svf-tools 1.0.993 → 1.0.995

package/svf/include/SVFIR/SVFVariables.h

@@ -60,19 +60,8 @@ public:
     /// GepValNode: temporary gep obj node for field sensitivity
     /// FIObjNode: for field insensitive analysis
     /// DummyValNode and DummyObjNode: for non-llvm-value node
-    enum PNODEK
-    {
-        ValNode,
-        ObjNode,
-        RetNode,
-        VarargNode,
-        GepValNode,
-        GepObjNode,
-        FIObjNode,
-        DummyValNode,
-        DummyObjNode,
-    };
-
+    typedef GNodeK PNODEK;
+    typedef s64_t GEdgeKind;
 
 protected:
     const SVFValue* value; ///< value of this SVFIR node
@@ -206,19 +195,34 @@ public:
     }
     //@}
 
+    static inline bool classof(const SVFVar *)
+    {
+        return true;
+    }
+
+    static inline bool classof(const GenericPAGNodeTy * node)
+    {
+        return isSVFVarKind(node->getNodeKind());
+    }
+
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return isSVFVarKind(node->getNodeKind());
+    }
+
 private:
     ///  add methods of the components
     //@{
     inline void addInEdge(SVFStmt* inEdge)
     {
-        GNodeK kind = inEdge->getEdgeKind();
+        GEdgeKind kind = inEdge->getEdgeKind();
         InEdgeKindToSetMap[kind].insert(inEdge);
         addIncomingEdge(inEdge);
     }
 
     inline void addOutEdge(SVFStmt* outEdge)
     {
-        GNodeK kind = outEdge->getEdgeKind();
+        GEdgeKind kind = outEdge->getEdgeKind();
         OutEdgeKindToSetMap[kind].insert(outEdge);
         addOutgoingEdge(outEdge);
     }
@@ -264,9 +268,11 @@ class ValVar: public SVFVar
     friend class SVFIRWriter;
     friend class SVFIRReader;
 
+private:
+    const SVFBaseNode* gNode; // constant, gepValvar, retPN, dummy could be null
 protected:
     /// Constructor to create an empty ValVar (for SVFIRReader/deserialization)
-    ValVar(NodeID i, PNODEK ty = ValNode) : SVFVar(i, ty) {}
+    ValVar(NodeID i, PNODEK ty = ValNode) : SVFVar(i, ty), gNode(nullptr) {}
 
 public:
     /// Methods for support type inquiry through isa, cast, and dyn_cast:
@@ -277,25 +283,21 @@ public:
     }
     static inline bool classof(const SVFVar* node)
     {
-        return node->getNodeKind() == SVFVar::ValNode ||
-               node->getNodeKind() == SVFVar::GepValNode ||
-               node->getNodeKind() == SVFVar::RetNode ||
-               node->getNodeKind() == SVFVar::VarargNode ||
-               node->getNodeKind() == SVFVar::DummyValNode;
+        return isValVarKinds(node->getNodeKind());
     }
     static inline bool classof(const GenericPAGNodeTy* node)
     {
-        return node->getNodeKind() == SVFVar::ValNode ||
-               node->getNodeKind() == SVFVar::GepValNode ||
-               node->getNodeKind() == SVFVar::RetNode ||
-               node->getNodeKind() == SVFVar::VarargNode ||
-               node->getNodeKind() == SVFVar::DummyValNode;
+        return isValVarKinds(node->getNodeKind());
+    }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return isValVarKinds(node->getNodeKind());
     }
     //@}
 
     /// Constructor
-    ValVar(const SVFValue* val, NodeID i, PNODEK ty = ValNode)
-        : SVFVar(val, i, ty)
+    ValVar(const SVFValue* val, NodeID i, PNODEK ty = ValNode, const SVFBaseNode* node = nullptr)
+        : SVFVar(val, i, ty), gNode(node)
     {
     }
     /// Return name of a LLVM value
@@ -306,6 +308,11 @@ public:
         return "";
     }
 
+    const SVFBaseNode* getGNode() const
+    {
+        return gNode;
+    }
+
     virtual const std::string toString() const;
 };
 
@@ -335,17 +342,15 @@ public:
     }
     static inline bool classof(const SVFVar* node)
     {
-        return node->getNodeKind() == SVFVar::ObjNode ||
-               node->getNodeKind() == SVFVar::GepObjNode ||
-               node->getNodeKind() == SVFVar::FIObjNode ||
-               node->getNodeKind() == SVFVar::DummyObjNode;
+        return isObjVarKinds(node->getNodeKind());
     }
     static inline bool classof(const GenericPAGNodeTy* node)
     {
-        return node->getNodeKind() == SVFVar::ObjNode ||
-               node->getNodeKind() == SVFVar::GepObjNode ||
-               node->getNodeKind() == SVFVar::FIObjNode ||
-               node->getNodeKind() == SVFVar::DummyObjNode;
+        return isObjVarKinds(node->getNodeKind());
+    }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return isObjVarKinds(node->getNodeKind());
     }
     //@}
 
