[LLVMdev] DSA / poolalloc: incorrect callgraph for indirect call
John Criswell
jtcriswel at gmail.com
Sun May 17 09:03:18 PDT 2015
On 5/15/15 10:54 AM, Victor van der Veen wrote:
> Hello,
>
> I am trying to apply DSA (from the poolalloc project - I'm on LLVM 3.2)
> on the following C program and found that the generated callgraph
> over-approximates the callees for the simple indirect call.
>
> #include <stdio.h>
> __attribute__((noinline)) static int f1(int arg1, int arg2) {
> return arg1 + arg2;
> }
> __attribute__((noinline)) static int run_func(int (*fptr)(int, int), int
> arg1, int arg2) {
> return (*fptr)(arg1, arg2);
> }
> __attribute__((noinline)) static int foo() {
> return run_func(&f1, 1, 2);
> }
> int main(int argc, char *argv[]) {
> printf("Main: %p\n", &main);
> printf("Sum: %d\n", foo());
> }
>
> Using the TDDataStructures, I would expect that the callgraph of above
> program shows that run_func can only call f1. However, it seems that DSA
> is falling back to an address-taken approach and tells us it can also
> call main.
Looking at your code, you're using EQTDDataStructures (EQTD). Try using
TDDataStructures (TD) instead and see if you get a more accurate
result. You only need EQTD if you need every target of an indirect call
to have the same DSGraph, and you don't need that if all you need is a
call graph.
Also, I recently discovered that someone had updated the DSA code to
build with LLVM mainline. I took a snapshot of that and put it up at
https://github.com/jtcriswell/llvm-dsa.
Regards,
John Criswell
--
John Criswell
Assistant Professor
Department of Computer Science, University of Rochester
http://www.cs.rochester.edu/u/criswell
More information about the llvm-dev
mailing list