svf-tools 1.0.943 → 1.0.945
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/svf/include/AE/Core/AbstractState.h +8 -72
- package/svf/include/AE/Core/AbstractValue.h +34 -142
- package/svf/include/AE/Core/ICFGWTO.h +2 -2
- package/svf/include/AE/Svfexe/AbstractInterpretation.h +4 -4
- package/svf/include/AE/Svfexe/SVFIR2AbsState.h +11 -11
- package/svf/include/Graphs/WTO.h +8 -7
- package/svf/lib/AE/Core/AbstractState.cpp +5 -58
- package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp +21 -28
- package/svf/lib/AE/Svfexe/SVFIR2AbsState.cpp +140 -213
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "svf-tools",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.945",
|
|
4
4
|
"description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -183,20 +183,6 @@ public:
|
|
|
183
183
|
return _varToAbsVal.at(varId);
|
|
184
184
|
}
|
|
185
185
|
|
|
186
|
-
/// get memory addresses of variable
|
|
187
|
-
AbstractValue &getAddrs(u32_t id)
|
|
188
|
-
{
|
|
189
|
-
if (_varToAbsVal.find(id)!= _varToAbsVal.end())
|
|
190
|
-
{
|
|
191
|
-
return _varToAbsVal[id];
|
|
192
|
-
}
|
|
193
|
-
else
|
|
194
|
-
{
|
|
195
|
-
_varToAbsVal[id] = AddressValue();
|
|
196
|
-
return _varToAbsVal[id];
|
|
197
|
-
}
|
|
198
|
-
}
|
|
199
|
-
|
|
200
186
|
/// whether the variable is in varToAddrs table
|
|
201
187
|
inline bool inVarToAddrsTable(u32_t id) const
|
|
202
188
|
{
|
|
@@ -289,31 +275,6 @@ public:
|
|
|
289
275
|
return (s32_t) e.lb().getNumeral();
|
|
290
276
|
}
|
|
291
277
|
|
|
292
|
-
/// Return true if map has bottom value
|
|
293
|
-
inline bool has_bottom()
|
|
294
|
-
{
|
|
295
|
-
for (auto it = _varToAbsVal.begin(); it != _varToAbsVal.end(); ++it)
|
|
296
|
-
{
|
|
297
|
-
if (it->second.isInterval())
|
|
298
|
-
{
|
|
299
|
-
if (it->second.getInterval().isBottom())
|
|
300
|
-
{
|
|
301
|
-
return true;
|
|
302
|
-
}
|
|
303
|
-
}
|
|
304
|
-
}
|
|
305
|
-
for (auto it = _addrToAbsVal.begin(); it != _addrToAbsVal.end(); ++it)
|
|
306
|
-
{
|
|
307
|
-
if (it->second.isInterval())
|
|
308
|
-
{
|
|
309
|
-
if (it->second.getInterval().isBottom())
|
|
310
|
-
{
|
|
311
|
-
return true;
|
|
312
|
-
}
|
|
313
|
-
}
|
|
314
|
-
}
|
|
315
|
-
return false;
|
|
316
|
-
}
|
|
317
278
|
|
|
318
279
|
u32_t hash() const;
|
|
319
280
|
|
|
@@ -330,14 +291,8 @@ public:
|
|
|
330
291
|
{
|
|
331
292
|
assert(isVirtualMemAddress(addr) && "not virtual address?");
|
|
332
293
|
u32_t objId = getInternalID(addr);
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
return it->second;
|
|
336
|
-
else
|
|
337
|
-
{
|
|
338
|
-
_addrToAbsVal[objId] = IntervalValue::top();
|
|
339
|
-
return _addrToAbsVal[objId];
|
|
340
|
-
}
|
|
294
|
+
return _addrToAbsVal[objId];
|
|
295
|
+
|
|
341
296
|
}
|
|
342
297
|
|
|
343
298
|
|
|
@@ -351,6 +306,7 @@ public:
|
|
|
351
306
|
|
|
352
307
|
bool equals(const AbstractState&other) const;
|
|
353
308
|
|
|
309
|
+
|
|
354
310
|
static bool eqVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
|
|
355
311
|
{
|
|
356
312
|
if (lhs.size() != rhs.size()) return false;
|
|
@@ -359,32 +315,15 @@ public:
|
|
|
359
315
|
auto it = rhs.find(item.first);
|
|
360
316
|
if (it == rhs.end())
|
|
361
317
|
return false;
|
|
362
|
-
if (item.second.
|
|
363
|
-
|
|
364
|
-
if (item.second.isInterval())
|
|
365
|
-
{
|
|
366
|
-
if (!item.second.getInterval().equals(it->second.getInterval()))
|
|
367
|
-
{
|
|
368
|
-
return false;
|
|
369
|
-
}
|
|
370
|
-
}
|
|
371
|
-
else if (item.second.isAddr())
|
|
372
|
-
{
|
|
373
|
-
if (!item.second.getAddrs().equals(it->second.getAddrs()))
|
|
374
|
-
{
|
|
375
|
-
return false;
|
|
376
|
-
}
|
|
377
|
-
}
|
|
378
|
-
}
|
|
318
|
+
if (!item.second.equals(it->second))
|
|
319
|
+
return false;
|
|
379
320
|
else
|
|
380
321
|
{
|
|
381
|
-
return false;
|
|
382
322
|
}
|
|
383
323
|
}
|
|
384
324
|
return true;
|
|
385
325
|
}
|
|
386
326
|
|
|
387
|
-
|
|
388
327
|
static bool lessThanVarToValMap(const VarToAbsValMap&lhs, const VarToAbsValMap&rhs)
|
|
389
328
|
{
|
|
390
329
|
if (lhs.empty()) return !rhs.empty();
|
|
@@ -407,12 +346,9 @@ public:
|
|
|
407
346
|
auto it = lhs.find(item.first);
|
|
408
347
|
if (it == lhs.end()) return false;
|
|
409
348
|
// judge from expr id
|
|
410
|
-
if (it->second.
