svf-tools 1.0.985 → 1.0.986

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.985",
+  "version": "1.0.986",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/Graphs/ICFGNode.h

@@ -462,7 +462,7 @@ public:
     /// Return true if this is an indirect call
     inline bool isIndirectCall() const
     {
-        return nullptr == SVFUtil::getCallee(cs);
+        return nullptr == SVFUtil::cast<SVFCallInst>(cs)->getCalledFunction();
     }
 
     /// Return the set of actual parameters

package/svf/include/MTA/LockAnalysis.h

@@ -437,17 +437,23 @@ private:
     /// Whether it is a lock site
     inline bool isTDFork(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDFork(call);
+        if(SVFUtil::isa<CallICFGNode>(call) == false)
+            return false;
+        return getTCG()->getThreadAPI()->isTDFork(SVFUtil::cast<CallICFGNode>(call));
     }
     /// Whether it is a lock site
     inline bool isTDAcquire(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDAcquire(call);
+        if(SVFUtil::isa<CallICFGNode>(call) == false)
+            return false;
+        return getTCG()->getThreadAPI()->isTDAcquire(SVFUtil::cast<CallICFGNode>(call));
     }
     /// Whether it is a unlock site
     inline bool isTDRelease(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDRelease(call);
+        if(SVFUtil::isa<CallICFGNode>(call) == false)
+            return false;
+        return getTCG()->getThreadAPI()->isTDRelease(SVFUtil::cast<CallICFGNode>(call));
     }
     /// Whether it is a callsite
     inline bool isCallSite(const ICFGNode* inst)

package/svf/include/MTA/MHP.h

@@ -227,12 +227,14 @@ private:
     /// Whether it is a fork site
     inline bool isTDFork(const ICFGNode* call)
     {
-        return tcg->getThreadAPI()->isTDFork(call);
+        const CallICFGNode* fork = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return fork && tcg->getThreadAPI()->isTDFork(fork);
     }
     /// Whether it is a join site
     inline bool isTDJoin(const ICFGNode* call)
     {
-        return tcg->getThreadAPI()->isTDJoin(call);
+        const CallICFGNode* join = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return join && tcg->getThreadAPI()->isTDJoin(join);
     }
 
     /// Return thread id(s) which are directly or indirectly joined at this join site
@@ -345,11 +347,11 @@ public:
     }
 
     /// Get loop for join site
-    inline LoopBBs& getJoinLoop(const ICFGNode* inst)
+    inline LoopBBs& getJoinLoop(const CallICFGNode* inst)
     {
         return tct->getJoinLoop(inst);
     }
-    inline bool hasJoinLoop(const ICFGNode* inst)
+    inline bool hasJoinLoop(const CallICFGNode* inst)
     {
         return tct->hasJoinLoop(inst);
     }
@@ -461,12 +463,14 @@ private:
     /// Whether it is a fork site
     inline bool isTDFork(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDFork(call);
+        const CallICFGNode* fork = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return fork && getTCG()->getThreadAPI()->isTDFork(fork);
     }
     /// Whether it is a join site
     inline bool isTDJoin(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDJoin(call);
+        const CallICFGNode* join = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return join && getTCG()->getThreadAPI()->isTDJoin(join);
     }
     /// Get forked thread
     inline const SVFValue* getForkedThread(const CallICFGNode* call)

package/svf/include/MTA/TCT.h

@@ -364,7 +364,7 @@ public:
     }
 
     /// Get loop for join site
-    inline LoopBBs& getJoinLoop(const ICFGNode* join)
+    inline LoopBBs& getJoinLoop(const CallICFGNode* join)
     {
         assert(tcg->getThreadAPI()->isTDJoin(join) && "not a join site");
         InstToLoopMap::iterator it = joinSiteToLoopMap.find(join);
@@ -372,7 +372,7 @@ public:
         return it->second;
     }
 
-    inline bool hasJoinLoop(const ICFGNode* join) const
+    inline bool hasJoinLoop(const CallICFGNode* join) const
     {
         assert(tcg->getThreadAPI()->isTDJoin(join) && "not a join site");
         InstToLoopMap::const_iterator it = joinSiteToLoopMap.find(join);
@@ -407,7 +407,7 @@ public:
             MaxCxtSize = cxt.size();
     }
     /// Whether a join site is in recursion
-    inline bool isJoinSiteInRecursion(const ICFGNode* join) const
+    inline bool isJoinSiteInRecursion(const CallICFGNode* join) const
     {
         assert(tcg->getThreadAPI()->isTDJoin(join) && "not a join site");
         return inRecurJoinSites.find(join)!=inRecurJoinSites.end();

package/svf/include/SABER/SaberCheckerAPI.h

@@ -103,7 +103,7 @@ public:
     }
     inline bool isMemAlloc(const CallICFGNode* cs) const
     {
-        return isMemAlloc(SVFUtil::getCallee(cs->getCallSite()));
+        return isMemAlloc(cs->getCalledFunction());
     }
     //@}
 
