svf-tools 1.0.913 → 1.0.915

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -153,7 +153,7 @@ void AbstractInterpretation::analyse()
 {
     // handle Global ICFGNode of SVFModule
     handleGlobalNode();
-    _svfir2AbsState->getAbsState()[PAG::getPAG()->getBlkPtr()] = IntervalValue::top();
+    getAbsState(_icfg->getGlobalICFGNode())[PAG::getPAG()->getBlkPtr()] = IntervalValue::top();
     if (const SVFFunction* fun = _svfir->getModule()->getSVFFunction("main"))
     {
         handleFunc(fun);
@@ -163,15 +163,14 @@ void AbstractInterpretation::analyse()
 /// handle global node
 void AbstractInterpretation::handleGlobalNode()
 {
-    AbstractState es;
+    AbstractState as;
     const ICFGNode* node = _icfg->getGlobalICFGNode();
-    _svfir2AbsState->setEs(es);
+    _postAbsTrace[node] = _preAbsTrace[node];
     // Global Node, we just need to handle addr, load, store, copy and gep
     for (const SVFStmt *stmt: node->getSVFStmts())
     {
         handleSVFStatement(stmt);
     }
-    _postAbstractTrace[node] = _svfir2AbsState->getAbsState();
 }
 
 /// get execution state by merging states of predecessor blocks
@@ -179,21 +178,19 @@ void AbstractInterpretation::handleGlobalNode()
 /// Scenario 2: preblock -----(callEdge)----> block
 bool AbstractInterpretation::propagateStateIfFeasible(const ICFGNode *block)
 {
-    AbstractState es;
+    AbstractState as;
     u32_t inEdgeNum = 0;
     for (auto& edge: block->getInEdges())
     {
-        if (_postAbstractTrace.find(edge->getSrcNode()) !=
-                _postAbstractTrace.end())
+        if (_postAbsTrace.find(edge->getSrcNode()) != _postAbsTrace.end())
         {
             const IntraCFGEdge *intraCfgEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge);
             if (intraCfgEdge && intraCfgEdge->getCondition())
             {
-                AbstractState tmpEs =
-                    _postAbstractTrace[edge->getSrcNode()];
-                if (hasBranchES(intraCfgEdge, tmpEs))
+                AbstractState tmpEs = _postAbsTrace[edge->getSrcNode()];
+                if (isBranchFeasible(intraCfgEdge, tmpEs))
                 {
-                    es.joinWith(tmpEs);
+                    as.joinWith(tmpEs);
                     inEdgeNum++;
                 }
                 else
@@ -203,7 +200,7 @@ bool AbstractInterpretation::propagateStateIfFeasible(const ICFGNode *block)
             }
             else
             {
-                es.joinWith(_postAbstractTrace[edge->getSrcNode()]);
+                as.joinWith(_postAbsTrace[edge->getSrcNode()]);
                 inEdgeNum++;
             }
         }
@@ -218,17 +215,17 @@ bool AbstractInterpretation::propagateStateIfFeasible(const ICFGNode *block)
     }
     else
     {
-        _preAbstractTrace[block] = es;
+        _preAbsTrace[block] = as;
         return true;
     }
     assert(false && "implement this part");
 }
 
 
-bool AbstractInterpretation::hasCmpBranchES(const CmpStmt* cmpStmt, s64_t succ,
-        AbstractState& es)
+bool AbstractInterpretation::isCmpBranchFeasible(const CmpStmt* cmpStmt, s64_t succ,
+        AbstractState& as)
 {
-    AbstractState new_es = es;
+    AbstractState new_es = as;
     // get cmp stmt's op0, op1, and predicate
     NodeID op0 = cmpStmt->getOpVarID(0);
     NodeID op1 = cmpStmt->getOpVarID(1);
@@ -239,7 +236,7 @@ bool AbstractInterpretation::hasCmpBranchES(const CmpStmt* cmpStmt, s64_t succ,
     // skip address compare
     if (new_es.inVarToAddrsTable(op0) || new_es.inVarToAddrsTable(op1))
     {
-        es = new_es;
+        as = new_es;
         return true;
     }
     const LoadStmt *load_op0 = nullptr;
@@ -313,13 +310,13 @@ bool AbstractInterpretation::hasCmpBranchES(const CmpStmt* cmpStmt, s64_t succ,
         // if var X var, we cannot preset the branch condition to infer the intervals of var0,var1
         if (!b0 && !b1)
         {
-            es = new_es;
+            as = new_es;
             return true;
         }
         // if const X const, we can instantly get the resVal
         else if (b0 && b1)
         {
-            es = new_es;
+            as = new_es;
             return true;
         }
     }
@@ -442,14 +439,14 @@ bool AbstractInterpretation::hasCmpBranchES(const CmpStmt* cmpStmt, s64_t succ,
         assert(false && "implement this part");
         abort();
     }
-    es = new_es;
+    as = new_es;
     return true;
 }
 
-bool AbstractInterpretation::hasSwitchBranchES(const SVFVar* var, s64_t succ,
-        AbstractState& es)
+bool AbstractInterpretation::isSwitchBranchFeasible(const SVFVar* var, s64_t succ,
+        AbstractState& as)
 {
-    AbstractState new_es = es;
+    AbstractState new_es = as;
     IntervalValue& switch_cond = new_es[var->getId()].getInterval();
     s64_t value = succ;
     FIFOWorkList<const SVFStmt*> workList;
@@ -486,19 +483,20 @@ bool AbstractInterpretation::hasSwitchBranchES(const SVFVar* var, s64_t succ,
             }
         }
     }
-    es = new_es;
+    as = new_es;
     return true;
 }
 
