> On 28-Jun-2021, at 12:18 AM, David Malcolm <dmalc...@redhat.com> wrote:
>>
>>>
>>>>
>>>> Q. But even if we find out which function to call, how will the
>>>> analyzer know which snode does that function belong ?
>>>
>>> Use this method of supergraph:
>>> supernode *get_node_for_function_entry (function *fun) const;
>>> to get the supernode for the entrypoint of a given function.
>>>
>>> You can get the function * from a fndecl via DECL_STRUCT_FUNCTION.
>>
>> so once we get fndecl, it should be comparatively smooth sailing from
>> there.
>>
>> My attempt to get the value of function pointer from the state : -
>>
>> - to access the region model of the state, I tried to access
>> “m_region_model” of that state.
>> - now I want to access cluster for a function pointer.
>> - but when looking at the accessible functions to region model class,
>> I couldn’t seem to find the fitting one. ( the closest I could find
>> was “region_model::get_reachable_svalues()” to get a set of all the
>> svalues reachable from that model )
>
> In general you can use:
> region_model::get_rvalue
> to go from a tree to a symbolic value for what the analyzer "thinks"
> the value of that tree is at that point along the path.
>
> If it "knows" that it's a specific function pointer, then IIRC this
> will return a region_svalue where region_svalue::get_pointee () will
> (hopefully) point at the function_region representing the memory
> holding the code of the function. function_region::get_fndecl should
> then give you the tree for the specific FUNCTION_DECL, from which you
> can find the supergraph node etc.
>
> It looks like
> region_model::get_fndecl_for_call
> might already do most of what you need, but it looks like it bails out
> for the "NULL cgraph_node" case. Maybe that needs fixing, so that it
> returns the fndecl for that case? That already gets used in some
> places, so maybe try putting a breakpoint on that and see if fixing
> that gets you further?
shouldn’t the fn_decl should still have a cgraph_node if the function is
declared in the program itself ? it should just not have an edge representing
the call.
Because I was able to find the super-graph node just with the help of the
function itself.
this is how the function looks "exploded_node::on_edge()" right now.
File: {$SCR_DIR}/gcc/analyzer/engine.cc
1305: bool
1306: exploded_node::on_edge (exploded_graph &eg,
1307: const superedge *succ,
1308: program_point *next_point,
1309: program_state *next_state,
1310: uncertainty_t *uncertainty)
1311: {
1312: LOG_FUNC (eg.get_logger ());
1313:
1314: if (succ->m_kind == SUPEREDGE_INTRAPROCEDURAL_CALL)
1315: {
1316: const program_point *this_point = &this->get_point();
1317: const program_state *this_state = &this->get_state ();
1318: const gcall *call = this_point->get_supernode ()->get_final_call
();
1319:
1320: impl_region_model_context ctxt (eg,
1321: this,
1322: this_state,
1323: next_state,
1324: uncertainty,
1325: this_point->get_stmt());
1326:
1327: region_model *model = this_state->m_region_model;
1328: tree fn_decl = model->get_fndecl_for_call(call,&ctxt);
1329: if(DECL_STRUCT_FUNCTION(fn_decl))
1330: {
1331: const supergraph *sg = &eg.get_supergraph();
1332: supernode * sn = sg->get_node_for_function_entry
(DECL_STRUCT_FUNCTION(fn_decl));
1333: // create enode and eedge ?
1334: }
1335: }
1336:
1337: if (!next_point->on_edge (eg, succ))
1338: return false;
1339:
1340: if (!next_state->on_edge (eg, this, succ, uncertainty))
1341: return false;
1342:
1343: return true;
1344: }
for now, it is also detecting calls that already have call_sedge connecting
them, so I think I also have to filter them out.
>
> Hope this is helpful
> Dave
Thanks
- Ankur
