svf-tools 1.0.982 → 1.0.984

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.982",
+  "version": "1.0.984",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/AE/Svfexe/AbstractInterpretation.h

@@ -358,7 +358,7 @@ protected:
 
 protected:
     // there data should be shared with subclasses
-    Map<std::string, std::function<void(const CallSite &)>> func_map;
+    Map<std::string, std::function<void(const CallICFGNode*)>> func_map;
     Set<const CallICFGNode*> checkpoints;
     Set<std::string> checkpoint_names;
     Map<const ICFGNode*, AbstractState>

package/svf/include/Util/SVFUtil.h

@@ -169,14 +169,8 @@ void dumpPointsToList(const PointsToList& ptl);
 /// Return true if it is an llvm intrinsic instruction
 bool isIntrinsicInst(const SVFInstruction* inst);
 bool isIntrinsicInst(const ICFGNode* inst);
-
 //@}
 
-/// Whether an instruction is a call or invoke instruction
-inline bool isCallSite(const SVFInstruction* inst)
-{
-    return SVFUtil::isa<SVFCallInst>(inst);
-}
 /// Whether an instruction is a call or invoke instruction
 inline bool isCallSite(const SVFValue* val)
 {
@@ -207,31 +201,15 @@ inline bool isNonInstricCallSite(const ICFGNode* inst)
 }
 
 
-
 /// Return callsite given an instruction
 CallSite getSVFCallSite(const ICFGNode* inst);
 
-/// Return callsite given an instruction
-inline CallSite getSVFCallSite(const SVFInstruction* inst)
-{
-    assert(isCallSite(inst) && "not a callsite?");
-    CallSite cs(inst);
-    return cs;
-}
 
 /// Match arguments for callsite at caller and callee
 /// if the arg size does not match then we do not need to connect this parameter
 /// unless the callee is a variadic function (the first parameter of variadic function is its parameter number)
-bool matchArgs(const CallSite cs, const SVFFunction* callee);
+bool matchArgs(const CallICFGNode* cs, const SVFFunction* callee);
 
-/// Return LLVM callsite given a value
-inline CallSite getSVFCallSite(const SVFValue* value)
-{
-    assert(isCallSite(value) && "not a callsite?");
-    const SVFCallInst* svfInst = SVFUtil::cast<SVFCallInst>(value);
-    CallSite cs(svfInst);
-    return cs;
-}
 
 /// Split into two substrings around the first occurrence of a separator string.
 inline std::vector<std::string> split(const std::string& s, char separator)
@@ -423,7 +401,7 @@ inline bool isArgOfUncalledFunction(const SVFValue* svfval)
 
 /// Return thread fork function
 //@{
-inline const SVFValue* getForkedFun(const SVFInstruction *inst)
+inline const SVFValue* getForkedFun(const ICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->getForkedFun(inst);
 }
@@ -488,7 +466,7 @@ inline bool isReallocExtCall(const CallSite cs)
 
 /// Return true if this is a thread creation call
 ///@{
-inline bool isThreadForkCall(const SVFInstruction *inst)
+inline bool isThreadForkCall(const ICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->isTDFork(inst);
 }
@@ -496,49 +474,49 @@ inline bool isThreadForkCall(const SVFInstruction *inst)
 
 /// Return true if this is a thread join call
 ///@{
-inline bool isThreadJoinCall(const CallSite cs)
+inline bool isThreadJoinCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDJoin(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDJoin(cs);
 }
 //@}
 
 /// Return true if this is a thread exit call
 ///@{
-inline bool isThreadExitCall(const CallSite cs)
+inline bool isThreadExitCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDExit(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDExit(cs);
 }
 //@}
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockAquireCall(const CallSite cs)
+inline bool isLockAquireCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDAcquire(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDAcquire(cs);
 }
 //@}
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockReleaseCall(const CallSite cs)
+inline bool isLockReleaseCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDRelease(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDRelease(cs);
 }
 //@}
 
 /// Return true if this is a barrier wait call
 //@{
-inline bool isBarrierWaitCall(const CallSite cs)
+inline bool isBarrierWaitCall(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->isTDBarWait(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->isTDBarWait(cs);
 }
 //@}
 
 /// Return sole argument of the thread routine
 //@{
-inline const SVFValue* getActualParmAtForkSite(const CallSite cs)
+inline const SVFValue* getActualParmAtForkSite(const ICFGNode* cs)
 {
-    return ThreadAPI::getThreadAPI()->getActualParmAtForkSite(cs.getInstruction());
+    return ThreadAPI::getThreadAPI()->getActualParmAtForkSite(cs);
 }
 //@}
 

package/svf/include/Util/ThreadAPI.h

@@ -37,6 +37,7 @@ namespace SVF
 
 class SVFModule;
 class ICFGNode;
+class CallICFGNode;
 
