[llvm-dev] Indirect Call
Muhui Jiang via llvm-dev
llvm-dev at lists.llvm.org
Mon Aug 6 00:37:21 PDT 2018
Hi
I am working on a project related to the indirect calls in a binary.
I know it would be rather hard to know the called functions statically.
However, is it able to know how many possibilities in total for every
indirect call?
Further more. I write a LLVM pass to help me to first locate all the
indirect calls.
First, I use CallInst * callInst = dyn_cast<CallInst>(&I) to help me to
check whether this is a callinst.
Then, I use
if(Function *calledFunction = callInst->getCalledFunction()){
direct call
}
else{
indirect call
}
I am not sure whether this is a good way to locate all the indirect alls.
As you can see, below is a piece of code in libxml2.
if (uqname != NULL) {
cur = xmlHashLookup3(table, uqname, prefix, elem);
3285: if (prefix != NULL) xmlFree(prefix);
3286: if (uqname != NULL) xmlFree(uqname);
} else
cur = xmlHashLookup3(table, name, NULL, elem);
return(cur);
The LLVM pass will think that are indirect calls. I don't understand why.
if (prefix != NULL) xmlFree(prefix);
if (uqname != NULL) xmlFree(uqname);
Some IR is below:
Source Line:3285|Column:22|File:valid.c|IR: %9 = load void (i8*)*, void
(i8*)** @xmlFree, align 8, !dbg !12809, !tbaa !12786
Source Line:3285|Column:22|File:valid.c|IR: call void %9(i8* nonnull %8)
#4, !dbg !12809
Source Line:3285|Column:22|File:valid.c|IR: br label %"valid.c:3286:",
!dbg !12809
If you need more information, please tell me. Many Thanks
Regards
Muhui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180806/527b1a30/attachment.html>
More information about the llvm-dev
mailing list