public void Test1()
{
var m = new ProcedureBuilder();
var id = m.Local32("id");
var x = m.Local32("x");
var stm = m.Assign(x, m.IAdd(m.SMul(id, 4), id));
}
public void CreateNoincInitialValue()
{
ProcedureBuilder m = new ProcedureBuilder();
ssa = new SsaState(m.Procedure);
SsaId(new Identifier("id0", PrimitiveType.Word32, new TemporaryStorage("id0", 0, PrimitiveType.Word32)), null, null, false);
SsaId(new Identifier("id1", PrimitiveType.Word32, new TemporaryStorage("id1", 1, PrimitiveType.Word32)), null, null, false);
LinearInductionVariableFinder liv = new LinearInductionVariableFinder(ssa, null);
liv.Context.InitialValue = Constant.Word32(0);
Identifier id2 = m.Local32("id_2");
SsaId(id2, new Statement(0, null, null), null, false);
Assert.AreEqual(3, ssa.Identifiers.Count);
Identifier id3 = m.Local32("id_3");
Identifier id4 = m.Local32("id_4");
liv.Context.PhiStatement = m.Phi(id3, (id2, "block2"), (id4, "block4"));
liv.Context.PhiIdentifier = id3;
SsaId(id3, liv.Context.PhiStatement, ((PhiAssignment)liv.Context.PhiStatement.Instruction).Src, false);
Assert.AreEqual(4, ssa.Identifiers.Count);
Statement use = new Statement(0, null, null);
ssa.Identifiers[id3].Uses.Add(use);
liv.Context.DeltaValue = m.Word32(1);
m.Assign(id4, m.IAdd(id3, liv.Context.DeltaValue));
liv.Context.DeltaStatement = m.Block.Statements[^ 1];
public void DeclarationWithExpression()
{
emitter.EmitStatement(m.Declare(m.Local32("dwLoc14"), m.Word32(1)));
Assert.AreEqual(1, stms.Count);
AbsynDeclaration decl = (AbsynDeclaration)stms[0];
Assert.IsNotNull(decl.Expression);
}
public void Setup()
{
m = new ProcedureBuilder();
i = m.Local32("i");
c = m.Int32(16);
off = m.Int32(42);
r = m.Local32("r");
aem = new ArrayExpressionMatcher(PrimitiveType.Pointer32);
}
public void EnSimpleArray()
{
Identifier globals = m.Local32("globals");
Identifier i = m.Local32("idx");
Expression ea = m.IAdd(globals, m.IAdd(m.Shl(i, 4), 0x30000));
Expression e = m.Load(PrimitiveType.Int32, ea);
e = e.Accept(aen);
Assert.AreEqual("(globals + 0x00030000)[idx * 0x00000010]", e.ToString());
}
public void SetUp()
{
m = new ProcedureBuilder();
id = m.Local32("id");
x = m.Local32("x");
ssaIds = new SsaIdentifierCollection();
foreach (Identifier i in m.Procedure.Frame.Identifiers)
{
ssaIds.Add(i, null, null, false);
}
}
public void Pdg_PostDominateIfElse()
{
ProcedureBuilder m = new ProcedureBuilder();
m.BranchIf(m.Local32("a"), "then");
m.Assign(m.Local32("b"), m.Int32(0));
m.Jump("join");
m.Label("then");
m.Assign(m.Local32("c"), m.Int32(0));
m.Label("join");
m.Return();
FindPostDominators(m);
}
public void Ufuser_Store_Bigendian()
{
var r4 = m.Reg32("r4", 4);
var r8 = m.Reg32("r8", 8);
var loc40 = m.Local32("loc40", -0x40);
var loc3D = m.Local32("loc3D", -0x3D);
__swl(loc40, r8);
__swr(loc3D, r8);
arch.Setup(a => a.Endianness).Returns(EndianServices.Big);
var ssa = RunTest(m);
var sExp =
#region Expected
@"loc40:Local -0040
def: def loc40
