search

SVF-tools / SVF

Static Value-Flow Analysis Framework for Source Code
http://svf-tools.github.io/SVF/
Other
1.35k stars 431 forks source link

No result of SUPA On-demand Analysis when querying function pointers #341

Open legendtang opened 3 years ago

legendtang commented 3 years ago

Hi,

For the following bitcode file, I ran SUPA on-demand points-to analysis and found there is no callsite result.

imagick_r.0.4.opt.bc.zip

Step to reproduce: Run dvf --dfs --query=funptr --stat imagick_r.0.4.opt.bc, it shows the following result

=================================================
Total virtual callsites: 0
Total analyzed virtual callsites: 0
Indirect call map size: 80
Precise callsites: 0
Zero target callsites: 0
One target callsites: 0
Two target callsites: 0
More than two target callsites: 0
=================================================

If printing the Anderson analysis results of call sites using print-fp, it does have many. According to the paper, there should be a fallback to Anderson right?

yuleisui commented 3 years ago

What are Andersen's results? It looks strange to me.

yuleisui commented 3 years ago

Did you print all the pts of dvf -dfs --query=funptr?

legendtang commented 3 years ago

Yes, I print all function pts of that command by dvf --dfs --query=funptr --stat. Here is the log dvf.log

yuleisui commented 3 years ago

It looks to me that dvf analyzes all the indirect calls. You can print all the pts. It should be there.