public void Dfa2_Simple()
{
var pb = new ProgramBuilder(new FakeArchitecture());
pb.Add("test", m=>
{
var r1 = m.Reg32("r1");
var r2 = m.Reg32("r2");
m.Assign(r1, m.LoadDw(m.Word32(0x010000)));
m.Assign(r2, m.LoadDw(m.Word32(0x010004)));
m.Store(m.Word32(0x010008), m.IAdd(r1, r2));
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem6[0x00010008:word32] = Mem0[0x00010000:word32] + Mem0[0x00010004:word32]
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb);
}
protected Program CompileTest(Action<ProcedureBuilder> m)
{
var mock = new ProcedureBuilder();
m(mock);
var pmock = new ProgramBuilder();
pmock.Add(mock);
return pmock.BuildProgram();
}
public void DpaSimple()
{
var prog = new ProgramBuilder();
prog.Add("test", m=>
{
var r1 = m.Register(1);
m.Assign(r1, m.Load(PrimitiveType.Real32, m.Word32(0x10000000)));
});
RunTest(prog.BuildProgram(), "Typing/DpaSimple.txt");
}
public void EP_TestCondition()
{
var p = new ProgramBuilder();
p.Add("main", (m) =>
{
m.Label("foo");
m.BranchCc(ConditionCode.EQ, "foo");
m.Return();
});
var proc = p.BuildProgram().Procedures.Values.First();
var ctx = new SymbolicEvaluationContext(new IntelArchitecture(ProcessorMode.Protected32), proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var newInstr = proc.EntryBlock.Succ[0].Statements[0].Instruction.Accept(ep);
Assert.AreEqual("branch Test(EQ,Z) foo", newInstr.ToString());
}
public void TerComparison()
{
ProgramBuilder prog = new ProgramBuilder(new LoadedImage(Address.Ptr32(0x00100000), new byte[0x4000]));
prog.Add("proc1", m =>
{
Identifier p = m.Local32("p");
Expression fetch = m.Load(new Pointer(new StructureType("foo", 8), 4), m.IAdd(p, 4));
m.Assign(m.LocalBool("f"), m.Lt(fetch, m.Word32(0x00100028)));
});
RunTest(prog.BuildProgram(), "Typing/TerComparison.txt");
}
public void Dfa2_FactorialReg()
{
pb = new ProgramBuilder();
pb.Add("fact", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var r1 = m.Register(1);
var r2 = m.Register(2);
var r3 = m.Register(3);
var cc = m.Flags(0xF, "cc");
m.Assign(sp, m.Frame.FramePointer);
m.Assign(r2, r1);
m.Assign(r1, 1);
m.Assign(cc, m.Cond(m.ISub(r2, r1)));
m.BranchIf(m.Test(ConditionCode.LE, cc), "done");
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, r2);
m.Assign(r1, m.ISub(r2, r1));
m.Call("fact", 0);
m.Assign(r2, m.LoadDw(sp));
m.Assign(sp, m.IAdd(sp, 4));
m.Assign(r1, m.IMul(r1, r2));
m.Label("done");
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp =
@"@@@";
AssertProgram(sExp, pb);
}
public void DpaConstantPointer()
{
ProgramBuilder prog = new ProgramBuilder();
ProcedureBuilder m = new ProcedureBuilder();
Identifier r1 = m.Register(1);
m.Assign(r1, 0x123130);
m.Store(r1, m.Int32(0x42));
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DpaConstantPointer.txt");
}
public void DpaConstantMemberPointer()
{
ProgramBuilder prog = new ProgramBuilder();
ProcedureBuilder m = new ProcedureBuilder();
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
Identifier bx = m.Local16("bx");
m.Assign(bx, 0x1234);
m.Store(m.SegMemW(ds, bx), m.Int16(0x0042));
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DpaConstantMemberPointer.txt");
