I am running cclyzer over this (clang-5 compiled) c extract. [-g -Og -S -emit-llvm]
#include <stdlib.h>
#define N 100
struct X {
int a[40];
int **p;
};
struct X fX(struct X s) {
1 s.a[2] = 2;
2 int *af = malloc(sizeof (int));
3 *af = 4;
4 *(s.p) = af;
5 return s;
}
void fread(int);
void fU(int**);
void fU(int **ip) {
1 fread(**ip);
}
int main() {
1 struct X structX;
2 structX.a[1] = 2;
3 structX = fX(structX);
4 fU(structX.p);
}
I will attach the results and facts file, but the analysis fails to find that before line 1 in fU that ip -> heap_alloc:fX[...] (points_to), tracing this back I find that getelementptr instructions don't propagate any (ptr/var)_points_to information.
I am running cclyzer over this (clang-5 compiled) c extract. [-g -Og -S -emit-llvm]
I will attach the results and facts file, but the analysis fails to find that before line 1 in fU that ip -> heap_alloc:fX[...] (points_to), tracing this back I find that getelementptr instructions don't propagate any (ptr/var)_points_to information.