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
item.second.getInterval()))
|
|
414
|
-
return false;
|
|
415
|
-
}
|
|
349
|
+
if (!it->second.getInterval().contain(
|
|
350
|
+
item.second.getInterval()))
|
|
351
|
+
return false;
|
|
416
352
|
|
|
417
353
|
}
|
|
418
354
|
return true;
|
|
@@ -22,6 +22,7 @@
|
|
|
22
22
|
|
|
23
23
|
#include "AE/Core/IntervalValue.h"
|
|
24
24
|
#include "AE/Core/AddressValue.h"
|
|
25
|
+
#include "Util/SVFUtil.h"
|
|
25
26
|
|
|
26
27
|
namespace SVF
|
|
27
28
|
{
|
|
@@ -30,126 +31,71 @@ class AbstractValue
|
|
|
30
31
|
{
|
|
31
32
|
|
|
32
33
|
public:
|
|
33
|
-
|
|
34
|
-
enum DataType
|
|
35
|
-
{
|
|
36
|
-
IntervalType,
|
|
37
|
-
AddressType,
|
|
38
|
-
UnknownType,
|
|
39
|
-
};
|
|
40
|
-
DataType type;
|
|
41
34
|
IntervalValue interval;
|
|
42
35
|
AddressValue addrs;
|
|
43
36
|
|
|
44
|
-
AbstractValue()
|
|
45
|
-
{
|
|
46
|
-
interval = IntervalValue::top();
|
|
47
|
-
}
|
|
48
|
-
AbstractValue(DataType type) : type(type)
|
|
37
|
+
AbstractValue()
|
|
49
38
|
{
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
case IntervalType:
|
|
53
|
-
interval = IntervalValue::top();
|
|
54
|
-
break;
|
|
55
|
-
case AddressType:
|
|
56
|
-
addrs = AddressValue();
|
|
57
|
-
break;
|
|
58
|
-
case UnknownType:
|
|
59
|
-
break;
|
|
60
|
-
}
|
|
39
|
+
interval = IntervalValue::bottom();
|
|
40
|
+
addrs = AddressValue();
|
|
61
41
|
}
|
|
62
42
|
|
|
63
|
-
AbstractValue(const AbstractValue& other)
|
|
43
|
+
AbstractValue(const AbstractValue& other)
|
|
64
44
|
{
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
case IntervalType:
|
|
68
|
-
interval = other.interval;
|
|
69
|
-
break;
|
|
70
|
-
case AddressType:
|
|
71
|
-
addrs = other.addrs;
|
|
72
|
-
break;
|
|
73
|
-
case UnknownType:
|
|
74
|
-
break;
|
|
75
|
-
}
|
|
45
|
+
interval = other.interval;
|
|
46
|
+
addrs = other.addrs;
|
|
76
47
|
}
|
|
77
48
|
|
|
78
49
|
inline bool isInterval() const
|
|
79
50
|
{
|
|
80
|
-
return
|
|
51
|
+
return !interval.isBottom();
|
|
81
52
|
}
|
|
82
53
|
inline bool isAddr() const
|
|
83
54
|
{
|
|
84
|
-
return
|
|
85
|
-
}
|
|
86
|
-
inline bool isUnknown() const
|
|
87
|
-
{
|
|
88
|
-
return type == UnknownType;
|
|
55
|
+
return !addrs.isBottom();
|
|
89
56
|
}
|
|
90
57
|
|
|
91
|
-
|
|
58
|
+
AbstractValue(AbstractValue &&other)
|
|
92
59
|
{
|
|
93
|
-
|
|
60
|
+
interval = SVFUtil::move(other.interval);
|
|
61
|
+
addrs = SVFUtil::move(other.addrs);
|
|
94
62
|
}
|
|
95
63
|
|
|
96
|
-
|
|
64
|
+
// operator overload, supporting both interval and address
|
|
65
|
+
AbstractValue& operator=(const AbstractValue& other)
|
|
97
66
|
{
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
interval = other.interval;
|
|
102
|
-
break;
|
|
103
|
-
case AddressType:
|
|
104
|
-
addrs = other.addrs;
|
|
105
|
-
break;
|
|
106
|
-
case UnknownType:
|
|
107
|
-
break;
|
|
108
|
-
}
|
|
67
|
+
interval = other.interval;
|
|
68
|
+
addrs = other.addrs;
|
|
69
|
+
return *this;
|
|
109
70
|
}
|
|
110
71
|
|
|
111
|
-
|
|
112
|
-
AbstractValue& operator=(const AbstractValue& other)
|
|
72
|
+
AbstractValue& operator=(const AbstractValue&& other)
|
|
113
73
|
{
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
{
|
|
117
|
-
case IntervalType:
|
|
118
|
-
interval = other.interval;
|
|
119
|
-
break;
|
|
120
|
-
case AddressType:
|
|
121
|
-
addrs = other.addrs;
|
|
122
|
-
break;
|
|
123
|
-
case UnknownType:
|
|
124
|
-
break;
|
|
125
|
-
}
|
|
74
|
+
interval = SVFUtil::move(other.interval);
|
|
75
|
+
addrs = SVFUtil::move(other.addrs);
|
|
126
76
|
return *this;
|
|
127
77
|
}
|
|
128
78
|
|
|
129
79
|
AbstractValue& operator=(const IntervalValue& other)
|
|
130
80
|
{
|
|
131
|
-
type = IntervalType;
|
|
132
81
|
interval = other;
|
|
82
|
+
addrs = AddressValue();
|
|
133
83
|
return *this;
|
|
134
84
|
}
|
|
135
85
|
|
|
136
86
|
AbstractValue& operator=(const AddressValue& other)
|
|
137
87
|
{
|
|
138
|
-
type = AddressType;
|
|
139
88
|
addrs = other;
|
|
89
|
+
interval = IntervalValue::bottom();
|
|
140
90
|
return *this;
|
|
141
91
|
}
|
|
142
92
|
|
|
143
|
-
AbstractValue(const IntervalValue& ival) :
|
|
93
|
+
AbstractValue(const IntervalValue& ival) : interval(ival), addrs(AddressValue()) {}
|
|
144
94
|
|
|
145
|
-
AbstractValue(const AddressValue& addr) :
|
|
95
|
+
AbstractValue(const AddressValue& addr) : interval(IntervalValue::bottom()), addrs(addr) {}
