svf-tools 1.0.943 → 1.0.944
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/svf/include/AE/Core/AbstractState.h +8 -72
- package/svf/include/AE/Core/AbstractValue.h +34 -142
- package/svf/include/AE/Svfexe/SVFIR2AbsState.h +11 -11
- package/svf/lib/AE/Core/AbstractState.cpp +5 -58
- package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp +5 -11
- package/svf/lib/AE/Svfexe/SVFIR2AbsState.cpp +140 -213
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "svf-tools",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.944",
|
|
4
4
|
"description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -183,20 +183,6 @@ public:
|
|
|
183
183
|
return _varToAbsVal.at(varId);
|
|
184
184
|
}
|
|
185
185
|
|
|
186
|
-
/// get memory addresses of variable
|
|
187
|
-
AbstractValue &getAddrs(u32_t id)
|
|
188
|
-
{
|
|
189
|
-
if (_varToAbsVal.find(id)!= _varToAbsVal.end())
|
|
190
|
-
{
|
|
191
|
-
return _varToAbsVal[id];
|
|
192
|
-
}
|
|
193
|
-
else
|
|
194
|
-
{
|
|
195
|
-
_varToAbsVal[id] = AddressValue();
|
|
196
|
-
return _varToAbsVal[id];
|
|
197
|
-
}
|
|
198
|
-
}
|
|
199
|
-
|
|
200
186
|
/// whether the variable is in varToAddrs table
|
|
201
187
|
inline bool inVarToAddrsTable(u32_t id) const
|
|
202
188
|
{
|
|
@@ -289,31 +275,6 @@ public:
|
|
|
289
275
|
return (s32_t) e.lb().getNumeral();
|
|
290
276
|
}
|
|
291
277
|
|
|
292
|
-
/// Return true if map has bottom value
|
|
293
|
-
inline bool has_bottom()
|
|
294
|
-
{
|
|
295
|
-
for (auto it = _varToAbsVal.begin(); it != _varToAbsVal.end(); ++it)
|
|
296
|
-
{
|
|
297
|
-
if (it->second.isInterval())
|
|
298
|
-
{
|
|
299
|
-
if (it->second.getInterval().isBottom())
|
|
300
|
-
{
|
|
301
|
-
return true;
|
|
302
|
-
}
|
|
303
|
-
}
|
|
304
|
-
}
|
|
305
|
-
for (auto it = _addrToAbsVal.begin(); it != _addrToAbsVal.end(); ++it)
|
|
306
|
-
{
|
|
307
|
-
if (it->second.isInterval())
|
|
308
|
-
{
|
|
309
|
-
if (it->second.getInterval().isBottom())
|
|
310
|
-
{
|
|
311
|
-
return true;
|
|
312
|
-
}
|
|
313
|
-
}
|
|
314
|
-
}
|
|
315
|
-
return false;
|
|
316
|
-
}
|
|
317
278
|
|
|
318
279
|
u32_t hash() const;
|
|
319
280
|
|
|
@@ -330,14 +291,8 @@ public:
|
|
|
330
291
|
{
|
|
331
292
|
assert(isVirtualMemAddress(addr) && "not virtual address?");
|
|
332
293
|
u32_t objId = getInternalID(addr);
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
return it->second;
|
|
336
|
-
else
|
|
337
|
-
{
|
|
338
|
-
_addrToAbsVal[objId] = IntervalValue::top();
|
|
339
|
-
return _addrToAbsVal[objId];
|
|
340
|
-
}
|
|
294
|
+
return _addrToAbsVal[objId];
|
|
295
|
+
|
|
341
296
|
}
|
|
342
297
|
|
|
343
298
|
|
|
@@ -351,6 +306,7 @@ public:
|
|
|
351
306
|
|
|
352
307
|
bool equals(const AbstractState&other) const;
|
|
353
308
|
|
|
309
|
+
|
|
354
310
|
static bool eqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
|
|
355
311
|
{
|
|
356
312
|
if (lhs.size() != rhs.size()) return false;
|
|
@@ -359,32 +315,15 @@ public:
|
|
|
359
315
|
auto it = rhs.find(item.first);
|
|
360
316
|
if (it == rhs.end())
|
|
361
317
|
return false;
|
|
362
|
-
if (item.second.
|
|
363
|
-
|
|
364
|
-
if (item.second.isInterval())
|
|
365
|
-
{
|
|
366
|
-
if (!item.second.getInterval().equals(it->second.getInterval()))
|
|
367
|
-
{
|
|
368
|
-
return false;
|
|
369
|
-
}
|
|
370
|
-
}
|
|
371
|
-
else if (item.second.isAddr())
|
|
372
|
-
{
|
|
373
|
-
if (!item.second.getAddrs().equals(it->second.getAddrs()))
|
|
374
|
-
{
|
|
375
|
-
return false;
|
|
376
|
-
}
|
|
377
|
-
}
|
|
378
|
-
}
|
|
318
|
+
if (!item.second.equals(it->second))
|
|
319
|
+
return false;
|
|
379
320
|
else
|
|
380
321
|
{
|
|
381
|
-
return false;
|
|
382
322
|
}
|
|
383
323
|
}
|
|
384
324
|
return true;
|
|
385
325
|
}
|
|
386
326
|
|
|
387
|
-
|
|
388
327
|
static bool lessThanVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
|
|
389
328
|
{
|
|
390
329
|
if (lhs.empty()) return !rhs.empty();
|
|
@@ -407,12 +346,9 @@ public:
|
|
|
407
346
|
auto it = lhs.find(item.first);
|
|
408
347
|
if (it == lhs.end()) return false;
|
|
409
348
|
// judge from expr id
|
|
410
|
-
if (it->second.
