svf-tools 1.0.995 → 1.0.997
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/setup.sh +0 -1
- package/svf/include/Graphs/CDG.h +1 -1
- package/svf/include/Graphs/CHG.h +10 -8
- package/svf/include/Graphs/GenericGraph.h +22 -1
- package/svf/include/Graphs/ICFGNode.h +37 -62
- package/svf/include/MSSA/MSSAMuChi.h +2 -2
- package/svf/include/MTA/LockAnalysis.h +2 -2
- package/svf/include/MTA/MHP.h +3 -3
- package/svf/include/Util/SVFUtil.h +1 -8
- package/svf/include/Util/ThreadAPI.h +6 -6
- package/svf/lib/AE/Svfexe/AEDetector.cpp +14 -20
- package/svf/lib/AE/Svfexe/AbsExtAPI.cpp +49 -45
- package/svf/lib/CFL/CFLAlias.cpp +1 -1
- package/svf/lib/DDA/DDAClient.cpp +2 -2
- package/svf/lib/Graphs/CHG.cpp +17 -17
- package/svf/lib/Graphs/CallGraph.cpp +2 -1
- package/svf/lib/Graphs/ICFG.cpp +9 -9
- package/svf/lib/Graphs/SVFG.cpp +6 -6
- package/svf/lib/Graphs/ThreadCallGraph.cpp +8 -8
- package/svf/lib/Graphs/VFG.cpp +2 -2
- package/svf/lib/MTA/MTAStat.cpp +1 -1
- package/svf/lib/MTA/TCT.cpp +3 -3
- package/svf/lib/MemoryModel/PointerAnalysis.cpp +11 -11
- package/svf/lib/MemoryModel/PointerAnalysisImpl.cpp +1 -1
- package/svf/lib/SABER/DoubleFreeChecker.cpp +8 -8
- package/svf/lib/SABER/LeakChecker.cpp +10 -10
- package/svf/lib/SVFIR/SVFFileSystem.cpp +8 -8
- package/svf/lib/Util/CallGraphBuilder.cpp +2 -1
- package/svf/lib/Util/SVFUtil.cpp +10 -3
- package/svf/lib/Util/ThreadAPI.cpp +14 -16
- package/svf/lib/WPA/Andersen.cpp +1 -1
- package/svf-llvm/include/SVF-LLVM/CHGBuilder.h +5 -0
- package/svf-llvm/include/SVF-LLVM/DCHG.h +2 -2
- package/svf-llvm/include/SVF-LLVM/LLVMModule.h +10 -0
- package/svf-llvm/lib/CHGBuilder.cpp +23 -17
- package/svf-llvm/lib/DCHG.cpp +18 -18
- package/svf-llvm/lib/ICFGBuilder.cpp +9 -2
- package/svf-llvm/lib/LLVMModule.cpp +6 -0
- package/svf-llvm/lib/LLVMUtil.cpp +25 -8
- package/svf-llvm/lib/SVFIRBuilder.cpp +2 -2
- package/svf-llvm/lib/SVFIRExtAPI.cpp +1 -1
- package/svf-llvm/lib/SymbolTableBuilder.cpp +2 -2
|
@@ -41,11 +41,11 @@ void AbsExtAPI::initExtFunMap()
|
|
|
41
41
|
auto sse_##FUNC_NAME = [this](const CallICFGNode *callNode) { \
|
|
42
42
|
/* run real ext function */ \
|
|
43
43
|
AbstractState& as = getAbsStateFromTrace(callNode); \
|
|
44
|
-
u32_t rhs_id =
|
|
44
|
+
u32_t rhs_id = callNode->getArgument(0)->getId(); \
|
|
45
45
|
if (!as.inVarToValTable(rhs_id)) return; \
|
|
46
46
|
u32_t rhs = as[rhs_id].getInterval().lb().getIntNumeral(); \
|
|
47
47
|
s32_t res = FUNC_NAME(rhs); \
|
|
48
|
-
u32_t lhsId =
|
|
48
|
+
u32_t lhsId = callNode->getRetICFGNode()->getActualRet()->getId(); \
|
|
49
49
|
as[lhsId] = IntervalValue(res); \
|
|
50
50
|
return; \
|
|
51
51
|
}; \
|
|
@@ -73,7 +73,7 @@ void AbsExtAPI::initExtFunMap()
|
|
|
73
73
|
auto sse_svf_assert = [this](const CallICFGNode* callNode)
|
|
74
74
|
{
|
|
75
75
|
AbstractInterpretation::getAEInstance().checkpoints.erase(callNode);
|
|
76
|
-
u32_t arg0 =
|
|
76
|
+
u32_t arg0 = callNode->getArgument(0)->getId();
|
|
77
77
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
78
78
|
if (as[arg0].getInterval().equals(IntervalValue(1, 1)))
|
|
79
79
|
{
|
|
@@ -90,8 +90,8 @@ void AbsExtAPI::initExtFunMap()
|
|
|
90
90
|
|
|
91
91
|
auto svf_assert_eq = [this](const CallICFGNode* callNode)
|
|
92
92
|
{
|
|
93
|
-
u32_t arg0 =
|
|
94
|
-
u32_t arg1 =
|
|
93
|
+
u32_t arg0 = callNode->getArgument(0)->getId();
|
|
94
|
+
u32_t arg1 = callNode->getArgument(1)->getId();
|
|
95
95
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
96
96
|
if (as[arg0].getInterval().equals(as[arg1].getInterval()))
|
|
97
97
|
{
|
|
@@ -110,8 +110,8 @@ void AbsExtAPI::initExtFunMap()
|
|
|
110
110
|
{
|
|
111
111
|
if (callNode->arg_size() < 2) return;
|
|
112
112
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
113
|
-
u32_t num_id =
|
|
114
|
-
std::string text = strRead(as,
|
|
113
|
+
u32_t num_id = callNode->getArgument(0)->getId();
|
|
114
|
+
std::string text = strRead(as, callNode->getArgument(1));
|
|
115
115
|
assert(as.inVarToValTable(num_id) && "print() should pass integer");
|
|
116
116
|
IntervalValue itv = as[num_id].getInterval();
|
|
117
117
|
std::cout << "Text: " << text <<", Value: " << callNode->getArgument(0)->toString()
