llvm-project icon indicating copy to clipboard operation
llvm-project copied to clipboard

Published 20 hours ago verified publisher icon llvm

llvm::isPotentiallyReachable() returned an incorrect result

Open tr4v3ler opened this issue 2 years ago • 0 comments

LLVM version: 14.0.0

target source code:

if (cd->compat_flag == true) {
    if (copy_from_user(&data_compat, argp,  // if.then.i189
        sizeof(data_compat))) {
        return -EFAULT;
    }
} else {
    if (copy_from_user(&data, argp,  // if.then.i
        sizeof(data))) {
        return -EFAULT;
    }
}

my code:

for (auto bb: bbs) {
    dbgs() << "[+] bb: " << bb->getName() << '\n';
    if (isPotentiallyReachable(bb, current_bb, nullptr, this->dom_tree, this->loopinfo)) {
        dbgs() << "[+] " << current_bb->getName() << " is reachable from " << bb->getName() << '\n';
        return false;
    }
}
dbgs() << "[+] " << current_bb->getName() << " is not reachable from all\n";
return true;

my log:

[+] current_bb: if.then.i
[+] bb: if.then.i189
[+] if.then.i is reachable from if.then.i189

I checked CFG and sure that if.then.i is not reachable from if.then.i189 but llvm::isPotentiallyReachable() returned an incorrect result: image

Did I use it incorrectly? Or is there a problem with the implementation of the function itself? Is there any other function that can accomplish this?

tr4v3ler avatar Jun 28 '23 10:06 tr4v3ler