public void ProcStr_While()
{
var r1 = m.Reg32("r1");
var r2 = m.Reg32("r2");
m.Label("head");
m.BranchIf(m.Eq(r1, r2), "done");
m.Label("loop");
m.Store(r1, m.LoadDw(r2));
m.Assign(r1, m.IAdd(r1, 4));
m.Assign(r2, m.IAdd(r2, 4));
m.Goto("head");
m.Label("done");
m.Return(r2);
var sExp =
@" while (r1 != r2)
{
Mem0[r1:word32] = Mem0[r2:word32];
r1 = r1 + 0x04;
r2 = r2 + 0x04;
}
return r2;
";
RunTest(sExp, m.Procedure);
}
public void VpEquality2()
{
// Makes sure that
// y = x - 2
// if (y == 0) ...
// doesn't get munged into
// y = x - 2
// if (x == 2)
Identifier x = Reg32("x");
Identifier y = Reg32("y");
ProcedureBuilder m = new ProcedureBuilder();
var stmX = m.Assign(x, m.LoadDw(Constant.Word32(0x1000300)));
ssaIds[x].DefStatement = m.Block.Statements.Last;
var stmY = m.Assign(y, m.ISub(x, 2));
ssaIds[y].DefStatement = m.Block.Statements.Last;
var stm = m.BranchIf(m.Eq(y, 0), "test");
Assert.AreEqual("x = Mem0[0x01000300:word32]", stmX.ToString());
Assert.AreEqual("y = x - 0x00000002", stmY.ToString());
Assert.AreEqual("branch y == 0x00000000 test", stm.ToString());
var vp = new ValuePropagator(arch, ssaIds, null);
vp.Transform(stm);
Assert.AreEqual("branch x == 0x00000002 test", stm.Instruction.ToString());
}
public void Exs_AddAddress32Constant()
{
Given_ExpressionSimplifier();
var expr = m.LoadDw(m.IAdd(Address.Ptr32(0x00123400), 0x56));
Assert.AreEqual("Mem0[0x00123456:word32]", expr.Accept(simplifier).ToString());
}
public void SsaPushAndPop()
{
// Mirrors the pattern of stack accesses used by x86 compilers.
var m = new ProcedureBuilder("SsaPushAndPop");
var esp = EnsureRegister32(m, "esp");
var ebp = EnsureRegister32(m, "ebp");
var eax = EnsureRegister32(m, "eax");
m.Assign(esp, m.ISub(esp, 4));
m.Store(esp, ebp);
m.Assign(ebp, esp);
m.Assign(eax, m.LoadDw(m.IAdd(ebp, 8))); // dwArg04
m.Assign(ebp, m.LoadDw(esp));
m.Assign(esp, m.IAdd(esp, 4));
m.Return();
RunUnitTest(m, "Analysis/SsaPushAndPop.txt");
}
public void Tmer_PointerToSingleItem()
{
var ptr = new Identifier("ptr", PrimitiveType.Word32, null);
CreateTv(ptr, new Pointer(point, 4), new Pointer(point, 4));
var tmer = new TypedExpressionRewriter(program, null);
var access = CreateTv(m.LoadDw(m.IAdd(ptr, 0)));
Expression e = access.Accept(tmer);
Assert.AreEqual("ptr->dw0000", e.ToString());
}
public void SsaCallIndirect()
{
var m = new ProcedureBuilder("SsaCallIndirect");
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
m.Assign(r1, m.LoadDw(r2));
m.Call(r1, 4);
m.Return();
RunUnitTest(m, "Analysis/SsaCallIndirect.txt");
}
public void BwReg_00121()
{
var d0 = m.Reg32("d0", 0);
var d3 = m.Reg32("d3", 3);
var a5 = m.Reg32("a5", 5);
var v38 = m.Temp(PrimitiveType.Word16, "v38");
var v39 = m.Temp(PrimitiveType.Byte, "v39");
var v40 = m.Temp(PrimitiveType.Word16, "v40");
var VZN = m.Flags("VZN");
var ZN = m.Flags("ZN");
var C = m.Flags("C");
var V = m.Flags("V");
var CVZN = m.Flags("CVZN");
var CVZNX = m.Flags("CVZNX");
m.Assign(d0, d3);
m.Assign(CVZN, m.Cond(d0));
m.Assign(v38, m.And(m.Cast(PrimitiveType.Word16, d0), 0xF0));
m.Assign(d0, m.Dpb(d0, v38, 0));
m.Assign(ZN, m.Cond(v38));
m.Assign(C, false);
m.Assign(V, false);
m.Assign(v39, m.Shl(m.Cast(PrimitiveType.Byte, d0), 2));
m.Assign(d0, m.Dpb(d0, v39, 0));
m.Assign(CVZNX, m.Cond(v39));
m.Assign(v40, m.ISub(m.Cast(PrimitiveType.Word16, d0), 44));
m.Assign(CVZN, m.Cond(v40));
m.BranchIf(m.Test(ConditionCode.GT, VZN), "lDefault");
