svf-tools 1.0.913 → 1.0.914
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SVF-doxygen/html/AbstractInterpretation_8cpp.html +6 -4
- package/SVF-doxygen/html/AbstractInterpretation_8cpp_source.html +1592 -1609
- package/SVF-doxygen/html/AbstractInterpretation_8h_source.html +157 -144
- package/SVF-doxygen/html/BufOverflowChecker_8cpp_source.html +797 -786
- package/SVF-doxygen/html/BufOverflowChecker_8h_source.html +7 -7
- package/SVF-doxygen/html/SVFIR2AbsState_8cpp_source.html +815 -826
- package/SVF-doxygen/html/SVFIR2AbsState_8h_source.html +153 -196
- package/SVF-doxygen/html/classSVF_1_1AEStat.html +116 -120
- package/SVF-doxygen/html/classSVF_1_1AbstractInterpretation-members.html +32 -32
- package/SVF-doxygen/html/classSVF_1_1AbstractInterpretation.html +1736 -1681
- package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker-members.html +32 -32
- package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker.html +471 -462
- package/SVF-doxygen/html/classSVF_1_1SVFIR2AbsState-members.html +35 -47
- package/SVF-doxygen/html/classSVF_1_1SVFIR2AbsState.html +1261 -1546
- package/SVF-doxygen/html/dir_9a8e7a56f4029a0d9f62b1c6d1f6e85b.html +0 -2
- package/SVF-doxygen/html/files.html +0 -1
- package/SVF-doxygen/html/functions.html +4 -7
- package/SVF-doxygen/html/functions_a.html +2 -2
- package/SVF-doxygen/html/functions_f.html +3 -3
- package/SVF-doxygen/html/functions_func.html +2 -2
- package/SVF-doxygen/html/functions_func_g.html +40 -40
- package/SVF-doxygen/html/functions_func_h.html +21 -57
- package/SVF-doxygen/html/functions_func_i.html +23 -14
- package/SVF-doxygen/html/functions_func_n.html +1 -1
- package/SVF-doxygen/html/functions_func_s.html +13 -19
- package/SVF-doxygen/html/functions_func_t.html +1 -1
- package/SVF-doxygen/html/functions_func_w.html +1 -1
- package/SVF-doxygen/html/functions_g.html +35 -35
- package/SVF-doxygen/html/functions_h.html +18 -54
- package/SVF-doxygen/html/functions_i.html +32 -23
- package/SVF-doxygen/html/functions_l.html +3 -3
- package/SVF-doxygen/html/functions_n.html +1 -1
- package/SVF-doxygen/html/functions_o.html +4 -4
- package/SVF-doxygen/html/functions_p.html +16 -14
- package/SVF-doxygen/html/functions_r.html +6 -6
- package/SVF-doxygen/html/functions_s.html +22 -26
- package/SVF-doxygen/html/functions_t.html +13 -13
- package/SVF-doxygen/html/functions_v.html +3 -3
- package/SVF-doxygen/html/functions_vars.html +4 -7
- package/SVF-doxygen/html/functions_w.html +1 -1
- package/SVF-doxygen/html/search/all_0.js +131 -132
- package/SVF-doxygen/html/search/all_1.js +504 -504
- package/SVF-doxygen/html/search/all_10.js +326 -326
- package/SVF-doxygen/html/search/all_11.js +227 -227
- package/SVF-doxygen/html/search/all_12.js +559 -562
- package/SVF-doxygen/html/search/all_13.js +186 -186
- package/SVF-doxygen/html/search/all_14.js +74 -74
- package/SVF-doxygen/html/search/all_15.js +175 -175
- package/SVF-doxygen/html/search/all_16.js +77 -77
- package/SVF-doxygen/html/search/all_17.js +1 -1
- package/SVF-doxygen/html/search/all_18.js +1 -1
- package/SVF-doxygen/html/search/all_19.js +27 -27
- package/SVF-doxygen/html/search/all_1a.js +174 -174
- package/SVF-doxygen/html/search/all_2.js +180 -180
- package/SVF-doxygen/html/search/all_3.js +635 -635
- package/SVF-doxygen/html/search/all_4.js +237 -237
- package/SVF-doxygen/html/search/all_5.js +120 -120
- package/SVF-doxygen/html/search/all_6.js +236 -236
- package/SVF-doxygen/html/search/all_7.js +1039 -1039
- package/SVF-doxygen/html/search/all_8.js +212 -224
- package/SVF-doxygen/html/search/all_9.js +630 -627
- package/SVF-doxygen/html/search/all_a.js +46 -46
- package/SVF-doxygen/html/search/all_b.js +24 -24
- package/SVF-doxygen/html/search/all_c.js +111 -111
- package/SVF-doxygen/html/search/all_d.js +204 -204
- package/SVF-doxygen/html/search/all_e.js +207 -207
- package/SVF-doxygen/html/search/all_f.js +122 -122
- package/SVF-doxygen/html/search/classes_0.js +29 -29
- package/SVF-doxygen/html/search/classes_1.js +11 -11
- package/SVF-doxygen/html/search/classes_10.js +71 -71
- package/SVF-doxygen/html/search/classes_11.js +14 -14
- package/SVF-doxygen/html/search/classes_12.js +2 -2
- package/SVF-doxygen/html/search/classes_13.js +10 -10
- package/SVF-doxygen/html/search/classes_14.js +19 -19
- package/SVF-doxygen/html/search/classes_15.js +1 -1
- package/SVF-doxygen/html/search/classes_2.js +72 -72
- package/SVF-doxygen/html/search/classes_3.js +35 -35
- package/SVF-doxygen/html/search/classes_4.js +7 -7
- package/SVF-doxygen/html/search/classes_5.js +28 -28
- package/SVF-doxygen/html/search/classes_6.js +98 -98
- package/SVF-doxygen/html/search/classes_7.js +33 -33
- package/SVF-doxygen/html/search/classes_8.js +57 -57
- package/SVF-doxygen/html/search/classes_9.js +1 -1
- package/SVF-doxygen/html/search/classes_a.js +12 -12
- package/SVF-doxygen/html/search/classes_b.js +29 -29
- package/SVF-doxygen/html/search/classes_c.js +6 -6
- package/SVF-doxygen/html/search/classes_d.js +19 -19
- package/SVF-doxygen/html/search/classes_e.js +36 -36
- package/SVF-doxygen/html/search/classes_f.js +25 -25
- package/SVF-doxygen/html/search/defines_0.js +3 -3
- package/SVF-doxygen/html/search/defines_1.js +3 -3
- package/SVF-doxygen/html/search/defines_10.js +2 -2
- package/SVF-doxygen/html/search/defines_2.js +30 -30
- package/SVF-doxygen/html/search/defines_3.js +20 -20
- package/SVF-doxygen/html/search/defines_4.js +3 -3
- package/SVF-doxygen/html/search/defines_5.js +4 -4
- package/SVF-doxygen/html/search/defines_6.js +2 -2
- package/SVF-doxygen/html/search/defines_7.js +5 -5
- package/SVF-doxygen/html/search/defines_8.js +11 -11
- package/SVF-doxygen/html/search/defines_9.js +9 -9
- package/SVF-doxygen/html/search/defines_a.js +2 -2
- package/SVF-doxygen/html/search/defines_b.js +1 -1
- package/SVF-doxygen/html/search/defines_c.js +3 -3
- package/SVF-doxygen/html/search/defines_d.js +2 -2
- package/SVF-doxygen/html/search/defines_e.js +8 -8
- package/SVF-doxygen/html/search/defines_f.js +4 -4
- package/SVF-doxygen/html/search/enums_0.js +3 -3
- package/SVF-doxygen/html/search/enums_1.js +2 -2
- package/SVF-doxygen/html/search/enums_10.js +1 -1
- package/SVF-doxygen/html/search/enums_11.js +1 -1
- package/SVF-doxygen/html/search/enums_2.js +9 -9
- package/SVF-doxygen/html/search/enums_3.js +2 -2
- package/SVF-doxygen/html/search/enums_4.js +3 -3
- package/SVF-doxygen/html/search/enums_5.js +1 -1
- package/SVF-doxygen/html/search/enums_6.js +2 -2
- package/SVF-doxygen/html/search/enums_7.js +2 -2
- package/SVF-doxygen/html/search/enums_8.js +4 -4
- package/SVF-doxygen/html/search/enums_9.js +1 -1
- package/SVF-doxygen/html/search/enums_a.js +1 -1
- package/SVF-doxygen/html/search/enums_b.js +7 -7
- package/SVF-doxygen/html/search/enums_c.js +1 -1
- package/SVF-doxygen/html/search/enums_d.js +4 -4
- package/SVF-doxygen/html/search/enums_e.js +2 -2
- package/SVF-doxygen/html/search/enums_f.js +4 -4
- package/SVF-doxygen/html/search/enumvalues_0.js +15 -15
- package/SVF-doxygen/html/search/enumvalues_1.js +16 -16
- package/SVF-doxygen/html/search/enumvalues_10.js +36 -36
- package/SVF-doxygen/html/search/enumvalues_11.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_12.js +10 -10
- package/SVF-doxygen/html/search/enumvalues_13.js +1 -1
- package/SVF-doxygen/html/search/enumvalues_14.js +1 -1
- package/SVF-doxygen/html/search/enumvalues_15.js +4 -4
- package/SVF-doxygen/html/search/enumvalues_2.js +36 -36
- package/SVF-doxygen/html/search/enumvalues_3.js +13 -13
- package/SVF-doxygen/html/search/enumvalues_4.js +2 -2
- package/SVF-doxygen/html/search/enumvalues_5.js +50 -50
- package/SVF-doxygen/html/search/enumvalues_6.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_7.js +8 -8
- package/SVF-doxygen/html/search/enumvalues_8.js +24 -24
- package/SVF-doxygen/html/search/enumvalues_9.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_a.js +17 -17
- package/SVF-doxygen/html/search/enumvalues_b.js +11 -11
- package/SVF-doxygen/html/search/enumvalues_c.js +5 -5
- package/SVF-doxygen/html/search/enumvalues_d.js +19 -19
- package/SVF-doxygen/html/search/enumvalues_e.js +9 -9
- package/SVF-doxygen/html/search/enumvalues_f.js +48 -48
- package/SVF-doxygen/html/search/files_0.js +18 -18
- package/SVF-doxygen/html/search/files_1.js +9 -9
- package/SVF-doxygen/html/search/files_10.js +8 -8
- package/SVF-doxygen/html/search/files_11.js +8 -8
- package/SVF-doxygen/html/search/files_12.js +2 -2
- package/SVF-doxygen/html/search/files_2.js +51 -51
- package/SVF-doxygen/html/search/files_3.js +14 -14
- package/SVF-doxygen/html/search/files_4.js +3 -3
- package/SVF-doxygen/html/search/files_5.js +13 -13
- package/SVF-doxygen/html/search/files_6.js +10 -10
- package/SVF-doxygen/html/search/files_7.js +15 -15
- package/SVF-doxygen/html/search/files_8.js +13 -13
- package/SVF-doxygen/html/search/files_9.js +18 -18
- package/SVF-doxygen/html/search/files_a.js +3 -3
- package/SVF-doxygen/html/search/files_b.js +4 -4
- package/SVF-doxygen/html/search/files_c.js +20 -20
- package/SVF-doxygen/html/search/files_d.js +4 -4
- package/SVF-doxygen/html/search/files_e.js +56 -57
- package/SVF-doxygen/html/search/files_f.js +8 -8
- package/SVF-doxygen/html/search/functions_0.js +13 -13
- package/SVF-doxygen/html/search/functions_1.js +366 -366
- package/SVF-doxygen/html/search/functions_10.js +140 -140
- package/SVF-doxygen/html/search/functions_11.js +140 -140
- package/SVF-doxygen/html/search/functions_12.js +291 -293
- package/SVF-doxygen/html/search/functions_13.js +52 -52
- package/SVF-doxygen/html/search/functions_14.js +41 -41
- package/SVF-doxygen/html/search/functions_15.js +70 -70
- package/SVF-doxygen/html/search/functions_16.js +38 -38
- package/SVF-doxygen/html/search/functions_17.js +3 -3
- package/SVF-doxygen/html/search/functions_18.js +174 -174
- package/SVF-doxygen/html/search/functions_2.js +92 -92
- package/SVF-doxygen/html/search/functions_3.js +257 -257
- package/SVF-doxygen/html/search/functions_4.js +85 -85
- package/SVF-doxygen/html/search/functions_5.js +54 -54
- package/SVF-doxygen/html/search/functions_6.js +65 -65
- package/SVF-doxygen/html/search/functions_7.js +857 -857
- package/SVF-doxygen/html/search/functions_8.js +164 -176
- package/SVF-doxygen/html/search/functions_9.js +439 -436
- package/SVF-doxygen/html/search/functions_a.js +30 -30
- package/SVF-doxygen/html/search/functions_b.js +2 -2
- package/SVF-doxygen/html/search/functions_c.js +22 -22
- package/SVF-doxygen/html/search/functions_d.js +81 -81
- package/SVF-doxygen/html/search/functions_e.js +34 -34
- package/SVF-doxygen/html/search/functions_f.js +58 -58
- package/SVF-doxygen/html/search/namespaces_0.js +1 -1
- package/SVF-doxygen/html/search/namespaces_1.js +7 -7
- package/SVF-doxygen/html/search/related_0.js +4 -4
- package/SVF-doxygen/html/search/related_1.js +2 -2
- package/SVF-doxygen/html/search/related_2.js +2 -2
- package/SVF-doxygen/html/search/related_3.js +2 -2
- package/SVF-doxygen/html/search/related_4.js +2 -2
- package/SVF-doxygen/html/search/related_5.js +1 -1
- package/SVF-doxygen/html/search/related_6.js +2 -2
- package/SVF-doxygen/html/search/related_7.js +5 -5
- package/SVF-doxygen/html/search/related_8.js +2 -2
- package/SVF-doxygen/html/search/related_9.js +4 -4
- package/SVF-doxygen/html/search/related_a.js +19 -19
- package/SVF-doxygen/html/search/related_b.js +4 -4
- package/SVF-doxygen/html/search/related_c.js +2 -2
- package/SVF-doxygen/html/search/related_d.js +11 -11
- package/SVF-doxygen/html/search/related_e.js +2 -2
- package/SVF-doxygen/html/search/related_f.js +2 -2
- package/SVF-doxygen/html/search/typedefs_0.js +20 -20
- package/SVF-doxygen/html/search/typedefs_1.js +27 -27
- package/SVF-doxygen/html/search/typedefs_10.js +65 -65
- package/SVF-doxygen/html/search/typedefs_11.js +12 -12
- package/SVF-doxygen/html/search/typedefs_12.js +13 -13
- package/SVF-doxygen/html/search/typedefs_13.js +40 -40
- package/SVF-doxygen/html/search/typedefs_14.js +11 -11
- package/SVF-doxygen/html/search/typedefs_2.js +125 -125
- package/SVF-doxygen/html/search/typedefs_3.js +39 -39
- package/SVF-doxygen/html/search/typedefs_4.js +17 -17
- package/SVF-doxygen/html/search/typedefs_5.js +42 -42
- package/SVF-doxygen/html/search/typedefs_6.js +54 -54
- package/SVF-doxygen/html/search/typedefs_7.js +47 -47
- package/SVF-doxygen/html/search/typedefs_8.js +1 -1
- package/SVF-doxygen/html/search/typedefs_9.js +4 -4
- package/SVF-doxygen/html/search/typedefs_a.js +28 -28
- package/SVF-doxygen/html/search/typedefs_b.js +29 -29
- package/SVF-doxygen/html/search/typedefs_c.js +41 -41
- package/SVF-doxygen/html/search/typedefs_d.js +15 -15
- package/SVF-doxygen/html/search/typedefs_e.js +52 -52
- package/SVF-doxygen/html/search/typedefs_f.js +14 -14
- package/SVF-doxygen/html/search/variables_0.js +169 -170
- package/SVF-doxygen/html/search/variables_1.js +78 -78
- package/SVF-doxygen/html/search/variables_10.js +98 -98
- package/SVF-doxygen/html/search/variables_11.js +47 -47
- package/SVF-doxygen/html/search/variables_12.js +93 -93
- package/SVF-doxygen/html/search/variables_13.js +76 -76
- package/SVF-doxygen/html/search/variables_14.js +14 -14
- package/SVF-doxygen/html/search/variables_15.js +49 -49
- package/SVF-doxygen/html/search/variables_16.js +11 -11
- package/SVF-doxygen/html/search/variables_17.js +1 -1
- package/SVF-doxygen/html/search/variables_18.js +17 -17
- package/SVF-doxygen/html/search/variables_2.js +40 -40
- package/SVF-doxygen/html/search/variables_3.js +143 -143
- package/SVF-doxygen/html/search/variables_4.js +51 -51
- package/SVF-doxygen/html/search/variables_5.js +39 -39
- package/SVF-doxygen/html/search/variables_6.js +66 -66
- package/SVF-doxygen/html/search/variables_7.js +32 -32
- package/SVF-doxygen/html/search/variables_8.js +8 -8
- package/SVF-doxygen/html/search/variables_9.js +80 -80
- package/SVF-doxygen/html/search/variables_a.js +4 -4
- package/SVF-doxygen/html/search/variables_b.js +10 -10
- package/SVF-doxygen/html/search/variables_c.js +44 -44
- package/SVF-doxygen/html/search/variables_d.js +58 -58
- package/SVF-doxygen/html/search/variables_e.js +123 -123
- package/SVF-doxygen/html/search/variables_f.js +31 -31
- package/SVF-doxygen/html/svf-ex_8cpp.html +199 -197
- package/SVF-doxygen/html/svf-ex_8cpp_source.html +204 -202
- package/package.json +1 -1
- package/svf/include/AE/Svfexe/AbstractInterpretation.h +28 -21
- package/svf/include/AE/Svfexe/SVFIR2AbsState.h +37 -67
- package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp +123 -139
- package/svf/lib/AE/Svfexe/BufOverflowChecker.cpp +52 -42
- package/svf/lib/AE/Svfexe/SVFIR2AbsState.cpp +134 -146
- package/svf-llvm/tools/Example/svf-ex.cpp +13 -12
- package/svf/lib/AE/Core/SVFIR2Relation.cpp +0 -193
|
@@ -133,801 +133,812 @@ $(function() {
|
|
|
133
133
|
<div class="line"><a name="l00062"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#a0b79c3694a08100d2d8d1b8109998131"> 62</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0b79c3694a08100d2d8d1b8109998131">BufOverflowChecker::handleSVFStatement</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFStmt.html">SVFStmt</a> *stmt)</div>
|
|
134
134
|
<div class="line"><a name="l00063"></a><span class="lineno"> 63</span> {</div>
|
|
135
135
|
<div class="line"><a name="l00064"></a><span class="lineno"> 64</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">AbstractInterpretation::handleSVFStatement</a>(stmt);</div>
|
|
136
|
-
<div class="line"><a name="l00065"></a><span class="lineno"> 65</span>  <
|
|
137
|
-
<div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <span class="
|
|
138
|
-
<div class="line"><a name="l00067"></a><span class="lineno"> 67</span> 
|
|
139
|
-
<div class="line"><a name="l00068"></a><span class="lineno"> 68</span> 
|
|
140
|
-
<div class="line"><a name="l00069"></a><span class="lineno"> 69</span> 
|
|
141
|
-
<div class="line"><a name="l00070"></a><span class="lineno"> 70</span> 
|
|
142
|
-
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span> 
|
|
143
|
-
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  <a class="code" href="
|
|
144
|
-
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span> 
|
|
145
|
-
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span> 
|
|
146
|
-
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span> }</div>
|
|
147
|
-
<div class="line"><a name="l00076"></a><span class="lineno"> 76</span> 
|
|
148
|
-
<div class="line"><a name="l00077"></a><span class="lineno"
|
|
149
|
-
<div class="line"><a name="l00078"></a><span class="lineno"> 78</span> 
|
|
150
|
-
<div class="line"><a name="l00079"></a><span class="lineno"> 79</span> 
|
|
151
|
-
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <
|
|
152
|
-
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <
|
|
153
|
-
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  <
|
|
154
|
-
<div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <
|
|
155
|
-
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>  <
|
|
156
|
-
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  <
|
|
157
|
-
<div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <
|
|
158
|
-
<div class="line"><a name="l00087"></a><span class="lineno"> 87</span>  <
|
|
159
|
-
<div class="line"><a name="l00088"></a><span class="lineno"> 88</span>  <
|
|
160
|
-
<div class="line"><a name="l00089"></a><span class="lineno"> 89</span>  <
|
|
161
|
-
<div class="line"><a name="l00090"></a><span class="lineno"> 90</span>  <
|
|
162
|
-
<div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <
|
|
163
|
-
<div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  <
|
|
164
|
-
<div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  <
|
|
165
|
-
<div class="line"><a name="l00094"></a><span class="lineno"> 94</span>  <
|
|
166
|
-
<div class="line"><a name="l00095"></a><span class="lineno"> 95</span>  <
|
|
167
|
-
<div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  <
|
|
168
|
-
<div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <span class="
|
|
169
|
-
<div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <
|
|
170
|
-
<div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <span class="
|
|
171
|
-
<div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  <
|
|
172
|
-
<div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <
|
|
173
|
-
<div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  <
|
|
174
|
-
<div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  <span class="
|
|
175
|
-
<div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  <
|
|
176
|
-
<div class="line"><a name="l00105"></a><span class="lineno"> 105</span>  <
|
|
177
|
-
<div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  <
|
|
178
|
-
<div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  <
|
|
179
|
-
<div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  <
|
|
180
|
-
<div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  <
|
|
181
|
-
<div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <
|
|
182
|
-
<div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  <
|
|
183
|
-
<div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <
|
|
184
|
-
<div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  <
|
|
185
|
-
<div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  <
|
|
186
|
-
<div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  <
|
|
187
|
-
<div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  <
|
|
188
|
-
<div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  <
|
|
189
|
-
<div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  <
|
|
190
|
-
<div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  <
|
|
191
|
-
<div class="line"><a name="l00120"></a><span class="lineno"> 120</span>  <
|
|
192
|
-
<div class="line"><a name="l00121"></a><span class="lineno"> 121</span> }
|
|
193
|
-
<div class="line"><a name="l00122"></a><span class="lineno"> 122</span> 
|
|
136
|
+
<div class="line"><a name="l00065"></a><span class="lineno"> 65</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(stmt-><a class="code" href="classSVF_1_1SVFStmt.html#aa809a57c8cdaaa35dfc3cc0f3b33b52b">getICFGNode</a>());</div>
|
|
137
|
+
<div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <span class="comment">// for gep stmt, add the gep stmt to the addrToGep map</span></div>
|
|
138
|
+
<div class="line"><a name="l00067"></a><span class="lineno"> 67</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1GepStmt.html">GepStmt</a> *gep = SVFUtil::dyn_cast<GepStmt>(stmt))</div>
|
|
139
|
+
<div class="line"><a name="l00068"></a><span class="lineno"> 68</span>  {</div>
|
|
140
|
+
<div class="line"><a name="l00069"></a><span class="lineno"> 69</span>  <span class="keywordflow">for</span> (<a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> addrID:</div>
|
|
141
|
+
<div class="line"><a name="l00070"></a><span class="lineno"> 70</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(es, gep->getLHSVarID()).<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
|
|
142
|
+
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  {</div>
|
|
143
|
+
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  <a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(addrID);</div>
|
|
144
|
+
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>[objId] = gep;</div>
|
|
145
|
+
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  }</div>
|
|
146
|
+
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span>  }</div>
|
|
147
|
+
<div class="line"><a name="l00076"></a><span class="lineno"> 76</span> }</div>
|
|
148
|
+
<div class="line"><a name="l00077"></a><span class="lineno"> 77</span>  </div>
|
|
149
|
+
<div class="line"><a name="l00078"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82"> 78</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">BufOverflowChecker::initExtAPIBufOverflowCheckRules</a>()</div>
|
|
150
|
+
<div class="line"><a name="l00079"></a><span class="lineno"> 79</span> {</div>
|
|
151
|
+
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <span class="comment">//void llvm_memcpy_p0i8_p0i8_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
152
|
+
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0i8_p0i8_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
153
|
+
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  <span class="comment">//void llvm_memcpy_p0_p0_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
154
|
+
<div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0_p0_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
155
|
+
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>  <span class="comment">//void llvm_memcpy_p0i8_p0i8_i32(char* dst, char* src, int sz, int flag){}</span></div>
|
|
156
|
+
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0i8_p0i8_i32"</span>] = {{0, 2}, {1,2}};</div>
|
|
157
|
+
<div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <span class="comment">//void llvm_memcpy(char* dst, char* src, int sz, int flag){}</span></div>
|
|
158
|
+
<div class="line"><a name="l00087"></a><span class="lineno"> 87</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy"</span>] = {{0, 2}, {1,2}};</div>
|
|
159
|
+
<div class="line"><a name="l00088"></a><span class="lineno"> 88</span>  <span class="comment">//void llvm_memmove(char* dst, char* src, int sz, int flag){}</span></div>
|
|
160
|
+
<div class="line"><a name="l00089"></a><span class="lineno"> 89</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove"</span>] = {{0, 2}, {1,2}};</div>
|
|
161
|
+
<div class="line"><a name="l00090"></a><span class="lineno"> 90</span>  <span class="comment">//void llvm_memmove_p0i8_p0i8_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
162
|
+
<div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0i8_p0i8_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
163
|
+
<div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  <span class="comment">//void llvm_memmove_p0_p0_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
164
|
+
<div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0_p0_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
