npm - svf-tools - Versions diffs - 1.0.910 → 1.0.911 - Mend

svf-tools 1.0.910 → 1.0.911

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/SVF-doxygen/html/AbstractInterpretation_8cpp.html +5 -5
package/SVF-doxygen/html/AbstractInterpretation_8cpp_source.html +1151 -1131
package/SVF-doxygen/html/AbstractInterpretation_8h_source.html +31 -31
package/SVF-doxygen/html/BufOverflowChecker_8cpp_source.html +457 -450
package/SVF-doxygen/html/BufOverflowChecker_8h_source.html +2 -2
package/SVF-doxygen/html/SVFIR2AbsState_8h_source.html +2 -2
package/SVF-doxygen/html/classSVF_1_1AEStat.html +116 -114
package/SVF-doxygen/html/classSVF_1_1AbstractInterpretation-members.html +1 -1
package/SVF-doxygen/html/classSVF_1_1AbstractInterpretation.html +1009 -991
package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker-members.html +1 -1
package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker.html +118 -115
package/SVF-doxygen/html/classSVF_1_1SVFIR2AbsState-members.html +4 -4
package/SVF-doxygen/html/classSVF_1_1SVFIR2AbsState.html +32 -32
package/SVF-doxygen/html/functions.html +2 -2
package/SVF-doxygen/html/functions_func_g.html +13 -13
package/SVF-doxygen/html/functions_g.html +9 -9
package/SVF-doxygen/html/functions_p.html +6 -6
package/SVF-doxygen/html/functions_s.html +7 -7
package/SVF-doxygen/html/functions_t.html +2 -2
package/SVF-doxygen/html/functions_v.html +6 -6
package/SVF-doxygen/html/functions_vars.html +2 -2
package/SVF-doxygen/html/functions_w.html +9 -17
package/SVF-doxygen/html/search/all_0.js +1 -1
package/SVF-doxygen/html/search/all_10.js +3 -3
package/SVF-doxygen/html/search/all_12.js +5 -5
package/SVF-doxygen/html/search/all_13.js +4 -4
package/SVF-doxygen/html/search/all_15.js +3 -3
package/SVF-doxygen/html/search/all_16.js +1 -1
package/SVF-doxygen/html/search/all_7.js +248 -248
package/SVF-doxygen/html/search/functions_10.js +1 -1
package/SVF-doxygen/html/search/functions_7.js +247 -247
package/SVF-doxygen/html/search/variables_0.js +1 -1
package/SVF-doxygen/html/search/variables_12.js +1 -1
package/SVF-doxygen/html/search/variables_13.js +2 -2
package/package.json +1 -1
package/svf/include/AE/Svfexe/AbstractInterpretation.h +1 -1
package/svf/include/AE/Svfexe/SVFIR2AbsState.h +1 -1
package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp +88 -68
package/svf/lib/AE/Svfexe/BufOverflowChecker.cpp +37 -30

package/SVF-doxygen/html/BufOverflowChecker_8cpp_source.html CHANGED Viewed

@@ -137,9 +137,9 @@ $(function() {
 <div class="line"><a name="l00066"></a><span class="lineno">   66</span>&#160;    <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1GepStmt.html">GepStmt</a> *gep = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt))</div>
 <div class="line"><a name="l00067"></a><span class="lineno">   67</span>&#160;    {</div>
 <div class="line"><a name="l00068"></a><span class="lineno">   68</span>&#160;        <span class="keywordflow">for</span> (<a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> addrID:</div>
-<div class="line"><a name="l00069"></a><span class="lineno">   69</span>&#160;                <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(gep-&gt;getLHSVarID()).<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
+<div class="line"><a name="l00069"></a><span class="lineno">   69</span>&#160;                <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(gep-&gt;getLHSVarID()).<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
 <div class="line"><a name="l00070"></a><span class="lineno">   70</span>&#160;        {</div>
-<div class="line"><a name="l00071"></a><span class="lineno">   71</span>&#160;            <a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(addrID);</div>
+<div class="line"><a name="l00071"></a><span class="lineno">   71</span>&#160;            <a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(addrID);</div>
 <div class="line"><a name="l00072"></a><span class="lineno">   72</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>[objId] = gep;</div>
 <div class="line"><a name="l00073"></a><span class="lineno">   73</span>&#160;        }</div>
 <div class="line"><a name="l00074"></a><span class="lineno">   74</span>&#160;    }</div>
@@ -209,9 +209,9 @@ $(function() {
 <div class="line"><a name="l00138"></a><span class="lineno">  138</span>&#160;    {</div>
 <div class="line"><a name="l00139"></a><span class="lineno">  139</span>&#160;        <span class="comment">//scanf(&quot;%d&quot;, &amp;data);</span></div>
 <div class="line"><a name="l00140"></a><span class="lineno">  140</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 2) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00141"></a><span class="lineno">  141</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00141"></a><span class="lineno">  141</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00142"></a><span class="lineno">  142</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
-<div class="line"><a name="l00143"></a><span class="lineno">  143</span>&#160;        <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(dst_id))</div>
+<div class="line"><a name="l00143"></a><span class="lineno">  143</span>&#160;        <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(dst_id))</div>
 <div class="line"><a name="l00144"></a><span class="lineno">  144</span>&#160;        {</div>
 <div class="line"><a name="l00145"></a><span class="lineno">  145</span>&#160;            <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<span class="stringliteral">&quot;scanf may cause buffer overflow.\n&quot;</span>, 0, 0, 0, 0, cs.getArgument(1));</div>
 <div class="line"><a name="l00146"></a><span class="lineno">  146</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-&gt;<a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
@@ -219,11 +219,11 @@ $(function() {
 <div class="line"><a name="l00148"></a><span class="lineno">  148</span>&#160;        }</div>
 <div class="line"><a name="l00149"></a><span class="lineno">  149</span>&#160;        <span class="keywordflow">else</span></div>
 <div class="line"><a name="l00150"></a><span class="lineno">  150</span>&#160;        {</div>
-<div class="line"><a name="l00151"></a><span class="lineno">  151</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(dst_id);</div>
+<div class="line"><a name="l00151"></a><span class="lineno">  151</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(dst_id);</div>
 <div class="line"><a name="l00152"></a><span class="lineno">  152</span>&#160;            <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
 <div class="line"><a name="l00153"></a><span class="lineno">  153</span>&#160;            {</div>
-<div class="line"><a name="l00154"></a><span class="lineno">  154</span>&#160;                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
-<div class="line"><a name="l00155"></a><span class="lineno">  155</span>&#160;                <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-&gt;<a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
+<div class="line"><a name="l00154"></a><span class="lineno">  154</span>&#160;                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
+<div class="line"><a name="l00155"></a><span class="lineno">  155</span>&#160;                <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-&gt;<a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
 <div class="line"><a name="l00156"></a><span class="lineno">  156</span>&#160;                es.<a class="code" href="classSVF_1_1AbstractState.html#a1f935ea8ab16b04699284bf92bbbb23c">store</a>(vaddr, range);</div>
 <div class="line"><a name="l00157"></a><span class="lineno">  157</span>&#160;            }</div>
 <div class="line"><a name="l00158"></a><span class="lineno">  158</span>&#160;        }</div>
@@ -232,9 +232,9 @@ $(function() {
 <div class="line"><a name="l00161"></a><span class="lineno">  161</span>&#160;    {</div>
 <div class="line"><a name="l00162"></a><span class="lineno">  162</span>&#160;        <span class="comment">//fscanf(stdin, &quot;%d&quot;, &amp;data);</span></div>
 <div class="line"><a name="l00163"></a><span class="lineno">  163</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 3) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00164"></a><span class="lineno">  164</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00164"></a><span class="lineno">  164</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00165"></a><span class="lineno">  165</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
-<div class="line"><a name="l00166"></a><span class="lineno">  166</span>&#160;        <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(dst_id))</div>
+<div class="line"><a name="l00166"></a><span class="lineno">  166</span>&#160;        <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(dst_id))</div>
 <div class="line"><a name="l00167"></a><span class="lineno">  167</span>&#160;        {</div>
 <div class="line"><a name="l00168"></a><span class="lineno">  168</span>&#160;            <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<span class="stringliteral">&quot;scanf may cause buffer overflow.\n&quot;</span>, 0, 0, 0, 0, cs.getArgument(2));</div>
 <div class="line"><a name="l00169"></a><span class="lineno">  169</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-&gt;<a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
@@ -242,11 +242,11 @@ $(function() {
 <div class="line"><a name="l00171"></a><span class="lineno">  171</span>&#160;        }</div>
 <div class="line"><a name="l00172"></a><span class="lineno">  172</span>&#160;        <span class="keywordflow">else</span></div>
 <div class="line"><a name="l00173"></a><span class="lineno">  173</span>&#160;        {</div>
-<div class="line"><a name="l00174"></a><span class="lineno">  174</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(dst_id);</div>
+<div class="line"><a name="l00174"></a><span class="lineno">  174</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(dst_id);</div>
 <div class="line"><a name="l00175"></a><span class="lineno">  175</span>&#160;            <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
 <div class="line"><a name="l00176"></a><span class="lineno">  176</span>&#160;            {</div>
-<div class="line"><a name="l00177"></a><span class="lineno">  177</span>&#160;                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
-<div class="line"><a name="l00178"></a><span class="lineno">  178</span>&#160;                <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-&gt;<a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
+<div class="line"><a name="l00177"></a><span class="lineno">  177</span>&#160;                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
+<div class="line"><a name="l00178"></a><span class="lineno">  178</span>&#160;                <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-&gt;<a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
 <div class="line"><a name="l00179"></a><span class="lineno">  179</span>&#160;                es.<a class="code" href="classSVF_1_1AbstractState.html#a1f935ea8ab16b04699284bf92bbbb23c">store</a>(vaddr, range);</div>
 <div class="line"><a name="l00180"></a><span class="lineno">  180</span>&#160;            }</div>
 <div class="line"><a name="l00181"></a><span class="lineno">  181</span>&#160;        }</div>
@@ -264,7 +264,7 @@ $(function() {
 <div class="line"><a name="l00193"></a><span class="lineno">  193</span>&#160;    <span class="keyword">auto</span> sse_fread = [&amp;](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &amp;cs)</div>
 <div class="line"><a name="l00194"></a><span class="lineno">  194</span>&#160;    {</div>
 <div class="line"><a name="l00195"></a><span class="lineno">  195</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 3) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00196"></a><span class="lineno">  196</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00196"></a><span class="lineno">  196</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00197"></a><span class="lineno">  197</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> block_count_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
 <div class="line"><a name="l00198"></a><span class="lineno">  198</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> block_size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
 <div class="line"><a name="l00199"></a><span class="lineno">  199</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> block_count = es[block_count_id];</div>
@@ -282,7 +282,7 @@ $(function() {
 <div class="line"><a name="l00211"></a><span class="lineno">  211</span>&#160;    <span class="keyword">auto</span> sse_snprintf = [&amp;](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &amp;cs)</div>
 <div class="line"><a name="l00212"></a><span class="lineno">  212</span>&#160;    {</div>
 <div class="line"><a name="l00213"></a><span class="lineno">  213</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 2) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00214"></a><span class="lineno">  214</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00214"></a><span class="lineno">  214</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00215"></a><span class="lineno">  215</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
 <div class="line"><a name="l00216"></a><span class="lineno">  216</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
 <div class="line"><a name="l00217"></a><span class="lineno">  217</span>&#160;        <span class="comment">// get elem size of arg2</span></div>
@@ -331,7 +331,7 @@ $(function() {
 <div class="line"><a name="l00260"></a><span class="lineno">  260</span>&#160;        <span class="comment">// itoa(num, ch, 10);</span></div>
 <div class="line"><a name="l00261"></a><span class="lineno">  261</span>&#160;        <span class="comment">// num: int, ch: char*, 10 is decimal</span></div>
 <div class="line"><a name="l00262"></a><span class="lineno">  262</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 3) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00263"></a><span class="lineno">  263</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00263"></a><span class="lineno">  263</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00264"></a><span class="lineno">  264</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> num_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
 <div class="line"><a name="l00265"></a><span class="lineno">  265</span>&#160; </div>
 <div class="line"><a name="l00266"></a><span class="lineno">  266</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> num = (<a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a>) es[num_id].getInterval().getNumeral();</div>
@@ -346,7 +346,7 @@ $(function() {
 <div class="line"><a name="l00275"></a><span class="lineno">  275</span>&#160;        <span class="comment">// check the arg size</span></div>
 <div class="line"><a name="l00276"></a><span class="lineno">  276</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 1) <span class="keywordflow">return</span>;</div>
 <div class="line"><a name="l00277"></a><span class="lineno">  277</span>&#160;        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* strValue = cs.getArgument(0);</div>
-<div class="line"><a name="l00278"></a><span class="lineno">  278</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00278"></a><span class="lineno">  278</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00279"></a><span class="lineno">  279</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> dst_size = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">getStrlen</a>(strValue);</div>
 <div class="line"><a name="l00280"></a><span class="lineno">  280</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> elemSize = 1;</div>
 <div class="line"><a name="l00281"></a><span class="lineno">  281</span>&#160;        <span class="keywordflow">if</span> (strValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>()-&gt;<a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
@@ -370,7 +370,7 @@ $(function() {
 <div class="line"><a name="l00299"></a><span class="lineno">  299</span>&#160;    {</div>
 <div class="line"><a name="l00300"></a><span class="lineno">  300</span>&#160;        <span class="comment">// recv(sockfd, buf, len, flags);</span></div>
 <div class="line"><a name="l00301"></a><span class="lineno">  301</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 4) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00302"></a><span class="lineno">  302</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00302"></a><span class="lineno">  302</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00303"></a><span class="lineno">  303</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> len_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
 <div class="line"><a name="l00304"></a><span class="lineno">  304</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> len = es[len_id] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
 <div class="line"><a name="l00305"></a><span class="lineno">  305</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
@@ -385,7 +385,7 @@ $(function() {
 <div class="line"><a name="l00314"></a><span class="lineno">  314</span>&#160;        <a class="code" href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">_checkpoints</a>.erase(callNode);</div>
 <div class="line"><a name="l00315"></a><span class="lineno">  315</span>&#160;        <span class="comment">//void SAFE_BUFACCESS(void* data, int size);</span></div>
 <div class="line"><a name="l00316"></a><span class="lineno">  316</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 2) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00317"></a><span class="lineno">  317</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00317"></a><span class="lineno">  317</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00318"></a><span class="lineno">  318</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
 <div class="line"><a name="l00319"></a><span class="lineno">  319</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> val = es[size_id];</div>
 <div class="line"><a name="l00320"></a><span class="lineno">  320</span>&#160;        <span class="keywordflow">if</span> (val.<a class="code" href="structSVF_1_1AbstractValue.html#a8b1af972fa8a4e40347990d179ec1c52">isBottom</a>())</div>
@@ -415,7 +415,7 @@ $(function() {
 <div class="line"><a name="l00344"></a><span class="lineno">  344</span>&#160;        <a class="code" href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">_checkpoints</a>.erase(callNode);</div>
 <div class="line"><a name="l00345"></a><span class="lineno">  345</span>&#160;        <span class="comment">//void UNSAFE_BUFACCESS(void* data, int size);</span></div>
 <div class="line"><a name="l00346"></a><span class="lineno">  346</span>&#160;        <span class="keywordflow">if</span> (cs.arg_size() &lt; 2) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00347"></a><span class="lineno">  347</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>();</div>
+<div class="line"><a name="l00347"></a><span class="lineno">  347</span>&#160;        <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&amp;es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>();</div>
 <div class="line"><a name="l00348"></a><span class="lineno">  348</span>&#160;        <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
 <div class="line"><a name="l00349"></a><span class="lineno">  349</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> val = es[size_id];</div>
 <div class="line"><a name="l00350"></a><span class="lineno">  350</span>&#160;        <span class="keywordflow">if</span> (val.<a class="code" href="structSVF_1_1AbstractValue.html#a8b1af972fa8a4e40347990d179ec1c52">isBottom</a>())</div>
@@ -470,428 +470,435 @@ $(function() {
 <div class="line"><a name="l00399"></a><span class="lineno">  399</span>&#160;        <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-&gt;<a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
 <div class="line"><a name="l00400"></a><span class="lineno">  400</span>&#160;        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
 <div class="line"><a name="l00401"></a><span class="lineno">  401</span>&#160;        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg2Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(2);</div>
-<div class="line"><a name="l00402"></a><span class="lineno">  402</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> arg2Num = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(arg2Val)];</div>
-<div class="line"><a name="l00403"></a><span class="lineno">  403</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">getStrlen</a>(arg0Val);</div>
-<div class="line"><a name="l00404"></a><span class="lineno">  404</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> totalLen = strLen0 + arg2Num;</div>
-<div class="line"><a name="l00405"></a><span class="lineno">  405</span>&#160;        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
-<div class="line"><a name="l00406"></a><span class="lineno">  406</span>&#160;    }</div>
-<div class="line"><a name="l00407"></a><span class="lineno">  407</span>&#160;    <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00408"></a><span class="lineno">  408</span>&#160;    {</div>
-<div class="line"><a name="l00409"></a><span class="lineno">  409</span>&#160;        assert(<span class="keyword">false</span> &amp;&amp; <span class="stringliteral">&quot;unknown strcat function, please add it to strcatGroup or strncatGroup&quot;</span>);</div>
-<div class="line"><a name="l00410"></a><span class="lineno">  410</span>&#160;        abort();</div>
-<div class="line"><a name="l00411"></a><span class="lineno">  411</span>&#160;    }</div>
-<div class="line"><a name="l00412"></a><span class="lineno">  412</span>&#160;}</div>
-<div class="line"><a name="l00413"></a><span class="lineno">  413</span>&#160; </div>
-<div class="line"><a name="l00414"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">  414</a></span>&#160;<span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">BufOverflowChecker::handleExtAPI</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
-<div class="line"><a name="l00415"></a><span class="lineno">  415</span>&#160;{</div>
-<div class="line"><a name="l00416"></a><span class="lineno">  416</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">AbstractInterpretation::handleExtAPI</a>(call);</div>
-<div class="line"><a name="l00417"></a><span class="lineno">  417</span>&#160;    <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFFunction.html">SVFFunction</a> *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call-&gt;<a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
