svf-tools 1.0.980 → 1.0.982
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/svf/include/AE/Svfexe/AEDetector.h +1 -13
- package/svf/include/Graphs/ICFG.h +9 -0
- package/svf/include/Graphs/ICFGNode.h +33 -0
- package/svf/include/Graphs/VFGNode.h +0 -6
- package/svf/include/MSSA/MemRegion.h +2 -2
- package/svf/include/MTA/LockAnalysis.h +1 -1
- package/svf/include/MTA/MHP.h +1 -2
- package/svf/include/MTA/TCT.h +1 -10
- package/svf/include/SABER/SaberCondAllocator.h +5 -5
- package/svf/include/SVFIR/SVFIR.h +1 -1
- package/svf/include/SVFIR/SVFStatements.h +1 -1
- package/svf/include/SVFIR/SVFValue.h +21 -16
- package/svf/include/Util/SVFBugReport.h +2 -2
- package/svf/include/Util/SVFUtil.h +25 -18
- package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp +1 -2
- package/svf/lib/Graphs/ICFG.cpp +41 -10
- package/svf/lib/Graphs/IRGraph.cpp +2 -4
- package/svf/lib/Graphs/SVFG.cpp +7 -3
- package/svf/lib/Graphs/SVFGReadWrite.cpp +2 -2
- package/svf/lib/MSSA/MemRegion.cpp +13 -13
- package/svf/lib/MSSA/MemSSA.cpp +10 -18
- package/svf/lib/MTA/LockAnalysis.cpp +16 -17
- package/svf/lib/MTA/MHP.cpp +28 -30
- package/svf/lib/MTA/MTA.cpp +2 -3
- package/svf/lib/MTA/MTAStat.cpp +2 -4
- package/svf/lib/MTA/TCT.cpp +4 -4
- package/svf/lib/MemoryModel/PointerAnalysis.cpp +6 -9
- package/svf/lib/SABER/DoubleFreeChecker.cpp +1 -1
- package/svf/lib/SABER/FileChecker.cpp +2 -5
- package/svf/lib/SABER/LeakChecker.cpp +2 -2
- package/svf/lib/SABER/ProgSlice.cpp +2 -2
- package/svf/lib/SABER/SaberCondAllocator.cpp +7 -8
- package/svf/lib/SVFIR/SVFFileSystem.cpp +0 -2
- package/svf/lib/SVFIR/SVFIR.cpp +1 -1
- package/svf/lib/SVFIR/SVFStatements.cpp +1 -1
- package/svf/lib/SVFIR/SVFValue.cpp +1 -10
- package/svf/lib/Util/CDGBuilder.cpp +6 -9
- package/svf/lib/Util/CallGraphBuilder.cpp +7 -7
- package/svf/lib/Util/SVFBugReport.cpp +1 -1
- package/svf/lib/Util/SVFUtil.cpp +56 -0
- package/svf/lib/Util/ThreadAPI.cpp +1 -2
- package/svf-llvm/include/SVF-LLVM/ICFGBuilder.h +16 -6
- package/svf-llvm/include/SVF-LLVM/LLVMUtil.h +11 -0
- package/svf-llvm/include/SVF-LLVM/SVFIRBuilder.h +2 -2
- package/svf-llvm/lib/ICFGBuilder.cpp +103 -53
- package/svf-llvm/lib/LLVMLoopAnalysis.cpp +18 -4
- package/svf-llvm/lib/LLVMModule.cpp +16 -3
- package/svf-llvm/lib/ObjTypeInference.cpp +6 -2
- package/svf-llvm/lib/SVFIRBuilder.cpp +7 -3
|
@@ -147,24 +147,26 @@ void MRGenerator::generateMRs()
|
|
|
147
147
|
updateAliasMRs();
|
|
148
148
|
}
|
|
149
149
|
|
|
150
|
-
bool MRGenerator::hasSVFStmtList(const
|
|
150
|
+
bool MRGenerator::hasSVFStmtList(const ICFGNode* node)
|
|
151
151
|
{
|
|
152
152
|
SVFIR* pag = pta->getPAG();
|
|
153
153
|
if (ptrOnlyMSSA)
|
|
154
|
-
return pag->hasPTASVFStmtList(
|
|
154
|
+
return pag->hasPTASVFStmtList(node);
|
|
155
155
|
else
|
|
156
|
-
return pag->hasSVFStmtList(
|
|
156
|
+
return pag->hasSVFStmtList(node);
|
|
157
157
|
}
|
|
158
158
|
|
|
159
|
-
|
|
159
|
+
|
|
160
|
+
SVFIR::SVFStmtList& MRGenerator::getPAGEdgesFromInst(const ICFGNode* node)
|
|
160
161
|
{
|
|
161
162
|
SVFIR* pag = pta->getPAG();
|
|
162
163
|
if (ptrOnlyMSSA)
|
|
163
|
-
return pag->getPTASVFStmtList(
|
|
164
|
+
return pag->getPTASVFStmtList(node);
|
|
164
165
|
else
|
|
165
|
-
return pag->getSVFStmtList(
|
|
166
|
+
return pag->getSVFStmtList(node);
|
|
166
167
|
}
|
|
167
168
|
|
|
169
|
+
|
|
168
170
|
/*!
|
|
169
171
|
* Generate memory regions for loads/stores
|
|
170
172
|
*/
|
|
@@ -185,11 +187,9 @@ void MRGenerator::collectModRefForLoadStore()
|
|
|
185
187
|
iter != eiter; ++iter)
|
|
186
188
|
{
|
|
187
189
|
const SVFBasicBlock* bb = *iter;
|
|
188
|
-
for (
|
|
189
|
-
bit != ebit; ++bit)
|
|
190
|
+
for (const auto& inst: bb->getICFGNodeList())
|
|
190
191
|
{
|
|
191
|
-
|
|
192
|
-
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(svfInst);
|
|
192
|
+
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(inst);
|
|
193
193
|
for (SVFStmtList::iterator bit = pagEdgeList.begin(), ebit =
|
|
194
194
|
pagEdgeList.end(); bit != ebit; ++bit)
|
|
195
195
|
{
|
|
@@ -603,7 +603,7 @@ bool MRGenerator::handleCallsiteModRef(NodeBS& mod, NodeBS& ref, const CallICFGN
|
|
|
603
603
|
/// if a callee is a heap allocator function, then its mod set of this callsite is the heap object.