-bool AbstractInterpretation::hasBranchES(const IntraCFGEdge* intraEdge,
-        AbstractState& es)
+bool AbstractInterpretation::isBranchFeasible(const IntraCFGEdge* intraEdge,
+        AbstractState& as)
 {
     const SVFValue *cond = intraEdge->getCondition();
     NodeID cmpID = _svfir->getValueNode(cond);
     SVFVar *cmpVar = _svfir->getGNode(cmpID);
     if (cmpVar->getInEdges().empty())
     {
-        return hasSwitchBranchES(cmpVar, intraEdge->getSuccessorCondValue(), es);
+        return isSwitchBranchFeasible(cmpVar,
+                                      intraEdge->getSuccessorCondValue(), as);
     }
     else
     {
@@ -507,11 +505,13 @@ bool AbstractInterpretation::hasBranchES(const IntraCFGEdge* intraEdge,
         SVFStmt *cmpVarInStmt = *cmpVar->getInEdges().begin();
         if (const CmpStmt *cmpStmt = SVFUtil::dyn_cast<CmpStmt>(cmpVarInStmt))
         {
-            return hasCmpBranchES(cmpStmt, intraEdge->getSuccessorCondValue(), es);
+            return isCmpBranchFeasible(cmpStmt,
+                                       intraEdge->getSuccessorCondValue(), as);
         }
         else
         {
-            return hasSwitchBranchES(cmpVar, intraEdge->getSuccessorCondValue(), es);
+            return isSwitchBranchFeasible(
+                       cmpVar, intraEdge->getSuccessorCondValue(), as);
         }
     }
     return true;
@@ -530,7 +530,7 @@ void AbstractInterpretation::handleWTONode(const ICFGNode *node)
     {
         // Has ES on the in edges - Feasible block
         // Get execution state from in edges
-        _svfir2AbsState->setEs(_preAbstractTrace[node]);
+        _postAbsTrace[node] = _preAbsTrace[node];
     }
 
     std::deque<const ICFGNode*> worklist;
@@ -541,9 +541,6 @@ void AbstractInterpretation::handleWTONode(const ICFGNode *node)
         const ICFGNode* curNode = *it;
         handleICFGNode(curNode);
     }
-
-    _preAbstractTrace.erase(node);
-    _postAbstractTrace[node] = _svfir2AbsState->getAbsState();
 }
 
 void AbstractInterpretation::handleCallSite(const ICFGNode* node)
@@ -598,6 +595,7 @@ bool AbstractInterpretation::isRecursiveCall(const SVF::CallICFGNode *callNode)
 
 void AbstractInterpretation::recursiveCallPass(const SVF::CallICFGNode *callNode)
 {
+    AbstractState& as = getAbsState(callNode);
     SkipRecursiveCall(callNode);
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     if (retNode->getSVFStmts().size() > 0)
@@ -607,11 +605,11 @@ void AbstractInterpretation::recursiveCallPass(const SVF::CallICFGNode *callNode
             if (!retPE->getLHSVar()->isPointer() &&
                     !retPE->getLHSVar()->isConstDataOrAggDataButNotNullPtr())
             {
-                _svfir2AbsState->getAbsState()[retPE->getLHSVarID()] = IntervalValue::top();
+                as[retPE->getLHSVarID()] = IntervalValue::top();
             }
         }
     }
-    _postAbstractTrace[retNode] = _svfir2AbsState->getAbsState();
+    _postAbsTrace[retNode] = as;
 }
 
 bool AbstractInterpretation::isDirectCall(const SVF::CallICFGNode *callNode)
@@ -621,18 +619,18 @@ bool AbstractInterpretation::isDirectCall(const SVF::CallICFGNode *callNode)
 }
 void AbstractInterpretation::directCallFunPass(const SVF::CallICFGNode *callNode)
 {
+    AbstractState& as = getAbsState(callNode);
     const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
-    AbstractState preES = _svfir2AbsState->getAbsState();
     _callSiteStack.push_back(callNode);
 
-    _postAbstractTrace[callNode] = _svfir2AbsState->getAbsState();
+    _postAbsTrace[callNode] = as;
 
     handleFunc(callfun);
     _callSiteStack.pop_back();
     // handle Ret node
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     // resume ES to callnode
-    _postAbstractTrace[retNode] = _postAbstractTrace[callNode];
+    _postAbsTrace[retNode] = _postAbsTrace[callNode];
 }
 
 bool AbstractInterpretation::isIndirectCall(const SVF::CallICFGNode *callNode)
@@ -643,29 +641,28 @@ bool AbstractInterpretation::isIndirectCall(const SVF::CallICFGNode *callNode)
 
 void AbstractInterpretation::indirectCallFunPass(const SVF::CallICFGNode *callNode)
 {
+    AbstractState& as = getAbsState(callNode);
     const auto callsiteMaps = _svfir->getIndirectCallsites();
     NodeID call_id = callsiteMaps.at(callNode);
-    if (!_svfir2AbsState->getAbsState().inVarToAddrsTable(call_id))
+    if (!as.inVarToAddrsTable(call_id))
     {
         return;
     }
     AbstractValue Addrs =
-        _svfir2AbsState->getAddrs(call_id); //_svfir2ExeState->getEs()
+        _svfir2AbsState->getAddrs(as, call_id); //_svfir2ExeState->getEs()
     NodeID addr = *Addrs.getAddrs().begin();
-    SVFVar *func_var = _svfir->getGNode(_svfir2AbsState->getInternalID(addr));
+    SVFVar *func_var = _svfir->getGNode(AbstractState::getInternalID(addr));
     const SVFFunction *callfun = SVFUtil::dyn_cast<SVFFunction>(func_var->getValue());
     if (callfun)
     {
-        AbstractState preES = _svfir2AbsState->getAbsState();
         _callSiteStack.push_back(callNode);
-
-        _postAbstractTrace[callNode] = _svfir2AbsState->getAbsState();
+        _postAbsTrace[callNode] = as;
 
         handleFunc(callfun);
         _callSiteStack.pop_back();
         // handle Ret node
         const RetICFGNode *retNode = callNode->getRetICFGNode();
-        _postAbstractTrace[retNode] = _postAbstractTrace[callNode];
+        _postAbsTrace[retNode] = _postAbsTrace[callNode];
     }
 }
 