@@ -115,7 +115,7 @@ public:
     }
     inline bool isMemDealloc(const CallICFGNode* cs) const
     {
-        return isMemDealloc(SVFUtil::getCallee(cs->getCallSite()));
+        return isMemDealloc(cs->getCalledFunction());
     }
     //@}
 
@@ -127,7 +127,7 @@ public:
     }
     inline bool isFOpen(const CallICFGNode* cs) const
     {
-        return isFOpen(SVFUtil::getCallee(cs->getCallSite()));
+        return isFOpen(cs->getCalledFunction());
     }
     //@}
 
@@ -139,7 +139,7 @@ public:
     }
     inline bool isFClose(const CallICFGNode* cs) const
     {
-        return isFClose(SVFUtil::getCallee(cs->getCallSite()));
+        return isFClose(cs->getCalledFunction());
     }
     //@}
 

package/svf/include/Util/SVFUtil.h

@@ -228,25 +228,6 @@ inline std::vector<std::string> split(const std::string& s, char separator)
     return output;
 }
 
-/// Return callee of a callsite. Return null if this is an indirect call
-//@{
-inline const SVFFunction* getCallee(const SVFCallInst* cs)
-{
-    return cs->getCalledFunction();
-}
-
-inline const SVFFunction* getCallee(const SVFInstruction *inst)
-{
-    if (!isCallSite(inst))
-        return nullptr;
-    return getCallee(cast<SVFCallInst>(inst));
-}
-
-const SVFFunction* getCallee(const CallICFGNode *inst);
-
-const SVFFunction* getCallee(const ICFGNode *inst);
-//@}
-
 /// Given a map mapping points-to sets to a count, adds from into to.
 template <typename Data>
 void mergePtsOccMaps(Map<Data, unsigned> &to, const Map<Data, unsigned> from)
@@ -332,7 +313,7 @@ inline bool isHeapAllocExtFunViaArg(const SVFFunction* fun)
 
 /// Get the position of argument that holds an allocated heap object.
 //@{
-inline int getHeapAllocHoldingArgPosition(const SVFFunction* fun)
+inline u32_t getHeapAllocHoldingArgPosition(const SVFFunction* fun)
 {
     return ExtAPI::getExtAPI()->get_alloc_arg_pos(fun);
 }
@@ -404,25 +385,13 @@ inline const SVFValue* getForkedFun(const CallICFGNode *inst)
 //@}
 
 
-inline bool isExtCall(const CallICFGNode* cs)
-{
-    return isExtCall(getCallee(cs));
-}
+bool isExtCall(const CallICFGNode* cs);
 
 bool isExtCall(const ICFGNode* node);
 
-inline bool isHeapAllocExtCallViaArg(const CallICFGNode* cs)
-{
-    return isHeapAllocExtFunViaArg(getCallee(cs));
-}
+bool isHeapAllocExtCallViaArg(const CallICFGNode* cs);
 
-inline bool isHeapAllocExtCallViaArg(const SVFInstruction *inst)
-{
-    if(const SVFCallInst* call = SVFUtil::dyn_cast<SVFCallInst>(inst))
-        return isHeapAllocExtFunViaArg(call->getCalledFunction());
-    else
-        return false;
-}
+bool isHeapAllocExtCallViaArg(const SVFInstruction *inst);
 
 bool isHeapAllocExtCallViaRet(const SVFInstruction *inst);
 
@@ -438,10 +407,7 @@ inline bool isHeapAllocExtCall(const SVFInstruction *inst)
 
 //@}
 
-inline int getHeapAllocHoldingArgPosition(const CallICFGNode* cs)
-{
-    return getHeapAllocHoldingArgPosition(getCallee(cs));
-}
+u32_t getHeapAllocHoldingArgPosition(const CallICFGNode* cs);
 //@}
 
 bool isReallocExtCall(const CallICFGNode* cs);
@@ -449,7 +415,7 @@ bool isReallocExtCall(const CallICFGNode* cs);
 
 /// Return true if this is a thread creation call
 ///@{
-inline bool isThreadForkCall(const ICFGNode *inst)
+inline bool isThreadForkCall(const CallICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->isTDFork(inst);
 }
@@ -457,7 +423,7 @@ inline bool isThreadForkCall(const ICFGNode *inst)
 
 /// Return true if this is a thread join call
 ///@{
-inline bool isThreadJoinCall(const ICFGNode* cs)
+inline bool isThreadJoinCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDJoin(cs);
 }
@@ -465,7 +431,7 @@ inline bool isThreadJoinCall(const ICFGNode* cs)
 
