[LLVMdev] Getting the memory address of all operands on an expression

[David Chisnall]

On 10 Jun 2013, at 22:05, Abhinash Jain <omnia at mailinator.com> wrote:

> So at assembly level this expression will become something
> like as follows:-
> 
> Load r1, M[b]
> 
> Load r2, M[c]
> 
> r3=r1+r2
> 
> store M[a],r3

Your question is predicated on the assumption that this is true, when in fact it is not guaranteed.  Values in LLVM IR registers may be on the stack.  Or they may be in registers.  Or they not exist at all at the end of the optimisation pipeline, because even simple things like constant folding and common subexpression elimination may end up making them redundant.  If a value only ever exists in a register, then taking its address has no meaning.  

If you want to guarantee that it is in memory, then you should manipulate it as a pointer.  It must be created with a malloc() call, an alloca instruction, or a global value. You can then do an inttoptr on the pointer.  

If it is passed as a scalar function parameter, however, then even this doesn't guarantee that you'll get a sensible value.  Arguments are often passed in registers and so even if you spill it to the stack and then take the address of the stack slot (alloca, store, ptrtoint, call printf, load), then you will get a number, but it will not be meaningful.

It sounds like you are trying to do taint tracking, in which case you should look at some of the related work in this area.  I know of at least two other projects that have implemented taint tracking in LLVM.

David