add heap and stack obj var

SVF-tools · Dec 16, 2024 · 631301c · 631301c
1 parent cf9433d
commit 631301c
Show file tree

Hide file tree

Showing 20 changed files with 384 additions and 78 deletions.
diff --git a/.github/workflows/github-action.yml b/.github/workflows/github-action.yml
@@ -40,7 +40,7 @@ jobs:
           sudo apt-get update
           sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
           sudo apt-get update
-          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz lcov libncurses5-dev libtinfo5 libzstd-dev
+          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz lcov libncurses5-dev libtinfo6 libzstd-dev
 
       # build-svf
       - name: build-svf

diff --git a/.github/workflows/svf-lib_publish.yml b/.github/workflows/svf-lib_publish.yml
@@ -40,7 +40,7 @@ jobs:
           sudo apt-get update
           sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
           sudo apt-get update
-          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz libncurses5-dev libtinfo5 libzstd-dev
+          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz libncurses5-dev libtinfo6 libzstd-dev
           sudo apt-get update
           sudo apt-get install -y astyle
       - name: env-setup

diff --git a/svf-llvm/include/SVF-LLVM/LLVMUtil.h b/svf-llvm/include/SVF-LLVM/LLVMUtil.h
@@ -360,6 +360,9 @@ inline bool isHeapAllocExtCall(const Instruction *inst)
     return isHeapAllocExtCallViaRet(inst) || isHeapAllocExtCallViaArg(inst);
 }
 
+// Check if a given value represents a heap object.
+bool isHeapObj(const Value* val);
+
 /// Whether an instruction is a callsite in the application code, excluding llvm intrinsic calls
 bool isNonInstricCallSite(const Instruction* inst);
 

diff --git a/svf-llvm/lib/LLVMUtil.cpp b/svf-llvm/lib/LLVMUtil.cpp
@@ -646,6 +646,30 @@ bool LLVMUtil::isHeapAllocExtCallViaArg(const Instruction* inst)
     }
 }
 
+/**
+ * Check if a given value represents a heap object.
+ *
+ * @param val The value to check.
+ * @return True if the value represents a heap object, false otherwise.
+ */
+bool LLVMUtil::isHeapObj(const Value* val)
+{
+    // Check if the value is an argument in the program entry function
+    if (ArgInProgEntryFunction(val))
+    {
+        // Return true if the value does not have a first use via cast instruction
+        return !getFirstUseViaCastInst(val);
+    }
+    // Check if the value is an instruction and if it is a heap allocation external call
+    else if (SVFUtil::isa<Instruction>(val) &&
+             LLVMUtil::isHeapAllocExtCall(SVFUtil::cast<Instruction>(val)))
+    {
+        return true;
+    }
+    // Return false if none of the above conditions are met
+    return false;
+}
+
 bool LLVMUtil::isNonInstricCallSite(const Instruction* inst)
 {
     bool res = false;

diff --git a/svf-llvm/lib/SVFIRBuilder.cpp b/svf-llvm/lib/SVFIRBuilder.cpp
@@ -214,53 +214,88 @@ void SVFIRBuilder::initialiseNodes()
     pag->addBlackholePtrNode();
     addNullPtrNode();
 
-    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
-                symTable->valSyms().begin(); iter != symTable->valSyms().end();
-            ++iter)
-    {
-        DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
-        if(iter->second == symTable->blkPtrSymID() || iter->second == symTable->nullPtrSymID())
-            continue;
+    // Iterate over all value symbols in the symbol table
+for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
+            symTable->valSyms().begin(); iter != symTable->valSyms().end();
+        ++iter)
+{
+    // Debug output for adding value node
+    DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
 
-        const ICFGNode* icfgNode = nullptr;
-        if (const Instruction* inst =
-                    SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(iter->first)))
-        {
-            if (llvmModuleSet()->hasICFGNode(inst))
-            {
-                icfgNode = llvmModuleSet()->getICFGNode(inst);
-            }
-        }
+    // Skip blackhole and null pointer symbols
+    if(iter->second == symTable->blkPtrSymID() || iter->second == symTable->nullPtrSymID())
+        continue;
 
