C++ LLVM：如何修复；引用另一个函数中的参数；_C++_Function_Arguments_Llvm

C++ LLVM：如何修复；引用另一个函数中的参数；

c++ function llvm

C++ LLVM：如何修复；引用另一个函数中的参数；,c++,function,arguments,llvm,C++,Function,Arguments,Llvm,我正在尝试在LLVM中编写一个函数传递来替换 read（文件描述符、缓冲区、大小）with klee\u使符号化（缓冲区、大小、符号名称）但是，我在尝试重新使用旧函数的参数时遇到了一些麻烦运行my function pass会中断新插入的函数。返回时出错：引用另一个函数中的参数！调用void@klee_make_symbolic（i8*%1，i64%2，i8*getelementptr inbounds（[5 x i8]，[5 x i8]*@0，i32 0，i32 0））！dbg！27

我正在尝试在LLVM中编写一个函数传递来替换

read（文件描述符、缓冲区、大小）

with

klee\u使符号化（缓冲区、大小、符号名称）

但是，我在尝试重新使用旧函数的参数时遇到了一些麻烦

运行my function pass会中断新插入的函数。返回时出错：

引用另一个函数中的参数！
调用void@klee_make_symbolic（i8*%1，i64%2，i8*getelementptr inbounds（[5 x i8]，[5 x i8]*@0，i32 0，i32 0））！dbg！27
LLVM错误：找到已损坏的函数，编译已中止！

以下是我的代码的相关部分：

                    llvm::CallInst *CI = llvm::dyn_cast<llvm::CallInst>(&*I);
                    llvm::Function *func(CI->getCalledFunction());
                    llvm::StringRef func_name(func->getName());
                    for(std::string s : mksym_func_list){
                        if(func_name.equals(s)){
                            tmp = I;
                            flag = true;
                            llvm::errs() << *I << "\n";
                            I++;
                            llvm::errs() << *I << "\n";

                            llvm::IRBuilder<> builder(&*I);
                            std::vector<llvm::Value*> args(3, NULL);
                            if(func_name == "read"){
                                int counter = 0;
                                for(auto arg = func->arg_begin(); arg != func->arg_end(); arg++){
                                    if(counter == 1){
                                        //args[0] = builder.CreateAdd(llvm::dyn_cast<llvm::Value>(arg), llvm::ConstantInt::get(llvm::Type::getInt32Ty(context), 0, true));
                                        args[0] = arg;
                                    }else if(counter == 2){
                                        //args[1] = builder.CreateAdd(llvm::dyn_cast<llvm::Value>(arg), llvm::ConstantInt::get(llvm::Type::getInt64Ty(context), 0, true));
                                        args[1] = arg;
                                    }
                                    counter++;
                                }
                                llvm::Value *sym = builder.CreateGlobalStringPtr("test");
                                args[2] = sym;

                            llvm::errs() << "foge\n";
                            builder.CreateCall(func_mksym, args);

                            llvm::errs() << "unge\n";
                            llvm::errs() << "hage\n";
                            llvm::errs() << *I << "\n";
                            }
                            break;
                        }
                    }
                }
                if(!flag) I++; else flag = false;
            }

debug_mksym.ll

：

store i8** %1, i8*** %5, align 8
  call void @llvm.dbg.declare(metadata i8*** %5, metadata !16, metadata !DIExpression()), !dbg !17
  call void @llvm.dbg.declare(metadata [4 x i8]* %6, metadata !18, metadata !DIExpression()), !dbg !22
  %11 = getelementptr inbounds [4 x i8], [4 x i8]* %6, i32 0, i32 0, !dbg !23
  call void @klee_make_symbolic(i8* %11, i64 4, i8* getelementptr inbounds ([5 x i8], [5 x i8]* @0, i32 0, i32 0)), !dbg !24
  call void @llvm.dbg.declare(metadata i32* %7, metadata !25, metadata !DIExpression()), !dbg !24
  %12 = getelementptr inbounds [4 x i8], [4 x i8]* %6, i64 0, i64 0, !dbg !26

