public void Pdg_LoopWithIfElse()
{
var m = new ProcedureBuilder();
var c = m.Declare(PrimitiveType.Word32, "c");
var f = m.Declare(PrimitiveType.Bool, "f");
m.Label("loopHead");
m.BranchIf(m.Eq(c, 0), "done");
m.BranchIf(f, "then");
m.Label("else");
m.SideEffect(m.Fn("CallElse"));
m.Jump("loopHead");
m.Label("then");
m.SideEffect(m.Fn("CallThen"));
m.Jump("loopHead");
m.Label("done");
m.Return();
FindPostDominators(m);
string sExp =
"done (6): idom ProcedureBuilder_exit (7)" + nl +
"else (4): idom loopHead (2)" + nl +
"l1 (3): idom loopHead (2)" + nl +
"loopHead (2): idom done (6)" + nl +
"ProcedureBuilder_entry (1): idom loopHead (2)" + nl +
"ProcedureBuilder_exit (7): idom " + nl +
"then (5): idom loopHead (2)" + nl;
Assert.AreEqual(sExp, sw.ToString());
}
public void Exs_Rolc_To_Shl()
{
Given_ExpressionSimplifier();
var expr = m.Fn(rolc_8, foo, m.Byte(1), Constant.False());
Assert.AreEqual("foo_1 << 1<8>", expr.Accept(simplifier).ToString());
}
public void CfgcJmpToBranch()
{
var m = new ProcedureBuilder();
var c = m.Temp(PrimitiveType.Bool, "c");
var pfn = m.Temp(PrimitiveType.Ptr32, "pfn");
m.Label("m1");
m.BranchIf(c, "m3");
m.Label("m2");
m.Goto("m3");
m.Label("m3");
m.SideEffect(m.Fn(pfn));
m.Return();
var sExp =
#region Expected
@"// ProcedureBuilder
// Return size: 0
void ProcedureBuilder()
ProcedureBuilder_entry:
pfn()
return
// succ: ProcedureBuilder_exit
m1:
m3:
ProcedureBuilder_exit:
";
#endregion
var cfgc = new ControlFlowGraphCleaner(m.Procedure);
cfgc.Transform();
var sw = new StringWriter();
m.Procedure.Write(false, sw);
Assert.AreEqual(sExp, sw.ToString());
}
public void DeadFnReturn()
{
ProcedureBuilder m = new ProcedureBuilder("foo");
Identifier unused = m.Local32("unused");
m.Assign(unused, m.Fn("foo", Constant.Word32(1)));
m.Return();
RunFileTest(m, "Analysis/DeadFnReturn.txt");
}
public void SsaOutParamters()
{
ProcedureBuilder m = new ProcedureBuilder("foo");
Identifier r4 = m.Register(4);
m.Store(m.Int32(0x400), m.Fn("foo", m.Out(PrimitiveType.Pointer32, r4)));
m.Return();
RunTest(m, "Analysis/SsaOutParameters.txt");
}
public void SsaOutParamters()
{
var m = new ProcedureBuilder("foo");
Identifier r4 = m.Register("r4");
m.MStore(m.Word32(0x400), m.Fn("foo", m.Out(PrimitiveType.Ptr32, r4)));
m.Return();
RunFileTest(m, "Analysis/SsaOutParameters.txt");
}
public void DeadFnReturn()
{
ProcedureBuilder m = new ProcedureBuilder("foo");
Identifier unused = m.Local32("unused");
m.Assign(m.Frame.EnsureRegister(m.Architecture.StackRegister), m.Frame.FramePointer);
m.Assign(unused, m.Fn("foo", Constant.Word32(1)));
m.Return();
RunFileTest(m, "Analysis/DeadFnReturn.txt");
}
public void TrfOutParameters()
{
var r2 = m.Register(2);
var stm = m.SideEffect(m.Fn("Hello", m.AddrOf(r2)));
trf = CreateTrashedRegisterFinder();
trf.EnsureEvaluationContext(CreateBlockFlow(m.Block, m.Frame));
stm.Instruction.Accept(trf);
Assert.AreEqual("<invalid>", trf.RegisterSymbolicValues[(RegisterStorage)r2.Storage].ToString());
}
public void CoaCallCallee()
{
var m = new ProcedureBuilder("foo");
var r2 = m.Register(2);
var r3 = m.Register(3);
m.Assign(r3, m.Fn(r2));
m.Assign(r3, m.IAdd(r3, 4));
m.Call(r3, 4);
m.Return();
RunFileTest(m, "Analysis/CoaCallCallee.txt");
}
public void CceShrRcrPattern()
{
var p = new ProgramBuilder(new FakeArchitecture());
p.Add("main", (m) =>
{
var C = m.Flags("C");
var r1 = MockReg(m, 1);
var r2 = MockReg(m, 2);
m.Assign(r1, m.Shr(r1, 1));
m.Assign(C, m.Cond(r1));
m.Assign(r2, m.Fn(
new PseudoProcedure(PseudoProcedure.RorC, r2.DataType, 2),
r2, Constant.Byte(1), C));
m.Assign(C, m.Cond(r2));
m.MStore(m.Word32(0x3000), r2);
m.MStore(m.Word32(0x3004), r1);
});
RunTest(p, "Analysis/CceShrRcrPattern.txt");
}
public void StrAnls_Issue_529()
{
var m = new ProcedureBuilder();
var fp = m.Frame.FramePointer;
var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister);
var puts = new ExternalProcedure("puts", new FunctionType());
m.Label("m4E2");
m.Goto("m4F7");
m.Label("m4E4");
