svf-tools 1.0.913 → 1.0.915

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.913",
+  "version": "1.0.915",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -154,7 +154,7 @@ protected:
      * @param intraEdge the edge from CmpStmt to the next node
      * @return if this edge is feasible
      */
-    bool hasBranchES(const IntraCFGEdge* intraEdge, AbstractState& es);
+    bool isBranchFeasible(const IntraCFGEdge* intraEdge, AbstractState& as);
 
     /**
      * handle instructions in ICFGNode
@@ -205,12 +205,6 @@ protected:
      */
     virtual void SkipRecursiveCall(const CallICFGNode* callnode);
 
-    /**
-    * Check if this function is recursive function and skip it.
-    *
-    * @param func SVFFunction is a recursive function
-     */
-    virtual void SkipRecursiveFunc(const SVFFunction* func);
 
     /**
     * Check if this cmpStmt and succ are satisfiable to the execution state.
@@ -219,8 +213,8 @@ protected:
     * @param succ the value of cmpStmt (True or False)
     * @return if this ICFGNode has preceding execution state
     */
-    bool hasCmpBranchES(const CmpStmt* cmpStmt, s64_t succ,
-                        AbstractState& es);
+    bool isCmpBranchFeasible(const CmpStmt* cmpStmt, s64_t succ,
+                             AbstractState& as);
 
     /**
     * Check if this SwitchInst and succ are satisfiable to the execution state.
@@ -229,8 +223,8 @@ protected:
     * @param succ the case value of switch inst
     * @return if this ICFGNode has preceding execution state
     */
-    bool hasSwitchBranchES(const SVFVar* var, s64_t succ,
-                           AbstractState& es);
+    bool isSwitchBranchFeasible(const SVFVar* var, s64_t succ,
+                                AbstractState& as);
 
 
     /**
@@ -254,7 +248,7 @@ protected:
     * @param addr Address Stmt like malloc/calloc/ALLOCA/StackAlloc
     * @return the byte size e.g. int32_t a[10] -> return 40
     */
-    u32_t getAllocaInstByteSize(const AddrStmt *addr);
+    u32_t getAllocaInstByteSize(AbstractState& as, const AddrStmt *addr);
 
     /**
     * get byte size of alloca inst
@@ -263,7 +257,7 @@ protected:
     * @param rhs SVFValue of string
     * @return the string
     */
-    std::string strRead(const SVFValue* rhs);
+    std::string strRead(AbstractState& as,const SVFValue* rhs);
 
     /**
     * get length of string
@@ -272,7 +266,7 @@ protected:
     * @param strValue SVFValue of string
     * @return AbstractValue of string length
     */
-    AbstractValue getStrlen(const SVF::SVFValue *strValue);
+    AbstractValue getStrlen(AbstractState& as, const SVF::SVFValue *strValue);
 
     /**
     * get memory allocation size
@@ -283,7 +277,7 @@ protected:
     * @param value to be traced
     * @return AbstractValue of allocation size
     */
-    AbstractValue traceMemoryAllocationSize(const SVFValue *value);
+    AbstractValue traceMemoryAllocationSize(AbstractState& as, const SVFValue *value);
     /**
     * execute strcpy in abstract execution
     * e.g  arr = new char[10]
@@ -310,7 +304,7 @@ protected:
     * we can set arr[3]='d', arr[4]='e', arr[5]='\0'
     * @param call callnode of memcpy like api
     */
-    virtual void handleMemcpy(const SVFValue* dst, const SVFValue* src, AbstractValue len, u32_t start_idx);
+    virtual void handleMemcpy(AbstractState& as, const SVFValue* dst, const SVFValue* src, AbstractValue len, u32_t start_idx);
     /**
     * execute memset in abstract execution
     * e.g  arr = new char[10]
@@ -318,7 +312,7 @@ protected:
     * we can set arr[0]='c', arr[1]='c', arr[2]='\0'
     * @param call callnode of memset like api
     */
-    virtual void handleMemset(const SVFValue* dst, AbstractValue elem, AbstractValue len);
+    virtual void handleMemset(AbstractState& as, const SVFValue* dst, AbstractValue elem, AbstractValue len);
 
     /**
     * if this NodeID in SVFIR is a pointer, get the pointee type
@@ -327,14 +321,14 @@ protected:
     * we can set arr[0]='c', arr[1]='c', arr[2]='\0'
     * @param call callnode of memset like api
     */
-    const SVFType* getPointeeElement(NodeID id);
+    const SVFType* getPointeeElement(AbstractState& as, NodeID id);
 
     void collectCheckPoint();
     void checkPointAllSet();
     // helper functions for traceMemoryAllocationSize and canSafelyAccessMemory
     void AccessMemoryViaRetNode(const CallICFGNode *callnode, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
     void AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
-    void AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
+    void AccessMemoryViaLoadStmt(AbstractState& as, const LoadStmt *load, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
     void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
 