 /// Return true if this is a thread exit call
 ///@{
-inline bool isThreadExitCall(const ICFGNode* cs)
+inline bool isThreadExitCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDExit(cs);
 }
@@ -473,7 +439,7 @@ inline bool isThreadExitCall(const ICFGNode* cs)
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockAquireCall(const ICFGNode* cs)
+inline bool isLockAquireCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDAcquire(cs);
 }
@@ -481,7 +447,7 @@ inline bool isLockAquireCall(const ICFGNode* cs)
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockReleaseCall(const ICFGNode* cs)
+inline bool isLockReleaseCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDRelease(cs);
 }
@@ -489,7 +455,7 @@ inline bool isLockReleaseCall(const ICFGNode* cs)
 
 /// Return true if this is a barrier wait call
 //@{
-inline bool isBarrierWaitCall(const ICFGNode* cs)
+inline bool isBarrierWaitCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDBarWait(cs);
 }
@@ -504,10 +470,7 @@ inline const SVFValue* getActualParmAtForkSite(const CallICFGNode* cs)
 //@}
 
 
-inline bool isProgExitCall(const CallICFGNode* cs)
-{
-    return isProgExitFunction(getCallee(cs));
-}
+bool isProgExitCall(const CallICFGNode* cs);
 
 
 template<typename T>

package/svf/include/Util/ThreadAPI.h

@@ -119,19 +119,6 @@ public:
         }
     }
 
-    /// Return the callee/callsite/func
-    //@{
-    const SVFFunction* getCallee(const ICFGNode *inst) const;
-    //@}
-
-    /// Return true if this call create a new thread
-    //@{
-    inline bool isTDFork(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_FORK;
-    }
-    //@}
-
     /// Return arguments/attributes of pthread_create / hare_parallel_for
     //@{
     /// Return the first argument of the call,
@@ -146,12 +133,14 @@ public:
     const SVFValue* getActualParmAtForkSite(const CallICFGNode *inst) const;
     //@}
 
+    /// Return true if this call create a new thread
+    //@{
+    bool isTDFork(const CallICFGNode *inst) const;
+    //@}
+
     /// Return true if this call wait for a worker thread
     //@{
-    inline bool isTDJoin(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_JOIN;
-    }
+    bool isTDJoin(const CallICFGNode *inst) const;
     //@}
 
     /// Return arguments/attributes of pthread_join
@@ -167,26 +156,17 @@ public:
 
     /// Return true if this call exits/terminate a thread
     //@{
-    inline bool isTDExit(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_EXIT;
-    }
+    bool isTDExit(const CallICFGNode *inst) const;
     //@}
 
     /// Return true if this call acquire a lock
     //@{
-    inline bool isTDAcquire(const ICFGNode* inst) const
-    {
-        return getType(getCallee(inst)) == TD_ACQUIRE;
-    }
+    bool isTDAcquire(const CallICFGNode* inst) const;
     //@}
 
     /// Return true if this call release a lock
     //@{
-    inline bool isTDRelease(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_RELEASE;
-    }
+    bool isTDRelease(const CallICFGNode *inst) const;
     //@}
 
     /// Return lock value
@@ -197,10 +177,7 @@ public:
 
     /// Return true if this call waits for a barrier
     //@{
-    inline bool isTDBarWait(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_BAR_WAIT;
-    }
+    bool isTDBarWait(const CallICFGNode *inst) const;
     //@}
 
     void performAPIStat(SVFModule* m);

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -94,8 +94,7 @@ void BufOverflowDetector::detect(AbstractState& as, const ICFGNode* node)
     {
         // Handle call nodes by checking for external API calls
         const CallICFGNode* callNode = SVFUtil::cast<CallICFGNode>(node);
-        const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
-        if (SVFUtil::isExtCall(callfun))
+        if (SVFUtil::isExtCall(callNode->getCalledFunction()))
         {
             detectExtAPI(as, callNode);
         }
@@ -146,13 +145,12 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
                                        const CallICFGNode* call)
 {
     SVFIR* svfir = PAG::getPAG();
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
-    assert(fun && "SVFFunction* is nullptr");
+    assert(call->getCalledFunction() && "SVFFunction* is nullptr");
 
     AbstractInterpretation::ExtAPIType extType = AbstractInterpretation::UNCLASSIFIED;
 
