public void Test1() { var m = new ProcedureBuilder(); var id = m.Local32("id"); var x = m.Local32("x"); var stm = m.Assign(x, m.IAdd(m.SMul(id, 4), id)); }
private Procedure BuildSimpleLoop() { ProcedureBuilder m = new ProcedureBuilder(); Identifier p = m.Local32("p"); m.Assign(p, 0); m.Label("loop"); m.BranchIf(m.Eq(p, 0x4000), "done"); m.Store(m.IAdd(p, 0x3000), m.Int32(0)); m.Assign(p, m.IAdd(p, 4)); m.Jump("loop"); m.Label("done"); m.Return(); return m.Procedure; }
/// <summary> /// Builds a strongly connected component corresponding to: /// a1 = 0 /// a2 = phi(a1, a3) /// while (a2 != 10) /// { /// a3 = a2 + 4 /// } /// </summary> private List<SsaIdentifier> BuildScc() { var m = new ProcedureBuilder("test"); Identifier a = new Identifier("a", PrimitiveType.Word32, null); m.Label("b1"); m.Assign(a, Constant.Word32(0)); m.Label("b2"); m.Assign(a, m.IAdd(a, 4)); m.BranchIf(m.Ne(a, 10), "b2"); m.Label("b3"); m.Return(); this.dom = m.Procedure.CreateBlockDominatorGraph(); var ssa = new SsaTransform(new ProgramDataFlow(), m.Procedure, dom); /* proc = new Procedure("test", new Frame(PrimitiveType.Word32)); Block b1 = proc.AddBlock("b1"); Block b2 = proc.AddBlock("b2"); Identifier a2 = new Identifier("a2", PrimitiveType.Word32, null); Identifier a3 = new Identifier("a3", PrimitiveType.Word32, null); PhiFunction phi = new PhiFunction(a1.DataType, new Expression [] { a1, a3 }); Statement stm_a1 = new Statement(0, new Assignment(a1, Constant.Word32(0)), null); Statement stm_a2 = new Statement(0, new PhiAssignment(a2, new PhiFunction(a1.DataType, a1, a3 )), null); Statement stm_ex = new Statement(0, new Branch(new BinaryExpression(Operator.Ne, PrimitiveType.Bool, a2, Constant.Word32(10)), b2), null); Statement stm_a3 = new Statement(0, new Assignment(a3, new BinaryExpression(Operator.IAdd, a3.DataType, a2, Constant.Word32(4))), null); b1.Statements.Add(stm_a1); b2.Statements.Add(stm_a2); b2.Statements.Add(stm_a3); SsaIdentifier sid_a1 = new SsaIdentifier(a1, a1, stm_a1, ((Assignment)stm_a1.Instruction).Src, false); SsaIdentifier sid_a2 = new SsaIdentifier(a2, a2, stm_a2, ((PhiAssignment) stm_a2.Instruction).Src, false); SsaIdentifier sid_a3 = new SsaIdentifier(a3, a3, stm_a3, ((Assignment) stm_a3.Instruction).Src, false); sid_a1.Uses.Add(stm_a2); ssaIds = new SsaIdentifierCollection(); ssaIds.Add(a1, sid_a1); ssaIds.Add(a2, sid_a2); ssaIds.Add(a3, sid_a3); */ ssaIds = ssa.SsaState.Identifiers; List<SsaIdentifier> list = new List<SsaIdentifier> { ssaIds.Where(i => i.Identifier.Name == "a_0").Single(), ssaIds.Where(i => i.Identifier.Name == "a_1").Single(), ssaIds.Where(i => i.Identifier.Name == "a_2").Single(), }; return list; }
public void DtbSegmentedAccess() { ProcedureBuilder m = new ProcedureBuilder(); Identifier ds = m.Local16("ds"); Identifier bx = m.Local16("bx"); Expression e = m.SegMem(bx.DataType, ds, m.IAdd(bx, 4)); var arch = new Decompiler.Arch.X86.IntelArchitecture(Decompiler.Arch.X86.ProcessorMode.Real); Program prog = new Program { Architecture = arch, Platform = new DefaultPlatform(null, arch), }; TraitCollector trco = new TraitCollector(factory, store, dtb, prog); e = e.Accept(aen); e.Accept(eqb); e.Accept(trco); dtb.BuildEquivalenceClassDataTypes(); Verify("Typing/DtbSegmentedAccess.txt"); }
public void SsaPushAndPop() { // Mirrors the pattern of stack accesses used by x86 compilers. var m = new ProcedureBuilder("SsaPushAndPop"); var esp = EnsureRegister32(m, "esp"); var ebp = EnsureRegister32(m, "ebp"); var eax = EnsureRegister32(m, "eax"); m.Assign(esp, m.ISub(esp, 4)); m.Store(esp, ebp); m.Assign(ebp, esp); m.Assign(eax, m.LoadDw(m.IAdd(ebp, 8))); // dwArg04 m.Assign(ebp, m.LoadDw(esp)); m.Assign(esp, m.IAdd(esp,4)); m.Return(); RunUnitTest(m, "Analysis/SsaPushAndPop.txt"); }