|
|
604
604
|
if(isHeapAllocExtCall(cs->getCallSite()))
|
|
605
605
|
{
|
|
606
|
-
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(cs
|
|
606
|
+
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(cs);
|
|
607
607
|
for (SVFStmtList::const_iterator bit = pagEdgeList.begin(),
|
|
608
608
|
ebit = pagEdgeList.end(); bit != ebit; ++bit)
|
|
609
609
|
{
|
|
@@ -669,7 +669,7 @@ NodeBS MRGenerator::getModInfoForCall(const CallICFGNode* cs)
|
|
|
669
669
|
{
|
|
670
670
|
if (isExtCall(cs->getCallSite()) && !isHeapAllocExtCall(cs->getCallSite()))
|
|
671
671
|
{
|
|
672
|
-
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(cs
|
|
672
|
+
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(cs);
|
|
673
673
|
NodeBS mods;
|
|
674
674
|
for (SVFStmtList::const_iterator bit = pagEdgeList.begin(), ebit =
|
|
675
675
|
pagEdgeList.end(); bit != ebit; ++bit)
|
|
@@ -693,7 +693,7 @@ NodeBS MRGenerator::getRefInfoForCall(const CallICFGNode* cs)
|
|
|
693
693
|
{
|
|
694
694
|
if (isExtCall(cs->getCallSite()) && !isHeapAllocExtCall(cs->getCallSite()))
|
|
695
695
|
{
|
|
696
|
-
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(cs
|
|
696
|
+
SVFStmtList& pagEdgeList = getPAGEdgesFromInst(cs);
|
|
697
697
|
NodeBS refs;
|
|
698
698
|
for (SVFStmtList::const_iterator bit = pagEdgeList.begin(), ebit =
|
|
699
699
|
pagEdgeList.end(); bit != ebit; ++bit)
|
package/svf/lib/MSSA/MemSSA.cpp
CHANGED
|
@@ -114,7 +114,6 @@ void MemSSA::buildMemSSA(const SVFFunction& fun)
|
|
|
114
114
|
void MemSSA::createMUCHI(const SVFFunction& fun)
|
|
115
115
|
{
|
|
116
116
|
|
|
117
|
-
SVFIR* pag = pta->getPAG();
|
|
118
117
|
|
|
119
118
|
DBOUT(DMSSA,
|
|
120
119
|
outs() << "\t creating mu chi for function " << fun.getName()
|
|
@@ -142,9 +141,8 @@ void MemSSA::createMUCHI(const SVFFunction& fun)
|
|
|
142
141
|
{
|
|
143
142
|
const SVFBasicBlock* bb = *iter;
|
|
144
143
|
varKills.clear();
|
|
145
|
-
for (
|
|
144
|
+
for (const auto& inst: bb->getICFGNodeList())
|
|
146
145
|
{
|
|
147
|
-
const SVFInstruction* inst = *it;
|
|
148
146
|
if(mrGen->hasSVFStmtList(inst))
|
|
149
147
|
{
|
|
150
148
|
SVFStmtList& pagEdgeList = mrGen->getPAGEdgesFromInst(inst);
|
|
@@ -160,7 +158,7 @@ void MemSSA::createMUCHI(const SVFFunction& fun)
|
|
|
160
158
|
}
|
|
161
159
|
if (isNonInstricCallSite(inst))
|
|
162
160
|
{
|
|
163
|
-
const CallICFGNode* cs =
|
|
161
|
+
const CallICFGNode* cs = cast<CallICFGNode>(inst);
|
|
164
162
|
if(mrGen->hasRefMRSet(cs))
|
|
165
163
|
AddCallSiteMU(cs,mrGen->getCallSiteRefMRSet(cs));
|
|
166
164
|
|
|
@@ -263,7 +261,6 @@ void MemSSA::SSARename(const SVFFunction& fun)
|
|
|
263
261
|
void MemSSA::SSARenameBB(const SVFBasicBlock& bb)
|
|
264
262
|
{
|
|
265
263
|
|
|
266
|
-
SVFIR* pag = pta->getPAG();
|
|
267
264
|
// record which mem region needs to pop stack
|
|
268
265
|
MRVector memRegs;
|
|
269
266
|
|
|
@@ -281,13 +278,11 @@ void MemSSA::SSARenameBB(const SVFBasicBlock& bb)
|
|
|
281
278
|
// rewrite r' with top mrver of stack(r)
|
|
282
279
|
// rewrite r with new name
|
|
283
280
|
|
|
284
|
-
for (
|
|
285
|
-
it != eit; ++it)
|
|
281
|
+
for (const auto& pNode: bb.getICFGNodeList())
|
|
286
282
|
{
|
|
287
|
-
|
|
288
|
-
if(mrGen->hasSVFStmtList(inst))
|
|
283
|
+
if(mrGen->hasSVFStmtList(pNode))
|
|
289
284
|
{
|
|
290
|
-
SVFStmtList& pagEdgeList = mrGen->getPAGEdgesFromInst(
|
|
285
|
+
SVFStmtList& pagEdgeList = mrGen->getPAGEdgesFromInst(pNode);
|
|
291
286
|
