svf-tools 1.0.995 → 1.0.997

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "svf-tools",
-  "version": "1.0.995",
+  "version": "1.0.997",
   "description": "* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.sh`](https://github.com/SVF-tools/SVF/blob/master/build.sh) in your terminal, that's it!</b> * <b>SVF now supports LLVM-10.0.0! </b> * <b>We thank [bsauce](https://github.com/bsauce) for writing a user manual of SVF ([link1](https://www.jianshu.com/p/068a08ec749c) and [link2](https://www.jianshu.com/p/777c30d4240e)) in Chinese </b> * <b>SVF now supports LLVM-9.0.0 (Thank [Byoungyoung Lee](https://github.com/SVF-tools/SVF/issues/142) for his help!). </b> * <b>SVF now supports a set of [field-sensitive pointer analyses](https://yuleisui.github.io/publications/sas2019a.pdf). </b> * <b>[Use SVF as an external lib](https://github.com/SVF-tools/SVF/wiki/Using-SVF-as-a-lib-in-your-own-tool) for your own project (Contributed by [Hongxu Chen](https://github.com/HongxuChen)). </b> * <b>SVF now supports LLVM-7.0.0. </b> * <b>SVF now supports Docker. [Try SVF in Docker](https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker)! </b> * <b>SVF now supports [LLVM-6.0.0](https://github.com/svf-tools/SVF/pull/38) (Contributed by [Jack Anthony](https://github.com/jackanth)). </b> * <b>SVF now supports [LLVM-4.0.0](https://github.com/svf-tools/SVF/pull/23) (Contributed by Jared Carlson. Thank [Jared](https://github.com/jcarlson23) and [Will](https://github.com/dtzWill) for their in-depth [discussions](https://github.com/svf-tools/SVF/pull/18) about updating SVF!) </b> * <b>SVF now supports analysis for C++ programs.</b> <br />",
   "main": "index.js",
   "scripts": {

package/setup.sh

@@ -27,7 +27,6 @@ function set_llvm {
 
 if set_llvm; then
     export LLVM_DIR
-    export PATH="$LLVM_DIR/bin:$PATH"
     echo "LLVM_DIR=$LLVM_DIR"
 else
     echo "- LLVM_DIR not set, probably system-wide installation"

package/svf/include/Graphs/CDG.h

@@ -371,7 +371,7 @@ struct DOTGraphTraits<SVF::CDG *> : public DOTGraphTraits<SVF::PAG *>
             SVF::PAG::SVFStmtList &edges = SVF::PAG::getPAG()->getPTASVFStmtList(bNode);
             if (edges.empty())
             {
-                rawstr << bNode->getInst()->toString() << " \t";
+                rawstr << (bNode)->toString() << " \t";
             }
             else
             {

package/svf/include/Graphs/CHG.h

@@ -61,7 +61,7 @@ public:
     virtual const VFunSet &getCSVFsBasedonCHA(const CallICFGNode* cs) = 0;
     virtual bool csHasVtblsBasedonCHA(const CallICFGNode* cs) = 0;
     virtual const VTableSet &getCSVtblsBasedonCHA(const CallICFGNode* cs) = 0;
-    virtual void getVFnsFromVtbls(const SVFCallInst* cs, const VTableSet& vtbls,
+    virtual void getVFnsFromVtbls(const CallICFGNode* cs, const VTableSet& vtbls,
                                   VFunSet& virtualFunctions) = 0;
 
     CHGKind getKind(void) const
@@ -240,9 +240,10 @@ public:
     typedef Set<const CHNode*> CHNodeSetTy;
     typedef FIFOWorkList<const CHNode*> WorkList;
     typedef Map<std::string, CHNodeSetTy> NameToCHNodesMap;
-    typedef Map<const SVFInstruction*, CHNodeSetTy> CallSiteToCHNodesMap;
-    typedef Map<const SVFInstruction*, VTableSet> CallSiteToVTableSetMap;
-    typedef Map<const SVFInstruction*, VFunSet> CallSiteToVFunSetMap;
+
+    typedef Map<const ICFGNode*, CHNodeSetTy> CallNodeToCHNodesMap;
+    typedef Map<const ICFGNode*, VTableSet> CallNodeToVTableSetMap;
+    typedef Map<const ICFGNode*, VFunSet> CallNodeToVFunSetMap;
 
