<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial">Hi Chaz,<br>Thanks for your suggestions. But, as the tool's name, 'OverCG', the call graph may be over-approximation, and I only test it for c code.<br>Maybe I will implement a plugin using c++, I currently am learning how to use llvm:)<br>If you have any suggestions, please let me know. Thank you!<br><br>The CFG is right. Currently, the developers of opt/llvm only consider the direct call made by the call instruction, since the different language (rust, julia ...) has different calling convention.<br><br><br>Best,<br>Zhide<br><br><br><br><br><div style="position:relative;zoom:1"></div><div id="divNeteaseMailCard"></div><br>At 2018-11-19 10:49:15, "changze cui" <changzecui@gmail.com> wrote:<br> <blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><div dir="ltr">Hi zhide,<div> Cool Bro!!!!!!</div><div> Your tool solve my problem perfectly !!!</div><div> It seems the original call graph has some problems. Then why don't you submit your solution to LLVM-dev and integrate your code into the next version of opt? Your code may help lots of people like me who is not very familiar with LLVM.</div><div> BTW, probably CFG has the same problem because I think call graph is generated from CFG. Did you check before?</div><div> Anyway, Thanks a lot !!</div><div><br></div><div>Regards,</div><div>Chaz</div></div><br><div class="gmail_quote"><div dir="ltr">cszide <<a href="mailto:cszide@163.com">cszide@163.com</a>> 于2018年11月17日周六 上午9:38写道:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi, </div><div>I also have the same problem and I wrote some codes to mitigate this problem.</div><div>You can find it on github <a href="https://github.com/coffezhou/OverCG." target="_blank">https://github.com/coffezhou/OverCG.</a> I try it on the IR you </div><div>provided and it can get the call relationship from fsdither -> TIFFWriteScanLine.</div><div>I hope it can help you.</div><div><br></div><div>Best,</div><div>Zhide</div><br><br><br><br><div style="zoom:1"></div><div id="m_-28012476141871296divNeteaseMailCard"></div><br>At 2018-11-09 00:44:18, "changze cui via llvm-dev" <<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a>> wrote:<br> <blockquote id="m_-28012476141871296isReplyContent" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid"><div dir="ltr"><div dir="ltr">Hi there,<div> I am working with opt-6.0 and try to generate a call graph of libsndfile, but it seems the call graph doesn't cover all call relationship.</div><div> Actually, I am doing static analysis on <b>CVE-2014-8130</b>, which is a zero division on libtiff/tif_write.c TIFFWriteScanline. (see <a href="https://security-tracker.debian.org/tracker/CVE-2014-8130" target="_blank">https://security-tracker.debian.org/tracker/CVE-2014-8130</a>)</div><div> Theoretically, the main function in tiffdither.c will call fsdither, and fsdither will call TIFFWriteScanLine. main (tiffdither.c) -> fsdither (tiffdither.c) -> TIFFWriteScanLine (tif_write.c)</div><div> I want to get a call graph of the buggy program tiffdither but I find the call graph generated doesn't cover the call relationship from fsdither -> TIFFWriteScanLine.</div><div> For short, the call graph now shows TIFFWriteScanLine is only called by an external node.</div><div> I already compile tiffdither, and I upload it as an attached file. I also write a small python to help analyze the dot file.</div><div> Actually, I do opt-6.0 -analyze -dot-callgraph tiffdither.bc to generate the dot file. And then modify the dotPath in dotHandle.py. You can modify the python code to help analyze.</div><div> I can't figure out why this happens, and I will be very appreciate if you can help!</div><div><br></div><div>Thanks & Regards,</div><div>Chaz</div></div></div>
</blockquote></div><br><br><span title="neteasefooter"><p> </p></span></blockquote></div>
</blockquote></div><br><br><span title="neteasefooter"><p> </p></span>