     // Determine the type of external memory API
-    for (const std::string &annotation : fun->getAnnotations())
+    for (const std::string &annotation : call->getCalledFunction()->getAnnotations())
     {
         if (annotation.find("MEMCPY") != std::string::npos)
             extType = AbstractInterpretation::MEMCPY;
@@ -167,13 +165,13 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
     // Apply buffer overflow checks based on the determined API type
     if (extType == AbstractInterpretation::MEMCPY)
     {
-        if (extAPIBufOverflowCheckRules.count(fun->getName()) == 0)
+        if (extAPIBufOverflowCheckRules.count(call->getCalledFunction()->getName()) == 0)
         {
-            SVFUtil::errs() << "Warning: " << fun->getName() << " is not in the rules, please implement it\n";
+            SVFUtil::errs() << "Warning: " << call->getCalledFunction()->getName() << " is not in the rules, please implement it\n";
             return;
         }
         std::vector<std::pair<u32_t, u32_t>> args =
-                                              extAPIBufOverflowCheckRules.at(fun->getName());
+                                              extAPIBufOverflowCheckRules.at(call->getCalledFunction()->getName());
         for (auto arg : args)
         {
             IntervalValue offset = as[svfir->getValueNode(call->getArgument(arg.second))].getInterval() - IntervalValue(1);
@@ -186,13 +184,13 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
     }
     else if (extType == AbstractInterpretation::MEMSET)
     {
-        if (extAPIBufOverflowCheckRules.count(fun->getName()) == 0)
+        if (extAPIBufOverflowCheckRules.count(call->getCalledFunction()->getName()) == 0)
         {
-            SVFUtil::errs() << "Warning: " << fun->getName() << " is not in the rules, please implement it\n";
+            SVFUtil::errs() << "Warning: " << call->getCalledFunction()->getName() << " is not in the rules, please implement it\n";
             return;
         }
         std::vector<std::pair<u32_t, u32_t>> args =
-                                              extAPIBufOverflowCheckRules.at(fun->getName());
+                                              extAPIBufOverflowCheckRules.at(call->getCalledFunction()->getName());
         for (auto arg : args)
         {
             IntervalValue offset = as[svfir->getValueNode(call->getArgument(arg.second))].getInterval() - IntervalValue(1);
@@ -340,12 +338,11 @@ bool BufOverflowDetector::detectStrcpy(AbstractState& as, const CallICFGNode *ca
 bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *call)
 {
     SVFIR* svfir = PAG::getPAG();
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
 
     const std::vector<std::string> strcatGroup = {"__strcat_chk", "strcat", "__wcscat_chk", "wcscat"};
     const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
 
-    if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
+    if (std::find(strcatGroup.begin(), strcatGroup.end(), call->getCalledFunction()->getName()) != strcatGroup.end())
     {
         const SVFValue* arg0Val = call->getArgument(0);
         const SVFValue* arg1Val = call->getArgument(1);
@@ -354,7 +351,7 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
         IntervalValue totalLen = strLen0 + strLen1;
         return canSafelyAccessMemory(as, arg0Val, totalLen);
     }
-    else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
+    else if (std::find(strncatGroup.begin(), strncatGroup.end(), call->getCalledFunction()->getName()) != strncatGroup.end())
     {
         const SVFValue* arg0Val = call->getArgument(0);
         const SVFValue* arg2Val = call->getArgument(2);

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -616,8 +616,7 @@ void AbstractInterpretation::handleCallSite(const ICFGNode* node)
 
 bool AbstractInterpretation::isExtCall(const SVF::CallICFGNode *callNode)
 {
-    const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
-    return SVFUtil::isExtCall(callfun);
+    return SVFUtil::isExtCall(callNode->getCalledFunction());
 }
 
 void AbstractInterpretation::extCallPass(const SVF::CallICFGNode *callNode)
@@ -629,8 +628,7 @@ void AbstractInterpretation::extCallPass(const SVF::CallICFGNode *callNode)
 
 bool AbstractInterpretation::isRecursiveCall(const SVF::CallICFGNode *callNode)
 {
-    const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
-    return recursiveFuns.find(callfun) != recursiveFuns.end();
+    return recursiveFuns.find(callNode->getCalledFunction()) != recursiveFuns.end();
 }
 
 void AbstractInterpretation::recursiveCallPass(const SVF::CallICFGNode *callNode)
@@ -654,18 +652,16 @@ void AbstractInterpretation::recursiveCallPass(const SVF::CallICFGNode *callNode
 
 bool AbstractInterpretation::isDirectCall(const SVF::CallICFGNode *callNode)
 {
-    const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
-    return funcToWTO.find(callfun) != funcToWTO.end();
+    return funcToWTO.find(callNode->getCalledFunction()) != funcToWTO.end();
 }
 void AbstractInterpretation::directCallFunPass(const SVF::CallICFGNode *callNode)
 {
     AbstractState& as = getAbsStateFromTrace(callNode);
-    const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
     callSiteStack.push_back(callNode);
 
     abstractTrace[callNode] = as;
 