r8:r8
def: def r8
uses: loc40_3 = r8
loc40_3: orig: loc40
def: loc40_3 = __swl(loc40, r8)
uses: bLoc3D_5 = SLICE(loc40_3, byte, 24) (alias)
nLoc3C:Local -003C
def: def nLoc3C
uses: loc3D_6 = SEQ(nLoc3C, bLoc3D_5) (alias)
bLoc3D_5: orig: bLoc3D
def: bLoc3D_5 = SLICE(loc40_3, byte, 24) (alias)
uses: loc3D_6 = SEQ(nLoc3C, bLoc3D_5) (alias)
loc3D_6: orig: loc3D
def: loc3D_6 = SEQ(nLoc3C, bLoc3D_5) (alias)
loc3D_7: orig: loc3D
def: loc40_3 = r8
// ProcedureBuilder
// Return size: 0
define ProcedureBuilder
ProcedureBuilder_entry:
def loc40
def r8
def nLoc3C
// succ: l1
l1:
bLoc3D_5 = SLICE(loc40_3, byte, 24) (alias)
loc3D_6 = SEQ(nLoc3C, bLoc3D_5) (alias)
loc40_3 = r8
ProcedureBuilder_exit:
";
#endregion
AssertStringsEqual(sExp, ssa);
}
public void TrfTwoProcedures()
{
p.Add("main", m =>
{
var eax = m.Frame.EnsureRegister(Registers.eax);
var tmp = m.Local32("tmp");
m.Assign(tmp, eax);
m.Call("TrashEaxEbx", 4);
m.Assign(eax, tmp); // eax is preserved!
m.Return();
});
p.Add("TrashEaxEbx", m =>
{
var eax = m.Frame.EnsureRegister(Registers.eax);
var ebx = m.Frame.EnsureRegister(Registers.ebx);
m.Assign(ebx, m.Word32(0x1231313));
m.Assign(eax, m.Mem32(ebx));
m.Return();
});
RunTest(p,
@"main bh bl bx ebx rbx
const ebx:0x01231313
main_entry esp:fp
l1 esp:fp
main_exit eax:eax ebx:0x01231313 esp:fp
TrashEaxEbx ah al ax bh bl bx eax ebx rax rbx
const eax:<invalid> ebx:0x01231313
TrashEaxEbx_entry esp:fp
l1 esp:fp
TrashEaxEbx_exit eax:<invalid> ebx:0x01231313 esp:fp");
}
public void TycoCallFunctionWithArraySize()
{
var m = new ProcedureBuilder();
var sig = FunctionType.Func(
new Identifier("", new Pointer(VoidType.Instance, 32), null),
m.Frame.EnsureStackArgument(0, PrimitiveType.Word32));
var ex = new ExternalProcedure("malloc", sig, new ProcedureCharacteristics
{
Allocator = true,
ArraySize = new ArraySizeCharacteristic
{
Argument = "r",
Factors = new ArraySizeFactor[]
{
new ArraySizeFactor {
Constant = "1"
}
}
}
});
RunTest(n =>
{
Identifier eax = m.Local32("eax");
var call = n.Assign(eax, n.Fn(new ProcedureConstant(PrimitiveType.Word32, ex), n.Word32(3)));
}, "Typing/TycoCallFunctionWithArraySize.txt");
}
public void TrcoDbp()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier a = m.Local32("a");
Identifier b = m.LocalByte("b");
var s = m.Assign(a, m.Dpb(a, b, 0));
coll = CreateCollector();
s.Accept(eqb);
s.Accept(coll);
StringWriter sb = new StringWriter();
handler.Traits.Write(sb);
string exp =
"T_1 (in a : word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"\ttrait_equal(T_3)" + nl +
"T_2 (in b : byte)" + nl +
"\ttrait_primitive(byte)" + nl +
"T_3 (in DPB(a, b, 0) : word32)" + nl +
"\ttrait_primitive(word32)" + nl;
Assert.AreEqual(exp, sb.ToString());
}
public void AtrcoTestIdPlusConst()
{
var r = m.Local32("r");
var mem = m.Load(PrimitiveType.Word32, m.IAdd(r, 4));
mem.Accept(eqb);
atrco.Collect(null, 0, mem, mem.EffectiveAddress);
Verify(null, "Typing/AtrcoTestIdPlusConst.txt");
