search

SVF-tools / SVF

Static Value-Flow Analysis Framework for Source Code
http://svf-tools.github.io/SVF/
Other
1.43k stars 435 forks source link

Performing reachability analysis between PAG edges #1413

Open karthikbhata97 opened 8 months ago

karthikbhata97 commented 8 months ago

I am analyzing PAG to get all the loads and stores of interest. And once I have a list of edges corresponding to these loads and stores, I want to perform reachability to identify all the pairs of edges which are reachable from one another.

Sample code:

struct Test {
    int n;
};

void test2(Test* t) {
    auto n = t->n; // 1
}

void test(Test* t, bool x) {
    if(x) {
       auto n = t->n; // 2
    } else {
        test2(t);
    }

    auto n = t->n; // 3
}

Here 3 is reachable from 1 and also 3 is reachable from 2, but 1 and 2 are not reachable (different branch conditions).

Is there a straightforward way to perform this on top of PAG or ICFG? Note: two edges can be in different functions (eg: 1 and 3)

yuleisui commented 8 months ago

You could use ICFG whose nodes represent llvm instructions (SVF statements), edges represent their control flows