svf-tools 1.0.973 → 1.0.975

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.973",
+  "version": "1.0.975",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Core/AbstractState.h

@@ -46,8 +46,9 @@
 #ifndef Z3_EXAMPLE_INTERVAL_DOMAIN_H
 #define Z3_EXAMPLE_INTERVAL_DOMAIN_H
 
-#include "AE/Core/IntervalValue.h"
 #include "AE/Core/AbstractValue.h"
+#include "AE/Core/IntervalValue.h"
+#include "SVFIR/SVFVariables.h"
 #include "Util/Z3Expr.h"
 
 #include <iomanip>
@@ -79,6 +80,21 @@ public:
 
     virtual ~AbstractState() = default;
 
+    // getGepObjAddrs
+    AddressValue getGepObjAddrs(u32_t pointer, IntervalValue offset);
+
+    // initObjVar
+    void initObjVar(ObjVar* objVar);
+    // getElementIndex
+    IntervalValue getElementIndex(const GepStmt* gep);
+    // getByteOffset
+    IntervalValue getByteOffset(const GepStmt* gep);
+    // printAbstractState
+    // loadValue
+    AbstractValue loadValue(NodeID varId);
+    // storeValue
+    void storeValue(NodeID varId, AbstractValue val);
+
 
     /// The physical address starts with 0x7f...... + idx
     static inline u32_t getVirtualMemAddress(u32_t idx)
@@ -258,14 +274,9 @@ public:
     /// domain narrow with other, and return the narrowed domain
     AbstractState narrowing(const AbstractState&other);
 
-    /// domain widen with other, important! other widen this.
-    void widenWith(const AbstractState&other);
-
     /// domain join with other, important! other widen this.
     void joinWith(const AbstractState&other);
 
-    /// domain narrow with other, important! other widen this.
-    void narrowWith(const AbstractState&other);
 
     /// domain meet with other, important! other widen this.
     void meetWith(const AbstractState&other);
@@ -299,8 +310,7 @@ public:
     }
 
 
-    /// Print values of all expressions
-    void printExprValues(std::ostream &oss) const;
+    void printAbstractState() const;
 
     std::string toString() const
     {
@@ -386,9 +396,6 @@ public:
     }
 
 
-protected:
-    void printTable(const VarToAbsValMap&table, std::ostream &oss) const;
-
 };
 
 }

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -29,9 +29,9 @@
 //
 
 #include "AE/Core/ICFGWTO.h"
-#include "AE/Svfexe/SVFIR2AbsState.h"
 #include "Util/SVFBugReport.h"
 #include "WPA/Andersen.h"
+#include "AE/Core/AbstractState.h"
 
 namespace SVF
 {
@@ -137,16 +137,16 @@ protected:
     /// Global ICFGNode is handled at the entry of the program,
     virtual void handleGlobalNode();
 
-    /// mark recursive functions by detecting SCC in callgraph
-    void markRecursiveFuns();
+    /// Mark recursive functions in the call graph
+    void initWTO();
 
     /**
      * Check if execution state exist by merging states of predecessor nodes
      *
-     * @param curNode The ICFGNode to analyse
+     * @param icfgNode The icfg node to analyse
      * @return if this node has preceding execution state
      */
-    bool propagateStateIfFeasible(const ICFGNode* curNode);
+    bool mergeStatesFromPredecessors(const ICFGNode * icfgNode);
 
     /**
      * Check if execution state exist at the branch edge
@@ -161,14 +161,7 @@ protected:
      *
      * @param block basic block that has one instruction or a series of instructions
      */
-    virtual void handleWTONode(const ICFGSingletonWTO *icfgSingletonWto);
-
-    /**
-     * handle one instruction in ICFGNode
-     *
-     * @param node ICFGNode which has a single instruction
-     */
-    virtual void handleICFGNode(const ICFGNode* node);
+    virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto);
 
     /**
      * handle call node in ICFGNode
@@ -182,14 +175,12 @@ protected:
      *
      * @param cycle WTOCycle which has weak topo order of basic blocks and nested cycles
      */
-    virtual void handleCycle(const ICFGCycleWTO* cycle);
+    virtual void handleCycleWTO(const ICFGCycleWTO* cycle);
+
+    void handleWTOComponents(const std::list<const ICFGWTOComp*>& wtoComps);
+
+    void handleWTOComponent(const ICFGWTOComp* wtoComp);
 
-    /**
-     * handle user defined function, ext function is not included.
-     *
-     * @param func SVFFunction which has a series of basic blocks
-     */
-    virtual void handleFunc(const SVFFunction* func);
 
     /**
      * handle SVF Statement like CmpStmt, CallStmt, GepStmt, LoadStmt, StoreStmt, etc.
@@ -332,11 +323,34 @@ protected:
     void AccessMemoryViaCallArgs(const SVF::SVFArgument *arg, SVF::FILOWorkList<const SVFValue *>& worklist, Set<const SVFValue *>& visited);
 
 
+    void updateStateOnAddr(const AddrStmt *addr);
+
+    void updateStateOnBinary(const BinaryOPStmt *binary);
+
+    void updateStateOnCmp(const CmpStmt *cmp);
+
+    void updateStateOnLoad(const LoadStmt *load);
+
+    void updateStateOnStore(const StoreStmt *store);
+
+    void updateStateOnCopy(const CopyStmt *copy);
+
+    void updateStateOnCall(const CallPE *callPE);
+
+    void updateStateOnRet(const RetPE *retPE);
+
+    void updateStateOnGep(const GepStmt *gep);
+
+    void updateStateOnSelect(const SelectStmt *select);
+
+    void updateStateOnPhi(const PhiStmt *phi);
+
+    IntervalValue getRangeLimitFromType(const SVFType* type);
+
+
     /// protected data members, also used in subclasses
     SVFIR* _svfir;
-    PTACallGraph* _callgraph;
     /// Execution State, used to store the Interval Value of every SVF variable
-    SVFIR2AbsState* _svfir2AbsState;
     AEAPI* _api{nullptr};
 