}
public void DeadFnReturn()
{
ProcedureBuilder m = new ProcedureBuilder("foo");
Identifier unused = m.Local32("unused");
m.Assign(unused, m.Fn("foo", Constant.Word32(1)));
m.Return();
RunFileTest(m, "Analysis/DeadFnReturn.txt");
}
public void DeadFnReturn()
{
ProcedureBuilder m = new ProcedureBuilder("foo");
Identifier unused = m.Local32("unused");
m.Assign(m.Frame.EnsureRegister(m.Architecture.StackRegister), m.Frame.FramePointer);
m.Assign(unused, m.Fn("foo", Constant.Word32(1)));
m.Return();
RunFileTest(m, "Analysis/DeadFnReturn.txt");
}
public void TrfCopyBack()
{
var tmp = m.Local32("tmp");
var esp = m.Frame.EnsureRegister(Registers.esp);
var r2 = m.Register(2);
var stm1 = m.Store(m.ISub(esp, 0x10), r2);
var stm2 = m.Assign(r2, m.Int32(0));
var stm3 = m.Assign(r2, m.LoadDw(m.ISub(esp, 0x10)));
trf = CreateTrashedRegisterFinder();
var flow = CreateBlockFlow(m.Block, m.Frame);
flow.SymbolicIn.SetValue(esp, m.Frame.FramePointer);
trf.StartProcessingBlock(m.Block);
stm1.Instruction.Accept(trf);
stm2.Accept(trf);
stm3.Accept(trf);
Assert.AreEqual(r2, trf.RegisterSymbolicValues[(RegisterStorage)r2.Storage]);
}
public void TrcoMultiplication()
{
var program = CreateProgram();
var m = new ProcedureBuilder();
var id = m.Local32("id");
var e = m.IMul(id, id);
coll = CreateCollector(program);
e = e.Accept(en);
e.Accept(eqb);
e.Accept(coll);
Verify(null, "Typing/TrcoMultiplication.txt");
}
//[Ignore("FIXME")]
public void TrcoGlobalArray()
{
Program program = CreateProgram();
ProcedureBuilder m = new ProcedureBuilder();
Identifier i = m.Local32("i");
Expression ea = m.IAdd(program.Globals, m.IAdd(m.Shl(i, 2), 0x3000));
Expression e = m.Mem(PrimitiveType.Int32, ea);
coll = CreateCollector(program);
e = e.Accept(en);
e.Accept(eqb);
e.Accept(coll);
Verify(null, "Typing/TrcoGlobalArray.txt");
}
public void CreateNoincInitialValue()
{
ProcedureBuilder m = new ProcedureBuilder();
ssaIds = new SsaIdentifierCollection();
SsaId(new Identifier("id0", PrimitiveType.Word32, new TemporaryStorage("id0", 0, PrimitiveType.Word32)), null, null, false);
SsaId(new Identifier("id1", PrimitiveType.Word32, new TemporaryStorage("id1", 1, PrimitiveType.Word32)), null, null, false);
LinearInductionVariableFinder liv = new LinearInductionVariableFinder(null, ssaIds, null);
liv.Context.InitialValue = Constant.Word32(0);
Identifier id2 = m.Local32("id_2");
SsaId(id2, new Statement(0, null, null), null, false);
Assert.AreEqual(3, ssaIds.Count);
Identifier id3 = m.Local32("id_3");
Identifier id4 = m.Local32("id_4");
liv.Context.PhiStatement = m.Phi(id3, id2, id4);
liv.Context.PhiIdentifier = id3;
SsaId(id3, liv.Context.PhiStatement, ((PhiAssignment)liv.Context.PhiStatement.Instruction).Src, false);
Assert.AreEqual(4, ssaIds.Count);
Statement use = new Statement(0, null, null);
ssaIds[id3].Uses.Add(use);
liv.Context.DeltaValue = m.Int32(1);
m.Assign(id4, m.IAdd(id3, liv.Context.DeltaValue));
