Update svflib

SVF-linux/Release-build/include/AE/Svfexe/AEDetector.h

@@ -75,6 +75,12 @@ class AEDetector
      */
     virtual void detect(AbstractState& as, const ICFGNode* node) = 0;
 
+    /**
+     * @brief Pure virtual function for handling stub external API calls. (e.g. UNSAFE_BUFACCESS)
+     * @param call Pointer to the ext call ICFG node.
+     */
+    virtual void handleStubFunctions(const CallICFGNode* call) = 0;
+
     /**
      * @brief Pure virtual function to report detected bugs.
      */
@@ -169,6 +175,13 @@ class BufOverflowDetector : public AEDetector
      */
     void detect(AbstractState& as, const ICFGNode*);
 
+
+    /**
+     * @brief Handles external API calls related to buffer overflow detection.
+     * @param call Pointer to the call ICFG node.
+     */
+    void handleStubFunctions(const CallICFGNode*);
+
     /**
      * @brief Adds an offset to a GEP object.
      * @param obj Pointer to the GEP object.
@@ -277,11 +290,11 @@ class BufOverflowDetector : public AEDetector
     /**
      * @brief Checks if memory can be safely accessed.
      * @param as Reference to the abstract state.
-     * @param value Pointer to the SVF value.
+     * @param value Pointer to the SVF var.
      * @param len The interval value representing the length of the memory access.
      * @return True if the memory access is safe, false otherwise.
      */
-    bool canSafelyAccessMemory(AbstractState& as, const SVFValue *value, const IntervalValue &len);
+    bool canSafelyAccessMemory(AbstractState& as, const SVFVar *value, const IntervalValue &len);
 
 private:
     /**

SVF-linux/Release-build/include/AE/Svfexe/AbsExtAPI.h

@@ -0,0 +1,147 @@
+//===- AbsExtAPI.h -- Abstract Interpretation External API handler-----//
+//
+//                     SVF: Static Value-Flow Analysis
+//
+// Copyright (C) <2013->  <Yulei Sui>
+//
+
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+//===----------------------------------------------------------------------===//
+
+
+//
+// Created by Jiawei Wang on 2024/9/9.
+//
+#pragma once
+#include "AE/Core/AbstractState.h"
+#include "AE/Core/ICFGWTO.h"
+#include "AE/Svfexe/AEDetector.h"
+#include "AE/Svfexe/AbsExtAPI.h"
+#include "Util/SVFBugReport.h"
+#include "WPA/Andersen.h"
+
+namespace SVF
+{
+
+// Forward declaration of AbstractInterpretation class
+class AbstractInterpretation;
+
+/**
+ * @class AbsExtAPI
+ * @brief Handles external API calls and manages abstract states.
+ */
+class AbsExtAPI
+{
+public:
+    /**
+     * @enum ExtAPIType
+     * @brief Enumeration of external API types.
+     */
+    enum ExtAPIType { UNCLASSIFIED, MEMCPY, MEMSET, STRCPY, STRCAT };
+
+    /**
+     * @brief Constructor for AbsExtAPI.
+     * @param abstractTrace Reference to a map of ICFG nodes to abstract states.
+     */
+    AbsExtAPI(Map<const ICFGNode*, AbstractState>& abstractTrace);
+
+    /**
+     * @brief Initializes the external function map.
+     */
+    void initExtFunMap();
+
+    /**
+     * @brief Reads a string from the abstract state.
+     * @param as Reference to the abstract state.
+     * @param rhs Pointer to the SVF variable representing the string.
+     * @return The string value.
+     */
+    std::string strRead(AbstractState& as, const SVFVar* rhs);
+
+    /**
+     * @brief Handles an external API call.
+     * @param call Pointer to the call ICFG node.
+     */
+    void handleExtAPI(const CallICFGNode *call);
+
+    /**
+     * @brief Handles the strcpy API call.
+     * @param call Pointer to the call ICFG node.
+     */
+    void handleStrcpy(const CallICFGNode *call);
+
+    /**
+     * @brief Calculates the length of a string.
+     * @param as Reference to the abstract state.
+     * @param strValue Pointer to the SVF variable representing the string.
+     * @return The interval value representing the string length.
+     */
+    IntervalValue getStrlen(AbstractState& as, const SVF::SVFVar *strValue);
+
+    /**
+     * @brief Handles the strcat API call.
+     * @param call Pointer to the call ICFG node.
+     */
+    void handleStrcat(const SVF::CallICFGNode *call);
+
+    /**
+     * @brief Handles the memcpy API call.
+     * @param as Reference to the abstract state.
+     * @param dst Pointer to the destination SVF variable.
+     * @param src Pointer to the source SVF variable.
+     * @param len The interval value representing the length to copy.
+     * @param start_idx The starting index for copying.
+     */
+    void handleMemcpy(AbstractState& as, const SVF::SVFVar *dst, const SVF::SVFVar *src, IntervalValue len, u32_t start_idx);
+
+    /**
+     * @brief Handles the memset API call.
+     * @param as Reference to the abstract state.
+     * @param dst Pointer to the destination SVF variable.
+     * @param elem The interval value representing the element to set.
+     * @param len The interval value representing the length to set.
+     */
+    void handleMemset(AbstractState& as, const SVFVar* dst, IntervalValue elem, IntervalValue len);
+
+    /**
+     * @brief Gets the range limit from a type.
+     * @param type Pointer to the SVF type.
+     * @return The interval value representing the range limit.
+     */
+    IntervalValue getRangeLimitFromType(const SVFType* type);
+
+    /**
+     * @brief Retrieves the abstract state from the trace for a given ICFG node.
+     * @param node Pointer to the ICFG node.
+     * @return Reference to the abstract state.
+     * @throws Assertion if no trace exists for the node.
+     */
+    AbstractState& getAbsStateFromTrace(const ICFGNode* node);
+
+    /**
+     * @brief Retrieves the SVF variable from a given SVF value.
+     * @param val Pointer to the SVF value.
+     * @return Pointer to the corresponding SVF variable.
+     */
+    const SVFVar* getSVFVar(const SVFValue* val);
+
+protected:
+    SVFIR* svfir; ///< Pointer to the SVF intermediate representation.
+    ICFG* icfg; ///< Pointer to the interprocedural control flow graph.
+    Map<const ICFGNode*, AbstractState>& abstractTrace; ///< Map of ICFG nodes to abstract states.
+    Map<std::string, std::function<void(const CallICFGNode*)>> func_map; ///< Map of function names to handlers.
+};
+
+} // namespace SVF

