public void EP_AddrOf() { var arch = new FakeArchitecture(); var p = new ProgramBuilder(arch); Identifier r2 = null, r3 = null; var proc = p.Add("main", (m) => { r2 = m.Register("r2"); r3 = m.Register("r3"); m.Assign(r2, 0x1234); // after which R2 has a definite value m.SideEffect(m.Fn("Foo", m.Out(PrimitiveType.Pointer32, r2))); // Can't promise R2 is preserved after call, so should be invalid. m.Assign(r3, r2); }); var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow()); ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer; var stms = proc.EntryBlock.Succ[0].Statements; var instr1 = stms[0].Instruction.Accept(ep); Assert.AreEqual("0x00001234", ctx.GetValue(r2).ToString()); var instr2 = stms[1].Instruction.Accept(ep); Assert.AreEqual("Foo(out r2)", instr2.ToString()); Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString()); var instr3 = stms[2].Instruction.Accept(ep); Assert.AreEqual("r3 = r2", instr3.ToString()); Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString()); Assert.AreEqual("<invalid>", ctx.GetValue(r3).ToString()); }
public void EP_StackReference() { var arch = new FakeArchitecture(); var p = new ProgramBuilder(arch); var proc = p.Add("main", (m) => { var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister); var r1 = m.Register(1); m.Assign(sp, m.ISub(sp, 4)); m.Assign(r1, m.LoadDw(m.IAdd(sp, 8))); m.Return(); }); var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow()); ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer; var stms = proc.EntryBlock.Succ[0].Statements; var newInstr = stms[0].Instruction.Accept(ep); Assert.AreEqual("r63 = fp - 0x00000004", newInstr.ToString()); newInstr = stms[1].Instruction.Accept(ep); Assert.AreEqual("r1 = dwArg04", newInstr.ToString()); }
public void EP_LValue() { var arch = new FakeArchitecture(); var p = new ProgramBuilder(arch); Identifier r2 = null; Identifier sp = null; var proc = p.Add("main", (m) => { r2 = m.Register("r2"); sp = m.Frame.EnsureRegister(arch.StackRegister); m.Store(m.ISub(sp, 12), m.ISub(sp, 16)); m.Store(m.ISub(sp, 12), 2); }); var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow()); ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer; var stms = proc.EntryBlock.Succ[0].Statements; var instr1 = stms[0].Instruction.Accept(ep); Assert.AreEqual("dwLoc0C = fp - 0x00000010", instr1.ToString()); var instr2 = stms[1].Instruction.Accept(ep); Assert.AreEqual("dwLoc0C = 0x00000002", instr2.ToString()); }
public void EP_IndirectCall() { var arch = new FakeArchitecture(); var p = new ProgramBuilder(arch); var proc = p.Add("main", (m) => { var r1 = m.Register("r1"); m.Assign(r1, m.Word32(0x42)); m.Emit(new CallInstruction(r1, new CallSite(4, 0))); m.Return(); }); var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow()); ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer; var stms = proc.EntryBlock.Succ[0].Statements; stms[0].Instruction.Accept(ep); var newInstr = stms[1].Instruction.Accept(ep); Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString()); }
public void EP_ConditionOf() { var p = new ProgramBuilder(); var proc = p.Add("main", (m) => { var szo = m.Frame.EnsureFlagGroup(Registers.eflags, 0x7, "SZO", PrimitiveType.Byte); var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 3, 0, PrimitiveType.Word32)); var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16); m.Assign(v4, m.IAdd(m.Mem16(ebx), 1)); m.MStore(ebx, v4); m.Assign(szo, m.Cond(v4)); m.Return(); }); var arch = new X86ArchitectureFlat32("x86-protected-32"); var platform = new FakePlatform(null, arch); var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(segmentMap, ctx, listener); var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow()); var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep); Assert.AreEqual("SZO = cond(v4)", newInstr.ToString()); }
public void EP_IndirectCall() { var arch = new FakeArchitecture(); var p = new ProgramBuilder(arch); var proc = p.Add("main", (m) => { var r1 = m.Register("r1"); m.Assign(r1, m.Word32(0x42)); m.Call(r1, 4); m.Return(); }); var platform = new FakePlatform(null, arch) { Test_CreateTrashedRegisters = () => new HashSet <RegisterStorage>() }; var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(segmentMap, ctx, listener); var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow()); ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer; var stms = proc.EntryBlock.Succ[0].Statements; stms[0].Instruction.Accept(ep); var newInstr = stms[1].Instruction.Accept(ep); Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString()); }
public void EP_TestCondition() { var p = new ProgramBuilder(); p.Add("main", (m) => { m.Label("foo"); m.BranchCc(ConditionCode.EQ, "foo"); m.Return(); }); var proc = p.BuildProgram().Procedures.Values.First(); var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow()); var newInstr = proc.EntryBlock.Succ[0].Statements[0].Instruction.Accept(ep); Assert.AreEqual("branch Test(EQ,Z) foo", newInstr.ToString()); }
public void EP_ConditionOf() { var p = new ProgramBuilder(); var proc = p.Add("main", (m) => { var szo = m.Frame.EnsureFlagGroup(0x7, "SZO", PrimitiveType.Byte); var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 0, PrimitiveType.Word32)); var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16); m.Assign(v4, m.IAdd(m.LoadW(ebx), 1)); m.Store(ebx, v4); m.Assign(szo, m.Cond(v4)); m.Return(); }); var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow()); var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep); Assert.AreEqual("SZO = cond(v4)", newInstr.ToString()); }
public void EP_Application() { var p = new ProgramBuilder(); var proc = p.Add("main", (m) => { var r1 = m.Frame.EnsureRegister(new RegisterStorage("r1", 1, PrimitiveType.Word32)); m.Assign(r1, m.Word32(0x42)); m.SideEffect(m.Fn("foo", r1)); m.Return(); }); var ctx = new SymbolicEvaluationContext(new FakeArchitecture(), proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow()); var stms = proc.EntryBlock.Succ[0].Statements; stms[0].Instruction.Accept(ep); var newInstr = stms[1].Instruction.Accept(ep); Assert.AreEqual("foo(0x00000042)", newInstr.ToString()); }
public void EP_Application() { var p = new ProgramBuilder(); var proc = p.Add("main", (m) => { var r1 = m.Frame.EnsureRegister(new RegisterStorage("r1", 1, PrimitiveType.Word32)); m.Assign(r1, m.Word32(0x42)); m.SideEffect(m.Fn("foo", r1)); m.Return(); }); var arch = new FakeArchitecture(); var ctx = new SymbolicEvaluationContext(arch, proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow()); var stms = proc.EntryBlock.Succ[0].Statements; stms[0].Instruction.Accept(ep); var newInstr = stms[1].Instruction.Accept(ep); Assert.AreEqual("foo(0x00000042)", newInstr.ToString()); }
public void EP_LValue() { var arch = new FakeArchitecture(); var p = new ProgramBuilder(arch); Identifier r2 = null; Identifier sp = null; var proc = p.Add("main", (m) => { r2 = m.Register("r2"); sp = m.Frame.EnsureRegister(arch.StackRegister); m.Store(m.ISub(sp, 12), m.ISub(sp, 16)); m.Store(m.ISub(sp, 12), 2); }); var ctx = new SymbolicEvaluationContext (arch, proc.Frame); var simplifier = new ExpressionSimplifier(ctx); var ep = new ExpressionPropagator(arch,simplifier,ctx, new ProgramDataFlow()); ctx.RegisterState[arch.StackRegister]= proc.Frame.FramePointer; var stms = proc.EntryBlock.Succ[0].Statements; var instr1 = stms[0].Instruction.Accept(ep); Assert.AreEqual("dwLoc0C = fp - 0x00000010", instr1.ToString()); var instr2 = stms[1].Instruction.Accept(ep); Assert.AreEqual("dwLoc0C = 0x00000002", instr2.ToString()); }