|
|
@@ -124,14 +124,14 @@ void AbsExtAPI::initExtFunMap()
|
|
|
124
124
|
{
|
|
125
125
|
if (callNode->arg_size() < 2) return;
|
|
126
126
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
127
|
-
AbstractValue& num = as[
|
|
128
|
-
AbstractValue& lb = as[
|
|
129
|
-
AbstractValue& ub = as[
|
|
127
|
+
AbstractValue& num = as[callNode->getArgument(0)->getId()];
|
|
128
|
+
AbstractValue& lb = as[callNode->getArgument(1)->getId()];
|
|
129
|
+
AbstractValue& ub = as[callNode->getArgument(2)->getId()];
|
|
130
130
|
assert(lb.getInterval().is_numeral() && ub.getInterval().is_numeral());
|
|
131
131
|
num.getInterval().set_to_top();
|
|
132
132
|
num.getInterval().meet_with(IntervalValue(lb.getInterval().lb(), ub.getInterval().ub()));
|
|
133
133
|
const ICFGNode* node = SVFUtil::cast<ICFGNode>(
|
|
134
|
-
SVFUtil::cast<ValVar>(callNode->
|
|
134
|
+
SVFUtil::cast<ValVar>(callNode->getArgument(0))->getGNode());
|
|
135
135
|
for (const SVFStmt* stmt: node->getSVFStmts())
|
|
136
136
|
{
|
|
137
137
|
if (SVFUtil::isa<LoadStmt>(stmt))
|
|
@@ -151,7 +151,7 @@ void AbsExtAPI::initExtFunMap()
|
|
|
151
151
|
//scanf("%d", &data);
|
|
152
152
|
if (callNode->arg_size() < 2) return;
|
|
153
153
|
|
|
154
|
-
u32_t dst_id =
|
|
154
|
+
u32_t dst_id = callNode->getArgument(1)->getId();
|
|
155
155
|
if (!as.inVarToAddrsTable(dst_id))
|
|
156
156
|
{
|
|
157
157
|
return;
|
|
@@ -172,7 +172,7 @@ void AbsExtAPI::initExtFunMap()
|
|
|
172
172
|
//fscanf(stdin, "%d", &data);
|
|
173
173
|
if (callNode->arg_size() < 3) return;
|
|
174
174
|
AbstractState& as = getAbsStateFromTrace(callNode);
|
|
175
|
-
u32_t dst_id =
|
|
175
|
+
u32_t dst_id = callNode->getArgument(2)->getId();
|
|
176
176
|
if (!as.inVarToAddrsTable(dst_id))
|
|
177
177
|
{
|
|
178
178
|
}
|
|
@@ -201,8 +201,8 @@ void AbsExtAPI::initExtFunMap()
|
|
|
201
201
|
{
|
|
202
202
|
if (callNode->arg_size() < 3) return;
|
|
203
203
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
204
|
-
u32_t block_count_id =
|
|
205
|
-
u32_t block_size_id =
|
|
204
|
+
u32_t block_count_id = callNode->getArgument(2)->getId();
|
|
205
|
+
u32_t block_size_id = callNode->getArgument(1)->getId();
|
|
206
206
|
IntervalValue block_count = as[block_count_id].getInterval();
|
|
207
207
|
IntervalValue block_size = as[block_size_id].getInterval();
|
|
208
208
|
IntervalValue block_byte = block_count * block_size;
|
|
@@ -218,17 +218,18 @@ void AbsExtAPI::initExtFunMap()
|
|
|
218
218
|
{
|
|
219
219
|
if (callNode->arg_size() < 2) return;
|
|
220
220
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
221
|
-
u32_t size_id =
|
|
222
|
-
u32_t dst_id =
|
|
221
|
+
u32_t size_id = callNode->getArgument(1)->getId();
|
|
222
|
+
u32_t dst_id = callNode->getArgument(0)->getId();
|
|
223
223
|
// get elem size of arg2
|
|
224
224
|
u32_t elemSize = 1;
|
|
225
225
|
if (callNode->getArgument(2)->getType()->isArrayTy())
|
|
226
226
|
{
|
|
227
|
-
elemSize = SVFUtil::dyn_cast<SVFArrayType>(
|
|
227
|
+
elemSize = SVFUtil::dyn_cast<SVFArrayType>(
|
|
228
|
+
callNode->getArgument(2)->getType())->getTypeOfElement()->getByteSize();
|
|
228
229
|
}
|
|
229
230
|
else if (callNode->getArgument(2)->getType()->isPointerTy())
|
|
230
231
|
{
|
|
231
|
-
elemSize = as.getPointeeElement(
|
|
232
|
+
elemSize = as.getPointeeElement(callNode->getArgument(2)->getId())->getByteSize();
|
|
232
233
|
}
|
|
233
234
|
else
|
|
234
235
|
{
|
|
@@ -258,7 +259,7 @@ void AbsExtAPI::initExtFunMap()
|
|
|
258
259
|
// num: int, ch: char*, 10 is decimal
|
|
259
260
|
if (callNode->arg_size() < 3) return;
|
|
260
261
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
261
|
-
u32_t num_id =
|
|
262
|
+
u32_t num_id = callNode->getArgument(0)->getId();
|
|
262
263
|
|
|
263
264
|
u32_t num = (u32_t) as[num_id].getInterval().getNumeral();
|
|
264
265
|
std::string snum = std::to_string(num);
|
|
@@ -270,10 +271,10 @@ void AbsExtAPI::initExtFunMap()
|
|
|
270
271
|
{
|
|
271
272
|
// check the arg size
|
|
272
273
|
if (callNode->arg_size() < 1) return;
|
|
273
|
-
const
|
|
274
|
+
const SVFVar* strValue = callNode->getArgument(0);
|
|
274
275
|