165
|
+
<div class="line"><a name="l00094"></a><span class="lineno"> 94</span>  <span class="comment">//void llvm_memmove_p0i8_p0i8_i32(char* dst, char* src, int sz, int flag){}</span></div>
|
|
166
|
+
<div class="line"><a name="l00095"></a><span class="lineno"> 95</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0i8_p0i8_i32"</span>] = {{0, 2}, {1,2}};</div>
|
|
167
|
+
<div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  <span class="comment">//void __memcpy_chk(char* dst, char* src, int sz, int flag){}</span></div>
|
|
168
|
+
<div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memcpy_chk"</span>] = {{0, 2}, {1,2}};</div>
|
|
169
|
+
<div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <span class="comment">//void *memmove(void *str1, const void *str2, unsigned long n)</span></div>
|
|
170
|
+
<div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"memmove"</span>] = {{0, 2}, {1,2}};</div>
|
|
171
|
+
<div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  <span class="comment">//void bcopy(const void *s1, void *s2, unsigned long n){}</span></div>
|
|
172
|
+
<div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"bcopy"</span>] = {{0, 2}, {1,2}};</div>
|
|
173
|
+
<div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  <span class="comment">//void *memccpy( void * restrict dest, const void * restrict src, int c, unsigned long count)</span></div>
|
|
174
|
+
<div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"memccpy"</span>] = {{0, 3}, {1,3}};</div>
|
|
175
|
+
<div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  <span class="comment">//void __memmove_chk(char* dst, char* src, int sz){}</span></div>
|
|
176
|
+
<div class="line"><a name="l00105"></a><span class="lineno"> 105</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memmove_chk"</span>] = {{0, 2}, {1,2}};</div>
|
|
177
|
+
<div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  <span class="comment">//void llvm_memset(char* dst, char elem, int sz, int flag){}</span></div>
|
|
178
|
+
<div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset"</span>] = {{0, 2}};</div>
|
|
179
|
+
<div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  <span class="comment">//void llvm_memset_p0i8_i32(char* dst, char elem, int sz, int flag){}</span></div>
|
|
180
|
+
<div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0i8_i32"</span>] = {{0, 2}};</div>
|
|
181
|
+
<div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <span class="comment">//void llvm_memset_p0i8_i64(char* dst, char elem, int sz, int flag){}</span></div>
|
|
182
|
+
<div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0i8_i64"</span>] = {{0, 2}};</div>
|
|
183
|
+
<div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <span class="comment">//void llvm_memset_p0_i64(char* dst, char elem, int sz, int flag){}</span></div>
|
|
184
|
+
<div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0_i64"</span>] = {{0, 2}};</div>
|
|
185
|
+
<div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  <span class="comment">//char *__memset_chk(char * dest, int c, unsigned long destlen, int flag)</span></div>
|
|
186
|
+
<div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memset_chk"</span>] = {{0, 2}};</div>
|
|
187
|
+
<div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  <span class="comment">//char *wmemset(wchar_t * dst, wchar_t elem, int sz, int flag) {</span></div>
|
|
188
|
+
<div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"wmemset"</span>] = {{0, 2}};</div>
|
|
189
|
+
<div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  <span class="comment">//char *strncpy(char *dest, const char *src, unsigned long n)</span></div>
|
|
190
|
+
<div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"strncpy"</span>] = {{0, 2}, {1,2}};</div>
|
|
191
|
+
<div class="line"><a name="l00120"></a><span class="lineno"> 120</span>  <span class="comment">//unsigned long iconv(void* cd, char **restrict inbuf, unsigned long *restrict inbytesleft, char **restrict outbuf, unsigned long *restrict outbytesleft)</span></div>
|
|
192
|
+
<div class="line"><a name="l00121"></a><span class="lineno"> 121</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"iconv"</span>] = {{1, 2}, {3, 4}};</div>
|
|
193
|
+
<div class="line"><a name="l00122"></a><span class="lineno"> 122</span> }</div>
|
|
194
194
|
<div class="line"><a name="l00123"></a><span class="lineno"> 123</span>  </div>
|
|
195
|
-
<div class="line"><a name="l00124"></a><span class="lineno"
|
|
196
|
-
<div class="line"><a name="l00125"></a><span class="lineno"> 125</span> 
|
|
197
|
-
<div class="line"><a name="l00126"></a><span class="lineno"> 126</span> 
|
|
198
|
-
<div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  <
|
|
199
|
-
<div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  <
|
|
200
|
-
<div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  <a class="code" href="
|
|
201
|
-
<div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <span class="
|
|
202
|
-
<div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  <
|
|
203
|
-
<div class="line"><a name="l00132"></a><span class="lineno"> 132</span> 
|
|
204
|
-
<div class="line"><a name="l00133"></a><span class="lineno"> 133</span>  </div>
|
|
205
|
-
<div class="line"><a name="l00134"></a><span class="lineno"
|
|
206
|
-
<div class="line"><a name="l00135"></a><span class="lineno"> 135</span> 
|
|
207
|
-
<div class="line"><a name="l00136"></a><span class="lineno"> 136</span> 
|
|
208
|
-
<div class="line"><a name="l00137"></a><span class="lineno"> 137</span> 
|
|
209
|
-
<div class="line"><a name="l00138"></a><span class="lineno"> 138</span> 
|
|
210
|
-
<div class="line"><a name="l00139"></a><span class="lineno"> 139</span> 
|
|
211
|
-
<div class="line"><a name="l00140"></a><span class="lineno"> 140</span> 
|
|
212
|
-
<div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  <a class="code" href="
|
|
213
|
-
<div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  <a class="code" href="
|
|
214
|
-
<div class="line"><a name="l00143"></a><span class="lineno"> 143</span>  <span class="
|
|
215
|
-
<div class="line"><a name="l00144"></a><span class="lineno"> 144</span> 
|
|
216
|
-
<div class="line"><a name="l00145"></a><span class="lineno"> 145</span> 
|
|
217
|
-
<div class="line"><a name="l00146"></a><span class="lineno"> 146</span> 
|
|
218
|
-
<div class="line"><a name="l00147"></a><span class="lineno"> 147</span> 
|
|
219
|
-
<div class="line"><a name="l00148"></a><span class="lineno"> 148</span> 
|
|
220
|
-
<div class="line"><a name="l00149"></a><span class="lineno"> 149</span> 
|
|
221
|
-
<div class="line"><a name="l00150"></a><span class="lineno"> 150</span> 
|
|
222
|
-
<div class="line"><a name="l00151"></a><span class="lineno"> 151</span>  <
|
|
223
|
-
<div class="line"><a name="l00152"></a><span class="lineno"> 152</span> 
|
|
224
|
-
<div class="line"><a name="l00153"></a><span class="lineno"> 153</span> 
|
|
225
|
-
<div class="line"><a name="l00154"></a><span class="lineno"> 154</span> 
|
|
226
|
-
<div class="line"><a name="l00155"></a><span class="lineno"> 155</span> 
|
|
227
|
-
<div class="line"><a name="l00156"></a><span class="lineno"> 156</span> 
|
|
228
|
-
<div class="line"><a name="l00157"></a><span class="lineno"> 157</span> 
|
|
229
|
-
<div class="line"><a name="l00158"></a><span class="lineno"> 158</span> 
|
|
230
|
-
<div class="line"><a name="l00159"></a><span class="lineno"> 159</span> 
|
|
231
|
-
<div class="line"><a name="l00160"></a><span class="lineno"> 160</span> 
|
|
232
|
-
<div class="line"><a name="l00161"></a><span class="lineno"> 161</span> 
|
|
233
|
-
<div class="line"><a name="l00162"></a><span class="lineno"> 162</span> 
|
|
234
|
-
<div class="line"><a name="l00163"></a><span class="lineno"> 163</span> 
|
|
235
|
-
<div class="line"><a name="l00164"></a><span class="lineno"> 164</span> 
|
|
236
|
-
<div class="line"><a name="l00165"></a><span class="lineno"> 165</span> 
|
|
237
|
-
<div class="line"><a name="l00166"></a><span class="lineno"> 166</span>  <span class="
|
|
238
|
-
<div class="line"><a name="l00167"></a><span class="lineno"> 167</span> 
|
|
239
|
-
<div class="line"><a name="l00168"></a><span class="lineno"> 168</span> 
|
|
240
|
-
<div class="line"><a name="l00169"></a><span class="lineno"> 169</span> 
|
|
241
|
-
<div class="line"><a name="l00170"></a><span class="lineno"> 170</span> 
|
|
242
|
-
<div class="line"><a name="l00171"></a><span class="lineno"> 171</span> 
|
|
243
|
-
<div class="line"><a name="l00172"></a><span class="lineno"> 172</span> 
|
|
244
|
-
<div class="line"><a name="l00173"></a><span class="lineno"> 173</span> 
|
|
245
|
-
<div class="line"><a name="l00174"></a><span class="lineno"> 174</span>  <a class="code" href="
|
|
246
|
-
<div class="line"><a name="l00175"></a><span class="lineno"> 175</span>  <span class="keywordflow">
|
|
247
|
-
<div class="line"><a name="l00176"></a><span class="lineno"> 176</span> 
|
|
248
|
-
<div class="line"><a name="l00177"></a><span class="lineno"> 177</span> 
|
|
249
|
-
<div class="line"><a name="l00178"></a><span class="lineno"> 178</span> 
|
|
250
|
-
<div class="line"><a name="l00179"></a><span class="lineno"> 179</span> 
|
|
251
|
-
<div class="line"><a name="l00180"></a><span class="lineno"> 180</span> 
|
|
252
|
-
<div class="line"><a name="l00181"></a><span class="lineno"> 181</span> 
|
|
253
|
-
<div class="line"><a name="l00182"></a><span class="lineno"> 182</span> 
|
|
254
|
-
<div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  </div>
|
|
255
|
-
<div class="line"><a name="l00184"></a><span class="lineno"> 184</span> 
|
|
256
|
-
<div class="line"><a name="l00185"></a><span class="lineno"> 185</span> 
|
|
257
|
-
<div class="line"><a name="l00186"></a><span class="lineno"> 186</span> 
|
|
258
|
-
<div class="line"><a name="l00187"></a><span class="lineno"> 187</span> 
|
|
259
|
-
<div class="line"><a name="l00188"></a><span class="lineno"> 188</span> 
|
|
260
|
-
<div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
261
|
-
<div class="line"><a name="l00190"></a><span class="lineno"> 190</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
262
|
-
<div class="line"><a name="l00191"></a><span class="lineno"> 191</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
263
|
-
<div class="line"><a name="l00192"></a><span class="lineno"> 192</span>  </div>
|
|
264
|
-
<div class="line"><a name="l00193"></a><span class="lineno"> 193</span>  <
|
|
265
|
-
<div class="line"><a name="l00194"></a><span class="lineno"> 194</span> 
|
|
266
|
-
<div class="line"><a name="l00195"></a><span class="lineno"> 195</span> 
|
|
267
|
-
<div class="line"><a name="l00196"></a><span class="lineno"> 196</span> 
|
|
268
|
-
<div class="line"><a name="l00197"></a><span class="lineno"> 197</span> 
|
|
269
|
-
<div class="line"><a name="l00198"></a><span class="lineno"> 198</span> 
|
|
270
|
-
<div class="line"><a name="l00199"></a><span class="lineno"> 199</span> 
|
|
271
|
-
<div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  <
|
|
272
|
-
<div class="line"><a name="l00201"></a><span class="lineno"> 201</span>  <a class="code" href="
|
|
273
|
-
<div class="line"><a name="l00202"></a><span class="lineno"> 202</span>  <a class="code" href="
|
|
274
|
-
<div class="line"><a name="l00203"></a><span class="lineno"> 203</span> 
|
|
275
|
-
<div class="line"><a name="l00204"></a><span class="lineno"> 204</span> 
|
|
276
|
-
<div class="line"><a name="l00205"></a><span class="lineno"> 205</span>  </div>
|
|
277
|
-
<div class="line"><a name="l00206"></a><span class="lineno"> 206</span> 
|
|
278
|
-
<div class="line"><a name="l00207"></a><span class="lineno"> 207</span> 
|
|
279
|
-
<div class="line"><a name="l00208"></a><span class="lineno"> 208</span>  <
|
|
195
|
+
<div class="line"><a name="l00124"></a><span class="lineno"> 124</span>  </div>
|
|
196
|
+
<div class="line"><a name="l00125"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a"> 125</a></span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">BufOverflowChecker::detectStrcpy</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
|
|
197
|
+
<div class="line"><a name="l00126"></a><span class="lineno"> 126</span> {</div>
|
|
198
|
+
<div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(call);</div>
|
|
199
|
+
<div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
200
|
+
<div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
|
|
201
|
+
<div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg1Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(1);</div>
|
|
202
|
+
<div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> strLen = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af3c6f27181cc271332919732e490ad1d">getStrlen</a>(es, arg1Val);</div>
|
|
203
|
+
<div class="line"><a name="l00132"></a><span class="lineno"> 132</span>  <span class="comment">// no need to -1, since it has \0 as the last byte</span></div>
|
|
204
|
+
<div class="line"><a name="l00133"></a><span class="lineno"> 133</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, strLen, call);</div>
|
|
205
|
+
<div class="line"><a name="l00134"></a><span class="lineno"> 134</span> }</div>
|
|
206
|
+
<div class="line"><a name="l00135"></a><span class="lineno"> 135</span>  </div>
|
|
207
|
+
<div class="line"><a name="l00136"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b"> 136</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">BufOverflowChecker::initExtFunMap</a>()</div>
|
|
208
|
+
<div class="line"><a name="l00137"></a><span class="lineno"> 137</span> {</div>
|
|
209
|
+
<div class="line"><a name="l00138"></a><span class="lineno"> 138</span>  </div>
|
|
210
|
+
<div class="line"><a name="l00139"></a><span class="lineno"> 139</span>  <span class="keyword">auto</span> sse_scanf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
211
|
+
<div class="line"><a name="l00140"></a><span class="lineno"> 140</span>  {</div>
|
|
212
|
+
<div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
213
|
+
<div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
214
|
+
<div class="line"><a name="l00143"></a><span class="lineno"> 143</span>  <span class="comment">//scanf("%d", &data);</span></div>
|
|
215
|
+
<div class="line"><a name="l00144"></a><span class="lineno"> 144</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
216
|
+
<div class="line"><a name="l00145"></a><span class="lineno"> 145</span>  </div>
|
|
217
|
+
<div class="line"><a name="l00146"></a><span class="lineno"> 146</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
218
|
+
<div class="line"><a name="l00147"></a><span class="lineno"> 147</span>  <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">inVarToAddrsTable</a>(es, dst_id))</div>
|
|
219
|
+
<div class="line"><a name="l00148"></a><span class="lineno"> 148</span>  {</div>
|
|
220
|
+
<div class="line"><a name="l00149"></a><span class="lineno"> 149</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<span class="stringliteral">"scanf may cause buffer overflow.\n"</span>, 0, 0, 0, 0, cs.getArgument(1));</div>
|
|
221
|
+
<div class="line"><a name="l00150"></a><span class="lineno"> 150</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
222
|
+
<div class="line"><a name="l00151"></a><span class="lineno"> 151</span>  <span class="keywordflow">return</span>;</div>
|
|
223
|
+
<div class="line"><a name="l00152"></a><span class="lineno"> 152</span>  }</div>
|
|
224
|
+
<div class="line"><a name="l00153"></a><span class="lineno"> 153</span>  <span class="keywordflow">else</span></div>
|
|
225
|
+
<div class="line"><a name="l00154"></a><span class="lineno"> 154</span>  {</div>
|
|
226
|
+
<div class="line"><a name="l00155"></a><span class="lineno"> 155</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(es, dst_id);</div>
|
|
227
|
+
<div class="line"><a name="l00156"></a><span class="lineno"> 156</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
|
|
228
|
+
<div class="line"><a name="l00157"></a><span class="lineno"> 157</span>  {</div>
|
|
229
|
+
<div class="line"><a name="l00158"></a><span class="lineno"> 158</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(vaddr);</div>
|
|
230
|
+
<div class="line"><a name="l00159"></a><span class="lineno"> 159</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-><a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
|
|
231
|
+
<div class="line"><a name="l00160"></a><span class="lineno"> 160</span>  es.<a class="code" href="classSVF_1_1AbstractState.html#a1f935ea8ab16b04699284bf92bbbb23c">store</a>(vaddr, range);</div>
|
|
232
|
+
<div class="line"><a name="l00161"></a><span class="lineno"> 161</span>  }</div>
|
|
233
|
+
<div class="line"><a name="l00162"></a><span class="lineno"> 162</span>  }</div>
|
|
234
|
+
<div class="line"><a name="l00163"></a><span class="lineno"> 163</span>  };</div>
|
|
235
|
+
<div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  <span class="keyword">auto</span> sse_fscanf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
236
|
+
<div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  {</div>
|
|
237
|
+
<div class="line"><a name="l00166"></a><span class="lineno"> 166</span>  <span class="comment">//fscanf(stdin, "%d", &data);</span></div>
|
|
238
|
+
<div class="line"><a name="l00167"></a><span class="lineno"> 167</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
239
|
+
<div class="line"><a name="l00168"></a><span class="lineno"> 168</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
240
|
+
<div class="line"><a name="l00169"></a><span class="lineno"> 169</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
241
|
+
<div class="line"><a name="l00170"></a><span class="lineno"> 170</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
242
|
+
<div class="line"><a name="l00171"></a><span class="lineno"> 171</span>  <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">inVarToAddrsTable</a>(es, dst_id))</div>
|
|
243
|
+
<div class="line"><a name="l00172"></a><span class="lineno"> 172</span>  {</div>
|
|
244
|
+
<div class="line"><a name="l00173"></a><span class="lineno"> 173</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<span class="stringliteral">"scanf may cause buffer overflow.\n"</span>, 0, 0, 0, 0, cs.getArgument(2));</div>
|
|
245
|
+
<div class="line"><a name="l00174"></a><span class="lineno"> 174</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
246
|
+
<div class="line"><a name="l00175"></a><span class="lineno"> 175</span>  <span class="keywordflow">return</span>;</div>
|
|
247
|
+
<div class="line"><a name="l00176"></a><span class="lineno"> 176</span>  }</div>
|
|
248
|
+
<div class="line"><a name="l00177"></a><span class="lineno"> 177</span>  <span class="keywordflow">else</span></div>
|
|
249
|
+
<div class="line"><a name="l00178"></a><span class="lineno"> 178</span>  {</div>
|
|
250
|
+
<div class="line"><a name="l00179"></a><span class="lineno"> 179</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(es, dst_id);</div>
|
|
251
|
+
<div class="line"><a name="l00180"></a><span class="lineno"> 180</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
|
|
252
|
+
<div class="line"><a name="l00181"></a><span class="lineno"> 181</span>  {</div>
|
|
253
|
+
<div class="line"><a name="l00182"></a><span class="lineno"> 182</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(vaddr);</div>
|
|
254
|
+
<div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-><a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
|
|
255
|
+
<div class="line"><a name="l00184"></a><span class="lineno"> 184</span>  es.<a class="code" href="classSVF_1_1AbstractState.html#a1f935ea8ab16b04699284bf92bbbb23c">store</a>(vaddr, range);</div>
|
|
256
|
+
<div class="line"><a name="l00185"></a><span class="lineno"> 185</span>  }</div>
|
|
257
|
+
<div class="line"><a name="l00186"></a><span class="lineno"> 186</span>  }</div>
|
|
258
|
+
<div class="line"><a name="l00187"></a><span class="lineno"> 187</span>  };</div>
|
|
259
|
+
<div class="line"><a name="l00188"></a><span class="lineno"> 188</span>  </div>
|
|
260
|
+
<div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_fscanf"</span>] = sse_fscanf;</div>
|
|
261
|
+
<div class="line"><a name="l00190"></a><span class="lineno"> 190</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_scanf"</span>] = sse_scanf;</div>
|
|
262
|
+
<div class="line"><a name="l00191"></a><span class="lineno"> 191</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_vscanf"</span>] = sse_scanf;</div>
|
|
263
|
+
<div class="line"><a name="l00192"></a><span class="lineno"> 192</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"fscanf"</span>] = sse_fscanf;</div>
|
|
264
|
+
<div class="line"><a name="l00193"></a><span class="lineno"> 193</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"scanf"</span>] = sse_scanf;</div>
|
|
265
|
+
<div class="line"><a name="l00194"></a><span class="lineno"> 194</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"sscanf"</span>] = sse_scanf;</div>
|
|
266
|
+
<div class="line"><a name="l00195"></a><span class="lineno"> 195</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_sscanf"</span>] = sse_scanf;</div>
|
|
267
|
+
<div class="line"><a name="l00196"></a><span class="lineno"> 196</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"vscanf"</span>] = sse_scanf;</div>
|
|
268
|
+
<div class="line"><a name="l00197"></a><span class="lineno"> 197</span>  </div>
|
|
269
|
+
<div class="line"><a name="l00198"></a><span class="lineno"> 198</span>  <span class="keyword">auto</span> sse_fread = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
270
|
+
<div class="line"><a name="l00199"></a><span class="lineno"> 199</span>  {</div>
|
|
271
|
+
<div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
272
|
+
<div class="line"><a name="l00201"></a><span class="lineno"> 201</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
273
|
+
<div class="line"><a name="l00202"></a><span class="lineno"> 202</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
274
|
+
<div class="line"><a name="l00203"></a><span class="lineno"> 203</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> block_count_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
275
|
+
<div class="line"><a name="l00204"></a><span class="lineno"> 204</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> block_size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
276
|
+
<div class="line"><a name="l00205"></a><span class="lineno"> 205</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> block_count = es[block_count_id];</div>
|
|
277
|
+
<div class="line"><a name="l00206"></a><span class="lineno"> 206</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> block_size = es[block_size_id];</div>
|
|
278
|
+
<div class="line"><a name="l00207"></a><span class="lineno"> 207</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> block_byte = block_count * block_size;</div>
|
|
279
|
+
<div class="line"><a name="l00208"></a><span class="lineno"> 208</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), block_byte, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
280
280
|
<div class="line"><a name="l00209"></a><span class="lineno"> 209</span>  };</div>
|
|
281
|
-
<div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  </div>
|
|
282
|
-
<div class="line"><a name="l00211"></a><span class="lineno"> 211</span> 
|
|
283
|
-
<div class="line"><a name="l00212"></a><span class="lineno"> 212</span> 
|
|
284
|
-
<div class="line"><a name="l00213"></a><span class="lineno"> 213</span> 
|
|
285
|
-
<div class="line"><a name="l00214"></a><span class="lineno"> 214</span>  <
|
|
286
|
-
<div class="line"><a name="l00215"></a><span class="lineno"> 215</span> 
|
|
287
|
-
<div class="line"><a name="l00216"></a><span class="lineno"> 216</span> 
|
|
288
|
-
<div class="line"><a name="l00217"></a><span class="lineno"> 217</span> 
|
|
289
|
-
<div class="line"><a name="l00218"></a><span class="lineno"> 218</span> 
|
|
290
|
-
<div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  <span class="keywordflow">if</span> (cs.
