="l00589"></a><span class="lineno"> 589</span>  {</div>
|
|
654
|
+
<div class="line"><a name="l00590"></a><span class="lineno"> 590</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> ub = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0) ? 0 :</div>
|
|
655
|
+
<div class="line"><a name="l00591"></a><span class="lineno"> 591</span>  (<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize >=</div>
|
|
656
|
+
<div class="line"><a name="l00592"></a><span class="lineno"> 592</span>  idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() ?</div>
|
|
657
|
+
<div class="line"><a name="l00593"></a><span class="lineno"> 593</span>  arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
|
|
658
|
+
<div class="line"><a name="l00594"></a><span class="lineno"> 594</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0) ? 0 :</div>
|
|
659
|
+
<div class="line"><a name="l00595"></a><span class="lineno"> 595</span>  ((<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize >=</div>
|
|
660
|
+
<div class="line"><a name="l00596"></a><span class="lineno"> 596</span>  idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>()) ?</div>
|
|
661
|
+
<div class="line"><a name="l00597"></a><span class="lineno"> 597</span>  arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
|
|
662
|
+
<div class="line"><a name="l00598"></a><span class="lineno"> 598</span>  gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, ub);</div>
|
|
663
|
+
<div class="line"><a name="l00599"></a><span class="lineno"> 599</span>  }</div>
|
|
664
|
+
<div class="line"><a name="l00600"></a><span class="lineno"> 600</span>  }</div>
|
|
665
|
+
<div class="line"><a name="l00601"></a><span class="lineno"> 601</span>  total_bytes = total_bytes + gepArrTotalByte;</div>
|
|
666
|
+
<div class="line"><a name="l00602"></a><span class="lineno"> 602</span>  <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>())</div>
|
|
667
|
+
<div class="line"><a name="l00603"></a><span class="lineno"> 603</span>  {</div>
|
|
668
|
+
<div class="line"><a name="l00604"></a><span class="lineno"> 604</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
|
|
669
|
+
<div class="line"><a name="l00605"></a><span class="lineno"> 605</span>  <span class="stringliteral">"Buffer overflow!! Accessing buffer range: "</span> +</div>
|
|
670
|
+
<div class="line"><a name="l00606"></a><span class="lineno"> 606</span>  <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
|
|
671
|
+
<div class="line"><a name="l00607"></a><span class="lineno"> 607</span>  <span class="stringliteral">"\nAllocated Gep buffer size: "</span> +</div>
|
|
672
|
+
<div class="line"><a name="l00608"></a><span class="lineno"> 608</span>  std::to_string(gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>()) + <span class="stringliteral">"\n"</span>;</div>
|
|
673
|
+
<div class="line"><a name="l00609"></a><span class="lineno"> 609</span>  msg += <span class="stringliteral">"Position: "</span> + firstValue-><a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">"\n"</span>;</div>
|
|
674
|
+
<div class="line"><a name="l00610"></a><span class="lineno"> 610</span>  msg += <span class="stringliteral">" The following is the value flow. [[\n"</span>;</div>
|
|
675
|
+
<div class="line"><a name="l00611"></a><span class="lineno"> 611</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
|
|
676
|
+
<div class="line"><a name="l00612"></a><span class="lineno"> 612</span>  {</div>
|
|
677
|
+
<div class="line"><a name="l00613"></a><span class="lineno"> 613</span>  msg += it->first->toString() + <span class="stringliteral">", Offset: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it->second) +</div>
|
|
678
|
+
<div class="line"><a name="l00614"></a><span class="lineno"> 614</span>  <span class="stringliteral">"\n"</span>;</div>
|
|
679
|
+
<div class="line"><a name="l00615"></a><span class="lineno"> 615</span>  }</div>
|
|
680
|
+
<div class="line"><a name="l00616"></a><span class="lineno"> 616</span>  msg += <span class="stringliteral">"]].\nAlloc Site: "</span> + gep->toString() + <span class="stringliteral">"\n"</span>;</div>
|
|
681
|
+
<div class="line"><a name="l00617"></a><span class="lineno"> 617</span>  </div>
|
|
682
|
+
<div class="line"><a name="l00618"></a><span class="lineno"> 618</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#a7655b13bbfe720ca2b8a25e0a72528e6">SVFUtil::errMsg</a>(msg), gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
|
|
683
|
+
<div class="line"><a name="l00619"></a><span class="lineno"> 619</span>  gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
|
|
684
|
+
<div class="line"><a name="l00620"></a><span class="lineno"> 620</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
|
|
685
|
+
<div class="line"><a name="l00621"></a><span class="lineno"> 621</span>  firstValue);</div>
|
|
686
|
+
<div class="line"><a name="l00622"></a><span class="lineno"> 622</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
|
|
687
|
+
<div class="line"><a name="l00623"></a><span class="lineno"> 623</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
|
|
688
|
+
<div class="line"><a name="l00624"></a><span class="lineno"> 624</span>  }</div>
|
|
689
|
+
<div class="line"><a name="l00625"></a><span class="lineno"> 625</span>  <span class="keywordflow">else</span></div>
|
|
690
|
+
<div class="line"><a name="l00626"></a><span class="lineno"> 626</span>  {</div>
|
|
691
|
+
<div class="line"><a name="l00627"></a><span class="lineno"> 627</span>  <span class="comment">// for gep last index's type is arr, stop here.</span></div>
|
|
692
|
+
<div class="line"><a name="l00628"></a><span class="lineno"> 628</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
693
|
+
<div class="line"><a name="l00629"></a><span class="lineno"> 629</span>  }</div>
|
|
694
|
+
<div class="line"><a name="l00630"></a><span class="lineno"> 630</span>  }</div>
|
|
695
|
+
<div class="line"><a name="l00631"></a><span class="lineno"> 631</span>  <span class="keywordflow">else</span></div>
|
|
696
|
+
<div class="line"><a name="l00632"></a><span class="lineno"> 632</span>  {</div>
|
|
697
|
+
<div class="line"><a name="l00633"></a><span class="lineno"> 633</span>  total_bytes = total_bytes + byteOffset;</div>
|
|
698
|
+
<div class="line"><a name="l00634"></a><span class="lineno"> 634</span>  }</div>
|
|
699
|
+
<div class="line"><a name="l00635"></a><span class="lineno"> 635</span>  </div>
|
|
700
|
+
<div class="line"><a name="l00636"></a><span class="lineno"> 636</span>  }</div>
|
|
701
|
+
<div class="line"><a name="l00637"></a><span class="lineno"> 637</span>  <span class="keywordflow">if</span> (!visited.count(gep->getRHSVar()->getValue()))</div>
|
|
702
|
+
<div class="line"><a name="l00638"></a><span class="lineno"> 638</span>  {</div>
|
|
703
|
+
<div class="line"><a name="l00639"></a><span class="lineno"> 639</span>  visited.insert(gep->getRHSVar()->getValue());</div>
|
|
704
|
+
<div class="line"><a name="l00640"></a><span class="lineno"> 640</span>  worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(gep->getRHSVar()->getValue());</div>
|
|
705
|
+
<div class="line"><a name="l00641"></a><span class="lineno"> 641</span>  }</div>
|
|
706
|
+
<div class="line"><a name="l00642"></a><span class="lineno"> 642</span>  }</div>
|
|
707
|
+
<div class="line"><a name="l00643"></a><span class="lineno"> 643</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1AddrStmt.html">AddrStmt</a> *addr = SVFUtil::dyn_cast<AddrStmt>(stmt))</div>
|
|
708
|
+
<div class="line"><a name="l00644"></a><span class="lineno"> 644</span>  {</div>
|
|
709
|
+
<div class="line"><a name="l00645"></a><span class="lineno"> 645</span>  <span class="comment">// addrStmt is source node.</span></div>
|
|
710
|
+
<div class="line"><a name="l00646"></a><span class="lineno"> 646</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = <a class="code" href="classSVF_1_1AbstractExecution.html#a598cb7b97bae122d0015c03b72beee9d">getAllocaInstByteSize</a>(addr);</div>
|
|
711
|
+
<div class="line"><a name="l00647"></a><span class="lineno"> 647</span>  <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= arr_type_size ||</div>
|
|
712
|
+
<div class="line"><a name="l00648"></a><span class="lineno"> 648</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0)</div>
|
|
713
|
+
<div class="line"><a name="l00649"></a><span class="lineno"> 649</span>  {</div>
|
|
714
|
+
<div class="line"><a name="l00650"></a><span class="lineno"> 650</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
|
|
715
|
+
<div class="line"><a name="l00651"></a><span class="lineno"> 651</span>  <span class="stringliteral">"Buffer overflow!! Accessing buffer range: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
|
|
716
|
+
<div class="line"><a name="l00652"></a><span class="lineno"> 652</span>  <span class="stringliteral">"\nAllocated buffer size: "</span> + std::to_string(arr_type_size) + <span class="stringliteral">"\n"</span>;</div>
|
|
717
|
+
<div class="line"><a name="l00653"></a><span class="lineno"> 653</span>  msg += <span class="stringliteral">"Position: "</span> + firstValue-><a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">"\n"</span>;</div>
|
|
718
|
+
<div class="line"><a name="l00654"></a><span class="lineno"> 654</span>  msg += <span class="stringliteral">" The following is the value flow. [[\n"</span>;</div>
|
|
719
|
+
<div class="line"><a name="l00655"></a><span class="lineno"> 655</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
|
|
720
|
+
<div class="line"><a name="l00656"></a><span class="lineno"> 656</span>  {</div>
|
|
721
|
+
<div class="line"><a name="l00657"></a><span class="lineno"> 657</span>  msg += it->first->toString() + <span class="stringliteral">", Offset: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it->second) + <span class="stringliteral">"\n"</span>;</div>
|
|
722
|
+
<div class="line"><a name="l00658"></a><span class="lineno"> 658</span>  }</div>
|
|
723
|
+
<div class="line"><a name="l00659"></a><span class="lineno"> 659</span>  msg += <span class="stringliteral">"]].\n Alloc Site: "</span> + addr->toString() + <span class="stringliteral">"\n"</span>;</div>
|
|
724
|
+
<div class="line"><a name="l00660"></a><span class="lineno"> 660</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
|
|
725
|
+
<div class="line"><a name="l00661"></a><span class="lineno"> 661</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
|
|
726
|
+
<div class="line"><a name="l00662"></a><span class="lineno"> 662</span>  firstValue);</div>
|
|
727
|
+
<div class="line"><a name="l00663"></a><span class="lineno"> 663</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
|
|
728
|
+
<div class="line"><a name="l00664"></a><span class="lineno"> 664</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
|
|
729
|
+
<div class="line"><a name="l00665"></a><span class="lineno"> 665</span>  }</div>
|
|
730
|
+
<div class="line"><a name="l00666"></a><span class="lineno"> 666</span>  <span class="keywordflow">else</span></div>
|
|
731
|
+
<div class="line"><a name="l00667"></a><span class="lineno"> 667</span>  {</div>
|
|
732
|
+
<div class="line"><a name="l00668"></a><span class="lineno"> 668</span>  </div>
|
|
733
|
+
<div class="line"><a name="l00669"></a><span class="lineno"> 669</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
734
|
+
<div class="line"><a name="l00670"></a><span class="lineno"> 670</span>  }</div>
|
|
735
|
+
<div class="line"><a name="l00671"></a><span class="lineno"> 671</span>  }</div>
|
|
736
|
+
<div class="line"><a name="l00672"></a><span class="lineno"> 672</span>  }</div>
|
|
737
|
+
<div class="line"><a name="l00673"></a><span class="lineno"> 673</span>  }</div>
|
|
738
|
+
<div class="line"><a name="l00674"></a><span class="lineno"> 674</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFGlobalValue.html">SVF::SVFGlobalValue</a> *gvalue = SVFUtil::dyn_cast<SVF::SVFGlobalValue>(value))</div>