AbstractState& as = getAbsStateFromTrace(callNode);
|
|
275
|
-
NodeID value_id =
|
|
276
|
-
u32_t lhsId =
|
|
276
|
+
NodeID value_id = strValue->getId();
|
|
277
|
+
u32_t lhsId = callNode->getRetICFGNode()->getActualRet()->getId();
|
|
277
278
|
u32_t dst_size = 0;
|
|
278
279
|
for (const auto& addr : as[value_id].getAddrs())
|
|
279
280
|
{
|
|
@@ -295,7 +296,7 @@ void AbsExtAPI::initExtFunMap()
|
|
|
295
296
|
}
|
|
296
297
|
}
|
|
297
298
|
u32_t len = 0;
|
|
298
|
-
NodeID dstid =
|
|
299
|
+
NodeID dstid = strValue->getId();
|
|
299
300
|
if (as.inVarToAddrsTable(dstid))
|
|
300
301
|
{
|
|
301
302
|
for (u32_t index = 0; index < dst_size; index++)
|
|
@@ -331,9 +332,9 @@ void AbsExtAPI::initExtFunMap()
|
|
|
331
332
|
// recv(sockfd, buf, len, flags);
|
|
332
333
|
if (callNode->arg_size() < 4) return;
|
|
333
334
|
AbstractState&as = getAbsStateFromTrace(callNode);
|
|
334
|
-
u32_t len_id =
|
|
335
|
+
u32_t len_id = callNode->getArgument(2)->getId();
|
|
335
336
|
IntervalValue len = as[len_id].getInterval() - IntervalValue(1);
|
|
336
|
-
u32_t lhsId =
|
|
337
|
+
u32_t lhsId = callNode->getRetICFGNode()->getActualRet()->getId();
|
|
337
338
|
as[lhsId] = len;
|
|
338
339
|
};
|
|
339
340
|
func_map["recv"] = sse_recv;
|
|
@@ -409,14 +410,17 @@ void AbsExtAPI::handleExtAPI(const CallICFGNode *call)
|
|
|
409
410
|
}
|
|
410
411
|
else
|
|
411
412
|
{
|
|
412
|
-
|
|
413
|
-
if (as.inVarToAddrsTable(lhsId))
|
|
413
|
+
if (const SVFVar* ret = call->getRetICFGNode()->getActualRet())
|
|
414
414
|
{
|
|
415
|
+
u32_t lhsId = ret->getId();
|
|
416
|
+
if (as.inVarToAddrsTable(lhsId))
|
|
417
|
+
{
|
|
415
418
|
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
419
|
+
}
|
|
420
|
+
else
|
|
421
|
+
{
|
|
422
|
+
as[lhsId] = IntervalValue();
|
|
423
|
+
}
|
|
420
424
|
}
|
|
421
425
|
return;
|
|
422
426
|
}
|
|
@@ -424,16 +428,16 @@ void AbsExtAPI::handleExtAPI(const CallICFGNode *call)
|
|
|
424
428
|
// 1. memcpy functions like memcpy_chk, strncpy, annotate("MEMCPY"), annotate("BUF_CHECK:Arg0, Arg2"), annotate("BUF_CHECK:Arg1, Arg2")
|
|
425
429
|
else if (extType == MEMCPY)
|
|
426
430
|
{
|
|
427
|
-
IntervalValue len = as[
|
|
428
|
-
svfir->getGNode(
|
|
429
|
-
handleMemcpy(as,
|
|
431
|
+
IntervalValue len = as[call->getArgument(2)->getId()].getInterval();
|
|
432
|
+
svfir->getGNode(call->getArgument(0)->getId());
|
|
433
|
+
handleMemcpy(as, call->getArgument(0), call->getArgument(1), len, 0);
|
|
430
434
|
}
|
|
431
435
|
else if (extType == MEMSET)
|
|
432
436
|
{
|
|
433
437
|
// memset dst is arg0, elem is arg1, size is arg2
|
|
434
|
-
IntervalValue len = as[
|
|
435
|
-
IntervalValue elem = as[
|
|
436
|
-
handleMemset(as,
|
|
438
|
+
IntervalValue len = as[call->getArgument(2)->getId()].getInterval();
|
|
439
|
+
IntervalValue elem = as[call->getArgument(1)->getId()].getInterval();
|
|
440
|
+
handleMemset(as, call->getArgument(0), elem, len);
|
|
437
441
|
}
|
|
438
442
|
else if (extType == STRCPY)
|
|
439
443
|
{
|
|
@@ -455,8 +459,8 @@ void AbsExtAPI::handleStrcpy(const CallICFGNode *call)
|
|
|
455
459
|
// strcpy, __strcpy_chk, stpcpy , wcscpy, __wcscpy_chk
|
|
456
460
|
// get the dst and src
|
|
457
461
|
AbstractState& as = getAbsStateFromTrace(call);
|
|
458
|
-
const SVFVar* arg0Val =
|
|
459
|
-
const SVFVar* arg1Val =
|
|
462
|
+
const SVFVar* arg0Val = call->getArgument(0);
|
|
463
|
+
const SVFVar* arg1Val = call->getArgument(1);
|
|
460
464
|
IntervalValue strLen = getStrlen(as, arg1Val);
|
|
461
465
|
// no need to -1, since it has \0 as the last byte
|
|
462
466
|
handleMemcpy(as, arg0Val, arg1Val, strLen, strLen.lb().getIntNumeral());
|
|
@@ -548,8 +552,8 @@ void AbsExtAPI::handleStrcat(const SVF::CallICFGNode *call)
|
|
|
548
552
|
const std::vector<std::string> strncatGroup = {"__strncat_chk", "strncat", "__wcsncat_chk", "wcsncat"};
|
|
549
553
|
if (std::find(strcatGroup.begin(), strcatGroup.end(), fun->getName()) != strcatGroup.end())
|
|
550
554
|
{
|
|
551
|
-
const SVFVar* arg0Val =
|
|
552
|
-
const SVFVar* arg1Val =
|
|
555
|
+
const SVFVar* arg0Val = call->getArgument(0);
|
|
556
|
+
const SVFVar* arg1Val = call->getArgument(1);
|
|
553
557
|
IntervalValue strLen0 = getStrlen(as, arg0Val);