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
item.second.getInterval()))
|
|
414
|
-
return false;
|
|
415
|
-
}
|
|
349
|
+
if (!it->second.getInterval().contain(
|
|
350
|
+
item.second.getInterval()))
|
|
351
|
+
return false;
|
|
416
352
|
|
|
417
353
|
}
|
|
418
354
|
return true;
|
|
@@ -22,6 +22,7 @@
|
|
|
22
22
|
|
|
23
23
|
#include "AE/Core/IntervalValue.h"
|
|
24
24
|
#include "AE/Core/AddressValue.h"
|
|
25
|
+
#include "Util/SVFUtil.h"
|
|
25
26
|
|
|
26
27
|
namespace SVF
|
|
27
28
|
{
|
|
@@ -30,126 +31,71 @@ class AbstractValue
|
|
|
30
31
|
{
|
|
31
32
|
|
|
32
33
|
public:
|
|
33
|
-
|
|
34
|
-
enum DataType
|
|
35
|
-
{
|
|
36
|
-
IntervalType,
|
|
37
|
-
AddressType,
|
|
38
|
-
UnknownType,
|
|
39
|
-
};
|
|
40
|
-
DataType type;
|
|
41
34
|
IntervalValue interval;
|
|
42
35
|
AddressValue addrs;
|
|
43
36
|
|
|
44
|
-
AbstractValue()
|
|
45
|
-
{
|
|
46
|
-
interval = IntervalValue::top();
|
|
47
|
-
}
|
|
48
|
-
AbstractValue(DataType type) : type(type)
|
|
37
|
+
AbstractValue()
|
|
49
38
|
{
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
case IntervalType:
|
|
53
|
-
interval = IntervalValue::top();
|
|
54
|
-
break;
|
|
55
|
-
case AddressType:
|
|
56
|
-
addrs = AddressValue();
|
|
57
|
-
break;
|
|
58
|
-
case UnknownType:
|
|
59
|
-
break;
|
|
60
|
-
}
|
|
39
|
+
interval = IntervalValue::bottom();
|
|
40
|
+
addrs = AddressValue();
|
|
61
41
|
}
|
|
62
42
|
|
|
63
|
-
AbstractValue(const AbstractValue& other)
|
|
43
|
+
AbstractValue(const AbstractValue& other)
|
|
64
44
|
{
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
case IntervalType:
|
|
68
|
-
interval = other.interval;
|
|
69
|
-
break;
|
|
70
|
-
case AddressType:
|
|
71
|
-
addrs = other.addrs;
|
|
72
|
-
break;
|
|
73
|
-
case UnknownType:
|
|
74
|
-
break;
|
|
75
|
-
}
|
|
45
|
+
interval = other.interval;
|
|
46
|
+
addrs = other.addrs;
|
|
76
47
|
}
|
|
77
48
|
|
|
78
49
|
inline bool isInterval() const
|
|
79
50
|
{
|
|
80
|
-
return
|
|
51
|
+
return !interval.isBottom();
|
|
81
52
|
}
|
|
82
53
|
inline bool isAddr() const
|
|
83
54
|
{
|
|
84
|
-
return
|
|
85
|
-
}
|
|
86
|
-
inline bool isUnknown() const
|
|
87
|
-
{
|
|
88
|
-
return type == UnknownType;
|
|
55
|
+
return !addrs.isBottom();
|
|
89
56
|
}
|
|
90
57
|
|
|
91
|
-
|
|
58
|
+
AbstractValue(AbstractValue &&other)
|
|
92
59
|
{
|
|
93
|
-
|
|
60
|
+
interval = SVFUtil::move(other.interval);
|
|
61
|
+
addrs = SVFUtil::move(other.addrs);
|
|
94
62
|
}
|
|
95
63
|
|
|
96
|
-
|
|
64
|
+
// operator overload, supporting both interval and address
|
|
65
|
+
AbstractValue& operator=(const AbstractValue& other)
|
|
97
66
|
{
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
interval = other.interval;
|
|
102
|
-
break;
|
|
103
|
-
case AddressType:
|
|
104
|
-
addrs = other.addrs;
|
|
105
|
-
break;
|
|
106
|
-
case UnknownType:
|
|
107
|
-
break;
|
|
108
|
-
}
|
|
67
|
+
interval = other.interval;
|
|
68
|
+
addrs = other.addrs;
|
|
69
|
+
return *this;
|
|
109
70
|
}
|
|
110
71
|
|
|
111
|
-
|
|
112
|
-
AbstractValue& operator=(const AbstractValue& other)
|
|
72
|
+
AbstractValue& operator=(const AbstractValue&& other)
|
|
113
73
|
{
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
{
|
|
117
|
-
case IntervalType:
|
|
118
|
-
interval = other.interval;
|
|
119
|
-
break;
|
|
120
|
-
case AddressType:
|
|
121
|
-
addrs = other.addrs;
|
|
122
|
-
break;
|
|
123
|
-
case UnknownType:
|
|
124
|
-
break;
|
|
125
|
-
}
|
|
74
|
+
interval = SVFUtil::move(other.interval);
|
|
75
|
+
addrs = SVFUtil::move(other.addrs);
|
|
126
76
|
return *this;
|
|
127
77
|
}
|
|
128
78
|
|
|
129
79
|
AbstractValue& operator=(const IntervalValue& other)
|
|
130
80
|
{
|
|
131
|
-
type = IntervalType;
|
|
132
81
|
interval = other;
|
|
82
|
+
addrs = AddressValue();
|
|
133
83
|
return *this;
|
|
134
84
|
}
|
|
135
85
|
|
|
136
86
|
AbstractValue& operator=(const AddressValue& other)
|
|
137
87
|
{
|
|
138
|
-
type = AddressType;
|
|
139
88
|
addrs = other;
|
|
89
|
+
interval = IntervalValue::bottom();
|
|
140
90
|
return *this;
|
|
141
91
|
}
|
|
142
92
|
|
|
143
|
-
AbstractValue(const IntervalValue& ival) :
|
|
93
|
+
AbstractValue(const IntervalValue& ival) : interval(ival), addrs(AddressValue()) {}
|
|
144
94
|
|
|
145
|
-
AbstractValue(const AddressValue& addr) :
|
|
95
|
+
AbstractValue(const AddressValue& addr) : interval(IntervalValue::bottom()), addrs(addr) {}
|
|
146
96
|
|
|
147
97
|
IntervalValue& getInterval()
|
|
148
98
|
{
|
|
149
|
-
if (isUnknown())
|
|
150
|
-
{
|
|
151
|
-
interval = IntervalValue::top();
|
|
152
|
-
}
|
|
153
99
|
return interval;
|
|
154
100
|
}
|
|
155
101
|
|
|
@@ -172,90 +118,36 @@ public:
|
|
|
172
118
|
|
|
173
119
|
bool equals(const AbstractValue &rhs) const
|
|
174
120
|
{
|
|
175
|
-
|
|
176
|
-
{
|
|
177
|
-
return false;
|
|
178
|
-
}
|
|
179
|
-
if (isInterval())
|
|
180
|
-
{
|
|
181
|
-
return interval.equals(rhs.interval);
|
|
182
|
-
}
|
|
183
|
-
if (isAddr())
|
|
184
|
-
{
|
|
185
|
-
return addrs.equals(rhs.addrs);
|
|
186
|
-
}
|
|
187
|
-
return false;
|
|
121
|
+
return interval.equals(rhs.interval) && addrs.equals(rhs.addrs);
|
