svf-tools 1.0.993 → 1.0.995

package/svf/lib/Graphs/ICFG.cpp

@@ -229,102 +229,20 @@ ICFG::~ICFG()
     icfgNodeToSVFLoopVec.clear();
 }
 
-/// Get a basic block ICFGNode
-ICFGNode* ICFG::getICFGNode(const SVFInstruction* inst)
-{
-    ICFGNode* node;
-    if(SVFUtil::isNonInstricCallSite(inst))
-        node = getCallICFGNode(inst);
-    else if(SVFUtil::isIntrinsicInst(inst))
-        node = getIntraICFGNode(inst);
-    else
-        node = getIntraICFGNode(inst);
-
-    assert (node!=nullptr && "no ICFGNode for this instruction?");
-    return node;
-}
-
-bool ICFG::hasICFGNode(const SVF::SVFInstruction* inst)
-{
-    ICFGNode* node;
-    if(SVFUtil::isNonInstricCallSite(inst))
-        node = getCallBlock(inst);
-    else if(SVFUtil::isIntrinsicInst(inst))
-        node = getIntraBlock(inst);
-    else
-        node = getIntraBlock(inst);
-
-    return node != nullptr;
-}
-
-
-CallICFGNode* ICFG::getCallICFGNode(const SVFInstruction* inst)
-{
-    assert(SVFUtil::isCallSite(inst) && "not a call instruction?");
-    assert(SVFUtil::isNonInstricCallSite(inst) && "associating an intrinsic debug instruction with an ICFGNode!");
-    CallICFGNode* node = getCallBlock(inst);
-    assert (node!=nullptr && "no CallICFGNode for this instruction?");
-    return node;
-}
-
-CallICFGNode* ICFG::addCallICFGNode(const SVFInstruction* inst)
-{
-    assert(SVFUtil::isCallSite(inst) && "not a call instruction?");
-    assert(SVFUtil::isNonInstricCallSite(inst) && "associating an intrinsic debug instruction with an ICFGNode!");
-    assert(getCallBlock(inst)==nullptr && "duplicate CallICFGNode");
-    return addCallBlock(inst);
-}
-
-RetICFGNode* ICFG::getRetICFGNode(const SVFInstruction* inst)
-{
-    assert(SVFUtil::isCallSite(inst) && "not a call instruction?");
-    assert(SVFUtil::isNonInstricCallSite(inst) && "associating an intrinsic debug instruction with an ICFGNode!");
-    RetICFGNode* node = getRetBlock(inst);
-    assert (node!=nullptr && "no RetICFGNode for this instruction?");
-    return node;
-}
-
-RetICFGNode* ICFG::addRetICFGNode(const SVFInstruction* inst)
-{
-    assert(SVFUtil::isCallSite(inst) && "not a call instruction?");
-    assert(SVFUtil::isNonInstricCallSite(inst) && "associating an intrinsic debug instruction with an ICFGNode!");
-    assert(getRetBlock(inst)==nullptr && "duplicate RetICFGNode");
-    return addRetBlock(inst);
-}
-
-IntraICFGNode* ICFG::getIntraICFGNode(const SVFInstruction* inst)
-{
-    IntraICFGNode* node = getIntraBlock(inst);
-    assert (node!=nullptr && "no IntraICFGNode for this instruction?");
-    return node;
-}
-
-
-IntraICFGNode* ICFG::addIntraICFGNode(const SVFInstruction* inst)
-{
-    IntraICFGNode* node = getIntraBlock(inst);
-    assert (node==nullptr && "no IntraICFGNode for this instruction?");
-    return addIntraBlock(inst);
-}
-
 
 /// Add a function entry node
 FunEntryICFGNode* ICFG::getFunEntryICFGNode(const SVFFunction*  fun)
 {
-    FunEntryICFGNode* b = getFunEntryBlock(fun);
-    if (b == nullptr)
-        return addFunEntryBlock(fun);
-    else
-        return b;
+    FunEntryICFGNode* entry = getFunEntryBlock(fun);
+    assert (entry && "fun entry not created in ICFGBuilder?");
+    return entry;
 }
 /// Add a function exit node
 FunExitICFGNode* ICFG::getFunExitICFGNode(const SVFFunction*  fun)
 {
-    FunExitICFGNode* b = getFunExitBlock(fun);
-    if (b == nullptr)
-        return addFunExitBlock(fun);
-    else
-        return b;
+    FunExitICFGNode* exit = getFunExitBlock(fun);
+    assert (exit && "fun exit not created in ICFGBuilder?");
+    return exit;
 }
 
