[llvm-dev] Finding all pointers to functions

Russell Wallace via llvm-dev llvm-dev at lists.llvm.org
Tue Dec 22 23:09:06 PST 2015

On Tue, Dec 22, 2015 at 10:55 AM, John Criswell <jtcriswel at gmail.com> wrote:

> You could conservatively assume that any function that has its address
> taken has a pointer to it that escapes into memory or external code.

Right, that's what I'm doing to start with.

> To make things a little more accurate, you could scan the uses of any
> function for which hasAddressTaken() returns true and see if any of its
> uses escapes its function or escapes into memory or external code.  I
> believe hasAddressTaken() returns true if the function is subjected to a
> cast instruction, and functions are often casted if they are used in a call
> that uses a different signature than the function's declared signature.

I'll look into that. It seems reasonable to guess that the major
confounding factor in many C++ programs will be references from virtual
function tables; there should be some way to optimize those specifically.

> To get anything more accurate, you'll need to use alias analysis or
> points-to analysis.  DSA tracks function pointers in the heap and can tell
> you whether the function is called from external code.  However, DSA's
> accuracy currently suffers if it is run after LLVM's optimizations, and the
> code needs some serious TLC.

DSA presumably stands for data structure analysis. TLC = tender loving
care? Why does DSA become less accurate if run after optimization?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20151223/b67a9678/attachment.html>

More information about the llvm-dev mailing list