|
|
739
|
+
<div class="line"><a name="l00675"></a><span class="lineno"> 675</span>  {</div>
|
|
740
|
+
<div class="line"><a name="l00676"></a><span class="lineno"> 676</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = 0;</div>
|
|
741
|
+
<div class="line"><a name="l00677"></a><span class="lineno"> 677</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *svftype = gvalue->getType();</div>
|
|
742
|
+
<div class="line"><a name="l00678"></a><span class="lineno"> 678</span>  <span class="keywordflow">if</span> (SVFUtil::isa<SVFPointerType>(svftype))</div>
|
|
743
|
+
<div class="line"><a name="l00679"></a><span class="lineno"> 679</span>  {</div>
|
|
744
|
+
<div class="line"><a name="l00680"></a><span class="lineno"> 680</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *ptrArrType = SVFUtil::dyn_cast<SVFArrayType>(</div>
|
|
745
|
+
<div class="line"><a name="l00681"></a><span class="lineno"> 681</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a888fd56160afe0d431c47bcf10674dc0">getPointeeElement</a>(<a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(gvalue))))</div>
|
|
746
|
+
<div class="line"><a name="l00682"></a><span class="lineno"> 682</span>  arr_type_size = ptrArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
747
|
+
<div class="line"><a name="l00683"></a><span class="lineno"> 683</span>  <span class="keywordflow">else</span></div>
|
|
748
|
+
<div class="line"><a name="l00684"></a><span class="lineno"> 684</span>  arr_type_size = svftype-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
749
749
|
<div class="line"><a name="l00685"></a><span class="lineno"> 685</span>  }</div>
|
|
750
|
-
<div class="line"><a name="l00686"></a><span class="lineno"> 686</span> 
|
|
751
|
-
<div class="line"><a name="l00687"></a><span class="lineno"> 687</span> 
|
|
752
|
-
<div class="line"><a name="l00688"></a><span class="lineno"> 688</span> 
|
|
753
|
-
<div class="line"><a name="l00689"></a><span class="lineno"> 689</span>  <a class="code" href="
|
|
754
|
-
<div class="line"><a name="l00690"></a><span class="lineno"> 690</span> 
|
|
755
|
-
<div class="line"><a name="l00691"></a><span class="lineno"> 691</span> 
|
|
756
|
-
<div class="line"><a name="l00692"></a><span class="lineno"> 692</span> 
|
|
757
|
-
<div class="line"><a name="l00693"></a><span class="lineno"> 693</span> 
|
|
758
|
-
<div class="line"><a name="l00694"></a><span class="lineno"> 694</span> 
|
|
759
|
-
<div class="line"><a name="l00695"></a><span class="lineno"> 695</span> 
|
|
760
|
-
<div class="line"><a name="l00696"></a><span class="lineno"> 696</span> 
|
|
761
|
-
<div class="line"><a name="l00697"></a><span class="lineno"> 697</span> 
|
|
762
|
-
<div class="line"><a name="l00698"></a><span class="lineno"> 698</span> 
|
|
763
|
-
<div class="line"><a name="l00699"></a><span class="lineno"> 699</span> 
|
|
764
|
-
<div class="line"><a name="l00700"></a><span class="lineno"> 700</span> 
|
|
765
|
-
<div class="line"><a name="l00701"></a><span class="lineno"> 701</span>  </div>
|
|
766
|
-
<div class="line"><a name="l00702"></a><span class="lineno"> 702</span> 
|
|
767
|
-
<div class="line"><a name="l00703"></a><span class="lineno"> 703</span> 
|
|
768
|
-
<div class="line"><a name="l00704"></a><span class="lineno"> 704</span>  <
|
|
769
|
-
<div class="line"><a name="l00705"></a><span class="lineno"> 705</span> 
|
|
770
|
-
<div class="line"><a name="l00706"></a><span class="lineno"> 706</span> 
|
|
771
|
-
<div class="line"><a name="l00707"></a><span class="lineno"> 707</span> 
|
|
772
|
-
<div class="line"><a name="l00708"></a><span class="lineno"> 708</span>  <span class="keywordflow">
|
|
773
|
-
<div class="line"><a name="l00709"></a><span class="lineno"> 709</span> 
|
|
774
|
-
<div class="line"><a name="l00710"></a><span class="lineno"> 710</span> 
|
|
775
|
-
<div class="line"><a name="l00711"></a><span class="lineno"> 711</span> 
|
|
776
|
-
<div class="line"><a name="l00712"></a><span class="lineno"> 712</span> 
|
|
777
|
-
<div class="line"><a name="l00713"></a><span class="lineno"> 713</span>  </div>
|
|
778
|
-
<div class="line"><a name="l00714"></a><span class="lineno"> 714</span> 
|
|
779
|
-
<div class="line"><a name="l00715"></a><span class="lineno"> 715</span> 
|
|
780
|
-
<div class="line"><a name="l00716"></a><span class="lineno"> 716</span> 
|
|
781
|
-
<div class="line"><a name="l00717"></a><span class="lineno"> 717</span> 
|
|
782
|
-
<div class="line"><a name="l00718"></a><span class="lineno"> 718</span> 
|
|
783
|
-
<div class="line"><a name="l00719"></a><span class="lineno"> 719</span>  <span class="
|
|
784
|
-
<div class="line"><a name="l00720"></a><span class="lineno"> 720</span> 
|
|
785
|
-
<div class="line"><a name="l00721"></a><span class="lineno"> 721</span> 
|
|
786
|
-
<div class="line"><a name="l00722"></a><span class="lineno"> 722</span> 
|
|
787
|
-
<div class="line"><a name="l00723"></a><span class="lineno"> 723</span> 
|
|
788
|
-
<div class="line"><a name="l00724"></a><span class="lineno"> 724</span> 
|
|
789
|
-
<div class="line"><a name="l00725"></a><span class="lineno"> 725</span> 
|
|
790
|
-
<div class="line"><a name="l00726"></a><span class="lineno"> 726</span> 
|
|
791
|
-
<div class="line"><a name="l00727"></a><span class="lineno"> 727</span> 
|
|
792
|
-
<div class="line"><a name="l00728"></a><span class="lineno"> 728</span> 
|
|
793
|
-
<div class="line"><a name="l00729"></a><span class="lineno"> 729</span> 
|
|
794
|
-
<div class="line"><a name="l00730"></a><span class="lineno"> 730</span> 
|
|
795
|
-
<div class="line"><a name="l00731"></a><span class="lineno"> 731</span> 
|
|
796
|
-
<div class="line"><a name="l00732"></a><span class="lineno"> 732</span> 
|
|
797
|
-
<div class="line"><a name="l00733"></a><span class="lineno"> 733</span> 
|
|
798
|
-
<div class="line"><a name="l00734"></a><span class="lineno"> 734</span> 
|
|
799
|
-
<div class="line"><a name="l00735"></a><span class="lineno"> 735</span> 
|
|
800
|
-
<div class="line"><a name="l00736"></a><span class="lineno"> 736</span> 
|
|
801
|
-
<div class="line"><a name="l00737"></a><span class="lineno"> 737</span> 
|
|
802
|
-
<div class="line"><a name="l00738"></a><span class="lineno"> 738</span> 
|
|
803
|
-
<div class="line"><a name="l00739"></a><span class="lineno"> 739</span> 
|
|
804
|
-
<div class="line"><a name="l00740"></a><span class="lineno"> 740</span> 
|
|
805
|
-
<div class="line"><a name="l00741"></a><span class="lineno"> 741</span>  </div>
|
|
806
|
-
<div class="line"><a name="l00742"></a><span class="lineno"> 742</span> 
|
|
807
|
-
<div class="line"><a name="l00743"></a><span class="lineno"> 743</span> 
|
|
808
|
-
<div class="line"><a name="l00744"></a><span class="lineno"> 744</span> 
|
|
809
|
-
<div class="line"><a name="l00745"></a><span class="lineno"> 745</span> 
|
|
810
|
-
<div class="line"><a name="l00746"></a><span class="lineno"> 746</span> 
|
|
811
|
-
<div class="line"><a name="l00747"></a><span class="lineno"> 747</span> 
|
|
812
|
-
<div class="line"><a name="l00748"></a><span class="lineno"> 748</span> 
|
|
813
|
-
<div class="line"><a name="l00749"></a><span class="lineno"> 749</span> 
|
|
814
|
-
<div class="line"><a name="l00750"></a><span class="lineno"> 750</span> 
|
|
815
|
-
<div class="line"><a name="l00751"></a><span class="lineno"> 751</span> 
|
|
816
|
-
<div class="line"><a name="l00752"></a><span class="lineno"> 752</span> 
|
|
817
|
-
<div class="line"><a name="l00753"></a><span class="lineno"> 753</span> 
|
|
818
|
-
<div class="line"><a name="l00754"></a><span class="lineno"> 754</span> 
|
|
819
|
-
<div class="line"><a name="l00755"></a><span class="lineno"> 755</span> 
|
|
820
|
-
<div class="line"><a name="l00756"></a><span class="lineno"> 756</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span>
|
|
750
|
+
<div class="line"><a name="l00686"></a><span class="lineno"> 686</span>  <span class="keywordflow">else</span></div>
|
|
751
|
+
<div class="line"><a name="l00687"></a><span class="lineno"> 687</span>  arr_type_size = svftype-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
752
|
+
<div class="line"><a name="l00688"></a><span class="lineno"> 688</span>  </div>
|
|
753
|
+
<div class="line"><a name="l00689"></a><span class="lineno"> 689</span>  <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= arr_type_size || total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0)</div>
|
|
754
|
+
<div class="line"><a name="l00690"></a><span class="lineno"> 690</span>  {</div>
|
|
755
|
+
<div class="line"><a name="l00691"></a><span class="lineno"> 691</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg = <span class="stringliteral">"Buffer overflow!! Accessing buffer range: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
|
|
756
|
+
<div class="line"><a name="l00692"></a><span class="lineno"> 692</span>  <span class="stringliteral">"\nAllocated buffer size: "</span> + std::to_string(arr_type_size) + <span class="stringliteral">"\n"</span>;</div>
|
|
757
|
+
<div class="line"><a name="l00693"></a><span class="lineno"> 693</span>  msg += <span class="stringliteral">"Position: "</span> + firstValue-><a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">"\n"</span>;</div>
|
|
758
|
+
<div class="line"><a name="l00694"></a><span class="lineno"> 694</span>  msg += <span class="stringliteral">" The following is the value flow.\n[["</span>;</div>
|
|
759
|
+
<div class="line"><a name="l00695"></a><span class="lineno"> 695</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
|
|
760
|
+
<div class="line"><a name="l00696"></a><span class="lineno"> 696</span>  {</div>
|
|
761
|
+
<div class="line"><a name="l00697"></a><span class="lineno"> 697</span>  msg += it->first->toString() + <span class="stringliteral">", Offset: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it->second) + <span class="stringliteral">"\n"</span>;</div>
|
|
762
|
+
<div class="line"><a name="l00698"></a><span class="lineno"> 698</span>  }</div>
|
|
763
|
+
<div class="line"><a name="l00699"></a><span class="lineno"> 699</span>  msg += <span class="stringliteral">"]]. \nAlloc Site: "</span> + gvalue->toString() + <span class="stringliteral">"\n"</span>;</div>
|
|
764
|
+
<div class="line"><a name="l00700"></a><span class="lineno"> 700</span>  </div>
|
|
765
|
+
<div class="line"><a name="l00701"></a><span class="lineno"> 701</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
|
|
766
|
+
<div class="line"><a name="l00702"></a><span class="lineno"> 702</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), firstValue);</div>
|
|
767
|
+
<div class="line"><a name="l00703"></a><span class="lineno"> 703</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
|
|
768
|
+
<div class="line"><a name="l00704"></a><span class="lineno"> 704</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
|
|
769
|
+
<div class="line"><a name="l00705"></a><span class="lineno"> 705</span>  }</div>
|
|
770
|
+
<div class="line"><a name="l00706"></a><span class="lineno"> 706</span>  <span class="keywordflow">else</span></div>
|
|
771
|
+
<div class="line"><a name="l00707"></a><span class="lineno"> 707</span>  {</div>
|
|
772
|
+
<div class="line"><a name="l00708"></a><span class="lineno"> 708</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
773
|
+
<div class="line"><a name="l00709"></a><span class="lineno"> 709</span>  }</div>
|
|
774
|
+
<div class="line"><a name="l00710"></a><span class="lineno"> 710</span>  }</div>
|
|
775
|
+
<div class="line"><a name="l00711"></a><span class="lineno"> 711</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a> *arg = SVFUtil::dyn_cast<SVF::SVFArgument>(value))</div>
|
|
776
|
+
<div class="line"><a name="l00712"></a><span class="lineno"> 712</span>  {</div>
|
|
777
|
+
