public void Urb_Remove_many_blocks()
{
var m = new SsaProcedureBuilder(name: nameof(Urb_Remove_many_blocks));
var r1_1 = m.Reg32("r1_1");
var r1_2 = m.Reg32("r1_2");
var r1_3 = m.Reg32("r1_3");
var r1_4 = m.Reg32("r1_4");
var r2 = m.Reg32("r2");
m.AddDefToEntryBlock(r2);
m.BranchIf(Constant.False(), "m2");
m.Label("m1");
m.Assign(r1_1, 1);
m.Goto("m4");
m.Label("m2"); // dead code
m.BranchIf(m.Eq0(r2), "m3");
m.Label("m2a");
m.Assign(r1_2, 2);
m.Goto("m4");
m.Label("m3");
m.Assign(r1_3, 3);
// end of dead code.
m.Label("m4");
m.Phi(r1_4, (r1_1, "m1"), (r1_2, "m2a"), (r1_3, "m3"));
m.Return(r1_4);
var sExp =
#region
@"// Urb_Remove_many_blocks
// Return size: 0
define Urb_Remove_many_blocks
Urb_Remove_many_blocks_entry:
def r2
// succ: l1
l1:
// succ: m1
m1:
r1_1 = 1<32>
// succ: m4
m4:
r1_4 = r1_1
return r1_4
// succ: Urb_Remove_many_blocks_exit
Urb_Remove_many_blocks_exit:
";
#endregion
RunTest(sExp, m);
}
public void Spbp_LinearProcedure()
{
var m = new SsaProcedureBuilder(nameof(Spbp_LinearProcedure));
var fp = m.Ssa.Identifiers.Add(m.Frame.FramePointer, null, null, false).Identifier;
Given_StackPointer(m);
var sp_1 = m.Reg("sp_1", m.Architecture.StackRegister);
var sp_2 = m.Reg("sp_2", m.Architecture.StackRegister);
var sp_3 = m.Reg("sp_3", m.Architecture.StackRegister);
m.AddDefToEntryBlock(fp);
m.Assign(sp_1, m.ISub(fp, m.Int32(4)));
// Indirect call = hell node
var ci = m.Call(m.Mem32(m.Word32(0x2)), 4,
new[] { sp_1 },
new[] { sp_2 });
m.Assign(sp_3, m.IAdd(sp_2, m.Int32(4)));
m.Return();
m.AddUseToExitBlock(sp_3);
RunTest(m.Ssa);
var sExp =
#region Expected
@"Spbp_LinearProcedure_entry:
def fp
l1:
sp_1 = fp - 4
call Mem4[0x00000002:word32] (retsize: 4;)
uses: sp:sp_1
sp_2 = fp - 4
sp_3 = fp
return
Spbp_LinearProcedure_exit:
use sp_3
";
#endregion
AssertStringsEqual(sExp, m.Ssa);
}
public void Cab_GuessStackParameter()
{
var m = new SsaProcedureBuilder(nameof(Cab_Sequence));
var sp = m.Reg("sp", m.Procedure.Architecture.StackRegister);
m.AddDefToEntryBlock(sp);
var r2_1 = m.Reg("r2_1", reg2);
var r3_2 = m.Reg("r3_2", reg3);
m.MStore(sp, m.Word32(0x0001234));
m.MStore(m.IAdd(sp, 4), m.Word32(0x5678ABCD));
var sigCallee = FunctionType.Action(
new Identifier("arg04", PrimitiveType.Word32,
new StackArgumentStorage(4, PrimitiveType.Word32)),
new Identifier("arg08", PrimitiveType.Word32,
new StackArgumentStorage(8, PrimitiveType.Word32)));
sigCallee.ReturnAddressOnStack = 4;
var callee = new ProcedureConstant(
PrimitiveType.Ptr32,
new ExternalProcedure("callee", sigCallee));
var stmCall = m.Call(callee, 0,
new Identifier[] { sp },
new Identifier[] { });
m.Return();
var cab = new CallApplicationBuilder(
m.Ssa,
stmCall,
(CallInstruction)stmCall.Instruction,
callee,
true);
var instr = cab.CreateInstruction(sigCallee, null);
Assert.AreEqual("callee(Mem4[sp:word32], Mem4[sp + 4<i32>:word32])", instr.ToString());
m.Ssa.Validate(s => Assert.Fail(s));
}
public void Vp64BitConstant()
{
var r9_1 = m.Reg32("r9_1", 9);
var r10_1 = m.Reg64("r10_1", 10);
var r10_2 = m.Reg64("r10_2", 10);
var r11_1 = m.Reg64("r11_1", 11);
var r11_2 = m.Reg64("r11_2", 11);
var r11_3 = m.Reg64("r11_3", 11);
var r4_1 = m.Reg64("r4_1", 4);
var r19 = m.Reg64("r19", 19);
var r30 = m.Reg64("r30", 30);
var v30 = m.Temp(PrimitiveType.Word32, "v30");
m.AddDefToEntryBlock(r19);
m.AddDefToEntryBlock(r30);
m.Assign(r11_1, m.Word64(0x91690000));
m.Assign(r4_1, m.Cast(PrimitiveType.Word64, m.Mem32(m.IAdd(r19, 28))));
m.Assign(r10_1, m.Word64(0x42420000));
m.Assign(r11_2, m.Or(r11_1, 0x1448));
m.Assign(r10_2, m.Or(r10_1, 0x8DA6));
m.Assign(r9_1, m.And(r30, m.Word64(0xFFFFFFFF)));
m.Assign(v30, m.Slice(PrimitiveType.Word32, r11_2, 0));
m.Assign(r11_3, m.Seq(m.Slice(PrimitiveType.Word32, r10_2, 0), v30));
RunValuePropagator();
var sExp =
#region Expected
@"r9_1: orig: r9_1
def: r9_1 = r30 & 0xFFFFFFFF<64>
r10_1: orig: r10_1
def: r10_1 = 0x42420000<64>
r10_2: orig: r10_2
def: r10_2 = 0x42428DA6<64>
r11_1: orig: r11_1
def: r11_1 = 0x91690000<64>
r11_2: orig: r11_2
def: r11_2 = 0x91691448<64>
r11_3: orig: r11_3
def: r11_3 = 0x42428DA691691448<64>
r4_1: orig: r4_1
def: r4_1 = (word64) Mem10[r19 + 0x1C<64>:word32]
r19: orig: r19
def: def r19
uses: r4_1 = (word64) Mem10[r19 + 0x1C<64>:word32]
r30: orig: r30
def: def r30
uses: r9_1 = r30 & 0xFFFFFFFF<64>
v30: orig: v30
def: v30 = 0x91691448<32>
Mem10: orig: Mem0
uses: r4_1 = (word64) Mem10[r19 + 0x1C<64>:word32]
// SsaProcedureBuilder
// Return size: 0
define SsaProcedureBuilder
SsaProcedureBuilder_entry:
def r19
def r30
// succ: l1
l1:
r11_1 = 0x91690000<64>
r4_1 = (word64) Mem10[r19 + 0x1C<64>:word32]
r10_1 = 0x42420000<64>
r11_2 = 0x91691448<64>
r10_2 = 0x42428DA6<64>
r9_1 = r30 & 0xFFFFFFFF<64>
v30 = 0x91691448<32>
r11_3 = 0x42428DA691691448<64>
SsaProcedureBuilder_exit:
";
#endregion
AssertStringsEqual(sExp, m.Ssa);
}
public void Spbp_SpaceOnStack()
{
var m = new SsaProcedureBuilder(nameof(Spbp_SpaceOnStack));
var fp = m.Ssa.Identifiers.Add(m.Frame.FramePointer, null, null, false).Identifier;
Given_StackPointer(m);
var sp_1 = m.Reg("sp_1", sp);
var sp_2 = m.Reg("sp_2", sp);
var sp_3 = m.Reg("sp_3", sp);
var sp_4 = m.Reg("sp_4", sp);
var sp_5 = m.Reg("sp_5", sp);
var sp_6 = m.Reg("sp_6", sp);
var sp_7 = m.Reg("sp_7", sp);
var sp_8 = m.Reg("sp_8", sp);
var a = m.Reg("a", new RegisterStorage("a", 1, 0, PrimitiveType.Word32));
