Merge branch 'f-FixVTabForCollapsedTypes' into development

Author: pdschubert

include/phasar/PhasarLLVM/ControlFlow/Resolver/Resolver.h

@@ -17,6 +17,7 @@
 #ifndef PHASAR_PHASARLLVM_CONTROLFLOW_RESOLVER_RESOLVER_H_
 #define PHASAR_PHASARLLVM_CONTROLFLOW_RESOLVER_RESOLVER_H_
 
+#include <optional>
 #include <set>
 #include <string>
 
@@ -33,7 +34,7 @@ namespace psr {
 class ProjectIRDB;
 class LLVMTypeHierarchy;
 
-int getVFTIndex(const llvm::CallBase *CallSite);
+std::optional<unsigned> getVFTIndex(const llvm::CallBase *CallSite);
 
 const llvm::StructType *getReceiverType(const llvm::CallBase *CallSite);
 

include/phasar/PhasarLLVM/TypeHierarchy/LLVMTypeHierarchy.h

@@ -88,6 +88,17 @@ class LLVMTypeHierarchy
   using out_edge_iterator = boost::graph_traits<bidigraph_t>::out_edge_iterator;
   using in_edge_iterator = boost::graph_traits<bidigraph_t>::in_edge_iterator;
 
+  static inline constexpr llvm::StringLiteral StructPrefix = "struct.";
+  static inline constexpr llvm::StringLiteral ClassPrefix = "class.";
+  static inline constexpr llvm::StringLiteral VTablePrefix = "_ZTV";
+  static inline constexpr llvm::StringLiteral VTablePrefixDemang =
+      "vtable for ";
+  static inline constexpr llvm::StringLiteral TypeInfoPrefix = "_ZTI";
+  static inline constexpr llvm::StringLiteral TypeInfoPrefixDemang =
+      "typeinfo for ";
+  static inline constexpr llvm::StringLiteral PureVirtualCallName =
+      "__cxa_pure_virtual";
+
 private:
   bidigraph_t TypeGraph;
   std::unordered_map<const llvm::StructType *, vertex_t> TypeVertexMap;
@@ -102,18 +113,6 @@ class LLVMTypeHierarchy
   // map from clearname to vtable variable
   std::unordered_map<std::string, const llvm::GlobalVariable *> ClearNameTVMap;
 
-  static const std::string StructPrefix;
-
-  static const std::string ClassPrefix;
-
-  static const std::string VTablePrefix;
-
-  static const std::string VTablePrefixDemang;
-
-  static const std::string TypeInfoPrefix;
-
-  static const std::string TypeInfoPrefixDemang;
-
   static std::string removeStructOrClassPrefix(const llvm::StructType &T);
 
   static std::string removeStructOrClassPrefix(const std::string &TypeName);

include/phasar/PhasarLLVM/TypeHierarchy/LLVMVFTable.h

@@ -19,6 +19,7 @@
 
 namespace llvm {
 class Function;
+class ConstantStruct;
 } // namespace llvm
 
 namespace psr {
@@ -84,6 +85,9 @@ class LLVMVFTable : public VFTable<const llvm::Function *> {
   end() const {
     return VFT.end();
   };
+
+  [[nodiscard]] static std::vector<const llvm::Function *>
+  getVFVectorFromIRVTable(const llvm::ConstantStruct &);
 };
 
 } // namespace psr

lib/PhasarLLVM/ControlFlow/Resolver/CHAResolver.cpp

@@ -37,8 +37,8 @@ auto CHAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
   // Leading to SEGFAULT in Unittests. Error only when run in Debug mode
   // << llvmIRToString(CallSite));
 
-  auto VFTIdx = getVFTIndex(CallSite);
-  if (VFTIdx < 0) {
+  auto RetrievedVtableIndex = getVFTIndex(CallSite);
+  if (!RetrievedVtableIndex.has_value()) {
     // An error occured
     LOG_IF_ENABLE(
         BOOST_LOG_SEV(lg::get(), DEBUG)
@@ -50,8 +50,10 @@ auto CHAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
     return {};
   }
 
+  auto VtableIndex = RetrievedVtableIndex.value();
+
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
-                << "Virtual function table entry is: " << VFTIdx);
+                << "Virtual function table entry is: " << VtableIndex);
 
   const auto *ReceiverTy = getReceiverType(CallSite);
 
@@ -62,7 +64,7 @@ auto CHAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
 
   for (const auto &FallbackTy : FallbackTys) {
     const auto *Target =
-        getNonPureVirtualVFTEntry(FallbackTy, VFTIdx, CallSite);
+        getNonPureVirtualVFTEntry(FallbackTy, VtableIndex, CallSite);
     if (Target) {
       PossibleCallees.insert(Target);
     }

lib/PhasarLLVM/ControlFlow/Resolver/DTAResolver.cpp

@@ -161,8 +161,8 @@ auto DTAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                 << "Call virtual function: " << llvmIRToString(CallSite));
 
