svf-tools 1.0.913 → 1.0.915
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SVF-doxygen/html/AbstractInterpretation_8cpp.html +7 -5
- package/SVF-doxygen/html/AbstractInterpretation_8cpp_source.html +1593 -1610
- package/SVF-doxygen/html/AbstractInterpretation_8h_source.html +157 -144
- package/SVF-doxygen/html/BufOverflowChecker_8cpp_source.html +797 -786
- package/SVF-doxygen/html/BufOverflowChecker_8h_source.html +7 -7
- package/SVF-doxygen/html/SVFIR2AbsState_8cpp_source.html +815 -826
- package/SVF-doxygen/html/SVFIR2AbsState_8h_source.html +153 -196
- package/SVF-doxygen/html/classSVF_1_1AEStat.html +116 -120
- package/SVF-doxygen/html/classSVF_1_1AbstractInterpretation-members.html +33 -33
- package/SVF-doxygen/html/classSVF_1_1AbstractInterpretation.html +1739 -1684
- package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker-members.html +33 -33
- package/SVF-doxygen/html/classSVF_1_1BufOverflowChecker.html +471 -462
- package/SVF-doxygen/html/classSVF_1_1SVFIR2AbsState-members.html +35 -47
- package/SVF-doxygen/html/classSVF_1_1SVFIR2AbsState.html +1261 -1546
- package/SVF-doxygen/html/dir_9a8e7a56f4029a0d9f62b1c6d1f6e85b.html +0 -2
- package/SVF-doxygen/html/files.html +0 -1
- package/SVF-doxygen/html/functions.html +4 -7
- package/SVF-doxygen/html/functions_a.html +2 -2
- package/SVF-doxygen/html/functions_f.html +3 -3
- package/SVF-doxygen/html/functions_func.html +2 -2
- package/SVF-doxygen/html/functions_func_g.html +16 -16
- package/SVF-doxygen/html/functions_func_h.html +21 -57
- package/SVF-doxygen/html/functions_func_i.html +21 -12
- package/SVF-doxygen/html/functions_func_n.html +1 -1
- package/SVF-doxygen/html/functions_func_s.html +13 -19
- package/SVF-doxygen/html/functions_func_t.html +1 -1
- package/SVF-doxygen/html/functions_func_w.html +1 -1
- package/SVF-doxygen/html/functions_g.html +16 -16
- package/SVF-doxygen/html/functions_h.html +18 -54
- package/SVF-doxygen/html/functions_i.html +32 -23
- package/SVF-doxygen/html/functions_l.html +3 -3
- package/SVF-doxygen/html/functions_n.html +1 -1
- package/SVF-doxygen/html/functions_o.html +4 -4
- package/SVF-doxygen/html/functions_p.html +19 -17
- package/SVF-doxygen/html/functions_r.html +6 -6
- package/SVF-doxygen/html/functions_s.html +18 -26
- package/SVF-doxygen/html/functions_t.html +4 -4
- package/SVF-doxygen/html/functions_v.html +6 -6
- package/SVF-doxygen/html/functions_vars.html +4 -7
- package/SVF-doxygen/html/functions_w.html +1 -1
- package/SVF-doxygen/html/search/all_0.js +131 -132
- package/SVF-doxygen/html/search/all_1.js +504 -504
- package/SVF-doxygen/html/search/all_10.js +326 -326
- package/SVF-doxygen/html/search/all_11.js +227 -227
- package/SVF-doxygen/html/search/all_12.js +559 -562
- package/SVF-doxygen/html/search/all_13.js +186 -186
- package/SVF-doxygen/html/search/all_14.js +74 -74
- package/SVF-doxygen/html/search/all_15.js +175 -175
- package/SVF-doxygen/html/search/all_16.js +77 -77
- package/SVF-doxygen/html/search/all_17.js +1 -1
- package/SVF-doxygen/html/search/all_18.js +1 -1
- package/SVF-doxygen/html/search/all_19.js +27 -27
- package/SVF-doxygen/html/search/all_1a.js +174 -174
- package/SVF-doxygen/html/search/all_2.js +180 -180
- package/SVF-doxygen/html/search/all_3.js +635 -635
- package/SVF-doxygen/html/search/all_4.js +237 -237
- package/SVF-doxygen/html/search/all_5.js +120 -120
- package/SVF-doxygen/html/search/all_6.js +236 -236
- package/SVF-doxygen/html/search/all_7.js +1039 -1039
- package/SVF-doxygen/html/search/all_8.js +212 -224
- package/SVF-doxygen/html/search/all_9.js +630 -627
- package/SVF-doxygen/html/search/all_a.js +46 -46
- package/SVF-doxygen/html/search/all_b.js +24 -24
- package/SVF-doxygen/html/search/all_c.js +111 -111
- package/SVF-doxygen/html/search/all_d.js +204 -204
- package/SVF-doxygen/html/search/all_e.js +207 -207
- package/SVF-doxygen/html/search/all_f.js +122 -122
- package/SVF-doxygen/html/search/classes_0.js +29 -29
- package/SVF-doxygen/html/search/classes_1.js +11 -11
- package/SVF-doxygen/html/search/classes_10.js +71 -71
- package/SVF-doxygen/html/search/classes_11.js +14 -14
- package/SVF-doxygen/html/search/classes_12.js +2 -2
- package/SVF-doxygen/html/search/classes_13.js +10 -10
- package/SVF-doxygen/html/search/classes_14.js +19 -19
- package/SVF-doxygen/html/search/classes_15.js +1 -1
- package/SVF-doxygen/html/search/classes_2.js +72 -72
- package/SVF-doxygen/html/search/classes_3.js +35 -35
- package/SVF-doxygen/html/search/classes_4.js +7 -7
- package/SVF-doxygen/html/search/classes_5.js +28 -28
- package/SVF-doxygen/html/search/classes_6.js +98 -98
- package/SVF-doxygen/html/search/classes_7.js +33 -33
- package/SVF-doxygen/html/search/classes_8.js +57 -57
- package/SVF-doxygen/html/search/classes_9.js +1 -1
- package/SVF-doxygen/html/search/classes_a.js +12 -12
- package/SVF-doxygen/html/search/classes_b.js +29 -29
- package/SVF-doxygen/html/search/classes_c.js +6 -6
- package/SVF-doxygen/html/search/classes_d.js +19 -19
- package/SVF-doxygen/html/search/classes_e.js +36 -36
- package/SVF-doxygen/html/search/classes_f.js +25 -25
- package/SVF-doxygen/html/search/defines_0.js +3 -3
- package/SVF-doxygen/html/search/defines_1.js +3 -3
- package/SVF-doxygen/html/search/defines_10.js +2 -2
- package/SVF-doxygen/html/search/defines_2.js +30 -30
- package/SVF-doxygen/html/search/defines_3.js +20 -20
- package/SVF-doxygen/html/search/defines_4.js +3 -3
- package/SVF-doxygen/html/search/defines_5.js +4 -4
- package/SVF-doxygen/html/search/defines_6.js +2 -2
- package/SVF-doxygen/html/search/defines_7.js +5 -5
- package/SVF-doxygen/html/search/defines_8.js +11 -11
- package/SVF-doxygen/html/search/defines_9.js +9 -9
- package/SVF-doxygen/html/search/defines_a.js +2 -2
- package/SVF-doxygen/html/search/defines_b.js +1 -1
- package/SVF-doxygen/html/search/defines_c.js +3 -3
- package/SVF-doxygen/html/search/defines_d.js +2 -2
- package/SVF-doxygen/html/search/defines_e.js +8 -8
- package/SVF-doxygen/html/search/defines_f.js +4 -4
- package/SVF-doxygen/html/search/enums_0.js +3 -3
- package/SVF-doxygen/html/search/enums_1.js +2 -2
- package/SVF-doxygen/html/search/enums_10.js +1 -1
- package/SVF-doxygen/html/search/enums_11.js +1 -1
- package/SVF-doxygen/html/search/enums_2.js +9 -9
- package/SVF-doxygen/html/search/enums_3.js +2 -2
- package/SVF-doxygen/html/search/enums_4.js +3 -3
- package/SVF-doxygen/html/search/enums_5.js +1 -1
- package/SVF-doxygen/html/search/enums_6.js +2 -2
- package/SVF-doxygen/html/search/enums_7.js +2 -2
- package/SVF-doxygen/html/search/enums_8.js +4 -4
- package/SVF-doxygen/html/search/enums_9.js +1 -1
- package/SVF-doxygen/html/search/enums_a.js +1 -1
- package/SVF-doxygen/html/search/enums_b.js +7 -7
- package/SVF-doxygen/html/search/enums_c.js +1 -1
- package/SVF-doxygen/html/search/enums_d.js +4 -4
- package/SVF-doxygen/html/search/enums_e.js +2 -2
- package/SVF-doxygen/html/search/enums_f.js +4 -4
- package/SVF-doxygen/html/search/enumvalues_0.js +15 -15
- package/SVF-doxygen/html/search/enumvalues_1.js +16 -16
- package/SVF-doxygen/html/search/enumvalues_10.js +36 -36
- package/SVF-doxygen/html/search/enumvalues_11.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_12.js +10 -10
- package/SVF-doxygen/html/search/enumvalues_13.js +1 -1
- package/SVF-doxygen/html/search/enumvalues_14.js +1 -1
- package/SVF-doxygen/html/search/enumvalues_15.js +4 -4
- package/SVF-doxygen/html/search/enumvalues_2.js +36 -36
- package/SVF-doxygen/html/search/enumvalues_3.js +13 -13
- package/SVF-doxygen/html/search/enumvalues_4.js +2 -2
- package/SVF-doxygen/html/search/enumvalues_5.js +50 -50
- package/SVF-doxygen/html/search/enumvalues_6.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_7.js +8 -8
- package/SVF-doxygen/html/search/enumvalues_8.js +24 -24
- package/SVF-doxygen/html/search/enumvalues_9.js +6 -6
- package/SVF-doxygen/html/search/enumvalues_a.js +17 -17
- package/SVF-doxygen/html/search/enumvalues_b.js +11 -11
- package/SVF-doxygen/html/search/enumvalues_c.js +5 -5
- package/SVF-doxygen/html/search/enumvalues_d.js +19 -19
- package/SVF-doxygen/html/search/enumvalues_e.js +9 -9
- package/SVF-doxygen/html/search/enumvalues_f.js +48 -48
- package/SVF-doxygen/html/search/files_0.js +18 -18
- package/SVF-doxygen/html/search/files_1.js +9 -9
- package/SVF-doxygen/html/search/files_10.js +8 -8
- package/SVF-doxygen/html/search/files_11.js +8 -8
- package/SVF-doxygen/html/search/files_12.js +2 -2
- package/SVF-doxygen/html/search/files_2.js +51 -51
- package/SVF-doxygen/html/search/files_3.js +14 -14
- package/SVF-doxygen/html/search/files_4.js +3 -3
- package/SVF-doxygen/html/search/files_5.js +13 -13
- package/SVF-doxygen/html/search/files_6.js +10 -10
- package/SVF-doxygen/html/search/files_7.js +15 -15
- package/SVF-doxygen/html/search/files_8.js +13 -13
- package/SVF-doxygen/html/search/files_9.js +18 -18
- package/SVF-doxygen/html/search/files_a.js +3 -3
- package/SVF-doxygen/html/search/files_b.js +4 -4
- package/SVF-doxygen/html/search/files_c.js +20 -20
- package/SVF-doxygen/html/search/files_d.js +4 -4
- package/SVF-doxygen/html/search/files_e.js +56 -57
- package/SVF-doxygen/html/search/files_f.js +8 -8
- package/SVF-doxygen/html/search/functions_0.js +13 -13
- package/SVF-doxygen/html/search/functions_1.js +366 -366
- package/SVF-doxygen/html/search/functions_10.js +140 -140
- package/SVF-doxygen/html/search/functions_11.js +140 -140
- package/SVF-doxygen/html/search/functions_12.js +291 -293
- package/SVF-doxygen/html/search/functions_13.js +52 -52
- package/SVF-doxygen/html/search/functions_14.js +41 -41
- package/SVF-doxygen/html/search/functions_15.js +70 -70
- package/SVF-doxygen/html/search/functions_16.js +38 -38
- package/SVF-doxygen/html/search/functions_17.js +3 -3
- package/SVF-doxygen/html/search/functions_18.js +174 -174
- package/SVF-doxygen/html/search/functions_2.js +92 -92
- package/SVF-doxygen/html/search/functions_3.js +257 -257
- package/SVF-doxygen/html/search/functions_4.js +85 -85
- package/SVF-doxygen/html/search/functions_5.js +54 -54
- package/SVF-doxygen/html/search/functions_6.js +65 -65
- package/SVF-doxygen/html/search/functions_7.js +857 -857
- package/SVF-doxygen/html/search/functions_8.js +164 -176
- package/SVF-doxygen/html/search/functions_9.js +439 -436
- package/SVF-doxygen/html/search/functions_a.js +30 -30
- package/SVF-doxygen/html/search/functions_b.js +2 -2
- package/SVF-doxygen/html/search/functions_c.js +22 -22
- package/SVF-doxygen/html/search/functions_d.js +81 -81
- package/SVF-doxygen/html/search/functions_e.js +34 -34
- package/SVF-doxygen/html/search/functions_f.js +58 -58
- package/SVF-doxygen/html/search/namespaces_0.js +1 -1
- package/SVF-doxygen/html/search/namespaces_1.js +7 -7
- package/SVF-doxygen/html/search/related_0.js +4 -4
- package/SVF-doxygen/html/search/related_1.js +2 -2
- package/SVF-doxygen/html/search/related_2.js +2 -2
- package/SVF-doxygen/html/search/related_3.js +2 -2
- package/SVF-doxygen/html/search/related_4.js +2 -2
- package/SVF-doxygen/html/search/related_5.js +1 -1
- package/SVF-doxygen/html/search/related_6.js +2 -2
- package/SVF-doxygen/html/search/related_7.js +5 -5
- package/SVF-doxygen/html/search/related_8.js +2 -2
- package/SVF-doxygen/html/search/related_9.js +4 -4
- package/SVF-doxygen/html/search/related_a.js +19 -19
- package/SVF-doxygen/html/search/related_b.js +4 -4
- package/SVF-doxygen/html/search/related_c.js +2 -2
- package/SVF-doxygen/html/search/related_d.js +11 -11
- package/SVF-doxygen/html/search/related_e.js +2 -2
- package/SVF-doxygen/html/search/related_f.js +2 -2
- package/SVF-doxygen/html/search/typedefs_0.js +20 -20
- package/SVF-doxygen/html/search/typedefs_1.js +27 -27
- package/SVF-doxygen/html/search/typedefs_10.js +65 -65
- package/SVF-doxygen/html/search/typedefs_11.js +12 -12
- package/SVF-doxygen/html/search/typedefs_12.js +13 -13
- package/SVF-doxygen/html/search/typedefs_13.js +40 -40
- package/SVF-doxygen/html/search/typedefs_14.js +11 -11
- package/SVF-doxygen/html/search/typedefs_2.js +125 -125
- package/SVF-doxygen/html/search/typedefs_3.js +39 -39
- package/SVF-doxygen/html/search/typedefs_4.js +17 -17
- package/SVF-doxygen/html/search/typedefs_5.js +42 -42
- package/SVF-doxygen/html/search/typedefs_6.js +54 -54
- package/SVF-doxygen/html/search/typedefs_7.js +47 -47
- package/SVF-doxygen/html/search/typedefs_8.js +1 -1
- package/SVF-doxygen/html/search/typedefs_9.js +4 -4
- package/SVF-doxygen/html/search/typedefs_a.js +28 -28
- package/SVF-doxygen/html/search/typedefs_b.js +29 -29
- package/SVF-doxygen/html/search/typedefs_c.js +41 -41
- package/SVF-doxygen/html/search/typedefs_d.js +15 -15
- package/SVF-doxygen/html/search/typedefs_e.js +52 -52
- package/SVF-doxygen/html/search/typedefs_f.js +14 -14
- package/SVF-doxygen/html/search/variables_0.js +169 -170
- package/SVF-doxygen/html/search/variables_1.js +78 -78
- package/SVF-doxygen/html/search/variables_10.js +98 -98
- package/SVF-doxygen/html/search/variables_11.js +47 -47
- package/SVF-doxygen/html/search/variables_12.js +93 -93
- package/SVF-doxygen/html/search/variables_13.js +76 -76
- package/SVF-doxygen/html/search/variables_14.js +14 -14
- package/SVF-doxygen/html/search/variables_15.js +49 -49
- package/SVF-doxygen/html/search/variables_16.js +11 -11
- package/SVF-doxygen/html/search/variables_17.js +1 -1
- package/SVF-doxygen/html/search/variables_18.js +17 -17
- package/SVF-doxygen/html/search/variables_2.js +40 -40
- package/SVF-doxygen/html/search/variables_3.js +143 -143
- package/SVF-doxygen/html/search/variables_4.js +51 -51
- package/SVF-doxygen/html/search/variables_5.js +39 -39
- package/SVF-doxygen/html/search/variables_6.js +66 -66
- package/SVF-doxygen/html/search/variables_7.js +32 -32
- package/SVF-doxygen/html/search/variables_8.js +8 -8
- package/SVF-doxygen/html/search/variables_9.js +80 -80
- package/SVF-doxygen/html/search/variables_a.js +4 -4
- package/SVF-doxygen/html/search/variables_b.js +10 -10
- package/SVF-doxygen/html/search/variables_c.js +44 -44
- package/SVF-doxygen/html/search/variables_d.js +58 -58
- package/SVF-doxygen/html/search/variables_e.js +123 -123
- package/SVF-doxygen/html/search/variables_f.js +31 -31
- package/SVF-doxygen/html/svf-ex_8cpp.html +199 -197
- package/SVF-doxygen/html/svf-ex_8cpp_source.html +204 -202
- package/package.json +1 -1
- package/svf/include/AE/Svfexe/AbstractInterpretation.h +28 -21
- package/svf/include/AE/Svfexe/SVFIR2AbsState.h +37 -67
- package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp +153 -169
- package/svf/lib/AE/Svfexe/BufOverflowChecker.cpp +64 -54
- package/svf/lib/AE/Svfexe/SVFIR2AbsState.cpp +134 -146
- package/svf-llvm/tools/Example/svf-ex.cpp +13 -12
- package/svf/lib/AE/Core/SVFIR2Relation.cpp +0 -193
|
@@ -138,8 +138,8 @@ Protected Member Functions</h2></td></tr>
|
|
|
138
138
|
<tr class="separator:a738d1768c632f86d04599ec1aa53952a inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
139
139
|
<tr class="memitem:a3a12a86670eef9cd22b1853c7c6fa208 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a3a12a86670eef9cd22b1853c7c6fa208">propagateStateIfFeasible</a> (const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *curNode)</td></tr>
|
|
140
140
|
<tr class="separator:a3a12a86670eef9cd22b1853c7c6fa208 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
141
|
-
<tr class="memitem:
|
|
142
|
-
<tr class="separator:
|
|
141
|
+
<tr class="memitem:a47e6ec5a99f0818c23a13976e553a848 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a47e6ec5a99f0818c23a13976e553a848">isBranchFeasible</a> (const <a class="el" href="classSVF_1_1IntraCFGEdge.html">IntraCFGEdge</a> *intraEdge, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as)</td></tr>
|
|
142
|
+
<tr class="separator:a47e6ec5a99f0818c23a13976e553a848 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
143
143
|
<tr class="memitem:a80d663262a8d909ef5756391cdd82246 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">virtual void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a80d663262a8d909ef5756391cdd82246">handleWTONode</a> (const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *node)</td></tr>
|
|
144
144
|
<tr class="memdesc:a80d663262a8d909ef5756391cdd82246 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="mdescLeft"> </td><td class="mdescRight">handle instructions in svf basic blocks <a href="classSVF_1_1AbstractInterpretation.html#a80d663262a8d909ef5756391cdd82246">More...</a><br /></td></tr>
|
|
145
145
|
<tr class="separator:a80d663262a8d909ef5756391cdd82246 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
@@ -153,30 +153,28 @@ Protected Member Functions</h2></td></tr>
|
|
|
153
153
|
<tr class="separator:a2e2253149e2bf114825a4e838118e012 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
154
154
|
<tr class="memitem:af966130d5cb8d7db786c3ec056cc2dd4 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">virtual void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#af966130d5cb8d7db786c3ec056cc2dd4">SkipRecursiveCall</a> (const <a class="el" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *callnode)</td></tr>
|
|
155
155
|
<tr class="separator:af966130d5cb8d7db786c3ec056cc2dd4 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
156
|
-
<tr class="memitem:
|
|
157
|
-
<tr class="separator:
|
|
158
|
-
<tr class="memitem:
|
|
159
|
-
<tr class="separator:
|
|
160
|
-
<tr class="memitem:
|
|
161
|
-
<tr class="separator:
|
|
162
|
-
<tr class="memitem:
|
|
163
|
-
<tr class="separator:
|
|
164
|
-
<tr class="memitem:
|
|
165
|
-
<tr class="separator:
|
|
166
|
-
<tr class="memitem:
|
|
167
|
-
<tr class="separator:
|
|
168
|
-
<tr class="memitem:ac9e8bc430cd530e47811e28f5a9fe963 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structSVF_1_1AbstractValue.html">AbstractValue</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#ac9e8bc430cd530e47811e28f5a9fe963">traceMemoryAllocationSize</a> (const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> *value)</td></tr>
|
|
169
|
-
<tr class="separator:ac9e8bc430cd530e47811e28f5a9fe963 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
156
|
+
<tr class="memitem:aae9a6382cb20ddc6837ea086fbeb96bc inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#aae9a6382cb20ddc6837ea086fbeb96bc">isCmpBranchFeasible</a> (const <a class="el" href="classSVF_1_1CmpStmt.html">CmpStmt</a> *cmpStmt, <a class="el" href="namespaceSVF.html#ad781b0b14e89773e774072b280658ef3">s64_t</a> succ, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as)</td></tr>
|
|
157
|
+
<tr class="separator:aae9a6382cb20ddc6837ea086fbeb96bc inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
158
|
+
<tr class="memitem:a58a20f54a14628ca4e94cbb608b307af inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a58a20f54a14628ca4e94cbb608b307af">isSwitchBranchFeasible</a> (const <a class="el" href="classSVF_1_1SVFVar.html">SVFVar</a> *var, <a class="el" href="namespaceSVF.html#ad781b0b14e89773e774072b280658ef3">s64_t</a> succ, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as)</td></tr>
