svf-tools 1.0.972 → 1.0.974

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.972",
+  "version": "1.0.974",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Core/AbstractState.h

@@ -46,8 +46,9 @@
 #ifndef Z3_EXAMPLE_INTERVAL_DOMAIN_H
 #define Z3_EXAMPLE_INTERVAL_DOMAIN_H
 
-#include "AE/Core/IntervalValue.h"
 #include "AE/Core/AbstractValue.h"
+#include "AE/Core/IntervalValue.h"
+#include "SVFIR/SVFVariables.h"
 #include "Util/Z3Expr.h"
 
 #include <iomanip>
@@ -79,6 +80,21 @@ public:
 
     virtual ~AbstractState() = default;
 
+    // getGepObjAddrs
+    AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset);
+
+    // initObjVar
+    void initObjVar(ObjVar* objVar);
+    // getElementIndex
+    IntervalValue getElementIndex(const GepStmt* gep);
+    // getByteOffset
+    IntervalValue getByteOffset(const GepStmt* gep);
+    // printAbstractState
+    // loadValue
+    AbstractValue loadValue(NodeID varId);
+    // storeValue
+    void storeValue(NodeID varId, AbstractValue val);
+
 
     /// The physical address starts with 0x7f...... + idx
     static inline u32_t getVirtualMemAddress(u32_t idx)
@@ -258,14 +274,9 @@ public:
     /// domain narrow with other, and return the narrowed domain
     AbstractState narrowing(const AbstractState&other);
 
-    /// domain widen with other, important! other widen this.
-    void widenWith(const AbstractState&other);
-
     /// domain join with other, important! other widen this.
     void joinWith(const AbstractState&other);
 
-    /// domain narrow with other, important! other widen this.
-    void narrowWith(const AbstractState&other);
 
     /// domain meet with other, important! other widen this.
     void meetWith(const AbstractState&other);
@@ -299,8 +310,7 @@ public:
     }
 
 
-    /// Print values of all expressions
-    void printExprValues(std::ostream &oss) const;
+    void printAbstractState() const;
 
     std::string toString() const
     {
@@ -386,9 +396,6 @@ public:
     }
 
 
-protected:
-    void printTable(const VarToAbsValMap&table, std::ostream &oss) const;
-
 };
 
 }

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -29,9 +29,9 @@
 //
 
 #include "AE/Core/ICFGWTO.h"
-#include "AE/Svfexe/SVFIR2AbsState.h"
 #include "Util/SVFBugReport.h"
 #include "WPA/Andersen.h"
+#include "AE/Core/AbstractState.h"
 
 namespace SVF
 {
@@ -137,8 +137,8 @@ protected:
     /// Global ICFGNode is handled at the entry of the program,
     virtual void handleGlobalNode();
 
-    /// mark recursive functions by detecting SCC in callgraph
-    void markRecursiveFuns();
+    /// Mark recursive functions in the call graph
+    void initWTO();
 
     /**
      * Check if execution state exist by merging states of predecessor nodes
@@ -146,7 +146,7 @@ protected:
      * @param curNode The ICFGNode to analyse
      * @return if this node has preceding execution state
      */
-    bool propagateStateIfFeasible(const ICFGNode* curNode);
+    bool mergeStatesFromPredecessors(const ICFGNode* curNode);
 
     /**
      * Check if execution state exist at the branch edge
@@ -161,14 +161,7 @@ protected:
      *
      * @param block basic block that has one instruction or a series of instructions
      */
-    virtual void handleWTONode(const ICFGSingletonWTO *icfgSingletonWto);
-
-    /**
-     * handle one instruction in ICFGNode
-     *
-     * @param node ICFGNode which has a single instruction
-     */
-    virtual void handleICFGNode(const ICFGNode* node);
+    virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto);
 
     /**
      * handle call node in ICFGNode
@@ -182,14 +175,10 @@ protected:
      *
      * @param cycle WTOCycle which has weak topo order of basic blocks and nested cycles
      */
-    virtual void handleCycle(const ICFGCycleWTO* cycle);
+    virtual void handleCycleWTO(const ICFGCycleWTO* cycle);
+
+    void handleWTOComponents(const std::list<const ICFGWTOComp*>& wtoComps);
 
-    /**
-     * handle user defined function, ext function is not included.
-     *
-     * @param func SVFFunction which has a series of basic blocks
-     */
-    virtual void handleFunc(const SVFFunction* func);
 
