ARM Technical Support Knowledge Articles

What does "Address Reference Count" mean in the linker callgraph output?

Applies to: DS-5, RealView Development Suite (RVDS)

Answer

The Address Reference Count in the callgraph output from armlink shows the number of sections from where the address of the function (as opposed to the function itself) is referenced.  It count sites from places where the address is taken (typically being assigned to a function pointer), and not from where the function is called directly.

A limitation of a static callgraph is that it cannot, in general, trace calls via function pointers.  This count gives an indication that the function is probably called this way, and also provides some help in working out where such a function is called from.

Example

foo.c:

void bar(void);
void(*fncptr)(void)=&bar;

int main(void)
{
  fncptr=&bar;
  (*fncptr)();
  return 0;
}


bar.c:

void bar(void){}

Commands used to build:

armcc foo.c -c
armcc bar.c -c
armlink foo.o bar.o -o cg.axf --callgraph

extract from cg.html:

bar (ARM, 4 bytes, Stack size 0 bytes, bar.o(.text))
[Address Reference Count : 2] foo.o(.text) foo.o(.data)

[Called By]

>> main

This indicates that the address of bar is taken in both the data and code sections of foo.c.

Note that in this case the callgraph does show that bar is called from main.  However, if
fncptr=&bar; is removed from foo.c, this cannot be deduced:

bar (ARM, 4 bytes, Stack size 0 bytes, bar.o(.text))
[Address Reference Count : 1]

foo.o(.data)

Article last edited on: 2012-10-18 11:41:27

Rate this article

[Bad]
|
|
[Good]
Disagree? Move your mouse over the bar and click

Did you find this article helpful? Yes No

How can we improve this article?

Link to this article
Copyright © 2011 ARM Limited. All rights reserved. External (Open), Non-Confidential