svf-tools 1.0.981 → 1.0.983

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.981",
+  "version": "1.0.983",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Svfexe/AEDetector.h

@@ -218,21 +218,9 @@ public:
      */
     void addBugToReporter(const AEException& e, const ICFGNode* node)
     {
-        const SVFInstruction* inst = nullptr;
-
-        // Determine the instruction associated with the ICFG node
-        if (const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(node))
-        {
-            inst = call->getCallSite(); // If the node is a call node, get the call site instruction
-        }
-        else
-        {
-            inst = node->getSVFStmts().back()->getInst(); // Otherwise, get the last instruction of the node's
-            // statements
-        }
 
         GenericBug::EventStack eventStack;
-        SVFBugEvent sourceInstEvent(SVFBugEvent::EventType::SourceInst, inst);
+        SVFBugEvent sourceInstEvent(SVFBugEvent::EventType::SourceInst, node);
         eventStack.push_back(sourceInstEvent); // Add the source instruction event to the event stack
 
         if (eventStack.empty())

package/svf/include/Graphs/ICFGNode.h

@@ -132,6 +132,8 @@ public:
 
     virtual const std::string toString() const;
 
+    virtual const std::string getSourceLoc() const = 0;
+
     void dump() const;
 
 protected:
@@ -172,6 +174,11 @@ public:
     //@}
 
     virtual const std::string toString() const;
+
+    virtual const std::string getSourceLoc() const
+    {
+        return "Global ICFGNode";
+    }
 };
 
 /*!
@@ -218,6 +225,11 @@ public:
     //@}
 
     const std::string toString() const;
+
+    virtual const std::string getSourceLoc() const
+    {
+        return inst->getSourceLoc();
+    }
 };
 
 class InterICFGNode : public ICFGNode
@@ -252,6 +264,7 @@ public:
                || node->getNodeKind() == FunRetBlock;
     }
     //@}
+    virtual const std::string getSourceLoc() const = 0;
 };
 
 
@@ -316,6 +329,11 @@ public:
     //@}
 
     const virtual std::string toString() const;
+
+    virtual const std::string getSourceLoc() const
+    {
+        return "function entry: " + fun->getSourceLoc();
+    }
 };
 
 /*!
@@ -377,6 +395,11 @@ public:
     //@}
 
     virtual const std::string toString() const;
+
+    virtual const std::string getSourceLoc() const
+    {
+        return "function ret: " + fun->getSourceLoc();
+    }
 };
 
 /*!
@@ -478,6 +501,11 @@ public:
     //@}
 
     virtual const std::string toString() const;
+
+    virtual const std::string getSourceLoc() const
+    {
+        return "CallICFGNode: " + cs->getSourceLoc();
+    }
 };
 
 
@@ -554,6 +582,11 @@ public:
     //@}
 
     virtual const std::string toString() const;
+
+    virtual const std::string getSourceLoc() const
+    {
+        return "RetICFGNode: " + cs->getSourceLoc();
+    }
 };
 
 } // End namespace SVF

package/svf/include/Graphs/VFGNode.h

@@ -181,12 +181,6 @@ public:
                || node->getNodeKind() == Store
                || node->getNodeKind() == Load;
     }
-
-    inline const SVFInstruction* getInst() const
-    {
-        /// should return a valid instruction unless it is a global PAGEdge
-        return pagEdge->getInst();
-    }
     //@}
 
     const SVFValue* getValue() const override;

package/svf/include/MTA/LockAnalysis.h

@@ -339,7 +339,7 @@ private:
     void handleIntra(const CxtStmt& cts);
 
     /// Handle call relations
-    void handleCallRelation(CxtLockProc& clp, const CallGraphEdge* cgEdge, CallSite call);
+    void handleCallRelation(CxtLockProc& clp, const CallGraphEdge* cgEdge, const CallICFGNode* call);
 
     /// Return true it a lock matches an unlock
     bool isAliasedLocks(const CxtLock& cl1, const CxtLock& cl2)

package/svf/include/MTA/TCT.h

@@ -167,15 +167,6 @@ public:
     {
         destroy();
     }
-    /// Get CallICFGNode given inst
-    CallICFGNode* getCallICFGNode(const SVFInstruction* inst)
-    {
-        return pta->getICFG()->getCallICFGNode(inst);
-    }
-    const ICFGNode* getICFGNode(const SVFInstruction* inst)
-    {
-        return pta->getICFG()->getICFGNode(inst);
-    }
 
     /// Get SVFFModule
     SVFModule* getSVFModule() const
@@ -497,7 +488,7 @@ private:
     //@}
 
     /// Handle call relations
-    void handleCallRelation(CxtThreadProc& ctp, const CallGraphEdge* cgEdge, CallSite call);
+    void handleCallRelation(CxtThreadProc& ctp, const CallGraphEdge* cgEdge, const CallICFGNode* call);
 
     /// Get or create a tct node based on CxtThread
     //@{

package/svf/include/SABER/SaberCondAllocator.h

@@ -49,7 +49,7 @@ class SaberCondAllocator
 public:
 
     typedef Z3Expr Condition;   /// z3 condition
-    typedef Map<u32_t, const SVFInstruction *> IndexToTermInstMap; /// id to instruction map for z3
+    typedef Map<u32_t, const ICFGNode*> IndexToTermInstMap; /// id to instruction map for z3
     typedef Map<u32_t,Condition> CondPosMap;		///< map a branch to its Condition
     typedef Map<const SVFBasicBlock*, CondPosMap > BBCondMap;	/// map bb to a Condition
     typedef Set<const SVFBasicBlock*> BasicBlockSet;
@@ -118,21 +118,21 @@ public:
     }
 
     /// Allocate a new condition
-    Condition newCond(const SVFInstruction* inst);
+    Condition newCond(const ICFGNode* inst);
 
     /// Perform path allocation
     void allocate(const SVFModule* module);
 
     /// Get/Set instruction based on Z3 expression id
     //{@
-    inline const SVFInstruction* getCondInst(u32_t id) const
+    inline const ICFGNode* getCondInst(u32_t id) const
     {
         IndexToTermInstMap::const_iterator it = idToTermInstMap.find(id);
         assert(it != idToTermInstMap.end() && "this should be a fresh condition");
         return it->second;
     }
 