-        if (const Function* func =
-                    SVFUtil::dyn_cast<Function>(llvmModuleSet()->getLLVMValue(iter->first)))
-        {
-            const CallGraphNode* cgn = llvmModuleSet()->getCallGraphNode(func);
-            pag->addFunValNode(cgn, iter->second, icfgNode);
-        }
-        else
+    const ICFGNode* icfgNode = nullptr;
+
+    // Check if the value is an instruction and get its ICFG node
+    if (const Instruction* inst =
+                SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(iter->first)))
+    {
+        if (llvmModuleSet()->hasICFGNode(inst))
         {
-            pag->addValNode(iter->first, iter->second, icfgNode);
+            icfgNode = llvmModuleSet()->getICFGNode(inst);
         }
     }
 
-    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
-                symTable->objSyms().begin(); iter != symTable->objSyms().end();
-            ++iter)
+    // Check if the value is a function and get its call graph node
+    if (const Function* func =
+                SVFUtil::dyn_cast<Function>(llvmModuleSet()->getLLVMValue(iter->first)))
     {
-        DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
-        if(iter->second == symTable->blackholeSymID() || iter->second == symTable->constantSymID())
-            continue;
-        if (const Function* func = SVFUtil::dyn_cast<Function>(
-                                       llvmModuleSet()->getLLVMValue(iter->first)))
-        {
-            pag->addFunObjNode(llvmModuleSet()->getCallGraphNode(func), iter->second);
-        }
-        else
-        {
-            pag->addObjNode(iter->first, iter->second);
-        }
+        const CallGraphNode* cgn = llvmModuleSet()->getCallGraphNode(func);
+        // add value node representing the function
+        pag->addFunValNode(cgn, iter->second, icfgNode);
+    }
+    else
+    {
+        // Add value node to PAG
+        pag->addValNode(iter->first, iter->second, icfgNode);
     }
+}
+
+    // Iterate over all object symbols in the symbol table
+for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
+            symTable->objSyms().begin(); iter != symTable->objSyms().end();
+        ++iter)
+{
+    // Debug output for adding object node
+    DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
+
+    // Skip blackhole and constant symbols
+    if(iter->second == symTable->blackholeSymID() || iter->second == symTable->constantSymID())
+        continue;
+
+    // Get the LLVM value corresponding to the symbol
+    const Value* llvmValue = llvmModuleSet()->getLLVMValue(iter->first);
+
+    // Check if the value is a function and add a function object node
+    if (const Function* func = SVFUtil::dyn_cast<Function>(llvmValue))
+    {
+        pag->addFunObjNode(llvmModuleSet()->getCallGraphNode(func), iter->second);
+    }
+    // Check if the value is a heap object and add a heap object node
+    else if (LLVMUtil::isHeapObj(llvmValue))
+    {
+        const SVFFunction* f =
+            SVFUtil::cast<SVFInstruction>(iter->first)->getFunction();
+        pag->addHeapObjNode(iter->first, f, iter->second);
+        llvmModuleSet()->setValueAttr(llvmValue,pag->getGNode(iter->second));
+    }
+    // Check if the value is an alloca instruction and add a stack object node
+    else if (SVFUtil::isa<AllocaInst>(llvmValue))
+    {
+        const SVFFunction* f =
+            SVFUtil::cast<SVFInstruction>(iter->first)->getFunction();
+        pag->addStackObjNode(iter->first, f, iter->second);
+        llvmModuleSet()->setValueAttr(llvmValue,
+                                      pag->getGNode(iter->second));
+    }
+    // Add a generic object node for other types of values
+    else
+    {
+        pag->addObjNode(iter->first, iter->second);
+    }
+}
 
     for (SymbolTableInfo::FunToIDMapTy::iterator iter =
                 symTable->retSyms().begin(); iter != symTable->retSyms().end();
@@ -1347,7 +1382,7 @@ void SVFIRBuilder::setCurrentBBAndValueForPAGEdge(PAGEdge* edge)
     {
         const SVFFunction* srcFun = edge->getSrcNode()->getFunction();
         const SVFFunction* dstFun = edge->getDstNode()->getFunction();
-        if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<SVFFunction>(edge->getSrcNode()->getValue()))
+        if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && edge->getSrcNode()->hasValue() && !SVFUtil::isa<SVFFunction>(edge->getSrcNode()->getValue()))
         {
             assert(srcFun==curInst->getFunction() && "SrcNode of the PAGEdge not in the same function?");
         }