     /**
      * handle SVF Statement like CmpStmt, CallStmt, GepStmt, LoadStmt, StoreStmt, etc.
@@ -332,11 +321,34 @@ protected:
     void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
 
 
+    void updateStateOnAddr(const AddrStmt *addr);
+
+    void updateStateOnBinary(const BinaryOPStmt *binary);
+
+    void updateStateOnCmp(const CmpStmt *cmp);
+
+    void updateStateOnLoad(const LoadStmt *load);
+
+    void updateStateOnStore(const StoreStmt *store);
+
+    void updateStateOnCopy(const CopyStmt *copy);
+
+    void updateStateOnCall(const CallPE *callPE);
+
+    void updateStateOnRet(const RetPE *retPE);
+
+    void updateStateOnGep(const GepStmt *gep);
+
+    void updateStateOnSelect(const SelectStmt *select);
+
+    void updateStateOnPhi(const PhiStmt *phi);
+
+    IntervalValue getRangeLimitFromType(const SVFType* type);
+
+
     /// protected data members, also used in subclasses
     SVFIR* _svfir;
-    PTACallGraph* _callgraph;
     /// Execution State, used to store the Interval Value of every SVF variable
-    SVFIR2AbsState* _svfir2AbsState;
     AEAPI* _api{nullptr};
 
     ICFG* _icfg;
@@ -347,7 +359,6 @@ protected:
     SVFBugReport _recoder;
     std::vector<const CallICFGNode*> _callSiteStack;
     Map<const ICFGNode*, std::string> _nodeToBugInfo;
-    AndersenWaveDiff* _ander;
     Map<const SVFFunction*, ICFGWTO*> _funcToWTO;
     Set<const SVFFunction*> _recursiveFuns;
 
@@ -363,13 +374,8 @@ private:
     virtual void indirectCallFunPass(const CallICFGNode* callNode);
 
 protected:
-    // helper functions in handleCycle
-    bool isFixPointAfterWidening(const ICFGNode* cycle_head,
-                                 AbstractState& pre_as);
-    bool isFixPointAfterNarrowing(const SVF::ICFGNode* cycle_head,
-                                  SVF::AbstractState& pre_as);
 
-    AbstractState& getAbsState(const ICFGNode* node)
+    AbstractState& getAbsStateFromTrace(const ICFGNode* node)
     {
         const ICFGNode* repNode = _icfg->getRepNode(node);
         if (_postAbsTrace.count(repNode) == 0)
@@ -382,6 +388,12 @@ protected:
         }
     }
 
+    bool hasAbsStateFromTrace(const ICFGNode* node)
+    {
+        const ICFGNode* repNode = _icfg->getRepNode(node);
+        return _postAbsTrace.count(repNode) != 0;
+    }
+
 protected:
     // there data should be shared with subclasses
     Map<std::string, std::function<void(const CallSite &)>> _func_map;

package/svf/include/AE/Svfexe/BufOverflowChecker.h

@@ -174,12 +174,23 @@ private:
     */
     virtual void handleSVFStatement(const SVFStmt *stmt) override;
 
-    /**
-    * handle ICFGNode regarding buffer overflow checking
-    *
-    * @param node ICFGNode
-    */
-    virtual void handleICFGNode(const SVF::ICFGNode *node) override;
+    // TODO: will delete later
+    virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto) override
+    {
+        AbstractInterpretation::handleSingletonWTO(icfgSingletonWto);
+        const ICFGNode* repNode = _icfg->getRepNode(icfgSingletonWto->node());
+        if (_postAbsTrace.count(repNode) == 0)
+        {
+            return;
+        }
+        const std::vector<const ICFGNode*>& worklist_vec = _icfg->getSubNodes(icfgSingletonWto->node());
+
+        for (auto it = worklist_vec.begin(); it != worklist_vec.end(); ++it)
+        {
+            const ICFGNode* curNode = *it;
+            detectBufOverflow(curNode);
+        }
+    }
 
