Explicitly track global variables in getDirectCallTarget

Global variables can't be a direct call target. Their values are read and treated as indirect call targets.
author: Martin Nowack <m.nowack@imperial.ac.uk> 2020-06-04 11:54:26 +0100
committer: Cristian Cadar <c.cadar@imperial.ac.uk> 2020-10-09 21:34:43 +0100
commit: a6e225f62810c1c35550b8de369e8720e6ec8a16 (patch)
tree: c53197a0034805177b29008d0b288b2c34f930bb
parent: 838b0b1930da796f157cd6f4b11145de4d7c4e4e (diff)
download: klee-a6e225f62810c1c35550b8de369e8720e6ec8a16.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/Module/ModuleUtil.cpp b/lib/Module/ModuleUtil.cpp
index bce6de97..974667e3 100644
--- a/lib/Module/ModuleUtil.cpp
+++ b/lib/Module/ModuleUtil.cpp
@@ -263,7 +263,14 @@ Function *klee::getDirectCallTarget(
   // Walk through aliases and bitcasts to try to find
   // the function being called.
   do {
-    if (Function *f = dyn_cast<Function>(v)) {
+    if (isa<llvm::GlobalVariable>(v)) {
+      // We don't care how we got this GlobalVariable
+      viaConstantExpr = false;
+
+      // Global variables won't be a direct call target. Instead, their
+      // value need to be read and is handled as indirect call target.
+      v = nullptr;
+    } else if (Function *f = dyn_cast<Function>(v)) {
       return f;
     } else if (llvm::GlobalAlias *ga = dyn_cast<GlobalAlias>(v)) {
 #if LLVM_VERSION_CODE >= LLVM_VERSION(3, 9)
author	Martin Nowack <m.nowack@imperial.ac.uk>	2020-06-04 11:54:26 +0100
committer	Cristian Cadar <c.cadar@imperial.ac.uk>	2020-10-09 21:34:43 +0100
commit	a6e225f62810c1c35550b8de369e8720e6ec8a16 (patch)
tree	c53197a0034805177b29008d0b288b2c34f930bb
parent	838b0b1930da796f157cd6f4b11145de4d7c4e4e (diff)
download	klee-a6e225f62810c1c35550b8de369e8720e6ec8a16.tar.gz