Implement extracting function pointers

petr-bauch · petr-bauch · commit 8bbcd6030f2b · 2019-05-30T12:17:00.000+01:00
By simply grabbing the pointee name from gdb (which is the function name) and
returning the associated symbol expression.
diff --git a/src/memory-analyzer/analyze_symbol.cpp b/src/memory-analyzer/analyze_symbol.cpp
@@ -324,6 +324,23 @@ exprt gdb_value_extractort::get_pointer_to_member_value(
   return *maybe_member_expr;
 }
 
+exprt gdb_value_extractort::get_pointer_to_function_value(
+  const exprt &expr,
+  const pointer_valuet &pointer_value,
+  const source_locationt &location)
+{
+  PRECONDITION(expr.type().id() == ID_pointer);
+  PRECONDITION(expr.type().subtype().id() == ID_code);
+  PRECONDITION(!pointer_value.address.is_null());
+
+  const auto &function_name = pointer_value.pointee;
+  CHECK_RETURN(!function_name.empty());
+  const auto function_symbol = symbol_table.lookup(function_name);
+  CHECK_RETURN(function_symbol != nullptr);
+  CHECK_RETURN(function_symbol->type.id() == ID_code);
+  return function_symbol->symbol_expr();
+}
+
 exprt gdb_value_extractort::get_non_char_pointer_value(
   const exprt &expr,
   const pointer_valuet &value,
@@ -489,6 +506,17 @@ exprt gdb_value_extractort::get_pointer_value(
       return result_expr;
     }
 
+    // pointer to function
+    if(expr.type().subtype().id() == ID_code)
+    {
+      const auto target_expr =
+        get_pointer_to_function_value(expr, value, location);
+      CHECK_RETURN(target_expr.id() != ID_nil);
+      const auto result_expr = address_of_exprt(target_expr);
+      CHECK_RETURN(result_expr.type() == zero_expr.type());
+      return result_expr;
+    }
+
     // non-member: split for char/non-char
     const auto target_expr =
       is_c_char_type(expr.type().subtype())
diff --git a/src/memory-analyzer/analyze_symbol.h b/src/memory-analyzer/analyze_symbol.h
@@ -286,6 +286,18 @@ class gdb_value_extractort
     const pointer_valuet &value,
     const source_locationt &location);
 
+  /// Extract the function name from \p pointer_value, check it has a symbol and
+  ///   return the associated symbol expression
+  /// \param expr: the pointer-to-function expression
+  /// \param pointer_value: pointer value with the function name as the pointee
+  ///   member
+  /// \param location: the source location
+  /// \return symbol expression for the function pointed at by \p pointer_value
+  exprt get_pointer_to_function_value(
+    const exprt &expr,
+    const pointer_valuet &pointer_value,
+    const source_locationt &location);
+
   /// If \p memory_location is found among \ref values then return the symbol
   ///   expression associated with it.
   /// Otherwise we add the appropriate \ref values mapping:
