search

SVF-tools / SVF

Static Value-Flow Analysis Framework for Source Code
http://svf-tools.github.io/SVF/
Other
1.43k stars 436 forks source link

Assertion Failure for WPA in Andersen::heapAllocaorViaIndCall #1548

Closed dylanjwolff closed 1 month ago

dylanjwolff commented 2 months ago

I'm getting an assertion failure when running:

wpa -ander -svfg -dump-vfg -stat=false labeled.bc

namely:

wpa: /SVF/svf/include/Graphs/GenericGraph.h:409: SVF::GenericGraph<NodeTy, EdgeTy>::NodeType* SVF::GenericGraph<NodeTy, EdgeTy>::getGNode(SVF::NodeID) const [with NodeTy = SVF::ConstraintNode; EdgeTy = SVF::ConstraintEdge; NodeType = SVF::ConstraintNode; SVF::NodeID = unsigned int]: Assertion `it != IDToNodeMap.end() && "Node not found!"' failed.
Aborted (core dumped)

The .bc file is attached --it's a stress test for sqlite3. It was compiled with wllvm -g (clang-16).

I am using the latest release of SVF (https://github.com/SVF-tools/SVF/commit/0eae65388008dbfafc0287873bfb4c8819582183).

Looks like one of the nodes passed in to addCopyEdge isn't actually in the graph.

labeled.bc.tar.gz

yuleisui commented 2 months ago

Thanks for reporting this. The issue is caused by the optimisation method ConstraintGraph::clearSolitaries(), which removes the return node from an indirect callsite, even though the node is not connected to any other nodes when the constraint graph is initially built. I have just fixed it here https://github.com/SVF-tools/SVF/commit/fc185bed4301b003a10fcf6c6cc555cf244fca21.

dylanjwolff commented 1 month ago

Thanks! All fixed on my end as well!