search

seahorn / sea-dsa

A new context, field, and array-sensitive heap analysis for LLVM bitcode based on DSA.
Other
157 stars 29 forks source link

Imprecise call graph #93

Closed shaobo-he closed 4 years ago

shaobo-he commented 4 years ago

Hello sea-dsa developers,

I used the dev10 branch to produce the call graph for the following program. I think it appears incorrect since main should call either one of the two functions indirectly.

int __incr(int x) { return ++x; }

int __decr(int x) { return --x; }

#ifdef __MACH__
int (*incr)(int) = __incr;
int (*decr)(int) = __decr;
#else
int incr(int) __attribute__((alias("__incr")));
int decr(int) __attribute__((alias("__decr")));
#endif

int main(void) {
  int (*fp)(int);
  int x = 1, y = 1;

  if (y > 0) {
    fp = incr;
  } else {
    fp = decr;
  }
  x = fp(x);

  return (x == 2);
}

To reproduce, please use the following commands,

clang func_ptr_alias1.c -c -emit-llvm -S
seadsa --sea-dsa-callgraph-dot func_ptr_alias1.ll

This is the call graph I got,

callgraph.pdf

agurfinkel commented 4 years ago

Can you double check that you are running latest version of everything. I get correct call graph following exact same commands as you do. I am on OSX using AppleClang for clang. Perhaps you can include the bitcode file since your compiler might be treating the code differently from mine.

shaobo-he commented 4 years ago

Can you double check that you are running latest version of everything. I get correct call graph following exact same commands as you do. I am on OSX using AppleClang for clang. Perhaps you can include the bitcode file since your compiler might be treating the code differently from mine.

Yes, I'm using commit 584fd4d69f4e28b5639f9ff33fcd11e9b0a1dfc5 on a Ubuntu VM. Please see the attached LLVM IR file.

func_ptr_alias1.txt

agurfinkel commented 4 years ago

Seems like we don't handle global aliases correctly. On my mac, the globals are converted to a regular assignment.

as a work-around, please remove the alias attribute

caballa commented 4 years ago

Same for me. On OSX it works fine. On Ubuntu, it works only without the alias attribute.

caballa commented 4 years ago

@shaobo-he : I've committed a fix to resolve calls through aliases. Let me know if you still have problems.

shaobo-he commented 4 years ago

@shaobo-he : I've committed a fix to resolve calls through aliases. Let me know if you still have problems.

Thank you, @caballa. It has been resolved. Closed this issue.