     /**
     * check buffer overflow at ICFGNode which is a checkpoint

package/svf/include/AE/Svfexe/ICFGSimplification.h

@@ -27,7 +27,6 @@
 // The implementation is based on
 // Xiao Cheng, Jiawei Wang and Yulei Sui. Precise Sparse Abstract Execution via Cross-Domain Interaction.
 // 46th International Conference on Software Engineering. (ICSE24)
-#include "AE/Svfexe/SVFIR2AbsState.h"
 #include "Graphs/ICFG.h"
 
 namespace SVF

package/svf/include/Util/SVFBugReport.h

@@ -209,7 +209,7 @@ class DoubleFreeBug : public GenericBug
 {
 public:
     DoubleFreeBug(const EventStack &bugEventStack):
-        GenericBug(GenericBug::PARTIALLEAK, bugEventStack) { }
+        GenericBug(GenericBug::DOUBLEFREE, bugEventStack) { }
 
     cJSON *getBugDescription() const;
     void printBugToTerminal() const;
@@ -225,7 +225,7 @@ class FileNeverCloseBug : public GenericBug
 {
 public:
     FileNeverCloseBug(const EventStack &bugEventStack):
-        GenericBug(GenericBug::NEVERFREE, bugEventStack) {  };
+        GenericBug(GenericBug::FILENEVERCLOSE, bugEventStack) {  };
 
     cJSON *getBugDescription() const;
     void printBugToTerminal() const;
@@ -241,7 +241,7 @@ class FilePartialCloseBug : public GenericBug
 {
 public:
     FilePartialCloseBug(const EventStack &bugEventStack):
-        GenericBug(GenericBug::PARTIALLEAK, bugEventStack) { }
+        GenericBug(GenericBug::FILEPARTIALCLOSE, bugEventStack) { }
 
     cJSON *getBugDescription() const;
     void printBugToTerminal() const;

package/svf/lib/AE/Core/AbstractState.cpp

@@ -29,6 +29,7 @@
 
 #include "AE/Core/AbstractState.h"
 #include "Util/SVFUtil.h"
+#include "Util/Options.h"
 
 using namespace SVF;
 using namespace SVFUtil;
@@ -97,25 +98,6 @@ AbstractState AbstractState::narrowing(const AbstractState& other)
 
 }
 
-/// domain widen with other, important! other widen this.
-void AbstractState::widenWith(const AbstractState& other)
-{
-    for (auto it = _varToAbsVal.begin(); it != _varToAbsVal.end(); ++it)
-    {
-        auto key = it->first;
-        if (other.getVarToVal().find(key) != other.getVarToVal().end())
-            if (it->second.isInterval() && other._varToAbsVal.at(key).isInterval())
-                it->second.getInterval().widen_with(other._varToAbsVal.at(key).getInterval());
-    }
-    for (auto it = _addrToAbsVal.begin(); it != _addrToAbsVal.end(); ++it)
-    {
-        auto key = it->first;
-        if (other._addrToAbsVal.find(key) != other._addrToAbsVal.end())
-            if (it->second.isInterval() && other._varToAbsVal.at(key).isInterval())
-                it->second.getInterval().widen_with(other._addrToAbsVal.at(key).getInterval());
-    }
-}
-
 /// domain join with other, important! other widen this.
 void AbstractState::joinWith(const AbstractState& other)
 {
@@ -147,27 +129,6 @@ void AbstractState::joinWith(const AbstractState& other)
     }
 }
 
-/// domain narrow with other, important! other widen this.
-void AbstractState::narrowWith(const AbstractState& other)
-{
-    for (auto it = _varToAbsVal.begin(); it != _varToAbsVal.end(); ++it)
-    {
-        auto key = it->first;
-        auto oit = other.getVarToVal().find(key);
-        if (oit != other.getVarToVal().end())
-            if (it->second.isInterval() && oit->second.isInterval())
-                it->second.getInterval().narrow_with(oit->second.getInterval());
-    }
-    for (auto it = _addrToAbsVal.begin(); it != _addrToAbsVal.end(); ++it)
-    {
-        auto key = it->first;
-        auto oit = other._addrToAbsVal.find(key);
-        if (oit != other._addrToAbsVal.end())
-            if (it->second.isInterval() && oit->second.isInterval())
-                it->second.getInterval().narrow_with(oit->second.getInterval());
-    }
-}
-
 /// domain meet with other, important! other widen this.
 void AbstractState::meetWith(const AbstractState& other)
 {
@@ -191,26 +152,320 @@ void AbstractState::meetWith(const AbstractState& other)
     }
 }
 