 /*!
@@ -504,15 +422,13 @@ void ICFG::updateCallGraph(CallGraph* callgraph)
     CallGraph::CallEdgeMap::const_iterator eiter = callgraph->getIndCallMap().end();
     for (; iter != eiter; iter++)
     {
-        const CallICFGNode* callBlock = iter->first;
-        const SVFInstruction* cs = callBlock->getCallSite();
-        assert(callBlock->isIndirectCall() && "this is not an indirect call?");
+        CallICFGNode* callBlockNode = const_cast<CallICFGNode*>(iter->first);
+        assert(callBlockNode->isIndirectCall() && "this is not an indirect call?");
         const CallGraph::FunctionSet & functions = iter->second;
         for (CallGraph::FunctionSet::const_iterator func_iter = functions.begin(); func_iter != functions.end(); func_iter++)
         {
             const SVFFunction*  callee = *func_iter;
-            CallICFGNode* callBlockNode = getCallICFGNode(cs);
-            RetICFGNode* retBlockNode = getRetICFGNode(cs);
+            RetICFGNode* retBlockNode = const_cast<RetICFGNode*>(callBlockNode->getRetICFGNode());
             /// if this is an external function (no function body), connect calleeEntryNode to calleeExitNode
             if (isExtCall(callee))
                 addIntraEdge(callBlockNode, retBlockNode);

package/svf/lib/Graphs/SVFG.cpp

@@ -586,7 +586,7 @@ void SVFG::dump(const std::string& file, bool simple)
 void SVFG::getInterVFEdgesForIndirectCallSite(const CallICFGNode* callICFGNode, const SVFFunction* callee, SVFGEdgeSetTy& edges)
 {
     CallSiteID csId = getCallSiteID(callICFGNode, callee);
-    RetICFGNode* retICFGNode = pag->getICFG()->getRetICFGNode(callICFGNode->getCallSite());
+    const RetICFGNode* retICFGNode = callICFGNode->getRetICFGNode();
 
     // Find inter direct call edges between actual param and formal param.
     if (pag->hasCallSiteArgsMap(callICFGNode) && pag->hasFunArgsList(callee))

package/svf/lib/Graphs/ThreadCallGraph.cpp

@@ -30,6 +30,8 @@
 #include "SVFIR/SVFModule.h"
 #include "Graphs/ThreadCallGraph.h"
 #include "Util/ThreadAPI.h"
+#include "SVFIR/SVFIR.h"
+#include "MemoryModel/PointerAnalysisImpl.h"
 
 using namespace SVF;
 using namespace SVFUtil;
@@ -119,7 +121,7 @@ void ThreadCallGraph::updateJoinEdge(PointerAnalysis* pta)
 /*!
  * Add direct fork edges
  */
-void ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
+bool ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
 {
 
     CallGraphNode* caller = getCallGraphNode(cs->getCaller());
@@ -137,13 +139,16 @@ void ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
 
         addEdge(edge);
         addThreadForkEdgeSetMap(cs, edge);
+        return true;
     }
+    else
+        return false;
 }
 
 /*!
  * Add indirect fork edge to update call graph
  */
-void ThreadCallGraph::addIndirectForkEdge(const CallICFGNode* cs, const SVFFunction* calleefun)
+bool ThreadCallGraph::addIndirectForkEdge(const CallICFGNode* cs, const SVFFunction* calleefun)
 {
     CallGraphNode* caller = getCallGraphNode(cs->getCaller());
     CallGraphNode* callee = getCallGraphNode(calleefun);
@@ -159,7 +164,10 @@ void ThreadCallGraph::addIndirectForkEdge(const CallICFGNode* cs, const SVFFunct
 
         addEdge(edge);
         addThreadForkEdgeSetMap(cs, edge);
+        return true;
     }
+    else
+        return false;
 }
 
 /*!