}
public void Dfa2_CallProc()
{
pb = new ProgramBuilder();
pb.Add("test", m =>
{
var sp = m.Register(m.Architecture.StackRegister);
var fooProc = GivenFunction("foo", m.Architecture.GetRegister(1), 4, 8);
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, 2);
m.Assign(sp, m.ISub(sp, 4));
m.Store(sp, 1);
m.Call(fooProc, 4);
m.Assign(sp, m.IAdd(sp, 8));
m.Return();
});
var dfa = new DataFlowAnalysis(pb.BuildProgram(), new FakeDecompilerEventListener());
dfa.UntangleProcedures2();
var sExp = @"// test
// Return size: 0
void test()
test_entry:
// succ: l1
l1:
Mem9[0x00010008:word32] = Mem0[fp + 0x00000004:word32] + Mem0[fp + 0x00000008:word32]
return
// succ: test_exit
test_exit:
";
AssertProgram(sExp, pb);
}
public void DtbSignedCompare()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier p = m.Local32("p");
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
Identifier ds2 = m.Local16("ds2");
ds.DataType = PrimitiveType.SegmentSelector;
m.Assign(ds2, ds);
m.Store(
m.SegMem(PrimitiveType.Bool, ds, m.Word16(0x5400)),
m.Lt(m.SegMemW(ds, m.Word16(0x5404)), m.Word16(20)));
m.Store(m.SegMemW(ds2, m.Word16(0x5404)), m.Word16(0));
ProgramBuilder prog = new ProgramBuilder();
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DtbSignedCompare.txt");
}
public void DtbArrayConstantPointers()
{
ProgramBuilder pp = new ProgramBuilder();
pp.Add("Fn", m =>
{
Identifier a = m.Local32("a");
Identifier i = m.Local32("i");
m.Assign(a, 0x00123456); // array pointer
m.Store(m.IAdd(a, m.IMul(i, 8)), m.Int32(42));
});
RunTest(pp.BuildProgram(), "Typing/DtbArrayConstantPointers.txt");
}
public void DtbSegmentedPointer()
{
var m = new ProgramBuilder();
m.Add(new SegmentedPointerProc());
RunTest(m.BuildProgram(), "Typing/DtbSegmentedPointer.txt");
}
public void DtbFn1CallFn2()
{
ProgramBuilder pp = new ProgramBuilder();
pp.Add("Fn1", m =>
{
Identifier loc1 = m.Local32("loc1");
Identifier loc2 = m.Local32("loc2");
m.Assign(loc2, m.Fn("Fn2", loc1));
m.Return();
});
pp.Add("Fn2", m =>
{
Identifier arg1 = m.Local32("arg1");
Identifier ret = m.Register(1);
m.Procedure.Signature = new ProcedureSignature(ret, new Identifier[] { arg1 });
m.Procedure.Signature.Parameters[0] = arg1;
m.Assign(ret, m.IAdd(arg1, 1));
m.Return(ret);
});
RunTest(pp.BuildProgram(), "Typing/DtbFn1CallFn2.txt");
}
public void TerAddNonConstantToPointer()
{
ProgramBuilder prog = new ProgramBuilder();
prog.Add("proc1", m =>
{
Identifier i = m.Local16("i");
Identifier p = m.Local16("p");
m.Store(p, m.Word16(4));
m.Store(m.IAdd(p, 4), m.Word16(4));
m.Assign(p, m.IAdd(p, i));
});
RunTest(prog.BuildProgram(), "Typing/TerAddNonConstantToPointer.txt");
}
private void RunTest(ProgramBuilder p, string output)
{
SaveRunOutput(p.BuildProgram(), RunTest, output);
}
public void TerArrayConstantPointers()
{
ProgramBuilder pp = new ProgramBuilder(new LoadedImage(Address.Ptr32(0x00123000), new byte[4000]));
pp.Add("Fn", m =>
{
Identifier a = m.Local32("a");
Identifier i = m.Local32("i");
m.Assign(a, 0x00123456); // array pointer
m.Store(m.IAdd(a, m.IMul(i, 8)), m.Int32(42));
});
RunTest(pp.BuildProgram(), "Typing/TerArrayConstantPointers.txt");