|
|
554
558
|
IntervalValue strLen1 = getStrlen(as, arg1Val);
|
|
555
559
|
IntervalValue totalLen = strLen0 + strLen1;
|
|
@@ -558,9 +562,9 @@ void AbsExtAPI::handleStrcat(const SVF::CallICFGNode *call)
|
|
|
558
562
|
}
|
|
559
563
|
else if (std::find(strncatGroup.begin(), strncatGroup.end(), fun->getName()) != strncatGroup.end())
|
|
560
564
|
{
|
|
561
|
-
const SVFVar* arg0Val =
|
|
562
|
-
const SVFVar* arg1Val =
|
|
563
|
-
const SVFVar* arg2Val =
|
|
565
|
+
const SVFVar* arg0Val = call->getArgument(0);
|
|
566
|
+
const SVFVar* arg1Val = call->getArgument(1);
|
|
567
|
+
const SVFVar* arg2Val = call->getArgument(2);
|
|
564
568
|
IntervalValue arg2Num = as[arg2Val->getId()].getInterval();
|
|
565
569
|
IntervalValue strLen0 = getStrlen(as, arg0Val);
|
|
566
570
|
IntervalValue totalLen = strLen0 + arg2Num;
|
package/svf/lib/CFL/CFLAlias.cpp
CHANGED
|
@@ -155,7 +155,7 @@ void CFLAlias::heapAllocatorViaIndCall(const CallICFGNode* cs)
|
|
|
155
155
|
else
|
|
156
156
|
{
|
|
157
157
|
NodeID valNode = svfir->addDummyValNode();
|
|
158
|
-
NodeID objNode = svfir->addDummyObjNode(cs->
|
|
158
|
+
NodeID objNode = svfir->addDummyObjNode(cs->getType());
|
|
159
159
|
callsite2DummyValPN.insert(std::make_pair(cs,valNode));
|
|
160
160
|
graph->addCFLNode(valNode, new CFLNode(valNode));
|
|
161
161
|
graph->addCFLNode(objNode, new CFLNode(objNode));
|
|
@@ -145,8 +145,8 @@ void FunptrDDAClient::performStat(PointerAnalysis* pta)
|
|
|
145
145
|
|
|
146
146
|
++morePreciseCallsites;
|
|
147
147
|
outs() << "============more precise callsite =================\n";
|
|
148
|
-
outs() << (nIter->second)->
|
|
149
|
-
outs() << (nIter->second)->
|
|
148
|
+
outs() << (nIter->second)->toString() << "\n";
|
|
149
|
+
outs() << (nIter->second)->getSourceLoc() << "\n";
|
|
150
150
|
outs() << "\n";
|
|
151
151
|
outs() << "------ander pts or vtable num---(" << anderPts.count() << ")--\n";
|
|
152
152
|
outs() << "------DDA vfn num---(" << ander_vfns.size() << ")--\n";
|
package/svf/lib/Graphs/CHG.cpp
CHANGED
|
@@ -30,6 +30,7 @@
|
|
|
30
30
|
#include "Graphs/CHG.h"
|
|
31
31
|
#include "Util/SVFUtil.h"
|
|
32
32
|
#include "Graphs/ICFG.h"
|
|
33
|
+
#include "SVFIR/SVFIR.h"
|
|
33
34
|
|
|
34
35
|
using namespace SVF;
|
|
35
36
|
using namespace SVFUtil;
|
|
@@ -49,7 +50,7 @@ static bool hasEdge(const CHNode *src, const CHNode *dst,
|
|
|
49
50
|
return false;
|
|
50
51
|
}
|
|
51
52
|
|
|
52
|
-
static bool checkArgTypes(const
|
|
53
|
+
static bool checkArgTypes(const CallICFGNode* cs, const SVFFunction* fn)
|
|
53
54
|
{
|
|
54
55
|
|
|
55
56
|
// here we skip the first argument (i.e., this pointer)
|
|
@@ -58,7 +59,7 @@ static bool checkArgTypes(const SVFCallInst* cs, const SVFFunction* fn)
|
|
|
58
59
|
{
|
|
59
60
|
for (unsigned i = 1; i < arg_size; i++)
|
|
60
61
|
{
|
|
61
|
-
auto cs_arg = cs->
|
|
62
|
+
auto cs_arg = cs->getArgument(i);
|
|
62
63
|
auto fn_arg = fn->getArg(i);
|
|
63
64
|
if (cs_arg->getType() != fn_arg->getType())
|
|
64
65
|
{
|
|
@@ -72,24 +73,24 @@ static bool checkArgTypes(const SVFCallInst* cs, const SVFFunction* fn)
|
|
|
72
73
|
|
|
73
74
|
bool CHGraph::csHasVtblsBasedonCHA(const CallICFGNode* cs)
|
|
74
75
|
{
|
|
75
|
-
|
|
76
|
-
return it !=
|
|
76
|
+
CallNodeToVTableSetMap::const_iterator it = callNodeToCHAVtblsMap.find(cs);
|
|
77
|
+
return it != callNodeToCHAVtblsMap.end();
|
|
77
78
|
}
|
|
78
79
|
bool CHGraph::csHasVFnsBasedonCHA(const CallICFGNode* cs)
|
|
79
80
|
{
|
|
80
|
-
|
|
81
|
-
return it !=
|
|
81
|
+
CallNodeToVFunSetMap::const_iterator it = callNodeToCHAVFnsMap.find(cs);
|
|
82
|
+
return it != callNodeToCHAVFnsMap.end();
|
|
82
83
|
}
|
|
83
84
|
const VTableSet& CHGraph::getCSVtblsBasedonCHA(const CallICFGNode* cs)
|
|
84
85
|
{
|
|
85
|
-
|
|
86
|
-
assert(it !=
|
|
86
|
+
CallNodeToVTableSetMap::const_iterator it = callNodeToCHAVtblsMap.find(cs);
|
|
87
|
+
assert(it != callNodeToCHAVtblsMap.end() && "cs does not have vtabls based on CHA.");
|
|
87
88
|
return it->second;
|
|
88
89
|
}
|
|
89
90
|
const VFunSet& CHGraph::getCSVFsBasedonCHA(const CallICFGNode* cs)
|
|
90
91
|
{
|
|
91
|
-
|
|
92
|
-
assert(it !=
|
|
92
|
+
