[llvm-dev] Finding all pointers to functions
Russell Wallace via llvm-dev
llvm-dev at lists.llvm.org
Tue Dec 22 23:09:06 PST 2015
On Tue, Dec 22, 2015 at 10:55 AM, John Criswell <jtcriswel at gmail.com> wrote:
> You could conservatively assume that any function that has its address
> taken has a pointer to it that escapes into memory or external code.
Right, that's what I'm doing to start with.
> To make things a little more accurate, you could scan the uses of any
> function for which hasAddressTaken() returns true and see if any of its
> uses escapes its function or escapes into memory or external code. I
> believe hasAddressTaken() returns true if the function is subjected to a
> cast instruction, and functions are often casted if they are used in a call
> that uses a different signature than the function's declared signature.
I'll look into that. It seems reasonable to guess that the major
confounding factor in many C++ programs will be references from virtual
function tables; there should be some way to optimize those specifically.
> To get anything more accurate, you'll need to use alias analysis or
> points-to analysis. DSA tracks function pointers in the heap and can tell
> you whether the function is called from external code. However, DSA's
> accuracy currently suffers if it is run after LLVM's optimizations, and the
> code needs some serious TLC.
DSA presumably stands for data structure analysis. TLC = tender loving
care? Why does DSA become less accurate if run after optimization?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the llvm-dev