-<div class="line"><a name="l00418"></a><span class="lineno">  418</span>&#160;    assert(fun &amp;&amp; <span class="stringliteral">&quot;SVFFunction* is nullptr&quot;</span>);</div>
-<div class="line"><a name="l00419"></a><span class="lineno">  419</span>&#160;    <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-&gt;<a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
-<div class="line"><a name="l00420"></a><span class="lineno">  420</span>&#160;    <span class="comment">// check the type of mem api,</span></div>
-<div class="line"><a name="l00421"></a><span class="lineno">  421</span>&#160;    <span class="comment">// MEMCPY: like memcpy, memcpy_chk, llvm.memcpy etc.</span></div>
-<div class="line"><a name="l00422"></a><span class="lineno">  422</span>&#160;    <span class="comment">// MEMSET: like memset, memset_chk, llvm.memset etc.</span></div>
-<div class="line"><a name="l00423"></a><span class="lineno">  423</span>&#160;    <span class="comment">// STRCPY: like strcpy, strcpy_chk, wcscpy etc.</span></div>
-<div class="line"><a name="l00424"></a><span class="lineno">  424</span>&#160;    <span class="comment">// STRCAT: like strcat, strcat_chk, wcscat etc.</span></div>
-<div class="line"><a name="l00425"></a><span class="lineno">  425</span>&#160;    <span class="comment">// for other ext api like printf, scanf, etc., they have their own handlers</span></div>
-<div class="line"><a name="l00426"></a><span class="lineno">  426</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">ExtAPIType</a> extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543">UNCLASSIFIED</a>;</div>
-<div class="line"><a name="l00427"></a><span class="lineno">  427</span>&#160;    <span class="comment">// get type of mem api</span></div>
-<div class="line"><a name="l00428"></a><span class="lineno">  428</span>&#160;    <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> &amp;annotation: fun-&gt;<a class="code" href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">getAnnotations</a>())</div>
-<div class="line"><a name="l00429"></a><span class="lineno">  429</span>&#160;    {</div>
-<div class="line"><a name="l00430"></a><span class="lineno">  430</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;MEMCPY&quot;</span>) != std::string::npos)</div>
-<div class="line"><a name="l00431"></a><span class="lineno">  431</span>&#160;            extType =  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>;</div>
-<div class="line"><a name="l00432"></a><span class="lineno">  432</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;MEMSET&quot;</span>) != std::string::npos)</div>
-<div class="line"><a name="l00433"></a><span class="lineno">  433</span>&#160;            extType =  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>;</div>
-<div class="line"><a name="l00434"></a><span class="lineno">  434</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;STRCPY&quot;</span>) != std::string::npos)</div>
-<div class="line"><a name="l00435"></a><span class="lineno">  435</span>&#160;            extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>;</div>
-<div class="line"><a name="l00436"></a><span class="lineno">  436</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;STRCAT&quot;</span>) != std::string::npos)</div>
-<div class="line"><a name="l00437"></a><span class="lineno">  437</span>&#160;            extType =  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>;</div>
-<div class="line"><a name="l00438"></a><span class="lineno">  438</span>&#160;    }</div>
-<div class="line"><a name="l00439"></a><span class="lineno">  439</span>&#160;    <span class="comment">// 1. memcpy functions like memcpy_chk, strncpy, annotate(&quot;MEMCPY&quot;), annotate(&quot;BUF_CHECK:Arg0, Arg2&quot;), annotate(&quot;BUF_CHECK:Arg1, Arg2&quot;)</span></div>
-<div class="line"><a name="l00440"></a><span class="lineno">  440</span>&#160;    <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>)</div>
-<div class="line"><a name="l00441"></a><span class="lineno">  441</span>&#160;    {</div>
-<div class="line"><a name="l00442"></a><span class="lineno">  442</span>&#160;        <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
-<div class="line"><a name="l00443"></a><span class="lineno">  443</span>&#160;        {</div>
-<div class="line"><a name="l00444"></a><span class="lineno">  444</span>&#160;            <span class="comment">// if it is not in the rules, we do not check it</span></div>
-<div class="line"><a name="l00445"></a><span class="lineno">  445</span>&#160;            <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() &lt;&lt; <span class="stringliteral">&quot;Warning: &quot;</span> &lt;&lt; fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() &lt;&lt; <span class="stringliteral">&quot; is not in the rules, please implement it\n&quot;</span>;</div>
-<div class="line"><a name="l00446"></a><span class="lineno">  446</span>&#160;            <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00447"></a><span class="lineno">  447</span>&#160;        }</div>
-<div class="line"><a name="l00448"></a><span class="lineno">  448</span>&#160;        <span class="comment">// call parseMemcpyBufferCheckArgs to parse the BUF_CHECK annotation</span></div>
-<div class="line"><a name="l00449"></a><span class="lineno">  449</span>&#160;        std::vector&lt;std::pair&lt;u32_t, u32_t&gt;&gt; args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
-<div class="line"><a name="l00450"></a><span class="lineno">  450</span>&#160;        <span class="comment">// loop the args and check the offset</span></div>
-<div class="line"><a name="l00451"></a><span class="lineno">  451</span>&#160;        <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
-<div class="line"><a name="l00452"></a><span class="lineno">  452</span>&#160;        {</div>
-<div class="line"><a name="l00453"></a><span class="lineno">  453</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
-<div class="line"><a name="l00454"></a><span class="lineno">  454</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
-<div class="line"><a name="l00455"></a><span class="lineno">  455</span>&#160;        }</div>
-<div class="line"><a name="l00456"></a><span class="lineno">  456</span>&#160;    }</div>
-<div class="line"><a name="l00457"></a><span class="lineno">  457</span>&#160;    <span class="comment">// 2. memset functions like memset, memset_chk, annotate(&quot;MEMSET&quot;), annotate(&quot;BUF_CHECK:Arg0, Arg2&quot;)</span></div>
-<div class="line"><a name="l00458"></a><span class="lineno">  458</span>&#160;    <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>)</div>
-<div class="line"><a name="l00459"></a><span class="lineno">  459</span>&#160;    {</div>
-<div class="line"><a name="l00460"></a><span class="lineno">  460</span>&#160;        <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
-<div class="line"><a name="l00461"></a><span class="lineno">  461</span>&#160;        {</div>
-<div class="line"><a name="l00462"></a><span class="lineno">  462</span>&#160;            <span class="comment">// if it is not in the rules, we do not check it</span></div>
-<div class="line"><a name="l00463"></a><span class="lineno">  463</span>&#160;            <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() &lt;&lt; <span class="stringliteral">&quot;Warning: &quot;</span> &lt;&lt; fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() &lt;&lt; <span class="stringliteral">&quot; is not in the rules, please implement it\n&quot;</span>;</div>
-<div class="line"><a name="l00464"></a><span class="lineno">  464</span>&#160;            <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00465"></a><span class="lineno">  465</span>&#160;        }</div>
-<div class="line"><a name="l00466"></a><span class="lineno">  466</span>&#160;        std::vector&lt;std::pair&lt;u32_t, u32_t&gt;&gt; args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
-<div class="line"><a name="l00467"></a><span class="lineno">  467</span>&#160;        <span class="comment">// loop the args and check the offset</span></div>
-<div class="line"><a name="l00468"></a><span class="lineno">  468</span>&#160;        <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
-<div class="line"><a name="l00469"></a><span class="lineno">  469</span>&#160;        {</div>
-<div class="line"><a name="l00470"></a><span class="lineno">  470</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
-<div class="line"><a name="l00471"></a><span class="lineno">  471</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
-<div class="line"><a name="l00472"></a><span class="lineno">  472</span>&#160;        }</div>
-<div class="line"><a name="l00473"></a><span class="lineno">  473</span>&#160;    }</div>
-<div class="line"><a name="l00474"></a><span class="lineno">  474</span>&#160;    <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>)</div>
-<div class="line"><a name="l00475"></a><span class="lineno">  475</span>&#160;    {</div>
-<div class="line"><a name="l00476"></a><span class="lineno">  476</span>&#160;        <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">detectStrcpy</a>(call);</div>
-<div class="line"><a name="l00477"></a><span class="lineno">  477</span>&#160;    }</div>
-<div class="line"><a name="l00478"></a><span class="lineno">  478</span>&#160;    <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>)</div>
-<div class="line"><a name="l00479"></a><span class="lineno">  479</span>&#160;    {</div>
-<div class="line"><a name="l00480"></a><span class="lineno">  480</span>&#160;        <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">detectStrcat</a>(call);</div>
-<div class="line"><a name="l00481"></a><span class="lineno">  481</span>&#160;    }</div>
-<div class="line"><a name="l00482"></a><span class="lineno">  482</span>&#160;    <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00483"></a><span class="lineno">  483</span>&#160;    {</div>
-<div class="line"><a name="l00484"></a><span class="lineno">  484</span>&#160; </div>
-<div class="line"><a name="l00485"></a><span class="lineno">  485</span>&#160;    }</div>
-<div class="line"><a name="l00486"></a><span class="lineno">  486</span>&#160;    <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00487"></a><span class="lineno">  487</span>&#160;}</div>
-<div class="line"><a name="l00488"></a><span class="lineno">  488</span>&#160; </div>
-<div class="line"><a name="l00489"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">  489</a></span>&#160;<span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">BufOverflowChecker::canSafelyAccessMemory</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *value, <span class="keyword">const</span> <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> &amp;len, <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *curNode)</div>
-<div class="line"><a name="l00490"></a><span class="lineno">  490</span>&#160;{</div>
-<div class="line"><a name="l00491"></a><span class="lineno">  491</span>&#160;    <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *firstValue = value;</div>
-<div class="line"><a name="l00497"></a><span class="lineno">  497</span>&#160; </div>
-<div class="line"><a name="l00500"></a><span class="lineno">  500</span>&#160;    <a class="code" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList&lt;const SVFValue *&gt;</a> worklist;</div>
-<div class="line"><a name="l00501"></a><span class="lineno">  501</span>&#160;    <a class="code" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set&lt;const SVFValue *&gt;</a> visited;</div>
-<div class="line"><a name="l00502"></a><span class="lineno">  502</span>&#160;    visited.insert(value);</div>
-<div class="line"><a name="l00503"></a><span class="lineno">  503</span>&#160;    <a class="code" href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">Map&lt;const ICFGNode *, IntervalValue&gt;</a> gep_offsets;</div>
-<div class="line"><a name="l00504"></a><span class="lineno">  504</span>&#160;    <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> total_bytes = len.<a class="code" href="structSVF_1_1AbstractValue.html#acbcec6f55d23e6cd278fe8572a68f393">getInterval</a>();</div>
-<div class="line"><a name="l00505"></a><span class="lineno">  505</span>&#160;    worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(value);</div>
-<div class="line"><a name="l00506"></a><span class="lineno">  506</span>&#160;    std::vector&lt;const CallICFGNode *&gt; callstack = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">_callSiteStack</a>;</div>
-<div class="line"><a name="l00507"></a><span class="lineno">  507</span>&#160;    <span class="keywordflow">while</span> (!worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">empty</a>())</div>
-<div class="line"><a name="l00508"></a><span class="lineno">  508</span>&#160;    {</div>
-<div class="line"><a name="l00509"></a><span class="lineno">  509</span>&#160;        value = worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">pop</a>();</div>
-<div class="line"><a name="l00510"></a><span class="lineno">  510</span>&#160;        <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFInstruction.html">SVFInstruction</a> *ins = SVFUtil::dyn_cast&lt;SVFInstruction&gt;(value))</div>
-<div class="line"><a name="l00511"></a><span class="lineno">  511</span>&#160;        {</div>
-<div class="line"><a name="l00512"></a><span class="lineno">  512</span>&#160;            <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *node = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-&gt;<a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(ins);</div>
-<div class="line"><a name="l00513"></a><span class="lineno">  513</span>&#160;            <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *callnode = SVFUtil::dyn_cast&lt;CallICFGNode&gt;(node))</div>
-<div class="line"><a name="l00514"></a><span class="lineno">  514</span>&#160;            {</div>
-<div class="line"><a name="l00515"></a><span class="lineno">  515</span>&#160;                <a class="code" href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">AccessMemoryViaRetNode</a>(callnode, worklist, visited);</div>
-<div class="line"><a name="l00516"></a><span class="lineno">  516</span>&#160;            }</div>
-<div class="line"><a name="l00517"></a><span class="lineno">  517</span>&#160;            <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFStmt.html">SVFStmt</a> *stmt: node-&gt;<a class="code" href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">getSVFStmts</a>())</div>
-<div class="line"><a name="l00518"></a><span class="lineno">  518</span>&#160;            {</div>
-<div class="line"><a name="l00519"></a><span class="lineno">  519</span>&#160;                <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CopyStmt.html">CopyStmt</a> *<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a> = SVFUtil::dyn_cast&lt;CopyStmt&gt;(stmt))</div>
-<div class="line"><a name="l00520"></a><span class="lineno">  520</span>&#160;                {</div>
-<div class="line"><a name="l00521"></a><span class="lineno">  521</span>&#160;                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">AccessMemoryViaCopyStmt</a>(<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a>, worklist, visited);</div>
-<div class="line"><a name="l00522"></a><span class="lineno">  522</span>&#160;                }</div>
-<div class="line"><a name="l00523"></a><span class="lineno">  523</span>&#160;                <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1LoadStmt.html">LoadStmt</a> *load = SVFUtil::dyn_cast&lt;LoadStmt&gt;(stmt))</div>
-<div class="line"><a name="l00524"></a><span class="lineno">  524</span>&#160;                {</div>
-<div class="line"><a name="l00525"></a><span class="lineno">  525</span>&#160;                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#ac60581a57407fa4c65b1975f5be687b8">AccessMemoryViaLoadStmt</a>(load, worklist, visited);</div>
-<div class="line"><a name="l00526"></a><span class="lineno">  526</span>&#160;                }</div>
-<div class="line"><a name="l00527"></a><span class="lineno">  527</span>&#160;                <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1GepStmt.html">GepStmt</a> *gep = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt))</div>
-<div class="line"><a name="l00528"></a><span class="lineno">  528</span>&#160;                {</div>
-<div class="line"><a name="l00529"></a><span class="lineno">  529</span>&#160;                    <span class="comment">// there are 3 type of gepStmt</span></div>
-<div class="line"><a name="l00530"></a><span class="lineno">  530</span>&#160;                    <span class="comment">// 1. ptr get offset</span></div>
-<div class="line"><a name="l00531"></a><span class="lineno">  531</span>&#160;                    <span class="comment">// 2. struct get field</span></div>
-<div class="line"><a name="l00532"></a><span class="lineno">  532</span>&#160;                    <span class="comment">// 3. array get element</span></div>
-<div class="line"><a name="l00533"></a><span class="lineno">  533</span>&#160;                    <span class="comment">// for array gep, there are two kind of overflow checking</span></div>
-<div class="line"><a name="l00534"></a><span class="lineno">  534</span>&#160;                    <span class="comment">//  Arr [Struct.C * 10] arr, Struct.C {i32 a, i32 b}</span></div>
-<div class="line"><a name="l00535"></a><span class="lineno">  535</span>&#160;                    <span class="comment">//     arr[11].a = **, it is &quot;lhs = gep *arr, 0 (ptr), 11 (arrIdx), 0 (ptr), 0(struct field)&quot;</span></div>
-<div class="line"><a name="l00536"></a><span class="lineno">  536</span>&#160;                    <span class="comment">//  1) in this case arrIdx 11 is overflow.</span></div>
-<div class="line"><a name="l00537"></a><span class="lineno">  537</span>&#160;                    <span class="comment">//  Other case,</span></div>
-<div class="line"><a name="l00538"></a><span class="lineno">  538</span>&#160;                    <span class="comment">//   Struct.C {i32 a, [i32*10] b, i32 c}, C.b[11] = 1</span></div>
-<div class="line"><a name="l00539"></a><span class="lineno">  539</span>&#160;                    <span class="comment">//   it is &quot;lhs - gep *C, 0(ptr), 1(struct field), 0(ptr), 11(arrIdx)&quot;</span></div>
-<div class="line"><a name="l00540"></a><span class="lineno">  540</span>&#160;                    <span class="comment">//  2) in this case arrIdx 11 is larger than its getOffsetVar.Type Array([i32*10])</span></div>
-<div class="line"><a name="l00541"></a><span class="lineno">  541</span>&#160; </div>
-<div class="line"><a name="l00542"></a><span class="lineno">  542</span>&#160;                    <span class="comment">// therefore, if last getOffsetVar.Type is not the Array, just check the overall offset and its</span></div>
-<div class="line"><a name="l00543"></a><span class="lineno">  543</span>&#160;                    <span class="comment">// gep source type size (together with totalOffset along the value flow).</span></div>
-<div class="line"><a name="l00544"></a><span class="lineno">  544</span>&#160;                    <span class="comment">//   so if curgepOffset + totalOffset &gt;= gepSrc (overflow)</span></div>
-<div class="line"><a name="l00545"></a><span class="lineno">  545</span>&#160;                    <span class="comment">//      else totalOffset += curgepOffset</span></div>
-<div class="line"><a name="l00546"></a><span class="lineno">  546</span>&#160; </div>
-<div class="line"><a name="l00547"></a><span class="lineno">  547</span>&#160;                    <span class="comment">// otherwise, if last getOffsetVar.Type is the Array, check the last idx and array. (just offset,</span></div>
-<div class="line"><a name="l00548"></a><span class="lineno">  548</span>&#160;                    <span class="comment">//  not with totalOffset during check)</span></div>
-<div class="line"><a name="l00549"></a><span class="lineno">  549</span>&#160;                    <span class="comment">//  so if getOffsetVarVal &gt; getOffsetVar.TypeSize (overflow)</span></div>
-<div class="line"><a name="l00550"></a><span class="lineno">  550</span>&#160;                    <span class="comment">//     else safe and return.</span></div>
-<div class="line"><a name="l00551"></a><span class="lineno">  551</span>&#160;                    <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> byteOffset;</div>
-<div class="line"><a name="l00552"></a><span class="lineno">  552</span>&#160;                    <span class="keywordflow">if</span> (gep-&gt;isConstantOffset())</div>
-<div class="line"><a name="l00553"></a><span class="lineno">  553</span>&#160;                    {</div>
-<div class="line"><a name="l00554"></a><span class="lineno">  554</span>&#160;                        byteOffset = <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(gep-&gt;accumulateConstantByteOffset());</div>
-<div class="line"><a name="l00555"></a><span class="lineno">  555</span>&#160;                    }</div>
-<div class="line"><a name="l00556"></a><span class="lineno">  556</span>&#160;                    <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00557"></a><span class="lineno">  557</span>&#160;                    {</div>
-<div class="line"><a name="l00558"></a><span class="lineno">  558</span>&#160;                        byteOffset = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a21e927af79c73460ff5629cbd4961163">getByteOffset</a>(gep).<a class="code" href="structSVF_1_1AbstractValue.html#acbcec6f55d23e6cd278fe8572a68f393">getInterval</a>();</div>
-<div class="line"><a name="l00559"></a><span class="lineno">  559</span>&#160;                    }</div>
-<div class="line"><a name="l00560"></a><span class="lineno">  560</span>&#160;                    <span class="comment">// for variable offset, join with accumulate gep offset</span></div>
-<div class="line"><a name="l00561"></a><span class="lineno">  561</span>&#160;                    gep_offsets[gep-&gt;getICFGNode()] = byteOffset;</div>
-<div class="line"><a name="l00562"></a><span class="lineno">  562</span>&#160;                    <span class="keywordflow">if</span> (byteOffset.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() &amp;&amp; <a class="code" href="classSVF_1_1Options.html#a6450b984f67d3cfa3f44892e8eea555e">Options::GepUnknownIdx</a>())</div>
-<div class="line"><a name="l00563"></a><span class="lineno">  563</span>&#160;                    {</div>
-<div class="line"><a name="l00564"></a><span class="lineno">  564</span>&#160;                        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a name="l00565"></a><span class="lineno">  565</span>&#160;                    }</div>
