Thanks Andrew.
I still do not understand your method. Would you mind telling me more? Thanks.
But for hash problem, it is common problem for hash. We cannot make sure the mapping is 1 to 1.
I used a way to grab the BB address, but there is some limitation. What I did is that I rewrote some part of disassemble tool. During the disassembling, I check all the conditional/unconditional instruction, usually with 'j' and call instruction. Once disassemble tool hits the instruction I interested in, I calculate the target address from the instruction. So the target address must be a entry of BB and I also need calculate the address which follow the 'j' instruction, that is another address for BB address. In other words, for each 'j' instruction I can extract two entries for BB. But for call instruction, it is different and I can grab one address of entry for BB. That's what I did.
The limitation is that for some case, for example, the instruction look like
call %eax
jmp %eax
I cannot grab the entry address of BB :(.
When I use llvm, llvm can get the entry for this case, how could llvm get. I haven't read the code. Any opinion is welcome.
Hope it useful.
Qiuyu