private void BuildExpressionSimplifier()
{
SsaIdentifierCollection ssaIds = BuildSsaIdentifiers();
table = new Dictionary <Expression, Expression>();
simplifier = new ExpressionSimplifier(new SsaEvaluationContext(null, ssaIds));
}
public Backwalker(IBackWalkHost host, RtlTransfer xfer, ExpressionSimplifier eval)
{
if (xfer is RtlGoto) //$DEBUG
{
xfer.ToString();
}
this.host = host;
this.eval = eval;
var target = xfer.Target;
var seq = xfer.Target as MkSequence;
if (seq != null)
{
target = seq.Tail;
}
var mem = target as MemoryAccess;
if (mem == null)
{
Index = RegisterOf(target as Identifier);
}
else
{
Index = DetermineIndexRegister(mem);
}
Operations = new List <BackwalkOperation>();
}
public ValuePropagator(SsaIdentifierCollection ssaIds, Procedure proc)
{
this.ssaIds = ssaIds;
this.proc = proc;
this.evalCtx = new SsaEvaluationContext(ssaIds);
this.eval = new ExpressionSimplifier(evalCtx);
}
public void VpSliceConstant()
{
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
Expression c = new Slice(PrimitiveType.Byte, Constant.Word32(0x10FF), 0).Accept(vp);
Assert.AreEqual("0xFF", c.ToString());
}
public void EP_LValue()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
var p = new ProgramBuilder(arch);
Identifier r2 = null;
Identifier sp = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
sp = m.Frame.EnsureRegister(arch.StackRegister);
m.Store(m.ISub(sp, 12), m.ISub(sp, 16));
m.Store(m.ISub(sp, 12), m.Word32(2));
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = fp - 0x00000010", instr1.ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = 0x00000002", instr2.ToString());
}
private void Given_ExpressionSimplifier()
{
SsaIdentifierCollection ssaIds = BuildSsaIdentifiers();
var listener = new FakeDecompilerEventListener();
simplifier = new ExpressionSimplifier(new SsaEvaluationContext(null, ssaIds), listener);
}
public void EP_AddrOf()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
Identifier r2 = null, r3 = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
r3 = m.Register("r3");
m.Assign(r2, 0x1234); // after which R2 has a definite value
m.SideEffect(m.Fn("Foo", m.Out(PrimitiveType.Pointer32, r2))); // Can't promise R2 is preserved after call, so should be invalid.
m.Assign(r3, r2);
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("0x00001234", ctx.GetValue(r2).ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("Foo(out r2)", instr2.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
var instr3 = stms[2].Instruction.Accept(ep);
Assert.AreEqual("r3 = r2", instr3.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r3).ToString());
}
public void EP_AddrOf()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
var p = new ProgramBuilder(arch);
Identifier r2 = null, r3 = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
r3 = m.Register("r3");
m.Assign(r2, 0x1234); // after which R2 has a definite value
m.SideEffect(m.Fn("Foo", m.Out(PrimitiveType.Pointer32, r2))); // Can't promise R2 is preserved after call, so should be invalid.
