[LLVMdev] How to detect all free() calls
John Criswell
criswell at illinois.edu
Mon Mar 11 07:27:10 PDT 2013
On 3/10/13 11:17 PM, Jane wrote:
>
> Hi,
> I'm trying to write a pass to detect all free()/delete() call
> instructions in LLVM IR.The method is as follows.
> First I find Call Instructions: _CallInst
> *CI=dyn_cast<CallInst>(&*i);_
> then see if the Function name matches:
> _name=CI->getCalledFunction()->getName();
> if(name=="_ZdlPv"||name=="_ZdaPv"||name=="free")_
> It worked but when something like this occurs
> _%call2 = call i32 bitcast (i32 (...)* @free to i32 (i8*)*)(i8*
> %call1) nounwind, !dbg !16_
> It seems like a indirect function call and I don't know how to
> detect free() in such situation.
> By the way, is there any way that is more convenient to detect all
> free()/delete() call instructions in a module except by matching the
> function name?
As others have mentioned, to handle situations in which the function
pointer is casted before the call, fetch the called SSA value using
Function::getCalledValue() and then use the stripPointerCasts() method
to remove all the casts.
However, that only solves the problem of calls to free() that cast the
free() function pointer. It is also possible that an indirect function
call calls free() as well. To find those, you'll need to use the
CallGraph interface or, better yet, the DSCallGraph interface from DSA
(which is located in the poolalloc project).
-- John T.
>
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130311/c8e71da1/attachment.html>
More information about the llvm-dev
mailing list