-  auto VtableIndex = getVFTIndex(CallSite);
-  if (VtableIndex < 0) {
+  auto RetrievedVtableIndex = getVFTIndex(CallSite);
+  if (!RetrievedVtableIndex.has_value()) {
     // An error occured
     LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                   << "Error with resolveVirtualCall : impossible to retrieve "
@@ -171,6 +171,8 @@ auto DTAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
     return {};
   }
 
+  auto VtableIndex = RetrievedVtableIndex.value();
+
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                 << "Virtual function table entry is: " << VtableIndex);
 

lib/PhasarLLVM/ControlFlow/Resolver/OTFResolver.cpp

@@ -90,8 +90,8 @@ auto OTFResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                 << "Call virtual function: " << llvmIRToString(CallSite));
 
-  auto VtableIndex = getVFTIndex(CallSite);
-  if (VtableIndex < 0) {
+  auto RetrievedVtableIndex = getVFTIndex(CallSite);
+  if (!RetrievedVtableIndex.has_value()) {
     // An error occured
     LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                   << "Error with resolveVirtualCall : impossible to retrieve "
@@ -100,34 +100,42 @@ auto OTFResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
     return {};
   }
 
+  auto VtableIndex = RetrievedVtableIndex.value();
+
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                 << "Virtual function table entry is: " << VtableIndex);
 
   const llvm::Value *Receiver = CallSite->getArgOperand(0);
 
-  // Use points-to information to resolve the indirect call
-  auto AllocSites = PT.getReachableAllocationSites(Receiver);
-  auto PossibleAllocatedTypes = getReachableTypes(*AllocSites);
-
-  // Now we must check if we have found some allocated struct types
-  set<const llvm::StructType *> PossibleTypes;
-  for (const auto *Type : PossibleAllocatedTypes) {
-    if (const auto *StructType =
-            llvm::dyn_cast<llvm::StructType>(stripPointer(Type))) {
-      PossibleTypes.insert(StructType);
-    }
-  }
+  if (CallSite->getCalledOperand() &&
+      CallSite->getCalledOperand()->getType()->isPointerTy()) {
+    if (const auto *FTy = llvm::dyn_cast<llvm::FunctionType>(
+            CallSite->getCalledOperand()->getType()->getPointerElementType())) {
 
-  for (const auto *PossibleTypeStruct : PossibleTypes) {
-    const auto *Target =
-        getNonPureVirtualVFTEntry(PossibleTypeStruct, VtableIndex, CallSite);
-    if (Target) {
-      PossibleCallTargets.insert(Target);
+      auto PTS = PT.getPointsToSet(CallSite->getCalledOperand(), CallSite);
+      for (const auto *P : *PTS) {
+        if (auto *PGV = llvm::dyn_cast<llvm::GlobalVariable>(P)) {
+          if (PGV->hasName() &&
+              PGV->getName().startswith(LLVMTypeHierarchy::VTablePrefix) &&
+              PGV->hasInitializer()) {
+            if (auto *PCS = llvm::dyn_cast<llvm::ConstantStruct>(
+                    PGV->getInitializer())) {
+              auto VFs = LLVMVFTable::getVFVectorFromIRVTable(*PCS);
+              if (VtableIndex >= VFs.size()) {
+                continue;
+              }
+              auto *Callee = VFs[VtableIndex];
+              if (Callee == nullptr || !Callee->hasName() ||
+                  Callee->getName() == LLVMTypeHierarchy::PureVirtualCallName) {
+                continue;
+              }
+              PossibleCallTargets.insert(Callee);
+            }
+          }
+        }
+      }
     }
   }
-  if (PossibleCallTargets.empty()) {
-    return CHAResolver::resolveVirtualCall(CallSite);
-  }
 
   return PossibleCallTargets;
 }

lib/PhasarLLVM/ControlFlow/Resolver/RTAResolver.cpp

@@ -56,8 +56,8 @@ auto RTAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                 << "Call virtual function: " << llvmIRToString(CallSite));
 
-  auto VtableIndex = getVFTIndex(CallSite);
-  if (VtableIndex < 0) {
+  auto RetrievedVtableIndex = getVFTIndex(CallSite);
+  if (!RetrievedVtableIndex.has_value()) {
     // An error occured
     LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                   << "Error with resolveVirtualCall : impossible to retrieve "
@@ -66,6 +66,8 @@ auto RTAResolver::resolveVirtualCall(const llvm::CallBase *CallSite)
     return {};
   }
 