for(SVFStmtList::const_iterator bit = pagEdgeList.begin(), ebit= pagEdgeList.end();
|
|
292
287
|
bit!=ebit; ++bit)
|
|
293
288
|
{
|
|
@@ -300,16 +295,16 @@ void MemSSA::SSARenameBB(const SVFBasicBlock& bb)
|
|
|
300
295
|
|
|
301
296
|
}
|
|
302
297
|
}
|
|
303
|
-
if (isNonInstricCallSite(
|
|
298
|
+
if (isNonInstricCallSite(pNode))
|
|
304
299
|
{
|
|
305
|
-
const CallICFGNode* cs =
|
|
300
|
+
const CallICFGNode* cs = cast<CallICFGNode>(pNode);
|
|
306
301
|
if(mrGen->hasRefMRSet(cs))
|
|
307
302
|
RenameMuSet(getMUSet(cs));
|
|
308
303
|
|
|
309
304
|
if(mrGen->hasModMRSet(cs))
|
|
310
305
|
RenameChiSet(getCHISet(cs),memRegs);
|
|
311
306
|
}
|
|
312
|
-
else if(
|
|
307
|
+
else if(isRetInstNode(pNode))
|
|
313
308
|
{
|
|
314
309
|
const SVFFunction* fun = bb.getParent();
|
|
315
310
|
RenameMuSet(getReturnMuSet(fun));
|
|
@@ -579,7 +574,6 @@ u32_t MemSSA::getBBPhiNum() const
|
|
|
579
574
|
*/
|
|
580
575
|
void MemSSA::dumpMSSA(OutStream& Out)
|
|
581
576
|
{
|
|
582
|
-
SVFIR* pag = pta->getPAG();
|
|
583
577
|
|
|
584
578
|
for (SVFModule::iterator fit = pta->getModule()->begin(), efit = pta->getModule()->end();
|
|
585
579
|
fit != efit; ++fit)
|
|
@@ -611,14 +605,12 @@ void MemSSA::dumpMSSA(OutStream& Out)
|
|
|
611
605
|
}
|
|
612
606
|
|
|
613
607
|
bool last_is_chi = false;
|
|
614
|
-
for (
|
|
615
|
-
it != eit; ++it)
|
|
608
|
+
for (const auto& inst: bb->getICFGNodeList())
|
|
616
609
|
{
|
|
617
|
-
const SVFInstruction* inst = *it;
|
|
618
610
|
bool isAppCall = isNonInstricCallSite(inst) && !isExtCall(inst);
|
|
619
611
|
if (isAppCall || isHeapAllocExtCall(inst))
|
|
620
612
|
{
|
|
621
|
-
const CallICFGNode* cs =
|
|
613
|
+
const CallICFGNode* cs = cast<CallICFGNode>(inst);
|
|
622
614
|
if(hasMU(cs))
|
|
623
615
|
{
|
|
624
616
|
if (!last_is_chi)
|
|
@@ -74,9 +74,8 @@ void LockAnalysis::collectLockUnlocksites()
|
|
|
74
74
|
{
|
|
75
75
|
for (const SVFBasicBlock* bb : F->getBasicBlockList())
|
|
76
76
|
{
|
|
77
|
-
for (const
|
|
77
|
+
for (const ICFGNode* icfgNode : bb->getICFGNodeList())
|
|
78
78
|
{
|
|
79
|
-
const ICFGNode* icfgNode = tct->getICFGNode(inst);
|
|
80
79
|
if (tcg->getThreadAPI()->isTDRelease(icfgNode))
|
|
81
80
|
{
|
|
82
81
|
unlocksites.insert(icfgNode);
|
|
@@ -180,8 +179,8 @@ bool LockAnalysis::intraForwardTraverse(const ICFGNode* lockSite, InstSet& unloc
|
|
|
180
179
|
{
|
|
181
180
|
const ICFGNode *I = worklist.back();
|
|
182
181
|
worklist.pop_back();
|
|
183
|
-
const
|
|
184
|
-
if(
|
|
182
|
+
const ICFGNode* exitInst = svfFun->getExitBB()->back();
|
|
183
|
+
if(exitInst == I)
|
|
185
184
|
return false;
|
|
186
185
|
|
|
187
186
|
// Skip the visited Instructions.
|
|
@@ -220,7 +219,7 @@ bool LockAnalysis::intraBackwardTraverse(const InstSet& unlockSet, InstSet& back
|
|
|
220
219
|
for(InstSet::const_iterator it = unlockSet.begin(), eit = unlockSet.end(); it!=eit; ++it)
|
|
221
220
|
{
|
|
222
221
|
const ICFGNode* unlockSite = *it;
|
|
223
|
-
const
|
|
222
|
+
const ICFGNode* entryInst = unlockSite->getFun()->getEntryBlock()->back();
|
|
224
223
|
worklist.push_back(*it);
|
|
225
224
|
|
|
226
225
|
while (!worklist.empty())
|
|
@@ -228,7 +227,7 @@ bool LockAnalysis::intraBackwardTraverse(const InstSet& unlockSet, InstSet& back
|
|
|
228
227
|
const ICFGNode *I = worklist.back();
|
|
229
228
|
worklist.pop_back();
|
|
230
229
|
|
|
231
|
-
if(
|
|
230
|
+
if(entryInst == I)
|
|
232
231
|
return false;
|
|
233
232
|
|
|
234
233
|
// Skip the visited Instructions.
