secure-software-engineering / phasar

A LLVM-based static analysis framework.
Other
943 stars 142 forks source link

A problem when build call graph in methd #713

Open ms-sky opened 7 months ago

ms-sky commented 7 months ago

Hi, I have a qusetion about how phasar build call graph. I find call graph miss some virtual call edges when I set the param "ExactMatch" to true in method matchesSignature. I konw this will make match exactly and it will match every param type. If I don‘t set it to true, I find it can't process function pointer well causing large false positive. The function influence call graph construction. I review your code, I find if ExactMatch is set to false matchesSignature invoke isTypeMatchForFunctionArgument but in the isTypeMatchForFunctionArgument I see if an actual type is StructType it will return true, I think it is not right but your comment is "Well, we could do sanity checks here, but if the analysed code is insane .we would miss callees, so we don't do that." I would like to know why you did that and waht does the comment mean exactly?

fabianbs96 commented 7 months ago

Hi @ms-sky, there are several problems in LLVM with exact type matches. Regarding your concrete question I will check for the reasons internally.