[cfe-dev] source-to-source transformation to insert instrumentation calls

John Criswell criswell at illinois.edu
Mon Sep 24 07:48:46 PDT 2012 

On 9/23/12 12:34 PM, Jan Smets wrote:
> Hi
>
> I'm trying to use CLANG to build a standalone source-to-source 
> transformation tool. My first goal is to insert instrumentation calls 
> for every memory access (wherever possible).
>
>
> For example, from this:
>
> int test(int *a)
> {
>     int b;
>     b = 0x10;
>     *a = b;
>
>     if(*a == 0x10)
>        return 1;
>     return 0;
> }
>
>
> To this:
>
> int test(int *a )
> {
>   int b ;
>
>   b = 0x10;
>   instrument_write(*a, 4);  // 4 is width
>   *a = b;
>
>   instrument_read(*a, 4);
>   if (*a == 0x10) {
>     return (1);
>   }
>   return (0);
> }
>
>
> I currently have a MatchFinder filter that matches declRefExpr(). The 
> problem is that I can't insert the instrumentation call at the point 
> where it matched. So I tried to make a 'wider' match:
>  compoundStmt( has( stmt( hasDescendant( declRefExpr() ) ) ) ) and 
> then use the location of the 'stmt' to insert the call. This also 
> doesn't work as good as I wished.
>
> How would you advice me to find the right location where I can insert 
> the call ?  Are there any other ways I can do this? Perhaps using the 
> MatchFinder is not the best way to do this?
>
> Ultimately I would like to create a source-to-source transformation 
> tool that applies the StackGuard principle and can move stack 
> variables to the heap. (similar to what CIL does.)

First, why do you want to do a source-to-source level transformation 
instead of an LLVM IR transformation?  If it's because you need to feed 
the transformed source into a C compiler for a special hardware target, 
it may be easier to write an LLVM IR transform and to get the C backend 
up and running again.

If you can explain why you need a source-to-source transform, someone on 
the list may be able to provide ideas for a workable solution.

Second, as an FYI, SAFECode has a pass that will promote potentially 
escaping stack allocations into heap allocations.  The transform hasn't 
been updated to LLVM mainline yet, but doing so should be relatively easy.

-- John T.


> I'm aware of other tools like Asan but it's not the implementation I'm 
> looking for.
>
> Thank you
>
>  - Jan
>
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list