|
|
159
|
+
<tr class="separator:a58a20f54a14628ca4e94cbb608b307af inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
160
|
+
<tr class="memitem:a60a21908a08864f01a66a3ac113c4a35 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a60a21908a08864f01a66a3ac113c4a35">getAllocaInstByteSize</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1AddrStmt.html">AddrStmt</a> *addr)</td></tr>
|
|
161
|
+
<tr class="separator:a60a21908a08864f01a66a3ac113c4a35 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
162
|
+
<tr class="memitem:a5e687d6247e396f77d523fb55e5b5627 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="cJSON_8cpp.html#ae1adbce218e7a9d09164012443191d24">std::string</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a5e687d6247e396f77d523fb55e5b5627">strRead</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> *rhs)</td></tr>
|
|
163
|
+
<tr class="separator:a5e687d6247e396f77d523fb55e5b5627 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
164
|
+
<tr class="memitem:ab076eddb7908768126c190c23b91eb85 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structSVF_1_1AbstractValue.html">AbstractValue</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">getStrlen</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1SVFValue.html">SVF::SVFValue</a> *strValue)</td></tr>
|
|
165
|
+
<tr class="separator:ab076eddb7908768126c190c23b91eb85 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
166
|
+
<tr class="memitem:a90b54f715dfa24657bd3e058617bffac inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="structSVF_1_1AbstractValue.html">AbstractValue</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a90b54f715dfa24657bd3e058617bffac">traceMemoryAllocationSize</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> *value)</td></tr>
|
|
167
|
+
<tr class="separator:a90b54f715dfa24657bd3e058617bffac inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
170
168
|
<tr class="memitem:ac941d1eb9b1216c8334d0685a471b774 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">virtual void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#ac941d1eb9b1216c8334d0685a471b774">handleStrcpy</a> (const <a class="el" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</td></tr>
|
|
171
169
|
<tr class="separator:ac941d1eb9b1216c8334d0685a471b774 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
172
170
|
<tr class="memitem:acba90e968cebacca3da78ac765df33ef inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">virtual void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#acba90e968cebacca3da78ac765df33ef">handleStrcat</a> (const <a class="el" href="classSVF_1_1CallICFGNode.html">CallICFGNode</a> *call)</td></tr>
|
|
173
171
|
<tr class="separator:acba90e968cebacca3da78ac765df33ef inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
174
|
-
<tr class="memitem:
|
|
175
|
-
<tr class="separator:
|
|
176
|
-
<tr class="memitem:
|
|
177
|
-
<tr class="separator:
|
|
178
|
-
<tr class="memitem:
|
|
179
|
-
<tr class="separator:
|
|
172
|
+
<tr class="memitem:a1c1d065a7cbee526ecdefdb1407c3c83 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">virtual void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a1c1d065a7cbee526ecdefdb1407c3c83">handleMemcpy</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> *dst, const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> *src, <a class="el" href="structSVF_1_1AbstractValue.html">AbstractValue</a> len, <a class="el" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a> start_idx)</td></tr>
|
|
173
|
+
<tr class="separator:a1c1d065a7cbee526ecdefdb1407c3c83 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
174
|
+
<tr class="memitem:ab50b8867cfb0feb3ae0727e1c11f5d25 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">virtual void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#ab50b8867cfb0feb3ae0727e1c11f5d25">handleMemset</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> *dst, <a class="el" href="structSVF_1_1AbstractValue.html">AbstractValue</a> elem, <a class="el" href="structSVF_1_1AbstractValue.html">AbstractValue</a> len)</td></tr>
|
|
175
|
+
<tr class="separator:ab50b8867cfb0feb3ae0727e1c11f5d25 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
176
|
+
<tr class="memitem:abb8dd7424d62b56b899d3f4d218eeaac inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">const <a class="el" href="classSVF_1_1SVFType.html">SVFType</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#abb8dd7424d62b56b899d3f4d218eeaac">getPointeeElement</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, <a class="el" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> id)</td></tr>
|
|
177
|
+
<tr class="separator:abb8dd7424d62b56b899d3f4d218eeaac inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
180
178
|
<tr class="memitem:aae7c67e9c423599442be721b55cd7279 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#aae7c67e9c423599442be721b55cd7279">collectCheckPoint</a> ()</td></tr>
|
|
181
179
|
<tr class="separator:aae7c67e9c423599442be721b55cd7279 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
182
180
|
<tr class="memitem:acea2c82e5b463db6f097e9a9641f601b inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#acea2c82e5b463db6f097e9a9641f601b">checkPointAllSet</a> ()</td></tr>
|
|
@@ -185,14 +183,16 @@ Protected Member Functions</h2></td></tr>
|
|
|
185
183
|
<tr class="separator:a29fe7c63c61a7aec8ae1477a061f5bf2 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
186
184
|
<tr class="memitem:a550c12360c2149ba0e55bdf4cf7b8dd0 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a550c12360c2149ba0e55bdf4cf7b8dd0">AccessMemoryViaCopyStmt</a> (const <a class="el" href="classSVF_1_1CopyStmt.html">CopyStmt</a> *<a class="el" href="cJSON_8cpp.html#a7669ee67a0563250c1efaa24d130e1ac">copy</a>, <a class="el" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList</a>< const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> * > &worklist, <a class="el" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set</a>< const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> * > &visited)</td></tr>
|
|
187
185
|
<tr class="separator:a550c12360c2149ba0e55bdf4cf7b8dd0 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
188
|
-
<tr class="memitem:
|
|
189
|
-
<tr class="separator:
|
|
186
|
+
<tr class="memitem:af7f57fc112a86d2710d011d37b496350 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#af7f57fc112a86d2710d011d37b496350">AccessMemoryViaLoadStmt</a> (<a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &as, const <a class="el" href="classSVF_1_1LoadStmt.html">LoadStmt</a> *load, <a class="el" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList</a>< const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> * > &worklist, <a class="el" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set</a>< const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> * > &visited)</td></tr>
|
|
187
|
+
<tr class="separator:af7f57fc112a86d2710d011d37b496350 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
190
188
|
<tr class="memitem:a048e203517ac727e6fe0653e1f24052c inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a048e203517ac727e6fe0653e1f24052c">AccessMemoryViaCallArgs</a> (const <a class="el" href="classSVF_1_1SVFArgument.html">SVF::SVFArgument</a> *arg, <a class="el" href="classSVF_1_1FILOWorkList.html">SVF::FILOWorkList</a>< const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> * > &worklist, <a class="el" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set</a>< const <a class="el" href="classSVF_1_1SVFValue.html">SVFValue</a> * > &visited)</td></tr>
|
|
191
189
|
<tr class="separator:a048e203517ac727e6fe0653e1f24052c inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
192
190
|
<tr class="memitem:a1b8e1e0cc9803687a0eb951015ac59af inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a1b8e1e0cc9803687a0eb951015ac59af">widenFixpointPass</a> (const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *cycle_head, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &pre_es)</td></tr>
|
|
193
191
|
<tr class="separator:a1b8e1e0cc9803687a0eb951015ac59af inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
194
192
|
<tr class="memitem:a8a4b07e6c999bea0b0e69dcab0346933 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top">bool </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a8a4b07e6c999bea0b0e69dcab0346933">narrowFixpointPass</a> (const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *cycle_head, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> &pre_es)</td></tr>
|
|
195
193
|
<tr class="separator:a8a4b07e6c999bea0b0e69dcab0346933 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
194
|
+
<tr class="memitem:a57e4ee3fde79c408dffe98894210d7c9 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> & </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a> (const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *node)</td></tr>
|
|
195
|
+
<tr class="separator:a57e4ee3fde79c408dffe98894210d7c9 inherit pro_methods_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
196
196
|
</table><table class="memberdecls">
|
|
197
197
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pri-methods"></a>
|
|
198
198
|
Private Member Functions</h2></td></tr>
|
|
@@ -264,10 +264,10 @@ Additional Inherited Members</h2></td></tr>
|
|
|
264
264
|
<tr class="separator:a219313e979d779221116c1bc45becc1b inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
265
265
|
<tr class="memitem:a2a1e1b72ed740cef4c3e57e3e32c3f75 inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="namespaceSVF.html#af739db846e47ba6b2fd15eaad31ab7fb">Set</a>< <a class="el" href="cJSON_8cpp.html#ae1adbce218e7a9d09164012443191d24">std::string</a> > </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">_checkpoint_names</a></td></tr>
|
|
266
266
|
<tr class="separator:a2a1e1b72ed740cef4c3e57e3e32c3f75 inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
267
|
-
<tr class="memitem:
|
|
268
|
-
<tr class="separator:
|
|
269
|
-
<tr class="memitem:
|
|
270
|
-
<tr class="separator:
|
|
267
|
+
<tr class="memitem:a16ac184f8cbbeba3622ee9e5f84d4bec inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">Map</a>< const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> > </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a16ac184f8cbbeba3622ee9e5f84d4bec">_preAbsTrace</a></td></tr>
|
|
268
|
+
<tr class="separator:a16ac184f8cbbeba3622ee9e5f84d4bec inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
269
|
+
<tr class="memitem:a6371af4c3c07ced109be8c2f28dcaa09 inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="namespaceSVF.html#a8234d4b959abc9123993bcff4eee34c1">Map</a>< const <a class="el" href="classSVF_1_1ICFGNode.html">ICFGNode</a> *, <a class="el" href="classSVF_1_1AbstractState.html">AbstractState</a> > </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#a6371af4c3c07ced109be8c2f28dcaa09">_postAbsTrace</a></td></tr>
|
|
270
|
+
<tr class="separator:a6371af4c3c07ced109be8c2f28dcaa09 inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
271
271
|
<tr class="memitem:afefc0098ecd9bc01ce270a4a6f251b0c inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memItemLeft" align="right" valign="top"><a class="el" href="cJSON_8cpp.html#ae1adbce218e7a9d09164012443191d24">std::string</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="classSVF_1_1AbstractInterpretation.html#afefc0098ecd9bc01ce270a4a6f251b0c">_moduleName</a></td></tr>
|
|
272
272
|
<tr class="separator:afefc0098ecd9bc01ce270a4a6f251b0c inherit pro_attribs_classSVF_1_1AbstractInterpretation"><td class="memSeparator" colspan="2"> </td></tr>
|
|
273
273
|
</table>
|
|
@@ -404,7 +404,7 @@ Additional Inherited Members</h2></td></tr>
|
|
|
404
404
|
<p>Usually called by a <a class="el" href="classSVF_1_1GepStmt.html">GepStmt</a> overflow check, or external API (like memcpy) overflow check Defitions of Terms: source node: malloc or gepStmt(array), sink node: gepStmt or external API (like memcpy) e.g. 1) a = malloc(10), a[11] = 10, a[11] is the sink node, a is the source node (malloc) 2) A = struct {int a[10];}, A.a[11] = 10, A.a[11] is the sink, A.a is the source node (gepStmt(array))</p>
|
|
405
405
|
<p>it tracks the value flow from sink to source, and accumulates offset then compare the accumulated offset and malloc size (or gepStmt array size)</p>
|
|
406
406
|
|
|
407
|
-
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#
|
|
407
|
+
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00501">501</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
408
408
|
|
|
409
409
|
</div>
|
|
410
410
|
</div>
|
|
@@ -505,44 +505,44 @@ Additional Inherited Members</h2></td></tr>
|
|
|
505
505
|
</dl>
|
|
506
506
|
<dl class="section return"><dt>Returns</dt><dd>true if the buffer overflow is detected </dd></dl>
|
|
507
507
|
|
|
508
|
-
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#
|
|
509
|
-
<div class="fragment"><div class="line"><a name="
|
|
510
|
-
<div class="line"><a name="
|
|
511
|
-
<div class="line"><a name="
|
|
512
|
-
<div class="line"><a name="
|
|
513
|
-
<div class="line"><a name="
|
|
514
|
-
<div class="line"><a name="
|
|
515
|
-
<div class="line"><a name="
|
|
516
|
-
<div class="line"><a name="
|
|
517
|
-
<div class="line"><a name="
|
|
518
|
-
<div class="line"><a name="
|
|
519
|
-
<div class="line"><a name="
|
|
520
|
-
<div class="line"><a name="
|
|
521
|
-
<div class="line"><a name="
|
|
522
|
-
<div class="line"><a name="
|
|
523
|
-
<div class="line"><a name="
|
|
524
|
-
<div class="line"><a name="
|
|
525
|
-
<div class="line"><a name="
|
|
526
|
-
<div class="line"><a name="
|
|
527
|
-
<div class="line"><a name="
|
|
528
|
-
<div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  }</div>
|
|
529
|
-
<div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())</div>
|
|
530
|
-
<div class="line"><a name="l00398"></a><span class="lineno"> 398</span>  {</div>
|
|
531
|
-
<div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  CallSite cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call->getCallSite());</div>
|
|
532
|
-
<div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  <span class="keyword">const</span> SVFValue* arg0Val = cs.getArgument(0);</div>
|
|
533
|
-
<div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <span class="keyword">const</span> SVFValue* arg2Val = cs.getArgument(2);</div>
|
|
534
|
-
<div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  AbstractValue arg2Num =</div>
|
|
535
|
-
<div class="line"><a name="l00403"></a><span class="lineno"> 403</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">getAbsState</a>()[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(arg2Val)];</div>
|
|
536
|
-
<div class="line"><a name="l00404"></a><span class="lineno"> 404</span>  AbstractValue strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">getStrlen</a>(arg0Val);</div>
|
|
537
|
-
<div class="line"><a name="l00405"></a><span class="lineno"> 405</span>  AbstractValue totalLen = strLen0 + arg2Num;</div>
|
|
508
|
+
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00386">386</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
509
|
+
<div class="fragment"><div class="line"><a name="l00387"></a><span class="lineno"> 387</span> {</div>
|
|
510
|
+
<div class="line"><a name="l00388"></a><span class="lineno"> 388</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(call);</div>
|
|
511
|
+
<div class="line"><a name="l00389"></a><span class="lineno"> 389</span>  <span class="keyword">const</span> SVFFunction *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call->getCallSite());</div>
|
|
512
|
+
<div class="line"><a name="l00390"></a><span class="lineno"> 390</span>  <span class="comment">// check the arg size</span></div>
|
|
513
|
+
<div class="line"><a name="l00391"></a><span class="lineno"> 391</span>  <span class="comment">// if it is strcat group, we need to check the length of string,</span></div>
|
|
514
|
+
<div class="line"><a name="l00392"></a><span class="lineno"> 392</span>  <span class="comment">// e.g. strcat(str1, str2); which checks AllocSize(str1) >= Strlen(str1) + Strlen(str2);</span></div>
|
|
515
|
+
<div class="line"><a name="l00393"></a><span class="lineno"> 393</span>  <span class="comment">// if it is strncat group, we do not need to check the length of string,</span></div>
|
|
516
|
+
<div class="line"><a name="l00394"></a><span class="lineno"> 394</span>  <span class="comment">// e.g. strncat(str1, str2, n); which checks AllocSize(str1) >= Strlen(str1) + n;</span></div>
|
|
517
|
+
<div class="line"><a name="l00395"></a><span class="lineno"> 395</span>  </div>
|
|
518
|
+
<div class="line"><a name="l00396"></a><span class="lineno"> 396</span>  <span class="keyword">const</span> std::vector<std::string> strcatGroup = {<span class="stringliteral">"__strcat_chk"</span>, <span class="stringliteral">"strcat"</span>, <span class="stringliteral">"__wcscat_chk"</span>, <span class="stringliteral">"wcscat"</span>};</div>
|
|
519
|
+
<div class="line"><a name="l00397"></a><span class="lineno"> 397</span>  <span class="keyword">const</span> std::vector<std::string> strncatGroup = {<span class="stringliteral">"__strncat_chk"</span>, <span class="stringliteral">"strncat"</span>, <span class="stringliteral">"__wcsncat_chk"</span>, <span class="stringliteral">"wcsncat"</span>};</div>
|
|
520
|
+
<div class="line"><a name="l00398"></a><span class="lineno"> 398</span>  <span class="keywordflow">if</span> (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())</div>
|
|
521
|
+
<div class="line"><a name="l00399"></a><span class="lineno"> 399</span>  {</div>
|
|
522
|
+
<div class="line"><a name="l00400"></a><span class="lineno"> 400</span>  CallSite cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call->getCallSite());</div>
|
|
523
|
+
<div class="line"><a name="l00401"></a><span class="lineno"> 401</span>  <span class="keyword">const</span> SVFValue* arg0Val = cs.getArgument(0);</div>
|
|
524
|
+
<div class="line"><a name="l00402"></a><span class="lineno"> 402</span>  <span class="keyword">const</span> SVFValue* arg1Val = cs.getArgument(1);</div>
|
|
525
|
+
<div class="line"><a name="l00403"></a><span class="lineno"> 403</span>  AbstractValue strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">getStrlen</a>(as, arg0Val);</div>
|
|
526
|
+
<div class="line"><a name="l00404"></a><span class="lineno"> 404</span>  AbstractValue strLen1 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">getStrlen</a>(as, arg1Val);</div>
|
|
527
|
+
<div class="line"><a name="l00405"></a><span class="lineno"> 405</span>  AbstractValue totalLen = strLen0 + strLen1;</div>
|
|
538
528
|
<div class="line"><a name="l00406"></a><span class="lineno"> 406</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
|
|
539
529
|
<div class="line"><a name="l00407"></a><span class="lineno"> 407</span>  }</div>
|
|
540
|
-