     typedef enum
     {
@@ -260,7 +261,7 @@ public:
                  const std::string baseClassName,
                  CHEdge::CHEDGETYPE edgeType);
     CHNode *getNode(const std::string name) const;
-    void getVFnsFromVtbls(const SVFCallInst* cs, const VTableSet &vtbls, VFunSet &virtualFunctions) override;
+    void getVFnsFromVtbls(const CallICFGNode* cs, const VTableSet &vtbls, VFunSet &virtualFunctions) override;
     void dump(const std::string& filename);
     void view();
     void printCH();
@@ -325,11 +326,12 @@ private:
     NameToCHNodesMap classNameToAncestorsMap;
     NameToCHNodesMap classNameToInstAndDescsMap;
     NameToCHNodesMap templateNameToInstancesMap;
-    CallSiteToCHNodesMap csToClassesMap;
+    CallNodeToCHNodesMap callNodeToClassesMap;
 
     Map<const SVFFunction*, u32_t> virtualFunctionToIDMap;
-    CallSiteToVTableSetMap csToCHAVtblsMap;
-    CallSiteToVFunSetMap csToCHAVFnsMap;
+
+    CallNodeToVTableSetMap callNodeToCHAVtblsMap;
+    CallNodeToVFunSetMap callNodeToCHAVFnsMap;
 };
 
 } // End namespace SVF

package/svf/include/Graphs/GenericGraph.h

@@ -251,7 +251,7 @@ public:
 
 
 
-    SVFBaseNode(NodeID i, GNodeK k): id(i), nodeKind(k)
+    SVFBaseNode(NodeID i, GNodeK k, SVFType* ty = nullptr): id(i),nodeKind(k), type(ty)
     {
 
     }
@@ -268,9 +268,30 @@ public:
         return nodeKind;
     }
 
+    virtual const SVFType* getType() const
+    {
+        return type;
+    }
+
+    inline virtual void setSourceLoc(const std::string& sourceCodeInfo)
+    {
+        sourceLoc = sourceCodeInfo;
+    }
+
+    virtual const std::string getSourceLoc() const
+    {
+        return sourceLoc;
+    }
+
+    virtual const std::string toString() const;
+
+
 protected:
     NodeID id;		///< Node ID
     GNodeK nodeKind;	///< Node kind
+    const SVFType* type; ///< SVF type
+
+    std::string sourceLoc;  ///< Source code information of this value
 
     /// Helper functions to check node kinds
     //{@ Check node kind

package/svf/include/Graphs/ICFGNode.h

@@ -122,7 +122,7 @@ public:
 
     virtual const std::string toString() const;
 
-    virtual const std::string getSourceLoc() const = 0;
+
 
     void dump() const;
 
@@ -142,6 +142,8 @@ public:
         return isICFGNodeKinds(node->getNodeKind());
     }
 
+
+
 protected:
     const SVFFunction* fun;
     const SVFBasicBlock* bb;
@@ -179,9 +181,9 @@ public:
     }
     //@}
 
-    virtual const std::string toString() const;
+    const std::string toString() const override;
 
-    virtual const std::string getSourceLoc() const
+    const std::string getSourceLoc() const override
     {
         return "Global ICFGNode";
     }
@@ -195,21 +197,16 @@ class IntraICFGNode : public ICFGNode
     friend class SVFIRWriter;
     friend class SVFIRReader;
 private:
-    const SVFInstruction *inst;
+    bool isRet;
 
     /// Constructor to create empty IntraICFGNode (for SVFIRReader/deserialization)
-    IntraICFGNode(NodeID id) : ICFGNode(id, IntraBlock), inst(nullptr) {}
+    IntraICFGNode(NodeID id) : ICFGNode(id, IntraBlock), isRet(false) {}
 
 public:
-    IntraICFGNode(NodeID id, const SVFInstruction *i) : ICFGNode(id, IntraBlock), inst(i)
+    IntraICFGNode(NodeID id, const SVFBasicBlock* b, bool isReturn) : ICFGNode(id, IntraBlock), isRet(isReturn)
     {
-        fun = inst->getFunction();
-        bb = inst->getParent();
-    }
-
-    inline const SVFInstruction *getInst() const
-    {
-        return inst;
+        fun = b->getFunction();
+        bb = b;
     }
 
     /// Methods for support type inquiry through isa, cast, and dyn_cast:
@@ -230,11 +227,11 @@ public:
     }
     //@}
 