CallNodeToVFunSetMap::const_iterator it = callNodeToCHAVFnsMap.find(cs);
|
|
93
|
+
assert(it != callNodeToCHAVFnsMap.end() && "cs does not have vfns based on CHA.");
|
|
93
94
|
return it->second;
|
|
94
95
|
}
|
|
95
96
|
|
|
@@ -120,13 +121,12 @@ CHNode *CHGraph::getNode(const string name) const
|
|
|
120
121
|
* Get virtual functions for callsite "cs" based on vtbls (calculated
|
|
121
122
|
* based on pointsto set)
|
|
122
123
|
*/
|
|
123
|
-
void CHGraph::getVFnsFromVtbls(const
|
|
124
|
+
void CHGraph::getVFnsFromVtbls(const CallICFGNode* callsite, const VTableSet &vtbls, VFunSet &virtualFunctions)
|
|
124
125
|
{
|
|
125
|
-
const SVFVirtualCallInst* cs = SVFUtil::cast<SVFVirtualCallInst>(callsite);
|
|
126
126
|
/// get target virtual functions
|
|
127
|
-
size_t idx =
|
|
127
|
+
size_t idx = callsite->getFunIdxInVtable();
|
|
128
128
|
/// get the function name of the virtual callsite
|
|
129
|
-
string funName =
|
|
129
|
+
string funName = callsite->getFunNameOfVirtualCall();
|
|
130
130
|
for (const SVFGlobalValue *vt : vtbls)
|
|
131
131
|
{
|
|
132
132
|
const CHNode *child = getNode(vt->getName());
|
|
@@ -138,13 +138,13 @@ void CHGraph::getVFnsFromVtbls(const SVFCallInst* callsite, const VTableSet &vtb
|
|
|
138
138
|
feit = vfns.end(); fit != feit; ++fit)
|
|
139
139
|
{
|
|
140
140
|
const SVFFunction* callee = *fit;
|
|
141
|
-
if (
|
|
142
|
-
(
|
|
141
|
+
if (callsite->arg_size() == callee->arg_size() ||
|
|
142
|
+
(callsite->isVarArg() && callee->isVarArg()))
|
|
143
143
|
{
|
|
144
144
|
|
|
145
145
|
// if argument types do not match
|
|
146
146
|
// skip this one
|
|
147
|
-
if (!checkArgTypes(
|
|
147
|
+
if (!checkArgTypes(callsite, callee))
|
|
148
148
|
continue;
|
|
149
149
|
|
|
150
150
|
string calleeName = callee->getName();
|
|
@@ -32,6 +32,7 @@
|
|
|
32
32
|
#include "SVFIR/SVFModule.h"
|
|
33
33
|
#include "Util/SVFUtil.h"
|
|
34
34
|
#include "Graphs/CallGraph.h"
|
|
35
|
+
#include "SVFIR/SVFIR.h"
|
|
35
36
|
|
|
36
37
|
using namespace SVF;
|
|
37
38
|
using namespace SVFUtil;
|
|
@@ -51,7 +52,7 @@ void CallGraphEdge::addDirectCallSite(const CallICFGNode* call)
|
|
|
51
52
|
|
|
52
53
|
void CallGraphEdge::addInDirectCallSite(const CallICFGNode* call)
|
|
53
54
|
{
|
|
54
|
-
assert((nullptr == call->getCalledFunction() || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call))) && "not an indirect callsite??");
|
|
55
|
+
assert((nullptr == call->getCalledFunction() || nullptr == SVFUtil::dyn_cast<SVFFunction> (SVFUtil::getForkedFun(call)->getValue())) && "not an indirect callsite??");
|
|
55
56
|
indirectCalls.insert(call);
|
|
56
57
|
}
|
|
57
58
|
//@}
|
package/svf/lib/Graphs/ICFG.cpp
CHANGED
|
@@ -87,11 +87,11 @@ const std::string IntraICFGNode::toString() const
|
|
|
87
87
|
std::string str;
|
|
88
88
|
std::stringstream rawstr(str);
|
|
89
89
|
rawstr << "IntraICFGNode" << getId();
|
|
90
|
-
rawstr << " {fun: " << getFun()->getName() <<
|
|
90
|
+
rawstr << " {fun: " << getFun()->getName() << getSourceLoc() << "}";
|
|
91
91
|
for (const SVFStmt *stmt : getSVFStmts())
|
|
92
92
|
rawstr << "\n" << stmt->toString();
|
|
93
93
|
if(getSVFStmts().empty())
|
|
94
|
-
rawstr << "\n" <<
|
|
94
|
+
rawstr << "\n" << SVFBaseNode::toString();
|
|
95
95
|
return rawstr.str();
|
|
96
96
|
}
|
|
97
97
|
|
|
@@ -120,7 +120,7 @@ const std::string FunExitICFGNode::toString() const
|
|
|
120
120
|
// ensure the enclosing function has exit basic block
|
|
121
121
|
if (!isExtCall(fun) && fun->hasReturn())
|
|
122
122
|
if(const IntraICFGNode* intraICFGNode = dyn_cast<IntraICFGNode>(fun->getExitBB()->front()))
|
|
123
|
-
rawstr << intraICFGNode->
|
|
123
|
+
rawstr << intraICFGNode->getSourceLoc();
|
|
124
124
|
rawstr << "}";
|
|
125
125
|
for (const SVFStmt *stmt : getSVFStmts())
|
|
126
126
|
rawstr << "\n" << stmt->toString();
|
|
@@ -133,11 +133,11 @@ const std::string CallICFGNode::toString() const
|
|
|
133
133
|
std::string str;
|
|
134
134
|
std::stringstream rawstr(str);
|
|
135
135
|
rawstr << "CallICFGNode" << getId();
|
|
136
|
-
rawstr << " {fun: " << getFun()->getName() <<
|
|
136
|
+
rawstr << " {fun: " << getFun()->getName() << ICFGNode::getSourceLoc() << "}";