|
|
146
96
|
|
|
147
97
|
IntervalValue& getInterval()
|
|
148
98
|
{
|
|
149
|
-
if (isUnknown())
|
|
150
|
-
{
|
|
151
|
-
interval = IntervalValue::top();
|
|
152
|
-
}
|
|
153
99
|
return interval;
|
|
154
100
|
}
|
|
155
101
|
|
|
@@ -172,90 +118,36 @@ public:
|
|
|
172
118
|
|
|
173
119
|
bool equals(const AbstractValue &rhs) const
|
|
174
120
|
{
|
|
175
|
-
|
|
176
|
-
{
|
|
177
|
-
return false;
|
|
178
|
-
}
|
|
179
|
-
if (isInterval())
|
|
180
|
-
{
|
|
181
|
-
return interval.equals(rhs.interval);
|
|
182
|
-
}
|
|
183
|
-
if (isAddr())
|
|
184
|
-
{
|
|
185
|
-
return addrs.equals(rhs.addrs);
|
|
186
|
-
}
|
|
187
|
-
return false;
|
|
121
|
+
return interval.equals(rhs.interval) && addrs.equals(rhs.addrs);
|
|
188
122
|
}
|
|
189
123
|
|
|
190
124
|
void join_with(const AbstractValue &other)
|
|
191
125
|
{
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
*this = other;
|
|
195
|
-
return;
|
|
196
|
-
}
|
|
197
|
-
else if (type != other.type)
|
|
198
|
-
{
|
|
199
|
-
return;
|
|
200
|
-
}
|
|
201
|
-
if (isInterval() && other.isInterval())
|
|
202
|
-
{
|
|
203
|
-
interval.join_with(other.interval);
|
|
204
|
-
}
|
|
205
|
-
if (isAddr() && other.isAddr())
|
|
206
|
-
{
|
|
207
|
-
addrs.join_with(other.addrs);
|
|
208
|
-
}
|
|
209
|
-
return;
|
|
126
|
+
interval.join_with(other.interval);
|
|
127
|
+
addrs.join_with(other.addrs);
|
|
210
128
|
}
|
|
211
129
|
|
|
212
130
|
void meet_with(const AbstractValue &other)
|
|
213
131
|
{
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
return;
|
|
217
|
-
}
|
|
218
|
-
if (isInterval() && other.isInterval())
|
|
219
|
-
{
|
|
220
|
-
interval.meet_with(other.interval);
|
|
221
|
-
}
|
|
222
|
-
if (isAddr() && other.isAddr())
|
|
223
|
-
{
|
|
224
|
-
addrs.meet_with(other.addrs);
|
|
225
|
-
}
|
|
226
|
-
return;
|
|
132
|
+
interval.meet_with(other.interval);
|
|
133
|
+
addrs.meet_with(other.addrs);
|
|
227
134
|
}
|
|
228
135
|
|
|
229
136
|
void widen_with(const AbstractValue &other)
|
|
230
137
|
{
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
{
|
|
234
|
-
interval.widen_with(other.interval);
|
|
235
|
-
}
|
|
138
|
+
interval.widen_with(other.interval);
|
|
139
|
+
// TODO: widen Addrs
|
|
236
140
|
}
|
|
237
141
|
|
|
238
142
|
void narrow_with(const AbstractValue &other)
|
|
239
143
|
{
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
{
|
|
243
|
-
interval.narrow_with(other.interval);
|
|
244
|
-
}
|
|
144
|
+
interval.narrow_with(other.interval);
|
|
145
|
+
// TODO: narrow Addrs
|
|
245
146
|
}
|
|
246
147
|
|
|
247
148
|
std::string toString() const
|
|
248
149
|
{
|
|
249
|
-
|
|
250
|
-
{
|
|
251
|
-
return interval.toString();
|
|
252
|
-
}
|
|
253
|
-
else if (isAddr())
|
|
254
|
-
{
|
|
255
|
-
return addrs.toString();
|
|
256
|
-
}
|
|
257
|
-
return "";
|
|
150
|
+
return "<" + interval.toString() + ", " + addrs.toString() + ">";
|
|
258
151
|
}
|
|
259
|
-
|
|
260
152
|
};
|
|
261
153
|
}
|
|
@@ -41,8 +41,8 @@ namespace SVF
|
|
|
41
41
|
{
|
|
42
42
|
|
|
43
43
|
typedef WTOComponent<ICFG> ICFGWTOComp;
|
|
44
|
-
typedef WTONode<ICFG>
|
|
45
|
-
typedef WTOCycle<ICFG>
|
|
44
|
+
typedef WTONode<ICFG> ICFGSingletonWTO;
|
|
45
|
+
typedef WTOCycle<ICFG> ICFGCycleWTO;
|
|
46
46
|
|
|
47
47
|
class ICFGWTO : public WTO<ICFG>
|
|
48
48
|
{
|
|
@@ -157,11 +157,11 @@ protected:
|
|
|
157
157
|
bool isBranchFeasible(const IntraCFGEdge* intraEdge, AbstractState& as);
|
|
158
158
|
|
|
159
159
|
/**
|
|
160
|
-
* handle instructions in
|
|
160
|
+
* handle instructions in ICFGSingletonWTO
|
|
161
161
|
*
|
|
162
|
-
* @param block basic block that has a series of instructions
|
|
162
|
+
* @param block basic block that has one instruction or a series of instructions
|
|
163
163
|
*/
|
|
164
|
-
virtual void handleWTONode(const
|
|
164
|
+
virtual void handleWTONode(const ICFGSingletonWTO *icfgSingletonWto);
|
|
165
165
|
|
|
166
166
|
/**
|
|
167
167
|
* handle one instruction in ICFGNode
|
|
@@ -182,7 +182,7 @@ protected:
|
|
|
182
182
|
*
|
|
183
183
|
* @param cycle WTOCycle which has weak topo order of basic blocks and nested cycles
|
|
184
184
|
*/
|
|
185
|
-
virtual void handleCycle(const
|
|
185
|
+
virtual void handleCycle(const ICFGCycleWTO* cycle);
|
|
186
186
|
|
|
187
187
|
/**
|
|
188
188
|
* handle user defined function, ext function is not included.
