public void EP_AddrOf()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
Identifier r2 = null, r3 = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
r3 = m.Register("r3");
m.Assign(r2, 0x1234); // after which R2 has a definite value
m.SideEffect(m.Fn("Foo", m.Out(PrimitiveType.Pointer32, r2))); // Can't promise R2 is preserved after call, so should be invalid.
m.Assign(r3, r2);
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("0x00001234", ctx.GetValue(r2).ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("Foo(out r2)", instr2.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
var instr3 = stms[2].Instruction.Accept(ep);
Assert.AreEqual("r3 = r2", instr3.ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r2).ToString());
Assert.AreEqual("<invalid>", ctx.GetValue(r3).ToString());
}
public void Setup()
{
mem = new MemoryArea(Address.Ptr32(0x00100000), new byte[1024]);
var arch = new FakeArchitecture();
this.program = new Program
{
Architecture = arch,
SegmentMap = new SegmentMap(
mem.BaseAddress,
new ImageSegment(".text", mem, AccessMode.ReadWriteExecute)),
Platform = new DefaultPlatform(null, arch),
};
store = program.TypeStore;
factory = program.TypeFactory;
globals = program.Globals;
store.EnsureExpressionTypeVariable(factory, globals);
StructureType s = new StructureType(null, 0);
s.Fields.Add(0x00100000, PrimitiveType.Word32, null);
TypeVariable tvGlobals = store.EnsureExpressionTypeVariable(factory, globals);
EquivalenceClass eqGlobals = new EquivalenceClass(tvGlobals);
eqGlobals.DataType = s;
globals.TypeVariable.DataType = new Pointer(eqGlobals, 4);
globals.DataType = globals.TypeVariable.DataType;
}
public void Setup()
{
var image = new LoadedImage(Address.Ptr32(0x00100000), new byte[1024]);
var arch = new FakeArchitecture();
var program = new Program
{
Image = image,
Architecture = arch,
ImageMap = image.CreateImageMap(),
Platform = new DefaultPlatform(null, arch),
};
store = program.TypeStore;
factory = program.TypeFactory;
globals = program.Globals;
store.EnsureExpressionTypeVariable(factory, globals);
StructureType s = new StructureType(null, 0);
s.Fields.Add(0x00100000, PrimitiveType.Word32, null);
TypeVariable tvGlobals = store.EnsureExpressionTypeVariable(factory, globals);
EquivalenceClass eqGlobals = new EquivalenceClass(tvGlobals);
eqGlobals.DataType = s;
globals.TypeVariable.DataType = new Pointer(eqGlobals, 4);
globals.DataType = globals.TypeVariable.DataType;
tcr = new TypedConstantRewriter(program);
}
public void PprReplaceInts()
{
var arch = new FakeArchitecture();
var program = new Program { Architecture = arch, Platform = new DefaultPlatform(null, arch) };
TypeFactory factory = new TypeFactory();
store = new TypeStore();
TypeVariable tv1 = store.CreateTypeVariable(factory);
TypeVariable tv2 = store.CreateTypeVariable(factory);
Assert.IsNotNull(tv1.Class, "Expected store.EnsureTypeVariable to create equivalence class");
Assert.IsNotNull(tv2.Class, "Expected store.EnsureTypeVariable to create equivalence class");
tv1.Class.DataType = PrimitiveType.Word32;
tv2.Class.DataType = PrimitiveType.Word16;
program.Globals.TypeVariable = store.CreateTypeVariable(factory);
program.Globals.DataType = factory.CreateStructureType();
TypeVariable tv3 = store.CreateTypeVariable(factory);
Assert.IsNotNull(tv3.Class, "Expected store.EnsureTypeVariable to create equivalence class");
StructureType mem = factory.CreateStructureType(null, 0);
mem.Fields.Add(0, tv1);
mem.Fields.Add(4, tv2);
tv3.Class.DataType = factory.CreatePointer(mem, 4);
store.CopyClassDataTypesToTypeVariables();
TypeVariableReplacer tvr = new TypeVariableReplacer(store);
tvr.ReplaceTypeVariables();
var ppr = new PtrPrimitiveReplacer(factory, store, program);
ppr.ReplaceAll();
Verify(null, "Typing/PprReplaceInts.txt");
}
private void RunTest(string sExp, Action<ProcedureBuilder> builder)
{
var pb = new ProcedureBuilder(this.pb.Program.Architecture);
builder(pb);
var proc = pb.Procedure;
var dg = new DominatorGraph<Block>(proc.ControlGraph, proc.EntryBlock);
var project = new Project
{
Programs = { this.pb.Program }
};
var importResolver = new ImportResolver(
project,
this.pb.Program,
new FakeDecompilerEventListener());
var arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
// Register r1 is assumed to always be implicit when calling
// another procedure.
