Hello,
I'm trying to write an extractor script that parses SVF's pointer-analysis output and presents it in a simple format that is of use to me. I require the pointer analysis to be flow- and context-sensitive. I am using the dvf tool for obtaining this output. However, I am facing some issues. The crux of the issue is that I am unable to find how to map variables to the memory objects that store them. A more detailed explanation is given below:
Suppose I have a code my_test.cpp:
extern void MUSTALIAS(void*,void*);
void func()
{
int x, y;
int* p = &x;
int* q = &y;
q = p;
MUSTALIAS(p, q);
}I compile this code using the commands:
clang++ -g -Xclang -disable-O0-optnone -fno-discard-value-names -emit-llvm -c my_test.cpp -o my_test.bc
opt -passes='early-cse' my_test.bc -o my_test.opt.bc
Then I invoke dvf as follows:
dvf -query=all -cpts -cxt -print-all-pts -print-pag -dump-callgraph -max-cxt=5 -flow-bg=10000 -cxt-bg=10000 my_test.opt.bc > my_test.pta
Now the file my_test.pta is what I pass to my extractor script (to parse and generate output in my desired format - a list of pointer variables with their respective pointee sets).
However, the issue I face is the following:
- I am unable to deduce from my understanding of SVF's dumped information that
q points only to x (and not y). I know for a fact that SVF does know this though, because the MUSTALIAS check passes.
- When I try tracing the source code to understand how the
MUSTALIAS is being invoked, I see that MUSTALIAS is actually passed arguments of two pointer IDs that are not of p and q, but of their memory objects (this is my understanding).
- DVF's output quite clearly contains the information that both these memory objects point only to
x, but I'm limited by the fact that I can't figure out (in an automated manner) that these memory objects correspond to p and q.
I tried looking closely at the various forms of information that SVF provides (as dumps), but could not find a way to consistently map variables to their memory objects. Could you please let me know where I can find this information from?
Additionally, do you think I'm going about my goal the wrong way - should I add functions to the SVF source (to access SVF's data structures directly) rather than solely relying on a python script that goes over all of SVF's output formats and tries to deduce pointer->pointee_set relations?
Hello,
I'm trying to write an extractor script that parses SVF's pointer-analysis output and presents it in a simple format that is of use to me. I require the pointer analysis to be flow- and context-sensitive. I am using the
dvftool for obtaining this output. However, I am facing some issues. The crux of the issue is that I am unable to find how to map variables to the memory objects that store them. A more detailed explanation is given below:Suppose I have a code
my_test.cpp:I compile this code using the commands:
clang++ -g -Xclang -disable-O0-optnone -fno-discard-value-names -emit-llvm -c my_test.cpp -o my_test.bc opt -passes='early-cse' my_test.bc -o my_test.opt.bcThen I invoke dvf as follows:
dvf -query=all -cpts -cxt -print-all-pts -print-pag -dump-callgraph -max-cxt=5 -flow-bg=10000 -cxt-bg=10000 my_test.opt.bc > my_test.ptaNow the file
my_test.ptais what I pass to my extractor script (to parse and generate output in my desired format - a list of pointer variables with their respective pointee sets).However, the issue I face is the following:
qpoints only tox(and noty). I know for a fact that SVF does know this though, because theMUSTALIAScheck passes.MUSTALIASis being invoked, I see thatMUSTALIASis actually passed arguments of two pointer IDs that are not ofpandq, but of their memory objects (this is my understanding).x, but I'm limited by the fact that I can't figure out (in an automated manner) that these memory objects correspond topandq.I tried looking closely at the various forms of information that SVF provides (as dumps), but could not find a way to consistently map variables to their memory objects. Could you please let me know where I can find this information from?
Additionally, do you think I'm going about my goal the wrong way - should I add functions to the SVF source (to access SVF's data structures directly) rather than solely relying on a python script that goes over all of SVF's output formats and tries to deduce pointer->pointee_set relations?