|
|
@@ -62,19 +62,19 @@ public:
|
|
|
62
62
|
void narrowAddrs(AbstractState& es, AbstractState&lhs, const AbstractState&rhs);
|
|
63
63
|
|
|
64
64
|
/// Return the field address given a pointer points to a struct object and an offset
|
|
65
|
-
|
|
65
|
+
AddressValue getGepObjAddress(AbstractState& es, u32_t pointer, APOffset offset);
|
|
66
66
|
|
|
67
67
|
/// Return the value range of Integer SVF Type, e.g. unsigned i8 Type->[0, 255], signed i8 Type->[-128, 127]
|
|
68
|
-
|
|
68
|
+
IntervalValue getRangeLimitFromType(const SVFType* type);
|
|
69
69
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
70
|
+
IntervalValue getZExtValue(const AbstractState& es, const SVFVar* var);
|
|
71
|
+
IntervalValue getSExtValue(const AbstractState& es, const SVFVar* var);
|
|
72
|
+
IntervalValue getFPToSIntValue(const AbstractState& es, const SVFVar* var);
|
|
73
|
+
IntervalValue getFPToUIntValue(const AbstractState& es, const SVFVar* var);
|
|
74
|
+
IntervalValue getSIntToFPValue(const AbstractState& es, const SVFVar* var);
|
|
75
|
+
IntervalValue getUIntToFPValue(const AbstractState& es, const SVFVar* var);
|
|
76
|
+
IntervalValue getTruncValue(const AbstractState& es, const SVFVar* var, const SVFType* dstType);
|
|
77
|
+
IntervalValue getFPTruncValue(const AbstractState& es, const SVFVar* var, const SVFType* dstType);
|
|
78
78
|
|
|
79
79
|
/// Return the byte offset expression of a GepStmt
|
|
80
80
|
/// elemBytesize is the element byte size of an static alloc or heap alloc array
|
|
@@ -102,7 +102,7 @@ public:
|
|
|
102
102
|
inline AbstractValue &getAddrs(AbstractState& es, u32_t id)
|
|
103
103
|
{
|
|
104
104
|
if (inVarToAddrsTable(es, id))
|
|
105
|
-
return es
|
|
105
|
+
return es[id];
|
|
106
106
|
else
|
|
107
107
|
return globalNulladdrs;
|
|
108
108
|
}
|
package/svf/include/Graphs/WTO.h
CHANGED
|
@@ -395,21 +395,21 @@ public:
|
|
|
395
395
|
|
|
396
396
|
private:
|
|
397
397
|
/// Head of the cycle
|
|
398
|
-
const
|
|
398
|
+
const WTONode<GraphT>* _head;
|
|
399
399
|
|
|
400
400
|
/// List of components
|
|
401
401
|
WTOComponentRefList _components;
|
|
402
402
|
|
|
403
403
|
public:
|
|
404
404
|
/// Constructor
|
|
405
|
-
WTOCycle(const
|
|
405
|
+
WTOCycle(const WTONode<GraphT>* head, WTOComponentRefList components)
|
|
406
406
|
: WTOComponent<GraphT>(WTOComponent<GraphT>::Cycle), _head(head),
|
|
407
407
|
_components(std::move(components))
|
|
408
408
|
{
|
|
409
409
|
}
|
|
410
410
|
|
|
411
411
|
/// Return the head of the cycle
|
|
412
|
-
const
|
|
412
|
+
const WTONode<GraphT>* head() const
|
|
413
413
|
{
|
|
414
414
|
return _head;
|
|
415
415
|
}
|
|
@@ -451,7 +451,7 @@ public:
|
|
|
451
451
|
std::string str;
|
|
452
452
|
std::stringstream rawstr(str);
|
|
453
453
|
rawstr << "(";
|
|
454
|
-
rawstr << _head->getId() << ", ";
|
|
454
|
+
rawstr << _head->node()->getId() << ", ";
|
|
455
455
|
for (auto it = begin(), et = end(); it != et;)
|
|
456
456
|
{
|
|
457
457
|
rawstr << (*it)->toString();
|
|
@@ -687,7 +687,7 @@ protected:
|
|
|
687
687
|
|
|
688
688
|
void visit(const WTOCycleT& cycle) override
|
|
689
689
|
{
|
|
690
|
-
const NodeT* head = cycle.head();
|
|
690
|
+
const NodeT* head = cycle.head()->node();
|
|
691
691
|
WTOCycleDepthPtr previous_cycleDepth = _wtoCycleDepth;
|
|
692
692
|
_nodeToWTOCycleDepth.insert(std::make_pair(head, _wtoCycleDepth));
|
|
693
693
|
_wtoCycleDepth =
|
|
@@ -765,7 +765,7 @@ protected:
|
|
|
765
765
|
return ptr;
|
|
766
766
|
}
|
|
767
767
|
|
|
768
|
-
const WTOCycleT* newCycle(const
|
|
768
|
+
const WTOCycleT* newCycle(const WTONodeT* node,
|
|
769
769
|
const WTOComponentRefList& partition)
|
|
770
770
|
{
|
|
771
771
|
const WTOCycleT* ptr = new WTOCycleT(node, std::move(partition));
|
|
@@ -784,7 +784,8 @@ protected:
|
|
|
784
784
|
visit(succ, partition);
|
|
785
785
|
}
|
|
786
786
|
});
|
|
787
|
-
const
|
|
787
|
+
const WTONodeT* head = newNode(node);
|
|
788
|
+
const WTOCycleT* ptr = newCycle(head, partition);
|
|
788
789
|
headRefToCycle.emplace(node, ptr);
|
|
789
790
|
return ptr;
|
|
790
791
|
}
|
|
@@ -125,18 +125,7 @@ void AbstractState::joinWith(const AbstractState& other)
|
|
|
125
125
|
auto oit = _varToAbsVal.find(key);
|
|
126
126
|
if (oit != _varToAbsVal.end())
|
|
127
127
|
{
|
|
128
|
-
|
|
129
|
-
{
|
|
130
|
-
oit->second.getInterval().join_with(it->second.getInterval());
|
|
131
|
-
}
|
|
132
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
133
|
-
{
|
|
134
|
-
oit->second.getAddrs().join_with(it->second.getAddrs());
|
|
135
|
-
}
|
|
136
|
-
else
|
|
137
|
-
{
|
|
138
|
-
// do nothing
|
|
139
|
-
}
|
|
128
|
+
oit->second.join_with(it->second);
|
|
140
129
|
}
|
|
141
130
|
else
|
|
142
131
|
{
|
|
@@ -149,18 +138,7 @@ void AbstractState::joinWith(const AbstractState& other)
|
|
|
149
138
|
auto oit = _addrToAbsVal.find(key);
|
|
150
139
|
if (oit != _addrToAbsVal.end())
|
|
151
140
|
{
|
|
152
|
-
|
|
153
|
-
{
|
|
154
|
-
oit->second.getInterval().join_with(it->second.getInterval());
|
|
155
|
-
}
|
|
156
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
157
|
-
{
|
|
158
|
-
oit->second.getAddrs().join_with(it->second.getAddrs());
|
|
159
|
-
}
|
|
160
|
-
else
|
|
161
|
-
{
|
|
162
|
-
// do nothing
|
|
163
|
-
}
|
|
141
|
+
oit->second.join_with(it->second);
|
|
164
142
|
}
|
|
165
143
|
else
|
|
166
144
|
{
|
|
@@ -199,18 +177,7 @@ void AbstractState::meetWith(const AbstractState& other)
|
|
|
199
177
|
auto oit = _varToAbsVal.find(key);
|
|
200
178
|
if (oit != _varToAbsVal.end())
|
|
201
179
|
{
|
|
202
|
-
|
|
203
|
-
{
|
|
204
|
-
oit->second.getInterval().meet_with(it->second.getInterval());
|
|
205
|
-
}
|
|
206
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
207
|
-
{
|
|
208
|
-
oit->second.getAddrs().meet_with(it->second.getAddrs());
|
|
209
|
-
}
|
|
210
|
-
else
|
|
211
|
-
{
|
|
212
|
-
// do nothing
|
|
213
|
-
}
|
|
180
|
+
oit->second.meet_with(it->second);
|
|
214
181
|
}
|
|
215
182
|
}
|
|
216
183
|
for (auto it = other._addrToAbsVal.begin(); it != other._addrToAbsVal.end(); ++it)
|
|
@@ -219,18 +186,7 @@ void AbstractState::meetWith(const AbstractState& other)
|
|
|
219
186
|
auto oit = _addrToAbsVal.find(key);
|
|
220
187
|
if (oit != _addrToAbsVal.end())
|
|
221
188
|
{
|
|
222
|
-
|
|
223
|
-
{
|
|
224
|
-
oit->second.getInterval().meet_with(it->second.getInterval());
|
|
225
|
-
}
|
|
226
|
-
else if (oit->second.isAddr() && it->second.isAddr())
|
|
227
|
-
{
|
|
228
|
-
oit->second.getAddrs().meet_with(it->second.getAddrs());
|
|
229
|
-
}
|
|
230
|
-
else
|
|
231
|
-
{
|
|
232
|
-
// do nothing
|
|
233
|
-
}
|
|
189
|
+
oit->second.meet_with(it->second);
|
|
234
190
|
}
|
|
235
191
|
}
|
|
236
192
|
}
|
|
@@ -255,15 +211,6 @@ void AbstractState::printTable(const VarToAbsValMap&table, std::ostream &oss) co
|
|
|
255
211
|
for (const auto &item: ordered)
|
|
256
212
|
{
|
|
257
213
|
oss << "Var" << std::to_string(item);
|
|
258
|
-
|
|
259
|
-
{
|
|
260
|
-
IntervalValue sim = table.at(item).getInterval();
|
|
261
|
-
oss << "\t Value: " << std::dec << sim << "\n";
|
|
262
|
-
}
|
|
263
|
-
else if (table.at(item).isAddr())
|
|
264
|
-
{
|
|
265
|
-