|
|
291
|
-
<div class="line"><a name="l00220"></a><span class="lineno"> 220</span> 
|
|
292
|
-
<div class="line"><a name="l00221"></a><span class="lineno"> 221</span> 
|
|
293
|
-
<div class="line"><a name="l00222"></a><span class="lineno"> 222</span> 
|
|
294
|
-
<div class="line"><a name="l00223"></a><span class="lineno"> 223</span>  <
|
|
295
|
-
<div class="line"><a name="l00224"></a><span class="lineno"> 224</span> 
|
|
296
|
-
<div class="line"><a name="l00225"></a><span class="lineno"> 225</span> 
|
|
297
|
-
<div class="line"><a name="l00226"></a><span class="lineno"> 226</span> 
|
|
298
|
-
<div class="line"><a name="l00227"></a><span class="lineno"> 227</span> 
|
|
299
|
-
<div class="line"><a name="l00228"></a><span class="lineno"> 228</span> 
|
|
300
|
-
<div class="line"><a name="l00229"></a><span class="lineno"> 229</span> 
|
|
301
|
-
<div class="line"><a name="l00230"></a><span class="lineno"> 230</span> 
|
|
302
|
-
<div class="line"><a name="l00231"></a><span class="lineno"> 231</span> 
|
|
303
|
-
<div class="line"><a name="l00232"></a><span class="lineno"> 232</span> 
|
|
304
|
-
<div class="line"><a name="l00233"></a><span class="lineno"> 233</span> 
|
|
305
|
-
<div class="line"><a name="l00234"></a><span class="lineno"> 234</span> 
|
|
306
|
-
<div class="line"><a name="l00235"></a><span class="lineno"> 235</span> 
|
|
307
|
-
<div class="line"><a name="l00236"></a><span class="lineno"> 236</span> 
|
|
308
|
-
<div class="line"><a name="l00237"></a><span class="lineno"> 237</span> 
|
|
309
|
-
<div class="line"><a name="l00238"></a><span class="lineno"> 238</span> 
|
|
310
|
-
<div class="line"><a name="l00239"></a><span class="lineno"> 239</span> 
|
|
311
|
-
<div class="line"><a name="l00240"></a><span class="lineno"> 240</span> 
|
|
312
|
-
<div class="line"><a name="l00241"></a><span class="lineno"> 241</span> 
|
|
313
|
-
<div class="line"><a name="l00242"></a><span class="lineno"> 242</span> 
|
|
314
|
-
<div class="line"><a name="l00243"></a><span class="lineno"> 243</span> 
|
|
315
|
-
<div class="line"><a name="l00244"></a><span class="lineno"> 244</span> 
|
|
316
|
-
<div class="line"><a name="l00245"></a><span class="lineno"> 245</span> 
|
|
317
|
-
<div class="line"><a name="l00246"></a><span class="lineno"> 246</span> 
|
|
318
|
-
<div class="line"><a name="l00247"></a><span class="lineno"> 247</span> 
|
|
319
|
-
<div class="line"><a name="l00248"></a><span class="lineno"> 248</span> 
|
|
320
|
-
<div class="line"><a name="l00249"></a><span class="lineno"> 249</span> 
|
|
321
|
-
<div class="line"><a name="l00250"></a><span class="lineno"> 250</span> 
|
|
322
|
-
<div class="line"><a name="l00251"></a><span class="lineno"> 251</span> 
|
|
323
|
-
<div class="line"><a name="l00252"></a><span class="lineno"> 252</span> 
|
|
324
|
-
<div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
325
|
-
<div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
326
|
-
<div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
327
|
-
<div class="line"><a name="l00256"></a><span class="lineno"> 256</span>  </div>
|
|
328
|
-
<div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  </div>
|
|
329
|
-
<div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  <
|
|
330
|
-
<div class="line"><a name="l00259"></a><span class="lineno"> 259</span> 
|
|
331
|
-
<div class="line"><a name="l00260"></a><span class="lineno"> 260</span> 
|
|
332
|
-
<div class="line"><a name="l00261"></a><span class="lineno"> 261</span> 
|
|
333
|
-
<div class="line"><a name="l00262"></a><span class="lineno"> 262</span> 
|
|
334
|
-
<div class="line"><a name="l00263"></a><span class="lineno"> 263</span> 
|
|
335
|
-
<div class="line"><a name="l00264"></a><span class="lineno"> 264</span> 
|
|
336
|
-
<div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  </div>
|
|
337
|
-
<div class="line"><a name="l00266"></a><span class="lineno"> 266</span> 
|
|
338
|
-
<div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  <
|
|
339
|
-
<div class="line"><a name="l00268"></a><span class="lineno"> 268</span>  <
|
|
340
|
-
<div class="line"><a name="l00269"></a><span class="lineno"> 269</span> 
|
|
341
|
-
<div class="line"><a name="l00270"></a><span class="lineno"> 270</span> 
|
|
342
|
-
<div class="line"><a name="l00271"></a><span class="lineno"> 271</span>  </div>
|
|
343
|
-
<div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  </div>
|
|
344
|
-
<div class="line"><a name="l00273"></a><span class="lineno"> 273</span> 
|
|
345
|
-
<div class="line"><a name="l00274"></a><span class="lineno"> 274</span> 
|
|
346
|
-
<div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  <
|
|
347
|
-
<div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  <
|
|
348
|
-
<div class="line"><a name="l00277"></a><span class="lineno"> 277</span> 
|
|
349
|
-
<div class="line"><a name="l00278"></a><span class="lineno"> 278</span> 
|
|
350
|
-
<div class="line"><a name="l00279"></a><span class="lineno"> 279</span> 
|
|
351
|
-
<div class="line"><a name="l00280"></a><span class="lineno"> 280</span> 
|
|
352
|
-
<div class="line"><a name="l00281"></a><span class="lineno"> 281</span> 
|
|
353
|
-
<div class="line"><a name="l00282"></a><span class="lineno"> 282</span> 
|
|
354
|
-
<div class="line"><a name="l00283"></a><span class="lineno"> 283</span> 
|
|
355
|
-
<div class="line"><a name="l00284"></a><span class="lineno"> 284</span> 
|
|
356
|
-
<div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  <span class="
|
|
357
|
-
<div class="line"><a name="l00286"></a><span class="lineno"> 286</span> 
|
|
358
|
-
<div class="line"><a name="l00287"></a><span class="lineno"> 287</span> 
|
|
359
|
-
<div class="line"><a name="l00288"></a><span class="lineno"> 288</span> 
|
|
360
|
-
<div class="line"><a name="l00289"></a><span class="lineno"> 289</span> 
|
|
361
|
-
<div class="line"><a name="l00290"></a><span class="lineno"> 290</span> 
|
|
362
|
-
<div class="line"><a name="l00291"></a><span class="lineno"> 291</span> 
|
|
363
|
-
<div class="line"><a name="l00292"></a><span class="lineno"> 292</span> 
|
|
364
|
-
<div class="line"><a name="l00293"></a><span class="lineno"> 293</span> 
|
|
365
|
-
<div class="line"><a name="l00294"></a><span class="lineno"> 294</span> 
|
|
366
|
-
<div class="line"><a name="l00295"></a><span class="lineno"> 295</span> 
|
|
367
|
-
<div class="line"><a name="l00296"></a><span class="lineno"> 296</span> 
|
|
368
|
-
<div class="line"><a name="l00297"></a><span class="lineno"> 297</span> 
|
|
369
|
-
<div class="line"><a name="l00298"></a><span class="lineno"> 298</span> 
|
|
370
|
-
<div class="line"><a name="l00299"></a><span class="lineno"> 299</span> 
|
|
371
|
-
<div class="line"><a name="l00300"></a><span class="lineno"> 300</span> 
|
|
372
|
-
<div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  <
|
|
373
|
-
<div class="line"><a name="l00302"></a><span class="lineno"> 302</span> 
|
|
374
|
-
<div class="line"><a name="l00303"></a><span class="lineno"> 303</span> 
|
|
375
|
-
<div class="line"><a name="l00304"></a><span class="lineno"> 304</span> 
|
|
376
|
-
<div class="line"><a name="l00305"></a><span class="lineno"> 305</span> 
|
|
377
|
-
<div class="line"><a name="l00306"></a><span class="lineno"> 306</span> 
|
|
378
|
-
<div class="line"><a name="l00307"></a><span class="lineno"> 307</span> 
|
|
379
|
-
<div class="line"><a name="l00308"></a><span class="lineno"> 308</span> 
|
|
380
|
-
<div class="line"><a name="l00309"></a><span class="lineno"> 309</span> 
|
|
381
|
-
<div class="line"><a name="l00310"></a><span class="lineno"> 310</span> 
|
|
382
|
-
<div class="line"><a name="l00311"></a><span class="lineno"> 311</span> 
|
|
383
|
-
<div class="line"><a name="l00312"></a><span class="lineno"> 312</span> 
|
|
384
|
-
<div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  <
|
|
385
|
-
<div class="line"><a name="l00314"></a><span class="lineno"> 314</span>  <a class="code" href="
|
|
386
|
-
<div class="line"><a name="l00315"></a><span class="lineno"> 315</span>  <
|
|
387
|
-
<div class="line"><a name="l00316"></a><span class="lineno"> 316</span> 
|
|
388
|
-
<div class="line"><a name="l00317"></a><span class="lineno"> 317</span>  <a class="code" href="
|
|
389
|
-
<div class="line"><a name="l00318"></a><span class="lineno"> 318</span> 
|
|
390
|
-
<div class="line"><a name="l00319"></a><span class="lineno"> 319</span> 
|
|
391
|
-
<div class="line"><a name="l00320"></a><span class="lineno"> 320</span> 
|
|
392
|
-
<div class="line"><a name="l00321"></a><span class="lineno"> 321</span> 
|
|
393
|
-
<div class="line"><a name="l00322"></a><span class="lineno"> 322</span> 
|
|
394
|
-
<div class="line"><a name="l00323"></a><span class="lineno"> 323</span> 
|
|
395
|
-
<div class="line"><a name="l00324"></a><span class="lineno"> 324</span> 
|
|
396
|
-
<div class="line"><a name="l00325"></a><span class="lineno"> 325</span>  <span class="
|
|
397
|
-
<div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  <span class="keywordflow">if</span> (
|
|
398
|
-
<div class="line"><a name="l00327"></a><span class="lineno"> 327</span> 
|
|
399
|
-
<div class="line"><a name="l00328"></a><span class="lineno"> 328</span> 
|
|
400
|
-
<div class="line"><a name="l00329"></a><span class="lineno"> 329</span> 
|
|
401
|
-
<div class="line"><a name="l00330"></a><span class="lineno"> 330</span> 
|
|
402
|
-
<div class="line"><a name="l00331"></a><span class="lineno"> 331</span> 
|
|
403
|
-
<div class="line"><a name="l00332"></a><span class="lineno"> 332</span> 
|
|
404
|
-
<div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  <
|
|
405
|
-
<div class="line"><a name="l00334"></a><span class="lineno"> 334</span> 
|
|
406
|
-
<div class="line"><a name="l00335"></a><span class="lineno"> 335</span> 
|
|
407
|
-
<div class="line"><a name="l00336"></a><span class="lineno"> 336</span> 
|
|
408
|
-
<div class="line"><a name="l00337"></a><span class="lineno"> 337</span> 
|
|
409
|
-
<div class="line"><a name="l00338"></a><span class="lineno"> 338</span> 
|
|
410
|
-
<div class="line"><a name="l00339"></a><span class="lineno"> 339</span> 
|
|
411
|
-
<div class="line"><a name="l00340"></a><span class="lineno"> 340</span> 
|
|
412
|
-
<div class="line"><a name="l00341"></a><span class="lineno"> 341</span> 
|
|
413
|
-
<div class="line"><a name="l00342"></a><span class="lineno"> 342</span> 
|
|
414
|
-
<div class="line"><a name="l00343"></a><span class="lineno"> 343</span> 
|
|
415
|
-
<div class="line"><a name="l00344"></a><span class="lineno"> 344</span> 
|
|
416
|
-
<div class="line"><a name="l00345"></a><span class="lineno"> 345</span> 
|
|
417
|
-
<div class="line"><a name="l00346"></a><span class="lineno"> 346</span> 
|
|
418
|
-
<div class="line"><a name="l00347"></a><span class="lineno"> 347</span> 
|
|
419
|
-
<div class="line"><a name="l00348"></a><span class="lineno"> 348</span> 
|
|
420
|
-
<div class="line"><a name="l00349"></a><span class="lineno"> 349</span> 
|
|
421
|
-
<div class="line"><a name="l00350"></a><span class="lineno"> 350</span> 
|
|
422
|
-
<div class="line"><a name="l00351"></a><span class="lineno"> 351</span> 
|
|
423
|
-
<div class="line"><a name="l00352"></a><span class="lineno"> 352</span> 
|
|
424
|
-
<div class="line"><a name="l00353"></a><span class="lineno"> 353</span> 
|
|
425
|
-
<div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  <
|
|
426
|
-
<div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  <span class="
|
|
427
|
-
<div class="line"><a name="l00356"></a><span class="lineno"> 356</span> 
|
|
428
|
-
<div class="line"><a name="l00357"></a><span class="lineno"> 357</span> 
|
|
429
|
-
<div class="line"><a name="l00358"></a><span class="lineno"> 358</span> 
|
|
430
|
-
<div class="line"><a name="l00359"></a><span class="lineno"> 359</span> 
|
|
431
|
-
<div class="line"><a name="l00360"></a><span class="lineno"> 360</span>  <span class="keywordflow">
|
|
281
|
+
<div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"fread"</span>] = sse_fread;</div>
|
|
282
|
+
<div class="line"><a name="l00211"></a><span class="lineno"> 211</span>  </div>
|
|
283
|
+
<div class="line"><a name="l00212"></a><span class="lineno"> 212</span>  <span class="keyword">auto</span> sse_sprintf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
284
|
+
<div class="line"><a name="l00213"></a><span class="lineno"> 213</span>  {</div>
|
|
285
|
+
<div class="line"><a name="l00214"></a><span class="lineno"> 214</span>  <span class="comment">// printf is difficult to predict since it has no byte size arguments</span></div>
|
|
286
|
+
<div class="line"><a name="l00215"></a><span class="lineno"> 215</span>  };</div>
|
|
287
|
+
<div class="line"><a name="l00216"></a><span class="lineno"> 216</span>  </div>
|
|
288
|
+
<div class="line"><a name="l00217"></a><span class="lineno"> 217</span>  <span class="keyword">auto</span> sse_snprintf = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
289
|
+
<div class="line"><a name="l00218"></a><span class="lineno"> 218</span>  {</div>
|
|
290
|
+
<div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
291
|
+
<div class="line"><a name="l00220"></a><span class="lineno"> 220</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
292
|
+
<div class="line"><a name="l00221"></a><span class="lineno"> 221</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
293
|
+
<div class="line"><a name="l00222"></a><span class="lineno"> 222</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
294
|
+
<div class="line"><a name="l00223"></a><span class="lineno"> 223</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
|
|
295
|
+
<div class="line"><a name="l00224"></a><span class="lineno"> 224</span>  <span class="comment">// get elem size of arg2</span></div>
|
|
296
|
+
<div class="line"><a name="l00225"></a><span class="lineno"> 225</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> elemSize = 1;</div>
|
|
297
|
+
<div class="line"><a name="l00226"></a><span class="lineno"> 226</span>  <span class="keywordflow">if</span> (cs.getArgument(2)->getType()->isArrayTy())</div>
|
|
298
|
+
<div class="line"><a name="l00227"></a><span class="lineno"> 227</span>  {</div>
|
|
299
|
+
<div class="line"><a name="l00228"></a><span class="lineno"> 228</span>  elemSize = SVFUtil::dyn_cast<SVFArrayType>(cs.getArgument(2)->getType())->getTypeOfElement()->getByteSize();</div>
|
|
300
|
+
<div class="line"><a name="l00229"></a><span class="lineno"> 229</span>  }</div>
|
|
301
|
+
<div class="line"><a name="l00230"></a><span class="lineno"> 230</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (cs.getArgument(2)->getType()->isPointerTy())</div>
|
|
302
|
+
<div class="line"><a name="l00231"></a><span class="lineno"> 231</span>  {</div>
|
|
303
|
+
<div class="line"><a name="l00232"></a><span class="lineno"> 232</span>  elemSize = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a319cdab5339e6fe56fec8ade68f9da92">getPointeeElement</a>(es, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2)))-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
304
|
+
<div class="line"><a name="l00233"></a><span class="lineno"> 233</span>  }</div>
|
|
305
|
+
<div class="line"><a name="l00234"></a><span class="lineno"> 234</span>  <span class="keywordflow">else</span></div>
|
|
306
|
+
<div class="line"><a name="l00235"></a><span class="lineno"> 235</span>  {</div>
|
|
307
|
+
<div class="line"><a name="l00236"></a><span class="lineno"> 236</span>  <span class="keywordflow">return</span>;</div>
|
|
308
|
+
<div class="line"><a name="l00237"></a><span class="lineno"> 237</span>  <span class="comment">// assert(false && "we cannot support this type");</span></div>
|
|
309
|
+
<div class="line"><a name="l00238"></a><span class="lineno"> 238</span>  }</div>
|
|
310
|
+
<div class="line"><a name="l00239"></a><span class="lineno"> 239</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> size = es[size_id] * <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(elemSize) - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
311
|
+
<div class="line"><a name="l00240"></a><span class="lineno"> 240</span>  <span class="keywordflow">if</span> (!es.<a class="code" href="classSVF_1_1AbstractState.html#aa34516a95191c5ec56ce44a117e8b018">inVarToAddrsTable</a>(dst_id))</div>
|
|
312
|
+
<div class="line"><a name="l00241"></a><span class="lineno"> 241</span>  {</div>
|
|
313
|
+
<div class="line"><a name="l00242"></a><span class="lineno"> 242</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">Options::BufferOverflowCheck</a>())</div>
|
|
314
|
+
<div class="line"><a name="l00243"></a><span class="lineno"> 243</span>  {</div>
|
|
315
|
+
<div class="line"><a name="l00244"></a><span class="lineno"> 244</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(</div>
|
|
316
|
+
<div class="line"><a name="l00245"></a><span class="lineno"> 245</span>  <span class="stringliteral">"snprintf dst_id or dst is not defined nor initializesd.\n"</span>,</div>
|
|
317
|
+
<div class="line"><a name="l00246"></a><span class="lineno"> 246</span>  0, 0, 0, 0, cs.getArgument(0));</div>
|
|
318
|
+
<div class="line"><a name="l00247"></a><span class="lineno"> 247</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
319
|
+
<div class="line"><a name="l00248"></a><span class="lineno"> 248</span>  <span class="keywordflow">return</span>;</div>
|
|
320
|
+
<div class="line"><a name="l00249"></a><span class="lineno"> 249</span>  }</div>
|
|
321
|
+
<div class="line"><a name="l00250"></a><span class="lineno"> 250</span>  }</div>
|
|
322
|
+
<div class="line"><a name="l00251"></a><span class="lineno"> 251</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), size, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
323
|
+
<div class="line"><a name="l00252"></a><span class="lineno"> 252</span>  };</div>
|
|
324
|
+
<div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__snprintf_chk"</span>] = sse_snprintf;</div>
|
|
325
|
+
<div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__vsprintf_chk"</span>] = sse_sprintf;</div>
|
|
326
|
+
<div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__sprintf_chk"</span>] = sse_sprintf;</div>
|
|
327
|
+
<div class="line"><a name="l00256"></a><span class="lineno"> 256</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"snprintf"</span>] = sse_snprintf;</div>
|
|
328
|
+
<div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"sprintf"</span>] = sse_sprintf;</div>
|
|
329
|
+
<div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"vsprintf"</span>] = sse_sprintf;</div>
|
|
330
|
+
<div class="line"><a name="l00259"></a><span class="lineno"> 259</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"vsnprintf"</span>] = sse_snprintf;</div>
|
|
331
|
+
<div class="line"><a name="l00260"></a><span class="lineno"> 260</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__vsnprintf_chk"</span>] = sse_snprintf;</div>
|
|
332
|
+
<div class="line"><a name="l00261"></a><span class="lineno"> 261</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"swprintf"</span>] = sse_snprintf;</div>
|
|
333
|
+
<div class="line"><a name="l00262"></a><span class="lineno"> 262</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"_snwprintf"</span>] = sse_snprintf;</div>
|
|
334
|
+
<div class="line"><a name="l00263"></a><span class="lineno"> 263</span>  </div>
|
|
335
|
+
<div class="line"><a name="l00264"></a><span class="lineno"> 264</span>  </div>
|
|
336
|
+
<div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  <span class="keyword">auto</span> sse_itoa = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
337
|
+
<div class="line"><a name="l00266"></a><span class="lineno"> 266</span>  {</div>
|
|
338
|
+
<div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  <span class="comment">// itoa(num, ch, 10);</span></div>
|
|
339
|
+
<div class="line"><a name="l00268"></a><span class="lineno"> 268</span>  <span class="comment">// num: int, ch: char*, 10 is decimal</span></div>
|
|
340
|
+
<div class="line"><a name="l00269"></a><span class="lineno"> 269</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
341
|
+
<div class="line"><a name="l00270"></a><span class="lineno"> 270</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
342
|
+
<div class="line"><a name="l00271"></a><span class="lineno"> 271</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
343
|
+
<div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> num_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
|
|
344
|
+
<div class="line"><a name="l00273"></a><span class="lineno"> 273</span>  </div>
|
|
345
|
+
<div class="line"><a name="l00274"></a><span class="lineno"> 274</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> num = (<a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a>) es[num_id].getInterval().getNumeral();</div>
|
|
346
|
+
<div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> snum = std::to_string(num);</div>
|
|
347
|
+
<div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(1), <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a>((<a class="code" href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">s32_t</a>)snum.size()), <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
348
|
+
<div class="line"><a name="l00277"></a><span class="lineno"> 277</span>  };</div>
|
|
349
|
+
<div class="line"><a name="l00278"></a><span class="lineno"> 278</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"itoa"</span>] = sse_itoa;</div>
|
|
350
|
+
<div class="line"><a name="l00279"></a><span class="lineno"> 279</span>  </div>
|
|
351
|
+
<div class="line"><a name="l00280"></a><span class="lineno"> 280</span>  </div>
|
|
352
|
+
<div class="line"><a name="l00281"></a><span class="lineno"> 281</span>  <span class="keyword">auto</span> sse_strlen = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
353
|
+
<div class="line"><a name="l00282"></a><span class="lineno"> 282</span>  {</div>
|
|
354
|
+
<div class="line"><a name="l00283"></a><span class="lineno"> 283</span>  <span class="comment">// check the arg size</span></div>
|
|
355
|
+
<div class="line"><a name="l00284"></a><span class="lineno"> 284</span>  <span class="keywordflow">if</span> (cs.arg_size() < 1) <span class="keywordflow">return</span>;</div>
|
|
356
|
+
<div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* strValue = cs.getArgument(0);</div>
|
|
357
|
+
<div class="line"><a name="l00286"></a><span class="lineno"> 286</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
358
|
+
<div class="line"><a name="l00287"></a><span class="lineno"> 287</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
359
|
+
<div class="line"><a name="l00288"></a><span class="lineno"> 288</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> dst_size = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af3c6f27181cc271332919732e490ad1d">getStrlen</a>(es, strValue);</div>
|
|
360
|
+
<div class="line"><a name="l00289"></a><span class="lineno"> 289</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> elemSize = 1;</div>
|
|
361
|
+
<div class="line"><a name="l00290"></a><span class="lineno"> 290</span>  <span class="keywordflow">if</span> (strValue-><a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>()-><a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
|
|
362
|
+
<div class="line"><a name="l00291"></a><span class="lineno"> 291</span>  {</div>
|
|
363
|
+
<div class="line"><a name="l00292"></a><span class="lineno"> 292</span>  elemSize = SVFUtil::dyn_cast<SVFArrayType>(strValue-><a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>())->getTypeOfElement()->getByteSize();</div>
|
|
364
|
+
<div class="line"><a name="l00293"></a><span class="lineno"> 293</span>  }</div>
|
|
365
|
+
<div class="line"><a name="l00294"></a><span class="lineno"> 294</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (strValue-><a class="code" href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">getType</a>()-><a class="code" href="classSVF_1_1SVFType.html#a870b63af2bf9fe43cdf1df3d56b20f6c">isPointerTy</a>())</div>
|
|
366
|
+
<div class="line"><a name="l00295"></a><span class="lineno"> 295</span>  {</div>
|
|
367
|
+
<div class="line"><a name="l00296"></a><span class="lineno"> 296</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a>* pointee = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a319cdab5339e6fe56fec8ade68f9da92">getPointeeElement</a>(es, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(strValue)))</div>
|
|
368
|
+
<div class="line"><a name="l00297"></a><span class="lineno"> 297</span>  elemSize = pointee->getByteSize();</div>
|
|
369
|
+
<div class="line"><a name="l00298"></a><span class="lineno"> 298</span>  <span class="keywordflow">else</span></div>
|
|
370
|
+
<div class="line"><a name="l00299"></a><span class="lineno"> 299</span>  elemSize = 1;</div>
|
|
371
|
+
<div class="line"><a name="l00300"></a><span class="lineno"> 300</span>  }</div>
|
|
372
|
+
<div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
|
|
373
|
+
<div class="line"><a name="l00302"></a><span class="lineno"> 302</span>  es[lhsId] = dst_size / <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(elemSize);</div>
|
|
374
|
+
<div class="line"><a name="l00303"></a><span class="lineno"> 303</span>  };</div>
|
|
375
|
+
<div class="line"><a name="l00304"></a><span class="lineno"> 304</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"strlen"</span>] = sse_strlen;</div>
|
|
376
|
+
<div class="line"><a name="l00305"></a><span class="lineno"> 305</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"wcslen"</span>] = sse_strlen;</div>
|
|
377
|
+
<div class="line"><a name="l00306"></a><span class="lineno"> 306</span>  </div>
|
|
378
|
+
<div class="line"><a name="l00307"></a><span class="lineno"> 307</span>  <span class="keyword">auto</span> sse_recv = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
379
|
+
<div class="line"><a name="l00308"></a><span class="lineno"> 308</span>  {</div>
|
|
380
|
+
<div class="line"><a name="l00309"></a><span class="lineno"> 309</span>  <span class="comment">// recv(sockfd, buf, len, flags);</span></div>
|
|
381
|
+
<div class="line"><a name="l00310"></a><span class="lineno"> 310</span>  <span class="keywordflow">if</span> (cs.arg_size() < 4) <span class="keywordflow">return</span>;</div>
|
|
382
|
+
<div class="line"><a name="l00311"></a><span class="lineno"> 311</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
383
|
+
<div class="line"><a name="l00312"></a><span class="lineno"> 312</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
384
|
+
<div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> len_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
385
|
+
<div class="line"><a name="l00314"></a><span class="lineno"> 314</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> len = es[len_id] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
386
|
+
<div class="line"><a name="l00315"></a><span class="lineno"> 315</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
|
|
387
|
+
<div class="line"><a name="l00316"></a><span class="lineno"> 316</span>  es[lhsId] = len;</div>
|
|
388
|
+
<div class="line"><a name="l00317"></a><span class="lineno"> 317</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(1), len, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));;</div>
|
|
389
|
+
<div class="line"><a name="l00318"></a><span class="lineno"> 318</span>  };</div>
|
|
390
|
+
<div class="line"><a name="l00319"></a><span class="lineno"> 319</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"recv"</span>] = sse_recv;</div>
|
|
391
|
+
<div class="line"><a name="l00320"></a><span class="lineno"> 320</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__recv"</span>] = sse_recv;</div>
|
|
392
|
+
<div class="line"><a name="l00321"></a><span class="lineno"> 321</span>  <span class="keyword">auto</span> safe_bufaccess = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
393
|
+
<div class="line"><a name="l00322"></a><span class="lineno"> 322</span>  {</div>
|
|
394
|
+
<div class="line"><a name="l00323"></a><span class="lineno"> 323</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
395
|
+
<div class="line"><a name="l00324"></a><span class="lineno"> 324</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">_checkpoints</a>.erase(callNode);</div>
|
|
396
|
+
<div class="line"><a name="l00325"></a><span class="lineno"> 325</span>  <span class="comment">//void SAFE_BUFACCESS(void* data, int size);</span></div>
|
|
397
|
+
<div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
398
|
+
<div class="line"><a name="l00327"></a><span class="lineno"> 327</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
399
|
+
<div class="line"><a name="l00328"></a><span class="lineno"> 328</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
400
|
+
<div class="line"><a name="l00329"></a><span class="lineno"> 329</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> val = es[size_id];</div>
|
|
401
|
+
<div class="line"><a name="l00330"></a><span class="lineno"> 330</span>  <span class="keywordflow">if</span> (val.<a class="code" href="structSVF_1_1AbstractValue.html#a8b1af972fa8a4e40347990d179ec1c52">isBottom</a>())</div>
|
|
402
|
+
<div class="line"><a name="l00331"></a><span class="lineno"> 331</span>  {</div>
|
|
403
|
+
<div class="line"><a name="l00332"></a><span class="lineno"> 332</span>  val = <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(0);</div>
|
|
404
|
+
<div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"SAFE_BUFACCESS size is bottom"</span>);</div>
|
|
405
|
+
<div class="line"><a name="l00334"></a><span class="lineno"> 334</span>  }</div>
|
|
406
|
+
<div class="line"><a name="l00335"></a><span class="lineno"> 335</span>  <span class="keywordtype">bool</span> isSafe = <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), val, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
407
|
+
<div class="line"><a name="l00336"></a><span class="lineno"> 336</span>  <span class="keywordflow">if</span> (isSafe)</div>
|
|
408
|
+
<div class="line"><a name="l00337"></a><span class="lineno"> 337</span>  {</div>
|
|