|
188
122
|
}
|
|
189
123
|
|
|
190
124
|
void join_with(const AbstractValue &other)
|
|
191
125
|
{
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
*this = other;
|
|
195
|
-
return;
|
|
196
|
-
}
|
|
197
|
-
else if (type != other.type)
|
|
198
|
-
{
|
|
199
|
-
return;
|
|
200
|
-
}
|
|
201
|
-
if (isInterval() && other.isInterval())
|
|
202
|
-
{
|
|
203
|
-
interval.join_with(other.interval);
|
|
204
|
-
}
|
|
205
|
-
if (isAddr() && other.isAddr())
|
|
206
|
-
{
|
|
207
|
-
addrs.join_with(other.addrs);
|
|
208
|
-
}
|
|
209
|
-
return;
|
|
126
|
+
interval.join_with(other.interval);
|
|
127
|
+
addrs.join_with(other.addrs);
|
|
210
128
|
}
|
|
211
129
|
|
|
212
130
|
void meet_with(const AbstractValue &other)
|
|
213
131
|
{
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
return;
|
|
217
|
-
}
|
|
218
|
-
if (isInterval() && other.isInterval())
|
|
219
|
-
{
|
|
220
|
-
interval.meet_with(other.interval);
|
|
221
|
-
}
|
|
222
|
-
if (isAddr() && other.isAddr())
|
|
223
|
-
{
|
|
224
|
-
addrs.meet_with(other.addrs);
|
|
225
|
-
}
|
|
226
|
-
return;
|
|
132
|
+
interval.meet_with(other.interval);
|
|
133
|
+
addrs.meet_with(other.addrs);
|
|
227
134
|
}
|
|
228
135
|
|
|
229
136
|
void widen_with(const AbstractValue &other)
|
|
230
137
|
{
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
{
|
|
234
|
-
interval.widen_with(other.interval);
|
|
235
|
-
}
|
|
138
|
+
interval.widen_with(other.interval);
|
|
139
|
+
// TODO: widen Addrs
|
|
236
140
|
}
|
|
237
141
|
|
|
238
142
|
void narrow_with(const AbstractValue &other)
|
|
239
143
|
{
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
{
|
|
243
|
-
interval.narrow_with(other.interval);
|
|
244
|
-
}
|
|
144
|
+
interval.narrow_with(other.interval);
|
|
145
|
+
// TODO: narrow Addrs
|
|
245
146
|
}
|
|
246
147
|
|
|
247
148
|
std::string toString() const
|
|
248
149
|
{
|
|
249
|
-
|
|
250
|
-
{
|
|
251
|
-
return interval.toString();
|
|
252
|
-
}
|
|
253
|
-
else if (isAddr())
|
|
254
|
-
{
|
|
255
|
-
return addrs.toString();
|
|
256
|
-
}
|
|
257
|
-
return "";
|
|
150
|
+
return "<" + interval.toString() + ", " + addrs.toString() + ">";
|
|
258
151
|
}
|
|
259
|
-
|
|
260
152
|
};
|
|
261
153
|
}
|
|
@@ -62,19 +62,19 @@ public:
|
|
|
62
62
|
void narrowAddrs(AbstractState& es, AbstractState&lhs, const AbstractState&rhs);
|
|
63
63
|
|
|
64
64
|
/// Return the field address given a pointer points to a struct object and an offset
|
|
65
|
-
|
|
65
|
+
AddressValue getGepObjAddress(AbstractState& es, u32_t pointer, APOffset offset);
|
|
66
66
|
|
|
67
67
|
/// Return the value range of Integer SVF Type, e.g. unsigned i8 Type->[0, 255], signed i8 Type->[-128, 127]
|
|
68
|
-
|
|
68
|
+
IntervalValue getRangeLimitFromType(const SVFType* type);
|
|
69
69
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
70
|
+
IntervalValue getZExtValue(const AbstractState& es, const SVFVar* var);
|
|
71
|
+
IntervalValue getSExtValue(const AbstractState& es, const SVFVar* var);
|
|
72
|
+
IntervalValue getFPToSIntValue(const AbstractState& es, const SVFVar* var);
|
|
73
|
+
IntervalValue getFPToUIntValue(const AbstractState& es, const SVFVar* var);
|
|
74
|
+
IntervalValue getSIntToFPValue(const AbstractState& es, const SVFVar* var);
|
|
75
|
+
IntervalValue getUIntToFPValue(const AbstractState& es, const SVFVar* var);
|
|
76
|
+
IntervalValue getTruncValue(const AbstractState& es, const SVFVar* var, const SVFType* dstType);
|
|
77
|
+
IntervalValue getFPTruncValue(const AbstractState& es, const SVFVar* var, const SVFType* dstType);
|
|
78
78
|
|
|
79
79
|
/// Return the byte offset expression of a GepStmt
|
|
80
80
|
/// elemBytesize is the element byte size of an static alloc or heap alloc array
|
|
@@ -102,7 +102,7 @@ public:
|
|
|
102
102
|
inline AbstractValue &getAddrs(AbstractState& es, u32_t id)
|
|
103
103
|
{
|
|
104
104
|
if (inVarToAddrsTable(es, id))
|
|
105
|
-
return es
|
|
105
|
+
return es[id];
|
|
106
106
|
else
|
|
107
107
|
return globalNulladdrs;
|
|
108
108
|
}
|
|
@@ -125,18 +125,7 @@ void AbstractState::joinWith(const AbstractState& other)
|
|
|
125
125
|
auto oit = _varToAbsVal.find(key);
|
|
126
126
|
if (oit != _varToAbsVal.end())
|
|
127
127
|
{
|
|
128
|
-
|
|
129
|
-
{
|
|
130
|
-
oit->second.getInterval().join_with(it->second.getInterval());
|
|
131
|
-
}
|
|
132
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
133
|
-
{
|
|
134
|
-
oit->second.getAddrs().join_with(it->second.getAddrs());
|
|
135
|
-
}
|
|
136
|
-
else
|
|
137
|
-
{
|
|
138
|
-
// do nothing
|
|
139
|
-
}
|
|
128
|
+
oit->second.join_with(it->second);
|
|
140
129
|
}
|
|
141
130
|
else
|
|
142
131
|
{
|
|
@@ -149,18 +138,7 @@ void AbstractState::joinWith(const AbstractState& other)
|
|
|
149
138
|
auto oit = _addrToAbsVal.find(key);
|
|
150
139
|
if (oit != _addrToAbsVal.end())
|
|
151
140
|
{
|
|
152
|
-
|
|
153
|
-
{
|
|
154
|
-
oit->second.getInterval().join_with(it->second.getInterval());
|
|
155
|
-
}
|
|
156
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
157
|
-
{
|
|
158
|
-
oit->second.getAddrs().join_with(it->second.getAddrs());
|
|
159
|
-
}
|
|
160
|
-
else
|
|
161
|