-<div class="line"><a name="l00566"></a><span class="lineno">  566</span>&#160; </div>
-<div class="line"><a name="l00567"></a><span class="lineno">  567</span>&#160;                    <span class="keywordflow">if</span> (gep-&gt;getOffsetVarAndGepTypePairVec().size() &gt; 0)</div>
-<div class="line"><a name="l00568"></a><span class="lineno">  568</span>&#160;                    {</div>
-<div class="line"><a name="l00569"></a><span class="lineno">  569</span>&#160;                        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFVar.html">SVFVar</a> *gepVal = gep-&gt;getOffsetVarAndGepTypePairVec().back().first;</div>
-<div class="line"><a name="l00570"></a><span class="lineno">  570</span>&#160;                        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *gepType = gep-&gt;getOffsetVarAndGepTypePairVec().back().second;</div>
-<div class="line"><a name="l00571"></a><span class="lineno">  571</span>&#160; </div>
-<div class="line"><a name="l00572"></a><span class="lineno">  572</span>&#160;                        <span class="keywordflow">if</span> (gepType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
-<div class="line"><a name="l00573"></a><span class="lineno">  573</span>&#160;                        {</div>
-<div class="line"><a name="l00574"></a><span class="lineno">  574</span>&#160;                            <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *gepArrType = SVFUtil::dyn_cast&lt;SVFArrayType&gt;(gepType);</div>
-<div class="line"><a name="l00575"></a><span class="lineno">  575</span>&#160;                            <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> gepArrTotalByte(0);</div>
-<div class="line"><a name="l00576"></a><span class="lineno">  576</span>&#160;                            <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *idxValue = gepVal-&gt;<a class="code" href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">getValue</a>();</div>
-<div class="line"><a name="l00577"></a><span class="lineno">  577</span>&#160;                            <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arrElemSize = gepArrType-&gt;<a class="code" href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">getTypeOfElement</a>()-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
-<div class="line"><a name="l00578"></a><span class="lineno">  578</span>&#160;                            <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFConstantInt.html">SVFConstantInt</a> *op = SVFUtil::dyn_cast&lt;SVFConstantInt&gt;(idxValue))</div>
-<div class="line"><a name="l00579"></a><span class="lineno">  579</span>&#160;                            {</div>
-<div class="line"><a name="l00580"></a><span class="lineno">  580</span>&#160;                                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (double) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize &gt;= op-&gt;getSExtValue() ?</div>
-<div class="line"><a name="l00581"></a><span class="lineno">  581</span>&#160;                                           op-&gt;getSExtValue() * arrElemSize : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
-<div class="line"><a name="l00582"></a><span class="lineno">  582</span>&#160;                                gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, lb);</div>
-<div class="line"><a name="l00583"></a><span class="lineno">  583</span>&#160;                            }</div>
-<div class="line"><a name="l00584"></a><span class="lineno">  584</span>&#160;                            <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00585"></a><span class="lineno">  585</span>&#160;                            {</div>
-<div class="line"><a name="l00586"></a><span class="lineno">  586</span>&#160;                                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> idx = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(idxValue);</div>
-<div class="line"><a name="l00587"></a><span class="lineno">  587</span>&#160;                                <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> idxVal = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">getEs</a>()[idx].getInterval();</div>
-<div class="line"><a name="l00588"></a><span class="lineno">  588</span>&#160;                                <span class="keywordflow">if</span> (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a674f9bb98053f8658e246863d6561072">isBottom</a>())</div>
-<div class="line"><a name="l00589"></a><span class="lineno">  589</span>&#160;                                {</div>
-<div class="line"><a name="l00590"></a><span class="lineno">  590</span>&#160;                                    gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(0, 0);</div>
-<div class="line"><a name="l00591"></a><span class="lineno">  591</span>&#160;                                }</div>
-<div class="line"><a name="l00592"></a><span class="lineno">  592</span>&#160;                                <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00593"></a><span class="lineno">  593</span>&#160;                                {</div>
-<div class="line"><a name="l00594"></a><span class="lineno">  594</span>&#160;                                    <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> ub = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0) ? 0 :</div>
-<div class="line"><a name="l00595"></a><span class="lineno">  595</span>&#160;                                               (<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize &gt;=</div>
-<div class="line"><a name="l00596"></a><span class="lineno">  596</span>&#160;                                               idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() ?</div>
-<div class="line"><a name="l00597"></a><span class="lineno">  597</span>&#160;                                               arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
-<div class="line"><a name="l00598"></a><span class="lineno">  598</span>&#160;                                    <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0) ? 0 :</div>
-<div class="line"><a name="l00599"></a><span class="lineno">  599</span>&#160;                                               ((<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize &gt;=</div>
-<div class="line"><a name="l00600"></a><span class="lineno">  600</span>&#160;                                                idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>()) ?</div>
-<div class="line"><a name="l00601"></a><span class="lineno">  601</span>&#160;                                               arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
-<div class="line"><a name="l00602"></a><span class="lineno">  602</span>&#160;                                    gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, ub);</div>
-<div class="line"><a name="l00603"></a><span class="lineno">  603</span>&#160;                                }</div>
-<div class="line"><a name="l00604"></a><span class="lineno">  604</span>&#160;                            }</div>
-<div class="line"><a name="l00605"></a><span class="lineno">  605</span>&#160;                            total_bytes = total_bytes + gepArrTotalByte;</div>
-<div class="line"><a name="l00606"></a><span class="lineno">  606</span>&#160;                            <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>())</div>
-<div class="line"><a name="l00607"></a><span class="lineno">  607</span>&#160;                            {</div>
-<div class="line"><a name="l00608"></a><span class="lineno">  608</span>&#160;                                <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
-<div class="line"><a name="l00609"></a><span class="lineno">  609</span>&#160;                                    <span class="stringliteral">&quot;Buffer overflow!! Accessing buffer range: &quot;</span> +</div>
-<div class="line"><a name="l00610"></a><span class="lineno">  610</span>&#160;                                    <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
-<div class="line"><a name="l00611"></a><span class="lineno">  611</span>&#160;                                    <span class="stringliteral">&quot;\nAllocated Gep buffer size: &quot;</span> +</div>
-<div class="line"><a name="l00612"></a><span class="lineno">  612</span>&#160;                                    std::to_string(gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>()) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00613"></a><span class="lineno">  613</span>&#160;                                msg += <span class="stringliteral">&quot;Position: &quot;</span> + firstValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00614"></a><span class="lineno">  614</span>&#160;                                msg += <span class="stringliteral">&quot; The following is the value flow. [[\n&quot;</span>;</div>
-<div class="line"><a name="l00615"></a><span class="lineno">  615</span>&#160;                                <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
-<div class="line"><a name="l00616"></a><span class="lineno">  616</span>&#160;                                {</div>
-<div class="line"><a name="l00617"></a><span class="lineno">  617</span>&#160;                                    msg += it-&gt;first-&gt;toString() + <span class="stringliteral">&quot;, Offset: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it-&gt;second) +</div>
-<div class="line"><a name="l00618"></a><span class="lineno">  618</span>&#160;                                           <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00619"></a><span class="lineno">  619</span>&#160;                                }</div>
-<div class="line"><a name="l00620"></a><span class="lineno">  620</span>&#160;                                msg += <span class="stringliteral">&quot;]].\nAlloc Site: &quot;</span> + gep-&gt;toString() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00621"></a><span class="lineno">  621</span>&#160; </div>
-<div class="line"><a name="l00622"></a><span class="lineno">  622</span>&#160;                                <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#a7655b13bbfe720ca2b8a25e0a72528e6">SVFUtil::errMsg</a>(msg), gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
-<div class="line"><a name="l00623"></a><span class="lineno">  623</span>&#160;                                                         gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
-<div class="line"><a name="l00624"></a><span class="lineno">  624</span>&#160;                                                         total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
-<div class="line"><a name="l00625"></a><span class="lineno">  625</span>&#160;                                                         firstValue);</div>
-<div class="line"><a name="l00626"></a><span class="lineno">  626</span>&#160;                                <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
-<div class="line"><a name="l00627"></a><span class="lineno">  627</span>&#160;                                <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a name="l00628"></a><span class="lineno">  628</span>&#160;                            }</div>
-<div class="line"><a name="l00629"></a><span class="lineno">  629</span>&#160;                            <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00630"></a><span class="lineno">  630</span>&#160;                            {</div>
-<div class="line"><a name="l00631"></a><span class="lineno">  631</span>&#160;                                <span class="comment">// for gep last index&#39;s type is arr, stop here.</span></div>
-<div class="line"><a name="l00632"></a><span class="lineno">  632</span>&#160;                                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00402"></a><span class="lineno">  402</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> arg2Num =</div>
+<div class="line"><a name="l00403"></a><span class="lineno">  403</span>&#160;            <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(arg2Val)];</div>
+<div class="line"><a name="l00404"></a><span class="lineno">  404</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">getStrlen</a>(arg0Val);</div>
+<div class="line"><a name="l00405"></a><span class="lineno">  405</span>&#160;        <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> totalLen = strLen0 + arg2Num;</div>
+<div class="line"><a name="l00406"></a><span class="lineno">  406</span>&#160;        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
+<div class="line"><a name="l00407"></a><span class="lineno">  407</span>&#160;    }</div>
+<div class="line"><a name="l00408"></a><span class="lineno">  408</span>&#160;    <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00409"></a><span class="lineno">  409</span>&#160;    {</div>
+<div class="line"><a name="l00410"></a><span class="lineno">  410</span>&#160;        assert(<span class="keyword">false</span> &amp;&amp; <span class="stringliteral">&quot;unknown strcat function, please add it to strcatGroup or strncatGroup&quot;</span>);</div>
+<div class="line"><a name="l00411"></a><span class="lineno">  411</span>&#160;        abort();</div>
+<div class="line"><a name="l00412"></a><span class="lineno">  412</span>&#160;    }</div>
+<div class="line"><a name="l00413"></a><span class="lineno">  413</span>&#160;}</div>
+<div class="line"><a name="l00414"></a><span class="lineno">  414</span>&#160; </div>
+<div class="line"><a name="l00415"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">  415</a></span>&#160;<span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">BufOverflowChecker::handleExtAPI</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
+<div class="line"><a name="l00416"></a><span class="lineno">  416</span>&#160;{</div>
+<div class="line"><a name="l00417"></a><span class="lineno">  417</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">AbstractInterpretation::handleExtAPI</a>(call);</div>
+<div class="line"><a name="l00418"></a><span class="lineno">  418</span>&#160;    <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFFunction.html">SVFFunction</a> *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call-&gt;<a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
+<div class="line"><a name="l00419"></a><span class="lineno">  419</span>&#160;    assert(fun &amp;&amp; <span class="stringliteral">&quot;SVFFunction* is nullptr&quot;</span>);</div>
+<div class="line"><a name="l00420"></a><span class="lineno">  420</span>&#160;    <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-&gt;<a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
+<div class="line"><a name="l00421"></a><span class="lineno">  421</span>&#160;    <span class="comment">// check the type of mem api,</span></div>
+<div class="line"><a name="l00422"></a><span class="lineno">  422</span>&#160;    <span class="comment">// MEMCPY: like memcpy, memcpy_chk, llvm.memcpy etc.</span></div>
+<div class="line"><a name="l00423"></a><span class="lineno">  423</span>&#160;    <span class="comment">// MEMSET: like memset, memset_chk, llvm.memset etc.</span></div>
+<div class="line"><a name="l00424"></a><span class="lineno">  424</span>&#160;    <span class="comment">// STRCPY: like strcpy, strcpy_chk, wcscpy etc.</span></div>
+<div class="line"><a name="l00425"></a><span class="lineno">  425</span>&#160;    <span class="comment">// STRCAT: like strcat, strcat_chk, wcscat etc.</span></div>
+<div class="line"><a name="l00426"></a><span class="lineno">  426</span>&#160;    <span class="comment">// for other ext api like printf, scanf, etc., they have their own handlers</span></div>
+<div class="line"><a name="l00427"></a><span class="lineno">  427</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">ExtAPIType</a> extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543">UNCLASSIFIED</a>;</div>
+<div class="line"><a name="l00428"></a><span class="lineno">  428</span>&#160;    <span class="comment">// get type of mem api</span></div>
+<div class="line"><a name="l00429"></a><span class="lineno">  429</span>&#160;    <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> &amp;annotation: fun-&gt;<a class="code" href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">getAnnotations</a>())</div>
+<div class="line"><a name="l00430"></a><span class="lineno">  430</span>&#160;    {</div>
+<div class="line"><a name="l00431"></a><span class="lineno">  431</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;MEMCPY&quot;</span>) != std::string::npos)</div>
+<div class="line"><a name="l00432"></a><span class="lineno">  432</span>&#160;            extType =  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>;</div>
+<div class="line"><a name="l00433"></a><span class="lineno">  433</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;MEMSET&quot;</span>) != std::string::npos)</div>
+<div class="line"><a name="l00434"></a><span class="lineno">  434</span>&#160;            extType =  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>;</div>
+<div class="line"><a name="l00435"></a><span class="lineno">  435</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;STRCPY&quot;</span>) != std::string::npos)</div>
+<div class="line"><a name="l00436"></a><span class="lineno">  436</span>&#160;            extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>;</div>
+<div class="line"><a name="l00437"></a><span class="lineno">  437</span>&#160;        <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">&quot;STRCAT&quot;</span>) != std::string::npos)</div>
+<div class="line"><a name="l00438"></a><span class="lineno">  438</span>&#160;            extType =  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>;</div>
+<div class="line"><a name="l00439"></a><span class="lineno">  439</span>&#160;    }</div>
+<div class="line"><a name="l00440"></a><span class="lineno">  440</span>&#160;    <span class="comment">// 1. memcpy functions like memcpy_chk, strncpy, annotate(&quot;MEMCPY&quot;), annotate(&quot;BUF_CHECK:Arg0, Arg2&quot;), annotate(&quot;BUF_CHECK:Arg1, Arg2&quot;)</span></div>
+<div class="line"><a name="l00441"></a><span class="lineno">  441</span>&#160;    <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>)</div>
+<div class="line"><a name="l00442"></a><span class="lineno">  442</span>&#160;    {</div>
+<div class="line"><a name="l00443"></a><span class="lineno">  443</span>&#160;        <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
+<div class="line"><a name="l00444"></a><span class="lineno">  444</span>&#160;        {</div>
+<div class="line"><a name="l00445"></a><span class="lineno">  445</span>&#160;            <span class="comment">// if it is not in the rules, we do not check it</span></div>
+<div class="line"><a name="l00446"></a><span class="lineno">  446</span>&#160;            <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() &lt;&lt; <span class="stringliteral">&quot;Warning: &quot;</span> &lt;&lt; fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() &lt;&lt; <span class="stringliteral">&quot; is not in the rules, please implement it\n&quot;</span>;</div>
+<div class="line"><a name="l00447"></a><span class="lineno">  447</span>&#160;            <span class="keywordflow">return</span>;</div>
+<div class="line"><a name="l00448"></a><span class="lineno">  448</span>&#160;        }</div>
+<div class="line"><a name="l00449"></a><span class="lineno">  449</span>&#160;        <span class="comment">// call parseMemcpyBufferCheckArgs to parse the BUF_CHECK annotation</span></div>
+<div class="line"><a name="l00450"></a><span class="lineno">  450</span>&#160;        std::vector&lt;std::pair&lt;u32_t, u32_t&gt;&gt; args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
+<div class="line"><a name="l00451"></a><span class="lineno">  451</span>&#160;        <span class="comment">// loop the args and check the offset</span></div>
+<div class="line"><a name="l00452"></a><span class="lineno">  452</span>&#160;        <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
+<div class="line"><a name="l00453"></a><span class="lineno">  453</span>&#160;        {</div>
+<div class="line"><a name="l00454"></a><span class="lineno">  454</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> =</div>
+<div class="line"><a name="l00455"></a><span class="lineno">  455</span>&#160;                <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
+<div class="line"><a name="l00456"></a><span class="lineno">  456</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
+<div class="line"><a name="l00457"></a><span class="lineno">  457</span>&#160;        }</div>
+<div class="line"><a name="l00458"></a><span class="lineno">  458</span>&#160;    }</div>
+<div class="line"><a name="l00459"></a><span class="lineno">  459</span>&#160;    <span class="comment">// 2. memset functions like memset, memset_chk, annotate(&quot;MEMSET&quot;), annotate(&quot;BUF_CHECK:Arg0, Arg2&quot;)</span></div>
+<div class="line"><a name="l00460"></a><span class="lineno">  460</span>&#160;    <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>)</div>
+<div class="line"><a name="l00461"></a><span class="lineno">  461</span>&#160;    {</div>
+<div class="line"><a name="l00462"></a><span class="lineno">  462</span>&#160;        <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
+<div class="line"><a name="l00463"></a><span class="lineno">  463</span>&#160;        {</div>
+<div class="line"><a name="l00464"></a><span class="lineno">  464</span>&#160;            <span class="comment">// if it is not in the rules, we do not check it</span></div>
+<div class="line"><a name="l00465"></a><span class="lineno">  465</span>&#160;            <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() &lt;&lt; <span class="stringliteral">&quot;Warning: &quot;</span> &lt;&lt; fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() &lt;&lt; <span class="stringliteral">&quot; is not in the rules, please implement it\n&quot;</span>;</div>
+<div class="line"><a name="l00466"></a><span class="lineno">  466</span>&#160;            <span class="keywordflow">return</span>;</div>
+<div class="line"><a name="l00467"></a><span class="lineno">  467</span>&#160;        }</div>
+<div class="line"><a name="l00468"></a><span class="lineno">  468</span>&#160;        std::vector&lt;std::pair&lt;u32_t, u32_t&gt;&gt; args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
+<div class="line"><a name="l00469"></a><span class="lineno">  469</span>&#160;        <span class="comment">// loop the args and check the offset</span></div>
