Same Node but with Different Source Loc in -vfspta Pointer Analysis

[HiragiChi]

Hi,
I was trying to run versioned flow-sensitive pointer analysis on Linux kernel 4.12. Here is the prompt I use:
./wpa -ander -vfspta -print-fp vmlinux_v4.12.bc
When I query the Persistent Points-To Cache data before finishing the whole analysis, I found multiple nodes with the same nodeID but different source locations. For example,
NodeID: 244346 CallSite: call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22a\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* %24, i32 1016, i32 0, i64 12) #12, !dbg !7932029, !srcloc !7932031 { "ln": 1016, "cl": 113, "fl": "kernel/cpu.c" } Location: { "ln": 1016, "cl": 113, "fl": "kernel/cpu.c" }
`

NodeID: 244346
CallSite: call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22a\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,{dirflag},{fpsr},~{flags}"(i8* %8, i32 1846, i32 0, i64 12) #12, !dbg !7932002, !srcloc !7932004 { "ln": 1846, "cl": 56, "fl": "kernel/audit.c" } Location: { "ln": 1846, "cl": 56, "fl": "kernel/audit.c" }`

The LLVM IR of the nodes seem similar but are from different sources.

I am wondering why this might happen for I used to think that each node could only represent a single source. Why might this happen? Is that because the file I am analyzing is too big (Linux Kenel)?

Any help is appreciated, thanks!

[yuleisui]

This is strange as the instructions should be exactly the same if two nodes have the same id. Could you debug a bit to see how these llvm values are different?

[HiragiChi]

Hi, I just looked into the instructions and found out that they are not identical but most of them are assembly codes. I will look into the problems later.
I have another problem here, I just finished running `./wpa -ander -vfspta -print-fp vmlinux_v4.12.but the execution stops after the AUX Anderson points-to analysis without further refinements.
Is that because of the memory limitation or time limitation of the WPA analyzer (For I am analyzing a program as large as Linux kernel)? Will multi-level analysis become possible if we just focus the analysis on some fptrs but not all the function pointers?

[HiragiChi]

I have another problem here, I just finished running `./wpa -ander -vfspta -print-fp vmlinux_v4.12.but the execution stops after the AUX Anderson points-to analysis without further refinements.
Is that because of the memory limitation or time limitation of the WPA analyzer (For I am analyzing a program as large as Linux kernel)? Will multi-level analysis become possible if we just focus the analysis on some fptrs but not all the function pointers?

Hi, could anyone give me any hints on why vfspta does not scale to Kernel but AUX can scale? Thanks in advance