-
{
|
|
162
|
-
// do nothing
|
|
163
|
-
}
|
|
141
|
+
oit->second.join_with(it->second);
|
|
164
142
|
}
|
|
165
143
|
else
|
|
166
144
|
{
|
|
@@ -199,18 +177,7 @@ void AbstractState::meetWith(const AbstractState& other)
|
|
|
199
177
|
auto oit = _varToAbsVal.find(key);
|
|
200
178
|
if (oit != _varToAbsVal.end())
|
|
201
179
|
{
|
|
202
|
-
|
|
203
|
-
{
|
|
204
|
-
oit->second.getInterval().meet_with(it->second.getInterval());
|
|
205
|
-
}
|
|
206
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
207
|
-
{
|
|
208
|
-
oit->second.getAddrs().meet_with(it->second.getAddrs());
|
|
209
|
-
}
|
|
210
|
-
else
|
|
211
|
-
{
|
|
212
|
-
// do nothing
|
|
213
|
-
}
|
|
180
|
+
oit->second.meet_with(it->second);
|
|
214
181
|
}
|
|
215
182
|
}
|
|
216
183
|
for (auto it = other._addrToAbsVal.begin(); it != other._addrToAbsVal.end(); ++it)
|
|
@@ -219,18 +186,7 @@ void AbstractState::meetWith(const AbstractState& other)
|
|
|
219
186
|
auto oit = _addrToAbsVal.find(key);
|
|
220
187
|
if (oit != _addrToAbsVal.end())
|
|
221
188
|
{
|
|
222
|
-
|
|
223
|
-
{
|
|
224
|
-
oit->second.getInterval().meet_with(it->second.getInterval());
|
|
225
|
-
}
|
|
226
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
227
|
-
{
|
|
228
|
-
oit->second.getAddrs().meet_with(it->second.getAddrs());
|
|
229
|
-
}
|
|
230
|
-
else
|
|
231
|
-
{
|
|
232
|
-
// do nothing
|
|
233
|
-
}
|
|
189
|
+
oit->second.meet_with(it->second);
|
|
234
190
|
}
|
|
235
191
|
}
|
|
236
192
|
}
|
|
@@ -255,15 +211,6 @@ void AbstractState::printTable(const VarToAbsValMap&table, std::ostream &oss) co
|
|
|
255
211
|
for (const auto &item: ordered)
|
|
256
212
|
{
|
|
257
213
|
oss << "Var" << std::to_string(item);
|
|
258
|
-
|
|
259
|
-
{
|
|
260
|
-
IntervalValue sim = table.at(item).getInterval();
|
|
261
|
-
oss << "\t Value: " << std::dec << sim << "\n";
|
|
262
|
-
}
|
|
263
|
-
else if (table.at(item).isAddr())
|
|
264
|
-
{
|
|
265
|
-
AbstractValue sim = table.at(item);
|
|
266
|
-
oss << "\t Value: " << sim.getAddrs().toString() << "\n";
|
|
267
|
-
}
|
|
214
|
+
oss << "\t Value: " << table.at(item).toString() << "\n";
|
|
268
215
|
}
|
|
269
216
|
}
|
|
@@ -331,7 +331,7 @@ bool AbstractInterpretation::isCmpBranchFeasible(const CmpStmt* cmpStmt, s64_t s
|
|
|
331
331
|
// change interval range according to the compare predicate
|
|
332
332
|
AddressValue addrs;
|
|
333
333
|
if(load_op0 && new_es.inVarToAddrsTable(load_op0->getRHSVarID()))
|
|
334
|
-
addrs = new_es
|
|
334
|
+
addrs = new_es[load_op0->getRHSVarID()].getAddrs();
|
|
335
335
|
|
|
336
336
|
IntervalValue &lhs = new_es[op0].getInterval(), &rhs = new_es[op1].getInterval();
|
|
337
337
|
switch (predicate)
|
|
@@ -472,7 +472,7 @@ bool AbstractInterpretation::isSwitchBranchFeasible(const SVFVar* var, s64_t suc
|
|
|
472
472
|
{
|
|
473
473
|
if (new_es.inVarToAddrsTable(load->getRHSVarID()))
|
|
474
474
|
{
|
|
475
|
-
AddressValue &addrs = new_es
|
|
475
|
+
AddressValue &addrs = new_es[load->getRHSVarID()].getAddrs();
|
|
476
476
|
for (const auto &addr: addrs)
|
|
477
477
|
{
|
|
478
478
|
NodeID objId = new_es.getInternalID(addr);
|
|
@@ -930,7 +930,7 @@ void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
|
|
|
930
930
|
{
|
|
931
931
|
if (!rhsVar->isPointer() && !rhsVar->isConstDataOrAggDataButNotNullPtr())
|
|
932
932
|
{
|
|
933
|
-
const AbstractValue &addrs = as
|
|
933
|
+
const AbstractValue &addrs = as[lhs];
|
|
934
934
|
for (const auto &addr: addrs.getAddrs())
|
|
935
935
|
{
|
|
936
936
|
as.store(addr, IntervalValue::top());
|
|
@@ -1147,13 +1147,11 @@ std::string AbstractInterpretation::strRead(AbstractState& as, const SVFValue* r
|
|
|
1147
1147
|
if (!as.inVarToAddrsTable(_svfir->getValueNode(rhs))) continue;
|
|
1148
1148
|
AbstractValue expr0 =
|
|
1149
1149
|
_svfir2AbsState->getGepObjAddress(as, _svfir->getValueNode(rhs), index);
|
|
1150
|
-
AbstractValue val
|
|
1150
|
+
AbstractValue val;
|
|
1151
1151
|
for (const auto &addr: expr0.getAddrs())
|
|
1152
1152
|
{
|
|
1153
1153
|
val.join_with(as.load(addr));
|
|
1154
1154
|
}
|
|
1155
|
-
if (val.isUnknown())
|
|
1156
|
-
return str0;
|
|
1157
1155
|
if (!val.getInterval().is_numeral())
|
|
1158
1156
|
{
|
|
1159
1157
|
break;
|
|
@@ -1464,15 +1462,11 @@ IntervalValue AbstractInterpretation::getStrlen(AbstractState& as, const SVF::SV
|
|
|
1464
1462
|
{
|
|
1465
1463
|
AbstractValue expr0 =
|
|
1466
1464
|
_svfir2AbsState->getGepObjAddress(as, dstid, index);
|
|
1467
|
-
AbstractValue val
|
|
1465
|
+
AbstractValue val;
|
|
1468
1466
|
for (const auto &addr: expr0.getAddrs())
|
|
1469
1467
|
{
|
|
1470
1468
|
val.join_with(as.load(addr));
|
|
1471
1469
|
}
|
|
1472
|
-
if (val.isUnknown())
|
|
1473
|
-
{
|
|
1474
|
-
return IntervalValue((s64_t)0, (s64_t)Options::MaxFieldLimit());
|
|
1475
|
-
}
|
|
1476
1470
|
if (val.getInterval().is_numeral() && (char) val.getInterval().getIntNumeral() == '\0')
|
|
1477
1471
|
{
|
|
1478
1472
|
break;
|
|
@@ -46,7 +46,7 @@ AbstractValue SVF::SVFIR2AbsState::globalNulladdrs = AddressValue();
|
|
|
46
46
|
*
|
|
47
47
|
* @return An IntervalValue representing the lower and upper bounds of the range.