var implicitRegs = new HashSet<RegisterStorage>
{
arch.GetRegister(1)
};
Debug.Print("GetRegister(1) {0}", arch.GetRegister(1));
this.pb.Program.Platform = platform;
this.pb.Program.Platform = new FakePlatform(null, new FakeArchitecture());
this.pb.Program.SegmentMap = new SegmentMap(
Address.Ptr32(0x0000),
new ImageSegment(
".text",
Address.Ptr32(0),
0x40000,
AccessMode.ReadWriteExecute));
// Perform the initial transformation
var ssa = new SsaTransform(programFlow, proc, importResolver, dg, implicitRegs);
// Propagate values and simplify the results.
// We hope the the sequence
// esp = fp - 4
// mov [esp-4],eax
// will become
// esp_2 = fp - 4
// mov [fp - 8],eax
var vp = new ValuePropagator(this.pb.Program.Architecture, ssa.SsaState);
vp.Transform();
ssa.RenameFrameAccesses = true;
ssa.AddUseInstructions = true;
ssa.Transform();
var writer = new StringWriter();
proc.Write(false, writer);
var sActual = writer.ToString();
if (sActual != sExp)
Debug.Print(sActual);
Assert.AreEqual(sExp, sActual);
}
public void Setup()
{
arch = new FakeArchitecture();
proc = new Procedure("Test", new Frame(arch.FramePointerType));
flow = new ProcedureFlow(proc, arch);
ctx = new SymbolicEvaluationContext(arch, proc.Frame);
trs = new TrashedRegisterSummarizer(arch, proc, flow, ctx);
}
public void Setup()
{
this.m = new ExpressionEmitter();
this.store = new TypeStore();
this.factory = new TypeFactory();
var arch = new FakeArchitecture();
var platform = new DefaultPlatform(null, arch);
this.exa = new ExpressionTypeAscender(platform, store, factory);
}
public void Setup()
{
mr = new MockRepository();
fakeArch = new FakeArchitecture();
importResolver = mr.StrictMock<IImportResolver>();
callSigs = new Dictionary<Address, ProcedureSignature>();
arch = fakeArch;
var r1 = arch.GetRegister(1);
reg1 = new Identifier(r1.Name, PrimitiveType.Word32, r1);
}
public void Setup()
{
this.m = new ExpressionEmitter();
this.store = new TypeStore();
this.factory = new TypeFactory();
this.arch = new FakeArchitecture();
this.program = new Program { Architecture = arch, Platform = new DefaultPlatform(null, arch) };
this.exa = new ExpressionTypeAscender(program, store, factory);
this.exd = new ExpressionTypeDescender(program, store, factory);
store.EnsureExpressionTypeVariable(factory, program.Globals, "globals_t");
}
public void SetUp()
{
store = new TypeStore();
factory = new TypeFactory();
aen = new ExpressionNormalizer(PrimitiveType.Pointer32);
eqb = new EquivalenceClassBuilder(factory, store);
arch = new FakeArchitecture();
prog = new Program();
prog.Architecture = arch;
prog.Platform = new DefaultPlatform(null, arch);
dtb = new DataTypeBuilder(factory, store, prog.Platform);
}
public void Setup()
{
mr = new MockRepository();
fakeArch = new FakeArchitecture();
importResolver = mr.StrictMock<IImportResolver>();
callSigs = new Dictionary<Address, ProcedureSignature>();
arch = fakeArch;
var r1 = arch.GetRegister(1);
reg1 = new Identifier(r1.Name, PrimitiveType.Word32, r1);
this.sc = new ServiceContainer();
sc.AddService<DecompilerHost>(new FakeDecompilerHost());
sc.AddService<DecompilerEventListener>(new FakeDecompilerEventListener());
sc.AddService<IFileSystemService>(new FileSystemServiceImpl());
}
public static RtlTrace[] Create(FakeArchitecture arch)
{
var frame = arch.CreateFrame();
var r1 = frame.EnsureRegister(arch.GetRegister(1));
var sp = frame.EnsureRegister(arch.StackRegister);
