svf-tools 1.0.974 → 1.0.975

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.974",
+  "version": "1.0.975",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -143,10 +143,10 @@ protected:
     /**
      * Check if execution state exist by merging states of predecessor nodes
      *
-     * @param curNode The ICFGNode to analyse
+     * @param icfgNode The icfg node to analyse
      * @return if this node has preceding execution state
      */
-    bool mergeStatesFromPredecessors(const ICFGNode* curNode);
+    bool mergeStatesFromPredecessors(const ICFGNode * icfgNode);
 
     /**
      * Check if execution state exist at the branch edge
@@ -179,6 +179,8 @@ protected:
 
     void handleWTOComponents(const std::list<const ICFGWTOComp*>& wtoComps);
 
+    void handleWTOComponent(const ICFGWTOComp* wtoComp);
+
 
     /**
      * handle SVF Statement like CmpStmt, CallStmt, GepStmt, LoadStmt, StoreStmt, etc.
@@ -378,20 +380,20 @@ protected:
     AbstractState& getAbsStateFromTrace(const ICFGNode* node)
     {
         const ICFGNode* repNode = _icfg->getRepNode(node);
-        if (_postAbsTrace.count(repNode) == 0)
+        if (_abstractTrace.count(repNode) == 0)
         {
             assert(0 && "No preAbsTrace for this node");
         }
         else
         {
-            return _postAbsTrace[repNode];
+            return _abstractTrace[repNode];
         }
     }
 
     bool hasAbsStateFromTrace(const ICFGNode* node)
     {
         const ICFGNode* repNode = _icfg->getRepNode(node);
-        return _postAbsTrace.count(repNode) != 0;
+        return _abstractTrace.count(repNode) != 0;
     }
 
 protected:
@@ -399,8 +401,7 @@ protected:
     Map<std::string, std::function<void(const CallSite &)>> _func_map;
     Set<const CallICFGNode*> _checkpoints;
     Set<std::string> _checkpoint_names;
-    Map<const ICFGNode*, AbstractState> _preAbsTrace;
-    Map<const ICFGNode*, AbstractState> _postAbsTrace;
+    Map<const ICFGNode*, AbstractState> _abstractTrace; // abstract states immediately after nodes
     std::string _moduleName;
 };
 }

package/svf/include/AE/Svfexe/BufOverflowChecker.h

@@ -178,12 +178,12 @@ private:
     virtual void handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto) override
     {
         AbstractInterpretation::handleSingletonWTO(icfgSingletonWto);
-        const ICFGNode* repNode = _icfg->getRepNode(icfgSingletonWto->node());
-        if (_postAbsTrace.count(repNode) == 0)
+        const ICFGNode* repNode = _icfg->getRepNode(icfgSingletonWto->getICFGNode());
+        if (_abstractTrace.count(repNode) == 0)
         {
             return;
         }
-        const std::vector<const ICFGNode*>& worklist_vec = _icfg->getSubNodes(icfgSingletonWto->node());
+        const std::vector<const ICFGNode*>& worklist_vec = _icfg->getSubNodes(icfgSingletonWto->getICFGNode());
 
         for (auto it = worklist_vec.begin(); it != worklist_vec.end(); ++it)
         {

package/svf/include/Graphs/WTO.h

@@ -341,7 +341,7 @@ public:
     }
 
     /// Return the graph node
-    const NodeT* node() const
+    const NodeT* getICFGNode() const
     {
         return _node;
     }
@@ -457,7 +457,7 @@ public:
         std::string str;
         std::stringstream rawstr(str);
         rawstr << "(";
-        rawstr << _head->node()->getId() << ", ";
+        rawstr << _head->getICFGNode()->getId() << ", ";
         for (auto it = begin(), et = end(); it != et;)
         {
             rawstr << (*it)->toString();
@@ -698,7 +698,7 @@ protected:
 