|
|
48
48
|
*/
|
|
49
|
-
|
|
49
|
+
IntervalValue SVFIR2AbsState::getRangeLimitFromType(const SVFType* type)
|
|
50
50
|
{
|
|
51
51
|
if (const SVFIntegerType* intType = SVFUtil::dyn_cast<SVFIntegerType>(type))
|
|
52
52
|
{
|
|
@@ -108,7 +108,7 @@ AbstractValue SVFIR2AbsState::getRangeLimitFromType(const SVFType* type)
|
|
|
108
108
|
}
|
|
109
109
|
}
|
|
110
110
|
|
|
111
|
-
|
|
111
|
+
IntervalValue SVFIR2AbsState::getZExtValue(const AbstractState& as, const SVFVar* var)
|
|
112
112
|
{
|
|
113
113
|
const SVFType* type = var->getType();
|
|
114
114
|
if (SVFUtil::isa<SVFIntegerType>(type))
|
|
@@ -153,12 +153,12 @@ AbstractValue SVFIR2AbsState::getZExtValue(const AbstractState& as, const SVFVar
|
|
|
153
153
|
return IntervalValue::top(); // TODO: may have better solution
|
|
154
154
|
}
|
|
155
155
|
|
|
156
|
-
|
|
156
|
+
IntervalValue SVFIR2AbsState::getSExtValue(const AbstractState& as, const SVFVar* var)
|
|
157
157
|
{
|
|
158
158
|
return as[var->getId()].getInterval();
|
|
159
159
|
}
|
|
160
160
|
|
|
161
|
-
|
|
161
|
+
IntervalValue SVFIR2AbsState::getFPToSIntValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
162
162
|
{
|
|
163
163
|
if (as[var->getId()].getInterval().is_real())
|
|
164
164
|
{
|
|
@@ -176,7 +176,7 @@ AbstractValue SVFIR2AbsState::getFPToSIntValue(const AbstractState& as, const SV
|
|
|
176
176
|
}
|
|
177
177
|
}
|
|
178
178
|
|
|
179
|
-
|
|
179
|
+
IntervalValue SVFIR2AbsState::getFPToUIntValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
180
180
|
{
|
|
181
181
|
if (as[var->getId()].getInterval().is_real())
|
|
182
182
|
{
|
|
@@ -194,7 +194,7 @@ AbstractValue SVFIR2AbsState::getFPToUIntValue(const AbstractState& as, const SV
|
|
|
194
194
|
}
|
|
195
195
|
}
|
|
196
196
|
|
|
197
|
-
|
|
197
|
+
IntervalValue SVFIR2AbsState::getSIntToFPValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
198
198
|
{
|
|
199
199
|
// get the sint value of ub and lb
|
|
200
200
|
s64_t sint_lb = as[var->getId()].getInterval().lb().getIntNumeral();
|
|
@@ -205,7 +205,7 @@ AbstractValue SVFIR2AbsState::getSIntToFPValue(const AbstractState& as, const SV
|
|
|
205
205
|
return IntervalValue(float_lb, float_ub);
|
|
206
206
|
}
|
|
207
207
|
|
|
208
|
-
|
|
208
|
+
IntervalValue SVFIR2AbsState::getUIntToFPValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
209
209
|
{
|
|
210
210
|
// get the uint value of ub and lb
|
|
211
211
|
u64_t uint_lb = as[var->getId()].getInterval().lb().getIntNumeral();
|
|
@@ -216,7 +216,7 @@ AbstractValue SVFIR2AbsState::getUIntToFPValue(const AbstractState& as, const SV
|
|
|
216
216
|
return IntervalValue(float_lb, float_ub);
|
|
217
217
|
}
|
|
218
218
|
|
|
219
|
-
|
|
219
|
+
IntervalValue SVFIR2AbsState::getTruncValue(const AbstractState& as, const SVF::SVFVar* var, const SVFType* dstType)
|
|
220
220
|
{
|
|
221
221
|
// get the value of ub and lb
|
|
222
222
|
s64_t int_lb = as[var->getId()].getInterval().lb().getIntNumeral();
|
|
@@ -265,7 +265,7 @@ AbstractValue SVFIR2AbsState::getTruncValue(const AbstractState& as, const SVF::
|
|
|
265
265
|
}
|
|
266
266
|
}
|
|
267
267
|
|
|
268
|
-
|
|
268
|
+
IntervalValue SVFIR2AbsState::getFPTruncValue(const AbstractState& as, const SVF::SVFVar* var, const SVFType* dstType)
|
|
269
269
|
{
|
|
270
270
|
// TODO: now we do not really handle fptrunc
|
|
271
271
|
return as[var->getId()].getInterval();
|
|
@@ -357,7 +357,7 @@ void SVFIR2AbsState::narrowAddrs(AbstractState& as, AbstractState&lhs, const Abs
|
|
|
357
357
|
}
|
|
358
358
|
}
|
|
359
359
|
|
|
360
|
-
|
|
360
|
+
AddressValue SVFIR2AbsState::getGepObjAddress(AbstractState& as, u32_t pointer, APOffset offset)
|
|
361
361
|
{
|
|
362
362
|
AbstractValue addrs = getAddrs(as, pointer);
|
|
363
363
|
AddressValue ret = AddressValue();
|
|
@@ -573,25 +573,9 @@ void SVFIR2AbsState::initObjVar(AbstractState& as, const ObjVar* var)
|
|
|
573
573
|
void SVFIR2AbsState::handleAddr(AbstractState& as, const AddrStmt *addr)
|
|
574
574
|
{
|
|
575
575
|
initObjVar(as, SVFUtil::cast<ObjVar>(addr->getRHSVar()));
|
|
576
|
-
if (
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
if (addr->getRHSVar()->getType()->getKind() == SVFType::SVFIntegerTy)
|
|
580