return new RtlTrace[]
{
new RtlTrace(0x1000) // main
{
m => {m.Assign(r1, 3); },
m => { m.Assign(sp, m.ISub(sp, 4)); m.Assign(m.LoadDw(sp), r1); },
m => { m.Call(Address.Ptr32(0x1200), 4); },
m => { m.Assign(r1, 3); },
m => { m.Assign(sp, m.ISub(sp, 4)); m.Assign(m.LoadDw(sp), r1); },
m => { m.Call(Address.Ptr32(0x1100), 4); },
m => { m.Return(4, 4); }
},
new RtlTrace(0x1100) // odd
{
m => { m.Assign(r1, m.LoadDw(m.IAdd(sp, 4))); },
m => { m.Branch(m.Eq0(r1), Address.Ptr32(0x1120), RtlClass.ConditionalTransfer); },
m => { m.Assign(r1, m.LoadDw(m.IAdd(sp, 4))); },
m => { m.Assign(r1, m.ISub(r1, 1)); },
m => { m.Assign(m.LoadDw(m.IAdd(sp, 4)), r1); },
m => { m.Goto(Address.Ptr32(0x1200)); }
},
new RtlTrace(0x1120)
{
m => { m.Assign(r1, Constant.Word32(0)); },
m => { m.Return(4, 4); }
},
new RtlTrace(0x1200) // event
{
m => { m.Assign(r1, m.LoadDw(m.IAdd(sp, 4))); },
m => { m.Branch(m.Eq0(r1), Address.Ptr32(0x1220), RtlClass.ConditionalTransfer); },
m => { m.Assign(r1, m.LoadDw(m.IAdd(sp, 4))); },
m => { m.Assign(r1, m.ISub(r1, 1)); },
m => { m.Assign(m.LoadDw(m.IAdd(sp, 4)), r1); },
m => { m.Goto(Address.Ptr32(0x1100)); }
},
new RtlTrace(0x1220)
{
m => { m.Assign(r1, Constant.Word32(1)); },
m => { m.Return(4, 4); }
},
};
}
public void ExtpBind()
{
var sig = new ProcedureSignature(
new Identifier(Registers.ax.Name, PrimitiveType.Word16, Registers.ax),
new Identifier [] {
new Identifier(Registers.bx.Name, PrimitiveType.Word16, Registers.bx),
new Identifier(Registers.cl.Name, PrimitiveType.Byte, Registers.cl) } );
var ep = new ExternalProcedure("foo", sig);
Assert.AreEqual("Register word16 foo(Register word16 bx, Register byte cl)", ep.ToString());
var fn = new ProcedureConstant(PrimitiveType.Pointer32, ep);
var arch = new FakeArchitecture();
var frame = arch.CreateFrame();
var ab = new ApplicationBuilder(new FakeArchitecture(), frame, new CallSite(0, 0), fn, ep.Signature, false);
var instr = ab.CreateInstruction();
Assert.AreEqual("ax = foo(bx, cl)", instr.ToString());
}
private void Given_Program()
{
this.arch = new FakeArchitecture();
var platform = new FakePlatform(null, arch);
this.program = new Program
{
SegmentMap = new SegmentMap(
Address.Ptr32(0x1000),
new ImageSegment(
".text",
new MemoryArea(Address.Ptr32(0x1000), new byte[1000]),
AccessMode.ReadExecute)),
Platform = platform,
Architecture = arch,
};
}
public void Setup()
{
var image = new LoadedImage(Address.Ptr32(0x00400000), new byte[1024]);
var arch = new FakeArchitecture();
program = new Program
{
Architecture = arch,
Image = image,
ImageMap = image.CreateImageMap(),
Platform = new DefaultPlatform(null, arch)
};
store = program.TypeStore;
factory = program.TypeFactory;
point = new StructureType(null, 0);
point.Fields.Add(0, PrimitiveType.Word32, null);
point.Fields.Add(4, PrimitiveType.Word32, null);
}
public void Setup()
{
var mem = new MemoryArea(Address.Ptr32(0x00400000), new byte[1024]);
var arch = new FakeArchitecture();
program = new Program
{
Architecture = arch,
SegmentMap = new SegmentMap(
mem.BaseAddress,
new ImageSegment(".text", mem, AccessMode.ReadWriteExecute)),
Platform = new DefaultPlatform(null, arch)
};
store = program.TypeStore;
factory = program.TypeFactory;
point = new StructureType(null, 0);
point.Fields.Add(0, PrimitiveType.Word32, null);
point.Fields.Add(4, PrimitiveType.Word32, null);
m = new ProcedureBuilder();
}
