Merge pull request #1390 from serpilliere/fix_expr_propag_names

Fix expr propag names
author: serpilliere <serpilliere@users.noreply.github.com> 2021-10-13 15:59:43 +0200
committer: GitHub <noreply@github.com> 2021-10-13 15:59:43 +0200
commit: ff3e5baa85aa875c748e11668785b35c11b973c5 (patch)
tree: 77f5dfd01012c2bb5053ea36ba793377a8f38f1f
parent: 5522eb059ad5fe2b5ef0194923b3b6c24d778946 (diff)
parent: 79775302ea32e4340be61a07463454e2b024cfad (diff)
download: focaccia-miasm-ff3e5baa85aa875c748e11668785b35c11b973c5.tar.gz
focaccia-miasm-ff3e5baa85aa875c748e11668785b35c11b973c5.zip
3 files changed, 125 insertions, 13 deletions
diff --git a/example/expression/interfer.py b/example/expression/interfer.py
new file mode 100644
index 00000000..5055e1f6
--- /dev/null
+++ b/example/expression/interfer.py
@@ -0,0 +1,111 @@
+from miasm.analysis.data_flow import State
+from miasm.expression.expression import *
+
+"""
+Test memory interferences
+"""
+
+a32 = ExprId('a', 32)
+b32 = ExprId('b', 32)
+
+a64 = ExprId('a', 64)
+b64 = ExprId('b', 64)
+
+mem_a32_32 = ExprMem(a32, 32)
+mem_b32_32 = ExprMem(b32, 32)
+
+mem_a64_32 = ExprMem(a64, 32)
+
+mem_a32_m1_8 = ExprMem(a32 + ExprInt(-1, 32), 8)
+mem_a32_p0_8 = ExprMem(a32, 8)
+mem_a32_p1_8 = ExprMem(a32 + ExprInt(1, 32), 8)
+mem_a32_p2_8 = ExprMem(a32 + ExprInt(2, 32), 8)
+mem_a32_p3_8 = ExprMem(a32 + ExprInt(3, 32), 8)
+mem_a32_p4_8 = ExprMem(a32 + ExprInt(4, 32), 8)
+
+
+mem_a32_m4_32 = ExprMem(a32 + ExprInt(-4, 32), 32)
+mem_a32_m3_32 = ExprMem(a32 + ExprInt(-3, 32), 32)
+mem_a32_m2_32 = ExprMem(a32 + ExprInt(-2, 32), 32)
+mem_a32_m1_32 = ExprMem(a32 + ExprInt(-1, 32), 32)
+mem_a32_p0_32 = ExprMem(a32, 32)
+mem_a32_p1_32 = ExprMem(a32 + ExprInt(1, 32), 32)
+mem_a32_p2_32 = ExprMem(a32 + ExprInt(2, 32), 32)
+mem_a32_p3_32 = ExprMem(a32 + ExprInt(3, 32), 32)
+mem_a32_p4_32 = ExprMem(a32 + ExprInt(4, 32), 32)
+
+
+mem_a64_m4_32 = ExprMem(a64 + ExprInt(-4, 64), 32)
+mem_a64_m3_32 = ExprMem(a64 + ExprInt(-3, 64), 32)
+mem_a64_m2_32 = ExprMem(a64 + ExprInt(-2, 64), 32)
+mem_a64_m1_32 = ExprMem(a64 + ExprInt(-1, 64), 32)
+mem_a64_p0_32 = ExprMem(a64, 32)
+mem_a64_p1_32 = ExprMem(a64 + ExprInt(1, 64), 32)
+mem_a64_p2_32 = ExprMem(a64 + ExprInt(2, 64), 32)
+mem_a64_p3_32 = ExprMem(a64 + ExprInt(3, 64), 32)
+mem_a64_p4_32 = ExprMem(a64 + ExprInt(4, 64), 32)
+
+
+state = State()
+
+
+assert state.may_interfer(set([mem_a32_32]), mem_b32_32) == True
+assert state.may_interfer(set([mem_b32_32]), mem_a32_32) == True
+
+# Test 8 bit accesses
+assert state.may_interfer(set([mem_a32_m1_8]), mem_a32_32) == False
+assert state.may_interfer(set([mem_a32_p0_8]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p1_8]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p2_8]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p3_8]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p4_8]), mem_a32_32) == False
+
+assert state.may_interfer(set([mem_a32_32]), mem_a32_m1_8) == False
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p0_8) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p1_8) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p2_8) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p3_8) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p4_8) == False
+
+
+# Test 32 bit accesses
+assert state.may_interfer(set([mem_a32_m4_32]), mem_a32_32) == False
+assert state.may_interfer(set([mem_a32_m3_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_m2_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_m1_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p0_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p1_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p2_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p3_32]), mem_a32_32) == True
+assert state.may_interfer(set([mem_a32_p4_32]), mem_a32_32) == False
+
+assert state.may_interfer(set([mem_a32_32]), mem_a32_m4_32) == False
+assert state.may_interfer(set([mem_a32_32]), mem_a32_m3_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_m2_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_m1_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p0_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p1_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p2_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p3_32) == True
+assert state.may_interfer(set([mem_a32_32]), mem_a32_p4_32) == False
+
+# Test 32 bit accesses with 64 bit memory address
+assert state.may_interfer(set([mem_a64_m4_32]), mem_a64_32) == False