|
|
137
137
|
for (const SVFStmt *stmt : getSVFStmts())
|
|
138
138
|
rawstr << "\n" << stmt->toString();
|
|
139
|
-
if(getSVFStmts().empty()
|
|
140
|
-
rawstr << "\n" <<
|
|
139
|
+
if(getSVFStmts().empty())
|
|
140
|
+
rawstr << "\n" << SVFBaseNode::toString();
|
|
141
141
|
return rawstr.str();
|
|
142
142
|
}
|
|
143
143
|
|
|
@@ -146,11 +146,11 @@ const std::string RetICFGNode::toString() const
|
|
|
146
146
|
std::string str;
|
|
147
147
|
std::stringstream rawstr(str);
|
|
148
148
|
rawstr << "RetICFGNode" << getId();
|
|
149
|
-
rawstr << " {fun: " << getFun()->getName() <<
|
|
149
|
+
rawstr << " {fun: " << getFun()->getName() << ICFGNode::getSourceLoc() << "}";
|
|
150
150
|
for (const SVFStmt *stmt : getSVFStmts())
|
|
151
151
|
rawstr << "\n" << stmt->toString();
|
|
152
|
-
if(getSVFStmts().empty()
|
|
153
|
-
rawstr << "\n" <<
|
|
152
|
+
if(getSVFStmts().empty())
|
|
153
|
+
rawstr << "\n" << SVFBaseNode::toString();
|
|
154
154
|
return rawstr.str();
|
|
155
155
|
}
|
|
156
156
|
|
package/svf/lib/Graphs/SVFG.cpp
CHANGED
|
@@ -79,10 +79,10 @@ const std::string ActualINSVFGNode::toString() const
|
|
|
79
79
|
{
|
|
80
80
|
std::string str;
|
|
81
81
|
std::stringstream rawstr(str);
|
|
82
|
-
rawstr << "ActualINSVFGNode ID: " << getId() << " at callsite: " <<
|
|
82
|
+
rawstr << "ActualINSVFGNode ID: " << getId() << " at callsite: " << (getCallSite())->toString() << " {fun: " << getFun()->getName() << "}";
|
|
83
83
|
rawstr << "CSMU(" << getMRVer()->getMR()->getMRID() << "V_" << getMRVer()->getSSAVersion() << ")\n";
|
|
84
84
|
rawstr << getMRVer()->getMR()->dumpStr() << "\n";
|
|
85
|
-
rawstr << "CS[" << getCallSite()->
|
|
85
|
+
rawstr << "CS[" << getCallSite()->getSourceLoc() << "]";
|
|
86
86
|
return rawstr.str();
|
|
87
87
|
}
|
|
88
88
|
|
|
@@ -90,11 +90,11 @@ const std::string ActualOUTSVFGNode::toString() const
|
|
|
90
90
|
{
|
|
91
91
|
std::string str;
|
|
92
92
|
std::stringstream rawstr(str);
|
|
93
|
-
rawstr << "ActualOUTSVFGNode ID: " << getId() << " at callsite: " <<
|
|
93
|
+
rawstr << "ActualOUTSVFGNode ID: " << getId() << " at callsite: " << (getCallSite())->toString() << " {fun: " << getFun()->getName() << "}";
|
|
94
94
|
rawstr << getMRVer()->getMR()->getMRID() << "V_" << getMRVer()->getSSAVersion() <<
|
|
95
95
|
" = CSCHI(MR_" << getMRVer()->getMR()->getMRID() << "V_" << getMRVer()->getSSAVersion() << ")\n";
|
|
96
96
|
rawstr << getMRVer()->getMR()->dumpStr() << "\n";
|
|
97
|
-
rawstr << "CS[" << getCallSite()->
|
|
97
|
+
rawstr << "CS[" << getCallSite()->getSourceLoc() << "]" ;
|
|
98
98
|
return rawstr.str();
|
|
99
99
|
}
|
|
100
100
|
|
|
@@ -114,7 +114,7 @@ const std::string MSSAPHISVFGNode::toString() const
|
|
|
114
114
|
if (const IntraICFGNode* intraNode =
|
|
115
115
|
dyn_cast<IntraICFGNode>(getICFGNode()->getBB()->back()))
|
|
116
116
|
{
|
|
117
|
-
rawstr << intraNode->
|
|
117
|
+
rawstr << intraNode->getSourceLoc();
|
|
118
118
|
}
|
|
119
119
|
return rawstr.str();
|
|
120
120
|
}
|
|
@@ -142,7 +142,7 @@ const std::string InterMSSAPHISVFGNode::toString() const
|
|
|
142
142
|
if(isFormalINPHI())
|
|
143
143
|
rawstr << "FormalINPHISVFGNode ID: " << getId() << " {fun: " << getFun()->getName() << "}";
|
|
144
144
|
else
|
|
145
|
-
rawstr << "ActualOUTPHISVFGNode ID: " << getId() << " at callsite: " <<
|
|
145
|
+
rawstr << "ActualOUTPHISVFGNode ID: " << getId() << " at callsite: " << (getCallSite())->toString() << " {fun: " << getFun()->getName() << "}";
|
|
146
146
|
rawstr << MSSAPHISVFGNode::toString();
|
|
147
147
|
return rawstr.str();
|
|
148
148
|
}
|
|
@@ -72,11 +72,11 @@ void ThreadCallGraph::updateCallGraph(PointerAnalysis* pta)
|
|
|
72
72
|
// Fork sites
|
|
73
73
|
for (CallSiteSet::const_iterator it = forksitesBegin(), eit = forksitesEnd(); it != eit; ++it)
|
|
74
74
|
{
|
|
75
|
-
const
|
|
76
|
-
if(SVFUtil::dyn_cast<SVFFunction>(forkedval)==nullptr)
|
|
75
|
+
const SVFVar* forkedval = tdAPI->getForkedFun(*it);
|
|
76
|
+
if(SVFUtil::dyn_cast<SVFFunction>(forkedval->getValue())==nullptr)
|
|
77
77
|
{
|
|
78
78
|
SVFIR* pag = pta->getPAG();
|
|
79
|
-
const NodeBS targets = pta->getPts(
|
|
79
|
+
