yuleisui
commented
2 years ago Hi,
I have been trying to run SVF against some rather large bitcode files and I do get a callgraph out yet I do see then I when I try to iterate over the indirect function calls for some of them I do not get any callees.
It may take some time to dump graphs of large bcs.
I tried to look for those instructions in the ll file I passed but I could not find those instructions.
So I have two questions:
1- Regarding the accuracy of callgraph generated. If for some indirect calls I cant get the callees why is that the case and what the conditions under which something like this would happen.
Not every indirect call will be resolved by SVF, which relies on pointer analysis. For example, a pointer can be resolved as an empty points-to set if it is a formal argument in a callee function without any caller. Hence, the pointer analysis may not get the sound points-to results of a function pointer to connect indirect calls if this is the case.
2- When I dump the call site instruction and search of in the ll file I can't seem to find it. Why could that be the case ?
Not sure about this case. SVF preserves llvm instructions unless the preProcessBCs in LLVMModule.cpp changed its IR.
Thanks
Hi,
I have been trying to run SVF against some rather large bitcode files and I do get a callgraph out yet I do see then I when I try to iterate over the indirect function calls for some of them I do not get any callees.
I tried to look for those instructions in the ll file I passed but I could not find those instructions.
So I have two questions:
1- Regarding the accuracy of callgraph generated. If for some indirect calls I cant get the callees why is that the case and what the conditions under which something like this would happen.
2- When I dump the call site instruction and search of in the ll file I can't seem to find it. Why could that be the case ?
Thanks