         void visit(const WTOCycleT& cycle) override
         {
-            const NodeT* head = cycle.head()->node();
+            const NodeT* head = cycle.head()->getICFGNode();
             WTOCycleDepthPtr previous_cycleDepth = _wtoCycleDepth;
             _nodeToWTOCycleDepth.insert(std::make_pair(head, _wtoCycleDepth));
             _wtoCycleDepth =
@@ -714,7 +714,7 @@ protected:
         void visit(const WTONodeT& node) override
         {
             _nodeToWTOCycleDepth.insert(
-                std::make_pair(node.node(), _wtoCycleDepth));
+                std::make_pair(node.getICFGNode(), _wtoCycleDepth));
         }
 
     }; // end class WTOCycleDepthBuilder

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -167,10 +167,9 @@ void AbstractInterpretation::analyse()
 /// handle global node
 void AbstractInterpretation::handleGlobalNode()
 {
-    AbstractState as;
     const ICFGNode* node = _icfg->getGlobalICFGNode();
-    _postAbsTrace[node] = _preAbsTrace[node];
-    _postAbsTrace[node][SymbolTableInfo::NullPtr] = AddressValue();
+    _abstractTrace[node] = AbstractState();
+    _abstractTrace[node][SymbolTableInfo::NullPtr] = AddressValue();
     // Global Node, we just need to handle addr, load, store, copy and gep
     for (const SVFStmt *stmt: node->getSVFStmts())
     {
@@ -181,18 +180,18 @@ void AbstractInterpretation::handleGlobalNode()
 /// get execution state by merging states of predecessor blocks
 /// Scenario 1: preblock -----(intraEdge)----> block, join the preES of inEdges
 /// Scenario 2: preblock -----(callEdge)----> block
-bool AbstractInterpretation::mergeStatesFromPredecessors(const ICFGNode *block)
+bool AbstractInterpretation::mergeStatesFromPredecessors(const ICFGNode * icfgNode)
 {
     std::vector<AbstractState> workList;
-    AbstractState as;
-    for (auto& edge: block->getInEdges())
+    AbstractState preAs;
+    for (auto& edge: icfgNode->getInEdges())
     {
-        if (_postAbsTrace.find(edge->getSrcNode()) != _postAbsTrace.end())
+        if (_abstractTrace.find(edge->getSrcNode()) != _abstractTrace.end())
         {
             const IntraCFGEdge *intraCfgEdge = SVFUtil::dyn_cast<IntraCFGEdge>(edge);
             if (intraCfgEdge && intraCfgEdge->getCondition())
             {
-                AbstractState tmpEs = _postAbsTrace[edge->getSrcNode()];
+                AbstractState tmpEs = _abstractTrace[edge->getSrcNode()];
                 if (isBranchFeasible(intraCfgEdge, tmpEs))
                 {
                     workList.push_back(tmpEs);
@@ -204,7 +203,7 @@ bool AbstractInterpretation::mergeStatesFromPredecessors(const ICFGNode *block)
             }
             else
             {
-                workList.push_back(_postAbsTrace[edge->getSrcNode()]);
+                workList.push_back(_abstractTrace[edge->getSrcNode()]);
             }
         }
         else
@@ -212,7 +211,6 @@ bool AbstractInterpretation::mergeStatesFromPredecessors(const ICFGNode *block)
 
