Thanks. isFreeCall() works well but for %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) nounwind, !dbg !16 So I tried to figure out when the above instruction occurred. When <stdlib.h> is included, free(buf2R1); turn into call void @free(i8* %call1) nounwind, !dbg !16 when I forget to include <stdlib.h>, free(buf2R1); turn into %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) nounwind, !dbg !16 I don't understand why this is happen. Could you explain it for me? ------------------ Original ------------------ From: "Xi Wang"<xi.wang at gmail.com>; Date: Mon, Mar 11, 2013 12:24 PM To: "Jane"<270611649 at qq.com>; Cc: "llvmdev"<llvmdev at cs.uiuc.edu>; Subject: Re: [LLVMdev] How to detect all free() calls Try isFreeCall() defined in "llvm/Analysis/MemoryBuiltins.h". On Mon, Mar 11, 2013 at 12:17 AM, Jane <270611649 at qq.com> wrote:> > Hi, > I'm trying to write a pass to detect all free()/delete() call > instructions in LLVM IR.The method is as follows. > First I find Call Instructions: CallInst *CI=dyn_cast<CallInst>(&*i); > then see if the Function name matches: > name=CI->getCalledFunction()->getName(); > if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free") > It worked but when something like this occurs > %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) > nounwind, !dbg !16 > It seems like a indirect function call and I don't know how to detect > free() in such situation. > By the way, is there any way that is more convenient to detect all > free()/delete() call instructions in a module except by matching the > function name? > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130311/74389452/attachment.html>
if you don't include stdlib.h, where free() is declared, you'll simply get a default C function signature: int free(...); On Mon, Mar 11, 2013 at 1:56 AM, Jane <270611649 at qq.com> wrote:> Thanks. isFreeCall() works well but for > %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) > nounwind, !dbg !16 > So I tried to figure out when the above instruction occurred. > When <stdlib.h> is included, free(buf2R1); turn into call void @free(i8* > %call1) nounwind, !dbg !16 > when I forget to include <stdlib.h>, free(buf2R1); turn into %call2 = call > i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) nounwind, !dbg !16 > I don't understand why this is happen. Could you explain it for me? > > ------------------ Original ------------------ > From: "Xi Wang"<xi.wang at gmail.com>; > Date: Mon, Mar 11, 2013 12:24 PM > To: "Jane"<270611649 at qq.com>; > Cc: "llvmdev"<llvmdev at cs.uiuc.edu>; > Subject: Re: [LLVMdev] How to detect all free() calls > > Try isFreeCall() defined in "llvm/Analysis/MemoryBuiltins.h". > > On Mon, Mar 11, 2013 at 12:17 AM, Jane <270611649 at qq.com> wrote: >> >> Hi, >> I'm trying to write a pass to detect all free()/delete() call >> instructions in LLVM IR.The method is as follows. >> First I find Call Instructions: CallInst *CI=dyn_cast<CallInst>(&*i); >> then see if the Function name matches: >> name=CI->getCalledFunction()->getName(); >> if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free") >> It worked but when something like this occurs >> %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) >> nounwind, !dbg !16 >> It seems like a indirect function call and I don't know how to detect >> free() in such situation. >> By the way, is there any way that is more convenient to detect all >> free()/delete() call instructions in a module except by matching the >> function name? >> >> _______________________________________________ >> LLVM Developers mailing list >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >>
Hi Jane, On your bitcast case: you can easily strip them using: Function* callee dyn_cast<Function>(call->getCalledValue()->stripPointerCasts()); - D. 2013/3/11 Xi Wang <xi.wang at gmail.com>> if you don't include stdlib.h, where free() is declared, you'll simply > get a default C function signature: > > int free(...); > > On Mon, Mar 11, 2013 at 1:56 AM, Jane <270611649 at qq.com> wrote: > > Thanks. isFreeCall() works well but for > > %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) > > nounwind, !dbg !16 > > So I tried to figure out when the above instruction occurred. > > When <stdlib.h> is included, free(buf2R1); turn into call void > @free(i8* > > %call1) nounwind, !dbg !16 > > when I forget to include <stdlib.h>, free(buf2R1); turn into %call2 > call > > i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* %call1) nounwind, !dbg > !16 > > I don't understand why this is happen. Could you explain it for me? > > > > ------------------ Original ------------------ > > From: "Xi Wang"<xi.wang at gmail.com>; > > Date: Mon, Mar 11, 2013 12:24 PM > > To: "Jane"<270611649 at qq.com>; > > Cc: "llvmdev"<llvmdev at cs.uiuc.edu>; > > Subject: Re: [LLVMdev] How to detect all free() calls > > > > Try isFreeCall() defined in "llvm/Analysis/MemoryBuiltins.h". > > > > On Mon, Mar 11, 2013 at 12:17 AM, Jane <270611649 at qq.com> wrote: > >> > >> Hi, > >> I'm trying to write a pass to detect all free()/delete() call > >> instructions in LLVM IR.The method is as follows. > >> First I find Call Instructions: CallInst > *CI=dyn_cast<CallInst>(&*i); > >> then see if the Function name matches: > >> name=CI->getCalledFunction()->getName(); > >> if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free") > >> It worked but when something like this occurs > >> %call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8* > %call1) > >> nounwind, !dbg !16 > >> It seems like a indirect function call and I don't know how to > detect > >> free() in such situation. > >> By the way, is there any way that is more convenient to detect all > >> free()/delete() call instructions in a module except by matching the > >> function name? > >> > >> _______________________________________________ > >> LLVM Developers mailing list > >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > >> > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130311/1134a84c/attachment.html>