+<div class="line"><a name="l00470"></a><span class="lineno">  470</span>&#160;        <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
+<div class="line"><a name="l00471"></a><span class="lineno">  471</span>&#160;        {</div>
+<div class="line"><a name="l00472"></a><span class="lineno">  472</span>&#160;            <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> =</div>
+<div class="line"><a name="l00473"></a><span class="lineno">  473</span>&#160;                <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
+<div class="line"><a name="l00474"></a><span class="lineno">  474</span>&#160;            <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
+<div class="line"><a name="l00475"></a><span class="lineno">  475</span>&#160;        }</div>
+<div class="line"><a name="l00476"></a><span class="lineno">  476</span>&#160;    }</div>
+<div class="line"><a name="l00477"></a><span class="lineno">  477</span>&#160;    <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>)</div>
+<div class="line"><a name="l00478"></a><span class="lineno">  478</span>&#160;    {</div>
+<div class="line"><a name="l00479"></a><span class="lineno">  479</span>&#160;        <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">detectStrcpy</a>(call);</div>
+<div class="line"><a name="l00480"></a><span class="lineno">  480</span>&#160;    }</div>
+<div class="line"><a name="l00481"></a><span class="lineno">  481</span>&#160;    <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>)</div>
+<div class="line"><a name="l00482"></a><span class="lineno">  482</span>&#160;    {</div>
+<div class="line"><a name="l00483"></a><span class="lineno">  483</span>&#160;        <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">detectStrcat</a>(call);</div>
+<div class="line"><a name="l00484"></a><span class="lineno">  484</span>&#160;    }</div>
+<div class="line"><a name="l00485"></a><span class="lineno">  485</span>&#160;    <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00486"></a><span class="lineno">  486</span>&#160;    {</div>
+<div class="line"><a name="l00487"></a><span class="lineno">  487</span>&#160; </div>
+<div class="line"><a name="l00488"></a><span class="lineno">  488</span>&#160;    }</div>
+<div class="line"><a name="l00489"></a><span class="lineno">  489</span>&#160;    <span class="keywordflow">return</span>;</div>
+<div class="line"><a name="l00490"></a><span class="lineno">  490</span>&#160;}</div>
+<div class="line"><a name="l00491"></a><span class="lineno">  491</span>&#160; </div>
+<div class="line"><a name="l00492"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">  492</a></span>&#160;<span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">BufOverflowChecker::canSafelyAccessMemory</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *value, <span class="keyword">const</span> <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> &amp;len, <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *curNode)</div>
+<div class="line"><a name="l00493"></a><span class="lineno">  493</span>&#160;{</div>
+<div class="line"><a name="l00494"></a><span class="lineno">  494</span>&#160;    <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *firstValue = value;</div>
+<div class="line"><a name="l00500"></a><span class="lineno">  500</span>&#160; </div>
+<div class="line"><a name="l00503"></a><span class="lineno">  503</span>&#160;    <a class="code" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList&lt;const SVFValue *&gt;</a> worklist;</div>
+<div class="line"><a name="l00504"></a><span class="lineno">  504</span>&#160;    <a class="code" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set&lt;const SVFValue *&gt;</a> visited;</div>
+<div class="line"><a name="l00505"></a><span class="lineno">  505</span>&#160;    visited.insert(value);</div>
+<div class="line"><a name="l00506"></a><span class="lineno">  506</span>&#160;    <a class="code" href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">Map&lt;const ICFGNode *, IntervalValue&gt;</a> gep_offsets;</div>
+<div class="line"><a name="l00507"></a><span class="lineno">  507</span>&#160;    <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> total_bytes = len.<a class="code" href="structSVF_1_1AbstractValue.html#acbcec6f55d23e6cd278fe8572a68f393">getInterval</a>();</div>
+<div class="line"><a name="l00508"></a><span class="lineno">  508</span>&#160;    worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(value);</div>
+<div class="line"><a name="l00509"></a><span class="lineno">  509</span>&#160;    std::vector&lt;const CallICFGNode *&gt; callstack = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">_callSiteStack</a>;</div>
+<div class="line"><a name="l00510"></a><span class="lineno">  510</span>&#160;    <span class="keywordflow">while</span> (!worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">empty</a>())</div>
+<div class="line"><a name="l00511"></a><span class="lineno">  511</span>&#160;    {</div>
+<div class="line"><a name="l00512"></a><span class="lineno">  512</span>&#160;        value = worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">pop</a>();</div>
+<div class="line"><a name="l00513"></a><span class="lineno">  513</span>&#160;        <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFInstruction.html">SVFInstruction</a> *ins = SVFUtil::dyn_cast&lt;SVFInstruction&gt;(value))</div>
+<div class="line"><a name="l00514"></a><span class="lineno">  514</span>&#160;        {</div>
+<div class="line"><a name="l00515"></a><span class="lineno">  515</span>&#160;            <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *node = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-&gt;<a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(ins);</div>
+<div class="line"><a name="l00516"></a><span class="lineno">  516</span>&#160;            <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *callnode = SVFUtil::dyn_cast&lt;CallICFGNode&gt;(node))</div>
+<div class="line"><a name="l00517"></a><span class="lineno">  517</span>&#160;            {</div>
+<div class="line"><a name="l00518"></a><span class="lineno">  518</span>&#160;                <a class="code" href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">AccessMemoryViaRetNode</a>(callnode, worklist, visited);</div>
+<div class="line"><a name="l00519"></a><span class="lineno">  519</span>&#160;            }</div>
+<div class="line"><a name="l00520"></a><span class="lineno">  520</span>&#160;            <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFStmt.html">SVFStmt</a> *stmt: node-&gt;<a class="code" href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">getSVFStmts</a>())</div>
+<div class="line"><a name="l00521"></a><span class="lineno">  521</span>&#160;            {</div>
+<div class="line"><a name="l00522"></a><span class="lineno">  522</span>&#160;                <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CopyStmt.html">CopyStmt</a> *<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a> = SVFUtil::dyn_cast&lt;CopyStmt&gt;(stmt))</div>
+<div class="line"><a name="l00523"></a><span class="lineno">  523</span>&#160;                {</div>
+<div class="line"><a name="l00524"></a><span class="lineno">  524</span>&#160;                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">AccessMemoryViaCopyStmt</a>(<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a>, worklist, visited);</div>
+<div class="line"><a name="l00525"></a><span class="lineno">  525</span>&#160;                }</div>
+<div class="line"><a name="l00526"></a><span class="lineno">  526</span>&#160;                <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1LoadStmt.html">LoadStmt</a> *load = SVFUtil::dyn_cast&lt;LoadStmt&gt;(stmt))</div>
+<div class="line"><a name="l00527"></a><span class="lineno">  527</span>&#160;                {</div>
+<div class="line"><a name="l00528"></a><span class="lineno">  528</span>&#160;                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#ac60581a57407fa4c65b1975f5be687b8">AccessMemoryViaLoadStmt</a>(load, worklist, visited);</div>
+<div class="line"><a name="l00529"></a><span class="lineno">  529</span>&#160;                }</div>
+<div class="line"><a name="l00530"></a><span class="lineno">  530</span>&#160;                <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1GepStmt.html">GepStmt</a> *gep = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt))</div>
+<div class="line"><a name="l00531"></a><span class="lineno">  531</span>&#160;                {</div>
+<div class="line"><a name="l00532"></a><span class="lineno">  532</span>&#160;                    <span class="comment">// there are 3 type of gepStmt</span></div>
+<div class="line"><a name="l00533"></a><span class="lineno">  533</span>&#160;                    <span class="comment">// 1. ptr get offset</span></div>
+<div class="line"><a name="l00534"></a><span class="lineno">  534</span>&#160;                    <span class="comment">// 2. struct get field</span></div>
+<div class="line"><a name="l00535"></a><span class="lineno">  535</span>&#160;                    <span class="comment">// 3. array get element</span></div>
+<div class="line"><a name="l00536"></a><span class="lineno">  536</span>&#160;                    <span class="comment">// for array gep, there are two kind of overflow checking</span></div>
+<div class="line"><a name="l00537"></a><span class="lineno">  537</span>&#160;                    <span class="comment">//  Arr [Struct.C * 10] arr, Struct.C {i32 a, i32 b}</span></div>
+<div class="line"><a name="l00538"></a><span class="lineno">  538</span>&#160;                    <span class="comment">//     arr[11].a = **, it is &quot;lhs = gep *arr, 0 (ptr), 11 (arrIdx), 0 (ptr), 0(struct field)&quot;</span></div>
+<div class="line"><a name="l00539"></a><span class="lineno">  539</span>&#160;                    <span class="comment">//  1) in this case arrIdx 11 is overflow.</span></div>
+<div class="line"><a name="l00540"></a><span class="lineno">  540</span>&#160;                    <span class="comment">//  Other case,</span></div>
+<div class="line"><a name="l00541"></a><span class="lineno">  541</span>&#160;                    <span class="comment">//   Struct.C {i32 a, [i32*10] b, i32 c}, C.b[11] = 1</span></div>
+<div class="line"><a name="l00542"></a><span class="lineno">  542</span>&#160;                    <span class="comment">//   it is &quot;lhs - gep *C, 0(ptr), 1(struct field), 0(ptr), 11(arrIdx)&quot;</span></div>
+<div class="line"><a name="l00543"></a><span class="lineno">  543</span>&#160;                    <span class="comment">//  2) in this case arrIdx 11 is larger than its getOffsetVar.Type Array([i32*10])</span></div>
+<div class="line"><a name="l00544"></a><span class="lineno">  544</span>&#160; </div>
+<div class="line"><a name="l00545"></a><span class="lineno">  545</span>&#160;                    <span class="comment">// therefore, if last getOffsetVar.Type is not the Array, just check the overall offset and its</span></div>
+<div class="line"><a name="l00546"></a><span class="lineno">  546</span>&#160;                    <span class="comment">// gep source type size (together with totalOffset along the value flow).</span></div>
+<div class="line"><a name="l00547"></a><span class="lineno">  547</span>&#160;                    <span class="comment">//   so if curgepOffset + totalOffset &gt;= gepSrc (overflow)</span></div>
+<div class="line"><a name="l00548"></a><span class="lineno">  548</span>&#160;                    <span class="comment">//      else totalOffset += curgepOffset</span></div>
+<div class="line"><a name="l00549"></a><span class="lineno">  549</span>&#160; </div>
+<div class="line"><a name="l00550"></a><span class="lineno">  550</span>&#160;                    <span class="comment">// otherwise, if last getOffsetVar.Type is the Array, check the last idx and array. (just offset,</span></div>
+<div class="line"><a name="l00551"></a><span class="lineno">  551</span>&#160;                    <span class="comment">//  not with totalOffset during check)</span></div>
+<div class="line"><a name="l00552"></a><span class="lineno">  552</span>&#160;                    <span class="comment">//  so if getOffsetVarVal &gt; getOffsetVar.TypeSize (overflow)</span></div>
+<div class="line"><a name="l00553"></a><span class="lineno">  553</span>&#160;                    <span class="comment">//     else safe and return.</span></div>
+<div class="line"><a name="l00554"></a><span class="lineno">  554</span>&#160;                    <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> byteOffset;</div>
+<div class="line"><a name="l00555"></a><span class="lineno">  555</span>&#160;                    <span class="keywordflow">if</span> (gep-&gt;isConstantOffset())</div>
+<div class="line"><a name="l00556"></a><span class="lineno">  556</span>&#160;                    {</div>
+<div class="line"><a name="l00557"></a><span class="lineno">  557</span>&#160;                        byteOffset = <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(gep-&gt;accumulateConstantByteOffset());</div>
+<div class="line"><a name="l00558"></a><span class="lineno">  558</span>&#160;                    }</div>
+<div class="line"><a name="l00559"></a><span class="lineno">  559</span>&#160;                    <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00560"></a><span class="lineno">  560</span>&#160;                    {</div>
+<div class="line"><a name="l00561"></a><span class="lineno">  561</span>&#160;                        byteOffset =</div>
+<div class="line"><a name="l00562"></a><span class="lineno">  562</span>&#160;                            <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a21e927af79c73460ff5629cbd4961163">getByteOffset</a>(gep).<a class="code" href="structSVF_1_1AbstractValue.html#acbcec6f55d23e6cd278fe8572a68f393">getInterval</a>();</div>
+<div class="line"><a name="l00563"></a><span class="lineno">  563</span>&#160;                    }</div>
+<div class="line"><a name="l00564"></a><span class="lineno">  564</span>&#160;                    <span class="comment">// for variable offset, join with accumulate gep offset</span></div>
+<div class="line"><a name="l00565"></a><span class="lineno">  565</span>&#160;                    gep_offsets[gep-&gt;getICFGNode()] = byteOffset;</div>
+<div class="line"><a name="l00566"></a><span class="lineno">  566</span>&#160;                    <span class="keywordflow">if</span> (byteOffset.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() &amp;&amp; <a class="code" href="classSVF_1_1Options.html#a6450b984f67d3cfa3f44892e8eea555e">Options::GepUnknownIdx</a>())</div>
+<div class="line"><a name="l00567"></a><span class="lineno">  567</span>&#160;                    {</div>
+<div class="line"><a name="l00568"></a><span class="lineno">  568</span>&#160;                        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00569"></a><span class="lineno">  569</span>&#160;                    }</div>
+<div class="line"><a name="l00570"></a><span class="lineno">  570</span>&#160; </div>
+<div class="line"><a name="l00571"></a><span class="lineno">  571</span>&#160;                    <span class="keywordflow">if</span> (gep-&gt;getOffsetVarAndGepTypePairVec().size() &gt; 0)</div>
+<div class="line"><a name="l00572"></a><span class="lineno">  572</span>&#160;                    {</div>
+<div class="line"><a name="l00573"></a><span class="lineno">  573</span>&#160;                        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFVar.html">SVFVar</a> *gepVal = gep-&gt;getOffsetVarAndGepTypePairVec().back().first;</div>
+<div class="line"><a name="l00574"></a><span class="lineno">  574</span>&#160;                        <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *gepType = gep-&gt;getOffsetVarAndGepTypePairVec().back().second;</div>
+<div class="line"><a name="l00575"></a><span class="lineno">  575</span>&#160; </div>
+<div class="line"><a name="l00576"></a><span class="lineno">  576</span>&#160;                        <span class="keywordflow">if</span> (gepType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
+<div class="line"><a name="l00577"></a><span class="lineno">  577</span>&#160;                        {</div>
+<div class="line"><a name="l00578"></a><span class="lineno">  578</span>&#160;                            <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *gepArrType = SVFUtil::dyn_cast&lt;SVFArrayType&gt;(gepType);</div>
+<div class="line"><a name="l00579"></a><span class="lineno">  579</span>&#160;                            <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> gepArrTotalByte(0);</div>
+<div class="line"><a name="l00580"></a><span class="lineno">  580</span>&#160;                            <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *idxValue = gepVal-&gt;<a class="code" href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">getValue</a>();</div>
+<div class="line"><a name="l00581"></a><span class="lineno">  581</span>&#160;                            <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arrElemSize = gepArrType-&gt;<a class="code" href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">getTypeOfElement</a>()-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
+<div class="line"><a name="l00582"></a><span class="lineno">  582</span>&#160;                            <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFConstantInt.html">SVFConstantInt</a> *op = SVFUtil::dyn_cast&lt;SVFConstantInt&gt;(idxValue))</div>
+<div class="line"><a name="l00583"></a><span class="lineno">  583</span>&#160;                            {</div>
+<div class="line"><a name="l00584"></a><span class="lineno">  584</span>&#160;                                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (double) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize &gt;= op-&gt;getSExtValue() ?</div>
+<div class="line"><a name="l00585"></a><span class="lineno">  585</span>&#160;                                           op-&gt;getSExtValue() * arrElemSize : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
+<div class="line"><a name="l00586"></a><span class="lineno">  586</span>&#160;                                gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, lb);</div>
+<div class="line"><a name="l00587"></a><span class="lineno">  587</span>&#160;                            }</div>
+<div class="line"><a name="l00588"></a><span class="lineno">  588</span>&#160;                            <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00589"></a><span class="lineno">  589</span>&#160;                            {</div>
+<div class="line"><a name="l00590"></a><span class="lineno">  590</span>&#160;                                <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> idx = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(idxValue);</div>
+<div class="line"><a name="l00591"></a><span class="lineno">  591</span>&#160;                                <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> idxVal =</div>
+<div class="line"><a name="l00592"></a><span class="lineno">  592</span>&#160;                                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>()[idx].getInterval();</div>
+<div class="line"><a name="l00593"></a><span class="lineno">  593</span>&#160;                                <span class="keywordflow">if</span> (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a674f9bb98053f8658e246863d6561072">isBottom</a>())</div>
+<div class="line"><a name="l00594"></a><span class="lineno">  594</span>&#160;                                {</div>
+<div class="line"><a name="l00595"></a><span class="lineno">  595</span>&#160;                                    gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(0, 0);</div>
+<div class="line"><a name="l00596"></a><span class="lineno">  596</span>&#160;                                }</div>
+<div class="line"><a name="l00597"></a><span class="lineno">  597</span>&#160;                                <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00598"></a><span class="lineno">  598</span>&#160;                                {</div>
+<div class="line"><a name="l00599"></a><span class="lineno">  599</span>&#160;                                    <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> ub = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0) ? 0 :</div>
+<div class="line"><a name="l00600"></a><span class="lineno">  600</span>&#160;                                               (<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize &gt;=</div>
+<div class="line"><a name="l00601"></a><span class="lineno">  601</span>&#160;                                               idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() ?</div>
+<div class="line"><a name="l00602"></a><span class="lineno">  602</span>&#160;                                               arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
+<div class="line"><a name="l00603"></a><span class="lineno">  603</span>&#160;                                    <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0) ? 0 :</div>
+<div class="line"><a name="l00604"></a><span class="lineno">  604</span>&#160;                                               ((<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize &gt;=</div>
+<div class="line"><a name="l00605"></a><span class="lineno">  605</span>&#160;                                                idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>()) ?</div>
+<div class="line"><a name="l00606"></a><span class="lineno">  606</span>&#160;                                               arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
+<div class="line"><a name="l00607"></a><span class="lineno">  607</span>&#160;                                    gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, ub);</div>
+<div class="line"><a name="l00608"></a><span class="lineno">  608</span>&#160;                                }</div>
+<div class="line"><a name="l00609"></a><span class="lineno">  609</span>&#160;                            }</div>
+<div class="line"><a name="l00610"></a><span class="lineno">  610</span>&#160;                            total_bytes = total_bytes + gepArrTotalByte;</div>
+<div class="line"><a name="l00611"></a><span class="lineno">  611</span>&#160;                            <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>())</div>
+<div class="line"><a name="l00612"></a><span class="lineno">  612</span>&#160;                            {</div>
