-
Notifications
You must be signed in to change notification settings - Fork 436
A simple driver example of SVF
Yusuke Uchida edited this page Dec 10, 2023
·
14 revisions
The simple driver program can be found at SVF-tools/SVF-example. After building SVF, its corresponding executable is svf-ex under the bin folder.
We discuss the driver program in detail as follows:
int main(int argc, char ** argv)
{
int arg_num = 0;
char **arg_value = new char*[argc];
std::vector<std::string> moduleNameVec;
SVFUtil::processArguments(argc, argv, arg_num, arg_value, moduleNameVec);
cl::ParseCommandLineOptions(arg_num, arg_value,
"Whole Program Points-to Analysis\n");
if (Options::WriteAnder == "ir_annotator")
{
LLVMModuleSet::getLLVMModuleSet()->preProcessBCs(moduleNameVec);
}
SVFModule* svfModule = LLVMModuleSet::getLLVMModuleSet()->buildSVFModule(moduleNameVec);
svfModule->buildSymbolTableInfo();
/// Build Program Assignment Graph (SVFIR)
SVFIRBuilder builder;
SVFIR* pag = builder.build(svfModule);
/// Create Andersen's pointer analysis
Andersen* ander = AndersenWaveDiff::createAndersenWaveDiff(pag);
/// Query aliases
/// aliasQuery(ander,value1,value2);
/// Print points-to information
/// printPts(ander, value1);
/// Call Graph
PTACallGraph* callgraph = ander->getPTACallGraph();
/// ICFG
ICFG* icfg = pag->getICFG();
/// Value-Flow Graph (VFG)
VFG* vfg = new VFG(callgraph);
/// Sparse value-flow graph (SVFG)
SVFGBuilder svfBuilder(true);
SVFG* svfg = svfBuilder.buildFullSVFG(ander);
/// Collect uses of an LLVM Value
/// traverseOnVFG(svfg, value);
/// Collect all successor nodes on ICFG
/// traverseOnICFG(icfg, value);
// clean up memory
delete vfg;
delete svfg;
AndersenWaveDiff::releaseAndersenWaveDiff();
SVFIR::releaseSVFIR();
LLVMModuleSet::getLLVMModuleSet()->dumpModulesToFile(".svf.bc");
SVF::LLVMModuleSet::releaseLLVMModuleSet();
llvm::llvm_shutdown();
return 0;
}
/*!
* An example to query alias results of two LLVM values
*/
AliasResult aliasQuery(PointerAnalysis* pta, Value* v1, Value* v2){
return pta->alias(v1,v2);
}/*!
* An example to print points-to set of an LLVM value
*/
std::string printPts(PointerAnalysis* pta, Value* val){
std::string str;
raw_string_ostream rawstr(str);
NodeID pNodeId = pta->getPAG()->getValueNode(val);
NodeBS& pts = pta->getPts(pNodeId);
for (NodeBS::iterator ii = pts.begin(), ie = pts.end();
ii != ie; ii++) {
rawstr << " " << *ii << " ";
PAGNode* targetObj = pta->getPAG()->getPAGNode(*ii);
if(targetObj->hasValue()){
rawstr << "(" <<*targetObj->getValue() << ")\t ";
}
}
return rawstr.str();
}/*!
* An example to query/collect all the uses of a definition of a value along value-flow graph (VFG)
*/
void collectUsesOnVFG(const SVFG* vfg, Value* val){
PAG* pag = PAG::getPAG();
PAGNode* pNode = pag->getPAGNode(pag->getValueNode(val));
const VFGNode* vNode = vfg->getDefSVFGNode(pNode);
FIFOWorkList<const VFGNode*> worklist;
std::set<const VFGNode*> visited;
worklist.push(vNode);
/// Traverse along VFG
while(!worklist.empty()){
const VFGNode* vNode = worklist.pop();
for(VFGNode::const_iterator it = vNode->OutEdgeBegin(), eit = vNode->OutEdgeEnd(); it!=eit; ++it) {
if(visited.find(vNode)==visited.end()){
visited.insert(vNode);
worklist.push(vNode);
}
}
}
/// Collect all LLVM Values
for(std::set<const VFGNode*>::const_iterator it = visited.begin(), eit = visited.end(); it!=eit; ++it){
const VFGNode* node = *it;
/// can only query VFGNode involving top-level pointers (starting with % or @ in LLVM IR)
/// PAGNode* pNode = vfg->getLHSTopLevPtr(node);
/// Value* val = pNode->getValue();
}
}