similar to: Static analysis on TCP/IP stack

Displaying 20 results from an estimated 10000 matches similar to: "Static analysis on TCP/IP stack"

2018 Jul 15
2
llvm pass is very slow
Hi I write a LLVM function pass. The pass will loop the basicblock in the function, check the instruction's type with dyn_cast<switchinst>, print the instruction and the basicblock's successors. I think it is not very complex. My bitcode file is about 30M. My CPU is i7-7700(3.6GHz). It has been running for 60 hours but it is still running. I am not sure whether this is a normal
2018 Jun 26
2
Instruction boundaries
There should be a line-table entry for the end of the function, which appears to be missing from the dump you provided. llvm-dwarfdump should report this address with 'end_sequence' in the Flags. Are you using a different dumper? I am not sure but my guess would be that inline data is not represented in the line table. The line table's primary purpose is to inform the debugger
2018 Jun 26
2
Instruction boundaries
I'm not familiar with the target instruction set, but if "MOV PC, R0" is not a return instruction, I'm guessing that the sequence starting at A39C is a dispatch through a jump table. The jump table would be considered part of the instruction stream and included in the scope of the line table. This is not a case where you would see end_sequence; my mistake. The line table does
2018 Jun 13
2
IR to binary address mapping
Hi Paul Thanks for your comments. Suppose I can generate the control flow graph via LLVM Pass or the default option like '-dot-cfg' with opt. However, the control flow graph is based on llvm IR level. I would like to have a control flow graph based on binary level. Thus, I want to map the IR to binary address. As far as I know, we used to use the debug information to map the IR to source
2018 Jun 13
2
IR to binary address mapping
Hi However, frontend may also do various operations on the source code and one line number and column number could map to more than one binary address. Why LLVM IR cannot? Regrads Muhui 2018-06-12 23:18 GMT+08:00 mayuyu.io <admin at mayuyu.io>: > In theory that’s not exactly possible/accurate. Due to various operations > in the Backend like Instruction Legalization, one IR
2018 Jun 26
2
Instruction boundaries
Hi paulr Thanks for your reply. Though DWARF info give me the code address ranges, there might be inline data. If so, how to handle this case? As for the dwarf line table. Sometimes, the source line might be zero. Do you know why? If all instructions should be describe in the line table, I think analyzing Dwarf line table is enough to get all the instructions addresses. Do you agree? I would
2018 Jun 02
2
Function start address
Hi Actually, No particular reason. I just think this might be a solution, then I use think kind of method. Querying the symbol table would be a good choice, but I prefer to use LLVM and dwarf information. I am sorry that I am not familiar with debug_info. But thanks to your suggestions. I would like to try to solve it with debug_info. It seems work according to your comments By the way, I am
2018 Sep 05
2
AddressSanitizer on SPECCPU2006
Hi Alex Thanks for your email. But it seems not work. I removed the -fsanitize=address flag. The global buffer overflow message doesn't show. However, no *.sancov file is created after I run perlbench. Thus, I could not get the BB coverage. Do you have any ideas? Many Thanks Regards Muhui Alexander Potapenko <glider at google.com> 于2018年9月5日周三 下午7:14写道: > Hi Muhui, > > If
2015 Jul 17
2
[LLVMdev] static taint analysis in LLVM
Hello, I want to know if LLVM support static taint analysis now ? and how to implement static taint analysis code in term of LLVM pass or something else ? can anyone help me?Thank you very much! zhaoqian -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20150717/0236bed3/attachment.html>
2018 May 15
1
Four bitcode generated with plugin-opt=save-temps
Hi Teresa Thanks for your very quick and clear explanation. I have one more question. The emit-llvm option will give you the IR for a single source file when you compile it with -c. All of those files when combined give the IR in the preopt.bc temp file. =========== So if I use "clang -emit-llvm -c" to generate the .ll file. It should be the same as the one I generated by using