-    ICFGWTO* wto = funcToWTO[callfun];
+    ICFGWTO* wto = funcToWTO[callNode->getCalledFunction()];
     handleWTOComponents(wto->getWTOComponents());
 
     callSiteStack.pop_back();
@@ -819,7 +815,6 @@ void AbstractInterpretation::handleSVFStatement(const SVFStmt *stmt)
 void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
 {
     AbstractState& as = getAbsStateFromTrace(callNode);
-    const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
     const RetICFGNode *retNode = callNode->getRetICFGNode();
     if (retNode->getSVFStmts().size() > 0)
     {
@@ -843,7 +838,7 @@ void AbstractInterpretation::SkipRecursiveCall(const CallICFGNode *callNode)
     }
     FIFOWorkList<const SVFBasicBlock *> blkWorkList;
     FIFOWorkList<const ICFGNode *> instWorklist;
-    for (const SVFBasicBlock * bb: callfun->getReachableBBs())
+    for (const SVFBasicBlock * bb: callNode->getCalledFunction()->getReachableBBs())
     {
         for (const ICFGNode* node: bb->getICFGNodeList())
         {
@@ -1333,7 +1328,7 @@ std::string AbstractInterpretation::strRead(AbstractState& as, const SVFValue* r
 void AbstractInterpretation::handleExtAPI(const CallICFGNode *call)
 {
     AbstractState& as = getAbsStateFromTrace(call);
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
+    const SVFFunction *fun = call->getCalledFunction();
     assert(fun && "SVFFunction* is nullptr");
     ExtAPIType extType = UNCLASSIFIED;
     // get type of mem api
@@ -1404,7 +1399,7 @@ void AbstractInterpretation::collectCheckPoint()
         const ICFGNode* node = it->second;
         if (const CallICFGNode *call = SVFUtil::dyn_cast<CallICFGNode>(node))
         {
-            if (const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite()))
+            if (const SVFFunction *fun = call->getCalledFunction())
             {
                 if (checkpoint_names.find(fun->getName()) !=
                         checkpoint_names.end())
@@ -1527,7 +1522,7 @@ void AbstractInterpretation::handleStrcat(const SVF::CallICFGNode *call)
     // __strcat_chk, strcat, __wcscat_chk, wcscat, __strncat_chk, strncat, __wcsncat_chk, wcsncat
     // to check it is  strcat group or strncat group
     AbstractState& as = getAbsStateFromTrace(call);
-    const SVFFunction *fun = SVFUtil::getCallee(call);
+    const SVFFunction *fun = call->getCalledFunction();
     const std::vector<std::string> strcatGroup = {"__strcat_chk", "strcat", "__wcscat_chk", "wcscat"};
     const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
     if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())

package/svf/lib/CFL/CFLAlias.cpp

@@ -143,7 +143,7 @@ void CFLAlias::connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunct
 
 void CFLAlias::heapAllocatorViaIndCall(const CallICFGNode* cs)
 {
-    assert(SVFUtil::getCallee(cs) == nullptr && "not an indirect callsite?");
+    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
     const RetICFGNode* retBlockNode = cs->getRetICFGNode();
     const PAGNode* cs_return = svfir->getCallSiteRet(retBlockNode);
     NodeID srcret;

package/svf/lib/Graphs/CallGraph.cpp

@@ -45,13 +45,13 @@ CallSiteID CallGraph::totalCallSiteNum = 1;
 //@{
 void CallGraphEdge::addDirectCallSite(const CallICFGNode* call)
 {
-    assert(SVFUtil::getCallee(call->getCallSite()) && "not a direct callsite??");
+    assert(call->getCalledFunction() && "not a direct callsite??");
     directCalls.insert(call);
 }
 
 void CallGraphEdge::addInDirectCallSite(const CallICFGNode* call)
 {
-    assert((nullptr == SVFUtil::getCallee(call->getCallSite()) || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call))) && "not an indirect callsite??");
+    assert((nullptr == call->getCalledFunction() || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call))) && "not an indirect callsite??");
     indirectCalls.insert(call);
 }
 //@}

package/svf/lib/MTA/LockAnalysis.cpp

@@ -76,11 +76,11 @@ void LockAnalysis::collectLockUnlocksites()
         {
             for (const ICFGNode* icfgNode : bb->getICFGNodeList())
             {
-                if (tcg->getThreadAPI()->isTDRelease(icfgNode))
+                if (isa<CallICFGNode>(icfgNode) && tcg->getThreadAPI()->isTDRelease(cast<CallICFGNode>(icfgNode)))
                 {
                     unlocksites.insert(icfgNode);
                 }
-                if (tcg->getThreadAPI()->isTDAcquire(icfgNode))
+                if (isa<CallICFGNode>(icfgNode) && tcg->getThreadAPI()->isTDAcquire(cast<CallICFGNode>(icfgNode)))
                 {
                     locksites.insert(icfgNode);
                 }

package/svf/lib/MTA/MHP.cpp

@@ -233,10 +233,11 @@ void MHP::handleFork(const CxtThreadStmt& cts, NodeID rootTid)
 void MHP::handleJoin(const CxtThreadStmt& cts, NodeID rootTid)
 {
 
-    const ICFGNode* call = cts.getStmt();
     const CallStrCxt& curCxt = cts.getContext();
 
