Hi,
I'm trying to write a pass to detect all free()/delete() call
instructions in LLVM IR.The method is as follows.
First I find Call Instructions: CallInst
*CI=dyn_cast<CallInst>(&*i);
then see if the Function name matches:
name=CI->getCalledFunction()->getName();
if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free")
It worked but when something like this occurs
%call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1)
nounwind, !dbg !16
It seems like a indirect function call and I don't know how to detect
free() in such situation.
By the way, is there any way that is more convenient to detect all
free()/delete() call instructions in a module except by matching the function
name?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20130311/0744cdbb/attachment.html>
Try isFreeCall() defined in "llvm/Analysis/MemoryBuiltins.h". On Mon, Mar 11, 2013 at 12:17 AM, Jane <270611649 at qq.com> wrote:> > Hi, > I'm trying to write a pass to detect all free()/delete() call > instructions in LLVM IR.The method is as follows. > First I find Call Instructions: CallInst *CI=dyn_cast<CallInst>(&*i); > then see if the Function name matches: > name=CI->getCalledFunction()->getName(); > if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free") > It worked but when something like this occurs > %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) > nounwind, !dbg !16 > It seems like a indirect function call and I don't know how to detect > free() in such situation. > By the way, is there any way that is more convenient to detect all > free()/delete() call instructions in a module except by matching the > function name? > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >
On 3/10/13 11:17 PM, Jane wrote:> > Hi, > I'm trying to write a pass to detect all free()/delete() call > instructions in LLVM IR.The method is as follows. > First I find Call Instructions: _CallInst > *CI=dyn_cast<CallInst>(&*i);_ > then see if the Function name matches: > _name=CI->getCalledFunction()->getName(); > if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free")_ > It worked but when something like this occurs > _%call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* > %call1) nounwind, !dbg !16_ > It seems like a indirect function call and I don't know how to > detect free() in such situation. > By the way, is there any way that is more convenient to detect all > free()/delete() call instructions in a module except by matching the > function name?As others have mentioned, to handle situations in which the function pointer is casted before the call, fetch the called SSA value using Function::getCalledValue() and then use the stripPointerCasts() method to remove all the casts. However, that only solves the problem of calls to free() that cast the free() function pointer. It is also possible that an indirect function call calls free() as well. To find those, you'll need to use the CallGraph interface or, better yet, the DSCallGraph interface from DSA (which is located in the poolalloc project). -- John T.> > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130311/c8e71da1/attachment.html>