[LLVMdev] Question about node collapse

John Criswell jtcriswel at gmail.com
Sun Dec 14 09:11:11 PST 2014

On 12/12/14, 8:14 PM, Shaobo wrote:
> Hi guys,
> I'm working on a project using DSA to mark the type-unsafe store 
> operations. The example code is below,
>> int main() {
>>  int *a = (int*)malloc(sizeof(int));
>>  *a = 256;
>>  *((char *)a) = 1;
>>  assert(*a == 257);
>>  free(a);
>>  return 0;
>> }
> Based on my understanding of DSA, *((char *)a) = 1 will cause the node 
> to which "a" points to collapsed because I think there is 
> type-inconsistency here in the sense that a is declared as int* and 
> used as int* when *a = 256 happens while is used as char* afterwards. 
> However, it seems that no node is collapsed when the analysis is 
> finished. I was wondering if my understanding of DSA is correct or 
> not. Suggestions from your guys are really appreciated.

First, which DSA pass are you using?

Second, what does the LLVM IR for the program look like?

DSA can now track multiple types per offset (this feature was added 
after the DSA paper).  In this case, it might track the fact that you're 
storing a 4-byte int at offset zero and a 1-byte int at offset zero.  As 
the integer doesn't overlap a pointer field, DSA does not need to 
collapse the DSNode for the pointer.  That's my guess as to why you're 
not seeing the node collapse.


John Criswell

> Best,
> Shaobo
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

John Criswell
Assistant Professor
Department of Computer Science, University of Rochester

More information about the llvm-dev mailing list