private void Build(Program prog)
{
DataFlowAnalysis dfa = new DataFlowAnalysis(prog, new FakeDecompilerEventListener());
dfa.UntangleProcedures();
foreach (Procedure proc in prog.Procedures.Values)
{
Aliases alias = new Aliases(proc, prog.Architecture);
alias.Transform();
var gr = proc.CreateBlockDominatorGraph();
SsaTransform sst = new SsaTransform(dfa.ProgramDataFlow, proc, gr);
SsaState ssa = sst.SsaState;
ConditionCodeEliminator cce = new ConditionCodeEliminator(ssa.Identifiers, prog.Platform);
cce.Transform();
DeadCode.Eliminate(proc, ssa);
var vp = new ValuePropagator(ssa.Identifiers, proc);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
Coalescer coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
LiveCopyInserter lci = new LiveCopyInserter(proc, ssa.Identifiers);
lci.Transform();
WebBuilder web = new WebBuilder(proc, ssa.Identifiers, new Dictionary<Identifier,LinearInductionVariable>());
web.Transform();
ssa.ConvertBack(false);
}
}
private void Build(Procedure proc, IProcessorArchitecture arch)
{
var platform = new DefaultPlatform(null, arch);
this.proc = proc;
Aliases alias = new Aliases(proc, arch);
alias.Transform();
SsaTransform sst = new SsaTransform(new ProgramDataFlow(), proc, proc.CreateBlockDominatorGraph());
ssa = sst.SsaState;
ConditionCodeEliminator cce = new ConditionCodeEliminator(ssa.Identifiers, platform);
cce.Transform();
ValuePropagator vp = new ValuePropagator(arch, ssa.Identifiers, proc);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
Coalescer coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
sla = new SsaLivenessAnalysis(proc, ssa.Identifiers);
sla2 = new SsaLivenessAnalysis2(proc, ssa.Identifiers);
sla2.Analyze();
}
protected override void RunTest(Program prog, TextWriter writer)
{
DataFlowAnalysis dfa = new DataFlowAnalysis(prog, new FakeDecompilerEventListener());
dfa.UntangleProcedures();
foreach (Procedure proc in prog.Procedures.Values)
{
Aliases alias = new Aliases(proc, prog.Architecture);
alias.Transform();
SsaTransform sst = new SsaTransform(dfa.ProgramDataFlow, proc, proc.CreateBlockDominatorGraph());
SsaState ssa = sst.SsaState;
ConditionCodeEliminator cce = new ConditionCodeEliminator(ssa.Identifiers, prog.Platform);
cce.Transform();
DeadCode.Eliminate(proc, ssa);
ssa.Write(writer);
proc.Write(false, writer);
}
}
/// <summary>
/// Processes procedures individually, building complex expression trees out
/// of the simple, close-to-the-machine code generated by the disassembly.
/// </summary>
/// <param name="rl"></param>
public void BuildExpressionTrees()
{
int i = 0;
foreach (Procedure proc in program.Procedures.Values)
{
eventListener.ShowProgress("Building complex expressions.", i, program.Procedures.Values.Count);
++i;
try
{
var larw = new LongAddRewriter(proc, program.Architecture);
larw.Transform();
Aliases alias = new Aliases(proc, program.Architecture, flow);
alias.Transform();
var doms = new DominatorGraph<Block>(proc.ControlGraph, proc.EntryBlock);
var sst = new SsaTransform(flow, proc, doms);
var ssa = sst.SsaState;
var cce = new ConditionCodeEliminator(ssa.Identifiers, program.Platform);
cce.Transform();
DeadCode.Eliminate(proc, ssa);
var vp = new ValuePropagator(program.Architecture, ssa.Identifiers, proc);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
// Build expressions. A definition with a single use can be subsumed
// into the using expression.
var coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
var liv = new LinearInductionVariableFinder(
proc,
ssa.Identifiers,
new BlockDominatorGraph(proc.ControlGraph, proc.EntryBlock));
liv.Find();
foreach (KeyValuePair<LinearInductionVariable, LinearInductionVariableContext> de in liv.Contexts)
{
var str = new StrengthReduction(ssa, de.Key, de.Value);
str.ClassifyUses();
str.ModifyUses();
}
var opt = new OutParameterTransformer(proc, ssa.Identifiers);
opt.Transform();
DeadCode.Eliminate(proc, ssa);
// Definitions with multiple uses and variables joined by PHI functions become webs.
var web = new WebBuilder(proc, ssa.Identifiers, program.InductionVariables);
web.Transform();
ssa.ConvertBack(false);
}
catch (Exception ex)
{
eventListener.Error(new NullCodeLocation(proc.Name), ex, "An error occurred during data flow analysis.");
}
}
}
private void UntangleProcedureScc(IList<Procedure> procs)
{
if (procs.Count == 1)
{
var proc = procs[0];
Aliases alias = new Aliases(proc, program.Architecture, flow);
alias.Transform();
// Transform the procedure to SSA state. When encountering 'call' instructions,
// they can be to functions already visited. If so, they have a "ProcedureFlow"
// associated with them. If they have not been visited, or are computed destinations
// (e.g. vtables) they will have no "ProcedureFlow" associated with them yet, in
// which case the the SSA treats the call as a "hell node".
var doms = proc.CreateBlockDominatorGraph();
var sst = new SsaTransform(flow, proc, doms);
var ssa = sst.SsaState;
// Propagate condition codes and registers. At the end, the hope is that
// all statements like (x86) mem[esp_42+4] will have been converted to
// mem[fp - 30]. We also hope that procedure constants kept in registers
// are propagated to the corresponding call sites.
var cce = new ConditionCodeEliminator(ssa.Identifiers, program.Platform);
cce.Transform();
var vp = new ValuePropagator(program.Architecture, ssa.Identifiers, proc);
vp.Transform();
// Now compute SSA for the stack-based variables as well. That is:
// mem[fp - 30] becomes wLoc30, while
// mem[fp + 30] becomes wArg30.
// This allows us to compute the dataflow of this procedure.
sst.RenameFrameAccesses = true;
sst.AddUseInstructions = true;
sst.Transform();
// Propagate those newly discovered identifiers.
vp.Transform();
// At this point, the computation of _actual_ ProcedureFlow should be possible.
var tid = new TrashedRegisterFinder2(program.Architecture, flow, proc, ssa.Identifiers, this.eventListener);
tid.Compute();
DeadCode.Eliminate(proc, ssa);
// Build expressions. A definition with a single use can be subsumed
// into the using expression.
var coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
var liv = new LinearInductionVariableFinder(
proc,
ssa.Identifiers,
new BlockDominatorGraph(proc.ControlGraph, proc.EntryBlock));
liv.Find();
foreach (var de in liv.Contexts)
{
var str = new StrengthReduction(ssa, de.Key, de.Value);
str.ClassifyUses();
str.ModifyUses();
}
//var opt = new OutParameterTransformer(proc, ssa.Identifiers);
//opt.Transform();
DeadCode.Eliminate(proc, ssa);
// Definitions with multiple uses and variables joined by PHI functions become webs.