+<div class="line"><a name="l00613"></a><span class="lineno">  613</span>&#160;                                <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
+<div class="line"><a name="l00614"></a><span class="lineno">  614</span>&#160;                                    <span class="stringliteral">&quot;Buffer overflow!! Accessing buffer range: &quot;</span> +</div>
+<div class="line"><a name="l00615"></a><span class="lineno">  615</span>&#160;                                    <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
+<div class="line"><a name="l00616"></a><span class="lineno">  616</span>&#160;                                    <span class="stringliteral">&quot;\nAllocated Gep buffer size: &quot;</span> +</div>
+<div class="line"><a name="l00617"></a><span class="lineno">  617</span>&#160;                                    std::to_string(gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>()) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00618"></a><span class="lineno">  618</span>&#160;                                msg += <span class="stringliteral">&quot;Position: &quot;</span> + firstValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00619"></a><span class="lineno">  619</span>&#160;                                msg += <span class="stringliteral">&quot; The following is the value flow. [[\n&quot;</span>;</div>
+<div class="line"><a name="l00620"></a><span class="lineno">  620</span>&#160;                                <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
+<div class="line"><a name="l00621"></a><span class="lineno">  621</span>&#160;                                {</div>
+<div class="line"><a name="l00622"></a><span class="lineno">  622</span>&#160;                                    msg += it-&gt;first-&gt;toString() + <span class="stringliteral">&quot;, Offset: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it-&gt;second) +</div>
+<div class="line"><a name="l00623"></a><span class="lineno">  623</span>&#160;                                           <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00624"></a><span class="lineno">  624</span>&#160;                                }</div>
+<div class="line"><a name="l00625"></a><span class="lineno">  625</span>&#160;                                msg += <span class="stringliteral">&quot;]].\nAlloc Site: &quot;</span> + gep-&gt;toString() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00626"></a><span class="lineno">  626</span>&#160; </div>
+<div class="line"><a name="l00627"></a><span class="lineno">  627</span>&#160;                                <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#a7655b13bbfe720ca2b8a25e0a72528e6">SVFUtil::errMsg</a>(msg), gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
+<div class="line"><a name="l00628"></a><span class="lineno">  628</span>&#160;                                                         gepArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
+<div class="line"><a name="l00629"></a><span class="lineno">  629</span>&#160;                                                         total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
+<div class="line"><a name="l00630"></a><span class="lineno">  630</span>&#160;                                                         firstValue);</div>
+<div class="line"><a name="l00631"></a><span class="lineno">  631</span>&#160;                                <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
+<div class="line"><a name="l00632"></a><span class="lineno">  632</span>&#160;                                <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
 <div class="line"><a name="l00633"></a><span class="lineno">  633</span>&#160;                            }</div>
-<div class="line"><a name="l00634"></a><span class="lineno">  634</span>&#160;                        }</div>
-<div class="line"><a name="l00635"></a><span class="lineno">  635</span>&#160;                        <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00636"></a><span class="lineno">  636</span>&#160;                        {</div>
-<div class="line"><a name="l00637"></a><span class="lineno">  637</span>&#160;                            total_bytes = total_bytes + byteOffset;</div>
-<div class="line"><a name="l00638"></a><span class="lineno">  638</span>&#160;                        }</div>
-<div class="line"><a name="l00639"></a><span class="lineno">  639</span>&#160; </div>
-<div class="line"><a name="l00640"></a><span class="lineno">  640</span>&#160;                    }</div>
-<div class="line"><a name="l00641"></a><span class="lineno">  641</span>&#160;                    <span class="keywordflow">if</span> (!visited.count(gep-&gt;getRHSVar()-&gt;getValue()))</div>
-<div class="line"><a name="l00642"></a><span class="lineno">  642</span>&#160;                    {</div>
-<div class="line"><a name="l00643"></a><span class="lineno">  643</span>&#160;                        visited.insert(gep-&gt;getRHSVar()-&gt;getValue());</div>
-<div class="line"><a name="l00644"></a><span class="lineno">  644</span>&#160;                        worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(gep-&gt;getRHSVar()-&gt;getValue());</div>
+<div class="line"><a name="l00634"></a><span class="lineno">  634</span>&#160;                            <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00635"></a><span class="lineno">  635</span>&#160;                            {</div>
+<div class="line"><a name="l00636"></a><span class="lineno">  636</span>&#160;                                <span class="comment">// for gep last index&#39;s type is arr, stop here.</span></div>
+<div class="line"><a name="l00637"></a><span class="lineno">  637</span>&#160;                                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00638"></a><span class="lineno">  638</span>&#160;                            }</div>
+<div class="line"><a name="l00639"></a><span class="lineno">  639</span>&#160;                        }</div>
+<div class="line"><a name="l00640"></a><span class="lineno">  640</span>&#160;                        <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00641"></a><span class="lineno">  641</span>&#160;                        {</div>
+<div class="line"><a name="l00642"></a><span class="lineno">  642</span>&#160;                            total_bytes = total_bytes + byteOffset;</div>
+<div class="line"><a name="l00643"></a><span class="lineno">  643</span>&#160;                        }</div>
+<div class="line"><a name="l00644"></a><span class="lineno">  644</span>&#160; </div>
 <div class="line"><a name="l00645"></a><span class="lineno">  645</span>&#160;                    }</div>
-<div class="line"><a name="l00646"></a><span class="lineno">  646</span>&#160;                }</div>
-<div class="line"><a name="l00647"></a><span class="lineno">  647</span>&#160;                <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1AddrStmt.html">AddrStmt</a> *addr = SVFUtil::dyn_cast&lt;AddrStmt&gt;(stmt))</div>
-<div class="line"><a name="l00648"></a><span class="lineno">  648</span>&#160;                {</div>
-<div class="line"><a name="l00649"></a><span class="lineno">  649</span>&#160;                    <span class="comment">// addrStmt is source node.</span></div>
-<div class="line"><a name="l00650"></a><span class="lineno">  650</span>&#160;                    <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a0e8b546f608417e218c2fab5a5893135">getAllocaInstByteSize</a>(addr);</div>
-<div class="line"><a name="l00651"></a><span class="lineno">  651</span>&#160;                    <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= arr_type_size ||</div>
-<div class="line"><a name="l00652"></a><span class="lineno">  652</span>&#160;                            total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0)</div>
-<div class="line"><a name="l00653"></a><span class="lineno">  653</span>&#160;                    {</div>
-<div class="line"><a name="l00654"></a><span class="lineno">  654</span>&#160;                        <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
-<div class="line"><a name="l00655"></a><span class="lineno">  655</span>&#160;                            <span class="stringliteral">&quot;Buffer overflow!! Accessing buffer range: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
-<div class="line"><a name="l00656"></a><span class="lineno">  656</span>&#160;                            <span class="stringliteral">&quot;\nAllocated buffer size: &quot;</span> + std::to_string(arr_type_size) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00657"></a><span class="lineno">  657</span>&#160;                        msg += <span class="stringliteral">&quot;Position: &quot;</span> + firstValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00658"></a><span class="lineno">  658</span>&#160;                        msg += <span class="stringliteral">&quot; The following is the value flow. [[\n&quot;</span>;</div>
-<div class="line"><a name="l00659"></a><span class="lineno">  659</span>&#160;                        <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
-<div class="line"><a name="l00660"></a><span class="lineno">  660</span>&#160;                        {</div>
-<div class="line"><a name="l00661"></a><span class="lineno">  661</span>&#160;                            msg += it-&gt;first-&gt;toString() + <span class="stringliteral">&quot;, Offset: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it-&gt;second) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00662"></a><span class="lineno">  662</span>&#160;                        }</div>
-<div class="line"><a name="l00663"></a><span class="lineno">  663</span>&#160;                        msg += <span class="stringliteral">&quot;]].\n Alloc Site: &quot;</span> + addr-&gt;toString() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00664"></a><span class="lineno">  664</span>&#160;                        <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
-<div class="line"><a name="l00665"></a><span class="lineno">  665</span>&#160;                                                 total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
-<div class="line"><a name="l00666"></a><span class="lineno">  666</span>&#160;                                                 firstValue);</div>
-<div class="line"><a name="l00667"></a><span class="lineno">  667</span>&#160;                        <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
-<div class="line"><a name="l00668"></a><span class="lineno">  668</span>&#160;                        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a name="l00669"></a><span class="lineno">  669</span>&#160;                    }</div>
-<div class="line"><a name="l00670"></a><span class="lineno">  670</span>&#160;                    <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00671"></a><span class="lineno">  671</span>&#160;                    {</div>
-<div class="line"><a name="l00672"></a><span class="lineno">  672</span>&#160; </div>
-<div class="line"><a name="l00673"></a><span class="lineno">  673</span>&#160;                        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00646"></a><span class="lineno">  646</span>&#160;                    <span class="keywordflow">if</span> (!visited.count(gep-&gt;getRHSVar()-&gt;getValue()))</div>
+<div class="line"><a name="l00647"></a><span class="lineno">  647</span>&#160;                    {</div>
+<div class="line"><a name="l00648"></a><span class="lineno">  648</span>&#160;                        visited.insert(gep-&gt;getRHSVar()-&gt;getValue());</div>
+<div class="line"><a name="l00649"></a><span class="lineno">  649</span>&#160;                        worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(gep-&gt;getRHSVar()-&gt;getValue());</div>
+<div class="line"><a name="l00650"></a><span class="lineno">  650</span>&#160;                    }</div>
+<div class="line"><a name="l00651"></a><span class="lineno">  651</span>&#160;                }</div>
+<div class="line"><a name="l00652"></a><span class="lineno">  652</span>&#160;                <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1AddrStmt.html">AddrStmt</a> *addr = SVFUtil::dyn_cast&lt;AddrStmt&gt;(stmt))</div>
+<div class="line"><a name="l00653"></a><span class="lineno">  653</span>&#160;                {</div>
+<div class="line"><a name="l00654"></a><span class="lineno">  654</span>&#160;                    <span class="comment">// addrStmt is source node.</span></div>
+<div class="line"><a name="l00655"></a><span class="lineno">  655</span>&#160;                    <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a0e8b546f608417e218c2fab5a5893135">getAllocaInstByteSize</a>(addr);</div>
+<div class="line"><a name="l00656"></a><span class="lineno">  656</span>&#160;                    <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= arr_type_size ||</div>
+<div class="line"><a name="l00657"></a><span class="lineno">  657</span>&#160;                            total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0)</div>
+<div class="line"><a name="l00658"></a><span class="lineno">  658</span>&#160;                    {</div>
+<div class="line"><a name="l00659"></a><span class="lineno">  659</span>&#160;                        <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
+<div class="line"><a name="l00660"></a><span class="lineno">  660</span>&#160;                            <span class="stringliteral">&quot;Buffer overflow!! Accessing buffer range: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
+<div class="line"><a name="l00661"></a><span class="lineno">  661</span>&#160;                            <span class="stringliteral">&quot;\nAllocated buffer size: &quot;</span> + std::to_string(arr_type_size) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00662"></a><span class="lineno">  662</span>&#160;                        msg += <span class="stringliteral">&quot;Position: &quot;</span> + firstValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00663"></a><span class="lineno">  663</span>&#160;                        msg += <span class="stringliteral">&quot; The following is the value flow. [[\n&quot;</span>;</div>
+<div class="line"><a name="l00664"></a><span class="lineno">  664</span>&#160;                        <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
+<div class="line"><a name="l00665"></a><span class="lineno">  665</span>&#160;                        {</div>
+<div class="line"><a name="l00666"></a><span class="lineno">  666</span>&#160;                            msg += it-&gt;first-&gt;toString() + <span class="stringliteral">&quot;, Offset: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it-&gt;second) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00667"></a><span class="lineno">  667</span>&#160;                        }</div>
+<div class="line"><a name="l00668"></a><span class="lineno">  668</span>&#160;                        msg += <span class="stringliteral">&quot;]].\n Alloc Site: &quot;</span> + addr-&gt;toString() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00669"></a><span class="lineno">  669</span>&#160;                        <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
+<div class="line"><a name="l00670"></a><span class="lineno">  670</span>&#160;                                                 total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
+<div class="line"><a name="l00671"></a><span class="lineno">  671</span>&#160;                                                 firstValue);</div>
+<div class="line"><a name="l00672"></a><span class="lineno">  672</span>&#160;                        <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
+<div class="line"><a name="l00673"></a><span class="lineno">  673</span>&#160;                        <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
 <div class="line"><a name="l00674"></a><span class="lineno">  674</span>&#160;                    }</div>
-<div class="line"><a name="l00675"></a><span class="lineno">  675</span>&#160;                }</div>
-<div class="line"><a name="l00676"></a><span class="lineno">  676</span>&#160;            }</div>
-<div class="line"><a name="l00677"></a><span class="lineno">  677</span>&#160;        }</div>
-<div class="line"><a name="l00678"></a><span class="lineno">  678</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFGlobalValue.html">SVF::SVFGlobalValue</a> *gvalue = SVFUtil::dyn_cast&lt;SVF::SVFGlobalValue&gt;(value))</div>
-<div class="line"><a name="l00679"></a><span class="lineno">  679</span>&#160;        {</div>
-<div class="line"><a name="l00680"></a><span class="lineno">  680</span>&#160;            <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = 0;</div>
-<div class="line"><a name="l00681"></a><span class="lineno">  681</span>&#160;            <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *svftype = gvalue-&gt;getType();</div>
-<div class="line"><a name="l00682"></a><span class="lineno">  682</span>&#160;            <span class="keywordflow">if</span> (SVFUtil::isa&lt;SVFPointerType&gt;(svftype))</div>
-<div class="line"><a name="l00683"></a><span class="lineno">  683</span>&#160;            {</div>
-<div class="line"><a name="l00684"></a><span class="lineno">  684</span>&#160;                <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *ptrArrType = SVFUtil::dyn_cast&lt;SVFArrayType&gt;(</div>
-<div class="line"><a name="l00685"></a><span class="lineno">  685</span>&#160;                        <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2057e8e1c0aaf39e74f0a8fb2a1b580c">getPointeeElement</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(gvalue))))</div>
-<div class="line"><a name="l00686"></a><span class="lineno">  686</span>&#160;                    arr_type_size = ptrArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
-<div class="line"><a name="l00687"></a><span class="lineno">  687</span>&#160;                <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00688"></a><span class="lineno">  688</span>&#160;                    arr_type_size = svftype-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
-<div class="line"><a name="l00689"></a><span class="lineno">  689</span>&#160;            }</div>
-<div class="line"><a name="l00690"></a><span class="lineno">  690</span>&#160;            <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00691"></a><span class="lineno">  691</span>&#160;                arr_type_size = svftype-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
-<div class="line"><a name="l00692"></a><span class="lineno">  692</span>&#160; </div>
-<div class="line"><a name="l00693"></a><span class="lineno">  693</span>&#160;            <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= arr_type_size || total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0)</div>
-<div class="line"><a name="l00694"></a><span class="lineno">  694</span>&#160;            {</div>
-<div class="line"><a name="l00695"></a><span class="lineno">  695</span>&#160;                <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg = <span class="stringliteral">&quot;Buffer overflow!! Accessing buffer range: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
-<div class="line"><a name="l00696"></a><span class="lineno">  696</span>&#160;                                  <span class="stringliteral">&quot;\nAllocated buffer size: &quot;</span> + std::to_string(arr_type_size) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00697"></a><span class="lineno">  697</span>&#160;                msg += <span class="stringliteral">&quot;Position: &quot;</span> + firstValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00698"></a><span class="lineno">  698</span>&#160;                msg += <span class="stringliteral">&quot; The following is the value flow.\n[[&quot;</span>;</div>
-<div class="line"><a name="l00699"></a><span class="lineno">  699</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
-<div class="line"><a name="l00700"></a><span class="lineno">  700</span>&#160;                {</div>
-<div class="line"><a name="l00701"></a><span class="lineno">  701</span>&#160;                    msg += it-&gt;first-&gt;toString() + <span class="stringliteral">&quot;, Offset: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it-&gt;second) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00702"></a><span class="lineno">  702</span>&#160;                }</div>
-<div class="line"><a name="l00703"></a><span class="lineno">  703</span>&#160;                msg += <span class="stringliteral">&quot;]]. \nAlloc Site: &quot;</span> + gvalue-&gt;toString() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
-<div class="line"><a name="l00704"></a><span class="lineno">  704</span>&#160; </div>
-<div class="line"><a name="l00705"></a><span class="lineno">  705</span>&#160;                <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
-<div class="line"><a name="l00706"></a><span class="lineno">  706</span>&#160;                                         total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), firstValue);</div>
-<div class="line"><a name="l00707"></a><span class="lineno">  707</span>&#160;                <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
-<div class="line"><a name="l00708"></a><span class="lineno">  708</span>&#160;                <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
-<div class="line"><a name="l00709"></a><span class="lineno">  709</span>&#160;            }</div>
-<div class="line"><a name="l00710"></a><span class="lineno">  710</span>&#160;            <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00711"></a><span class="lineno">  711</span>&#160;            {</div>
-<div class="line"><a name="l00712"></a><span class="lineno">  712</span>&#160;                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a name="l00713"></a><span class="lineno">  713</span>&#160;            }</div>
-<div class="line"><a name="l00714"></a><span class="lineno">  714</span>&#160;        }</div>
-<div class="line"><a name="l00715"></a><span class="lineno">  715</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a> *arg = SVFUtil::dyn_cast&lt;SVF::SVFArgument&gt;(value))</div>
-<div class="line"><a name="l00716"></a><span class="lineno">  716</span>&#160;        {</div>
-<div class="line"><a name="l00717"></a><span class="lineno">  717</span>&#160;            <a class="code" href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">AccessMemoryViaCallArgs</a>(arg, worklist, visited);</div>
-<div class="line"><a name="l00718"></a><span class="lineno">  718</span>&#160;        }</div>
