generating llvm ir and call graph

[meweez]

hello I have 2 questions:

1- why do not you use wllvm for IR generation for the whole Linux? it seems that you are generating and grouping them with irgen, group, and trans commands. what are these doing more than wllvm?

2- In the Credit section, you said you are using pex for call graph analysis. I couldn't find where are you generating the call graph and where do you save it? in the pex repository description also it doesn't say that this repo is for the call graph generation.

[Lawliar]

Hi there, thanks for your question. for the first one, although it shames me to say this, but I haven't looked into this wllvm project before(although it looks fun). For the reasons, it's because

• we modified the clang source code of generating IR to annotate the UB instrumentations, so a wrapper of normal clang might not be enough.(if wllvm can specify which clang to wrap, that might be different).
• We add UB instrumentation compiler flags during compilations.
• It's fun to expose and control every step in this process to understand how the compilation of Linux kernel source code works.
• This project is modified based on deadline, so we just used it : p

For the second question, It's part of the source code of pex to generate call graph using a structured analysis. As you can see from the modified source code, we just run that call graph analysis part and output the result. The generated call graph is stored at "cg_pex.txt" at every folder for the kernel submodule.

[meweez]

Thank you for answering.

1- can you please tell me more about the group and trans commands in your project?

2- If I'm not mistaken you are using this command for the pex: ./exe.sh opt build/gatlin/libgatlin.so example.bc for call graph generation. yes? did you customize the pex code too? I used this command on a test LLVM IR file, but it shows me a segmentation fault.

I have also another question:

3- In the "EVALUATION.A" section of the paper, you said that LLVM 9 can't compile other versions of Linux, why? how did you find out this? did you test all?

[Lawliar]

Hi,

1. group and trans just, like the name suggest, group each individual IR file together and do link time optimization respectively
2. I don't remember did any functional customization to pex, just output its analyzed call graph.
3. I basically followed each development timeline specified here https://en.wikipedia.org/wiki/Linux_kernel_version_history, if one version cannot compile, then all version developed before it are deemed uncompilable.

[boti-li]

hello, have you succeeded to compile the kernel with wllvm , I come across the same problems. I want to generate a full module ——vmlinux.bc for kernel with built-in of each child module , and the do something on the vmlinux.bc. If you have solved it ,can you help me ? ,

[meweez]

hello, have you succeeded to compile the kernel with wllvm , I come across the same problems. I want to generate a full module ——vmlinux.bc for kernel with built-in of each child module , and the do something on the vmlinux.bc. If you have solved it ,can you help me ? ,

hello, No, I didn't keep trying on it. Maybe you can do it.

[boti-li]

hi I use the author's modified clang to compile the kernel with wllvm successfully. we can assign the LLVM_COMPILER_PATH like below export LLVM_COMPILER=clang export LLVM_COMPILER_PATH=kubopath/llvm/kubo-bins-9.0/build/bin/ export WLLVM_OUTPUT=DEBUG make CC=wllvm defconfig make CC=wllvm -j$(nproc) extract-bc vmlinux then, wllvm will specify the modified clang, for more details you can refer to wllvm doc. however, during the link step(extract-bc vmlinux), I find it will add bitcast instructions to functions such as: %call51 = call i32 @unshare_nsproxy_namespaces(...) #8
which change to %30 = bitcast i32 (i64, %struct.nsproxy.49395, %struct.cred.49401, %struct.fs_struct)* @unshare_nsproxy_namespaces to i32 (i64, %struct.nsproxy.42579*, %struct.cred, %struct.fs_struct.42465) %call35 = call i32 %30(i64 %6, %struct.nsproxy.42579 nonnull %new_nsproxy, %struct.cred null, %struct.fs_struct.42465 %29) when kubo execute this node , it will crash.