klee的输出：

/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee -replay-path tests/debug/fprclap/debug-000.path tests/debug/obj/debug_symbolic.bc > tests/debug/fprclap/debug.out
KLEE: output directory is "/home/shinjitumala/E_DRIVE/TiTech/2019/undergraduate_research/CLAP/tests/debug/obj/klee-out-0"
KLEE: Using Z3 solver backend
KLEE: WARNING: undefined reference to function: printf
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4llvm3sys15PrintStackTraceERNS_11raw_ostreamE+0x2a)[0x5634b57be61a]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4llvm3sys17RunSignalHandlersEv+0x3e)[0x5634b57bc70e]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(+0x145a859)[0x5634b57bc859]
/usr/lib/libpthread.so.0(+0x13d00)[0x7fa2ab2d7d00]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor4forkERNS_14ExecutionStateENS_3refINS_4ExprEEEb+0x1ce2)[0x5634b468e6a2]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor18executeInstructionERNS_14ExecutionStateEPNS_12KInstructionE+0x4867)[0x5634b4699317]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor3runERNS_14ExecutionStateE+0x9fe)[0x5634b46a180e]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor17runFunctionAsMainEPN4llvm8FunctionEiPPcS5_+0xa7a)[0x5634b46a25fa]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(main+0x2d0f)[0x5634b463b52f]
/usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7fa2aac77ee3]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_start+0x2e)[0x5634b467875e]
/bin/sh: 1 行: 20587 Segmentation fault      (コアダンプ) /home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee -replay-path tests/debug/fprclap/debug-000.path tests/debug/obj/debug_symbolic.bc > tests/debug/fprclap/debug.out
make: *** [Makefile:46: fprclap] エラー 139

arg.*

迭代器迭代函数的形式参数。实际上，您希望使用

值\u op\u begin（）

值\u op\u end（）

迭代

CallInst

的操作数。谢谢你的回复。我试过你的解决方案，但现在我遇到了一个新问题。我能够成功地运行opt工具，但klee在调用

klee\u make\u symbolic

时带着一个segfault退出。有关详细信息，请参阅编辑后的文章。要尝试的内容：在您的模块上运行

opt-verify

，或使用调试符号编译KLEE以获取有关崩溃的更多信息。Hmmm。。。运行

opt-verify

似乎可以解决问题。我阅读了

-help

命令的说明，但它只说

-verify-Module Verifier

。这个

-验证选项到底有什么作用？等等！不要介意。事实上，klee的崩溃是由我的Makefile中的一个错误引起的。我给了克莱一个不存在的文件。我以为克莱会在发生这样的小错误之前说些什么opt-verify似乎已经解决了这个问题，因为我在手动运行klee时实际上提供了正确的文件。谢谢你的帮助！
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee -replay-path tests/debug/fprclap/debug-000.path tests/debug/obj/debug_symbolic.bc > tests/debug/fprclap/debug.out
KLEE: output directory is "/home/shinjitumala/E_DRIVE/TiTech/2019/undergraduate_research/CLAP/tests/debug/obj/klee-out-0"
KLEE: Using Z3 solver backend
KLEE: WARNING: undefined reference to function: printf
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4llvm3sys15PrintStackTraceERNS_11raw_ostreamE+0x2a)[0x5634b57be61a]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4llvm3sys17RunSignalHandlersEv+0x3e)[0x5634b57bc70e]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(+0x145a859)[0x5634b57bc859]
/usr/lib/libpthread.so.0(+0x13d00)[0x7fa2ab2d7d00]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor4forkERNS_14ExecutionStateENS_3refINS_4ExprEEEb+0x1ce2)[0x5634b468e6a2]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor18executeInstructionERNS_14ExecutionStateEPNS_12KInstructionE+0x4867)[0x5634b4699317]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor3runERNS_14ExecutionStateE+0x9fe)[0x5634b46a180e]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_ZN4klee8Executor17runFunctionAsMainEPN4llvm8FunctionEiPPcS5_+0xa7a)[0x5634b46a25fa]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(main+0x2d0f)[0x5634b463b52f]
/usr/lib/libc.so.6(__libc_start_main+0xf3)[0x7fa2aac77ee3]
/home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee(_start+0x2e)[0x5634b467875e]
/bin/sh: 1 行: 20587 Segmentation fault      (コアダンプ) /home/shinjitumala/E_DRIVE/TiTech/tools/klee/build-FPR/bin/klee -replay-path tests/debug/fprclap/debug-000.path tests/debug/obj/debug_symbolic.bc > tests/debug/fprclap/debug.out
make: *** [Makefile:46: fprclap] エラー 139