AbstractValue sim = table.at(item);
|
|
266
|
-
oss << "\t Value: " << sim.getAddrs().toString() << "\n";
|
|
267
|
-
}
|
|
214
|
+
oss << "\t Value: " << table.at(item).toString() << "\n";
|
|
268
215
|
}
|
|
269
216
|
}
|
|
@@ -331,7 +331,7 @@ bool AbstractInterpretation::isCmpBranchFeasible(const CmpStmt* cmpStmt, s64_t s
|
|
|
331
331
|
// change interval range according to the compare predicate
|
|
332
332
|
AddressValue addrs;
|
|
333
333
|
if(load_op0 && new_es.inVarToAddrsTable(load_op0->getRHSVarID()))
|
|
334
|
-
addrs = new_es
|
|
334
|
+
addrs = new_es[load_op0->getRHSVarID()].getAddrs();
|
|
335
335
|
|
|
336
336
|
IntervalValue &lhs = new_es[op0].getInterval(), &rhs = new_es[op1].getInterval();
|
|
337
337
|
switch (predicate)
|
|
@@ -472,7 +472,7 @@ bool AbstractInterpretation::isSwitchBranchFeasible(const SVFVar* var, s64_t suc
|
|
|
472
472
|
{
|
|
473
473
|
if (new_es.inVarToAddrsTable(load->getRHSVarID()))
|
|
474
474
|
{
|
|
475
|
-
AddressValue &addrs = new_es
|
|
475
|
+
AddressValue &addrs = new_es[load->getRHSVarID()].getAddrs();
|
|
476
476
|
for (const auto &addr: addrs)
|
|
477
477
|
{
|
|
478
478
|
NodeID objId = new_es.getInternalID(addr);
|
|
@@ -518,8 +518,9 @@ bool AbstractInterpretation::isBranchFeasible(const IntraCFGEdge* intraEdge,
|
|
|
518
518
|
return true;
|
|
519
519
|
}
|
|
520
520
|
/// handle instructions in svf basic blocks
|
|
521
|
-
void AbstractInterpretation::handleWTONode(const
|
|
521
|
+
void AbstractInterpretation::handleWTONode(const ICFGSingletonWTO *icfgSingletonWto)
|
|
522
522
|
{
|
|
523
|
+
const ICFGNode* node = icfgSingletonWto->node();
|
|
523
524
|
_stat->getBlockTrace()++;
|
|
524
525
|
// Get execution states from in edges
|
|
525
526
|
if (!propagateStateIfFeasible(node))
|
|
@@ -690,30 +691,28 @@ void AbstractInterpretation::handleICFGNode(const ICFGNode *curICFGNode)
|
|
|
690
691
|
}
|
|
691
692
|
|
|
692
693
|
/// handle wto cycle (loop)
|
|
693
|
-
void AbstractInterpretation::handleCycle(const
|
|
694
|
+
void AbstractInterpretation::handleCycle(const ICFGCycleWTO*cycle)
|
|
694
695
|
{
|
|
695
696
|
// Get execution states from in edges
|
|
696
|
-
if (!propagateStateIfFeasible(cycle->head()))
|
|
697
|
+
if (!propagateStateIfFeasible(cycle->head()->node()))
|
|
697
698
|
{
|
|
698
699
|
// No ES on the in edges - Infeasible block
|
|
699
700
|
return;
|
|
700
701
|
}
|
|
701
|
-
AbstractState pre_es = _preAbsTrace[cycle->head()];
|
|
702
|
+
AbstractState pre_es = _preAbsTrace[cycle->head()->node()];
|
|
702
703
|
// set -widen-delay
|
|
703
704
|
s32_t widen_delay = Options::WidenDelay();
|
|
704
705
|
bool incresing = true;
|
|
705
706
|
for (int i = 0; ; i++)
|
|
706
707
|
{
|
|
707
|
-
|
|
708
|
-
// handle cycle head
|
|
709
|
-
handleWTONode(cycle_head);
|
|
708
|
+
handleWTONode(cycle->head());
|
|
710
709
|
if (i < widen_delay)
|
|
711
710
|
{
|
|
712
|
-
if (i> 0 && pre_es >= _postAbsTrace[
|
|
711
|
+
if (i> 0 && pre_es >= _postAbsTrace[cycle->head()->node()])
|
|
713
712
|
{
|
|
714
713
|
break;
|
|
715
714
|
}
|
|
716
|
-
pre_es = _postAbsTrace[
|
|
715
|
+
pre_es = _postAbsTrace[cycle->head()->node()];
|
|
717
716
|
}
|
|
718
717
|
else
|
|
719
718
|
{
|
|
@@ -722,7 +721,7 @@ void AbstractInterpretation::handleCycle(const ICFGWTOCycle *cycle)
|
|
|
722
721
|
if (incresing)
|
|
723
722
|
{
|
|
724
723
|
bool is_fixpoint =
|
|
725
|
-
isFixPointAfterWidening(
|
|
724
|
+
isFixPointAfterWidening(cycle->head()->node(), pre_es);
|
|
726
725
|
if (is_fixpoint)
|
|
727
726
|
{
|
|
728
727
|
incresing = false;
|
|
@@ -732,7 +731,7 @@ void AbstractInterpretation::handleCycle(const ICFGWTOCycle *cycle)
|
|
|
732
731
|
else if (!incresing)
|
|
733
732
|
{
|
|
734
733
|
bool is_fixpoint =
|
|
735
|
-
isFixPointAfterNarrowing(
|
|
734
|
+
isFixPointAfterNarrowing(cycle->head()->node(), pre_es);
|
|
736
735
|
if (is_fixpoint)
|
|
737
736
|
break;
|
|
738
737
|
}
|
|
@@ -741,11 +740,11 @@ void AbstractInterpretation::handleCycle(const ICFGWTOCycle *cycle)
|
|
|
741
740
|
for (auto it = cycle->begin(); it != cycle->end(); ++it)
|
|
742
741
|
{
|
|
743
742
|
const ICFGWTOComp* cur = *it;
|
|
744
|
-
if (const
|
|
743
|
+
if (const ICFGSingletonWTO* vertex = SVFUtil::dyn_cast<ICFGSingletonWTO>(cur))
|
|
745
744
|
{
|
|
746
|
-
handleWTONode(vertex
|
|
745
|
+
handleWTONode(vertex);
|
|
747
746
|
}
|
|
748
|
-
else if (const
|
|
747
|
+
else if (const ICFGCycleWTO* cycle2 = SVFUtil::dyn_cast<ICFGCycleWTO>(cur))
|
|
749
748
|
{
|
|
750
749
|
handleCycle(cycle2);
|
|
751
750
|
}
|
|
@@ -813,11 +812,11 @@ void AbstractInterpretation::handleFunc(const SVFFunction *func)
|
|
|
813
812
|
for (auto it = wto->begin(); it!= wto->end(); ++it)
|
|
814
813
|
{
|
|
815
814
|
const ICFGWTOComp* cur = *it;
|
|
816
|
-
if (const
|
|
815
|
+
if (const ICFGSingletonWTO* vertex = SVFUtil::dyn_cast<ICFGSingletonWTO>(cur))
|
|
817
816
|
{
|
|
818
|
-
handleWTONode(vertex
|
|
817
|
+
handleWTONode(vertex);
|
|
819
818
|
}
|
|
820
|
-
else if (const
|
|
819
|
+
else if (const ICFGCycleWTO* cycle = SVFUtil::dyn_cast<ICFGCycleWTO>(cur))
|
|
821
820
|
{
|
|
822
821
|
handleCycle(cycle);
|
|
823
822
|
}
|
|
@@ -930,7 +929,7 @@ void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
|
|
|
930
929
|
{
|
|
931
930
|
if (!rhsVar->isPointer() && !rhsVar->isConstDataOrAggDataButNotNullPtr())
|
|
932
931
|
{
|
|
933
|
-
const AbstractValue &addrs = as
|
|
932
|
+
const AbstractValue &addrs = as[lhs];
|
|
934
933
|
for (const auto &addr: addrs.getAddrs())
|
|
935
934
|
{
|
|
936
935
|
as.store(addr, IntervalValue::top());
|
|
@@ -1147,13 +1146,11 @@ std::string AbstractInterpretation::strRead(AbstractState& as, const SVFValue* r
|
|
|
1147
1146
|
if (!as.inVarToAddrsTable(_svfir->getValueNode(rhs))) continue;
|
|
1148
1147
|
AbstractValue expr0 =
|
|
1149
1148
|
_svfir2AbsState->getGepObjAddress(as, _svfir->getValueNode(rhs), index);
|
|
1150
|
-
AbstractValue val
|
|
1149
|
+
AbstractValue val;
|
|
1151
1150
|
for (const auto &addr: expr0.getAddrs())
|
|
1152
1151
|
{
|
|
1153
1152
|
val.join_with(as.load(addr));
|
|
1154
1153
|
}
|
|
1155
|
-
if (val.isUnknown())
|
|
1156
|
-
return str0;
|
|
1157
1154
|
if (!val.getInterval().is_numeral())
|
|
1158
1155
|
{
|
|
1159
1156
|
break;
|
|
@@ -1464,15 +1461,11 @@ IntervalValue AbstractInterpretation::getStrlen(AbstractState& as, const SVF::SV
|
|
|
1464
1461
|
{
|
|
1465
1462
|
AbstractValue expr0 =
|
|
1466
1463
|
_svfir2AbsState->getGepObjAddress(as, dstid, index);
|
|
1467
|
-
AbstractValue val
|
|
1464
|
+
AbstractValue val;
|
|
1468
1465
|
for (const auto &addr: expr0.getAddrs())
|
|
1469
1466
|
{
|
|
1470
1467
|
val.join_with(as.load(addr));
|
|
1471
1468
|
}
|
|
1472
|
-
if (val.isUnknown())
|
|
1473
|
-
{
|
|
1474
|
-
return IntervalValue((s64_t)0, (s64_t)Options::MaxFieldLimit());
|
|
1475
|
-
}
|
|
1476
1469
|
if (val.getInterval().is_numeral() && (char) val.getInterval().getIntNumeral() == '\0')
|
|
1477
1470
|
{
|
|
1478
1471
|
break;
|
|
@@ -46,7 +46,7 @@ AbstractValue SVF::SVFIR2AbsState::globalNulladdrs = AddressValue();
|
|
|
46
46
|
*
|
|
47
47
|
* @return An IntervalValue representing the lower and upper bounds of the range.
|
|
48
48
|
*/
|
|
49
|
-
|
|
49
|
+
IntervalValue SVFIR2AbsState::getRangeLimitFromType(const SVFType* type)
|
|
50
50
|
{
|
|
51
51
|
if (const SVFIntegerType* intType = SVFUtil::dyn_cast<SVFIntegerType>(type))
|
|
52
52
|
{
|
|
@@ -108,7 +108,7 @@ AbstractValue SVFIR2AbsState::getRangeLimitFromType(const SVFType* type)
|
|
|
108
108
|
}
|
|
109
109
|
}
|
|
110
110
|
|
|
111
|
-
|
|
111
|
+
IntervalValue SVFIR2AbsState::getZExtValue(const AbstractState& as, const SVFVar* var)
|
|
112
112
|
{
|
|
113
113
|
const SVFType* type = var->getType();
|
|
114
114
|
if (SVFUtil::isa<SVFIntegerType>(type))
|
|
@@ -153,12 +153,12 @@ AbstractValue SVFIR2AbsState::getZExtValue(const AbstractState& as, const SVFVar
|
|
|
153
153
|
return IntervalValue::top(); // TODO: may have better solution
|
|
154
154
|
}
|
|
155
155
|
|
|
156
|
-
|
|
156
|
+
IntervalValue SVFIR2AbsState::getSExtValue(const AbstractState& as, const SVFVar* var)
|
|
157
157
|
{
|
|
158
158
|
return as[var->getId()].getInterval();
|
|
159
159
|
}
|
|
160
160
|
|
|
161
|
-
|
|
161
|
+
IntervalValue SVFIR2AbsState::getFPToSIntValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
162
162
|
{
|
|
163
163
|
if (as[var->getId()].getInterval().is_real())
|
|
164
164
|
{
|
|
@@ -176,7 +176,7 @@ AbstractValue SVFIR2AbsState::getFPToSIntValue(const AbstractState& as, const SV
|
|
|
176
176
|
}
|
|
177
177
|
}
|
|
178
178
|
|
|
179
|
-
|
|
179
|
+
IntervalValue SVFIR2AbsState::getFPToUIntValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
180
180
|
{
|
|
181
181
|
if (as[var->getId()].getInterval().is_real())
|
|
182
182
|
{
|
|
@@ -194,7 +194,7 @@ AbstractValue SVFIR2AbsState::getFPToUIntValue(const AbstractState& as, const SV
|
|
|
194
194
|
}
|
|
195
195
|
}
|
|
196
196
|
|
|
197
|
-
|
|
197
|
+
IntervalValue SVFIR2AbsState::getSIntToFPValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
198
198
|
{
|
|
199
199
|
// get the sint value of ub and lb
|
|
200
200
|
s64_t sint_lb = as[var->getId()].getInterval().lb().getIntNumeral();
|
|
@@ -205,7 +205,7 @@ AbstractValue SVFIR2AbsState::getSIntToFPValue(const AbstractState& as, const SV
|
|
|
205
205
|
return IntervalValue(float_lb, float_ub);
|
|
206
206
|
}
|
|
207
207
|
|
|
208
|
-
|
|
208
|
+
IntervalValue SVFIR2AbsState::getUIntToFPValue(const AbstractState& as, const SVF::SVFVar* var)
|
|
209
209
|
{
|
|
210
210
|
// get the uint value of ub and lb
|
|
211
211
|
u64_t uint_lb = as[var->getId()].getInterval().lb().getIntNumeral();
|
|
@@ -216,7 +216,7 @@ AbstractValue SVFIR2AbsState::getUIntToFPValue(const AbstractState& as, const SV
|
|
|
216
216
|
return IntervalValue(float_lb, float_ub);
|
|
217
217
|
}
|
|
218
218
|
|
|
219
|
-
|
|
219
|
+
IntervalValue SVFIR2AbsState::getTruncValue(const AbstractState& as, const SVF::SVFVar* var, const SVFType* dstType)
|
|
220
220
|
{
|
|
221
221
|
// get the value of ub and lb
|
|
222
222
|
s64_t int_lb = as[var->getId()].getInterval().lb().getIntNumeral();
|
|
@@ -265,7 +265,7 @@ AbstractValue SVFIR2AbsState::getTruncValue(const AbstractState& as, const SVF::
|
|
|
265
265
|
}
|
|
266
266
|
}
|
|
267
267
|
|
|
268
|
-
|
|
268
|
+
IntervalValue SVFIR2AbsState::getFPTruncValue(const AbstractState& as, const SVF::SVFVar* var, const SVFType* dstType)
|
|
269
269
|
{
|
|
270
270
|
// TODO: now we do not really handle fptrunc
|
|
271
271
|
return as[var->getId()].getInterval();
|
|
@@ -357,7 +357,7 @@ void SVFIR2AbsState::narrowAddrs(AbstractState& as, AbstractState&lhs, const Abs
|
|
|
357
357
|
}
|
|
358
358
|
}
|
|
359
359
|
|
|
360
|
-
|
|
360
|
+
AddressValue SVFIR2AbsState::getGepObjAddress(AbstractState& as, u32_t pointer, APOffset offset)
|
|
361
361
|
{
|
|
362
362
|
AbstractValue addrs = getAddrs(as, pointer);
|
|
363
363
|
AddressValue ret = AddressValue();
|
|
@@ -573,25 +573,9 @@ void SVFIR2AbsState::initObjVar(AbstractState& as, const ObjVar* var)
|
|
|
573
573
|
void SVFIR2AbsState::handleAddr(AbstractState& as, const AddrStmt *addr)
|
|
574
574
|
{
|
|
575
575
|
initObjVar(as, SVFUtil::cast<ObjVar>(addr->getRHSVar()));
|
|
576
|
-
if (
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
if (addr->getRHSVar()->getType()->getKind() == SVFType::SVFIntegerTy)
|
|
580
|
-
{
|
|
581
|
-
as[addr->getRHSVarID()].meet_with(getRangeLimitFromType(addr->getRHSVar()->getType()));
|
|
582
|
-
}
|
|
583
|
-
as[addr->getLHSVarID()] = as[addr->getRHSVarID()];
|
|
584
|
-
|
|
585
|
-
}
|
|
586
|
-
else if (inVarToAddrsTable(as, addr->getRHSVarID()))
|
|
587
|
-
{
|
|
588
|
-
as[addr->getLHSVarID()] =
|
|
589
|
-
as[addr->getRHSVarID()];
|
|
590
|
-
}
|
|
591
|
-
else
|
|
592
|
-
{
|
|
593
|
-
assert(false && "not number or virtual addrs?");
|
|
594
|
-
}
|
|
576
|
+
if (addr->getRHSVar()->getType()->getKind() == SVFType::SVFIntegerTy)
|
|
577
|
+
as[addr->getRHSVarID()].getInterval().meet_with(getRangeLimitFromType(addr->getRHSVar()->getType()));
|
|
578
|
+
as[addr->getLHSVarID()] = as[addr->getRHSVarID()];
|
|
595
579
|
}
|
|
596
580
|
|
|
597
581
|
|
|
@@ -602,65 +586,62 @@ void SVFIR2AbsState::handleBinary(AbstractState& as, const BinaryOPStmt *binary)
|
|
|
602
586
|
u32_t res = binary->getResID();
|
|
603
587
|
if (!inVarToValTable(as, op0)) as[op0] = IntervalValue::top();
|
|
604
588
|
if (!inVarToValTable(as, op1)) as[op1] = IntervalValue::top();
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
assert(false && "undefined binary: ");
|
|
654
|
-
}
|
|
655
|
-
}
|
|
656
|
-
as[res] = resVal;
|
|
657
|
-
}
|
|
589
|
+
IntervalValue &lhs = as[op0].getInterval(), &rhs = as[op1].getInterval();
|
|
590
|
+
IntervalValue resVal;
|
|
591
|
+
