fixes IR graph for instructions with Bil.while (#1004)

gitoleg · ivg · commit 6983ef49d929 · 2019-10-23T07:35:01.000-04:00
The problem After #998, string instructions with the rep prefix are represented with the `Bil.while` statement and have the semantics of a pure data effect (and therefore do not break a basic block). However, when we reify while into IR we still have jump terms. And this wasn't anticipated by the sema lifter, which was glueing IR constituting one basic block, assuming that there will not be any complex control flow. This PR fixes this issue (which is not only specific to #998, this PR just triggered it, in general there could be other cases, when pure data effects are reified into non-simple control structures, cf. conditional moves). Solution Instead of just appending blocks, ensure that they are connected by an explicit jump.
diff --git a/lib/bap_sema/bap_sema_lift.ml b/lib/bap_sema/bap_sema_lift.ml
@@ -64,11 +64,19 @@ module IrBuilder = struct
     Term.enum jmp_t b2 |> Seq.iter ~f:(Ir_blk.Builder.add_jmp b);
     Ir_blk.Builder.result b
 
+  (* [append xs ys]
+     pre: the first block of [xs] is the exit block;
+     pre: the first block of [ys] is the entry block;
+     pre: the last block of [ys] is the exit block;
+     post: the first block of [append xs ys] is the new exit block. *)
   let append xs ys = match xs, ys with
     | [],xs | xs,[] -> xs
     | x :: xs, y :: ys when def_only x ->
-      List.rev_append ys (append_def_only x y :: xs)
-    | xs, ys -> List.rev_append ys xs
+       List.rev_append ys (append_def_only x y :: xs)
+    | x::xs, y::_ ->
+       let jmp = Ir_jmp.reify ~dst:(Ir_jmp.resolved @@ Term.tid y) () in
+       let x = Term.append jmp_t x jmp in
+       List.rev_append ys (x::xs)
 
   let ir_of_insn insn = KB.Value.get Term.slot insn
 
@@ -83,6 +91,9 @@ module IrBuilder = struct
         set_attributes jmp_t blk |>
         set_attributes def_t)
 
+  (* [lift_insn ?mem insn blks]
+     pre: the first block of [blks] is the exit block;
+     post: the first block of [lift_insn insn blks] is the new exit block. *)
   let lift_insn ?mem insn blks =
     append blks @@
     set_attributes ?mem insn (ir_of_insn insn)