var web = new WebBuilder(proc, ssa.Identifiers, program.InductionVariables);
web.Transform();
ssa.ConvertBack(false);
}
else
{
throw new NotImplementedException();
}
}
protected override void RunTest(Program prog, TextWriter writer)
{
var dfa = new DataFlowAnalysis(prog, importResolver, new FakeDecompilerEventListener());
dfa.UntangleProcedures();
foreach (Procedure proc in prog.Procedures.Values)
{
writer.WriteLine("= {0} ========================", proc.Name);
var gr = proc.CreateBlockDominatorGraph();
Aliases alias = new Aliases(proc, prog.Architecture);
alias.Transform();
SsaTransform sst = new SsaTransform(dfa.ProgramDataFlow, proc, importResolver, gr,
new HashSet<RegisterStorage>());
SsaState ssa = sst.SsaState;
var cce = new ConditionCodeEliminator(ssa, prog.Platform);
cce.Transform();
ssa.Write(writer);
proc.Write(false, writer);
writer.WriteLine();
ValuePropagator vp = new ValuePropagator(prog.Architecture, ssa);
vp.Transform();
ssa.Write(writer);
proc.Write(false, writer);
}
}
protected override void RunTest(Program program, TextWriter writer)
{
var importResolver = MockRepository.GenerateStub<IImportResolver>();
DataFlowAnalysis dfa = new DataFlowAnalysis(program, importResolver, new FakeDecompilerEventListener());
dfa.UntangleProcedures();
foreach (Procedure proc in program.Procedures.Values)
{
var larw = new LongAddRewriter(proc, program.Architecture);
larw.Transform();
Aliases alias = new Aliases(proc, program.Architecture, dfa.ProgramDataFlow);
alias.Transform();
var sst = new SsaTransform(dfa.ProgramDataFlow, proc, importResolver, proc.CreateBlockDominatorGraph(), new HashSet<RegisterStorage>());
SsaState ssa = sst.SsaState;
var cce = new ConditionCodeEliminator(ssa, program.Platform);
cce.Transform();
var vp = new ValuePropagator(program.Architecture, ssa);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
ssa.Write(writer);
proc.Write(false, writer);
writer.WriteLine();
}
}
/// <summary>
/// Converts all registers and stack accesses to SSA variables.
/// </summary>
/// <param name="proc"></param>
/// <returns>The SsaTransform for the procedure.</returns>
public SsaTransform ConvertToSsa(Procedure proc)
{
if (!program.NeedsSsaTransform)
{
// Some formats, like LLVM, already have phi functions.
var sst = new SsaTransform(program, proc, sccProcs !, dynamicLinker, this.ProgramDataFlow);
return(sst);
}
try
{
// Transform the procedure to SSA state. When encountering 'call'
// instructions, they can be to functions already visited. If so,
// they have a "ProcedureFlow" associated with them. If they have
// not been visited, or are computed destinations (e.g. vtables)
// they will have no "ProcedureFlow" associated with them yet, in
// which case the the SSA treats the call as a "hell node".
var sst = new SsaTransform(program, proc, sccProcs !, dynamicLinker, this.ProgramDataFlow);
var ssa = sst.Transform();
DumpWatchedProcedure("ssa", "After SSA", ssa);
// Merge unaligned memory accesses.
var fuser = new UnalignedMemoryAccessFuser(ssa);
fuser.Transform();
// Fuse additions and subtractions that are linked by the carry flag.
var larw = new LongAddRewriter(ssa, eventListener);
larw.Transform();
DumpWatchedProcedure("larw", "After long add rewriter", ssa);
// After value propagation expressions like (x86)
// mem[esp_42+4] will have been converted to mem[fp - 30].
// We also hope that procedure constants
// kept in registers are propagated to the corresponding call
// sites.
var vp = new ValuePropagator(program.SegmentMap, ssa, program.CallGraph, dynamicLinker, eventListener);
vp.Transform();
DumpWatchedProcedure("vp", "After first VP", ssa);
// Value propagation may uncover more opportunities.
larw = new LongAddRewriter(ssa, eventListener);
larw.Transform();
DumpWatchedProcedure("larw2", "After second long add rewriter", ssa);
// Eliminate condition codes by discovering uses of ccodes
// and replacing them with higher-level constructs.
var cce = new ConditionCodeEliminator(program, ssa, eventListener);
cce.Transform();
vp.Transform();
DumpWatchedProcedure("cce", "After CCE", ssa);
// Now compute SSA for the stack-based variables as well. That is:
// mem[fp - 30] becomes wLoc30, while
// mem[fp + 30] becomes wArg30.