-/// Print values of all expressions
-void AbstractState::printExprValues(std::ostream &oss) const
+// getGepObjAddrs
+AddressValue AbstractState::getGepObjAddrs(u32_t pointer, IntervalValue offset)
+{
+    AddressValue gepAddrs;
+    APOffset lb = offset.lb().getIntNumeral() < Options::MaxFieldLimit() ? offset.lb().getIntNumeral()
+                  : Options::MaxFieldLimit();
+    APOffset ub = offset.ub().getIntNumeral() < Options::MaxFieldLimit() ? offset.ub().getIntNumeral()
+                  : Options::MaxFieldLimit();
+    for (APOffset i = lb; i <= ub; i++)
+    {
+        AbstractValue addrs = (*this)[pointer];
+        for (const auto& addr : addrs.getAddrs())
+        {
+            s64_t baseObj = AbstractState::getInternalID(addr);
+            assert(SVFUtil::isa<ObjVar>(PAG::getPAG()->getGNode(baseObj)) && "Fail to get the base object address!");
+            NodeID gepObj = PAG::getPAG()->getGepObjVar(baseObj, i);
+            (*this)[gepObj] = AddressValue(AbstractState::getVirtualMemAddress(gepObj));
+            gepAddrs.insert(AbstractState::getVirtualMemAddress(gepObj));
+        }
+    }
+
+    return gepAddrs;
+}
+// initObjVar
+void AbstractState::initObjVar(ObjVar* objVar)
+{
+    NodeID varId = objVar->getId();
+
+    // Check if the object variable has an associated value
+    if (objVar->hasValue())
+    {
+        const MemObj* obj = objVar->getMemObj();
+
+        // Handle constant data, arrays, and structures
+        if (obj->isConstDataOrConstGlobal() || obj->isConstantArray() || obj->isConstantStruct())
+        {
+            if (const SVFConstantInt* consInt = SVFUtil::dyn_cast<SVFConstantInt>(obj->getValue()))
+            {
+                s64_t numeral = consInt->getSExtValue();
+                (*this)[varId] = IntervalValue(numeral, numeral);
+            }
+            else if (const SVFConstantFP* consFP = SVFUtil::dyn_cast<SVFConstantFP>(obj->getValue()))
+            {
+                (*this)[varId] = IntervalValue(consFP->getFPValue(), consFP->getFPValue());
+            }
+            else if (SVFUtil::isa<SVFConstantNullPtr>(obj->getValue()))
+            {
+                (*this)[varId] = IntervalValue(0, 0);
+            }
+            else if (SVFUtil::isa<SVFGlobalValue>(obj->getValue()))
+            {
+                (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
+            }
+            else if (obj->isConstantArray() || obj->isConstantStruct())
+            {
+                (*this)[varId] = IntervalValue::top();
+            }
+            else
+            {
+                (*this)[varId] = IntervalValue::top();
+            }
+        }
+        // Handle non-constant memory objects
+        else
+        {
+            (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
+        }
+    }
+    // If the object variable does not have an associated value, set it to a virtual memory address
+    else
+    {
+        (*this)[varId] = AddressValue(AbstractState::getVirtualMemAddress(varId));
+    }
+    return;
+}
+
+// getElementIndex
+IntervalValue AbstractState::getElementIndex(const GepStmt* gep)
+{
+    // If the GEP statement has a constant offset, return it directly as the interval value
+    if (gep->isConstantOffset())
+        return IntervalValue((s64_t)gep->accumulateConstantOffset());
+
+    IntervalValue res(0);
+    // Iterate over the list of offset variable and type pairs in reverse order
+    for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
+    {
+        AccessPath::IdxOperandPair IdxVarAndType = gep->getOffsetVarAndGepTypePairVec()[i];
+        const SVFValue* value = gep->getOffsetVarAndGepTypePairVec()[i].first->getValue();
+        const SVFType* type = IdxVarAndType.second;
+
+        // Variables to store the lower and upper bounds of the index value
+        s64_t idxLb;
+        s64_t idxUb;
+
+        // Determine the lower and upper bounds based on whether the value is a constant
+        if (const SVFConstantInt* constInt = SVFUtil::dyn_cast<SVFConstantInt>(value))
+            idxLb = idxUb = constInt->getSExtValue();
+        else
+        {
+            IntervalValue idxItv = (*this)[PAG::getPAG()->getValueNode(value)].getInterval();
+            if (idxItv.isBottom())
+                idxLb = idxUb = 0;
+            else
+            {
+                idxLb = idxItv.lb().getIntNumeral();
+                idxUb = idxItv.ub().getIntNumeral();
+            }
+        }
+
+        // Adjust the bounds if the type is a pointer
+        if (SVFUtil::isa<SVFPointerType>(type))
+        {
+            u32_t elemNum = gep->getAccessPath().getElementNum(gep->getAccessPath().gepSrcPointeeType());
+            idxLb = (double)Options::MaxFieldLimit() / elemNum < idxLb ? Options::MaxFieldLimit() : idxLb * elemNum;
+            idxUb = (double)Options::MaxFieldLimit() / elemNum < idxUb ? Options::MaxFieldLimit() : idxUb * elemNum;