|
|
@@ -287,7 +286,7 @@ void LockAnalysis::collectCxtLock()
|
|
|
287
286
|
DBOUT(DMTA,
|
|
288
287
|
outs() << "\nCollecting CxtLocks: handling direct call:" << **cit << "\t" << cgEdge->getSrcNode()->getFunction()->getName()
|
|
289
288
|
<< "-->" << cgEdge->getDstNode()->getFunction()->getName() << "\n");
|
|
290
|
-
handleCallRelation(clp, cgEdge,
|
|
289
|
+
handleCallRelation(clp, cgEdge, *cit);
|
|
291
290
|
}
|
|
292
291
|
for (CallGraphEdge::CallInstSet::const_iterator ind = cgEdge->indirectCallsBegin(), eind = cgEdge->indirectCallsEnd();
|
|
293
292
|
ind != eind; ++ind)
|
|
@@ -296,7 +295,7 @@ void LockAnalysis::collectCxtLock()
|
|
|
296
295
|
outs() << "\nCollecting CxtLocks: handling indirect call:" << **ind << "\t"
|
|
297
296
|
<< cgEdge->getSrcNode()->getFunction()->getName() << "-->" << cgEdge->getDstNode()->getFunction()->getName()
|
|
298
297
|
<< "\n");
|
|
299
|
-
handleCallRelation(clp, cgEdge,
|
|
298
|
+
handleCallRelation(clp, cgEdge, *ind);
|
|
300
299
|
}
|
|
301
300
|
}
|
|
302
301
|
}
|
|
@@ -306,11 +305,11 @@ void LockAnalysis::collectCxtLock()
|
|
|
306
305
|
/*!
|
|
307
306
|
* Handling call relations when collecting context-sensitive locks
|
|
308
307
|
*/
|
|
309
|
-
void LockAnalysis::handleCallRelation(CxtLockProc& clp, const CallGraphEdge* cgEdge,
|
|
308
|
+
void LockAnalysis::handleCallRelation(CxtLockProc& clp, const CallGraphEdge* cgEdge, const CallICFGNode* cs)
|
|
310
309
|
{
|
|
311
310
|
|
|
312
311
|
CallStrCxt cxt(clp.getContext());
|
|
313
|
-
const ICFGNode* curNode =
|
|
312
|
+
const ICFGNode* curNode = cs;
|
|
314
313
|
if (isTDAcquire(curNode))
|
|
315
314
|
{
|
|
316
315
|
addCxtLock(cxt,curNode);
|
|
@@ -337,8 +336,8 @@ void LockAnalysis::analyzeLockSpanCxtStmt()
|
|
|
337
336
|
if (!isLockCandidateFun(*it))
|
|
338
337
|
continue;
|
|
339
338
|
CallStrCxt cxt;
|
|
340
|
-
const
|
|
341
|
-
CxtStmt cxtstmt(cxt,
|
|
339
|
+
const ICFGNode* frontInst = (*it)->getEntryBlock()->front();
|
|
340
|
+
CxtStmt cxtstmt(cxt, frontInst);
|
|
342
341
|
pushToCTSWorkList(cxtstmt);
|
|
343
342
|
}
|
|
344
343
|
|
|
@@ -375,7 +374,7 @@ void LockAnalysis::analyzeLockSpanCxtStmt()
|
|
|
375
374
|
{
|
|
376
375
|
handleCall(cts);
|
|
377
376
|
}
|
|
378
|
-
else if (
|
|
377
|
+
else if (isRetInstNode(curInst))
|
|
379
378
|
{
|
|
380
379
|
handleRet(cts);
|
|
381
380
|
}
|
|
@@ -417,8 +416,8 @@ void LockAnalysis::handleFork(const CxtStmt& cts)
|
|
|
417
416
|
const SVFFunction* svfcallee = (*cgIt)->getDstNode()->getFunction();
|
|
418
417
|
CallStrCxt newCxt = curCxt;
|
|
419
418
|
pushCxt(newCxt,call,svfcallee);
|
|
420
|
-
const
|
|
421
|
-
CxtStmt newCts(newCxt,
|
|
419
|
+
const ICFGNode* svfInst = svfcallee->getEntryBlock()->front();
|
|
420
|
+
CxtStmt newCts(newCxt, svfInst);
|
|
422
421
|
markCxtStmtFlag(newCts, cts);
|
|
423
422
|
}
|
|
424
423
|
}
|
|
@@ -441,8 +440,8 @@ void LockAnalysis::handleCall(const CxtStmt& cts)
|
|
|
441
440
|
continue;
|
|
442
441
|
CallStrCxt newCxt = curCxt;
|
|
443
442
|
pushCxt(newCxt, call, svfcallee);
|
|
444
|
-
const
|
|
445
|
-
CxtStmt newCts(newCxt,
|
|
443
|
+
const ICFGNode* svfInst = svfcallee->getEntryBlock()->front();
|
|
444
|
+
CxtStmt newCts(newCxt, svfInst);
|
|
446
445
|
markCxtStmtFlag(newCts, cts);
|
|
447
446
|
}
|
|
448
447
|
}
|
package/svf/lib/MTA/MHP.cpp
CHANGED
|
@@ -79,8 +79,8 @@ void MHP::analyzeInterleaving()
|
|
|
79
79
|
const CxtThread& ct = tpair.second->getCxtThread();
|
|
80
80
|
NodeID rootTid = tpair.first;
|
|
81
81
|
const SVFFunction* routine = tct->getStartRoutineOfCxtThread(ct);
|
|
82
|
-
const
|
|
83
|
-
CxtThreadStmt rootcts(rootTid, ct.getContext(),
|
|
82
|
+
const ICFGNode* svfInst = routine->getEntryBlock()->front();
|
|
83
|
+
CxtThreadStmt rootcts(rootTid, ct.getContext(), svfInst);
|
|
84
84
|
|
|
85
85
|
addInterleavingThread(rootcts, rootTid);
|
|
86
86
|
updateAncestorThreads(rootTid);
|
|
@@ -119,7 +119,7 @@ void MHP::analyzeInterleaving()
|
|
|
119
119
|
if (!tct->isCandidateFun(getCallee(SVFUtil::cast<CallICFGNode>(curInst), callees)))