<div class="line"><a name="l00408"></a><span class="lineno"> 408</span>  <span class="keywordflow">else</span
|
|
530
|
+
<div class="line"><a name="l00408"></a><span class="lineno"> 408</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())</div>
|
|
541
531
|
<div class="line"><a name="l00409"></a><span class="lineno"> 409</span>  {</div>
|
|
542
|
-
<div class="line"><a name="l00410"></a><span class="lineno"> 410</span> 
|
|
543
|
-
<div class="line"><a name="l00411"></a><span class="lineno"> 411</span> 
|
|
544
|
-
<div class="line"><a name="l00412"></a><span class="lineno"> 412</span> 
|
|
545
|
-
<div class="line"><a name="l00413"></a><span class="lineno"> 413</span> 
|
|
532
|
+
<div class="line"><a name="l00410"></a><span class="lineno"> 410</span>  CallSite cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call->getCallSite());</div>
|
|
533
|
+
<div class="line"><a name="l00411"></a><span class="lineno"> 411</span>  <span class="keyword">const</span> SVFValue* arg0Val = cs.getArgument(0);</div>
|
|
534
|
+
<div class="line"><a name="l00412"></a><span class="lineno"> 412</span>  <span class="keyword">const</span> SVFValue* arg2Val = cs.getArgument(2);</div>
|
|
535
|
+
<div class="line"><a name="l00413"></a><span class="lineno"> 413</span>  AbstractValue arg2Num = as[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(arg2Val)];</div>
|
|
536
|
+
<div class="line"><a name="l00414"></a><span class="lineno"> 414</span>  AbstractValue strLen0 = <a class="code" href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">getStrlen</a>(as, arg0Val);</div>
|
|
537
|
+
<div class="line"><a name="l00415"></a><span class="lineno"> 415</span>  AbstractValue totalLen = strLen0 + arg2Num;</div>
|
|
538
|
+
<div class="line"><a name="l00416"></a><span class="lineno"> 416</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, totalLen, call);</div>
|
|
539
|
+
<div class="line"><a name="l00417"></a><span class="lineno"> 417</span>  }</div>
|
|
540
|
+
<div class="line"><a name="l00418"></a><span class="lineno"> 418</span>  <span class="keywordflow">else</span></div>
|
|
541
|
+
<div class="line"><a name="l00419"></a><span class="lineno"> 419</span>  {</div>
|
|
542
|
+
<div class="line"><a name="l00420"></a><span class="lineno"> 420</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"unknown strcat function, please add it to strcatGroup or strncatGroup"</span>);</div>
|
|
543
|
+
<div class="line"><a name="l00421"></a><span class="lineno"> 421</span>  abort();</div>
|
|
544
|
+
<div class="line"><a name="l00422"></a><span class="lineno"> 422</span>  }</div>
|
|
545
|
+
<div class="line"><a name="l00423"></a><span class="lineno"> 423</span> }</div>
|
|
546
546
|
</div><!-- fragment -->
|
|
547
547
|
</div>
|
|
548
548
|
</div>
|
|
@@ -578,15 +578,16 @@ Additional Inherited Members</h2></td></tr>
|
|
|
578
578
|
</dl>
|
|
579
579
|
<dl class="section return"><dt>Returns</dt><dd>true if the buffer overflow is detected </dd></dl>
|
|
580
580
|
|
|
581
|
-
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#
|
|
582
|
-
<div class="fragment"><div class="line"><a name="
|
|
583
|
-
<div class="line"><a name="
|
|
584
|
-
<div class="line"><a name="
|
|
585
|
-
<div class="line"><a name="
|
|
586
|
-
<div class="line"><a name="
|
|
587
|
-
<div class="line"><a name="
|
|
588
|
-
<div class="line"><a name="
|
|
589
|
-
<div class="line"><a name="
|
|
581
|
+
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00125">125</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
582
|
+
<div class="fragment"><div class="line"><a name="l00126"></a><span class="lineno"> 126</span> {</div>
|
|
583
|
+
<div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(call);</div>
|
|
584
|
+
<div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  CallSite cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call->getCallSite());</div>
|
|
585
|
+
<div class="line"><a name="l00129"></a><span class="lineno"> 129</span>  <span class="keyword">const</span> SVFValue* arg0Val = cs.getArgument(0);</div>
|
|
586
|
+
<div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <span class="keyword">const</span> SVFValue* arg1Val = cs.getArgument(1);</div>
|
|
587
|
+
<div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  AbstractValue strLen = <a class="code" href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">getStrlen</a>(as, arg1Val);</div>
|
|
588
|
+
<div class="line"><a name="l00132"></a><span class="lineno"> 132</span>  <span class="comment">// no need to -1, since it has \0 as the last byte</span></div>
|
|
589
|
+
<div class="line"><a name="l00133"></a><span class="lineno"> 133</span>  <span class="keywordflow">return</span> <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(arg0Val, strLen, call);</div>
|
|
590
|
+
<div class="line"><a name="l00134"></a><span class="lineno"> 134</span> }</div>
|
|
590
591
|
</div><!-- fragment -->
|
|
591
592
|
</div>
|
|
592
593
|
</div>
|
|
@@ -623,82 +624,81 @@ Additional Inherited Members</h2></td></tr>
|
|
|
623
624
|
|
|
624
625
|
<p>Reimplemented from <a class="el" href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">SVF::AbstractInterpretation</a>.</p>
|
|
625
626
|
|
|
626
|
-
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#
|
|
627
|
-
<div class="fragment"><div class="line"><a name="
|
|
628
|
-
<div class="line"><a name="
|
|
629
|
-
<div class="line"><a name="
|
|
630
|
-
<div class="line"><a name="
|
|
631
|
-
<div class="line"><a name="
|
|
632
|
-
<div class="line"><a name="
|
|
633
|
-
<div class="line"><a name="
|
|
634
|
-
<div class="line"><a name="
|
|
635
|
-
<div class="line"><a name="
|
|
636
|
-
<div class="line"><a name="
|
|
637
|
-
<div class="line"><a name="
|
|
638
|
-
<div class="line"><a name="
|
|
639
|
-
<div class="line"><a name="
|
|
640
|
-
<div class="line"><a name="
|
|
641
|
-
<div class="line"><a name="
|
|
642
|
-
<div class="line"><a name="
|
|
643
|
-
<div class="line"><a name="
|
|
644
|
-
<div class="line"><a name="
|
|
645
|
-
<div class="line"><a name="
|
|
646
|
-
<div class="line"><a name="
|
|
647
|
-
<div class="line"><a name="
|
|
648
|
-
<div class="line"><a name="
|
|
649
|
-
<div class="line"><a name="
|
|
650
|
-
<div class="line"><a name="
|
|
651
|
-
<div class="line"><a name="
|
|
652
|
-
<div class="line"><a name="
|
|
653
|
-
<div class="line"><a name="
|
|
654
|
-
<div class="line"><a name="
|
|
655
|
-
<div class="line"><a name="
|
|
656
|
-
<div class="line"><a name="
|
|
657
|
-
<div class="line"><a name="
|
|
658
|
-
<div class="line"><a name="
|
|
659
|
-
<div class="line"><a name="
|
|
660
|
-
<div class="line"><a name="
|
|
661
|
-
<div class="line"><a name="
|
|
662
|
-
<div class="line"><a name="
|
|
663
|
-
<div class="line"><a name="
|
|
664
|
-
<div class="line"><a name="
|
|
665
|
-
<div class="line"><a name="
|
|
666
|
-
<div class="line"><a name="
|
|
667
|
-
<div class="line"><a name="
|
|
668
|
-
<div class="line"><a name="l00457"></a><span class="lineno"> 457</span>  }</div>
|
|
669
|
-
<div class="line"><a name="l00458"></a><span class="lineno"> 458</span>  }</div>
|
|
670
|
-
<div class="line"><a name="l00459"></a><span class="lineno"> 459</span>  <span class="comment">// 2. memset functions like memset, memset_chk, annotate("MEMSET"), annotate("BUF_CHECK:Arg0, Arg2")</span></div>
|
|
671
|
-
<div class="line"><a name="l00460"></a><span class="lineno"> 460</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>)</div>
|
|
672
|
-
<div class="line"><a name="l00461"></a><span class="lineno"> 461</span>  {</div>
|
|
673
|
-
<div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun->getName()) == 0)</div>
|
|
674
|
-
<div class="line"><a name="l00463"></a><span class="lineno"> 463</span>  {</div>
|
|
675
|
-
<div class="line"><a name="l00464"></a><span class="lineno"> 464</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
676
|
-
<div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun->getName() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
677
|
-
<div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <span class="keywordflow">return</span>;</div>
|
|
627
|
+
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00425">425</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
628
|
+
<div class="fragment"><div class="line"><a name="l00426"></a><span class="lineno"> 426</span> {</div>
|
|
629
|
+
<div class="line"><a name="l00427"></a><span class="lineno"> 427</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(call);</div>
|
|
630
|
+
<div class="line"><a name="l00428"></a><span class="lineno"> 428</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">AbstractInterpretation::handleExtAPI</a>(call);</div>
|
|
631
|
+
<div class="line"><a name="l00429"></a><span class="lineno"> 429</span>  <span class="keyword">const</span> SVFFunction *fun = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVFUtil::getCallee</a>(call->getCallSite());</div>
|
|
632
|
+
<div class="line"><a name="l00430"></a><span class="lineno"> 430</span>  assert(fun && <span class="stringliteral">"SVFFunction* is nullptr"</span>);</div>
|
|
633
|
+
<div class="line"><a name="l00431"></a><span class="lineno"> 431</span>  CallSite cs = <a class="code" href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVFUtil::getSVFCallSite</a>(call->getCallSite());</div>
|
|
634
|
+
<div class="line"><a name="l00432"></a><span class="lineno"> 432</span>  <span class="comment">// check the type of mem api,</span></div>
|
|
635
|
+
<div class="line"><a name="l00433"></a><span class="lineno"> 433</span>  <span class="comment">// MEMCPY: like memcpy, memcpy_chk, llvm.memcpy etc.</span></div>
|
|
636
|
+
<div class="line"><a name="l00434"></a><span class="lineno"> 434</span>  <span class="comment">// MEMSET: like memset, memset_chk, llvm.memset etc.</span></div>
|
|
637
|
+
<div class="line"><a name="l00435"></a><span class="lineno"> 435</span>  <span class="comment">// STRCPY: like strcpy, strcpy_chk, wcscpy etc.</span></div>
|
|
638
|
+
<div class="line"><a name="l00436"></a><span class="lineno"> 436</span>  <span class="comment">// STRCAT: like strcat, strcat_chk, wcscat etc.</span></div>
|
|
639
|
+
<div class="line"><a name="l00437"></a><span class="lineno"> 437</span>  <span class="comment">// for other ext api like printf, scanf, etc., they have their own handlers</span></div>
|
|
640
|
+
<div class="line"><a name="l00438"></a><span class="lineno"> 438</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">ExtAPIType</a> extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543">UNCLASSIFIED</a>;</div>
|
|
641
|
+
<div class="line"><a name="l00439"></a><span class="lineno"> 439</span>  <span class="comment">// get type of mem api</span></div>
|
|
642
|
+
<div class="line"><a name="l00440"></a><span class="lineno"> 440</span>  <span class="keywordflow">for</span> (<span class="keyword">const</span> <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> &annotation: fun->getAnnotations())</div>
|
|
643
|
+
<div class="line"><a name="l00441"></a><span class="lineno"> 441</span>  {</div>
|
|
644
|
+
<div class="line"><a name="l00442"></a><span class="lineno"> 442</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"MEMCPY"</span>) != std::string::npos)</div>
|
|
645
|
+
<div class="line"><a name="l00443"></a><span class="lineno"> 443</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>;</div>
|
|
646
|
+
<div class="line"><a name="l00444"></a><span class="lineno"> 444</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"MEMSET"</span>) != std::string::npos)</div>
|
|
647
|
+
<div class="line"><a name="l00445"></a><span class="lineno"> 445</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>;</div>
|
|
648
|
+
<div class="line"><a name="l00446"></a><span class="lineno"> 446</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"STRCPY"</span>) != std::string::npos)</div>
|
|
649
|
+
<div class="line"><a name="l00447"></a><span class="lineno"> 447</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>;</div>
|
|
650
|
+
<div class="line"><a name="l00448"></a><span class="lineno"> 448</span>  <span class="keywordflow">if</span> (annotation.find(<span class="stringliteral">"STRCAT"</span>) != std::string::npos)</div>
|
|
651
|
+
<div class="line"><a name="l00449"></a><span class="lineno"> 449</span>  extType = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>;</div>
|
|
652
|
+
<div class="line"><a name="l00450"></a><span class="lineno"> 450</span>  }</div>
|
|
653
|
+
<div class="line"><a name="l00451"></a><span class="lineno"> 451</span>  <span class="comment">// 1. memcpy functions like memcpy_chk, strncpy, annotate("MEMCPY"), annotate("BUF_CHECK:Arg0, Arg2"), annotate("BUF_CHECK:Arg1, Arg2")</span></div>
|
|
654
|
+
<div class="line"><a name="l00452"></a><span class="lineno"> 452</span>  <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">MEMCPY</a>)</div>
|
|
655
|
+
<div class="line"><a name="l00453"></a><span class="lineno"> 453</span>  {</div>
|
|
656
|
+
<div class="line"><a name="l00454"></a><span class="lineno"> 454</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun->getName()) == 0)</div>
|
|
657
|
+
<div class="line"><a name="l00455"></a><span class="lineno"> 455</span>  {</div>
|
|
658
|
+
<div class="line"><a name="l00456"></a><span class="lineno"> 456</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
659
|
+
<div class="line"><a name="l00457"></a><span class="lineno"> 457</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun->getName() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
660
|
+
<div class="line"><a name="l00458"></a><span class="lineno"> 458</span>  <span class="keywordflow">return</span>;</div>
|
|
661
|
+
<div class="line"><a name="l00459"></a><span class="lineno"> 459</span>  }</div>
|
|
662
|
+
<div class="line"><a name="l00460"></a><span class="lineno"> 460</span>  <span class="comment">// call parseMemcpyBufferCheckArgs to parse the BUF_CHECK annotation</span></div>
|
|
663
|
+
<div class="line"><a name="l00461"></a><span class="lineno"> 461</span>  std::vector<std::pair<u32_t, u32_t>> args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun->getName());</div>
|
|
664
|
+
<div class="line"><a name="l00462"></a><span class="lineno"> 462</span>  <span class="comment">// loop the args and check the offset</span></div>
|
|
665
|
+
<div class="line"><a name="l00463"></a><span class="lineno"> 463</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
|
|
666
|
+
<div class="line"><a name="l00464"></a><span class="lineno"> 464</span>  {</div>
|
|
667
|
+
<div class="line"><a name="l00465"></a><span class="lineno"> 465</span>  AbstractValue <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = as[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(arg.second))] - IntervalValue(1);</div>
|
|
668
|
+
<div class="line"><a name="l00466"></a><span class="lineno"> 466</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
|
|
678
669
|
<div class="line"><a name="l00467"></a><span class="lineno"> 467</span>  }</div>
|
|
679
|
-
<div class="line"><a name="l00468"></a><span class="lineno"> 468</span> 
|
|
680
|
-
<div class="line"><a name="l00469"></a><span class="lineno"> 469</span> 
|
|
681
|
-
<div class="line"><a name="l00470"></a><span class="lineno"> 470</span> 
|
|
682
|
-
<div class="line"><a name="l00471"></a><span class="lineno"> 471</span> 
|
|
683
|
-
<div class="line"><a name="l00472"></a><span class="lineno"> 472</span> 
|
|
684
|
-
<div class="line"><a name="l00473"></a><span class="lineno"> 473</span> 
|
|
685
|
-
<div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  <
|
|
686
|
-
<div class="line"><a name="l00475"></a><span class="lineno"> 475</span> 
|
|
687
|
-
<div class="line"><a name="l00476"></a><span class="lineno"> 476</span> 
|
|
688
|
-
<div class="line"><a name="l00477"></a><span class="lineno"> 477</span> 
|
|
689
|
-
<div class="line"><a name="l00478"></a><span class="lineno"> 478</span> 
|
|
690
|
-
<div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  <
|
|
691
|
-
<div class="line"><a name="l00480"></a><span class="lineno"> 480</span> 
|
|
692
|
-
<div class="line"><a name="l00481"></a><span class="lineno"> 481</span> 
|
|
693
|
-
<div class="line"><a name="l00482"></a><span class="lineno"> 482</span> 
|
|
694
|
-
<div class="line"><a name="l00483"></a><span class="lineno"> 483</span> 
|
|
695
|
-
<div class="line"><a name="l00484"></a><span class="lineno"> 484</span> 
|
|
696
|
-
<div class="line"><a name="l00485"></a><span class="lineno"> 485</span> 
|
|
697
|
-
<div class="line"><a name="l00486"></a><span class="lineno"> 486</span> 
|
|
698
|
-
<div class="line"><a name="l00487"></a><span class="lineno"> 487</span> 
|
|
699
|
-
<div class="line"><a name="l00488"></a><span class="lineno"> 488</span> 
|
|
700
|
-
<div class="line"><a name="l00489"></a><span class="lineno"> 489</span> 
|
|
701
|
-
<div class="line"><a name="l00490"></a><span class="lineno"> 490</span> 
|
|
670
|
+
<div class="line"><a name="l00468"></a><span class="lineno"> 468</span>  }</div>
|
|
671
|
+
<div class="line"><a name="l00469"></a><span class="lineno"> 469</span>  <span class="comment">// 2. memset functions like memset, memset_chk, annotate("MEMSET"), annotate("BUF_CHECK:Arg0, Arg2")</span></div>
|
|
672
|
+
<div class="line"><a name="l00470"></a><span class="lineno"> 470</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">MEMSET</a>)</div>
|
|
673
|
+
<div class="line"><a name="l00471"></a><span class="lineno"> 471</span>  {</div>
|
|
674
|
+
<div class="line"><a name="l00472"></a><span class="lineno"> 472</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.count(fun->getName()) == 0)</div>
|
|
675
|
+
<div class="line"><a name="l00473"></a><span class="lineno"> 473</span>  {</div>
|
|
676
|
+
<div class="line"><a name="l00474"></a><span class="lineno"> 474</span>  <span class="comment">// if it is not in the rules, we do not check it</span></div>
|
|
677
|
+
<div class="line"><a name="l00475"></a><span class="lineno"> 475</span>  <a class="code" href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVFUtil::errs</a>() << <span class="stringliteral">"Warning: "</span> << fun->getName() << <span class="stringliteral">" is not in the rules, please implement it\n"</span>;</div>
|
|
678
|
+
<div class="line"><a name="l00476"></a><span class="lineno"> 476</span>  <span class="keywordflow">return</span>;</div>
|
|
679
|
+
<div class="line"><a name="l00477"></a><span class="lineno"> 477</span>  }</div>
|
|
680
|
+
<div class="line"><a name="l00478"></a><span class="lineno"> 478</span>  std::vector<std::pair<u32_t, u32_t>> args = <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>.at(fun->getName());</div>
|
|
681
|
+
<div class="line"><a name="l00479"></a><span class="lineno"> 479</span>  <span class="comment">// loop the args and check the offset</span></div>
|
|
682
|
+
<div class="line"><a name="l00480"></a><span class="lineno"> 480</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> arg: args)</div>