m.Assign(r3, r2);
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
Assert.AreEqual("0x00001234", ctx.GetValue(r2).ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("Foo(out r2)", instr2.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
var instr3 = stms[2].Instruction.Accept(ep);
Assert.AreEqual("r3 = r2", instr3.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r3).ToString());
}
public void EP_ConditionOf()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var szo = m.Frame.EnsureFlagGroup(Registers.eflags, 0x7, "SZO", PrimitiveType.Byte);
var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 3, 0, PrimitiveType.Word32));
var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16);
m.Assign(v4, m.IAdd(m.LoadW(ebx), 1));
m.Store(ebx, v4);
m.Assign(szo, m.Cond(v4));
m.Return();
});
var arch = new X86ArchitectureFlat32();
var platform = new FakePlatform(null, arch);
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep);
Assert.AreEqual("SZO = cond(v4)", newInstr.ToString());
}
public void EP_IndirectCall()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var r1 = m.Register("r1");
m.Assign(r1, m.Word32(0x42));
m.Emit(new CallInstruction(r1, new CallSite(4, 0)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString());
}
public void VpSliceConstant()
{
var vp = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(arch.Object, null, dynamicLinker.Object), listener);
Expression c = new Slice(PrimitiveType.Byte, Constant.Word32(0x10FF), 0).Accept(vp);
Assert.AreEqual("0xFF<8>", c.ToString());
}
/// <summary>
/// Helper method
/// </summary>
/// <param name="items"></param>
/// <returns></returns>
public static IPyValue ConcatStrings(params IPyValue[] items)
{
if (items == null)
{
return(null);
}
IPyValue result = null;
foreach (var i in items)
{
if (result == null)
{
result = i;
}
else
{
result = new PyBinaryOperatorExpression(".", result, i);
}
}
if (result != null)
{
var simplifier = new ExpressionSimplifier(new OptimizeOptions());
result = simplifier.Simplify(result);
}
return(result);
}
public void EP_IndirectCall()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var r1 = m.Register("r1");
m.Assign(r1, m.Word32(0x42));
m.Call(r1, 4);
m.Return();
});
var platform = new FakePlatform(null, arch)
{
Test_CreateTrashedRegisters = () => new HashSet <RegisterStorage>()
};
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString());
}
public void EP_StackReference()
{
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister);
var r1 = m.Register(1);
m.Assign(sp, m.ISub(sp, 4));
m.Assign(r1, m.LoadDw(m.IAdd(sp, 8)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx, listener);
var ep = new ExpressionPropagator(platform, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var newInstr = stms[0].Instruction.Accept(ep);
Assert.AreEqual("r63 = fp - 0x00000004", newInstr.ToString());
newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("r1 = dwArg04", newInstr.ToString());
}
public void Setup()
{
arch = new FakeArchitecture();
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState());
host = new BackwalkerHost(arch);
}
private void Given_ExpressionSimplifier()
{
SsaIdentifierCollection ssaIds = BuildSsaIdentifiers();
var listener = new FakeDecompilerEventListener();
var segmentMap = new SegmentMap(Address.Ptr32(0));
simplifier = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(null, ssaIds), listener);
}
public BackwardSlicer(IBackWalkHost <RtlBlock, RtlInstruction> host)
{
this.host = host;
this.worklist = new WorkList <SliceState>();
this.visited = new HashSet <RtlBlock>();
this.cmp = new ExpressionValueComparer();
this.simp = new ExpressionSimplifier(host.SegmentMap, new EvalCtx(), null);
}
public void VpShiftSum()
{
ProcedureBuilder m = new ProcedureBuilder();
Expression e = m.Shl(1, m.ISub(Constant.Byte(32), 1));
var vp = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(arch.Object, null, dynamicLinker.Object), listener);
e = e.Accept(vp);
Assert.AreEqual("0x80000000<32>", e.ToString());
}
public void Setup()
{
arch = new X86ArchitectureFlat32();
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState());
SCZO = m.Frame.EnsureFlagGroup(Registers.eflags, (uint)(FlagM.SF | FlagM.CF | FlagM.ZF | FlagM.OF), "SCZO", PrimitiveType.Byte);
host = new BackwalkerHost(arch);