// This allows us to compute the dataflow of this procedure.
sst.RenameFrameAccesses = true;
sst.Transform();
DumpWatchedProcedure("ssaframe", "After SSA frame accesses", ssa);
var icrw = new IndirectCallRewriter(program, ssa, eventListener);
while (!eventListener.IsCanceled() && icrw.Rewrite())
{
vp.Transform();
sst.RenameFrameAccesses = true;
sst.Transform();
}
var fpuGuesser = new FpuStackReturnGuesser(ssa, eventListener);
fpuGuesser.Transform();
DumpWatchedProcedure("fpug", "After FPU stack guesser", ssa);
// By placing use statements in the exit block, we will collect
// reaching definitions in the use statements.
sst.AddUsesToExitBlock();
sst.RemoveDeadSsaIdentifiers();
// Backpropagate stack pointer from procedure return.
var spBackpropagator = new StackPointerBackpropagator(ssa, eventListener);
spBackpropagator.BackpropagateStackPointer();
DumpWatchedProcedure("spbp", "After SP BP", ssa);
// Propagate those newly created stack-based identifiers.
vp.Transform();
DumpWatchedProcedure("vp2", "After VP2", ssa);
return(sst);
}
catch (Exception ex)
{
var nl = Environment.NewLine;
var banner = $"// {proc.Name} ==========={nl}{ex.Message}{nl}{ex.StackTrace}{nl}{nl}";
services.GetService <ITestGenerationService>()?
.ReportProcedure($"analysis_{99:00}_crash.txt", banner, proc);
throw;
}
}
public void CceSetnz()
{
Identifier r = Reg32("r");
Identifier Z = FlagGroup("Z");
Identifier f = Reg32("f");
Statement stmZ = new Statement(0, new Assignment(Z, new ConditionOf(new BinaryExpression(Operator.ISub, PrimitiveType.Word32, r, Constant.Word32(0)))), null);
ssaIds[Z].DefStatement = stmZ;
Statement stmF = new Statement(0, new Assignment(f, new TestCondition(ConditionCode.NE, Z)), null);
ssaIds[f].DefStatement = stmF;
ssaIds[Z].Uses.Add(stmF);
ConditionCodeEliminator cce = new ConditionCodeEliminator(ssaIds, new DefaultPlatform(null, new FakeArchitecture()));
cce.Transform();
Assert.AreEqual("f = r != 0x00000000", stmF.Instruction.ToString());
}
public void CceEqId()
{
Identifier r = Reg32("r");
Identifier z = FlagGroup("z"); // is a condition code.
Identifier y = FlagGroup("y"); // is a condition code.
ProcedureBuilder m = new ProcedureBuilder();
m.Assign(z, new ConditionOf(r));
ssaIds[z].DefStatement = m.Block.Statements.Last;
m.Assign(y, z);
ssaIds[y].DefStatement = m.Block.Statements.Last;
ssaIds[z].Uses.Add(m.Block.Statements.Last);
var stmBr = m.BranchIf(m.Test(ConditionCode.EQ, y), "foo");
ssaIds[y].Uses.Add(stmBr);
var arch = new FakeArchitecture();
var cce = new ConditionCodeEliminator(ssaIds, new DefaultPlatform(null, arch));
cce.Transform();
Assert.AreEqual("branch r == 0x00000000 foo", stmBr.Instruction.ToString());
}
/// <summary>
/// Processes procedures individually, building complex expression trees out
/// of the simple, close-to-the-machine code generated by the disassembly.
/// </summary>
/// <param name="rl"></param>
public void BuildExpressionTrees()
{
int i = 0;
foreach (Procedure proc in program.Procedures.Values)
{
if (eventListener.IsCanceled())
{
break;
}
eventListener.ShowProgress("Building complex expressions.", i, program.Procedures.Values.Count);
++i;
try
{
var sst = BuildSsaTransform(proc);
var ssa = sst.SsaState;
var fuser = new UnalignedMemoryAccessFuser(ssa);
fuser.Transform();
var vp = new ValuePropagator(program.SegmentMap, ssa, importResolver, eventListener);
sst.RenameFrameAccesses = true;
var icrw = new IndirectCallRewriter(program, ssa, eventListener);
while (!eventListener.IsCanceled() && icrw.Rewrite())
{
vp.Transform();
sst.Transform();
}
var cce = new ConditionCodeEliminator(ssa, program.Platform);
cce.Transform();
//var cd = new ConstDivisionImplementedByMultiplication(ssa);
//cd.Transform();
DeadCode.Eliminate(proc, ssa);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
// Build expressions. A definition with a single use can be subsumed
// into the using expression.
var coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
vp.Transform();
var liv = new LinearInductionVariableFinder(
proc,
ssa.Identifiers,
new BlockDominatorGraph(proc.ControlGraph, proc.EntryBlock));
liv.Find();
foreach (KeyValuePair <LinearInductionVariable, LinearInductionVariableContext> de in liv.Contexts)
{
var str = new StrengthReduction(ssa, de.Key, de.Value);
str.ClassifyUses();
str.ModifyUses();
}
var opt = new OutParameterTransformer(proc, ssa.Identifiers);
opt.Transform();
DeadCode.Eliminate(proc, ssa);
// Definitions with multiple uses and variables joined by PHI functions become webs.
var web = new WebBuilder(proc, ssa.Identifiers, program.InductionVariables);
web.Transform();
ssa.ConvertBack(false);
}
catch (StatementCorrelatedException stex)
{
eventListener.Error(
eventListener.CreateStatementNavigator(program, stex.Statement),
stex,
"An error occurred during data flow analysis.");
}
catch (Exception ex)
{
eventListener.Error(
new NullCodeLocation(proc.Name),
ex,
"An error occurred during data flow analysis.");
}
}
}
private void Prepare(Procedure proc)
{
this.proc = proc;
doms = proc.CreateBlockDominatorGraph();
SsaTransform sst = new SsaTransform(new ProgramDataFlow(), proc, doms);
SsaState ssa = sst.SsaState;
ssaIds = ssa.Identifiers;
var arch = new FakeArchitecture();
var cce = new ConditionCodeEliminator(ssaIds, new DefaultPlatform(null, arch));
cce.Transform();
DeadCode.Eliminate(proc, ssa);
var vp = new ValuePropagator(arch, ssa.Identifiers, proc);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
}
private void Build(Procedure proc, IProcessorArchitecture arch)
{
var platform = new DefaultPlatform(null, arch);
this.proc = proc;
var importResolver = MockRepository.GenerateStub<IImportResolver>();
importResolver.Replay();
Aliases alias = new Aliases(proc, arch);
alias.Transform();
var gr = proc.CreateBlockDominatorGraph();
SsaTransform sst = new SsaTransform(
new ProgramDataFlow(),
proc,
null,
gr,
new HashSet<RegisterStorage>());
SsaState ssa = sst.SsaState;
this.ssaIds = ssa.Identifiers;
ConditionCodeEliminator cce = new ConditionCodeEliminator(ssa, platform);
cce.Transform();
DeadCode.Eliminate(proc, ssa);
ValuePropagator vp = new ValuePropagator(arch, ssa);
vp.Transform();
Coalescer coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
}
private void UntangleProcedureScc(IList <Procedure> procs)
{
if (procs.Count == 1)
{
var proc = procs[0];
Aliases alias = new Aliases(proc, program.Architecture, flow);
alias.Transform();
// Transform the procedure to SSA state. When encountering 'call' instructions,
// they can be to functions already visited. If so, they have a "ProcedureFlow"
// associated with them. If they have not been visited, or are computed destinations
// (e.g. vtables) they will have no "ProcedureFlow" associated with them yet, in
// which case the the SSA treats the call as a "hell node".
var doms = proc.CreateBlockDominatorGraph();
var sst = new SsaTransform(flow, proc, importResolver, doms);
var ssa = sst.SsaState;
// Propagate condition codes and registers. At the end, the hope is that
// all statements like (x86) mem[esp_42+4] will have been converted to
// mem[fp - 30]. We also hope that procedure constants kept in registers
// are propagated to the corresponding call sites.
var cce = new ConditionCodeEliminator(ssa.Identifiers, program.Platform);
cce.Transform();
var vp = new ValuePropagator(program.Architecture, ssa.Identifiers, proc);
vp.Transform();
// Now compute SSA for the stack-based variables as well. That is:
// mem[fp - 30] becomes wLoc30, while
// mem[fp + 30] becomes wArg30.