|
|
683
|
+
<div class="line"><a name="l00481"></a><span class="lineno"> 481</span>  {</div>
|
|
684
|
+
<div class="line"><a name="l00482"></a><span class="lineno"> 482</span>  AbstractValue <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a> = as[<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(arg.second))] - IntervalValue(1);</div>
|
|
685
|
+
<div class="line"><a name="l00483"></a><span class="lineno"> 483</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(arg.first), <a class="code" href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a>, call);</div>
|
|
686
|
+
<div class="line"><a name="l00484"></a><span class="lineno"> 484</span>  }</div>
|
|
687
|
+
<div class="line"><a name="l00485"></a><span class="lineno"> 485</span>  }</div>
|
|
688
|
+
<div class="line"><a name="l00486"></a><span class="lineno"> 486</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">STRCPY</a>)</div>
|
|
689
|
+
<div class="line"><a name="l00487"></a><span class="lineno"> 487</span>  {</div>
|
|
690
|
+
<div class="line"><a name="l00488"></a><span class="lineno"> 488</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">detectStrcpy</a>(call);</div>
|
|
691
|
+
<div class="line"><a name="l00489"></a><span class="lineno"> 489</span>  }</div>
|
|
692
|
+
<div class="line"><a name="l00490"></a><span class="lineno"> 490</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (extType == <a class="code" href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">STRCAT</a>)</div>
|
|
693
|
+
<div class="line"><a name="l00491"></a><span class="lineno"> 491</span>  {</div>
|
|
694
|
+
<div class="line"><a name="l00492"></a><span class="lineno"> 492</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">detectStrcat</a>(call);</div>
|
|
695
|
+
<div class="line"><a name="l00493"></a><span class="lineno"> 493</span>  }</div>
|
|
696
|
+
<div class="line"><a name="l00494"></a><span class="lineno"> 494</span>  <span class="keywordflow">else</span></div>
|
|
697
|
+
<div class="line"><a name="l00495"></a><span class="lineno"> 495</span>  {</div>
|
|
698
|
+
<div class="line"><a name="l00496"></a><span class="lineno"> 496</span>  </div>
|
|
699
|
+
<div class="line"><a name="l00497"></a><span class="lineno"> 497</span>  }</div>
|
|
700
|
+
<div class="line"><a name="l00498"></a><span class="lineno"> 498</span>  <span class="keywordflow">return</span>;</div>
|
|
701
|
+
<div class="line"><a name="l00499"></a><span class="lineno"> 499</span> }</div>
|
|
702
702
|
</div><!-- fragment -->
|
|
703
703
|
</div>
|
|
704
704
|
</div>
|
|
@@ -773,17 +773,18 @@ Additional Inherited Members</h2></td></tr>
|
|
|
773
773
|
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00062">62</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
774
774
|
<div class="fragment"><div class="line"><a name="l00063"></a><span class="lineno"> 63</span> {</div>
|
|
775
775
|
<div class="line"><a name="l00064"></a><span class="lineno"> 64</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">AbstractInterpretation::handleSVFStatement</a>(stmt);</div>
|
|
776
|
-
<div class="line"><a name="l00065"></a><span class="lineno"> 65</span>  <
|
|
777
|
-
<div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <span class="
|
|
778
|
-
<div class="line"><a name="l00067"></a><span class="lineno"> 67</span> 
|
|
779
|
-
<div class="line"><a name="l00068"></a><span class="lineno"> 68</span> 
|
|
780
|
-
<div class="line"><a name="l00069"></a><span class="lineno"> 69</span> 
|
|
781
|
-
<div class="line"><a name="l00070"></a><span class="lineno"> 70</span> 
|
|
782
|
-
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span> 
|
|
783
|
-
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  <a class="code" href="
|
|
784
|
-
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span> 
|
|
785
|
-
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span> 
|
|
786
|
-
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span> }</div>
|
|
776
|
+
<div class="line"><a name="l00065"></a><span class="lineno"> 65</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(stmt->getICFGNode());</div>
|
|
777
|
+
<div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <span class="comment">// for gep stmt, add the gep stmt to the addrToGep map</span></div>
|
|
778
|
+
<div class="line"><a name="l00067"></a><span class="lineno"> 67</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> GepStmt *gep = SVFUtil::dyn_cast<GepStmt>(stmt))</div>
|
|
779
|
+
<div class="line"><a name="l00068"></a><span class="lineno"> 68</span>  {</div>
|
|
780
|
+
<div class="line"><a name="l00069"></a><span class="lineno"> 69</span>  <span class="keywordflow">for</span> (<a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> addrID:</div>
|
|
781
|
+
<div class="line"><a name="l00070"></a><span class="lineno"> 70</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(as, gep->getLHSVarID()).<a class="code" href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">getAddrs</a>())</div>
|
|
782
|
+
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  {</div>
|
|
783
|
+
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  <a class="code" href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">NodeID</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(addrID);</div>
|
|
784
|
+
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">_addrToGep</a>[objId] = gep;</div>
|
|
785
|
+
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  }</div>
|
|
786
|
+
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span>  }</div>
|
|
787
|
+
<div class="line"><a name="l00076"></a><span class="lineno"> 76</span> }</div>
|
|
787
788
|
</div><!-- fragment -->
|
|
788
789
|
</div>
|
|
789
790
|
</div>
|
|
@@ -812,51 +813,51 @@ Additional Inherited Members</h2></td></tr>
|
|
|
812
813
|
<p>the map of ext apis of buffer overflow checking rules</p>
|
|
813
814
|
<p>it initialize the rules of extapis about buffer overflow checking e.g. memcpy(dst, src, sz) -> we check allocSize(dst)>=sz and allocSize(src)>=sz </p>
|
|
814
815
|
|
|
815
|
-
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#
|
|
816
|
-
<div class="fragment"><div class="line"><a name="
|
|
817
|
-
<div class="line"><a name="
|
|
818
|
-
<div class="line"><a name="
|
|
819
|
-
<div class="line"><a name="
|
|
820
|
-
<div class="line"><a name="
|
|
821
|
-
<div class="line"><a name="
|
|
822
|
-
<div class="line"><a name="
|
|
823
|
-
<div class="line"><a name="
|
|
824
|
-
<div class="line"><a name="
|
|
825
|
-
<div class="line"><a name="
|
|
826
|
-
<div class="line"><a name="
|
|
827
|
-
<div class="line"><a name="
|
|
828
|
-
<div class="line"><a name="
|
|
829
|
-
<div class="line"><a name="
|
|
830
|
-
<div class="line"><a name="
|
|
831
|
-
<div class="line"><a name="
|
|
832
|
-
<div class="line"><a name="
|
|
833
|
-
<div class="line"><a name="
|
|
834
|
-
<div class="line"><a name="
|
|
835
|
-
<div class="line"><a name="
|
|
836
|
-
<div class="line"><a name="
|
|
837
|
-
<div class="line"><a name="
|
|
838
|
-
<div class="line"><a name="
|
|
839
|
-
<div class="line"><a name="
|
|
840
|
-
<div class="line"><a name="
|
|
841
|
-
<div class="line"><a name="
|
|
842
|
-
<div class="line"><a name="
|
|
843
|
-
<div class="line"><a name="
|
|
844
|
-
<div class="line"><a name="
|
|
845
|
-
<div class="line"><a name="
|
|
846
|
-
<div class="line"><a name="
|
|
847
|
-
<div class="line"><a name="
|
|
848
|
-
<div class="line"><a name="
|
|
849
|
-
<div class="line"><a name="
|
|
850
|
-
<div class="line"><a name="
|
|
851
|
-
<div class="line"><a name="
|
|
852
|
-
<div class="line"><a name="
|
|
853
|
-
<div class="line"><a name="
|
|
854
|
-
<div class="line"><a name="
|
|
855
|
-
<div class="line"><a name="
|
|
856
|
-
<div class="line"><a name="
|
|
857
|
-
<div class="line"><a name="
|
|
858
|
-
<div class="line"><a name="
|
|
859
|
-
<div class="line"><a name="
|
|
816
|
+
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00078">78</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
817
|
+
<div class="fragment"><div class="line"><a name="l00079"></a><span class="lineno"> 79</span> {</div>
|
|
818
|
+
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <span class="comment">//void llvm_memcpy_p0i8_p0i8_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
819
|
+
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0i8_p0i8_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
820
|
+
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span>  <span class="comment">//void llvm_memcpy_p0_p0_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
821
|
+
<div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0_p0_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
822
|
+
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>  <span class="comment">//void llvm_memcpy_p0i8_p0i8_i32(char* dst, char* src, int sz, int flag){}</span></div>
|
|
823
|
+
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy_p0i8_p0i8_i32"</span>] = {{0, 2}, {1,2}};</div>
|
|
824
|
+
<div class="line"><a name="l00086"></a><span class="lineno"> 86</span>  <span class="comment">//void llvm_memcpy(char* dst, char* src, int sz, int flag){}</span></div>
|
|
825
|
+
<div class="line"><a name="l00087"></a><span class="lineno"> 87</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memcpy"</span>] = {{0, 2}, {1,2}};</div>
|
|
826
|
+
<div class="line"><a name="l00088"></a><span class="lineno"> 88</span>  <span class="comment">//void llvm_memmove(char* dst, char* src, int sz, int flag){}</span></div>
|
|
827
|
+
<div class="line"><a name="l00089"></a><span class="lineno"> 89</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove"</span>] = {{0, 2}, {1,2}};</div>
|
|
828
|
+
<div class="line"><a name="l00090"></a><span class="lineno"> 90</span>  <span class="comment">//void llvm_memmove_p0i8_p0i8_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
829
|
+
<div class="line"><a name="l00091"></a><span class="lineno"> 91</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0i8_p0i8_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
830
|
+
<div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  <span class="comment">//void llvm_memmove_p0_p0_i64(char* dst, char* src, int sz, int flag){}</span></div>
|
|
831
|
+
<div class="line"><a name="l00093"></a><span class="lineno"> 93</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0_p0_i64"</span>] = {{0, 2}, {1,2}};</div>
|
|
832
|
+
<div class="line"><a name="l00094"></a><span class="lineno"> 94</span>  <span class="comment">//void llvm_memmove_p0i8_p0i8_i32(char* dst, char* src, int sz, int flag){}</span></div>
|
|
833
|
+
<div class="line"><a name="l00095"></a><span class="lineno"> 95</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memmove_p0i8_p0i8_i32"</span>] = {{0, 2}, {1,2}};</div>
|
|
834
|
+
<div class="line"><a name="l00096"></a><span class="lineno"> 96</span>  <span class="comment">//void __memcpy_chk(char* dst, char* src, int sz, int flag){}</span></div>
|
|
835
|
+
<div class="line"><a name="l00097"></a><span class="lineno"> 97</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memcpy_chk"</span>] = {{0, 2}, {1,2}};</div>
|
|
836
|
+
<div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <span class="comment">//void *memmove(void *str1, const void *str2, unsigned long n)</span></div>
|
|
837
|
+
<div class="line"><a name="l00099"></a><span class="lineno"> 99</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"memmove"</span>] = {{0, 2}, {1,2}};</div>
|
|
838
|
+
<div class="line"><a name="l00100"></a><span class="lineno"> 100</span>  <span class="comment">//void bcopy(const void *s1, void *s2, unsigned long n){}</span></div>
|
|
839
|
+
<div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"bcopy"</span>] = {{0, 2}, {1,2}};</div>
|
|
840
|
+
<div class="line"><a name="l00102"></a><span class="lineno"> 102</span>  <span class="comment">//void *memccpy( void * restrict dest, const void * restrict src, int c, unsigned long count)</span></div>
|
|
841
|
+
<div class="line"><a name="l00103"></a><span class="lineno"> 103</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"memccpy"</span>] = {{0, 3}, {1,3}};</div>
|
|
842
|
+
<div class="line"><a name="l00104"></a><span class="lineno"> 104</span>  <span class="comment">//void __memmove_chk(char* dst, char* src, int sz){}</span></div>
|
|
843
|
+
<div class="line"><a name="l00105"></a><span class="lineno"> 105</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memmove_chk"</span>] = {{0, 2}, {1,2}};</div>
|
|
844
|
+
<div class="line"><a name="l00106"></a><span class="lineno"> 106</span>  <span class="comment">//void llvm_memset(char* dst, char elem, int sz, int flag){}</span></div>
|
|
845
|
+
<div class="line"><a name="l00107"></a><span class="lineno"> 107</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset"</span>] = {{0, 2}};</div>
|
|
846
|
+
<div class="line"><a name="l00108"></a><span class="lineno"> 108</span>  <span class="comment">//void llvm_memset_p0i8_i32(char* dst, char elem, int sz, int flag){}</span></div>
|
|
847
|
+
<div class="line"><a name="l00109"></a><span class="lineno"> 109</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0i8_i32"</span>] = {{0, 2}};</div>
|
|
848
|
+
<div class="line"><a name="l00110"></a><span class="lineno"> 110</span>  <span class="comment">//void llvm_memset_p0i8_i64(char* dst, char elem, int sz, int flag){}</span></div>
|
|
849
|
+
<div class="line"><a name="l00111"></a><span class="lineno"> 111</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0i8_i64"</span>] = {{0, 2}};</div>
|
|
850
|
+
<div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <span class="comment">//void llvm_memset_p0_i64(char* dst, char elem, int sz, int flag){}</span></div>
|
|
851
|
+
<div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"llvm_memset_p0_i64"</span>] = {{0, 2}};</div>
|
|
852
|
+
<div class="line"><a name="l00114"></a><span class="lineno"> 114</span>  <span class="comment">//char *__memset_chk(char * dest, int c, unsigned long destlen, int flag)</span></div>
|
|
853
|
+
<div class="line"><a name="l00115"></a><span class="lineno"> 115</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"__memset_chk"</span>] = {{0, 2}};</div>
|
|
854
|
+
<div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  <span class="comment">//char *wmemset(wchar_t * dst, wchar_t elem, int sz, int flag) {</span></div>
|
|
855
|
+
<div class="line"><a name="l00117"></a><span class="lineno"> 117</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"wmemset"</span>] = {{0, 2}};</div>
|
|
856
|
+
<div class="line"><a name="l00118"></a><span class="lineno"> 118</span>  <span class="comment">//char *strncpy(char *dest, const char *src, unsigned long n)</span></div>
|
|
857
|
+
<div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"strncpy"</span>] = {{0, 2}, {1,2}};</div>
|
|
858
|
+
<div class="line"><a name="l00120"></a><span class="lineno"> 120</span>  <span class="comment">//unsigned long iconv(void* cd, char **restrict inbuf, unsigned long *restrict inbytesleft, char **restrict outbuf, unsigned long *restrict outbytesleft)</span></div>
|
|
859
|
+
<div class="line"><a name="l00121"></a><span class="lineno"> 121</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">_extAPIBufOverflowCheckRules</a>[<span class="stringliteral">"iconv"</span>] = {{1, 2}, {3, 4}};</div>
|
|
860
|
+
<div class="line"><a name="l00122"></a><span class="lineno"> 122</span> }</div>
|
|
860
861
|
</div><!-- fragment -->
|
|
861
862
|
</div>
|
|
862
863
|
</div>
|
|
@@ -887,247 +888,255 @@ Additional Inherited Members</h2></td></tr>
|
|
|
887
888
|
|
|
888
889
|
<p>Reimplemented from <a class="el" href="classSVF_1_1AbstractInterpretation.html#ab18fe64117c1692d94ce0e0ee44e940b">SVF::AbstractInterpretation</a>.</p>
|
|
889
890
|
|
|
890
|
-
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#
|
|
891
|
-
<div class="fragment"><div class="line"><a name="
|
|
892
|
-
<div class="line"><a name="
|
|
893
|
-
<div class="line"><a name="
|
|
894
|
-
<div class="line"><a name="
|
|
895
|
-
<div class="line"><a name="
|
|
896
|
-
<div class="line"><a name="
|
|
897
|
-
<div class="line"><a name="
|
|
898
|
-
<div class="line"><a name="
|
|
899
|
-
<div class="line"><a name="
|
|
900
|
-
<div class="line"><a name="
|
|
901
|
-
<div class="line"><a name="
|
|
902
|
-
<div class="line"><a name="
|
|
903
|
-
<div class="line"><a name="
|
|
904
|
-
<div class="line"><a name="
|
|
905
|
-
<div class="line"><a name="
|
|
906
|
-
<div class="line"><a name="
|
|
907
|
-
<div class="line"><a name="
|
|
908
|
-
<div class="line"><a name="
|
|
909
|
-
<div class="line"><a name="
|
|
910
|
-
<div class="line"><a name="
|
|
911
|
-
<div class="line"><a name="
|
|
912
|
-
<div class="line"><a name="
|
|
913
|
-
<div class="line"><a name="
|
|
914
|
-
<div class="line"><a name="
|
|
915
|
-
<div class="line"><a name="
|
|
916
|
-
<div class="line"><a name="
|
|
917
|
-
<div class="line"><a name="
|
|
918
|
-
<div class="line"><a name="
|
|
919
|
-
<div class="line"><a name="
|
|
920
|
-
<div class="line"><a name="
|
|
921
|
-
<div class="line"><a name="
|
|
922
|
-
<div class="line"><a name="
|
|
923
|
-
<div class="line"><a name="
|
|
924
|
-
<div class="line"><a name="
|
|
925
|
-
<div class="line"><a name="
|
|
926
|
-
<div class="line"><a name="
|
|
927
|
-
<div class="line"><a name="
|
|
928
|
-
<div class="line"><a name="
|
|
929
|
-
<div class="line"><a name="
|
|
930
|
-
<div class="line"><a name="
|
|
931
|
-
<div class="line"><a name="
|
|
932
|
-
<div class="line"><a name="
|
|
933
|
-
<div class="line"><a name="
|
|
934
|
-
<div class="line"><a name="
|
|
935
|
-
<div class="line"><a name="
|
|
936
|
-
<div class="line"><a name="
|
|
937
|
-
<div class="line"><a name="
|
|
938
|
-
<div class="line"><a name="
|
|
939
|
-
<div class="line"><a name="
|
|
940
|
-
<div class="line"><a name="
|
|
941
|
-
<div class="line"><a name="
|
|
942
|
-
<div class="line"><a name="
|
|
943
|
-
<div class="line"><a name="
|
|
944
|
-
<div class="line"><a name="
|
|
945
|
-
<div class="line"><a name="
|
|
946
|
-
<div class="line"><a name="
|
|
947
|
-
<div class="line"><a name="
|
|
948
|
-
<div class="line"><a name="
|
|
949
|
-
<div class="line"><a name="
|
|
950
|
-
<div class="line"><a name="
|
|
951
|
-
<div class="line"><a name="
|
|
952
|
-
<div class="line"><a name="
|
|
953
|
-
<div class="line"><a name="
|
|
954
|
-
<div class="line"><a name="
|
|
955
|
-
<div class="line"><a name="
|
|
956
|
-
<div class="line"><a name="
|
|
957
|
-
<div class="line"><a name="
|
|
958
|
-
<div class="line"><a name="
|
|
959
|
-
<div class="line"><a name="
|
|
960
|
-
<div class="line"><a name="
|
|
961
|
-
<div class="line"><a name="
|
|
962
|
-
<div class="line"><a name="
|
|
963
|
-
<div class="line"><a name="l00207"></a><span class="lineno"> 207</span>  {</div>
|
|
964
|
-
<div class="line"><a name="l00208"></a><span class="lineno"> 208</span>  <span class="comment">// printf is difficult to predict since it has no byte size arguments</span></div>