@@ -477,6 +482,10 @@ public:
     {
         return node->getNodeKind() == SVFVar::GepObjNode;
     }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return node->getNodeKind() == SVFVar::GepObjNode;
+    }
     //@}
 
     /// Constructor
@@ -494,9 +503,9 @@ public:
     }
 
     /// Set the base object from which this GEP node came from.
-    inline void setBaseNode(NodeID base)
+    inline void setBaseNode(NodeID bs)
     {
-        this->base = base;
+        this->base = bs;
     }
 
     /// Return the base object from which this GEP node came from.
@@ -554,6 +563,10 @@ public:
     {
         return node->getNodeKind() == SVFVar::FIObjNode;
     }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return node->getNodeKind() == SVFVar::FIObjNode;
+    }
     //@}
 
     /// Constructor
@@ -604,6 +617,10 @@ public:
     {
         return node->getNodeKind() == SVFVar::RetNode;
     }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return node->getNodeKind() == SVFVar::RetNode;
+    }
     //@}
 
     /// Constructor
@@ -648,6 +665,10 @@ public:
     {
         return node->getNodeKind() == SVFVar::VarargNode;
     }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return node->getNodeKind() == SVFVar::VarargNode;
+    }
     //@}
 
     /// Constructor
@@ -688,6 +709,10 @@ public:
     {
         return node->getNodeKind() == SVFVar::DummyValNode;
     }
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return node->getNodeKind() == SVFVar::DummyValNode;
+    }
     //@}
 
     /// Constructor
@@ -732,6 +757,11 @@ public:
     {
         return node->getNodeKind() == SVFVar::DummyObjNode;
     }
+
+    static inline bool classof(const SVFBaseNode* node)
+    {
+        return node->getNodeKind() == SVFVar::DummyObjNode;
+    }
     //@}
 
     /// Constructor

package/svf/include/SVFIR/SymbolTableInfo.h

@@ -373,6 +373,7 @@ protected:
     Set<const StInfo*> stInfos;
 };
 
+class SVFBaseNode;
 
 /*!
  * Memory object symbols or MemObj (address-taken variables in LLVM-based languages)
@@ -381,6 +382,7 @@ class MemObj
 {
     friend class SVFIRWriter;
     friend class SVFIRReader;
+    friend class SVFIRBuilder;
 
 private:
     /// Type information of this object
@@ -390,9 +392,11 @@ private:
     /// The unique id to represent this symbol
     SymID symId;
 
+    const SVFBaseNode* gNode;
+
 public:
     /// Constructor
-    MemObj(SymID id, ObjTypeInfo* ti, const SVFValue* val = nullptr);
+    MemObj(SymID id, ObjTypeInfo* ti, const SVFValue* val = nullptr, const SVFBaseNode* node = nullptr);
 
     /// Destructor
     virtual ~MemObj()
@@ -408,6 +412,12 @@ public:
         return refVal;
     }
 
+    /// Get the reference value to this object
+    inline const SVFBaseNode* getGNode() const
+    {
+        return gNode;
+    }
+
     /// Get the memory object id
     inline SymID getId() const
     {

package/svf/include/Util/SVFUtil.h

@@ -457,7 +457,7 @@ inline bool isBarrierWaitCall(const CallICFGNode* cs)
 
 /// Return sole argument of the thread routine
 //@{
-inline const SVFValue* getActualParmAtForkSite(const CallICFGNode* cs)
+inline const SVFVar* getActualParmAtForkSite(const CallICFGNode* cs)
 {
     return ThreadAPI::getThreadAPI()->getActualParmAtForkSite(cs);
 }

package/svf/include/Util/ThreadAPI.h

@@ -38,6 +38,7 @@ namespace SVF
 class SVFModule;
 class ICFGNode;
 class CallICFGNode;
+class SVFVar;
 
 /*
  * ThreadAPI class contains interfaces for pthread programs
@@ -128,11 +129,16 @@ public:
     /// Note that, it could be function type or a void* pointer
     const SVFValue* getForkedFun(const CallICFGNode *inst) const;
 