409
|
+
<div class="line"><a name="l00338"></a><span class="lineno"> 338</span>  std::cout << <span class="stringliteral">"safe buffer access success\n"</span>;</div>
|
|
410
|
+
<div class="line"><a name="l00339"></a><span class="lineno"> 339</span>  <span class="keywordflow">return</span>;</div>
|
|
411
|
+
<div class="line"><a name="l00340"></a><span class="lineno"> 340</span>  }</div>
|
|
412
|
+
<div class="line"><a name="l00341"></a><span class="lineno"> 341</span>  <span class="keywordflow">else</span></div>
|
|
413
|
+
<div class="line"><a name="l00342"></a><span class="lineno"> 342</span>  {</div>
|
|
414
|
+
<div class="line"><a name="l00343"></a><span class="lineno"> 343</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> err_msg = <span class="stringliteral">"this SAFE_BUFACCESS should be a safe access but detected buffer overflow. Pos: "</span>;</div>
|
|
415
|
+
<div class="line"><a name="l00344"></a><span class="lineno"> 344</span>  err_msg += cs.getInstruction()->getSourceLoc();</div>
|
|
416
|
+
<div class="line"><a name="l00345"></a><span class="lineno"> 345</span>  std::cerr << err_msg << std::endl;</div>
|
|
417
|
+
<div class="line"><a name="l00346"></a><span class="lineno"> 346</span>  assert(<span class="keyword">false</span>);</div>
|
|
418
|
+
<div class="line"><a name="l00347"></a><span class="lineno"> 347</span>  }</div>
|
|
419
|
+
<div class="line"><a name="l00348"></a><span class="lineno"> 348</span>  };</div>
|
|
420
|
+
<div class="line"><a name="l00349"></a><span class="lineno"> 349</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"SAFE_BUFACCESS"</span>] = safe_bufaccess;</div>
|
|
421
|
+
<div class="line"><a name="l00350"></a><span class="lineno"> 350</span>  </div>
|
|
422
|
+
<div class="line"><a name="l00351"></a><span class="lineno"> 351</span>  <span class="keyword">auto</span> unsafe_bufaccess = [&](<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> &cs)</div>
|
|
423
|
+
<div class="line"><a name="l00352"></a><span class="lineno"> 352</span>  {</div>
|
|
424
|
+
<div class="line"><a name="l00353"></a><span class="lineno"> 353</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a>* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
425
|
+
<div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">_checkpoints</a>.erase(callNode);</div>
|
|
426
|
+
<div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  <span class="comment">//void UNSAFE_BUFACCESS(void* data, int size);</span></div>
|
|
427
|
+
<div class="line"><a name="l00356"></a><span class="lineno"> 356</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
428
|
+
<div class="line"><a name="l00357"></a><span class="lineno"> 357</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>&es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(callNode);</div>
|
|
429
|
+
<div class="line"><a name="l00358"></a><span class="lineno"> 358</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
430
|
+
<div class="line"><a name="l00359"></a><span class="lineno"> 359</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> val = es[size_id];</div>
|
|
431
|
+
<div class="line"><a name="l00360"></a><span class="lineno"> 360</span>  <span class="keywordflow">if</span> (val.<a class="code" href="structSVF_1_1AbstractValue.html#a8b1af972fa8a4e40347990d179ec1c52">isBottom</a>())</div>
|
|
432
432
|
<div class="line"><a name="l00361"></a><span class="lineno"> 361</span>  {</div>
|
|
433
|
-
<div class="line"><a name="l00362"></a><span class="lineno"> 362</span>  <span class="
|
|
434
|
-
<div class="line"><a name="l00363"></a><span class="lineno"> 363</span> 
|
|
435
|
-
<div class="line"><a name="l00364"></a><span class="lineno"> 364</span> 
|
|
436
|
-
<div class="line"><a name="l00365"></a><span class="lineno"> 365</span> 
|
|
437
|
-
<div class="line"><a name="l00366"></a><span class="lineno"> 366</span> 
|
|
438
|
-
<div class="line"><a name="l00367"></a><span class="lineno"> 367</span> 
|
|
439
|
-
<div class="line"><a name="l00368"></a><span class="lineno"> 368</span> 
|
|
440
|
-
<div class="line"><a name="l00369"></a><span class="lineno"> 369</span> 
|
|
441
|
-
<div class="line"><a name="l00370"></a><span class="lineno"> 370</span>  </div>
|
|
442
|
-
<div class="line"><a name="l00371"></a><span class="lineno"> 371</span> 
|
|
443
|
-
<div class="line"><a name="l00372"></a><span class="lineno"> 372</span> 
|
|
444
|
-
<div class="line"><a name="l00373"></a><span class="lineno"> 373</span> 
|
|
445
|
-
<div class="line"><a name="l00374"></a><span class="lineno"> 374</span> 
|
|
446
|
-
<div class="line"><a name="l00375"></a><span class="lineno"> 375</span> 
|
|
447
|
-
<div class="line"><a name="l00376"></a><span class="lineno"
|
|
448
|
-
<div class="line"><a name="l00377"></a><span class="lineno"> 377</span> 
|
|
449
|
-
<div class="line"><a name="l00378"></a><span class="lineno"> 378</span> 
|
|
450
|
-
<div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  <
|
|
451
|
-
<div class="line"><a name="l00380"></a><span class="lineno"> 380</span> 
|
|
452
|
-
<div class="line"><a name="l00381"></a><span class="lineno"> 381</span>  <span class="comment">//
|
|
453
|
-
<div class="line"><a name="l00382"></a><span class="lineno"> 382</span>  <
|
|
454
|
-
<div class="line"><a name="l00383"></a><span class="lineno"> 383</span>  <
|
|
455
|
-
<div class="line"><a name="l00384"></a><span class="lineno"> 384</span> 
|
|
456
|
-
<div class="line"><a name="l00385"></a><span class="lineno"> 385</span> 
|
|
457
|
-
<div class="line"><a name="l00386"></a><span class="lineno"> 386</span> 
|
|
458
|
-
<div class="line"><a name="l00387"></a><span class="lineno"> 387</span> 
|
|
459
|
-
<div class="line"><a name="l00388"></a><span class="lineno"> 388</span> 
|
|
460
|
-
<div class="line"><a name="l00389"></a><span class="lineno"> 389</span> 
|
|
461
|
-
<div class="line"><a name="l00390"></a><span class="lineno"> 390</span> 
|
|
462
|
-
<div class="line"><a name="l00391"></a><span class="lineno"> 391</span> 
|
|
463
|
-
<div class="line"><a name="l00392"></a><span class="lineno"> 392</span> 
|
|
464
|
-
<div class="line"><a name="l00393"></a><span class="lineno"> 393</span> 
|
|
465
|
-
<div class="line"><a name="l00394"></a><span class="lineno"> 394</span> 
|
|
466
|
-
<div class="line"><a name="l00395"></a><span class="lineno"> 395</span> 
|
|
467
|
-
<div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  }
|
|
468
|
-
<div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="
|
|
469
|
-
<div class="line"><a name="l00398"></a><span class="lineno"> 398</span> 
|
|
470
|
-
<div class="line"><a name="l00399"></a><span class="lineno"> 399</span> 
|
|
471
|
-
<div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  <
|
|
472
|
-
<div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>*
|
|
473
|
-
<div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  <a class="code" href="
|
|
474
|
-
<div class="line"><a name="l00403"></a><span class="lineno"> 403</span> 
|
|
475
|
-
<div class="line"><a name="l00404"></a><span class="lineno"> 404</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a>
|
|
476
|
-
<div class="line"><a name="l00405"></a><span class="lineno"> 405</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> totalLen = strLen0 +
|
|
433
|
+
<div class="line"><a name="l00362"></a><span class="lineno"> 362</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"UNSAFE_BUFACCESS size is bottom"</span>);</div>
|
|
434
|
+
<div class="line"><a name="l00363"></a><span class="lineno"> 363</span>  }</div>
|
|
435
|
+
<div class="line"><a name="l00364"></a><span class="lineno"> 364</span>  <span class="keywordtype">bool</span> isSafe = <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), val, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
436
|
+
<div class="line"><a name="l00365"></a><span class="lineno"> 365</span>  <span class="keywordflow">if</span> (!isSafe)</div>
|
|
437
|
+
<div class="line"><a name="l00366"></a><span class="lineno"> 366</span>  {</div>
|
|
438
|
+
<div class="line"><a name="l00367"></a><span class="lineno"> 367</span>  std::cout << <span class="stringliteral">"detect buffer overflow success\n"</span>;</div>
|
|
439
|
+
<div class="line"><a name="l00368"></a><span class="lineno"> 368</span>  <span class="keywordflow">return</span>;</div>
|
|
440
|
+
<div class="line"><a name="l00369"></a><span class="lineno"> 369</span>  }</div>
|
|
441
|
+
<div class="line"><a name="l00370"></a><span class="lineno"> 370</span>  <span class="keywordflow">else</span></div>
|
|
442
|
+
<div class="line"><a name="l00371"></a><span class="lineno"> 371</span>  {</div>
|
|
443
|
+
<div class="line"><a name="l00372"></a><span class="lineno"> 372</span>  <span class="comment">// if it is safe, it means it is wrongly labeled, assert false.</span></div>
|
|
444
|
+
<div class="line"><a name="l00373"></a><span class="lineno"> 373</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> err_msg = <span class="stringliteral">"this UNSAFE_BUFACCESS should be a buffer overflow but not detected. Pos: "</span>;</div>
|
|
445
|
+
<div class="line"><a name="l00374"></a><span class="lineno"> 374</span>  err_msg += cs.getInstruction()->getSourceLoc();</div>
|
|
446
|
+
<div class="line"><a name="l00375"></a><span class="lineno"> 375</span>  std::cerr << err_msg << std::endl;</div>
|
|
447
|
+
<div class="line"><a name="l00376"></a><span class="lineno"> 376</span>  assert(<span class="keyword">false</span>);</div>
|
|
448
|
+
<div class="line"><a name="l00377"></a><span class="lineno"> 377</span>  }</div>
|
|
449
|
+
<div class="line"><a name="l00378"></a><span class="lineno"> 378</span>  };</div>
|
|
450
|
+
<div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"UNSAFE_BUFACCESS"</span>] = unsafe_bufaccess;</div>
|
|
451
|
+
<div class="line"><a name="l00380"></a><span class="lineno"> 380</span>  </div>
|
|
452
|
+
<div class="line"><a name="l00381"></a><span class="lineno"> 381</span>  <span class="comment">// init _checkpoint_names</span></div>
|
|
453
|
+
<div class="line"><a name="l00382"></a><span class="lineno"> 382</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">_checkpoint_names</a>.insert(<span class="stringliteral">"SAFE_BUFACCESS"</span>);</div>
|
|
454
|
+
<div class="line"><a name="l00383"></a><span class="lineno"> 383</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">_checkpoint_names</a>.insert(<span class="stringliteral">"UNSAFE_BUFACCESS"</span>);</div>
|
|
455
|
+
<div class="line"><a name="l00384"></a><span class="lineno"> 384</span> }</div>
|
|
456
|
+
<div class="line"><a name="l00385"></a><span class="lineno"> 385</span>  </div>
|
|
457
|
+
<div class="line"><a name="l00386"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822"> 386</a></span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">BufOverflowChecker::detectStrcat</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
|
|
458
|
+
<div class="line"><a name="l00387"></a><span class="lineno"> 387</span> {</div>
|
|
459
|
+
<div class="line"><a name="l00388"></a><span class="lineno"> 388</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(call);</div>
|
|
460
|
+
<div class="line"><a name="l00389"></a><span class="lineno"> 389</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFFunction.html">SVFFunction</a> *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
461
|
+
<div class="line"><a name="l00390"></a><span class="lineno"> 390</span>  <span class="comment">// check the arg size</span></div>
|
|
462
|
+
<div class="line"><a name="l00391"></a><span class="lineno"> 391</span>  <span class="comment">// if it is strcat group, we need to check the length of string,</span></div>
|
|
463
|
+
<div class="line"><a name="l00392"></a><span class="lineno"> 392</span>  <span class="comment">// e.g. strcat(str1, str2); which checks AllocSize(str1) >= Strlen(str1) + Strlen(str2);</span></div>
|
|
464
|
+
<div class="line"><a name="l00393"></a><span class="lineno"> 393</span>  <span class="comment">// if it is strncat group, we do not need to check the length of string,</span></div>
|
|
465
|
+
<div class="line"><a name="l00394"></a><span class="lineno"> 394</span>  <span class="comment">// e.g. strncat(str1, str2, n); which checks AllocSize(str1) >= Strlen(str1) + n;</span></div>
|
|
466
|
+
<div class="line"><a name="l00395"></a><span class="lineno"> 395</span>  </div>
|
|
467
|
+
<div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  <span class="keyword">const</span> std::vector<std::string> strcatGroup = {<span class="stringliteral">"__strcat_chk"</span>, <span class="stringliteral">"strcat"</span>, <span class="stringliteral">"__wcscat_chk"</span>, <span class="stringliteral">"wcscat"</span>};</div>
|
|
468
|
+
<div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="keyword">const</span> std::vector<std::string> strncatGroup = {<span class="stringliteral">"__strncat_chk"</span>, <span class="stringliteral">"strncat"</span>, <span class="stringliteral">"__wcsncat_chk"</span>, <span class="stringliteral">"wcsncat"</span>};</div>
|
|
469
|
+
<div class="line"><a name="l00398"></a><span class="lineno"> 398</span>  <span class="keywordflow">if</span> (std::find(strcatGroup.begin(), strcatGroup.end(), fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) != strcatGroup.end())</div>
|
|
470
|
+
<div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  {</div>
|
|
471
|
+
<div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
472
|
+
<div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
|
|
473
|
+
<div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg1Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(1);</div>
|
|
474
|
+
<div class="line"><a name="l00403"></a><span class="lineno"> 403</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af3c6f27181cc271332919732e490ad1d">getStrlen</a>(es, arg0Val);</div>
|
|
475
|
+
<div class="line"><a name="l00404"></a><span class="lineno"> 404</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> strLen1 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af3c6f27181cc271332919732e490ad1d">getStrlen</a>(es, arg1Val);</div>
|
|
476
|
+
<div class="line"><a name="l00405"></a><span class="lineno"> 405</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> totalLen = strLen0 + strLen1;</div>
|
|
477
477
|
<div class="line"><a name="l00406"></a><span class="lineno"> 406</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
|
|
478
478
|
<div class="line"><a name="l00407"></a><span class="lineno"> 407</span>  }</div>
|
|
479
|
-
<div class="line"><a name="l00408"></a><span class="lineno"> 408</span>  <span class="keywordflow">else</span
|
|
479
|
+
<div class="line"><a name="l00408"></a><span class="lineno"> 408</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (std::find(strncatGroup.begin(), strncatGroup.end(), fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) != strncatGroup.end())</div>
|
|
480
480
|
<div class="line"><a name="l00409"></a><span class="lineno"> 409</span>  {</div>
|
|
481
|
-
<div class="line"><a name="l00410"></a><span class="lineno"> 410</span> 
|
|
482
|
-
<div class="line"><a name="l00411"></a><span class="lineno"> 411</span> 
|
|
483
|
-
<div class="line"><a name="l00412"></a><span class="lineno"> 412</span> 
|
|
484
|
-
<div class="line"><a name="l00413"></a><span class="lineno"> 413</span> 
|
|
485
|
-
<div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  </div>
|
|
486
|
-
<div class="line"><a name="l00415"></a><span class="lineno"
|
|
487
|
-
<div class="line"><a name="l00416"></a><span class="lineno"> 416</span> 
|
|
488
|
-
<div class="line"><a name="l00417"></a><span class="lineno"> 417</span> 
|
|
489
|
-
<div class="line"><a name="l00418"></a><span class="lineno"> 418</span>  <span class="
|
|
490
|
-
<div class="line"><a name="l00419"></a><span class="lineno"> 419</span> 
|
|
491
|
-
<div class="line"><a name="l00420"></a><span class="lineno"> 420</span> 
|
|
492
|
-
<div class="line"><a name="l00421"></a><span class="lineno"> 421</span> 
|
|
493
|
-
<div class="line"><a name="l00422"></a><span class="lineno"> 422</span> 
|
|
494
|
-
<div class="line"><a name="l00423"></a><span class="lineno"> 423</span> 
|
|
495
|
-
<div class="line"><a name="l00424"></a><span class="lineno"> 424</span> 
|
|
496
|
-
<div class="line"><a name="l00425"></a><span class="lineno"> 425</span> 
|
|
497
|
-
<div class="line"><a name="l00426"></a><span class="lineno"> 426</span> 
|
|
498
|
-
<div class="line"><a name="l00427"></a><span class="lineno"> 427</span>  <a class="code" href="
|
|
499
|
-
<div class="line"><a name="l00428"></a><span class="lineno"> 428</span>  <
|
|
500
|
-
<div class="line"><a name="l00429"></a><span class="lineno"> 429</span>  <span class="
|
|
501
|
-
<div class="line"><a name="l00430"></a><span class="lineno"> 430</span> 
|
|
502
|
-
<div class="line"><a name="l00431"></a><span class="lineno"> 431</span> 
|
|
503
|
-
<div class="line"><a name="l00432"></a><span class="lineno"> 432</span> 
|
|
504
|
-
<div class="line"><a name="l00433"></a><span class="lineno"> 433</span> 
|
|
505
|
-
<div class="line"><a name="l00434"></a><span class="lineno"> 434</span> 
|
|
506
|
-
<div class="line"><a name="l00435"></a><span class="lineno"> 435</span> 
|
|
507
|
-
<div class="line"><a name="l00436"></a><span class="lineno"> 436</span> 
|
|
508
|
-
<div class="line"><a name="l00437"></a><span class="lineno"> 437</span> 
|
|
509
|
-
<div class="line"><a name="l00438"></a><span class="lineno"> 438</span> 
|
|
510
|
-
<div class="line"><a name="l00439"></a><span class="lineno"> 439</span> 
|
|
511
|
-
<div class="line"><a name="l00440"></a><span class="lineno"> 440</span>  <span class="
|
|
512
|
-
<div class="line"><a name="l00441"></a><span class="lineno"> 441</span> 
|
|
513
|
-
<div class="line"><a name="l00442"></a><span class="lineno"> 442</span> 
|
|
514
|
-
<div class="line"><a name="l00443"></a><span class="lineno"> 443</span> 
|
|
515
|
-
<div class="line"><a name="l00444"></a><span class="lineno"> 444</span> 
|
|
516
|
-
<div class="line"><a name="l00445"></a><span class="lineno"> 445</span>  <
|
|
517
|
-
<div class="line"><a name="l00446"></a><span class="lineno"> 446</span> 
|
|
518
|
-
<div class="line"><a name="l00447"></a><span class="lineno"> 447</span>  <
|
|
519
|
-
<div class="line"><a name="l00448"></a><span class="lineno"> 448</span> 
|
|
520
|
-
<div class="line"><a name="l00449"></a><span class="lineno"> 449</span> 
|
|
521
|
-
<div class="line"><a name="l00450"></a><span class="lineno"> 450</span> 
|
|
522
|
-
<div class="line"><a name="l00451"></a><span class="lineno"> 451</span> 
|
|
523
|
-
<div class="line"><a name="l00452"></a><span class="lineno"> 452</span> 
|
|
524
|
-
<div class="line"><a name="l00453"></a><span class="lineno"> 453</span> 
|
|
525
|
-
<div class="line"><a name="l00454"></a><span class="lineno"> 454</span> 
|
|
526
|
-
<div class="line"><a name="l00455"></a><span class="lineno"> 455</span> 
|
|
527
|
-
<div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  <
|
|
528
|
-
<div class="line"><a name="l00457"></a><span class="lineno"> 457</span> 
|
|
529
|
-
<div class="line"><a name="l00458"></a><span class="lineno"> 458</span> 
|
|
530
|
-
<div class="line"><a name="l00459"></a><span class="lineno"> 459</span> 
|
|
531
|
-
<div class="line"><a name="l00460"></a><span class="lineno"> 460</span> 
|
|
532
|
-
<div class="line"><a name="l00461"></a><span class="lineno"> 461</span> 
|
|
533
|
-
<div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  <span class="
|
|
534
|
-
<div class="line"><a name="l00463"></a><span class="lineno"> 463</span> 
|
|
535
|
-
<div class="line"><a name="l00464"></a><span class="lineno"> 464</span> 
|
|
536
|
-
<div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  <a class="code" href="
|
|
537
|
-
<div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <
|
|
481
|
+
<div class="line"><a name="l00410"></a><span class="lineno"> 410</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
482
|
+
<div class="line"><a name="l00411"></a><span class="lineno"> 411</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg0Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(0);</div>
|
|
483
|
+
<div class="line"><a name="l00412"></a><span class="lineno"> 412</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a>* arg2Val = cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(2);</div>
|
|
484
|
+
<div class="line"><a name="l00413"></a><span class="lineno"> 413</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> arg2Num = es[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(arg2Val)];</div>
|
|
485
|
+
<div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#af3c6f27181cc271332919732e490ad1d">getStrlen</a>(es, arg0Val);</div>
|
|
486
|
+
<div class="line"><a name="l00415"></a><span class="lineno"> 415</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> totalLen = strLen0 + arg2Num;</div>
|
|
487
|
+
<div class="line"><a name="l00416"></a><span class="lineno"> 416</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
|
|
488
|
+
<div class="line"><a name="l00417"></a><span class="lineno"> 417</span>  }</div>
|
|
489
|
+
<div class="line"><a name="l00418"></a><span class="lineno"> 418</span>  <span class="keywordflow">else</span></div>
|
|
490
|
+
<div class="line"><a name="l00419"></a><span class="lineno"> 419</span>  {</div>
|
|
491
|
+
<div class="line"><a name="l00420"></a><span class="lineno"> 420</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"unknown strcat function, please add it to strcatGroup or strncatGroup"</span>);</div>
|
|
492
|
+
<div class="line"><a name="l00421"></a><span class="lineno"> 421</span>  abort();</div>
|
|
493
|
+
<div class="line"><a name="l00422"></a><span class="lineno"> 422</span>  }</div>
|
|
494
|
+
<div class="line"><a name="l00423"></a><span class="lineno"> 423</span> }</div>
|
|
495
|
+
<div class="line"><a name="l00424"></a><span class="lineno"> 424</span>  </div>
|
|
496
|
+
<div class="line"><a name="l00425"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde"> 425</a></span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">BufOverflowChecker::handleExtAPI</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</div>
|
|
497
|
+
<div class="line"><a name="l00426"></a><span class="lineno"> 426</span> {</div>
|
|
498
|
+
<div class="line"><a name="l00427"></a><span class="lineno"> 427</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(call);</div>
|
|
499
|
+
<div class="line"><a name="l00428"></a><span class="lineno"> 428</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">AbstractInterpretation::handleExtAPI</a>(call);</div>
|
|
500
|
+
<div class="line"><a name="l00429"></a><span class="lineno"> 429</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFFunction.html">SVFFunction</a> *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
501
|
+
<div class="line"><a name="l00430"></a><span class="lineno"> 430</span>  assert(fun && <span class="stringliteral">"SVFFunction* is nullptr"</span>);</div>
|
|
502
|
+
<div class="line"><a name="l00431"></a><span class="lineno"> 431</span>  <a class="code" href="classSVF_1_1CallSite.html">CallSite</a> cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call-><a class="code" href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">getCallSite</a>());</div>
|
|
503
|
+
<div class="line"><a name="l00432"></a><span class="lineno"> 432</span>  <span class="comment">// check the type of mem api,</span></div>
|
|
504
|
+
<div class="line"><a name="l00433"></a><span class="lineno"> 433</span>  <span class="comment">// MEMCPY: like memcpy, memcpy_chk, llvm.memcpy etc.</span></div>
|
|
505
|
+
<div class="line"><a name="l00434"></a><span class="lineno"> 434</span>  <span class="comment">// MEMSET: like memset, memset_chk, llvm.memset etc.</span></div>
|
|
506
|
+
<div class="line"><a name="l00435"></a><span class="lineno"> 435</span>  <span class="comment">// STRCPY: like strcpy, strcpy_chk, wcscpy etc.</span></div>
|
|
507
|
+
<div class="line"><a name="l00436"></a><span class="lineno"> 436</span>  <span class="comment">// STRCAT: like strcat, strcat_chk, wcscat etc.</span></div>
|
|
508
|
+
<div class="line"><a name="l00437"></a><span class="lineno"> 437</span>  <span class="comment">// for other ext api like printf, scanf, etc., they have their own handlers</span></div>
|
|
509
|
+
<div class="line"><a name="l00438"></a><span class="lineno"> 438</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">ExtAPIType</a> extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543">UNCLASSIFIED</a>;</div>
|
|
510
|
+
<div class="line"><a name="l00439"></a><span class="lineno"> 439</span>  <span class="comment">// get type of mem api</span></div>
|
|
511
|
+
<div class="line"><a name="l00440"></a><span class="lineno"> 440</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> &annotation: fun-><a class="code" href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">getAnnotations</a>())</div>
|
|
512
|
+
<div class="line"><a name="l00441"></a><span class="lineno"> 441</span>  {</div>
|
|
513
|
+
<div class="line"><a name="l00442"></a><span class="lineno"> 442</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"MEMCPY"</span>) != std::string::npos)</div>
|
|
514
|
+
<div class="line"><a name="l00443"></a><span class="lineno"> 443</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>;</div>
|
|
515
|
+
<div class="line"><a name="l00444"></a><span class="lineno"> 444</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"MEMSET"</span>) != std::string::npos)</div>
|
|
516
|
+
<div class="line"><a name="l00445"></a><span class="lineno"> 445</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>;</div>
|
|
517
|
+
<div class="line"><a name="l00446"></a><span class="lineno"> 446</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"STRCPY"</span>) != std::string::npos)</div>
|
|
518
|
+
<div class="line"><a name="l00447"></a><span class="lineno"> 447</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>;</div>
|
|
519
|
+
<div class="line"><a name="l00448"></a><span class="lineno"> 448</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"STRCAT"</span>) != std::string::npos)</div>
|
|
520
|
+
<div class="line"><a name="l00449"></a><span class="lineno"> 449</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>;</div>
|
|
521
|
+
<div class="line"><a name="l00450"></a><span class="lineno"> 450</span>  }</div>
|
|
522
|
+
<div class="line"><a name="l00451"></a><span class="lineno"> 451</span>  <span class="comment">// 1. memcpy functions like memcpy_chk, strncpy, annotate("MEMCPY"), annotate("BUF_CHECK:Arg0, Arg2"), annotate("BUF_CHECK:Arg1, Arg2")</span></div>
|
|
523
|
+
<div class="line"><a name="l00452"></a><span class="lineno"> 452</span>  <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>)</div>
|
|
524
|
+
<div class="line"><a name="l00453"></a><span class="lineno"> 453</span>  {</div>
|
|
525
|
+
<div class="line"><a name="l00454"></a><span class="lineno"> 454</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
|
|
526
|
+
<div class="line"><a name="l00455"></a><span class="lineno"> 455</span>  {</div>
|
|
527
|
+
<div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
528
|
+
<div class="line"><a name="l00457"></a><span class="lineno"> 457</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
529
|
+
<div class="line"><a name="l00458"></a><span class="lineno"> 458</span>  <span class="keywordflow">return</span>;</div>
|
|
530
|
+
<div class="line"><a name="l00459"></a><span class="lineno"> 459</span>  }</div>
|
|
531
|
+
<div class="line"><a name="l00460"></a><span class="lineno"> 460</span>  <span class="comment">// call parseMemcpyBufferCheckArgs to parse the BUF_CHECK annotation</span></div>
|
|
532
|
+
<div class="line"><a name="l00461"></a><span class="lineno"> 461</span>  std::vector<std::pair<u32_t, u32_t>> args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
|
|
533
|
+
<div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  <span class="comment">// loop the args and check the offset</span></div>
|
|
534
|
+
<div class="line"><a name="l00463"></a><span class="lineno"> 463</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
|
|
535
|
+
<div class="line"><a name="l00464"></a><span class="lineno"> 464</span>  {</div>
|
|
536
|
+
<div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = es[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
537
|
+
<div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
|
|
538
538
|
<div class="line"><a name="l00467"></a><span class="lineno"> 467</span>  }</div>
|
|
539
|
-
<div class="line"><a name="l00468"></a><span class="lineno"> 468</span> 
|
|
540
|
-
<div class="line"><a name="l00469"></a><span class="lineno"> 469</span> 
|
|
541
|
-
<div class="line"><a name="l00470"></a><span class="lineno"> 470</span> 
|
|
542
|
-
<div class="line"><a name="l00471"></a><span class="lineno"> 471</span> 
|
|
543
|
-
<div class="line"><a name="l00472"></a><span class="lineno"> 472</span> 
|
|
544
|
-
<div class="line"><a name="l00473"></a><span class="lineno"> 473</span> 
|
|
545
|
-
<div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  <
|
|
546
|
-
<div class="line"><a name="l00475"></a><span class="lineno"> 475</span> 
|
|
547
|
-
<div class="line"><a name="l00476"></a><span class="lineno"> 476</span> 
|
|
548
|
-
<div class="line"><a name="l00477"></a><span class="lineno"> 477</span> 
|
|
549
|
-
<div class="line"><a name="l00478"></a><span class="lineno"> 478</span> 
|
|
550
|
-
<div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  <
|
|
551
|
-
<div class="line"><a name="l00480"></a><span class="lineno"> 480</span> 
|
|
552
|
-
<div class="line"><a name="l00481"></a><span class="lineno"> 481</span> 
|
|
553
|
-
<div class="line"><a name="l00482"></a><span class="lineno"> 482</span> 
|
|
554
|
-
<div class="line"><a name="l00483"></a><span class="lineno"> 483</span> 
|
|
555
|
-
<div class="line"><a name="l00484"></a><span class="lineno"> 484</span> 
|
|
556
|
-
<div class="line"><a name="l00485"></a><span class="lineno"> 485</span> 
|
|
557
|
-
