diff options
| author | Camille Mougey <commial@gmail.com> | 2019-02-22 13:05:15 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-22 13:05:15 +0100 |
| commit | 016eed425db47346dc0c84f1964a2ef88ee6840e (patch) | |
| tree | 3b7abe5146cf31be3158f75897cfead631b041e3 | |
| parent | 9c063fb1ddd5e6eaa54d6d83048715b3ab8b9191 (diff) | |
| parent | 6f67a5503615bbc0b481f29991d717b84a0bcd78 (diff) | |
| download | miasm-016eed425db47346dc0c84f1964a2ef88ee6840e.tar.gz miasm-016eed425db47346dc0c84f1964a2ef88ee6840e.zip | |
Merge pull request #985 from serpilliere/fix_propagation
Fix propagation
| -rw-r--r-- | example/disasm/full.py | 15 | ||||
| -rw-r--r-- | miasm2/analysis/data_flow.py | 28 |
2 files changed, 29 insertions, 14 deletions
diff --git a/example/disasm/full.py b/example/disasm/full.py index 19036882..5161a299 100644 --- a/example/disasm/full.py +++ b/example/disasm/full.py @@ -330,9 +330,20 @@ if args.propagexpr: modified = super(CustomIRCFGSimplifierSSA, self).do_simplify(ssa, head) if args.loadint: modified |= load_from_int(ssa.graph, bs, is_addr_ro_variable) + + def simplify(self, ircfg, head): + ssa = self.ircfg_to_ssa(ircfg, head) + ssa = self.do_simplify_loop(ssa, head) + ircfg = self.ssa_to_unssa(ssa, head) + if args.stack2var: - modified |= replace_stack_vars(self.ir_arch, ssa) - return modified + replace_stack_vars(self.ir_arch, ircfg) + + ircfg_simplifier = IRCFGSimplifierCommon(self.ir_arch) + ircfg_simplifier.simplify(ircfg, head) + return ircfg + + head = list(entry_points)[0] diff --git a/miasm2/analysis/data_flow.py b/miasm2/analysis/data_flow.py index dc72d06a..2201a088 100644 --- a/miasm2/analysis/data_flow.py +++ b/miasm2/analysis/data_flow.py @@ -900,10 +900,9 @@ class PropagateThroughExprMem(object): for dst, src in out.iteritems(): if dst.is_mem(): write_mem = True - if dst != mem_dst and mem_dst in dst: - dst = dst.replace_expr({mem_dst:mem_src}) - if mem_dst in src: - src = src.replace_expr({mem_dst:mem_src}) + ptr = dst.ptr.replace_expr({mem_dst:mem_src}) + dst = ExprMem(ptr, dst.size) + src = src.replace_expr({mem_dst:mem_src}) out_new[dst] = src if out != out_new: assignblk_modified = True @@ -990,15 +989,15 @@ def check_expr_below_stack(ir_arch_a, expr): return True -def retrieve_stack_accesses(ir_arch_a, ssa): +def retrieve_stack_accesses(ir_arch_a, ircfg): """ Walk the ssa graph and find stack based variables. Return a dictionary linking stack base address to its size/name @ir_arch_a: ira instance - @ssa: SSADiGraph instance + @ircfg: IRCFG instance """ stack_vars = set() - for block in ssa.graph.blocks.itervalues(): + for block in ircfg.blocks.itervalues(): for assignblk in block: for dst, src in assignblk.iteritems(): stack_vars.update(get_stack_accesses(ir_arch_a, dst)) @@ -1064,18 +1063,23 @@ def replace_mem_stack_vars(expr, base_to_info): return expr.visit(lambda expr:fix_stack_vars(expr, base_to_info)) -def replace_stack_vars(ir_arch_a, ssa): +def replace_stack_vars(ir_arch_a, ircfg): """ Try to replace stack based memory accesses by variables. + + Hypothesis: the input ircfg must have all it's accesses to stack explicitly + done through the stack register, ie every aliases on those variables is + resolved. + WARNING: may fail @ir_arch_a: ira instance - @ssa: SSADiGraph instance + @ircfg: IRCFG instance """ - base_to_info = retrieve_stack_accesses(ir_arch_a, ssa) + base_to_info = retrieve_stack_accesses(ir_arch_a, ircfg) modified = False - for block in ssa.graph.blocks.itervalues(): + for block in ircfg.blocks.itervalues(): assignblks = [] for assignblk in block: out = {} @@ -1090,7 +1094,7 @@ def replace_stack_vars(ir_arch_a, ssa): out = AssignBlock(out, assignblk.instr) assignblks.append(out) new_block = IRBlock(block.loc_key, assignblks) - ssa.graph.blocks[block.loc_key] = new_block + ircfg.blocks[block.loc_key] = new_block return modified |