-    inline void setCondInst(const Condition &condition, const SVFInstruction* inst)
+    inline void setCondInst(const Condition &condition, const ICFGNode* inst)
     {
         assert(idToTermInstMap.find(condition.id()) == idToTermInstMap.end() && "this should be a fresh condition");
         idToTermInstMap[condition.id()] = inst;
@@ -235,7 +235,7 @@ public:
 
 
     /// mark neg Z3 expression
-    inline void setNegCondInst(const Condition &condition, const SVFInstruction* inst)
+    inline void setNegCondInst(const Condition &condition, const ICFGNode* inst)
     {
         setCondInst(condition, inst);
         negConds.set(condition.id());

package/svf/include/Util/SVFBugReport.h

@@ -62,10 +62,10 @@ public:
 
 protected:
     u32_t typeAndInfoFlag;
-    const SVFInstruction *eventInst;
+    const ICFGNode *eventInst;
 
 public:
-    SVFBugEvent(u32_t typeAndInfoFlag, const SVFInstruction *eventInst): typeAndInfoFlag(typeAndInfoFlag), eventInst(eventInst) { };
+    SVFBugEvent(u32_t typeAndInfoFlag, const ICFGNode *eventInst): typeAndInfoFlag(typeAndInfoFlag), eventInst(eventInst) { };
     virtual ~SVFBugEvent() = default;
 
     inline u32_t getEventType() const

package/svf/include/Util/SVFUtil.h

@@ -169,14 +169,8 @@ void dumpPointsToList(const PointsToList& ptl);
 /// Return true if it is an llvm intrinsic instruction
 bool isIntrinsicInst(const SVFInstruction* inst);
 bool isIntrinsicInst(const ICFGNode* inst);
-
 //@}
 
-/// Whether an instruction is a call or invoke instruction
-inline bool isCallSite(const SVFInstruction* inst)
-{
-    return SVFUtil::isa<SVFCallInst>(inst);
-}
 /// Whether an instruction is a call or invoke instruction
 inline bool isCallSite(const SVFValue* val)
 {
@@ -206,27 +200,16 @@ inline bool isNonInstricCallSite(const ICFGNode* inst)
     return isCallSite(inst);
 }
 
-/// Return LLVM callsite given an instruction
-inline CallSite getSVFCallSite(const SVFInstruction* inst)
-{
-    assert(isCallSite(inst) && "not a callsite?");
-    CallSite cs(inst);
-    return cs;
-}
+
+/// Return callsite given an instruction
+CallSite getSVFCallSite(const ICFGNode* inst);
+
 
 /// Match arguments for callsite at caller and callee
 /// if the arg size does not match then we do not need to connect this parameter
 /// unless the callee is a variadic function (the first parameter of variadic function is its parameter number)
-bool matchArgs(const CallSite cs, const SVFFunction* callee);
+bool matchArgs(const CallICFGNode* cs, const SVFFunction* callee);
 
-/// Return LLVM callsite given a value
-inline CallSite getSVFCallSite(const SVFValue* value)
-{
-    assert(isCallSite(value) && "not a callsite?");
-    const SVFCallInst* svfInst = SVFUtil::cast<SVFCallInst>(value);
-    CallSite cs(svfInst);
-    return cs;
-}
 
 /// Split into two substrings around the first occurrence of a separator string.
 inline std::vector<std::string> split(const std::string& s, char separator)
@@ -418,7 +401,7 @@ inline bool isArgOfUncalledFunction(const SVFValue* svfval)
 
 /// Return thread fork function
 //@{
-inline const SVFValue* getForkedFun(const SVFInstruction *inst)
+inline const SVFValue* getForkedFun(const ICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->getForkedFun(inst);
 }
@@ -483,7 +466,7 @@ inline bool isReallocExtCall(const CallSite cs)
 
 /// Return true if this is a thread creation call
 ///@{
-inline bool isThreadForkCall(const SVFInstruction *inst)
+inline bool isThreadForkCall(const ICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->isTDFork(inst);
 }
@@ -491,49 +474,49 @@ inline bool isThreadForkCall(const SVFInstruction *inst)
 
 /// Return true if this is a thread join call
 ///@{
-inline bool isThreadJoinCall(const CallSite cs)
+inline bool isThreadJoinCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDJoin(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDJoin(cs);
 }
 //@}
 
 /// Return true if this is a thread exit call
 ///@{
-inline bool isThreadExitCall(const CallSite cs)
+inline bool isThreadExitCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDExit(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDExit(cs);
 }
 //@}
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockAquireCall(const CallSite cs)
+inline bool isLockAquireCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDAcquire(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDAcquire(cs);
 }
 //@}
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockReleaseCall(const CallSite cs)
+inline bool isLockReleaseCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDRelease(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDRelease(cs);
 }
 //@}
 
 /// Return true if this is a barrier wait call
 //@{
-inline bool isBarrierWaitCall(const CallSite cs)
+inline bool isBarrierWaitCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDBarWait(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDBarWait(cs);
 }
 //@}
 
 /// Return sole argument of the thread routine
 //@{
-inline const SVFValue* getActualParmAtForkSite(const CallSite cs)
+inline const SVFValue* getActualParmAtForkSite(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->getActualParmAtForkSite(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->getActualParmAtForkSite(cs);
 }
 //@}
 

package/svf/include/Util/ThreadAPI.h

@@ -37,6 +37,7 @@ namespace SVF
 
 class SVFModule;
 class ICFGNode;
+class CallICFGNode;
 
 /*
  * ThreadAPI class contains interfaces for pthread programs
@@ -121,8 +122,6 @@ public:
     /// Return the callee/callsite/func
     //@{
     const SVFFunction* getCallee(const ICFGNode *inst) const;
-    const SVFFunction* getCallee(const SVFInstruction *inst) const;
-    const CallSite getSVFCallSite(const SVFInstruction *inst) const;
     const CallSite getSVFCallSite(const ICFGNode *inst) const;
     //@}
 
@@ -132,10 +131,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_FORK;
     }
-    inline bool isTDFork(const SVFInstruction* cs) const
-    {
-        return getType(getCallee(cs)) == TD_FORK;
-    }
     //@}
 