<div class="line"><a name="l00486"></a><span class="lineno"> 486</span> 
|
|
558
|
-
<div class="line"><a name="l00487"></a><span class="lineno"> 487</span> 
|
|
559
|
-
<div class="line"><a name="l00488"></a><span class="lineno"> 488</span> 
|
|
560
|
-
<div class="line"><a name="l00489"></a><span class="lineno"> 489</span> 
|
|
561
|
-
<div class="line"><a name="l00490"></a><span class="lineno"> 490</span> 
|
|
562
|
-
<div class="line"><a name="l00491"></a><span class="lineno"> 491</span> 
|
|
563
|
-
<div class="line"><a name="l00492"></a><span class="lineno"
|
|
564
|
-
<div class="line"><a name="l00493"></a><span class="lineno"> 493</span> 
|
|
565
|
-
<div class="line"><a name="l00494"></a><span class="lineno"> 494</span>  <span class="
|
|
539
|
+
<div class="line"><a name="l00468"></a><span class="lineno"> 468</span>  }</div>
|
|
540
|
+
<div class="line"><a name="l00469"></a><span class="lineno"> 469</span>  <span class="comment">// 2. memset functions like memset, memset_chk, annotate("MEMSET"), annotate("BUF_CHECK:Arg0, Arg2")</span></div>
|
|
541
|
+
<div class="line"><a name="l00470"></a><span class="lineno"> 470</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>)</div>
|
|
542
|
+
<div class="line"><a name="l00471"></a><span class="lineno"> 471</span>  {</div>
|
|
543
|
+
<div class="line"><a name="l00472"></a><span class="lineno"> 472</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>()) == 0)</div>
|
|
544
|
+
<div class="line"><a name="l00473"></a><span class="lineno"> 473</span>  {</div>
|
|
545
|
+
<div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
546
|
+
<div class="line"><a name="l00475"></a><span class="lineno"> 475</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
547
|
+
<div class="line"><a name="l00476"></a><span class="lineno"> 476</span>  <span class="keywordflow">return</span>;</div>
|
|
548
|
+
<div class="line"><a name="l00477"></a><span class="lineno"> 477</span>  }</div>
|
|
549
|
+
<div class="line"><a name="l00478"></a><span class="lineno"> 478</span>  std::vector<std::pair<u32_t, u32_t>> args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun-><a class="code" href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">getName</a>());</div>
|
|
550
|
+
<div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  <span class="comment">// loop the args and check the offset</span></div>
|
|
551
|
+
<div class="line"><a name="l00480"></a><span class="lineno"> 480</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
|
|
552
|
+
<div class="line"><a name="l00481"></a><span class="lineno"> 481</span>  {</div>
|
|
553
|
+
<div class="line"><a name="l00482"></a><span class="lineno"> 482</span>  <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = es[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.second))] - <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(1);</div>
|
|
554
|
+
<div class="line"><a name="l00483"></a><span class="lineno"> 483</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.<a class="code" href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">getArgument</a>(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
|
|
555
|
+
<div class="line"><a name="l00484"></a><span class="lineno"> 484</span>  }</div>
|
|
556
|
+
<div class="line"><a name="l00485"></a><span class="lineno"> 485</span>  }</div>
|
|
557
|
+
<div class="line"><a name="l00486"></a><span class="lineno"> 486</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>)</div>
|
|
558
|
+
<div class="line"><a name="l00487"></a><span class="lineno"> 487</span>  {</div>
|
|
559
|
+
<div class="line"><a name="l00488"></a><span class="lineno"> 488</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">detectStrcpy</a>(call);</div>
|
|
560
|
+
<div class="line"><a name="l00489"></a><span class="lineno"> 489</span>  }</div>
|
|
561
|
+
<div class="line"><a name="l00490"></a><span class="lineno"> 490</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>)</div>
|
|
562
|
+
<div class="line"><a name="l00491"></a><span class="lineno"> 491</span>  {</div>
|
|
563
|
+
<div class="line"><a name="l00492"></a><span class="lineno"> 492</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">detectStrcat</a>(call);</div>
|
|
564
|
+
<div class="line"><a name="l00493"></a><span class="lineno"> 493</span>  }</div>
|
|
565
|
+
<div class="line"><a name="l00494"></a><span class="lineno"> 494</span>  <span class="keywordflow">else</span></div>
|
|
566
|
+
<div class="line"><a name="l00495"></a><span class="lineno"> 495</span>  {</div>
|
|
567
|
+
<div class="line"><a name="l00496"></a><span class="lineno"> 496</span>  </div>
|
|
568
|
+
<div class="line"><a name="l00497"></a><span class="lineno"> 497</span>  }</div>
|
|
569
|
+
<div class="line"><a name="l00498"></a><span class="lineno"> 498</span>  <span class="keywordflow">return</span>;</div>
|
|
570
|
+
<div class="line"><a name="l00499"></a><span class="lineno"> 499</span> }</div>
|
|
566
571
|
<div class="line"><a name="l00500"></a><span class="lineno"> 500</span>  </div>
|
|
567
|
-
<div class="line"><a name="
|
|
568
|
-
<div class="line"><a name="
|
|
569
|
-
<div class="line"><a name="
|
|
570
|
-
<div class="line"><a name="
|
|
571
|
-
<div class="line"><a name="
|
|
572
|
-
<div class="line"><a name="
|
|
573
|
-
<div class="line"><a name="
|
|
574
|
-
<div class="line"><a name="
|
|
575
|
-
<div class="line"><a name="
|
|
576
|
-
<div class="line"><a name="
|
|
577
|
-
<div class="line"><a name="
|
|
578
|
-
<div class="line"><a name="
|
|
579
|
-
<div class="line"><a name="
|
|
580
|
-
<div class="line"><a name="
|
|
581
|
-
<div class="line"><a name="
|
|
582
|
-
<div class="line"><a name="
|
|
583
|
-
<div class="line"><a name="
|
|
584
|
-
<div class="line"><a name="
|
|
585
|
-
<div class="line"><a name="
|
|
586
|
-
<div class="line"><a name="
|
|
587
|
-
<div class="line"><a name="
|
|
588
|
-
<div class="line"><a name="
|
|
589
|
-
<div class="line"><a name="
|
|
590
|
-
<div class="line"><a name="
|
|
591
|
-
<div class="line"><a name="
|
|
592
|
-
<div class="line"><a name="
|
|
593
|
-
<div class="line"><a name="
|
|
594
|
-
<div class="line"><a name="
|
|
595
|
-
<div class="line"><a name="
|
|
596
|
-
<div class="line"><a name="
|
|
597
|
-
<div class="line"><a name="
|
|
598
|
-
<div class="line"><a name="
|
|
599
|
-
<div class="line"><a name="
|
|
600
|
-
<div class="line"><a name="
|
|
601
|
-
<div class="line"><a name="
|
|
602
|
-
<div class="line"><a name="
|
|
603
|
-
<div class="line"><a name="
|
|
604
|
-
<div class="line"><a name="
|
|
605
|
-
<div class="line"><a name="
|
|
606
|
-
<div class="line"><a name="
|
|
607
|
-
<div class="line"><a name="
|
|
608
|
-
<div class="line"><a name="
|
|
609
|
-
<div class="line"><a name="
|
|
610
|
-
<div class="line"><a name="
|
|
611
|
-
<div class="line"><a name="
|
|
612
|
-
<div class="line"><a name="
|
|
613
|
-
<div class="line"><a name="
|
|
614
|
-
<div class="line"><a name="
|
|
615
|
-
<div class="line"><a name="
|
|
616
|
-
<div class="line"><a name="
|
|
617
|
-
<div class="line"><a name="
|
|
618
|
-
<div class="line"><a name="
|
|
619
|
-
<div class="line"><a name="
|
|
620
|
-
<div class="line"><a name="
|
|
621
|
-
<div class="line"><a name="
|
|
622
|
-
<div class="line"><a name="
|
|
623
|
-
<div class="line"><a name="
|
|
624
|
-
<div class="line"><a name="
|
|
625
|
-
<div class="line"><a name="
|
|
626
|
-
<div class="line"><a name="
|
|
627
|
-
<div class="line"><a name="
|
|
628
|
-
<div class="line"><a name="
|
|
629
|
-
<div class="line"><a name="
|
|
630
|
-
<div class="line"><a name="
|
|
631
|
-
<div class="line"><a name="
|
|
632
|
-
<div class="line"><a name="
|
|
633
|
-
<div class="line"><a name="
|
|
634
|
-
<div class="line"><a name="
|
|
635
|
-
<div class="line"><a name="
|
|
636
|
-
<div class="line"><a name="
|
|
637
|
-
<div class="line"><a name="
|
|
638
|
-
<div class="line"><a name="
|
|
639
|
-
<div class="line"><a name="
|
|
640
|
-
<div class="line"><a name="
|
|
641
|
-
<div class="line"><a name="
|
|
642
|
-
<div class="line"><a name="
|
|
643
|
-
<div class="line"><a name="
|
|
644
|
-
<div class="line"><a name="
|
|
645
|
-
<div class="line"><a name="
|
|
646
|
-
<div class="line"><a name="
|
|
647
|
-
<div class="line"><a name="
|
|
648
|
-
<div class="line"><a name="
|
|
649
|
-
<div class="line"><a name="
|
|
650
|
-
<div class="line"><a name="
|
|
651
|
-
<div class="line"><a name="
|
|
652
|
-
<div class="line"><a name="
|
|
653
|
-
<div class="line"><a name="
|
|
654
|
-
<div class="line"><a name="
|
|
655
|
-
<div class="line"><a name="
|
|
656
|
-
<div class="line"><a name="
|
|
657
|
-
<div class="line"><a name="
|
|
658
|
-
<div class="line"><a name="
|
|
659
|
-
<div class="line"><a name="
|
|
660
|
-
<div class="line"><a name="
|
|
661
|
-
<div class="line"><a name="
|
|
662
|
-
<div class="line"><a name="
|
|
663
|
-
<div class="line"><a name="
|
|
664
|
-
<div class="line"><a name="
|
|
665
|
-
<div class="line"><a name="
|
|
666
|
-
<div class="line"><a name="
|
|
667
|
-
<div class="line"><a name="
|
|
668
|
-
<div class="line"><a name="
|
|
669
|
-
<div class="line"><a name="
|
|
670
|
-
<div class="line"><a name="
|
|
671
|
-
<div class="line"><a name="
|
|
672
|
-
<div class="line"><a name="
|
|
673
|
-
<div class="line"><a name="
|
|
674
|
-
<div class="line"><a name="
|
|
675
|
-
<div class="line"><a name="
|
|
676
|
-
<div class="line"><a name="
|
|
677
|
-
<div class="line"><a name="
|
|
678
|
-
<div class="line"><a name="
|
|
679
|
-
<div class="line"><a name="
|
|
680
|
-
<div class="line"><a name="
|
|
681
|
-
<div class="line"><a name="
|
|
682
|
-
<div class="line"><a name="
|
|
683
|
-
<div class="line"><a name="
|
|
684
|
-
<div class="line"><a name="
|
|
685
|
-
<div class="line"><a name="
|
|
686
|
-
<div class="line"><a name="
|
|
687
|
-
<div class="line"><a name="
|
|
688
|
-
<div class="line"><a name="
|
|
689
|
-
<div class="line"><a name="
|
|
690
|
-
<div class="line"><a name="
|
|
691
|
-
<div class="line"><a name="
|
|
692
|
-
<div class="line"><a name="
|
|
693
|
-
<div class="line"><a name="
|
|
694
|
-
<div class="line"><a name="
|
|
695
|
-
<div class="line"><a name="
|
|
696
|
-
<div class="line"><a name="
|
|
697
|
-
<div class="line"><a name="
|
|
698
|
-
<div class="line"><a name="
|
|
699
|
-
<div class="line"><a name="
|
|
700
|
-
<div class="line"><a name="
|
|
701
|
-
<div class="line"><a name="
|
|
702
|
-
<div class="line"><a name="
|
|
703
|
-
<div class="line"><a name="
|
|
704
|
-
<div class="line"><a name="
|
|
705
|
-
<div class="line"><a name="
|
|
706
|
-
<div class="line"><a name="
|
|
707
|
-
<div class="line"><a name="
|
|
708
|
-
<div class="line"><a name="
|
|
709
|
-
<div class="line"><a name="
|
|
710
|
-
<div class="line"><a name="
|
|
711
|
-
<div class="line"><a name="
|
|
712
|
-
<div class="line"><a name="
|
|
713
|
-
<div class="line"><a name="
|
|
714
|
-
<div class="line"><a name="
|
|
715
|
-
<div class="line"><a name="
|
|
716
|
-
<div class="line"><a name="
|
|
717
|
-
<div class="line"><a name="
|
|
718
|
-
<div class="line"><a name="
|
|
719
|
-
<div class="line"><a name="
|
|
720
|
-
<div class="line"><a name="
|
|
721
|
-
<div class="line"><a name="
|
|
722
|
-
<div class="line"><a name="
|
|
723
|
-
<div class="line"><a name="
|
|
724
|
-
<div class="line"><a name="
|
|
725
|
-
<div class="line"><a name="
|
|
726
|
-
<div class="line"><a name="
|
|
727
|
-
<div class="line"><a name="
|
|
728
|
-
<div class="line"><a name="
|
|
729
|
-
<div class="line"><a name="
|
|
730
|
-
<div class="line"><a name="
|
|
731
|
-
<div class="line"><a name="
|
|
732
|
-
<div class="line"><a name="
|
|
733
|
-
<div class="line"><a name="
|
|
734
|
-
<div class="line"><a name="
|
|
735
|
-
<div class="line"><a name="
|
|
736
|
-
<div class="line"><a name="
|
|
737
|
-
<div class="line"><a name="
|
|
738
|
-
<div class="line"><a name="
|
|
739
|
-
<div class="line"><a name="
|
|
740
|
-
<div class="line"><a name="
|
|
741
|
-
<div class="line"><a name="
|
|
742
|
-
<div class="line"><a name="
|
|
743
|
-
<div class="line"><a name="
|
|
744
|
-
<div class="line"><a name="
|
|
745
|
-
<div class="line"><a name="
|
|
746
|
-
<div class="line"><a name="
|
|
747
|
-
<div class="line"><a name="
|
|
748
|
-
<div class="line"><a name="
|
|
749
|
-
<div class="line"><a name="
|
|
750
|
-
<div class="line"><a name="
|
|
751
|
-
<div class="line"><a name="
|
|
752
|
-
<div class="line"><a name="
|
|
753
|
-
<div class="line"><a name="
|
|
754
|
-
<div class="line"><a name="
|
|
755
|
-
<div class="line"><a name="
|
|
756
|
-
<div class="line"><a name="
|
|
757
|
-
<div class="line"><a name="
|
|
758
|
-
<div class="line"><a name="
|
|
759
|
-
<div class="line"><a name="
|
|
760
|
-
<div class="line"><a name="
|
|
761
|
-
<div class="line"><a name="
|
|
762
|
-
<div class="line"><a name="
|
|
763
|
-
<div class="line"><a name="
|
|
764
|
-
<div class="line"><a name="
|
|
765
|
-
<div class="line"><a name="
|
|
766
|
-
<div class="line"><a name="
|
|
767
|
-
<div class="line"><a name="
|
|
768
|
-
<div class="line"><a name="
|
|
769
|
-
<div class="line"><a name="
|
|
770
|
-
<div class="line"><a name="
|
|
771
|
-
<div class="line"><a name="
|
|
772
|
-
<div class="line"><a name="
|
|
773
|
-
<div class="line"><a name="
|
|
774
|
-
<div class="line"><a name="
|
|
775
|
-
<div class="line"><a name="
|
|
776
|
-
<div class="line"><a name="
|
|
777
|
-
<div class="line"><a name="
|
|
778
|
-
<div class="line"><a name="
|
|
779
|
-
<div class="line"><a name="
|
|
780
|
-
<div class="line"><a name="
|
|
781
|
-
<div class="line"><a name="
|
|
782
|
-
<div class="line"><a name="
|
|
783
|
-
<div class="line"><a name="
|
|
784
|
-
<div class="line"><a name="
|
|
785
|
-
<div class="line"><a name="
|
|
786
|
-
<div class="line"><a name="
|
|
787
|
-
<div class="line"><a name="
|
|
788
|
-
<div class="line"><a name="
|
|
789
|
-
<div class="line"><a name="
|
|
790
|
-
<div class="line"><a name="
|
|
791
|
-
<div class="line"><a name="
|
|
792
|
-
<div class="line"><a name="
|
|
793
|
-
<div class="line"><a name="
|
|
794
|
-
<div class="line"><a name="
|
|
795
|
-
<div class="line"><a name="
|
|
796
|
-
<div class="line"><a name="
|
|
797
|
-
<div class="line"><a name="
|
|
798
|
-
<div class="line"><a name="
|
|
799
|
-
<div class="line"><a name="
|
|
800
|
-
<div class="line"><a name="
|
|
801
|
-
<div class="line"><a name="
|
|
802
|
-
<div class="line"><a name="
|
|
803
|
-
<div class="line"><a name="
|
|
804
|
-
<div class="line"><a name="
|
|
805
|
-
<div class="line"><a name="
|
|
806
|
-
<div class="line"><a name="
|
|
807
|
-
<div class="line"><a name="
|
|
808
|
-
<div class="line"><a name="
|
|
809
|
-
<div class="line"><a name="
|
|
810
|
-
<div class="line"><a name="
|
|
811
|
-
<div class="line"><a name="
|
|
812
|
-
<div class="line"><a name="
|
|
813
|
-
<div class="line"><a name="
|
|
814
|
-
<div class="line"><a name="
|
|
815
|
-
<div class="line"><a name="
|
|
816
|
-
<div class="line"><a name="
|
|
817
|
-
<div class="line"><a name="
|
|
818
|
-
<div class="line"><a name="
|
|
819
|
-
<div class="line"><a name="
|
|
820
|
-
<div class="line"><a name="
|
|
821
|
-
<div class="line"><a name="
|
|
822
|
-
<div class="line"><a name="
|
|
823
|
-
<div class="line"><a name="
|
|
824
|
-
<div class="line"><a name="
|
|
825
|
-
<div class="line"><a name="
|
|
826
|
-
<div class="line"><a name="
|
|
827
|
-
<div class="line"><a name="
|
|
828
|
-
<div class="line"><a name="
|
|
829
|
-
<div class="line"><a name="
|
|
830
|
-
<div class="line"><a name="
|
|
831
|
-
<div class="line"><a name="
|
|
832
|
-
<div class="line"><a name="
|
|
833
|
-
<div class="line"><a name="
|
|
834
|
-
<div class="line"><a name="
|
|
835
|
-
<div class="line"><a name="
|
|
836
|
-
<div class="line"><a name="
|
|
837
|
-
<div class="line"><a name="
|
|
838
|
-
<div class="line"><a name="
|
|
839
|
-
<div class="line"><a name="
|
|
840
|
-
<div class="line"><a name="
|
|
841
|
-
<div class="line"><a name="
|
|
842
|
-
<div class="line"><a name="
|
|
843
|
-
<div class="line"><a name="
|
|
844
|
-
<div class="line"><a name="
|
|
845
|
-
<div class="line"><a name="
|
|
846
|
-
<div class="line"><a name="
|
|
847
|
-
<div class="line"><a name="
|
|
848
|
-
<div class="line"><a name="
|
|
849
|
-
<div class="line"><a name="
|
|
850
|
-
<div class="line"><a name="
|
|
851
|
-
<div class="line"><a name="
|
|
852
|
-
<div class="line"><a name="
|
|
853
|
-
<div class="line"><a name="
|
|
854
|
-
<div class="line"><a name="
|
|
855
|
-
<div class="line"><a name="
|
|
856
|
-
<div class="line"><a name="
|
|
857
|
-
<div class="line"><a name="
|
|
858
|
-
<div class="line"><a name="
|
|
859
|
-
<div class="line"><a name="
|
|
860
|
-
<div class="line"><a name="
|
|
861
|
-
<div class="line"><a name="
|
|
862
|
-
<div class="line"><a name="
|
|
863
|
-
<div class="line"><a name="
|
|
864
|
-
<div class="line"><a name="
|
|
865
|
-
<div class="line"><a name="
|
|
866
|
-
<div class="line"><a name="
|
|
867
|
-
<div class="line"><a name="
|
|
868
|
-
<div class="line"><a name="l00804"></a><span class="lineno"> 804</span> {</div>
|
|
869
|
-
<div class="line"><a name="l00805"></a><span class="lineno"> 805</span>  <span class="keyword">const</span> SVFInstruction* inst = <span class="keyword">nullptr</span>;</div>
|
|
870
|
-
<div class="line"><a name="l00806"></a><span class="lineno"> 806</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(node))</div>
|
|
871
|
-
<div class="line"><a name="l00807"></a><span class="lineno"> 807</span>  {</div>
|
|
872
|
-
<div class="line"><a name="l00808"></a><span class="lineno"> 808</span>  inst = call->getCallSite();</div>
|
|
572
|
+
<div class="line"><a name="l00501"></a><span class="lineno"><a class="line" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf"> 501</a></span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">BufOverflowChecker::canSafelyAccessMemory</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *value, <span class="keyword">const</span> <a class="code" href="structSVF_1_1AbstractValue.html">AbstractValue</a> &len, <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *curNode)</div>
|
|
573
|
+
<div class="line"><a name="l00502"></a><span class="lineno"> 502</span> {</div>
|
|
574
|
+
<div class="line"><a name="l00503"></a><span class="lineno"> 503</span>  <a class="code" href="classSVF_1_1AbstractState.html">AbstractState</a>& es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(curNode);</div>
|
|
575
|
+
<div class="line"><a name="l00504"></a><span class="lineno"> 504</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *firstValue = value;</div>
|
|
576
|
+
<div class="line"><a name="l00510"></a><span class="lineno"> 510</span>  </div>
|
|
577
|
+
<div class="line"><a name="l00513"></a><span class="lineno"> 513</span>  <a class="code" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList<const SVFValue *></a> worklist;</div>
|
|
578
|
+
<div class="line"><a name="l00514"></a><span class="lineno"> 514</span>  <a class="code" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set<const SVFValue *></a> visited;</div>
|
|
579
|
+
<div class="line"><a name="l00515"></a><span class="lineno"> 515</span>  visited.insert(value);</div>
|
|
580
|
+
<div class="line"><a name="l00516"></a><span class="lineno"> 516</span>  <a class="code" href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">Map<const ICFGNode *, IntervalValue></a> gep_offsets;</div>
|
|
581
|
+
<div class="line"><a name="l00517"></a><span class="lineno"> 517</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> total_bytes = len.<a class="code" href="structSVF_1_1AbstractValue.html#acbcec6f55d23e6cd278fe8572a68f393">getInterval</a>();</div>
|
|
582
|
+
<div class="line"><a name="l00518"></a><span class="lineno"> 518</span>  worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(value);</div>
|
|
583
|
+
<div class="line"><a name="l00519"></a><span class="lineno"> 519</span>  std::vector<const CallICFGNode *> callstack = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">_callSiteStack</a>;</div>
|
|
584
|
+
<div class="line"><a name="l00520"></a><span class="lineno"> 520</span>  <span class="keywordflow">while</span> (!worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">empty</a>())</div>
|
|
585
|
+
<div class="line"><a name="l00521"></a><span class="lineno"> 521</span>  {</div>
|
|
586
|
+
<div class="line"><a name="l00522"></a><span class="lineno"> 522</span>  value = worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">pop</a>();</div>
|
|
587
|
+
<div class="line"><a name="l00523"></a><span class="lineno"> 523</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFInstruction.html">SVFInstruction</a> *ins = SVFUtil::dyn_cast<SVFInstruction>(value))</div>
|
|
588
|
+
<div class="line"><a name="l00524"></a><span class="lineno"> 524</span>  {</div>
|
|
589
|
+
<div class="line"><a name="l00525"></a><span class="lineno"> 525</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *node = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(ins);</div>
|
|
590
|
+
<div class="line"><a name="l00526"></a><span class="lineno"> 526</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *callnode = SVFUtil::dyn_cast<CallICFGNode>(node))</div>
|
|
591
|
+
<div class="line"><a name="l00527"></a><span class="lineno"> 527</span>  {</div>
|
|
592
|
+
<div class="line"><a name="l00528"></a><span class="lineno"> 528</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">AccessMemoryViaRetNode</a>(callnode, worklist, visited);</div>
|
|
593
|
+
<div class="line"><a name="l00529"></a><span class="lineno"> 529</span>  }</div>
|
|
594
|
+
<div class="line"><a name="l00530"></a><span class="lineno"> 530</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFStmt.html">SVFStmt</a> *stmt: node-><a class="code" href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">getSVFStmts</a>())</div>
|
|
595
|
+
<div class="line"><a name="l00531"></a><span class="lineno"> 531</span>  {</div>
|
|
596
|
+
<div class="line"><a name="l00532"></a><span class="lineno"> 532</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1CopyStmt.html">CopyStmt</a> *<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a> = SVFUtil::dyn_cast<CopyStmt>(stmt))</div>
|
|
597
|
+
<div class="line"><a name="l00533"></a><span class="lineno"> 533</span>  {</div>
|
|
598
|
+
<div class="line"><a name="l00534"></a><span class="lineno"> 534</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">AccessMemoryViaCopyStmt</a>(<a class="code" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a>, worklist, visited);</div>
|
|
599
|
+
<div class="line"><a name="l00535"></a><span class="lineno"> 535</span>  }</div>
|
|
600
|
+
<div class="line"><a name="l00536"></a><span class="lineno"> 536</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1LoadStmt.html">LoadStmt</a> *load = SVFUtil::dyn_cast<LoadStmt>(stmt))</div>
|
|
601
|
+
<div class="line"><a name="l00537"></a><span class="lineno"> 537</span>  {</div>
|
|
602
|
+
<div class="line"><a name="l00538"></a><span class="lineno"> 538</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a37e8e190a8a29d550752d012b9f6e890">AccessMemoryViaLoadStmt</a>(es, load, worklist, visited);</div>
|
|
603
|
+
<div class="line"><a name="l00539"></a><span class="lineno"> 539</span>  }</div>
|
|
604
|
+
<div class="line"><a name="l00540"></a><span class="lineno"> 540</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1GepStmt.html">GepStmt</a> *gep = SVFUtil::dyn_cast<GepStmt>(stmt))</div>
|
|
605
|
+
<div class="line"><a name="l00541"></a><span class="lineno"> 541</span>  {</div>
|
|
606
|
+
<div class="line"><a name="l00542"></a><span class="lineno"> 542</span>  <span class="comment">// there are 3 type of gepStmt</span></div>
|
|
607
|
+
<div class="line"><a name="l00543"></a><span class="lineno"> 543</span>  <span class="comment">// 1. ptr get offset</span></div>
|
|
608
|
+
<div class="line"><a name="l00544"></a><span class="lineno"> 544</span>  <span class="comment">// 2. struct get field</span></div>
|
|
609
|
+
<div class="line"><a name="l00545"></a><span class="lineno"> 545</span>  <span class="comment">// 3. array get element</span></div>
|
|
610
|
+
<div class="line"><a name="l00546"></a><span class="lineno"> 546</span>  <span class="comment">// for array gep, there are two kind of overflow checking</span></div>
|
|
611
|
+
<div class="line"><a name="l00547"></a><span class="lineno"> 547</span>  <span class="comment">// Arr [Struct.C * 10] arr, Struct.C {i32 a, i32 b}</span></div>
|
|
612
|
+
<div class="line"><a name="l00548"></a><span class="lineno"> 548</span>  <span class="comment">// arr[11].a = **, it is "lhs = gep *arr, 0 (ptr), 11 (arrIdx), 0 (ptr), 0(struct field)"</span></div>
|
|
613
|
+
<div class="line"><a name="l00549"></a><span class="lineno"> 549</span>  <span class="comment">// 1) in this case arrIdx 11 is overflow.</span></div>
|
|
614
|
+
<div class="line"><a name="l00550"></a><span class="lineno"> 550</span>  <span class="comment">// Other case,</span></div>
|
|
615
|
+
<div class="line"><a name="l00551"></a><span class="lineno"> 551</span>  <span class="comment">// Struct.C {i32 a, [i32*10] b, i32 c}, C.b[11] = 1</span></div>
|
|
616
|
+
<div class="line"><a name="l00552"></a><span class="lineno"> 552</span>  <span class="comment">// it is "lhs - gep *C, 0(ptr), 1(struct field), 0(ptr), 11(arrIdx)"</span></div>
|
|
617
|
+
<div class="line"><a name="l00553"></a><span class="lineno"> 553</span>  <span class="comment">// 2) in this case arrIdx 11 is larger than its getOffsetVar.Type Array([i32*10])</span></div>
|
|
618
|
+
<div class="line"><a name="l00554"></a><span class="lineno"> 554</span>  </div>
|
|
619
|
+
<div class="line"><a name="l00555"></a><span class="lineno"> 555</span>  <span class="comment">// therefore, if last getOffsetVar.Type is not the Array, just check the overall offset and its</span></div>
|
|
620
|
+
<div class="line"><a name="l00556"></a><span class="lineno"> 556</span>  <span class="comment">// gep source type size (together with totalOffset along the value flow).</span></div>
|
|
621
|
+
<div class="line"><a name="l00557"></a><span class="lineno"> 557</span>  <span class="comment">// so if curgepOffset + totalOffset >= gepSrc (overflow)</span></div>
|
|
622
|
+
<div class="line"><a name="l00558"></a><span class="lineno"> 558</span>  <span class="comment">// else totalOffset += curgepOffset</span></div>
|
|
623
|
+
<div class="line"><a name="l00559"></a><span class="lineno"> 559</span>  </div>
|
|
624
|
+
<div class="line"><a name="l00560"></a><span class="lineno"> 560</span>  <span class="comment">// otherwise, if last getOffsetVar.Type is the Array, check the last idx and array. (just offset,</span></div>
|
|
625
|
+
<div class="line"><a name="l00561"></a><span class="lineno"> 561</span>  <span class="comment">// not with totalOffset during check)</span></div>
|
|
626
|
+
<div class="line"><a name="l00562"></a><span class="lineno"> 562</span>  <span class="comment">// so if getOffsetVarVal > getOffsetVar.TypeSize (overflow)</span></div>
|
|
627
|
+
<div class="line"><a name="l00563"></a><span class="lineno"> 563</span>  <span class="comment">// else safe and return.</span></div>
|
|
628
|
+
<div class="line"><a name="l00564"></a><span class="lineno"> 564</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> byteOffset;</div>
|
|
629
|
+
<div class="line"><a name="l00565"></a><span class="lineno"> 565</span>  <span class="keywordflow">if</span> (gep->isConstantOffset())</div>
|
|
630
|
+
<div class="line"><a name="l00566"></a><span class="lineno"> 566</span>  {</div>
|
|
631
|
+
<div class="line"><a name="l00567"></a><span class="lineno"> 567</span>  byteOffset = <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(gep->accumulateConstantByteOffset());</div>
|
|
632
|
+
<div class="line"><a name="l00568"></a><span class="lineno"> 568</span>  }</div>
|
|
633
|
+
<div class="line"><a name="l00569"></a><span class="lineno"> 569</span>  <span class="keywordflow">else</span></div>
|
|
634
|
+
<div class="line"><a name="l00570"></a><span class="lineno"> 570</span>  {</div>
|
|
635
|
+
<div class="line"><a name="l00571"></a><span class="lineno"> 571</span>  byteOffset =</div>
|
|
636
|
+
<div class="line"><a name="l00572"></a><span class="lineno"> 572</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#aec9a351850857fa3c6fb23c58317cb0d">getByteOffset</a>(es, gep).<a class="code" href="structSVF_1_1AbstractValue.html#acbcec6f55d23e6cd278fe8572a68f393">getInterval</a>();</div>
|
|
637
|
+
<div class="line"><a name="l00573"></a><span class="lineno"> 573</span>  }</div>
|
|
638
|
+
<div class="line"><a name="l00574"></a><span class="lineno"> 574</span>  <span class="comment">// for variable offset, join with accumulate gep offset</span></div>
|
|
639
|
+
<div class="line"><a name="l00575"></a><span class="lineno"> 575</span>  gep_offsets[gep->getICFGNode()] = byteOffset;</div>
|
|
640
|
+
<div class="line"><a name="l00576"></a><span class="lineno"> 576</span>  <span class="keywordflow">if</span> (byteOffset.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() && <a class="code" href="classSVF_1_1Options.html#a6450b984f67d3cfa3f44892e8eea555e">Options::GepUnknownIdx</a>())</div>
|
|
641
|
+
<div class="line"><a name="l00577"></a><span class="lineno"> 577</span>  {</div>
|
|
642
|
+
<div class="line"><a name="l00578"></a><span class="lineno"> 578</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
643
|
+
<div class="line"><a name="l00579"></a><span class="lineno"> 579</span>  }</div>
|
|
644
|
+
<div class="line"><a name="l00580"></a><span class="lineno"> 580</span>  </div>
|
|
645
|
+
<div class="line"><a name="l00581"></a><span class="lineno"> 581</span>  <span class="keywordflow">if</span> (gep->getOffsetVarAndGepTypePairVec().size() > 0)</div>
|
|
646
|
+
<div class="line"><a name="l00582"></a><span class="lineno"> 582</span>  {</div>
|
|
647
|
+
<div class="line"><a name="l00583"></a><span class="lineno"> 583</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFVar.html">SVFVar</a> *gepVal = gep->getOffsetVarAndGepTypePairVec().back().first;</div>