+  auto VtableIndex = RetrievedVtableIndex.value();
+
   LOG_IF_ENABLE(BOOST_LOG_SEV(lg::get(), DEBUG)
                 << "Virtual function table entry is: " << VtableIndex);
 

lib/PhasarLLVM/ControlFlow/Resolver/Resolver.cpp

@@ -14,6 +14,7 @@
  *      Author: nicolas bellec
  */
 
+#include <optional>
 #include <set>
 
 #include "llvm/IR/Constants.h"
@@ -30,23 +31,23 @@ using namespace psr;
 
 namespace psr {
 
-int getVFTIndex(const llvm::CallBase *CallSite) {
+std::optional<unsigned> getVFTIndex(const llvm::CallBase *CallSite) {
   // deal with a virtual member function
   // retrieve the vtable entry that is called
   const auto *Load =
       llvm::dyn_cast<llvm::LoadInst>(CallSite->getCalledOperand());
   if (Load == nullptr) {
-    return -1;
+    return std::nullopt;
   }
   const auto *GEP =
       llvm::dyn_cast<llvm::GetElementPtrInst>(Load->getPointerOperand());
   if (GEP == nullptr) {
-    return -2;
+    return std::nullopt;
   }
   if (auto *CI = llvm::dyn_cast<llvm::ConstantInt>(GEP->getOperand(1))) {
     return CI->getZExtValue();
   }
-  return -3;
+  return std::nullopt;
 }
 
 const llvm::StructType *getReceiverType(const llvm::CallBase *CallSite) {

lib/PhasarLLVM/TypeHierarchy/LLVMTypeHierarchy.cpp

@@ -49,18 +49,6 @@ using namespace std;
 
 namespace psr {
 
-const std::string LLVMTypeHierarchy::StructPrefix = "struct.";
-
-const std::string LLVMTypeHierarchy::ClassPrefix = "class.";
-
-const std::string LLVMTypeHierarchy::VTablePrefix = "_ZTV";
-
-const std::string LLVMTypeHierarchy::VTablePrefixDemang = "vtable for ";
-
-const std::string LLVMTypeHierarchy::TypeInfoPrefix = "_ZTI";
-
-const std::string LLVMTypeHierarchy::TypeInfoPrefixDemang = "typeinfo for ";
-
 LLVMTypeHierarchy::VertexProperties::VertexProperties(
     const llvm::StructType *Type)
     : Type(Type), ReachableTypes({Type}) {}
@@ -203,29 +191,7 @@ LLVMTypeHierarchy::getVirtualFunctions(const llvm::Module &M,
       }
       if (const auto *I =
               llvm::dyn_cast<llvm::ConstantStruct>(TI->getInitializer())) {
-        for (const auto &Op : I->operands()) {
-          if (auto *CA = llvm::dyn_cast<llvm::ConstantArray>(Op)) {
-            for (auto &COp : CA->operands()) {
-              if (auto *CE = llvm::dyn_cast<llvm::ConstantExpr>(COp)) {
-                std::unique_ptr<llvm::Instruction, decltype(&deleteValue)> AsI(
-                    CE->getAsInstruction(), &deleteValue);
-                if (auto *BC = llvm::dyn_cast<llvm::BitCastInst>(AsI.get())) {
-                  // if the entry is a GlobalAlias, get its Aliasee
-                  auto *ENTRY = BC->getOperand(0);
-                  while (auto *GA = llvm::dyn_cast<llvm::GlobalAlias>(ENTRY)) {
-                    ENTRY = GA->getAliasee();
-                  }
-
-                  if (ENTRY->hasName()) {
-                    if (auto *F = M.getFunction(ENTRY->getName())) {
-                      VFS.push_back(F);
-                    }
-                  }
-                }
-              }
-            }
-          }
-        }
+        VFS = LLVMVFTable::getVFVectorFromIRVTable(*I);
       }
     }
   }

lib/PhasarLLVM/TypeHierarchy/LLVMVFTable.cpp

@@ -12,6 +12,8 @@
 #include <utility>
 
 #include "llvm/IR/Function.h"
+#include "llvm/IR/GlobalAlias.h"
+#include "llvm/IR/Operator.h"
 
 #include "phasar/PhasarLLVM/TypeHierarchy/LLVMVFTable.h"
 
@@ -48,4 +50,35 @@ nlohmann::json LLVMVFTable::getAsJson() const {
   return J;
 }
 
+std::vector<const llvm::Function *>
+LLVMVFTable::getVFVectorFromIRVTable(const llvm::ConstantStruct &VT) {
+  std::vector<const llvm::Function *> VFS;
+  for (const auto &Op : VT.operands()) {
+    if (const auto *CA = llvm::dyn_cast<llvm::ConstantArray>(Op)) {
+      // Start iterating at offset 2, because offset 0 is vbase offset, offset 1
+      // is RTTI
+      for (auto It = std::next(CA->operands().begin(), 2);
+           It != CA->operands().end(); ++It) {
+        const auto &COp = *It;
+        if (const auto *CE = llvm::dyn_cast<llvm::ConstantExpr>(COp)) {
+          if (const auto *BC = llvm::dyn_cast<llvm::BitCastOperator>(CE)) {
+            // if the entry is a GlobalAlias, get its Aliasee
+            auto *Entry = BC->getOperand(0);
+            while (auto *GA = llvm::dyn_cast<llvm::GlobalAlias>(Entry)) {
+              Entry = GA->getAliasee();
+            }
+            auto *F = llvm::dyn_cast<llvm::Function>(Entry);
+            VFS.push_back(F);
+          } else {
+            VFS.push_back(nullptr);
+          }
+        } else {
+          VFS.push_back(nullptr);
+        }
+      }
+    }
+  }
+  return VFS;
+}
+
 } // namespace psr