const NodeBS targets = pta->getPts(forkedval->getId()).toNodeBS();
|
|
80
80
|
for (NodeBS::iterator ii = targets.begin(), ie = targets.end(); ii != ie; ii++)
|
|
81
81
|
{
|
|
82
82
|
if(ObjVar* objPN = SVFUtil::dyn_cast<ObjVar>(pag->getGNode(*ii)))
|
|
@@ -102,13 +102,13 @@ void ThreadCallGraph::updateJoinEdge(PointerAnalysis* pta)
|
|
|
102
102
|
|
|
103
103
|
for (CallSiteSet::const_iterator it = joinsitesBegin(), eit = joinsitesEnd(); it != eit; ++it)
|
|
104
104
|
{
|
|
105
|
-
const
|
|
105
|
+
const SVFVar* jointhread = tdAPI->getJoinedThread(*it);
|
|
106
106
|
// find its corresponding fork sites first
|
|
107
107
|
CallSiteSet forkset;
|
|
108
108
|
for (CallSiteSet::const_iterator it = forksitesBegin(), eit = forksitesEnd(); it != eit; ++it)
|
|
109
109
|
{
|
|
110
|
-
const
|
|
111
|
-
if (pta->alias(jointhread, forkthread))
|
|
110
|
+
const SVFVar* forkthread = tdAPI->getForkedThread(*it);
|
|
111
|
+
if (pta->alias(jointhread->getId(), forkthread->getId()))
|
|
112
112
|
{
|
|
113
113
|
forkset.insert(*it);
|
|
114
114
|
}
|
|
@@ -125,7 +125,7 @@ bool ThreadCallGraph::addDirectForkEdge(const CallICFGNode* cs)
|
|
|
125
125
|
{
|
|
126
126
|
|
|
127
127
|
CallGraphNode* caller = getCallGraphNode(cs->getCaller());
|
|
128
|
-
const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs));
|
|
128
|
+
const SVFFunction* forkee = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(cs)->getValue());
|
|
129
129
|
assert(forkee && "callee does not exist");
|
|
130
130
|
CallGraphNode* callee = getCallGraphNode(forkee->getDefFunForMultipleModule());
|
|
131
131
|
CallSiteID csId = addCallSite(cs, callee->getFunction());
|
|
@@ -184,7 +184,7 @@ void ThreadCallGraph::addDirectJoinEdge(const CallICFGNode* cs,const CallSiteSet
|
|
|
184
184
|
for (CallSiteSet::const_iterator it = forkset.begin(), eit = forkset.end(); it != eit; ++it)
|
|
185
185
|
{
|
|
186
186
|
|
|
187
|
-
const SVFFunction* threadRoutineFun = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(*it));
|
|
187
|
+
const SVFFunction* threadRoutineFun = SVFUtil::dyn_cast<SVFFunction>(tdAPI->getForkedFun(*it)->getValue());
|
|
188
188
|
assert(threadRoutineFun && "thread routine function does not exist");
|
|
189
189
|
CallGraphNode* threadRoutineFunNode = getCallGraphNode(threadRoutineFun);
|
|
190
190
|
CallSiteID csId = addCallSite(cs, threadRoutineFun);
|
package/svf/lib/Graphs/VFG.cpp
CHANGED
|
@@ -290,7 +290,7 @@ const std::string ActualParmVFGNode::toString() const
|
|
|
290
290
|
std::string str;
|
|
291
291
|
std::stringstream rawstr(str);
|
|
292
292
|
rawstr << "ActualParmVFGNode ID: " << getId() << " ";
|
|
293
|
-
rawstr << "CS[" << getCallSite()->
|
|
293
|
+
rawstr << "CS[" << getCallSite()->getSourceLoc() << "]";
|
|
294
294
|
rawstr << param->toString();
|
|
295
295
|
return rawstr.str();
|
|
296
296
|
}
|
|
@@ -324,7 +324,7 @@ const std::string ActualRetVFGNode::toString() const
|
|
|
324
324
|
std::string str;
|
|
325
325
|
std::stringstream rawstr(str);
|
|
326
326
|
rawstr << "ActualRetVFGNode ID: " << getId() << " ";
|
|
327
|
-
rawstr << "CS[" << getCallSite()->
|
|
327
|
+
rawstr << "CS[" << getCallSite()->getSourceLoc() << "]";
|
|
328
328
|
rawstr << param->toString();
|
|
329
329
|
return rawstr.str();
|
|
330
330
|
}
|
package/svf/lib/MTA/MTAStat.cpp
CHANGED
|
@@ -49,7 +49,7 @@ void MTAStat::performThreadCallGraphStat(ThreadCallGraph* tcg)
|
|
|
49
49
|
for (ThreadCallGraph::CallSiteSet::const_iterator it = tcg->forksitesBegin(), eit = tcg->forksitesEnd(); it != eit; ++it)
|
|
50
50
|
{
|
|
51
51
|
bool indirectfork = false;
|
|
52
|
-
const SVFFunction* spawnee = SVFUtil::dyn_cast<SVFFunction>(tcg->getThreadAPI()->getForkedFun(*it));
|
|
52
|
+
const SVFFunction* spawnee = SVFUtil::dyn_cast<SVFFunction>(tcg->getThreadAPI()->getForkedFun(*it)->getValue());
|
|
53
53
|
if(spawnee==nullptr)
|
|
54
54
|
{
|
|
55
55
|
numOfIndForksite++;
|
package/svf/lib/MTA/TCT.cpp
CHANGED
|
@@ -108,14 +108,14 @@ bool TCT::isInRecursion(const ICFGNode* inst) const
|
|
|
108
108
|
for(CallGraphEdge::CallInstSet::const_iterator cit = (*nit)->directCallsBegin(),
|
|
109
109
|
ecit = (*nit)->directCallsEnd(); cit!=ecit; ++cit)
|
|
110
110
|
{