-<div class="line"><a name="l00719"></a><span class="lineno">  719</span>&#160;        <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00720"></a><span class="lineno">  720</span>&#160;        {</div>
-<div class="line"><a name="l00721"></a><span class="lineno">  721</span>&#160;            <span class="comment">// maybe SVFConstant</span></div>
-<div class="line"><a name="l00722"></a><span class="lineno">  722</span>&#160;            <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
-<div class="line"><a name="l00723"></a><span class="lineno">  723</span>&#160;            <span class="comment">// therefore it loses the value flow track</span></div>
-<div class="line"><a name="l00724"></a><span class="lineno">  724</span>&#160;            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a name="l00725"></a><span class="lineno">  725</span>&#160;        }</div>
-<div class="line"><a name="l00726"></a><span class="lineno">  726</span>&#160;    }</div>
-<div class="line"><a name="l00727"></a><span class="lineno">  727</span>&#160;    <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
-<div class="line"><a name="l00728"></a><span class="lineno">  728</span>&#160;    <span class="comment">// therefore it loses the value flow track</span></div>
-<div class="line"><a name="l00729"></a><span class="lineno">  729</span>&#160;    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a name="l00730"></a><span class="lineno">  730</span>&#160;}</div>
-<div class="line"><a name="l00731"></a><span class="lineno">  731</span>&#160; </div>
-<div class="line"><a name="l00732"></a><span class="lineno">  732</span>&#160; </div>
-<div class="line"><a name="l00733"></a><span class="lineno">  733</span>&#160; </div>
-<div class="line"><a name="l00734"></a><span class="lineno">  734</span>&#160;<span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">BufOverflowChecker::handleICFGNode</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a> *node)</div>
-<div class="line"><a name="l00735"></a><span class="lineno">  735</span>&#160;{</div>
-<div class="line"><a name="l00736"></a><span class="lineno">  736</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">AbstractInterpretation::handleICFGNode</a>(node);</div>
-<div class="line"><a name="l00737"></a><span class="lineno">  737</span>&#160;    <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">detectBufOverflow</a>(node);</div>
-<div class="line"><a name="l00738"></a><span class="lineno">  738</span>&#160;}</div>
-<div class="line"><a name="l00739"></a><span class="lineno">  739</span>&#160; </div>
-<div class="line"><a name="l00740"></a><span class="lineno">  740</span>&#160;<span class="comment">//</span></div>
-<div class="line"><a name="l00741"></a><span class="lineno">  741</span>&#160;<span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">BufOverflowChecker::detectBufOverflow</a>(<span class="keyword">const</span> ICFGNode *node)</div>
-<div class="line"><a name="l00742"></a><span class="lineno">  742</span>&#160;{</div>
-<div class="line"><a name="l00743"></a><span class="lineno">  743</span>&#160;    <span class="keywordflow">for</span> (<span class="keyword">auto</span>* stmt: node-&gt;getSVFStmts())</div>
-<div class="line"><a name="l00744"></a><span class="lineno">  744</span>&#160;    {</div>
-<div class="line"><a name="l00745"></a><span class="lineno">  745</span>&#160;        <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt))</div>
-<div class="line"><a name="l00746"></a><span class="lineno">  746</span>&#160;        {</div>
-<div class="line"><a name="l00747"></a><span class="lineno">  747</span>&#160;            <span class="keyword">const</span> SVFVar* gepRhs = gep-&gt;getRHSVar();</div>
-<div class="line"><a name="l00748"></a><span class="lineno">  748</span>&#160;            <span class="keywordflow">if</span> (<span class="keyword">const</span> SVFInstruction* inst = SVFUtil::dyn_cast&lt;SVFInstruction&gt;(gepRhs-&gt;getValue()))</div>
-<div class="line"><a name="l00749"></a><span class="lineno">  749</span>&#160;            {</div>
-<div class="line"><a name="l00750"></a><span class="lineno">  750</span>&#160;                <span class="keyword">const</span> ICFGNode* icfgNode = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-&gt;<a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(inst);</div>
-<div class="line"><a name="l00751"></a><span class="lineno">  751</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">const</span> SVFStmt* stmt2: icfgNode-&gt;getSVFStmts())</div>
-<div class="line"><a name="l00752"></a><span class="lineno">  752</span>&#160;                {</div>
-<div class="line"><a name="l00753"></a><span class="lineno">  753</span>&#160;                    <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep2 = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt2))</div>
-<div class="line"><a name="l00754"></a><span class="lineno">  754</span>&#160;                    {</div>
-<div class="line"><a name="l00755"></a><span class="lineno">  755</span>&#160;                        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep2-&gt;getLHSVar()-&gt;getValue(), IntervalValue(0, 0), node);</div>
-<div class="line"><a name="l00756"></a><span class="lineno">  756</span>&#160;                    }</div>
-<div class="line"><a name="l00757"></a><span class="lineno">  757</span>&#160;                }</div>
-<div class="line"><a name="l00758"></a><span class="lineno">  758</span>&#160;            }</div>
-<div class="line"><a name="l00759"></a><span class="lineno">  759</span>&#160;        }</div>
-<div class="line"><a name="l00760"></a><span class="lineno">  760</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> LoadStmt* load =  SVFUtil::dyn_cast&lt;LoadStmt&gt;(stmt))</div>
-<div class="line"><a name="l00761"></a><span class="lineno">  761</span>&#160;        {</div>
-<div class="line"><a name="l00762"></a><span class="lineno">  762</span>&#160;            <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(load-&gt;getRHSVarID()))</div>
-<div class="line"><a name="l00763"></a><span class="lineno">  763</span>&#160;            {</div>
-<div class="line"><a name="l00764"></a><span class="lineno">  764</span>&#160;                AbstractValue Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(load-&gt;getRHSVarID());</div>
-<div class="line"><a name="l00765"></a><span class="lineno">  765</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
-<div class="line"><a name="l00766"></a><span class="lineno">  766</span>&#160;                {</div>
-<div class="line"><a name="l00767"></a><span class="lineno">  767</span>&#160;                    <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
-<div class="line"><a name="l00768"></a><span class="lineno">  768</span>&#160;                    <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
-<div class="line"><a name="l00769"></a><span class="lineno">  769</span>&#160;                    {</div>
-<div class="line"><a name="l00770"></a><span class="lineno">  770</span>&#160;                        <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
-<div class="line"><a name="l00771"></a><span class="lineno">  771</span>&#160;                        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep-&gt;getLHSVar()-&gt;getValue(), IntervalValue(0, 0), node);</div>
-<div class="line"><a name="l00772"></a><span class="lineno">  772</span>&#160;                    }</div>
-<div class="line"><a name="l00773"></a><span class="lineno">  773</span>&#160;                }</div>
-<div class="line"><a name="l00774"></a><span class="lineno">  774</span>&#160;            }</div>
-<div class="line"><a name="l00775"></a><span class="lineno">  775</span>&#160;        }</div>
-<div class="line"><a name="l00776"></a><span class="lineno">  776</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> StoreStmt* store =  SVFUtil::dyn_cast&lt;StoreStmt&gt;(stmt))</div>
-<div class="line"><a name="l00777"></a><span class="lineno">  777</span>&#160;        {</div>
-<div class="line"><a name="l00778"></a><span class="lineno">  778</span>&#160;            <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(store-&gt;getLHSVarID()))</div>
-<div class="line"><a name="l00779"></a><span class="lineno">  779</span>&#160;            {</div>
-<div class="line"><a name="l00780"></a><span class="lineno">  780</span>&#160;                AbstractValue Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(store-&gt;getLHSVarID());</div>
-<div class="line"><a name="l00781"></a><span class="lineno">  781</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
-<div class="line"><a name="l00782"></a><span class="lineno">  782</span>&#160;                {</div>
-<div class="line"><a name="l00783"></a><span class="lineno">  783</span>&#160;                    <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">_svfir2ExeState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
-<div class="line"><a name="l00784"></a><span class="lineno">  784</span>&#160;                    <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
-<div class="line"><a name="l00785"></a><span class="lineno">  785</span>&#160;                    {</div>
-<div class="line"><a name="l00786"></a><span class="lineno">  786</span>&#160;                        <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
-<div class="line"><a name="l00787"></a><span class="lineno">  787</span>&#160;                        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep-&gt;getLHSVar()-&gt;getValue(), IntervalValue(0, 0), node);</div>
-<div class="line"><a name="l00788"></a><span class="lineno">  788</span>&#160;                    }</div>
-<div class="line"><a name="l00789"></a><span class="lineno">  789</span>&#160;                }</div>
-<div class="line"><a name="l00790"></a><span class="lineno">  790</span>&#160;            }</div>
-<div class="line"><a name="l00791"></a><span class="lineno">  791</span>&#160;        }</div>
-<div class="line"><a name="l00792"></a><span class="lineno">  792</span>&#160;    }</div>
-<div class="line"><a name="l00793"></a><span class="lineno">  793</span>&#160;    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
-<div class="line"><a name="l00794"></a><span class="lineno">  794</span>&#160;}</div>
-<div class="line"><a name="l00795"></a><span class="lineno">  795</span>&#160; </div>
-<div class="line"><a name="l00796"></a><span class="lineno">  796</span>&#160;<span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">BufOverflowChecker::addBugToRecoder</a>(<span class="keyword">const</span> BufOverflowException&amp; e, <span class="keyword">const</span> ICFGNode* node)</div>
-<div class="line"><a name="l00797"></a><span class="lineno">  797</span>&#160;{</div>
-<div class="line"><a name="l00798"></a><span class="lineno">  798</span>&#160;    <span class="keyword">const</span> SVFInstruction* inst = <span class="keyword">nullptr</span>;</div>
-<div class="line"><a name="l00799"></a><span class="lineno">  799</span>&#160;    <span class="keywordflow">if</span> (<span class="keyword">const</span> CallICFGNode* call = SVFUtil::dyn_cast&lt;CallICFGNode&gt;(node))</div>
-<div class="line"><a name="l00800"></a><span class="lineno">  800</span>&#160;    {</div>
-<div class="line"><a name="l00801"></a><span class="lineno">  801</span>&#160;        inst = call-&gt;getCallSite();</div>
-<div class="line"><a name="l00802"></a><span class="lineno">  802</span>&#160;    }</div>
-<div class="line"><a name="l00803"></a><span class="lineno">  803</span>&#160;    <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00804"></a><span class="lineno">  804</span>&#160;    {</div>
-<div class="line"><a name="l00805"></a><span class="lineno">  805</span>&#160;        inst = node-&gt;getSVFStmts().back()-&gt;getInst();</div>
-<div class="line"><a name="l00806"></a><span class="lineno">  806</span>&#160;    }</div>
-<div class="line"><a name="l00807"></a><span class="lineno">  807</span>&#160;    <a class="code" href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">GenericBug::EventStack</a> eventStack;</div>
-<div class="line"><a name="l00808"></a><span class="lineno">  808</span>&#160;    SVFBugEvent sourceInstEvent(SVFBugEvent::EventType::SourceInst, inst);</div>
-<div class="line"><a name="l00809"></a><span class="lineno">  809</span>&#160;    <span class="keywordflow">for</span> (<span class="keyword">const</span> <span class="keyword">auto</span> &amp;callsite: <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">_callSiteStack</a>)</div>
-<div class="line"><a name="l00810"></a><span class="lineno">  810</span>&#160;    {</div>
-<div class="line"><a name="l00811"></a><span class="lineno">  811</span>&#160;        SVFBugEvent callSiteEvent(SVFBugEvent::EventType::CallSite, callsite-&gt;getCallSite());</div>
-<div class="line"><a name="l00812"></a><span class="lineno">  812</span>&#160;        eventStack.push_back(callSiteEvent);</div>
+<div class="line"><a name="l00675"></a><span class="lineno">  675</span>&#160;                    <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00676"></a><span class="lineno">  676</span>&#160;                    {</div>
+<div class="line"><a name="l00677"></a><span class="lineno">  677</span>&#160; </div>
+<div class="line"><a name="l00678"></a><span class="lineno">  678</span>&#160;                        <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00679"></a><span class="lineno">  679</span>&#160;                    }</div>
+<div class="line"><a name="l00680"></a><span class="lineno">  680</span>&#160;                }</div>
+<div class="line"><a name="l00681"></a><span class="lineno">  681</span>&#160;            }</div>
+<div class="line"><a name="l00682"></a><span class="lineno">  682</span>&#160;        }</div>
+<div class="line"><a name="l00683"></a><span class="lineno">  683</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFGlobalValue.html">SVF::SVFGlobalValue</a> *gvalue = SVFUtil::dyn_cast&lt;SVF::SVFGlobalValue&gt;(value))</div>
+<div class="line"><a name="l00684"></a><span class="lineno">  684</span>&#160;        {</div>
+<div class="line"><a name="l00685"></a><span class="lineno">  685</span>&#160;            <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = 0;</div>
+<div class="line"><a name="l00686"></a><span class="lineno">  686</span>&#160;            <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *svftype = gvalue-&gt;getType();</div>
+<div class="line"><a name="l00687"></a><span class="lineno">  687</span>&#160;            <span class="keywordflow">if</span> (SVFUtil::isa&lt;SVFPointerType&gt;(svftype))</div>
+<div class="line"><a name="l00688"></a><span class="lineno">  688</span>&#160;            {</div>
+<div class="line"><a name="l00689"></a><span class="lineno">  689</span>&#160;                <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *ptrArrType = SVFUtil::dyn_cast&lt;SVFArrayType&gt;(</div>
+<div class="line"><a name="l00690"></a><span class="lineno">  690</span>&#160;                        <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2057e8e1c0aaf39e74f0a8fb2a1b580c">getPointeeElement</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(gvalue))))</div>
+<div class="line"><a name="l00691"></a><span class="lineno">  691</span>&#160;                    arr_type_size = ptrArrType-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
+<div class="line"><a name="l00692"></a><span class="lineno">  692</span>&#160;                <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00693"></a><span class="lineno">  693</span>&#160;                    arr_type_size = svftype-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
+<div class="line"><a name="l00694"></a><span class="lineno">  694</span>&#160;            }</div>
+<div class="line"><a name="l00695"></a><span class="lineno">  695</span>&#160;            <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00696"></a><span class="lineno">  696</span>&#160;                arr_type_size = svftype-&gt;<a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
+<div class="line"><a name="l00697"></a><span class="lineno">  697</span>&#160; </div>
+<div class="line"><a name="l00698"></a><span class="lineno">  698</span>&#160;            <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &gt;= arr_type_size || total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() &lt; 0)</div>
+<div class="line"><a name="l00699"></a><span class="lineno">  699</span>&#160;            {</div>
+<div class="line"><a name="l00700"></a><span class="lineno">  700</span>&#160;                <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg = <span class="stringliteral">&quot;Buffer overflow!! Accessing buffer range: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
+<div class="line"><a name="l00701"></a><span class="lineno">  701</span>&#160;                                  <span class="stringliteral">&quot;\nAllocated buffer size: &quot;</span> + std::to_string(arr_type_size) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00702"></a><span class="lineno">  702</span>&#160;                msg += <span class="stringliteral">&quot;Position: &quot;</span> + firstValue-&gt;<a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00703"></a><span class="lineno">  703</span>&#160;                msg += <span class="stringliteral">&quot; The following is the value flow.\n[[&quot;</span>;</div>
+<div class="line"><a name="l00704"></a><span class="lineno">  704</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
+<div class="line"><a name="l00705"></a><span class="lineno">  705</span>&#160;                {</div>
+<div class="line"><a name="l00706"></a><span class="lineno">  706</span>&#160;                    msg += it-&gt;first-&gt;toString() + <span class="stringliteral">&quot;, Offset: &quot;</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it-&gt;second) + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00707"></a><span class="lineno">  707</span>&#160;                }</div>
+<div class="line"><a name="l00708"></a><span class="lineno">  708</span>&#160;                msg += <span class="stringliteral">&quot;]]. \nAlloc Site: &quot;</span> + gvalue-&gt;toString() + <span class="stringliteral">&quot;\n&quot;</span>;</div>
+<div class="line"><a name="l00709"></a><span class="lineno">  709</span>&#160; </div>
+<div class="line"><a name="l00710"></a><span class="lineno">  710</span>&#160;                <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
+<div class="line"><a name="l00711"></a><span class="lineno">  711</span>&#160;                                         total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), firstValue);</div>
+<div class="line"><a name="l00712"></a><span class="lineno">  712</span>&#160;                <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
+<div class="line"><a name="l00713"></a><span class="lineno">  713</span>&#160;                <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
+<div class="line"><a name="l00714"></a><span class="lineno">  714</span>&#160;            }</div>
+<div class="line"><a name="l00715"></a><span class="lineno">  715</span>&#160;            <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00716"></a><span class="lineno">  716</span>&#160;            {</div>
+<div class="line"><a name="l00717"></a><span class="lineno">  717</span>&#160;                <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00718"></a><span class="lineno">  718</span>&#160;            }</div>
+<div class="line"><a name="l00719"></a><span class="lineno">  719</span>&#160;        }</div>
+<div class="line"><a name="l00720"></a><span class="lineno">  720</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a> *arg = SVFUtil::dyn_cast&lt;SVF::SVFArgument&gt;(value))</div>
+<div class="line"><a name="l00721"></a><span class="lineno">  721</span>&#160;        {</div>
+<div class="line"><a name="l00722"></a><span class="lineno">  722</span>&#160;            <a class="code" href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">AccessMemoryViaCallArgs</a>(arg, worklist, visited);</div>
+<div class="line"><a name="l00723"></a><span class="lineno">  723</span>&#160;        }</div>
+<div class="line"><a name="l00724"></a><span class="lineno">  724</span>&#160;        <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00725"></a><span class="lineno">  725</span>&#160;        {</div>
+<div class="line"><a name="l00726"></a><span class="lineno">  726</span>&#160;            <span class="comment">// maybe SVFConstant</span></div>
+<div class="line"><a name="l00727"></a><span class="lineno">  727</span>&#160;            <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
+<div class="line"><a name="l00728"></a><span class="lineno">  728</span>&#160;            <span class="comment">// therefore it loses the value flow track</span></div>
+<div class="line"><a name="l00729"></a><span class="lineno">  729</span>&#160;            <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00730"></a><span class="lineno">  730</span>&#160;        }</div>
+<div class="line"><a name="l00731"></a><span class="lineno">  731</span>&#160;    }</div>
+<div class="line"><a name="l00732"></a><span class="lineno">  732</span>&#160;    <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
+<div class="line"><a name="l00733"></a><span class="lineno">  733</span>&#160;    <span class="comment">// therefore it loses the value flow track</span></div>
+<div class="line"><a name="l00734"></a><span class="lineno">  734</span>&#160;    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00735"></a><span class="lineno">  735</span>&#160;}</div>
+<div class="line"><a name="l00736"></a><span class="lineno">  736</span>&#160; </div>
+<div class="line"><a name="l00737"></a><span class="lineno">  737</span>&#160; </div>
+<div class="line"><a name="l00738"></a><span class="lineno">  738</span>&#160; </div>
+<div class="line"><a name="l00739"></a><span class="lineno">  739</span>&#160;<span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">BufOverflowChecker::handleICFGNode</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a> *node)</div>
+<div class="line"><a name="l00740"></a><span class="lineno">  740</span>&#160;{</div>
+<div class="line"><a name="l00741"></a><span class="lineno">  741</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">AbstractInterpretation::handleICFGNode</a>(node);</div>
+<div class="line"><a name="l00742"></a><span class="lineno">  742</span>&#160;    <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">detectBufOverflow</a>(node);</div>
+<div class="line"><a name="l00743"></a><span class="lineno">  743</span>&#160;}</div>
+<div class="line"><a name="l00744"></a><span class="lineno">  744</span>&#160; </div>