-    const std::string toString() const;
+    const std::string toString() const override;
 
-    virtual const std::string getSourceLoc() const
+    inline bool isRetInst() const
     {
-        return inst->getSourceLoc();
+        return isRet;
     }
 };
 
@@ -270,7 +267,6 @@ public:
     }
 
     //@}
-    virtual const std::string getSourceLoc() const = 0;
 };
 
 
@@ -296,7 +292,7 @@ public:
     FunEntryICFGNode(NodeID id, const SVFFunction* f);
 
     /// Return function
-    inline const SVFFunction* getFun() const
+    inline const SVFFunction* getFun() const override
     {
         return fun;
     }
@@ -341,9 +337,9 @@ public:
     }
     //@}
 
-    const virtual std::string toString() const;
+    const std::string toString() const override;
 
-    virtual const std::string getSourceLoc() const
+    const std::string getSourceLoc() const override
     {
         return "function entry: " + fun->getSourceLoc();
     }
@@ -367,7 +363,7 @@ public:
     FunExitICFGNode(NodeID id, const SVFFunction* f);
 
     /// Return function
-    inline const SVFFunction* getFun() const
+    inline const SVFFunction* getFun() const override
     {
         return fun;
     }
@@ -412,9 +408,9 @@ public:
     }
     //@}
 
-    virtual const std::string toString() const;
+    const std::string toString() const override;
 
-    virtual const std::string getSourceLoc() const
+    const std::string getSourceLoc() const override
     {
         return "function ret: " + fun->getSourceLoc();
     }
@@ -430,7 +426,8 @@ class CallICFGNode : public InterICFGNode
 
 public:
     typedef std::vector<const SVFVar *> ActualParmNodeVec;
-private:
+
+protected:
     const SVFInstruction* cs;
     const RetICFGNode* ret;
     ActualParmNodeVec APNodes;
@@ -439,17 +436,12 @@ private:
     CallICFGNode(NodeID id) : InterICFGNode(id, FunCallBlock), cs{}, ret{} {}
 
 public:
-    CallICFGNode(NodeID id, const SVFInstruction* c)
+    CallICFGNode(NodeID id, const SVFInstruction* c, const SVFType* ty)
         : InterICFGNode(id, FunCallBlock), cs(c), ret(nullptr)
     {
         fun = cs->getFunction();
         bb = cs->getParent();
-    }
-
-    /// Return callsite
-    inline const SVFInstruction* getCallSite() const
-    {
-        return cs;
+        type = ty;
     }
 
     /// Return callsite
@@ -468,13 +460,13 @@ public:
     /// Return callsite
     inline const SVFFunction* getCaller() const
     {
-        return cs->getFunction();
+        return getFun();
     }
 
     /// Return Basic Block
     inline const SVFBasicBlock* getParent() const
     {
-        return cs->getParent();
+        return getBB();
     }
 
     /// Return true if this is an indirect call
@@ -496,35 +488,23 @@ public:
     }
     /// Parameter operations
     //@{
-    const SVFValue* getArgument(u32_t ArgNo) const
-    {
-        return SVFUtil::cast<SVFCallInst>(cs)->getArgOperand(ArgNo);
-    }
-
-    const SVFVar* getArgumentVar(u32_t ArgNo) const
+    const SVFVar* getArgument(u32_t ArgNo) const
     {
         return getActualParms()[ArgNo];
     }
 
-    const SVFType* getType() const
-    {
-        return SVFUtil::cast<SVFCallInst>(cs)->getType();
-    }
     u32_t arg_size() const
     {
-        return SVFUtil::cast<SVFCallInst>(cs)->arg_size();
+        return APNodes.size();
     }
     bool arg_empty() const
     {
-        return SVFUtil::cast<SVFCallInst>(cs)->arg_empty();
-    }
-    const SVFValue* getArgOperand(u32_t i) const
-    {
-        return SVFUtil::cast<SVFCallInst>(cs)->getArgOperand(i);
+        return APNodes.empty();
     }
+
     u32_t getNumArgOperands() const
     {
-        return SVFUtil::cast<SVFCallInst>(cs)->arg_size();
+        return arg_size();
     }
     const SVFFunction* getCalledFunction() const
     {
@@ -587,11 +567,11 @@ public:
     }
     //@}
 