|
|
891
|
+
<p class="definition">Definition at line <a class="el" href="BufOverflowChecker_8cpp_source.html#l00136">136</a> of file <a class="el" href="BufOverflowChecker_8cpp_source.html">BufOverflowChecker.cpp</a>.</p>
|
|
892
|
+
<div class="fragment"><div class="line"><a name="l00137"></a><span class="lineno"> 137</span> {</div>
|
|
893
|
+
<div class="line"><a name="l00138"></a><span class="lineno"> 138</span>  </div>
|
|
894
|
+
<div class="line"><a name="l00139"></a><span class="lineno"> 139</span>  <span class="keyword">auto</span> sse_scanf = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
895
|
+
<div class="line"><a name="l00140"></a><span class="lineno"> 140</span>  {</div>
|
|
896
|
+
<div class="line"><a name="l00141"></a><span class="lineno"> 141</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
897
|
+
<div class="line"><a name="l00142"></a><span class="lineno"> 142</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
898
|
+
<div class="line"><a name="l00143"></a><span class="lineno"> 143</span>  <span class="comment">//scanf("%d", &data);</span></div>
|
|
899
|
+
<div class="line"><a name="l00144"></a><span class="lineno"> 144</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
900
|
+
<div class="line"><a name="l00145"></a><span class="lineno"> 145</span>  </div>
|
|
901
|
+
<div class="line"><a name="l00146"></a><span class="lineno"> 146</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
902
|
+
<div class="line"><a name="l00147"></a><span class="lineno"> 147</span>  <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">inVarToAddrsTable</a>(as, dst_id))</div>
|
|
903
|
+
<div class="line"><a name="l00148"></a><span class="lineno"> 148</span>  {</div>
|
|
904
|
+
<div class="line"><a name="l00149"></a><span class="lineno"> 149</span>  BufOverflowException bug(<span class="stringliteral">"scanf may cause buffer overflow.\n"</span>, 0, 0, 0, 0, cs.getArgument(1));</div>
|
|
905
|
+
<div class="line"><a name="l00150"></a><span class="lineno"> 150</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
906
|
+
<div class="line"><a name="l00151"></a><span class="lineno"> 151</span>  <span class="keywordflow">return</span>;</div>
|
|
907
|
+
<div class="line"><a name="l00152"></a><span class="lineno"> 152</span>  }</div>
|
|
908
|
+
<div class="line"><a name="l00153"></a><span class="lineno"> 153</span>  <span class="keywordflow">else</span></div>
|
|
909
|
+
<div class="line"><a name="l00154"></a><span class="lineno"> 154</span>  {</div>
|
|
910
|
+
<div class="line"><a name="l00155"></a><span class="lineno"> 155</span>  AbstractValue Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(as, dst_id);</div>
|
|
911
|
+
<div class="line"><a name="l00156"></a><span class="lineno"> 156</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
|
|
912
|
+
<div class="line"><a name="l00157"></a><span class="lineno"> 157</span>  {</div>
|
|
913
|
+
<div class="line"><a name="l00158"></a><span class="lineno"> 158</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(vaddr);</div>
|
|
914
|
+
<div class="line"><a name="l00159"></a><span class="lineno"> 159</span>  AbstractValue range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-><a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
|
|
915
|
+
<div class="line"><a name="l00160"></a><span class="lineno"> 160</span>  as.store(vaddr, range);</div>
|
|
916
|
+
<div class="line"><a name="l00161"></a><span class="lineno"> 161</span>  }</div>
|
|
917
|
+
<div class="line"><a name="l00162"></a><span class="lineno"> 162</span>  }</div>
|
|
918
|
+
<div class="line"><a name="l00163"></a><span class="lineno"> 163</span>  };</div>
|
|
919
|
+
<div class="line"><a name="l00164"></a><span class="lineno"> 164</span>  <span class="keyword">auto</span> sse_fscanf = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
920
|
+
<div class="line"><a name="l00165"></a><span class="lineno"> 165</span>  {</div>
|
|
921
|
+
<div class="line"><a name="l00166"></a><span class="lineno"> 166</span>  <span class="comment">//fscanf(stdin, "%d", &data);</span></div>
|
|
922
|
+
<div class="line"><a name="l00167"></a><span class="lineno"> 167</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
923
|
+
<div class="line"><a name="l00168"></a><span class="lineno"> 168</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
924
|
+
<div class="line"><a name="l00169"></a><span class="lineno"> 169</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
925
|
+
<div class="line"><a name="l00170"></a><span class="lineno"> 170</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
926
|
+
<div class="line"><a name="l00171"></a><span class="lineno"> 171</span>  <span class="keywordflow">if</span> (!<a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">inVarToAddrsTable</a>(as, dst_id))</div>
|
|
927
|
+
<div class="line"><a name="l00172"></a><span class="lineno"> 172</span>  {</div>
|
|
928
|
+
<div class="line"><a name="l00173"></a><span class="lineno"> 173</span>  BufOverflowException bug(<span class="stringliteral">"scanf may cause buffer overflow.\n"</span>, 0, 0, 0, 0, cs.getArgument(2));</div>
|
|
929
|
+
<div class="line"><a name="l00174"></a><span class="lineno"> 174</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
930
|
+
<div class="line"><a name="l00175"></a><span class="lineno"> 175</span>  <span class="keywordflow">return</span>;</div>
|
|
931
|
+
<div class="line"><a name="l00176"></a><span class="lineno"> 176</span>  }</div>
|
|
932
|
+
<div class="line"><a name="l00177"></a><span class="lineno"> 177</span>  <span class="keywordflow">else</span></div>
|
|
933
|
+
<div class="line"><a name="l00178"></a><span class="lineno"> 178</span>  {</div>
|
|
934
|
+
<div class="line"><a name="l00179"></a><span class="lineno"> 179</span>  AbstractValue Addrs = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">getAddrs</a>(as, dst_id);</div>
|
|
935
|
+
<div class="line"><a name="l00180"></a><span class="lineno"> 180</span>  <span class="keywordflow">for</span> (<span class="keyword">auto</span> vaddr: Addrs.getAddrs())</div>
|
|
936
|
+
<div class="line"><a name="l00181"></a><span class="lineno"> 181</span>  {</div>
|
|
937
|
+
<div class="line"><a name="l00182"></a><span class="lineno"> 182</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> objId = <a class="code" href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">AbstractState::getInternalID</a>(vaddr);</div>
|
|
938
|
+
<div class="line"><a name="l00183"></a><span class="lineno"> 183</span>  AbstractValue range = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">_svfir2AbsState</a>-><a class="code" href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">getRangeLimitFromType</a>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">getGNode</a>(objId)-><a class="code" href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">getType</a>());</div>
|
|
939
|
+
<div class="line"><a name="l00184"></a><span class="lineno"> 184</span>  as.store(vaddr, range);</div>
|
|
940
|
+
<div class="line"><a name="l00185"></a><span class="lineno"> 185</span>  }</div>
|
|
941
|
+
<div class="line"><a name="l00186"></a><span class="lineno"> 186</span>  }</div>
|
|
942
|
+
<div class="line"><a name="l00187"></a><span class="lineno"> 187</span>  };</div>
|
|
943
|
+
<div class="line"><a name="l00188"></a><span class="lineno"> 188</span>  </div>
|
|
944
|
+
<div class="line"><a name="l00189"></a><span class="lineno"> 189</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_fscanf"</span>] = sse_fscanf;</div>
|
|
945
|
+
<div class="line"><a name="l00190"></a><span class="lineno"> 190</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_scanf"</span>] = sse_scanf;</div>
|
|
946
|
+
<div class="line"><a name="l00191"></a><span class="lineno"> 191</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_vscanf"</span>] = sse_scanf;</div>
|
|
947
|
+
<div class="line"><a name="l00192"></a><span class="lineno"> 192</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"fscanf"</span>] = sse_fscanf;</div>
|
|
948
|
+
<div class="line"><a name="l00193"></a><span class="lineno"> 193</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"scanf"</span>] = sse_scanf;</div>
|
|
949
|
+
<div class="line"><a name="l00194"></a><span class="lineno"> 194</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"sscanf"</span>] = sse_scanf;</div>
|
|
950
|
+
<div class="line"><a name="l00195"></a><span class="lineno"> 195</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__isoc99_sscanf"</span>] = sse_scanf;</div>
|
|
951
|
+
<div class="line"><a name="l00196"></a><span class="lineno"> 196</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"vscanf"</span>] = sse_scanf;</div>
|
|
952
|
+
<div class="line"><a name="l00197"></a><span class="lineno"> 197</span>  </div>
|
|
953
|
+
<div class="line"><a name="l00198"></a><span class="lineno"> 198</span>  <span class="keyword">auto</span> sse_fread = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
954
|
+
<div class="line"><a name="l00199"></a><span class="lineno"> 199</span>  {</div>
|
|
955
|
+
<div class="line"><a name="l00200"></a><span class="lineno"> 200</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
956
|
+
<div class="line"><a name="l00201"></a><span class="lineno"> 201</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
957
|
+
<div class="line"><a name="l00202"></a><span class="lineno"> 202</span>  AbstractState&as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
958
|
+
<div class="line"><a name="l00203"></a><span class="lineno"> 203</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> block_count_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
959
|
+
<div class="line"><a name="l00204"></a><span class="lineno"> 204</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> block_size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
960
|
+
<div class="line"><a name="l00205"></a><span class="lineno"> 205</span>  AbstractValue block_count = as[block_count_id];</div>
|
|
961
|
+
<div class="line"><a name="l00206"></a><span class="lineno"> 206</span>  AbstractValue block_size = as[block_size_id];</div>
|
|
962
|
+
<div class="line"><a name="l00207"></a><span class="lineno"> 207</span>  AbstractValue block_byte = block_count * block_size;</div>
|
|
963
|
+
<div class="line"><a name="l00208"></a><span class="lineno"> 208</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), block_byte, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
965
964
|
<div class="line"><a name="l00209"></a><span class="lineno"> 209</span>  };</div>
|
|
966
|
-
<div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  </div>
|
|
967
|
-
<div class="line"><a name="l00211"></a><span class="lineno"> 211</span> 
|
|
968
|
-
<div class="line"><a name="l00212"></a><span class="lineno"> 212</span> 
|
|
969
|
-
<div class="line"><a name="l00213"></a><span class="lineno"> 213</span> 
|
|
970
|
-
<div class="line"><a name="l00214"></a><span class="lineno"> 214</span> 
|
|
971
|
-
<div class="line"><a name="l00215"></a><span class="lineno"> 215</span> 
|
|
972
|
-
<div class="line"><a name="l00216"></a><span class="lineno"> 216</span> 
|
|
973
|
-
<div class="line"><a name="l00217"></a><span class="lineno"> 217</span> 
|
|
974
|
-
<div class="line"><a name="l00218"></a><span class="lineno"> 218</span> 
|
|
975
|
-
<div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  <span class="keywordflow">if</span> (cs.
|
|
976
|
-
<div class="line"><a name="l00220"></a><span class="lineno"> 220</span> 
|
|
977
|
-
<div class="line"><a name="l00221"></a><span class="lineno"> 221</span> 
|
|
978
|
-
<div class="line"><a name="l00222"></a><span class="lineno"> 222</span> 
|
|
979
|
-
<div class="line"><a name="l00223"></a><span class="lineno"> 223</span>  <
|
|
980
|
-
<div class="line"><a name="l00224"></a><span class="lineno"> 224</span> 
|
|
981
|
-
<div class="line"><a name="l00225"></a><span class="lineno"> 225</span> 
|
|
982
|
-
<div class="line"><a name="l00226"></a><span class="lineno"> 226</span> 
|
|
983
|
-
<div class="line"><a name="l00227"></a><span class="lineno"> 227</span> 
|
|
984
|
-
<div class="line"><a name="l00228"></a><span class="lineno"> 228</span> 
|
|
985
|
-
<div class="line"><a name="l00229"></a><span class="lineno"> 229</span> 
|
|
986
|
-
<div class="line"><a name="l00230"></a><span class="lineno"> 230</span> 
|
|
987
|
-
<div class="line"><a name="l00231"></a><span class="lineno"> 231</span> 
|
|
988
|
-
<div class="line"><a name="l00232"></a><span class="lineno"> 232</span> 
|
|
989
|
-
<div class="line"><a name="l00233"></a><span class="lineno"> 233</span> 
|
|
990
|
-
<div class="line"><a name="l00234"></a><span class="lineno"> 234</span> 
|
|
991
|
-
<div class="line"><a name="l00235"></a><span class="lineno"> 235</span> 
|
|
992
|
-
<div class="line"><a name="l00236"></a><span class="lineno"> 236</span> 
|
|
993
|
-
<div class="line"><a name="l00237"></a><span class="lineno"> 237</span> 
|
|
994
|
-
<div class="line"><a name="l00238"></a><span class="lineno"> 238</span> 
|
|
995
|
-
<div class="line"><a name="l00239"></a><span class="lineno"> 239</span> 
|
|
996
|
-
<div class="line"><a name="l00240"></a><span class="lineno"> 240</span> 
|
|
997
|
-
<div class="line"><a name="l00241"></a><span class="lineno"> 241</span> 
|
|
998
|
-
<div class="line"><a name="l00242"></a><span class="lineno"> 242</span> 
|
|
999
|
-
<div class="line"><a name="l00243"></a><span class="lineno"> 243</span> 
|
|
1000
|
-
<div class="line"><a name="l00244"></a><span class="lineno"> 244</span> 
|
|
1001
|
-
<div class="line"><a name="l00245"></a><span class="lineno"> 245</span> 
|
|
1002
|
-
<div class="line"><a name="l00246"></a><span class="lineno"> 246</span> 
|
|
1003
|
-
<div class="line"><a name="l00247"></a><span class="lineno"> 247</span> 
|
|
1004
|
-
<div class="line"><a name="l00248"></a><span class="lineno"> 248</span> 
|
|
1005
|
-
<div class="line"><a name="l00249"></a><span class="lineno"> 249</span> 
|
|
1006
|
-
<div class="line"><a name="l00250"></a><span class="lineno"> 250</span> 
|
|
1007
|
-
<div class="line"><a name="l00251"></a><span class="lineno"> 251</span> 
|
|
1008
|
-
<div class="line"><a name="l00252"></a><span class="lineno"> 252</span> 
|
|
1009
|
-
<div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
1010
|
-
<div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
1011
|
-
<div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"
|
|
1012
|
-
<div class="line"><a name="l00256"></a><span class="lineno"> 256</span>  </div>
|
|
1013
|
-
<div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  </div>
|
|
1014
|
-
<div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  <
|
|
1015
|
-
<div class="line"><a name="l00259"></a><span class="lineno"> 259</span> 
|
|
1016
|
-
<div class="line"><a name="l00260"></a><span class="lineno"> 260</span> 
|
|
1017
|
-
<div class="line"><a name="l00261"></a><span class="lineno"> 261</span> 
|
|
1018
|
-
<div class="line"><a name="l00262"></a><span class="lineno"> 262</span> 
|
|
1019
|
-
<div class="line"><a name="l00263"></a><span class="lineno"> 263</span> 
|
|
1020
|
-
<div class="line"><a name="l00264"></a><span class="lineno"> 264</span> 
|
|
1021
|
-
<div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  </div>
|
|
1022
|
-
<div class="line"><a name="l00266"></a><span class="lineno"> 266</span> 
|
|
1023
|
-
<div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  <
|
|
1024
|
-
<div class="line"><a name="l00268"></a><span class="lineno"> 268</span>  <
|
|
1025
|
-
<div class="line"><a name="l00269"></a><span class="lineno"> 269</span> 
|
|
1026
|
-
<div class="line"><a name="l00270"></a><span class="lineno"> 270</span> 
|
|
1027
|
-
<div class="line"><a name="l00271"></a><span class="lineno"> 271</span>  </div>
|
|
1028
|
-
<div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  </div>
|
|
1029
|
-
<div class="line"><a name="l00273"></a><span class="lineno"> 273</span> 
|
|
1030
|
-
<div class="line"><a name="l00274"></a><span class="lineno"> 274</span> 
|
|
1031
|
-
<div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  <
|
|
1032
|
-
<div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  <
|
|
1033
|
-
<div class="line"><a name="l00277"></a><span class="lineno"> 277</span> 
|
|
1034
|
-
<div class="line"><a name="l00278"></a><span class="lineno"> 278</span> 
|
|
1035
|
-
<div class="line"><a name="l00279"></a><span class="lineno"> 279</span> 
|
|
1036
|
-
<div class="line"><a name="l00280"></a><span class="lineno"> 280</span> 
|
|
1037
|
-
<div class="line"><a name="l00281"></a><span class="lineno"> 281</span> 
|
|
1038
|
-
<div class="line"><a name="l00282"></a><span class="lineno"> 282</span> 
|
|
1039
|
-
<div class="line"><a name="l00283"></a><span class="lineno"> 283</span> 
|
|
1040
|
-
<div class="line"><a name="l00284"></a><span class="lineno"> 284</span> 
|
|
1041
|
-
<div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  <span class="
|
|
1042
|
-
<div class="line"><a name="l00286"></a><span class="lineno"> 286</span> 
|
|
1043
|
-
<div class="line"><a name="l00287"></a><span class="lineno"> 287</span> 
|
|
1044
|
-
<div class="line"><a name="l00288"></a><span class="lineno"> 288</span> 
|
|
1045
|
-
<div class="line"><a name="l00289"></a><span class="lineno"> 289</span> 
|
|
1046
|
-
<div class="line"><a name="l00290"></a><span class="lineno"> 290</span> 
|
|
1047
|
-
<div class="line"><a name="l00291"></a><span class="lineno"> 291</span> 
|
|
1048
|
-
<div class="line"><a name="l00292"></a><span class="lineno"> 292</span> 
|
|
1049
|
-
<div class="line"><a name="l00293"></a><span class="lineno"> 293</span> 
|
|
1050
|
-
<div class="line"><a name="l00294"></a><span class="lineno"> 294</span> 
|
|
1051
|
-
<div class="line"><a name="l00295"></a><span class="lineno"> 295</span> 
|
|
1052
|
-
<div class="line"><a name="l00296"></a><span class="lineno"> 296</span> 
|
|
1053
|
-
<div class="line"><a name="l00297"></a><span class="lineno"> 297</span> 
|
|
1054
|
-
<div class="line"><a name="l00298"></a><span class="lineno"> 298</span> 
|
|
1055
|
-
<div class="line"><a name="l00299"></a><span class="lineno"> 299</span> 
|
|
1056
|
-
<div class="line"><a name="l00300"></a><span class="lineno"> 300</span> 
|
|
1057
|
-
<div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  <
|
|
1058
|
-
<div class="line"><a name="l00302"></a><span class="lineno"> 302</span> 
|
|
1059
|
-
<div class="line"><a name="l00303"></a><span class="lineno"> 303</span> 
|
|
1060
|
-
<div class="line"><a name="l00304"></a><span class="lineno"> 304</span> 
|
|
1061
|
-
<div class="line"><a name="l00305"></a><span class="lineno"> 305</span> 
|
|
1062
|
-
<div class="line"><a name="l00306"></a><span class="lineno"> 306</span> 
|
|
1063
|
-
<div class="line"><a name="l00307"></a><span class="lineno"> 307</span> 
|
|
1064
|
-
