svf-tools 1.0.993 → 1.0.994

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.993",
+  "version": "1.0.994",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/svf/include/Graphs/ThreadCallGraph.h

@@ -31,13 +31,13 @@
 #define RCG_H_
 
 #include "Graphs/CallGraph.h"
-#include "MemoryModel/PointerAnalysisImpl.h"
 
 namespace SVF
 {
 
 class SVFModule;
 class ThreadAPI;
+class PointerAnalysis;
 /*!
  * PTA thread fork edge from fork site to the entry of a start routine function
  */
@@ -201,7 +201,8 @@ public:
     /// whether this call instruction has a valid call graph edge
     inline bool hasThreadForkEdge(const CallICFGNode* cs) const
     {
-        return callinstToThreadForkEdgesMap.find(cs) != callinstToThreadForkEdgesMap.end();
+        return callinstToThreadForkEdgesMap.find(cs) !=
+               callinstToThreadForkEdgesMap.end();
     }
     inline ForkEdgeSet::const_iterator getForkEdgeBegin(const CallICFGNode* cs) const
     {
@@ -345,8 +346,8 @@ public:
 
     /// Add direct/indirect thread fork edges
     //@{
-    void addDirectForkEdge(const CallICFGNode* cs);
-    void addIndirectForkEdge(const CallICFGNode* cs, const SVFFunction* callee);
+    bool addDirectForkEdge(const CallICFGNode* cs);
+    bool addIndirectForkEdge(const CallICFGNode* cs, const SVFFunction* callee);
     //@}
 
     /// Add thread join edges

package/svf/include/MemoryModel/PointerAnalysis.h

@@ -34,7 +34,7 @@
 #include <signal.h>
 
 #include "Graphs/CHG.h"
-#include "Graphs/CallGraph.h"
+#include "Graphs/ThreadCallGraph.h"
 #include "Graphs/SCC.h"
 #include "MemoryModel/AbstractPointsToDS.h"
 #include "MemoryModel/ConditionalPT.h"

package/svf/include/MemoryModel/PointerAnalysisImpl.h

@@ -199,6 +199,10 @@ protected:
     /// On the fly call graph construction
     virtual void onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites, CallEdgeMap& newEdges);
 
+    /// On the fly thread call graph construction respecting forksite
+    virtual void onTheFlyThreadCallGraphSolve(const CallSiteToFunPtrMap& callsites,
+            CallEdgeMap& newForkEdges);
+
     /// Normalize points-to information for field-sensitive analysis,
     /// i.e., replace fieldObj with baseObj if it is field-insensitive
     virtual void normalizePointsTo();

package/svf/include/Util/SVFUtil.h

@@ -457,7 +457,7 @@ inline bool isBarrierWaitCall(const CallICFGNode* cs)
 
 /// Return sole argument of the thread routine
 //@{
-inline const SVFValue* getActualParmAtForkSite(const CallICFGNode* cs)
+inline const SVFVar* getActualParmAtForkSite(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->getActualParmAtForkSite(cs);
 }

package/svf/include/Util/ThreadAPI.h

@@ -38,6 +38,7 @@ namespace SVF
 class SVFModule;
 class ICFGNode;
 class CallICFGNode;
+class SVFVar;
 
 /*
  * ThreadAPI class contains interfaces for pthread programs
@@ -128,11 +129,16 @@ public:
     /// Note that, it could be function type or a void* pointer
     const SVFValue* getForkedFun(const CallICFGNode *inst) const;
 
-    /// Return the forth argument of the call,
+    /// Return the actual param of forksite
     /// Note that, it is the sole argument of start routine ( a void* pointer )
-    const SVFValue* getActualParmAtForkSite(const CallICFGNode *inst) const;
+    const SVFVar* getActualParmAtForkSite(const CallICFGNode *inst) const;
+
+    /// Return the formal parm of forked function (the first arg in pthread)
+    const SVFVar* getFormalParmOfForkedFun(const SVFFunction* F) const;
     //@}
 
+
+
     /// Return true if this call create a new thread
     //@{
     bool isTDFork(const CallICFGNode *inst) const;

package/svf/include/WPA/Andersen.h

@@ -47,6 +47,8 @@ namespace SVF
 
 class SVFModule;
 
+class ThreadCallGraph;
+
 /*!
  * Abstract class of inclusion-based Pointer Analysis
  */
@@ -54,6 +56,9 @@ typedef WPASolver<ConstraintGraph*> WPAConstraintSolver;
 
 class AndersenBase:  public WPAConstraintSolver, public BVDataPTAImpl
 {
+public:
+    typedef OrderedMap<const CallICFGNode*, NodeID> CallSite2DummyValPN;
+
 public:
 
     /// Constructor
@@ -81,11 +86,19 @@ public:
     /// Finalize analysis
     virtual void finalize() override;
 