var b = m.Reg("b", new RegisterStorage("b", 2, 0, PrimitiveType.Word32));
var a_1 = m.Reg("a_1", (RegisterStorage)a.Storage);
var b_1 = m.Reg("b_1", (RegisterStorage)b.Storage);
m.AddDefToEntryBlock(fp);
m.Assign(sp_2, m.ISub(fp, 4)); // space for a
m.MStore(sp_2, a);
m.Assign(sp_3, m.ISub(fp, 4)); // space for b
m.MStore(sp_3, b);
m.Assign(sp_4, m.ISub(fp, 40)); // 40 bytes of stack space
m.MStore(sp_4, m.Word32(0xDEADBABE));
m.Call(m.Mem32(m.Word32(0x00123400)), 4,
new[] { sp_4 },
new[] { sp_5 });
m.Assign(sp_6, m.IAdd(sp_5, 40));
m.Assign(b_1, m.Mem32(sp_6));
m.Assign(sp_7, m.IAdd(sp_6, 4));
m.Assign(a_1, m.Mem32(sp_7));
m.Assign(sp_8, m.IAdd(sp_7, 4));
m.Return();
m.AddUseToExitBlock(sp_8);
RunTest(m.Ssa);
var sExp =
#region Expected
@"Spbp_SpaceOnStack_entry:
def fp
l1:
sp_2 = fp - 0x00000004
Mem13[sp_2:word32] = a
sp_3 = fp - 0x00000004
Mem14[sp_3:word32] = b
sp_4 = fp - 0x00000028
Mem15[sp_4:word32] = 0xDEADBABE
call Mem16[0x00123400:word32] (retsize: 4;)
uses: sp:sp_4
sp_5 = fp - 48
sp_6 = fp - 8
b_1 = Mem17[sp_6:word32]
sp_7 = fp - 4
a_1 = Mem18[sp_7:word32]
sp_8 = fp
return
Spbp_SpaceOnStack_exit:
use sp_8
";
#endregion
this.AssertStringsEqual(sExp, m.Ssa);
}
public void Spbp_TwoExits()
{
var m = new SsaProcedureBuilder(nameof(Spbp_TwoExits));
Given_FramePointer(m);
Given_StackPointer(m);
var sp_1 = m.Reg("sp_1", m.Architecture.StackRegister);
var sp_2 = m.Reg("sp_2", m.Architecture.StackRegister);
var sp_3 = m.Reg("sp_3", m.Architecture.StackRegister);
var sp_4 = m.Reg("sp_4", m.Architecture.StackRegister);
var sp_5 = m.Reg("sp_5", m.Architecture.StackRegister);
var sp_6 = m.Reg("sp_6", m.Architecture.StackRegister);
m.AddDefToEntryBlock(fp);
m.Assign(sp_1, m.ISub(fp, m.Int32(4)));
m.BranchIf(m.Eq0(m.Mem32(m.Word32(0x1))), "m_eq0");
m.Label("m_ne0");
// Indirect call = hell node
m.Call(m.Mem32(m.Word32(0x4)), 4,
new[] { sp_1 },
new[] { sp_2 });
m.Assign(sp_3, m.IAdd(sp_2, m.Int32(4)));
m.Return();
m.Label("m_eq0");
// Indirect call = hell node
m.Call(m.Mem32(m.Word32(0x8)), 4,
new[] { sp_1 },
new[] { sp_4 });
m.Assign(sp_5, m.IAdd(sp_4, m.Int32(4)));
m.Return();
m.AddPhiToExitBlock(sp_6, (sp_3, "m_ne0"), (sp_5, "m_eq0"));
m.AddUseToExitBlock(sp_6);
RunTest(m.Ssa);
var sExp =
#region Expected
@"Spbp_TwoExits_entry:
def fp
l1:
sp_1 = fp - 4
branch Mem7[0x00000001:word32] == 0x00000000 m_eq0
goto m_ne0
m_eq0:
call Mem9[0x00000008:word32] (retsize: 4;)
uses: sp:sp_1
sp_4 = fp - 4
sp_5 = fp
return
m_ne0:
call Mem8[0x00000004:word32] (retsize: 4;)
uses: sp:sp_1
sp_2 = fp - 4
sp_3 = fp
return
Spbp_TwoExits_exit:
sp_6 = PHI((sp_3, m_ne0), (sp_5, m_eq0))
use sp_6
";
#endregion
AssertStringsEqual(sExp, m.Ssa);
}