|
|
120
120
|
handleIntra(cts);
|
|
121
121
|
}
|
|
122
|
-
else if (
|
|
122
|
+
else if (isRetInstNode(curInst))
|
|
123
123
|
{
|
|
124
124
|
handleRet(cts);
|
|
125
125
|
}
|
|
@@ -148,8 +148,7 @@ void MHP::updateNonCandidateFunInterleaving()
|
|
|
148
148
|
{
|
|
149
149
|
if (!tct->isCandidateFun(fun) && !isExtCall(fun))
|
|
150
150
|
{
|
|
151
|
-
const
|
|
152
|
-
const ICFGNode* entryNode = tct->getICFGNode(entryinst);
|
|
151
|
+
const ICFGNode* entryNode = fun->getEntryBlock()->front();
|
|
153
152
|
|
|
154
153
|
if (!hasThreadStmtSet(entryNode))
|
|
155
154
|
continue;
|
|
@@ -162,11 +161,10 @@ void MHP::updateNonCandidateFunInterleaving()
|
|
|
162
161
|
|
|
163
162
|
for (const SVFBasicBlock* svfbb : fun->getBasicBlockList())
|
|
164
163
|
{
|
|
165
|
-
for (const
|
|
164
|
+
for (const ICFGNode* curNode : svfbb->getICFGNodeList())
|
|
166
165
|
{
|
|
167
|
-
if (
|
|
166
|
+
if (curNode == entryNode)
|
|
168
167
|
continue;
|
|
169
|
-
const ICFGNode* curNode = tct->getICFGNode(svfInst);
|
|
170
168
|
CxtThreadStmt newCts(cts.getTid(), curCxt, curNode);
|
|
171
169
|
threadStmtToTheadInterLeav[newCts] |= threadStmtToTheadInterLeav[cts];
|
|
172
170
|
instToTSMap[curNode].insert(newCts);
|
|
@@ -184,7 +182,7 @@ void MHP::handleNonCandidateFun(const CxtThreadStmt& cts)
|
|
|
184
182
|
{
|
|
185
183
|
const ICFGNode* curInst = cts.getStmt();
|
|
186
184
|
const SVFFunction* curfun = curInst->getFun();
|
|
187
|
-
assert((curInst ==
|
|
185
|
+
assert((curInst == curfun->getEntryBlock()->front()) && "curInst is not the entry of non candidate function.");
|
|
188
186
|
const CallStrCxt& curCxt = cts.getContext();
|
|
189
187
|
CallGraphNode* node = tcg->getCallGraphNode(curfun);
|
|
190
188
|
for (CallGraphNode::const_iterator nit = node->OutEdgeBegin(), neit = node->OutEdgeEnd(); nit != neit; nit++)
|
|
@@ -192,8 +190,8 @@ void MHP::handleNonCandidateFun(const CxtThreadStmt& cts)
|
|
|
192
190
|
const SVFFunction* callee = (*nit)->getDstNode()->getFunction();
|
|
193
191
|
if (!isExtCall(callee))
|
|
194
192
|
{
|
|
195
|
-
const
|
|
196
|
-
CxtThreadStmt newCts(cts.getTid(), curCxt,
|
|
193
|
+
const ICFGNode* calleeInst = callee->getEntryBlock()->front();
|
|
194
|
+
CxtThreadStmt newCts(cts.getTid(), curCxt, calleeInst);
|
|
197
195
|
addInterleavingThread(newCts, cts);
|
|
198
196
|
}
|
|
199
197
|
}
|
|
@@ -220,9 +218,9 @@ void MHP::handleFork(const CxtThreadStmt& cts, NodeID rootTid)
|
|
|
220
218
|
const SVFFunction* svfroutine = (*cgIt)->getDstNode()->getFunction();
|
|
221
219
|
CallStrCxt newCxt = curCxt;
|
|
222
220
|
pushCxt(newCxt, cbn, svfroutine);
|
|
223
|
-
const
|
|
221
|
+
const ICFGNode* stmt = svfroutine->getEntryBlock()->front();
|
|
224
222
|
CxtThread ct(newCxt, call);
|
|
225
|
-
CxtThreadStmt newcts(tct->getTCTNode(ct)->getId(), ct.getContext(),
|
|
223
|
+
CxtThreadStmt newcts(tct->getTCTNode(ct)->getId(), ct.getContext(), stmt);
|
|
226
224
|
addInterleavingThread(newcts, cts);
|
|
227
225
|
}
|
|
228
226
|
}
|
|
@@ -251,8 +249,8 @@ void MHP::handleJoin(const CxtThreadStmt& cts, NodeID rootTid)
|
|
|
251
249
|
{
|
|
252
250
|
const SVFBasicBlock* eb = exitbbs.back();
|
|
253
251
|
exitbbs.pop_back();
|
|
254
|
-
const
|
|
255
|
-
CxtThreadStmt newCts(cts.getTid(), curCxt,
|
|
252
|
+
const ICFGNode* svfEntryInst = eb->front();
|
|
253
|
+
CxtThreadStmt newCts(cts.getTid(), curCxt, svfEntryInst);
|
|
256
254
|
addInterleavingThread(newCts, cts);
|
|
257
255
|
if (hasJoinInSymmetricLoop(curCxt, call))
|
|
258
256
|
rmInterleavingThread(newCts, joinedTids, call);
|
|
@@ -276,8 +274,8 @@ void MHP::handleJoin(const CxtThreadStmt& cts, NodeID rootTid)
|
|
|
276
274
|
{
|
|
277
275
|
const SVFBasicBlock* eb = exitbbs.back();
|
|
278
276
|
exitbbs.pop_back();
|
|
279
|
-
const
|
|
280
|
-
CxtThreadStmt newCts(cts.getTid(), cts.getContext(),
|
|
277
|
+
const ICFGNode* svfEntryInst = eb->front();
|
|
278
|
+
CxtThreadStmt newCts(cts.getTid(), cts.getContext(), svfEntryInst);
|
|
281
279
|