+<div class="line"><a name="l00745"></a><span class="lineno">  745</span>&#160;<span class="comment">//</span></div>
+<div class="line"><a name="l00746"></a><span class="lineno">  746</span>&#160;<span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">BufOverflowChecker::detectBufOverflow</a>(<span class="keyword">const</span> ICFGNode *node)</div>
+<div class="line"><a name="l00747"></a><span class="lineno">  747</span>&#160;{</div>
+<div class="line"><a name="l00748"></a><span class="lineno">  748</span>&#160;    <span class="keywordflow">for</span> (<span class="keyword">auto</span>* stmt: node-&gt;getSVFStmts())</div>
+<div class="line"><a name="l00749"></a><span class="lineno">  749</span>&#160;    {</div>
+<div class="line"><a name="l00750"></a><span class="lineno">  750</span>&#160;        <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt))</div>
+<div class="line"><a name="l00751"></a><span class="lineno">  751</span>&#160;        {</div>
+<div class="line"><a name="l00752"></a><span class="lineno">  752</span>&#160;            <span class="keyword">const</span> SVFVar* gepRhs = gep-&gt;getRHSVar();</div>
+<div class="line"><a name="l00753"></a><span class="lineno">  753</span>&#160;            <span class="keywordflow">if</span> (<span class="keyword">const</span> SVFInstruction* inst = SVFUtil::dyn_cast&lt;SVFInstruction&gt;(gepRhs-&gt;getValue()))</div>
+<div class="line"><a name="l00754"></a><span class="lineno">  754</span>&#160;            {</div>
+<div class="line"><a name="l00755"></a><span class="lineno">  755</span>&#160;                <span class="keyword">const</span> ICFGNode* icfgNode = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-&gt;<a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-&gt;<a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(inst);</div>
+<div class="line"><a name="l00756"></a><span class="lineno">  756</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">const</span> SVFStmt* stmt2: icfgNode-&gt;getSVFStmts())</div>
+<div class="line"><a name="l00757"></a><span class="lineno">  757</span>&#160;                {</div>
+<div class="line"><a name="l00758"></a><span class="lineno">  758</span>&#160;                    <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep2 = SVFUtil::dyn_cast&lt;GepStmt&gt;(stmt2))</div>
+<div class="line"><a name="l00759"></a><span class="lineno">  759</span>&#160;                    {</div>
+<div class="line"><a name="l00760"></a><span class="lineno">  760</span>&#160;                        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep2-&gt;getLHSVar()-&gt;getValue(), IntervalValue(0, 0), node);</div>
+<div class="line"><a name="l00761"></a><span class="lineno">  761</span>&#160;                    }</div>
+<div class="line"><a name="l00762"></a><span class="lineno">  762</span>&#160;                }</div>
+<div class="line"><a name="l00763"></a><span class="lineno">  763</span>&#160;            }</div>
+<div class="line"><a name="l00764"></a><span class="lineno">  764</span>&#160;        }</div>
+<div class="line"><a name="l00765"></a><span class="lineno">  765</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> LoadStmt* load =  SVFUtil::dyn_cast&lt;LoadStmt&gt;(stmt))</div>
+<div class="line"><a name="l00766"></a><span class="lineno">  766</span>&#160;        {</div>
+<div class="line"><a name="l00767"></a><span class="lineno">  767</span>&#160;            <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(load-&gt;getRHSVarID()))</div>
+<div class="line"><a name="l00768"></a><span class="lineno">  768</span>&#160;            {</div>
+<div class="line"><a name="l00769"></a><span class="lineno">  769</span>&#160;                AbstractValue Addrs =</div>
+<div class="line"><a name="l00770"></a><span class="lineno">  770</span>&#160;                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(load-&gt;getRHSVarID());</div>
+<div class="line"><a name="l00771"></a><span class="lineno">  771</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
+<div class="line"><a name="l00772"></a><span class="lineno">  772</span>&#160;                {</div>
+<div class="line"><a name="l00773"></a><span class="lineno">  773</span>&#160;                    <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
+<div class="line"><a name="l00774"></a><span class="lineno">  774</span>&#160;                    <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
+<div class="line"><a name="l00775"></a><span class="lineno">  775</span>&#160;                    {</div>
+<div class="line"><a name="l00776"></a><span class="lineno">  776</span>&#160;                        <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
+<div class="line"><a name="l00777"></a><span class="lineno">  777</span>&#160;                        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep-&gt;getLHSVar()-&gt;getValue(), IntervalValue(0, 0), node);</div>
+<div class="line"><a name="l00778"></a><span class="lineno">  778</span>&#160;                    }</div>
+<div class="line"><a name="l00779"></a><span class="lineno">  779</span>&#160;                }</div>
+<div class="line"><a name="l00780"></a><span class="lineno">  780</span>&#160;            }</div>
+<div class="line"><a name="l00781"></a><span class="lineno">  781</span>&#160;        }</div>
+<div class="line"><a name="l00782"></a><span class="lineno">  782</span>&#160;        <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> StoreStmt* store =  SVFUtil::dyn_cast&lt;StoreStmt&gt;(stmt))</div>
+<div class="line"><a name="l00783"></a><span class="lineno">  783</span>&#160;        {</div>
+<div class="line"><a name="l00784"></a><span class="lineno">  784</span>&#160;            <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">inVarToAddrsTable</a>(store-&gt;getLHSVarID()))</div>
+<div class="line"><a name="l00785"></a><span class="lineno">  785</span>&#160;            {</div>
+<div class="line"><a name="l00786"></a><span class="lineno">  786</span>&#160;                AbstractValue Addrs =</div>
+<div class="line"><a name="l00787"></a><span class="lineno">  787</span>&#160;                    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">getAddrs</a>(store-&gt;getLHSVarID());</div>
+<div class="line"><a name="l00788"></a><span class="lineno">  788</span>&#160;                <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
+<div class="line"><a name="l00789"></a><span class="lineno">  789</span>&#160;                {</div>
+<div class="line"><a name="l00790"></a><span class="lineno">  790</span>&#160;                    <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-&gt;<a class="code" href="classSVF_1_1SVFIR2AbsState.html#ac37760566b534d89a61d789b00efb993">getInternalID</a>(vaddr);</div>
+<div class="line"><a name="l00791"></a><span class="lineno">  791</span>&#160;                    <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
+<div class="line"><a name="l00792"></a><span class="lineno">  792</span>&#160;                    {</div>
+<div class="line"><a name="l00793"></a><span class="lineno">  793</span>&#160;                        <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
+<div class="line"><a name="l00794"></a><span class="lineno">  794</span>&#160;                        <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep-&gt;getLHSVar()-&gt;getValue(), IntervalValue(0, 0), node);</div>
+<div class="line"><a name="l00795"></a><span class="lineno">  795</span>&#160;                    }</div>
+<div class="line"><a name="l00796"></a><span class="lineno">  796</span>&#160;                }</div>
+<div class="line"><a name="l00797"></a><span class="lineno">  797</span>&#160;            }</div>
+<div class="line"><a name="l00798"></a><span class="lineno">  798</span>&#160;        }</div>
+<div class="line"><a name="l00799"></a><span class="lineno">  799</span>&#160;    }</div>
+<div class="line"><a name="l00800"></a><span class="lineno">  800</span>&#160;    <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
+<div class="line"><a name="l00801"></a><span class="lineno">  801</span>&#160;}</div>
+<div class="line"><a name="l00802"></a><span class="lineno">  802</span>&#160; </div>
+<div class="line"><a name="l00803"></a><span class="lineno">  803</span>&#160;<span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">BufOverflowChecker::addBugToRecoder</a>(<span class="keyword">const</span> BufOverflowException&amp; e, <span class="keyword">const</span> ICFGNode* node)</div>
+<div class="line"><a name="l00804"></a><span class="lineno">  804</span>&#160;{</div>
+<div class="line"><a name="l00805"></a><span class="lineno">  805</span>&#160;    <span class="keyword">const</span> SVFInstruction* inst = <span class="keyword">nullptr</span>;</div>
+<div class="line"><a name="l00806"></a><span class="lineno">  806</span>&#160;    <span class="keywordflow">if</span> (<span class="keyword">const</span> CallICFGNode* call = SVFUtil::dyn_cast&lt;CallICFGNode&gt;(node))</div>
+<div class="line"><a name="l00807"></a><span class="lineno">  807</span>&#160;    {</div>
+<div class="line"><a name="l00808"></a><span class="lineno">  808</span>&#160;        inst = call-&gt;getCallSite();</div>
+<div class="line"><a name="l00809"></a><span class="lineno">  809</span>&#160;    }</div>
+<div class="line"><a name="l00810"></a><span class="lineno">  810</span>&#160;    <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00811"></a><span class="lineno">  811</span>&#160;    {</div>
+<div class="line"><a name="l00812"></a><span class="lineno">  812</span>&#160;        inst = node-&gt;getSVFStmts().back()-&gt;getInst();</div>
 <div class="line"><a name="l00813"></a><span class="lineno">  813</span>&#160;    }</div>
-<div class="line"><a name="l00814"></a><span class="lineno">  814</span>&#160;    eventStack.push_back(sourceInstEvent);</div>
-<div class="line"><a name="l00815"></a><span class="lineno">  815</span>&#160;    <span class="keywordflow">if</span> (eventStack.size() == 0) <span class="keywordflow">return</span>;</div>
-<div class="line"><a name="l00816"></a><span class="lineno">  816</span>&#160;    <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> loc = eventStack.back().getEventLoc();</div>
-<div class="line"><a name="l00817"></a><span class="lineno">  817</span>&#160;    <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.find(loc) != <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.end())</div>
-<div class="line"><a name="l00818"></a><span class="lineno">  818</span>&#160;    {</div>
-<div class="line"><a name="l00819"></a><span class="lineno">  819</span>&#160;        <span class="keywordflow">return</span>;</div>
+<div class="line"><a name="l00814"></a><span class="lineno">  814</span>&#160;    <a class="code" href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">GenericBug::EventStack</a> eventStack;</div>
+<div class="line"><a name="l00815"></a><span class="lineno">  815</span>&#160;    SVFBugEvent sourceInstEvent(SVFBugEvent::EventType::SourceInst, inst);</div>
+<div class="line"><a name="l00816"></a><span class="lineno">  816</span>&#160;    <span class="keywordflow">for</span> (<span class="keyword">const</span> <span class="keyword">auto</span> &amp;callsite: <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">_callSiteStack</a>)</div>
+<div class="line"><a name="l00817"></a><span class="lineno">  817</span>&#160;    {</div>
+<div class="line"><a name="l00818"></a><span class="lineno">  818</span>&#160;        SVFBugEvent callSiteEvent(SVFBugEvent::EventType::CallSite, callsite-&gt;getCallSite());</div>
+<div class="line"><a name="l00819"></a><span class="lineno">  819</span>&#160;        eventStack.push_back(callSiteEvent);</div>
 <div class="line"><a name="l00820"></a><span class="lineno">  820</span>&#160;    }</div>
-<div class="line"><a name="l00821"></a><span class="lineno">  821</span>&#160;    <span class="keywordflow">else</span></div>
-<div class="line"><a name="l00822"></a><span class="lineno">  822</span>&#160;    {</div>
-<div class="line"><a name="l00823"></a><span class="lineno">  823</span>&#160;        <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.insert(loc);</div>
-<div class="line"><a name="l00824"></a><span class="lineno">  824</span>&#160;    }</div>
-<div class="line"><a name="l00825"></a><span class="lineno">  825</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a8e4f0c5f527e321369a19a0b37124079">_recoder</a>.<a class="code" href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">addAbsExecBug</a>(<a class="code" href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">GenericBug::FULLBUFOVERFLOW</a>, eventStack, e.getAllocLb(), e.getAllocUb(), e.getAccessLb(),</div>
-<div class="line"><a name="l00826"></a><span class="lineno">  826</span>&#160;                           e.getAccessUb());</div>
-<div class="line"><a name="l00827"></a><span class="lineno">  827</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a09aa739395388f64fcb3d539d58d2041">_nodeToBugInfo</a>[node] = e.what();</div>
-<div class="line"><a name="l00828"></a><span class="lineno">  828</span>&#160;}</div>
-<div class="line"><a name="l00829"></a><span class="lineno">  829</span>&#160; </div>
-<div class="line"><a name="l00830"></a><span class="lineno">  830</span>&#160;}</div>
+<div class="line"><a name="l00821"></a><span class="lineno">  821</span>&#160;    eventStack.push_back(sourceInstEvent);</div>
+<div class="line"><a name="l00822"></a><span class="lineno">  822</span>&#160;    <span class="keywordflow">if</span> (eventStack.size() == 0) <span class="keywordflow">return</span>;</div>
+<div class="line"><a name="l00823"></a><span class="lineno">  823</span>&#160;    <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> loc = eventStack.back().getEventLoc();</div>
+<div class="line"><a name="l00824"></a><span class="lineno">  824</span>&#160;    <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.find(loc) != <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.end())</div>
+<div class="line"><a name="l00825"></a><span class="lineno">  825</span>&#160;    {</div>
+<div class="line"><a name="l00826"></a><span class="lineno">  826</span>&#160;        <span class="keywordflow">return</span>;</div>
+<div class="line"><a name="l00827"></a><span class="lineno">  827</span>&#160;    }</div>
+<div class="line"><a name="l00828"></a><span class="lineno">  828</span>&#160;    <span class="keywordflow">else</span></div>
+<div class="line"><a name="l00829"></a><span class="lineno">  829</span>&#160;    {</div>
+<div class="line"><a name="l00830"></a><span class="lineno">  830</span>&#160;        <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.insert(loc);</div>
+<div class="line"><a name="l00831"></a><span class="lineno">  831</span>&#160;    }</div>
+<div class="line"><a name="l00832"></a><span class="lineno">  832</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a8e4f0c5f527e321369a19a0b37124079">_recoder</a>.<a class="code" href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">addAbsExecBug</a>(<a class="code" href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">GenericBug::FULLBUFOVERFLOW</a>, eventStack, e.getAllocLb(), e.getAllocUb(), e.getAccessLb(),</div>
+<div class="line"><a name="l00833"></a><span class="lineno">  833</span>&#160;                           e.getAccessUb());</div>
+<div class="line"><a name="l00834"></a><span class="lineno">  834</span>&#160;    <a class="code" href="classSVF_1_1AbstractInterpretation.html#a09aa739395388f64fcb3d539d58d2041">_nodeToBugInfo</a>[node] = e.what();</div>
+<div class="line"><a name="l00835"></a><span class="lineno">  835</span>&#160;}</div>
+<div class="line"><a name="l00836"></a><span class="lineno">  836</span>&#160; </div>
+<div class="line"><a name="l00837"></a><span class="lineno">  837</span>&#160;}</div>
 </div><!-- fragment --></div><!-- contents -->
 <div class="ttc" id="aclassSVF_1_1SVFBugReport_html_a05f395eff23619ed10c31c0acda949e2"><div class="ttname"><a href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">SVF::SVFBugReport::addAbsExecBug</a></div><div class="ttdeci">void addAbsExecBug(GenericBug::BugType bugType, const GenericBug::EventStack &amp;eventStack, s64_t allocLowerBound, s64_t allocUpperBound, s64_t accessLowerBound, s64_t accessUpperBound)</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00367">SVFBugReport.h:367</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFValue_html_a2401b022638769f59f86ab424a189b6e"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">SVF::SVFValue::getName</a></div><div class="ttdeci">const std::string &amp; getName() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00243">SVFValue.h:243</a></div></div>
@@ -903,21 +910,20 @@ $(function() {
 <div class="ttc" id="aclassSVF_1_1AddrStmt_html"><div class="ttname"><a href="classSVF_1_1AddrStmt.html">SVF::AddrStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00313">SVFStatements.h:313</a></div></div>
 <div class="ttc" id="astructSVF_1_1AbstractValue_html_ab1fe6a57f784971b3bc603dbfda746e8"><div class="ttname"><a href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">SVF::AbstractValue::getAddrs</a></div><div class="ttdeci">AddressValue &amp; getAddrs()</div><div class="ttdef"><b>Definition:</b> <a href="AbstractValue_8h_source.html#l00171">AbstractValue.h:171</a></div></div>
 <div class="ttc" id="aBufOverflowChecker_8h_html"><div class="ttname"><a href="BufOverflowChecker_8h.html">BufOverflowChecker.h</a></div></div>
-<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad68fa02efad8b628e4542dc9ab6c58bf"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const AbstractValue &amp;len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00489">BufOverflowChecker.cpp:489</a></div></div>
+<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad68fa02efad8b628e4542dc9ab6c58bf"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const AbstractValue &amp;len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00492">BufOverflowChecker.cpp:492</a></div></div>
 <div class="ttc" id="aclassSVF_1_1IRGraph_html_a43514023a4f4d0c32f536f51443b0efc"><div class="ttname"><a href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">SVF::IRGraph::getValueNode</a></div><div class="ttdeci">NodeID getValueNode(const SVFValue *V)</div><div class="ttdef"><b>Definition:</b> <a href="IRGraph_8h_source.html#l00137">IRGraph.h:137</a></div></div>
 <div class="ttc" id="anamespaceSVF_html_af739db846e47ba6b2fd15eaad31ab7fb"><div class="ttname"><a href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">SVF::Set</a></div><div class="ttdeci">std::unordered_set&lt; Key, Hash, KeyEqual, Allocator &gt; Set</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00096">GeneralType.h:96</a></div></div>
 <div class="ttc" id="aclassSVF_1_1CallICFGNode_html_a90fd0b8e44fba1a7eb76d15bce085d66"><div class="ttname"><a href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">SVF::CallICFGNode::getCallSite</a></div><div class="ttdeci">const SVFInstruction * getCallSite() const</div><div class="ttdoc">Return callsite.</div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00409">ICFGNode.h:409</a></div></div>
 <div class="ttc" id="aclassSVF_1_1IntervalValue_html_a0df07a2659cbf3a918de5b0d7c407264"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">SVF::IntervalValue::lb</a></div><div class="ttdeci">const NumericLiteral &amp; lb() const</div><div class="ttdoc">Return the lower bound.</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00206">IntervalValue.h:206</a></div></div>
 <div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_afa6b30220b0b3261205a909def9ca44e"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">SVF::BufOverflowChecker::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const SVF::ICFGNode *node) override</div></div>
 <div class="ttc" id="anamespaceSVF_html"><div class="ttname"><a href="namespaceSVF.html">SVF</a></div><div class="ttdoc">for isBitcode</div><div class="ttdef"><b>Definition:</b> <a href="BasicTypes_8h_source.html#l00067">BasicTypes.h:67</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a5bba3c0570d73acc743742a30af1b0b4"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">SVF::AbstractInterpretation::getStrlen</a></div><div class="ttdeci">AbstractValue getStrlen(const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01451">AbstractInterpretation.cpp:1451</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a5bba3c0570d73acc743742a30af1b0b4"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">SVF::AbstractInterpretation::getStrlen</a></div><div class="ttdeci">AbstractValue getStrlen(const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01464">AbstractInterpretation.cpp:1464</a></div></div>
 <div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a9815a5b31ac7dc21239d08e5b9f61106"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVF::SVFUtil::getSVFCallSite</a></div><div class="ttdeci">CallSite getSVFCallSite(const SVFInstruction *inst)</div><div class="ttdoc">Return LLVM callsite given an instruction.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00196">SVFUtil.h:196</a></div></div>
 <div class="ttc" id="aclassSVF_1_1ICFGNode_html_a6c68f52dd90728073fb79141df9b0661"><div class="ttname"><a href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">SVF::ICFGNode::getSVFStmts</a></div><div class="ttdeci">const SVFStmtList &amp; getSVFStmts() const</div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00127">ICFGNode.h:127</a></div></div>
 <div class="ttc" id="astructSVF_1_1BufOverflowException_html"><div class="ttname"><a href="structSVF_1_1BufOverflowException.html">SVF::BufOverflowException</a></div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00036">BufOverflowChecker.h:36</a></div></div>
 <div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_ac71522e8c55f84cfc6c13a0ddff18436"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVF::SVFUtil::wrnMsg</a></div><div class="ttdeci">std::string wrnMsg(const std::string &amp;msg)</div><div class="ttdoc">Returns warning message by converting a string into yellow string output.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8cpp_source.html#l00061">SVFUtil.cpp:61</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFValue_html_a11f2d9b6e969ede6fca2c204cc15b821"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">SVF::SVFValue::getType</a></div><div class="ttdeci">virtual const SVFType * getType() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00256">SVFValue.h:256</a></div></div>