-    /// Return the forth argument of the call,
+    /// Return the actual param of forksite
     /// Note that, it is the sole argument of start routine ( a void* pointer )
-    const SVFValue* getActualParmAtForkSite(const CallICFGNode *inst) const;
+    const SVFVar* getActualParmAtForkSite(const CallICFGNode *inst) const;
+
+    /// Return the formal parm of forked function (the first arg in pthread)
+    const SVFVar* getFormalParmOfForkedFun(const SVFFunction* F) const;
     //@}
 
+
+
     /// Return true if this call create a new thread
     //@{
     bool isTDFork(const CallICFGNode *inst) const;

package/svf/include/WPA/Andersen.h

@@ -47,6 +47,8 @@ namespace SVF
 
 class SVFModule;
 
+class ThreadCallGraph;
+
 /*!
  * Abstract class of inclusion-based Pointer Analysis
  */
@@ -54,6 +56,9 @@ typedef WPASolver<ConstraintGraph*> WPAConstraintSolver;
 
 class AndersenBase:  public WPAConstraintSolver, public BVDataPTAImpl
 {
+public:
+    typedef OrderedMap<const CallICFGNode*, NodeID> CallSite2DummyValPN;
+
 public:
 
     /// Constructor
@@ -81,11 +86,19 @@ public:
     /// Finalize analysis
     virtual void finalize() override;
 
-    /// Implement it in child class to update call graph
-    virtual inline bool updateCallGraph(const CallSiteToFunPtrMap&) override
-    {
-        return false;
-    }
+    /// Update call graph
+    virtual bool updateCallGraph(const CallSiteToFunPtrMap&) override;
+
+    /// Update thread call graph
+    virtual bool updateThreadCallGraph(const CallSiteToFunPtrMap&, NodePairSet&);
+
+    /// Connect formal and actual parameters for indirect forksites
+    virtual void connectCaller2ForkedFunParams(const CallICFGNode* cs, const SVFFunction* F,
+            NodePairSet& cpySrcNodes);
+
+    /// Connect formal and actual parameters for indirect callsites
+    virtual void connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F,
+                                            NodePairSet& cpySrcNodes);
 
     /// Methods for support type inquiry through isa, cast, and dyn_cast:
     //@{
@@ -123,6 +136,9 @@ public:
     }
     //@}
 
+    /// Add copy edge on constraint graph
+    virtual bool addCopyEdge(NodeID src, NodeID dst) = 0;
+
     /// dump statistics
     inline void printStat()
     {
@@ -160,6 +176,11 @@ public:
 protected:
     /// Constraint Graph
     ConstraintGraph* consCG;
+    CallSite2DummyValPN
+    callsite2DummyValPN; ///< Map an instruction to a dummy obj which
+    ///< created at an indirect callsite, which invokes
+    ///< a heap allocator
+    void heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet& cpySrcNodes);
 };
 
 /*!
@@ -171,7 +192,6 @@ class Andersen:  public AndersenBase
 
 public:
     typedef SCCDetection<ConstraintGraph*> CGSCC;
-    typedef OrderedMap<const CallICFGNode*, NodeID> CallSite2DummyValPN;
 
     /// Constructor
     Andersen(SVFIR* _pag, PTATY type = Andersen_WPA, bool alias_check = true)
@@ -243,7 +263,6 @@ public:
 protected:
 
     CallSite2DummyValPN callsite2DummyValPN;        ///< Map an instruction to a dummy obj which created at an indirect callsite, which invokes a heap allocator
-    void heapAllocatorViaIndCall(const CallICFGNode* cs,NodePairSet &cpySrcNodes);
 
     /// Handle diff points-to set.
     virtual inline void computeDiffPts(NodeID id)
@@ -311,12 +330,6 @@ protected:
         return false;
     }
 
-    /// Update call graph for the input indirect callsites
-    virtual bool updateCallGraph(const CallSiteToFunPtrMap& callsites);
-
-    /// Connect formal and actual parameters for indirect callsites
-    void connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F, NodePairSet& cpySrcNodes);
-
     /// Merge sub node to its rep
     virtual void mergeNodeToRep(NodeID nodeId,NodeID newRepId);
 

package/svf/include/WPA/Steensgaard.h

@@ -23,7 +23,6 @@ class Steensgaard : public AndersenBase
 public:
     typedef Map<NodeID, NodeID> NodeToEquivClassMap;
     typedef Map<NodeID, Set<NodeID>> NodeToSubsMap;
-    typedef OrderedMap<const CallICFGNode*, NodeID> CallSite2DummyValPN;
 
     /// Constructor
     Steensgaard(SVFIR* _pag) : AndersenBase(_pag, Steensgaard_WPA, true) {}
@@ -46,7 +45,7 @@ public:
         steens = nullptr;
     }
 