-    /// Implement it in child class to update call graph
-    virtual inline bool updateCallGraph(const CallSiteToFunPtrMap&) override
-    {
-        return false;
-    }
+    /// Update call graph
+    virtual bool updateCallGraph(const CallSiteToFunPtrMap&) override;
+
+    /// Update thread call graph
+    virtual bool updateThreadCallGraph(const CallSiteToFunPtrMap&, NodePairSet&);
+
+    /// Connect formal and actual parameters for indirect forksites
+    virtual void connectCaller2ForkedFunParams(const CallICFGNode* cs, const SVFFunction* F,
+            NodePairSet& cpySrcNodes);
+
+    /// Connect formal and actual parameters for indirect callsites
+    virtual void connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F,
+                                            NodePairSet& cpySrcNodes);
 
     /// Methods for support type inquiry through isa, cast, and dyn_cast:
     //@{
@@ -123,6 +136,9 @@ public:
     }
     //@}
 
+    /// Add copy edge on constraint graph
+    virtual inline bool addCopyEdge(NodeID src, NodeID dst) = 0;
+
     /// dump statistics
     inline void printStat()
     {
@@ -160,6 +176,11 @@ public:
 protected:
     /// Constraint Graph
     ConstraintGraph* consCG;
+    CallSite2DummyValPN
+    callsite2DummyValPN; ///< Map an instruction to a dummy obj which
+    ///< created at an indirect callsite, which invokes
+    ///< a heap allocator
+    void heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet& cpySrcNodes);
 };
 
 /*!
@@ -171,7 +192,6 @@ class Andersen:  public AndersenBase
 
 public:
     typedef SCCDetection<ConstraintGraph*> CGSCC;
-    typedef OrderedMap<const CallICFGNode*, NodeID> CallSite2DummyValPN;
 
     /// Constructor
     Andersen(SVFIR* _pag, PTATY type = Andersen_WPA, bool alias_check = true)
@@ -243,7 +263,6 @@ public:
 protected:
 
     CallSite2DummyValPN callsite2DummyValPN;        ///< Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocator
-    void heapAllocatorViaIndCall(const CallICFGNode* cs,NodePairSet &cpySrcNodes);
 
     /// Handle diff points-to set.
     virtual inline void computeDiffPts(NodeID id)
@@ -311,12 +330,6 @@ protected:
         return false;
     }
 
-    /// Update call graph for the input indirect callsites
-    virtual bool updateCallGraph(const CallSiteToFunPtrMap& callsites);
-
-    /// Connect formal and actual parameters for indirect callsites
-    void connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F, NodePairSet& cpySrcNodes);
-
     /// Merge sub node to its rep
     virtual void mergeNodeToRep(NodeID nodeId,NodeID newRepId);
 

package/svf/include/WPA/Steensgaard.h

@@ -23,7 +23,6 @@ class Steensgaard : public AndersenBase
 public:
     typedef Map<NodeID, NodeID> NodeToEquivClassMap;
     typedef Map<NodeID, Set<NodeID>> NodeToSubsMap;
-    typedef OrderedMap<const CallICFGNode*, NodeID> CallSite2DummyValPN;
 
     /// Constructor
     Steensgaard(SVFIR* _pag) : AndersenBase(_pag, Steensgaard_WPA, true) {}
@@ -46,7 +45,7 @@ public:
         steens = nullptr;
     }
 
-    virtual void solveWorklist();
+    virtual void solveWorklist() override;
 
     void processAllAddr();
 
@@ -69,18 +68,18 @@ public:
     //@}
 
     /// Operation of points-to set
-    virtual inline const PointsTo& getPts(NodeID id)
+    virtual inline const PointsTo& getPts(NodeID id) override
     {
         return getPTDataTy()->getPts(getEC(id));
     }
     /// pts(id) = pts(id) U target
-    virtual inline bool unionPts(NodeID id, const PointsTo& target)
+    virtual inline bool unionPts(NodeID id, const PointsTo& target) override
     {
         id = getEC(id);
         return getPTDataTy()->unionPts(id, target);
     }
     /// pts(id) = pts(id) U pts(ptd)
-    virtual inline bool unionPts(NodeID id, NodeID ptd)
+    virtual inline bool unionPts(NodeID id, NodeID ptd) override
     {
         id = getEC(id);
         ptd = getEC(ptd);
@@ -98,6 +97,11 @@ public:
         else
             return it->second;
     }
+    /// Return getEC(id)
+    inline NodeID sccRepNode(NodeID id) const override
+    {
+        return getEC(id);
+    }
     void setEC(NodeID node, NodeID rep);
 
     inline Set<NodeID>& getSubNodes(NodeID id)
@@ -111,25 +115,11 @@ public:
     }
 
     /// Add copy edge on constraint graph
-    virtual inline bool addCopyEdge(NodeID src, NodeID dst)
+    virtual inline bool addCopyEdge(NodeID src, NodeID dst) override
     {
         return consCG->addCopyCGEdge(src, dst);
     }
 
