Whole-program Analysis via Link-Time Optimization (LTO)
You can enable GCC’s “link time optimization” feature by passing -flto.
When this is enabled, gcc adds extra sections to the compiled .o file
containing the SSA-Gimple internal representation of every function, so that
this SSA representation is available at link-time. This allows gcc to inline
functions defined in one source file into functions defined in another
source file at link time.
Although the feature is intended for optimization, we can also use it for
code analysis, and it’s possible to run the Python plugin at link time.
This means we can do interprocedural analysis across multiple source files.
An invocation might look like this:
Looking at the above options in turn:
- -flto enables link-time optimization
- -flto-partition=none : by default, gcc with LTO partitions the code
and generates summary information for each partition, then combines the
results of the summaries (known as “WPA” and “LTRANS” respectively).
This appears to be of use for optimization, but to get at the function
bodies, for static analysis, you should pass this option, which instead
gathers all the code into one process.
- -v means “verbose” and is useful for seeing all of the subprograms
that gcc invokes, along with their command line options. Given the
above options, you should see invocations of cc1 (the C compiler),
collect2 (the linker) and lto1 (the link-time optimizer).
$ ./gcc-with-python \
will render a bitmap of the supergraph like this:
Determine whether or not we’re being invoked during link-time
optimization (i.e. from within the lto1 program)
The underlying boolean is not set up until passes are being
invoked: it is always False during the initial invocation of the