Instrumenting all va_arg invocations

Hi,

I'm looking for a way to add instrumentation that handles all function
arguments, one by one. With variable argument lists, this can only be
done at the place of va_arg() call. Unfortunately, Clang lowers va_arg
into platform-specific code in the frontend, and I can't find a good,
reliable way to figure it out in our LLVM pass.

I've tried adding a special case of TBAA info to the instruction that
calculates the address of the next argument, but this metadata gets
lost in some of the code transformations at -O1 and higher. Anyway,
this seems like an abuse of TBAA.

There seem to be a number of dirty ways this can be done, like passing
the "interesting" address to a fake external function that can be
recognized in the LLVM pass and replaced with the instrumentation
code.

Is there a good way to mark a certain %temp in the frontend to assist
instrumentation?

Hi,

I'm looking for a way to add instrumentation that handles all function
arguments, one by one. With variable argument lists, this can only be
done at the place of va_arg() call. Unfortunately, Clang lowers va_arg
into platform-specific code in the frontend, and I can't find a good,
reliable way to figure it out in our LLVM pass.

I've tried adding a special case of TBAA info to the instruction that
calculates the address of the next argument, but this metadata gets
lost in some of the code transformations at -O1 and higher. Anyway,
this seems like an abuse of TBAA.

There seem to be a number of dirty ways this can be done, like passing
the "interesting" address to a fake external function that can be
recognized in the LLVM pass and replaced with the instrumentation
code.

Is there a good way to mark a certain %temp in the frontend to assist
instrumentation?

There was a patch to clang awhile ago that added an option to emit vararg intrinsics instead of platform-specific code. You might try searching for it through the archives.

-- John T.