HowTo: Find all call sites of a function

From LLVM

Jump to: navigation, search

[edit] Cautionary Note

This will only work for direct call sites. Dealing with indirect call sites requires the use of an alias analysis or call graph (which is probably going to use an alias analysis behind the scenes).

[edit] Easiest Solution

Call sites are "Users" of their target function declarations, so the easiest way to do this is just get a declaration for the function you are looking for from the Module, and then iterate over their uses. 

class StrcpyFinder : public ModulePass {
  public:
    static char ID;
    StrcpyFinder() : ModulePass(&ID) {}
    bool runOnModule(Module &M) {
      Function *F_strcpy = M.getFunction("strcpy");
      for (Value::use_iterator UI = F_strcpy->use_begin(),
              UE = F_strcpy->use_end(); UI != UE; ++UI)
        if (Instruction *I = dyn_cast<Instruction>(UI)) {
          CallSite CS(I);
          if (CS.getCalledValue() == F_strcpy) {
            // Do what you want. If what you want is to replace I, be sure to 
            // increment UI first (and skip the increment in the for-loop).
          }
        }
 
      return false;
    }
};

[edit] Other Ways

This is a simple analysis pass that iterates over all instructions of all the basic blocks of a program. When a call instruction is found, the code checks the name of the callee. If it is "strcpy" then the number of parameters is extracted and printed, and then the call instruction is dumped in the output (stderr, in fact). 


#include "llvm/CallingConv.h"
#include "llvm/Constants.h"
#include "llvm/DerivedTypes.h"
#include "llvm/Function.h"
#include "llvm/InstrTypes.h"
#include "llvm/Instructions.h"
#include "llvm/Module.h"
#include "llvm/Pass.h"
 
using namespace llvm;
 
 
////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////
namespace {
  struct FindFunction : public BasicBlockPass {
    static char ID; // Pass identification, replacement for typeid
    FindFunction() : BasicBlockPass(&ID) {}
 
    virtual bool runOnBasicBlock(BasicBlock &bb) {
        BasicBlock::iterator i=bb.begin();
        BasicBlock::iterator iend=bb.end();
        for (; i != iend; ++i){
            // Check each instruction and operate only on CallInst.
            if (CallInst *call = dyn_cast<CallInst>(i)) {
                Function *func = call->getCalledFunction();
                if (!func) {
                  // Handle indirect call here
                  continue;
                }
                std::string fname = func->getName();
                if (!fname.compare("strcpy")) {
                    // keep in mind that getOperand(0) returns the function itself.
                    cerr << "Function call has " << call->getNumOperands()-1 << " parameters.\n";
                    // 1st parameter: call->getOperand(1)
                    cerr << *call;
                    cerr << "--------------------------\n";
                }
            }
        }
        return false;
    }
  };
}
 
char FindFunction::ID = 0;
static RegisterPass<FindFunction> FF("findfunc", "Iterates over all instructions of all BBs and prints all call sites of strcpy");
Retrieved from "http://wiki.llvm.org/HowTo:_Find_all_call_sites_of_a_function"
Personal tools