CURRENT STATUS : analyzer is now splitting nodes even at call sites which doesn’t have a cgraph_edge. But as now the call and return nodes are not connected, the part of the function after such calls becomes unreachable making them impossible to properly analyse.
AIM for today : - try to create an intra-procedural link between the calls the calling and returning snodes - find the place where the exploded nodes and edges are being formed - figure out the program point where exploded graph would know about the function calls — PROGRESS : - I initially tried to connect the calling and returning snodes with an intraprocedural sedge but looks like for that only nodes which have a cgraph_edge or a CFG edge are connected in the supergraph. I tried a few ways to connect them but at the end thought I would be better off leaving them like this and connecting them during the creation of exploded graph itself. - As the exploded graph is created during building and processing of the worklist, "build_initial_worklist ()” and “process_worklist()” should be the interesting areas to analyse, especially the processing part. - “build_initial_worklist()” is just creating enodes for functions that can be called explicitly ( possible entry points ) so I guess the better place to investigate is “process_worklist ()” function. — STATUS AT THE END OF THE DAY :- - try to create an intra-procedural link between the calls the calling and returning snodes ( Abandoned ) - find the place where the exploded nodes and edges are being formed ( Done ) - figure out the program point where exploded graph knows about the function call ( Pending ) Thank you - Ankur
