[cfe-dev] source-to-source transformation to insert instrumentation calls
Jan Smets
jan.smets at alcatel-lucent.com
Sun Sep 23 10:34:57 PDT 2012
Hi
I'm trying to use CLANG to build a standalone source-to-source
transformation tool. My first goal is to insert instrumentation calls
for every memory access (wherever possible).
For example, from this:
int test(int *a)
{
int b;
b = 0x10;
*a = b;
if(*a == 0x10)
return 1;
return 0;
}
To this:
int test(int *a )
{
int b ;
b = 0x10;
instrument_write(*a, 4); // 4 is width
*a = b;
instrument_read(*a, 4);
if (*a == 0x10) {
return (1);
}
return (0);
}
I currently have a MatchFinder filter that matches declRefExpr(). The
problem is that I can't insert the instrumentation call at the point
where it matched. So I tried to make a 'wider' match:
compoundStmt( has( stmt( hasDescendant( declRefExpr() ) ) ) ) and then
use the location of the 'stmt' to insert the call. This also doesn't
work as good as I wished.
How would you advice me to find the right location where I can insert
the call ? Are there any other ways I can do this? Perhaps using the
MatchFinder is not the best way to do this?
Ultimately I would like to create a source-to-source transformation tool
that applies the StackGuard principle and can move stack variables to
the heap. (similar to what CIL does.)
I'm aware of other tools like Asan but it's not the implementation I'm
looking for.
Thank you
- Jan
More information about the cfe-dev
mailing list