m.Assign(a5, m.LoadDw(m.IAdd(Address.Ptr32(0x0000C046), d0)));
var xfer = new RtlCall(a5, 4, RtlClass.Transfer);
var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp);
Assert.IsTrue(bw.CanBackwalk());
Assert.AreEqual("a5", bw.Index.Name);
bw.BackWalk(m.Block);
Assert.AreEqual("v40", bw.IndexExpression.ToString());
}
public void Match_AddRegMem()
{
var addAxMem = m.Assign(ax, m.IAdd(ax, m.LoadW(m.IAdd(bx, 0x300))));
var adcDxMem = m.Assign(
dx,
m.IAdd(
m.IAdd(
dx,
m.LoadDw(m.IAdd(bx, 0x302))),
CF));
var instr = CreateLongInstruction(addAxMem, adcDxMem);
Assert.AreEqual("dx_ax = dx_ax + Mem0[bx + 0x0300:ui32]", instr.ToString());
}
public void DfaUnsignedDiv()
{
var m = new ProcedureBuilder();
var r1 = m.Register(1);
var r2 = m.Register(2);
var r2_r1 = m.Frame.EnsureSequence(r2.Storage, r1.Storage, PrimitiveType.Word64);
var tmp = m.Frame.CreateTemporary(r2_r1.DataType);
m.Assign(r1, m.LoadDw(m.Word32(0x123400)));
m.Assign(r2_r1, m.Seq(m.Word32(0), r1));
m.Assign(tmp, r2_r1);
m.Assign(r1, m.UDiv(tmp, m.Word32(42)));
m.Store(m.Word32(0x123404), r1);
m.Return();
RunFileTest(m, "Analysis/DfaUnsignedDiv.txt");
}
public void SsaSwitchWithSharedBranches()
{
var m = new ProcedureBuilder("SsaSwitchWithSharedBranches");
var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister);
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
var foo = new ExternalProcedure("foo", new FunctionType(
new Identifier("", VoidType.Instance, null),
new Identifier("arg1", PrimitiveType.Int32, new StackArgumentStorage(4, PrimitiveType.Int32))));
m.Assign(sp, m.Frame.FramePointer);
m.Assign(r1, m.LoadDw(m.IAdd(sp, 4)));
m.BranchIf(m.Ugt(r1, m.Word32(0x5)), "m4_default");
m.Label("m1");
m.Switch(r1,
"m2", "m2", "m3", "m3", "m2", "m3");
m.Label("m2");
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, m.Word32(0x42));
m.Call(foo, 4);
m.Assign(sp, m.IAdd(sp, 4));
// fall through
m.Label("m3");
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, m.Word32(42));
m.Call(foo, 4);
m.Assign(sp, m.IAdd(sp, 4));
// fall through
m.Label("m4_default");
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, m.Word32(0));
m.Call(foo, 4);
m.Assign(sp, m.IAdd(sp, 4));
m.Return();
RunUnitTest(m, "Analysis/SsaSwitchWithSharedBranches.txt");
}
public void TrfCopyBack()
{
var esp = m.Frame.EnsureRegister(Registers.esp);
var r2 = m.Register(2);
var stm1 = m.Store(m.ISub(esp, 0x10), r2);
var stm2 = m.Assign(r2, m.Int32(0));
var stm3 = m.Assign(r2, m.LoadDw(m.ISub(esp, 0x10)));
trf = CreateTrashedRegisterFinder();
var flow = CreateBlockFlow(m.Block, m.Frame);
flow.SymbolicIn.SetValue((Identifier)esp, (Expression)this.m.Frame.FramePointer);
trf.StartProcessingBlock(m.Block);
stm1.Instruction.Accept(trf);
stm2.Accept(trf);
stm3.Accept(trf);
Assert.AreEqual(r2, trf.RegisterSymbolicValues[(RegisterStorage)r2.Storage]);
}
public static void MemStore(ProcedureBuilder m)
{
m.Store(m.Word32(0x3120), m.Word32(0));
m.Store(m.Word32(0x3120), m.IAdd(m.LoadDw(m.Word32(0x3120)), 1));
m.Return();
}
public void BwAdd()
{
var eax = m.Frame.EnsureRegister(Registers.eax);
var bw = new Backwalker(
host,
new RtlGoto(m.LoadDw(m.IAdd(eax, 0x10000)), RtlClass.Transfer),
expSimp);
Assert.IsTrue(bw.BackwalkInstruction(m.Assign(eax, m.IAdd(eax, eax))));
Assert.AreSame(Registers.eax, bw.Index);
Assert.AreEqual("* 2", bw.Operations[0].ToString());
Assert.AreEqual(2, bw.Stride);
}