-
Notifications
You must be signed in to change notification settings - Fork 30
AE Python APIs
Yulei Sui edited this page Aug 4, 2025
·
7 revisions
| API | Introduction |
|---|---|
getNodeID(variable: str) -> int |
Retrieves the node ID of the specified variable. |
IntervalValue(lower: int, upper: int) |
Creates an interval value. |
AbstractValue.getInterval() -> IntervalValue |
Retrieves the interval value of the abstract state. |
AbstractValue.join_with(value: AbstractValue) |
Merges the current value with another value. |
getMemObjAddress(variable: str) -> AddressValue |
Retrieves the memory object address of the specified variable. |
AddressValue(getMemObjAddress(variable: str)) |
Creates an address value initialized to the memory object address of the specified variable. |
AEState.widening(state: AEState) -> AEState |
Performs widening on the given state. |
AEState.narrowing(state: AEState) -> AEState |
Performs narrowing on the given state. |
AEState.joinWith(state: AEState) |
Merges the current state with another state. |
AbstractValue.meet_with(value: AbstractValue) |
Performs an intersection operation between the current value and another value. |
getGepObjAddress(variable: str, offset: int) -> AddressValue |
Retrieves the GEP (GetElementPtr) object address of the specified variable with the given offset. |
AEState.loadValue(varId: int) -> AbstractValue |
Loads the abstract value from the variable ID's address. |
AEState.storeValue(varId: int, val: AbstractValue) |
Stores the abstract value at the variable ID's address. |
AEState.printAbstractState() |
Prints the abstract trace for debugging purposes. |
| API | Introduction |
|---|---|
SVFUtil.isa(stmt: SVFStmt) -> bool |
Checks if the given statement is a call ICFG node. |
SVFUtil.dyn_cast(stmt: SVFStmt) -> GepStmt |
Dynamically casts the given statement to a GepStmt type. |
AbstractExecution.getAbsStateFromTrace(node: ICFGNode) -> AbstractState |
Retrieves the abstract state of the given ICFG node. |
GepStmt.getLHSVarID() -> int |
Retrieves the left-hand side variable ID of the GepStmt. |
GepStmt.getRHSVarID() -> int |
Retrieves the right-hand side variable ID of the GepStmt. |
AEState.getAddrs() -> List[AddressValue] |
Retrieves the address values in the abstract state. |
AEState.getIDFromAddr(addr: AddressValue) -> int |
Retrieves the internal ID of the given address. |
svfir.getBaseObject(id: int).getByteSizeOfObj() -> int |
Retrieves the byte size of the base object. |
Options.WidenDelay() -> int |
Retrieves the value of the widen delay option. |
handleICFGNode(ICFGNode*) |
Handles a singleton WTO (Weak Topological Order) which includes an ICFGNode. |
handleICFGCycle(ICFGCycleWTO*) |
Handles WTO cycles, which includes a set of ICFGNode. |
ICFGCycleWTO::head()::getICFGNode() |
Get the cycle head ICFGNode |
mergeStatesFromPredecessors(node: ICFGNode, state: AEState) -> AEState |
Merges states from predecessor ICFGNodes. |
CopyStmt.getLHSVarID() -> int |
Retrieves the left-hand side variable ID of the copy statement. |
CopyStmt.getRHSVarID() -> int |
Retrieves the right-hand side variable ID of the copy statement. |
BinaryOPStmt.getOpVarID(index: int) -> int |
Retrieves the operand variable ID of the binary operation statement. |
BinaryOPStmt.getResID() -> int |
Retrieves the result variable ID of the binary operation statement. |
BinaryOPStmt.getOpcode() -> OpCode |
Retrieves the opcode of the binary operation statement. |
AEState.loadValue(varId: int) -> AbstractValue |
Loads the abstract value of the given variable ID. |
AEState.storeValue(varId: int, val: AbstractValue) |
Stores the abstract value at the given variable ID. |
LoadStmt.getRHSVarID() -> int |
Retrieves the right-hand side variable ID of the load statement. |
LoadStmt.getLHSVarID() -> int |
Retrieves the left-hand side variable ID of the load statement. |
IntervalValue.getIntNumeral() -> int |
