[llvm-dev] LLVM Call Graph may not cover all calls

changze cui via llvm-dev llvm-dev at lists.llvm.org
Sun Nov 18 18:49:15 PST 2018 

Hi zhide,
  Cool Bro!!!!!!
  Your tool solve my problem perfectly !!!
  It seems the original call graph has some problems. Then why don't you
submit your solution to LLVM-dev and integrate your code into the next
version of opt? Your code may help lots of people like me who is not very
familiar with LLVM.
  BTW, probably CFG has the same problem because I think call graph is
generated from CFG. Did you check before?
  Anyway, Thanks a lot !!

Regards,
Chaz

cszide <cszide at 163.com> 于2018年11月17日周六 上午9:38写道:

> Hi,
> I also have the same problem and I wrote some codes to mitigate this
> problem.
> You can find it on github https://github.com/coffezhou/OverCG. I try it
> on the IR you
> provided and it can get the call relationship from fsdither ->
> TIFFWriteScanLine.
> I hope it can help you.
>
> Best,
> Zhide
>
>
>
>
>
> At 2018-11-09 00:44:18, "changze cui via llvm-dev" <
> llvm-dev at lists.llvm.org> wrote:
>
> Hi there,
>    I am working with opt-6.0 and try to generate a call graph of
> libsndfile, but it seems the call graph doesn't cover all call relationship.
>    Actually, I am doing static analysis on *CVE-2014-8130*, which is a
> zero division on libtiff/tif_write.c  TIFFWriteScanline.   (see
> https://security-tracker.debian.org/tracker/CVE-2014-8130)
>    Theoretically, the main function in tiffdither.c will call fsdither,
> and fsdither will call TIFFWriteScanLine.   main (tiffdither.c) -> fsdither
> (tiffdither.c) -> TIFFWriteScanLine (tif_write.c)
>    I want to get a call graph of the buggy program tiffdither but I find
> the call graph generated doesn't cover the call relationship from fsdither
> ->  TIFFWriteScanLine.
>    For short, the call graph now shows TIFFWriteScanLine is only called by
> an external node.
>    I already compile tiffdither, and I upload it as an attached file. I
> also write a small python to help analyze the dot file.
>    Actually, I do  opt-6.0 -analyze -dot-callgraph tiffdither.bc to
> generate the dot file. And then modify the dotPath in dotHandle.py. You can
> modify the python code to help analyze.
>    I can't figure out why this happens, and I will be very appreciate if
> you can help!
>
> Thanks & Regards,
> Chaz
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20181119/c0623c0a/attachment.html>

More information about the llvm-dev mailing list