|
-
{
|
|
581
|
-
as[addr->getRHSVarID()].meet_with(getRangeLimitFromType(addr->getRHSVar()->getType()));
|
|
582
|
-
}
|
|
583
|
-
as[addr->getLHSVarID()] = as[addr->getRHSVarID()];
|
|
584
|
-
|
|
585
|
-
}
|
|
586
|
-
else if (inVarToAddrsTable(as, addr->getRHSVarID()))
|
|
587
|
-
{
|
|
588
|
-
as[addr->getLHSVarID()] =
|
|
589
|
-
as[addr->getRHSVarID()];
|
|
590
|
-
}
|
|
591
|
-
else
|
|
592
|
-
{
|
|
593
|
-
assert(false && "not number or virtual addrs?");
|
|
594
|
-
}
|
|
576
|
+
if (addr->getRHSVar()->getType()->getKind() == SVFType::SVFIntegerTy)
|
|
577
|
+
as[addr->getRHSVarID()].getInterval().meet_with(getRangeLimitFromType(addr->getRHSVar()->getType()));
|
|
578
|
+
as[addr->getLHSVarID()] = as[addr->getRHSVarID()];
|
|
595
579
|
}
|
|
596
580
|
|
|
597
581
|
|
|
@@ -602,65 +586,62 @@ void SVFIR2AbsState::handleBinary(AbstractState& as, const BinaryOPStmt *binary)
|
|
|
602
586
|
u32_t res = binary->getResID();
|
|
603
587
|
if (!inVarToValTable(as, op0)) as[op0] = IntervalValue::top();
|
|
604
588
|
if (!inVarToValTable(as, op1)) as[op1] = IntervalValue::top();
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
assert(false && "undefined binary: ");
|
|
654
|
-
}
|
|
655
|
-
}
|
|
656
|
-
as[res] = resVal;
|
|
657
|
-
}
|
|
589
|
+
IntervalValue &lhs = as[op0].getInterval(), &rhs = as[op1].getInterval();
|
|
590
|
+
IntervalValue resVal;
|
|
591
|
+
switch (binary->getOpcode())
|
|
592
|
+
{
|
|
593
|
+
case BinaryOPStmt::Add:
|
|
594
|
+
case BinaryOPStmt::FAdd:
|
|
595
|
+
resVal = (lhs + rhs);
|
|
596
|
+
break;
|
|
597
|
+
case BinaryOPStmt::Sub:
|
|
598
|
+
case BinaryOPStmt::FSub:
|
|
599
|
+
resVal = (lhs - rhs);
|
|
600
|
+
break;
|
|
601
|
+
case BinaryOPStmt::Mul:
|
|
602
|
+
case BinaryOPStmt::FMul:
|
|
603
|
+
resVal = (lhs * rhs);
|
|
604
|
+
break;
|
|
605
|
+
case BinaryOPStmt::SDiv:
|
|
606
|
+
case BinaryOPStmt::FDiv:
|
|
607
|
+
case BinaryOPStmt::UDiv:
|
|
608
|
+
resVal = (lhs / rhs);
|
|
609
|
+
break;
|
|
610
|
+
case BinaryOPStmt::SRem:
|
|
611
|
+
case BinaryOPStmt::FRem:
|
|
612
|
+
case BinaryOPStmt::URem:
|
|
613
|
+
resVal = (lhs % rhs);
|
|
614
|
+
break;
|
|
615
|
+
case BinaryOPStmt::Xor:
|
|
616
|
+
resVal = (lhs ^ rhs);
|
|
617
|
+
break;
|
|
618
|
+
case BinaryOPStmt::And:
|
|
619
|
+
resVal = (lhs & rhs);
|
|
620
|
+
break;
|
|
621
|
+
case BinaryOPStmt::Or:
|
|
622
|
+
resVal = (lhs | rhs);
|
|
623
|
+
break;
|
|
624
|
+
case BinaryOPStmt::AShr:
|
|
625
|
+
resVal = (lhs >> rhs);
|
|
626
|
+
break;
|
|
627
|
+
case BinaryOPStmt::Shl:
|
|
628
|
+
resVal = (lhs << rhs);
|
|
629
|
+
break;
|
|
630
|
+
case BinaryOPStmt::LShr:
|
|
631
|
+
resVal = (lhs >> rhs);
|
|
632
|
+
break;
|
|
633
|
+
default:
|
|
634
|
+
assert(false && "undefined binary: ");
|
|
635
|
+
}
|
|
636
|
+
as[res] = resVal;
|
|
658
637
|
}
|
|
659
638
|
|
|
660
639
|
void SVFIR2AbsState::handleCmp(AbstractState& as, const CmpStmt *cmp)
|
|
661
640
|
{
|
|
662
641
|
u32_t op0 = cmp->getOpVarID(0);
|
|
663
642
|
u32_t op1 = cmp->getOpVarID(1);
|
|
643
|
+
if (!inVarToValTable(as, op0)) as[op0] = IntervalValue::top();
|
|
644
|
+
if (!inVarToValTable(as, op1)) as[op1] = IntervalValue::top();
|
|
664
645
|
u32_t res = cmp->getResID();
|
|
665
646
|
if (inVarToValTable(as, op0) && inVarToValTable(as, op1))
|
|
666
647
|
{
|
|
@@ -840,40 +821,22 @@ void SVFIR2AbsState::handleLoad(AbstractState& as, const LoadStmt *load)
|
|
|
840
821
|
{
|
|
841
822
|
u32_t rhs = load->getRHSVarID();
|
|
842
823
|
u32_t lhs = load->getLHSVarID();
|
|
843
|
-
|
|
844
|
-
|
|
845
|
-
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
{
|
|
850
|
-
// inLocToAbsVal()
|
|
851
|
-
// absRhs.join_with
|
|
852
|
-
// as.load()
|
|
853
|
-
u32_t objId = getInternalID(addr);
|
|
854
|
-
if (inAddrTable(as, objId))
|
|
855
|
-
{
|
|
856
|
-
rhsVal.join_with(as.load(addr));
|
|
857
|
-
}
|
|
858
|
-
}
|
|
859
|
-
if (!rhsVal.isUnknown())
|
|
860
|
-
as[lhs] = rhsVal;
|
|
861
|
-
}
|
|
824
|
+
AbstractValue &addrs = as[rhs];
|
|
825
|
+
AbstractValue rhsVal; // interval::bottom Address::bottom
|
|
826
|
+
// AbstractValue absRhs
|
|
827
|
+
for (const auto &addr: addrs.getAddrs())
|
|
828
|
+
rhsVal.join_with(as.load(addr));
|
|
