[Clang Static Code Analyzer]: Need information about Callee.

Hi all,

I need to know information about callee when a function is called using array of function pointer.

I have written following code to get the Callee name using Checker:

class SampleEvalCall : public Checkereval::Call {

public:

bool evalCall(const CallExpr *CE, CheckerContext &C) const {

/** Output function name */

llvm::errs() << C.getCalleeName(CE) << “ is called\n“;

return false;

}

};

I am getting names for normal function calls but when a function is called using array function pointer, checker does not give any output.

Following is the sample program using function pointer where checker fails to give callee name.

///////////////////////////////////////////////////////////////////////////////////////////////////

#define ARRAY_SIZE1 2

#define ARRAY_SIZE2 2

#define IDX_00 0

#define TRUE 0

#define FALSE 1

typedef unsigned char U1;

typedef unsigned short U2;

typedef struct

{

U2 mask;

U1 a;

U2 (*func_ptr)(void);

} STRUCT_1;

typedef struct

{

U2 b;

const STRUCT_1 * struct_ptr;

} STRUCT_2;

static U1 ram_var = 1;

static U1 index_2 = 0;

U2 func1(void)

{

return((U2)ram_var);

}

U2 func2(void)

{

ram_var = 3;

return((U2)ram_var);

}

static const STRUCT_1 array1[ARRAY_SIZE1] =

{

{

(U2)TRUE,

(U1)FALSE,

&func1

},

{

(U2)TRUE,

(U1)FALSE,

&func2

}

};

static const STRUCT_2 array2[ARRAY_SIZE2] =

{

{

(U2)FALSE,

&array1[IDX_00]

}

};

int main()

{

U2 index_1 = 1;

U2 ret;

/* I need to get list of function called by below function pointer. */

ret = (*((array2[0].struct_ptr[0].func_ptr)))() &

array2[index_2].struct_ptr[index_1].mask;

return (int)ret;

}

///////////////////////////////////////////////////////////////////////////////////////////////////

I understand that checker cannot get the callee name as it will be known at runtime but I need to get

the list of all functions that might be called in main function in above program. I need to get ‘func1’ and ‘func2’ function name in above

example from checker as a potential callee, one of which will definitely get called at run time.

Kindly suggest me a way to get this list.

Thanks,

Prashant S. Purohit

You can't get "a list of all possible functions" because the analyzer works on a per-translation-unit basis, which means it can't see your entire program. Even if it could, some programs load additional libraries at runtime, which would change the set of possibilities.

Your sample program could be made to work, but unfortunately the analyzer doesn't currently handle static data outside of any functions other than simple constants. I thought there was a bug report for this already but I can't find it offhand.

Sorry this isn't a more helpful answer,
Jordan