@@ -700,7 +697,7 @@ void AbstractInterpretation::handleCycle(const ICFGWTOCycle *cycle)
         // No ES on the in edges - Infeasible block
         return;
     }
-    AbstractState pre_es = _preAbstractTrace[cycle->head()];
+    AbstractState pre_es = _preAbsTrace[cycle->head()];
     // set -widen-delay
     s32_t widen_delay = Options::WidenDelay();
     bool incresing = true;
@@ -711,11 +708,11 @@ void AbstractInterpretation::handleCycle(const ICFGWTOCycle *cycle)
         handleWTONode(cycle_head);
         if (i < widen_delay)
         {
-            if (i> 0 && pre_es >= _postAbstractTrace[cycle_head])
+            if (i> 0 && pre_es >= _postAbsTrace[cycle_head])
             {
                 break;
             }
-            pre_es = _postAbstractTrace[cycle_head];
+            pre_es = _postAbsTrace[cycle_head];
         }
         else
         {
@@ -761,21 +758,21 @@ bool AbstractInterpretation::widenFixpointPass(const ICFGNode* cycle_head,
         AbstractState& pre_es)
 {
     // increasing iterations
-    AbstractState new_pre_es = pre_es.widening(_postAbstractTrace[cycle_head]);
+    AbstractState new_pre_es = pre_es.widening(_postAbsTrace[cycle_head]);
     AbstractState new_pre_vaddr_es = new_pre_es;
-    _svfir2AbsState->widenAddrs(new_pre_es, _postAbstractTrace[cycle_head]);
+    //_svfir2AbsState->widenAddrs(getCurState(), new_pre_es, _postAbsTrace[cycle_head]);
 
     if (pre_es >= new_pre_es)
     {
         // increasing iterations - fixpoint reached
         pre_es = new_pre_es;
-        _postAbstractTrace[cycle_head] = pre_es;
+        _postAbsTrace[cycle_head] = pre_es;
         return true;
     }
     else
     {
         pre_es = new_pre_es;
-        _postAbstractTrace[cycle_head] = pre_es;
+        _postAbsTrace[cycle_head] = pre_es;
         return false;
     }
 }
@@ -783,20 +780,20 @@ bool AbstractInterpretation::widenFixpointPass(const ICFGNode* cycle_head,
 bool AbstractInterpretation::narrowFixpointPass(const SVF::ICFGNode *cycle_head, SVF::AbstractState&pre_es)
 {
     // decreasing iterations
-    AbstractState new_pre_es = pre_es.narrowing(_postAbstractTrace[cycle_head]);
+    AbstractState new_pre_es = pre_es.narrowing(_postAbsTrace[cycle_head]);
     AbstractState new_pre_vaddr_es = new_pre_es;
-    _svfir2AbsState->narrowAddrs(new_pre_es, _postAbstractTrace[cycle_head]);
+    //_svfir2AbsState->narrowAddrs(getCurState(), new_pre_es, _postAbsTrace[cycle_head]);
     if (new_pre_es >= pre_es)
     {
         // decreasing iterations - fixpoint reached
         pre_es = new_pre_es;
-        _postAbstractTrace[cycle_head] = pre_es;
+        _postAbsTrace[cycle_head] = pre_es;
         return true;
     }
     else
     {
         pre_es = new_pre_es;
-        _postAbstractTrace[cycle_head] = pre_es;
+        _postAbsTrace[cycle_head] = pre_es;
         return false;
     }
 }
@@ -829,17 +826,18 @@ void AbstractInterpretation::handleFunc(const SVFFunction *func)
 