SVF-linux/Release-build/include/AE/Svfexe/AbstractInterpretation.h

@@ -31,12 +31,14 @@
 #include "AE/Core/AbstractState.h"
 #include "AE/Core/ICFGWTO.h"
 #include "AE/Svfexe/AEDetector.h"
+#include "AE/Svfexe/AbsExtAPI.h"
 #include "Util/SVFBugReport.h"
 #include "WPA/Andersen.h"
 
 namespace SVF
 {
 class AbstractInterpretation;
+class AbsExtAPI;
 class AEStat;
 class AEAPI;
 
@@ -104,7 +106,6 @@ class AbstractInterpretation
     friend class BufOverflowDetector;
 
 public:
-    enum ExtAPIType { UNCLASSIFIED, MEMCPY, MEMSET, STRCPY, STRCAT };
     typedef SCCDetection<CallGraph*> CallGraphSCC;
     /// Constructor
     AbstractInterpretation();
@@ -128,7 +129,9 @@ class AbstractInterpretation
         detectors.push_back(std::move(detector));
     }
 
-protected:
+    Set<const CallICFGNode*> checkpoints; // for CI check
+
+private:
     /// Global ICFGNode is handled at the entry of the program,
     virtual void handleGlobalNode();
 
@@ -213,77 +216,6 @@ class AbstractInterpretation
                                 AbstractState& as);
 