     /// Return arguments/attributes of pthread_create / hare_parallel_for
@@ -148,13 +143,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(0);
     }
-    inline const SVFValue* getForkedThread(const SVFInstruction* inst) const
-    {
-        assert(isTDFork(inst) && "not a thread fork function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(0);
-    }
-
     /// Return the third argument of the call,
     /// Note that, it could be function type or a void* pointer
     inline const SVFValue* getForkedFun(const ICFGNode *inst) const
@@ -163,12 +151,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(2);
     }
-    inline const SVFValue* getForkedFun(const SVFInstruction* inst) const
-    {
-        assert(isTDFork(inst) && "not a thread fork function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(2);
-    }
 
     /// Return the forth argument of the call,
     /// Note that, it is the sole argument of start routine ( a void* pointer )
@@ -178,12 +160,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(3);
     }
-    inline const SVFValue* getActualParmAtForkSite(const SVFInstruction* inst) const
-    {
-        assert(isTDFork(inst) && "not a thread fork function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(3);
-    }
     //@}
 
     /// Return true if this call wait for a worker thread
@@ -192,10 +168,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_JOIN;
     }
-    inline bool isTDJoin(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_JOIN;
-    }
     //@}
 
     /// Return arguments/attributes of pthread_join
@@ -211,12 +183,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(1);
     }
-    inline const SVFValue* getRetParmAtJoinedSite(const SVFInstruction* inst) const
-    {
-        assert(isTDJoin(inst) && "not a thread join function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(1);
-    }
     //@}
 
 
@@ -226,11 +192,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_EXIT;
     }
-
-    inline bool isTDExit(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_EXIT;
-    }
     //@}
 
     /// Return true if this call acquire a lock
@@ -239,11 +200,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_ACQUIRE;
     }
-
-    inline bool isTDAcquire(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_ACQUIRE;
-    }
     //@}
 
     /// Return true if this call release a lock
@@ -252,11 +208,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_RELEASE;
     }
-
-    inline bool isTDRelease(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_RELEASE;
-    }
     //@}
 
     /// Return lock value
@@ -271,11 +222,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_BAR_WAIT;
     }
-
-    inline bool isTDBarWait(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_BAR_WAIT;
-    }
     //@}
 
     void performAPIStat(SVFModule* m);

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -148,7 +148,7 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
     SVFIR* svfir = PAG::getPAG();
     const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
     assert(fun && "SVFFunction* is nullptr");
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
 
     AbstractInterpretation::ExtAPIType extType = AbstractInterpretation::UNCLASSIFIED;
 
@@ -322,7 +322,7 @@ void BufOverflowDetector::updateGepObjOffsetFromBase(SVF::AddressValue gepAddrs,
  */
 bool BufOverflowDetector::detectStrcpy(AbstractState& as, const CallICFGNode *call)
 {
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
     const SVFValue* arg0Val = cs.getArgument(0);
     const SVFValue* arg1Val = cs.getArgument(1);
     IntervalValue strLen = AbstractInterpretation::getAEInstance().getStrlen(as, arg1Val);
@@ -349,7 +349,7 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
 
     if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         IntervalValue strLen0 = AbstractInterpretation::getAEInstance().getStrlen(as, arg0Val);
@@ -359,7 +359,7 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
     }
     else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg2Val = cs.getArgument(2);
         IntervalValue arg2Num = as[svfir->getValueNode(arg2Val)].getInterval();

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -1359,7 +1359,7 @@ void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
     AbstractState& as = getAbsStateFromTrace(call);
     const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
     assert(fun && "SVFFunction* is nullptr");
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
     ExtAPIType extType = UNCLASSIFIED;
     // get type of mem api
     for (const std::string &annotation: fun->getAnnotations())
@@ -1381,7 +1381,7 @@ void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
         }
         else
         {
-            u32_t lhsId = svfir->getValueNode(SVFUtil::getSVFCallSite(call->getCallSite()).getInstruction());
+            u32_t lhsId = svfir->getValueNode(SVFUtil::getSVFCallSite(call).getInstruction());
             if (as.inVarToAddrsTable(lhsId))
             {
 
@@ -1463,7 +1463,7 @@ void AbstractInterpretation::handleStrcpy(const CallICFGNode *call)
     // strcpy, __strcpy_chk, stpcpy , wcscpy, __wcscpy_chk
     // get the dst and src
     AbstractState& as = getAbsStateFromTrace(call);
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
     const SVFValue* arg0Val = cs.getArgument(0);
     const SVFValue* arg1Val = cs.getArgument(1);
     IntervalValue strLen = getStrlen(as, arg1Val);
@@ -1553,12 +1553,12 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
     // __strcat_chk, strcat, __wcscat_chk, wcscat, __strncat_chk, strncat, __wcsncat_chk, wcsncat
     // to check it is  strcat group or strncat group
     AbstractState& as = getAbsStateFromTrace(call);
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
+    const SVFFunction *fun = SVFUtil::getCallee(call);
     const std::vector<std::string> strcatGroup = {"__strcat_chk", "strcat", "__wcscat_chk", "wcscat"};
     const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
     if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         IntervalValue strLen0 = getStrlen(as, arg0Val);
@@ -1569,7 +1569,7 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
     }
     else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         const SVFValue* arg2Val = cs.getArgument(2);

package/svf/lib/CFL/CFLAlias.cpp

@@ -42,9 +42,9 @@ void CFLAlias::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites, Call
     {
         const CallICFGNode* cs = iter->first;
 
