You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use SVF-2.5 (included a patched version), following the command:
cd SVF-2.5
(Specify your LLVM-14 path by set(ENV{LLVM_DIR} /path/to/your/llvm-14.0.6.build/lib/cmake) in the root CMakeLists.txt)
source ./build.sh
cd ..
Before running KallGraph, make sure you have compiled target programs' LLVM IRs, and put those IR paths in a file like src/sample_input/bc.list, we give an example as follows to use MLTA IRDumper to build linux-6.5 IRs.
MLTA provides a decent tool to compile LLVM IRs for Linux kernels, to use them, following commands:
git clone https://github.com/umnsec/mlta.git
cd mlta/IRDumper
(In the Makefile, change the LLVM_BUILD to /path/to/your/llvm-14.0.6.build)
make
cd ..
(Consider replacing MLTA's irgen with our modified irgen.sh, and setup paths correctly)
chmod +x irgen.sh
./irgen.sh
Since we are compiling LLVM IRs not binaries, there will be lots of compilation errors for binaries, but it won't effect the output of IRs.
To get the bc.list under the folder of linux source code:
The output callgraph is at /path/to/OutputDir/callgraph
Please cite the following research paper:
@inproceedings{li2025redefining,
title={Redefining Indirect Call Analysis with KallGraph},
author={Li, Guoren and Sridharan, Manu and Qian, Zhiyun},
booktitle={2025 IEEE Symposium on Security and Privacy (SP)},
pages={2734--2752},
year={2025},
}