 /*
  * ThreadAPI class contains interfaces for pthread programs
@@ -121,8 +122,6 @@ public:
     /// Return the callee/callsite/func
     //@{
     const SVFFunction* getCallee(const ICFGNode *inst) const;
-    const SVFFunction* getCallee(const SVFInstruction *inst) const;
-    const CallSite getSVFCallSite(const SVFInstruction *inst) const;
     const CallSite getSVFCallSite(const ICFGNode *inst) const;
     //@}
 
@@ -132,10 +131,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_FORK;
     }
-    inline bool isTDFork(const SVFInstruction* cs) const
-    {
-        return getType(getCallee(cs)) == TD_FORK;
-    }
     //@}
 
     /// Return arguments/attributes of pthread_create / hare_parallel_for
@@ -148,13 +143,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(0);
     }
-    inline const SVFValue* getForkedThread(const SVFInstruction* inst) const
-    {
-        assert(isTDFork(inst) && "not a thread fork function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(0);
-    }
-
     /// Return the third argument of the call,
     /// Note that, it could be function type or a void* pointer
     inline const SVFValue* getForkedFun(const ICFGNode *inst) const
@@ -163,12 +151,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(2);
     }
-    inline const SVFValue* getForkedFun(const SVFInstruction* inst) const
-    {
-        assert(isTDFork(inst) && "not a thread fork function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(2);
-    }
 
     /// Return the forth argument of the call,
     /// Note that, it is the sole argument of start routine ( a void* pointer )
@@ -178,12 +160,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(3);
     }
-    inline const SVFValue* getActualParmAtForkSite(const SVFInstruction* inst) const
-    {
-        assert(isTDFork(inst) && "not a thread fork function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(3);
-    }
     //@}
 
     /// Return true if this call wait for a worker thread
@@ -192,10 +168,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_JOIN;
     }
-    inline bool isTDJoin(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_JOIN;
-    }
     //@}
 
     /// Return arguments/attributes of pthread_join
@@ -211,12 +183,6 @@ public:
         CallSite cs = getSVFCallSite(inst);
         return cs.getArgument(1);
     }
-    inline const SVFValue* getRetParmAtJoinedSite(const SVFInstruction* inst) const
-    {
-        assert(isTDJoin(inst) && "not a thread join function!");
-        CallSite cs = getSVFCallSite(inst);
-        return cs.getArgument(1);
-    }
     //@}
 
 
@@ -226,11 +192,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_EXIT;
     }
-
-    inline bool isTDExit(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_EXIT;
-    }
     //@}
 
     /// Return true if this call acquire a lock
@@ -239,11 +200,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_ACQUIRE;
     }
-
-    inline bool isTDAcquire(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_ACQUIRE;
-    }
     //@}
 
     /// Return true if this call release a lock
@@ -252,11 +208,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_RELEASE;
     }
-
-    inline bool isTDRelease(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_RELEASE;
-    }
     //@}
 
     /// Return lock value
@@ -271,11 +222,6 @@ public:
     {
         return getType(getCallee(inst)) == TD_BAR_WAIT;
     }
-
-    inline bool isTDBarWait(const SVFInstruction* inst) const
-    {
-        return getType(getCallee(inst)) == TD_BAR_WAIT;
-    }
     //@}
 
     void performAPIStat(SVFModule* m);

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -148,7 +148,7 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
     SVFIR* svfir = PAG::getPAG();
     const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
     assert(fun && "SVFFunction* is nullptr");
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
 
     AbstractInterpretation::ExtAPIType extType = AbstractInterpretation::UNCLASSIFIED;
 
@@ -322,7 +322,7 @@ void BufOverflowDetector::updateGepObjOffsetFromBase(SVF::AddressValue gepAddrs,
  */
 bool BufOverflowDetector::detectStrcpy(AbstractState& as, const CallICFGNode *call)
 {
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
     const SVFValue* arg0Val = cs.getArgument(0);
     const SVFValue* arg1Val = cs.getArgument(1);
     IntervalValue strLen = AbstractInterpretation::getAEInstance().getStrlen(as, arg1Val);
@@ -349,7 +349,7 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
 
     if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         IntervalValue strLen0 = AbstractInterpretation::getAEInstance().getStrlen(as, arg0Val);
@@ -359,7 +359,7 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
     }
     else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg2Val = cs.getArgument(2);
         IntervalValue arg2Num = as[svfir->getValueNode(arg2Val)].getInterval();

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -963,10 +963,9 @@ void AEStat::performStat()
 void AbstractInterpretation::initExtFunMap()
 {
 #define SSE_FUNC_PROCESS(LLVM_NAME ,FUNC_NAME) \
-        auto sse_##FUNC_NAME = [this](const CallSite &cs) { \
+        auto sse_##FUNC_NAME = [this](const CallICFGNode *callNode) { \
         /* run real ext function */            \
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(        \
-            svfir->getICFG()->getICFGNode(cs.getInstruction())); \
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode); \
         AbstractState& as = getAbsStateFromTrace(callNode); \
         u32_t rhs_id = svfir->getValueNode(cs.getArgument(0)); \
         if (!as.inVarToValTable(rhs_id)) return; \
@@ -997,12 +996,10 @@ void AbstractInterpretation::initExtFunMap()
     SSE_FUNC_PROCESS(cosh, cosh);
     SSE_FUNC_PROCESS(tanh, tanh);
 
-    auto sse_svf_assert = [this](const CallSite &cs)
+    auto sse_svf_assert = [this](const CallICFGNode* callNode)
     {
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         checkpoints.erase(callNode);
-        u32_t arg0 = svfir->getValueNode(cs.getArgument(0));
+        u32_t arg0 = svfir->getValueNode(SVFUtil::getSVFCallSite(callNode).getArgument(0));
         AbstractState&as = getAbsStateFromTrace(callNode);
         as[arg0].getInterval().meet_with(IntervalValue(1, 1));
         if (as[arg0].getInterval().equals(IntervalValue(1, 1)))
@@ -1011,18 +1008,17 @@ void AbstractInterpretation::initExtFunMap()
         }
         else
         {
-            SVFUtil::errs() <<"svf_assert Fail. " << cs.getInstruction()->toString() << "\n";
+            SVFUtil::errs() <<"svf_assert Fail. " << callNode->toString() << "\n";
             assert(false);
         }
         return;
     };
     func_map["svf_assert"] = sse_svf_assert;
 
-    auto svf_print = [&](const CallSite &cs)
+    auto svf_print = [&](const CallICFGNode* callNode)
     {
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 2) return;
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState&as = getAbsStateFromTrace(callNode);
         u32_t num_id = svfir->getValueNode(cs.getArgument(0));
         std::string text = strRead(as, cs.getArgument(1));
@@ -1034,11 +1030,10 @@ void AbstractInterpretation::initExtFunMap()
     func_map["svf_print"] = svf_print;
 
 
-    auto sse_scanf = [&](const CallSite &cs)
+    auto sse_scanf = [&](const CallICFGNode* callNode)
     {
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState& as = getAbsStateFromTrace(callNode);
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         //scanf("%d", &data);
         if (cs.arg_size() < 2) return;
 
@@ -1058,12 +1053,11 @@ void AbstractInterpretation::initExtFunMap()
             }
         }
     };
-    auto sse_fscanf = [&](const CallSite &cs)
+    auto sse_fscanf = [&](const CallICFGNode* callNode)
     {
         //fscanf(stdin, "%d", &data);
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 3) return;
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState& as = getAbsStateFromTrace(callNode);
         u32_t dst_id = svfir->getValueNode(cs.getArgument(2));
         if (!as.inVarToAddrsTable(dst_id))
@@ -1090,11 +1084,10 @@ void AbstractInterpretation::initExtFunMap()
     func_map["__isoc99_sscanf"] = sse_scanf;
     func_map["vscanf"] = sse_scanf;
 
-    auto sse_fread = [&](const CallSite &cs)
+    auto sse_fread = [&](const CallICFGNode *callNode)
     {
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 3) return;
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState&as = getAbsStateFromTrace(callNode);
         u32_t block_count_id = svfir->getValueNode(cs.getArgument(2));
         u32_t block_size_id = svfir->getValueNode(cs.getArgument(1));
@@ -1104,16 +1097,15 @@ void AbstractInterpretation::initExtFunMap()
     };
     func_map["fread"] = sse_fread;
 
-    auto sse_sprintf = [&](const CallSite &cs)
+    auto sse_sprintf = [&](const CallICFGNode *callNode)
     {
         // printf is difficult to predict since it has no byte size arguments
     };
 
-    auto sse_snprintf = [&](const CallSite &cs)
+    auto sse_snprintf = [&](const CallICFGNode *callNode)
     {
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 2) return;
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState&as = getAbsStateFromTrace(callNode);
         u32_t size_id = svfir->getValueNode(cs.getArgument(1));
         u32_t dst_id = svfir->getValueNode(cs.getArgument(0));
@@ -1149,13 +1141,12 @@ void AbstractInterpretation::initExtFunMap()
     func_map["_snwprintf"] = sse_snprintf;
 
 
-    auto sse_itoa = [&](const CallSite &cs)
+    auto sse_itoa = [&](const CallICFGNode* callNode)
     {
         // itoa(num, ch, 10);
         // num: int, ch: char*, 10 is decimal
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 3) return;
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState&as = getAbsStateFromTrace(callNode);
         u32_t num_id = svfir->getValueNode(cs.getArgument(0));
 
@@ -1165,13 +1156,12 @@ void AbstractInterpretation::initExtFunMap()
     func_map["itoa"] = sse_itoa;
 
 
-    auto sse_strlen = [&](const CallSite &cs)
+    auto sse_strlen = [&](const CallICFGNode *callNode)
     {
         // check the arg size
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 1) return;
         const SVFValue* strValue = cs.getArgument(0);
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState& as = getAbsStateFromTrace(callNode);
         NodeID value_id = svfir->getValueNode(strValue);
         u32_t lhsId = svfir->getValueNode(cs.getInstruction());
@@ -1227,12 +1217,11 @@ void AbstractInterpretation::initExtFunMap()
     func_map["strlen"] = sse_strlen;
     func_map["wcslen"] = sse_strlen;
 
-    auto sse_recv = [&](const CallSite &cs)
+    auto sse_recv = [&](const CallICFGNode *callNode)
     {
         // recv(sockfd, buf, len, flags);
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         if (cs.arg_size() < 4) return;
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
         AbstractState&as = getAbsStateFromTrace(callNode);
         u32_t len_id = svfir->getValueNode(cs.getArgument(2));
         IntervalValue len = as[len_id].getInterval() - IntervalValue(1);
@@ -1241,10 +1230,9 @@ void AbstractInterpretation::initExtFunMap()
     };
     func_map["recv"] = sse_recv;
     func_map["__recv"] = sse_recv;
-    auto safe_bufaccess = [&](const CallSite &cs)
+    auto safe_bufaccess = [&](const CallICFGNode *callNode)
     {
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         checkpoints.erase(callNode);
         //void SAFE_BUFACCESS(void* data, int size);
         if (cs.arg_size() < 2) return;
@@ -1280,10 +1268,9 @@ void AbstractInterpretation::initExtFunMap()
     };
     func_map["SAFE_BUFACCESS"] = safe_bufaccess;
 
-    auto unsafe_bufaccess = [&](const CallSite &cs)
+    auto unsafe_bufaccess = [&](const CallICFGNode *callNode)
     {
-        const CallICFGNode* callNode = SVFUtil::dyn_cast<CallICFGNode>(
-                                           svfir->getICFG()->getICFGNode(cs.getInstruction()));
+        const CallSite& cs = SVFUtil::getSVFCallSite(callNode);
         checkpoints.erase(callNode);
         //void UNSAFE_BUFACCESS(void* data, int size);
         if (cs.arg_size() < 2) return;
@@ -1359,7 +1346,7 @@ void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
     AbstractState& as = getAbsStateFromTrace(call);
     const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
     assert(fun && "SVFFunction* is nullptr");
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
     ExtAPIType extType = UNCLASSIFIED;
     // get type of mem api
     for (const std::string &annotation: fun->getAnnotations())
@@ -1377,11 +1364,11 @@ void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
     {
         if (func_map.find(fun->getName()) != func_map.end())
         {
-            func_map[fun->getName()](cs);
+            func_map[fun->getName()](call);
         }
         else
         {
-            u32_t lhsId = svfir->getValueNode(SVFUtil::getSVFCallSite(call->getCallSite()).getInstruction());
+            u32_t lhsId = svfir->getValueNode(SVFUtil::getSVFCallSite(call).getInstruction());
             if (as.inVarToAddrsTable(lhsId))
             {
 
@@ -1463,7 +1450,7 @@ void AbstractInterpretation::handleStrcpy(const CallICFGNode *call)
     // strcpy, __strcpy_chk, stpcpy , wcscpy, __wcscpy_chk
     // get the dst and src
     AbstractState& as = getAbsStateFromTrace(call);
-    CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+    CallSite cs = SVFUtil::getSVFCallSite(call);
     const SVFValue* arg0Val = cs.getArgument(0);
     const SVFValue* arg1Val = cs.getArgument(1);
     IntervalValue strLen = getStrlen(as, arg1Val);
@@ -1553,12 +1540,12 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
     // __strcat_chk, strcat, __wcscat_chk, wcscat, __strncat_chk, strncat, __wcsncat_chk, wcsncat
     // to check it is  strcat group or strncat group
     AbstractState& as = getAbsStateFromTrace(call);
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
+    const SVFFunction *fun = SVFUtil::getCallee(call);
     const std::vector<std::string> strcatGroup = {"__strcat_chk", "strcat", "__wcscat_chk", "wcscat"};
     const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
     if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         IntervalValue strLen0 = getStrlen(as, arg0Val);
@@ -1569,7 +1556,7 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
     }
     else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
     {
-        CallSite cs = SVFUtil::getSVFCallSite(call->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(call);
         const SVFValue* arg0Val = cs.getArgument(0);
         const SVFValue* arg1Val = cs.getArgument(1);
         const SVFValue* arg2Val = cs.getArgument(2);

package/svf/lib/CFL/CFLAlias.cpp

@@ -42,9 +42,9 @@ void CFLAlias::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites, Call
     {
         const CallICFGNode* cs = iter->first;
 