}
public void TerSegMemPtr2()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new SegmentedMemoryPointerMock2());
RunTest(mock.BuildProgram(), "Typing/TerSegMemPtr2.txt");
}
public void TerVector()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new VectorFragment());
RunTest(mock.BuildProgram(), "Typing/TerVector.txt");
}
public void TerConstantUnion()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new ConstantUnionMock());
RunTest(mock.BuildProgram(), "Typing/TerConstantUnion.txt");
}
public void TerUnionIntReal()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new UnionIntRealMock());
RunTest(mock.BuildProgram(), "Typing/TerUnionIntReal.txt");
}
public void DtbSegMem3()
{
ProgramBuilder mock = new ProgramBuilder();
mock.Add(new SegMem3Mock());
RunTest(mock.BuildProgram(), "Typing/DtbSegMem3.txt");
}
public void TerUnionConstants()
{
ProgramBuilder prog = new ProgramBuilder();
prog.Add("proc1", m =>
{
Identifier bx = m.Local16("bx");
m.Assign(bx, m.Shr(bx, 2)); // makes bx unsigned uint16
m.Assign(m.LocalBool("f"), m.Lt(bx, 4)); // makes bx also signed; assembler bug, but forces a union.
m.Assign(bx, m.Word16(4)); // what type should 4 have?
});
RunTest(prog.BuildProgram(), "Typing/TerUnionConstants.txt");
}
public void DtbSegmentedMemoryPointer()
{
ProgramBuilder m = new ProgramBuilder();
m.Add(new SegmentedMemoryPointerMock());
RunTest(m.BuildProgram(), "Typing/DtbSegmentedMemoryPointer.txt");
}
public void TerIntelIndexedAddressingMode()
{
ProgramBuilder m = new ProgramBuilder();
m.Add(new IntelIndexedAddressingMode());
RunTest(m.BuildProgram(), "Typing/TerIntelIndexedAddressingMode.txt");
}
public void DtbStructurePointerPassedToFunction()
{
ProgramBuilder pp = new ProgramBuilder();
pp.Add("Fn1", m =>
{
Identifier p = m.Local32("p");
m.Store(m.IAdd(p, 4), m.Word32(0x42));
m.SideEffect(m.Fn("Fn2", p));
m.Return();
});
pp.Add("Fn2", m =>
{
Identifier arg1 = m.Local32("arg1");
m.Procedure.Signature = new ProcedureSignature(null, new Identifier[] { arg1 });
m.Store(m.IAdd(arg1, 8), m.Int32(0x23));
m.Return();
});
RunTest(pp.BuildProgram(), "Typing/DtbStructurePointerPassedToFunction.txt");
}
public void TerSegmentedCall()
{
var pb = new ProgramBuilder();
pb.Add(new SegmentedCallFragment());
RunTest(pb.BuildProgram(), "Typing/TerSegmentedCall.txt");
}
public void DtbSequenceWithSegment()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
m.SegStore(ds, m.Word16(0x0100), m.Seq(ds, m.Word16(0x1234)));
ProgramBuilder prog = new ProgramBuilder();
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DtbSequenceWithSegment.txt");
}
public void TerPointerChain()
{
var pb = new ProgramBuilder();
pb.Add(new PointerChainFragment());
RunTest(pb.BuildProgram(), "Typing/TerPointerChain.txt");
}
public void DtbCallTable()
{
var pb = new ProgramBuilder();
pb.Add(new IndirectCallFragment());
RunTest(pb.BuildProgram(), "Typing/DtbCallTable.txt");
}
public void TerStaggeredArrays()
{
ProgramBuilder prog = new ProgramBuilder();
prog.Add(new StaggeredArraysFragment());
RunTest(prog.BuildProgram(), "Typing/TerStaggeredArrays.txt");
}