addInterleavingThread(newCts, cts);
|
|
282
280
|
}
|
|
283
281
|
}
|
|
@@ -307,8 +305,8 @@ void MHP::handleCall(const CxtThreadStmt& cts, NodeID rootTid)
|
|
|
307
305
|
CallStrCxt newCxt = curCxt;
|
|
308
306
|
const CallICFGNode* callicfgnode = SVFUtil::cast<CallICFGNode>(call);
|
|
309
307
|
pushCxt(newCxt, callicfgnode, svfcallee);
|
|
310
|
-
const
|
|
311
|
-
CxtThreadStmt newCts(cts.getTid(), newCxt,
|
|
308
|
+
const ICFGNode* svfEntryInst = svfcallee->getEntryBlock()->front();
|
|
309
|
+
CxtThreadStmt newCts(cts.getTid(), newCxt, svfEntryInst);
|
|
312
310
|
addInterleavingThread(newCts, cts);
|
|
313
311
|
}
|
|
314
312
|
}
|
|
@@ -430,8 +428,8 @@ void MHP::updateSiblingThreads(NodeID curTid)
|
|
|
430
428
|
|
|
431
429
|
const CxtThread& ct = tct->getTCTNode(stid)->getCxtThread();
|
|
432
430
|
const SVFFunction* routine = tct->getStartRoutineOfCxtThread(ct);
|
|
433
|
-
const
|
|
434
|
-
CxtThreadStmt cts(stid, ct.getContext(),
|
|
431
|
+
const ICFGNode* stmt = routine->getEntryBlock()->front();
|
|
432
|
+
CxtThreadStmt cts(stid, ct.getContext(), stmt);
|
|
435
433
|
addInterleavingThread(cts, curTid);
|
|
436
434
|
}
|
|
437
435
|
|
|
@@ -760,7 +758,7 @@ void ForkJoinAnalysis::analyzeForkJoinPair()
|
|
|
760
758
|
|
|
761
759
|
handleCall(cts, rootTid);
|
|
762
760
|
}
|
|
763
|
-
else if (
|
|
761
|
+
else if (isRetInstNode(curInst))
|
|
764
762
|
{
|
|
765
763
|
handleRet(cts);
|
|
766
764
|
}
|
|
@@ -832,8 +830,8 @@ void ForkJoinAnalysis::handleJoin(const CxtStmt& cts, NodeID rootTid)
|
|
|
832
830
|
{
|
|
833
831
|
const SVFBasicBlock* eb = exitbbs.back();
|
|
834
832
|
exitbbs.pop_back();
|
|
835
|
-
const
|
|
836
|
-
CxtStmt newCts(curCxt,
|
|
833
|
+
const ICFGNode* svfEntryInst = eb->front();
|
|
834
|
+
CxtStmt newCts(curCxt, svfEntryInst);
|
|
837
835
|
addDirectlyJoinTID(cts, rootTid);
|
|
838
836
|
if (isSameSCEV(forkSite, joinSite))
|
|
839
837
|
{
|
|
@@ -863,8 +861,8 @@ void ForkJoinAnalysis::handleJoin(const CxtStmt& cts, NodeID rootTid)
|
|
|
863
861
|
{
|
|
864
862
|
const SVFBasicBlock* eb = exitbbs.back();
|
|
865
863
|
exitbbs.pop_back();
|
|
866
|
-
const
|
|
867
|
-
CxtStmt newCts(curCxt,
|
|
864
|
+
const ICFGNode* svfEntryInst = eb->front();
|
|
865
|
+
CxtStmt newCts(curCxt, svfEntryInst);
|
|
868
866
|
markCxtStmtFlag(newCts, cts);
|
|
869
867
|
}
|
|
870
868
|
}
|
|
@@ -891,8 +889,8 @@ void ForkJoinAnalysis::handleCall(const CxtStmt& cts, NodeID rootTid)
|
|
|
891
889
|
continue;
|
|
892
890
|
CallStrCxt newCxt = curCxt;
|
|
893
891
|
pushCxt(newCxt, cbn, svfcallee);
|
|
894
|
-
const
|
|
895
|
-
CxtStmt newCts(newCxt,
|
|
892
|
+
const ICFGNode* svfEntryInst = svfcallee->getEntryBlock()->front();
|
|
893
|
+
CxtStmt newCts(newCxt, svfEntryInst);
|
|
896
894
|
markCxtStmtFlag(newCts, cts);
|
|
897
895
|
}
|
|
898
896
|
}
|
|
@@ -914,7 +912,7 @@ void ForkJoinAnalysis::handleRet(const CxtStmt& cts)
|
|
|
914
912
|
cit != ecit; ++cit)
|
|
915
913
|
{
|
|
916
914
|
CallStrCxt newCxt = curCxt;
|
|
917
|
-
const ICFGNode* curNode =
|
|
915
|
+
const ICFGNode* curNode = (*cit);
|
|
918
916
|
if (matchCxt(newCxt, SVFUtil::cast<CallICFGNode>(curNode), curFunNode->getFunction()))
|
|
919
917
|
{
|
|
920
918
|
for(const ICFGEdge* outEdge : curNode->getOutEdges())
|
|
@@ -932,7 +930,7 @@ void ForkJoinAnalysis::handleRet(const CxtStmt& cts)
|
|
|
932
930
|
cit != ecit; ++cit)
|
|
933
931
|
{
|
|
934
932
|
CallStrCxt newCxt = curCxt;
|
|
935
|
-
const ICFGNode* curNode =
|
|
933
|
+
const ICFGNode* curNode = (*cit);
|
|
936
934
|
|
|
937
935
|
if (matchCxt(newCxt, SVFUtil::cast<CallICFGNode>(curNode), curFunNode->getFunction()))
|
|
938
936
|
{
|
package/svf/lib/MTA/MTA.cpp
CHANGED
|
@@ -135,16 +135,15 @@ void MTA::detect(SVFModule* module)
|
|
|
135
135
|
SVFIR* pag = SVFIR::getPAG();
|
|
136
136
|
PointerAnalysis* pta = AndersenWaveDiff::createAndersenWaveDiff(pag);
|
|
137
137
|
|
|
138
|
-
Set<const SVFInstruction*> needcheckinst;
|
|
139
138
|
// Add symbols for all of the functions and the instructions in them.
