[LLVMdev] incorrect DSCallGraph for simple indirect call with vtable nearby

Ben Liblit liblit at cs.wisc.edu
Wed Aug 10 11:39:16 PDT 2011 

John Criswell wrote:
> 1) I'll try out your example C++ code below and see if I can get the
> same results that you do. However, I'm at a conference right now (Usenix
> Security), so I don't know exactly when I'll get to it.

Excellent.  Thanks, John!

> 2) DSA can get pessimistic results when dealing with external code (as
> Andrew described). It is designed for whole program analysis, meaning
> that the entire program should be available (e.g., no variables defined
> in other compilation units). Can you: [...]

I have made the recommended changes.  My test input is now a complete, 
self-contained program with a proper main.  I use "-internalize" on the 
"opt" command line to run llvm::InternalizePass before my ShowCallGraph 
pass.  (Sadly, llvm::InternalizePass::ID is not exposed through any 
headers, making it impossible to compile this pass-ordering requirement 
directly into my ShowCallGraph sources.)

The modified test input is attached below.  I'm happy to provide 
compiled bitcode, LLVM assembly source, or whatever else you need to 
reproduce the problem.  The ShowCallGraph pass is the same as in my 
earlier message at 
<http://lists.cs.uiuc.edu/pipermail/llvmdev/2011-August/042312.html>. 
When run on the bitcode for my updated test input, ShowCallGraph reports:

   call void %6(%struct.Base* %2)
	red()
	blue()
	Base::virt() const
	Derived::virt() const
   call void %12()
	red()
	blue()
	Base::virt() const
	Derived::virt() const

The first of those two calls is a vtable dispatch; the ideal answer 
would be Base::virt() const and Derived::virt() const, without red() and 
blue().  Still, vtable lookups are complex, so I could imagine an 
over-approximation here.

The second of those two calls is just a non-deterministic choice between 
two functions.  I'd really hoped that DSA would give the ideal answer 
here: red() or blue(), but not Base::virt() const or Derived::virt() const.

-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.cpp
Type: text/x-c++src
Size: 387 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20110810/e9ad2370/attachment.cpp>

More information about the llvm-dev mailing list