-    virtual const std::string toString() const;
+    const std::string toString() const override;
 
-    virtual const std::string getSourceLoc() const
+    const std::string getSourceLoc() const override
     {
-        return "CallICFGNode: " + cs->getSourceLoc();
+        return "CallICFGNode: " + ICFGNode::getSourceLoc();
     }
 };
 
@@ -621,12 +601,7 @@ public:
     {
         fun = cs->getFunction();
         bb = cs->getParent();
-    }
-
-    /// Return callsite
-    inline const SVFInstruction* getCallSite() const
-    {
-        return cs;
+        type = callBlockNode->getType();
     }
 
     inline const CallICFGNode* getCallICFGNode() const
@@ -672,11 +647,11 @@ public:
     }
     //@}
 
-    virtual const std::string toString() const;
+    const std::string toString() const override;
 
-    virtual const std::string getSourceLoc() const
+    const std::string getSourceLoc() const override
     {
-        return "RetICFGNode: " + cs->getSourceLoc();
+        return "RetICFGNode: " + ICFGNode::getSourceLoc();
     }
 };
 

package/svf/include/MSSA/MSSAMuChi.h

@@ -246,7 +246,7 @@ public:
     /// Return basic block
     inline const SVFBasicBlock* getBasicBlock() const
     {
-        return callsite->getCallSite()->getParent();
+        return callsite->getBB();
     }
 
     /// Methods for support type inquiry through isa, cast, and dyn_cast:
@@ -537,7 +537,7 @@ public:
     /// Return basic block
     inline const SVFBasicBlock* getBasicBlock() const
     {
-        return callsite->getCallSite()->getParent();
+        return callsite->getBB();
     }
 
     /// Return callsite

package/svf/include/MTA/LockAnalysis.h

@@ -349,7 +349,7 @@ private:
     bool isAliasedLocks(const ICFGNode* i1, const ICFGNode* i2)
     {
         /// todo: must alias
-        return tct->getPTA()->alias(getLockVal(i1), getLockVal(i2));
+        return tct->getPTA()->alias(getLockVal(i1)->getId(), getLockVal(i2)->getId());
     }
 
     /// Mark thread flags for cxtStmt
@@ -466,7 +466,7 @@ private:
         return tct->isExtCall(inst);
     }
     /// Get lock value
-    inline const SVFValue* getLockVal(const ICFGNode* call)
+    inline const SVFVar* getLockVal(const ICFGNode* call)
     {
         return getTCG()->getThreadAPI()->getLockVal(call);
     }

package/svf/include/MTA/MHP.h

@@ -381,7 +381,7 @@ private:
     /// Whether it is a matched fork join pair
     bool isAliasedForkJoin(const CallICFGNode* forkSite, const CallICFGNode* joinSite)
     {
-        return tct->getPTA()->alias(getForkedThread(forkSite), getJoinedThread(joinSite)) && isSameSCEV(forkSite,joinSite);
+        return tct->getPTA()->alias(getForkedThread(forkSite)->getId(), getJoinedThread(joinSite)->getId()) && isSameSCEV(forkSite,joinSite);
     }
     /// Mark thread flags for cxtStmt
     //@{
@@ -473,12 +473,12 @@ private:
         return join && getTCG()->getThreadAPI()->isTDJoin(join);
     }
     /// Get forked thread
-    inline const SVFValue* getForkedThread(const CallICFGNode* call)
+    inline const SVFVar* getForkedThread(const CallICFGNode* call)
     {
         return getTCG()->getThreadAPI()->getForkedThread(call);
     }
     /// Get joined thread
-    inline const SVFValue* getJoinedThread(const CallICFGNode* call)
+    inline const SVFVar* getJoinedThread(const CallICFGNode* call)
     {
         return getTCG()->getThreadAPI()->getJoinedThread(call);
     }

package/svf/include/Util/SVFUtil.h

@@ -184,13 +184,6 @@ bool isCallSite(const ICFGNode* inst);
 
 bool isRetInstNode(const ICFGNode* node);
 
-/// Whether an instruction is a callsite in the application code, excluding llvm intrinsic calls
-inline bool isNonInstricCallSite(const SVFInstruction* inst)
-{
-    if(isIntrinsicInst(inst))
-        return false;
-    return isCallSite(inst);
-}
 
