mayuyu.io via llvm-dev
2018-Sep-05 09:00 UTC
[llvm-dev] How to get return address at llvm ir level?
To my knowledge that intrinsic IS generated by frontends like Clang when using _builtin_return_address(), i could be wrong though Zhang> 在 2018年9月5日,10:47,Bekket McClane via llvm-dev <llvm-dev at lists.llvm.org> 写道: > > and
Bekket McClane via llvm-dev
2018-Sep-05 13:40 UTC
[llvm-dev] How to get return address at llvm ir level?
Correct...you can always call that intrinsic explicitly. However, I don't think it would help the original question, since the question is how to get the return address inside a LLVM Pass, instead of getting the return address after executing the program with Intrinsic::returnaddress inside. Also, executing a program containing Intrinsic::returnaddress won't get you anything - even failed to pass the linking stage - without special support, since the intrinsic is just a function declaration. Bests, Bekket On Wed, Sep 5, 2018 at 5:00 AM mayuyu.io <admin at mayuyu.io> wrote:> To my knowledge that intrinsic IS generated by frontends like Clang when > using _builtin_return_address(), i could be wrong though > > Zhang > > > 在 2018年9月5日,10:47,Bekket McClane via llvm-dev <llvm-dev at lists.llvm.org> > 写道: > > > > and > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180905/925e22a9/attachment.html>
PenYiWang via llvm-dev
2018-Sep-07 00:45 UTC
[llvm-dev] How to get return address at llvm ir level?
Thanks for your reply.
What I want to do is that check the return address at every return site
(for some security issue) .
(I will also do some analysis to get some candidate return target)
So the "ret" instruction will be transformed to
mov eax,[esp] // get the return address at the top of stack
cmp eax,0x08040000 // candidate 1
je 0x08040000
cmp eax,0x08040004 // candidate 2
je 0x08040004
cmp eax,0x08040008 // candidate 3
je 0x08040008
So if I want to do this transform at llvm ir level rather than backend,
I need to get the return address of current function in FunctionPass, right?
I found that intrinisc::returnaddress only returns a *void pointer.
c code:
int main(){
int a = __builtin_return_address(0);
}
llvm ir:
define i32 @main() #0 {
entry:
%a = alloca i32, align 4
%0 = call i8* @llvm.returnaddress(i32 0)
%1 = ptrtoint i8* %0 to i32
store i32 %1, i32* %a, align 4
ret i32 0
}
Can I use the return value of intrinisc::returnaddress to compare with
"Function" class in llvm ir?
(Otherwise, I need to modify backend to do my intrumentation.)
Thanks
Bekket McClane <bekket.mcclane at gmail.com> 於 2018年9月5日 週三 下午9:41寫道:
> Correct...you can always call that intrinsic explicitly. However, I
don't
> think it would help the original question, since the question is how to get
> the return address inside a LLVM Pass, instead of getting the return
> address after executing the program with Intrinsic::returnaddress inside.
> Also, executing a program containing Intrinsic::returnaddress won't get
> you anything - even failed to pass the linking stage - without special
> support, since the intrinsic is just a function declaration.
>
> Bests,
> Bekket
>
> On Wed, Sep 5, 2018 at 5:00 AM mayuyu.io <admin at mayuyu.io> wrote:
>
>> To my knowledge that intrinsic IS generated by frontends like Clang
when
>> using _builtin_return_address(), i could be wrong though
>>
>> Zhang
>>
>> > 在 2018年9月5日,10:47,Bekket McClane via llvm-dev <llvm-dev at
lists.llvm.org>
>> 写道:
>> >
>> > and
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20180907/f1746578/attachment.html>