Syed Rafiul Hussain via llvm-dev
2016-Apr-02 14:14 UTC
[llvm-dev] Find targets of indirect call sites
Hi, I would like to find the targets of indirect callsties. The callsite and the targets may be located in different functions or in different modules. Any hint or suggestion would be much appreciated. Thanks. -- Syed
mats petersson via llvm-dev
2016-Apr-03 10:40 UTC
[llvm-dev] Find targets of indirect call sites
So, you are trying to find out what the initialization of a function pointer is? Surely that's not always possible: there may be runtime conditional code that sets the function pointer, based on external inputs (user-input, reading from file, command-line arguments, etc). And it becomes almost impossible for callbacks that are supplied to a library from the library user's code. This has been discussed many times before, so looking over the archive of this mailing list would perhaps provide some further information. -- Mats On 2 April 2016 at 15:14, Syed Rafiul Hussain via llvm-dev < llvm-dev at lists.llvm.org> wrote:> Hi, > > I would like to find the targets of indirect callsties. The callsite > and the targets may be located in different functions or in different > modules. > > Any hint or suggestion would be much appreciated. > > Thanks. > -- > Syed > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20160403/78fd899f/attachment.html>
Ronny Chevalier via llvm-dev
2016-Apr-03 11:50 UTC
[llvm-dev] Find targets of indirect call sites
On 02/04/2016 16:14, Syed Rafiul Hussain via llvm-dev wrote:> Hi, >Hi,> I would like to find the targets of indirect callsties. The callsite > and the targets may be located in different functions or in different > modules. >LLVM does not provide such feature.> Any hint or suggestion would be much appreciated.You could use the poolalloc project [1]. It includes DSA which allows to find a list a potential targets of an indirect call. It is worth noting, however, that such process is an over-approximation, and can be sometimes incomplete (e.g. indirect call to another module, loss of precision). Also, John Criswell mentioned multiple issues [2] regarding the loss of precision of DSA, because of assumptions it made on the LLVM IR when it was originally written.llvm Anyway, I managed to make the current version of poolalloc works with LLVM 3.7, and some minor patches (but I think DSA can be built on its own without modifications). [1] https://github.com/llvm-mirror/poolalloc [2] http://lists.llvm.org/pipermail/llvm-dev/2015-May/085359.html