-    virtual void solveWorklist();
+    virtual void solveWorklist() override;
 
     void processAllAddr();
 
@@ -69,18 +68,18 @@ public:
     //@}
 
     /// Operation of points-to set
-    virtual inline const PointsTo& getPts(NodeID id)
+    virtual inline const PointsTo& getPts(NodeID id) override
     {
         return getPTDataTy()->getPts(getEC(id));
     }
     /// pts(id) = pts(id) U target
-    virtual inline bool unionPts(NodeID id, const PointsTo& target)
+    virtual inline bool unionPts(NodeID id, const PointsTo& target) override
     {
         id = getEC(id);
         return getPTDataTy()->unionPts(id, target);
     }
     /// pts(id) = pts(id) U pts(ptd)
-    virtual inline bool unionPts(NodeID id, NodeID ptd)
+    virtual inline bool unionPts(NodeID id, NodeID ptd) override
     {
         id = getEC(id);
         ptd = getEC(ptd);
@@ -98,6 +97,11 @@ public:
         else
             return it->second;
     }
+    /// Return getEC(id)
+    inline NodeID sccRepNode(NodeID id) const override
+    {
+        return getEC(id);
+    }
     void setEC(NodeID node, NodeID rep);
 
     inline Set<NodeID>& getSubNodes(NodeID id)
@@ -111,25 +115,11 @@ public:
     }
 
     /// Add copy edge on constraint graph
-    virtual inline bool addCopyEdge(NodeID src, NodeID dst)
+    virtual inline bool addCopyEdge(NodeID src, NodeID dst) override
     {
         return consCG->addCopyCGEdge(src, dst);
     }
 
-protected:
-    CallSite2DummyValPN
-    callsite2DummyValPN; ///< Map an instruction to a dummy obj which
-    ///< created at an indirect callsite, which invokes
-    ///< a heap allocator
-    void heapAllocatorViaIndCall(const CallICFGNode* cs, NodePairSet& cpySrcNodes);
-
-    /// Update call graph for the input indirect callsites
-    virtual bool updateCallGraph(const CallSiteToFunPtrMap& callsites);
-
-    /// Connect formal and actual parameters for indirect callsites
-    void connectCaller2CalleeParams(const CallICFGNode* cs, const SVFFunction* F,
-                                    NodePairSet& cpySrcNodes);
-
 private:
     static Steensgaard* steens; // static instance
     NodeToEquivClassMap nodeToECMap;

package/svf/include/WPA/TypeAnalysis.h

@@ -51,13 +51,20 @@ public:
     }
 
     /// Type analysis
-    void analyze();
+    void analyze() override;
 
     /// Initialize analysis
-    void initialize();
+    void initialize() override;
 
     /// Finalize analysis
-    virtual inline void finalize();
+    virtual inline void finalize() override;
+
+    /// Add copy edge on constraint graph
+    inline bool addCopyEdge(NodeID src, NodeID dst) override
+    {
+        assert(false && "this function should never be executed!");
+        return false;
+    }
 
     /// Resolve callgraph based on CHA
     void callGraphSolveBasedOnCHA(const CallSiteToFunPtrMap& callsites, CallEdgeMap& newEdges);

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -70,7 +70,8 @@ void BufOverflowDetector::detect(AbstractState& as, const ICFGNode* node)
                     }
                     else
                     {
-                        const ICFGNode* addrNode = svfir->getICFG()->getICFGNode(SVFUtil::cast<SVFInstruction>(svfir->getBaseObj(objId)->getValue()));
+                        const ICFGNode* addrNode = SVFUtil::cast<ICFGNode>(
+                                                       svfir->getBaseObj(objId)->getGNode());
                         for (const SVFStmt* stmt2 : addrNode->getSVFStmts())
                         {
                             if (const AddrStmt* addrStmt = SVFUtil::dyn_cast<AddrStmt>(stmt2))
@@ -477,7 +478,8 @@ bool BufOverflowDetector::canSafelyAccessMemory(AbstractState& as, const SVF::SV
         else
         {
             // if the object is not a constant size object, get the size from the addrStmt
-            const ICFGNode* addrNode = svfir->getICFG()->getICFGNode(SVFUtil::cast<SVFInstruction>(svfir->getBaseObj(objId)->getValue()));
+            const ICFGNode* addrNode = SVFUtil::cast<ICFGNode>(
+                                           svfir->getBaseObj(objId)->getGNode());
             for (const SVFStmt* stmt2 : addrNode->getSVFStmts())
             {
                 if (const AddrStmt* addrStmt = SVFUtil::dyn_cast<AddrStmt>(stmt2))