}
public void VpShiftShift()
{
Identifier id = m.Reg32("id");
Expression e = m.Shl(m.Shl(id, 1), 4);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, m.Ssa.Identifiers), listener);
e = e.Accept(vp);
Assert.AreEqual("id << 0x05", e.ToString());
}
public void VpShiftSum()
{
ProcedureBuilder m = new ProcedureBuilder();
Expression e = m.Shl(1, m.ISub(Constant.Byte(32), 1));
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, null), listener);
e = e.Accept(vp);
Assert.AreEqual("0x80000000", e.ToString());
}
public void Setup()
{
arch = new FakeArchitecture();
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
listener = new FakeDecompilerEventListener();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState(), listener);
host = new BackwalkerHost(arch);
}
public void Setup()
{
arch = new IntelArchitecture(ProcessorMode.Protected32);
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState());
SCZO = m.Frame.EnsureFlagGroup((uint)(FlagM.SF | FlagM.CF | FlagM.ZF | FlagM.OF), "SCZO", PrimitiveType.Byte);
host = new BackwalkerHost();
}
public void VpShiftShift()
{
Identifier id = m.Reg32("id");
Expression e = m.Shl(m.Shl(id, 1), 4);
var vp = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(arch.Object, m.Ssa.Identifiers, dynamicLinker.Object), listener);
e = e.Accept(vp);
Assert.AreEqual("id << 5<8>", e.ToString());
}
public void VpAddZero()
{
Identifier r = Reg32("r");
Identifier s = Reg32("s");
var sub = new BinaryExpression(Operator.ISub, PrimitiveType.Word32, new MemoryAccess(MemoryIdentifier.GlobalMemory, r, PrimitiveType.Word32), Constant.Word32(0));
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
var exp = sub.Accept(vp);
Assert.AreEqual("Mem0[r:word32]", exp.ToString());
}
public void VpSequenceOfConstants()
{
Constant pre = Constant.Word16(0x0001);
Constant fix = Constant.Word16(0x0002);
Expression e = new MkSequence(PrimitiveType.Word32, pre, fix);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.AreEqual("0x00010002", e.ToString());
}
public void VpSequenceOfConstants()
{
Constant pre = Constant.Word16(0x0001);
Constant fix = Constant.Word16(0x0002);
Expression e = new MkSequence(PrimitiveType.Word32, pre, fix);
var vp = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(arch.Object, null, dynamicLinker.Object), listener);
e = e.Accept(vp);
Assert.AreEqual("0x10002<32>", e.ToString());
}
public void VpShiftShift()
{
Identifier id = Reg32("id");
ProcedureBuilder m = new ProcedureBuilder();
Expression e = m.Shl(m.Shl(id, 1), 4);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.AreEqual("id << 0x05", e.ToString());
}
public void VpAddZero()
{
Identifier r = m.Reg32("r");
var sub = new BinaryExpression(Operator.ISub, PrimitiveType.Word32, new MemoryAccess(MemoryIdentifier.GlobalMemory, r, PrimitiveType.Word32), Constant.Word32(0));
var vp = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(arch.Object, m.Ssa.Identifiers, dynamicLinker.Object), listener);
var exp = sub.Accept(vp);
Assert.AreEqual("Mem0[r:word32]", exp.ToString());
}
private void Given_ExpressionSimplifier()
{
var ssaIds = BuildSsaIdentifiers();
var listener = new FakeDecompilerEventListener();
var segmentMap = new SegmentMap(Address.Ptr32(0));
var importResolver = new Mock <IImportResolver>();
var ssaCtx = new SsaEvaluationContext(arch?.Object, ssaIds, importResolver.Object);
simplifier = new ExpressionSimplifier(segmentMap, ssaCtx, listener);
}
public void VpSliceShift()
{
Constant eight = Constant.Word16(8);
Identifier C = m.Reg8("C");
Expression e = new Slice(PrimitiveType.Byte, new BinaryExpression(Operator.Shl, PrimitiveType.Word16, C, eight), 8);
var vp = new ExpressionSimplifier(segmentMap, new SsaEvaluationContext(arch.Object, m.Ssa.Identifiers, dynamicLinker.Object), listener);
e = e.Accept(vp);
Assert.AreEqual("C", e.ToString());
}
public BackwardSlicer(IBackWalkHost <RtlBlock, RtlInstruction> host, RtlBlock rtlBlock, ProcessorState state)
{
this.host = host;
this.rtlBlock = rtlBlock;
this.processorState = state;
this.worklist = new WorkList <SliceState>();
this.visited = new HashSet <RtlBlock>();
this.cmp = new ExpressionValueComparer();
this.simp = new ExpressionSimplifier(host.SegmentMap, new EvalCtx(state.Endianness), NullDecompilerEventListener.Instance);
}
public void SliceShift()