-        if (SVFUtil::getSVFCallSite(cs->getCallSite()).isVirtualCall())
+        if (SVFUtil::getSVFCallSite(cs).isVirtualCall())
         {
-            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs->getCallSite()).getVtablePtr();
+            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs).getVtablePtr();
             assert(pag->hasValueNode(vtbl));
             NodeID vtblId = pag->getValueNode(vtbl);
             resolveCPPIndCalls(cs, getCFLPts(vtblId), newEdges);
@@ -175,7 +175,7 @@ bool CFLAlias::updateCallGraph(const CallSiteToFunPtrMap& callsites)
     onTheFlyCallGraphSolve(callsites,newEdges);
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
             connectCaller2CalleeParams(cs,*cit);

package/svf/lib/DDA/DDAClient.cpp

@@ -81,9 +81,9 @@ OrderedNodeSet& FunptrDDAClient::collectCandidateQueries(SVFIR* p)
     for(SVFIR::CallSiteToFunPtrMap::const_iterator it = pag->getIndirectCallsites().begin(),
             eit = pag->getIndirectCallsites().end(); it!=eit; ++it)
     {
-        if (SVFUtil::getSVFCallSite(it->first->getCallSite()).isVirtualCall())
+        if (SVFUtil::getSVFCallSite(it->first).isVirtualCall())
         {
-            const SVFValue* vtblPtr = SVFUtil::getSVFCallSite(it->first->getCallSite()).getVtablePtr();
+            const SVFValue* vtblPtr = SVFUtil::getSVFCallSite(it->first).getVtablePtr();
             assert(pag->hasValueNode(vtblPtr) && "not a vtable pointer?");
             NodeID vtblId = pag->getValueNode(vtblPtr);
             addCandidate(vtblId);

package/svf/lib/Graphs/CallGraph.cpp

@@ -51,7 +51,7 @@ void CallGraphEdge::addDirectCallSite(const CallICFGNode* call)
 
 void CallGraphEdge::addInDirectCallSite(const CallICFGNode* call)
 {
-    assert((nullptr == SVFUtil::getCallee(call->getCallSite()) || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call->getCallSite()))) && "not an indirect callsite??");
+    assert((nullptr == SVFUtil::getCallee(call->getCallSite()) || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call))) && "not an indirect callsite??");
     indirectCalls.insert(call);
 }
 //@}

package/svf/lib/Graphs/ThreadCallGraph.cpp

@@ -70,7 +70,7 @@ void ThreadCallGraph::updateCallGraph(PointerAnalysis* pta)
     // Fork sites
     for (CallSiteSet::const_iterator it = forksitesBegin(), eit = forksitesEnd(); it != eit; ++it)
     {
-        const SVFValue* forkedval = tdAPI->getForkedFun((*it)->getCallSite());
+        const SVFValue* forkedval = tdAPI->getForkedFun(*it);
         if(SVFUtil::dyn_cast<SVFFunction>(forkedval)==nullptr)
         {
             SVFIR* pag = pta->getPAG();
@@ -105,7 +105,7 @@ void ThreadCallGraph::updateJoinEdge(PointerAnalysis* pta)
         CallSiteSet forkset;
         for (CallSiteSet::const_iterator it = forksitesBegin(), eit = forksitesEnd(); it != eit; ++it)
         {
-            const SVFValue* forkthread = tdAPI->getForkedThread((*it)->getCallSite());
+            const SVFValue* forkthread = tdAPI->getForkedThread(*it);
             if (pta->alias(jointhread, forkthread))
             {
                 forkset.insert(*it);
@@ -123,7 +123,7 @@ void ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
 {
 
     CallGraphNode* caller = getCallGraphNode(cs->getCaller());
-    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs->getCallSite()));
+    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs));
     assert(forkee && "callee does not exist");
     CallGraphNode* callee = getCallGraphNode(forkee->getDefFunForMultipleModule());
     CallSiteID csId = addCallSite(cs, callee->getFunction());
@@ -176,7 +176,7 @@ void ThreadCallGraph::addDirectJoinEdge(const CallICFGNode* cs,const CallSiteSet
     for (CallSiteSet::const_iterator it = forkset.begin(), eit = forkset.end(); it != eit; ++it)
     {
 
