[llvm-dev] LLVM Call Graph may not cover all calls

[changze cui via llvm-dev]

Hi there,
   I am working with opt-6.0 and try to generate a call graph of
libsndfile, but it seems the call graph doesn't cover all call relationship.
   Actually, I am doing static analysis on *CVE-2014-8130*, which is a zero
division on libtiff/tif_write.c  TIFFWriteScanline.   (see
https://security-tracker.debian.org/tracker/CVE-2014-8130)
   Theoretically, the main function in tiffdither.c will call fsdither, and
fsdither will call TIFFWriteScanLine.   main (tiffdither.c) -> fsdither
(tiffdither.c) -> TIFFWriteScanLine (tif_write.c)
   I want to get a call graph of the buggy program tiffdither but I find
the call graph generated doesn't cover the call relationship from fsdither
->  TIFFWriteScanLine.
   For short, the call graph now shows TIFFWriteScanLine is only called by
an external node.
   I already compile tiffdither, and I upload it as an attached file. I
also write a small python to help analyze the dot file.
   Actually, I do  opt-6.0 -analyze -dot-callgraph tiffdither.bc to
generate the dot file. And then modify the dotPath in dotHandle.py. You can
modify the python code to help analyze.
   I can't figure out why this happens, and I will be very appreciate if
you can help!

Thanks & Regards,
Chaz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181108/ae3808dd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tiffdither.bc
Type: application/octet-stream
Size: 2081632 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181108/ae3808dd/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dotHandle.py
Type: text/x-python
Size: 2086 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181108/ae3808dd/attachment-0001.py>