Tracing values in llvm IR

Hi, everyone.

I want to writing a Pass to get the variable value while the program is running ,the basic idea is to insert an STL map in the program ,and get every value and address a program use ,but whether it’s possible to do this by transforming the llvm IR?

I didn’t find any useful functions to get a variable’s address in LLVM IR .It seems that the IR is an SSA form and we can not get a value’s address in compiling time.Is that right? But how can I dynamically get the variable’s value in run time by writing a Pass ?

One way, and most likely the easiest, is to write/use a library that does what you want and then write an LLVM IR pass that inserts function calls to execute at runtime and link in your library.

Micah

The giri project does dynamic tracing of values stored to and loaded from memory. It stores the trace of memory accesses on disk because they get very large very quickly. You can either reuse the Giri code or modify it to suit your purposes. Swarup, is there a place where people can download the updated Giri code that your Google Summer of Code student worked on? – John T.

Hi Jin Huang,

The updated Giri code is available at https://github.com/liuml07/giri. This will give you an idea of how to instrument the program to trace different values. You can modify the code to achieve your goals.

-Swarup.

Thank You ! John and Swarup. I have already downloaded the code!

Thank you , James.

But this way needs to determine whether the instruction is a LOAD/STORE ,and if I want to preserve the operations on these variables for further dynamic symbolic execution usage(just like KLEE ,but it’s a static analysis ,not dynamic),I had to backtrace instructions ,this may be not very efficient if the operation is very complex!

-Jin Huang

Thank you,Micah.

This way sounds good, Do you mean writing a function to trace the value and insert a callinst to call this function in the entry of the program ?
How can I insert a function writing by myself? Is there any code examples?

-Jin Huang

You will have to insert callinst to tracing functions immediately after the value is produced, not at the entry points. Giri code has many such examples of how to do this.

Thanks,
Swarup.

So you want to store all the variable value to a map, I think I can tell you some details.
First, you must create a function which can store the variable value which get from the params of the function to the map.
Second, you must write a pass, In this pass, you must insert the calling to the function (which created in the first step) to the place which the variable get the value.
Third, you can create a function with the “attribute((destructor))”, it will run after the function finished. You can use the function to output your date which store in the map.

You must compile the functions(first and third step) to a lib. After you run your pass (which create in the second step) on your code, get the output IR, and run it with the lib. You can get what you want.

I hope I can help you.
Thanks.

Now I’m trying to modify the giri code! I’ll try this later!
Thank you all the same!

-Jin Huang