diff options
| author | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2019-02-21 07:24:25 +0100 |
|---|---|---|
| committer | Fabrice Desclaux <fabrice.desclaux@cea.fr> | 2019-02-22 10:50:15 +0100 |
| commit | 6f67a5503615bbc0b481f29991d717b84a0bcd78 (patch) | |
| tree | 3b7abe5146cf31be3158f75897cfead631b041e3 | |
| parent | 1f058c9a34dd52120aa3974e51421aa1989833ea (diff) | |
| download | miasm-6f67a5503615bbc0b481f29991d717b84a0bcd78.tar.gz miasm-6f67a5503615bbc0b481f29991d717b84a0bcd78.zip | |
stack2var: move it from simplification loop to final pass
There are no points to call it in the simplification loop as it's hypothesis is that we uncover all stack accesses. Moreover, the index variable generated will collide with previous calls
| -rw-r--r-- | example/disasm/full.py | 15 | ||||
| -rw-r--r-- | miasm2/analysis/data_flow.py | 21 |
2 files changed, 26 insertions, 10 deletions
diff --git a/example/disasm/full.py b/example/disasm/full.py index 19036882..5161a299 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -330,9 +330,20 @@ if args.propagexpr: modified = super(CustomIRCFGSimplifierSSA, self).do_simplify(ssa, head) if args.loadint: modified |= load_from_int(ssa.graph, bs, is_addr_ro_variable) + + def simplify(self, ircfg, head): + ssa = self.ircfg_to_ssa(ircfg, head) + ssa = self.do_simplify_loop(ssa, head) + ircfg = self.ssa_to_unssa(ssa, head) + if args.stack2var: - modified |= replace_stack_vars(self.ir_arch, ssa) - return modified + replace_stack_vars(self.ir_arch, ircfg) + + ircfg_simplifier = IRCFGSimplifierCommon(self.ir_arch) + ircfg_simplifier.simplify(ircfg, head) + return ircfg + + head = list(entry_points)[0] diff --git a/miasm2/analysis/data_flow.py b/miasm2/analysis/data_flow.py index 5a0ffd4c..2201a088 100644 --- a/miasm2/analysis/data_flow.py +++ b/miasm2/analysis/data_flow.py @@ -989,15 +989,15 @@ def check_expr_below_stack(ir_arch_a, expr): return True -def retrieve_stack_accesses(ir_arch_a, ssa): +def retrieve_stack_accesses(ir_arch_a, ircfg): """ Walk the ssa graph and find stack based variables. Return a dictionary linking stack base address to its size/name @ir_arch_a: ira instance - @ssa: SSADiGraph instance + @ircfg: IRCFG instance """ stack_vars = set() - for block in ssa.graph.blocks.itervalues(): + for block in ircfg.blocks.itervalues(): for assignblk in block: for dst, src in assignblk.iteritems(): stack_vars.update(get_stack_accesses(ir_arch_a, dst)) @@ -1063,18 +1063,23 @@ def replace_mem_stack_vars(expr, base_to_info): return expr.visit(lambda expr:fix_stack_vars(expr, base_to_info)) -def replace_stack_vars(ir_arch_a, ssa): +def replace_stack_vars(ir_arch_a, ircfg): """ Try to replace stack based memory accesses by variables. + + Hypothesis: the input ircfg must have all it's accesses to stack explicitly + done through the stack register, ie every aliases on those variables is + resolved. + WARNING: may fail @ir_arch_a: ira instance - @ssa: SSADiGraph instance + @ircfg: IRCFG instance """ - base_to_info = retrieve_stack_accesses(ir_arch_a, ssa) + base_to_info = retrieve_stack_accesses(ir_arch_a, ircfg) modified = False - for block in ssa.graph.blocks.itervalues(): + for block in ircfg.blocks.itervalues(): assignblks = [] for assignblk in block: out = {} @@ -1089,7 +1094,7 @@ def replace_stack_vars(ir_arch_a, ssa): out = AssignBlock(out, assignblk.instr) assignblks.append(out) new_block = IRBlock(block.loc_key, assignblks) - ssa.graph.blocks[block.loc_key] = new_block + ircfg.blocks[block.loc_key] = new_block return modified |