 <div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad8b2f2fa6f22b9d1655135c819cbad8a"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">SVF::BufOverflowChecker::detectStrcpy</a></div><div class="ttdeci">bool detectStrcpy(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00124">BufOverflowChecker.cpp:124</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_af78f068a373ebb6a2f14dcde980a9dae"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#af78f068a373ebb6a2f14dcde980a9dae">SVF::AbstractInterpretation::_svfir2ExeState</a></div><div class="ttdeci">SVFIR2AbsState * _svfir2ExeState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00345">AbstractInterpretation.h:345</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFVar_html_ac2db6304ea5526fb446ae882983beeb0"><div class="ttname"><a href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">SVF::SVFVar::getValue</a></div><div class="ttdeci">const SVFValue * getValue() const</div><div class="ttdoc">Get/has methods of the components.</div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00094">SVFVariables.h:94</a></div></div>
 <div class="ttc" id="aclassSVF_1_1GenericBug_html_acc65b033bfd61257d5b6fdbf932dfafe"><div class="ttname"><a href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">SVF::GenericBug::EventStack</a></div><div class="ttdeci">std::vector&lt; SVFBugEvent &gt; EventStack</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00083">SVFBugReport.h:83</a></div></div>
 <div class="ttc" id="aclassSVF_1_1ICFGNode_html"><div class="ttname"><a href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a></div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00054">ICFGNode.h:54</a></div></div>
@@ -937,7 +943,7 @@ $(function() {
 <div class="ttc" id="aclassSVF_1_1GenericBug_html_a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747"><div class="ttname"><a href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">SVF::GenericBug::FULLBUFOVERFLOW</a></div><div class="ttdeci">@ FULLBUFOVERFLOW</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00086">SVFBugReport.h:86</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFFunction_html_a067bd6dbaf74a028d546fa56b095791b"><div class="ttname"><a href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">SVF::SVFFunction::getAnnotations</a></div><div class="ttdeci">const std::vector&lt; std::string &gt; &amp; getAnnotations() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00466">SVFValue.h:466</a></div></div>
 <div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aa68f8aef09481d7c07dc59d7dfb83822"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">SVF::BufOverflowChecker::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00376">BufOverflowChecker.cpp:376</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a0e8b546f608417e218c2fab5a5893135"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a0e8b546f608417e218c2fab5a5893135">SVF::AbstractInterpretation::getAllocaInstByteSize</a></div><div class="ttdeci">u32_t getAllocaInstByteSize(const AddrStmt *addr)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01286">AbstractInterpretation.cpp:1286</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a0e8b546f608417e218c2fab5a5893135"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a0e8b546f608417e218c2fab5a5893135">SVF::AbstractInterpretation::getAllocaInstByteSize</a></div><div class="ttdeci">u32_t getAllocaInstByteSize(const AddrStmt *addr)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01296">AbstractInterpretation.cpp:1296</a></div></div>
 <div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a145abbd2958629718fbca41d25c3124d"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVF::SVFUtil::getCallee</a></div><div class="ttdeci">const SVFFunction * getCallee(const CallSite cs)</div><div class="ttdoc">Return callee of a callsite. Return null if this is an indirect call.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00241">SVFUtil.h:241</a></div></div>
 <div class="ttc" id="aSVFType_8h_html"><div class="ttname"><a href="SVFType_8h.html">SVFType.h</a></div></div>
 <div class="ttc" id="aclassSVF_1_1NumericLiteral_html_a4181e5e15e10304ea524e5f8b2a3f576"><div class="ttname"><a href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">SVF::NumericLiteral::getNumeral</a></div><div class="ttdeci">s64_t getNumeral() const</div><div class="ttdoc">Return Numeral, default type is double in case to support both int and float.</div><div class="ttdef"><b>Definition:</b> <a href="NumericLiteral_8h_source.html#l00132">NumericLiteral.h:132</a></div></div>
@@ -950,14 +956,13 @@ $(function() {
 <div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a5e0a88ebef4ae740983726e7f1b5eb"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">SVF::AbstractInterpretation::_bugLoc</a></div><div class="ttdeci">Set&lt; std::string &gt; _bugLoc</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00352">AbstractInterpretation.h:352</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a21e927af79c73460ff5629cbd4961163"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a21e927af79c73460ff5629cbd4961163">SVF::SVFIR2AbsState::getByteOffset</a></div><div class="ttdeci">AbstractValue getByteOffset(const GepStmt *gep)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8cpp_source.html#l00415">SVFIR2AbsState.cpp:415</a></div></div>
 <div class="ttc" id="aclassSVF_1_1CallICFGNode_html"><div class="ttname"><a href="classSVF_1_1CallICFGNode.html">SVF::CallICFGNode</a></div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00385">ICFGNode.h:385</a></div></div>
-<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_afe8766165bfc4be1f9d5f5df25c954a3"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#afe8766165bfc4be1f9d5f5df25c954a3">SVF::SVFIR2AbsState::getEs</a></div><div class="ttdeci">AbstractState &amp; getEs()</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00054">SVFIR2AbsState.h:54</a></div></div>
 <div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">SVF::AbstractInterpretation::MEMCPY</a></div><div class="ttdeci">@ MEMCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFType_html"><div class="ttname"><a href="classSVF_1_1SVFType.html">SVF::SVFType</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00156">SVFType.h:156</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a048e203517ac727e6fe0653e1f24052c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">SVF::AbstractInterpretation::AccessMemoryViaCallArgs</a></div><div class="ttdeci">void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01731">AbstractInterpretation.cpp:1731</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a048e203517ac727e6fe0653e1f24052c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">SVF::AbstractInterpretation::AccessMemoryViaCallArgs</a></div><div class="ttdeci">void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01751">AbstractInterpretation.cpp:1751</a></div></div>
 <div class="ttc" id="aclassSVF_1_1ICFG_html_a5f2c0aaba07d6fdd63058da0fb60ca8b"><div class="ttname"><a href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">SVF::ICFG::getICFGNode</a></div><div class="ttdeci">ICFGNode * getICFGNode(NodeID id) const</div><div class="ttdoc">Get a ICFG node.</div><div class="ttdef"><b>Definition:</b> <a href="ICFG_8h_source.html#l00092">ICFG.h:92</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFFunction_html"><div class="ttname"><a href="classSVF_1_1SVFFunction.html">SVF::SVFFunction</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00297">SVFValue.h:297</a></div></div>
 <div class="ttc" id="aclassSVF_1_1FILOWorkList_html_afcf3fcda18e8d3e2bad70a51376c0ce1"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">SVF::FILOWorkList::push</a></div><div class="ttdeci">bool push(const Data &amp;data)</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00257">WorkList.h:257</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a550c12360c2149ba0e55bdf4cf7b8dd0"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">SVF::AbstractInterpretation::AccessMemoryViaCopyStmt</a></div><div class="ttdeci">void AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01702">AbstractInterpretation.cpp:1702</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a550c12360c2149ba0e55bdf4cf7b8dd0"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">SVF::AbstractInterpretation::AccessMemoryViaCopyStmt</a></div><div class="ttdeci">void AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01721">AbstractInterpretation.cpp:1721</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFConstantInt_html"><div class="ttname"><a href="classSVF_1_1SVFConstantInt.html">SVF::SVFConstantInt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00966">SVFValue.h:966</a></div></div>
 <div class="ttc" id="aclassSVF_1_1IntervalValue_html_adac2dc2c9f744a071ad3f0175ed40cd9"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">SVF::IntervalValue::ub</a></div><div class="ttdeci">const NumericLiteral &amp; ub() const</div><div class="ttdoc">Return the upper bound.</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00213">IntervalValue.h:213</a></div></div>
 <div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a52de7d619e8746a70718719306d7c5a1"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">SVF::BufOverflowChecker::detectBufOverflow</a></div><div class="ttdeci">bool detectBufOverflow(const ICFGNode *node)</div></div>
@@ -965,16 +970,18 @@ $(function() {
 <div class="ttc" id="aclassSVF_1_1SVFStmt_html"><div class="ttname"><a href="classSVF_1_1SVFStmt.html">SVF::SVFStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00051">SVFStatements.h:51</a></div></div>
 <div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af83b65ed98cd4e0f6cd92962e7392d4d"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">SVF::BufOverflowChecker::_extAPIBufOverflowCheckRules</a></div><div class="ttdeci">Map&lt; std::string, std::vector&lt; std::pair&lt; u32_t, u32_t &gt; &gt; &gt; _extAPIBufOverflowCheckRules</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00202">BufOverflowChecker.h:202</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFVar_html"><div class="ttname"><a href="classSVF_1_1SVFVar.html">SVF::SVFVar</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00045">SVFVariables.h:45</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9c592b91a1e3d72ada730387232a2fcf"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">SVF::AbstractInterpretation::_svfir2AbsState</a></div><div class="ttdeci">SVFIR2AbsState * _svfir2AbsState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00345">AbstractInterpretation.h:345</a></div></div>
 <div class="ttc" id="aclassSVF_1_1LoadStmt_html"><div class="ttname"><a href="classSVF_1_1LoadStmt.html">SVF::LoadStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00489">SVFStatements.h:489</a></div></div>
 <div class="ttc" id="aclassSVF_1_1IntervalValue_html"><div class="ttname"><a href="classSVF_1_1IntervalValue.html">SVF::IntervalValue</a></div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00043">IntervalValue.h:43</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a6cac9b69d85111a5a26373ec848a3282"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">SVF::AbstractInterpretation::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01170">AbstractInterpretation.cpp:1170</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a6cac9b69d85111a5a26373ec848a3282"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">SVF::AbstractInterpretation::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01174">AbstractInterpretation.cpp:1174</a></div></div>
 <div class="ttc" id="aclassSVF_1_1GenericGraph_html_a43c9c773bfa17abf481c33073e30d01b"><div class="ttname"><a href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">SVF::GenericGraph::getGNode</a></div><div class="ttdeci">NodeType * getGNode(NodeID id) const</div><div class="ttdoc">Get a node.</div><div class="ttdef"><b>Definition:</b> <a href="GenericGraph_8h_source.html#l00406">GenericGraph.h:406</a></div></div>
 <div class="ttc" id="aclassSVF_1_1Options_html_afbe432aabda95308e2c190a04d227a6d"><div class="ttname"><a href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">SVF::Options::BufferOverflowCheck</a></div><div class="ttdeci">static const Option&lt; bool &gt; BufferOverflowCheck</div><div class="ttdoc">buffer overflow checker, Default: false</div><div class="ttdef"><b>Definition:</b> <a href="Options_8h_source.html#l00271">Options.h:271</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a29fe7c63c61a7aec8ae1477a061f5bf2"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">SVF::AbstractInterpretation::AccessMemoryViaRetNode</a></div><div class="ttdeci">void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01677">AbstractInterpretation.cpp:1677</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a29fe7c63c61a7aec8ae1477a061f5bf2"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">SVF::AbstractInterpretation::AccessMemoryViaRetNode</a></div><div class="ttdeci">void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01696">AbstractInterpretation.cpp:1696</a></div></div>
 <div class="ttc" id="aclassSVF_1_1AbstractState_html"><div class="ttname"><a href="classSVF_1_1AbstractState.html">SVF::AbstractState</a></div><div class="ttdef"><b>Definition:</b> <a href="AbstractState_8h_source.html#l00054">AbstractState.h:54</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_ac60581a57407fa4c65b1975f5be687b8"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#ac60581a57407fa4c65b1975f5be687b8">SVF::AbstractInterpretation::AccessMemoryViaLoadStmt</a></div><div class="ttdeci">void AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01711">AbstractInterpretation.cpp:1711</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_ac60581a57407fa4c65b1975f5be687b8"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#ac60581a57407fa4c65b1975f5be687b8">SVF::AbstractInterpretation::AccessMemoryViaLoadStmt</a></div><div class="ttdeci">void AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList&lt; const SVFValue * &gt; &amp;worklist, Set&lt; const SVFValue * &gt; &amp;visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01730">AbstractInterpretation.cpp:1730</a></div></div>
 <div class="ttc" id="anamespaceSVF_html_a9b707002523ece2ac54ca893ee9a2d4e"><div class="ttname"><a href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">SVF::s32_t</a></div><div class="ttdeci">signed s32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00047">GeneralType.h:47</a></div></div>
 <div class="ttc" id="aclassSVF_1_1GepStmt_html"><div class="ttname"><a href="classSVF_1_1GepStmt.html">SVF::GepStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00526">SVFStatements.h:526</a></div></div>
+<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a99b526db536fb241ff755a82a45123fa"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">SVF::SVFIR2AbsState::getAbsState</a></div><div class="ttdeci">AbstractState &amp; getAbsState()</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00054">SVFIR2AbsState.h:54</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFIR_html_abda052b73e869ed6d7c139ad1528da11"><div class="ttname"><a href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">SVF::SVFIR::getICFG</a></div><div class="ttdeci">ICFG * getICFG() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR_8h_source.html#l00170">SVFIR.h:170</a></div></div>
 <div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616da"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">SVF::AbstractInterpretation::ExtAPIType</a></div><div class="ttdeci">ExtAPIType</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_aa3e62b9ef912def502b95992199f5d8c"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">SVF::SVFIR2AbsState::getAddrs</a></div><div class="ttdeci">AbstractValue &amp; getAddrs(u32_t id)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00113">SVFIR2AbsState.h:113</a></div></div>
@@ -987,11 +994,11 @@ $(function() {
 <div class="ttc" id="aclassSVF_1_1FILOWorkList_html_a071a624c91def82a4bbbf3806c7b7eea"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">SVF::FILOWorkList::empty</a></div><div class="ttdeci">bool empty() const</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00238">WorkList.h:238</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFValue_html_a4a0cfe3a8f37d33ffcdca3d66026dcc3"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">SVF::SVFValue::toString</a></div><div class="ttdeci">std::string toString() const</div><div class="ttdoc">Needs to be implemented by a SVF front end.</div><div class="ttdef"><b>Definition:</b> <a href="LLVMUtil_8cpp_source.html#l00943">LLVMUtil.cpp:943</a></div></div>
 <div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a8e4f0c5f527e321369a19a0b37124079"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a8e4f0c5f527e321369a19a0b37124079">SVF::AbstractInterpretation::_recoder</a></div><div class="ttdeci">SVFBugReport _recoder</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00353">AbstractInterpretation.h:353</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a896d04a02951947bc228bf97b2c00313"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">SVF::AbstractInterpretation::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00829">AbstractInterpretation.cpp:829</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a896d04a02951947bc228bf97b2c00313"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">SVF::AbstractInterpretation::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00830">AbstractInterpretation.cpp:830</a></div></div>
 <div class="ttc" id="aWorkList_8h_html"><div class="ttname"><a href="WorkList_8h.html">WorkList.h</a></div></div>
 <div class="ttc" id="acJSON_8cpp_html_a7669ee67a0563250c1efaa24d130e1ac"><div class="ttname"><a href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a></div><div class="ttdeci">copy</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8cpp_source.html#l00414">cJSON.cpp:414</a></div></div>
 <div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">SVF::AbstractInterpretation::STRCAT</a></div><div class="ttdeci">@ STRCAT</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
-<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a1ed3cb0a1a118d9e505b192841a58dde"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">SVF::BufOverflowChecker::handleExtAPI</a></div><div class="ttdeci">void handleExtAPI(const CallICFGNode *call) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00414">BufOverflowChecker.cpp:414</a></div></div>
+<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a1ed3cb0a1a118d9e505b192841a58dde"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">SVF::BufOverflowChecker::handleExtAPI</a></div><div class="ttdeci">void handleExtAPI(const CallICFGNode *call) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00415">BufOverflowChecker.cpp:415</a></div></div>
 <div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">SVF::AbstractInterpretation::MEMSET</a></div><div class="ttdeci">@ MEMSET</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
 <div class="ttc" id="aclassSVF_1_1FILOWorkList_html_a3fd9acb6d09fd142bfd402fdf8cac93b"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">SVF::FILOWorkList::pop</a></div><div class="ttdeci">Data pop()</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00272">WorkList.h:272</a></div></div>
 <div class="ttc" id="aclassSVF_1_1FILOWorkList_html"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList</a></div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00042">AbstractInterpretation.h:42</a></div></div>
@@ -999,9 +1006,9 @@ $(function() {
 <div class="ttc" id="anamespaceSVF_html_a43a65e0d33af3c743294f7a1139d2301"><div class="ttname"><a href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">SVF::NodeID</a></div><div class="ttdeci">unsigned NodeID</div><div class="ttdef"><b>Definition:</b> <a href="svf-llvm_2tools_2MTA_2MTAResultValidator_8h_source.html#l00020">MTAResultValidator.h:20</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFType_html_a870b63af2bf9fe43cdf1df3d56b20f6c"><div class="ttname"><a href="classSVF_1_1SVFType.html#a870b63af2bf9fe43cdf1df3d56b20f6c">SVF::SVFType::isPointerTy</a></div><div class="ttdeci">bool isPointerTy() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00249">SVFType.h:249</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFVar_html_ab6f95d3e7e099d75cfc9645ebc037047"><div class="ttname"><a href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">SVF::SVFVar::getType</a></div><div class="ttdeci">virtual const SVFType * getType() const</div><div class="ttdoc">Return type of the value.</div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00107">SVFVariables.h:107</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9b179466955023f275b6692b59048846"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">SVF::AbstractInterpretation::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00673">AbstractInterpretation.cpp:673</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9b179466955023f275b6692b59048846"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">SVF::AbstractInterpretation::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00674">AbstractInterpretation.cpp:674</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFArgument_html"><div class="ttname"><a href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00897">SVFValue.h:897</a></div></div>
-<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2057e8e1c0aaf39e74f0a8fb2a1b580c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2057e8e1c0aaf39e74f0a8fb2a1b580c">SVF::AbstractInterpretation::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01602">AbstractInterpretation.cpp:1602</a></div></div>
+<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2057e8e1c0aaf39e74f0a8fb2a1b580c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2057e8e1c0aaf39e74f0a8fb2a1b580c">SVF::AbstractInterpretation::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01620">AbstractInterpretation.cpp:1620</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFArrayType_html_a28da1169748e38b891133b76568a2759"><div class="ttname"><a href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">SVF::SVFArrayType::getTypeOfElement</a></div><div class="ttdeci">const SVFType * getTypeOfElement() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00399">SVFType.h:399</a></div></div>
 <div class="ttc" id="aclassSVF_1_1SVFInstruction_html"><div class="ttname"><a href="classSVF_1_1SVFInstruction.html">SVF::SVFInstruction</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00631">SVFValue.h:631</a></div></div>
 <div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a0088456e712c555cbfba6203aec38037"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">SVF::BufOverflowChecker::_addrToGep</a></div><div class="ttdeci">Map&lt; NodeID, const GepStmt * &gt; _addrToGep</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00201">BufOverflowChecker.h:201</a></div></div>