         }
     }
-    _preAbsTrace[block].clear();
     if (workList.size() == 0)
     {
         return false;
@@ -221,9 +219,12 @@ bool AbstractInterpretation::mergeStatesFromPredecessors(const ICFGNode *block)
     {
         while (!workList.empty())
         {
-            _preAbsTrace[block].joinWith(workList.back());
+            preAs.joinWith(workList.back());
             workList.pop_back();
         }
+        // Has ES on the in edges - Feasible block
+        // update post as
+        _abstractTrace[icfgNode] = preAs;
         return true;
     }
 }
@@ -526,20 +527,8 @@ bool AbstractInterpretation::isBranchFeasible(const IntraCFGEdge* intraEdge,
 /// handle instructions in svf basic blocks
 void AbstractInterpretation::handleSingletonWTO(const ICFGSingletonWTO *icfgSingletonWto)
 {
-    const ICFGNode* node = icfgSingletonWto->node();
+    const ICFGNode* node = icfgSingletonWto->getICFGNode();
     _stat->getBlockTrace()++;
-    // Get execution states from in edges
-    if (!mergeStatesFromPredecessors(node))
-    {
-        // No ES on the in edges - Infeasible block
-        return;
-    }
-    else
-    {
-        // Has ES on the in edges - Feasible block
-        // Get execution state from in edges
-        _postAbsTrace[node] = _preAbsTrace[node];
-    }
 
     std::deque<const ICFGNode*> worklist;
 
@@ -573,20 +562,27 @@ void AbstractInterpretation::handleWTOComponents(const std::list<const ICFGWTOCo
 {
     for (const ICFGWTOComp* wtoNode : wtoComps)
     {
-        if (const ICFGSingletonWTO* node = SVFUtil::dyn_cast<ICFGSingletonWTO>(wtoNode))
-        {
+        handleWTOComponent(wtoNode);
+    }
+}
+
+void AbstractInterpretation::handleWTOComponent(const SVF::ICFGWTOComp* wtoNode)
+{
+    if (const ICFGSingletonWTO* node = SVFUtil::dyn_cast<ICFGSingletonWTO>(wtoNode))
+    {
+        if (mergeStatesFromPredecessors(node->getICFGNode()))
             handleSingletonWTO(node);
-        }
-        // Handle WTO cycles
-        else if (const ICFGCycleWTO* cycle = SVFUtil::dyn_cast<ICFGCycleWTO>(wtoNode))
-        {
+    }
+    // Handle WTO cycles
+    else if (const ICFGCycleWTO* cycle = SVFUtil::dyn_cast<ICFGCycleWTO>(wtoNode))
+    {
+        if (mergeStatesFromPredecessors(cycle->head()->getICFGNode()))
             handleCycleWTO(cycle);
-        }
-        // Assert false for unknown WTO types
-        else
-        {
-            assert(false && "unknown WTO type!");
-        }
+    }
+    // Assert false for unknown WTO types
+    else
+    {
+        assert(false && "unknown WTO type!");
     }
 }
 
@@ -656,7 +652,7 @@ void AbstractInterpretation::recursiveCallPass(const SVF::CallICFGNode *callNode
             }
         }
     }
-    _postAbsTrace[retNode] = as;
+    _abstractTrace[retNode] = as;
 }
 
 bool AbstractInterpretation::isDirectCall(const SVF::CallICFGNode *callNode)
@@ -670,7 +666,7 @@ void AbstractInterpretation::directCallFunPass(const SVF::CallICFGNode *callNode
     const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
     _callSiteStack.push_back(callNode);
 
-    _postAbsTrace[callNode] = as;
+    _abstractTrace[callNode] = as;
 
     ICFGWTO* wto = _funcToWTO[callfun];
     handleWTOComponents(wto->getWTOComponents());
@@ -679,7 +675,7 @@ void AbstractInterpretation::directCallFunPass(const SVF::CallICFGNode *callNode
     // handle Ret node
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     // resume ES to callnode
-    _postAbsTrace[retNode] = _postAbsTrace[callNode];
+    _abstractTrace[retNode] = _abstractTrace[callNode];
 }
 
 bool AbstractInterpretation::isIndirectCall(const SVF::CallICFGNode *callNode)
@@ -704,14 +700,14 @@ void AbstractInterpretation::indirectCallFunPass(const SVF::CallICFGNode *callNo
     if (callfun)
     {
         _callSiteStack.push_back(callNode);
-        _postAbsTrace[callNode] = as;
+        _abstractTrace[callNode] = as;
 
