Divya, I'm not giving too much detail, but hopefully this at least gets you started.
The call instruction is a four-tuple, made up of: the (optional) lvalue assigned into by the call; the expression representing the function being called; the list of expressions representing the function arguments; and the location of the call instruction. I'm assuming here that you are only interested in explicit calls to malloc and other functions, versus calls through function pointers. This being the case, the second argument, the expression representing the function being called, will be something like: Lval(Var callee, NoOffset) Lval is an expression that contains an lval; the lval itself is made of of an "lhost", here Var representing a variable, and an offset, which here is NoOffset since this isn't a field in a structure or an element of an array. callee is a name I chose, and will be of type varinfo (function names are also stored in varinfo records). You can check to see if the call is to malloc by checking callee.vname, which holds the name of the variable (here, the function being called). Zooming out a bit, you may have a match against the call instruction like: | Call (lo, Lval (Var callee, NoOffset), al, l) If this is a call to malloc, al will just contain 1 element, representing the size_t value passed to malloc. You may be able to take the existing expression in the list al, say e (you could even change al in the match to [e] instead, making this match only calls to functions that take one argument), and change it to something like: BinOp(PlusA,e,Const(4,IInt,None)) to, for instance, add 4 to whatever expression is already there . There are a number of existing classes that make use of the visitors available in CIL -- you will probably want to check out one that uses vinst, which visits instructions, and base your visitor on that. You could then visit all the instructions and make a change like this to all calls to malloc (or other functions you are concerned with). I hope this helps, and please feel free to contact me with any questions about the above. Best regards, Mark Divya Krishnan wrote: > Hi, > I want to be able to identify certain calls like malloc, realloc etc. > So I have a visitor that visits all statements and within that the > instr list and finally identifies Call. However once I identify Call > statements, how do I identify particular calls like malloc. I tried > checking to see if CStr in Constant stored some kind of string like > "malloc". However I see that it does not. So how can I identify malloc > calls and once identified I would also like modify the call to > increase the size of the object allocated by the input program. > > Thanks, > -Divya ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ CIL-users mailing list CIL-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cil-users