-        if (SVFUtil::getSVFCallSite(cs->getCallSite()).isVirtualCall())
+        if (SVFUtil::getSVFCallSite(cs).isVirtualCall())
         {
-            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs->getCallSite()).getVtablePtr();
+            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs).getVtablePtr();
             assert(pag->hasValueNode(vtbl));
             NodeID vtblId = pag->getValueNode(vtbl);
             resolveCPPIndCalls(cs, getCFLPts(vtblId), newEdges);
@@ -175,7 +175,7 @@ bool CFLAlias::updateCallGraph(const CallSiteToFunPtrMap& callsites)
     onTheFlyCallGraphSolve(callsites,newEdges);
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
             connectCaller2CalleeParams(cs,*cit);

package/svf/lib/DDA/DDAClient.cpp

@@ -81,9 +81,9 @@ OrderedNodeSet& FunptrDDAClient::collectCandidateQueries(SVFIR* p)
     for(SVFIR::CallSiteToFunPtrMap::const_iterator it = pag->getIndirectCallsites().begin(),
             eit = pag->getIndirectCallsites().end(); it!=eit; ++it)
     {
-        if (SVFUtil::getSVFCallSite(it->first->getCallSite()).isVirtualCall())
+        if (SVFUtil::getSVFCallSite(it->first).isVirtualCall())
         {
-            const SVFValue* vtblPtr = SVFUtil::getSVFCallSite(it->first->getCallSite()).getVtablePtr();
+            const SVFValue* vtblPtr = SVFUtil::getSVFCallSite(it->first).getVtablePtr();
             assert(pag->hasValueNode(vtblPtr) && "not a vtable pointer?");
             NodeID vtblId = pag->getValueNode(vtblPtr);
             addCandidate(vtblId);

package/svf/lib/Graphs/CallGraph.cpp

@@ -51,7 +51,7 @@ void CallGraphEdge::addDirectCallSite(const CallICFGNode* call)
 
 void CallGraphEdge::addInDirectCallSite(const CallICFGNode* call)
 {
-    assert((nullptr == SVFUtil::getCallee(call->getCallSite()) || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call->getCallSite()))) && "not an indirect callsite??");
+    assert((nullptr == SVFUtil::getCallee(call->getCallSite()) || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call))) && "not an indirect callsite??");
     indirectCalls.insert(call);
 }
 //@}

package/svf/lib/Graphs/IRGraph.cpp

@@ -273,13 +273,11 @@ struct DOTGraphTraits<IRGraph*> : public DefaultDOTGraphTraits
         assert(edge && "No edge found!!");
         if(const CallPE* calledge = SVFUtil::dyn_cast<CallPE>(edge))
         {
-            const SVFInstruction* callInst= calledge->getCallSite()->getCallSite();
-            return callInst->getSourceLoc();
+            return calledge->getCallSite()->getSourceLoc();
         }
         else if(const RetPE* retedge = SVFUtil::dyn_cast<RetPE>(edge))
         {
-            const SVFInstruction* callInst= retedge->getCallSite()->getCallSite();
-            return callInst->getSourceLoc();
+            return retedge->getCallSite()->getSourceLoc();
         }
         return "";
     }

package/svf/lib/Graphs/ThreadCallGraph.cpp

@@ -70,7 +70,7 @@ void ThreadCallGraph::updateCallGraph(PointerAnalysis* pta)
     // Fork sites
     for (CallSiteSet::const_iterator it = forksitesBegin(), eit = forksitesEnd(); it != eit; ++it)
     {
-        const SVFValue* forkedval = tdAPI->getForkedFun((*it)->getCallSite());
+        const SVFValue* forkedval = tdAPI->getForkedFun(*it);
         if(SVFUtil::dyn_cast<SVFFunction>(forkedval)==nullptr)
         {
             SVFIR* pag = pta->getPAG();
@@ -105,7 +105,7 @@ void ThreadCallGraph::updateJoinEdge(PointerAnalysis* pta)
         CallSiteSet forkset;
         for (CallSiteSet::const_iterator it = forksitesBegin(), eit = forksitesEnd(); it != eit; ++it)
         {
-            const SVFValue* forkthread = tdAPI->getForkedThread((*it)->getCallSite());
+            const SVFValue* forkthread = tdAPI->getForkedThread(*it);
             if (pta->alias(jointhread, forkthread))
             {
                 forkset.insert(*it);
@@ -123,7 +123,7 @@ void ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
 {
 
     CallGraphNode* caller = getCallGraphNode(cs->getCaller());
-    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs->getCallSite()));
+    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs));
     assert(forkee && "callee does not exist");
     CallGraphNode* callee = getCallGraphNode(forkee->getDefFunForMultipleModule());
     CallSiteID csId = addCallSite(cs, callee->getFunction());
@@ -176,7 +176,7 @@ void ThreadCallGraph::addDirectJoinEdge(const CallICFGNode* cs,const CallSiteSet
     for (CallSiteSet::const_iterator it = forkset.begin(), eit = forkset.end(); it != eit; ++it)
     {
 
-        const SVFFunction* threadRoutineFun = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun((*it)->getCallSite()));
+        const SVFFunction* threadRoutineFun = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(*it));
         assert(threadRoutineFun && "thread routine function does not exist");
         CallGraphNode* threadRoutineFunNode = getCallGraphNode(threadRoutineFun);
         CallSiteID csId = addCallSite(cs, threadRoutineFun);

package/svf/lib/Graphs/VFG.cpp

@@ -979,7 +979,7 @@ void VFG::connectCallerAndCallee(const CallICFGNode* callBlockNode, const SVFFun
     RetICFGNode* retBlockNode = icfg->getRetICFGNode(callBlockNode->getCallSite());
     // connect actual and formal param
     if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(callee) &&
-            matchArgs(callBlockNode->getCallSite(), callee))
+            matchArgs(callBlockNode, callee))
     {
         const SVFIR::SVFVarList& csArgList = pag->getCallSiteArgsList(callBlockNode);
         const SVFIR::SVFVarList& funArgList = pag->getFunArgsList(callee);

package/svf/lib/MTA/LockAnalysis.cpp

@@ -286,7 +286,7 @@ void LockAnalysis::collectCxtLock()
                 DBOUT(DMTA,
                       outs() << "\nCollecting CxtLocks: handling direct call:" << **cit << "\t" << cgEdge->getSrcNode()->getFunction()->getName()
                       << "-->" << cgEdge->getDstNode()->getFunction()->getName() << "\n");
-                handleCallRelation(clp, cgEdge, getSVFCallSite((*cit)->getCallSite()));
+                handleCallRelation(clp, cgEdge, *cit);
             }
             for (CallGraphEdge::CallInstSet::const_iterator ind = cgEdge->indirectCallsBegin(), eind = cgEdge->indirectCallsEnd();
                     ind != eind; ++ind)
@@ -295,7 +295,7 @@ void LockAnalysis::collectCxtLock()
                       outs() << "\nCollecting CxtLocks: handling indirect call:" << **ind << "\t"
                       << cgEdge->getSrcNode()->getFunction()->getName() << "-->" << cgEdge->getDstNode()->getFunction()->getName()
                       << "\n");
-                handleCallRelation(clp, cgEdge, getSVFCallSite((*ind)->getCallSite()));
+                handleCallRelation(clp, cgEdge, *ind);
             }
         }
     }
@@ -305,11 +305,11 @@ void LockAnalysis::collectCxtLock()
 /*!
  * Handling call relations when collecting context-sensitive locks
  */
-void LockAnalysis::handleCallRelation(CxtLockProc& clp, const CallGraphEdge* cgEdge, CallSite cs)
+void LockAnalysis::handleCallRelation(CxtLockProc& clp, const CallGraphEdge* cgEdge, const CallICFGNode* cs)
 {
 