 
@@ -375,13 +369,26 @@ protected:
     bool narrowFixpointPass(const ICFGNode* cycle_head,
                             AbstractState& pre_es);
 
+    AbstractState& getAbsState(const ICFGNode* node)
+    {
+        const ICFGNode* repNode = _icfg->getRepNode(node);
+        if (_postAbsTrace.count(repNode) == 0)
+        {
+            assert(0 && "No preAbsTrace for this node");
+        }
+        else
+        {
+            return _postAbsTrace[repNode];
+        }
+    }
+
 protected:
     // there data should be shared with subclasses
     Map<std::string, std::function<void(const CallSite &)>> _func_map;
     Set<const CallICFGNode*> _checkpoints;
     Set<std::string> _checkpoint_names;
-    Map<const ICFGNode*, AbstractState> _preAbstractTrace;
-    Map<const ICFGNode*, AbstractState> _postAbstractTrace;
+    Map<const ICFGNode*, AbstractState> _preAbsTrace;
+    Map<const ICFGNode*, AbstractState> _postAbsTrace;
     std::string _moduleName;
 };
 }

package/svf/include/AE/Svfexe/SVFIR2AbsState.h

@@ -46,15 +46,6 @@ public:
 public:
     SVFIR2AbsState(SVFIR *ir) : _svfir(ir) {}
 
-    void setEs(const AbstractState&es)
-    {
-        _es = es;
-    }
-
-    AbstractState& getAbsState()
-    {
-        return _es;
-    }
 
     void setRelEs(const RelExeState &relEs)
     {
@@ -66,34 +57,34 @@ public:
         return _relEs;
     }
 
-    void widenAddrs(AbstractState&lhs, const AbstractState&rhs);
+    void widenAddrs(AbstractState& es, AbstractState&lhs, const AbstractState&rhs);
 
-    void narrowAddrs(AbstractState&lhs, const AbstractState&rhs);
+    void narrowAddrs(AbstractState& es, AbstractState&lhs, const AbstractState&rhs);
 
     /// Return the field address given a pointer points to a struct object and an offset
-    AbstractValue getGepObjAddress(u32_t pointer, APOffset offset);
+    AbstractValue getGepObjAddress(AbstractState& es, u32_t pointer, APOffset offset);
 
     /// Return the value range of Integer SVF Type, e.g. unsigned i8 Type->[0, 255], signed i8 Type->[-128, 127]
     AbstractValue getRangeLimitFromType(const SVFType* type);
 
-    AbstractValue getZExtValue(const SVFVar* var);
-    AbstractValue getSExtValue(const SVFVar* var);
-    AbstractValue getFPToSIntValue(const SVFVar* var);
-    AbstractValue getFPToUIntValue(const SVFVar* var);
-    AbstractValue getSIntToFPValue(const SVFVar* var);
-    AbstractValue getUIntToFPValue(const SVFVar* var);
-    AbstractValue getTruncValue(const SVFVar* var, const SVFType* dstType);
-    AbstractValue getFPTruncValue(const SVFVar* var, const SVFType* dstType);
+    AbstractValue getZExtValue(AbstractState& es, const SVFVar* var);
+    AbstractValue getSExtValue(AbstractState& es, const SVFVar* var);
+    AbstractValue getFPToSIntValue(AbstractState& es, const SVFVar* var);
+    AbstractValue getFPToUIntValue(AbstractState& es, const SVFVar* var);
+    AbstractValue getSIntToFPValue(AbstractState& es, const SVFVar* var);
+    AbstractValue getUIntToFPValue(AbstractState& es, const SVFVar* var);
+    AbstractValue getTruncValue(AbstractState& es, const SVFVar* var, const SVFType* dstType);
+    AbstractValue getFPTruncValue(AbstractState& es, const SVFVar* var, const SVFType* dstType);
 
     /// Return the byte offset expression of a GepStmt
     /// elemBytesize is the element byte size of an static alloc or heap alloc array
     /// e.g. GepStmt* gep = [i32*10], x, and x is [0,3]
     /// std::pair<s32_t, s32_t> byteOffset = getByteOffset(gep);
     /// byteOffset should be [0, 12] since i32 is 4 bytes.
-    AbstractValue getByteOffset(const GepStmt *gep);
+    AbstractValue getByteOffset(AbstractState& es, const GepStmt *gep);
 