package/svf/lib/AE/Svfexe/AbsExtAPI.cpp

@@ -130,17 +130,15 @@ void AbsExtAPI::initExtFunMap()
         assert(lb.getInterval().is_numeral() && ub.getInterval().is_numeral());
         num.getInterval().set_to_top();
         num.getInterval().meet_with(IntervalValue(lb.getInterval().lb(), ub.getInterval().ub()));
-        if (icfg->hasICFGNode(SVFUtil::cast<SVFInstruction>(callNode->getArgument(0))))
+        const ICFGNode* node = SVFUtil::cast<ICFGNode>(
+                                   SVFUtil::cast<ValVar>(callNode->getArgumentVar(0))->getGNode());
+        for (const SVFStmt* stmt: node->getSVFStmts())
         {
-            const ICFGNode* node = icfg->getICFGNode(SVFUtil::cast<SVFInstruction>(callNode->getArgument(0)));
-            for (const SVFStmt* stmt: node->getSVFStmts())
+            if (SVFUtil::isa<LoadStmt>(stmt))
             {
-                if (SVFUtil::isa<LoadStmt>(stmt))
-                {
-                    const LoadStmt* load = SVFUtil::cast<LoadStmt>(stmt);
-                    NodeID rhsId = load->getRHSVarID();
-                    as.storeValue(rhsId, num);
-                }
+                const LoadStmt* load = SVFUtil::cast<LoadStmt>(stmt);
+                NodeID rhsId = load->getRHSVarID();
+                as.storeValue(rhsId, num);
             }
         }
         return;
@@ -286,7 +284,7 @@ void AbsExtAPI::initExtFunMap()
             }
             else
             {
-                const ICFGNode* addrNode = svfir->getICFG()->getICFGNode(SVFUtil::cast<SVFInstruction>(svfir->getBaseObj(objId)->getValue()));
+                const ICFGNode* addrNode = SVFUtil::cast<ICFGNode>(svfir->getBaseObj(objId)->getGNode());
                 for (const SVFStmt* stmt2: addrNode->getSVFStmts())
                 {
                     if (const AddrStmt* addrStmt = SVFUtil::dyn_cast<AddrStmt>(stmt2))
@@ -477,8 +475,8 @@ IntervalValue AbsExtAPI::getStrlen(AbstractState& as, const SVF::SVFVar *strValu
         }
         else
         {
-            const ICFGNode* addrNode = svfir->getICFG()->getICFGNode(SVFUtil::cast<SVFInstruction>(svfir->getBaseObj(objId)->getValue()));
-            for (const SVFStmt* stmt2: addrNode->getSVFStmts())
+            const ICFGNode* icfgNode = SVFUtil::cast<ICFGNode>( svfir->getBaseObj(objId)->getGNode());
+            for (const SVFStmt* stmt2: icfgNode->getSVFStmts())
             {
                 if (const AddrStmt* addrStmt = SVFUtil::dyn_cast<AddrStmt>(stmt2))
                 {

package/svf/lib/AE/Svfexe/AbstractInterpretation.cpp

@@ -96,6 +96,8 @@ void AbstractInterpretation::initWTO()
     // Initialize WTO for each function in the module
     for (const SVFFunction* fun : svfir->getModule()->getFunctionSet())
     {
+        if(fun->isDeclaration())
+            continue;
         auto* wto = new ICFGWTO(icfg, icfg->getFunEntryICFGNode(fun));
         wto->init();
         funcToWTO[fun] = wto;

package/svf/lib/DDA/ContextDDA.cpp

@@ -354,15 +354,19 @@ bool ContextDDA::isHeapCondMemObj(const CxtVar& var, const StoreSVFGNode*)
             }
             return true;
         }
-        else if(const SVFInstruction* mallocSite = SVFUtil::dyn_cast<SVFInstruction>(mem->getValue()))
+        else if(const SVFBaseNode* gNode = mem->getGNode())
         {
-            const SVFFunction* svfFun = mallocSite->getFunction();
-            if(_ander->isInRecursion(svfFun))
-                return true;
-            if(var.get_cond().isConcreteCxt() == false)
-                return true;
-            if(_pag->getICFG()->isInLoop(mallocSite))
-                return true;
+            if (const auto& node =
+                        SVFUtil::dyn_cast<ICFGNode>(gNode))
+            {
+                const SVFFunction* svfFun = node->getFun();
+                if(_ander->isInRecursion(svfFun))
+                    return true;
+                if(var.get_cond().isConcreteCxt() == false)
+                    return true;
+                if(_pag->getICFG()->isInLoop(node))
+                    return true;
+            }
         }
     }
     return false;