[llvm-dev] How to get return address at llvm ir level? (original) (raw)

PenYiWang via llvm-dev llvm-dev at lists.llvm.org
Thu Sep 6 17:45:39 PDT 2018

Previous message: [llvm-dev] How to get return address at llvm ir level?
Next message: [llvm-dev] How to get return address at llvm ir level?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for your reply.

What I want to do is that check the return address at every return site (for some security issue) .

(I will also do some analysis to get some candidate return target)

So the "ret" instruction will be transformed to

mov eax,[esp] // get the return address at the top of stack cmp eax,0x08040000 // candidate 1 je 0x08040000 cmp eax,0x08040004 // candidate 2 je 0x08040004 cmp eax,0x08040008 // candidate 3 je 0x08040008

So if I want to do this transform at llvm ir level rather than backend,

I need to get the return address of current function in FunctionPass, right?

I found that intrinisc::returnaddress only returns a *void pointer.

c code:

int main(){ int a = __builtin_return_address(0); }

llvm ir:

define i32 @main() #0 { entry: %a = alloca i32, align 4 %0 = call i8* @llvm.returnaddress(i32 0) %1 = ptrtoint i8* %0 to i32 store i32 %1, i32* %a, align 4 ret i32 0 }

Can I use the return value of intrinisc::returnaddress to compare with "Function" class in llvm ir?

(Otherwise, I need to modify backend to do my intrumentation.)

Thanks

Bekket McClane <bekket.mcclane at gmail.com> 於 2018年9月5日週三下午9:41寫道：

Correct...you can always call that intrinsic explicitly. However, I don't think it would help the original question, since the question is how to get the return address inside a LLVM Pass, instead of getting the return address after executing the program with Intrinsic::returnaddress inside. Also, executing a program containing Intrinsic::returnaddress won't get you anything - even failed to pass the linking stage - without special support, since the intrinsic is just a function declaration.

Bests, Bekket On Wed, Sep 5, 2018 at 5:00 AM mayuyu.io <admin at mayuyu.io> wrote:

To my knowledge that intrinsic IS generated by frontends like Clang when using builtinreturnaddress(), i could be wrong though

Zhang > 在 2018年9月5日，10:47，Bekket McClane via llvm-dev <llvm-dev at lists.llvm.org> 写道： > > and -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20180907/f1746578/attachment.html>

Previous message: [llvm-dev] How to get return address at llvm ir level?
Next message: [llvm-dev] How to get return address at llvm ir level?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the llvm-dev mailing list