{
Constant eight = Constant.Word16(8);
Constant ate = Constant.Word32(8);
Identifier C = Reg8("C");
Identifier ax = Reg16("ax");
Expression e = new Slice(PrimitiveType.Byte, new BinaryExpression(Operator.Shl, PrimitiveType.Word16, C, eight), 8);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.AreEqual("C", e.ToString());
}
public VarargsFormatScanner(
Program program,
Frame frame,
EvaluationContext ctx,
IServiceProvider services)
{
this.program = program;
this.arch = program.Architecture;
this.frame = frame;
this.eval = new ExpressionSimplifier(ctx);
this.services = services;
}
public void EP_TestCondition()
{
var p = new ProgramBuilder();
p.Add("main", (m) =>
{
m.Label("foo");
m.BranchCc(ConditionCode.EQ, "foo");
m.Return();
});
var proc = p.BuildProgram().Procedures.Values.First();
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[0].Instruction.Accept(ep);
Assert.AreEqual("branch Test(EQ,Z) foo", newInstr.ToString());
}
/// <summary>
/// Helper method
/// </summary>
/// <param name="items"></param>
/// <returns></returns>
public static IPhpValue ConcatStrings(params IPhpValue[] items)
{
if (items == null) return null;
IPhpValue result = null;
foreach (var i in items)
{
if (result == null)
result = i;
else
result = new PhpBinaryOperatorExpression(".", result, i);
}
if (result != null)
{
var simplifier = new ExpressionSimplifier(new OptimizeOptions());
result = simplifier.Simplify(result);
}
return result;
}
public Backwalker(IBackWalkHost host, RtlTransfer xfer, ExpressionSimplifier eval)
{
this.host = host;
this.eval = eval;
var target = xfer.Target;
var seq = xfer.Target as MkSequence;
if (seq != null)
{
target = seq.Tail;
}
var mem = target as MemoryAccess;
if (mem == null)
{
Index = RegisterOf(target as Identifier);
}
else
{
Index = DetermineIndexRegister(mem);
}
Operations = new List<BackwalkOperation>();
}
public void EP_ConditionOf()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var szo = m.Frame.EnsureFlagGroup(0x7, "SZO", PrimitiveType.Byte);
var ebx = m.Frame.EnsureRegister(new RegisterStorage("ebx", 0, PrimitiveType.Word32));
var v4 = m.Frame.CreateTemporary(PrimitiveType.Word16);
m.Assign(v4, m.IAdd(m.LoadW(ebx), 1));
m.Store(ebx, v4);
m.Assign(szo, m.Cond(v4));
m.Return();
});
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[2].Instruction.Accept(ep);
Assert.AreEqual("SZO = cond(v4)", newInstr.ToString());
}
/// <summary>
///
/// </summary>
/// <param name="expression"></param>
/// <returns></returns>
protected string WriteNeutralFromAST(IExpression expression) {
Contract.Requires(expression != null);
var sourceEmitterOutput = new SourceEmitterOutputString();
var sourceEmitter = new NeutralSourceEmitter(sourceEmitterOutput);
var es = new ExpressionSimplifier();
expression = es.Rewrite(expression);
sourceEmitter.Traverse(expression);
return sourceEmitterOutput.Data;
}
/// <summary>
///
/// </summary>
/// <param name="expression"></param>
/// <returns></returns>
protected string WriteCSharpFromAST(IExpression expression) {
Contract.Requires(expression != null);
SourceEmitterOutputString sourceEmitterOutput = new SourceEmitterOutputString();
SourceEmitter CSSourceEmitter = new SourceEmitter(sourceEmitterOutput);
ExpressionSimplifier es = new ExpressionSimplifier();
expression = es.Rewrite(expression);
CSSourceEmitter.Traverse(expression);
return sourceEmitterOutput.Data;
}
/// <summary>
///
/// </summary>
/// <param name="expression"></param>
/// <returns></returns>
protected string WriteVBFromAST(IExpression expression) {
Contract.Requires(expression != null);
var sourceEmitterOutput = new VBSourceEmitter.SourceEmitterOutputString();
var VBSourceEmitter = new VBSourceEmitter.SourceEmitter(this.host, sourceEmitterOutput);
var es = new ExpressionSimplifier();
expression = es.Rewrite(expression);
VBSourceEmitter.Traverse(expression);
return sourceEmitterOutput.Data;
}
public void VpShiftShift()
{
Identifier id = Reg32("id");
ProcedureBuilder m = new ProcedureBuilder();
Expression e = m.Shl(m.Shl(id, 1), 4);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.AreEqual("id << 0x05", e.ToString());
}
public void VpMulAddShift()
{
Identifier id = Reg32("id");
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
PrimitiveType t = PrimitiveType.Int32;