public void EP_IndirectCall()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var r1 = m.Register("r1");
m.Assign(r1, m.Word32(0x42));
m.Emit(new CallInstruction(r1, new CallSite(4, 0)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("call 0x00000042 (retsize: 4; depth: 4)", newInstr.ToString());
}
private void Prepare(Procedure proc)
{
this.proc = proc;
doms = proc.CreateBlockDominatorGraph();
SsaTransform sst = new SsaTransform(new ProgramDataFlow(), proc, doms);
SsaState ssa = sst.SsaState;
ssaIds = ssa.Identifiers;
var arch = new FakeArchitecture();
var cce = new ConditionCodeEliminator(ssaIds, new DefaultPlatform(null, arch));
cce.Transform();
DeadCode.Eliminate(proc, ssa);
var vp = new ValuePropagator(arch, ssa.Identifiers, proc);
vp.Transform();
DeadCode.Eliminate(proc, ssa);
}
public void TerConstants()
{
var arch = new FakeArchitecture();
Program program = new Program(
new SegmentMap(Address.Ptr32(0x10000)),
arch,
new DefaultPlatform(null, arch));
SetupPreStages(program);
Constant r = Constant.Real32(3.0F);
Constant i = Constant.Int32(1);
Identifier x = new Identifier("x", PrimitiveType.Word32, null);
Assignment ass = new Assignment(x, r);
TypeVariable tvR = r.TypeVariable = program.TypeFactory.CreateTypeVariable();
TypeVariable tvI = i.TypeVariable = program.TypeFactory.CreateTypeVariable();
TypeVariable tvX = x.TypeVariable = program.TypeFactory.CreateTypeVariable();
program.TypeStore.TypeVariables.AddRange(new TypeVariable[] { tvR, tvI, tvX });
UnionType u = program.TypeFactory.CreateUnionType(null, null, new DataType[] { r.DataType, i.DataType });
tvR.OriginalDataType = r.DataType;
tvI.OriginalDataType = i.DataType;
tvX.OriginalDataType = x.DataType;
tvR.DataType = u;
tvI.DataType = u;
tvX.DataType = u;
ctn.RenameAllTypes(program.TypeStore);
var ter = new TypedExpressionRewriter(program, null);
Instruction instr = ter.TransformAssignment(ass);
Assert.AreEqual("x.u0 = 3.0F", instr.ToString());
}
public void EP_LValue()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
Identifier r2 = null;
Identifier sp = null;
var proc = p.Add("main", (m) =>
{
r2 = m.Register("r2");
sp = m.Frame.EnsureRegister(arch.StackRegister);
m.Store(m.ISub(sp, 12), m.ISub(sp, 16));
m.Store(m.ISub(sp, 12), 2);
});
var ctx = new SymbolicEvaluationContext (arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch,simplifier,ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister]= proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var instr1 = stms[0].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = fp - 0x00000010", instr1.ToString());
var instr2 = stms[1].Instruction.Accept(ep);
Assert.AreEqual("dwLoc0C = 0x00000002", instr2.ToString());
}
private static Program CreateProgram()
{
var arch = new FakeArchitecture();
return new Program
{
Architecture = arch,
Platform = new DefaultPlatform(null, arch),
};
}
public void Usb_ParseFunctionDeclaration_WithRegisterArgs()
{
var arch = new FakeArchitecture();
var m = new ProcedureBuilder(arch, "test");
var r1 = m.Reg32("r1", 1);
var r2 = m.Reg32("r2", 2);
m.Store(m.Word32(0x123400), m.Cast(PrimitiveType.Byte, r1));
m.Store(m.Word32(0x123404), m.Cast(PrimitiveType.Real32, r2));
m.Return();
var usb = new UserSignatureBuilder(program);
usb.ApplySignatureToProcedure(
Address.Create(PrimitiveType.Pointer32, 0x1000),
new ProcedureSignature(
null,
new Identifier("r2", PrimitiveType.Char, r1.Storage), // perverse but legal.