-        const SVFFunction* threadRoutineFun = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun((*it)->getCallSite()));
+        const SVFFunction* threadRoutineFun = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(*it));
         assert(threadRoutineFun && "thread routine function does not exist");
         CallGraphNode* threadRoutineFunNode = getCallGraphNode(threadRoutineFun);
         CallSiteID csId = addCallSite(cs, threadRoutineFun);

package/svf/lib/Graphs/VFG.cpp

@@ -979,7 +979,7 @@ void VFG::connectCallerAndCallee(const CallICFGNode* callBlockNode, const SVFFun
     RetICFGNode* retBlockNode = icfg->getRetICFGNode(callBlockNode->getCallSite());
     // connect actual and formal param
     if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(callee) &&
-            matchArgs(callBlockNode->getCallSite(), callee))
+            matchArgs(callBlockNode, callee))
     {
         const SVFIR::SVFVarList& csArgList = pag->getCallSiteArgsList(callBlockNode);
         const SVFIR::SVFVarList& funArgList = pag->getFunArgsList(callee);

package/svf/lib/MTA/MTAStat.cpp

@@ -49,7 +49,7 @@ void MTAStat::performThreadCallGraphStat(ThreadCallGraph* tcg)
     for (ThreadCallGraph::CallSiteSet::const_iterator it = tcg->forksitesBegin(), eit = tcg->forksitesEnd(); it != eit; ++it)
     {
         bool indirectfork = false;
-        const SVFFunction* spawnee = SVFUtil::dyn_cast<SVFFunction>(tcg->getThreadAPI()->getForkedFun((*it)->getCallSite()));
+        const SVFFunction* spawnee = SVFUtil::dyn_cast<SVFFunction>(tcg->getThreadAPI()->getForkedFun(*it));
         if(spawnee==nullptr)
         {
             numOfIndForksite++;

package/svf/lib/MemoryModel/PointerAnalysis.cpp

@@ -404,7 +404,7 @@ void PointerAnalysis::resolveIndCalls(const CallICFGNode* cs, const PointsTo& ta
                 const SVFFunction* calleefun = SVFUtil::cast<SVFFunction>(obj->getValue());
                 const SVFFunction* callee = calleefun->getDefFunForMultipleModule();
 
-                if(SVFUtil::matchArgs(cs->getCallSite(), callee) == false)
+                if(SVFUtil::matchArgs(cs, callee) == false)
                     continue;
 
                 if(0 == getIndCallMap()[cs].count(callee))
@@ -428,8 +428,8 @@ void PointerAnalysis::resolveIndCalls(const CallICFGNode* cs, const PointsTo& ta
  */
 void PointerAnalysis::getVFnsFromCHA(const CallICFGNode* cs, VFunSet &vfns)
 {
-    if (chgraph->csHasVFnsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite())))
-        vfns = chgraph->getCSVFsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite()));
+    if (chgraph->csHasVFnsBasedonCHA(SVFUtil::getSVFCallSite(cs)))
+        vfns = chgraph->getCSVFsBasedonCHA(SVFUtil::getSVFCallSite(cs));
 }
 
 /*
@@ -438,10 +438,10 @@ void PointerAnalysis::getVFnsFromCHA(const CallICFGNode* cs, VFunSet &vfns)
 void PointerAnalysis::getVFnsFromPts(const CallICFGNode* cs, const PointsTo &target, VFunSet &vfns)
 {
 
-    if (chgraph->csHasVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite())))
+    if (chgraph->csHasVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs)))
     {
         Set<const SVFGlobalValue*> vtbls;
-        const VTableSet &chaVtbls = chgraph->getCSVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs->getCallSite()));
+        const VTableSet &chaVtbls = chgraph->getCSVtblsBasedonCHA(SVFUtil::getSVFCallSite(cs));
         for (PointsTo::iterator it = target.begin(), eit = target.end(); it != eit; ++it)
         {
             const PAGNode *ptdnode = pag->getGNode(*it);
@@ -454,7 +454,7 @@ void PointerAnalysis::getVFnsFromPts(const CallICFGNode* cs, const PointsTo &tar
                 }
             }
         }
-        chgraph->getVFnsFromVtbls(SVFUtil::getSVFCallSite(cs->getCallSite()), vtbls, vfns);
+        chgraph->getVFnsFromVtbls(SVFUtil::getSVFCallSite(cs), vtbls, vfns);
     }
 }
 
@@ -471,8 +471,8 @@ void PointerAnalysis::connectVCallToVFns(const CallICFGNode* cs, const VFunSet &
         callee = callee->getDefFunForMultipleModule();
         if (getIndCallMap()[cs].count(callee) > 0)
             continue;
-        if(SVFUtil::getSVFCallSite(cs->getCallSite()).arg_size() == callee->arg_size() ||
-                (SVFUtil::getSVFCallSite(cs->getCallSite()).isVarArg() && callee->isVarArg()))
+        if(SVFUtil::getSVFCallSite(cs).arg_size() == callee->arg_size() ||
+                (SVFUtil::getSVFCallSite(cs).isVarArg() && callee->isVarArg()))
         {
             newEdges[cs].insert(callee);
             getIndCallMap()[cs].insert(callee);
@@ -485,7 +485,7 @@ void PointerAnalysis::connectVCallToVFns(const CallICFGNode* cs, const VFunSet &
 /// Resolve cpp indirect call edges
 void PointerAnalysis::resolveCPPIndCalls(const CallICFGNode* cs, const PointsTo& target, CallEdgeMap& newEdges)
 {
-    assert(SVFUtil::getSVFCallSite(cs->getCallSite()).isVirtualCall() && "not cpp virtual call");
+    assert(SVFUtil::getSVFCallSite(cs).isVirtualCall() && "not cpp virtual call");
 