-protected:
-    CallSite2DummyValPN
-    callsite2DummyValPN; ///< Map an instruction to a dummy obj which
-    ///< created at an indirect callsite, which invokes
-    ///< a heap allocator
-    void heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet& cpySrcNodes);
-
-    /// Update call graph for the input indirect callsites
-    virtual bool updateCallGraph(const CallSiteToFunPtrMap& callsites);
-
-    /// Connect formal and actual parameters for indirect callsites
-    void connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F,
-                                    NodePairSet& cpySrcNodes);
-
 private:
     static Steensgaard* steens; // static instance
     NodeToEquivClassMap nodeToECMap;

package/svf/include/WPA/TypeAnalysis.h

@@ -51,13 +51,20 @@ public:
     }
 
     /// Type analysis
-    void analyze();
+    void analyze() override;
 
     /// Initialize analysis
-    void initialize();
+    void initialize() override;
 
     /// Finalize analysis
-    virtual inline void finalize();
+    virtual inline void finalize() override;
+
+    /// Add copy edge on constraint graph
+    inline bool addCopyEdge(NodeID src, NodeID dst) override
+    {
+        assert(false && "this function should never be executed!");
+        return false;
+    }
 
     /// Resolve callgraph based on CHA
     void callGraphSolveBasedOnCHA(const CallSiteToFunPtrMap& callsites, CallEdgeMap& newEdges);

package/svf/lib/Graphs/ThreadCallGraph.cpp

@@ -30,6 +30,8 @@
 #include "SVFIR/SVFModule.h"
 #include "Graphs/ThreadCallGraph.h"
 #include "Util/ThreadAPI.h"
+#include "SVFIR/SVFIR.h"
+#include "MemoryModel/PointerAnalysisImpl.h"
 
 using namespace SVF;
 using namespace SVFUtil;
@@ -119,7 +121,7 @@ void ThreadCallGraph::updateJoinEdge(PointerAnalysis* pta)
 /*!
  * Add direct fork edges
  */
-void ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
+bool ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
 {
 
     CallGraphNode* caller = getCallGraphNode(cs->getCaller());
@@ -137,13 +139,16 @@ void ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
 
         addEdge(edge);
         addThreadForkEdgeSetMap(cs, edge);
+        return true;
     }
+    else
+        return false;
 }
 
 /*!
  * Add indirect fork edge to update call graph
  */
-void ThreadCallGraph::addIndirectForkEdge(const CallICFGNode* cs, const SVFFunction* calleefun)
+bool ThreadCallGraph::addIndirectForkEdge(const CallICFGNode* cs, const SVFFunction* calleefun)
 {
     CallGraphNode* caller = getCallGraphNode(cs->getCaller());
     CallGraphNode* callee = getCallGraphNode(calleefun);
@@ -159,7 +164,10 @@ void ThreadCallGraph::addIndirectForkEdge(const CallICFGNode* cs, const SVFFunct
 
         addEdge(edge);
         addThreadForkEdgeSetMap(cs, edge);
+        return true;
     }
+    else
+        return false;
 }
 
 /*!

package/svf/lib/MemoryModel/PointerAnalysisImpl.cpp

@@ -507,6 +507,43 @@ void BVDataPTAImpl::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites,
     }
 }
 
+/*!
+ * On the fly call graph construction respecting forksite
+ * callsites is candidate indirect callsites need to be analyzed based on points-to results
+ * newEdges is the new indirect call edges discovered
+ */
+void BVDataPTAImpl::onTheFlyThreadCallGraphSolve(const CallSiteToFunPtrMap& callsites,
+        CallEdgeMap& newForkEdges)
+{
+    // add indirect fork edges
+    if(ThreadCallGraph *tdCallGraph = SVFUtil::dyn_cast<ThreadCallGraph>(callgraph))
+    {
+        for(CallSiteSet::const_iterator it = tdCallGraph->forksitesBegin(),
+                eit = tdCallGraph->forksitesEnd(); it != eit; ++it)
+        {
+            const SVFValue* forkedVal =tdCallGraph->getThreadAPI()->getForkedFun(*it);
+            if(SVFUtil::dyn_cast<SVFFunction>(forkedVal) == nullptr)
+            {
+                SVFIR *pag = this->getPAG();
+                const NodeBS targets = this->getPts(pag->getValueNode(forkedVal)).toNodeBS();
+                for(NodeBS::iterator ii = targets.begin(), ie = targets.end(); ii != ie; ++ii)
+                {
+                    if(ObjVar *objPN = SVFUtil::dyn_cast<ObjVar>(pag->getGNode(*ii)))
+                    {
+                        const MemObj *obj = pag->getObject(objPN);
+                        if(obj->isFunction())
+                        {
+                            const SVFFunction *svfForkedFun = SVFUtil::cast<SVFFunction>(obj->getValue());
+                            if(tdCallGraph->addIndirectForkEdge(*it, svfForkedFun))
+                                newForkEdges[*it].insert(svfForkedFun);
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
 /*!
  * Normalize points-to information for field-sensitive analysis
  */

package/svf/lib/Util/ThreadAPI.cpp

@@ -172,12 +172,22 @@ const SVFValue* ThreadAPI::getForkedFun(const CallICFGNode *inst) const
     return inst->getArgument(2);
 }
 
