[llvm-dev] Indirect Call

mayuyu.io via llvm-dev llvm-dev at lists.llvm.org
Mon Aug 6 01:09:31 PDT 2018 

Hi:
During your handling, if calledFunction is nullptr, you need to call calledValue->stripPointerCasts() and check if the stripped value is a function because these are direct calls in the generated assembly as well. For example Objective-C’s objc_msgSend call is usually bitcasted and needs to be handled this way

Zhang

> 在 2018年8月6日,15:37,Muhui Jiang via llvm-dev <llvm-dev at lists.llvm.org> 写道:
> 
> Hi
> 
> I am working on a project related to the indirect calls in a binary.
> 
> I know it would be rather hard to know the called functions statically.
> 
> However, is it able to know how many possibilities in total for every indirect call?
> 
> Further more. I write a LLVM pass to help me to first locate all the indirect calls.
> 
> First, I use CallInst * callInst = dyn_cast<CallInst>(&I) to help me to check whether this is a callinst.
> 
> Then, I use 
> 
> if(Function *calledFunction = callInst->getCalledFunction()){
> direct call
> }
> else{
> indirect call
> }
> 
> I am not sure whether this is a good way to locate all the indirect alls. 
> 
> As you can see, below is a piece of code in libxml2.
>     if (uqname != NULL) {
>         cur = xmlHashLookup3(table, uqname, prefix, elem);
> 3285:        if (prefix != NULL) xmlFree(prefix);
> 3286:        if (uqname != NULL) xmlFree(uqname);
>     } else
>         cur = xmlHashLookup3(table, name, NULL, elem);
>     return(cur);
> 
> The LLVM pass will think that are indirect calls. I don't understand why.
>         if (prefix != NULL) xmlFree(prefix);
>         if (uqname != NULL) xmlFree(uqname);
> Some IR is below:
> 
> Source Line:3285|Column:22|File:valid.c|IR:  %9 = load void (i8*)*, void (i8*)** @xmlFree, align 8, !dbg !12809, !tbaa !12786
> Source Line:3285|Column:22|File:valid.c|IR:  call void %9(i8* nonnull %8) #4, !dbg !12809
> Source Line:3285|Column:22|File:valid.c|IR:  br label %"valid.c:3286:", !dbg !12809
> 
> 
> If you need more information, please tell me. Many Thanks
> 
> Regards
> Muhui
> 
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180806/544a95fe/attachment.html>

More information about the llvm-dev mailing list