I met some problem when I tried to analyse motivation examples in your paper. #12
Description
I compiled the following program written in C just like the example in your paper.
typedef void (*fptr_t0)(char *);
typedef void (*fptr_t1)(int);
struct A { fptr_t0 handler; };
struct B { fptr_t1 handler; };
void func_A(char *c) { printf("Calling function A!"); };
void func_B(int i) { printf("Calling function B!"); };
int main()
{
struct A a = {.handler = &func_A};
struct B b = {.handler = &func_B};
struct B *a2b = (struct B *)&a;
(*a2b->handler)(0);
return 0;
}
However, when I tried to analyse such program through your MLTA framework, the result is not consistent with what was described in your paper. The results are shown below:
Total 1 file(s)
[CallGraph] Initializing 1 modules #0 Initializing: /home/njupt/experiments/mlta/data/exp.bc
.
[CallGraph / 1] [1 / 1] [/home/njupt/experiments/mlta/data/exp.bc]
== Warning: please specify the path of linux source. [RESOLVING] exp.c +24
call void %11(i32 noundef 0), !dbg !52
[CallGraph] Indirect call: call void %11(i32 noundef 0), !dbg !52
/home/njupt/experiments/mlta/data/exp.bc
== Warning: please specify the path of linux source. [CALLER] exp.c +24
call void %11(i32 noundef 0), !dbg !52
Indirect-call targets: (1)
func_B (This should be func_A, right?)
== Warning: please specify the path of linux source. [TARGET] exp.c +16
[CallGraph] Updated in 0 modules.
[CallGraph] Postprocessing ...
[CallGraph] Done!
@@ Total number of final callees: 1.
############## Result Statistics ##############
Number of indirect calls: 1
Number of indirect calls with targets: 1
Number of indirect-call targets: 1
Number of address-taken functions: 2
Number of multi-layer calls: 1
Number of multi-layer targets: 1
Number of one-layer calls: 0
Number of one-layer targets: 0
Could you please take the time to give a reasonable explanation?