<div class="line"><a name="l00308"></a><span class="lineno"> 308</span> 
|
|
1065
|
-
<div class="line"><a name="l00309"></a><span class="lineno"> 309</span> 
|
|
1066
|
-
<div class="line"><a name="l00310"></a><span class="lineno"> 310</span> 
|
|
1067
|
-
<div class="line"><a name="l00311"></a><span class="lineno"> 311</span> 
|
|
1068
|
-
<div class="line"><a name="l00312"></a><span class="lineno"> 312</span> 
|
|
1069
|
-
<div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  <
|
|
1070
|
-
<div class="line"><a name="l00314"></a><span class="lineno"> 314</span> 
|
|
1071
|
-
<div class="line"><a name="l00315"></a><span class="lineno"> 315</span>  <
|
|
1072
|
-
<div class="line"><a name="l00316"></a><span class="lineno"> 316</span> 
|
|
1073
|
-
<div class="line"><a name="l00317"></a><span class="lineno"> 317</span> 
|
|
1074
|
-
<div class="line"><a name="l00318"></a><span class="lineno"> 318</span> 
|
|
1075
|
-
<div class="line"><a name="l00319"></a><span class="lineno"> 319</span> 
|
|
1076
|
-
<div class="line"><a name="l00320"></a><span class="lineno"> 320</span> 
|
|
1077
|
-
<div class="line"><a name="l00321"></a><span class="lineno"> 321</span> 
|
|
1078
|
-
<div class="line"><a name="l00322"></a><span class="lineno"> 322</span> 
|
|
1079
|
-
<div class="line"><a name="l00323"></a><span class="lineno"> 323</span> 
|
|
1080
|
-
<div class="line"><a name="l00324"></a><span class="lineno"> 324</span> 
|
|
1081
|
-
<div class="line"><a name="l00325"></a><span class="lineno"> 325</span>  <span class="
|
|
1082
|
-
<div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  <span class="keywordflow">if</span> (
|
|
1083
|
-
<div class="line"><a name="l00327"></a><span class="lineno"> 327</span> 
|
|
1084
|
-
<div class="line"><a name="l00328"></a><span class="lineno"> 328</span> 
|
|
1085
|
-
<div class="line"><a name="l00329"></a><span class="lineno"> 329</span> 
|
|
1086
|
-
<div class="line"><a name="l00330"></a><span class="lineno"> 330</span> 
|
|
1087
|
-
<div class="line"><a name="l00331"></a><span class="lineno"> 331</span> 
|
|
1088
|
-
<div class="line"><a name="l00332"></a><span class="lineno"> 332</span> 
|
|
1089
|
-
<div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  <
|
|
1090
|
-
<div class="line"><a name="l00334"></a><span class="lineno"> 334</span> 
|
|
1091
|
-
<div class="line"><a name="l00335"></a><span class="lineno"> 335</span> 
|
|
1092
|
-
<div class="line"><a name="l00336"></a><span class="lineno"> 336</span> 
|
|
1093
|
-
<div class="line"><a name="l00337"></a><span class="lineno"> 337</span> 
|
|
1094
|
-
<div class="line"><a name="l00338"></a><span class="lineno"> 338</span> 
|
|
1095
|
-
<div class="line"><a name="l00339"></a><span class="lineno"> 339</span> 
|
|
1096
|
-
<div class="line"><a name="l00340"></a><span class="lineno"> 340</span> 
|
|
1097
|
-
<div class="line"><a name="l00341"></a><span class="lineno"> 341</span> 
|
|
1098
|
-
<div class="line"><a name="l00342"></a><span class="lineno"> 342</span> 
|
|
1099
|
-
<div class="line"><a name="l00343"></a><span class="lineno"> 343</span> 
|
|
1100
|
-
<div class="line"><a name="l00344"></a><span class="lineno"> 344</span> 
|
|
1101
|
-
<div class="line"><a name="l00345"></a><span class="lineno"> 345</span> 
|
|
1102
|
-
<div class="line"><a name="l00346"></a><span class="lineno"> 346</span> 
|
|
1103
|
-
<div class="line"><a name="l00347"></a><span class="lineno"> 347</span> 
|
|
1104
|
-
<div class="line"><a name="l00348"></a><span class="lineno"> 348</span> 
|
|
1105
|
-
<div class="line"><a name="l00349"></a><span class="lineno"> 349</span> 
|
|
1106
|
-
<div class="line"><a name="l00350"></a><span class="lineno"> 350</span> 
|
|
1107
|
-
<div class="line"><a name="l00351"></a><span class="lineno"> 351</span> 
|
|
1108
|
-
<div class="line"><a name="l00352"></a><span class="lineno"> 352</span> 
|
|
1109
|
-
<div class="line"><a name="l00353"></a><span class="lineno"> 353</span> 
|
|
1110
|
-
<div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  <
|
|
1111
|
-
<div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  <span class="
|
|
1112
|
-
<div class="line"><a name="l00356"></a><span class="lineno"> 356</span> 
|
|
1113
|
-
<div class="line"><a name="l00357"></a><span class="lineno"> 357</span> 
|
|
1114
|
-
<div class="line"><a name="l00358"></a><span class="lineno"> 358</span> 
|
|
1115
|
-
<div class="line"><a name="l00359"></a><span class="lineno"> 359</span> 
|
|
1116
|
-
<div class="line"><a name="l00360"></a><span class="lineno"> 360</span>  <span class="keywordflow">
|
|
965
|
+
<div class="line"><a name="l00210"></a><span class="lineno"> 210</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"fread"</span>] = sse_fread;</div>
|
|
966
|
+
<div class="line"><a name="l00211"></a><span class="lineno"> 211</span>  </div>
|
|
967
|
+
<div class="line"><a name="l00212"></a><span class="lineno"> 212</span>  <span class="keyword">auto</span> sse_sprintf = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
968
|
+
<div class="line"><a name="l00213"></a><span class="lineno"> 213</span>  {</div>
|
|
969
|
+
<div class="line"><a name="l00214"></a><span class="lineno"> 214</span>  <span class="comment">// printf is difficult to predict since it has no byte size arguments</span></div>
|
|
970
|
+
<div class="line"><a name="l00215"></a><span class="lineno"> 215</span>  };</div>
|
|
971
|
+
<div class="line"><a name="l00216"></a><span class="lineno"> 216</span>  </div>
|
|
972
|
+
<div class="line"><a name="l00217"></a><span class="lineno"> 217</span>  <span class="keyword">auto</span> sse_snprintf = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
973
|
+
<div class="line"><a name="l00218"></a><span class="lineno"> 218</span>  {</div>
|
|
974
|
+
<div class="line"><a name="l00219"></a><span class="lineno"> 219</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
975
|
+
<div class="line"><a name="l00220"></a><span class="lineno"> 220</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
976
|
+
<div class="line"><a name="l00221"></a><span class="lineno"> 221</span>  AbstractState&as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
977
|
+
<div class="line"><a name="l00222"></a><span class="lineno"> 222</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
978
|
+
<div class="line"><a name="l00223"></a><span class="lineno"> 223</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> dst_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
|
|
979
|
+
<div class="line"><a name="l00224"></a><span class="lineno"> 224</span>  <span class="comment">// get elem size of arg2</span></div>
|
|
980
|
+
<div class="line"><a name="l00225"></a><span class="lineno"> 225</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> elemSize = 1;</div>
|
|
981
|
+
<div class="line"><a name="l00226"></a><span class="lineno"> 226</span>  <span class="keywordflow">if</span> (cs.getArgument(2)->getType()->isArrayTy())</div>
|
|
982
|
+
<div class="line"><a name="l00227"></a><span class="lineno"> 227</span>  {</div>
|
|
983
|
+
<div class="line"><a name="l00228"></a><span class="lineno"> 228</span>  elemSize = SVFUtil::dyn_cast<SVFArrayType>(cs.getArgument(2)->getType())->getTypeOfElement()->getByteSize();</div>
|
|
984
|
+
<div class="line"><a name="l00229"></a><span class="lineno"> 229</span>  }</div>
|
|
985
|
+
<div class="line"><a name="l00230"></a><span class="lineno"> 230</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (cs.getArgument(2)->getType()->isPointerTy())</div>
|
|
986
|
+
<div class="line"><a name="l00231"></a><span class="lineno"> 231</span>  {</div>
|
|
987
|
+
<div class="line"><a name="l00232"></a><span class="lineno"> 232</span>  elemSize = <a class="code" href="classSVF_1_1AbstractInterpretation.html#abb8dd7424d62b56b899d3f4d218eeaac">getPointeeElement</a>(as, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2)))-><a class="code" href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">getByteSize</a>();</div>
|
|
988
|
+
<div class="line"><a name="l00233"></a><span class="lineno"> 233</span>  }</div>
|
|
989
|
+
<div class="line"><a name="l00234"></a><span class="lineno"> 234</span>  <span class="keywordflow">else</span></div>
|
|
990
|
+
<div class="line"><a name="l00235"></a><span class="lineno"> 235</span>  {</div>
|
|
991
|
+
<div class="line"><a name="l00236"></a><span class="lineno"> 236</span>  <span class="keywordflow">return</span>;</div>
|
|
992
|
+
<div class="line"><a name="l00237"></a><span class="lineno"> 237</span>  <span class="comment">// assert(false && "we cannot support this type");</span></div>
|
|
993
|
+
<div class="line"><a name="l00238"></a><span class="lineno"> 238</span>  }</div>
|
|
994
|
+
<div class="line"><a name="l00239"></a><span class="lineno"> 239</span>  AbstractValue size = as[size_id] * IntervalValue(elemSize) - IntervalValue(1);</div>
|
|
995
|
+
<div class="line"><a name="l00240"></a><span class="lineno"> 240</span>  <span class="keywordflow">if</span> (!as.inVarToAddrsTable(dst_id))</div>
|
|
996
|
+
<div class="line"><a name="l00241"></a><span class="lineno"> 241</span>  {</div>
|
|
997
|
+
<div class="line"><a name="l00242"></a><span class="lineno"> 242</span>  <span class="keywordflow">if</span> (<a class="code" href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">Options::BufferOverflowCheck</a>())</div>
|
|
998
|
+
<div class="line"><a name="l00243"></a><span class="lineno"> 243</span>  {</div>
|
|
999
|
+
<div class="line"><a name="l00244"></a><span class="lineno"> 244</span>  BufOverflowException bug(</div>
|
|
1000
|
+
<div class="line"><a name="l00245"></a><span class="lineno"> 245</span>  <span class="stringliteral">"snprintf dst_id or dst is not defined nor initializesd.\n"</span>,</div>
|
|
1001
|
+
<div class="line"><a name="l00246"></a><span class="lineno"> 246</span>  0, 0, 0, 0, cs.getArgument(0));</div>
|
|
1002
|
+
<div class="line"><a name="l00247"></a><span class="lineno"> 247</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">addBugToRecoder</a>(bug, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1003
|
+
<div class="line"><a name="l00248"></a><span class="lineno"> 248</span>  <span class="keywordflow">return</span>;</div>
|
|
1004
|
+
<div class="line"><a name="l00249"></a><span class="lineno"> 249</span>  }</div>
|
|
1005
|
+
<div class="line"><a name="l00250"></a><span class="lineno"> 250</span>  }</div>
|
|
1006
|
+
<div class="line"><a name="l00251"></a><span class="lineno"> 251</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), size, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1007
|
+
<div class="line"><a name="l00252"></a><span class="lineno"> 252</span>  };</div>
|
|
1008
|
+
<div class="line"><a name="l00253"></a><span class="lineno"> 253</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__snprintf_chk"</span>] = sse_snprintf;</div>
|
|
1009
|
+
<div class="line"><a name="l00254"></a><span class="lineno"> 254</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__vsprintf_chk"</span>] = sse_sprintf;</div>
|
|
1010
|
+
<div class="line"><a name="l00255"></a><span class="lineno"> 255</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__sprintf_chk"</span>] = sse_sprintf;</div>
|
|
1011
|
+
<div class="line"><a name="l00256"></a><span class="lineno"> 256</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"snprintf"</span>] = sse_snprintf;</div>
|
|
1012
|
+
<div class="line"><a name="l00257"></a><span class="lineno"> 257</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"sprintf"</span>] = sse_sprintf;</div>
|
|
1013
|
+
<div class="line"><a name="l00258"></a><span class="lineno"> 258</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"vsprintf"</span>] = sse_sprintf;</div>
|
|
1014
|
+
<div class="line"><a name="l00259"></a><span class="lineno"> 259</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"vsnprintf"</span>] = sse_snprintf;</div>
|
|
1015
|
+
<div class="line"><a name="l00260"></a><span class="lineno"> 260</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__vsnprintf_chk"</span>] = sse_snprintf;</div>
|
|
1016
|
+
<div class="line"><a name="l00261"></a><span class="lineno"> 261</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"swprintf"</span>] = sse_snprintf;</div>
|
|
1017
|
+
<div class="line"><a name="l00262"></a><span class="lineno"> 262</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"_snwprintf"</span>] = sse_snprintf;</div>
|
|
1018
|
+
<div class="line"><a name="l00263"></a><span class="lineno"> 263</span>  </div>
|
|
1019
|
+
<div class="line"><a name="l00264"></a><span class="lineno"> 264</span>  </div>
|
|
1020
|
+
<div class="line"><a name="l00265"></a><span class="lineno"> 265</span>  <span class="keyword">auto</span> sse_itoa = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
1021
|
+
<div class="line"><a name="l00266"></a><span class="lineno"> 266</span>  {</div>
|
|
1022
|
+
<div class="line"><a name="l00267"></a><span class="lineno"> 267</span>  <span class="comment">// itoa(num, ch, 10);</span></div>
|
|
1023
|
+
<div class="line"><a name="l00268"></a><span class="lineno"> 268</span>  <span class="comment">// num: int, ch: char*, 10 is decimal</span></div>
|
|
1024
|
+
<div class="line"><a name="l00269"></a><span class="lineno"> 269</span>  <span class="keywordflow">if</span> (cs.arg_size() < 3) <span class="keywordflow">return</span>;</div>
|
|
1025
|
+
<div class="line"><a name="l00270"></a><span class="lineno"> 270</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1026
|
+
<div class="line"><a name="l00271"></a><span class="lineno"> 271</span>  AbstractState&as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
1027
|
+
<div class="line"><a name="l00272"></a><span class="lineno"> 272</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> num_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(0));</div>
|
|
1028
|
+
<div class="line"><a name="l00273"></a><span class="lineno"> 273</span>  </div>
|
|
1029
|
+
<div class="line"><a name="l00274"></a><span class="lineno"> 274</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> num = (<a class="code" href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">u32_t</a>) as[num_id].getInterval().getNumeral();</div>
|
|
1030
|
+
<div class="line"><a name="l00275"></a><span class="lineno"> 275</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> snum = std::to_string(num);</div>
|
|
1031
|
+
<div class="line"><a name="l00276"></a><span class="lineno"> 276</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(1), AbstractValue((<a class="code" href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">s32_t</a>)snum.size()), <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1032
|
+
<div class="line"><a name="l00277"></a><span class="lineno"> 277</span>  };</div>
|
|
1033
|
+
<div class="line"><a name="l00278"></a><span class="lineno"> 278</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"itoa"</span>] = sse_itoa;</div>
|
|
1034
|
+
<div class="line"><a name="l00279"></a><span class="lineno"> 279</span>  </div>
|
|
1035
|
+
<div class="line"><a name="l00280"></a><span class="lineno"> 280</span>  </div>
|
|
1036
|
+
<div class="line"><a name="l00281"></a><span class="lineno"> 281</span>  <span class="keyword">auto</span> sse_strlen = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
1037
|
+
<div class="line"><a name="l00282"></a><span class="lineno"> 282</span>  {</div>
|
|
1038
|
+
<div class="line"><a name="l00283"></a><span class="lineno"> 283</span>  <span class="comment">// check the arg size</span></div>
|
|
1039
|
+
<div class="line"><a name="l00284"></a><span class="lineno"> 284</span>  <span class="keywordflow">if</span> (cs.arg_size() < 1) <span class="keywordflow">return</span>;</div>
|
|
1040
|
+
<div class="line"><a name="l00285"></a><span class="lineno"> 285</span>  <span class="keyword">const</span> SVFValue* strValue = cs.getArgument(0);</div>
|
|
1041
|
+
<div class="line"><a name="l00286"></a><span class="lineno"> 286</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1042
|
+
<div class="line"><a name="l00287"></a><span class="lineno"> 287</span>  AbstractState& as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
1043
|
+
<div class="line"><a name="l00288"></a><span class="lineno"> 288</span>  AbstractValue dst_size = <a class="code" href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">getStrlen</a>(as, strValue);</div>
|
|
1044
|
+
<div class="line"><a name="l00289"></a><span class="lineno"> 289</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> elemSize = 1;</div>
|
|
1045
|
+
<div class="line"><a name="l00290"></a><span class="lineno"> 290</span>  <span class="keywordflow">if</span> (strValue->getType()->isArrayTy())</div>
|
|
1046
|
+
<div class="line"><a name="l00291"></a><span class="lineno"> 291</span>  {</div>
|
|
1047
|
+
<div class="line"><a name="l00292"></a><span class="lineno"> 292</span>  elemSize = SVFUtil::dyn_cast<SVFArrayType>(strValue->getType())->getTypeOfElement()->getByteSize();</div>
|
|
1048
|
+
<div class="line"><a name="l00293"></a><span class="lineno"> 293</span>  }</div>
|
|
1049
|
+
<div class="line"><a name="l00294"></a><span class="lineno"> 294</span>  <span class="keywordflow">else</span> <span class="keywordflow">if</span> (strValue->getType()->isPointerTy())</div>
|
|
1050
|
+
<div class="line"><a name="l00295"></a><span class="lineno"> 295</span>  {</div>
|
|
1051
|
+
<div class="line"><a name="l00296"></a><span class="lineno"> 296</span>  <span class="keywordflow">if</span> (<span class="keyword">const</span> SVFType* pointee = <a class="code" href="classSVF_1_1AbstractInterpretation.html#abb8dd7424d62b56b899d3f4d218eeaac">getPointeeElement</a>(as, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(strValue)))</div>
|
|
1052
|
+
<div class="line"><a name="l00297"></a><span class="lineno"> 297</span>  elemSize = pointee->getByteSize();</div>
|
|
1053
|
+
<div class="line"><a name="l00298"></a><span class="lineno"> 298</span>  <span class="keywordflow">else</span></div>
|
|
1054
|
+
<div class="line"><a name="l00299"></a><span class="lineno"> 299</span>  elemSize = 1;</div>
|
|
1055
|
+
<div class="line"><a name="l00300"></a><span class="lineno"> 300</span>  }</div>
|
|
1056
|
+
<div class="line"><a name="l00301"></a><span class="lineno"> 301</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
|
|
1057
|
+
<div class="line"><a name="l00302"></a><span class="lineno"> 302</span>  as[lhsId] = dst_size / IntervalValue(elemSize);</div>
|
|
1058
|
+
<div class="line"><a name="l00303"></a><span class="lineno"> 303</span>  };</div>
|
|
1059
|
+
<div class="line"><a name="l00304"></a><span class="lineno"> 304</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"strlen"</span>] = sse_strlen;</div>
|
|
1060
|
+
<div class="line"><a name="l00305"></a><span class="lineno"> 305</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"wcslen"</span>] = sse_strlen;</div>
|
|
1061
|
+
<div class="line"><a name="l00306"></a><span class="lineno"> 306</span>  </div>
|