new Identifier("r1", PrimitiveType.Real32, r2.Storage)),
m.Procedure);
var sExp = @"// test
// Return size: 0
void test(char r2, real32 r1)
test_entry:
// succ: l1
l1:
r1 = r2
r2 = r1
Mem0[0x00123400:byte] = (byte) r1
Mem0[0x00123404:real32] = (real32) r2
return
// succ: test_exit
test_exit:
";
var sb = new StringWriter();
m.Procedure.Write(false, sb);
Assert.AreEqual(sExp, sb.ToString());
}
public void EP_StackReference()
{
var arch = new FakeArchitecture();
var p = new ProgramBuilder(arch);
var proc = p.Add("main", (m) =>
{
var sp = m.Frame.EnsureRegister(m.Architecture.StackRegister);
var r1 = m.Register(1);
m.Assign(sp, m.ISub(sp, 4));
m.Assign(r1, m.LoadDw(m.IAdd(sp, 8)));
m.Return();
});
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(arch, simplifier, ctx, new ProgramDataFlow());
ctx.RegisterState[arch.StackRegister] = proc.Frame.FramePointer;
var stms = proc.EntryBlock.Succ[0].Statements;
var newInstr = stms[0].Instruction.Accept(ep);
Assert.AreEqual("r63 = fp - 0x00000004", newInstr.ToString());
newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("r1 = dwArg04", newInstr.ToString());
}
public void CceEqId()
{
Identifier r = Reg32("r");
Identifier z = FlagGroup("z"); // is a condition code.
Identifier y = FlagGroup("y"); // is a condition code.
ProcedureBuilder m = new ProcedureBuilder();
m.Assign(z, new ConditionOf(r));
ssaIds[z].DefStatement = m.Block.Statements.Last;
m.Assign(y, z);
ssaIds[y].DefStatement = m.Block.Statements.Last;
ssaIds[z].Uses.Add(m.Block.Statements.Last);
var stmBr = m.BranchIf(m.Test(ConditionCode.EQ, y), "foo");
ssaIds[y].Uses.Add(stmBr);
var arch = new FakeArchitecture();
var cce = new ConditionCodeEliminator(ssaIds, new DefaultPlatform(null, arch));
cce.Transform();
Assert.AreEqual("branch r == 0x00000000 foo", stmBr.Instruction.ToString());
}
public void Setup()
{
this.arch = new FakeArchitecture();
this.platform = new DefaultPlatform(null, arch);
symbolTable = new SymbolTable(platform);
}
public void EP_Application()
{
var p = new ProgramBuilder();
var proc = p.Add("main", (m) =>
{
var r1 = m.Frame.EnsureRegister(new RegisterStorage("r1", 1, PrimitiveType.Word32));
m.Assign(r1, m.Word32(0x42));
m.SideEffect(m.Fn("foo", r1));
m.Return();
});
var arch = new FakeArchitecture();
var ctx = new SymbolicEvaluationContext(arch, proc.Frame);
var simplifier = new ExpressionSimplifier(ctx);
var ep = new ExpressionPropagator(null, simplifier, ctx, new ProgramDataFlow());
var stms = proc.EntryBlock.Succ[0].Statements;
stms[0].Instruction.Accept(ep);
var newInstr = stms[1].Instruction.Accept(ep);
Assert.AreEqual("foo(0x00000042)", newInstr.ToString());
}
public void Setup()
{
this.arch = new FakeArchitecture();
this.procCalling = new ProcedureBuilder(arch, "procCalling").Procedure;
this.callgraph = new CallGraph();
}