diff --git a/svf/include/DDA/DDAVFSolver.h b/svf/include/DDA/DDAVFSolver.h
@@ -473,7 +473,7 @@ class DDAVFSolver
         NodeID id = getPtrNodeID(var);
         const MemObj* obj = _pag->getObject(id);
         assert(obj && "object not found!!");
-        if(obj->isStack())
+        if(SVFUtil::isStackOriginVar(_pag->getGNode(id)))
         {
             if(const SVFFunction* svffun = _pag->getGNode(id)->getFunction())
             {
@@ -637,9 +637,7 @@ class DDAVFSolver
     //@{
     virtual inline bool isHeapCondMemObj(const CVar& var, const StoreSVFGNode*)
     {
-        const MemObj* mem = _pag->getObject(getPtrNodeID(var));
-        assert(mem && "memory object is null??");
-        return mem->isHeap();
+        return SVFUtil::isHeapOriginVar(_pag->getGNode(getPtrNodeID(var)));
     }
 
     inline bool isArrayCondMemObj(const CVar& var) const

diff --git a/svf/include/Graphs/GenericGraph.h b/svf/include/Graphs/GenericGraph.h
@@ -180,6 +180,10 @@ class SVFBaseNode
         FIObjNode,
         // │            ├──FunObjNode: Types of function object
         FunObjNode,
+        // │            ├──HeapObjNode: Types of heap object
+        HeapObjNode,
+        // │            ├──StackObjNode: Types of stack object
+        StackObjNode,
         // │       └── DummyObjNode: Dummy node for uninitialized objects
         DummyObjNode,
         // └────────
@@ -317,7 +321,7 @@ class SVFBaseNode
 
     static inline bool isSVFVarKind(GNodeK n)
     {
-        static_assert(DummyObjNode - ValNode == 10,
+        static_assert(DummyObjNode - ValNode == 12,
                       "The number of SVFVarKinds has changed, make sure the "
                       "range is correct");
 
@@ -334,18 +338,18 @@ class SVFBaseNode
 
     static inline bool isObjVarKinds(GNodeK n)
     {
-        static_assert(DummyObjNode - ObjNode == 4,
+        static_assert(DummyObjNode - ObjNode == 6,
                       "The number of ObjVarKinds has changed, make sure the "
                       "range is correct");
         return n <= DummyObjNode && n >= ObjNode;
     }
 
     static inline bool isFIObjVarKinds(GNodeK n)
     {
-        static_assert(FunObjNode - FIObjNode == 1,
+        static_assert(StackObjNode - FIObjNode == 3,
                       "The number of FIObjVarKinds has changed, make sure the "
                       "range is correct");
-        return n <= FunObjNode && n >= FIObjNode;
+        return n <= StackObjNode && n >= FIObjNode;
     }
 
     static inline bool isVFGNodeKinds(GNodeK n)

diff --git a/svf/include/MemoryModel/PointerAnalysis.h b/svf/include/MemoryModel/PointerAnalysis.h
@@ -304,9 +304,7 @@ class PointerAnalysis
     //@{
     inline bool isHeapMemObj(NodeID id) const
     {
-        const MemObj* mem = pag->getObject(id);
-        assert(mem && "memory object is null??");
-        return mem->isHeap();
+        return SVFUtil::isHeapOriginVar(pag->getGNode(id));
     }
 
     inline bool isArrayMemObj(NodeID id) const

diff --git a/svf/include/SVFIR/SVFIR.h b/svf/include/SVFIR/SVFIR.h
@@ -565,6 +565,30 @@ class SVFIR : public IRGraph
         return addFIObjNode(mem);
     }
 
+    /**
+     * Creates and adds a heap object node to the SVFIR
+     */
+    inline NodeID addHeapObjNode(const SVFValue* val, const SVFFunction* f, NodeID i)
+    {
+        const MemObj* mem = getMemObj(val);
+        assert(mem->getId() == i && "not same object id?");
+        memToFieldsMap[i].set(i);
+        HeapObjVar *node = new HeapObjVar(f, val->getType(), i, mem);
+        return addObjNode(val, node, i);
+    }
+
+    /**
+     * Creates and adds a stack object node to the SVFIR
+     */
+    inline NodeID addStackObjNode(const SVFValue* val, const SVFFunction* f, NodeID i)
+    {
+        const MemObj* mem = getMemObj(val);
+        assert(mem->getId() == i && "not same object id?");
+        memToFieldsMap[i].set(i);
+        StackObjVar *node = new  StackObjVar(f, val->getType(), i, mem);
+        return addObjNode(val, node, i);
+    }
+
     NodeID addFunObjNode(const CallGraphNode* callGraphNode, NodeID id);
     /// Add a unique return node for a procedure
     inline NodeID addRetNode(const CallGraphNode* callGraphNode, NodeID i)