 
-    /**
-    * handle external function call
-    *
-    * @param call call node whose callee is external function
-    */
-    virtual void handleExtAPI(const CallICFGNode *call);
-
-    /**
-    * the map of external function to its API type
-    *
-    * In AEAPI, this function is mainly used for abstract explanation.
-    * In subclasses, this function is mainly used to check specific bugs
-    */
-    virtual void initExtFunMap();
-
-
-    /**
-    * get byte size of alloca inst
-    * e.g. source code str = "abc", there are str value, return "abc"
-    *
-    * @param rhs SVFValue of string
-    * @return the string
-    */
-    std::string strRead(AbstractState& as,const SVFValue* rhs);
-
-    /**
-    * get length of string
-    * e.g. source code str = "abc", return 3
-    *
-    * @param strValue SVFValue of string
-    * @return IntervalValue of string length
-    */
-    IntervalValue getStrlen(AbstractState& as, const SVF::SVFValue *strValue);
-
-    /**
-    * execute strcpy in abstract execution
-    * e.g  arr = new char[10]
-    *      str = "abc"
-    *      strcpy(arr, str)
-    * we can set arr[0]='a', arr[1]='b', arr[2]='c', arr[3]='\0'
-    * @param call callnode of strcpy like api
-    */
-    virtual void handleStrcpy(const CallICFGNode *call);
-    /**
-    * execute strcpy in abstract execution
-    * e.g  arr[10] = "abc"
-    *      str = "de"
-    *      strcat(arr, str)
-    * we can set arr[3]='d', arr[4]='e', arr[5]='\0'
-    * @param call callnode of strcat like api
-    */
-    virtual void handleStrcat(const CallICFGNode *call);
-    /**
-    * execute memcpy in abstract execution
-    * e.g  arr = new char[10]
-    *      str = "abcd"
-    *      memcpy(arr, str, 5)
-    * we can set arr[3]='d', arr[4]='e', arr[5]='\0'
-    * @param call callnode of memcpy like api
-    */
-    virtual void handleMemcpy(AbstractState& as, const SVFValue* dst, const SVFValue* src, IntervalValue len, u32_t start_idx);
-    /**
-    * execute memset in abstract execution
-    * e.g  arr = new char[10]
-    *      memset(arr, 'c', 2)
-    * we can set arr[0]='c', arr[1]='c', arr[2]='\0'
-    * @param call callnode of memset like api
-    */
-    virtual void handleMemset(AbstractState& as, const SVFValue* dst, IntervalValue elem, IntervalValue len);
-
-
     void collectCheckPoint();
     void checkPointAllSet();
 
@@ -309,8 +241,6 @@ class AbstractInterpretation
 
     void updateStateOnPhi(const PhiStmt *phi);
 
-    IntervalValue getRangeLimitFromType(const SVFType* type);
-
 
     /// protected data members, also used in subclasses
     SVFIR* svfir;
@@ -324,18 +254,6 @@ class AbstractInterpretation
     Map<const SVFFunction*, ICFGWTO*> funcToWTO;
     Set<const SVFFunction*> recursiveFuns;
 
-private:
-    // helper functions in handleCallSite
-    virtual bool isExtCall(const CallICFGNode* callNode);
-    virtual void extCallPass(const CallICFGNode* callNode);
-    virtual bool isRecursiveCall(const CallICFGNode* callNode);
-    virtual void recursiveCallPass(const CallICFGNode* callNode);
-    virtual bool isDirectCall(const CallICFGNode* callNode);
-    virtual void directCallFunPass(const CallICFGNode* callNode);
-    virtual bool isIndirectCall(const CallICFGNode* callNode);
-    virtual void indirectCallFunPass(const CallICFGNode* callNode);
-
-protected:
 
     AbstractState& getAbsStateFromTrace(const ICFGNode* node)
     {
@@ -356,16 +274,31 @@ class AbstractInterpretation
         return abstractTrace.count(repNode) != 0;
     }
 
-protected:
+    AbsExtAPI* getUtils()
+    {
+        return utils;
+    }
+
+    // helper functions in handleCallSite
+    virtual bool isExtCall(const CallICFGNode* callNode);
+    virtual void extCallPass(const CallICFGNode* callNode);
+    virtual bool isRecursiveCall(const CallICFGNode* callNode);
+    virtual void recursiveCallPass(const CallICFGNode* callNode);
+    virtual bool isDirectCall(const CallICFGNode* callNode);
+    virtual void directCallFunPass(const CallICFGNode* callNode);
+    virtual bool isIndirectCall(const CallICFGNode* callNode);
+    virtual void indirectCallFunPass(const CallICFGNode* callNode);
+
     // there data should be shared with subclasses
     Map<std::string, std::function<void(const CallICFGNode*)>> func_map;
-    Set<const CallICFGNode*> checkpoints;
-    Set<std::string> checkpoint_names;
-    Map<const ICFGNode*, AbstractState>
-    abstractTrace; // abstract states immediately after nodes
+
+    Map<const ICFGNode*, AbstractState> abstractTrace; // abstract states immediately after nodes
     std::string moduleName;
 
     std::vector<std::unique_ptr<AEDetector>> detectors;
+    AbsExtAPI* utils;
+
+
 
 };
 }