     CallStrCxt cxt(clp.getContext());
-    const ICFGNode* curNode = tct->getICFGNode(cs.getInstruction());
+    const ICFGNode* curNode = cs;
     if (isTDAcquire(curNode))
     {
         addCxtLock(cxt,curNode);

package/svf/lib/MTA/MHP.cpp

@@ -912,7 +912,7 @@ void ForkJoinAnalysis::handleRet(const CxtStmt& cts)
                 cit != ecit; ++cit)
         {
             CallStrCxt newCxt = curCxt;
-            const ICFGNode* curNode = tct->getICFGNode((*cit)->getCallSite());
+            const ICFGNode* curNode = (*cit);
             if (matchCxt(newCxt, SVFUtil::cast<CallICFGNode>(curNode), curFunNode->getFunction()))
             {
                 for(const ICFGEdge* outEdge : curNode->getOutEdges())
@@ -930,7 +930,7 @@ void ForkJoinAnalysis::handleRet(const CxtStmt& cts)
                 cit != ecit; ++cit)
         {
             CallStrCxt newCxt = curCxt;
-            const ICFGNode* curNode = tct->getICFGNode((*cit)->getCallSite());
+            const ICFGNode* curNode = (*cit);
 
             if (matchCxt(newCxt, SVFUtil::cast<CallICFGNode>(curNode), curFunNode->getFunction()))
             {

package/svf/lib/MTA/MTA.cpp

@@ -135,7 +135,6 @@ void MTA::detect(SVFModule* module)
     SVFIR* pag = SVFIR::getPAG();
     PointerAnalysis* pta = AndersenWaveDiff::createAndersenWaveDiff(pag);
 
-    Set<const SVFInstruction*> needcheckinst;
     // Add symbols for all of the functions and the instructions in them.
     for (const SVFFunction* F : module->getFunctionSet())
     {

package/svf/lib/MTA/MTAStat.cpp

@@ -49,7 +49,7 @@ void MTAStat::performThreadCallGraphStat(ThreadCallGraph* tcg)
     for (ThreadCallGraph::CallSiteSet::const_iterator it = tcg->forksitesBegin(), eit = tcg->forksitesEnd(); it != eit; ++it)
     {
         bool indirectfork = false;
-        const SVFFunction* spawnee = SVFUtil::dyn_cast<SVFFunction>(tcg->getThreadAPI()->getForkedFun((*it)->getCallSite()));
+        const SVFFunction* spawnee = SVFUtil::dyn_cast<SVFFunction>(tcg->getThreadAPI()->getForkedFun(*it));
         if(spawnee==nullptr)
         {
             numOfIndForksite++;

package/svf/lib/MTA/TCT.cpp

@@ -240,13 +240,13 @@ void TCT::collectMultiForkedThreads()
 /*!
  * Handle call relations
  */
-void TCT::handleCallRelation(CxtThreadProc& ctp, const CallGraphEdge* cgEdge, CallSite cs)
+void TCT::handleCallRelation(CxtThreadProc& ctp, const CallGraphEdge* cgEdge, const CallICFGNode* cs)
 {
     const SVFFunction* callee = cgEdge->getDstNode()->getFunction();
 
     CallStrCxt cxt(ctp.getContext());
     CallStrCxt oldCxt = cxt;
-    const CallICFGNode* callNode = SVFUtil::cast<CallICFGNode>(getICFGNode(cs.getInstruction()));
+    const CallICFGNode* callNode = cs;
     pushCxt(cxt,callNode,callee);
 
     if(cgEdge->getEdgeKind() == CallGraphEdge::CallRetEdge)
@@ -416,13 +416,13 @@ void TCT::build()
                     ecit = cgEdge->directCallsEnd(); cit!=ecit; ++cit)
             {
                 DBOUT(DMTA,outs() << "\nTCT handling direct call:" << **cit << "\t" << cgEdge->getSrcNode()->getFunction()->getName() << "-->" << cgEdge->getDstNode()->getFunction()->getName() << "\n");
-                handleCallRelation(ctp,cgEdge,getSVFCallSite((*cit)->getCallSite()));
+                handleCallRelation(ctp,cgEdge,*cit);
             }
             for(CallGraphEdge::CallInstSet::const_iterator ind = cgEdge->indirectCallsBegin(),
                     eind = cgEdge->indirectCallsEnd(); ind!=eind; ++ind)
             {
                 DBOUT(DMTA,outs() << "\nTCT handling indirect call:" << **ind << "\t" << cgEdge->getSrcNode()->getFunction()->getName() << "-->" << cgEdge->getDstNode()->getFunction()->getName() << "\n");
-                handleCallRelation(ctp,cgEdge,getSVFCallSite((*ind)->getCallSite()));
+                handleCallRelation(ctp,cgEdge,*ind);
             }
         }
     }

package/svf/lib/MemoryModel/PointerAnalysis.cpp

@@ -404,7 +404,7 @@ void PointerAnalysis::resolveIndCalls(const CallICFGNode* cs, const PointsTo& ta
                 const SVFFunction* calleefun = SVFUtil::cast<SVFFunction>(obj->getValue());
                 const SVFFunction* callee = calleefun->getDefFunForMultipleModule();
 
-                if(SVFUtil::matchArgs(cs->getCallSite(), callee) == false)
+                if(SVFUtil::matchArgs(cs, callee) == false)
                     continue;
 
                 if(0 == getIndCallMap()[cs].count(callee))
@@ -428,8 +428,8 @@ void PointerAnalysis::resolveIndCalls(const CallICFGNode* cs, const PointsTo& ta
  */
 void PointerAnalysis::getVFnsFromCHA(const CallICFGNode* cs, VFunSet &vfns)
 {
-    if (chgraph->csHasVFnsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite())))
-        vfns = chgraph->getCSVFsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite()));
+    if (chgraph->csHasVFnsBasedonCHA(SVFUtil::getSVFCallSite(cs)))
+        vfns = chgraph->getCSVFsBasedonCHA(SVFUtil::getSVFCallSite(cs));
 }
 