switch (binary->getOpcode())
|
|
592
|
+
{
|
|
593
|
+
case BinaryOPStmt::Add:
|
|
594
|
+
case BinaryOPStmt::FAdd:
|
|
595
|
+
resVal = (lhs + rhs);
|
|
596
|
+
break;
|
|
597
|
+
case BinaryOPStmt::Sub:
|
|
598
|
+
case BinaryOPStmt::FSub:
|
|
599
|
+
resVal = (lhs - rhs);
|
|
600
|
+
break;
|
|
601
|
+
case BinaryOPStmt::Mul:
|
|
602
|
+
case BinaryOPStmt::FMul:
|
|
603
|
+
resVal = (lhs * rhs);
|
|
604
|
+
break;
|
|
605
|
+
case BinaryOPStmt::SDiv:
|
|
606
|
+
case BinaryOPStmt::FDiv:
|
|
607
|
+
case BinaryOPStmt::UDiv:
|
|
608
|
+
resVal = (lhs / rhs);
|
|
609
|
+
break;
|
|
610
|
+
case BinaryOPStmt::SRem:
|
|
611
|
+
case BinaryOPStmt::FRem:
|
|
612
|
+
case BinaryOPStmt::URem:
|
|
613
|
+
resVal = (lhs % rhs);
|
|
614
|
+
break;
|
|
615
|
+
case BinaryOPStmt::Xor:
|
|
616
|
+
resVal = (lhs ^ rhs);
|
|
617
|
+
break;
|
|
618
|
+
case BinaryOPStmt::And:
|
|
619
|
+
resVal = (lhs & rhs);
|
|
620
|
+
break;
|
|
621
|
+
case BinaryOPStmt::Or:
|
|
622
|
+
resVal = (lhs | rhs);
|
|
623
|
+
break;
|
|
624
|
+
case BinaryOPStmt::AShr:
|
|
625
|
+
resVal = (lhs >> rhs);
|
|
626
|
+
break;
|
|
627
|
+
case BinaryOPStmt::Shl:
|
|
628
|
+
resVal = (lhs << rhs);
|
|
629
|
+
break;
|
|
630
|
+
case BinaryOPStmt::LShr:
|
|
631
|
+
resVal = (lhs >> rhs);
|
|
632
|
+
break;
|
|
633
|
+
default:
|
|
634
|
+
assert(false && "undefined binary: ");
|
|
635
|
+
}
|
|
636
|
+
as[res] = resVal;
|
|
658
637
|
}
|
|
659
638
|
|
|
660
639
|
void SVFIR2AbsState::handleCmp(AbstractState& as, const CmpStmt *cmp)
|
|
661
640
|
{
|
|
662
641
|
u32_t op0 = cmp->getOpVarID(0);
|
|
663
642
|
u32_t op1 = cmp->getOpVarID(1);
|
|
643
|
+
if (!inVarToValTable(as, op0)) as[op0] = IntervalValue::top();
|
|
644
|
+
if (!inVarToValTable(as, op1)) as[op1] = IntervalValue::top();
|
|
664
645
|
u32_t res = cmp->getResID();
|
|
665
646
|
if (inVarToValTable(as, op0) && inVarToValTable(as, op1))
|
|
666
647
|
{
|
|
@@ -840,40 +821,22 @@ void SVFIR2AbsState::handleLoad(AbstractState& as, const LoadStmt *load)
|
|
|
840
821
|
{
|
|
841
822
|
u32_t rhs = load->getRHSVarID();
|
|
842
823
|
u32_t lhs = load->getLHSVarID();
|
|
843
|
-
|
|
844
|
-
|
|
845
|
-
|
|
846
|
-
|
|
847
|
-
|
|
848
|
-
|
|
849
|
-
{
|
|
850
|
-
// inLocToAbsVal()
|
|
851
|
-
// absRhs.join_with
|
|
852
|
-
// as.load()
|
|
853
|
-
u32_t objId = getInternalID(addr);
|
|
854
|
-
if (inAddrTable(as, objId))
|
|
855
|
-
{
|
|
856
|
-
rhsVal.join_with(as.load(addr));
|
|
857
|
-
}
|
|
858
|
-
}
|
|
859
|
-
if (!rhsVal.isUnknown())
|
|
860
|
-
as[lhs] = rhsVal;
|
|
861
|
-
}
|
|
824
|
+
AbstractValue &addrs = as[rhs];
|
|
825
|
+
AbstractValue rhsVal; // interval::bottom Address::bottom
|
|
826
|
+
// AbstractValue absRhs
|
|
827
|
+
for (const auto &addr: addrs.getAddrs())
|
|
828
|
+
rhsVal.join_with(as.load(addr));
|
|
829
|
+
as[lhs] = rhsVal;
|
|
862
830
|
}
|
|
863
831
|
|
|
864
832
|
void SVFIR2AbsState::handleStore(AbstractState& as, const StoreStmt *store)
|
|
865
833
|
{
|
|
866
834
|
u32_t rhs = store->getRHSVarID();
|
|
867
835
|
u32_t lhs = store->getLHSVarID();
|
|
868
|
-
|
|
836
|
+
|
|
837
|
+
for (const auto &addr: as[lhs].getAddrs())
|
|
869
838
|
{
|
|
870
|
-
|
|
871
|
-
{
|
|
872
|
-
for (const auto &addr: as[lhs].getAddrs())
|
|
873
|
-
{
|
|
874
|
-
as.store(addr, as[rhs]);
|
|
875
|
-
}
|
|
876
|
-
}
|
|
839
|
+
as.store(addr, as[rhs]);
|
|
877
840
|
}
|
|
878
841
|
}
|
|
879
842
|
|
|
@@ -882,72 +845,65 @@ void SVFIR2AbsState::handleCopy(AbstractState& as, const CopyStmt *copy)
|
|
|
882
845
|
u32_t lhs = copy->getLHSVarID();
|
|
883
846
|
u32_t rhs = copy->getRHSVarID();
|
|
884
847
|
|
|
885
|
-
if (
|
|
848
|
+
if (copy->getCopyKind() == CopyStmt::COPYVAL)
|
|
849
|
+
{
|
|
850
|
+
as[lhs] = as[rhs];
|
|
851
|
+
}
|
|
852
|
+
else if (copy->getCopyKind() == CopyStmt::ZEXT)
|
|
853
|
+
{
|
|
854
|
+
as[lhs] = getZExtValue(as, copy->getRHSVar());
|
|
855
|
+
}
|
|
856
|
+
else if (copy->getCopyKind() == CopyStmt::SEXT)
|
|
857
|
+
{
|
|
858
|
+
as[lhs] = getSExtValue(as, copy->getRHSVar());
|
|
859
|
+
}
|
|
860
|
+
else if (copy->getCopyKind() == CopyStmt::FPTOSI)
|
|
861
|
+
{
|
|
862
|
+
as[lhs] = getFPToSIntValue(as, copy->getRHSVar());
|
|
863
|
+
}
|
|
864
|
+
else if (copy->getCopyKind() == CopyStmt::FPTOUI)
|
|
865
|
+
{
|
|
866
|
+
as[lhs] = getFPToUIntValue(as, copy->getRHSVar());
|
|
867
|
+
}
|
|
868
|
+
else if (copy->getCopyKind() == CopyStmt::SITOFP)
|
|
869
|
+
{
|
|
870
|
+
as[lhs] = getSIntToFPValue(as, copy->getRHSVar());
|
|
871
|
+
}
|
|
872
|
+
else if (copy->getCopyKind() == CopyStmt::UITOFP)
|
|
886
873
|
{
|
|
887
|
-
|
|
874
|
+
as[lhs] = getUIntToFPValue(as, copy->getRHSVar());
|
|
875
|
+
}
|
|
876
|
+
else if (copy->getCopyKind() == CopyStmt::TRUNC)
|
|
877
|
+
{
|
|
878
|
+
as[lhs] = getTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
879
|
+
}
|
|
880
|
+
else if (copy->getCopyKind() == CopyStmt::FPTRUNC)
|
|
881
|
+
{
|
|
882
|
+
as[lhs] = getFPTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
883
|
+
}
|
|
884
|
+
else if (copy->getCopyKind() == CopyStmt::INTTOPTR)
|
|
885
|
+
{
|
|
886
|
+
//insert nullptr
|
|
887
|
+
}
|
|
888
|
+
else if (copy->getCopyKind() == CopyStmt::PTRTOINT)
|
|
889
|
+
{
|
|
890
|
+
as[lhs] = IntervalValue::top();
|
|
891
|
+
}
|
|
892
|
+
else if (copy->getCopyKind() == CopyStmt::BITCAST)
|
|
893
|
+
{
|
|
894
|
+
if (as[rhs].isAddr())
|
|
888
895
|
{
|
|
889
896
|
as[lhs] = as[rhs];
|
|
890
897
|
}
|
|
891
|
-
else if (copy->getCopyKind() == CopyStmt::ZEXT)
|
|
892
|
-
{
|
|
893
|
-
as[lhs] = getZExtValue(as, copy->getRHSVar());
|
|
894
|
-
}
|
|
895
|
-
else if (copy->getCopyKind() == CopyStmt::SEXT)