<div class="line"><a name="l00713"></a><span class="lineno"> 713</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#ac920e03f019c47e585f6d0138f91585f">AccessMemoryViaCallArgs</a>(arg, worklist, visited);</div>
|
|
778
|
+
<div class="line"><a name="l00714"></a><span class="lineno"> 714</span>  }</div>
|
|
779
|
+
<div class="line"><a name="l00715"></a><span class="lineno"> 715</span>  <span class="keywordflow">else</span></div>
|
|
780
|
+
<div class="line"><a name="l00716"></a><span class="lineno"> 716</span>  {</div>
|
|
781
|
+
<div class="line"><a name="l00717"></a><span class="lineno"> 717</span>  <span class="comment">// maybe SVFConstant</span></div>
|
|
782
|
+
<div class="line"><a name="l00718"></a><span class="lineno"> 718</span>  <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
|
|
783
|
+
<div class="line"><a name="l00719"></a><span class="lineno"> 719</span>  <span class="comment">// therefore it loses the value flow track</span></div>
|
|
784
|
+
<div class="line"><a name="l00720"></a><span class="lineno"> 720</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
785
|
+
<div class="line"><a name="l00721"></a><span class="lineno"> 721</span>  }</div>
|
|
786
|
+
<div class="line"><a name="l00722"></a><span class="lineno"> 722</span>  }</div>
|
|
787
|
+
<div class="line"><a name="l00723"></a><span class="lineno"> 723</span>  <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
|
|
788
|
+
<div class="line"><a name="l00724"></a><span class="lineno"> 724</span>  <span class="comment">// therefore it loses the value flow track</span></div>
|
|
789
|
+
<div class="line"><a name="l00725"></a><span class="lineno"> 725</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
790
|
+
<div class="line"><a name="l00726"></a><span class="lineno"> 726</span> }</div>
|
|
791
|
+
<div class="line"><a name="l00727"></a><span class="lineno"> 727</span>  </div>
|
|
792
|
+
<div class="line"><a name="l00728"></a><span class="lineno"> 728</span>  </div>
|
|
793
|
+
<div class="line"><a name="l00729"></a><span class="lineno"> 729</span>  </div>
|
|
794
|
+
<div class="line"><a name="l00730"></a><span class="lineno"> 730</span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">BufOverflowChecker::handleICFGNode</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a> *node)</div>
|
|
795
|
+
<div class="line"><a name="l00731"></a><span class="lineno"> 731</span> {</div>
|
|
796
|
+
<div class="line"><a name="l00732"></a><span class="lineno"> 732</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a714fa1f4794008f630de415414cf8bfd">AbstractExecution::handleICFGNode</a>(node);</div>
|
|
797
|
+
<div class="line"><a name="l00733"></a><span class="lineno"> 733</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">detectBufOverflow</a>(node);</div>
|
|
798
|
+
<div class="line"><a name="l00734"></a><span class="lineno"> 734</span> }</div>
|
|
799
|
+
<div class="line"><a name="l00735"></a><span class="lineno"> 735</span>  </div>
|
|
800
|
+
<div class="line"><a name="l00736"></a><span class="lineno"> 736</span> <span class="comment">//</span></div>
|
|
801
|
+
<div class="line"><a name="l00737"></a><span class="lineno"> 737</span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">BufOverflowChecker::detectBufOverflow</a>(<span class="keyword">const</span> ICFGNode *node)</div>
|
|
802
|
+
<div class="line"><a name="l00738"></a><span class="lineno"> 738</span> {</div>
|
|
803
|
+
<div class="line"><a name="l00739"></a><span class="lineno"> 739</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span>* stmt: node->getSVFStmts())</div>
|
|
804
|
+
<div class="line"><a name="l00740"></a><span class="lineno"> 740</span>  {</div>
|
|
805
|
+
<div class="line"><a name="l00741"></a><span class="lineno"> 741</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep = SVFUtil::dyn_cast<GepStmt>(stmt))</div>
|
|
806
|
+
<div class="line"><a name="l00742"></a><span class="lineno"> 742</span>  {</div>
|
|
807
|
+
<div class="line"><a name="l00743"></a><span class="lineno"> 743</span>  <span class="keyword">const</span> SVFVar* gepRhs = gep->getRHSVar();</div>
|
|
808
|
+
<div class="line"><a name="l00744"></a><span class="lineno"> 744</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> SVFInstruction* inst = SVFUtil::dyn_cast<SVFInstruction>(gepRhs->getValue()))</div>
|
|
809
|
+
<div class="line"><a name="l00745"></a><span class="lineno"> 745</span>  {</div>
|
|
810
|
+
<div class="line"><a name="l00746"></a><span class="lineno"> 746</span>  <span class="keyword">const</span> ICFGNode* icfgNode = <a class="code" href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(inst);</div>
|
|
811
|
+
<div class="line"><a name="l00747"></a><span class="lineno"> 747</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> SVFStmt* stmt2: icfgNode->getSVFStmts())</div>
|
|
812
|
+
<div class="line"><a name="l00748"></a><span class="lineno"> 748</span>  {</div>
|
|
813
|
+
<div class="line"><a name="l00749"></a><span class="lineno"> 749</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep2 = SVFUtil::dyn_cast<GepStmt>(stmt2))</div>
|
|
814
|
+
<div class="line"><a name="l00750"></a><span class="lineno"> 750</span>  {</div>
|
|
815
|
+
<div class="line"><a name="l00751"></a><span class="lineno"> 751</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(gep2->getLHSVar()->getValue(), IntervalValue(0, 0), node);</div>
|
|
816
|
+
<div class="line"><a name="l00752"></a><span class="lineno"> 752</span>  }</div>
|
|
817
|
+
<div class="line"><a name="l00753"></a><span class="lineno"> 753</span>  }</div>
|
|
818
|
+
<div class="line"><a name="l00754"></a><span class="lineno"> 754</span>  }</div>
|
|
819
|
+
<div class="line"><a name="l00755"></a><span class="lineno"> 755</span>  }</div>
|
|
820
|
+
<div class="line"><a name="l00756"></a><span class="lineno"> 756</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> LoadStmt* load = SVFUtil::dyn_cast<LoadStmt>(stmt))</div>
|
|
821
821
|
<div class="line"><a name="l00757"></a><span class="lineno"> 757</span>  {</div>
|
|
822
|
-
<div class="line"><a name="l00758"></a><span class="lineno"> 758</span>  <span class="
|
|
823
|
-
<div class="line"><a name="l00759"></a><span class="lineno"> 759</span> 
|
|
824
|
-
<div class="line"><a name="l00760"></a><span class="lineno"> 760</span> 
|
|
825
|
-
<div class="line"><a name="l00761"></a><span class="lineno"> 761</span>  <span class="
|
|
826
|
-
<div class="line"><a name="l00762"></a><span class="lineno"> 762</span> 
|
|
827
|
-
<div class="line"><a name="l00763"></a><span class="lineno"> 763</span> 
|
|
828
|
-
<div class="line"><a name="l00764"></a><span class="lineno"> 764</span>  <span class="keywordflow">if</span> (<
|
|
822
|
+
<div class="line"><a name="l00758"></a><span class="lineno"> 758</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a999c358b80dd07591b0432eaa41c20c9">inVarToAddrsTable</a>(load->getRHSVarID()))</div>
|
|
823
|
+
<div class="line"><a name="l00759"></a><span class="lineno"> 759</span>  {</div>
|
|
824
|
+
<div class="line"><a name="l00760"></a><span class="lineno"> 760</span>  <a class="code" href="classSVF_1_1ExeState.html#a78038dd4884a501cfc94f073021eac96">ExeState::Addrs</a> Addrs = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a48fec38aad1c2a9a140ee94e9fdd7e9b">getAddrs</a>(load->getRHSVarID());</div>
|
|
825
|
+
<div class="line"><a name="l00761"></a><span class="lineno"> 761</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs)</div>
|
|
826
|
+
<div class="line"><a name="l00762"></a><span class="lineno"> 762</span>  {</div>
|
|
827
|
+
<div class="line"><a name="l00763"></a><span class="lineno"> 763</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a66c426719f583653cb70189f01d6fda5">getInternalID</a>(vaddr);</div>
|
|
828
|
+
<div class="line"><a name="l00764"></a><span class="lineno"> 764</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
|
|
829
829
|
<div class="line"><a name="l00765"></a><span class="lineno"> 765</span>  {</div>
|
|
830
|
-
<div class="line"><a name="l00766"></a><span class="lineno"> 766</span>  <span class="
|
|
831
|
-
<div class="line"><a name="l00767"></a><span class="lineno"> 767</span> 
|
|
832
|
-
<div class="line"><a name="l00768"></a><span class="lineno"> 768</span> 
|
|
833
|
-
<div class="line"><a name="l00769"></a><span class="lineno"> 769</span> 
|
|
834
|
-
<div class="line"><a name="l00770"></a><span class="lineno"> 770</span> 
|
|
835
|
-
<div class="line"><a name="l00771"></a><span class="lineno"> 771</span> 
|
|
836
|
-
<div class="line"><a name="l00772"></a><span class="lineno"> 772</span> 
|
|
837
|
-
<div class="line"><a name="l00773"></a><span class="lineno"> 773</span> 
|
|
838
|
-
<div class="line"><a name="l00774"></a><span class="lineno"> 774</span> 
|
|
839
|
-
<div class="line"><a name="l00775"></a><span class="lineno"> 775</span> 
|
|
840
|
-
<div class="line"><a name="l00776"></a><span class="lineno"> 776</span>  <
|
|
841
|
-
<div class="line"><a name="l00777"></a><span class="lineno"> 777</span> 
|
|
842
|
-
<div class="line"><a name="l00778"></a><span class="lineno"> 778</span> 
|
|
843
|
-
<div class="line"><a name="l00779"></a><span class="lineno"> 779</span>  <
|
|
844
|
-
<div class="line"><a name="l00780"></a><span class="lineno"> 780</span> 
|
|
845
|
-
<div class="line"><a name="l00781"></a><span class="lineno"> 781</span> 
|
|
846
|
-
<div class="line"><a name="l00782"></a><span class="lineno"> 782</span>  <span class="
|
|
847
|
-
<div class="line"><a name="l00783"></a><span class="lineno"> 783</span> 
|
|
848
|
-
<div class="line"><a name="l00784"></a><span class="lineno"> 784</span> 
|
|
849
|
-
<div class="line"><a name="l00785"></a><span class="lineno"> 785</span> 
|
|
850
|
-
<div class="line"><a name="l00786"></a><span class="lineno"> 786</span> 
|
|
851
|
-
<div class="line"><a name="l00787"></a><span class="lineno"> 787</span> 
|
|
852
|
-
<div class="line"><a name="l00788"></a><span class="lineno"> 788</span> 
|
|
853
|
-
<div class="line"><a name="l00789"></a><span class="lineno"> 789</span> 
|
|
854
|
-
<div class="line"><a name="l00790"></a><span class="lineno"> 790</span> 
|
|
855
|
-
<div class="line"><a name="l00791"></a><span class="lineno"> 791</span> 
|
|
856
|
-
<div class="line"><a name="l00792"></a><span class="lineno"> 792</span> 
|
|
857
|
-
<div class="line"><a name="l00793"></a><span class="lineno"> 793</span> 
|
|
858
|
-
<div class="line"><a name="l00794"></a><span class="lineno"> 794</span> 
|
|
859
|
-
<div class="line"><a name="l00795"></a><span class="lineno"> 795</span> 
|
|
860
|
-
<div class="line"><a name="l00796"></a><span class="lineno"> 796</span> 
|
|
861
|
-
<div class="line"><a name="l00797"></a><span class="lineno"> 797</span> 
|
|
862
|
-
<div class="line"><a name="l00798"></a><span class="lineno"> 798</span> 
|
|
863
|
-
<div class="line"><a name="l00799"></a><span class="lineno"> 799</span> 
|
|
864
|
-
<div class="line"><a name="l00800"></a><span class="lineno"> 800</span> 
|
|
865
|
-
<div class="line"><a name="l00801"></a><span class="lineno"> 801</span> 
|
|
866
|
-
<div class="line"><a name="l00802"></a><span class="lineno"> 802</span> 
|
|
867
|
-
<div class="line"><a name="l00803"></a><span class="lineno"> 803</span> 
|
|
868
|
-
<div class="line"><a name="l00804"></a><span class="lineno"> 804</span> 
|
|
869
|
-
<div class="line"><a name="l00805"></a><span class="lineno"> 805</span> 
|
|
870
|
-
<div class="line"><a name="l00806"></a><span class="lineno"> 806</span> 
|
|
871
|
-
<div class="line"><a name="l00807"></a><span class="lineno"> 807</span> 
|
|
872
|
-
<div class="line"><a name="l00808"></a><span class="lineno"> 808</span> 
|
|
873
|
-
<div class="line"><a name="l00809"></a><span class="lineno"> 809</span> 
|
|
874
|
-
<div class="line"><a name="l00810"></a><span class="lineno"> 810</span> 
|
|
875
|
-
<div class="line"><a name="l00811"></a><span class="lineno"> 811</span> 