 void AbstractInterpretation::handleSVFStatement(const SVFStmt *stmt)
 {
+    AbstractState& as = getAbsState(stmt->getICFGNode());
     if (const AddrStmt *addr = SVFUtil::dyn_cast<AddrStmt>(stmt))
     {
-        _svfir2AbsState->handleAddr(addr);
+        _svfir2AbsState->handleAddr(as, addr);
     }
     else if (const BinaryOPStmt *binary = SVFUtil::dyn_cast<BinaryOPStmt>(stmt))
     {
-        _svfir2AbsState->handleBinary(binary);
+        _svfir2AbsState->handleBinary(as, binary);
     }
     else if (const CmpStmt *cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
     {
-        _svfir2AbsState->handleCmp(cmp);
+        _svfir2AbsState->handleCmp(as, cmp);
     }
     else if (SVFUtil::isa<UnaryOPStmt>(stmt))
     {
@@ -850,36 +848,36 @@ void AbstractInterpretation::handleSVFStatement(const SVFStmt *stmt)
     }
     else if (const LoadStmt *load = SVFUtil::dyn_cast<LoadStmt>(stmt))
     {
-        _svfir2AbsState->handleLoad(load);
+        _svfir2AbsState->handleLoad(as, load);
     }
     else if (const StoreStmt *store = SVFUtil::dyn_cast<StoreStmt>(stmt))
     {
-        _svfir2AbsState->handleStore(store);
+        _svfir2AbsState->handleStore(as, store);
     }
     else if (const CopyStmt *copy = SVFUtil::dyn_cast<CopyStmt>(stmt))
     {
-        _svfir2AbsState->handleCopy(copy);
+        _svfir2AbsState->handleCopy(as, copy);
     }
     else if (const GepStmt *gep = SVFUtil::dyn_cast<GepStmt>(stmt))
     {
-        _svfir2AbsState->handleGep(gep);
+        _svfir2AbsState->handleGep(as, gep);
     }
     else if (const SelectStmt *select = SVFUtil::dyn_cast<SelectStmt>(stmt))
     {
-        _svfir2AbsState->handleSelect(select);
+        _svfir2AbsState->handleSelect(as, select);
     }
     else if (const PhiStmt *phi = SVFUtil::dyn_cast<PhiStmt>(stmt))
     {
-        _svfir2AbsState->handlePhi(phi);
+        _svfir2AbsState->handlePhi(as, phi);
     }
     else if (const CallPE *callPE = SVFUtil::dyn_cast<CallPE>(stmt))
     {
         // To handle Call Edge
-        _svfir2AbsState->handleCall(callPE);
+        _svfir2AbsState->handleCall(as, callPE);
     }
     else if (const RetPE *retPE = SVFUtil::dyn_cast<RetPE>(stmt))
     {
-        _svfir2AbsState->handleRet(retPE);
+        _svfir2AbsState->handleRet(as, retPE);
     }
     else
         assert(false && "implement this part");
@@ -888,15 +886,16 @@ void AbstractInterpretation::handleSVFStatement(const SVFStmt *stmt)
 
 void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
 {
+    AbstractState& as = getAbsState(callNode);
     const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     if (retNode->getSVFStmts().size() > 0)
     {
         if (const RetPE *retPE = SVFUtil::dyn_cast<RetPE>(*retNode->getSVFStmts().begin()))
         {
-            AbstractState es;
+            AbstractState as;
             if (!retPE->getLHSVar()->isPointer() && !retPE->getLHSVar()->isConstDataOrAggDataButNotNullPtr())
-                _svfir2AbsState->getAbsState()[retPE->getLHSVarID()] = IntervalValue::top();
+                as[retPE->getLHSVarID()] = IntervalValue::top();
         }
     }
     if (!retNode->getOutEdges().empty())
@@ -910,16 +909,9 @@ void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
             return;
         }
     }
-    SkipRecursiveFunc(callfun);
-}
-
-void AbstractInterpretation::SkipRecursiveFunc(const SVFFunction *func)
-{
-    // handle Recursive Funcs, go throw every relevant funcs/blocks.
-    // for every Call Argv, Ret , Global Vars, we make it as Top value
     FIFOWorkList<const SVFBasicBlock *> blkWorkList;
     FIFOWorkList<const ICFGNode *> instWorklist;
-    for (const SVFBasicBlock * bb: func->getReachableBBs())
+    for (const SVFBasicBlock * bb: callfun->getReachableBBs())
     {
         for (const SVFInstruction* inst: bb->getInstructionList())
         {
@@ -930,15 +922,14 @@ void AbstractInterpretation::SkipRecursiveFunc(const SVFFunction *func)
                 {
                     const SVFVar *rhsVar = store->getRHSVar();
                     u32_t lhs = store->getLHSVarID();
-                    AbstractState&curES = _svfir2AbsState->getAbsState();
-                    if (curES.inVarToAddrsTable(lhs))
+                    if (as.inVarToAddrsTable(lhs))
                     {
                         if (!rhsVar->isPointer() && !rhsVar->isConstDataOrAggDataButNotNullPtr())
                         {
-                            const AbstractValue &addrs =curES.getAddrs(lhs);
+                            const AbstractValue &addrs = as.getAddrs(lhs);
                             for (const auto &addr: addrs.getAddrs())
                             {
-                                curES.store(addr, IntervalValue::top());
+                                as.store(addr, IntervalValue::top());
                             }
                         }
                     }
@@ -959,10 +950,10 @@ void AEStat::countStateSize()
         generalNumMap["ES_Loc_Addr_AVG_Num"] = 0;
     }
     ++count;
-    generalNumMap["ES_Var_AVG_Num"] +=
-        _ae->_svfir2AbsState->getAbsState().getVarToVal().size();
-    generalNumMap["ES_Loc_AVG_Num"] +=
-        _ae->_svfir2AbsState->getAbsState().getLocToVal().size();
+//    generalNumMap["ES_Var_AVG_Num"] +=
+//        _ae->getCurState().getVarToVal().size();
+//    generalNumMap["ES_Loc_AVG_Num"] +=
+//        _ae->getCurState().getLocToVal().size();
 }
 
