How do I find all memory allocations in an llvm ir code file?

Question

I tried to compile this snippet of C++ code:

void FuncTest() {
    int* a = new int;
    int* b = new int[2];
}

using:

clang test.cpp -S -emit-llvm -o - > test.llvm

and obtained this:

define void @_Z8FuncTestv() {
entry:
  %a = alloca i32*, align 4
  %b = alloca i32*, align 4
  %call = call noalias i8* @_Znwj(i32 4)
  %0 = bitcast i8* %call to i32*
  store i32* %0, i32** %a, align 4
  %call1 = call noalias i8* @_Znaj(i32 8)
  %1 = bitcast i8* %call1 to i32*
  store i32* %1, i32** %b, align 4
  ret void
}

declare noalias i8* @_Znwj(i32)
declare noalias i8* @_Znaj(i32)

What I am wondering now is: where do the _Znwj and _Znaj symbols come from? Are they just randomly assigned or is there a system to it? I would like to be able to tell that the lines

%call = call noalias i8* @_Znwj(i32 4)

and

%call1 = call noalias i8* @_Znaj(i32 8)

perform memory allocations. But it does not look that promising... Some llvm expert here who has an idea?

Answer 1

You're seeing the C++ mangled name of the operator. Demangle the symbol using abi::__cxa_demangle, or build up a table of mangled symbols. The new/delete operators may be overloaded so the symbols are not constant. Demangling may be the safest option.

This is the function piped through c++filt, which in turn uses abi::__cxa_demangle:

define void @FuncTest()() {
entry:
  %a = alloca i32*, align 4
  %b = alloca i32*, align 4
  %call = call noalias i8* @operator new(unsigned int)(i32 4)
  %0 = bitcast i8* %call to i32*
  store i32* %0, i32** %a, align 4
  %call1 = call noalias i8* @operator new[](unsigned int)(i32 8)
  %1 = bitcast i8* %call1 to i32*
  store i32* %1, i32** %b, align 4
  ret void
}

declare noalias i8* @operator new(unsigned int)(i32)
declare noalias i8* @operator new[](unsigned int)(i32)