Skip to content

Write a source sink analyzer

Jump to bottom Edit New page
unsw-corg edited this page Jul 20, 2015 · 16 revisions

Writing a source-sink analyzer become fairly easy on top of our interprocedure sparse value-flow graph (you may wish to refer to LeakCheck.cpp to see the detail code implementations).

  1. First, we need to build SVFG using andersen's pointer analysis
PointerAnalysis* ander = AndersenWaveDiff::createAndersenWaveDiff(module);
svfg = new SVFGOPT(ptaCallGraph);
svfgbuilder.build(svfg,ander);
  1. Choose a set of candidate sources and sinks
Simple code to iterate from a SVFGNode on SVFG
for(SVFGNode::const_iterator it = node->OutEdgeBegin(), eit = node->OutEdgeEnd(); it!=eit; ++it) {
}
  1. Perform all path reachable analysis using AllPathReachableSolve method (ProgSlice class) which computes value-flow guards via the following three methods iteratively util a fixed point is reached.
  • ComputeInterCallVFGGuard
  • ComputeInterRetVFGGuard
  • ComputeIntraVFGGuard
Add a custom footer
Add a custom sidebar
Clone this wiki locally