Possible callgraph analysis bug, calls to function pointers not among callgraph_edges

[ringzer0x00]

Hello,
I have been using cclyzer to perform callgraph and points-to analyses and I cannot see calls to function pointers among the callgraph edges from main() with both context-insensitive and context-sensitive analyses, while with direct calls they have no issues while being resolved.

The points-to analysis to me seems to be performed correctly, just the call to function pointers are not correctly classified as edges in the callgraph. Indirect calls to plt (like printf) are correctly resolved.

I attach the source I have used for testing.

void cane() {
	puts("cane");
}

void gatto() {
	puts("gatto");
}


int main() {

	void (*one)();
	void (*two)();

	one = &cane;
	two = &gatto;

	(*one)();
	(*two)();

	return 0;
}

From the logic implemented in the callgraph construction it seems like this could be a bug. All of the output csv regarding the contruction of the call graph (callgraph_*.csv) are empty on this one. If I use some other function inside the main they do appear, but no calls to function pointers whatsoever.

Thank you in advance.

[ktrianta]

Thank you for reporting this!

I am polishing a bug fix which I think will also fix this issue, so I am looking into this.

[ringzer0x00]

Good morning @ktrianta, any update on this? If anything, is there a release version you are confident to be working when analyzing calls to function pointers?

Thank you.

[ktrianta]

@ringzer0x00 I have pushed a fix!
Please report any related issue you encounter here. Thank you!