|
|
876
|
-
<div class="line"><a name="l00812"></a><span class="lineno"> 812</span> 
|
|
877
|
-
<div class="line"><a name="l00813"></a><span class="lineno"> 813</span> 
|
|
878
|
-
<div class="line"><a name="l00814"></a><span class="lineno"> 814</span> 
|
|
879
|
-
<div class="line"><a name="l00815"></a><span class="lineno"> 815</span> 
|
|
880
|
-
<div class="line"><a name="l00816"></a><span class="lineno"> 816</span> 
|
|
881
|
-
<div class="line"><a name="l00817"></a><span class="lineno"> 817</span> 
|
|
882
|
-
<div class="line"><a name="l00818"></a><span class="lineno"> 818</span> 
|
|
883
|
-
<div class="line"><a name="l00819"></a><span class="lineno"> 819</span> 
|
|
884
|
-
<div class="line"><a name="l00820"></a><span class="lineno"> 820</span> 
|
|
885
|
-
<div class="line"><a name="l00821"></a><span class="lineno"> 821</span> 
|
|
886
|
-
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span> 
|
|
887
|
-
<div class="line"><a name="l00823"></a><span class="lineno"> 823</span> 
|
|
888
|
-
<div class="line"><a name="l00824"></a><span class="lineno"> 824</span> 
|
|
889
|
-
<div class="line"><a name="l00825"></a><span class="lineno"> 825</span> 
|
|
890
|
-
<div class="line"><a name="l00826"></a><span class="lineno"> 826</span> 
|
|
891
|
-
<div class="line"><a name="l00827"></a><span class="lineno"> 827</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> loc = eventStack.back().getEventLoc();</div>
|
|
892
|
-
<div class="line"><a name="l00828"></a><span class="lineno"> 828</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">_bugLoc</a>.find(loc) != <a class="code" href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">_bugLoc</a>.end())</div>
|
|
893
|
-
<div class="line"><a name="l00829"></a><span class="lineno"> 829</span>  {</div>
|
|
894
|
-
<div class="line"><a name="l00830"></a><span class="lineno"> 830</span>  <span class="keywordflow">return</span>;</div>
|
|
895
|
-
<div class="line"><a name="l00831"></a><span class="lineno"> 831</span>  }</div>
|
|
896
|
-
<div class="line"><a name="l00832"></a><span class="lineno"> 832</span>  <span class="keywordflow">else</span></div>
|
|
897
|
-
<div class="line"><a name="l00833"></a><span class="lineno"> 833</span>  {</div>
|
|
898
|
-
<div class="line"><a name="l00834"></a><span class="lineno"> 834</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">_bugLoc</a>.insert(loc);</div>
|
|
899
|
-
<div class="line"><a name="l00835"></a><span class="lineno"> 835</span>  }</div>
|
|
900
|
-
<div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a5ed683d635bd05f0bee10436d20deb31">_recoder</a>.<a class="code" href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">addAbsExecBug</a>(<a class="code" href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">GenericBug::FULLBUFOVERFLOW</a>, eventStack, e.getAllocLb(), e.getAllocUb(), e.getAccessLb(),</div>
|
|
901
|
-
<div class="line"><a name="l00837"></a><span class="lineno"> 837</span>  e.getAccessUb());</div>
|
|
902
|
-
<div class="line"><a name="l00838"></a><span class="lineno"> 838</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a55737f5c82afce29a816eb21070a2bc1">_nodeToBugInfo</a>[node] = e.what();</div>
|
|
903
|
-
<div class="line"><a name="l00839"></a><span class="lineno"> 839</span> }</div>
|
|
904
|
-
<div class="line"><a name="l00840"></a><span class="lineno"> 840</span>  </div>
|
|
905
|
-
<div class="line"><a name="l00841"></a><span class="lineno"> 841</span> }</div>
|
|
830
|
+
<div class="line"><a name="l00766"></a><span class="lineno"> 766</span>  <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
|
|
831
|
+
<div class="line"><a name="l00767"></a><span class="lineno"> 767</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(gep->getLHSVar()->getValue(), IntervalValue(0, 0), node);</div>
|
|
832
|
+
<div class="line"><a name="l00768"></a><span class="lineno"> 768</span>  }</div>
|
|
833
|
+
<div class="line"><a name="l00769"></a><span class="lineno"> 769</span>  }</div>
|
|
834
|
+
<div class="line"><a name="l00770"></a><span class="lineno"> 770</span>  }</div>
|
|
835
|
+
<div class="line"><a name="l00771"></a><span class="lineno"> 771</span>  }</div>
|
|
836
|
+
<div class="line"><a name="l00772"></a><span class="lineno"> 772</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> StoreStmt* store = SVFUtil::dyn_cast<StoreStmt>(stmt))</div>
|
|
837
|
+
<div class="line"><a name="l00773"></a><span class="lineno"> 773</span>  {</div>
|
|
838
|
+
<div class="line"><a name="l00774"></a><span class="lineno"> 774</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a999c358b80dd07591b0432eaa41c20c9">inVarToAddrsTable</a>(store->getLHSVarID()))</div>
|
|
839
|
+
<div class="line"><a name="l00775"></a><span class="lineno"> 775</span>  {</div>
|
|
840
|
+
<div class="line"><a name="l00776"></a><span class="lineno"> 776</span>  <a class="code" href="classSVF_1_1ExeState.html#a78038dd4884a501cfc94f073021eac96">ExeState::Addrs</a> Addrs = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a48fec38aad1c2a9a140ee94e9fdd7e9b">getAddrs</a>(store->getLHSVarID());</div>
|
|
841
|
+
<div class="line"><a name="l00777"></a><span class="lineno"> 777</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs)</div>
|
|
842
|
+
<div class="line"><a name="l00778"></a><span class="lineno"> 778</span>  {</div>
|
|
843
|
+
<div class="line"><a name="l00779"></a><span class="lineno"> 779</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">_svfir2ExeState</a>-><a class="code" href="classSVF_1_1SVFIR2ItvExeState.html#a66c426719f583653cb70189f01d6fda5">getInternalID</a>(vaddr);</div>
|
|
844
|
+
<div class="line"><a name="l00780"></a><span class="lineno"> 780</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
|
|
845
|
+
<div class="line"><a name="l00781"></a><span class="lineno"> 781</span>  {</div>
|
|
846
|
+
<div class="line"><a name="l00782"></a><span class="lineno"> 782</span>  <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
|
|
847
|
+
<div class="line"><a name="l00783"></a><span class="lineno"> 783</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">canSafelyAccessMemory</a>(gep->getLHSVar()->getValue(), IntervalValue(0, 0), node);</div>
|
|
848
|
+
<div class="line"><a name="l00784"></a><span class="lineno"> 784</span>  }</div>
|
|
849
|
+
<div class="line"><a name="l00785"></a><span class="lineno"> 785</span>  }</div>
|
|
850
|
+
<div class="line"><a name="l00786"></a><span class="lineno"> 786</span>  }</div>
|
|
851
|
+
<div class="line"><a name="l00787"></a><span class="lineno"> 787</span>  }</div>
|
|
852
|
+
<div class="line"><a name="l00788"></a><span class="lineno"> 788</span>  }</div>
|
|
853
|
+
<div class="line"><a name="l00789"></a><span class="lineno"> 789</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
854
|
+
<div class="line"><a name="l00790"></a><span class="lineno"> 790</span> }</div>
|
|
855
|
+
<div class="line"><a name="l00791"></a><span class="lineno"> 791</span>  </div>
|
|
856
|
+
<div class="line"><a name="l00792"></a><span class="lineno"> 792</span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">BufOverflowChecker::addBugToRecoder</a>(<span class="keyword">const</span> BufOverflowException& e, <span class="keyword">const</span> ICFGNode* node)</div>
|
|
857
|
+
<div class="line"><a name="l00793"></a><span class="lineno"> 793</span> {</div>
|
|
858
|
+
<div class="line"><a name="l00794"></a><span class="lineno"> 794</span>  <span class="keyword">const</span> SVFInstruction* inst = <span class="keyword">nullptr</span>;</div>
|
|
859
|
+
<div class="line"><a name="l00795"></a><span class="lineno"> 795</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(node))</div>
|
|
860
|
+
<div class="line"><a name="l00796"></a><span class="lineno"> 796</span>  {</div>
|
|
861
|
+
<div class="line"><a name="l00797"></a><span class="lineno"> 797</span>  inst = call->getCallSite();</div>
|
|
862
|
+
<div class="line"><a name="l00798"></a><span class="lineno"> 798</span>  }</div>
|
|
863
|
+
<div class="line"><a name="l00799"></a><span class="lineno"> 799</span>  <span class="keywordflow">else</span></div>
|
|
864
|
+
<div class="line"><a name="l00800"></a><span class="lineno"> 800</span>  {</div>
|
|
865
|
+
<div class="line"><a name="l00801"></a><span class="lineno"> 801</span>  inst = node->getSVFStmts().back()->getInst();</div>
|
|
866
|
+
<div class="line"><a name="l00802"></a><span class="lineno"> 802</span>  }</div>
|
|
867
|
+
<div class="line"><a name="l00803"></a><span class="lineno"> 803</span>  <a class="code" href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">GenericBug::EventStack</a> eventStack;</div>
|
|
868
|
+
<div class="line"><a name="l00804"></a><span class="lineno"> 804</span>  SVFBugEvent sourceInstEvent(SVFBugEvent::EventType::SourceInst, inst);</div>
|
|
869
|
+
<div class="line"><a name="l00805"></a><span class="lineno"> 805</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <span class="keyword">auto</span> &callsite: <a class="code" href="classSVF_1_1AbstractExecution.html#ab9d6ebcf67ec473ce7ad5910c74eddc1">_callSiteStack</a>)</div>
|
|
870
|
+
<div class="line"><a name="l00806"></a><span class="lineno"> 806</span>  {</div>
|
|
871
|
+
<div class="line"><a name="l00807"></a><span class="lineno"> 807</span>  SVFBugEvent callSiteEvent(SVFBugEvent::EventType::CallSite, callsite->getCallSite());</div>
|
|
872
|
+
<div class="line"><a name="l00808"></a><span class="lineno"> 808</span>  eventStack.push_back(callSiteEvent);</div>
|
|
873
|
+
<div class="line"><a name="l00809"></a><span class="lineno"> 809</span>  }</div>
|
|
874
|
+
<div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  eventStack.push_back(sourceInstEvent);</div>
|
|
875
|
+
<div class="line"><a name="l00811"></a><span class="lineno"> 811</span>  <span class="keywordflow">if</span> (eventStack.size() == 0) <span class="keywordflow">return</span>;</div>
|
|
876
|
+
<div class="line"><a name="l00812"></a><span class="lineno"> 812</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> loc = eventStack.back().getEventLoc();</div>
|
|
877
|
+
<div class="line"><a name="l00813"></a><span class="lineno"> 813</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">_bugLoc</a>.find(loc) != <a class="code" href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">_bugLoc</a>.end())</div>
|
|
878
|
+
<div class="line"><a name="l00814"></a><span class="lineno"> 814</span>  {</div>
|
|
879
|
+
<div class="line"><a name="l00815"></a><span class="lineno"> 815</span>  <span class="keywordflow">return</span>;</div>
|
|
880
|
+
<div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  }</div>
|
|
881
|
+
<div class="line"><a name="l00817"></a><span class="lineno"> 817</span>  <span class="keywordflow">else</span></div>
|
|
882
|
+
<div class="line"><a name="l00818"></a><span class="lineno"> 818</span>  {</div>
|
|
883
|
+
<div class="line"><a name="l00819"></a><span class="lineno"> 819</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">_bugLoc</a>.insert(loc);</div>
|
|
884
|
+
<div class="line"><a name="l00820"></a><span class="lineno"> 820</span>  }</div>
|
|
885
|
+
<div class="line"><a name="l00821"></a><span class="lineno"> 821</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a5ed683d635bd05f0bee10436d20deb31">_recoder</a>.<a class="code" href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">addAbsExecBug</a>(<a class="code" href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">GenericBug::FULLBUFOVERFLOW</a>, eventStack, e.getAllocLb(), e.getAllocUb(), e.getAccessLb(),</div>
|
|
886
|
+
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span>  e.getAccessUb());</div>
|
|
887
|
+
<div class="line"><a name="l00823"></a><span class="lineno"> 823</span>  <a class="code" href="classSVF_1_1AbstractExecution.html#a04e812385041270901af0f2cb599fa96">_nodeToBugInfo</a>[node] = e.what();</div>
