svf-tools 1.0.985 → 1.0.987

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.985",
+  "version": "1.0.987",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/Graphs/ICFGNode.h

@@ -462,7 +462,7 @@ public:
     /// Return true if this is an indirect call
     inline bool isIndirectCall() const
     {
-        return nullptr == SVFUtil::getCallee(cs);
+        return nullptr == SVFUtil::cast<SVFCallInst>(cs)->getCalledFunction();
     }
 
     /// Return the set of actual parameters

package/svf/include/MTA/LockAnalysis.h

@@ -437,17 +437,23 @@ private:
     /// Whether it is a lock site
     inline bool isTDFork(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDFork(call);
+        if(SVFUtil::isa<CallICFGNode>(call) == false)
+            return false;
+        return getTCG()->getThreadAPI()->isTDFork(SVFUtil::cast<CallICFGNode>(call));
     }
     /// Whether it is a lock site
     inline bool isTDAcquire(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDAcquire(call);
+        if(SVFUtil::isa<CallICFGNode>(call) == false)
+            return false;
+        return getTCG()->getThreadAPI()->isTDAcquire(SVFUtil::cast<CallICFGNode>(call));
     }
     /// Whether it is a unlock site
     inline bool isTDRelease(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDRelease(call);
+        if(SVFUtil::isa<CallICFGNode>(call) == false)
+            return false;
+        return getTCG()->getThreadAPI()->isTDRelease(SVFUtil::cast<CallICFGNode>(call));
     }
     /// Whether it is a callsite
     inline bool isCallSite(const ICFGNode* inst)

package/svf/include/MTA/MHP.h

@@ -227,12 +227,14 @@ private:
     /// Whether it is a fork site
     inline bool isTDFork(const ICFGNode* call)
     {
-        return tcg->getThreadAPI()->isTDFork(call);
+        const CallICFGNode* fork = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return fork && tcg->getThreadAPI()->isTDFork(fork);
     }
     /// Whether it is a join site
     inline bool isTDJoin(const ICFGNode* call)
     {
-        return tcg->getThreadAPI()->isTDJoin(call);
+        const CallICFGNode* join = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return join && tcg->getThreadAPI()->isTDJoin(join);
     }
 
     /// Return thread id(s) which are directly or indirectly joined at this join site
@@ -345,11 +347,11 @@ public:
     }
 
     /// Get loop for join site
-    inline LoopBBs& getJoinLoop(const ICFGNode* inst)
+    inline LoopBBs& getJoinLoop(const CallICFGNode* inst)
     {
         return tct->getJoinLoop(inst);
     }
-    inline bool hasJoinLoop(const ICFGNode* inst)
+    inline bool hasJoinLoop(const CallICFGNode* inst)
     {
         return tct->hasJoinLoop(inst);
     }
@@ -461,12 +463,14 @@ private:
     /// Whether it is a fork site
     inline bool isTDFork(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDFork(call);
+        const CallICFGNode* fork = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return fork && getTCG()->getThreadAPI()->isTDFork(fork);
     }
     /// Whether it is a join site
     inline bool isTDJoin(const ICFGNode* call)
     {
-        return getTCG()->getThreadAPI()->isTDJoin(call);
+        const CallICFGNode* join = SVFUtil::dyn_cast<CallICFGNode>(call);
+        return join && getTCG()->getThreadAPI()->isTDJoin(join);
     }
     /// Get forked thread
     inline const SVFValue* getForkedThread(const CallICFGNode* call)

package/svf/include/MTA/TCT.h

@@ -364,7 +364,7 @@ public:
     }
 
     /// Get loop for join site
-    inline LoopBBs& getJoinLoop(const ICFGNode* join)
+    inline LoopBBs& getJoinLoop(const CallICFGNode* join)
     {
         assert(tcg->getThreadAPI()->isTDJoin(join) && "not a join site");
         InstToLoopMap::iterator it = joinSiteToLoopMap.find(join);
@@ -372,7 +372,7 @@ public:
         return it->second;
     }
 