package/svf/lib/Graphs/VFG.cpp

@@ -835,8 +835,7 @@ void VFG::connectDirectVFGEdges()
             for(RetPESet::const_iterator it = calleeRet->retPEBegin(), eit = calleeRet->retPEEnd(); it!=eit; ++it)
             {
                 ActualRetVFGNode* callsiteRev = getActualRetVFGNode((*it)->getLHSVar());
-                const CallICFGNode* retBlockNode = (*it)->getCallSite();
-                CallICFGNode* callBlockNode = pag->getICFG()->getCallICFGNode(retBlockNode->getCallSite());
+                const CallICFGNode* callBlockNode = (*it)->getCallSite();
                 addInterEdgeFromFRToAR(calleeRet,callsiteRev, getCallSiteID(callBlockNode, calleeRet->getFun()));
             }
         }
@@ -974,9 +973,8 @@ void VFG::updateCallGraph(PointerAnalysis* pta)
 void VFG::connectCallerAndCallee(const CallICFGNode* callBlockNode, const SVFFunction* callee, VFGEdgeSetTy& edges)
 {
     SVFIR * pag = SVFIR::getPAG();
-    ICFG * icfg = pag->getICFG();
     CallSiteID csId = getCallSiteID(callBlockNode, callee);
-    RetICFGNode* retBlockNode = icfg->getRetICFGNode(callBlockNode->getCallSite());
+    const RetICFGNode* retBlockNode = callBlockNode->getRetICFGNode();
     // connect actual and formal param
     if (pag->hasCallSiteArgsMap(callBlockNode) && pag->hasFunArgsList(callee) &&
             matchArgs(callBlockNode, callee))

package/svf/lib/MSSA/MemRegion.cpp

@@ -479,8 +479,8 @@ void MRGenerator::collectCallSitePts(const CallICFGNode* cs)
     /// collect the pts chain of the callsite arguments
     NodeBS& argsPts = csToCallSiteArgsPtsMap[cs];
     SVFIR* pag = pta->getPAG();
-    CallICFGNode* callBlockNode = pag->getICFG()->getCallICFGNode(cs->getCallSite());
-    RetICFGNode* retBlockNode = pag->getICFG()->getRetICFGNode(cs->getCallSite());
+    CallICFGNode* callBlockNode = const_cast<CallICFGNode*>(cs);
+    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
 
     WorkList worklist;
     if (pag->hasCallSiteArgsMap(callBlockNode))

package/svf/lib/MemoryModel/PointerAnalysisImpl.cpp

@@ -507,6 +507,43 @@ void BVDataPTAImpl::onTheFlyCallGraphSolve(const CallSiteToFunPtrMap& callsites,
     }
 }
 
+/*!
+ * On the fly call graph construction respecting forksite
+ * callsites is candidate indirect callsites need to be analyzed based on points-to results
+ * newEdges is the new indirect call edges discovered
+ */
+void BVDataPTAImpl::onTheFlyThreadCallGraphSolve(const CallSiteToFunPtrMap& callsites,
+        CallEdgeMap& newForkEdges)
+{
+    // add indirect fork edges
+    if(ThreadCallGraph *tdCallGraph = SVFUtil::dyn_cast<ThreadCallGraph>(callgraph))
+    {
+        for(CallSiteSet::const_iterator it = tdCallGraph->forksitesBegin(),
+                eit = tdCallGraph->forksitesEnd(); it != eit; ++it)
+        {
+            const SVFValue* forkedVal =tdCallGraph->getThreadAPI()->getForkedFun(*it);
+            if(SVFUtil::dyn_cast<SVFFunction>(forkedVal) == nullptr)
+            {
+                SVFIR *pag = this->getPAG();
+                const NodeBS targets = this->getPts(pag->getValueNode(forkedVal)).toNodeBS();
+                for(NodeBS::iterator ii = targets.begin(), ie = targets.end(); ii != ie; ++ii)
+                {
+                    if(ObjVar *objPN = SVFUtil::dyn_cast<ObjVar>(pag->getGNode(*ii)))
+                    {
+                        const MemObj *obj = pag->getObject(objPN);
+                        if(obj->isFunction())
+                        {
+                            const SVFFunction *svfForkedFun = SVFUtil::cast<SVFFunction>(obj->getValue());
+                            if(tdCallGraph->addIndirectForkEdge(*it, svfForkedFun))
+                                newForkEdges[*it].insert(svfForkedFun);
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
 /*!
  * Normalize points-to information for field-sensitive analysis
  */