|
|
888
|
+
<div class="line"><a name="l00824"></a><span class="lineno"> 824</span> }</div>
|
|
889
|
+
<div class="line"><a name="l00825"></a><span class="lineno"> 825</span>  </div>
|
|
890
|
+
<div class="line"><a name="l00826"></a><span class="lineno"> 826</span> }</div>
|
|
906
891
|
</div><!-- fragment --></div><!-- contents -->
|
|
907
892
|
<div class="ttc" id="aclassSVF_1_1SVFBugReport_html_a05f395eff23619ed10c31c0acda949e2"><div class="ttname"><a href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">SVF::SVFBugReport::addAbsExecBug</a></div><div class="ttdeci">void addAbsExecBug(GenericBug::BugType bugType, const GenericBug::EventStack &eventStack, s64_t allocLowerBound, s64_t allocUpperBound, s64_t accessLowerBound, s64_t accessUpperBound)</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00367">SVFBugReport.h:367</a></div></div>
|
|
908
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_afe6d49fd36a96bda165654eb393be6f2"><div class="ttname"><a href="classSVF_1_1AEAPI.html#afe6d49fd36a96bda165654eb393be6f2">SVF::AEAPI::getAllocaInstByteSize</a></div><div class="ttdeci">u32_t getAllocaInstByteSize(const AddrStmt *addr)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01356">AbstractExecution.cpp:1356</a></div></div>
|
|
909
893
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html_a2401b022638769f59f86ab424a189b6e"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">SVF::SVFValue::getName</a></div><div class="ttdeci">const std::string & getName() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00243">SVFValue.h:243</a></div></div>
|
|
910
894
|
<div class="ttc" id="aclassSVF_1_1CopyStmt_html"><div class="ttname"><a href="classSVF_1_1CopyStmt.html">SVF::CopyStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00364">SVFStatements.h:364</a></div></div>
|
|
911
895
|
<div class="ttc" id="aclassSVF_1_1SVFType_html_a95b8031f1e15d49c7d68628be1d05aae"><div class="ttname"><a href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">SVF::SVFType::getByteSize</a></div><div class="ttdeci">u32_t getByteSize() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00244">SVFType.h:244</a></div></div>
|
|
912
896
|
<div class="ttc" id="aclassSVF_1_1SVFIR2ItvExeState_html_afbb9ff1f2c47d2afda117bf63a80a1a7"><div class="ttname"><a href="classSVF_1_1SVFIR2ItvExeState.html#afbb9ff1f2c47d2afda117bf63a80a1a7">SVF::SVFIR2ItvExeState::getRangeLimitFromType</a></div><div class="ttdeci">IntervalValue getRangeLimitFromType(const SVFType *type)</div><div class="ttdoc">Return the value range of Integer SVF Type, e.g. unsigned i8 Type->[0, 255], signed i8 Type->[-128,...</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2ItvExeState_8cpp_source.html#l00050">SVFIR2ItvExeState.cpp:50</a></div></div>
|
|
913
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_a33b63d79de59e0015097c43978162ded"><div class="ttname"><a href="classSVF_1_1AEAPI.html#a33b63d79de59e0015097c43978162ded">SVF::AEAPI::_ae</a></div><div class="ttdeci">AbstractExecution * _ae</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00427">AbstractExecution.h:427</a></div></div>
|
|
914
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowCheckerAPI_html_a62a7eb3560c8ec158c2fe0c1fc95189d"><div class="ttname"><a href="classSVF_1_1BufOverflowCheckerAPI.html#a62a7eb3560c8ec158c2fe0c1fc95189d">SVF::BufOverflowCheckerAPI::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const IntervalValue &len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00497">BufOverflowChecker.cpp:497</a></div></div>
|
|
915
897
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a7655b13bbfe720ca2b8a25e0a72528e6"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a7655b13bbfe720ca2b8a25e0a72528e6">SVF::SVFUtil::errMsg</a></div><div class="ttdeci">std::string errMsg(const std::string &msg)</div><div class="ttdoc">Print error message by converting a string into red string output.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8cpp_source.html#l00076">SVFUtil.cpp:76</a></div></div>
|
|
898
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a99be86146ad4ddbdb900cdb6b324f943"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a99be86146ad4ddbdb900cdb6b324f943">SVF::AbstractExecution::getStrlen</a></div><div class="ttdeci">IntervalValue getStrlen(const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01516">AbstractExecution.cpp:1516</a></div></div>
|
|
916
899
|
<div class="ttc" id="aCommandLine_8h_html_a2429346d37bd4c40889bd7c6d319d9da"><div class="ttname"><a href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a></div><div class="ttdeci">unsigned u32_t</div><div class="ttdef"><b>Definition:</b> <a href="CommandLine_8h_source.html#l00018">CommandLine.h:18</a></div></div>
|
|
917
900
|
<div class="ttc" id="aclassSVF_1_1ExeState_html_a78038dd4884a501cfc94f073021eac96"><div class="ttname"><a href="classSVF_1_1ExeState.html#a78038dd4884a501cfc94f073021eac96">SVF::ExeState::Addrs</a></div><div class="ttdeci">AddressValue Addrs</div><div class="ttdef"><b>Definition:</b> <a href="ExeState_8h_source.html#l00053">ExeState.h:53</a></div></div>
|
|
918
901
|
<div class="ttc" id="aclassSVF_1_1AddrStmt_html"><div class="ttname"><a href="classSVF_1_1AddrStmt.html">SVF::AddrStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00313">SVFStatements.h:313</a></div></div>
|
|
@@ -923,91 +906,89 @@ $(function() {
|
|
|
923
906
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a0df07a2659cbf3a918de5b0d7c407264"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">SVF::IntervalValue::lb</a></div><div class="ttdeci">const NumericLiteral & lb() const</div><div class="ttdoc">Return the lower bound.</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00218">IntervalValue.h:218</a></div></div>
|
|
924
907
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_afa6b30220b0b3261205a909def9ca44e"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">SVF::BufOverflowChecker::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const SVF::ICFGNode *node) override</div></div>
|
|
925
908
|
<div class="ttc" id="anamespaceSVF_html"><div class="ttname"><a href="namespaceSVF.html">SVF</a></div><div class="ttdoc">for isBitcode</div><div class="ttdef"><b>Definition:</b> <a href="BasicTypes_8h_source.html#l00066">BasicTypes.h:66</a></div></div>
|
|
926
|
-
<div class="ttc" id="
|
|
909
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a442fb8eda087f72aa61816213dea43afa12d7009fd0108df805ee49182fe12ccc"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa12d7009fd0108df805ee49182fe12ccc">SVF::AbstractExecution::UNCLASSIFIED</a></div><div class="ttdeci">@ UNCLASSIFIED</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00114">AbstractExecution.h:114</a></div></div>
|
|
927
910
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a9815a5b31ac7dc21239d08e5b9f61106"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVF::SVFUtil::getSVFCallSite</a></div><div class="ttdeci">CallSite getSVFCallSite(const SVFInstruction *inst)</div><div class="ttdoc">Return LLVM callsite given an instruction.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00196">SVFUtil.h:196</a></div></div>
|
|
928
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_a29ab312d273e6c9c32a40d61861afb04ab8167323edeff68403cf4ceb7e8133d9"><div class="ttname"><a href="classSVF_1_1AEAPI.html#a29ab312d273e6c9c32a40d61861afb04ab8167323edeff68403cf4ceb7e8133d9">SVF::AEAPI::STRCAT</a></div><div class="ttdeci">@ STRCAT</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00289">AbstractExecution.h:289</a></div></div>
|
|
929
911
|
<div class="ttc" id="aclassSVF_1_1ICFGNode_html_a6c68f52dd90728073fb79141df9b0661"><div class="ttname"><a href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">SVF::ICFGNode::getSVFStmts</a></div><div class="ttdeci">const SVFStmtList & getSVFStmts() const</div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00127">ICFGNode.h:127</a></div></div>
|
|
930
912
|
<div class="ttc" id="astructSVF_1_1BufOverflowException_html"><div class="ttname"><a href="structSVF_1_1BufOverflowException.html">SVF::BufOverflowException</a></div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00036">BufOverflowChecker.h:36</a></div></div>
|
|
931
|
-
<div class="ttc" id="
|
|
932
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a55737f5c82afce29a816eb21070a2bc1"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a55737f5c82afce29a816eb21070a2bc1">SVF::AbstractExecution::_nodeToBugInfo</a></div><div class="ttdeci">Map< const ICFGNode *, std::string > _nodeToBugInfo</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00254">AbstractExecution.h:254</a></div></div>
|
|
933
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a5e24bceb3d6961117651dbc65e9a097a"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">SVF::AbstractExecution::_svfir2ExeState</a></div><div class="ttdeci">SVFIR2ItvExeState * _svfir2ExeState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00244">AbstractExecution.h:244</a></div></div>
|
|
913
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a5e24bceb3d6961117651dbc65e9a097a"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a5e24bceb3d6961117651dbc65e9a097a">SVF::AbstractExecution::_svfir2ExeState</a></div><div class="ttdeci">SVFIR2ItvExeState * _svfir2ExeState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00344">AbstractExecution.h:344</a></div></div>
|
|
934
914
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_ac71522e8c55f84cfc6c13a0ddff18436"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVF::SVFUtil::wrnMsg</a></div><div class="ttdeci">std::string wrnMsg(const std::string &msg)</div><div class="ttdoc">Returns warning message by converting a string into yellow string output.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8cpp_source.html#l00061">SVFUtil.cpp:61</a></div></div>
|
|
935
915
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html_a11f2d9b6e969ede6fca2c204cc15b821"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">SVF::SVFValue::getType</a></div><div class="ttdeci">virtual const SVFType * getType() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00256">SVFValue.h:256</a></div></div>
|
|
916
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad8b2f2fa6f22b9d1655135c819cbad8a"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">SVF::BufOverflowChecker::detectStrcpy</a></div><div class="ttdeci">bool detectStrcpy(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00123">BufOverflowChecker.cpp:123</a></div></div>
|
|
936
917
|
<div class="ttc" id="aclassSVF_1_1SVFVar_html_ac2db6304ea5526fb446ae882983beeb0"><div class="ttname"><a href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">SVF::SVFVar::getValue</a></div><div class="ttdeci">const SVFValue * getValue() const</div><div class="ttdoc">Get/has methods of the components.</div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00094">SVFVariables.h:94</a></div></div>
|
|
937
918
|
<div class="ttc" id="aclassSVF_1_1GenericBug_html_acc65b033bfd61257d5b6fdbf932dfafe"><div class="ttname"><a href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">SVF::GenericBug::EventStack</a></div><div class="ttdeci">std::vector< SVFBugEvent > EventStack</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00083">SVFBugReport.h:83</a></div></div>
|
|
938
919
|
<div class="ttc" id="aclassSVF_1_1ICFGNode_html"><div class="ttname"><a href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a></div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00054">ICFGNode.h:54</a></div></div>
|
|
939
920
|
<div class="ttc" id="aclassSVF_1_1SVFType_html_a330084f9a3deb6e5acb52a8ee3eb7fe4"><div class="ttname"><a href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">SVF::SVFType::isArrayTy</a></div><div class="ttdeci">bool isArrayTy() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00254">SVFType.h:254</a></div></div>