|
|
111
|
-
const SVFFunction* caller = (*cit)->
|
|
111
|
+
const SVFFunction* caller = (*cit)->getFun();
|
|
112
112
|
if(visits.find(caller)==visits.end())
|
|
113
113
|
worklist.push(caller);
|
|
114
114
|
}
|
|
115
115
|
for(CallGraphEdge::CallInstSet::const_iterator cit = (*nit)->indirectCallsBegin(),
|
|
116
116
|
ecit = (*nit)->indirectCallsEnd(); cit!=ecit; ++cit)
|
|
117
117
|
{
|
|
118
|
-
const SVFFunction* caller = (*cit)->
|
|
118
|
+
const SVFFunction* caller = (*cit)->getFun();
|
|
119
119
|
if(visits.find(caller)==visits.end())
|
|
120
120
|
worklist.push(caller);
|
|
121
121
|
}
|
|
@@ -499,7 +499,7 @@ void TCT::dumpCxt(CallStrCxt& cxt)
|
|
|
499
499
|
for(CallStrCxt::const_iterator it = cxt.begin(), eit = cxt.end(); it!=eit; ++it)
|
|
500
500
|
{
|
|
501
501
|
rawstr << " ' "<< *it << " ' ";
|
|
502
|
-
rawstr << tcg->getCallSite(*it)
|
|
502
|
+
rawstr << (tcg->getCallSite(*it))->toString();
|
|
503
503
|
rawstr << " call " << tcg->getCallSite(*it)->getCaller()->getName() << "-->" << tcg->getCalleeOfCallSite(*it)->getName() << ", \n";
|
|
504
504
|
}
|
|
505
505
|
rawstr << " ]";
|
|
@@ -454,7 +454,7 @@ void PointerAnalysis::getVFnsFromPts(const CallICFGNode* cs, const PointsTo &tar
|
|
|
454
454
|
}
|
|
455
455
|
}
|
|
456
456
|
}
|
|
457
|
-
chgraph->getVFnsFromVtbls(
|
|
457
|
+
chgraph->getVFnsFromVtbls(cs, vtbls, vfns);
|
|
458
458
|
}
|
|
459
459
|
}
|
|
460
460
|
|
|
@@ -513,9 +513,9 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
|
|
|
513
513
|
{
|
|
514
514
|
assert(callNode->getNumArgOperands() == 2
|
|
515
515
|
&& "arguments should be two pointers!!");
|
|
516
|
-
const
|
|
517
|
-
const
|
|
518
|
-
AliasResult aliasRes = alias(V1, V2);
|
|
516
|
+
const SVFVar* V1 = callNode->getArgument(0);
|
|
517
|
+
const SVFVar* V2 = callNode->getArgument(1);
|
|
518
|
+
AliasResult aliasRes = alias(V1->getId(), V2->getId());
|
|
519
519
|
|
|
520
520
|
bool checkSuccessful = false;
|
|
521
521
|
if (fun == aliasTestMayAlias || fun == aliasTestMayAliasMangled)
|
|
@@ -543,8 +543,8 @@ void PointerAnalysis::validateSuccessTests(std::string fun)
|
|
|
543
543
|
else
|
|
544
544
|
assert(false && "not supported alias check!!");
|
|
545
545
|
|
|
546
|
-
NodeID id1 =
|
|
547
|
-
NodeID id2 =
|
|
546
|
+
NodeID id1 = V1->getId();
|
|
547
|
+
NodeID id2 = V2->getId();
|
|
548
548
|
|
|
549
549
|
if (checkSuccessful)
|
|
550
550
|
outs() << sucMsg("\t SUCCESS :") << fun << " check <id:" << id1 << ", id:" << id2 << "> at ("
|
|
@@ -578,9 +578,9 @@ void PointerAnalysis::validateExpectedFailureTests(std::string fun)
|
|
|
578
578
|
{
|
|
579
579
|
assert(callNode->arg_size() == 2
|
|
580
580
|
&& "arguments should be two pointers!!");
|
|
581
|
-
const
|
|
582
|
-
const
|
|
583
|
-
AliasResult aliasRes = alias(V1, V2);
|
|
581
|
+
const SVFVar* V1 = callNode->getArgument(0);
|
|
582
|
+
const SVFVar* V2 = callNode->getArgument(1);
|
|
583
|
+
AliasResult aliasRes = alias(V1->getId(), V2->getId());
|
|
584
584
|
|
|
585
585
|
bool expectedFailure = false;
|
|
586
586
|
if (fun == aliasTestFailMayAlias || fun == aliasTestFailMayAliasMangled)
|
|
@@ -598,8 +598,8 @@ void PointerAnalysis::validateExpectedFailureTests(std::string fun)
|
|
|
598
598
|
else
|
|
599
599
|
assert(false && "not supported alias check!!");
|
|
600
600
|
|
|
601
|
-
NodeID id1 =
|
|
602
|
-
NodeID id2 =
|
|
601
|
+
NodeID id1 = V1->getId();
|
|
602
|
+
NodeID id2 = V2->getId();
|
|
603
603
|
|
|
604
604
|
if (expectedFailure)
|
|
605
605
|
outs() << sucMsg("\t EXPECTED-FAILURE :") << fun << " check <id:" << id1 << ", id:" << id2 << "> at ("
|
|
@@ -521,7 +521,7 @@ void BVDataPTAImpl::onTheFlyThreadCallGraphSolve(const CallSiteToFunPtrMap& call
|
|
|
521
521
|
for(CallSiteSet::const_iterator it = tdCallGraph->forksitesBegin(),
|
|
522
522
|
eit = tdCallGraph->forksitesEnd(); it != eit; ++it)
|
|
523
523
|
{
|
|
524
|
-
const SVFValue* forkedVal =tdCallGraph->getThreadAPI()->getForkedFun(*it);
|
|
524
|
+
const SVFValue* forkedVal =tdCallGraph->getThreadAPI()->getForkedFun(*it)->getValue();
|
|
525
525
|
if(SVFUtil::dyn_cast<SVFFunction>(forkedVal) == nullptr)
|
|
526
526
|
{
|
|
527
527
|
SVFIR *pag = this->getPAG();
|