|
|
648
|
+
<div class="line"><a name="l00584"></a><span class="lineno"> 584</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *gepType = gep->getOffsetVarAndGepTypePairVec().back().second;</div>
|
|
649
|
+
<div class="line"><a name="l00585"></a><span class="lineno"> 585</span>  </div>
|
|
650
|
+
<div class="line"><a name="l00586"></a><span class="lineno"> 586</span>  <span class="keywordflow">if</span> (gepType-><a class="code" href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">isArrayTy</a>())</div>
|
|
651
|
+
<div class="line"><a name="l00587"></a><span class="lineno"> 587</span>  {</div>
|
|
652
|
+
<div class="line"><a name="l00588"></a><span class="lineno"> 588</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *gepArrType = SVFUtil::dyn_cast<SVFArrayType>(gepType);</div>
|
|
653
|
+
<div class="line"><a name="l00589"></a><span class="lineno"> 589</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> gepArrTotalByte(0);</div>
|
|
654
|
+
<div class="line"><a name="l00590"></a><span class="lineno"> 590</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFValue.html">SVFValue</a> *idxValue = gepVal-><a class="code" href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">getValue</a>();</div>
|
|
655
|
+
<div class="line"><a name="l00591"></a><span class="lineno"> 591</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arrElemSize = gepArrType-><a class="code" href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">getTypeOfElement</a>()-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
656
|
+
<div class="line"><a name="l00592"></a><span class="lineno"> 592</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFConstantInt.html">SVFConstantInt</a> *op = SVFUtil::dyn_cast<SVFConstantInt>(idxValue))</div>
|
|
657
|
+
<div class="line"><a name="l00593"></a><span class="lineno"> 593</span>  {</div>
|
|
658
|
+
<div class="line"><a name="l00594"></a><span class="lineno"> 594</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (double) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize >= op->getSExtValue() ?</div>
|
|
659
|
+
<div class="line"><a name="l00595"></a><span class="lineno"> 595</span>  op->getSExtValue() * arrElemSize : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
|
|
660
|
+
<div class="line"><a name="l00596"></a><span class="lineno"> 596</span>  gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, lb);</div>
|
|
661
|
+
<div class="line"><a name="l00597"></a><span class="lineno"> 597</span>  }</div>
|
|
662
|
+
<div class="line"><a name="l00598"></a><span class="lineno"> 598</span>  <span class="keywordflow">else</span></div>
|
|
663
|
+
<div class="line"><a name="l00599"></a><span class="lineno"> 599</span>  {</div>
|
|
664
|
+
<div class="line"><a name="l00600"></a><span class="lineno"> 600</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> idx = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(idxValue);</div>
|
|
665
|
+
<div class="line"><a name="l00601"></a><span class="lineno"> 601</span>  <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a> idxVal = es[idx].getInterval();</div>
|
|
666
|
+
<div class="line"><a name="l00602"></a><span class="lineno"> 602</span>  <span class="keywordflow">if</span> (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a674f9bb98053f8658e246863d6561072">isBottom</a>())</div>
|
|
667
|
+
<div class="line"><a name="l00603"></a><span class="lineno"> 603</span>  {</div>
|
|
668
|
+
<div class="line"><a name="l00604"></a><span class="lineno"> 604</span>  gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(0, 0);</div>
|
|
669
|
+
<div class="line"><a name="l00605"></a><span class="lineno"> 605</span>  }</div>
|
|
670
|
+
<div class="line"><a name="l00606"></a><span class="lineno"> 606</span>  <span class="keywordflow">else</span></div>
|
|
671
|
+
<div class="line"><a name="l00607"></a><span class="lineno"> 607</span>  {</div>
|
|
672
|
+
<div class="line"><a name="l00608"></a><span class="lineno"> 608</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> ub = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0) ? 0 :</div>
|
|
673
|
+
<div class="line"><a name="l00609"></a><span class="lineno"> 609</span>  (<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize >=</div>
|
|
674
|
+
<div class="line"><a name="l00610"></a><span class="lineno"> 610</span>  idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() ?</div>
|
|
675
|
+
<div class="line"><a name="l00611"></a><span class="lineno"> 611</span>  arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
|
|
676
|
+
<div class="line"><a name="l00612"></a><span class="lineno"> 612</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> lb = (idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0) ? 0 :</div>
|
|
677
|
+
<div class="line"><a name="l00613"></a><span class="lineno"> 613</span>  ((<span class="keywordtype">double</span>) <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>() / arrElemSize >=</div>
|
|
678
|
+
<div class="line"><a name="l00614"></a><span class="lineno"> 614</span>  idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>()) ?</div>
|
|
679
|
+
<div class="line"><a name="l00615"></a><span class="lineno"> 615</span>  arrElemSize * idxVal.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() : <a class="code" href="classSVF_1_1Options.html#aaab923c093730b1670a54f09340b1bd5">Options::MaxFieldLimit</a>();</div>
|
|
680
|
+
<div class="line"><a name="l00616"></a><span class="lineno"> 616</span>  gepArrTotalByte = gepArrTotalByte + <a class="code" href="classSVF_1_1IntervalValue.html">IntervalValue</a>(lb, ub);</div>
|
|
681
|
+
<div class="line"><a name="l00617"></a><span class="lineno"> 617</span>  }</div>
|
|
682
|
+
<div class="line"><a name="l00618"></a><span class="lineno"> 618</span>  }</div>
|
|
683
|
+
<div class="line"><a name="l00619"></a><span class="lineno"> 619</span>  total_bytes = total_bytes + gepArrTotalByte;</div>
|
|
684
|
+
<div class="line"><a name="l00620"></a><span class="lineno"> 620</span>  <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>())</div>
|
|
685
|
+
<div class="line"><a name="l00621"></a><span class="lineno"> 621</span>  {</div>
|
|
686
|
+
<div class="line"><a name="l00622"></a><span class="lineno"> 622</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
|
|
687
|
+
<div class="line"><a name="l00623"></a><span class="lineno"> 623</span>  <span class="stringliteral">"Buffer overflow!! Accessing buffer range: "</span> +</div>
|
|
688
|
+
<div class="line"><a name="l00624"></a><span class="lineno"> 624</span>  <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
|
|
689
|
+
<div class="line"><a name="l00625"></a><span class="lineno"> 625</span>  <span class="stringliteral">"\nAllocated Gep buffer size: "</span> +</div>
|
|
690
|
+
<div class="line"><a name="l00626"></a><span class="lineno"> 626</span>  std::to_string(gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>()) + <span class="stringliteral">"\n"</span>;</div>
|
|
691
|
+
<div class="line"><a name="l00627"></a><span class="lineno"> 627</span>  msg += <span class="stringliteral">"Position: "</span> + firstValue-><a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">"\n"</span>;</div>
|
|
692
|
+
<div class="line"><a name="l00628"></a><span class="lineno"> 628</span>  msg += <span class="stringliteral">" The following is the value flow. [[\n"</span>;</div>
|
|
693
|
+
<div class="line"><a name="l00629"></a><span class="lineno"> 629</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
|
|
694
|
+
<div class="line"><a name="l00630"></a><span class="lineno"> 630</span>  {</div>
|
|
695
|
+
<div class="line"><a name="l00631"></a><span class="lineno"> 631</span>  msg += it->first->toString() + <span class="stringliteral">", Offset: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it->second) +</div>
|
|
696
|
+
<div class="line"><a name="l00632"></a><span class="lineno"> 632</span>  <span class="stringliteral">"\n"</span>;</div>
|
|
697
|
+
<div class="line"><a name="l00633"></a><span class="lineno"> 633</span>  }</div>
|
|
698
|
+
<div class="line"><a name="l00634"></a><span class="lineno"> 634</span>  msg += <span class="stringliteral">"]].\nAlloc Site: "</span> + gep->toString() + <span class="stringliteral">"\n"</span>;</div>
|
|
699
|
+
<div class="line"><a name="l00635"></a><span class="lineno"> 635</span>  </div>
|
|
700
|
+
<div class="line"><a name="l00636"></a><span class="lineno"> 636</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#a7655b13bbfe720ca2b8a25e0a72528e6">SVFUtil::errMsg</a>(msg), gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
|
|
701
|
+
<div class="line"><a name="l00637"></a><span class="lineno"> 637</span>  gepArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>(),</div>
|
|
702
|
+
<div class="line"><a name="l00638"></a><span class="lineno"> 638</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
|
|
703
|
+
<div class="line"><a name="l00639"></a><span class="lineno"> 639</span>  firstValue);</div>
|
|
704
|
+
<div class="line"><a name="l00640"></a><span class="lineno"> 640</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
|
|
705
|
+
<div class="line"><a name="l00641"></a><span class="lineno"> 641</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
|
|
706
|
+
<div class="line"><a name="l00642"></a><span class="lineno"> 642</span>  }</div>
|
|
707
|
+
<div class="line"><a name="l00643"></a><span class="lineno"> 643</span>  <span class="keywordflow">else</span></div>
|
|
708
|
+
<div class="line"><a name="l00644"></a><span class="lineno"> 644</span>  {</div>
|
|
709
|
+
<div class="line"><a name="l00645"></a><span class="lineno"> 645</span>  <span class="comment">// for gep last index's type is arr, stop here.</span></div>
|
|
710
|
+
<div class="line"><a name="l00646"></a><span class="lineno"> 646</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
711
|
+
<div class="line"><a name="l00647"></a><span class="lineno"> 647</span>  }</div>
|
|
712
|
+
<div class="line"><a name="l00648"></a><span class="lineno"> 648</span>  }</div>
|
|
713
|
+
<div class="line"><a name="l00649"></a><span class="lineno"> 649</span>  <span class="keywordflow">else</span></div>
|
|
714
|
+
<div class="line"><a name="l00650"></a><span class="lineno"> 650</span>  {</div>
|
|
715
|
+
<div class="line"><a name="l00651"></a><span class="lineno"> 651</span>  total_bytes = total_bytes + byteOffset;</div>
|
|
716
|
+
<div class="line"><a name="l00652"></a><span class="lineno"> 652</span>  }</div>
|
|
717
|
+
<div class="line"><a name="l00653"></a><span class="lineno"> 653</span>  </div>
|
|
718
|
+
<div class="line"><a name="l00654"></a><span class="lineno"> 654</span>  }</div>
|
|
719
|
+
<div class="line"><a name="l00655"></a><span class="lineno"> 655</span>  <span class="keywordflow">if</span> (!visited.count(gep->getRHSVar()->getValue()))</div>
|
|
720
|
+
<div class="line"><a name="l00656"></a><span class="lineno"> 656</span>  {</div>
|
|
721
|
+
<div class="line"><a name="l00657"></a><span class="lineno"> 657</span>  visited.insert(gep->getRHSVar()->getValue());</div>
|
|
722
|
+
<div class="line"><a name="l00658"></a><span class="lineno"> 658</span>  worklist.<a class="code" href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">push</a>(gep->getRHSVar()->getValue());</div>
|
|
723
|
+
<div class="line"><a name="l00659"></a><span class="lineno"> 659</span>  }</div>
|
|
724
|
+
<div class="line"><a name="l00660"></a><span class="lineno"> 660</span>  }</div>
|
|
725
|
+
<div class="line"><a name="l00661"></a><span class="lineno"> 661</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1AddrStmt.html">AddrStmt</a> *addr = SVFUtil::dyn_cast<AddrStmt>(stmt))</div>
|
|
726
|
+
<div class="line"><a name="l00662"></a><span class="lineno"> 662</span>  {</div>
|
|
727
|
+
<div class="line"><a name="l00663"></a><span class="lineno"> 663</span>  <span class="comment">// addrStmt is source node.</span></div>
|
|
728
|
+
<div class="line"><a name="l00664"></a><span class="lineno"> 664</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2ee740506a2ad50e1ee8dbb345fe0ff5">getAllocaInstByteSize</a>(es, addr);</div>
|
|
729
|
+
<div class="line"><a name="l00665"></a><span class="lineno"> 665</span>  <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= arr_type_size ||</div>
|
|
730
|
+
<div class="line"><a name="l00666"></a><span class="lineno"> 666</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0)</div>
|
|
731
|
+
<div class="line"><a name="l00667"></a><span class="lineno"> 667</span>  {</div>
|
|
732
|
+
<div class="line"><a name="l00668"></a><span class="lineno"> 668</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg =</div>
|
|
733
|
+
<div class="line"><a name="l00669"></a><span class="lineno"> 669</span>  <span class="stringliteral">"Buffer overflow!! Accessing buffer range: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
|
|
734
|
+
<div class="line"><a name="l00670"></a><span class="lineno"> 670</span>  <span class="stringliteral">"\nAllocated buffer size: "</span> + std::to_string(arr_type_size) + <span class="stringliteral">"\n"</span>;</div>
|
|
735
|
+
<div class="line"><a name="l00671"></a><span class="lineno"> 671</span>  msg += <span class="stringliteral">"Position: "</span> + firstValue-><a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">"\n"</span>;</div>
|
|
736
|
+
<div class="line"><a name="l00672"></a><span class="lineno"> 672</span>  msg += <span class="stringliteral">" The following is the value flow. [[\n"</span>;</div>
|
|
737
|
+
<div class="line"><a name="l00673"></a><span class="lineno"> 673</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
|
|
738
|
+
<div class="line"><a name="l00674"></a><span class="lineno"> 674</span>  {</div>
|
|
739
|
+
<div class="line"><a name="l00675"></a><span class="lineno"> 675</span>  msg += it->first->toString() + <span class="stringliteral">", Offset: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it->second) + <span class="stringliteral">"\n"</span>;</div>
|
|
740
|
+
<div class="line"><a name="l00676"></a><span class="lineno"> 676</span>  }</div>
|
|
741
|
+
<div class="line"><a name="l00677"></a><span class="lineno"> 677</span>  msg += <span class="stringliteral">"]].\n Alloc Site: "</span> + addr->toString() + <span class="stringliteral">"\n"</span>;</div>
|
|
742
|
+
<div class="line"><a name="l00678"></a><span class="lineno"> 678</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
|
|
743
|
+
<div class="line"><a name="l00679"></a><span class="lineno"> 679</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(),</div>
|
|
744
|
+
<div class="line"><a name="l00680"></a><span class="lineno"> 680</span>  firstValue);</div>
|
|
745
|
+
<div class="line"><a name="l00681"></a><span class="lineno"> 681</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
|
|
746
|
+
<div class="line"><a name="l00682"></a><span class="lineno"> 682</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
|
|
747
|
+
<div class="line"><a name="l00683"></a><span class="lineno"> 683</span>  }</div>
|
|
748
|
+
<div class="line"><a name="l00684"></a><span class="lineno"> 684</span>  <span class="keywordflow">else</span></div>
|
|
749
|
+
<div class="line"><a name="l00685"></a><span class="lineno"> 685</span>  {</div>
|
|
750
|
+
<div class="line"><a name="l00686"></a><span class="lineno"> 686</span>  </div>
|
|
751
|
+
<div class="line"><a name="l00687"></a><span class="lineno"> 687</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
752
|
+
<div class="line"><a name="l00688"></a><span class="lineno"> 688</span>  }</div>
|
|
753
|
+
<div class="line"><a name="l00689"></a><span class="lineno"> 689</span>  }</div>
|
|
754
|
+
<div class="line"><a name="l00690"></a><span class="lineno"> 690</span>  }</div>
|
|
755
|
+
<div class="line"><a name="l00691"></a><span class="lineno"> 691</span>  }</div>
|
|
756
|
+
<div class="line"><a name="l00692"></a><span class="lineno"> 692</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFGlobalValue.html">SVF::SVFGlobalValue</a> *gvalue = SVFUtil::dyn_cast<SVF::SVFGlobalValue>(value))</div>
|
|
757
|
+
<div class="line"><a name="l00693"></a><span class="lineno"> 693</span>  {</div>
|
|
758
|
+
<div class="line"><a name="l00694"></a><span class="lineno"> 694</span>  <a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> arr_type_size = 0;</div>
|
|
759
|
+
<div class="line"><a name="l00695"></a><span class="lineno"> 695</span>  <span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFType.html">SVFType</a> *svftype = gvalue->getType();</div>
|
|
760
|
+
<div class="line"><a name="l00696"></a><span class="lineno"> 696</span>  <span class="keywordflow">if</span> (SVFUtil::isa<SVFPointerType>(svftype))</div>
|
|
761
|
+
<div class="line"><a name="l00697"></a><span class="lineno"> 697</span>  {</div>
|
|
762
|
+
<div class="line"><a name="l00698"></a><span class="lineno"> 698</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArrayType.html">SVFArrayType</a> *ptrArrType = SVFUtil::dyn_cast<SVFArrayType>(</div>
|
|
763
|
+
<div class="line"><a name="l00699"></a><span class="lineno"> 699</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a319cdab5339e6fe56fec8ade68f9da92">getPointeeElement</a>(es, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(gvalue))))</div>
|
|
764
|
+
<div class="line"><a name="l00700"></a><span class="lineno"> 700</span>  arr_type_size = ptrArrType-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
765
|
+
<div class="line"><a name="l00701"></a><span class="lineno"> 701</span>  <span class="keywordflow">else</span></div>
|
|
766
|
+
<div class="line"><a name="l00702"></a><span class="lineno"> 702</span>  arr_type_size = svftype-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
767
|
+
<div class="line"><a name="l00703"></a><span class="lineno"> 703</span>  }</div>
|
|
768
|
+
<div class="line"><a name="l00704"></a><span class="lineno"> 704</span>  <span class="keywordflow">else</span></div>
|
|
769
|
+
<div class="line"><a name="l00705"></a><span class="lineno"> 705</span>  arr_type_size = svftype-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
770
|
+
<div class="line"><a name="l00706"></a><span class="lineno"> 706</span>  </div>
|
|
771
|
+
<div class="line"><a name="l00707"></a><span class="lineno"> 707</span>  <span class="keywordflow">if</span> (total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() >= arr_type_size || total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>() < 0)</div>
|
|
772
|
+
<div class="line"><a name="l00708"></a><span class="lineno"> 708</span>  {</div>
|
|
773
|
+
<div class="line"><a name="l00709"></a><span class="lineno"> 709</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> msg = <span class="stringliteral">"Buffer overflow!! Accessing buffer range: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(total_bytes) +</div>
|
|
774
|
+
<div class="line"><a name="l00710"></a><span class="lineno"> 710</span>  <span class="stringliteral">"\nAllocated buffer size: "</span> + std::to_string(arr_type_size) + <span class="stringliteral">"\n"</span>;</div>
|
|
775
|
+
<div class="line"><a name="l00711"></a><span class="lineno"> 711</span>  msg += <span class="stringliteral">"Position: "</span> + firstValue-><a class="code" href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">toString</a>() + <span class="stringliteral">"\n"</span>;</div>
|
|
776
|
+
<div class="line"><a name="l00712"></a><span class="lineno"> 712</span>  msg += <span class="stringliteral">" The following is the value flow.\n[["</span>;</div>
|
|
777
|
+
<div class="line"><a name="l00713"></a><span class="lineno"> 713</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> it = gep_offsets.begin(); it != gep_offsets.end(); ++it)</div>
|
|
778
|
+
<div class="line"><a name="l00714"></a><span class="lineno"> 714</span>  {</div>
|
|
779
|
+
<div class="line"><a name="l00715"></a><span class="lineno"> 715</span>  msg += it->first->toString() + <span class="stringliteral">", Offset: "</span> + <a class="code" href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">IntervalToIntStr</a>(it->second) + <span class="stringliteral">"\n"</span>;</div>
|
|
780
|
+
<div class="line"><a name="l00716"></a><span class="lineno"> 716</span>  }</div>
|
|
781
|
+
<div class="line"><a name="l00717"></a><span class="lineno"> 717</span>  msg += <span class="stringliteral">"]]. \nAlloc Site: "</span> + gvalue->toString() + <span class="stringliteral">"\n"</span>;</div>
|
|
782
|
+
<div class="line"><a name="l00718"></a><span class="lineno"> 718</span>  </div>
|
|
783
|
+
<div class="line"><a name="l00719"></a><span class="lineno"> 719</span>  <a class="code" href="structSVF_1_1BufOverflowException.html">BufOverflowException</a> bug(<a class="code" href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVFUtil::wrnMsg</a>(msg), arr_type_size, arr_type_size,</div>
|
|
784
|
+
<div class="line"><a name="l00720"></a><span class="lineno"> 720</span>  total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">lb</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), total_bytes.<a class="code" href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">ub</a>().<a class="code" href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">getNumeral</a>(), firstValue);</div>
|
|
785
|
+
<div class="line"><a name="l00721"></a><span class="lineno"> 721</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, curNode);</div>
|
|
786
|
+
<div class="line"><a name="l00722"></a><span class="lineno"> 722</span>  <span class="keywordflow">return</span> <span class="keyword">false</span>;</div>
|
|
787
|
+
<div class="line"><a name="l00723"></a><span class="lineno"> 723</span>  }</div>
|
|
788
|
+
<div class="line"><a name="l00724"></a><span class="lineno"> 724</span>  <span class="keywordflow">else</span></div>
|
|
789
|
+
<div class="line"><a name="l00725"></a><span class="lineno"> 725</span>  {</div>
|
|
790
|
+
<div class="line"><a name="l00726"></a><span class="lineno"> 726</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
791
|
+
<div class="line"><a name="l00727"></a><span class="lineno"> 727</span>  }</div>
|
|
792
|
+
<div class="line"><a name="l00728"></a><span class="lineno"> 728</span>  }</div>
|
|
793
|
+
<div class="line"><a name="l00729"></a><span class="lineno"> 729</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> <a class="code" href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a> *arg = SVFUtil::dyn_cast<SVF::SVFArgument>(value))</div>
|
|
794
|
+
<div class="line"><a name="l00730"></a><span class="lineno"> 730</span>  {</div>
|
|
795
|
+
<div class="line"><a name="l00731"></a><span class="lineno"> 731</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">AccessMemoryViaCallArgs</a>(arg, worklist, visited);</div>
|
|
796
|
+
<div class="line"><a name="l00732"></a><span class="lineno"> 732</span>  }</div>
|
|
797
|
+
<div class="line"><a name="l00733"></a><span class="lineno"> 733</span>  <span class="keywordflow">else</span></div>
|
|
798
|
+
<div class="line"><a name="l00734"></a><span class="lineno"> 734</span>  {</div>
|
|
799
|
+
<div class="line"><a name="l00735"></a><span class="lineno"> 735</span>  <span class="comment">// maybe SVFConstant</span></div>
|
|
800
|
+
<div class="line"><a name="l00736"></a><span class="lineno"> 736</span>  <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
|
|
801
|
+
<div class="line"><a name="l00737"></a><span class="lineno"> 737</span>  <span class="comment">// therefore it loses the value flow track</span></div>
|
|
802
|
+
<div class="line"><a name="l00738"></a><span class="lineno"> 738</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
803
|
+
<div class="line"><a name="l00739"></a><span class="lineno"> 739</span>  }</div>
|
|
804
|
+
<div class="line"><a name="l00740"></a><span class="lineno"> 740</span>  }</div>
|
|
805
|
+
<div class="line"><a name="l00741"></a><span class="lineno"> 741</span>  <span class="comment">// it may be cannot find the source, maybe we start from non-main function,</span></div>
|
|
806
|
+
<div class="line"><a name="l00742"></a><span class="lineno"> 742</span>  <span class="comment">// therefore it loses the value flow track</span></div>
|
|
807
|
+
<div class="line"><a name="l00743"></a><span class="lineno"> 743</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
808
|
+
<div class="line"><a name="l00744"></a><span class="lineno"> 744</span> }</div>
|
|
809
|
+
<div class="line"><a name="l00745"></a><span class="lineno"> 745</span>  </div>
|
|
810
|
+
<div class="line"><a name="l00746"></a><span class="lineno"> 746</span>  </div>
|
|
811
|
+
<div class="line"><a name="l00747"></a><span class="lineno"> 747</span>  </div>
|
|
812
|
+
<div class="line"><a name="l00748"></a><span class="lineno"> 748</span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">BufOverflowChecker::handleICFGNode</a>(<span class="keyword">const</span> <a class="code" href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a> *node)</div>
|
|
813
|
+
<div class="line"><a name="l00749"></a><span class="lineno"> 749</span> {</div>
|
|
814
|
+
<div class="line"><a name="l00750"></a><span class="lineno"> 750</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">AbstractInterpretation::handleICFGNode</a>(node);</div>
|
|
815
|
+
<div class="line"><a name="l00751"></a><span class="lineno"> 751</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">detectBufOverflow</a>(node);</div>
|
|
816
|
+
<div class="line"><a name="l00752"></a><span class="lineno"> 752</span> }</div>
|
|
817
|
+
<div class="line"><a name="l00753"></a><span class="lineno"> 753</span>  </div>
|
|
818
|
+
<div class="line"><a name="l00754"></a><span class="lineno"> 754</span> <span class="comment">//</span></div>
|
|
819
|
+
<div class="line"><a name="l00755"></a><span class="lineno"> 755</span> <span class="keywordtype">bool</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">BufOverflowChecker::detectBufOverflow</a>(<span class="keyword">const</span> ICFGNode *node)</div>
|
|
820
|
+
<div class="line"><a name="l00756"></a><span class="lineno"> 756</span> {</div>
|
|
821
|
+
<div class="line"><a name="l00757"></a><span class="lineno"> 757</span>  AbstractState &es = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">getState</a>(node);</div>
|
|
822
|
+
<div class="line"><a name="l00758"></a><span class="lineno"> 758</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span>* stmt: node->getSVFStmts())</div>
|
|
823
|
+
<div class="line"><a name="l00759"></a><span class="lineno"> 759</span>  {</div>
|
|
824
|
+
<div class="line"><a name="l00760"></a><span class="lineno"> 760</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep = SVFUtil::dyn_cast<GepStmt>(stmt))</div>
|
|
825
|
+
<div class="line"><a name="l00761"></a><span class="lineno"> 761</span>  {</div>
|
|
826
|
+
<div class="line"><a name="l00762"></a><span class="lineno"> 762</span>  <span class="keyword">const</span> SVFVar* gepRhs = gep->getRHSVar();</div>
|
|
827
|
+
<div class="line"><a name="l00763"></a><span class="lineno"> 763</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> SVFInstruction* inst = SVFUtil::dyn_cast<SVFInstruction>(gepRhs->getValue()))</div>
|
|
828
|
+
<div class="line"><a name="l00764"></a><span class="lineno"> 764</span>  {</div>
|
|
829
|
+
<div class="line"><a name="l00765"></a><span class="lineno"> 765</span>  <span class="keyword">const</span> ICFGNode* icfgNode = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(inst);</div>
|
|
830
|
+
<div class="line"><a name="l00766"></a><span class="lineno"> 766</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> SVFStmt* stmt2: icfgNode->getSVFStmts())</div>
|
|
831
|
+
<div class="line"><a name="l00767"></a><span class="lineno"> 767</span>  {</div>
|
|
832
|
+
<div class="line"><a name="l00768"></a><span class="lineno"> 768</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep2 = SVFUtil::dyn_cast<GepStmt>(stmt2))</div>
|
|
833
|
+
<div class="line"><a name="l00769"></a><span class="lineno"> 769</span>  {</div>
|
|
834
|
+
<div class="line"><a name="l00770"></a><span class="lineno"> 770</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep2->getLHSVar()->getValue(), IntervalValue(0, 0), node);</div>
|
|
835
|
+
<div class="line"><a name="l00771"></a><span class="lineno"> 771</span>  }</div>
|
|
836
|
+
<div class="line"><a name="l00772"></a><span class="lineno"> 772</span>  }</div>
|
|
837
|
+
<div class="line"><a name="l00773"></a><span class="lineno"> 773</span>  }</div>
|
|
838
|
+
<div class="line"><a name="l00774"></a><span class="lineno"> 774</span>  }</div>
|
|
839
|
+
<div class="line"><a name="l00775"></a><span class="lineno"> 775</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> LoadStmt* load = SVFUtil::dyn_cast<LoadStmt>(stmt))</div>
|
|
840
|
+
<div class="line"><a name="l00776"></a><span class="lineno"> 776</span>  {</div>
|
|
841
|
+
<div class="line"><a name="l00777"></a><span class="lineno"> 777</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">inVarToAddrsTable</a>(es, load->getRHSVarID()))</div>
|
|
842
|
+
<div class="line"><a name="l00778"></a><span class="lineno"> 778</span>  {</div>
|
|
843
|
+
<div class="line"><a name="l00779"></a><span class="lineno"> 779</span>  AbstractValue Addrs =</div>
|
|
844
|
+
<div class="line"><a name="l00780"></a><span class="lineno"> 780</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(es, load->getRHSVarID());</div>
|
|
845
|
+
<div class="line"><a name="l00781"></a><span class="lineno"> 781</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
|
|
846
|
+
<div class="line"><a name="l00782"></a><span class="lineno"> 782</span>  {</div>
|
|
847
|
+
<div class="line"><a name="l00783"></a><span class="lineno"> 783</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(vaddr);</div>
|
|
848
|
+
<div class="line"><a name="l00784"></a><span class="lineno"> 784</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
|
|
849
|
+
<div class="line"><a name="l00785"></a><span class="lineno"> 785</span>  {</div>