|
|
940
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a5ed683d635bd05f0bee10436d20deb31"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a5ed683d635bd05f0bee10436d20deb31">SVF::AbstractExecution::_recoder</a></div><div class="ttdeci">SVFBugReport _recoder</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#
|
|
921
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a5ed683d635bd05f0bee10436d20deb31"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a5ed683d635bd05f0bee10436d20deb31">SVF::AbstractExecution::_recoder</a></div><div class="ttdeci">SVFBugReport _recoder</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00352">AbstractExecution.h:352</a></div></div>
|
|
941
922
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a5d73cc2aa0a6ed49e8301fa7b0cd5045"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a5d73cc2aa0a6ed49e8301fa7b0cd5045">SVF::IntervalValue::toString</a></div><div class="ttdeci">const std::string toString() const</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00441">IntervalValue.h:441</a></div></div>
|
|
923
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a32abc52bc54745027aa2daa67a8278f3"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a32abc52bc54745027aa2daa67a8278f3">SVF::AbstractExecution::_checkpoint_names</a></div><div class="ttdeci">Set< std::string > _checkpoint_names</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00384">AbstractExecution.h:384</a></div></div>
|
|
942
924
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_af8be90fc1b61103187908dce4ba68001"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#af8be90fc1b61103187908dce4ba68001">SVF::IntervalValue::isBottom</a></div><div class="ttdeci">bool isBottom() const override</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00060">IntervalValue.h:60</a></div></div>
|
|
943
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_ac49859a7848fbef0e29492e95b031f1f"><div class="ttname"><a href="classSVF_1_1AEAPI.html#ac49859a7848fbef0e29492e95b031f1f">SVF::AEAPI::AccessMemoryViaCallArgs</a></div><div class="ttdeci">void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01794">AbstractExecution.cpp:1794</a></div></div>
|
|
944
925
|
<div class="ttc" id="aclassSVF_1_1SVFIR2ItvExeState_html_a48fec38aad1c2a9a140ee94e9fdd7e9b"><div class="ttname"><a href="classSVF_1_1SVFIR2ItvExeState.html#a48fec38aad1c2a9a140ee94e9fdd7e9b">SVF::SVFIR2ItvExeState::getAddrs</a></div><div class="ttdeci">Addrs & getAddrs(u32_t id)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2ItvExeState_8h_source.html#l00107">SVFIR2ItvExeState.h:107</a></div></div>
|
|
945
926
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a3dba35c84607bd3ed4e62a90ae2799cf"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a3dba35c84607bd3ed4e62a90ae2799cf">SVF::IntervalValue::is_infinite</a></div><div class="ttdeci">static bool is_infinite(const NumericLiteral &e)</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00077">IntervalValue.h:77</a></div></div>
|
|
946
927
|
<div class="ttc" id="aclassSVF_1_1Options_html_a6450b984f67d3cfa3f44892e8eea555e"><div class="ttname"><a href="classSVF_1_1Options.html#a6450b984f67d3cfa3f44892e8eea555e">SVF::Options::GepUnknownIdx</a></div><div class="ttdeci">static const Option< bool > GepUnknownIdx</div><div class="ttdoc">if the access index of gepstmt is unknown, skip it, Default: false</div><div class="ttdef"><b>Definition:</b> <a href="Options_8h_source.html#l00273">Options.h:273</a></div></div>
|
|
947
|
-
<div class="ttc" id="
|
|
948
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_afa34cb2ee3fc1ca5aa04a2afe7c2d6e8"><div class="ttname"><a href="classSVF_1_1AEAPI.html#afa34cb2ee3fc1ca5aa04a2afe7c2d6e8">SVF::AEAPI::AccessMemoryViaLoadStmt</a></div><div class="ttdeci">void AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01774">AbstractExecution.cpp:1774</a></div></div>
|
|
928
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aed959fce840cbea32d3567ee1ac01e82"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">SVF::BufOverflowChecker::initExtAPIBufOverflowCheckRules</a></div><div class="ttdeci">void initExtAPIBufOverflowCheckRules()</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00076">BufOverflowChecker.cpp:76</a></div></div>
|
|
949
929
|
<div class="ttc" id="aOptions_8h_html"><div class="ttname"><a href="Options_8h.html">Options.h</a></div></div>
|
|
950
930
|
<div class="ttc" id="aclassSVF_1_1GenericBug_html_a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747"><div class="ttname"><a href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">SVF::GenericBug::FULLBUFOVERFLOW</a></div><div class="ttdeci">@ FULLBUFOVERFLOW</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00086">SVFBugReport.h:86</a></div></div>
|
|
951
931
|
<div class="ttc" id="aclassSVF_1_1SVFFunction_html_a067bd6dbaf74a028d546fa56b095791b"><div class="ttname"><a href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">SVF::SVFFunction::getAnnotations</a></div><div class="ttdeci">const std::vector< std::string > & getAnnotations() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00466">SVFValue.h:466</a></div></div>
|
|
932
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aa68f8aef09481d7c07dc59d7dfb83822"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">SVF::BufOverflowChecker::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00372">BufOverflowChecker.cpp:372</a></div></div>
|
|
952
933
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a145abbd2958629718fbca41d25c3124d"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVF::SVFUtil::getCallee</a></div><div class="ttdeci">const SVFFunction * getCallee(const CallSite cs)</div><div class="ttdoc">Return callee of a callsite. Return null if this is an indirect call.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00241">SVFUtil.h:241</a></div></div>
|
|
953
934
|
<div class="ttc" id="aSVFType_8h_html"><div class="ttname"><a href="SVFType_8h.html">SVFType.h</a></div></div>
|
|
954
935
|
<div class="ttc" id="aclassSVF_1_1NumericLiteral_html_a4181e5e15e10304ea524e5f8b2a3f576"><div class="ttname"><a href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">SVF::NumericLiteral::getNumeral</a></div><div class="ttdeci">s64_t getNumeral() const</div><div class="ttdoc">Return Numeral.</div><div class="ttdef"><b>Definition:</b> <a href="NumericLiteral_8h_source.html#l00118">NumericLiteral.h:118</a></div></div>
|
|
955
|
-
<div class="ttc" id="
|
|
956
|
-
<div class="ttc" id="
|
|
957
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a1d725fe50a7084bfa18bd47b941af885"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a1d725fe50a7084bfa18bd47b941af885">SVF::AbstractExecution::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l00892">AbstractExecution.cpp:892</a></div></div>
|
|
936
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a790c178f8c29eecfc256a5dfd97d1637"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a790c178f8c29eecfc256a5dfd97d1637">SVF::AbstractExecution::_bugLoc</a></div><div class="ttdeci">Set< std::string > _bugLoc</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00351">AbstractExecution.h:351</a></div></div>
|
|
937
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a1d725fe50a7084bfa18bd47b941af885"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a1d725fe50a7084bfa18bd47b941af885">SVF::AbstractExecution::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l00887">AbstractExecution.cpp:887</a></div></div>
|
|
958
938
|
<div class="ttc" id="aclassSVF_1_1SVFIR2ItvExeState_html_a66c426719f583653cb70189f01d6fda5"><div class="ttname"><a href="classSVF_1_1SVFIR2ItvExeState.html#a66c426719f583653cb70189f01d6fda5">SVF::SVFIR2ItvExeState::getInternalID</a></div><div class="ttdeci">static u32_t getInternalID(u32_t idx)</div><div class="ttdoc">Return the internal index if idx is an address otherwise return the value of idx.</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2ItvExeState_8h_source.html#l00166">SVFIR2ItvExeState.h:166</a></div></div>
|
|
959
939
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html"><div class="ttname"><a href="classSVF_1_1SVFValue.html">SVF::SVFValue</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00177">SVFValue.h:177</a></div></div>
|
|
960
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_ae0519df0b6927a2d077c3d46beeaa9f7"><div class="ttname"><a href="classSVF_1_1AEAPI.html#ae0519df0b6927a2d077c3d46beeaa9f7">SVF::AEAPI::getStrlen</a></div><div class="ttdeci">IntervalValue getStrlen(const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01521">AbstractExecution.cpp:1521</a></div></div>
|
|
961
940
|
<div class="ttc" id="acJSON_8h_html_ad4c68ea99a26b0a98ad9a79982960458"><div class="ttname"><a href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">string</a></div><div class="ttdeci">const char *const string</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8h_source.html#l00172">cJSON.h:172</a></div></div>
|
|
962
941
|
<div class="ttc" id="aclassSVF_1_1SVFArrayType_html"><div class="ttname"><a href="classSVF_1_1SVFArrayType.html">SVF::SVFArrayType</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00377">SVFType.h:377</a></div></div>
|
|
963
942
|
<div class="ttc" id="anamespaceSVF_html_a5d28d0818391747924478e86b9033431"><div class="ttname"><a href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">SVF::IntervalToIntStr</a></div><div class="ttdeci">std::string IntervalToIntStr(const IntervalValue &inv)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00037">BufOverflowChecker.cpp:37</a></div></div>
|
|
943
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a598cb7b97bae122d0015c03b72beee9d"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a598cb7b97bae122d0015c03b72beee9d">SVF::AbstractExecution::getAllocaInstByteSize</a></div><div class="ttdeci">u32_t getAllocaInstByteSize(const AddrStmt *addr)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01351">AbstractExecution.cpp:1351</a></div></div>
|
|
964
944
|
<div class="ttc" id="aclassSVF_1_1CallICFGNode_html"><div class="ttname"><a href="classSVF_1_1CallICFGNode.html">SVF::CallICFGNode</a></div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00385">ICFGNode.h:385</a></div></div>
|
|
965
945
|
<div class="ttc" id="aclassSVF_1_1SVFType_html"><div class="ttname"><a href="classSVF_1_1SVFType.html">SVF::SVFType</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00156">SVFType.h:156</a></div></div>
|
|
966
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowCheckerAPI_html_a49a9ee0125f2af00cc55c3224611f28e"><div class="ttname"><a href="classSVF_1_1BufOverflowCheckerAPI.html#a49a9ee0125f2af00cc55c3224611f28e">SVF::BufOverflowCheckerAPI::initExtFunMap</a></div><div class="ttdeci">virtual void initExtFunMap()</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00134">BufOverflowChecker.cpp:134</a></div></div>
|
|
967
946
|
<div class="ttc" id="aclassSVF_1_1SVFIR2ItvExeState_html_a335922caf105ee72cd9d66a451ae3d4e"><div class="ttname"><a href="classSVF_1_1SVFIR2ItvExeState.html#a335922caf105ee72cd9d66a451ae3d4e">SVF::SVFIR2ItvExeState::getByteOffset</a></div><div class="ttdeci">IntervalValue getByteOffset(const GepStmt *gep)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2ItvExeState_8cpp_source.html#l00275">SVFIR2ItvExeState.cpp:275</a></div></div>
|
|
968
|
-
<div class="ttc" id="
|
|
947
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a888fd56160afe0d431c47bcf10674dc0"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a888fd56160afe0d431c47bcf10674dc0">SVF::AbstractExecution::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01663">AbstractExecution.cpp:1663</a></div></div>
|
|
948
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a98f3c7d5e4b3722b717071cd320c8a60"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a98f3c7d5e4b3722b717071cd320c8a60">SVF::AbstractExecution::AccessMemoryViaLoadStmt</a></div><div class="ttdeci">void AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01769">AbstractExecution.cpp:1769</a></div></div>