-    inline bool hasJoinLoop(const ICFGNode* join) const
+    inline bool hasJoinLoop(const CallICFGNode* join) const
     {
         assert(tcg->getThreadAPI()->isTDJoin(join) && "not a join site");
         InstToLoopMap::const_iterator it = joinSiteToLoopMap.find(join);
@@ -407,7 +407,7 @@ public:
             MaxCxtSize = cxt.size();
     }
     /// Whether a join site is in recursion
-    inline bool isJoinSiteInRecursion(const ICFGNode* join) const
+    inline bool isJoinSiteInRecursion(const CallICFGNode* join) const
     {
         assert(tcg->getThreadAPI()->isTDJoin(join) && "not a join site");
         return inRecurJoinSites.find(join)!=inRecurJoinSites.end();

package/svf/include/SABER/SaberCheckerAPI.h

@@ -103,7 +103,7 @@ public:
     }
     inline bool isMemAlloc(const CallICFGNode* cs) const
     {
-        return isMemAlloc(SVFUtil::getCallee(cs->getCallSite()));
+        return isMemAlloc(cs->getCalledFunction());
     }
     //@}
 
@@ -115,7 +115,7 @@ public:
     }
     inline bool isMemDealloc(const CallICFGNode* cs) const
     {
-        return isMemDealloc(SVFUtil::getCallee(cs->getCallSite()));
+        return isMemDealloc(cs->getCalledFunction());
     }
     //@}
 
@@ -127,7 +127,7 @@ public:
     }
     inline bool isFOpen(const CallICFGNode* cs) const
     {
-        return isFOpen(SVFUtil::getCallee(cs->getCallSite()));
+        return isFOpen(cs->getCalledFunction());
     }
     //@}
 
@@ -139,7 +139,7 @@ public:
     }
     inline bool isFClose(const CallICFGNode* cs) const
     {
-        return isFClose(SVFUtil::getCallee(cs->getCallSite()));
+        return isFClose(cs->getCalledFunction());
     }
     //@}
 

package/svf/include/Util/SVFUtil.h

@@ -228,25 +228,6 @@ inline std::vector<std::string> split(const std::string& s, char separator)
     return output;
 }
 
-/// Return callee of a callsite. Return null if this is an indirect call
-//@{
-inline const SVFFunction* getCallee(const SVFCallInst* cs)
-{
-    return cs->getCalledFunction();
-}
-
-inline const SVFFunction* getCallee(const SVFInstruction *inst)
-{
-    if (!isCallSite(inst))
-        return nullptr;
-    return getCallee(cast<SVFCallInst>(inst));
-}
-
-const SVFFunction* getCallee(const CallICFGNode *inst);
-
-const SVFFunction* getCallee(const ICFGNode *inst);
-//@}
-
 /// Given a map mapping points-to sets to a count, adds from into to.
 template <typename Data>
 void mergePtsOccMaps(Map<Data, unsigned> &to, const Map<Data, unsigned> from)
@@ -332,7 +313,7 @@ inline bool isHeapAllocExtFunViaArg(const SVFFunction* fun)
 
 /// Get the position of argument that holds an allocated heap object.
 //@{
-inline int getHeapAllocHoldingArgPosition(const SVFFunction* fun)
+inline u32_t getHeapAllocHoldingArgPosition(const SVFFunction* fun)
 {
     return ExtAPI::getExtAPI()->get_alloc_arg_pos(fun);
 }
@@ -404,25 +385,13 @@ inline const SVFValue* getForkedFun(const CallICFGNode *inst)
 //@}
 
 
-inline bool isExtCall(const CallICFGNode* cs)
-{
-    return isExtCall(getCallee(cs));
-}
+bool isExtCall(const CallICFGNode* cs);
 
 bool isExtCall(const ICFGNode* node);
 
-inline bool isHeapAllocExtCallViaArg(const CallICFGNode* cs)
-{
-    return isHeapAllocExtFunViaArg(getCallee(cs));
-}
+bool isHeapAllocExtCallViaArg(const CallICFGNode* cs);
 
-inline bool isHeapAllocExtCallViaArg(const SVFInstruction *inst)
-{
-    if(const SVFCallInst* call = SVFUtil::dyn_cast<SVFCallInst>(inst))
-        return isHeapAllocExtFunViaArg(call->getCalledFunction());
-    else
-        return false;
-}
+bool isHeapAllocExtCallViaArg(const SVFInstruction *inst);
 
 bool isHeapAllocExtCallViaRet(const SVFInstruction *inst);
 
@@ -438,10 +407,7 @@ inline bool isHeapAllocExtCall(const SVFInstruction *inst)
 
