-
Notifications
You must be signed in to change notification settings - Fork 436
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dataflow between a memcpy and a Load is broken in SVFG #1589
Comments
I think there is such value-flow, the Source Code #include <string.h>
#include <stdio.h>
int main(int argc, char *argv[])
{
int a, b;
a = argc;
memcpy(&b, &argc, sizeof(int));
if(a)
if(b)
printf("a and b\n");
return 0;
} LLVM:
Memory Layouts:
Andersen Analysis Results:
Critical Store And Loads
1.value flow of
|
Hello,
I am trying to find if a taint propagates from main() to a certain if-condition. In the following test program, the taint (argc) flows through a memcpy instruction as well as a direct assignment:
When I generate the SVFG using the command
wpa -ander -svfg -dump-vfg -opt-svfg=false memcpy_simple.ll
, I get two disconnected sections, one forif(a)
and one forif(b)
(truncated for clarity):Dataflow into
if(a)
:Dataflow into
if(b)
:I had expected the SVFG to connect the StoreVFGNode containing the memcpy instruction, to the LoadVFGNode in image 2.
Is this a feature which SVF supports out of the box? Or would I need to write some analysis on top of it myself?
Thanks
PS: I have attached the C file, LLVM IR, and the graph SVG for your reference.
SVF_Issue.zip
The text was updated successfully, but these errors were encountered: