5

In llvm, I know the CFG(Control flow graph) of every function has been constructed and CFG is represented by relationships among basic blocks of funciton. BUt I want to traverse the global CFG of one program which include many functions in llvm. How do I get the interprocedural CFG of one program and then do data flow analysis on it ?

breeze
  • 51
  • 3
  • How does a virtual call CFG look like? – SK-logic Nov 19 '13 at 14:57
  • What do you mean the virtual call CFG? I didn't hear about it.Can you explain it? Thank you. – breeze Nov 20 '13 at 02:34
  • I believe @SK-logic means to ask how would you expect an edge in such an interprocedural CFG to look like for an indirect function call (for example, a call compiled from a call to a C++ virtual function). – Oak Nov 20 '13 at 07:42
  • 1
    @breeze, I mean that, unlike most of the typical procedure-levels CFGs, interprocedural cannot even be represented in any sensible way, due to presence of function pointers and indirect calls, virtual method calls, etc. And if for some small partition of your control flow this appears to be possible, then a simple inlining will do the trick. – SK-logic Nov 20 '13 at 09:24
  • @SK-logic As long as you're working with a subset of functions where the virtual function tables can be determined at compile-time (e.g. the set of classes with virtual function tables that will be used in the function set are known, even if the actual types of individual instances are unknown), then you can limit the possible branches for such a CFG in the case of virtual function tables to only those virtual functions known to exist at compile time even if you can't inline them. The same can be done with function pointers in programs where users aren't nasty with their pointer manipulation. – JAB Jul 31 '15 at 19:41

1 Answers1

1

According to http://clang.llvm.org/doxygen/classclang_1_1CFG.html the CFG in clang/LLVM exists only as an intra-procedural CFG.

However, one can run the opt tool to LLVM IR code and extract a textual CFG of functions, and then build a dedicated parser (FLEX/BISON for example) to interleave it into one inter-procedural CFG.

OrenIshShalom
  • 5,974
  • 9
  • 37
  • 87