 /// Whether an instruction is a callsite in the application code, excluding llvm intrinsic calls
 inline bool isNonInstricCallSite(const ICFGNode* inst)
@@ -378,7 +371,7 @@ inline bool isArgOfUncalledFunction(const SVFValue* svfval)
 
 /// Return thread fork function
 //@{
-inline const SVFValue* getForkedFun(const CallICFGNode *inst)
+inline const SVFVar* getForkedFun(const CallICFGNode *inst)
 {
     return ThreadAPI::getThreadAPI()->getForkedFun(inst);
 }

package/svf/include/Util/ThreadAPI.h

@@ -124,12 +124,12 @@ public:
     //@{
     /// Return the first argument of the call,
     /// Note that, it is the pthread_t pointer
-    const SVFValue* getForkedThread(const CallICFGNode *inst) const;
+    const SVFVar* getForkedThread(const CallICFGNode *inst) const;
     /// Return the third argument of the call,
     /// Note that, it could be function type or a void* pointer
-    const SVFValue* getForkedFun(const CallICFGNode *inst) const;
+    const SVFVar* getForkedFun(const CallICFGNode *inst) const;
 
-    /// Return the actual param of forksite
+    /// Return the forth argument of the call,
     /// Note that, it is the sole argument of start routine ( a void* pointer )
     const SVFVar* getActualParmAtForkSite(const CallICFGNode *inst) const;
 
@@ -153,10 +153,10 @@ public:
     //@{
     /// Return the first argument of the call,
     /// Note that, it is the pthread_t pointer
-    const SVFValue* getJoinedThread(const CallICFGNode *inst) const;
+    const SVFVar* getJoinedThread(const CallICFGNode *inst) const;
     /// Return the send argument of the call,
     /// Note that, it is the pthread_t pointer
-    const SVFValue* getRetParmAtJoinedSite(const CallICFGNode *inst) const;
+    const SVFVar* getRetParmAtJoinedSite(const CallICFGNode *inst) const;
     //@}
 
 
@@ -178,7 +178,7 @@ public:
     /// Return lock value
     //@{
     /// First argument of pthread_mutex_lock/pthread_mutex_unlock
-    const SVFValue* getLockVal(const ICFGNode *inst) const;
+    const SVFVar* getLockVal(const ICFGNode *inst) const;
     //@}
 
     /// Return true if this call waits for a barrier

package/svf/lib/AE/Svfexe/AEDetector.cpp

@@ -114,7 +114,6 @@ void BufOverflowDetector::detect(AbstractState& as, const ICFGNode* node)
 void BufOverflowDetector::handleStubFunctions(const SVF::CallICFGNode* callNode)
 {
     // get function name
-    SVFIR* svfir = PAG::getPAG();
     std::string funcName = callNode->getCalledFunction()->getName();
     if (funcName == "SAFE_BUFACCESS")
     {
@@ -125,16 +124,14 @@ void BufOverflowDetector::handleStubFunctions(const SVF::CallICFGNode* callNode)
         AbstractState& as =
             AbstractInterpretation::getAEInstance().getAbsStateFromTrace(
                 callNode);
-        u32_t size_id = svfir->getValueNode(callNode->getArgument(1));
+        u32_t size_id = callNode->getArgument(1)->getId();
         IntervalValue val = as[size_id].getInterval();
         if (val.isBottom())
         {
             val = IntervalValue(0);
             assert(false && "SAFE_BUFACCESS size is bottom");
         }
-        const SVFVar* arg0Val =
-            AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(
-                callNode->getArgument(0));
+        const SVFVar* arg0Val = callNode->getArgument(0);
         bool isSafe = canSafelyAccessMemory(as, arg0Val, val);
         if (isSafe)
         {
@@ -157,15 +154,13 @@ void BufOverflowDetector::handleStubFunctions(const SVF::CallICFGNode* callNode)
         AbstractInterpretation::getAEInstance().checkpoints.erase(callNode);
         if (callNode->arg_size() < 2) return;
         AbstractState&as = AbstractInterpretation::getAEInstance().getAbsStateFromTrace(callNode);
-        u32_t size_id = svfir->getValueNode(callNode->getArgument(1));
+        u32_t size_id = callNode->getArgument(1)->getId();
         IntervalValue val = as[size_id].getInterval();
         if (val.isBottom())
         {
             assert(false && "UNSAFE_BUFACCESS size is bottom");
         }
-        const SVFVar* arg0Val =
-            AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(
-                callNode->getArgument(0));
+        const SVFVar* arg0Val = callNode->getArgument(0);
         bool isSafe = canSafelyAccessMemory(as, arg0Val, val);
         if (!isSafe)
         {
@@ -225,7 +220,6 @@ void BufOverflowDetector::initExtAPIBufOverflowCheckRules()
 void BufOverflowDetector::detectExtAPI(AbstractState& as,
                                        const CallICFGNode* call)
 {
-    SVFIR* svfir = PAG::getPAG();
     assert(call->getCalledFunction() && "SVFFunction* is nullptr");
 