 /*
@@ -438,10 +438,10 @@ void PointerAnalysis::getVFnsFromCHA(const CallICFGNode* cs, VFunSet &vfns)
 void PointerAnalysis::getVFnsFromPts(const CallICFGNode* cs, const PointsTo &target, VFunSet &vfns)
 {
 
-    if (chgraph->csHasVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite())))
+    if (chgraph->csHasVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs)))
     {
         Set<const SVFGlobalValue*> vtbls;
-        const VTableSet &chaVtbls = chgraph->getCSVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite()));
+        const VTableSet &chaVtbls = chgraph->getCSVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs));
         for (PointsTo::iterator it = target.begin(), eit = target.end(); it != eit; ++it)
         {
             const PAGNode *ptdnode = pag->getGNode(*it);
@@ -454,7 +454,7 @@ void PointerAnalysis::getVFnsFromPts(const CallICFGNode* cs, const PointsTo &tar
                 }
             }
         }
-        chgraph->getVFnsFromVtbls(SVFUtil::getSVFCallSite(cs->getCallSite()), vtbls, vfns);
+        chgraph->getVFnsFromVtbls(SVFUtil::getSVFCallSite(cs), vtbls, vfns);
     }
 }
 
@@ -471,8 +471,8 @@ void PointerAnalysis::connectVCallToVFns(const CallICFGNode* cs, const VFunSet &
         callee = callee->getDefFunForMultipleModule();
         if (getIndCallMap()[cs].count(callee) > 0)
             continue;
-        if(SVFUtil::getSVFCallSite(cs->getCallSite()).arg_size() == callee->arg_size() ||
-                (SVFUtil::getSVFCallSite(cs->getCallSite()).isVarArg() && callee->isVarArg()))
+        if(SVFUtil::getSVFCallSite(cs).arg_size() == callee->arg_size() ||
+                (SVFUtil::getSVFCallSite(cs).isVarArg() && callee->isVarArg()))
         {
             newEdges[cs].insert(callee);
             getIndCallMap()[cs].insert(callee);
@@ -485,7 +485,7 @@ void PointerAnalysis::connectVCallToVFns(const CallICFGNode* cs, const VFunSet &
 /// Resolve cpp indirect call edges
 void PointerAnalysis::resolveCPPIndCalls(const CallICFGNode* cs, const PointsTo& target, CallEdgeMap& newEdges)
 {
-    assert(SVFUtil::getSVFCallSite(cs->getCallSite()).isVirtualCall() && "not cpp virtual call");
+    assert(SVFUtil::getSVFCallSite(cs).isVirtualCall() && "not cpp virtual call");
 
     VFunSet vfns;
     if (Options::ConnectVCallOnCHA())
@@ -509,11 +509,9 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
 
         for(const CallICFGNode* callNode : pag->getCallSiteSet())
         {
-            const SVFInstruction* svfInst = callNode->getCallSite();
-            if (SVFUtil::getCallee(svfInst) == checkFun)
+            if (SVFUtil::getCallee(callNode) == checkFun)
             {
-
-                CallSite cs(svfInst);
+                CallSite cs = SVFUtil::getSVFCallSite(callNode);
                 assert(cs.getNumArgOperands() == 2
                        && "arguments should be two pointers!!");
                 const SVFValue* V1 = cs.getArgOperand(0);
@@ -551,12 +549,12 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
 
                 if (checkSuccessful)
                     outs() << sucMsg("\t SUCCESS :") << fun << " check <id:" << id1 << ", id:" << id2 << "> at ("
-                           << svfInst->getSourceLoc() << ")\n";
+                           << callNode->getSourceLoc() << ")\n";
                 else
                 {
                     SVFUtil::errs() << errMsg("\t FAILURE :") << fun
                                     << " check <id:" << id1 << ", id:" << id2
-                                    << "> at (" << svfInst->getSourceLoc() << ")\n";
+                                    << "> at (" << callNode->getSourceLoc() << ")\n";
                     assert(false && "test case failed!");
                 }
             }
@@ -577,10 +575,9 @@ void PointerAnalysis::validateExpectedFailureTests(std::string fun)
 
         for(const CallICFGNode* callNode : pag->getCallSiteSet())
         {
-            const SVFInstruction* svfInst = callNode->getCallSite();
-            if (SVFUtil::getCallee(svfInst) == checkFun)
+            if (SVFUtil::getCallee(callNode) == checkFun)
             {
-                CallSite call = getSVFCallSite(svfInst);
+                CallSite call = getSVFCallSite(callNode);
                 assert(call.arg_size() == 2
                        && "arguments should be two pointers!!");
                 const SVFValue* V1 = call.getArgOperand(0);

package/svf/lib/MemoryModel/PointerAnalysisImpl.cpp

@@ -495,9 +495,9 @@ void BVDataPTAImpl::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites,
     {
         const CallICFGNode* cs = iter->first;
 
-        if (SVFUtil::getSVFCallSite(cs->getCallSite()).isVirtualCall())
+        if (SVFUtil::getSVFCallSite(cs).isVirtualCall())
         {
-            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs->getCallSite()).getVtablePtr();
+            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs).getVtablePtr();
             assert(pag->hasValueNode(vtbl));
             NodeID vtblId = pag->getValueNode(vtbl);
             resolveCPPIndCalls(cs, getPts(vtblId), newEdges);

package/svf/lib/SABER/DoubleFreeChecker.cpp

@@ -42,7 +42,7 @@ void DoubleFreeChecker::reportBug(ProgSlice* slice)
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
         eventStack.push_back(
-            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));
         report.addSaberBug(GenericBug::DOUBLEFREE, eventStack);
     }
     if(Options::ValidateTests())