BinaryExpression b = new BinaryExpression(Operator.Shl, t,
new BinaryExpression(Operator.IAdd, t,
new BinaryExpression(Operator.SMul, t, id, Constant.Create(t, 4)),
id),
Constant.Create(t, 2));
Expression e = vp.VisitBinaryExpression(b);
Assert.AreEqual("id *s 20", e.ToString());
}
public void Setup()
{
arch = new FakeArchitecture();
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState());
host = new BackwalkerHost(arch);
}
public void EP_Application()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var r1 = m.Frame.EnsureRegister(new RegisterStorage("r1", 1, PrimitiveType.Word32));
m.Assign(r1, m.Word32(0x42));
m.SideEffect(m.Fn("foo", r1));
m.Return();
});
var arch = new FakeArchitecture();
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("foo(0x00000042)", newInstr.ToString());
}
public void VpShiftSum()
{
ProcedureBuilder m = new ProcedureBuilder();
Expression e = m.Shl(1, m.ISub(Constant.Byte(32), 1));
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.AreEqual("0x80000000", e.ToString());
}
public void EP_IndirectCall()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var r1 = m.Register("r1");
m.Assign(r1, m.Word32(0x42));
m.Emit(new CallInstruction(r1, new CallSite(4, 0)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString());
}
public void Setup()
{
arch = new X86ArchitectureFlat32();
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState());
SCZO = m.Frame.EnsureFlagGroup(Registers.eflags, (uint)(FlagM.SF | FlagM.CF | FlagM.ZF | FlagM.OF), "SCZO", PrimitiveType.Byte);
host = new BackwalkerHost(arch);
}
public void VpSequenceOfConstants()
{
Constant pre = Constant.Word16(0x0001);
Constant fix = Constant.Word16(0x0002);
Expression e = new MkSequence(PrimitiveType.Word32, pre, fix);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.AreEqual("0x00010002", e.ToString());
}
public void VpMkSequenceToAddress()
{
Constant seg = Constant.Create(PrimitiveType.SegmentSelector, 0x4711);
Constant off = Constant.Word16(0x4111);
arch.Expect(a => a.MakeSegmentedAddress(seg, off)).Return(Address.SegPtr(0x4711, 0x4111));
mr.ReplayAll();
Expression e = new MkSequence(PrimitiveType.Word32, seg, off);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
e = e.Accept(vp);
Assert.IsInstanceOf(typeof(Address), e);
Assert.AreEqual("4711:4111", e.ToString());
mr.VerifyAll();
}
public void EP_LValue()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
Identifier r2 = null;
Identifier sp = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
sp = m.Frame.EnsureRegister(arch.StackRegister);
m.Store(m.ISub(sp, 12), m.ISub(sp, 16));
m.Store(m.ISub(sp, 12), 2);
});
var ctx = new SymbolicEvaluationContext (arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch,simplifier,ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister]= proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = fp - 0x00000010", instr1.ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = 0x00000002", instr2.ToString());
}
public void EP_StackReference()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister);
var r1 = m.Register(1);
m.Assign(sp, m.ISub(sp, 4));
m.Assign(r1, m.LoadDw(m.IAdd(sp, 8)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var newInstr = stms[0].Instruction.Accept(ep);
Assert.AreEqual("r63 = fp - 0x00000004", newInstr.ToString());
newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("r1 = dwArg04", newInstr.ToString());
}
//private string WriteCSharpFromAST(IExpression expression) {
// SourceEmitterOutputString sourceEmitterOutput = new SourceEmitterOutputString();
// SourceEmitter CSSourceEmitter = new SourceEmitter(sourceEmitterOutput);
// ExpressionSimplifier es = new ExpressionSimplifier();
// expression = es.Rewrite(expression);
// CSSourceEmitter.Traverse(expression);
// return sourceEmitterOutput.Data;
//}
//private string WriteVBFromAST(IExpression expression) {
// var sourceEmitterOutput = new VBSourceEmitter.SourceEmitterOutputString();
// var VBSourceEmitter = new VBSourceEmitter.SourceEmitter(this.host, sourceEmitterOutput);
// var es = new ExpressionSimplifier();
// expression = es.Rewrite(expression);
// VBSourceEmitter.Traverse(expression);
// return sourceEmitterOutput.Data;
//}
/// <summary>
/// Writes the exception thrown by this IPrecondition into an "exception" xml element.