-/// Return the forth argument of the call,
-/// Note that, it is the sole argument of start routine ( a void* pointer )
-const SVFValue* ThreadAPI::getActualParmAtForkSite(const CallICFGNode *inst) const
+const SVFVar* ThreadAPI::getActualParmAtForkSite(const CallICFGNode* inst) const
 {
-    assert(isTDFork(inst) && "not a thread fork function!");
-    return inst->getArgument(3);
+    assert(PAG::getPAG()->hasCallSiteArgsMap(inst) && "forksite has no args list!");
+    const SVFIR::SVFVarList& csArgList = PAG::getPAG()->getCallSiteArgsList(inst);
+    // pthread_create has 4 parameters
+    assert(csArgList.size() == 4 && "num of forksite args is not 4");
+    return csArgList[3];
+}
+
+const SVFVar* ThreadAPI::getFormalParmOfForkedFun(const SVFFunction* F) const
+{
+    assert(PAG::getPAG()->hasFunArgsList(F) && "forked function has no args list!");
+    const SVFIR::SVFVarList& funArgList = PAG::getPAG()->getFunArgsList(F);
+    // in pthread, forked functions are of type void *()(void *args)
+    assert(funArgList.size() == 1 && "num of pthread forked function args is not 1!");
+    return funArgList[0];
 }
 
 const SVFValue* ThreadAPI::getRetParmAtJoinedSite(const CallICFGNode *inst) const

package/svf/lib/WPA/Andersen.cpp

@@ -187,6 +187,211 @@ void AndersenBase::cleanConsCG(NodeID id)
     assert(!consCG->hasGNode(id) && "this is either a rep nodeid or a sub nodeid should have already been merged to its field-insensitive base! ");
 }
 