+        }
+        // Adjust the bounds for array or struct types using the symbol table info
+        else
+        {
+            if (Options::ModelArrays())
+            {
+                const std::vector<u32_t>& so = SymbolTableInfo::SymbolInfo()->getTypeInfo(type)->getFlattenedElemIdxVec();
+                if (so.empty() || idxUb >= (APOffset)so.size() || idxLb < 0)
+                {
+                    idxLb = idxUb = 0;
+                }
+                else
+                {
+                    idxLb = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, idxLb);
+                    idxUb = SymbolTableInfo::SymbolInfo()->getFlattenedElemIdx(type, idxUb);
+                }
+            }
+            else
+                idxLb = idxUb = 0;
+        }
+
+        // Add the calculated interval to the result
+        res = res + IntervalValue(idxLb, idxUb);
+    }
+
+    // Ensure the result is within the bounds of [0, MaxFieldLimit]
+    res.meet_with(IntervalValue((s64_t)0, (s64_t)Options::MaxFieldLimit()));
+    if (res.isBottom())
+    {
+        res = IntervalValue(0);
+    }
+    return res;
+}
+// getByteOffset
+IntervalValue AbstractState::getByteOffset(const GepStmt* gep)
 {
-    oss << "-----------Var and Value-----------\n";
-    printTable(_varToAbsVal, oss);
-    printTable(_addrToAbsVal, oss);
-    oss << "-----------------------------------------\n";
+    // If the GEP statement has a constant byte offset, return it directly as the interval value
+    if (gep->isConstantOffset())
+        return IntervalValue((s64_t)gep->accumulateConstantByteOffset());
+
+    IntervalValue res(0); // Initialize the result interval 'res' to 0.
+
+    // Loop through the offsetVarAndGepTypePairVec in reverse order.
+    for (int i = gep->getOffsetVarAndGepTypePairVec().size() - 1; i >= 0; i--)
+    {
+        const SVFVar* idxOperandVar = gep->getOffsetVarAndGepTypePairVec()[i].first;
+        const SVFType* idxOperandType = gep->getOffsetVarAndGepTypePairVec()[i].second;
+
+        // Calculate the byte offset for array or pointer types
+        if (SVFUtil::isa<SVFArrayType>(idxOperandType) || SVFUtil::isa<SVFPointerType>(idxOperandType))
+        {
+            u32_t elemByteSize = 1;
+            if (const SVFArrayType* arrOperandType = SVFUtil::dyn_cast<SVFArrayType>(idxOperandType))
+                elemByteSize = arrOperandType->getTypeOfElement()->getByteSize();
+            else if (SVFUtil::isa<SVFPointerType>(idxOperandType))
+                elemByteSize = gep->getAccessPath().gepSrcPointeeType()->getByteSize();
+            else
+                assert(false && "idxOperandType must be ArrType or PtrType");
+
+            if (const SVFConstantInt* op = SVFUtil::dyn_cast<SVFConstantInt>(idxOperandVar->getValue()))
+            {
+                // Calculate the lower bound (lb) of the interval value
+                s64_t lb = (double)Options::MaxFieldLimit() / elemByteSize >= op->getSExtValue()
+                           ? op->getSExtValue() * elemByteSize
+                           : Options::MaxFieldLimit();
+                res = res + IntervalValue(lb, lb);
+            }
+            else
+            {
+                u32_t idx = PAG::getPAG()->getValueNode(idxOperandVar->getValue());
+                IntervalValue idxVal = (*this)[idx].getInterval();
+
+                if (idxVal.isBottom())
+                    res = res + IntervalValue(0, 0);
+                else
+                {
+                    // Ensure the bounds are non-negative and within the field limit
+                    s64_t ub = (idxVal.ub().getIntNumeral() < 0) ? 0
+                               : (double)Options::MaxFieldLimit() / elemByteSize >= idxVal.ub().getIntNumeral()
+                               ? elemByteSize * idxVal.ub().getIntNumeral()
+                               : Options::MaxFieldLimit();
+                    s64_t lb = (idxVal.lb().getIntNumeral() < 0) ? 0
+                               : (double)Options::MaxFieldLimit() / elemByteSize >= idxVal.lb().getIntNumeral()
+                               ? elemByteSize * idxVal.lb().getIntNumeral()
+                               : Options::MaxFieldLimit();
+                    res = res + IntervalValue(lb, ub);
+                }
+            }
+        }
+        // Process struct subtypes by calculating the byte offset from the beginning to the field of the struct
+        else if (const SVFStructType* structOperandType = SVFUtil::dyn_cast<SVFStructType>(idxOperandType))
+        {
+            res = res + IntervalValue(gep->getAccessPath().getStructFieldOffset(idxOperandVar, structOperandType));
+        }
+        else
+        {
+            assert(false && "gep type pair only support arr/ptr/struct");
+        }
+    }
+    return res; // Return the resulting byte offset as an IntervalValue.
 }
 
