- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have been attempting to generate a DCFG of a very simple Hello World program, but it seems like it generates a DCFG that includes all external library function calls, which makes it unfeasible.
I have also seen from this passlab/DCFG: Dynamic ControlFlow Graph and DataFlow Graph for Binary-based Optimization (github.com) link, where it generates a very nice DCFG looking like this:
However, I am not able to get this DCFG, no matter what I try.
Here are the exact steps that I have taken:
Source code:
#include <stdio.h>
int main() { printf("Hello World\n"); return 0; }
Terminal input:
~/SDE » ./sde -disasm_att 1 -dcfg 1 -dcfg:write_bb 1 -- ./hello
Hello World
This will generate dcfg-out.dcfg.json.bz2 file that needs to be converted into a dot file as follows:
~/SDE » $PIN_ROOT/extras/dcfg/bin/intel64/dcfg-to-dot dcfg-out.dcfg.json.bz2 dcfg-out.dot
Which can be converted into a PNG file using this command:
sfdp -x -Tpng dcfg-out.dot > dcfg-out.png
Upon inspecting this, you get a monster graph like this, which is nothing like what I have shown above:
I looked through the generated dot file, and it contains addresses that are from external library function calls.
So the beginning of the dot file looks fine, as it can be observed that addr=0x565106eef140, which implies this is recorded from the main image application:
# This file is in the DOT graph-visualization language.
# See http://www.graphviz.org for a list of programs to render the graph.
digraph dcfg {
subgraph cluster_pid761495 {
color=blue;
label="Process 761495";
subgraph cluster_image1 {
color=plum;
label="Image 1\n/home/jay/SDE/hello\nload-addr = 0x565106eee000\nsize = 8544";
subgraph cluster_routine18 {
color=violet;
label="Routine 18\naddr=0x6eef140";
node18 [label="BB 18\naddr=0x565106eef140\nnum-instrs=2\nexecutions=1"];
}
subgraph cluster_routine7 {
color=violet;
label="Routine 7\naddr=0x6eef050";
node7 [label="BB 7\naddr=0x565106eef050\nnum-instrs=2\nexecutions=1"];
}
And then... for each routine node, it creates unnecessary edges/nodes to library functions, as shown below,
}
subgraph cluster_routine1170 {
color=violet;
label="Routine 1170\naddr=0x52c8b550";
node1175 [label="BB 1175\naddr=0x7f5552c8b5b1\nnum-instrs=7\nexecutions=1"];
node1174 [label="BB 1174\naddr=0x7f5552c8b59d\nnum-instrs=7\nexecutions=4"];
node1173 [label="BB 1173\naddr=0x7f5552c8b590\nnum-instrs=4\nexecutions=4"];
node1172 [label="BB 1172\naddr=0x7f5552c8b570\nnum-instrs=2\nexecutions=4"];
node1171 [label="BB 1171\naddr=0x7f5552c8b563\nnum-instrs=5\nexecutions=1"];
node1170 [label="BB 1170\naddr=0x7f5552c8b550\nnum-instrs=8\nexecutions=1"];
Where you can see that address is 0x7f5552c8b5b1, and so on.
So am I missing an option to exclude these unnecessary nodes/edges? I looked through the other script files, and it seems like they do not enable any special exclusion flags, so I am not sure why I cannot reproduce the concise DCFG.
Thank you for any help.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The DCFG tool is still available with Intel SDE package, but it is not actively developed.
The tool has no internal filtering built in. You should be able to use the DCFG API to write a filtering tool. You can probably use the dcfg-reader example as a reference.

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page