 //@}
 
-inline int getHeapAllocHoldingArgPosition(const CallICFGNode* cs)
-{
-    return getHeapAllocHoldingArgPosition(getCallee(cs));
-}
+u32_t getHeapAllocHoldingArgPosition(const CallICFGNode* cs);
 //@}
 
 bool isReallocExtCall(const CallICFGNode* cs);
@@ -449,7 +415,7 @@ bool isReallocExtCall(const CallICFGNode* cs);
 
 /// Return true if this is a thread creation call
 ///@{
-inline bool isThreadForkCall(const ICFGNode *inst)
+inline bool isThreadForkCall(const CallICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->isTDFork(inst);
 }
@@ -457,7 +423,7 @@ inline bool isThreadForkCall(const ICFGNode *inst)
 
 /// Return true if this is a thread join call
 ///@{
-inline bool isThreadJoinCall(const ICFGNode* cs)
+inline bool isThreadJoinCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDJoin(cs);
 }
@@ -465,7 +431,7 @@ inline bool isThreadJoinCall(const ICFGNode* cs)
 
 /// Return true if this is a thread exit call
 ///@{
-inline bool isThreadExitCall(const ICFGNode* cs)
+inline bool isThreadExitCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDExit(cs);
 }
@@ -473,7 +439,7 @@ inline bool isThreadExitCall(const ICFGNode* cs)
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockAquireCall(const ICFGNode* cs)
+inline bool isLockAquireCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDAcquire(cs);
 }
@@ -481,7 +447,7 @@ inline bool isLockAquireCall(const ICFGNode* cs)
 
 /// Return true if this is a lock acquire call
 ///@{
-inline bool isLockReleaseCall(const ICFGNode* cs)
+inline bool isLockReleaseCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDRelease(cs);
 }
@@ -489,7 +455,7 @@ inline bool isLockReleaseCall(const ICFGNode* cs)
 
 /// Return true if this is a barrier wait call
 //@{
-inline bool isBarrierWaitCall(const ICFGNode* cs)
+inline bool isBarrierWaitCall(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->isTDBarWait(cs);
 }
@@ -504,10 +470,7 @@ inline const SVFValue* getActualParmAtForkSite(const CallICFGNode* cs)
 //@}
 
 
-inline bool isProgExitCall(const CallICFGNode* cs)
-{
-    return isProgExitFunction(getCallee(cs));
-}
+bool isProgExitCall(const CallICFGNode* cs);
 
 
 template<typename T>

package/svf/include/Util/ThreadAPI.h

@@ -119,19 +119,6 @@ public:
         }
     }
 
-    /// Return the callee/callsite/func
-    //@{
-    const SVFFunction* getCallee(const ICFGNode *inst) const;
-    //@}
-
-    /// Return true if this call create a new thread
-    //@{
-    inline bool isTDFork(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_FORK;
-    }
-    //@}
-
     /// Return arguments/attributes of pthread_create / hare_parallel_for
     //@{
     /// Return the first argument of the call,
@@ -146,12 +133,14 @@ public:
     const SVFValue* getActualParmAtForkSite(const CallICFGNode *inst) const;
     //@}
 
+    /// Return true if this call create a new thread
+    //@{
+    bool isTDFork(const CallICFGNode *inst) const;
+    //@}
+
     /// Return true if this call wait for a worker thread
     //@{
-    inline bool isTDJoin(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_JOIN;
-    }
+    bool isTDJoin(const CallICFGNode *inst) const;
     //@}
 
     /// Return arguments/attributes of pthread_join
@@ -167,26 +156,17 @@ public:
 
     /// Return true if this call exits/terminate a thread
     //@{
-    inline bool isTDExit(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_EXIT;
-    }
+    bool isTDExit(const CallICFGNode *inst) const;
     //@}
 
     /// Return true if this call acquire a lock
     //@{
-    inline bool isTDAcquire(const ICFGNode* inst) const
-    {
-        return getType(getCallee(inst)) == TD_ACQUIRE;
-    }
+    bool isTDAcquire(const CallICFGNode* inst) const;
     //@}
 
     /// Return true if this call release a lock
     //@{
-    inline bool isTDRelease(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_RELEASE;
-    }
+    bool isTDRelease(const CallICFGNode *inst) const;
     //@}
 
     /// Return lock value
@@ -197,10 +177,7 @@ public:
 
     /// Return true if this call waits for a barrier
     //@{
-    inline bool isTDBarWait(const ICFGNode *inst) const
-    {
-        return getType(getCallee(inst)) == TD_BAR_WAIT;
-    }
+    bool isTDBarWait(const CallICFGNode *inst) const;
     //@}
 
     void performAPIStat(SVFModule* m);