2018 Jun 15
3
Strange Machineinstr
Hi Krzysztof Thank you very much for your quick and clear reply. I know that MIR may not match hardware instructions directly. However, I think the semantics should be similar. For example, the first instruction is a store-multiple instruction in ARM. I think the first four MIR I shown should have the similar semantics with the first three hardware instructions. I still cannot see the
2018 May 30
1
LLVM IR source line error
Hi David Thank you very much for your suggestions. ScopeLine works well. It could represent the start of a function. Do you know whether I can get the start column of this function? Many Thanks Regards Muhui 2018-05-30 3:25 GMT+08:00 David Blaikie <dblaikie at gmail.com>: > > > On Tue, May 29, 2018 at 5:25 AM Muhui Jiang via llvm-dev < > llvm-dev at lists.llvm.org>
2018 May 22
0
LLVM dwarf info is not complete
> On May 22, 2018, at 8:06 AM, Muhui Jiang via llvm-dev <llvm-dev at lists.llvm.org> wrote: > > Hi > > I am using llvm-dwarfdump to dump the line table with -debug-line option. I compiled my program with -gdwarf-3. > > I first get the line number and source number for every instruction of the LLVM IR with metadata. Then I try to find the corresponding binary address
2018 Jun 03
2
Function start address
Hi Muhui, I tried to grep the "DW_TAG_subprogram" from the debug_info . However, I noticed that the number I found is still less than the whole functions I found with LLVM IR. Do you have any experiences? Many Thanks The only explanation that comes to mind, is that the functions are not in the final binary object file. However, previously you said you believed they were present. If
2018 May 29
0
LLVM Block is not the basic block
Hi Krzysztof I see and I agree with your explanation However, you know some start of art binary analysis tools like angr will accept LLVM's such kind of design. You know there are some non-return functions. Does LLVM consider this? Do you have any ideas if I want to create a block that cannot contain function calls with LLVM IR. Regards Muhui 2018-05-29 21:20 GMT+08:00 Krzysztof Parzyszek
2018 May 15
0
Four bitcode generated with plugin-opt=save-temps
These are the bitcode at different stages of the LTO portion of the compile. LTO merges the IR for all files being linked and optimizes them as a single monolithic module. The preopt.bc is the merged IR just after merging and before performing any LTO optimizations. internalize.bc is after performing whole program internalization. opt.bc is after the optimization pipeline, and .precodegen.bc is
2018 Sep 05
2
AddressSanitizer on SPECCPU2006
Hi If so, is it able to disable this check. All I need is just to get the BB coverage information Regards Muhui Alexander Potapenko <glider at google.com>于2018年9月5日 周三下午6:57写道: > This is a known problem in SPECCPU2006, see > https://github.com/google/sanitizers/wiki/AddressSanitizerFoundBugs > On Wed, Sep 5, 2018 at 7:36 AM Muhui Jiang via llvm-dev > <llvm-dev at
2018 Jun 12
4
IR to binary address mapping
Hi I know that LLVM provide some debug API for us to know the source code information. For example, every IR instruction's source line number and column number. However, are there any method to get a mapping from IR instruction to binary address directly. I don't want to use dwarf line mapping table as a bridge. I think the binary is generated by clang and llvm. I think there definitely
2018 Nov 08
2
Compile with both arm and thumb mode
Hi I would like to use clang to cross compile the ARM binary. I hope the target binary contains both arm and thumb instruction sets. I use the flag -mhwdiv=arm,thumb. I compiled several binaries. However, I found that the thumb mode instructions are few. Even for very big program like gcc. The number of thumb mode instruction is less than 100. I get the ground truth from the mapping table.
2018 Jun 28
2
Distinguish between ARM and Thumb
Hi Nowadays I am using LLVM to do ARM binary analysis. I was wondering is llvm available to provide some debugging information on the mode of ARM. For example, llvm-dwarfdump could dump some instructions information for debugging. Is it able to know the mode for each instruction? Or we may write some llvm pass to help us to know the instruction mode? Any suggestions are welcomed. Many Thanks