     VFunSet vfns;
     if (Options::ConnectVCallOnCHA())

package/svf/lib/MemoryModel/PointerAnalysisImpl.cpp

@@ -495,9 +495,9 @@ void BVDataPTAImpl::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites,
     {
         const CallICFGNode* cs = iter->first;
 
-        if (SVFUtil::getSVFCallSite(cs->getCallSite()).isVirtualCall())
+        if (SVFUtil::getSVFCallSite(cs).isVirtualCall())
         {
-            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs->getCallSite()).getVtablePtr();
+            const SVFValue* vtbl = SVFUtil::getSVFCallSite(cs).getVtablePtr();
             assert(pag->hasValueNode(vtbl));
             NodeID vtblId = pag->getValueNode(vtbl);
             resolveCPPIndCalls(cs, getPts(vtblId), newEdges);

package/svf/lib/Util/CallGraphBuilder.cpp

@@ -84,7 +84,7 @@ CallGraph* ThreadCallGraphBuilder::buildThreadCallGraph(SVFModule* svfModule)
                 {
                     const CallICFGNode* cs = cast<CallICFGNode>(inst);
                     cg->addForksite(cs);
-                    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(inst));
+                    const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs));
                     if (forkee)
                     {
                         cg->addDirectForkEdge(cs);

package/svf/lib/Util/SVFUtil.cpp

@@ -317,9 +317,10 @@ void SVFUtil::stopAnalysisLimitTimer(bool limitTimerSet)
 /// unless the callee is a variadic function (the first parameter of variadic function is its parameter number)
 /// e.g., void variadicFoo(int num, ...); variadicFoo(5, 1,2,3,4,5)
 /// for variadic function, callsite arg size must be greater than or equal to callee arg size
-bool SVFUtil::matchArgs(const CallSite cs, const SVFFunction* callee)
+bool SVFUtil::matchArgs(const CallICFGNode* call, const SVFFunction* callee)
 {
-    if (callee->isVarArg() || ThreadAPI::getThreadAPI()->isTDFork(cs.getInstruction()))
+    CallSite cs(call->getCallSite());
+    if (callee->isVarArg() || ThreadAPI::getThreadAPI()->isTDFork(call))
         return cs.arg_size() >= callee->arg_size();
     else
         return cs.arg_size() == callee->arg_size();

package/svf/lib/Util/ThreadAPI.cpp

@@ -140,15 +140,6 @@ const SVFFunction* ThreadAPI::getCallee(const ICFGNode *inst) const
         return nullptr;
 }
 
-/*!
- *
- */
-const SVFFunction* ThreadAPI::getCallee(const SVFInstruction *inst) const
-{
-    return SVFUtil::getCallee(inst);
-}
-
-
 const CallSite ThreadAPI::getSVFCallSite(const ICFGNode *inst) const
 {
     assert(SVFUtil::isa<CallICFGNode>(inst) && "not a callsite?");
@@ -160,19 +151,11 @@ const SVFValue* ThreadAPI::getLockVal(const ICFGNode *inst) const
 {
     const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(inst);
     assert(call && "not a call ICFGNode?");
-    assert((isTDAcquire(call->getCallSite()) || isTDRelease(call->getCallSite())) && "not a lock acquire or release function");
-    CallSite cs = getSVFCallSite(call->getCallSite());
+    assert((isTDAcquire(call) || isTDRelease(call)) && "not a lock acquire or release function");
+    CallSite cs = getSVFCallSite(call);
     return cs.getArgument(0);
 }
 
-/*!
- *
- */
-const CallSite ThreadAPI::getSVFCallSite(const SVFInstruction *inst) const
-{
-    return SVFUtil::getSVFCallSite(inst);
-}
-
 const SVFValue* ThreadAPI::getJoinedThread(const ICFGNode *inst) const
 {
     assert(isTDJoin(inst) && "not a thread join function!");

package/svf/lib/WPA/Andersen.cpp

@@ -661,7 +661,7 @@ bool Andersen::updateCallGraph(const CallSiteToFunPtrMap& callsites)
     NodePairSet cpySrcNodes;	/// nodes as a src of a generated new copy edge
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
             connectCaller2CalleeParams(cs,*cit,cpySrcNodes);

