Question about import cfg into the SAFE

[YichaoXu]

Hi,

I am new to SAFE. Recently, I am trying to import a preprocessed CFG into SAFE for improving its performance of bugs analysis. However, I noticed that the program uses the IR nodes during the phase CfgBuild. I was wondering whether these objects are essential in the analysis phase. Besides, I realize that the origin CFG from SAFE includes some variables like the loop head and local variables. I was wondering whether those things are also critical.

Further, might I request any suggestions about the CFG importation? Is there anything else that is critical but not noticed by me?

Many thanks, Yichao

[jhnaldo]

Hi Yicaho,

I'm one of the leading developers of SAFE. Thanks for your interest in our tool. In SAFE, CFG denotes a control-flow graph for a given JavaScript program. SAFE parses a given JavaScript file to an AST Program, compiles it into an IRRoot, and finally builds a CFG using CFGBuilder.

A CFG has IRRoot and Program as back edges. And it also contains metadata, such as loop heads, and they are used in the static analysis phase.

By the way, what do you mean the import of CFG into SAFE? Did you construct CFGs in your own ways?

[YichaoXu]

Hi jhnaldo,

Thank you a lot for your reply. Yes, we are trying to import CFG directly from our project, so we do not have IR nodes there.

I review the codes about how IR nodes use in the following phases. It seems like the fields are mainly used to support some variables like code spans etc. So I am going to create a “fake" IRNode for each block, which only contains the values used. I was wondering whether that will be a feasible way.

I read the paper and manual, by which I realized the JS codes will be handled by some preprocesses. There will be some temporary variables starting with "<>" like <>tmp. I was wondering whether those variables will influence the following analysis processes? I was thinking about whether the program can work well, even if our CFG did not preprocess those codes.

Best, Yichao

[jhnaldo]

Hi, @YichaoXu. Since I don't know the detailed shape of your own CFG, I'm not sure it is feasible. However, I believe that SAFE works well with a custom CFG even though it has fake IR nodes. Temporary variables starting with <> only denote the variables not defined in user codes. Those variables will not affect the further analysis at all.

[YichaoXu]

Hi, @YichaoXu. Since I don't know the detailed shape of your own CFG, I'm not sure it is feasible. However, I believe that SAFE works well with a custom CFG even though it has fake IR nodes. Temporary variables starting with <> only denote the variables not defined in user codes. Those variables will not affect the further analysis at all.

Thank you a lot Jhnaldo and sorry for the late reply. I have already implemented the functionality for CFG converting, which is possible in my case. I write those done for anyone else may be interesting about the similar things. The idea is to directly establish the CFG and block. As to the instructions, the idea is to use the instructions in the old blocks to obtain those parameters essential. Those instruction association relationship with blocks can be identified by its line and column range.