// This allows us to compute the dataflow of this procedure.
sst.RenameFrameAccesses = true;
sst.AddUseInstructions = true;
sst.Transform();
// Propagate those newly discovered identifiers.
vp.Transform();
// At this point, the computation of _actual_ ProcedureFlow should be possible.
var tid = new TrashedRegisterFinder2(program.Architecture, flow, proc, ssa.Identifiers, this.eventListener);
tid.Compute();
DeadCode.Eliminate(proc, ssa);
// Build expressions. A definition with a single use can be subsumed
// into the using expression.
var coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
var liv = new LinearInductionVariableFinder(
proc,
ssa.Identifiers,
new BlockDominatorGraph(proc.ControlGraph, proc.EntryBlock));
liv.Find();
foreach (var de in liv.Contexts)
{
var str = new StrengthReduction(ssa, de.Key, de.Value);
str.ClassifyUses();
str.ModifyUses();
}
//var opt = new OutParameterTransformer(proc, ssa.Identifiers);
//opt.Transform();
DeadCode.Eliminate(proc, ssa);
// Definitions with multiple uses and variables joined by PHI functions become webs.
var web = new WebBuilder(proc, ssa.Identifiers, program.InductionVariables);
web.Transform();
ssa.ConvertBack(false);
}
else
{
throw new NotImplementedException();
}
}
/// <summary>
/// Converts all registers and stack accesses to SSA variables.
/// </summary>
/// <param name="proc"></param>
/// <returns>The SsaTransform for the procedure.</returns>
public SsaTransform ConvertToSsa(Procedure proc)
{
if (program.NeedsSsaTransform)
{
// Transform the procedure to SSA state. When encountering 'call'
// instructions, they can be to functions already visited. If so,
// they have a "ProcedureFlow" associated with them. If they have
// not been visited, or are computed destinations (e.g. vtables)
// they will have no "ProcedureFlow" associated with them yet, in
// which case the the SSA treats the call as a "hell node".
var sst = new SsaTransform(program, proc, sccProcs, dynamicLinker, this.ProgramDataFlow);
var ssa = sst.Transform();
DumpWatchedProcedure("After SSA", ssa.Procedure);
// Merge unaligned memory accesses.
var fuser = new UnalignedMemoryAccessFuser(ssa);
fuser.Transform();
// After value propagation expressions like (x86)
// mem[esp_42+4] will have been converted to mem[fp - 30].
// We also hope that procedure constants
// kept in registers are propagated to the corresponding call
// sites.
var vp = new ValuePropagator(program.SegmentMap, ssa, program.CallGraph, dynamicLinker, eventListener);
vp.Transform();
DumpWatchedProcedure("After first VP", ssa.Procedure);
// Fuse additions and subtractions that are linked by the carry flag.
var larw = new LongAddRewriter(ssa);
larw.Transform();
// Propagate condition codes and registers.
var cce = new ConditionCodeEliminator(ssa, program.Platform);
cce.Transform();
vp.Transform();
DumpWatchedProcedure("After CCE", ssa.Procedure);
// Now compute SSA for the stack-based variables as well. That is:
// mem[fp - 30] becomes wLoc30, while
// mem[fp + 30] becomes wArg30.
// This allows us to compute the dataflow of this procedure.
sst.RenameFrameAccesses = true;
sst.Transform();
DumpWatchedProcedure("After SSA frame accesses", ssa.Procedure);
var icrw = new IndirectCallRewriter(program, ssa, eventListener);
while (!eventListener.IsCanceled() && icrw.Rewrite())
{
vp.Transform();
sst.RenameFrameAccesses = true;
sst.Transform();
}
var fpuGuesser = new FpuStackReturnGuesser(ssa);
fpuGuesser.Rewrite();
// By placing use statements in the exit block, we will collect
// reaching definitions in the use statements.
sst.AddUsesToExitBlock();
sst.RemoveDeadSsaIdentifiers();
// Backpropagate stack pointer from procedure return.
