Considering F represents the function fputs_unlocked() in an LLVM pass,
=> F->isVarArg() returns true
=> F->getNumParams() returns 0
=> *F returns declare i32 @fputs_unlocked(…)
The signature of fputs_unlocked from man page is:
int fputs_unlocked(const char *s, FILE *stream);
Can anybody explain why fputs_unlocked() is recognized as a vararg method while it accepts two fixed parameters?
Are you sure the correct header has been included? Without that
declaration the legacy C rules dictate essentially that prototype.
Clang ought to give a warning about it though.
I tested on a sample program and it seems to work correctly. Precisely, the issue happens on base64/uniq/md5sum source code in LAVA-M (http://moyix.blogspot.com/2016/10/the-lava-synthetic-bug-corpora.html) dataset while instrumenting by DataFlowSanitizer pass of LLVM 3.8.0.