package/svf/lib/SABER/FileChecker.cpp

@@ -39,10 +39,7 @@ void FileChecker::reportBug(ProgSlice* slice)
     if(isAllPathReachable() == false && isSomePathReachable() == false)
     {
         // full leakage
-        GenericBug::EventStack eventStack =
-        {
-            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
-        };
+        GenericBug::EventStack eventStack = { SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())) };
         report.addSaberBug(GenericBug::FILENEVERCLOSE, eventStack);
     }
     else if (isAllPathReachable() == false && isSomePathReachable() == true)
@@ -50,7 +47,7 @@ void FileChecker::reportBug(ProgSlice* slice)
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
         eventStack.push_back(
-            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));
         report.addSaberBug(GenericBug::FILEPARTIALCLOSE, eventStack);
     }
 }

package/svf/lib/SABER/LeakChecker.cpp

@@ -154,7 +154,7 @@ void LeakChecker::reportBug(ProgSlice* slice)
         // full leakage
         GenericBug::EventStack eventStack =
         {
-            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite())
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource()))
         };
         report.addSaberBug(GenericBug::NEVERFREE, eventStack);
     }
@@ -164,7 +164,7 @@ void LeakChecker::reportBug(ProgSlice* slice)
         GenericBug::EventStack eventStack;
         slice->evalFinalCond2Event(eventStack);
         eventStack.push_back(
-            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())->getCallSite()));
+            SVFBugEvent(SVFBugEvent::SourceInst, getSrcCSID(slice->getSource())));
         report.addSaberBug(GenericBug::PARTIALLEAK, eventStack);
     }
 

package/svf/lib/SABER/ProgSlice.cpp

@@ -198,7 +198,7 @@ void ProgSlice::evalFinalCond2Event(GenericBug::EventStack &eventStack) const
     NodeBS elems = pathAllocator->exactCondElem(finalCond);
     for(NodeBS::iterator it = elems.begin(), eit = elems.end(); it!=eit; ++it)
     {
-        const SVFInstruction* tinst = pathAllocator->getCondInst(*it);
+        const ICFGNode* tinst = pathAllocator->getCondInst(*it);
         if(pathAllocator->isNegCond(*it))
             eventStack.push_back(SVFBugEvent(
                                      SVFBugEvent::Branch|((((u32_t)false) << 4) & BRANCHFLAGMASK), tinst));
@@ -226,7 +226,7 @@ std::string ProgSlice::evalFinalCond() const
 
     for(NodeBS::iterator it = elems.begin(), eit = elems.end(); it!=eit; ++it)
     {
-        const SVFInstruction* tinst = pathAllocator->getCondInst(*it);
+        const ICFGNode* tinst = pathAllocator->getCondInst(*it);
         if(pathAllocator->isNegCond(*it))
             locations.insert(tinst->getSourceLoc()+"|False");
         else

package/svf/lib/SABER/SaberCondAllocator.cpp

@@ -99,7 +99,7 @@ void SaberCondAllocator::allocateForBB(const SVFBasicBlock &bb)
         std::vector<Condition> condVec;
         for (u32_t i = 0; i < bit_num; i++)
         {
-            const SVFInstruction* svfInst = cast<IntraICFGNode>(bb.back())->getInst();
+            const IntraICFGNode* svfInst = cast<IntraICFGNode>(bb.back());
             condVec.push_back(newCond(svfInst));
         }
 
@@ -593,7 +593,7 @@ void SaberCondAllocator::printPathCond()
 }
 
 /// Allocate a new condition
-SaberCondAllocator::Condition SaberCondAllocator::newCond(const SVFInstruction* inst)
+SaberCondAllocator::Condition SaberCondAllocator::newCond(const ICFGNode* inst)
 {
     u32_t condCountIdx = totalCondNum++;
     Condition expr = Condition::getContext().bool_const(("c" + std::to_string(condCountIdx)).c_str());

package/svf/lib/Util/CallGraphBuilder.cpp

@@ -84,7 +84,7 @@ CallGraph* ThreadCallGraphBuilder::buildThreadCallGraph(SVFModule* svfModule)
                 {
                     const CallICFGNode* cs = cast<CallICFGNode>(inst);
                     cg->addForksite(cs);
-                    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(inst));
+                    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs));
                     if (forkee)
                     {
                         cg->addDirectForkEdge(cs);

package/svf/lib/Util/SVFBugReport.cpp

@@ -276,7 +276,7 @@ void PartialNullPtrDereferenceBug::printBugToTerminal() const
 
 const std::string SVFBugEvent::getFuncName() const
 {
-    return eventInst->getFunction()->getName();
+    return eventInst->getFun()->getName();
 }
 
 const std::string SVFBugEvent::getEventLoc() const

package/svf/lib/Util/SVFUtil.cpp

@@ -317,9 +317,10 @@ void SVFUtil::stopAnalysisLimitTimer(bool limitTimerSet)
 /// unless the callee is a variadic function (the first parameter of variadic function is its parameter number)
 /// e.g., void variadicFoo(int num, ...); variadicFoo(5, 1,2,3,4,5)
 /// for variadic function, callsite arg size must be greater than or equal to callee arg size
-bool SVFUtil::matchArgs(const CallSite cs, const SVFFunction* callee)
+bool SVFUtil::matchArgs(const CallICFGNode* call, const SVFFunction* callee)
 {
-    if (callee->isVarArg() || ThreadAPI::getThreadAPI()->isTDFork(cs.getInstruction()))
+    CallSite cs(call->getCallSite());
+    if (callee->isVarArg() || ThreadAPI::getThreadAPI()->isTDFork(call))
         return cs.arg_size() >= callee->arg_size();
     else
         return cs.arg_size() == callee->arg_size();
@@ -330,6 +331,13 @@ bool SVFUtil::isCallSite(const ICFGNode* inst)
     return SVFUtil::isa<CallICFGNode>(inst);
 }
 
+CallSite SVFUtil::getSVFCallSite(const ICFGNode* inst)
+{
+    assert(isCallSite(inst) && "not a callsite?");
+    CallSite cs(cast<CallICFGNode>(inst)->getCallSite());
+    return cs;
+}
+
 bool SVFUtil::isIntrinsicInst(const ICFGNode* inst)
 {
     if (const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(inst))

package/svf/lib/Util/ThreadAPI.cpp

@@ -140,15 +140,6 @@ const SVFFunction* ThreadAPI::getCallee(const ICFGNode *inst) const
         return nullptr;
 }
 