package/svf/lib/SABER/LeakChecker.cpp

@@ -41,7 +41,6 @@ void LeakChecker::initSrcs()
 {
 
     SVFIR* pag = getPAG();
-    ICFG* icfg = pag->getICFG();
     for(SVFIR::CSToRetMap::iterator it = pag->getCallSiteRets().begin(),
             eit = pag->getCallSiteRets().end(); it!=eit; ++it)
     {
@@ -65,7 +64,7 @@ void LeakChecker::initSrcs()
                 while (!worklist.empty())
                 {
                     const CallICFGNode* cs = worklist.pop();
-                    const RetICFGNode* retBlockNode = icfg->getRetICFGNode(cs->getCallSite());
+                    const RetICFGNode* retBlockNode = cs->getRetICFGNode();
                     const PAGNode* pagNode = pag->getCallSiteRet(retBlockNode);
                     const SVFGNode* node = getSVFG()->getDefSVFGNode(pagNode);
                     if (visited.test(node->getId()) == 0)

package/svf/lib/SABER/SaberCondAllocator.cpp

@@ -186,7 +186,8 @@ SaberCondAllocator::evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const
 
     const SVFBasicBlock* succ1 = branchStmt->getSuccessor(0)->getBB();
 
-    if (isTestNullExpr(branchStmt->getCondition()->getValue()))
+    const ValVar* condVar = SVFUtil::cast<ValVar>(branchStmt->getCondition());
+    if (isTestNullExpr(SVFUtil::cast<ICFGNode>(condVar->getGNode())))
     {
         // succ is then branch
         if (succ1 == succ)
@@ -195,7 +196,7 @@ SaberCondAllocator::evaluateTestNullLikeExpr(const BranchStmt *branchStmt, const
         else
             return getTrueCond();
     }
-    if (isTestNotNullExpr(branchStmt->getCondition()->getValue()))
+    if (isTestNotNullExpr(SVFUtil::cast<ICFGNode>(condVar->getGNode())))
     {
         // succ is then branch
         if (succ1 == succ)
@@ -341,31 +342,27 @@ bool SaberCondAllocator::isNECmp(const CmpStmt *cmp) const
     return (cmp->getPredicate() == CmpStmt::ICMP_NE);
 }
 
-bool SaberCondAllocator::isTestNullExpr(const SVFValue* test) const
+bool SaberCondAllocator::isTestNullExpr(const ICFGNode* test) const
 {
-    if(const SVFInstruction* svfInst = SVFUtil::dyn_cast<SVFInstruction>(test))
+    if(!test) return false;
+    for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(test))
     {
-        for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(getICFG()->getICFGNode(svfInst)))
+        if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
         {
-            if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
-            {
-                return isTestContainsNullAndTheValue(cmp) && isEQCmp(cmp);
-            }
+            return isTestContainsNullAndTheValue(cmp) && isEQCmp(cmp);
         }
     }
     return false;
 }
 
-bool SaberCondAllocator::isTestNotNullExpr(const SVFValue* test) const
+bool SaberCondAllocator::isTestNotNullExpr(const ICFGNode* test) const
 {
-    if(const SVFInstruction* svfInst = SVFUtil::dyn_cast<SVFInstruction>(test))
+    if(!test) return false;
+    for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(test))
     {
-        for(const SVFStmt* stmt : PAG::getPAG()->getSVFStmtList(getICFG()->getICFGNode(svfInst)))
+        if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
         {
-            if(const CmpStmt* cmp = SVFUtil::dyn_cast<CmpStmt>(stmt))
-            {
-                return isTestContainsNullAndTheValue(cmp) && isNECmp(cmp);
-            }
+            return isTestContainsNullAndTheValue(cmp) && isNECmp(cmp);
         }
     }
     return false;