|
|
140
139
|
for (const SVFFunction* F : module->getFunctionSet())
|
|
141
140
|
{
|
|
142
141
|
// collect and create symbols inside the function body
|
|
143
142
|
for (const SVFBasicBlock* svfbb : F->getBasicBlockList())
|
|
144
143
|
{
|
|
145
|
-
for (const
|
|
144
|
+
for (const ICFGNode* icfgNode : svfbb->getICFGNodeList())
|
|
146
145
|
{
|
|
147
|
-
for(const SVFStmt* stmt : pag->getSVFStmtList(
|
|
146
|
+
for(const SVFStmt* stmt : pag->getSVFStmtList(icfgNode))
|
|
148
147
|
{
|
|
149
148
|
if (const LoadStmt* l = SVFUtil::dyn_cast<LoadStmt>(stmt))
|
|
150
149
|
{
|
package/svf/lib/MTA/MTAStat.cpp
CHANGED
|
@@ -126,10 +126,9 @@ void MTAStat::performMHPPairStat(MHP* mhp, LockAnalysis* lsa)
|
|
|
126
126
|
for (SVFFunction::const_iterator bit = fun->begin(), ebit = fun->end(); bit != ebit; ++bit)
|
|
127
127
|
{
|
|
128
128
|
const SVFBasicBlock* bb = *bit;
|
|
129
|
-
for (
|
|
129
|
+
for (const auto& icfgNode : bb->getICFGNodeList())
|
|
130
130
|
{
|
|
131
|
-
const
|
|
132
|
-
for(const SVFStmt* stmt : pag->getSVFStmtList(pag->getICFG()->getICFGNode(inst)))
|
|
131
|
+
for(const SVFStmt* stmt : pag->getSVFStmtList(icfgNode))
|
|
133
132
|
{
|
|
134
133
|
if(SVFUtil::isa<LoadStmt>(stmt))
|
|
135
134
|
{
|
|
@@ -141,7 +140,6 @@ void MTAStat::performMHPPairStat(MHP* mhp, LockAnalysis* lsa)
|
|
|
141
140
|
instSet2.insert(stmt->getICFGNode());
|
|
142
141
|
}
|
|
143
142
|
}
|
|
144
|
-
|
|
145
143
|
}
|
|
146
144
|
}
|
|
147
145
|
}
|
package/svf/lib/MTA/TCT.cpp
CHANGED
|
@@ -240,13 +240,13 @@ void TCT::collectMultiForkedThreads()
|
|
|
240
240
|
/*!
|
|
241
241
|
* Handle call relations
|
|
242
242
|
*/
|
|
243
|
-
void TCT::handleCallRelation(CxtThreadProc& ctp, const CallGraphEdge* cgEdge,
|
|
243
|
+
void TCT::handleCallRelation(CxtThreadProc& ctp, const CallGraphEdge* cgEdge, const CallICFGNode* cs)
|
|
244
244
|
{
|
|
245
245
|
const SVFFunction* callee = cgEdge->getDstNode()->getFunction();
|
|
246
246
|
|
|
247
247
|
CallStrCxt cxt(ctp.getContext());
|
|
248
248
|
CallStrCxt oldCxt = cxt;
|
|
249
|
-
const CallICFGNode* callNode =
|
|
249
|
+
const CallICFGNode* callNode = cs;
|
|
250
250
|
pushCxt(cxt,callNode,callee);
|
|
251
251
|
|
|
252
252
|
if(cgEdge->getEdgeKind() == CallGraphEdge::CallRetEdge)
|
|
@@ -416,13 +416,13 @@ void TCT::build()
|
|
|
416
416
|
ecit = cgEdge->directCallsEnd(); cit!=ecit; ++cit)
|
|
417
417
|
{
|
|
418
418
|
DBOUT(DMTA,outs() << "\nTCT handling direct call:" << **cit << "\t" << cgEdge->getSrcNode()->getFunction()->getName() << "-->" << cgEdge->getDstNode()->getFunction()->getName() << "\n");
|
|
419
|
-
handleCallRelation(ctp,cgEdge
|
|
419
|
+
handleCallRelation(ctp,cgEdge,*cit);
|
|
420
420
|
}
|
|
421
421
|
for(CallGraphEdge::CallInstSet::const_iterator ind = cgEdge->indirectCallsBegin(),
|
|
422
422
|
eind = cgEdge->indirectCallsEnd(); ind!=eind; ++ind)
|
|
423
423
|
{
|
|
424
424
|
DBOUT(DMTA,outs() << "\nTCT handling indirect call:" << **ind << "\t" << cgEdge->getSrcNode()->getFunction()->getName() << "-->" << cgEdge->getDstNode()->getFunction()->getName() << "\n");
|
|
425
|
-
handleCallRelation(ctp,cgEdge
|
|
425
|
+
handleCallRelation(ctp,cgEdge,*ind);
|
|
426
426
|
}
|
|
427
427
|
}
|
|
428
428
|
}
|
|
@@ -509,11 +509,9 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
|
|
|
509
509
|
|
|
510
510
|
for(const CallICFGNode* callNode : pag->getCallSiteSet())
|
|
511
511
|
{
|
|
512
|
-
|
|
513
|
-
if (SVFUtil::getCallee(svfInst) == checkFun)
|
|
512
|
+
if (SVFUtil::getCallee(callNode) == checkFun)
|
|
514
513
|
{
|
|
515
|
-
|
|
516
|
-
CallSite cs(svfInst);
|
|
514
|
+
CallSite cs = SVFUtil::getSVFCallSite(callNode);
|
|
517
515
|
assert(cs.getNumArgOperands() == 2
|
|
518
516
|
&& "arguments should be two pointers!!");
|
|
519
517
|
const SVFValue* V1 = cs.getArgOperand(0);
|
|
@@ -551,12 +549,12 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
|
|
|
551
549
|
|
|
552
550
|
if (checkSuccessful)
|
|
553
551
|
outs() << sucMsg("\t SUCCESS :") << fun << " check <id:" << id1 << ", id:" << id2 << "> at ("
|
|
554
|
-
<<
|
|
552
|
+
<< callNode->getSourceLoc() << ")\n";
|
|
555
553
|
else
|
|
556
554
|
{
|
|
557
555
|
SVFUtil::errs() << errMsg("\t FAILURE :") << fun