 void AEStat::finializeStat()
@@ -1071,14 +1062,15 @@ void AbstractInterpretation::initExtFunMap()
 {
 #define SSE_FUNC_PROCESS(LLVM_NAME ,FUNC_NAME) \
         auto sse_##FUNC_NAME = [this](const CallSite &cs) { \
-        /* run real ext function */                                            \
-        AbstractState&es = _svfir2AbsState->getAbsState(); \
+        /* run real ext function */            \
+        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(_svfir->getICFG()->getICFGNode(cs.getInstruction())); \
+        AbstractState& as = getAbsState(callNode); \
         u32_t rhs_id = _svfir->getValueNode(cs.getArgument(0)); \
-        if (!es.inVarToValTable(rhs_id)) return; \
-        u32_t rhs = _svfir2AbsState->getAbsState()[rhs_id].getInterval().lb().getIntNumeral(); \
+        if (!as.inVarToValTable(rhs_id)) return; \
+        u32_t rhs = as[rhs_id].getInterval().lb().getIntNumeral(); \
         s32_t res = FUNC_NAME(rhs);            \
         u32_t lhsId = _svfir->getValueNode(cs.getInstruction());               \
-        _svfir2AbsState->getAbsState()[lhsId] = IntervalValue(res);           \
+        as[lhsId] = IntervalValue(res);           \
         return; \
     };                              \
     _func_map[#FUNC_NAME] = sse_##FUNC_NAME;
@@ -1107,9 +1099,9 @@ void AbstractInterpretation::initExtFunMap()
         const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(_svfir->getICFG()->getICFGNode(cs.getInstruction()));
         _checkpoints.erase(callNode);
         u32_t arg0 = _svfir->getValueNode(cs.getArgument(0));
-        AbstractState&es = _svfir2AbsState->getAbsState();
-        es[arg0].getInterval().meet_with(IntervalValue(1, 1));
-        if (es[arg0].getInterval().equals(IntervalValue(1, 1)))
+        AbstractState&as = getAbsState(callNode);
+        as[arg0].getInterval().meet_with(IntervalValue(1, 1));
+        if (as[arg0].getInterval().equals(IntervalValue(1, 1)))
         {
             SVFUtil::outs() << SVFUtil::sucMsg("The assertion is successfully verified!!\n");
         }
@@ -1125,11 +1117,12 @@ void AbstractInterpretation::initExtFunMap()
     auto svf_print = [&](const CallSite &cs)
     {
         if (cs.arg_size() < 2) return;
-        AbstractState&es = _svfir2AbsState->getAbsState();
+        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(_svfir->getICFG()->getICFGNode(cs.getInstruction()));
+        AbstractState&as = getAbsState(callNode);
         u32_t num_id = _svfir->getValueNode(cs.getArgument(0));
-        std::string text = strRead(cs.getArgument(1));
-        assert(es.inVarToValTable(num_id) && "print() should pass integer");
-        IntervalValue itv = es[num_id].getInterval();
+        std::string text = strRead(as, cs.getArgument(1));
+        assert(as.inVarToValTable(num_id) && "print() should pass integer");
+        IntervalValue itv = as[num_id].getInterval();
         std::cout << "Text: " << text <<", Value: " << cs.getArgument(0)->toString() << ", PrintVal: " << itv.toString() << std::endl;
         return;
     };
@@ -1139,22 +1132,21 @@ void AbstractInterpretation::initExtFunMap()
     _checkpoint_names.insert("svf_assert");
 };
 
-std::string AbstractInterpretation::strRead(const SVFValue* rhs)
+std::string AbstractInterpretation::strRead(AbstractState& as, const SVFValue* rhs)
 {
     // sse read string nodeID->string
-    AbstractState&es = _svfir2AbsState->getAbsState();
     std::string str0;
 
     for (u32_t index = 0; index < Options::MaxFieldLimit(); index++)
     {
         // dead loop for string and break if there's a \0. If no \0, it will throw err.
-        if (!es.inVarToAddrsTable(_svfir->getValueNode(rhs))) continue;
+        if (!as.inVarToAddrsTable(_svfir->getValueNode(rhs))) continue;
         AbstractValue expr0 =
-            _svfir2AbsState->getGepObjAddress(_svfir->getValueNode(rhs), index);
+            _svfir2AbsState->getGepObjAddress(as, _svfir->getValueNode(rhs), index);
         AbstractValue val(AbstractValue::UnknownType);
         for (const auto &addr: expr0.getAddrs())
         {
-            val.join_with(es.load(addr));
+            val.join_with(as.load(addr));
         }
         if (val.isUnknown())
             return str0;
@@ -1173,6 +1165,7 @@ std::string AbstractInterpretation::strRead(const SVFValue* rhs)
 
 void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
 {
+    AbstractState& as = getAbsState(call);
     const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
     assert(fun && "SVFFunction* is nullptr");
     CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
@@ -1198,13 +1191,13 @@ void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
         else
         {
             u32_t lhsId = _svfir->getValueNode(SVFUtil::getSVFCallSite(call->getCallSite()).getInstruction());
-            if (_svfir2AbsState->getAbsState().inVarToAddrsTable(lhsId))
+            if (as.inVarToAddrsTable(lhsId))
             {
 
             }
             else
             {
-                _svfir2AbsState->getAbsState()[lhsId] = IntervalValue();
+                as[lhsId] = IntervalValue();
             }
             return;
         }
@@ -1212,21 +1205,15 @@ void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
     // 1. memcpy functions like memcpy_chk, strncpy, annotate("MEMCPY"), annotate("BUF_CHECK:Arg0, Arg2"), annotate("BUF_CHECK:Arg1, Arg2")
     else if (extType == MEMCPY)
     {
-        AbstractValue len =
-            _svfir2AbsState
-            ->getAbsState()[_svfir->getValueNode(cs.getArgument(2))];
-        handleMemcpy(cs.getArgument(0), cs.getArgument(1), len, 0);
+        AbstractValue len = as[_svfir->getValueNode(cs.getArgument(2))];
+        handleMemcpy(as, cs.getArgument(0), cs.getArgument(1), len, 0);
     }
     else if (extType == MEMSET)
     {
         // memset dst is arg0, elem is arg1, size is arg2
-        AbstractValue len =
-            _svfir2AbsState
-            ->getAbsState()[_svfir->getValueNode(cs.getArgument(2))];
-        AbstractValue elem =
-            _svfir2AbsState
-            ->getAbsState()[_svfir->getValueNode(cs.getArgument(1))];
-        handleMemset(cs.getArgument(0), elem, len);
+        AbstractValue len = as[_svfir->getValueNode(cs.getArgument(2))];
+        AbstractValue elem = as[_svfir->getValueNode(cs.getArgument(1))];
+        handleMemset(as,cs.getArgument(0), elem, len);
     }
     else if (extType == STRCPY)
     {
@@ -1285,15 +1272,16 @@ void AbstractInterpretation::handleStrcpy(const CallICFGNode *call)
 {
     // strcpy, __strcpy_chk, stpcpy , wcscpy, __wcscpy_chk
     // get the dst and src
+    AbstractState& as = getAbsState(call);
     CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
     const SVFValue* arg0Val = cs.getArgument(0);
     const SVFValue* arg1Val = cs.getArgument(1);
-    AbstractValue strLen = getStrlen(arg1Val);
+    AbstractValue strLen = getStrlen(as, arg1Val);
     // no need to -1, since it has \0 as the last byte
-    handleMemcpy(arg0Val, arg1Val, strLen,strLen.lb().getIntNumeral());
+    handleMemcpy(as, arg0Val, arg1Val, strLen,strLen.lb().getIntNumeral());
 }
 