package/svf/lib/SABER/SaberSVFGBuilder.cpp

@@ -137,8 +137,8 @@ PointsTo& SaberSVFGBuilder::CollectPtsChain(BVDataPTAImpl* pta, NodeID id, NodeT
         {
             if(pta->isFIObjNode(baseId) && pag->getGNode(baseId)->hasValue())
             {
-                const SVFCallInst* inst = SVFUtil::dyn_cast<SVFCallInst>(pag->getGNode(baseId)->getValue());
-                if(inst && SVFUtil::isExtCall(pag->getICFG()->getCallICFGNode(inst)))
+                ValVar* valVar = SVFUtil::dyn_cast<ValVar>(pag->getGNode(baseId));
+                if(valVar && valVar->getGNode() && SVFUtil::isExtCall(SVFUtil::cast<ICFGNode>(valVar->getGNode())))
                 {
                     return pts;
                 }

package/svf/lib/SVFIR/SVFFileSystem.cpp

@@ -1115,9 +1115,6 @@ cJSON* SVFIRWriter::toJson(const ICFG* icfg)
     F(totalICFGNode);
     F(FunToFunEntryNodeMap);
     F(FunToFunExitNodeMap);
-    F(CSToCallNodeMap);
-    F(CSToRetNodeMap);
-    F(InstToBlockNodeMap);
     F(globalBlockNode);
     F(icfgNodeToSVFLoopVec);
 #undef F
@@ -1741,9 +1738,6 @@ void SVFIRReader::readJson(ICFG* icfg)
     F(totalICFGNode);
     F(FunToFunEntryNodeMap);
     F(FunToFunExitNodeMap);
-    F(CSToCallNodeMap);
-    F(CSToRetNodeMap);
-    F(InstToBlockNodeMap);
     F(globalBlockNode);
     F(icfgNodeToSVFLoopVec);
 #undef F

package/svf/lib/SVFIR/SVFVariables.cpp

@@ -73,6 +73,9 @@ SVFVar::SVFVar(const SVFValue* val, NodeID i, PNODEK k) :
             isPtr = val->getType()->isPointerTy();
         break;
     }
+    default:
+        assert(false && "var not handled");
+        break;
     }
 }
 

package/svf/lib/SVFIR/SymbolTableInfo.cpp

@@ -34,6 +34,7 @@
 #include "Util/Options.h"
 #include "SVFIR/SVFModule.h"
 
+
 using namespace std;
 using namespace SVF;
 using namespace SVFUtil;
@@ -373,8 +374,8 @@ void MemObj::setFieldSensitive()
 /*!
  * Constructor of a memory object
  */
-MemObj::MemObj(SymID id, ObjTypeInfo* ti, const SVFValue* val) :
-    typeInfo(ti), refVal(val), symId(id)
+MemObj::MemObj(SymID id, ObjTypeInfo* ti, const SVFValue* val, const SVFBaseNode* node) :
+    typeInfo(ti), refVal(val), symId(id), gNode(node)
 {
 }
 

package/svf/lib/Util/ThreadAPI.cpp

@@ -172,12 +172,22 @@ const SVFValue* ThreadAPI::getForkedFun(const CallICFGNode *inst) const
     return inst->getArgument(2);
 }
 
-/// Return the forth argument of the call,
-/// Note that, it is the sole argument of start routine ( a void* pointer )
-const SVFValue* ThreadAPI::getActualParmAtForkSite(const CallICFGNode *inst) const
+const SVFVar* ThreadAPI::getActualParmAtForkSite(const CallICFGNode* inst) const
 {
-    assert(isTDFork(inst) && "not a thread fork function!");
-    return inst->getArgument(3);
+    assert(PAG::getPAG()->hasCallSiteArgsMap(inst) && "forksite has no args list!");
+    const SVFIR::SVFVarList& csArgList = PAG::getPAG()->getCallSiteArgsList(inst);
+    // pthread_create has 4 parameters
+    assert(csArgList.size() == 4 && "num of forksite args is not 4");
+    return csArgList[3];
+}
+
+const SVFVar* ThreadAPI::getFormalParmOfForkedFun(const SVFFunction* F) const
+{
+    assert(PAG::getPAG()->hasFunArgsList(F) && "forked function has no args list!");
+    const SVFIR::SVFVarList& funArgList = PAG::getPAG()->getFunArgsList(F);
+    // in pthread, forked functions are of type void *()(void *args)
+    assert(funArgList.size() == 1 && "num of pthread forked function args is not 1!");
+    return funArgList[0];
 }
 
 const SVFValue* ThreadAPI::getRetParmAtJoinedSite(const CallICFGNode *inst) const