     AbsExtAPI::ExtAPIType extType = AbsExtAPI::UNCLASSIFIED;
@@ -255,8 +249,8 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
                                               extAPIBufOverflowCheckRules.at(call->getCalledFunction()->getName());
         for (auto arg : args)
         {
-            IntervalValue offset = as[svfir->getValueNode(call->getArgument(arg.second))].getInterval() - IntervalValue(1);
-            const SVFVar* argVar = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(arg.first));
+            IntervalValue offset = as[call->getArgument(arg.second)->getId()].getInterval() - IntervalValue(1);
+            const SVFVar* argVar = call->getArgument(arg.first);
             if (!canSafelyAccessMemory(as, argVar, offset))
             {
                 AEException bug(call->toString());
@@ -275,8 +269,8 @@ void BufOverflowDetector::detectExtAPI(AbstractState& as,
                                               extAPIBufOverflowCheckRules.at(call->getCalledFunction()->getName());
         for (auto arg : args)
         {
-            IntervalValue offset = as[svfir->getValueNode(call->getArgument(arg.second))].getInterval() - IntervalValue(1);
-            const SVFVar* argVar = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(arg.first));
+            IntervalValue offset = as[call->getArgument(arg.second)->getId()].getInterval() - IntervalValue(1);
+            const SVFVar* argVar = call->getArgument(arg.first);
             if (!canSafelyAccessMemory(as, argVar, offset))
             {
                 AEException bug(call->toString());
@@ -402,8 +396,8 @@ void BufOverflowDetector::updateGepObjOffsetFromBase(SVF::AddressValue gepAddrs,
  */
 bool BufOverflowDetector::detectStrcpy(AbstractState& as, const CallICFGNode *call)
 {
-    const SVFVar* arg0Val = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(0));
-    const SVFVar* arg1Val = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(1));
+    const SVFVar* arg0Val = call->getArgument(0);
+    const SVFVar* arg1Val = call->getArgument(1);
     IntervalValue strLen = AbstractInterpretation::getAEInstance().getUtils()->getStrlen(as, arg1Val);
     return canSafelyAccessMemory(as, arg0Val, strLen);
 }
@@ -425,8 +419,8 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
 
     if (std::find(strcatGroup.begin(), strcatGroup.end(), call->getCalledFunction()->getName()) != strcatGroup.end())
     {
-        const SVFVar* arg0Val = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(0));
-        const SVFVar* arg1Val = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(1));
+        const SVFVar* arg0Val = call->getArgument(0);
+        const SVFVar* arg1Val = call->getArgument(1);
         IntervalValue strLen0 = AbstractInterpretation::getAEInstance().getUtils()->getStrlen(as, arg0Val);
         IntervalValue strLen1 = AbstractInterpretation::getAEInstance().getUtils()->getStrlen(as, arg1Val);
         IntervalValue totalLen = strLen0 + strLen1;
@@ -434,8 +428,8 @@ bool BufOverflowDetector::detectStrcat(AbstractState& as, const CallICFGNode *ca
     }
     else if (std::find(strncatGroup.begin(), strncatGroup.end(), call->getCalledFunction()->getName()) != strncatGroup.end())
     {
-        const SVFVar* arg0Val = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(0));
-        const SVFVar* arg2Val = AbstractInterpretation::getAEInstance().getUtils()->getSVFVar(call->getArgument(2));
+        const SVFVar* arg0Val = call->getArgument(0);
+        const SVFVar* arg2Val = call->getArgument(2);
         IntervalValue arg2Num = as[arg2Val->getId()].getInterval();
         IntervalValue strLen0 = AbstractInterpretation::getAEInstance().getUtils()->getStrlen(as, arg0Val);
         IntervalValue totalLen = strLen0 + arg2Num;