Hello,
I am trying to extract a callgraph using DSA, but the analysis looks quite
pessimistic. I use TDD analysis and here is my test code:
#include <stdlib.h>
typedef void (*tX)(int a, int b);
typedef void (*tY)(int a);
typedef struct {
tX p ;
int n;
} msg;
static void A1(int a) { }
static void B2(int a, int b) { }
static void C2(int a, int b) { }
tY q;
static void decode(tX decoder_f){
decoder_f(1,2);
}
int main(void) {
msg *a = malloc(sizeof(msg));
q = &A1;
a->p = &B2;
decode(&C2);
return 0;
}
The result that I get is:
main: [malloc decode ]
A1: []
B2: []
C2: []
decode: [A1 B2 C2 ]
Why does "decode" function have two extra callees (A1 and B2)? Is it
possible to filter them out?
Kind Regards, Maxim
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20150524/d25b31f3/attachment.html>
I'm working on this issue, thank you for reporting it. The short answer is that the callgraph reported by TD is the same as discovered/computed during BU (and BU can't determine the indirect call can only target C2). I've added this example, and a few other related tests, to the DSA's test suite[1] to document this behavior while I'm working out what the best solution is. I'll try to post back here when it's resolved one way or the other, but feel free to bug me if you don't hear back in a few days :). ~Will [1] https://github.com/llvm-mirror/poolalloc/commit/32b43cd23e3d18f7080f9c966d9b4b3b3fb6962d On Sun, May 24, 2015 at 4:31 AM, Maxim Olifer <olifer.maxim at gmail.com> wrote:> Hello, > > I am trying to extract a callgraph using DSA, but the analysis looks quite > pessimistic. I use TDD analysis and here is my test code: > > #include <stdlib.h> > > typedef void (*tX)(int a, int b); > typedef void (*tY)(int a); > > typedef struct { > tX p ; > int n; > } msg; > > static void A1(int a) { } > static void B2(int a, int b) { } > static void C2(int a, int b) { } > > > tY q; > > static void decode(tX decoder_f){ > decoder_f(1,2); > } > > int main(void) { > msg *a = malloc(sizeof(msg)); > q = &A1; > a->p = &B2; > decode(&C2); > > return 0; > } > > The result that I get is: > > main: [malloc decode ] > A1: [] > B2: [] > C2: [] > decode: [A1 B2 C2 ] > > Why does "decode" function have two extra callees (A1 and B2)? Is it > possible to filter them out? > > Kind Regards, > Maxim > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >
Hi Will, Are you actively maintaining the version of DSA found in poolalloc? In a response to a question I posted earlier today, Reid Kleckner wondered if poolalloc (and by extension, DSA?) is unmaintained. - Christian On Thu, May 28, 2015 at 4:59 PM, Will Dietz <willdtz at gmail.com> wrote:> I'm working on this issue, thank you for reporting it. > > The short answer is that the callgraph reported by TD is the same as > discovered/computed during BU > (and BU can't determine the indirect call can only target C2). > > I've added this example, and a few other related tests, to the DSA's > test suite[1] to document > this behavior while I'm working out what the best solution is. > > I'll try to post back here when it's resolved one way or the other, > but feel free to bug me if you don't hear back in a few days :). > > ~Will > > [1] > https://github.com/llvm-mirror/poolalloc/commit/32b43cd23e3d18f7080f9c966d9b4b3b3fb6962d > > On Sun, May 24, 2015 at 4:31 AM, Maxim Olifer <olifer.maxim at gmail.com> > wrote: > > Hello, > > > > I am trying to extract a callgraph using DSA, but the analysis looks > quite > > pessimistic. I use TDD analysis and here is my test code: > > > > #include <stdlib.h> > > > > typedef void (*tX)(int a, int b); > > typedef void (*tY)(int a); > > > > typedef struct { > > tX p ; > > int n; > > } msg; > > > > static void A1(int a) { } > > static void B2(int a, int b) { } > > static void C2(int a, int b) { } > > > > > > tY q; > > > > static void decode(tX decoder_f){ > > decoder_f(1,2); > > } > > > > int main(void) { > > msg *a = malloc(sizeof(msg)); > > q = &A1; > > a->p = &B2; > > decode(&C2); > > > > return 0; > > } > > > > The result that I get is: > > > > main: [malloc decode ] > > A1: [] > > B2: [] > > C2: [] > > decode: [A1 B2 C2 ] > > > > Why does "decode" function have two extra callees (A1 and B2)? Is it > > possible to filter them out? > > > > Kind Regards, > > Maxim > > > > > > _______________________________________________ > > LLVM Developers mailing list > > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150528/d2a62999/attachment.html>