/// <summary>
/// This program has a cross procedural jump
/// that should result in a new procedure, at Real_entry,since the jumped-to code
/// is not a simple linear block but a branch.
/// </summary>
/// <returns></returns>
public static Program CrossJump()
{
var b = new ProgramBuilder();
b.Add("bob", m =>
{
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
m.Label("bob_1");
m.Assign(r1, 0);
// Fall through should be promoted to call/return pair.
m.Label("Real_entry"); // Cross jump target: should become a new function entry point.
m.Store(r2, r1);
m.BranchIf(r2, "Real_entry");
m.Return();
});
b.Add("ext", m =>
{
var r1 = m.Reg32("r1", 1);
m.Label("ext_1");
m.Assign(r1, 4);
m.Goto("Real_entry");
});
return b.BuildProgram();
}
/// <summary>
/// Mutually recursive functions that jump into each other's bodies.
/// </summary>
/// <returns></returns>
public static Program BuildProgram()
{
var prog = new ProgramBuilder();
var m = new ProcedureBuilder("even");
var r1 = m.Register(1);
m.BranchIf(m.Eq0(r1), "done");
m.Assign(r1, m.ISub(r1, 1));
m.Call("odd", 4);
m.Assign(r1, m.Not(r1));
m.Return();
m.Label("done");
m.Assign(r1, true);
m.Return();
prog.Add(m);
m = new ProcedureBuilder("odd");
r1 = m.Register(1);
m.BranchIf(m.Eq(r1, 1), "done");
m.Assign(r1, m.ISub(r1, 1));
m.Call("event", 4);
m.Assign(r1, m.Not(r1));
m.Return();
m.Label("done");
m.Assign(r1, true);
m.Return();
prog.Add(m);
return prog.BuildProgram();
}
public void EP_AddrOf()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
Identifier r2 = null, r3 = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
r3 = m.Register("r3");
m.Assign(r2, 0x1234); // after which R2 has a definite value
m.SideEffect(m.Fn("Foo", m.Out(PrimitiveType.Pointer32, r2))); // Can't promise R2 is preserved after call, so should be invalid.
m.Assign(r3, r2);
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("0x00001234", ctx.GetValue(r2).ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("Foo(out r2)", instr2.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
var instr3 = stms[2].Instruction.Accept(ep);
Assert.AreEqual("r3 = r2", instr3.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r3).ToString());
}
protected override void RunTest(Action<ProcedureBuilder> doBuild, string outputFile)
{
var pb = new ProgramBuilder();
pb.Add("proc1", doBuild);
var program = pb.BuildProgram();
RunTest(program, outputFile);
}
public void Dfa2_Simple()
{
var pb = new ProgramBuilder(new FakeArchitecture());
pb.Add("test", m=>
{
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
m.Assign(r1, m.LoadDw(m.Word32(0x010000)));
m.Assign(r2, m.LoadDw(m.Word32(0x010004)));
m.Store(m.Word32(0x010008), m.IAdd(r1, r2));
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.AnalyzeProgram2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem3[0x00010008:word32] = Mem0[0x00010000:word32] + Mem0[0x00010004:word32]
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb.Program);
}
public void Dfa2_CallProc()
{
pb = new ProgramBuilder();
pb.Add("test", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var fooProc = GivenFunction("foo", m.Architecture.GetRegister(1), 4, 8);
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, 2);
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, 1);
m.Call(fooProc, 4);
m.Assign(sp, m.IAdd(sp, 8));
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem9[0x00010008:word32] = Mem0[fp + 0x00000004:word32] + Mem0[fp + 0x00000008:word32]
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb);
}
protected Program CompileTest(Action<ProcedureBuilder> m)
{
var mock = new ProcedureBuilder();
m(mock);
var pmock = new ProgramBuilder();
pmock.Add(mock);
return pmock.BuildProgram();
}
public void PprMemberVars()
{
ProgramBuilder mock = new ProgramBuilder();
ProcedureBuilder p = new ProcedureBuilder();
Identifier cs = p.Frame.EnsureRegister(Registers.cs);
p.Store(p.SegMemW(cs, p.Word32(0x0001)), Constant.Create(PrimitiveType.SegmentSelector, 0x0800));
mock.Add(p);
RunTest(mock.BuildProgram(), "Typing/PprMemberVars.txt");
}
public void PprMemberPointers()
{
ProgramBuilder mock = new ProgramBuilder();
ProcedureBuilder m = new ProcedureBuilder();
Identifier ds = m.Local(PrimitiveType.SegmentSelector, "ds");
m.SegStore(ds, m.Word32(7000), m.SegMemW(ds, m.SegMemW(ds, m.Word32(0x5321))));
mock.Add(m);
RunTest(mock.BuildProgram(), "Typing/PprMemberPointers.txt");
}
//$TODO: translate to RtlTraces
/// <summary>
/// Simple program consisting of a single procedure.
/// </summary>
/// <returns></returns>
public Program Simple()
{
var b = new ProgramBuilder();
b.Add("bob", m =>
{
m.Label("Zlon");
m.Return();
});
return b.BuildProgram();
}
public void CpaSimple()
{
var program = new ProgramBuilder();
program.Add("test", m=>
{
var r1 = m.Register(1);
m.Assign(r1, m.Load(PrimitiveType.Real32, m.Word32(0x10000000)));
});
RunTest(program.BuildProgram(), "Typing/CpaSimple.txt");
}
public void DpaConstantPointer()
{
ProgramBuilder prog = new ProgramBuilder();
ProcedureBuilder m = new ProcedureBuilder();
Identifier r1 = m.Register(1);
m.Assign(r1, 0x123130);
m.Store(r1, m.Int32(0x42));
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DpaConstantPointer.txt");
}
private void CreateIntraProceduralJumps()
{
var regS = new RegisterStorage("reg", 1, 0, PrimitiveType.Word32);
prog = new ProgramBuilder();
prog.Add("main", (m) =>
{
var reg = m.Frame.EnsureRegister(regS);
m.Assign(reg, 0);
m.Store(m.Word32(0x1234), reg);
m.Return();
});
}
public void DpaConstantMemberPointer()
{
ProgramBuilder prog = new ProgramBuilder();
ProcedureBuilder m = new ProcedureBuilder();
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
Identifier bx = m.Local16("bx");
m.Assign(bx, 0x1234);
m.Store(m.SegMemW(ds, bx), m.Int16(0x0042));
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DpaConstantMemberPointer.txt");
}
public static Program BuildSample()
{
var pb = new ProgramBuilder();
pb.Add("fact", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Register(1);
var r2 = m.Register(2);
var r3 = m.Register(3);
var cc = m.Flags("cc");
m.Assign(sp, m.Frame.FramePointer);
m.Assign(r2, r1);
m.Assign(r1, 1);
m.Assign(cc, m.Cond(m.ISub(r2, r1)));
m.BranchIf(m.Test(ConditionCode.LE, cc), "m_done");
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, r2);
m.Assign(r1, m.ISub(r2, r1));
m.Call("fact", 0);
m.Assign(r2, m.LoadDw(sp));
m.Assign(sp, m.IAdd(sp, 4));
m.Assign(r1, m.IMul(r1, r2));
m.Label("m_done");
m.Return();
});
pb.Add("main", m =>
{
var r1 = m.Register(1);
m.Assign(r1, 10);
m.Call("fact", 0);
m.Store(m.Word32(0x400000), r1);
});
return pb.BuildProgram();
}
public void EP_TestCondition()
{
var p = new ProgramBuilder();
p.Add("main", (m) =>
{
m.Label("foo");
m.BranchCc(ConditionCode.EQ, "foo");
m.Return();
});
var proc = p.BuildProgram().Procedures.Values.First();
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[0].Instruction.Accept(ep);
Assert.AreEqual("branch Test(EQ,Z) foo", newInstr.ToString());
}
public void CceAddAdcPattern()
{
var p = new ProgramBuilder(new FakeArchitecture());
p.Add("main", (m) =>
{
var r1 = MockReg(m, 1);
var r2 = MockReg(m, 2);
var r3 = MockReg(m, 3);
var r4 = MockReg(m, 4);
var SCZ = m.Frame.EnsureFlagGroup(0x7, "SZC", PrimitiveType.Byte);
var C = m.Frame.EnsureFlagGroup(0x4, "C", PrimitiveType.Byte);
m.Assign(r1, m.IAdd(r1, r2));
m.Assign(SCZ, m.Cond(r1));
m.Assign(r3, m.IAdd(m.IAdd(r3, r4), C));
m.Store(m.Word32(0x0444400), r1);
m.Store(m.Word32(0x0444404), r3);
m.Return();
});
RunTest(p, "Analysis/CceAddAdcPattern.txt");
}
public void EP_ConditionOf()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var szo = m.Frame.EnsureFlagGroup(0x7, "SZO", PrimitiveType.Byte);
var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 0, PrimitiveType.Word32));
var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16);
m.Assign(v4, m.IAdd(m.LoadW(ebx), 1));
m.Store(ebx, v4);
m.Assign(szo, m.Cond(v4));
m.Return();
});
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep);
Assert.AreEqual("SZO = cond(v4)", newInstr.ToString());
}
public void TerArrayExpression()
{
var m = new ProgramBuilder();
m.Add(new ArrayExpressionFragment());
RunTest(m.BuildProgram(), "Typing/TerArrayExpression.txt");
}
public void TerStaggeredArrays()
{
ProgramBuilder prog = new ProgramBuilder();
prog.Add(new StaggeredArraysFragment());
RunTest(prog.BuildProgram(), "Typing/TerStaggeredArrays.txt");
}
public void TerPointerChain()
{