-    assert(isTDJoin(call));
+    assert(isTDJoin(cts.getStmt()));
+
+    const CallICFGNode* call = SVFUtil::cast<CallICFGNode>(cts.getStmt());
 
     NodeBS joinedTids = getDirAndIndJoinedTid(curCxt, call);
     if (!joinedTids.empty())
@@ -479,8 +480,9 @@ bool MHP::isRecurFullJoin(NodeID parentTid, NodeID curTid)
  */
 bool MHP::isMustJoin(NodeID curTid, const ICFGNode* joinsite)
 {
-    assert(isTDJoin(joinsite) && "not a join site!");
-    return !isMultiForkedThread(curTid) && !tct->isJoinSiteInRecursion(joinsite);
+    const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(joinsite);
+    assert(call && isTDJoin(call) && "not a join site!");
+    return !isMultiForkedThread(curTid) && !tct->isJoinSiteInRecursion(call);
 }
 
 /*!
@@ -821,9 +823,9 @@ void ForkJoinAnalysis::handleJoin(const CxtStmt& cts, NodeID rootTid)
 
         if (isAliasedForkJoin(SVFUtil::cast<CallICFGNode>(forkSite), SVFUtil::cast<CallICFGNode>(joinSite)))
         {
-            if (hasJoinLoop(joinSite))
+            if (hasJoinLoop(SVFUtil::cast<CallICFGNode>(forkSite)))
             {
-                LoopBBs& joinLoop = getJoinLoop(joinSite);
+                LoopBBs& joinLoop = getJoinLoop(SVFUtil::cast<CallICFGNode>(forkSite));
                 std::vector<const SVFBasicBlock *> exitbbs;
                 joinSite->getFun()->getExitBlocksOfLoop(joinSite->getBB(), exitbbs);
                 while (!exitbbs.empty())
@@ -853,7 +855,7 @@ void ForkJoinAnalysis::handleJoin(const CxtStmt& cts, NodeID rootTid)
         /// we process the loop exit
         else
         {
-            if (hasJoinLoop(joinSite))
+            if (hasJoinLoop(SVFUtil::cast<CallICFGNode>(forkSite)))
             {
                 std::vector<const SVFBasicBlock*> exitbbs;
                 joinSite->getFun()->getExitBlocksOfLoop(joinSite->getBB(), exitbbs);

package/svf/lib/MemoryModel/PointerAnalysis.cpp

@@ -509,7 +509,7 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
 
         for(const CallICFGNode* callNode : pag->getCallSiteSet())
         {
-            if (SVFUtil::getCallee(callNode) == checkFun)
+            if (callNode->getCalledFunction() == checkFun)
             {
                 assert(callNode->getNumArgOperands() == 2
                        && "arguments should be two pointers!!");
@@ -574,7 +574,7 @@ void PointerAnalysis::validateExpectedFailureTests(std::string fun)
 
         for(const CallICFGNode* callNode : pag->getCallSiteSet())
         {
-            if (SVFUtil::getCallee(callNode) == checkFun)
+            if (callNode->getCalledFunction() == checkFun)
             {
                 assert(callNode->arg_size() == 2
                        && "arguments should be two pointers!!");

package/svf/lib/SABER/DoubleFreeChecker.cpp

@@ -55,7 +55,7 @@ void DoubleFreeChecker::testsValidation(ProgSlice *slice)
 {
     const SVFGNode* source = slice->getSource();
     const CallICFGNode* cs = getSrcCSID(source);
-    const SVFFunction* fun = getCallee(cs->getCallSite());
+    const SVFFunction* fun = cs->getCalledFunction();
     if(fun==nullptr)
         return;
     validateSuccessTests(slice,fun);

package/svf/lib/SABER/LeakChecker.cpp

@@ -180,7 +180,7 @@ void LeakChecker::testsValidation(const ProgSlice* slice)
 {
     const SVFGNode* source = slice->getSource();
     const CallICFGNode* cs = getSrcCSID(source);
-    const SVFFunction* fun = getCallee(cs->getCallSite());
+    const SVFFunction* fun = cs->getCalledFunction();
     if(fun==nullptr)
         return;
 

