add heap and stack obj var and fix CI (#1608)

* add heap and stack obj var

* update comments

* use base object var to distinguish heap object

* use base object var to distinguish stack object

* beautify class hierarchy

* beautify class hierarchy

* beautify class hierarchy

* beautify class hierarchy

Author: jumormt

.github/workflows/github-action.yml

@@ -40,7 +40,7 @@ jobs:
           sudo apt-get update
           sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
           sudo apt-get update
-          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz lcov libncurses5-dev libtinfo5 libzstd-dev
+          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz lcov libncurses5-dev libtinfo6 libzstd-dev
 
       # build-svf
       - name: build-svf

.github/workflows/svf-lib_publish.yml

@@ -40,7 +40,7 @@ jobs:
           sudo apt-get update
           sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
           sudo apt-get update
-          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz libncurses5-dev libtinfo5 libzstd-dev
+          sudo apt-get install cmake gcc g++ nodejs doxygen graphviz libncurses5-dev libtinfo6 libzstd-dev
           sudo apt-get update
           sudo apt-get install -y astyle
       - name: env-setup

svf-llvm/include/SVF-LLVM/LLVMUtil.h

@@ -360,6 +360,9 @@ inline bool isHeapAllocExtCall(const Instruction *inst)
     return isHeapAllocExtCallViaRet(inst) || isHeapAllocExtCallViaArg(inst);
 }
 
+// Check if a given value represents a heap object.
+bool isHeapObj(const Value* val);
+
 /// Whether an instruction is a callsite in the application code, excluding llvm intrinsic calls
 bool isNonInstricCallSite(const Instruction* inst);
 

svf-llvm/lib/LLVMUtil.cpp

@@ -646,6 +646,30 @@ bool LLVMUtil::isHeapAllocExtCallViaArg(const Instruction* inst)
     }
 }
 
+/**
+ * Check if a given value represents a heap object.
+ *
+ * @param val The value to check.
+ * @return True if the value represents a heap object, false otherwise.
+ */
+bool LLVMUtil::isHeapObj(const Value* val)
+{
+    // Check if the value is an argument in the program entry function
+    if (ArgInProgEntryFunction(val))
+    {
+        // Return true if the value does not have a first use via cast instruction
+        return !getFirstUseViaCastInst(val);
+    }
+    // Check if the value is an instruction and if it is a heap allocation external call
+    else if (SVFUtil::isa<Instruction>(val) &&
+             LLVMUtil::isHeapAllocExtCall(SVFUtil::cast<Instruction>(val)))
+    {
+        return true;
+    }
+    // Return false if none of the above conditions are met
+    return false;
+}
+
 bool LLVMUtil::isNonInstricCallSite(const Instruction* inst)
 {
     bool res = false;

svf-llvm/lib/SVFIRBuilder.cpp

@@ -214,53 +214,88 @@ void SVFIRBuilder::initialiseNodes()
     pag->addBlackholePtrNode();
     addNullPtrNode();
 
-    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
-                symTable->valSyms().begin(); iter != symTable->valSyms().end();
-            ++iter)
-    {
-        DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
-        if(iter->second == symTable->blkPtrSymID() || iter->second == symTable->nullPtrSymID())
-            continue;
+    // Iterate over all value symbols in the symbol table
+for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
+            symTable->valSyms().begin(); iter != symTable->valSyms().end();
+        ++iter)
+{
+    // Debug output for adding value node
+    DBOUT(DPAGBuild, outs() << "add val node " << iter->second << "\n");
 
-        const ICFGNode* icfgNode = nullptr;
-        if (const Instruction* inst =
-                    SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(iter->first)))
-        {
-            if (llvmModuleSet()->hasICFGNode(inst))
-            {
-                icfgNode = llvmModuleSet()->getICFGNode(inst);
-            }
-        }
+    // Skip blackhole and null pointer symbols
+    if(iter->second == symTable->blkPtrSymID() || iter->second == symTable->nullPtrSymID())
+        continue;
 
-        if (const Function* func =
-                    SVFUtil::dyn_cast<Function>(llvmModuleSet()->getLLVMValue(iter->first)))
-        {
-            const CallGraphNode* cgn = llvmModuleSet()->getCallGraphNode(func);
-            pag->addFunValNode(cgn, iter->second, icfgNode);
-        }
-        else
+    const ICFGNode* icfgNode = nullptr;
+
+    // Check if the value is an instruction and get its ICFG node
+    if (const Instruction* inst =
+                SVFUtil::dyn_cast<Instruction>(llvmModuleSet()->getLLVMValue(iter->first)))
+    {
+        if (llvmModuleSet()->hasICFGNode(inst))
         {
-            pag->addValNode(iter->first, iter->second, icfgNode);
+            icfgNode = llvmModuleSet()->getICFGNode(inst);
         }
     }
 