|
|
850
|
+
<div class="line"><a name="l00786"></a><span class="lineno"> 786</span>  <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
|
|
851
|
+
<div class="line"><a name="l00787"></a><span class="lineno"> 787</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep->getLHSVar()->getValue(), IntervalValue(0, 0), node);</div>
|
|
852
|
+
<div class="line"><a name="l00788"></a><span class="lineno"> 788</span>  }</div>
|
|
853
|
+
<div class="line"><a name="l00789"></a><span class="lineno"> 789</span>  }</div>
|
|
854
|
+
<div class="line"><a name="l00790"></a><span class="lineno"> 790</span>  }</div>
|
|
855
|
+
<div class="line"><a name="l00791"></a><span class="lineno"> 791</span>  }</div>
|
|
856
|
+
<div class="line"><a name="l00792"></a><span class="lineno"> 792</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<span class="keyword">const</span> StoreStmt* store = SVFUtil::dyn_cast<StoreStmt>(stmt))</div>
|
|
857
|
+
<div class="line"><a name="l00793"></a><span class="lineno"> 793</span>  {</div>
|
|
858
|
+
<div class="line"><a name="l00794"></a><span class="lineno"> 794</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">inVarToAddrsTable</a>(es, store->getLHSVarID()))</div>
|
|
859
|
+
<div class="line"><a name="l00795"></a><span class="lineno"> 795</span>  {</div>
|
|
860
|
+
<div class="line"><a name="l00796"></a><span class="lineno"> 796</span>  AbstractValue Addrs =</div>
|
|
861
|
+
<div class="line"><a name="l00797"></a><span class="lineno"> 797</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(es, store->getLHSVarID());</div>
|
|
862
|
+
<div class="line"><a name="l00798"></a><span class="lineno"> 798</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
|
|
863
|
+
<div class="line"><a name="l00799"></a><span class="lineno"> 799</span>  {</div>
|
|
864
|
+
<div class="line"><a name="l00800"></a><span class="lineno"> 800</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(vaddr);</div>
|
|
865
|
+
<div class="line"><a name="l00801"></a><span class="lineno"> 801</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.find(objId) != <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.end())</div>
|
|
866
|
+
<div class="line"><a name="l00802"></a><span class="lineno"> 802</span>  {</div>
|
|
867
|
+
<div class="line"><a name="l00803"></a><span class="lineno"> 803</span>  <span class="keyword">const</span> GepStmt* gep = <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>.at(objId);</div>
|
|
868
|
+
<div class="line"><a name="l00804"></a><span class="lineno"> 804</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(gep->getLHSVar()->getValue(), IntervalValue(0, 0), node);</div>
|
|
869
|
+
<div class="line"><a name="l00805"></a><span class="lineno"> 805</span>  }</div>
|
|
870
|
+
<div class="line"><a name="l00806"></a><span class="lineno"> 806</span>  }</div>
|
|
871
|
+
<div class="line"><a name="l00807"></a><span class="lineno"> 807</span>  }</div>
|
|
872
|
+
<div class="line"><a name="l00808"></a><span class="lineno"> 808</span>  }</div>
|
|
873
873
|
<div class="line"><a name="l00809"></a><span class="lineno"> 809</span>  }</div>
|
|
874
|
-
<div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  <span class="keywordflow">
|
|
875
|
-
<div class="line"><a name="l00811"></a><span class="lineno"> 811</span> 
|
|
876
|
-
<div class="line"><a name="l00812"></a><span class="lineno"> 812</span> 
|
|
877
|
-
<div class="line"><a name="l00813"></a><span class="lineno"> 813</span> 
|
|
878
|
-
<div class="line"><a name="l00814"></a><span class="lineno"> 814</span> 
|
|
879
|
-
<div class="line"><a name="l00815"></a><span class="lineno"> 815</span> 
|
|
880
|
-
<div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  <span class="keywordflow">
|
|
874
|
+
<div class="line"><a name="l00810"></a><span class="lineno"> 810</span>  <span class="keywordflow">return</span> <span class="keyword">true</span>;</div>
|
|
875
|
+
<div class="line"><a name="l00811"></a><span class="lineno"> 811</span> }</div>
|
|
876
|
+
<div class="line"><a name="l00812"></a><span class="lineno"> 812</span>  </div>
|
|
877
|
+
<div class="line"><a name="l00813"></a><span class="lineno"> 813</span> <span class="keywordtype">void</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">BufOverflowChecker::addBugToRecoder</a>(<span class="keyword">const</span> BufOverflowException& e, <span class="keyword">const</span> ICFGNode* node)</div>
|
|
878
|
+
<div class="line"><a name="l00814"></a><span class="lineno"> 814</span> {</div>
|
|
879
|
+
<div class="line"><a name="l00815"></a><span class="lineno"> 815</span>  <span class="keyword">const</span> SVFInstruction* inst = <span class="keyword">nullptr</span>;</div>
|
|
880
|
+
<div class="line"><a name="l00816"></a><span class="lineno"> 816</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(node))</div>
|
|
881
881
|
<div class="line"><a name="l00817"></a><span class="lineno"> 817</span>  {</div>
|
|
882
|
-
<div class="line"><a name="l00818"></a><span class="lineno"> 818</span> 
|
|
883
|
-
<div class="line"><a name="l00819"></a><span class="lineno"> 819</span> 
|
|
884
|
-
<div class="line"><a name="l00820"></a><span class="lineno"> 820</span> 
|
|
885
|
-
<div class="line"><a name="l00821"></a><span class="lineno"> 821</span> 
|
|
886
|
-
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span> 
|
|
887
|
-
<div class="line"><a name="l00823"></a><span class="lineno"> 823</span> 
|
|
888
|
-
<div class="line"><a name="l00824"></a><span class="lineno"> 824</span>  <
|
|
889
|
-
<div class="line"><a name="l00825"></a><span class="lineno"> 825</span> 
|
|
890
|
-
<div class="line"><a name="l00826"></a><span class="lineno"> 826</span> 
|
|
891
|
-
<div class="line"><a name="l00827"></a><span class="lineno"> 827</span> 
|
|
892
|
-
<div class="line"><a name="l00828"></a><span class="lineno"> 828</span> 
|
|
893
|
-
<div class="line"><a name="l00829"></a><span class="lineno"> 829</span> 
|
|
894
|
-
<div class="line"><a name="l00830"></a><span class="lineno"> 830</span> 
|
|
895
|
-
<div class="line"><a name="l00831"></a><span class="lineno"> 831</span> 
|
|
896
|
-
<div class="line"><a name="l00832"></a><span class="lineno"> 832</span>  <
|
|
897
|
-
<div class="line"><a name="l00833"></a><span class="lineno"> 833</span> 
|
|
898
|
-
<div class="line"><a name="l00834"></a><span class="lineno"> 834</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#
|
|
899
|
-
<div class="line"><a name="l00835"></a><span class="lineno"> 835</span> 
|
|
900
|
-
<div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  </div>
|
|
901
|
-
<div class="line"><a name="l00837"></a><span class="lineno"> 837</span> }</div>
|
|
882
|
+
<div class="line"><a name="l00818"></a><span class="lineno"> 818</span>  inst = call->getCallSite();</div>
|
|
883
|
+
<div class="line"><a name="l00819"></a><span class="lineno"> 819</span>  }</div>
|
|
884
|
+
<div class="line"><a name="l00820"></a><span class="lineno"> 820</span>  <span class="keywordflow">else</span></div>
|
|
885
|
+
<div class="line"><a name="l00821"></a><span class="lineno"> 821</span>  {</div>
|
|
886
|
+
<div class="line"><a name="l00822"></a><span class="lineno"> 822</span>  inst = node->getSVFStmts().back()->getInst();</div>
|
|
887
|
+
<div class="line"><a name="l00823"></a><span class="lineno"> 823</span>  }</div>
|
|
888
|
+
<div class="line"><a name="l00824"></a><span class="lineno"> 824</span>  <a class="code" href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">GenericBug::EventStack</a> eventStack;</div>
|
|
889
|
+
<div class="line"><a name="l00825"></a><span class="lineno"> 825</span>  SVFBugEvent sourceInstEvent(SVFBugEvent::EventType::SourceInst, inst);</div>
|
|
890
|
+
<div class="line"><a name="l00826"></a><span class="lineno"> 826</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <span class="keyword">auto</span> &callsite: <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">_callSiteStack</a>)</div>
|
|
891
|
+
<div class="line"><a name="l00827"></a><span class="lineno"> 827</span>  {</div>
|
|
892
|
+
<div class="line"><a name="l00828"></a><span class="lineno"> 828</span>  SVFBugEvent callSiteEvent(SVFBugEvent::EventType::CallSite, callsite->getCallSite());</div>
|
|
893
|
+
<div class="line"><a name="l00829"></a><span class="lineno"> 829</span>  eventStack.push_back(callSiteEvent);</div>
|
|
894
|
+
<div class="line"><a name="l00830"></a><span class="lineno"> 830</span>  }</div>
|
|
895
|
+
<div class="line"><a name="l00831"></a><span class="lineno"> 831</span>  eventStack.push_back(sourceInstEvent);</div>
|
|
896
|
+
<div class="line"><a name="l00832"></a><span class="lineno"> 832</span>  <span class="keywordflow">if</span> (eventStack.size() == 0) <span class="keywordflow">return</span>;</div>
|
|
897
|
+
<div class="line"><a name="l00833"></a><span class="lineno"> 833</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> loc = eventStack.back().getEventLoc();</div>
|
|
898
|
+
<div class="line"><a name="l00834"></a><span class="lineno"> 834</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.find(loc) != <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.end())</div>
|
|
899
|
+
<div class="line"><a name="l00835"></a><span class="lineno"> 835</span>  {</div>
|
|
900
|
+
<div class="line"><a name="l00836"></a><span class="lineno"> 836</span>  <span class="keywordflow">return</span>;</div>
|
|
901
|
+
<div class="line"><a name="l00837"></a><span class="lineno"> 837</span>  }</div>
|
|
902
|
+
<div class="line"><a name="l00838"></a><span class="lineno"> 838</span>  <span class="keywordflow">else</span></div>
|
|
903
|
+
<div class="line"><a name="l00839"></a><span class="lineno"> 839</span>  {</div>
|
|
904
|
+
<div class="line"><a name="l00840"></a><span class="lineno"> 840</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">_bugLoc</a>.insert(loc);</div>
|
|
905
|
+
<div class="line"><a name="l00841"></a><span class="lineno"> 841</span>  }</div>
|
|
906
|
+
<div class="line"><a name="l00842"></a><span class="lineno"> 842</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a8e4f0c5f527e321369a19a0b37124079">_recoder</a>.<a class="code" href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">addAbsExecBug</a>(<a class="code" href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">GenericBug::FULLBUFOVERFLOW</a>, eventStack, e.getAllocLb(), e.getAllocUb(), e.getAccessLb(),</div>
|
|
907
|
+
<div class="line"><a name="l00843"></a><span class="lineno"> 843</span>  e.getAccessUb());</div>
|
|
908
|
+
<div class="line"><a name="l00844"></a><span class="lineno"> 844</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a09aa739395388f64fcb3d539d58d2041">_nodeToBugInfo</a>[node] = e.what();</div>
|
|
909
|
+
<div class="line"><a name="l00845"></a><span class="lineno"> 845</span> }</div>
|
|
910
|
+
<div class="line"><a name="l00846"></a><span class="lineno"> 846</span>  </div>
|
|
911
|
+
<div class="line"><a name="l00847"></a><span class="lineno"> 847</span> }</div>
|
|
902
912
|
</div><!-- fragment --></div><!-- contents -->
|
|
903
913
|
<div class="ttc" id="aclassSVF_1_1SVFBugReport_html_a05f395eff23619ed10c31c0acda949e2"><div class="ttname"><a href="classSVF_1_1SVFBugReport.html#a05f395eff23619ed10c31c0acda949e2">SVF::SVFBugReport::addAbsExecBug</a></div><div class="ttdeci">void addAbsExecBug(GenericBug::BugType bugType, const GenericBug::EventStack &eventStack, s64_t allocLowerBound, s64_t allocUpperBound, s64_t accessLowerBound, s64_t accessUpperBound)</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00367">SVFBugReport.h:367</a></div></div>
|
|
914
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a319cdab5339e6fe56fec8ade68f9da92"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a319cdab5339e6fe56fec8ade68f9da92">SVF::AbstractInterpretation::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(AbstractState &es, NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01605">AbstractInterpretation.cpp:1605</a></div></div>
|
|
904
915
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html_a2401b022638769f59f86ab424a189b6e"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a2401b022638769f59f86ab424a189b6e">SVF::SVFValue::getName</a></div><div class="ttdeci">const std::string & getName() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00243">SVFValue.h:243</a></div></div>
|
|
905
916
|
<div class="ttc" id="aclassSVF_1_1CopyStmt_html"><div class="ttname"><a href="classSVF_1_1CopyStmt.html">SVF::CopyStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00364">SVFStatements.h:364</a></div></div>
|
|
906
917
|
<div class="ttc" id="aclassSVF_1_1SVFType_html_a95b8031f1e15d49c7d68628be1d05aae"><div class="ttname"><a href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">SVF::SVFType::getByteSize</a></div><div class="ttdeci">u32_t getByteSize() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00244">SVFType.h:244</a></div></div>
|
|
907
|
-
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a62baa9403069a9b1e010eaeb2f6b9b34"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">SVF::SVFIR2AbsState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(u32_t id) const</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00129">SVFIR2AbsState.h:129</a></div></div>
|
|
908
918
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a7655b13bbfe720ca2b8a25e0a72528e6"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a7655b13bbfe720ca2b8a25e0a72528e6">SVF::SVFUtil::errMsg</a></div><div class="ttdeci">std::string errMsg(const std::string &msg)</div><div class="ttdoc">Print error message by converting a string into red string output.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8cpp_source.html#l00076">SVFUtil.cpp:76</a></div></div>
|
|
919
|
+
<div class="ttc" id="aclassSVF_1_1SVFStmt_html_aa809a57c8cdaaa35dfc3cc0f3b33b52b"><div class="ttname"><a href="classSVF_1_1SVFStmt.html#aa809a57c8cdaaa35dfc3cc0f3b33b52b">SVF::SVFStmt::getICFGNode</a></div><div class="ttdeci">ICFGNode * getICFGNode() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00163">SVFStatements.h:163</a></div></div>
|
|
909
920
|
<div class="ttc" id="aCommandLine_8h_html_a2429346d37bd4c40889bd7c6d319d9da"><div class="ttname"><a href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a></div><div class="ttdeci">unsigned u32_t</div><div class="ttdef"><b>Definition:</b> <a href="CommandLine_8h_source.html#l00018">CommandLine.h:18</a></div></div>
|
|
910
921
|
<div class="ttc" id="aclassSVF_1_1AddrStmt_html"><div class="ttname"><a href="classSVF_1_1AddrStmt.html">SVF::AddrStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00313">SVFStatements.h:313</a></div></div>
|
|
911
922
|
<div class="ttc" id="astructSVF_1_1AbstractValue_html_ab1fe6a57f784971b3bc603dbfda746e8"><div class="ttname"><a href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">SVF::AbstractValue::getAddrs</a></div><div class="ttdeci">AddressValue & getAddrs()</div><div class="ttdef"><b>Definition:</b> <a href="AbstractValue_8h_source.html#l00171">AbstractValue.h:171</a></div></div>
|
|
912
923
|
<div class="ttc" id="aBufOverflowChecker_8h_html"><div class="ttname"><a href="BufOverflowChecker_8h.html">BufOverflowChecker.h</a></div></div>
|
|
913
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad68fa02efad8b628e4542dc9ab6c58bf"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const AbstractValue &len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
924
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad68fa02efad8b628e4542dc9ab6c58bf"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const AbstractValue &len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00501">BufOverflowChecker.cpp:501</a></div></div>
|
|
914
925
|
<div class="ttc" id="aclassSVF_1_1IRGraph_html_a43514023a4f4d0c32f536f51443b0efc"><div class="ttname"><a href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">SVF::IRGraph::getValueNode</a></div><div class="ttdeci">NodeID getValueNode(const SVFValue *V)</div><div class="ttdef"><b>Definition:</b> <a href="IRGraph_8h_source.html#l00137">IRGraph.h:137</a></div></div>
|
|
915
926
|
<div class="ttc" id="anamespaceSVF_html_af739db846e47ba6b2fd15eaad31ab7fb"><div class="ttname"><a href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">SVF::Set</a></div><div class="ttdeci">std::unordered_set< Key, Hash, KeyEqual, Allocator > Set</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00096">GeneralType.h:96</a></div></div>
|
|
916
927
|
<div class="ttc" id="aclassSVF_1_1CallICFGNode_html_a90fd0b8e44fba1a7eb76d15bce085d66"><div class="ttname"><a href="classSVF_1_1CallICFGNode.html#a90fd0b8e44fba1a7eb76d15bce085d66">SVF::CallICFGNode::getCallSite</a></div><div class="ttdeci">const SVFInstruction * getCallSite() const</div><div class="ttdoc">Return callsite.</div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00409">ICFGNode.h:409</a></div></div>
|
|
917
928
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a0df07a2659cbf3a918de5b0d7c407264"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a0df07a2659cbf3a918de5b0d7c407264">SVF::IntervalValue::lb</a></div><div class="ttdeci">const NumericLiteral & lb() const</div><div class="ttdoc">Return the lower bound.</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00206">IntervalValue.h:206</a></div></div>
|
|
918
929
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_afa6b30220b0b3261205a909def9ca44e"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#afa6b30220b0b3261205a909def9ca44e">SVF::BufOverflowChecker::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const SVF::ICFGNode *node) override</div></div>
|
|
919
930
|
<div class="ttc" id="anamespaceSVF_html"><div class="ttname"><a href="namespaceSVF.html">SVF</a></div><div class="ttdoc">for isBitcode</div><div class="ttdef"><b>Definition:</b> <a href="BasicTypes_8h_source.html#l00067">BasicTypes.h:67</a></div></div>
|
|
920
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a5bba3c0570d73acc743742a30af1b0b4"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">SVF::AbstractInterpretation::getStrlen</a></div><div class="ttdeci">AbstractValue getStrlen(const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01464">AbstractInterpretation.cpp:1464</a></div></div>
|
|
921
931
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a9815a5b31ac7dc21239d08e5b9f61106"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVF::SVFUtil::getSVFCallSite</a></div><div class="ttdeci">CallSite getSVFCallSite(const SVFInstruction *inst)</div><div class="ttdoc">Return LLVM callsite given an instruction.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00196">SVFUtil.h:196</a></div></div>
|
|
922
932
|
<div class="ttc" id="aclassSVF_1_1ICFGNode_html_a6c68f52dd90728073fb79141df9b0661"><div class="ttname"><a href="classSVF_1_1ICFGNode.html#a6c68f52dd90728073fb79141df9b0661">SVF::ICFGNode::getSVFStmts</a></div><div class="ttdeci">const SVFStmtList & getSVFStmts() const</div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00127">ICFGNode.h:127</a></div></div>
|
|
923
933
|
<div class="ttc" id="astructSVF_1_1BufOverflowException_html"><div class="ttname"><a href="structSVF_1_1BufOverflowException.html">SVF::BufOverflowException</a></div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00036">BufOverflowChecker.h:36</a></div></div>
|
|
924
934
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_ac71522e8c55f84cfc6c13a0ddff18436"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#ac71522e8c55f84cfc6c13a0ddff18436">SVF::SVFUtil::wrnMsg</a></div><div class="ttdeci">std::string wrnMsg(const std::string &msg)</div><div class="ttdoc">Returns warning message by converting a string into yellow string output.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8cpp_source.html#l00061">SVFUtil.cpp:61</a></div></div>
|
|
925
935
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html_a11f2d9b6e969ede6fca2c204cc15b821"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a11f2d9b6e969ede6fca2c204cc15b821">SVF::SVFValue::getType</a></div><div class="ttdeci">virtual const SVFType * getType() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00256">SVFValue.h:256</a></div></div>
|
|
926
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad8b2f2fa6f22b9d1655135c819cbad8a"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">SVF::BufOverflowChecker::detectStrcpy</a></div><div class="ttdeci">bool detectStrcpy(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
936
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad8b2f2fa6f22b9d1655135c819cbad8a"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">SVF::BufOverflowChecker::detectStrcpy</a></div><div class="ttdeci">bool detectStrcpy(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00125">BufOverflowChecker.cpp:125</a></div></div>
|
|
927
937
|
<div class="ttc" id="aclassSVF_1_1SVFVar_html_ac2db6304ea5526fb446ae882983beeb0"><div class="ttname"><a href="classSVF_1_1SVFVar.html#ac2db6304ea5526fb446ae882983beeb0">SVF::SVFVar::getValue</a></div><div class="ttdeci">const SVFValue * getValue() const</div><div class="ttdoc">Get/has methods of the components.</div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00094">SVFVariables.h:94</a></div></div>
|
|
928
938
|
<div class="ttc" id="aclassSVF_1_1GenericBug_html_acc65b033bfd61257d5b6fdbf932dfafe"><div class="ttname"><a href="classSVF_1_1GenericBug.html#acc65b033bfd61257d5b6fdbf932dfafe">SVF::GenericBug::EventStack</a></div><div class="ttdeci">std::vector< SVFBugEvent > EventStack</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00083">SVFBugReport.h:83</a></div></div>
|
|
929
939
|
<div class="ttc" id="aclassSVF_1_1ICFGNode_html"><div class="ttname"><a href="classSVF_1_1ICFGNode.html">SVF::ICFGNode</a></div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00054">ICFGNode.h:54</a></div></div>
|
|
930
940
|
<div class="ttc" id="aclassSVF_1_1SVFType_html_a330084f9a3deb6e5acb52a8ee3eb7fe4"><div class="ttname"><a href="classSVF_1_1SVFType.html#a330084f9a3deb6e5acb52a8ee3eb7fe4">SVF::SVFType::isArrayTy</a></div><div class="ttdeci">bool isArrayTy() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00254">SVFType.h:254</a></div></div>
|
|
941
|
+
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a611ac228efd661b301ea1dd675cd1c0c"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">SVF::SVFIR2AbsState::getAddrs</a></div><div class="ttdeci">AbstractValue & getAddrs(AbstractState &es, u32_t id)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00104">SVFIR2AbsState.h:104</a></div></div>
|
|
931
942
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a5d73cc2aa0a6ed49e8301fa7b0cd5045"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a5d73cc2aa0a6ed49e8301fa7b0cd5045">SVF::IntervalValue::toString</a></div><div class="ttdeci">const std::string toString() const</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00479">IntervalValue.h:479</a></div></div>
|
|
932
943
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543">SVF::AbstractInterpretation::UNCLASSIFIED</a></div><div class="ttdeci">@ UNCLASSIFIED</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
933
944
|
<div class="ttc" id="aclassSVF_1_1AbstractState_html_aa34516a95191c5ec56ce44a117e8b018"><div class="ttname"><a href="classSVF_1_1AbstractState.html#aa34516a95191c5ec56ce44a117e8b018">SVF::AbstractState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(u32_t id) const</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="AbstractState_8h_source.html#l00201">AbstractState.h:201</a></div></div>
|
|
@@ -935,15 +946,14 @@ $(function() {
|
|
|
935
946
|
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a4e032a5e0898f0e349927d5a86c8477c"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">SVF::SVFIR2AbsState::getRangeLimitFromType</a></div><div class="ttdeci">AbstractValue getRangeLimitFromType(const SVFType *type)</div><div class="ttdoc">Return the value range of Integer SVF Type, e.g. unsigned i8 Type->[0, 255], signed i8 Type->[-128,...</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8cpp_source.html#l00049">SVFIR2AbsState.cpp:49</a></div></div>
|
|
936
947
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a3dba35c84607bd3ed4e62a90ae2799cf"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a3dba35c84607bd3ed4e62a90ae2799cf">SVF::IntervalValue::is_infinite</a></div><div class="ttdeci">static bool is_infinite(const NumericLiteral &e)</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00077">IntervalValue.h:77</a></div></div>
|
|
937
948
|
<div class="ttc" id="aclassSVF_1_1Options_html_a6450b984f67d3cfa3f44892e8eea555e"><div class="ttname"><a href="classSVF_1_1Options.html#a6450b984f67d3cfa3f44892e8eea555e">SVF::Options::GepUnknownIdx</a></div><div class="ttdeci">static const Option< bool > GepUnknownIdx</div><div class="ttdoc">if the access index of gepstmt is unknown, skip it, Default: false</div><div class="ttdef"><b>Definition:</b> <a href="Options_8h_source.html#l00281">Options.h:281</a></div></div>
|
|
938
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a09aa739395388f64fcb3d539d58d2041"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a09aa739395388f64fcb3d539d58d2041">SVF::AbstractInterpretation::_nodeToBugInfo</a></div><div class="ttdeci">Map< const ICFGNode *, std::string > _nodeToBugInfo</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
939
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a618fc324a6c205d7e1b471bd850377a9"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">SVF::AbstractInterpretation::_svfir</a></div><div class="ttdeci">SVFIR * _svfir</div><div class="ttdoc">protected data members, also used in subclasses</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
940
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a1e1b72ed740cef4c3e57e3e32c3f75"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">SVF::AbstractInterpretation::_checkpoint_names</a></div><div class="ttdeci">Set< std::string > _checkpoint_names</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
941
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aed959fce840cbea32d3567ee1ac01e82"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">SVF::BufOverflowChecker::initExtAPIBufOverflowCheckRules</a></div><div class="ttdeci">void initExtAPIBufOverflowCheckRules()</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
949
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a09aa739395388f64fcb3d539d58d2041"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a09aa739395388f64fcb3d539d58d2041">SVF::AbstractInterpretation::_nodeToBugInfo</a></div><div class="ttdeci">Map< const ICFGNode *, std::string > _nodeToBugInfo</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00349">AbstractInterpretation.h:349</a></div></div>
|
|
950
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a618fc324a6c205d7e1b471bd850377a9"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">SVF::AbstractInterpretation::_svfir</a></div><div class="ttdeci">SVFIR * _svfir</div><div class="ttdoc">protected data members, also used in subclasses</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00336">AbstractInterpretation.h:336</a></div></div>
|
|
951
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a1e1b72ed740cef4c3e57e3e32c3f75"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">SVF::AbstractInterpretation::_checkpoint_names</a></div><div class="ttdeci">Set< std::string > _checkpoint_names</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00389">AbstractInterpretation.h:389</a></div></div>
|
|
952
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aed959fce840cbea32d3567ee1ac01e82"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">SVF::BufOverflowChecker::initExtAPIBufOverflowCheckRules</a></div><div class="ttdeci">void initExtAPIBufOverflowCheckRules()</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00078">BufOverflowChecker.cpp:78</a></div></div>
|
|
942
953
|
<div class="ttc" id="aOptions_8h_html"><div class="ttname"><a href="Options_8h.html">Options.h</a></div></div>
|
|
943
954
|
<div class="ttc" id="aclassSVF_1_1GenericBug_html_a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747"><div class="ttname"><a href="classSVF_1_1GenericBug.html#a7aeeb33097bca5f7fe6747f90f5cecacac88ddac03bb8ae09a72058e4ad7af747">SVF::GenericBug::FULLBUFOVERFLOW</a></div><div class="ttdeci">@ FULLBUFOVERFLOW</div><div class="ttdef"><b>Definition:</b> <a href="SVFBugReport_8h_source.html#l00086">SVFBugReport.h:86</a></div></div>
|
|
944
955
|
<div class="ttc" id="aclassSVF_1_1SVFFunction_html_a067bd6dbaf74a028d546fa56b095791b"><div class="ttname"><a href="classSVF_1_1SVFFunction.html#a067bd6dbaf74a028d546fa56b095791b">SVF::SVFFunction::getAnnotations</a></div><div class="ttdeci">const std::vector< std::string > & getAnnotations() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00466">SVFValue.h:466</a></div></div>
|
|
945
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aa68f8aef09481d7c07dc59d7dfb83822"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">SVF::BufOverflowChecker::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
946
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a0e8b546f608417e218c2fab5a5893135"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a0e8b546f608417e218c2fab5a5893135">SVF::AbstractInterpretation::getAllocaInstByteSize</a></div><div class="ttdeci">u32_t getAllocaInstByteSize(const AddrStmt *addr)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01296">AbstractInterpretation.cpp:1296</a></div></div>
|
|
956
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aa68f8aef09481d7c07dc59d7dfb83822"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">SVF::BufOverflowChecker::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00386">BufOverflowChecker.cpp:386</a></div></div>
|
|
947
957
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a145abbd2958629718fbca41d25c3124d"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVF::SVFUtil::getCallee</a></div><div class="ttdeci">const SVFFunction * getCallee(const CallSite cs)</div><div class="ttdoc">Return callee of a callsite. Return null if this is an indirect call.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00241">SVFUtil.h:241</a></div></div>
