Continue to read the notes today, this time less, and relatively simple.
connectorcomputation
-Compute ()
If there are elements in the worklist, the loop continues, but the first time it goes into the loop, according to the construction method, Worklist has only one element <mainfunction, emptycallstring>. Then remove the first element from the worklist, obtain tacfunction and callstring (gamma), and obtain ECS (FUNCTION2ECS) from ecs_p according to Tacfunction (p). In fact, the tacfunction that corresponds to the first element in Functions2ecs is _main. Get Gamma's position in the ecs_p, which is the position in a callstring list
Then we iterate over all the cfgnodecall that the P tacfunction contains, and for each callnode, get its callee (that is, the function q called), and in the case of Q!=null, A new callstring (gamma_2) is established in Callnode to obtain the Q-corresponding ECS (ECS_Q) from the function2ecs, to get the ecs_q position in the gamma_2, and if-1, add gamma_2 to Ecs_ Q in the Callstrings queue and add the elements to Q and gamma_2 to worklist, expand it.
Next expand what connectorfunction because it is in the For loop, is the operation of local variables, so there is no use.
After the while loop ends, the Makecallgraph () method is invoked.
-Makecallgraph ()
First Initializes a callgraph with Mainfunction, obtains the method invocation list processus<cfgnodecall> that mainfunction contains, and establishes a collection visited to access. Add mainfunction into the collection.
When the processus is not empty, take out the element Callnode in turn, get its caller and callee, and if callee!=null, add elements to the callgraph. If the callee has not been processed yet, add all the function calls it contains into the processus and put them into the visited.
Checker
According to the parameters of the initial run-all.bat, aliases analyze and literal analyze were not carried out, only Gta.analyze (), in fact, only dependance analyze executed. Since then the relationship was finally decided Vulns.
