[cfe-dev] source-to-source transformation to insert instrumentation calls

[Manuel Klimek]

On Sun, Sep 23, 2012 at 7:34 PM, Jan Smets <jan.smets at alcatel-lucent.com> wrote:
> Hi
>
> I'm trying to use CLANG to build a standalone source-to-source
> transformation tool. My first goal is to insert instrumentation calls for
> every memory access (wherever possible).
>
>
> For example, from this:
>
> int test(int *a)
> {
>     int b;
>     b = 0x10;
>     *a = b;
>
>     if(*a == 0x10)
>        return 1;
>     return 0;
> }
>
>
> To this:
>
> int test(int *a )
> {
>   int b ;
>
>   b = 0x10;
>   instrument_write(*a, 4);  // 4 is width
>   *a = b;
>
>   instrument_read(*a, 4);
>   if (*a == 0x10) {
>     return (1);
>   }
>   return (0);
> }
>
>
> I currently have a MatchFinder filter that matches declRefExpr(). The
> problem is that I can't insert the instrumentation call at the point where
> it matched. So I tried to make a 'wider' match:
>  compoundStmt( has( stmt( hasDescendant( declRefExpr() ) ) ) ) and then use
> the location of the 'stmt' to insert the call. This also doesn't work as
> good as I wished.

Yea, it needs quite a bit of special casing. Doing something very
generic is an areas we still have to work on. That said, it also looks
like the llvm level would be much better suited for the kind of
instrumentation you want to do.

Cheers,
/Manuel

> How would you advice me to find the right location where I can insert the
> call ?  Are there any other ways I can do this? Perhaps using the
> MatchFinder is not the best way to do this?
>
> Ultimately I would like to create a source-to-source transformation tool
> that applies the StackGuard principle and can move stack variables to the
> heap. (similar to what CIL does.)
> I'm aware of other tools like Asan but it's not the implementation I'm
> looking for.



Cheers,
/Manuel

>
> Thank you
>
>  - Jan
>
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev