SVF
SVF copied to clipboard
SVF-tools
custom point to analysis
As a follow up of this issue. I tried to implement my custom point to analysis.
I extended the FlowSensitive analysis with a custom subclass: class MyAnalysis : public FlowSensitive.
Then, I override the function anlyze to include additional indirect jumps upon some logic.
My code understand when a callsite (CallICFGNode) needs new target callee functions (SVFFunction).
How can I update the callgraph? After a whole afternoon digging the SVF code. I came out with the following solution.
CallICFGNode cnode = /* an indirect call to resolve */
auto fun_caller = cnode->getFun();
auto ptacg = getPTACallGraph();
for (auto f: fncs[fun_type_hash]) {
auto fun_callee = llvmModuleSet->getSVFFunction(f);
ptacg->addIndirectCallGraphEdge(cnode, fun_caller, fun_callee);
}
Am I in the correct direction?
After invoking addIndirectCallGraphEdge, the number of indirect calls do not change.
Let me know if you need more information
Yes, you are in the correct direction. Just make sure the indirect edges are indeed added and print out the callgraph when debugging for small programs first.
I actually made it run :)
I did a simple point to analysis that finds global objects containing function pointers, and then include indirect jumps where (a) the signature matches, and (b) the indirect jump has no other targets.
If you think it could be interesting, I can try to PR. Even though I can't guarantee this will happen soon.
Sounds good!
I actually made it run :)
I did a simple point to analysis that finds global objects containing function pointers, and then include indirect jumps where (a) the signature matches, and (b) the indirect jump has no other targets.
If you think it could be interesting, I can try to PR. Even though I can't guarantee this will happen soon.