|
|
558
556
|
<< " check <id:" << id1 << ", id:" << id2
|
|
559
|
-
<< "> at (" <<
|
|
557
|
+
<< "> at (" << callNode->getSourceLoc() << ")\n";
|
|
560
558
|
assert(false && "test case failed!");
|
|
561
559
|
}
|
|
562
560
|
}
|
|
@@ -577,10 +575,9 @@ void PointerAnalysis::validateExpectedFailureTests(std::string fun)
|
|
|
577
575
|
|
|
578
576
|
for(const CallICFGNode* callNode : pag->getCallSiteSet())
|
|
579
577
|
{
|
|
580
|
-
|
|
581
|
-
if (SVFUtil::getCallee(svfInst) == checkFun)
|
|
578
|
+
if (SVFUtil::getCallee(callNode) == checkFun)
|
|
582
579
|
{
|
|
583
|
-
CallSite call = getSVFCallSite(
|
|
580
|
+
CallSite call = getSVFCallSite(callNode);
|
|
584
581
|
assert(call.arg_size() == 2
|
|
585
582
|
&& "arguments should be two pointers!!");
|
|
586
583
|
const SVFValue* V1 = call.getArgOperand(0);
|
|
@@ -42,7 +42,7 @@ void DoubleFreeChecker::reportBug(ProgSlice* slice)
|
|
|
42
42
|
GenericBug::EventStack eventStack;
|
|
43
43
|
slice->evalFinalCond2Event(eventStack);
|
|
44
44
|
eventStack.push_back(
|
|
45
|
-
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())
|
|
45
|
+
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));
|
|
46
46
|
report.addSaberBug(GenericBug::DOUBLEFREE, eventStack);
|
|
47
47
|
}
|
|
48
48
|
if(Options::ValidateTests())
|
|
@@ -39,10 +39,7 @@ void FileChecker::reportBug(ProgSlice* slice)
|
|
|
39
39
|
if(isAllPathReachable() == false && isSomePathReachable() == false)
|
|
40
40
|
{
|
|
41
41
|
// full leakage
|
|
42
|
-
GenericBug::EventStack eventStack =
|
|
43
|
-
{
|
|
44
|
-
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
|
|
45
|
-
};
|
|
42
|
+
GenericBug::EventStack eventStack = { SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())) };
|
|
46
43
|
report.addSaberBug(GenericBug::FILENEVERCLOSE, eventStack);
|
|
47
44
|
}
|
|
48
45
|
else if (isAllPathReachable() == false && isSomePathReachable() == true)
|
|
@@ -50,7 +47,7 @@ void FileChecker::reportBug(ProgSlice* slice)
|
|
|
50
47
|
GenericBug::EventStack eventStack;
|
|
51
48
|
slice->evalFinalCond2Event(eventStack);
|
|
52
49
|
eventStack.push_back(
|
|
53
|
-
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())
|
|
50
|
+
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));
|
|
54
51
|
report.addSaberBug(GenericBug::FILEPARTIALCLOSE, eventStack);
|
|
55
52
|
}
|
|
56
53
|
}
|
|
@@ -154,7 +154,7 @@ void LeakChecker::reportBug(ProgSlice* slice)
|
|
|
154
154
|
// full leakage
|
|
155
155
|
GenericBug::EventStack eventStack =
|
|
156
156
|
{
|
|
157
|
-
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())
|
|
157
|
+
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource()))
|
|
158
158
|
};
|
|
159
159
|
report.addSaberBug(GenericBug::NEVERFREE, eventStack);
|
|
160
160
|
}
|
|
@@ -164,7 +164,7 @@ void LeakChecker::reportBug(ProgSlice* slice)
|
|
|
164
164
|
GenericBug::EventStack eventStack;
|
|
165
165
|
slice->evalFinalCond2Event(eventStack);
|
|
166
166
|
eventStack.push_back(
|
|
167
|
-
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())
|
|
167
|
+
SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));
|
|
168
168
|
report.addSaberBug(GenericBug::PARTIALLEAK, eventStack);
|
|
169
169
|
}
|
|
170
170
|
|
|
@@ -198,7 +198,7 @@ void ProgSlice::evalFinalCond2Event(GenericBug::EventStack &eventStack) const
|
|
|
198
198
|
NodeBS elems = pathAllocator->exactCondElem(finalCond);
|
|
199
199
|
for(NodeBS::iterator it = elems.begin(), eit = elems.end(); it!=eit; ++it)
|
|
200
200
|
{
|
|
201
|
-
const
|
|
201
|
+
const ICFGNode* tinst = pathAllocator->getCondInst(*it);
|
|
202
202
|
if(pathAllocator->isNegCond(*it))
|
|
203
203
|
eventStack.push_back(SVFBugEvent(
|
|
204
204
|
SVFBugEvent::Branch|((((u32_t)false) << 4) & BRANCHFLAGMASK), tinst));
|
|
@@ -226,7 +226,7 @@ std::string ProgSlice::evalFinalCond() const
|
|
|
226
226
|
|
|
227
227
|
for(NodeBS::iterator it = elems.begin(), eit = elems.end(); it!=eit; ++it)
|
|
228
228
|
{
|
|
229
|
-
const
|
|
229
|
+
const ICFGNode* tinst = pathAllocator->getCondInst(*it);
|
|
230
230
|
if(pathAllocator->isNegCond(*it))
|
|
231
231
|
locations.insert(tinst->getSourceLoc()+"|False");
|
|
232
232
|
else
|