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -94,8 +94,7 @@ void BufOverflowDetector::detect(AbstractState& as, const ICFGNode* node)
     {
         // Handle call nodes by checking for external API calls
         const CallICFGNode* callNode = SVFUtil::cast<CallICFGNode>(node);
-        const SVFFunction *callfun = SVFUtil::getCallee(callNode->getCallSite());
-        if (SVFUtil::isExtCall(callfun))
+        if (SVFUtil::isExtCall(callNode->getCalledFunction()))
         {
             detectExtAPI(as, callNode);
         }
@@ -146,13 +145,12 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
                                        const CallICFGNode* call)
 {
     SVFIR* svfir = PAG::getPAG();
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
-    assert(fun && "SVFFunction* is nullptr");
+    assert(call->getCalledFunction() && "SVFFunction* is nullptr");
 
     AbstractInterpretation::ExtAPIType extType = AbstractInterpretation::UNCLASSIFIED;
 
     // Determine the type of external memory API
-    for (const std::string &annotation : fun->getAnnotations())
+    for (const std::string &annotation : call->getCalledFunction()->getAnnotations())
     {
         if (annotation.find("MEMCPY") != std::string::npos)
             extType = AbstractInterpretation::MEMCPY;
@@ -167,13 +165,13 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
     // Apply buffer overflow checks based on the determined API type
     if (extType == AbstractInterpretation::MEMCPY)
     {
-        if (extAPIBufOverflowCheckRules.count(fun->getName()) == 0)
+        if (extAPIBufOverflowCheckRules.count(call->getCalledFunction()->getName()) == 0)
         {
-            SVFUtil::errs() << "Warning: " << fun->getName() << " is not in the rules, please implement it\n";
+            SVFUtil::errs() << "Warning: " << call->getCalledFunction()->getName() << " is not in the rules, please implement it\n";
             return;
         }
         std::vector<std::pair<u32_t, u32_t>> args =
-                                              extAPIBufOverflowCheckRules.at(fun->getName());
+                                              extAPIBufOverflowCheckRules.at(call->getCalledFunction()->getName());
         for (auto arg : args)
         {
             IntervalValue offset = as[svfir->getValueNode(call->getArgument(arg.second))].getInterval() - IntervalValue(1);
@@ -186,13 +184,13 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
     }
     else if (extType == AbstractInterpretation::MEMSET)
     {
-        if (extAPIBufOverflowCheckRules.count(fun->getName()) == 0)
+        if (extAPIBufOverflowCheckRules.count(call->getCalledFunction()->getName()) == 0)
         {
-            SVFUtil::errs() << "Warning: " << fun->getName() << " is not in the rules, please implement it\n";
+            SVFUtil::errs() << "Warning: " << call->getCalledFunction()->getName() << " is not in the rules, please implement it\n";
             return;
         }
         std::vector<std::pair<u32_t, u32_t>> args =
-                                              extAPIBufOverflowCheckRules.at(fun->getName());
+                                              extAPIBufOverflowCheckRules.at(call->getCalledFunction()->getName());
         for (auto arg : args)
         {
             IntervalValue offset = as[svfir->getValueNode(call->getArgument(arg.second))].getInterval() - IntervalValue(1);
@@ -340,12 +338,11 @@ bool BufOverflowDetector::detectStrcpy(AbstractState& as, const CallICFGNode *ca
 bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *call)
 {
     SVFIR* svfir = PAG::getPAG();
-    const SVFFunction *fun = SVFUtil::getCallee(call->getCallSite());
 
     const std::vector<std::string> strcatGroup = {"__strcat_chk", "strcat", "__wcscat_chk", "wcscat"};
     const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
 
-    if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
+    if (std::find(strcatGroup.begin(), strcatGroup.end(), call->getCalledFunction()->getName()) != strcatGroup.end())
     {
         const SVFValue* arg0Val = call->getArgument(0);
         const SVFValue* arg1Val = call->getArgument(1);
@@ -354,7 +351,7 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
         IntervalValue totalLen = strLen0 + strLen1;
         return canSafelyAccessMemory(as, arg0Val, totalLen);
     }
-    else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
+    else if (std::find(strncatGroup.begin(), strncatGroup.end(), call->getCalledFunction()->getName()) != strncatGroup.end())
     {
         const SVFValue* arg0Val = call->getArgument(0);
         const SVFValue* arg2Val = call->getArgument(2);