-u32_t AbstractInterpretation::getAllocaInstByteSize(const AddrStmt *addr)
+u32_t AbstractInterpretation::getAllocaInstByteSize(AbstractState& as, const AddrStmt *addr)
 {
     if (const ObjVar* objvar = SVFUtil::dyn_cast<ObjVar>(addr->getRHSVar()))
     {
@@ -1312,13 +1300,12 @@ u32_t AbstractInterpretation::getAllocaInstByteSize(const AddrStmt *addr)
             u64_t res = elementSize;
             for (const SVFValue* value: sizes)
             {
-                if (!_svfir2AbsState->inVarToValTable(_svfir->getValueNode(value)))
+                if (!_svfir2AbsState->inVarToValTable(as, _svfir->getValueNode(value)))
                 {
-                    _svfir2AbsState
-                    ->getAbsState()[_svfir->getValueNode(value)] = IntervalValue(Options::MaxFieldLimit());
+                    as[_svfir->getValueNode(value)] = IntervalValue(Options::MaxFieldLimit());
                 }
                 AbstractValue itv =
-                    _svfir2AbsState->getAbsState()[_svfir->getValueNode(value)];
+                    as[_svfir->getValueNode(value)];
                 res = res * itv.ub().getIntNumeral() > Options::MaxFieldLimit()? Options::MaxFieldLimit(): res * itv.ub().getIntNumeral();
             }
             return (u32_t)res;
@@ -1328,7 +1315,7 @@ u32_t AbstractInterpretation::getAllocaInstByteSize(const AddrStmt *addr)
     abort();
 }
 
-AbstractValue AbstractInterpretation::traceMemoryAllocationSize(const SVFValue *value)
+AbstractValue AbstractInterpretation::traceMemoryAllocationSize(AbstractState& as, const SVFValue *value)
 {
     /// Usually called by a GepStmt overflow check, or external API (like memcpy) overflow check
     /// Defitions of Terms:
@@ -1363,7 +1350,7 @@ AbstractValue AbstractInterpretation::traceMemoryAllocationSize(const SVFValue *
                 else if (const LoadStmt *load = SVFUtil::dyn_cast<LoadStmt>(stmt))
                 {
                     // Load Stmt, forward to the Var from last Store Stmt
-                    AccessMemoryViaLoadStmt(load, worklist, visited);
+                    AccessMemoryViaLoadStmt(as, load, worklist, visited);
                 }
                 else if (const GepStmt *gep = SVFUtil::dyn_cast<GepStmt>(stmt))
                 {
@@ -1410,7 +1397,7 @@ AbstractValue AbstractInterpretation::traceMemoryAllocationSize(const SVFValue *
                             else
                             {
                                 IntervalValue byteOffset =
-                                    _svfir2AbsState->getByteOffset(gep).getInterval();
+                                    _svfir2AbsState->getByteOffset(as, gep).getInterval();
                             }
                             // for variable offset, join with accumulate gep offset
                             gep_offsets[gep->getICFGNode()] = byteOffset;
@@ -1426,7 +1413,7 @@ AbstractValue AbstractInterpretation::traceMemoryAllocationSize(const SVFValue *
                 else if (const AddrStmt *addr = SVFUtil::dyn_cast<AddrStmt>(stmt))
                 {
                     // addrStmt is source node.
-                    u32_t arr_type_size = getAllocaInstByteSize(addr);
+                    u32_t arr_type_size = getAllocaInstByteSize(as, addr);
                     return IntervalValue(arr_type_size) - total_bytes;
                 }
             }
@@ -1437,7 +1424,7 @@ AbstractValue AbstractInterpretation::traceMemoryAllocationSize(const SVFValue *
             const SVFType* svftype = gvalue->getType();
             if (SVFUtil::isa<SVFPointerType>(svftype))
             {
-                if(const SVFArrayType* ptrArrType = SVFUtil::dyn_cast<SVFArrayType>(getPointeeElement(_svfir->getValueNode(value))))
+                if(const SVFArrayType* ptrArrType = SVFUtil::dyn_cast<SVFArrayType>(getPointeeElement(as, _svfir->getValueNode(value))))
                     arr_type_size = ptrArrType->getByteSize();
                 else
                     arr_type_size = svftype->getByteSize();
@@ -1461,23 +1448,22 @@ AbstractValue AbstractInterpretation::traceMemoryAllocationSize(const SVFValue *
 }
 