+bool AndersenBase::updateCallGraph(const CallSiteToFunPtrMap& callsites)
+{
+
+    double cgUpdateStart = stat->getClk();
+
+    CallEdgeMap newEdges;
+    onTheFlyCallGraphSolve(callsites, newEdges);
+    NodePairSet cpySrcNodes; /// nodes as a src of a generated new copy edge
+    for (CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end();
+            it != eit; ++it)
+    {
+        for (FunctionSet::iterator cit = it->second.begin(),
+                ecit = it->second.end();
+                cit != ecit; ++cit)
+        {
+            connectCaller2CalleeParams(it->first, *cit, cpySrcNodes);
+        }
+    }
+
+    bool hasNewForkEdges = updateThreadCallGraph(callsites, cpySrcNodes);
+
+    for (NodePairSet::iterator it = cpySrcNodes.begin(),
+            eit = cpySrcNodes.end();
+            it != eit; ++it)
+    {
+        pushIntoWorklist(it->first);
+    }
+
+    double cgUpdateEnd = stat->getClk();
+    timeOfUpdateCallGraph += (cgUpdateEnd - cgUpdateStart) / TIMEINTERVAL;
+
+    return ((!newEdges.empty()) || hasNewForkEdges);
+}
+
+bool AndersenBase::updateThreadCallGraph(const CallSiteToFunPtrMap& callsites,
+        NodePairSet& cpySrcNodes)
+{
+    CallEdgeMap newForkEdges;
+    onTheFlyThreadCallGraphSolve(callsites, newForkEdges);
+    for (CallEdgeMap::iterator it = newForkEdges.begin(), eit = newForkEdges.end(); it != eit; it++)
+    {
+        for (FunctionSet::iterator cit = it->second.begin(),
+                ecit = it->second.end();
+                cit != ecit; ++cit)
+        {
+            connectCaller2ForkedFunParams(it->first, *cit, cpySrcNodes);
+        }
+    }
+    return !newForkEdges.empty();
+}
+
+/*!
+ * Connect formal and actual parameters for indirect forksites
+ */
+void AndersenBase::connectCaller2ForkedFunParams(const CallICFGNode* cs, const SVFFunction* F,
+        NodePairSet& cpySrcNodes)
+{
+    assert(F);
+
+    DBOUT(DAndersen, outs() << "connect parameters from indirect forksite "
+          << cs.getInstruction()->toString() << " to forked function "
+          << *F << "\n");
+
+    ThreadCallGraph *tdCallGraph = SVFUtil::dyn_cast<ThreadCallGraph>(callgraph);
+
+    const PAGNode *cs_arg = tdCallGraph->getThreadAPI()->getActualParmAtForkSite(cs);
+    const PAGNode *fun_arg = tdCallGraph->getThreadAPI()->getFormalParmOfForkedFun(F);
+
+    if(cs_arg->isPointer() && fun_arg->isPointer())
+    {
+        DBOUT(DAndersen, outs() << "process actual parm"
+              << cs_arg->toString() << "\n");
+        NodeID srcAA = sccRepNode(cs_arg->getId());
+        NodeID dstFA = sccRepNode(fun_arg->getId());
+        if (addCopyEdge(srcAA, dstFA))
+        {
+            cpySrcNodes.insert(std::make_pair(srcAA, dstFA));
+        }
+    }
+}
+
+///*!
+// * Connect formal and actual parameters for indirect callsites
+// */
+void AndersenBase::connectCaller2CalleeParams(const CallICFGNode* cs,
+        const SVFFunction* F, NodePairSet &cpySrcNodes)
+{
+    assert(F);
+
+    DBOUT(DAndersen, outs() << "connect parameters from indirect callsite " <<
+          cs.getInstruction()->toString() << " to callee " << *F << "\n");
+
+    const CallICFGNode* callBlockNode = cs;
+    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
+
+    if(SVFUtil::isHeapAllocExtFunViaRet(F) && pag->callsiteHasRet(retBlockNode))
+    {
+        heapAllocatorViaIndCall(cs,cpySrcNodes);
+    }
+
+    if (pag->funHasRet(F) && pag->callsiteHasRet(retBlockNode))
+    {
+        const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
+        const PAGNode* fun_return = pag->getFunRet(F);
+        if (cs_return->isPointer() && fun_return->isPointer())
+        {
+            NodeID dstrec = sccRepNode(cs_return->getId());
+            NodeID srcret = sccRepNode(fun_return->getId());
+            if(addCopyEdge(srcret, dstrec))