829
|
+
as[lhs] = rhsVal;
|
|
862
830
|
}
|
|
863
831
|
|
|
864
832
|
void SVFIR2AbsState::handleStore(AbstractState& as, const StoreStmt *store)
|
|
865
833
|
{
|
|
866
834
|
u32_t rhs = store->getRHSVarID();
|
|
867
835
|
u32_t lhs = store->getLHSVarID();
|
|
868
|
-
|
|
836
|
+
|
|
837
|
+
for (const auto &addr: as[lhs].getAddrs())
|
|
869
838
|
{
|
|
870
|
-
|
|
871
|
-
{
|
|
872
|
-
for (const auto &addr: as[lhs].getAddrs())
|
|
873
|
-
{
|
|
874
|
-
as.store(addr, as[rhs]);
|
|
875
|
-
}
|
|
876
|
-
}
|
|
839
|
+
as.store(addr, as[rhs]);
|
|
877
840
|
}
|
|
878
841
|
}
|
|
879
842
|
|
|
@@ -882,72 +845,65 @@ void SVFIR2AbsState::handleCopy(AbstractState& as, const CopyStmt *copy)
|
|
|
882
845
|
u32_t lhs = copy->getLHSVarID();
|
|
883
846
|
u32_t rhs = copy->getRHSVarID();
|
|
884
847
|
|
|
885
|
-
if (
|
|
848
|
+
if (copy->getCopyKind() == CopyStmt::COPYVAL)
|
|
849
|
+
{
|
|
850
|
+
as[lhs] = as[rhs];
|
|
851
|
+
}
|
|
852
|
+
else if (copy->getCopyKind() == CopyStmt::ZEXT)
|
|
853
|
+
{
|
|
854
|
+
as[lhs] = getZExtValue(as, copy->getRHSVar());
|
|
855
|
+
}
|
|
856
|
+
else if (copy->getCopyKind() == CopyStmt::SEXT)
|
|
857
|
+
{
|
|
858
|
+
as[lhs] = getSExtValue(as, copy->getRHSVar());
|
|
859
|
+
}
|
|
860
|
+
else if (copy->getCopyKind() == CopyStmt::FPTOSI)
|
|
861
|
+
{
|
|
862
|
+
as[lhs] = getFPToSIntValue(as, copy->getRHSVar());
|
|
863
|
+
}
|
|
864
|
+
else if (copy->getCopyKind() == CopyStmt::FPTOUI)
|
|
865
|
+
{
|
|
866
|
+
as[lhs] = getFPToUIntValue(as, copy->getRHSVar());
|
|
867
|
+
}
|
|
868
|
+
else if (copy->getCopyKind() == CopyStmt::SITOFP)
|
|
869
|
+
{
|
|
870
|
+
as[lhs] = getSIntToFPValue(as, copy->getRHSVar());
|
|
871
|
+
}
|
|
872
|
+
else if (copy->getCopyKind() == CopyStmt::UITOFP)
|
|
886
873
|
{
|
|
887
|
-
|
|
874
|
+
as[lhs] = getUIntToFPValue(as, copy->getRHSVar());
|
|
875
|
+
}
|
|
876
|
+
else if (copy->getCopyKind() == CopyStmt::TRUNC)
|
|
877
|
+
{
|
|
878
|
+
as[lhs] = getTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
879
|
+
}
|
|
880
|
+
else if (copy->getCopyKind() == CopyStmt::FPTRUNC)
|
|
881
|
+
{
|
|
882
|
+
as[lhs] = getFPTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
883
|
+
}
|
|
884
|
+
else if (copy->getCopyKind() == CopyStmt::INTTOPTR)
|
|
885
|
+
{
|
|
886
|
+
//insert nullptr
|
|
887
|
+
}
|
|
888
|
+
else if (copy->getCopyKind() == CopyStmt::PTRTOINT)
|
|
889
|
+
{
|
|
890
|
+
as[lhs] = IntervalValue::top();
|
|
891
|
+
}
|
|
892
|
+
else if (copy->getCopyKind() == CopyStmt::BITCAST)
|
|
893
|
+
{
|
|
894
|
+
if (as[rhs].isAddr())
|
|
888
895
|
{
|
|
889
896
|
as[lhs] = as[rhs];
|
|
890
897
|
}
|
|
891
|
-
else if (copy->getCopyKind() == CopyStmt::ZEXT)
|
|
892
|
-
{
|
|
893
|
-
as[lhs] = getZExtValue(as, copy->getRHSVar());
|
|
894
|
-
}
|
|
895
|
-
else if (copy->getCopyKind() == CopyStmt::SEXT)
|
|
896
|
-
{
|
|
897
|
-
as[lhs] = getSExtValue(as, copy->getRHSVar());
|
|
898
|
-
}
|
|
899
|
-
else if (copy->getCopyKind() == CopyStmt::FPTOSI)
|
|
900
|
-
{
|
|
901
|
-
as[lhs] = getFPToSIntValue(as, copy->getRHSVar());
|
|
902
|
-
}
|
|
903
|
-
else if (copy->getCopyKind() == CopyStmt::FPTOUI)
|
|
904
|
-
{
|
|
905
|
-
as[lhs] = getFPToUIntValue(as, copy->getRHSVar());
|
|
906
|
-
}
|
|
907
|
-
else if (copy->getCopyKind() == CopyStmt::SITOFP)
|
|
908
|
-
{
|
|
909
|
-
as[lhs] = getSIntToFPValue(as, copy->getRHSVar());
|
|
910
|
-
}
|
|
911
|
-
else if (copy->getCopyKind() == CopyStmt::UITOFP)
|
|
912
|
-
{
|
|
913
|
-
as[lhs] = getUIntToFPValue(as, copy->getRHSVar());
|
|
914
|
-
}
|
|
915
|
-
else if (copy->getCopyKind() == CopyStmt::TRUNC)
|
|
916
|
-
{
|
|
917
|
-
as[lhs] = getTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
918
|
-
}
|
|
919
|
-
else if (copy->getCopyKind() == CopyStmt::FPTRUNC)
|
|
920
|
-
{
|
|
921
|
-
as[lhs] = getFPTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
922
|
-
}
|
|
923
|
-
else if (copy->getCopyKind() == CopyStmt::INTTOPTR)
|
|
924
|
-
{
|
|
925
|
-
//insert nullptr
|
|
926
|
-
}
|
|
927
|
-
else if (copy->getCopyKind() == CopyStmt::PTRTOINT)
|
|
928
|
-
{
|
|
929
|
-
as[lhs] = IntervalValue::top();
|
|
930
|
-
}
|
|
931
|
-
else if (copy->getCopyKind() == CopyStmt::BITCAST)
|
|
932
|
-
{
|