m.SideEffect(m.Fn(puts, Constant.String("Hello", StringType.NullTerminated(PrimitiveType.Byte))));
m.Return();
m.Label("m4F7");
m.BranchIf(m.Eq0(m.Mem32(m.Word32(0x0808A0A4))), "m502");
m.Label("m500");
m.Goto("m50D");
m.Label("m502");
m.BranchIf(m.Eq0(m.Mem32(m.Word32(0x0808A0A8))), "m4E4");
m.Goto("m50D");
m.Label("m50D");
m.SideEffect(m.Fn(puts, Constant.String("Goodbye", StringType.NullTerminated(PrimitiveType.Byte))));
m.Goto("m4E4");
var sExp =
#region Expected
@" if (Mem0[0x0808A0A4:word32] != 0x00 || Mem0[0x0808A0A8:word32] != 0x00)
puts(""Goodbye"");
puts(""Hello"");
return;
";
#endregion
Given_CompoundConditionCoalescer(m.Procedure);
RunTest(sExp, m.Procedure);
}
public void Pdg_InfiniteLoop()
{
ProcedureBuilder m = new ProcedureBuilder();
m.Label("Infinity");
m.BranchIf(m.Eq(m.LoadW(m.Word16(0x1234)), 0), "hop");
m.SideEffect(m.Fn("foo"));
m.Label("hop");
m.BranchIf(m.Eq(m.LoadW(m.Word16(0x5123)), 1), "Infinity");
m.SideEffect(m.Fn("bar"));
m.Jump("Infinity");
m.Return();
FindPostDominators(m);
string sExp =
"hop (4): idom ProcedureBuilder_exit (6)" + nl +
"Infinity (2): idom hop (4)" + nl +
"l1 (3): idom hop (4)" + nl +
"l2 (5): idom ProcedureBuilder_exit (6)" + nl +
"ProcedureBuilder_entry (1): idom Infinity (2)" + nl +
"ProcedureBuilder_exit (6): idom " + nl;
Assert.AreEqual(sExp, sw.ToString());
}
private void __lwl(Identifier reg, Expression mem)
{
var r4 = m.Reg32("r4", 4);
var r8 = m.Reg32("r8", 8);
m.Assign(
reg,
m.Fn(
new IntrinsicProcedure(IntrinsicProcedure.LwL, true, PrimitiveType.Word32, 2),
reg, mem));
}
public void TrcoCallFunctionWithArraySize()
{
var m = new ProcedureBuilder();
var sig = new ProcedureSignature(null,
m.Frame.EnsureStackArgument(0, PrimitiveType.Word32));
var ex = new ExternalProcedure("malloc", sig, new ProcedureCharacteristics
{
Allocator = true,
ArraySize = new ArraySizeCharacteristic
{
Argument = "r",
Factors = new ArraySizeFactor[]
{
new ArraySizeFactor {
Constant = "1"
}
}
}
});
Identifier eax = m.Local32("eax");
var call = m.Assign(eax, m.Fn(new ProcedureConstant(PrimitiveType.Word32, ex), m.Word32(3)));
coll = CreateCollector();
call.Accept(eqb);
call.Accept(coll);
StringWriter sw = new StringWriter();
handler.Traits.Write(sw);
string sExp =
"T_1 (in malloc : word32)" + nl +
"\ttrait_func(T_4 -> T_5)" + nl +
"T_3 (in dwArg00 : word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"T_4 (in 0x00000003 : word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"\ttrait_equal(T_3)" + nl +
"T_5 (in malloc(0x00000003) : word32)" + nl +
"\ttrait_primitive(word32)";
Console.WriteLine(sw.ToString());
Assert.AreEqual(sExp, sw.ToString());
}
private Expression RorC(Expression expr, Expression count, Expression carry)
{
return(m.Fn(CommonOps.RorC, expr, count, carry));
}
public void ProcStr_UnstructuredExit_NILZ()
{
m.Label("loopheader");
m.BranchIf(m.Fn("foo"), "done");
m.SideEffect(m.Fn("bar"));
m.BranchIf(m.Fn("foo"), "unstructuredexit");
m.SideEffect(m.Fn("bar"));
m.Goto("loopheader");
m.Label("done");
m.SideEffect(m.Fn("bar"));
m.Label("unstructuredexit");
m.SideEffect(m.Fn("bar"));
m.Return();
var sExp =
@" while (!foo())
{
bar();
if (foo())
goto unstructuredexit;
bar();
}
bar();
unstructuredexit:
bar();
return;
";
RunTest(sExp, m.Procedure);
}
public void StrAnls_DoNoCleanProcedureCall()
{
m.Label("head");
m.BranchIf(m.Fn("someCheck"), "failed");
m.Goto("exit");
m.Label("failed");
m.Label("exit");
m.Return();
var sExp =
@" someCheck();
return;
";
RunTest(sExp, m.Procedure);
}
public void FindNoOutParams()
{
Assert.AreEqual(0, UsedIdentifierFinder.Find(null, m.Fn("foo", m.Out(PrimitiveType.Ptr32, m.Local32("tmp")))).Count);
}
public void StrAnls_ReturnInsideOfIf()
{
m.BranchIf(m.Fn("canceled"), "exit");
m.BranchIf(m.Fn("canStart"), "start");
m.SideEffect(m.Fn("wait"));
m.BranchIf(m.Not(m.Fn("canStart")), "exit");
m.Label("start");
m.SideEffect(m.Fn("start"));
m.Label("exit");
m.Return();
var sExp =
@" if (canceled())
return;
if (!canStart())
{
wait();
if (!canStart())
return;
}
start();
return;
";
RunTest(sExp, m.Procedure);
}