+            {
+                cpySrcNodes.insert(std::make_pair(srcret,dstrec));
+            }
+        }
+        else
+        {
+            DBOUT(DAndersen, outs() << "not a pointer ignored\n");
+        }
+    }
+
+    if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(F))
+    {
+
+        // connect actual and formal param
+        const SVFIR::SVFVarList& csArgList = pag->getCallSiteArgsList(callBlockNode);
+        const SVFIR::SVFVarList& funArgList = pag->getFunArgsList(F);
+        //Go through the fixed parameters.
+        DBOUT(DPAGBuild, outs() << "      args:");
+        SVFIR::SVFVarList::const_iterator funArgIt = funArgList.begin(), funArgEit = funArgList.end();
+        SVFIR::SVFVarList::const_iterator csArgIt  = csArgList.begin(), csArgEit = csArgList.end();
+        for (; funArgIt != funArgEit; ++csArgIt, ++funArgIt)
+        {
+            //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
+            if (csArgIt  == csArgEit)
+            {
+                DBOUT(DAndersen, outs() << " !! not enough args\n");
+                break;
+            }
+            const PAGNode *cs_arg = *csArgIt ;
+            const PAGNode *fun_arg = *funArgIt;
+
+            if (cs_arg->isPointer() && fun_arg->isPointer())
+            {
+                DBOUT(DAndersen, outs() << "process actual parm  " << cs_arg->toString() << " \n");
+                NodeID srcAA = sccRepNode(cs_arg->getId());
+                NodeID dstFA = sccRepNode(fun_arg->getId());
+                if(addCopyEdge(srcAA, dstFA))
+                {
+                    cpySrcNodes.insert(std::make_pair(srcAA,dstFA));
+                }
+            }
+        }
+
+        //Any remaining actual args must be varargs.
+        if (F->isVarArg())
+        {
+            NodeID vaF = sccRepNode(pag->getVarargNode(F));
+            DBOUT(DPAGBuild, outs() << "\n      varargs:");
+            for (; csArgIt != csArgEit; ++csArgIt)
+            {
+                const PAGNode *cs_arg = *csArgIt;
+                if (cs_arg->isPointer())
+                {
+                    NodeID vnAA = sccRepNode(cs_arg->getId());
+                    if (addCopyEdge(vnAA,vaF))
+                    {
+                        cpySrcNodes.insert(std::make_pair(vnAA,vaF));
+                    }
+                }
+            }
+        }
+        if(csArgIt != csArgEit)
+        {
+            writeWrnMsg("too many args to non-vararg func.");
+            writeWrnMsg("(" + cs->getSourceLoc() + ")");
+        }
+    }
+}
+
+void AndersenBase::heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet &cpySrcNodes)
+{
+    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
+    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
+    const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
+    NodeID srcret;
+    CallSite2DummyValPN::const_iterator it = callsite2DummyValPN.find(cs);
+    if(it != callsite2DummyValPN.end())
+    {
+        srcret = sccRepNode(it->second);
+    }
+    else
+    {
+        NodeID valNode = pag->addDummyValNode();
+        NodeID objNode = pag->addDummyObjNode(cs->getCallSite()->getType());
+        addPts(valNode,objNode);
+        callsite2DummyValPN.insert(std::make_pair(cs,valNode));
+        consCG->addConstraintNode(new ConstraintNode(valNode),valNode);
+        consCG->addConstraintNode(new ConstraintNode(objNode),objNode);
+        srcret = valNode;
+    }
+
+    NodeID dstrec = sccRepNode(cs_return->getId());
+    if(addCopyEdge(srcret, dstrec))
+        cpySrcNodes.insert(std::make_pair(srcret,dstrec));
+}
+
 void AndersenBase::normalizePointsTo()
 {
     SVFIR::MemObjToFieldsMap &memToFieldsMap = pag->getMemToFieldsMap();
@@ -648,157 +853,6 @@ NodeStack& Andersen::SCCDetect()
     return getSCCDetector()->topoNodeStack();
 }
 