/// </summary>
public void WriteExceptionTo(XmlWriter writer) {
if (String.IsNullOrEmpty(this.exception)) return;
writer.WriteStartElement("exception");
writer.WriteAttributeString("cref", this.exception);
if (!String.IsNullOrEmpty(this.precondition.OriginalSource))
writer.WriteString(BooleanExpressionHelper.NegatePredicate(this.precondition.OriginalSource));
else {
this.docTracker.WriteLine("Warning: Writing exception, but no OriginalSource found.");
//Emit the condition instead of the OriginalSource
SourceEmitterOutputString sourceEmitterOutput = new SourceEmitterOutputString();
SourceEmitter CSSourceEmitter = new SourceEmitter(sourceEmitterOutput);
ExpressionSimplifier es = new ExpressionSimplifier();
LogicalNot logicalNot = new LogicalNot();
logicalNot.Operand = this.precondition.Condition;
var condition = es.Rewrite(logicalNot);
CSSourceEmitter.Traverse(condition);
writer.WriteString(sourceEmitterOutput.Data);
}
writer.WriteEndElement();
}
public void VpMkSequenceToAddress()
{
Constant seg = Constant.Create(PrimitiveType.SegmentSelector, 0x4711);
Constant off = Constant.Word16(0x4111);
Expression e = new MkSequence(PrimitiveType.Word32, seg, off);
var vp = new ExpressionSimplifier(new SsaEvaluationContext(ssaIds));
e = e.Accept(vp);
Assert.IsInstanceOf(typeof(Address), e);
Assert.AreEqual("4711:4111", e.ToString());
}
public void VpNegSub()
{
Identifier x = Reg32("x");
Identifier y = Reg32("y");
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
Expression e = vp.VisitUnaryExpression(
new UnaryExpression(Operator.Neg, PrimitiveType.Word32, new BinaryExpression(
Operator.ISub, PrimitiveType.Word32, x, y)));
Assert.AreEqual("y - x", e.ToString());
}
public void Setup()
{
arch = new IntelArchitecture(ProcessorMode.Protected32);
m = new ProcedureBuilder();
state = arch.CreateProcessorState();
expSimp = new ExpressionSimplifier(arch.CreateProcessorState());
SCZO = m.Frame.EnsureFlagGroup((uint)(FlagM.SF | FlagM.CF | FlagM.ZF | FlagM.OF), "SCZO", PrimitiveType.Byte);
host = new BackwalkerHost();
}
private void BuildExpressionSimplifier()
{
SsaIdentifierCollection ssaIds = BuildSsaIdentifiers();
table = new Dictionary<Expression,Expression>();
simplifier = new ExpressionSimplifier(new SsaEvaluationContext(ssaIds));
}
public static IExpression Simplify(Sink sink, IExpression expression) {
var a = new ExpressionSimplifier(sink);
return a.Rewrite(expression);
}
public void VpSliceConstant()
{
var vp = new ExpressionSimplifier(new SsaEvaluationContext(arch, ssaIds));
Expression c = new Slice(PrimitiveType.Byte, Constant.Word32(0x10FF), 0).Accept(vp);
Assert.AreEqual("0xFF", c.ToString());
}
private void Given_ExpressionSimplifier()
{
SsaIdentifierCollection ssaIds = BuildSsaIdentifiers();
simplifier = new ExpressionSimplifier(new SsaEvaluationContext(null, ssaIds));
}