-void AbstractState::printTable(const VarToAbsValMap&table, std::ostream &oss) const
+AbstractValue AbstractState::loadValue(NodeID varId)
 {
-    oss.flags(std::ios::left);
-    std::set<NodeID> ordered;
-    for (const auto &item: table)
+    AbstractValue res;
+    for (auto addr : (*this)[varId].getAddrs())
     {
-        ordered.insert(item.first);
+        res.join_with(load(addr)); // q = *p
     }
-    for (const auto &item: ordered)
+    return res;
+}
+// storeValue
+void AbstractState::storeValue(NodeID varId, AbstractValue val)
+{
+    for (auto addr : (*this)[varId].getAddrs())
     {
-        oss << "Var" << std::to_string(item);
-        oss << "\t Value: " << table.at(item).toString() << "\n";
+        store(addr, val); // *p = q
     }
 }
+
+void AbstractState::printAbstractState() const
+{
+    SVFUtil::outs() << "-----------Var and Value-----------\n";
+    u32_t fieldWidth = 20;
+    SVFUtil::outs().flags(std::ios::left);
+    std::vector<std::pair<u32_t, AbstractValue>> varToAbsValVec(_varToAbsVal.begin(), _varToAbsVal.end());
+    std::sort(varToAbsValVec.begin(), varToAbsValVec.end(), [](const auto &a, const auto &b)
+    {
+        return a.first < b.first;
+    });
+    for (const auto &item: varToAbsValVec)
+    {
+        SVFUtil::outs() << std::left << std::setw(fieldWidth) << ("Var" + std::to_string(item.first));
+        if (item.second.isInterval())
+        {
+            SVFUtil::outs() << " Value: " << item.second.getInterval().toString() << "\n";
+        }
+        else if (item.second.isAddr())
+        {
+            SVFUtil::outs() << " Value: {";
+            u32_t i = 0;
+            for (const auto& addr: item.second.getAddrs())
+            {
+                ++i;
+                if (i < item.second.getAddrs().size())
+                {
+                    SVFUtil::outs() << "0x" << std::hex << addr << ", ";
+                }
+                else
+                {
+                    SVFUtil::outs() << "0x" << std::hex << addr;
+                }
+            }
+            SVFUtil::outs() << "}\n";
+        }
+        else
+        {
+            SVFUtil::outs() << " Value: ⊥\n";
+        }
+    }
+
+    std::vector<std::pair<u32_t, AbstractValue>> addrToAbsValVec(_addrToAbsVal.begin(), _addrToAbsVal.end());
+    std::sort(addrToAbsValVec.begin(), addrToAbsValVec.end(), [](const auto &a, const auto &b)
+    {
+        return a.first < b.first;
+    });
+
+    for (const auto& item: addrToAbsValVec)
+    {
+        std::ostringstream oss;
+        oss << "0x" << std::hex << AbstractState::getVirtualMemAddress(item.first);
+        SVFUtil::outs() << std::left << std::setw(fieldWidth) << oss.str();
+        if (item.second.isInterval())
+        {
+            SVFUtil::outs() << " Value: " << item.second.getInterval().toString() << "\n";
+        }
+        else if (item.second.isAddr())
+        {
+            SVFUtil::outs() << " Value: {";
+            u32_t i = 0;
+            for (const auto& addr: item.second.getAddrs())
+            {
+                ++i;
+                if (i < item.second.getAddrs().size())
+                {
+                    SVFUtil::outs() << "0x" << std::hex << addr << ", ";
+                }
+                else
+                {
+                    SVFUtil::outs() << "0x" << std::hex << addr;
+                }
+            }
+            SVFUtil::outs() << "}\n";
+        }
+        else
+        {
+            SVFUtil::outs() << " Value: ⊥\n";
+        }
+    }
+    SVFUtil::outs() << "-----------------------------------------\n";
+}