|
933
|
-
if (as[rhs].isAddr())
|
|
934
|
-
{
|
|
935
|
-
as[lhs] = as[rhs];
|
|
936
|
-
}
|
|
937
|
-
else
|
|
938
|
-
{
|
|
939
|
-
// do nothing
|
|
940
|
-
}
|
|
941
|
-
}
|
|
942
898
|
else
|
|
943
899
|
{
|
|
944
|
-
|
|
945
|
-
abort();
|
|
900
|
+
// do nothing
|
|
946
901
|
}
|
|
947
902
|
}
|
|
948
|
-
else
|
|
903
|
+
else
|
|
949
904
|
{
|
|
950
|
-
|
|
905
|
+
assert(false && "undefined copy kind");
|
|
906
|
+
abort();
|
|
951
907
|
}
|
|
952
908
|
}
|
|
953
909
|
|
|
@@ -955,24 +911,15 @@ void SVFIR2AbsState::handleGep(AbstractState& as, const GepStmt *gep)
|
|
|
955
911
|
{
|
|
956
912
|
u32_t rhs = gep->getRHSVarID();
|
|
957
913
|
u32_t lhs = gep->getLHSVarID();
|
|
958
|
-
if (!inVarToAddrsTable(as, rhs)) return;
|
|
959
|
-
AbstractValue &rhsVal = as[rhs];
|
|
960
914
|
IntervalValue offsetPair = getElementIndex(as, gep);
|
|
961
|
-
|
|
962
|
-
|
|
963
|
-
|
|
964
|
-
|
|
965
|
-
|
|
966
|
-
|
|
967
|
-
|
|
968
|
-
|
|
969
|
-
offsetPair.ub().getIntNumeral(): Options::MaxFieldLimit();
|
|
970
|
-
for (APOffset i = lb; i <= ub; i++)
|
|
971
|
-
gepAddrs.join_with(getGepObjAddress(as, rhs, i));
|
|
972
|
-
if (!rhsVal.isUnknown())
|
|
973
|
-
as[lhs] = gepAddrs;
|
|
974
|
-
return;
|
|
975
|
-
}
|
|
915
|
+
AbstractValue gepAddrs;
|
|
916
|
+
APOffset lb = offsetPair.lb().getIntNumeral() < Options::MaxFieldLimit()?
|
|
917
|
+
offsetPair.lb().getIntNumeral(): Options::MaxFieldLimit();
|
|
918
|
+
APOffset ub = offsetPair.ub().getIntNumeral() < Options::MaxFieldLimit()?
|
|
919
|
+
offsetPair.ub().getIntNumeral(): Options::MaxFieldLimit();
|
|
920
|
+
for (APOffset i = lb; i <= ub; i++)
|
|
921
|
+
gepAddrs.join_with(getGepObjAddress(as, rhs, i));
|
|
922
|
+
as[lhs] = gepAddrs;
|
|
976
923
|
}
|
|
977
924
|
|
|
978
925
|
void SVFIR2AbsState::handleSelect(AbstractState& as, const SelectStmt *select)
|
|
@@ -981,41 +928,27 @@ void SVFIR2AbsState::handleSelect(AbstractState& as, const SelectStmt *select)
|
|
|
981
928
|
u32_t tval = select->getTrueValue()->getId();
|
|
982
929
|
u32_t fval = select->getFalseValue()->getId();
|
|
983
930
|
u32_t cond = select->getCondition()->getId();
|
|
984
|
-
if (
|
|
931
|
+
if (as[cond].getInterval().is_numeral())
|
|
985
932
|
{
|
|
986
|
-
|
|
987
|
-
{
|
|
988
|
-
as[res] = as[cond].getInterval().is_zero() ? as[fval] : as[tval];
|
|
989
|
-
}
|
|
990
|
-
else
|
|
991
|
-
{
|
|
992
|
-
as[res] = as[cond];
|
|
993
|
-
}
|
|
933
|
+
as[res] = as[cond].getInterval().is_zero() ? as[fval] : as[tval];
|
|
994
934
|
}
|
|
995
|
-
else
|
|
935
|
+
else
|
|
996
936
|
{
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
as.getAddrs(res) = as[cond].getInterval().is_zero() ? getAddrs(as, fval) : getAddrs(as, tval);
|
|
1000
|
-
}
|
|
937
|
+
as[res] = as[tval];
|
|
938
|
+
as[res].join_with(as[fval]);
|
|
1001
939
|
}
|
|
1002
940
|
}
|
|
1003
941
|
|
|
1004
942
|
void SVFIR2AbsState::handlePhi(AbstractState& as, const PhiStmt *phi)
|
|
1005
943
|
{
|
|
1006
944
|
u32_t res = phi->getResID();
|
|
1007
|
-
AbstractValue rhs
|
|
945
|
+
AbstractValue rhs;
|
|
1008
946
|
for (u32_t i = 0; i < phi->getOpVarNum(); i++)
|
|
1009
947
|
{
|
|
1010
948
|
NodeID curId = phi->getOpVarID(i);
|
|
1011
|
-
|
|
1012
|
-
if (inVarToValTable(as, curId) || inVarToAddrsTable(as, curId))
|
|
1013
|
-
{
|
|
1014
|
-
rhs.join_with(as[curId]);
|
|
1015
|
-
}
|
|
949
|
+
rhs.join_with(as[curId]);
|
|
1016
950
|
}
|
|
1017
|
-
|
|
1018
|
-
as[res] = rhs;
|
|
951
|
+
as[res] = rhs;
|
|
1019
952
|
}
|
|
1020
953
|
|
|
1021
954
|
|
|
@@ -1023,18 +956,12 @@ void SVFIR2AbsState::handleCall(AbstractState& as, const CallPE *callPE)
|
|
|
1023
956
|
{
|
|
1024
957
|
NodeID lhs = callPE->getLHSVarID();
|
|
1025
958
|
NodeID rhs = callPE->getRHSVarID();
|
|
1026
|
-
|
|
1027
|
-
{
|
|
1028
|
-
as[lhs] = as[rhs];
|
|
1029
|
-
}
|
|
959
|
+
as[lhs] = as[rhs];
|
|
1030
960
|
}
|
|
1031
961
|
|
|
1032
962
|
void SVFIR2AbsState::handleRet(AbstractState& as, const RetPE *retPE)
|
|
1033
963
|
{
|
|
1034
964
|
NodeID lhs = retPE->getLHSVarID();
|
|
1035
965
|
NodeID rhs = retPE->getRHSVarID();
|
|
1036
|
-
|
|
1037
|
-
{
|
|
1038
|
-
as[lhs] = as[rhs];
|
|
1039
|
-
}
|
|
966
|
+
as[lhs] = as[rhs];
|
|
1040
967
|
}
|