TypeClone - SVF-tools/SVF GitHub Wiki

TypeClone

TypeClone is implemented in SVF under the name FSTBHC.

Setup

There are two parts to the setup:

  1. Building SVF.
  2. Obtaining a ctir-capable Clang since FSTBHC requires all bitcode to be ctir-annotated.

SVF

  $ git clone https://github.com/SVF-tools/SVF
  $ cd SVF
  $ . build.sh  # See the 'Unit tests' section for info on ctir-related options.

SVF is now ready to use from path/to/SVF/Release-build/bin/wpa.

ctir-capable Clang

Build ctir-Clang:

  $ git clone https://github.com/mbarbar/ctir
  $ cd ctir
  $ # Build following instructions provided by the LLVM project:
    # https://clang.llvm.org/get_started.html

OR Download pre-built binaries if using Ubuntu or macOS.

Now the newly built or downloaded clang/clang++ compilers can be used to build ctir-annotated LLVM bitcode.

Building software to analyse

To build ctir-annotated code use the -ctir option. For example, clang -ctir -S -emit-llvm program.c will produce LLVM assembly, program.ll, ready to be analysed by FSTBHC.

WLLVM can also be used without any friction (errors that -ctir is an unknown option can be safely ignored).

Analysing

To analyse a program with FSTBHC, without considering reuse:

  $ wpa -fstbhc program.ll

To analyse a program with FSTBHC, whilst considering reuse:

  $ wpa -fstbhc -tbhc-all-reuse program.ll

To only consider reuse at store instructions (and GEP instructions whose purpose is ultimately a store), replace -tbhc-all-reuse with -tbhc-store-reuse:

  $ wpa -fstbhc -tbhc-store-reuse program.ll

To print the type graph (text only):

  $ wpa -fstbhc -print-dchg program.ll

Unit tests

In Test-Suite, FSTBHC unit tests are available in the fstbhc_tests directory when building on Linux. To get the build.sh script to build and run these tests, build with the CTIR variable set (e.g. $ CTIR=1 . build.sh). This will also download ctir-capable compilers if CTIR_DIR is not set (binaries only available for Ubuntu and macOS). If you do not want build.sh to download ctir-Clang binaries, set the CTIR_DIR variable to point to the directory containing ctir-capable clang and clang++ binaries (e.g. $ CTIR=1 CTIR_DIR=/path/to/ctir/build/bin/ . build.sh).