+assert state.may_interfer(set([mem_a64_m3_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_m2_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_m1_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_p0_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_p1_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_p2_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_p3_32]), mem_a64_32) == True
+assert state.may_interfer(set([mem_a64_p4_32]), mem_a64_32) == False
+
+assert state.may_interfer(set([mem_a64_32]), mem_a64_m4_32) == False
+assert state.may_interfer(set([mem_a64_32]), mem_a64_m3_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_m2_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_m1_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_p0_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_p1_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_p2_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_p3_32) == True
+assert state.may_interfer(set([mem_a64_32]), mem_a64_p4_32) == False
diff --git a/miasm/analysis/data_flow.py b/miasm/analysis/data_flow.py
index 9274d9d6..06453264 100644
--- a/miasm/analysis/data_flow.py
+++ b/miasm/analysis/data_flow.py
@@ -1921,29 +1921,29 @@ class State(object):
                 if dst in src:
                     return True
                 if dst.is_mem() and src.is_mem():
-                    base1, offset1 = get_expr_base_offset(dst.ptr)
-                    base2, offset2 = get_expr_base_offset(src.ptr)
-                    if base1 != base2:
+                    dst_base, dst_offset = get_expr_base_offset(dst.ptr)
+                    src_base, src_offset = get_expr_base_offset(src.ptr)
+                    if dst_base != src_base:
                         return True
-                    size1 = dst.size // 8
-                    size2 = src.size // 8
+                    dst_size = dst.size // 8
+                    src_size = src.size // 8
                     # Special case:
                     # @32[ESP + 0xFFFFFFFE], @32[ESP]
                     # Both memories alias
-                    if offset1 + size1 <= int(base1.mask) + 1:
+                    if dst_offset + dst_size <= int(dst_base.mask) + 1:
                         # @32[ESP + 0xFFFFFFFC] => [0xFFFFFFFC, 0xFFFFFFFF]
-                        interval1 = interval([(offset1, offset1 + dst.size // 8 - 1)])
+                        interval1 = interval([(dst_offset, dst_offset + dst.size // 8 - 1)])
                     else:
                         # @32[ESP + 0xFFFFFFFE] => [0x0, 0x1] U [0xFFFFFFFE, 0xFFFFFFFF]
-                        interval1 = interval([(offset1, int(base1.mask))])
-                        interval1 += interval([(0, size1 - (int(base1.mask) + 1 - offset1) - 1 )])
-                    if offset2 + size2 <= int(base2.mask) + 1:
+                        interval1 = interval([(dst_offset, int(dst_base.mask))])
+                        interval1 += interval([(0, dst_size - (int(dst_base.mask) + 1 - dst_offset) - 1 )])
+                    if src_offset + src_size <= int(src_base.mask) + 1:
                         # @32[ESP + 0xFFFFFFFC] => [0xFFFFFFFC, 0xFFFFFFFF]
-                        interval2 = interval([(offset2, offset2 + src.size // 8 - 1)])
+                        interval2 = interval([(src_offset, src_offset + src.size // 8 - 1)])
                     else:
                         # @32[ESP + 0xFFFFFFFE] => [0x0, 0x1] U [0xFFFFFFFE, 0xFFFFFFFF]
-                        interval2 = interval([(offset2, int(base2.mask))])
-                        interval2 += interval([(0, size2 - (int(base2.mask) + 1 - offset2) - 1)])
+                        interval2 = interval([(src_offset, int(src_base.mask))])
+                        interval2 += interval([(0, src_size - (int(src_base.mask) + 1 - src_offset) - 1)])
                     if (interval1 & interval2).empty:
                         continue
                     return True
diff --git a/test/test_all.py b/test/test_all.py
index f0ac755e..a49f6ff9 100755
--- a/test/test_all.py
+++ b/test/test_all.py
@@ -710,6 +710,7 @@ for script in [["basic_op.py"],
                ["expr_random.py"],
                ["expr_translate.py"],
                ["expr_reduce.py"],
+               ["interfer.py"],
                ]:
     testset += ExampleExpression(script)
author	serpilliere <serpilliere@users.noreply.github.com>	2021-10-13 15:59:43 +0200
committer	GitHub <noreply@github.com>	2021-10-13 15:59:43 +0200
commit	ff3e5baa85aa875c748e11668785b35c11b973c5 (patch)
tree	77f5dfd01012c2bb5053ea36ba793377a8f38f1f
parent	5522eb059ad5fe2b5ef0194923b3b6c24d778946 (diff)
parent	79775302ea32e4340be61a07463454e2b024cfad (diff)
download	focaccia-miasm-ff3e5baa85aa875c748e11668785b35c11b973c5.tar.gz focaccia-miasm-ff3e5baa85aa875c748e11668785b35c11b973c5.zip