-/*!
- * Update call graph for the input indirect callsites
- */
-bool Andersen::updateCallGraph(const CallSiteToFunPtrMap& callsites)
-{
-
-    double cgUpdateStart = stat->getClk();
-
-    CallEdgeMap newEdges;
-    onTheFlyCallGraphSolve(callsites,newEdges);
-    NodePairSet cpySrcNodes;	/// nodes as a src of a generated new copy edge
-    for(CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end(); it!=eit; ++it )
-    {
-        for(FunctionSet::iterator cit = it->second.begin(), ecit = it->second.end(); cit!=ecit; ++cit)
-        {
-            connectCaller2CalleeParams(it->first,*cit,cpySrcNodes);
-        }
-    }
-    for(NodePairSet::iterator it = cpySrcNodes.begin(), eit = cpySrcNodes.end(); it!=eit; ++it)
-    {
-        pushIntoWorklist(it->first);
-    }
-
-    double cgUpdateEnd = stat->getClk();
-    timeOfUpdateCallGraph += (cgUpdateEnd - cgUpdateStart) / TIMEINTERVAL;
-
-    return (!newEdges.empty());
-}
-
-void Andersen::heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet &cpySrcNodes)
-{
-    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
-    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
-    const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
-    NodeID srcret;
-    CallSite2DummyValPN::const_iterator it = callsite2DummyValPN.find(cs);
-    if(it != callsite2DummyValPN.end())
-    {
-        srcret = sccRepNode(it->second);
-    }
-    else
-    {
-        NodeID valNode = pag->addDummyValNode();
-        NodeID objNode = pag->addDummyObjNode(cs->getCallSite()->getType());
-        addPts(valNode,objNode);
-        callsite2DummyValPN.insert(std::make_pair(cs,valNode));
-        consCG->addConstraintNode(new ConstraintNode(valNode),valNode);
-        consCG->addConstraintNode(new ConstraintNode(objNode),objNode);
-        srcret = valNode;
-    }
-
-    NodeID dstrec = sccRepNode(cs_return->getId());
-    if(addCopyEdge(srcret, dstrec))
-        cpySrcNodes.insert(std::make_pair(srcret,dstrec));
-}
-
-/*!
- * Connect formal and actual parameters for indirect callsites
- */
-void Andersen::connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F, NodePairSet &cpySrcNodes)
-{
-    assert(F);
-
-    DBOUT(DAndersen, outs() << "connect parameters from indirect callsite " << cs.getInstruction()->toString() << " to callee " << *F << "\n");
-
-    const CallICFGNode* callBlockNode = cs;
-    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
-
-    if(SVFUtil::isHeapAllocExtFunViaRet(F) && pag->callsiteHasRet(retBlockNode))
-    {
-        heapAllocatorViaIndCall(cs,cpySrcNodes);
-    }
-
-    if (pag->funHasRet(F) && pag->callsiteHasRet(retBlockNode))
-    {
-        const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
-        const PAGNode* fun_return = pag->getFunRet(F);
-        if (cs_return->isPointer() && fun_return->isPointer())
-        {
-            NodeID dstrec = sccRepNode(cs_return->getId());
-            NodeID srcret = sccRepNode(fun_return->getId());
-            if(addCopyEdge(srcret, dstrec))
-            {
-                cpySrcNodes.insert(std::make_pair(srcret,dstrec));
-            }
-        }
-        else
-        {
-            DBOUT(DAndersen, outs() << "not a pointer ignored\n");
-        }
-    }
-
-    if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(F))
-    {
-
-        // connect actual and formal param
-        const SVFIR::SVFVarList& csArgList = pag->getCallSiteArgsList(callBlockNode);
-        const SVFIR::SVFVarList& funArgList = pag->getFunArgsList(F);
-        //Go through the fixed parameters.
-        DBOUT(DPAGBuild, outs() << "      args:");
-        SVFIR::SVFVarList::const_iterator funArgIt = funArgList.begin(), funArgEit = funArgList.end();
-        SVFIR::SVFVarList::const_iterator csArgIt  = csArgList.begin(), csArgEit = csArgList.end();
-        for (; funArgIt != funArgEit; ++csArgIt, ++funArgIt)
-        {
-            //Some programs (e.g. Linux kernel) leave unneeded parameters empty.
-            if (csArgIt  == csArgEit)
-            {
-                DBOUT(DAndersen, outs() << " !! not enough args\n");
-                break;
-            }
-            const PAGNode *cs_arg = *csArgIt ;
-            const PAGNode *fun_arg = *funArgIt;
-
-            if (cs_arg->isPointer() && fun_arg->isPointer())
-            {
-                DBOUT(DAndersen, outs() << "process actual parm  " << cs_arg->toString() << " \n");
-                NodeID srcAA = sccRepNode(cs_arg->getId());
-                NodeID dstFA = sccRepNode(fun_arg->getId());
-                if(addCopyEdge(srcAA, dstFA))
-                {
-                    cpySrcNodes.insert(std::make_pair(srcAA,dstFA));
-                }
-            }
-        }
-
-        //Any remaining actual args must be varargs.
-        if (F->isVarArg())
-        {
-            NodeID vaF = sccRepNode(pag->getVarargNode(F));
-            DBOUT(DPAGBuild, outs() << "\n      varargs:");
-            for (; csArgIt != csArgEit; ++csArgIt)
-            {
-                const PAGNode *cs_arg = *csArgIt;
-                if (cs_arg->isPointer())
-                {
-                    NodeID vnAA = sccRepNode(cs_arg->getId());
-                    if (addCopyEdge(vnAA,vaF))
-                    {
-                        cpySrcNodes.insert(std::make_pair(vnAA,vaF));
-                    }
-                }
-            }
-        }
-        if(csArgIt != csArgEit)
-        {
-            writeWrnMsg("too many args to non-vararg func.");
-            writeWrnMsg("(" + cs->getSourceLoc() + ")");
-        }
-    }
-}
-
 /*!
  * merge nodeId to newRepId. Return true if the newRepId is a PWC node
  */