-/*!
- *
- */
-const SVFFunction* ThreadAPI::getCallee(const SVFInstruction *inst) const
-{
-    return SVFUtil::getCallee(inst);
-}
-
-
 const CallSite ThreadAPI::getSVFCallSite(const ICFGNode *inst) const
 {
     assert(SVFUtil::isa<CallICFGNode>(inst) && "not a callsite?");
@@ -160,19 +151,11 @@ const SVFValue* ThreadAPI::getLockVal(const ICFGNode *inst) const
 {
     const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(inst);
     assert(call && "not a call ICFGNode?");
-    assert((isTDAcquire(call->getCallSite()) || isTDRelease(call->getCallSite())) && "not a lock acquire or release function");
-    CallSite cs = getSVFCallSite(call->getCallSite());
+    assert((isTDAcquire(call) || isTDRelease(call)) && "not a lock acquire or release function");
+    CallSite cs = getSVFCallSite(call);
     return cs.getArgument(0);
 }
 
-/*!
- *
- */
-const CallSite ThreadAPI::getSVFCallSite(const SVFInstruction *inst) const
-{
-    return SVFUtil::getSVFCallSite(inst);
-}
-
 const SVFValue* ThreadAPI::getJoinedThread(const ICFGNode *inst) const
 {
     assert(isTDJoin(inst) && "not a thread join function!");

package/svf/lib/WPA/Andersen.cpp

@@ -661,7 +661,7 @@ bool Andersen::updateCallGraph(const CallSiteToFunPtrMap& callsites)
     NodePairSet cpySrcNodes;	/// nodes as a src of a generated new copy edge
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
             connectCaller2CalleeParams(cs,*cit,cpySrcNodes);

package/svf/lib/WPA/AndersenSCD.cpp

@@ -281,7 +281,7 @@ bool AndersenSCD::updateCallGraph(const PointerAnalysis::CallSiteToFunPtrMap& ca
     NodePairSet cpySrcNodes;	/// nodes as a src of a generated new copy edge
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
             connectCaller2CalleeParams(cs,*cit,cpySrcNodes);

package/svf/lib/WPA/Steensgaard.cpp

@@ -135,7 +135,7 @@ bool Steensgaard::updateCallGraph(const CallSiteToFunPtrMap& callsites)
     for (CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end();
             it != eit; ++it)
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for (FunctionSet::iterator cit = it->second.begin(),
                 ecit = it->second.end();
                 cit != ecit; ++cit)

package/svf/lib/WPA/TypeAnalysis.cpp

@@ -77,7 +77,7 @@ void TypeAnalysis::callGraphSolveBasedOnCHA(const CallSiteToFunPtrMap& callsites
     for(CallSiteToFunPtrMap::const_iterator iter = callsites.begin(), eiter = callsites.end(); iter!=eiter; ++iter)
     {
         const CallICFGNode* cbn = iter->first;
-        CallSite cs = SVFUtil::getSVFCallSite(cbn->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(cbn);
         if (cs.isVirtualCall())
         {
             const SVFValue* vtbl = cs.getVtablePtr();

package/svf-llvm/lib/CHGBuilder.cpp

@@ -679,7 +679,7 @@ void CHGBuilder::buildCSToCHAVtblsAndVfnsMap()
                     }
                     if (vtbls.size() > 0)
                     {
-                        CallSite cs = SVFUtil::getSVFCallSite(LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(callInst));
+                        CallSite cs(LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(callInst));
                         chg->csToCHAVtblsMap[cs] = vtbls;
                         VFunSet virtualFunctions;
                         chg->getVFnsFromVtbls(cs, vtbls, virtualFunctions);

package/svf-llvm/lib/SVFIRExtAPI.cpp

@@ -125,6 +125,7 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
 {
     const SVFInstruction* svfInst = LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(cs);
     const SVFCallInst* svfCall = SVFUtil::cast<SVFCallInst>(svfInst);
+    const CallICFGNode *callICFGNode = pag->getICFG()->getCallICFGNode(svfInst);
 
     if (isHeapAllocExtCallViaRet(svfCall))
     {
@@ -253,12 +254,12 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
         }
     }
 
-    if (isThreadForkCall(svfInst))
+    if (isThreadForkCall(callICFGNode))
     {
-        if (const SVFFunction* forkedFun = SVFUtil::dyn_cast<SVFFunction>(getForkedFun(svfInst)))
+        if (const SVFFunction* forkedFun = SVFUtil::dyn_cast<SVFFunction>(getForkedFun(callICFGNode)))
         {
             forkedFun = forkedFun->getDefFunForMultipleModule();
-            const SVFValue* actualParm = getActualParmAtForkSite(svfInst);
+            const SVFValue* actualParm = getActualParmAtForkSite(callICFGNode);
             /// pthread_create has 1 arg.
             /// apr_thread_create has 2 arg.
             assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
@@ -268,9 +269,8 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
                 /// Connect actual parameter to formal parameter of the start routine
                 if (actualParm->getType()->isPointerTy() && formalParm->getType()->isPointerTy())
                 {
-                    CallICFGNode *icfgNode = pag->getICFG()->getCallICFGNode(svfInst);
                     FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
-                    addThreadForkEdge(pag->getValueNode(actualParm), pag->getValueNode(formalParm), icfgNode, entry);
+                    addThreadForkEdge(pag->getValueNode(actualParm), pag->getValueNode(formalParm), callICFGNode, entry);
                 }
             }
         }

package/svf-llvm/lib/SymbolTableBuilder.cpp

@@ -608,7 +608,7 @@ const Type* SymbolTableBuilder::inferTypeOfHeapObjOrStaticObj(const Instruction
     else if(SVFUtil::isHeapAllocExtCallViaArg(svfinst))
     {
         const CallBase* cs = LLVMUtil::getLLVMCallSite(inst);
-        int arg_pos = SVFUtil::getHeapAllocHoldingArgPosition(SVFUtil::getSVFCallSite(svfinst));
+        int arg_pos = SVFUtil::getHeapAllocHoldingArgPosition(getCallee(svfinst));
         const Value* arg = cs->getArgOperand(arg_pos);
         originalPType = SVFUtil::dyn_cast<PointerType>(arg->getType());
         inferedType = inferObjType(startValue = arg);