public void CreateNoincInitialValue() { ProcedureBuilder m = new ProcedureBuilder(); ssaIds = new SsaIdentifierCollection(); SsaId(new Identifier("id0", PrimitiveType.Word32, new TemporaryStorage("id0", 0, PrimitiveType.Word32)), null, null, false); SsaId(new Identifier("id1", PrimitiveType.Word32, new TemporaryStorage("id1", 1, PrimitiveType.Word32)), null, null, false); LinearInductionVariableFinder liv = new LinearInductionVariableFinder(null, ssaIds, null); liv.Context.InitialValue = Constant.Word32(0); Identifier id2 = m.Local32("id_2"); SsaId(id2, new Statement(0, null, null), null, false); Assert.AreEqual(3, ssaIds.Count); Identifier id3 = m.Local32("id_3"); Identifier id4 = m.Local32("id_4"); liv.Context.PhiStatement = m.Phi(id3, id2, id4); liv.Context.PhiIdentifier = id3; SsaId(id3, liv.Context.PhiStatement, ((PhiAssignment)liv.Context.PhiStatement.Instruction).Src, false); Assert.AreEqual(4, ssaIds.Count); Statement use = new Statement(0, null, null); ssaIds[id3].Uses.Add(use); liv.Context.DeltaValue = m.Int32(1); m.Assign(id4, m.IAdd(id3, liv.Context.DeltaValue)); liv.Context.DeltaStatement = m.Block.Statements.Last; ssaIds[id3].Uses.Add(liv.Context.DeltaStatement); LinearInductionVariable iv = liv.CreateInductionVariable(); Assert.AreEqual("(0x00000000 0x00000001 ?)", iv.ToString()); }
public void TrcoSegmentedAccess() { ProcedureBuilder m = new ProcedureBuilder(); Identifier ds = m.Local16("ds"); Identifier bx = m.Local16("bx"); Identifier ax = m.Local16("ax"); Expression e = m.SegMem(PrimitiveType.Word16, ds, m.IAdd(bx, 4)); coll = CreateCollector(); e = e.Accept(en); e.Accept(eqb); e.Accept(coll); Verify(null, "Typing/TrcoSegmentedAccess.txt"); }
public void TrcoMemberPointer() { ProcedureBuilder m = new ProcedureBuilder(); Identifier ds = m.Local16("ds"); Identifier bx = m.Local16("bx"); Identifier ax = m.Local16("ax"); MemberPointerSelector mps = m.MembPtrW(ds, m.IAdd(bx, 4)); Expression e = m.Load(PrimitiveType.Byte, mps); coll = CreateCollector(); e = e.Accept(en); e.Accept(eqb); e.Accept(coll); Assert.IsNotNull(mps.BasePointer.TypeVariable, "Base pointer should have type variable"); Verify(null, "Typing/TrcoMemberPointer.txt"); }
public void TrcoGlobalArray() { Program prog = CreateProgram(); ProcedureBuilder m = new ProcedureBuilder(); Identifier i = m.Local32("i"); Expression ea = m.IAdd(prog.Globals, m.IAdd(m.Shl(i, 2), 0x3000)); Expression e = m.Load(PrimitiveType.Int32, ea); coll = CreateCollector(prog); e = e.Accept(en); e.Accept(eqb); e.Accept(coll); Verify(null, "Typing/TrcoGlobalArray.txt"); }
public void TrcoArrayExpression() { var b = new Identifier("base", PrimitiveType.Word32, null); var i = new Identifier("idx", PrimitiveType.Word32, null); var s = Constant.Word32(4); ProcedureBuilder m = new ProcedureBuilder(); // e ::= Mem[(b+0x1003000)+(i*s):word16] Expression e = m.Load( PrimitiveType.Word16, m.IAdd(m.IAdd(b, Constant.Word32(0x10030000)), m.SMul(i, s))); coll = CreateCollector(); e = e.Accept(en); e.Accept(eqb); e.Accept(coll); Verify(null, "Typing/TrcoArrayExpression.txt"); }
public void VpDbpDbp() { var m = new ProcedureBuilder(); var d1 = m.Reg32("d32"); var a1 = m.Reg32("a32"); var tmp = m.Frame.CreateTemporary(PrimitiveType.Word16); m.Assign(d1, m.Dpb(d1, m.LoadW(a1), 0, 16)); m.Assign(d1, m.Dpb(d1, m.LoadW(m.IAdd(a1, 4)), 0, 16)); Procedure proc = m.Procedure; var gr = proc.CreateBlockDominatorGraph(); SsaTransform sst = new SsaTransform(new ProgramDataFlow(), proc, gr); SsaState ssa = sst.SsaState; ssa.DebugDump(true); var vp = new ValuePropagator(ssa.Identifiers, proc); vp.Transform(); using (FileUnitTester fut = new FileUnitTester("Analysis/VpDpbDpb.txt")) { proc.Write(false, fut.TextWriter); fut.TextWriter.WriteLine(); fut.AssertFilesEqual(); } }