package/svf/lib/Util/CallGraphBuilder.cpp

@@ -52,9 +52,9 @@ CallGraph* CallGraphBuilder::buildCallGraph(SVFModule* svfModule)
             {
                 if (SVFUtil::isNonInstricCallSite(inst))
                 {
-                    if(const SVFFunction* callee = getCallee(inst))
+                    const CallICFGNode* callBlockNode = cast<CallICFGNode>(inst);
+                    if(const SVFFunction* callee = callBlockNode->getCalledFunction())
                     {
-                        const CallICFGNode* callBlockNode = cast<CallICFGNode>(inst);
                         callgraph->addDirectCallGraphEdge(callBlockNode,*F,callee);
                     }
                 }
@@ -80,7 +80,7 @@ CallGraph* ThreadCallGraphBuilder::buildThreadCallGraph(SVFModule* svfModule)
         {
             for (const ICFGNode* inst : svfbb->getICFGNodeList())
             {
-                if (tdAPI->isTDFork(inst))
+                if (SVFUtil::isa<CallICFGNode>(inst) && tdAPI->isTDFork(SVFUtil::cast<CallICFGNode>(inst)))
                 {
                     const CallICFGNode* cs = cast<CallICFGNode>(inst);
                     cg->addForksite(cs);
@@ -105,7 +105,7 @@ CallGraph* ThreadCallGraphBuilder::buildThreadCallGraph(SVFModule* svfModule)
         {
             for (const ICFGNode* node : svfbb->getICFGNodeList())
             {
-                if (tdAPI->isTDJoin(node))
+                if (SVFUtil::isa<CallICFGNode>(node) && tdAPI->isTDJoin(SVFUtil::cast<CallICFGNode>(node)))
                 {
                     const CallICFGNode* cs = SVFUtil::cast<CallICFGNode>(node);
                     cg->addJoinsite(cs);

package/svf/lib/Util/SVFBugReport.cpp

@@ -303,7 +303,8 @@ const std::string SVFBugEvent::getEventDescription() const
     case SVFBugEvent::CallSite:
     {
         std::string description("calls ");
-        const SVFFunction *callee = SVFUtil::getCallee(eventInst);
+        assert(SVFUtil::isa<CallICFGNode>(eventInst) && "not a call ICFGNode?");
+        const SVFFunction *callee = SVFUtil::cast<CallICFGNode>(eventInst)->getCalledFunction();
         if(callee == nullptr)
         {
             description += "<unknown>";

package/svf/lib/Util/SVFUtil.cpp

@@ -343,24 +343,34 @@ bool SVFUtil::isIntrinsicInst(const ICFGNode* inst)
     return false;
 }
 
-const SVFFunction* SVFUtil::getCallee(const ICFGNode *inst)
+bool SVFUtil::isExtCall(const CallICFGNode* cs)
 {
-    if (!isCallSite(inst))
-        return nullptr;
-    const CallICFGNode* call = SVFUtil::cast<CallICFGNode>(inst);
-    return call->getCalledFunction();
+    return isExtCall(cs->getCalledFunction());
 }
 
-const SVFFunction* SVFUtil::getCallee(const CallICFGNode *inst)
+bool SVFUtil::isHeapAllocExtCallViaArg(const CallICFGNode* cs)
 {
-    return inst->getCalledFunction();
+    return isHeapAllocExtFunViaArg(cs->getCalledFunction());
+}
+
+bool SVFUtil::isHeapAllocExtCallViaArg(const SVFInstruction *inst)
+{
+    if(const SVFCallInst* call = SVFUtil::dyn_cast<SVFCallInst>(inst))
+        return isHeapAllocExtFunViaArg(call->getCalledFunction());
+    else
+        return false;
+}
+
+u32_t SVFUtil::getHeapAllocHoldingArgPosition(const CallICFGNode* cs)
+{
+    return getHeapAllocHoldingArgPosition(cs->getCalledFunction());
 }
 
 
 bool SVFUtil::isExtCall(const ICFGNode* node)
 {
     if(!isCallSite(node)) return false;
-    return isExtCall(getCallee(node));
+    return isExtCall(cast<CallICFGNode>(node)->getCalledFunction());
 }
 
 bool SVFUtil::isHeapAllocExtCall(const ICFGNode* cs)
@@ -372,13 +382,13 @@ bool SVFUtil::isHeapAllocExtCall(const ICFGNode* cs)
 bool SVFUtil::isHeapAllocExtCallViaRet(const CallICFGNode* cs)
 {
     bool isPtrTy = cs->getCallSite()->getType()->isPointerTy();
-    return isPtrTy && isHeapAllocExtFunViaRet(getCallee(cs));
+    return isPtrTy && isHeapAllocExtFunViaRet(cs->getCalledFunction());
 }
 
 bool SVFUtil::isReallocExtCall(const CallICFGNode* cs)
 {
     bool isPtrTy = cs->getCallSite()->getType()->isPointerTy();
-    return isPtrTy && isReallocExtFun(getCallee(cs));
+    return isPtrTy && isReallocExtFun(cs->getCalledFunction());
 }
 
 bool SVFUtil::isHeapAllocExtCallViaRet(const SVFInstruction *inst)
@@ -396,4 +406,9 @@ bool SVFUtil::isRetInstNode(const ICFGNode* node)
         return intraNode->getInst()->isRetInst();
     else
         return false;
+}
+
+bool SVFUtil::isProgExitCall(const CallICFGNode* cs)
+{
+    return isProgExitFunction(cs->getCalledFunction());
 }