 
-AbstractValue AbstractInterpretation::getStrlen(const SVF::SVFValue *strValue)
+AbstractValue AbstractInterpretation::getStrlen(AbstractState& as, const SVF::SVFValue *strValue)
 {
-    AbstractState&es = _svfir2AbsState->getAbsState();
-    AbstractValue dst_size = traceMemoryAllocationSize(strValue);
+    AbstractValue dst_size = traceMemoryAllocationSize(as, strValue);
     u32_t len = 0;
     NodeID dstid = _svfir->getValueNode(strValue);
     u32_t elemSize = 1;
-    if (_svfir2AbsState->inVarToAddrsTable(dstid))
+    if (_svfir2AbsState->inVarToAddrsTable(as, dstid))
     {
         for (u32_t index = 0; index < dst_size.lb().getIntNumeral(); index++)
         {
             AbstractValue expr0 =
-                _svfir2AbsState->getGepObjAddress(dstid, index);
+                _svfir2AbsState->getGepObjAddress(as, dstid, index);
             AbstractValue val(AbstractValue::UnknownType);
             for (const auto &addr: expr0.getAddrs())
             {
-                val.join_with(es.load(addr));
+                val.join_with(as.load(addr));
             }
             if (val.isUnknown())
             {
@@ -1495,7 +1481,7 @@ AbstractValue AbstractInterpretation::getStrlen(const SVF::SVFValue *strValue)
         }
         else if (strValue->getType()->isPointerTy())
         {
-            if (const SVFType* elemType = getPointeeElement(_svfir->getValueNode(strValue)))
+            if (const SVFType* elemType = getPointeeElement(as, _svfir->getValueNode(strValue)))
             {
                 elemSize = elemType->getByteSize();
             }
@@ -1524,6 +1510,7 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
 {
     // __strcat_chk, strcat, __wcscat_chk, wcscat, __strncat_chk, strncat, __wcsncat_chk, wcsncat
     // to check it is  strcat group or strncat group
+    AbstractState& as = getAbsState(call);
     const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
     const std::vector<std::string> strcatGroup = {"__strcat_chk", "strcat", "__wcscat_chk", "wcscat"};
     const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
@@ -1532,10 +1519,10 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
         CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
-        AbstractValue strLen0 = getStrlen(arg0Val);
-        AbstractValue strLen1 = getStrlen(arg1Val);
+        AbstractValue strLen0 = getStrlen(as, arg0Val);
+        AbstractValue strLen1 = getStrlen(as, arg1Val);
         AbstractValue totalLen = strLen0 + strLen1;
-        handleMemcpy(arg0Val, arg1Val, strLen1, strLen0.lb().getIntNumeral());
+        handleMemcpy(as, arg0Val, arg1Val, strLen1, strLen0.lb().getIntNumeral());
         // do memcpy
     }
     else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
@@ -1544,11 +1531,10 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         const SVFValue* arg2Val = cs.getArgument(2);
-        AbstractValue arg2Num =
-            _svfir2AbsState->getAbsState()[_svfir->getValueNode(arg2Val)];
-        AbstractValue strLen0 = getStrlen(arg0Val);
+        AbstractValue arg2Num = as[_svfir->getValueNode(arg2Val)];
+        AbstractValue strLen0 = getStrlen(as, arg0Val);
         AbstractValue totalLen = strLen0 + arg2Num;
-        handleMemcpy(arg0Val, arg1Val, arg2Num, strLen0.lb().getIntNumeral());
+        handleMemcpy(as, arg0Val, arg1Val, arg2Num, strLen0.lb().getIntNumeral());
         // do memcpy
     }
     else
@@ -1557,9 +1543,8 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
     }
 }
 
-void AbstractInterpretation::handleMemcpy(const SVF::SVFValue *dst, const SVF::SVFValue *src, AbstractValue len,  u32_t start_idx)
+void AbstractInterpretation::handleMemcpy(AbstractState& as, const SVF::SVFValue *dst, const SVF::SVFValue *src, AbstractValue len,  u32_t start_idx)
 {
-    AbstractState&es = _svfir2AbsState->getAbsState();
     u32_t dstId = _svfir->getValueNode(dst); // pts(dstId) = {objid}  objbar objtypeinfo->getType().
     u32_t srcId = _svfir->getValueNode(src);
     u32_t elemSize = 1;
@@ -1570,7 +1555,7 @@ void AbstractInterpretation::handleMemcpy(const SVF::SVFValue *dst, const SVF::S
     // memcpy(i32*, i32*, 40)
     else if (dst->getType()->isPointerTy())
     {
-        if (const SVFType* elemType = getPointeeElement(_svfir->getValueNode(dst)))
+        if (const SVFType* elemType = getPointeeElement(as, _svfir->getValueNode(dst)))
         {
             if (elemType->isArrayTy())
                 elemSize = SVFUtil::dyn_cast<SVFArrayType>(elemType)->getTypeOfElement()->getByteSize();
@@ -1588,28 +1573,28 @@ void AbstractInterpretation::handleMemcpy(const SVF::SVFValue *dst, const SVF::S
     }
     u32_t size = std::min((u32_t)Options::MaxFieldLimit(), (u32_t) len.lb().getIntNumeral());
     u32_t range_val = size / elemSize;
-    if (_svfir2AbsState->inVarToAddrsTable(srcId) &&
-            _svfir2AbsState->inVarToAddrsTable(dstId))
+    if (_svfir2AbsState->inVarToAddrsTable(as, srcId) &&
+            _svfir2AbsState->inVarToAddrsTable(as, dstId))
     {
         for (u32_t index = 0; index < range_val; index++)
         {
             // dead loop for string and break if there's a \0. If no \0, it will throw err.
             AbstractValue expr_src =
-                _svfir2AbsState->getGepObjAddress(srcId, index);
+                _svfir2AbsState->getGepObjAddress(as, srcId, index);
             AbstractValue expr_dst =
-                _svfir2AbsState->getGepObjAddress(dstId, index + start_idx);
+                _svfir2AbsState->getGepObjAddress(as, dstId, index + start_idx);
             for (const auto &dst: expr_dst.getAddrs())
             {
                 for (const auto &src: expr_src.getAddrs())
                 {
                     u32_t objId = AbstractState::getInternalID(src);
-                    if (es.inLocToValTable(objId))
+                    if (as.inLocToValTable(objId))
                     {
-                        es.store(dst, es.load(src));
+                        as.store(dst, as.load(src));
                     }
-                    else if (es.inLocToAddrsTable(objId))
+                    else if (as.inLocToAddrsTable(objId))
                     {
-                        es.store(dst, es.load(src));
+                        as.store(dst, as.load(src));
                     }
                 }
             }
@@ -1617,14 +1602,14 @@ void AbstractInterpretation::handleMemcpy(const SVF::SVFValue *dst, const SVF::S
     }
 }
 