package/svf/lib/WPA/Steensgaard.cpp

@@ -122,166 +122,4 @@ void Steensgaard::processAllAddr()
                 pushIntoWorklist(dst);
         }
     }
-}
-
-bool Steensgaard::updateCallGraph(const CallSiteToFunPtrMap& callsites)
-{
-
-    double cgUpdateStart = stat->getClk();
-
-    CallEdgeMap newEdges;
-    onTheFlyCallGraphSolve(callsites, newEdges);
-    NodePairSet cpySrcNodes; /// nodes as a src of a generated new copy edge
-    for (CallEdgeMap::iterator it = newEdges.begin(), eit = newEdges.end();
-            it != eit; ++it)
-    {
-        for (FunctionSet::iterator cit = it->second.begin(),
-                ecit = it->second.end();
-                cit != ecit; ++cit)
-        {
-            connectCaller2CalleeParams(it->first, *cit, cpySrcNodes);
-        }
-    }
-    for (NodePairSet::iterator it = cpySrcNodes.begin(),
-            eit = cpySrcNodes.end();
-            it != eit; ++it)
-    {
-        pushIntoWorklist(it->first);
-    }
-
-    double cgUpdateEnd = stat->getClk();
-    timeOfUpdateCallGraph += (cgUpdateEnd - cgUpdateStart) / TIMEINTERVAL;
-
-    return (!newEdges.empty());
-}
-
-void Steensgaard::heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet& cpySrcNodes)
-{
-    assert(cs->getCalledFunction() == nullptr && "not an indirect callsite?");
-    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
-    const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
-    NodeID srcret;
-    CallSite2DummyValPN::const_iterator it = callsite2DummyValPN.find(cs);
-    if (it != callsite2DummyValPN.end())
-    {
-        srcret = getEC(it->second);
-    }
-    else
-    {
-        NodeID valNode = pag->addDummyValNode();
-        NodeID objNode = pag->addDummyObjNode(cs->getCallSite()->getType());
-        addPts(valNode, objNode);
-        callsite2DummyValPN.insert(std::make_pair(cs, valNode));
-        consCG->addConstraintNode(new ConstraintNode(valNode), valNode);
-        consCG->addConstraintNode(new ConstraintNode(objNode), objNode);
-        srcret = valNode;
-    }
-
-    NodeID dstrec = getEC(cs_return->getId());
-    if (addCopyEdge(srcret, dstrec))
-        cpySrcNodes.insert(std::make_pair(srcret, dstrec));
-}
-
-/*!
- * Connect formal and actual parameters for indirect callsites
- */
-void Steensgaard::connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F,
-        NodePairSet& cpySrcNodes)
-{
-    assert(F);
-
-    DBOUT(DAndersen, outs() << "connect parameters from indirect callsite "
-          << cs.getInstruction()->toString() << " to callee "
-          << *F << "\n");
-
-    const CallICFGNode* callBlockNode = cs;
-    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
-
-    if (SVFUtil::isHeapAllocExtFunViaRet(F) &&
-            pag->callsiteHasRet(retBlockNode))
-    {
-        heapAllocatorViaIndCall(cs, cpySrcNodes);
-    }
-
-    if (pag->funHasRet(F) && pag->callsiteHasRet(retBlockNode))
-    {
-        const PAGNode* cs_return = pag->getCallSiteRet(retBlockNode);
-        const PAGNode* fun_return = pag->getFunRet(F);
-        if (cs_return->isPointer() && fun_return->isPointer())
-        {
-            NodeID dstrec = getEC(cs_return->getId());
-            NodeID srcret = getEC(fun_return->getId());
-            if (addCopyEdge(srcret, dstrec))
-            {
-                cpySrcNodes.insert(std::make_pair(srcret, dstrec));
-            }
-        }
-        else
-        {
-            DBOUT(DAndersen, outs() << "not a pointer ignored\n");
-        }
-    }
-
-    if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(F))
-    {
-
-        // connect actual and formal param
-        const SVFIR::SVFVarList& csArgList =
-            pag->getCallSiteArgsList(callBlockNode);
-        const SVFIR::SVFVarList& funArgList = pag->getFunArgsList(F);
-        // Go through the fixed parameters.
-        DBOUT(DPAGBuild, outs() << "      args:");
-        SVFIR::SVFVarList::const_iterator funArgIt = funArgList.begin(),
-                                          funArgEit = funArgList.end();
-        SVFIR::SVFVarList::const_iterator csArgIt = csArgList.begin(),
-                                          csArgEit = csArgList.end();
-        for (; funArgIt != funArgEit; ++csArgIt, ++funArgIt)
-        {
-            // Some programs (e.g. Linux kernel) leave unneeded parameters
-            // empty.
-            if (csArgIt == csArgEit)
-            {
-                DBOUT(DAndersen, outs() << " !! not enough args\n");
-                break;
-            }
-            const PAGNode* cs_arg = *csArgIt;
-            const PAGNode* fun_arg = *funArgIt;
-
-            if (cs_arg->isPointer() && fun_arg->isPointer())
-            {
-                DBOUT(DAndersen, outs() << "process actual parm  "
-                      << cs_arg->toString() << " \n");
-                NodeID srcAA = getEC(cs_arg->getId());
-                NodeID dstFA = getEC(fun_arg->getId());
-                if (addCopyEdge(srcAA, dstFA))
-                {
-                    cpySrcNodes.insert(std::make_pair(srcAA, dstFA));
-                }
-            }
-        }
-
-        // Any remaining actual args must be varargs.
-        if (F->isVarArg())
-        {
-            NodeID vaF = getEC(pag->getVarargNode(F));
-            DBOUT(DPAGBuild, outs() << "\n      varargs:");
-            for (; csArgIt != csArgEit; ++csArgIt)
-            {
-                const PAGNode* cs_arg = *csArgIt;
-                if (cs_arg->isPointer())
-                {
-                    NodeID vnAA = getEC(cs_arg->getId());
-                    if (addCopyEdge(vnAA, vaF))
-                    {
-                        cpySrcNodes.insert(std::make_pair(vnAA, vaF));
-                    }
-                }
-            }
-        }
-        if (csArgIt != csArgEit)
-        {
-            writeWrnMsg("too many args to non-vararg func.");
-            writeWrnMsg("(" + cs->getSourceLoc() + ")");
-        }
-    }
-}
+}

package/svf-llvm/lib/SVFIRExtAPI.cpp

@@ -259,7 +259,7 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
         if (const SVFFunction* forkedFun = SVFUtil::dyn_cast<SVFFunction>(getForkedFun(callICFGNode)))
         {
             forkedFun = forkedFun->getDefFunForMultipleModule();
-            const SVFValue* actualParm = getActualParmAtForkSite(callICFGNode);
+            const SVFVar* actualParm = getActualParmAtForkSite(callICFGNode);
             /// pthread_create has 1 arg.
             /// apr_thread_create has 2 arg.
             assert((forkedFun->arg_size() <= 2) && "Size of formal parameter of start routine should be one");
@@ -267,10 +267,10 @@ void SVFIRBuilder::handleExtCall(const CallBase* cs, const SVFFunction* svfCalle
             {
                 const SVFArgument* formalParm = forkedFun->getArg(0);
                 /// Connect actual parameter to formal parameter of the start routine
-                if (actualParm->getType()->isPointerTy() && formalParm->getType()->isPointerTy())
+                if (actualParm->isPointer() && formalParm->getType()->isPointerTy())
                 {
                     FunEntryICFGNode *entry = pag->getICFG()->getFunEntryICFGNode(forkedFun);
-                    addThreadForkEdge(pag->getValueNode(actualParm), pag->getValueNode(formalParm), callICFGNode, entry);
+                    addThreadForkEdge(actualParm->getId(), pag->getValueNode(formalParm), callICFGNode, entry);
                 }
             }
         }