     /// Return the offset expression of a GepStmt
-    AbstractValue getItvOfFlattenedElemIndex(const GepStmt *gep);
+    AbstractValue getItvOfFlattenedElemIndex(AbstractState& es, const GepStmt *gep);
 
 
     static z3::context &getContext()
@@ -105,66 +96,66 @@ public:
 
 
     /// Init ObjVar
-    void initObjVar(const ObjVar *objVar, u32_t varId);
+    void initObjVar(AbstractState& es, const ObjVar *objVar, u32_t varId);
 
     /// Init SVFVar
-    void initSVFVar(u32_t varId);
+    void initSVFVar(AbstractState& es, u32_t varId);
 
-    inline AbstractValue &getAddrs(u32_t id)
+    inline AbstractValue &getAddrs(AbstractState& es, u32_t id)
     {
-        if (inVarToAddrsTable(id))
-            return _es.getAddrs(id);
+        if (inVarToAddrsTable(es, id))
+            return es.getAddrs(id);
         else
             return globalNulladdrs;
     }
 
 
     /// whether the variable is in varToVal table
-    inline bool inVarToValTable(u32_t id) const
+    inline bool inVarToValTable(AbstractState& es, u32_t id) const
     {
-        return _es.inVarToValTable(id);
+        return es.inVarToValTable(id);
     }
 
     /// whether the variable is in varToAddrs table
-    inline bool inVarToAddrsTable(u32_t id) const
+    inline bool inVarToAddrsTable(AbstractState& es, u32_t id) const
     {
-        return _es.inVarToAddrsTable(id);
+        return es.inVarToAddrsTable(id);
     }
 
 
     /// whether the memory address stores a interval value
-    inline bool inLocToValTable(u32_t id) const
+    inline bool inLocToValTable(AbstractState& es, u32_t id) const
     {
-        return _es.inLocToValTable(id);
+        return es.inLocToValTable(id);
     }
 
     /// whether the memory address stores memory addresses
-    inline bool inLocToAddrsTable(u32_t id) const
+    inline bool inLocToAddrsTable(AbstractState& es, u32_t id) const
     {
-        return _es.inLocToAddrsTable(id);
+        return es.inLocToAddrsTable(id);
     }
 
-    void handleAddr(const AddrStmt *addr);
+    void handleAddr(AbstractState& es, const AddrStmt *addr);
 
-    void handleBinary(const BinaryOPStmt *binary);
+    void handleBinary(AbstractState& es, const BinaryOPStmt *binary);
 
-    void handleCmp(const CmpStmt *cmp);
+    void handleCmp(AbstractState& es, const CmpStmt *cmp);
 
-    void handleLoad(const LoadStmt *load);
+    void handleLoad(AbstractState& es, const LoadStmt *load);
 
-    void handleStore(const StoreStmt *store);
+    void handleStore(AbstractState& es, const StoreStmt *store);
 
-    void handleCopy(const CopyStmt *copy);
+    void handleCopy(AbstractState& es, const CopyStmt *copy);
 
-    void handleCall(const CallPE *callPE);
+    void handleCall(AbstractState& es, const CallPE *callPE);
 
-    void handleRet(const RetPE *retPE);
+    void handleRet(AbstractState& es, const RetPE *retPE);
 
-    void handleGep(const GepStmt *gep);
+    void handleGep(AbstractState& es, const GepStmt *gep);
 
-    void handleSelect(const SelectStmt *select);
+    void handleSelect(AbstractState& es, const SelectStmt *select);
 
-    void handlePhi(const PhiStmt *phi);
+    void handlePhi(AbstractState& es, const PhiStmt *phi);
 
     /// Return the internal index if idx is an address otherwise return the value of idx
     static inline u32_t getInternalID(u32_t idx)
@@ -184,29 +175,8 @@ public:
         return AbstractState::isVirtualMemAddress(val);
     }
 
-protected:
-
-    void handleBinaryRel(const BinaryOPStmt *binary);
-
-    void handleCmpRel(const CmpStmt *cmp);
-
-    void handleLoadRel(const LoadStmt *load);
-
-    void handleStoreRel(const StoreStmt *store);
-
-    void handleCopyRel(const CopyStmt *copy);
-
-    void handleCallRel(const CallPE *callPE);
-
-    void handleRetRel(const RetPE *retPE);
-
-    void handleSelectRel(const SelectStmt *select);
-
-    void handlePhiRel(const PhiStmt *phi, const ICFGNode *srcNode, const std::vector<const ICFGEdge *> &path);
-
 private:
     SVFIR *_svfir;
-    AbstractState _es;
     RelExeState _relEs;
 };
 }