-const SVFType* AbstractInterpretation::getPointeeElement(NodeID id)
+const SVFType* AbstractInterpretation::getPointeeElement(AbstractState& as, NodeID id)
 {
-    if (_svfir2AbsState->inVarToAddrsTable(id))
+    if (_svfir2AbsState->inVarToAddrsTable(as, id))
     {
-        const AbstractValue& addrs = _svfir2AbsState->getAddrs(id);
+        const AbstractValue& addrs = _svfir2AbsState->getAddrs(as, id);
         for (auto addr: addrs.getAddrs())
         {
-            NodeID addr_id = _svfir2AbsState->getInternalID(addr);
+            NodeID addr_id = AbstractState::getInternalID(addr);
             if (addr_id == 0) // nullptr has no memobj, skip
                 continue;
             return SVFUtil::dyn_cast<ObjVar>(_svfir->getGNode(addr_id))->getMemObj()->getType();
@@ -1637,9 +1622,8 @@ const SVFType* AbstractInterpretation::getPointeeElement(NodeID id)
     return nullptr;
 }
 
-void AbstractInterpretation::handleMemset(const SVF::SVFValue *dst, AbstractValue elem, AbstractValue len)
+void AbstractInterpretation::handleMemset(AbstractState& as, const SVF::SVFValue *dst, AbstractValue elem, AbstractValue len)
 {
-    AbstractState&es = _svfir2AbsState->getAbsState();
     u32_t dstId = _svfir->getValueNode(dst);
     u32_t size = std::min((u32_t)Options::MaxFieldLimit(), (u32_t) len.lb().getIntNumeral());
     u32_t elemSize = 1;
@@ -1649,7 +1633,7 @@ void AbstractInterpretation::handleMemset(const SVF::SVFValue *dst, AbstractValu
     }
     else if (dst->getType()->isPointerTy())
     {
-        if (const SVFType* elemType = getPointeeElement(_svfir->getValueNode(dst)))
+        if (const SVFType* elemType = getPointeeElement(as, _svfir->getValueNode(dst)))
         {
             elemSize = elemType->getByteSize();
         }
@@ -1667,22 +1651,22 @@ void AbstractInterpretation::handleMemset(const SVF::SVFValue *dst, AbstractValu
     for (u32_t index = 0; index < range_val; index++)
     {
         // dead loop for string and break if there's a \0. If no \0, it will throw err.
-        if (_svfir2AbsState->inVarToAddrsTable(dstId))
+        if (_svfir2AbsState->inVarToAddrsTable(as, dstId))
         {
             AbstractValue lhs_gep =
-                _svfir2AbsState->getGepObjAddress(dstId, index);
+                _svfir2AbsState->getGepObjAddress(as, dstId, index);
             for (const auto &addr: lhs_gep.getAddrs())
             {
                 u32_t objId = AbstractState::getInternalID(addr);
-                if (es.inLocToValTable(objId))
+                if (as.inLocToValTable(objId))
                 {
-                    AbstractValue tmp = es.load(addr);
+                    AbstractValue tmp = as.load(addr);
                     tmp.join_with(elem);
-                    es.store(addr, tmp);
+                    as.store(addr, tmp);
                 }
                 else
                 {
-                    es.store(addr, elem);
+                    as.store(addr, elem);
                 }
             }
         }
@@ -1727,15 +1711,15 @@ void AbstractInterpretation::AccessMemoryViaCopyStmt(const CopyStmt *copy, SVF::
     }
 }
 
-void AbstractInterpretation::AccessMemoryViaLoadStmt(const LoadStmt *load, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited)
+void AbstractInterpretation::AccessMemoryViaLoadStmt(AbstractState& as, const LoadStmt *load, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited)
 {
-    if (_svfir2AbsState->inVarToAddrsTable(load->getLHSVarID()))
+    if (_svfir2AbsState->inVarToAddrsTable(as, load->getLHSVarID()))
     {
         const AbstractValue &Addrs =
-            _svfir2AbsState->getAddrs(load->getLHSVarID());
+            _svfir2AbsState->getAddrs(as, load->getLHSVarID());
         for (auto vaddr: Addrs.getAddrs())
         {
-            NodeID id = _svfir2AbsState->getInternalID(vaddr);
+            NodeID id = AbstractState::getInternalID(vaddr);
             if (id == 0) // nullptr has no memobj, skip
                 continue;
             const auto *val = _svfir->getGNode(id);