|
1062
|
+
<div class="line"><a name="l00307"></a><span class="lineno"> 307</span>  <span class="keyword">auto</span> sse_recv = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
1063
|
+
<div class="line"><a name="l00308"></a><span class="lineno"> 308</span>  {</div>
|
|
1064
|
+
<div class="line"><a name="l00309"></a><span class="lineno"> 309</span>  <span class="comment">// recv(sockfd, buf, len, flags);</span></div>
|
|
1065
|
+
<div class="line"><a name="l00310"></a><span class="lineno"> 310</span>  <span class="keywordflow">if</span> (cs.arg_size() < 4) <span class="keywordflow">return</span>;</div>
|
|
1066
|
+
<div class="line"><a name="l00311"></a><span class="lineno"> 311</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1067
|
+
<div class="line"><a name="l00312"></a><span class="lineno"> 312</span>  AbstractState&as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
1068
|
+
<div class="line"><a name="l00313"></a><span class="lineno"> 313</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> len_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(2));</div>
|
|
1069
|
+
<div class="line"><a name="l00314"></a><span class="lineno"> 314</span>  AbstractValue len = as[len_id] - IntervalValue(1);</div>
|
|
1070
|
+
<div class="line"><a name="l00315"></a><span class="lineno"> 315</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> lhsId = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getInstruction());</div>
|
|
1071
|
+
<div class="line"><a name="l00316"></a><span class="lineno"> 316</span>  as[lhsId] = len;</div>
|
|
1072
|
+
<div class="line"><a name="l00317"></a><span class="lineno"> 317</span>  <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(1), len, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));;</div>
|
|
1073
|
+
<div class="line"><a name="l00318"></a><span class="lineno"> 318</span>  };</div>
|
|
1074
|
+
<div class="line"><a name="l00319"></a><span class="lineno"> 319</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"recv"</span>] = sse_recv;</div>
|
|
1075
|
+
<div class="line"><a name="l00320"></a><span class="lineno"> 320</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"__recv"</span>] = sse_recv;</div>
|
|
1076
|
+
<div class="line"><a name="l00321"></a><span class="lineno"> 321</span>  <span class="keyword">auto</span> safe_bufaccess = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
1077
|
+
<div class="line"><a name="l00322"></a><span class="lineno"> 322</span>  {</div>
|
|
1078
|
+
<div class="line"><a name="l00323"></a><span class="lineno"> 323</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1079
|
+
<div class="line"><a name="l00324"></a><span class="lineno"> 324</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">_checkpoints</a>.erase(callNode);</div>
|
|
1080
|
+
<div class="line"><a name="l00325"></a><span class="lineno"> 325</span>  <span class="comment">//void SAFE_BUFACCESS(void* data, int size);</span></div>
|
|
1081
|
+
<div class="line"><a name="l00326"></a><span class="lineno"> 326</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
1082
|
+
<div class="line"><a name="l00327"></a><span class="lineno"> 327</span>  AbstractState&as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
1083
|
+
<div class="line"><a name="l00328"></a><span class="lineno"> 328</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
1084
|
+
<div class="line"><a name="l00329"></a><span class="lineno"> 329</span>  AbstractValue val = as[size_id];</div>
|
|
1085
|
+
<div class="line"><a name="l00330"></a><span class="lineno"> 330</span>  <span class="keywordflow">if</span> (val.isBottom())</div>
|
|
1086
|
+
<div class="line"><a name="l00331"></a><span class="lineno"> 331</span>  {</div>
|
|
1087
|
+
<div class="line"><a name="l00332"></a><span class="lineno"> 332</span>  val = IntervalValue(0);</div>
|
|
1088
|
+
<div class="line"><a name="l00333"></a><span class="lineno"> 333</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"SAFE_BUFACCESS size is bottom"</span>);</div>
|
|
1089
|
+
<div class="line"><a name="l00334"></a><span class="lineno"> 334</span>  }</div>
|
|
1090
|
+
<div class="line"><a name="l00335"></a><span class="lineno"> 335</span>  <span class="keywordtype">bool</span> isSafe = <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), val, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1091
|
+
<div class="line"><a name="l00336"></a><span class="lineno"> 336</span>  <span class="keywordflow">if</span> (isSafe)</div>
|
|
1092
|
+
<div class="line"><a name="l00337"></a><span class="lineno"> 337</span>  {</div>
|
|
1093
|
+
<div class="line"><a name="l00338"></a><span class="lineno"> 338</span>  std::cout << <span class="stringliteral">"safe buffer access success\n"</span>;</div>
|
|
1094
|
+
<div class="line"><a name="l00339"></a><span class="lineno"> 339</span>  <span class="keywordflow">return</span>;</div>
|
|
1095
|
+
<div class="line"><a name="l00340"></a><span class="lineno"> 340</span>  }</div>
|
|
1096
|
+
<div class="line"><a name="l00341"></a><span class="lineno"> 341</span>  <span class="keywordflow">else</span></div>
|
|
1097
|
+
<div class="line"><a name="l00342"></a><span class="lineno"> 342</span>  {</div>
|
|
1098
|
+
<div class="line"><a name="l00343"></a><span class="lineno"> 343</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> err_msg = <span class="stringliteral">"this SAFE_BUFACCESS should be a safe access but detected buffer overflow. Pos: "</span>;</div>
|
|
1099
|
+
<div class="line"><a name="l00344"></a><span class="lineno"> 344</span>  err_msg += cs.getInstruction()->getSourceLoc();</div>
|
|
1100
|
+
<div class="line"><a name="l00345"></a><span class="lineno"> 345</span>  std::cerr << err_msg << std::endl;</div>
|
|
1101
|
+
<div class="line"><a name="l00346"></a><span class="lineno"> 346</span>  assert(<span class="keyword">false</span>);</div>
|
|
1102
|
+
<div class="line"><a name="l00347"></a><span class="lineno"> 347</span>  }</div>
|
|
1103
|
+
<div class="line"><a name="l00348"></a><span class="lineno"> 348</span>  };</div>
|
|
1104
|
+
<div class="line"><a name="l00349"></a><span class="lineno"> 349</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"SAFE_BUFACCESS"</span>] = safe_bufaccess;</div>
|
|
1105
|
+
<div class="line"><a name="l00350"></a><span class="lineno"> 350</span>  </div>
|
|
1106
|
+
<div class="line"><a name="l00351"></a><span class="lineno"> 351</span>  <span class="keyword">auto</span> unsafe_bufaccess = [&](<span class="keyword">const</span> CallSite &cs)</div>
|
|
1107
|
+
<div class="line"><a name="l00352"></a><span class="lineno"> 352</span>  {</div>
|
|
1108
|
+
<div class="line"><a name="l00353"></a><span class="lineno"> 353</span>  <span class="keyword">const</span> CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(<a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1109
|
+
<div class="line"><a name="l00354"></a><span class="lineno"> 354</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">_checkpoints</a>.erase(callNode);</div>
|
|
1110
|
+
<div class="line"><a name="l00355"></a><span class="lineno"> 355</span>  <span class="comment">//void UNSAFE_BUFACCESS(void* data, int size);</span></div>
|
|
1111
|
+
<div class="line"><a name="l00356"></a><span class="lineno"> 356</span>  <span class="keywordflow">if</span> (cs.arg_size() < 2) <span class="keywordflow">return</span>;</div>
|
|
1112
|
+
<div class="line"><a name="l00357"></a><span class="lineno"> 357</span>  AbstractState&as = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">getAbsState</a>(callNode);</div>
|
|
1113
|
+
<div class="line"><a name="l00358"></a><span class="lineno"> 358</span>  <a class="code" href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a> size_id = <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">getValueNode</a>(cs.getArgument(1));</div>
|
|
1114
|
+
<div class="line"><a name="l00359"></a><span class="lineno"> 359</span>  AbstractValue val = as[size_id];</div>
|
|
1115
|
+
<div class="line"><a name="l00360"></a><span class="lineno"> 360</span>  <span class="keywordflow">if</span> (val.isBottom())</div>
|
|
1117
1116
|
<div class="line"><a name="l00361"></a><span class="lineno"> 361</span>  {</div>
|
|
1118
|
-
<div class="line"><a name="l00362"></a><span class="lineno"> 362</span>  <span class="
|
|
1119
|
-
<div class="line"><a name="l00363"></a><span class="lineno"> 363</span> 
|
|
1120
|
-
<div class="line"><a name="l00364"></a><span class="lineno"> 364</span> 
|
|
1121
|
-
<div class="line"><a name="l00365"></a><span class="lineno"> 365</span> 
|
|
1122
|
-
<div class="line"><a name="l00366"></a><span class="lineno"> 366</span> 
|
|
1123
|
-
<div class="line"><a name="l00367"></a><span class="lineno"> 367</span> 
|
|
1124
|
-
<div class="line"><a name="l00368"></a><span class="lineno"> 368</span> 
|
|
1125
|
-
<div class="line"><a name="l00369"></a><span class="lineno"> 369</span> 
|
|
1126
|
-
<div class="line"><a name="l00370"></a><span class="lineno"> 370</span>  </div>
|
|
1127
|
-
<div class="line"><a name="l00371"></a><span class="lineno"> 371</span> 
|
|
1128
|
-
<div class="line"><a name="l00372"></a><span class="lineno"> 372</span> 
|
|
1129
|
-
<div class="line"><a name="l00373"></a><span class="lineno"> 373</span> 
|
|
1130
|
-
<div class="line"><a name="l00374"></a><span class="lineno"> 374</span> 
|
|
1117
|
+
<div class="line"><a name="l00362"></a><span class="lineno"> 362</span>  assert(<span class="keyword">false</span> && <span class="stringliteral">"UNSAFE_BUFACCESS size is bottom"</span>);</div>
|
|
1118
|
+
<div class="line"><a name="l00363"></a><span class="lineno"> 363</span>  }</div>
|
|
1119
|
+
<div class="line"><a name="l00364"></a><span class="lineno"> 364</span>  <span class="keywordtype">bool</span> isSafe = <a class="code" href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">canSafelyAccessMemory</a>(cs.getArgument(0), val, <a class="code" href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">_svfir</a>-><a class="code" href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">getICFG</a>()-><a class="code" href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">getICFGNode</a>(cs.getInstruction()));</div>
|
|
1120
|
+
<div class="line"><a name="l00365"></a><span class="lineno"> 365</span>  <span class="keywordflow">if</span> (!isSafe)</div>
|
|
1121
|
+
<div class="line"><a name="l00366"></a><span class="lineno"> 366</span>  {</div>
|
|
1122
|
+
<div class="line"><a name="l00367"></a><span class="lineno"> 367</span>  std::cout << <span class="stringliteral">"detect buffer overflow success\n"</span>;</div>
|
|
1123
|
+
<div class="line"><a name="l00368"></a><span class="lineno"> 368</span>  <span class="keywordflow">return</span>;</div>
|
|
1124
|
+
<div class="line"><a name="l00369"></a><span class="lineno"> 369</span>  }</div>
|
|
1125
|
+
<div class="line"><a name="l00370"></a><span class="lineno"> 370</span>  <span class="keywordflow">else</span></div>
|
|
1126
|
+
<div class="line"><a name="l00371"></a><span class="lineno"> 371</span>  {</div>
|
|
1127
|
+
<div class="line"><a name="l00372"></a><span class="lineno"> 372</span>  <span class="comment">// if it is safe, it means it is wrongly labeled, assert false.</span></div>
|
|
1128
|
+
<div class="line"><a name="l00373"></a><span class="lineno"> 373</span>  <a class="code" href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">std::string</a> err_msg = <span class="stringliteral">"this UNSAFE_BUFACCESS should be a buffer overflow but not detected. Pos: "</span>;</div>
|
|
1129
|
+
<div class="line"><a name="l00374"></a><span class="lineno"> 374</span>  err_msg += cs.getInstruction()->getSourceLoc();</div>
|
|
1130
|
+
<div class="line"><a name="l00375"></a><span class="lineno"> 375</span>  std::cerr << err_msg << std::endl;</div>
|
|
1131
|
+
<div class="line"><a name="l00376"></a><span class="lineno"> 376</span>  assert(<span class="keyword">false</span>);</div>
|
|
1132
|
+
<div class="line"><a name="l00377"></a><span class="lineno"> 377</span>  }</div>
|
|
1133
|
+
<div class="line"><a name="l00378"></a><span class="lineno"> 378</span>  };</div>
|
|
1134
|
+
<div class="line"><a name="l00379"></a><span class="lineno"> 379</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">_func_map</a>[<span class="stringliteral">"UNSAFE_BUFACCESS"</span>] = unsafe_bufaccess;</div>
|
|
1135
|
+
<div class="line"><a name="l00380"></a><span class="lineno"> 380</span>  </div>
|
|
1136
|
+
<div class="line"><a name="l00381"></a><span class="lineno"> 381</span>  <span class="comment">// init _checkpoint_names</span></div>
|
|
1137
|
+
<div class="line"><a name="l00382"></a><span class="lineno"> 382</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">_checkpoint_names</a>.insert(<span class="stringliteral">"SAFE_BUFACCESS"</span>);</div>
|
|
1138
|
+
<div class="line"><a name="l00383"></a><span class="lineno"> 383</span>  <a class="code" href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">_checkpoint_names</a>.insert(<span class="stringliteral">"UNSAFE_BUFACCESS"</span>);</div>
|
|
1139
|
+
<div class="line"><a name="l00384"></a><span class="lineno"> 384</span> }</div>
|
|
1131
1140
|
</div><!-- fragment -->
|
|
1132
1141
|
</div>
|
|
1133
1142
|
</div>
|
|
@@ -1186,53 +1195,53 @@ Additional Inherited Members</h2></td></tr>
|
|
|
1186
1195
|
</ul>
|
|
1187
1196
|
</div><!-- contents -->
|
|
1188
1197
|
<div class="ttc" id="aclassSVF_1_1SVFType_html_a95b8031f1e15d49c7d68628be1d05aae"><div class="ttname"><a href="classSVF_1_1SVFType.html#a95b8031f1e15d49c7d68628be1d05aae">SVF::SVFType::getByteSize</a></div><div class="ttdeci">u32_t getByteSize() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFType_8h_source.html#l00244">SVFType.h:244</a></div></div>
|
|
1189
|
-
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a62baa9403069a9b1e010eaeb2f6b9b34"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a62baa9403069a9b1e010eaeb2f6b9b34">SVF::SVFIR2AbsState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(u32_t id) const</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00129">SVFIR2AbsState.h:129</a></div></div>
|
|
1190
1198
|
<div class="ttc" id="aCommandLine_8h_html_a2429346d37bd4c40889bd7c6d319d9da"><div class="ttname"><a href="CommandLine_8h.html#a2429346d37bd4c40889bd7c6d319d9da">u32_t</a></div><div class="ttdeci">unsigned u32_t</div><div class="ttdef"><b>Definition:</b> <a href="CommandLine_8h_source.html#l00018">CommandLine.h:18</a></div></div>
|
|
1191
1199
|
<div class="ttc" id="astructSVF_1_1AbstractValue_html_ab1fe6a57f784971b3bc603dbfda746e8"><div class="ttname"><a href="structSVF_1_1AbstractValue.html#ab1fe6a57f784971b3bc603dbfda746e8">SVF::AbstractValue::getAddrs</a></div><div class="ttdeci">AddressValue & getAddrs()</div><div class="ttdef"><b>Definition:</b> <a href="AbstractValue_8h_source.html#l00171">AbstractValue.h:171</a></div></div>
|
|
1192
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad68fa02efad8b628e4542dc9ab6c58bf"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const AbstractValue &len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
1200
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad68fa02efad8b628e4542dc9ab6c58bf"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad68fa02efad8b628e4542dc9ab6c58bf">SVF::BufOverflowChecker::canSafelyAccessMemory</a></div><div class="ttdeci">bool canSafelyAccessMemory(const SVFValue *value, const AbstractValue &len, const ICFGNode *curNode)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00501">BufOverflowChecker.cpp:501</a></div></div>
|
|
1193
1201
|
<div class="ttc" id="aclassSVF_1_1IRGraph_html_a43514023a4f4d0c32f536f51443b0efc"><div class="ttname"><a href="classSVF_1_1IRGraph.html#a43514023a4f4d0c32f536f51443b0efc">SVF::IRGraph::getValueNode</a></div><div class="ttdeci">NodeID getValueNode(const SVFValue *V)</div><div class="ttdef"><b>Definition:</b> <a href="IRGraph_8h_source.html#l00137">IRGraph.h:137</a></div></div>
|
|
1194
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a5bba3c0570d73acc743742a30af1b0b4"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a5bba3c0570d73acc743742a30af1b0b4">SVF::AbstractInterpretation::getStrlen</a></div><div class="ttdeci">AbstractValue getStrlen(const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01464">AbstractInterpretation.cpp:1464</a></div></div>
|
|
1195
1202
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a9815a5b31ac7dc21239d08e5b9f61106"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a9815a5b31ac7dc21239d08e5b9f61106">SVF::SVFUtil::getSVFCallSite</a></div><div class="ttdeci">CallSite getSVFCallSite(const SVFInstruction *inst)</div><div class="ttdoc">Return LLVM callsite given an instruction.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00196">SVFUtil.h:196</a></div></div>
|
|
1196
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a5d3b15c3cdb9c8e91b942924bf8aee21"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a5d3b15c3cdb9c8e91b942924bf8aee21">SVF::AbstractInterpretation::_kind</a></div><div class="ttdeci">AEKind _kind</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1197
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad8b2f2fa6f22b9d1655135c819cbad8a"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">SVF::BufOverflowChecker::detectStrcpy</a></div><div class="ttdeci">bool detectStrcpy(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
1203
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a5d3b15c3cdb9c8e91b942924bf8aee21"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a5d3b15c3cdb9c8e91b942924bf8aee21">SVF::AbstractInterpretation::_kind</a></div><div class="ttdeci">AEKind _kind</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00344">AbstractInterpretation.h:344</a></div></div>
|
|
1204
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_ad8b2f2fa6f22b9d1655135c819cbad8a"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#ad8b2f2fa6f22b9d1655135c819cbad8a">SVF::BufOverflowChecker::detectStrcpy</a></div><div class="ttdeci">bool detectStrcpy(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00125">BufOverflowChecker.cpp:125</a></div></div>
|
|
1205
|
+
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a611ac228efd661b301ea1dd675cd1c0c"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a611ac228efd661b301ea1dd675cd1c0c">SVF::SVFIR2AbsState::getAddrs</a></div><div class="ttdeci">AbstractValue & getAddrs(AbstractState &es, u32_t id)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00104">SVFIR2AbsState.h:104</a></div></div>
|
|
1198
1206
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daad20658cd0f68b92583461b0b1f68d543">SVF::AbstractInterpretation::UNCLASSIFIED</a></div><div class="ttdeci">@ UNCLASSIFIED</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1199
1207
|
<div class="ttc" id="anamespaceSVF_html_a41375daa7cc99317d0aa2a21dc643b88aa5aa2ddadb5f0392b52dcbe487fe0ecd"><div class="ttname"><a href="namespaceSVF.html#a41375daa7cc99317d0aa2a21dc643b88aa5aa2ddadb5f0392b52dcbe487fe0ecd">SVF::AEKind::BufOverflowChecker</a></div><div class="ttdeci">@ BufOverflowChecker</div></div>
|
|
1200
1208
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa93c9b2a9dc4bdfba5a7b23cfa5f80ccb">SVF::AbstractInterpretation::STRCPY</a></div><div class="ttdeci">@ STRCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1201
1209
|
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a4e032a5e0898f0e349927d5a86c8477c"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a4e032a5e0898f0e349927d5a86c8477c">SVF::SVFIR2AbsState::getRangeLimitFromType</a></div><div class="ttdeci">AbstractValue getRangeLimitFromType(const SVFType *type)</div><div class="ttdoc">Return the value range of Integer SVF Type, e.g. unsigned i8 Type->[0, 255], signed i8 Type->[-128,...</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8cpp_source.html#l00049">SVFIR2AbsState.cpp:49</a></div></div>
|
|
1202
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a618fc324a6c205d7e1b471bd850377a9"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">SVF::AbstractInterpretation::_svfir</a></div><div class="ttdeci">SVFIR * _svfir</div><div class="ttdoc">protected data members, also used in subclasses</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1203
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a1e1b72ed740cef4c3e57e3e32c3f75"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">SVF::AbstractInterpretation::_checkpoint_names</a></div><div class="ttdeci">Set< std::string > _checkpoint_names</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1204
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aed959fce840cbea32d3567ee1ac01e82"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">SVF::BufOverflowChecker::initExtAPIBufOverflowCheckRules</a></div><div class="ttdeci">void initExtAPIBufOverflowCheckRules()</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
1205
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aa68f8aef09481d7c07dc59d7dfb83822"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">SVF::BufOverflowChecker::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
1210
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a618fc324a6c205d7e1b471bd850377a9"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a618fc324a6c205d7e1b471bd850377a9">SVF::AbstractInterpretation::_svfir</a></div><div class="ttdeci">SVFIR * _svfir</div><div class="ttdoc">protected data members, also used in subclasses</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00336">AbstractInterpretation.h:336</a></div></div>
|
|
1211
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2a1e1b72ed740cef4c3e57e3e32c3f75"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2a1e1b72ed740cef4c3e57e3e32c3f75">SVF::AbstractInterpretation::_checkpoint_names</a></div><div class="ttdeci">Set< std::string > _checkpoint_names</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00389">AbstractInterpretation.h:389</a></div></div>
|
|
1212
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aed959fce840cbea32d3567ee1ac01e82"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aed959fce840cbea32d3567ee1ac01e82">SVF::BufOverflowChecker::initExtAPIBufOverflowCheckRules</a></div><div class="ttdeci">void initExtAPIBufOverflowCheckRules()</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00078">BufOverflowChecker.cpp:78</a></div></div>
|
|
1213
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_aa68f8aef09481d7c07dc59d7dfb83822"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#aa68f8aef09481d7c07dc59d7dfb83822">SVF::BufOverflowChecker::detectStrcat</a></div><div class="ttdeci">bool detectStrcat(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00386">BufOverflowChecker.cpp:386</a></div></div>
|
|
1206
1214
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a4080994b793d9510c00cb3a0260e0a61"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a4080994b793d9510c00cb3a0260e0a61">SVF::AbstractInterpretation::AbstractInterpretation</a></div><div class="ttdeci">AbstractInterpretation()</div><div class="ttdoc">Constructor.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00123">AbstractInterpretation.cpp:123</a></div></div>
|
|
1207
1215
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_a145abbd2958629718fbca41d25c3124d"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#a145abbd2958629718fbca41d25c3124d">SVF::SVFUtil::getCallee</a></div><div class="ttdeci">const SVFFunction * getCallee(const CallSite cs)</div><div class="ttdoc">Return callee of a callsite. Return null if this is an indirect call.</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00241">SVFUtil.h:241</a></div></div>
|
|
1208
1216
|
<div class="ttc" id="acJSON_8h_html_ad4c68ea99a26b0a98ad9a79982960458"><div class="ttname"><a href="cJSON_8h.html#ad4c68ea99a26b0a98ad9a79982960458">string</a></div><div class="ttdeci">const char *const string</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8h_source.html#l00172">cJSON.h:172</a></div></div>
|
|
1209
1217
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa9cc269dadf9cff7d399c54d9570a6614">SVF::AbstractInterpretation::MEMCPY</a></div><div class="ttdeci">@ MEMCPY</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1210
1218
|
<div class="ttc" id="aclassSVF_1_1ICFG_html_a5f2c0aaba07d6fdd63058da0fb60ca8b"><div class="ttname"><a href="classSVF_1_1ICFG.html#a5f2c0aaba07d6fdd63058da0fb60ca8b">SVF::ICFG::getICFGNode</a></div><div class="ttdeci">ICFGNode * getICFGNode(NodeID id) const</div><div class="ttdoc">Get a ICFG node.</div><div class="ttdef"><b>Definition:</b> <a href="ICFG_8h_source.html#l00092">ICFG.h:92</a></div></div>
|
|
1219
|
+
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_ad42ca3cab47612c78a5d99cedea2f4ba"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#ad42ca3cab47612c78a5d99cedea2f4ba">SVF::SVFIR2AbsState::inVarToAddrsTable</a></div><div class="ttdeci">bool inVarToAddrsTable(AbstractState &es, u32_t id) const</div><div class="ttdoc">whether the variable is in varToAddrs table</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00120">SVFIR2AbsState.h:120</a></div></div>
|
|
1211
1220
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af83b65ed98cd4e0f6cd92962e7392d4d"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af83b65ed98cd4e0f6cd92962e7392d4d">SVF::BufOverflowChecker::_extAPIBufOverflowCheckRules</a></div><div class="ttdeci">Map< std::string, std::vector< std::pair< u32_t, u32_t > > > _extAPIBufOverflowCheckRules</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00202">BufOverflowChecker.h:202</a></div></div>
|
|
1212
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9c592b91a1e3d72ada730387232a2fcf"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">SVF::AbstractInterpretation::_svfir2AbsState</a></div><div class="ttdeci">SVFIR2AbsState * _svfir2AbsState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1213
|
-
<div class="ttc" id="
|
|
1221
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a9c592b91a1e3d72ada730387232a2fcf"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a9c592b91a1e3d72ada730387232a2fcf">SVF::AbstractInterpretation::_svfir2AbsState</a></div><div class="ttdeci">SVFIR2AbsState * _svfir2AbsState</div><div class="ttdoc">Execution State, used to store the Interval Value of every SVF variable.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00339">AbstractInterpretation.h:339</a></div></div>
|
|
1222
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a57e4ee3fde79c408dffe98894210d7c9"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a57e4ee3fde79c408dffe98894210d7c9">SVF::AbstractInterpretation::getAbsState</a></div><div class="ttdeci">AbstractState & getAbsState(const ICFGNode *node)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00372">AbstractInterpretation.h:372</a></div></div>
|
|
1223
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a6cac9b69d85111a5a26373ec848a3282"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a6cac9b69d85111a5a26373ec848a3282">SVF::AbstractInterpretation::handleExtAPI</a></div><div class="ttdeci">virtual void handleExtAPI(const CallICFGNode *call)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01166">AbstractInterpretation.cpp:1166</a></div></div>
|
|
1214
1224
|
<div class="ttc" id="aclassSVF_1_1GenericGraph_html_a43c9c773bfa17abf481c33073e30d01b"><div class="ttname"><a href="classSVF_1_1GenericGraph.html#a43c9c773bfa17abf481c33073e30d01b">SVF::GenericGraph::getGNode</a></div><div class="ttdeci">NodeType * getGNode(NodeID id) const</div><div class="ttdoc">Get a node.</div><div class="ttdef"><b>Definition:</b> <a href="GenericGraph_8h_source.html#l00406">GenericGraph.h:406</a></div></div>
|
|
1215
1225
|
<div class="ttc" id="aclassSVF_1_1Options_html_afbe432aabda95308e2c190a04d227a6d"><div class="ttname"><a href="classSVF_1_1Options.html#afbe432aabda95308e2c190a04d227a6d">SVF::Options::BufferOverflowCheck</a></div><div class="ttdeci">static const Option< bool > BufferOverflowCheck</div><div class="ttdoc">buffer overflow checker, Default: false</div><div class="ttdef"><b>Definition:</b> <a href="Options_8h_source.html#l00271">Options.h:271</a></div></div>
|
|
1216
1226
|
<div class="ttc" id="anamespaceSVF_html_a9b707002523ece2ac54ca893ee9a2d4e"><div class="ttname"><a href="namespaceSVF.html#a9b707002523ece2ac54ca893ee9a2d4e">SVF::s32_t</a></div><div class="ttdeci">signed s32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00047">GeneralType.h:47</a></div></div>
|
|
1217
|
-
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_a99b526db536fb241ff755a82a45123fa"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#a99b526db536fb241ff755a82a45123fa">SVF::SVFIR2AbsState::getAbsState</a></div><div class="ttdeci">AbstractState & getAbsState()</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00054">SVFIR2AbsState.h:54</a></div></div>
|
|
1218
1227
|
<div class="ttc" id="aclassSVF_1_1SVFIR_html_abda052b73e869ed6d7c139ad1528da11"><div class="ttname"><a href="classSVF_1_1SVFIR.html#abda052b73e869ed6d7c139ad1528da11">SVF::SVFIR::getICFG</a></div><div class="ttdeci">ICFG * getICFG() const</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR_8h_source.html#l00170">SVFIR.h:170</a></div></div>
|
|
1219
1228
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616da"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616da">SVF::AbstractInterpretation::ExtAPIType</a></div><div class="ttdeci">ExtAPIType</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1220
|
-
<div class="ttc" id="aclassSVF_1_1SVFIR2AbsState_html_aa3e62b9ef912def502b95992199f5d8c"><div class="ttname"><a href="classSVF_1_1SVFIR2AbsState.html#aa3e62b9ef912def502b95992199f5d8c">SVF::SVFIR2AbsState::getAddrs</a></div><div class="ttdeci">AbstractValue & getAddrs(u32_t id)</div><div class="ttdef"><b>Definition:</b> <a href="SVFIR2AbsState_8h_source.html#l00113">SVFIR2AbsState.h:113</a></div></div>
|
|
1221
1229
|
<div class="ttc" id="acJSON_8cpp_html_a95bf816579e97b6f33bdb5e25ed6d5de"><div class="ttname"><a href="cJSON_8cpp.html#a95bf816579e97b6f33bdb5e25ed6d5de">offset</a></div><div class="ttdeci">buffer offset</div><div class="ttdef"><b>Definition:</b> <a href="cJSON_8cpp_source.html#l01113">cJSON.cpp:1113</a></div></div>
|
|
1222
|
-
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af0e2276001df7d51c45b22d5d11ca09b"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">SVF::BufOverflowChecker::initExtFunMap</a></div><div class="ttdeci">virtual void initExtFunMap() override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#
|
|
1223
|
-
<div class="ttc" id="
|
|
1230
|
+
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_af0e2276001df7d51c45b22d5d11ca09b"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#af0e2276001df7d51c45b22d5d11ca09b">SVF::BufOverflowChecker::initExtFunMap</a></div><div class="ttdeci">virtual void initExtFunMap() override</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8cpp_source.html#l00136">BufOverflowChecker.cpp:136</a></div></div>
|
|
1231
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_ab076eddb7908768126c190c23b91eb85"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#ab076eddb7908768126c190c23b91eb85">SVF::AbstractInterpretation::getStrlen</a></div><div class="ttdeci">AbstractValue getStrlen(AbstractState &as, const SVF::SVFValue *strValue)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01451">AbstractInterpretation.cpp:1451</a></div></div>
|
|
1232
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a896d04a02951947bc228bf97b2c00313"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a896d04a02951947bc228bf97b2c00313">SVF::AbstractInterpretation::handleSVFStatement</a></div><div class="ttdeci">virtual void handleSVFStatement(const SVFStmt *stmt)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l00827">AbstractInterpretation.cpp:827</a></div></div>
|
|
1233
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_abb8dd7424d62b56b899d3f4d218eeaac"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#abb8dd7424d62b56b899d3f4d218eeaac">SVF::AbstractInterpretation::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(AbstractState &as, NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01605">AbstractInterpretation.cpp:1605</a></div></div>
|
|
1224
1234
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daae8dad405c06383859d8db715fd455317">SVF::AbstractInterpretation::STRCAT</a></div><div class="ttdeci">@ STRCAT</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1235
|
+
<div class="ttc" id="aclassSVF_1_1AbstractState_html_aaabe5850dbf1620c6058f5ac6cb169b6"><div class="ttname"><a href="classSVF_1_1AbstractState.html#aaabe5850dbf1620c6058f5ac6cb169b6">SVF::AbstractState::getInternalID</a></div><div class="ttdeci">static u32_t getInternalID(u32_t idx)</div><div class="ttdoc">Return the internal index if idx is an address otherwise return the value of idx.</div><div class="ttdef"><b>Definition:</b> <a href="AbstractState_8h_source.html#l00093">AbstractState.h:93</a></div></div>
|
|
1225
1236
|
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a13fdb4a6a6d09e3504fdad16b88616daa5aec33226dc590ec951d0f12bf35f15f">SVF::AbstractInterpretation::MEMSET</a></div><div class="ttdeci">@ MEMSET</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00113">AbstractInterpretation.h:113</a></div></div>
|
|
1226
1237
|
<div class="ttc" id="anamespaceSVF_html_a43a65e0d33af3c743294f7a1139d2301"><div class="ttname"><a href="namespaceSVF.html#a43a65e0d33af3c743294f7a1139d2301">SVF::NodeID</a></div><div class="ttdeci">unsigned NodeID</div><div class="ttdef"><b>Definition:</b> <a href="svf-llvm_2tools_2MTA_2MTAResultValidator_8h_source.html#l00020">MTAResultValidator.h:20</a></div></div>
|
|
1227
1238
|
<div class="ttc" id="aclassSVF_1_1SVFVar_html_ab6f95d3e7e099d75cfc9645ebc037047"><div class="ttname"><a href="classSVF_1_1SVFVar.html#ab6f95d3e7e099d75cfc9645ebc037047">SVF::SVFVar::getType</a></div><div class="ttdeci">virtual const SVFType * getType() const</div><div class="ttdoc">Return type of the value.</div><div class="ttdef"><b>Definition:</b> <a href="SVFVariables_8h_source.html#l00107">SVFVariables.h:107</a></div></div>
|
|
1228
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a2057e8e1c0aaf39e74f0a8fb2a1b580c"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a2057e8e1c0aaf39e74f0a8fb2a1b580c">SVF::AbstractInterpretation::getPointeeElement</a></div><div class="ttdeci">const SVFType * getPointeeElement(NodeID id)</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8cpp_source.html#l01620">AbstractInterpretation.cpp:1620</a></div></div>
|
|
1229
1239
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a0088456e712c555cbfba6203aec38037"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a0088456e712c555cbfba6203aec38037">SVF::BufOverflowChecker::_addrToGep</a></div><div class="ttdeci">Map< NodeID, const GepStmt * > _addrToGep</div><div class="ttdef"><b>Definition:</b> <a href="BufOverflowChecker_8h_source.html#l00201">BufOverflowChecker.h:201</a></div></div>
|
|
1230
|
-
<div class="ttc" id="
|
|
1231
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_aa27d0ef684deec1f5385fdb0d4c64827"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">SVF::AbstractInterpretation::_func_map</a></div><div class="ttdeci">Map< std::string, std::function< void(const CallSite &)> > _func_map</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00380">AbstractInterpretation.h:380</a></div></div>
|
|
1240
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_aa27d0ef684deec1f5385fdb0d4c64827"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#aa27d0ef684deec1f5385fdb0d4c64827">SVF::AbstractInterpretation::_func_map</a></div><div class="ttdeci">Map< std::string, std::function< void(const CallSite &)> > _func_map</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00387">AbstractInterpretation.h:387</a></div></div>
|
|
1232
1241
|
<div class="ttc" id="anamespaceSVF_html_ad42bff8d0a7d60a085aa32d10f4955af"><div class="ttname"><a href="namespaceSVF.html#ad42bff8d0a7d60a085aa32d10f4955af">SVF::u32_t</a></div><div class="ttdeci">unsigned u32_t</div><div class="ttdef"><b>Definition:</b> <a href="GeneralType_8h_source.html#l00046">GeneralType.h:46</a></div></div>
|
|
1233
1242
|
<div class="ttc" id="anamespaceSVF_1_1SVFUtil_html_ab65033f068bfbeb0a1c52dcec3beb6bc"><div class="ttname"><a href="namespaceSVF_1_1SVFUtil.html#ab65033f068bfbeb0a1c52dcec3beb6bc">SVF::SVFUtil::errs</a></div><div class="ttdeci">std::ostream & errs()</div><div class="ttdoc">Overwrite llvm::errs()</div><div class="ttdef"><b>Definition:</b> <a href="SVFUtil_8h_source.html#l00056">SVFUtil.h:56</a></div></div>
|
|
1234
1243
|
<div class="ttc" id="aclassSVF_1_1BufOverflowChecker_html_a7c11b81809cb087317cbea654a589f75"><div class="ttname"><a href="classSVF_1_1BufOverflowChecker.html#a7c11b81809cb087317cbea654a589f75">SVF::BufOverflowChecker::addBugToRecoder</a></div><div class="ttdeci">void addBugToRecoder(const BufOverflowException &e, const ICFGNode *node)</div></div>
|
|
1235
|
-
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a219313e979d779221116c1bc45becc1b"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">SVF::AbstractInterpretation::_checkpoints</a></div><div class="ttdeci">Set< const CallICFGNode * > _checkpoints</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#
|
|
1244
|
+
<div class="ttc" id="aclassSVF_1_1AbstractInterpretation_html_a219313e979d779221116c1bc45becc1b"><div class="ttname"><a href="classSVF_1_1AbstractInterpretation.html#a219313e979d779221116c1bc45becc1b">SVF::AbstractInterpretation::_checkpoints</a></div><div class="ttdeci">Set< const CallICFGNode * > _checkpoints</div><div class="ttdef"><b>Definition:</b> <a href="AbstractInterpretation_8h_source.html#l00388">AbstractInterpretation.h:388</a></div></div>
|
|
1236
1245
|
<!-- start footer part -->
|
|
1237
1246
|
<hr class="footer"/><address class="footer"><small>
|
|
1238
1247
|
Generated by  <a href="http://www.doxygen.org/index.html">
|