liv.Context.DeltaStatement = m.Block.Statements.Last;
ssaIds[id3].Uses.Add(liv.Context.DeltaStatement);
LinearInductionVariable iv = liv.CreateInductionVariable();
Assert.AreEqual("(0x00000000 0x00000001 ?)", iv.ToString());
}
private Procedure BuildSimpleLoop()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier p = m.Local32("p");
m.Assign(p, 0);
m.Label("loop");
m.BranchIf(m.Eq(p, 0x4000), "done");
m.Store(m.IAdd(p, 0x3000), m.Int32(0));
m.Assign(p, m.IAdd(p, 4));
m.Jump("loop");
m.Label("done");
m.Return();
return(m.Procedure);
}
public void TrcoCallFunctionWithArraySize()
{
var m = new ProcedureBuilder();
var sig = new ProcedureSignature(null,
m.Frame.EnsureStackArgument(0, PrimitiveType.Word32));
var ex = new ExternalProcedure("malloc", sig, new ProcedureCharacteristics
{
Allocator = true,
ArraySize = new ArraySizeCharacteristic
{
Argument = "r",
Factors = new ArraySizeFactor[]
{
new ArraySizeFactor {
Constant = "1"
}
}
}
});
Identifier eax = m.Local32("eax");
var call = m.Assign(eax, m.Fn(new ProcedureConstant(PrimitiveType.Word32, ex), m.Word32(3)));
coll = CreateCollector();
call.Accept(eqb);
call.Accept(coll);
StringWriter sw = new StringWriter();
handler.Traits.Write(sw);
string sExp =
"T_1 (in malloc : word32)" + nl +
"\ttrait_func(T_4 -> T_5)" + nl +
"T_3 (in dwArg00 : word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"T_4 (in 0x00000003 : word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"\ttrait_equal(T_3)" + nl +
"T_5 (in malloc(0x00000003) : word32)" + nl +
"\ttrait_primitive(word32)";
Console.WriteLine(sw.ToString());
Assert.AreEqual(sExp, sw.ToString());
}
public void DtbSignedCompare()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier p = m.Local32("p");
Identifier ds = m.Local16("ds");
ds.DataType = PrimitiveType.SegmentSelector;
Identifier ds2 = m.Local16("ds2");
ds.DataType = PrimitiveType.SegmentSelector;
m.Assign(ds2, ds);
m.Store(
m.SegMem(PrimitiveType.Bool, ds, m.Word16(0x5400)),
m.Lt(m.SegMemW(ds, m.Word16(0x5404)), m.Word16(20)));
m.Store(m.SegMemW(ds2, m.Word16(0x5404)), m.Word16(0));
ProgramBuilder prog = new ProgramBuilder();
prog.Add(m);
RunTest(prog.BuildProgram(), "Typing/DtbSignedCompare.txt");
}
public void TrcoIcall()
{
ProcedureBuilder m = new ProcedureBuilder();
Identifier pfn = m.Local32("pfn");
Expression l = m.Mem(PrimitiveType.Word32, pfn);
CallInstruction icall = new CallInstruction(l, new CallSite(0, 0));
coll = CreateCollector();
icall.Accept(eqb);
icall.Accept(coll);
StringWriter sw = new StringWriter();
handler.Traits.Write(sw);
string exp =
"T_1 (in pfn : word32)" + nl +
"\ttrait_primitive(word32)" + nl +
"\ttrait_mem(T_2, 0)" + nl +
"T_2 (in Mem0[pfn:word32] : word32)" + nl +
"\ttrait_primitive((ptr32 code))" + nl +
"\ttrait_primitive(word32)" + nl;
Assert.AreEqual(exp, sw.ToString());
}
public void FindIdsInBinOp()
{
Assert.AreEqual(2, UsedIdentifierFinder.Find(null, m.IAdd(
m.Local32("loc2"),
m.Local32("loc1"))).Count);
}