Returns the integer representation of the interval value. |
AEState.getByteOffset(gep: GepStmt) -> IntervalValue |
Retrieves the byte offset of the GEP statement. |
AEState.getElementIndex(gep: GepStmt) -> int |
Retrieves the element index of the GEP statement. |
AEState.getGepObjAddrs(varID: int, offset: int) -> List[AddressValue] |
Retrieves the address of the GEP object. |
AbstractExecution.reportBufOverflow(node: ICFGNode) |
Reports a buffer overflow for a given ICFG node. |
AbstractExecution.updateGepObjOffsetFromBase(gepAddrs: List[AddressValue], objAddrs: List[AddressValue], offset: IntervalValue) |
Updates the GEP object offset from the base. |
AbstractExecution.getAccessOffset(objId: int, gep: GepStmt) -> IntervalValue |
Returns the accessing offset of an object at a GepStmt. |
AbstractExecution.updateStateOnExtCall(extCallNode: CallICFGNode) |
Handles external calls, checking for buffer overflows, and updates abstract states using memcopy-like APIs via AbsExtAPI::handleMemcpy |
AbstractExecutionHelper.handleMemcpy(as: AbstractState, dst: SVFVar, src: SVFVar, len: IntervalValue, start_idx: int) |
Simulates a memcpy operation in the abstract state as: copies len bytes from the source variable src to the destination variable dst, starting at offset start_idx. The function automatically determines the element size (for arrays or pointers) and performs element-wise copying, updating the abstract state accordingly. Only objects present in the abstract state are copied. |
AEState.getIDFromAddr(addr: AddressValue) -> int |
Retrieves the internal ID associated with a given address. |
bufOverflowHelper.addToGepObjOffsetFromBase(objVar: GepObjVar, offset: IntervalValue) |
Adds an offset to the GEP object offset from the base object. |
bufOverflowHelper.hasGepObjOffsetFromBase(objVar: GepObjVar) -> bool |
Checks if there is a GEP object offset from the base object. |
bufOverflowHelper.getGepObjOffsetFromBase(objVar: GepObjVar) -> IntervalValue |
Retrieves the GEP object offset from the base object. |
AEState.getByteOffset(gep: GepStmt) -> IntervalValue |
Retrieves the byte offset for a given GEP instruction. |
AEState.getGepObjAddrs(varID: int, offset: int) -> List[AddressValue] |
Gets the addresses of GEP objects given a variable ID and an offset. |
AbstractExecution.updateGepObjOffsetFromBase(gepAddrs: List[AddressValue], objAddrs: List[AddressValue], offset: IntervalValue) |
Updates the GEP object offset from the base object. |
AbstractExecution.getAccessOffset(objId: int, gep: GepStmt) -> IntervalValue |
Retrieves the access offset for a given object ID and GEP instruction. |
AEState.printAbstractState() |
Prints the abstract trace of the execution. |
AbstractExecutionHelper.handleMemcpy(as: AbstractState, dst: SVFVar, src: SVFVar, len: IntervalValue, start_idx: int)
-
Simulates a memcpy operation in the abstract state as: copies
lenbytes from the source variablesrcto the destination variabledst, starting at offsetstart_idx. The function automatically determines the element size (for arrays or pointers) and performs element-wise copying, updating the abstract state accordingly. Only objects present in the abstract state are copied.For example
// as is AbstractState // dst is a SVFVar*, whose type can be Array or Pointer. // src is a SVFVar*, whose type can be Array or Pointer. // len is a IntervalValue, we copy the lower bound bytes // start_idx is the starting position // e.g. in source code, char dst[10] = {'a','a','a','a','a','a','a','a','a','a'}; // chat src[5] = {'1', '2', '3', '4', '\0'}; // we call handleMemcpy(as, dst, src, [5, 5], 2); // AbstractState should be updated as `dst = {'a', 'a', '1', '2', '3', '4','\0', 'a','a','a'}` // in which dst[2] = '1', dst[3] = '2',dst[4] = '3', dst[5] = '4', dst[6] = '\0', and no change occurs in other indices. self.buf_overflow_helper.handleMemcpy(as, dst, src, len, start_idx);