var pb = new ProgramBuilder();
pb.Add(new PointerChainFragment());
RunTest(pb.BuildProgram(), "Typing/TerPointerChain.txt");
}
//[Ignore("scanning-development")]
public void TerSegmentedCall()
{
var pb = new ProgramBuilder();
pb.Add(new SegmentedCallFragment());
RunTest(pb.BuildProgram(), "Typing/TerSegmentedCall.txt");
}
public void TerCallTable()
{
var pb = new ProgramBuilder();
pb.Add(new IndirectCallFragment());
RunTest(pb.BuildProgram(), "Typing/TerCallTable.txt");
}
public void TerIntelIndexedAddressingMode()
{
ProgramBuilder m = new ProgramBuilder();
m.Add(new IntelIndexedAddressingMode());
RunTest(m.BuildProgram(), "Typing/TerIntelIndexedAddressingMode.txt");
}
public void TerSegmentedLoadLoad()
{
ProgramBuilder pm = new ProgramBuilder();
pm.Add("proc1", m =>
{
var ds = m.Local(PrimitiveType.SegmentSelector, "ds");
var bx = m.Local(PrimitiveType.Word16, "bx");
m.SegStore(ds, m.Word16(0x300), m.SegMemW(ds, m.SegMemW(ds, bx)));
m.Return();
});
RunTest(pm, "Typing/TerSegmentedLoadLoad.txt");
}
public void TerDeclaration()
{
ProgramBuilder pm = new ProgramBuilder();
pm.Add("proc1", m =>
{
var ax = m.Reg16("ax", 0);
var rand = new ExternalProcedure(
"rand",
new FunctionType(
new Identifier("ax", PrimitiveType.Int16, ax.Storage),
new Identifier[0]));
m.Declare(ax, m.Fn(rand));
m.Store(m.Word16(0x1300), ax);
m.Return();
});
RunTest(pm, "Typing/TerDeclaration.txt");
}
public void Dfa2_UserDefinedStackArgs()
{
var arch = new X86ArchitectureFlat32();
var pb = new ProgramBuilder(arch);
var test = pb.Add(
new Procedure_v1
{
CSignature = "void test(int a, int b)"
},
m => {
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
var fp = m.Frame.FramePointer;
m.Assign(r1, m.LoadDw(m.IAdd(fp, 4)));
m.Assign(r2, m.LoadDw(m.IAdd(fp, 8)));
m.Assign(r1, m.IAdd(r1, r2));
m.Store(m.Word32(0x010008), r1);
m.Return();
});
var program = pb.BuildProgram();
var platform = new FakePlatform(null, arch);
platform.Test_CreateProcedureSerializer = (t, d) =>
{
var typeLoader = new TypeLibraryDeserializer(platform, false, new TypeLibrary());
return new X86ProcedureSerializer((IntelArchitecture)program.Architecture, typeLoader, "");
};
program.Platform = platform;
var dfa = new DataFlowAnalysis(program, new FakeDecompilerEventListener());
dfa.AnalyzeProgram2();
var sExp = @"// test
// Return size: 4
void test(int32 a, int32 b)
test_entry:
// succ: l1
l1:
word32 r1_4 = a + b
Mem5[0x00010008:word32] = r1_4
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb.Program);
}
public void TerUnionConstants()
{
ProgramBuilder prog = new ProgramBuilder();
prog.Add("proc1", m =>
{
Identifier bx = m.Local16("bx");
m.Assign(bx, m.Shr(bx, 2)); // makes bx unsigned uint16
m.Assign(m.LocalBool("f"), m.Lt(bx, 4)); // makes bx also signed; assembler bug, but forces a union.
m.Assign(bx, m.Word16(4)); // what type should 4 have?
});
RunTest(prog.BuildProgram(), "Typing/TerUnionConstants.txt");
}
public void Dfa2_StackArgs()
{
var pb = new ProgramBuilder(new FakeArchitecture());
pb.Add("test", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
m.Assign(sp, m.Frame.FramePointer);
m.Assign(r1, m.LoadDw(m.IAdd(sp, 4)));
m.Assign(r2, m.LoadDw(m.IAdd(sp, 8)));
m.Assign(r1, m.IAdd(r1, r2));
m.Store(m.Word32(0x010008), r1);
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.AnalyzeProgram2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem6[0x00010008:word32] = dwArg04 + dwArg08
word32 r63_1 = fp
word32 r2_4 = dwArg08
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb.Program);
}
public void TerOffsetInArrayLoop()
{
ProgramBuilder pm = new ProgramBuilder();
pm.Add("proc1", m =>
{
var ds = m.Local16("ds");
var cx = m.Local16("cx");
var di = m.Local16("di");
m.Assign(di, 0);
m.Label("lupe");
m.SegStore(ds, m.IAdd(di, 0x5388), m.Word16(0));
m.Assign(di, m.IAdd(di, 2));
m.Assign(cx, m.ISub(cx, 1));
m.BranchIf(m.Ne(cx, 0), "lupe");
m.Return();
});
RunTest(pm, "Typing/TerOffsetInArrayLoop.txt");
}