     ICFG* _icfg;
@@ -347,7 +361,6 @@ protected:
     SVFBugReport _recoder;
     std::vector<const CallICFGNode*> _callSiteStack;
     Map<const ICFGNode*, std::string> _nodeToBugInfo;
-    AndersenWaveDiff* _ander;
     Map<const SVFFunction*, ICFGWTO*> _funcToWTO;
     Set<const SVFFunction*> _recursiveFuns;
 
@@ -363,32 +376,32 @@ private:
     virtual void indirectCallFunPass(const CallICFGNode* callNode);
 
 protected:
-    // helper functions in handleCycle
-    bool isFixPointAfterWidening(const ICFGNode* cycle_head,
-                                 AbstractState& pre_as);
-    bool isFixPointAfterNarrowing(const SVF::ICFGNode* cycle_head,
-                                  SVF::AbstractState& pre_as);
 
-    AbstractState& getAbsState(const ICFGNode* node)
+    AbstractState& getAbsStateFromTrace(const ICFGNode* node)
     {
         const ICFGNode* repNode = _icfg->getRepNode(node);
-        if (_postAbsTrace.count(repNode) == 0)
+        if (_abstractTrace.count(repNode) == 0)
         {
             assert(0 && "No preAbsTrace for this node");
         }
         else
         {
-            return _postAbsTrace[repNode];
+            return _abstractTrace[repNode];
         }
     }
 
+    bool hasAbsStateFromTrace(const ICFGNode* node)
+    {
+        const ICFGNode* repNode = _icfg->getRepNode(node);
+        return _abstractTrace.count(repNode) != 0;
+    }
+
 protected:
     // there data should be shared with subclasses
     Map<std::string, std::function<void(const CallSite &)>> _func_map;
     Set<const CallICFGNode*> _checkpoints;
     Set<std::string> _checkpoint_names;
-    Map<const ICFGNode*, AbstractState> _preAbsTrace;
-    Map<const ICFGNode*, AbstractState> _postAbsTrace;
+    Map<const ICFGNode*, AbstractState> _abstractTrace; // abstract states immediately after nodes
     std::string _moduleName;
 };
 }

package/svf/include/AE/Svfexe/BufOverflowChecker.h

@@ -174,12 +174,23 @@ private:
     */
     virtual void handleSVFStatement(const SVFStmt *stmt) override;
 
-    /**
-    * handle ICFGNode regarding buffer overflow checking
-    *
-    * @param node ICFGNode
-    */
-    virtual void handleICFGNode(const SVF::ICFGNode *node) override;
+    // TODO: will delete later
+    virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto) override
+    {
+        AbstractInterpretation::handleSingletonWTO(icfgSingletonWto);
+        const ICFGNode* repNode = _icfg->getRepNode(icfgSingletonWto->getICFGNode());
+        if (_abstractTrace.count(repNode) == 0)
+        {
+            return;
+        }
+        const std::vector<const ICFGNode*>& worklist_vec = _icfg->getSubNodes(icfgSingletonWto->getICFGNode());
+
+        for (auto it = worklist_vec.begin(); it != worklist_vec.end(); ++it)
+        {
+            const ICFGNode* curNode = *it;
+            detectBufOverflow(curNode);
+        }
+    }
 
     /**
     * check buffer overflow at ICFGNode which is a checkpoint

package/svf/include/AE/Svfexe/ICFGSimplification.h

@@ -27,7 +27,6 @@
 // The implementation is based on
 // Xiao Cheng, Jiawei Wang and Yulei Sui. Precise Sparse Abstract Execution via Cross-Domain Interaction.
 // 46th International Conference on Software Engineering. (ICSE24)
-#include "AE/Svfexe/SVFIR2AbsState.h"
 #include "Graphs/ICFG.h"
 
 namespace SVF

package/svf/include/Graphs/WTO.h

@@ -341,7 +341,7 @@ public:
     }
 
     /// Return the graph node
-    const NodeT* node() const
+    const NodeT* getICFGNode() const
     {
         return _node;
     }
@@ -457,7 +457,7 @@ public:
         std::string str;
         std::stringstream rawstr(str);
         rawstr << "(";
-        rawstr << _head->node()->getId() << ", ";
+        rawstr << _head->getICFGNode()->getId() << ", ";
         for (auto it = begin(), et = end(); it != et;)
         {
             rawstr << (*it)->toString();
@@ -698,7 +698,7 @@ protected:
 
         void visit(const WTOCycleT& cycle) override
         {
-            const NodeT* head = cycle.head()->node();
+            const NodeT* head = cycle.head()->getICFGNode();
             WTOCycleDepthPtr previous_cycleDepth = _wtoCycleDepth;
             _nodeToWTOCycleDepth.insert(std::make_pair(head, _wtoCycleDepth));
             _wtoCycleDepth =
@@ -714,7 +714,7 @@ protected:
         void visit(const WTONodeT& node) override
         {
             _nodeToWTOCycleDepth.insert(
-                std::make_pair(node.node(), _wtoCycleDepth));
+                std::make_pair(node.getICFGNode(), _wtoCycleDepth));
         }
 
     }; // end class WTOCycleDepthBuilder