我希望在位码级别为程序中的每个函数添加调用检测。
假设有一个函数void f(int a),我需要在主函数开头插入以下代码。
int a;
klee_make_symbolic(&a, sizeof(a), "a");
f(a);
我写了一个密码来实现这个目标。
for (Module::iterator f = M.begin(), fe = M.end(); f != fe; ++f) {
std::vector<llvm::Value*> args;
for(Function::arg_iterator ai = f->arg_begin(), ae = f->arg_end(); ai != ae; ++ai){
Type* tp = ai->getType();
AllocaInst* arg = new AllocaInst(tp, "name", firstInst);
args.push_back(arg);
LLVM_TYPE_Q llvm::Type *i8Ty = Type::getInt8Ty(getGlobalContext());
Constant *fc = M.getOrInsertFunction("klee_make_symbolic",
PointerType::getUnqual(i8Ty),
Type::getInt64Ty(getGlobalContext()),
PointerType::getUnqual(i8Ty),
NULL);
Function* kleeMakeSymbolic = cast<Function>(fc);
std::vector<Value* > klee_args;
klee_args.push_back(arg);
klee_args.push_back(ConstantInt::get(Type::getInt64Ty(getGlobalContext()),
dl->getTypeAllocSizeInBits(tp)));// dl is DataLayout
klee_args.push_back(arg);//I dont't know how to pass a argument of "const char *"
// Inject a call to klee_make_symbolic
CallInst::Create(kleeMakeSymbolic, klee_args, "", firstInst);
}
// Inject a call to the function
CallInst::Create(f, args, "", firstInst);
}
但是我遇到了一次断言失败:
llvm::CallInst::init(llvm::Value*, llvm::ArrayRef<llvm::Value*>, const llvm::Twine&): Assertion `(Args.size() == FTy->getNumParams() || (FTy->isVarArg() && Args.size() > FTy->getNumParams())) && "Calling a function with bad signature!"' failed.
我对LLVM很陌生,能有人告诉我我的实现哪里出错了吗?