|
|
948
958
|
<div class="ttc" id="aSVFType_8h_html"><div class="ttname"><a href="SVFType_8h.html">SVFType.h</a></div></div>
|
|
949
959
|
<div class="ttc" id="aclassSVF_1_1NumericLiteral_html_a4181e5e15e10304ea524e5f8b2a3f576"><div class="ttname"><a href="classSVF_1_1NumericLiteral.html#a4181e5e15e10304ea524e5f8b2a3f576">SVF::NumericLiteral::getNumeral</a></div><div class="ttdeci">s64_t getNumeral() const</div><div class="ttdoc">Return Numeral, default type is double in case to support both int and float.</div><div class="ttdef"><b>Definition:</b> <a href="NumericLiteral_8h_source.html#l00132">NumericLiteral.h:132</a></div></div>
|
|
@@ -953,16 +963,18 @@ $(function() {
|
|
|
953
963
|
<div class="ttc" id="aclassSVF_1_1AbstractState_html_a1f935ea8ab16b04699284bf92bbbb23c"><div class="ttname"><a href="classSVF_1_1AbstractState.html#a1f935ea8ab16b04699284bf92bbbb23c">SVF::AbstractState::store</a></div><div class="ttdeci">void store(u32_t addr, const AbstractValue &val)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractState_8h_source.html#l00321">AbstractState.h:321</a></div></div>
|
|
954
964
|
<div class="ttc" id="aclassSVF_1_1SVFArrayType_html"><div class="ttname"><a href="classSVF_1_1SVFArrayType.html">SVF::SVFArrayType</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00377">SVFType.h:377</a></div></div>
|
|
955
965
|
<div class="ttc" id="anamespaceSVF_html_a5d28d0818391747924478e86b9033431"><div class="ttname"><a href="namespaceSVF.html#a5d28d0818391747924478e86b9033431">SVF::IntervalToIntStr</a></div><div class="ttdeci">std::string IntervalToIntStr(const IntervalValue &inv)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00037">BufOverflowChecker.cpp:37</a></div></div>
|
|
956
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a5e0a88ebef4ae740983726e7f1b5eb"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">SVF::AbstractInterpretation::_bugLoc</a></div><div class="ttdeci">Set< std::string > _bugLoc</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
957
|
-
<div class="ttc" id="
|
|
966
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a5e0a88ebef4ae740983726e7f1b5eb"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a5e0a88ebef4ae740983726e7f1b5eb">SVF::AbstractInterpretation::_bugLoc</a></div><div class="ttdeci">Set< std::string > _bugLoc</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00346">AbstractInterpretation.h:346</a></div></div>
|
|
967
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_af3c6f27181cc271332919732e490ad1d"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#af3c6f27181cc271332919732e490ad1d">SVF::AbstractInterpretation::getStrlen</a></div><div class="ttdeci">AbstractValue getStrlen(AbstractState &es, const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01451">AbstractInterpretation.cpp:1451</a></div></div>
|
|
958
968
|
<div class="ttc" id="aclassSVF_1_1CallICFGNode_html"><div class="ttname"><a href="classSVF_1_1CallICFGNode.html">SVF::CallICFGNode</a></div><div class="ttdef"><b>Definition:</b> <a href="ICFGNode_8h_source.html#l00385">ICFGNode.h:385</a></div></div>
|
|
959
969
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">SVF::AbstractInterpretation::MEMCPY</a></div><div class="ttdeci">@ MEMCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
960
970
|
<div class="ttc" id="aclassSVF_1_1SVFType_html"><div class="ttname"><a href="classSVF_1_1SVFType.html">SVF::SVFType</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00156">SVFType.h:156</a></div></div>
|
|
961
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a048e203517ac727e6fe0653e1f24052c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">SVF::AbstractInterpretation::AccessMemoryViaCallArgs</a></div><div class="ttdeci">void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#
|
|
971
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a048e203517ac727e6fe0653e1f24052c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">SVF::AbstractInterpretation::AccessMemoryViaCallArgs</a></div><div class="ttdeci">void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01735">AbstractInterpretation.cpp:1735</a></div></div>
|
|
972
|
+
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_aec9a351850857fa3c6fb23c58317cb0d"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#aec9a351850857fa3c6fb23c58317cb0d">SVF::SVFIR2AbsState::getByteOffset</a></div><div class="ttdeci">AbstractValue getByteOffset(AbstractState &es, const GepStmt *gep)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8cpp_source.html#l00403">SVFIR2AbsState.cpp:403</a></div></div>
|
|
962
973
|
<div class="ttc" id="aclassSVF_1_1ICFG_html_a5f2c0aaba07d6fdd63058da0fb60ca8b"><div class="ttname"><a href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">SVF::ICFG::getICFGNode</a></div><div class="ttdeci">ICFGNode * getICFGNode(NodeID id) const</div><div class="ttdoc">Get a ICFG node.</div><div class="ttdef"><b>Definition:</b> <a href="ICFG_8h_source.html#l00092">ICFG.h:92</a></div></div>
|
|
963
974
|
<div class="ttc" id="aclassSVF_1_1SVFFunction_html"><div class="ttname"><a href="classSVF_1_1SVFFunction.html">SVF::SVFFunction</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00297">SVFValue.h:297</a></div></div>
|
|
975
|
+
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_ad42ca3cab47612c78a5d99cedea2f4ba"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">SVF::SVFIR2AbsState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(AbstractState &es, u32_t id) const</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00120">SVFIR2AbsState.h:120</a></div></div>
|
|
964
976
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html_afcf3fcda18e8d3e2bad70a51376c0ce1"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#afcf3fcda18e8d3e2bad70a51376c0ce1">SVF::FILOWorkList::push</a></div><div class="ttdeci">bool push(const Data &data)</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00257">WorkList.h:257</a></div></div>
|
|
965
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a550c12360c2149ba0e55bdf4cf7b8dd0"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">SVF::AbstractInterpretation::AccessMemoryViaCopyStmt</a></div><div class="ttdeci">void AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#
|
|
977
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a550c12360c2149ba0e55bdf4cf7b8dd0"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">SVF::AbstractInterpretation::AccessMemoryViaCopyStmt</a></div><div class="ttdeci">void AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01705">AbstractInterpretation.cpp:1705</a></div></div>
|
|
966
978
|
<div class="ttc" id="aclassSVF_1_1SVFConstantInt_html"><div class="ttname"><a href="classSVF_1_1SVFConstantInt.html">SVF::SVFConstantInt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00966">SVFValue.h:966</a></div></div>
|
|
967
979
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_adac2dc2c9f744a071ad3f0175ed40cd9"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#adac2dc2c9f744a071ad3f0175ed40cd9">SVF::IntervalValue::ub</a></div><div class="ttdeci">const NumericLiteral & ub() const</div><div class="ttdoc">Return the upper bound.</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00213">IntervalValue.h:213</a></div></div>
|
|
968
980
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a52de7d619e8746a70718719306d7c5a1"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a52de7d619e8746a70718719306d7c5a1">SVF::BufOverflowChecker::detectBufOverflow</a></div><div class="ttdeci">bool detectBufOverflow(const ICFGNode *node)</div></div>
|
|
@@ -970,35 +982,34 @@ $(function() {
|
|
|
970
982
|
<div class="ttc" id="aclassSVF_1_1SVFStmt_html"><div class="ttname"><a href="classSVF_1_1SVFStmt.html">SVF::SVFStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00051">SVFStatements.h:51</a></div></div>
|
|
971
983
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af83b65ed98cd4e0f6cd92962e7392d4d"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">SVF::BufOverflowChecker::_extAPIBufOverflowCheckRules</a></div><div class="ttdeci">Map< std::string, std::vector< std::pair< u32_t, u32_t > > > _extAPIBufOverflowCheckRules</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00202">BufOverflowChecker.h:202</a></div></div>
|
|
972
984
|
<div class="ttc" id="aclassSVF_1_1SVFVar_html"><div class="ttname"><a href="classSVF_1_1SVFVar.html">SVF::SVFVar</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00045">SVFVariables.h:45</a></div></div>
|
|
973
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9c592b91a1e3d72ada730387232a2fcf"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">SVF::AbstractInterpretation::_svfir2AbsState</a></div><div class="ttdeci">SVFIR2AbsState * _svfir2AbsState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
985
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9c592b91a1e3d72ada730387232a2fcf"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">SVF::AbstractInterpretation::_svfir2AbsState</a></div><div class="ttdeci">SVFIR2AbsState * _svfir2AbsState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00339">AbstractInterpretation.h:339</a></div></div>
|
|
974
986
|
<div class="ttc" id="aclassSVF_1_1LoadStmt_html"><div class="ttname"><a href="classSVF_1_1LoadStmt.html">SVF::LoadStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00489">SVFStatements.h:489</a></div></div>
|
|
975
987
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html"><div class="ttname"><a href="classSVF_1_1IntervalValue.html">SVF::IntervalValue</a></div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00043">IntervalValue.h:43</a></div></div>
|
|
976
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a6cac9b69d85111a5a26373ec848a3282"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">SVF::AbstractInterpretation::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#
|
|
988
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a6cac9b69d85111a5a26373ec848a3282"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">SVF::AbstractInterpretation::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01166">AbstractInterpretation.cpp:1166</a></div></div>
|
|
977
989
|
<div class="ttc" id="aclassSVF_1_1GenericGraph_html_a43c9c773bfa17abf481c33073e30d01b"><div class="ttname"><a href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">SVF::GenericGraph::getGNode</a></div><div class="ttdeci">NodeType * getGNode(NodeID id) const</div><div class="ttdoc">Get a node.</div><div class="ttdef"><b>Definition:</b> <a href="GenericGraph_8h_source.html#l00406">GenericGraph.h:406</a></div></div>
|
|
978
990
|
<div class="ttc" id="aclassSVF_1_1Options_html_afbe432aabda95308e2c190a04d227a6d"><div class="ttname"><a href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">SVF::Options::BufferOverflowCheck</a></div><div class="ttdeci">static const Option< bool > BufferOverflowCheck</div><div class="ttdoc">buffer overflow checker, Default: false</div><div class="ttdef"><b>Definition:</b> <a href="Options_8h_source.html#l00271">Options.h:271</a></div></div>
|
|
979
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a29fe7c63c61a7aec8ae1477a061f5bf2"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">SVF::AbstractInterpretation::AccessMemoryViaRetNode</a></div><div class="ttdeci">void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#
|
|
991
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a29fe7c63c61a7aec8ae1477a061f5bf2"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a29fe7c63c61a7aec8ae1477a061f5bf2">SVF::AbstractInterpretation::AccessMemoryViaRetNode</a></div><div class="ttdeci">void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01680">AbstractInterpretation.cpp:1680</a></div></div>
|
|
980
992
|
<div class="ttc" id="aclassSVF_1_1AbstractState_html"><div class="ttname"><a href="classSVF_1_1AbstractState.html">SVF::AbstractState</a></div><div class="ttdef"><b>Definition:</b> <a href="AbstractState_8h_source.html#l00054">AbstractState.h:54</a></div></div>
|
|
981
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_ac60581a57407fa4c65b1975f5be687b8"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#ac60581a57407fa4c65b1975f5be687b8">SVF::AbstractInterpretation::AccessMemoryViaLoadStmt</a></div><div class="ttdeci">void AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01730">AbstractInterpretation.cpp:1730</a></div></div>
|
|
982
993
|
<div class="ttc" id="anamespaceSVF_html_a9b707002523ece2ac54ca893ee9a2d4e"><div class="ttname"><a href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">SVF::s32_t</a></div><div class="ttdeci">signed s32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00047">GeneralType.h:47</a></div></div>
|
|
983
994
|
<div class="ttc" id="aclassSVF_1_1GepStmt_html"><div class="ttname"><a href="classSVF_1_1GepStmt.html">SVF::GepStmt</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFStatements_8h_source.html#l00526">SVFStatements.h:526</a></div></div>
|
|
984
|
-
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a99b526db536fb241ff755a82a45123fa"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">SVF::SVFIR2AbsState::getAbsState</a></div><div class="ttdeci">AbstractState & getAbsState()</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00054">SVFIR2AbsState.h:54</a></div></div>
|
|
985
995
|
<div class="ttc" id="aclassSVF_1_1SVFIR_html_abda052b73e869ed6d7c139ad1528da11"><div class="ttname"><a href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">SVF::SVFIR::getICFG</a></div><div class="ttdeci">ICFG * getICFG() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR_8h_source.html#l00170">SVFIR.h:170</a></div></div>
|
|
986
996
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616da"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">SVF::AbstractInterpretation::ExtAPIType</a></div><div class="ttdeci">ExtAPIType</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
987
|
-
<div class="ttc" id="
|
|
997
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a11ceda75dbe328bcabdc6ff6919f9526"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a11ceda75dbe328bcabdc6ff6919f9526">SVF::AbstractInterpretation::getState</a></div><div class="ttdeci">AbstractState & getState(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00372">AbstractInterpretation.h:372</a></div></div>
|
|
988
998
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a0b79c3694a08100d2d8d1b8109998131"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a0b79c3694a08100d2d8d1b8109998131">SVF::BufOverflowChecker::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00062">BufOverflowChecker.cpp:62</a></div></div>
|
|
989
999
|
<div class="ttc" id="acJSON_8cpp_html_a95bf816579e97b6f33bdb5e25ed6d5de"><div class="ttname"><a href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a></div><div class="ttdeci">buffer offset</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8cpp_source.html#l01113">cJSON.cpp:1113</a></div></div>
|
|
990
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af0e2276001df7d51c45b22d5d11ca09b"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">SVF::BufOverflowChecker::initExtFunMap</a></div><div class="ttdeci">virtual void initExtFunMap() override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
991
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9885b50cf28b65bebb488442085fab26"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">SVF::AbstractInterpretation::_callSiteStack</a></div><div class="ttdeci">std::vector< const CallICFGNode * > _callSiteStack</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1000
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af0e2276001df7d51c45b22d5d11ca09b"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">SVF::BufOverflowChecker::initExtFunMap</a></div><div class="ttdeci">virtual void initExtFunMap() override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00136">BufOverflowChecker.cpp:136</a></div></div>
|
|
1001
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9885b50cf28b65bebb488442085fab26"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9885b50cf28b65bebb488442085fab26">SVF::AbstractInterpretation::_callSiteStack</a></div><div class="ttdeci">std::vector< const CallICFGNode * > _callSiteStack</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00348">AbstractInterpretation.h:348</a></div></div>
|
|
992
1002
|
<div class="ttc" id="aclassSVF_1_1IntervalValue_html_a674f9bb98053f8658e246863d6561072"><div class="ttname"><a href="classSVF_1_1IntervalValue.html#a674f9bb98053f8658e246863d6561072">SVF::IntervalValue::isBottom</a></div><div class="ttdeci">bool isBottom() const</div><div class="ttdef"><b>Definition:</b> <a href="IntervalValue_8h_source.html#l00060">IntervalValue.h:60</a></div></div>
|
|
993
1003
|
<div class="ttc" id="aclassSVF_1_1CallSite_html"><div class="ttname"><a href="classSVF_1_1CallSite.html">SVF::CallSite</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l01113">SVFValue.h:1113</a></div></div>
|
|
994
1004
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html_a071a624c91def82a4bbbf3806c7b7eea"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#a071a624c91def82a4bbbf3806c7b7eea">SVF::FILOWorkList::empty</a></div><div class="ttdeci">bool empty() const</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00238">WorkList.h:238</a></div></div>
|
|
995
1005
|
<div class="ttc" id="aclassSVF_1_1SVFValue_html_a4a0cfe3a8f37d33ffcdca3d66026dcc3"><div class="ttname"><a href="classSVF_1_1SVFValue.html#a4a0cfe3a8f37d33ffcdca3d66026dcc3">SVF::SVFValue::toString</a></div><div class="ttdeci">std::string toString() const</div><div class="ttdoc">Needs to be implemented by a SVF front end.</div><div class="ttdef"><b>Definition:</b> <a href="LLVMUtil_8cpp_source.html#l00943">LLVMUtil.cpp:943</a></div></div>
|
|
996
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a8e4f0c5f527e321369a19a0b37124079"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a8e4f0c5f527e321369a19a0b37124079">SVF::AbstractInterpretation::_recoder</a></div><div class="ttdeci">SVFBugReport _recoder</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
997
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a896d04a02951947bc228bf97b2c00313"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">SVF::AbstractInterpretation::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#
|
|
1006
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a8e4f0c5f527e321369a19a0b37124079"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a8e4f0c5f527e321369a19a0b37124079">SVF::AbstractInterpretation::_recoder</a></div><div class="ttdeci">SVFBugReport _recoder</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00347">AbstractInterpretation.h:347</a></div></div>
|
|
1007
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a896d04a02951947bc228bf97b2c00313"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">SVF::AbstractInterpretation::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00827">AbstractInterpretation.cpp:827</a></div></div>
|
|
998
1008
|
<div class="ttc" id="aWorkList_8h_html"><div class="ttname"><a href="WorkList_8h.html">WorkList.h</a></div></div>
|
|
999
1009
|
<div class="ttc" id="acJSON_8cpp_html_a7669ee67a0563250c1efaa24d130e1ac"><div class="ttname"><a href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a></div><div class="ttdeci">copy</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8cpp_source.html#l00414">cJSON.cpp:414</a></div></div>
|
|
1000
1010
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">SVF::AbstractInterpretation::STRCAT</a></div><div class="ttdeci">@ STRCAT</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1001
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a1ed3cb0a1a118d9e505b192841a58dde"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">SVF::BufOverflowChecker::handleExtAPI</a></div><div class="ttdeci">void handleExtAPI(const CallICFGNode *call) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
1011
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a1ed3cb0a1a118d9e505b192841a58dde"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a1ed3cb0a1a118d9e505b192841a58dde">SVF::BufOverflowChecker::handleExtAPI</a></div><div class="ttdeci">void handleExtAPI(const CallICFGNode *call) override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00425">BufOverflowChecker.cpp:425</a></div></div>
|
|
1012
|
+
<div class="ttc" id="aclassSVF_1_1AbstractState_html_aaabe5850dbf1620c6058f5ac6cb169b6"><div class="ttname"><a href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">SVF::AbstractState::getInternalID</a></div><div class="ttdeci">static u32_t getInternalID(u32_t idx)</div><div class="ttdoc">Return the internal index if idx is an address otherwise return the value of idx.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractState_8h_source.html#l00093">AbstractState.h:93</a></div></div>
|
|
1002
1013
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">SVF::AbstractInterpretation::MEMSET</a></div><div class="ttdeci">@ MEMSET</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1003
1014
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html_a3fd9acb6d09fd142bfd402fdf8cac93b"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html#a3fd9acb6d09fd142bfd402fdf8cac93b">SVF::FILOWorkList::pop</a></div><div class="ttdeci">Data pop()</div><div class="ttdef"><b>Definition:</b> <a href="WorkList_8h_source.html#l00272">WorkList.h:272</a></div></div>
|
|
1004
1015
|
<div class="ttc" id="aclassSVF_1_1FILOWorkList_html"><div class="ttname"><a href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList</a></div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00042">AbstractInterpretation.h:42</a></div></div>
|
|
@@ -1006,9 +1017,8 @@ $(function() {
|
|
|
1006
1017
|
<div class="ttc" id="anamespaceSVF_html_a43a65e0d33af3c743294f7a1139d2301"><div class="ttname"><a href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">SVF::NodeID</a></div><div class="ttdeci">unsigned NodeID</div><div class="ttdef"><b>Definition:</b> <a href="svf-llvm_2tools_2MTA_2MTAResultValidator_8h_source.html#l00020">MTAResultValidator.h:20</a></div></div>
|
|
1007
1018
|
<div class="ttc" id="aclassSVF_1_1SVFType_html_a870b63af2bf9fe43cdf1df3d56b20f6c"><div class="ttname"><a href="classSVF_1_1SVFType.html#a870b63af2bf9fe43cdf1df3d56b20f6c">SVF::SVFType::isPointerTy</a></div><div class="ttdeci">bool isPointerTy() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00249">SVFType.h:249</a></div></div>
|
|
1008
1019
|
<div class="ttc" id="aclassSVF_1_1SVFVar_html_ab6f95d3e7e099d75cfc9645ebc037047"><div class="ttname"><a href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">SVF::SVFVar::getType</a></div><div class="ttdeci">virtual const SVFType * getType() const</div><div class="ttdoc">Return type of the value.</div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00107">SVFVariables.h:107</a></div></div>
|
|
1009
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9b179466955023f275b6692b59048846"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">SVF::AbstractInterpretation::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#
|
|
1020
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9b179466955023f275b6692b59048846"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9b179466955023f275b6692b59048846">SVF::AbstractInterpretation::handleICFGNode</a></div><div class="ttdeci">virtual void handleICFGNode(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00671">AbstractInterpretation.cpp:671</a></div></div>
|
|
1010
1021
|
<div class="ttc" id="aclassSVF_1_1SVFArgument_html"><div class="ttname"><a href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00897">SVFValue.h:897</a></div></div>
|
|
1011
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2057e8e1c0aaf39e74f0a8fb2a1b580c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2057e8e1c0aaf39e74f0a8fb2a1b580c">SVF::AbstractInterpretation::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01620">AbstractInterpretation.cpp:1620</a></div></div>
|
|
1012
1022
|
<div class="ttc" id="aclassSVF_1_1SVFArrayType_html_a28da1169748e38b891133b76568a2759"><div class="ttname"><a href="classSVF_1_1SVFArrayType.html#a28da1169748e38b891133b76568a2759">SVF::SVFArrayType::getTypeOfElement</a></div><div class="ttdeci">const SVFType * getTypeOfElement() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00399">SVFType.h:399</a></div></div>
|
|
1013
1023
|
<div class="ttc" id="aclassSVF_1_1SVFInstruction_html"><div class="ttname"><a href="classSVF_1_1SVFInstruction.html">SVF::SVFInstruction</a></div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l00631">SVFValue.h:631</a></div></div>
|
|
1014
1024
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a0088456e712c555cbfba6203aec38037"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">SVF::BufOverflowChecker::_addrToGep</a></div><div class="ttdeci">Map< NodeID, const GepStmt * > _addrToGep</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00201">BufOverflowChecker.h:201</a></div></div>
|
|
@@ -1016,13 +1026,14 @@ $(function() {
|
|
|
1016
1026
|
<div class="ttc" id="astructSVF_1_1AbstractValue_html_a8b1af972fa8a4e40347990d179ec1c52"><div class="ttname"><a href="structSVF_1_1AbstractValue.html#a8b1af972fa8a4e40347990d179ec1c52">SVF::AbstractValue::isBottom</a></div><div class="ttdeci">bool isBottom() const</div><div class="ttdef"><b>Definition:</b> <a href="AbstractValue_8h_source.html#l00192">AbstractValue.h:192</a></div></div>
|
|
1017
1027
|
<div class="ttc" id="anamespaceSVF_html_a8234d4b959abc9123993bcff4eee34c1"><div class="ttname"><a href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">SVF::Map</a></div><div class="ttdeci">std::unordered_map< Key, Value, Hash, KeyEqual, Allocator > Map</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00101">GeneralType.h:101</a></div></div>
|
|
1018
1028
|
<div class="ttc" id="astructSVF_1_1AbstractValue_html"><div class="ttname"><a href="structSVF_1_1AbstractValue.html">SVF::AbstractValue</a></div><div class="ttdef"><b>Definition:</b> <a href="AbstractValue_8h_source.html#l00029">AbstractValue.h:29</a></div></div>
|
|
1029
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a37e8e190a8a29d550752d012b9f6e890"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a37e8e190a8a29d550752d012b9f6e890">SVF::AbstractInterpretation::AccessMemoryViaLoadStmt</a></div><div class="ttdeci">void AccessMemoryViaLoadStmt(AbstractState &es, const LoadStmt *load, SVF::FILOWorkList< const SVFValue * > &worklist, Set< const SVFValue * > &visited)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01714">AbstractInterpretation.cpp:1714</a></div></div>
|
|
1019
1030
|
<div class="ttc" id="aclassSVF_1_1CallSite_html_a9e7c94ee7f689466111487e03b2cebcc"><div class="ttname"><a href="classSVF_1_1CallSite.html#a9e7c94ee7f689466111487e03b2cebcc">SVF::CallSite::getArgument</a></div><div class="ttdeci">const SVFValue * getArgument(u32_t ArgNo) const</div><div class="ttdef"><b>Definition:</b> <a href="SVFValue_8h_source.html#l01132">SVFValue.h:1132</a></div></div>
|
|
1020
|
-
<div class="ttc" id="
|
|
1021
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_aa27d0ef684deec1f5385fdb0d4c64827"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">SVF::AbstractInterpretation::_func_map</a></div><div class="ttdeci">Map< std::string, std::function< void(const CallSite &)> > _func_map</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1031
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2ee740506a2ad50e1ee8dbb345fe0ff5"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2ee740506a2ad50e1ee8dbb345fe0ff5">SVF::AbstractInterpretation::getAllocaInstByteSize</a></div><div class="ttdeci">u32_t getAllocaInstByteSize(AbstractState &es, const AddrStmt *addr)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01284">AbstractInterpretation.cpp:1284</a></div></div>
|
|
1032
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_aa27d0ef684deec1f5385fdb0d4c64827"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">SVF::AbstractInterpretation::_func_map</a></div><div class="ttdeci">Map< std::string, std::function< void(const CallSite &)> > _func_map</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00387">AbstractInterpretation.h:387</a></div></div>
|
|
1022
1033
|
<div class="ttc" id="anamespaceSVF_html_ad42bff8d0a7d60a085aa32d10f4955af"><div class="ttname"><a href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">SVF::u32_t</a></div><div class="ttdeci">unsigned u32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00046">GeneralType.h:46</a></div></div>
|
|
1023
1034
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_ab65033f068bfbeb0a1c52dcec3beb6bc"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVF::SVFUtil::errs</a></div><div class="ttdeci">std::ostream & errs()</div><div class="ttdoc">Overwrite llvm::errs()</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00056">SVFUtil.h:56</a></div></div>
|
|
1024
1035
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a7c11b81809cb087317cbea654a589f75"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">SVF::BufOverflowChecker::addBugToRecoder</a></div><div class="ttdeci">void addBugToRecoder(const BufOverflowException &e, const ICFGNode *node)</div></div>
|
|
1025
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a219313e979d779221116c1bc45becc1b"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">SVF::AbstractInterpretation::_checkpoints</a></div><div class="ttdeci">Set< const CallICFGNode * > _checkpoints</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1036
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a219313e979d779221116c1bc45becc1b"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">SVF::AbstractInterpretation::_checkpoints</a></div><div class="ttdeci">Set< const CallICFGNode * > _checkpoints</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00388">AbstractInterpretation.h:388</a></div></div>
|
|
1026
1037
|
<!-- start footer part -->
|
|
1027
1038
|
<hr class="footer"/><address class="footer"><small>
|
|
1028
1039
|
Generated by  <a href="http://www.doxygen.org/index.html">
|