Skip to content

SVF Point‐to Analysis Results Read and Write

Jump to bottom Edit New page
Zexin Zhong(Jason) edited this page Sep 17, 2023 · 2 revisions

Introduction

The purpose of point-to analysis read and write is to implement functions that will write the point-to analysis results to a file and then read the point-to analysis results back into memory from a file. In this guide, we'll walk you through the process of working with reading and writing point-to analysis results, saving them to a file, and loading them from a file using SVF. This can be useful for sharing or storing analysis data, enabling further analysis, or integration with other tools.

Read and Write Point-to Analysis Results by SVF Command Line

SVF has implemented the command line for reading and writing point-to analysis results from a file.

To write the point-to analysis results to a file, execute the following command in your terminal:

 wpa -vfspta -write-ander="file_path_for_storing_result" example.bc

To load the analysis results from a file, use the following command in your terminal:

wpa -vfspta -write-ander="file_path_for_storing_result" example.bc

In the above command, the attribute -vfspta represents the type of point-to analysis algorithm you would like to use. SVF currently supports -vfspta, -fspta, -ander, -sander, -sfrander, -steens, -type. The attribute example.bc is the bc file of the target code.

Write Your Own Analysis with SVF Read and Write Point-to Analysis Results

In some cases, you may wish to use the SVF read and write point-to analysis results with your own code. To write the analysis results in your code, invoke the solveAndwritePtsToFile(string filePath) function located in the pointer analyzer. For example, to write the Andersen pointer analysis results, add the following code snippet to your code:

// Initial and create the pointer analyzer. It could be (FlowSensitive, VersionedFlowSensitve etc.)
Andersen* ander = AndersenWaveDiff::createAndersenWaveDiff(pag);

// Invoke the solveAndwritePtsToFile() to solve and write the pts results to file.
ander->solveAndwritePtsToFile(filePath);

To load the analysis results from the output file, invoke the readPtsFromFile(string filePath) function also located in the pointer analyzer. For example, to load the Andersen pointer analysis results back into memory, add the following code snippet to your code:

// Initial and create the pointer analyzer. It could be (FlowSensitive, VersionedFlowSensitve etc.)
Andersen* ander = AndersenWaveDiff::createAndersenWaveDiff(pag);

// Invoke the readPtsFromFile() to read pts results from file
pts->readPtsFromFile(filepath);

Format of The Output File

Whether you are using the command-line tool or writing your own analysis with the SVF Read and Write Point-to Analysis Results, a point-to analysis result file will be generated at the specified path when writing the analysis results to the file. The output file will be formatted as follows:

// objVar of the target code. 
2 0
3 0
66 0
67 0
71 0
------
// the pts results of the target code.
0 -> {  }
1 -> {  }
2 -> { 3 }
74 -> { 3 5731 9799 13511 18277 }
------
// the GepObjVarMap of the target code.
10453 0 41965
10421 0 41964
9901 0 41959
31822 0 41958
31706 0 41957
------
// objVar of the target code. 
2 0
3 0
66 0
67 0
71 0

Format of the ObjVar

The output of the ObjVar consists of two parts: objVar node id and the filed sensitivity. Each line format is: NodeID isFieldInsensitive.

Format of the pts results

The output of the PTS results consists of two parts: node id and the set of nodes id it points to. Each line format is NodeID -> {Set of Point To Nodes}.

Format of the GepObjVarMap

The output of the GepObjVarMap consists of three parts: the base node id, the offset, and the gepNode id. Each line format is: BaseID Offset GepObjNodeId.

Different Output in VersionedFlowSensitive Analysis

Most of the output results will follow the above format. However, the output format of the VersionedFlowSensitive analysis is slightly different. In addition to the above output, it also adds the versioned point-to analysis results to the file.

Format of the Versioned pts results

The output of the versioned PTS results consists of two parts: the node id with its version and the set of node ids it points to. Each line format is: [NodeId Versioned] -> {Set of Point To Nodes}. Thus, the output of the VersionedFlowSensitive analysis will be formatted as follows:

// objVar of the target code. 
2 0
3 0
66 0
67 0
71 0
------
[ 245 1 ] -> { 31268 32939 }
[ 291 1 ] -> { 3 32662 40242 }
[ 317 1 ] -> { 3 24257 24301 32662 37735 40242 }
[ 330 1 ] -> { 3 32662 40242 }
[ 332 1 ] -> { 31606 }
[ 543 1 ] -> { 4328 }
[ 543 4 ] -> { 4328 }
---VERSIONED---
// the pts results of the target code.
0 -> {  }
1 -> {  }
2 -> { 3 }
74 -> { 3 5731 9799 13511 18277 }
------
// the GepObjVarMap of the target code.
10453 0 41965
10421 0 41964
9901 0 41959
31822 0 41958
31706 0 41957
------
// objVar of the target code. 
2 0
3 0
66 0
67 0
71 0
Add a custom footer
Add a custom sidebar
Clone this wiki locally