-    for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
-                symTable->objSyms().begin(); iter != symTable->objSyms().end();
-            ++iter)
+    // Check if the value is a function and get its call graph node
+    if (const Function* func =
+                SVFUtil::dyn_cast<Function>(llvmModuleSet()->getLLVMValue(iter->first)))
     {
-        DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
-        if(iter->second == symTable->blackholeSymID() || iter->second == symTable->constantSymID())
-            continue;
-        if (const Function* func = SVFUtil::dyn_cast<Function>(
-                                       llvmModuleSet()->getLLVMValue(iter->first)))
-        {
-            pag->addFunObjNode(llvmModuleSet()->getCallGraphNode(func), iter->second);
-        }
-        else
-        {
-            pag->addObjNode(iter->first, iter->second);
-        }
+        const CallGraphNode* cgn = llvmModuleSet()->getCallGraphNode(func);
+        // add value node representing the function
+        pag->addFunValNode(cgn, iter->second, icfgNode);
+    }
+    else
+    {
+        // Add value node to PAG
+        pag->addValNode(iter->first, iter->second, icfgNode);
     }
+}
+
+    // Iterate over all object symbols in the symbol table
+for (SymbolTableInfo::ValueToIDMapTy::iterator iter =
+            symTable->objSyms().begin(); iter != symTable->objSyms().end();
+        ++iter)
+{
+    // Debug output for adding object node
+    DBOUT(DPAGBuild, outs() << "add obj node " << iter->second << "\n");
+
+    // Skip blackhole and constant symbols
+    if(iter->second == symTable->blackholeSymID() || iter->second == symTable->constantSymID())
+        continue;
+
+    // Get the LLVM value corresponding to the symbol
+    const Value* llvmValue = llvmModuleSet()->getLLVMValue(iter->first);
+
+    // Check if the value is a function and add a function object node
+    if (const Function* func = SVFUtil::dyn_cast<Function>(llvmValue))
+    {
+        pag->addFunObjNode(llvmModuleSet()->getCallGraphNode(func), iter->second);
+    }
+    // Check if the value is a heap object and add a heap object node
+    else if (LLVMUtil::isHeapObj(llvmValue))
+    {
+        const SVFFunction* f =
+            SVFUtil::cast<SVFInstruction>(iter->first)->getFunction();
+        pag->addHeapObjNode(iter->first, f, iter->second);
+        llvmModuleSet()->setValueAttr(llvmValue,pag->getGNode(iter->second));
+    }
+    // Check if the value is an alloca instruction and add a stack object node
+    else if (SVFUtil::isa<AllocaInst>(llvmValue))
+    {
+        const SVFFunction* f =
+            SVFUtil::cast<SVFInstruction>(iter->first)->getFunction();
+        pag->addStackObjNode(iter->first, f, iter->second);
+        llvmModuleSet()->setValueAttr(llvmValue,
+                                      pag->getGNode(iter->second));
+    }
+    // Add a generic object node for other types of values
+    else
+    {
+        pag->addObjNode(iter->first, iter->second);
+    }
+}
 
     for (SymbolTableInfo::FunToIDMapTy::iterator iter =
                 symTable->retSyms().begin(); iter != symTable->retSyms().end();
@@ -1347,7 +1382,7 @@ void SVFIRBuilder::setCurrentBBAndValueForPAGEdge(PAGEdge* edge)
     {
         const SVFFunction* srcFun = edge->getSrcNode()->getFunction();
         const SVFFunction* dstFun = edge->getDstNode()->getFunction();
-        if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && !SVFUtil::isa<SVFFunction>(edge->getSrcNode()->getValue()))
+        if(srcFun!=nullptr && !SVFUtil::isa<RetPE>(edge) && edge->getSrcNode()->hasValue() && !SVFUtil::isa<SVFFunction>(edge->getSrcNode()->getValue()))
         {
             assert(srcFun==curInst->getFunction() && "SrcNode of the PAGEdge not in the same function?");
         }

svf/include/DDA/DDAVFSolver.h

@@ -471,9 +471,11 @@ class DDAVFSolver
     virtual inline bool isLocalCVarInRecursion(const CVar& var) const
     {
         NodeID id = getPtrNodeID(var);
+        const BaseObjVar* baseObj = _pag->getBaseObject(id);
+        assert(baseObj && "base object is null??");
         const MemObj* obj = _pag->getObject(id);
         assert(obj && "object not found!!");
-        if(obj->isStack())
+        if(SVFUtil::isa<StackObjVar>(baseObj))
         {
             if(const SVFFunction* svffun = _pag->getGNode(id)->getFunction())
             {
@@ -637,9 +639,8 @@ class DDAVFSolver
     //@{
     virtual inline bool isHeapCondMemObj(const CVar& var, const StoreSVFGNode*)
     {
-        const MemObj* mem = _pag->getObject(getPtrNodeID(var));
-        assert(mem && "memory object is null??");
-        return mem->isHeap();
+        const BaseObjVar* pVar = _pag->getBaseObject(getPtrNodeID(var));
+        return pVar && SVFUtil::isa<HeapObjVar, DummyObjVar>(pVar);
     }
 
     inline bool isArrayCondMemObj(const CVar& var) const