|
|
969
949
|
<div class="ttc" id="aclassSVF_1_1ICFG_html_a5f2c0aaba07d6fdd63058da0fb60ca8b"><div class="ttname"><a href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">SVF::ICFG::getICFGNode</a></div><div class="ttdeci">ICFGNode * getICFGNode(NodeID id) const</div><div class="ttdoc">Get a ICFG node.</div><div class="ttdef"><b>Definition:</b> <a href="ICFG_8h_source.html#l00092">ICFG.h:92</a></div></div>
|
|
950
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ace5ad1d6a63d5392044fee2ecbc9236e"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ace5ad1d6a63d5392044fee2ecbc9236e">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const IntervalValue &len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00485">BufOverflowChecker.cpp:485</a></div></div>
|
|
970
951
|
<div class="ttc" id="aclassSVF_1_1SVFFunction_html"><div class="ttname"><a href="classSVF_1_1SVFFunction.html">SVF::SVFFunction</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00297">SVFValue.h:297</a></div></div>
|
|
971
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_a7be3da80bedb1077a99d67daa124afde"><div class="ttname"><a href="classSVF_1_1AEAPI.html#a7be3da80bedb1077a99d67daa124afde">SVF::AEAPI::AccessMemoryViaRetNode</a></div><div class="ttdeci">void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01740">AbstractExecution.cpp:1740</a></div></div>
|
|
972
952
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html_afcf3fcda18e8d3e2bad70a51376c0ce1"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">SVF::FILOWorkList::push</a></div><div class="ttdeci">bool push(const Data &data)</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00257">WorkList.h:257</a></div></div>
|
|
973
953
|
<div class="ttc" id="aclassSVF_1_1SVFConstantInt_html"><div class="ttname"><a href="classSVF_1_1SVFConstantInt.html">SVF::SVFConstantInt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00966">SVFValue.h:966</a></div></div>
|
|
974
954
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_adac2dc2c9f744a071ad3f0175ed40cd9"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">SVF::IntervalValue::ub</a></div><div class="ttdeci">const NumericLiteral & ub() const</div><div class="ttdoc">Return the upper bound.</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00225">IntervalValue.h:225</a></div></div>
|
|
975
955
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a52de7d619e8746a70718719306d7c5a1"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">SVF::BufOverflowChecker::detectBufOverflow</a></div><div class="ttdeci">bool detectBufOverflow(const ICFGNode *node)</div></div>
|
|
976
956
|
<div class="ttc" id="aclassSVF_1_1SVFGlobalValue_html"><div class="ttname"><a href="classSVF_1_1SVFGlobalValue.html">SVF::SVFGlobalValue</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00856">SVFValue.h:856</a></div></div>
|
|
957
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a0a64bef0cc898059c50f6aec470cc6d9"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a0a64bef0cc898059c50f6aec470cc6d9">SVF::AbstractExecution::_checkpoints</a></div><div class="ttdeci">Set< const CallICFGNode * > _checkpoints</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00383">AbstractExecution.h:383</a></div></div>
|
|
977
958
|
<div class="ttc" id="aclassSVF_1_1SVFStmt_html"><div class="ttname"><a href="classSVF_1_1SVFStmt.html">SVF::SVFStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00051">SVFStatements.h:51</a></div></div>
|
|
959
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af83b65ed98cd4e0f6cd92962e7392d4d"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">SVF::BufOverflowChecker::_extAPIBufOverflowCheckRules</a></div><div class="ttdeci">Map< std::string, std::vector< std::pair< u32_t, u32_t > > > _extAPIBufOverflowCheckRules</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00202">BufOverflowChecker.h:202</a></div></div>
|
|
978
960
|
<div class="ttc" id="aclassSVF_1_1IntervalExeState_html"><div class="ttname"><a href="classSVF_1_1IntervalExeState.html">SVF::IntervalExeState</a></div><div class="ttdef"><b>Definition:</b> <a href="IntervalExeState_8h_source.html#l00407">IntervalExeState.h:407</a></div></div>
|
|
961
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_ac920e03f019c47e585f6d0138f91585f"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#ac920e03f019c47e585f6d0138f91585f">SVF::AbstractExecution::AccessMemoryViaCallArgs</a></div><div class="ttdeci">void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01789">AbstractExecution.cpp:1789</a></div></div>
|
|
962
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a140acf4733b46855c8627cf10dbb0bd5"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a140acf4733b46855c8627cf10dbb0bd5">SVF::AbstractExecution::AccessMemoryViaRetNode</a></div><div class="ttdeci">void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01735">AbstractExecution.cpp:1735</a></div></div>
|
|
979
963
|
<div class="ttc" id="aclassSVF_1_1SVFVar_html"><div class="ttname"><a href="classSVF_1_1SVFVar.html">SVF::SVFVar</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00045">SVFVariables.h:45</a></div></div>
|
|
980
964
|
<div class="ttc" id="aclassSVF_1_1LoadStmt_html"><div class="ttname"><a href="classSVF_1_1LoadStmt.html">SVF::LoadStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00437">SVFStatements.h:437</a></div></div>
|
|
981
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_a29ab312d273e6c9c32a40d61861afb04a2dc334d7904e139e2e2b5e9eb2a1bb0a"><div class="ttname"><a href="classSVF_1_1AEAPI.html#a29ab312d273e6c9c32a40d61861afb04a2dc334d7904e139e2e2b5e9eb2a1bb0a">SVF::AEAPI::UNCLASSIFIED</a></div><div class="ttdeci">@ UNCLASSIFIED</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00289">AbstractExecution.h:289</a></div></div>
|
|
982
965
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html"><div class="ttname"><a href="classSVF_1_1IntervalValue.html">SVF::IntervalValue</a></div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00043">IntervalValue.h:43</a></div></div>
|
|
983
966
|
<div class="ttc" id="aclassSVF_1_1IntervalESBase_html_adb26b186ee31bce7449a7b36faa24cc2"><div class="ttname"><a href="classSVF_1_1IntervalESBase.html#adb26b186ee31bce7449a7b36faa24cc2">SVF::IntervalESBase::store</a></div><div class="ttdeci">void store(u32_t addr, const IntervalValue &val)</div><div class="ttdef"><b>Definition:</b> <a href="IntervalExeState_8h_source.html#l00258">IntervalExeState.h:258</a></div></div>
|
|
967
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_ac1742440725909fee77526726424d135"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#ac1742440725909fee77526726424d135">SVF::AbstractExecution::_func_map</a></div><div class="ttdeci">Map< std::string, std::function< void(const CallSite &)> > _func_map</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00382">AbstractExecution.h:382</a></div></div>
|
|
984
968
|
<div class="ttc" id="aclassSVF_1_1GenericGraph_html_a43c9c773bfa17abf481c33073e30d01b"><div class="ttname"><a href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">SVF::GenericGraph::getGNode</a></div><div class="ttdeci">NodeType * getGNode(NodeID id) const</div><div class="ttdoc">Get a node.</div><div class="ttdef"><b>Definition:</b> <a href="GenericGraph_8h_source.html#l00406">GenericGraph.h:406</a></div></div>
|
|
985
969
|
<div class="ttc" id="aclassSVF_1_1Options_html_afbe432aabda95308e2c190a04d227a6d"><div class="ttname"><a href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">SVF::Options::BufferOverflowCheck</a></div><div class="ttdeci">static const Option< bool > BufferOverflowCheck</div><div class="ttdoc">open buffer overflow checker, Default: false</div><div class="ttdef"><b>Definition:</b> <a href="Options_8h_source.html#l00271">Options.h:271</a></div></div>
|
|
986
970
|
<div class="ttc" id="anamespaceSVF_html_a9b707002523ece2ac54ca893ee9a2d4e"><div class="ttname"><a href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">SVF::s32_t</a></div><div class="ttdeci">signed s32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00047">GeneralType.h:47</a></div></div>
|
|
987
971
|
<div class="ttc" id="aclassSVF_1_1GepStmt_html"><div class="ttname"><a href="classSVF_1_1GepStmt.html">SVF::GepStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00474">SVFStatements.h:474</a></div></div>
|
|
988
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a714fa1f4794008f630de415414cf8bfd"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a714fa1f4794008f630de415414cf8bfd">SVF::AbstractExecution::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#
|
|
972
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a714fa1f4794008f630de415414cf8bfd"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a714fa1f4794008f630de415414cf8bfd">SVF::AbstractExecution::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l00732">AbstractExecution.cpp:732</a></div></div>
|
|
989
973
|
<div class="ttc" id="aclassSVF_1_1SVFIR_html_abda052b73e869ed6d7c139ad1528da11"><div class="ttname"><a href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">SVF::SVFIR::getICFG</a></div><div class="ttdeci">ICFG * getICFG() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR_8h_source.html#l00170">SVFIR.h:170</a></div></div>
|
|
990
|
-
<div class="ttc" id="
|
|
991
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html">SVF::BufOverflowChecker</a></div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00173">BufOverflowChecker.h:173</a></div></div>
|
|
992
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_af64d742317f2ddad87b87012225ddaaa"><div class="ttname"><a href="classSVF_1_1AEAPI.html#af64d742317f2ddad87b87012225ddaaa">SVF::AEAPI::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01240">AbstractExecution.cpp:1240</a></div></div>
|
|
974
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a04e812385041270901af0f2cb599fa96"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a04e812385041270901af0f2cb599fa96">SVF::AbstractExecution::_nodeToBugInfo</a></div><div class="ttdeci">Map< const ICFGNode *, std::string > _nodeToBugInfo</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00354">AbstractExecution.h:354</a></div></div>
|
|
993
975
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a0b79c3694a08100d2d8d1b8109998131"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a0b79c3694a08100d2d8d1b8109998131">SVF::BufOverflowChecker::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00062">BufOverflowChecker.cpp:62</a></div></div>
|
|
994
976
|
<div class="ttc" id="acJSON_8cpp_html_a95bf816579e97b6f33bdb5e25ed6d5de"><div class="ttname"><a href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a></div><div class="ttdeci">buffer offset</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8cpp_source.html#l01113">cJSON.cpp:1113</a></div></div>
|
|
995
|
-
<div class="ttc" id="
|
|
996
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a49742e8c3a8fe598a0945a8d8ff394d0"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">SVF::AbstractExecution::_svfir</a></div><div class="ttdeci">SVFIR * _svfir</div><div class="ttdoc">protected data members, also used in subclasses</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#
|
|
997
|
-
<div class="ttc" id="
|
|
977
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af0e2276001df7d51c45b22d5d11ca09b"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">SVF::BufOverflowChecker::initExtFunMap</a></div><div class="ttdeci">virtual void initExtFunMap() override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00133">BufOverflowChecker.cpp:133</a></div></div>
|
|
978