package/svf/lib/WPA/AndersenSCD.cpp

@@ -281,7 +281,7 @@ bool AndersenSCD::updateCallGraph(const PointerAnalysis::CallSiteToFunPtrMap& ca
     NodePairSet cpySrcNodes;	/// nodes as a src of a generated new copy edge
     for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
         {
             connectCaller2CalleeParams(cs,*cit,cpySrcNodes);

package/svf/lib/WPA/Steensgaard.cpp

@@ -135,7 +135,7 @@ bool Steensgaard::updateCallGraph(const CallSiteToFunPtrMap& callsites)
     for (CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end();
             it != eit; ++it)
     {
-        CallSite cs = SVFUtil::getSVFCallSite(it->first->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(it->first);
         for (FunctionSet::iterator cit = it->second.begin(),
                 ecit = it->second.end();
                 cit != ecit; ++cit)

package/svf/lib/WPA/TypeAnalysis.cpp

@@ -77,7 +77,7 @@ void TypeAnalysis::callGraphSolveBasedOnCHA(const CallSiteToFunPtrMap& callsites
     for(CallSiteToFunPtrMap::const_iterator iter = callsites.begin(), eiter = callsites.end(); iter!=eiter; ++iter)
     {
         const CallICFGNode* cbn = iter->first;
-        CallSite cs = SVFUtil::getSVFCallSite(cbn->getCallSite());
+        CallSite cs = SVFUtil::getSVFCallSite(cbn);
         if (cs.isVirtualCall())
         {
             const SVFValue* vtbl = cs.getVtablePtr();

package/svf-llvm/lib/CHGBuilder.cpp

@@ -679,7 +679,7 @@ void CHGBuilder::buildCSToCHAVtblsAndVfnsMap()
                     }
                     if (vtbls.size() > 0)
                     {
-                        CallSite cs = SVFUtil::getSVFCallSite(LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(callInst));
+                        CallSite cs(LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(callInst));
                         chg->csToCHAVtblsMap[cs] = vtbls;
                         VFunSet virtualFunctions;
                         chg->getVFnsFromVtbls(cs, vtbls, virtualFunctions);

package/svf-llvm/lib/SVFIRExtAPI.cpp

@@ -125,6 +125,7 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
 {
     const SVFInstruction* svfInst = LLVMModuleSet::getLLVMModuleSet()->getSVFInstruction(cs);
     const SVFCallInst* svfCall = SVFUtil::cast<SVFCallInst>(svfInst);
+    const CallICFGNode *callICFGNode = pag->getICFG()->getCallICFGNode(svfInst);
 
     if (isHeapAllocExtCallViaRet(svfCall))
     {
@@ -253,12 +254,12 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
         }
     }
 
-    if (isThreadForkCall(svfInst))
+    if (isThreadForkCall(callICFGNode))
     {
-        if (const SVFFunction* forkedFun = SVFUtil::dyn_cast<SVFFunction>(getForkedFun(svfInst)))
+        if (const SVFFunction* forkedFun = SVFUtil::dyn_cast<SVFFunction>(getForkedFun(callICFGNode)))
         {
             forkedFun = forkedFun->getDefFunForMultipleModule();
-            const SVFValue* actualParm = getActualParmAtForkSite(svfInst);
+            const SVFValue* actualParm = getActualParmAtForkSite(callICFGNode);
             /// pthread_create has 1 arg.
             /// apr_thread_create has 2 arg.
             assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
@@ -268,9 +269,8 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
                 /// Connect actual parameter to formal parameter of the start routine
                 if (actualParm->getType()->isPointerTy() && formalParm->getType()->isPointerTy())
                 {
-                    CallICFGNode *icfgNode = pag->getICFG()->getCallICFGNode(svfInst);
                     FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
-                    addThreadForkEdge(pag->getValueNode(actualParm), pag->getValueNode(formalParm), icfgNode, entry);
+                    addThreadForkEdge(pag->getValueNode(actualParm), pag->getValueNode(formalParm), callICFGNode, entry);
                 }
             }
         }

package/svf-llvm/lib/SymbolTableBuilder.cpp

@@ -608,7 +608,7 @@ const Type* SymbolTableBuilder::inferTypeOfHeapObjOrStaticObj(const Instruction
     else if(SVFUtil::isHeapAllocExtCallViaArg(svfinst))
     {
         const CallBase* cs = LLVMUtil::getLLVMCallSite(inst);
-        int arg_pos = SVFUtil::getHeapAllocHoldingArgPosition(SVFUtil::getSVFCallSite(svfinst));
+        int arg_pos = SVFUtil::getHeapAllocHoldingArgPosition(getCallee(svfinst));
         const Value* arg = cs->getArgOperand(arg_pos);
         originalPType = SVFUtil::dyn_cast<PointerType>(arg->getType());
         inferedType = inferObjType(startValue = arg);