         ICFGWTO* wto = _funcToWTO[callfun];
         handleWTOComponents(wto->getWTOComponents());
         _callSiteStack.pop_back();
         // handle Ret node
         const RetICFGNode *retNode = callNode->getRetICFGNode();
-        _postAbsTrace[retNode] = _postAbsTrace[callNode];
+        _abstractTrace[retNode] = _abstractTrace[callNode];
     }
 }
 
@@ -720,54 +716,47 @@ void AbstractInterpretation::indirectCallFunPass(const SVF::CallICFGNode *callNo
 /// handle wto cycle (loop)
 void AbstractInterpretation::handleCycleWTO(const ICFGCycleWTO*cycle)
 {
-    // Get execution states from predecessor nodes
-    bool is_feasible = mergeStatesFromPredecessors(cycle->head()->node());
-    if (!is_feasible)
-        return;
-    else
-    {
-        const ICFGNode* cycle_head = cycle->head()->node();
-        // Flag to indicate if we are in the increasing phase
-        bool increasing = true;
-        // Infinite loop until a fixpoint is reached,
-        for (u32_t cur_iter = 0;; cur_iter++)
-        {
-            // Start widening or narrowing if cur_iter >= widen threshold (widen delay)
-            if (cur_iter >= Options::WidenDelay())
+    const ICFGNode* cycle_head = cycle->head()->getICFGNode();
+    // Flag to indicate if we are in the increasing phase
+    bool increasing = true;
+    // Infinite loop until a fixpoint is reached,
+    for (u32_t cur_iter = 0;; cur_iter++)
+    {
+        // Start widening or narrowing if cur_iter >= widen threshold (widen delay)
+        if (cur_iter >= Options::WidenDelay())
+        {
+            // Widen or narrow after processing cycle head node
+            AbstractState prev_head_state = _abstractTrace[cycle_head];
+            handleWTOComponent(cycle->head());
+            AbstractState cur_head_state = _abstractTrace[cycle_head];
+            if (increasing)
             {
-                // Widen or narrow after processing cycle head node
-                AbstractState prev_head_state = _postAbsTrace[cycle_head];
-                handleSingletonWTO(cycle->head());
-                AbstractState cur_head_state = _postAbsTrace[cycle_head];
-                if (increasing)
-                {
-                    // Widening phase
-                    _postAbsTrace[cycle_head] = prev_head_state.widening(cur_head_state);
-                    if (_postAbsTrace[cycle_head] == prev_head_state)
-                    {
-                        increasing = false;
-                        continue;
-                    }
-                }
-                else
+                // Widening phase
+                _abstractTrace[cycle_head] = prev_head_state.widening(cur_head_state);
+                if (_abstractTrace[cycle_head] == prev_head_state)
                 {
-                    // Widening's fixpoint reached in the widening phase, switch to narrowing
-                    _postAbsTrace[cycle_head] = prev_head_state.narrowing(cur_head_state);
-                    if (_postAbsTrace[cycle_head] == prev_head_state)
-                    {
-                        // Narrowing's fixpoint reached in the narrowing phase, exit loop
-                        break;
-                    }
+                    increasing = false;
+                    continue;
                 }
             }
             else
             {
-                // Handle the cycle head
-                handleSingletonWTO(cycle->head());
+                // Widening's fixpoint reached in the widening phase, switch to narrowing
+                _abstractTrace[cycle_head] = prev_head_state.narrowing(cur_head_state);
+                if (_abstractTrace[cycle_head] == prev_head_state)
+                {
+                    // Narrowing's fixpoint reached in the narrowing phase, exit loop
+                    break;
+                }
             }
-            // Handle the cycle body
-            handleWTOComponents(cycle->getWTOComponents());
         }
+        else
+        {
+            // Handle the cycle head
+            handleSingletonWTO(cycle->head());
+        }
+        // Handle the cycle body
+        handleWTOComponents(cycle->getWTOComponents());
     }
 }