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a49742e8c3a8fe598a0945a8d8ff394d0"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a49742e8c3a8fe598a0945a8d8ff394d0">SVF::AbstractExecution::_svfir</a></div><div class="ttdeci">SVFIR * _svfir</div><div class="ttdoc">protected data members, also used in subclasses</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00341">AbstractExecution.h:341</a></div></div>
|
|
979
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a442fb8eda087f72aa61816213dea43afa45836a81adf553b872a061e5fe4c5be8"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa45836a81adf553b872a061e5fe4c5be8">SVF::AbstractExecution::MEMSET</a></div><div class="ttdeci">@ MEMSET</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00114">AbstractExecution.h:114</a></div></div>
|
|
998
980
|
<div class="ttc" id="aclassSVF_1_1CallSite_html"><div class="ttname"><a href="classSVF_1_1CallSite.html">SVF::CallSite</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l01113">SVFValue.h:1113</a></div></div>
|
|
981
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a442fb8eda087f72aa61816213dea43afa622ab5082468499be675c2783aaf3dcf"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afa622ab5082468499be675c2783aaf3dcf">SVF::AbstractExecution::MEMCPY</a></div><div class="ttdeci">@ MEMCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00114">AbstractExecution.h:114</a></div></div>
|
|
999
982
|
<div class="ttc" id="aclassSVF_1_1SVFIR2ItvExeState_html_a56434326130c8127c823097ad764947b"><div class="ttname"><a href="classSVF_1_1SVFIR2ItvExeState.html#a56434326130c8127c823097ad764947b">SVF::SVFIR2ItvExeState::getEs</a></div><div class="ttdeci">IntervalExeState & getEs()</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2ItvExeState_8h_source.html#l00057">SVFIR2ItvExeState.h:57</a></div></div>
|
|
1000
983
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html_a071a624c91def82a4bbbf3806c7b7eea"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">SVF::FILOWorkList::empty</a></div><div class="ttdeci">bool empty() const</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00238">WorkList.h:238</a></div></div>
|
|
1001
984
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html_a4a0cfe3a8f37d33ffcdca3d66026dcc3"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">SVF::SVFValue::toString</a></div><div class="ttdeci">std::string toString() const</div><div class="ttdoc">Needs to be implemented by a SVF front end.</div><div class="ttdef"><b>Definition:</b> <a href="LLVMUtil_8cpp_source.html#l00931">LLVMUtil.cpp:931</a></div></div>
|
|
1002
985
|
<div class="ttc" id="aclassSVF_1_1AddressValue_html"><div class="ttname"><a href="classSVF_1_1AddressValue.html">SVF::AddressValue</a></div><div class="ttdef"><b>Definition:</b> <a href="AddressValue_8h_source.html#l00043">AddressValue.h:43</a></div></div>
|
|
1003
|
-
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_ab9d6ebcf67ec473ce7ad5910c74eddc1"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#ab9d6ebcf67ec473ce7ad5910c74eddc1">SVF::AbstractExecution::_callSiteStack</a></div><div class="ttdeci">std::vector< const CallICFGNode * > _callSiteStack</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#
|
|
1004
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_a29ab312d273e6c9c32a40d61861afb04aadccf4db29e170b4d669ef023866a28d"><div class="ttname"><a href="classSVF_1_1AEAPI.html#a29ab312d273e6c9c32a40d61861afb04aadccf4db29e170b4d669ef023866a28d">SVF::AEAPI::STRCPY</a></div><div class="ttdeci">@ STRCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00289">AbstractExecution.h:289</a></div></div>
|
|
1005
|
-
<div class="ttc" id="aclassSVF_1_1AEAPI_html_ab47136a3fee89fa6cad5ddb95306f27f"><div class="ttname"><a href="classSVF_1_1AEAPI.html#ab47136a3fee89fa6cad5ddb95306f27f">SVF::AEAPI::_func_map</a></div><div class="ttdeci">Map< std::string, std::function< void(const CallSite &)> > _func_map</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00432">AbstractExecution.h:432</a></div></div>
|
|
986
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_ab9d6ebcf67ec473ce7ad5910c74eddc1"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#ab9d6ebcf67ec473ce7ad5910c74eddc1">SVF::AbstractExecution::_callSiteStack</a></div><div class="ttdeci">std::vector< const CallICFGNode * > _callSiteStack</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00353">AbstractExecution.h:353</a></div></div>
|
|
1006
987
|
<div class="ttc" id="aWorkList_8h_html"><div class="ttname"><a href="WorkList_8h.html">WorkList.h</a></div></div>
|
|
1007
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowCheckerAPI_html_ae88696790ca4f3392c7dc76c74619f46"><div class="ttname"><a href="classSVF_1_1BufOverflowCheckerAPI.html#ae88696790ca4f3392c7dc76c74619f46">SVF::BufOverflowCheckerAPI::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00382">BufOverflowChecker.cpp:382</a></div></div>
|
|
1008
988
|
<div class="ttc" id="acJSON_8cpp_html_a7669ee67a0563250c1efaa24d130e1ac"><div class="ttname"><a href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a></div><div class="ttdeci">copy</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8cpp_source.html#l00414">cJSON.cpp:414</a></div></div>
|
|
1009
|
-
<div class="ttc" id="
|
|
1010
|
-
<div class="ttc" id="
|
|
989
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a442fb8eda087f72aa61816213dea43afac9539311eec734c966b719990e869b12"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afac9539311eec734c966b719990e869b12">SVF::AbstractExecution::STRCPY</a></div><div class="ttdeci">@ STRCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00114">AbstractExecution.h:114</a></div></div>
|
|
990
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a1ed3cb0a1a118d9e505b192841a58dde"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">SVF::BufOverflowChecker::handleExtAPI</a></div><div class="ttdeci">void handleExtAPI(const CallICFGNode *call) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00410">BufOverflowChecker.cpp:410</a></div></div>
|
|
991
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a442fb8eda087f72aa61816213dea43af"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43af">SVF::AbstractExecution::ExtAPIType</a></div><div class="ttdeci">ExtAPIType</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00114">AbstractExecution.h:114</a></div></div>
|
|
1011
992
|
<div class="ttc" id="aclassSVF_1_1IntervalExeState_html_ad485a35730353c0e945bc84a034d9e45"><div class="ttname"><a href="classSVF_1_1IntervalExeState.html#ad485a35730353c0e945bc84a034d9e45">SVF::IntervalExeState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(u32_t id) const override</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="IntervalExeState_8h_source.html#l00476">IntervalExeState.h:476</a></div></div>
|
|
1012
993
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html_a3fd9acb6d09fd142bfd402fdf8cac93b"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">SVF::FILOWorkList::pop</a></div><div class="ttdeci">Data pop()</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00272">WorkList.h:272</a></div></div>
|
|
1013
994
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList</a></div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00044">AbstractExecution.h:44</a></div></div>
|
|
@@ -1018,13 +999,14 @@ $(function() {
|
|
|
1018
999
|
<div class="ttc" id="aclassSVF_1_1SVFArgument_html"><div class="ttname"><a href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00897">SVFValue.h:897</a></div></div>
|
|
1019
1000
|
<div class="ttc" id="aclassSVF_1_1SVFArrayType_html_a28da1169748e38b891133b76568a2759"><div class="ttname"><a href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">SVF::SVFArrayType::getTypeOfElement</a></div><div class="ttdeci">const SVFType * getTypeOfElement() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00399">SVFType.h:399</a></div></div>
|
|
1020
1001
|
<div class="ttc" id="aclassSVF_1_1SVFInstruction_html"><div class="ttname"><a href="classSVF_1_1SVFInstruction.html">SVF::SVFInstruction</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00631">SVFValue.h:631</a></div></div>
|
|
1021
|
-
<div class="ttc" id="
|
|
1002
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a0088456e712c555cbfba6203aec38037"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">SVF::BufOverflowChecker::_addrToGep</a></div><div class="ttdeci">Map< NodeID, const GepStmt * > _addrToGep</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00201">BufOverflowChecker.h:201</a></div></div>
|
|
1022
1003
|
<div class="ttc" id="anamespaceSVF_html_a8234d4b959abc9123993bcff4eee34c1"><div class="ttname"><a href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">SVF::Map</a></div><div class="ttdeci">std::unordered_map< Key, Value, Hash, KeyEqual, Allocator > Map</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00097">GeneralType.h:97</a></div></div>
|
|
1004
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a442fb8eda087f72aa61816213dea43afadcda19decab7b2d85523b1fdbceb23e6"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a442fb8eda087f72aa61816213dea43afadcda19decab7b2d85523b1fdbceb23e6">SVF::AbstractExecution::STRCAT</a></div><div class="ttdeci">@ STRCAT</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8h_source.html#l00114">AbstractExecution.h:114</a></div></div>
|
|
1023
1005
|
<div class="ttc" id="aclassSVF_1_1CallSite_html_a9e7c94ee7f689466111487e03b2cebcc"><div class="ttname"><a href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">SVF::CallSite::getArgument</a></div><div class="ttdeci">const SVFValue * getArgument(u32_t ArgNo) const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l01132">SVFValue.h:1132</a></div></div>
|
|
1024
|
-
<div class="ttc" id="
|
|
1006
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_a20df87d2a269c3feab3acc40e4cd8801"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#a20df87d2a269c3feab3acc40e4cd8801">SVF::AbstractExecution::AccessMemoryViaCopyStmt</a></div><div class="ttdeci">void AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01760">AbstractExecution.cpp:1760</a></div></div>
|
|
1025
1007
|
<div class="ttc" id="anamespaceSVF_html_ad42bff8d0a7d60a085aa32d10f4955af"><div class="ttname"><a href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">SVF::u32_t</a></div><div class="ttdeci">unsigned u32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00046">GeneralType.h:46</a></div></div>
|
|
1026
1008
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_ab65033f068bfbeb0a1c52dcec3beb6bc"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVF::SVFUtil::errs</a></div><div class="ttdeci">std::ostream & errs()</div><div class="ttdoc">Overwrite llvm::errs()</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00056">SVFUtil.h:56</a></div></div>
|
|
1027
|
-
<div class="ttc" id="
|
|
1009
|
+
<div class="ttc" id="aclassSVF_1_1AbstractExecution_html_ae002abb8711300ff52200f78f1463369"><div class="ttname"><a href="classSVF_1_1AbstractExecution.html#ae002abb8711300ff52200f78f1463369">SVF::AbstractExecution::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractExecution_8cpp_source.html#l01235">AbstractExecution.cpp:1235</a></div></div>
|
|
1028
1010
|
<div class="ttc" id="aclassSVF_1_1SVFIR2ItvExeState_html_a999c358b80dd07591b0432eaa41c20c9"><div class="ttname"><a href="classSVF_1_1SVFIR2ItvExeState.html#a999c358b80dd07591b0432eaa41c20c9">SVF::SVFIR2ItvExeState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(u32_t id) const</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2ItvExeState_8h_source.html#l00123">SVFIR2ItvExeState.h:123</a></div></div>
|
|
1029
1011
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a7c11b81809cb087317cbea654a589f75"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">SVF::BufOverflowChecker::addBugToRecoder</a></div><div class="ttdeci">void addBugToRecoder(const BufOverflowException &e, const ICFGNode *node)</div></div>
|
|
1030
1012
|
<!-- start footer part -->
|