var spBackpropagator = new StackPointerBackpropagator(ssa);
spBackpropagator.BackpropagateStackPointer();
DumpWatchedProcedure("After SP BP", ssa.Procedure);
// Propagate those newly created stack-based identifiers.
vp.Transform();
DumpWatchedProcedure("After VP2", ssa.Procedure);
return(sst);
}
else
{
// We are assuming phi functions are already generated.
var sst = new SsaTransform(program, proc, sccProcs, dynamicLinker, this.ProgramDataFlow);
return(sst);
}
}
/// <summary>
/// Processes procedures individually, building complex expression trees out
/// of the simple, close-to-the-machine code generated by the disassembly.
/// </summary>
/// <param name="rl"></param>
public void BuildExpressionTrees()
{
int i = 0;
foreach (Procedure proc in program.Procedures.Values)
{
eventListener.ShowProgress("Building complex expressions.", i, program.Procedures.Values.Count);
++i;
try
{
var larw = new LongAddRewriter(proc, program.Architecture);
larw.Transform();
Aliases alias = new Aliases(proc, program.Architecture, flow);
alias.Transform();
var doms = new DominatorGraph <Block>(proc.ControlGraph, proc.EntryBlock);
var sst = new SsaTransform(flow, proc, importResolver, doms);
var ssa = sst.SsaState;
var cce = new ConditionCodeEliminator(ssa.Identifiers, program.Platform);
cce.Transform();
//var cd = new ConstDivisionImplementedByMultiplication(ssa);
//cd.Transform();
DeadCode.Eliminate(proc, ssa);
var vp = new ValuePropagator(program.Architecture, ssa.Identifiers, proc);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
// Build expressions. A definition with a single use can be subsumed
// into the using expression.
var coa = new Coalescer(proc, ssa);
coa.Transform();
DeadCode.Eliminate(proc, ssa);
var liv = new LinearInductionVariableFinder(
proc,
ssa.Identifiers,
new BlockDominatorGraph(proc.ControlGraph, proc.EntryBlock));
liv.Find();
foreach (KeyValuePair <LinearInductionVariable, LinearInductionVariableContext> de in liv.Contexts)
{
var str = new StrengthReduction(ssa, de.Key, de.Value);
str.ClassifyUses();
str.ModifyUses();
}
var opt = new OutParameterTransformer(proc, ssa.Identifiers);
opt.Transform();
DeadCode.Eliminate(proc, ssa);
// Definitions with multiple uses and variables joined by PHI functions become webs.
var web = new WebBuilder(proc, ssa.Identifiers, program.InductionVariables);
web.Transform();
ssa.ConvertBack(false);
}
catch (StatementCorrelatedException stex)
{
eventListener.Error(
eventListener.CreateBlockNavigator(program, stex.Statement.Block),
stex,
"An error occurred during data flow analysis.");
}
catch (Exception ex)
{
eventListener.Error(
new NullCodeLocation(proc.Name),
ex,
"An error occurred during data flow analysis.");
}
}
}
protected override void RunTest(Program program, TextWriter fut)
{
IImportResolver importResolver = null;
DataFlowAnalysis dfa = new DataFlowAnalysis(program, importResolver, new FakeDecompilerEventListener());
dfa.UntangleProcedures();
foreach (Procedure proc in program.Procedures.Values)
{
Aliases alias = new Aliases(proc, program.Architecture);
alias.Transform();
SsaTransform sst = new SsaTransform(dfa.ProgramDataFlow, proc, importResolver, proc.CreateBlockDominatorGraph(), new HashSet<RegisterStorage>());
SsaState ssa = sst.SsaState;
ConditionCodeEliminator cce = new ConditionCodeEliminator(ssa, program.Platform);
cce.Transform();
DeadCode.Eliminate(proc, ssa);
ValuePropagator vp = new ValuePropagator(program.Architecture, ssa);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
Coalescer co = new Coalescer(proc, ssa);
co.Transform();
ssa.Write(fut);
proc.Write(false, fut);
fut.WriteLine();
}
}