package/svf/lib/Util/ThreadAPI.cpp

@@ -129,6 +129,37 @@ void ThreadAPI::init()
     }
 }
 
+bool ThreadAPI::isTDFork(const CallICFGNode *inst) const
+{
+    return getType(inst->getCalledFunction()) == TD_FORK;
+}
+
+bool ThreadAPI::isTDJoin(const CallICFGNode *inst) const
+{
+    return getType(inst->getCalledFunction()) == TD_JOIN;
+}
+
+bool ThreadAPI::isTDExit(const CallICFGNode *inst) const
+{
+    return getType(inst->getCalledFunction()) == TD_EXIT;
+}
+
+bool ThreadAPI::isTDAcquire(const CallICFGNode* inst) const
+{
+    return getType(inst->getCalledFunction()) == TD_ACQUIRE;
+}
+
+bool ThreadAPI::isTDRelease(const CallICFGNode *inst) const
+{
+    return getType(inst->getCalledFunction()) == TD_RELEASE;
+}
+
+bool ThreadAPI::isTDBarWait(const CallICFGNode *inst) const
+{
+    return getType(inst->getCalledFunction()) == TD_BAR_WAIT;
+}
+
+
 const SVFValue* ThreadAPI::getForkedThread(const CallICFGNode *inst) const
 {
     assert(isTDFork(inst) && "not a thread fork function!");
@@ -155,17 +186,6 @@ const SVFValue* ThreadAPI::getRetParmAtJoinedSite(const CallICFGNode *inst) cons
     return inst->getArgument(1);
 }
 
-/*!
- *
- */
-const SVFFunction* ThreadAPI::getCallee(const ICFGNode *inst) const
-{
-    if(const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(inst))
-        return SVFUtil::getCallee(call->getCallSite());
-    else
-        return nullptr;
-}
-
 const SVFValue* ThreadAPI::getLockVal(const ICFGNode *cs) const
 {
     const CallICFGNode* call = SVFUtil::dyn_cast<CallICFGNode>(cs);
@@ -251,7 +271,7 @@ void ThreadAPI::performAPIStat(SVFModule* module)
                 if (!SVFUtil::isCallSite(svfInst))
                     continue;
 
-                const SVFFunction* fun = SVFUtil::getCallee(svfInst);
+                const SVFFunction* fun = SVFUtil::cast<CallICFGNode>(svfInst)->getCalledFunction();
                 TD_TYPE type = getType(fun);
                 switch (type)
                 {

package/svf/lib/WPA/Andersen.cpp

@@ -679,7 +679,7 @@ bool Andersen::updateCallGraph(const CallSiteToFunPtrMap& callsites)
 
 void Andersen::heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet &cpySrcNodes)
 {
-    assert(SVFUtil::getCallee(cs) == nullptr && "not an indirect callsite?");
+    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
     const RetICFGNode* retBlockNode = cs->getRetICFGNode();
     const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
     NodeID srcret;

package/svf/lib/WPA/Steensgaard.cpp

@@ -157,7 +157,7 @@ bool Steensgaard::updateCallGraph(const CallSiteToFunPtrMap& callsites)
 
 void Steensgaard::heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet& cpySrcNodes)
 {
-    assert(SVFUtil::getCallee(cs) == nullptr && "not an indirect callsite?");
+    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
     const RetICFGNode* retBlockNode = cs->getRetICFGNode();
     const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
     NodeID srcret;

package/svf-llvm/lib/ICFGBuilder.cpp

@@ -233,7 +233,7 @@ InterICFGNode* ICFGBuilder::addInterBlockICFGNode(const SVFInstruction* inst)
     assert(SVFUtil::isNonInstricCallSite(inst) && "associating an intrinsic debug instruction with an ICFGNode!");
     CallICFGNode* callICFGNode = icfg->addCallICFGNode(inst);
     (void) icfg->addRetICFGNode(inst);
-    addICFGInterEdges(inst, getCallee(inst));                       //creating interprocedural edges
+    addICFGInterEdges(inst, callICFGNode->getCalledFunction());                       //creating interprocedural edges
     return callICFGNode;
 }
 

package/svf-llvm/lib/SymbolTableBuilder.cpp

@@ -608,7 +608,7 @@ const Type* SymbolTableBuilder::inferTypeOfHeapObjOrStaticObj(const Instruction
     else if(SVFUtil::isHeapAllocExtCallViaArg(svfinst))
     {
         const CallBase* cs = LLVMUtil::getLLVMCallSite(inst);
-        int arg_pos = SVFUtil::getHeapAllocHoldingArgPosition(getCallee(svfinst));
+        u32_t arg_pos = SVFUtil::getHeapAllocHoldingArgPosition(SVFUtil::cast<SVFCallInst>(svfinst)->getCalledFunction());
         const Value* arg = cs->getArgOperand(arg_pos);
         originalPType = SVFUtil::dyn_cast<PointerType>(arg->getType());
         inferedType = inferObjType(startValue = arg);