|
|
896
|
-
{
|
|
897
|
-
as[lhs] = getSExtValue(as, copy->getRHSVar());
|
|
898
|
-
}
|
|
899
|
-
else if (copy->getCopyKind() == CopyStmt::FPTOSI)
|
|
900
|
-
{
|
|
901
|
-
as[lhs] = getFPToSIntValue(as, copy->getRHSVar());
|
|
902
|
-
}
|
|
903
|
-
else if (copy->getCopyKind() == CopyStmt::FPTOUI)
|
|
904
|
-
{
|
|
905
|
-
as[lhs] = getFPToUIntValue(as, copy->getRHSVar());
|
|
906
|
-
}
|
|
907
|
-
else if (copy->getCopyKind() == CopyStmt::SITOFP)
|
|
908
|
-
{
|
|
909
|
-
as[lhs] = getSIntToFPValue(as, copy->getRHSVar());
|
|
910
|
-
}
|
|
911
|
-
else if (copy->getCopyKind() == CopyStmt::UITOFP)
|
|
912
|
-
{
|
|
913
|
-
as[lhs] = getUIntToFPValue(as, copy->getRHSVar());
|
|
914
|
-
}
|
|
915
|
-
else if (copy->getCopyKind() == CopyStmt::TRUNC)
|
|
916
|
-
{
|
|
917
|
-
as[lhs] = getTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
918
|
-
}
|
|
919
|
-
else if (copy->getCopyKind() == CopyStmt::FPTRUNC)
|
|
920
|
-
{
|
|
921
|
-
as[lhs] = getFPTruncValue(as, copy->getRHSVar(), copy->getLHSVar()->getType());
|
|
922
|
-
}
|
|
923
|
-
else if (copy->getCopyKind() == CopyStmt::INTTOPTR)
|
|
924
|
-
{
|
|
925
|
-
//insert nullptr
|
|
926
|
-
}
|
|
927
|
-
else if (copy->getCopyKind() == CopyStmt::PTRTOINT)
|
|
928
|
-
{
|
|
929
|
-
as[lhs] = IntervalValue::top();
|
|
930
|
-
}
|
|
931
|
-
else if (copy->getCopyKind() == CopyStmt::BITCAST)
|
|
932
|
-
{
|
|
933
|
-
if (as[rhs].isAddr())
|
|
934
|
-
{
|
|
935
|
-
as[lhs] = as[rhs];
|
|
936
|
-
}
|
|
937
|
-
else
|
|
938
|
-
{
|
|
939
|
-
// do nothing
|
|
940
|
-
}
|
|
941
|
-
}
|
|
942
898
|
else
|
|
943
899
|
{
|
|
944
|
-
|
|
945
|
-
abort();
|
|
900
|
+
// do nothing
|
|
946
901
|
}
|
|
947
902
|
}
|
|
948
|
-
else
|
|
903
|
+
else
|
|
949
904
|
{
|
|
950
|
-
|
|
905
|
+
assert(false && "undefined copy kind");
|
|
906
|
+
abort();
|
|
951
907
|
}
|
|
952
908
|
}
|
|
953
909
|
|
|
@@ -955,24 +911,15 @@ void SVFIR2AbsState::handleGep(AbstractState& as, const GepStmt *gep)
|
|
|
955
911
|
{
|
|
956
912
|
u32_t rhs = gep->getRHSVarID();
|
|
957
913
|
u32_t lhs = gep->getLHSVarID();
|
|
958
|
-
if (!inVarToAddrsTable(as, rhs)) return;
|
|
959
|
-
AbstractValue &rhsVal = as[rhs];
|
|
960
914
|
IntervalValue offsetPair = getElementIndex(as, gep);
|
|
961
|
-
|
|
962
|
-
|
|
963
|
-
|
|
964
|
-
|
|
965
|
-
|
|
966
|
-
|
|
967
|
-
|
|
968
|
-
|
|
969
|
-
offsetPair.ub().getIntNumeral(): Options::MaxFieldLimit();
|
|
970
|
-
for (APOffset i = lb; i <= ub; i++)
|
|
971
|
-
gepAddrs.join_with(getGepObjAddress(as, rhs, i));
|
|
972
|
-
if (!rhsVal.isUnknown())
|
|
973
|
-
as[lhs] = gepAddrs;
|
|
974
|
-
return;
|
|
975
|
-
}
|
|
915
|
+
AbstractValue gepAddrs;
|
|
916
|
+
APOffset lb = offsetPair.lb().getIntNumeral() < Options::MaxFieldLimit()?
|
|
917
|
+
offsetPair.lb().getIntNumeral(): Options::MaxFieldLimit();
|
|
918
|
+
APOffset ub = offsetPair.ub().getIntNumeral() < Options::MaxFieldLimit()?
|
|
919
|
+
offsetPair.ub().getIntNumeral(): Options::MaxFieldLimit();
|
|
920
|
+
for (APOffset i = lb; i <= ub; i++)
|
|
921
|
+
gepAddrs.join_with(getGepObjAddress(as, rhs, i));
|
|
922
|
+
as[lhs] = gepAddrs;
|
|
976
923
|
}
|
|
977
924
|
|
|
978
925
|
void SVFIR2AbsState::handleSelect(AbstractState& as, const SelectStmt *select)
|
|
@@ -981,41 +928,27 @@ void SVFIR2AbsState::handleSelect(AbstractState& as, const SelectStmt *select)
|
|
|
981
928
|
u32_t tval = select->getTrueValue()->getId();
|
|
982
929
|
u32_t fval = select->getFalseValue()->getId();
|
|
983
930
|
u32_t cond = select->getCondition()->getId();
|
|
984
|
-
if (
|
|
931
|
+
if (as[cond].getInterval().is_numeral())
|
|
985
932
|
{
|
|
986
|
-
|
|
987
|
-
{
|
|
988
|
-
as[res] = as[cond].getInterval().is_zero() ? as[fval] : as[tval];
|
|
989
|
-
}
|
|
990
|
-
else
|
|
991
|
-
{
|
|
992
|
-
as[res] = as[cond];
|
|
993
|
-
}
|
|
933
|
+
as[res] = as[cond].getInterval().is_zero() ? as[fval] : as[tval];
|
|
994
934
|
}
|
|
995
|
-
else
|
|
935
|
+
else
|
|
996
936
|
{
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
as.getAddrs(res) = as[cond].getInterval().is_zero() ? getAddrs(as, fval) : getAddrs(as, tval);
|
|
1000
|
-
}
|
|
937
|
+
as[res] = as[tval];
|
|
938
|
+
as[res].join_with(as[fval]);
|
|
1001
939
|
}
|
|
1002
940
|
}
|
|
1003
941
|
|
|
1004
942
|
void SVFIR2AbsState::handlePhi(AbstractState& as, const PhiStmt *phi)
|
|
1005
943
|
{
|
|
1006
944
|
u32_t res = phi->getResID();
|
|
1007
|
-
AbstractValue rhs
|
|
945
|
+
AbstractValue rhs;
|
|
1008
946
|
for (u32_t i = 0; i < phi->getOpVarNum(); i++)
|
|
1009
947
|
{
|
|
1010
948
|
NodeID curId = phi->getOpVarID(i);
|
|
1011
|
-
|
|
1012
|
-
if (inVarToValTable(as, curId) || inVarToAddrsTable(as, curId))
|
|
1013
|
-
{
|
|
1014
|
-
rhs.join_with(as[curId]);
|
|
1015
|
-
}
|
|
949
|
+
rhs.join_with(as[curId]);
|
|
1016
950
|
}
|
|
1017
|
-
|
|
1018
|
-
as[res] = rhs;
|
|
951
|
+
as[res] = rhs;
|
|
1019
952
|
}
|
|
1020
953
|
|
|
1021
954
|
|
|
@@ -1023,18 +956,12 @@ void SVFIR2AbsState::handleCall(AbstractState& as, const CallPE *callPE)
|
|
|
1023
956
|
{
|
|
1024
957
|
NodeID lhs = callPE->getLHSVarID();
|
|
1025
958
|
NodeID rhs = callPE->getRHSVarID();
|
|
1026
|
-
|
|
1027
|
-
{
|
|
1028
|
-
as[lhs] = as[rhs];
|
|
1029
|
-
}
|
|
959
|
+
as[lhs] = as[rhs];
|
|
1030
960
|
}
|
|
1031
961
|
|
|
1032
962
|
void SVFIR2AbsState::handleRet(AbstractState& as, const RetPE *retPE)
|
|
1033
963
|
{
|
|
1034
964
|
NodeID lhs = retPE->getLHSVarID();
|
|
1035
965
|
NodeID rhs = retPE->getRHSVarID();
|
|
1036
|
-
|
|
1037
|
-
{
|
|
1038
|
-
as[lhs] = as[rhs];
|
|
1039
|
-
}
|
|
966
|
+
as[lhs] = as[rhs];
|
|
1040
967
|
}
|