fixes calls search in reconstructor #863
Merged
+36
−12
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Actually, this PR just restores previous behaviour, that was lost due to lack of tests and comments. So this PR: 1) extends a list of roots with addresses of such CFG nodes, that don't have any input edges. The effect is noticeable in case of pure code input, since the list of roots is empty in such case, and therefore the reconstructor will create just an empty symtab. 2) adds comments in code to avoid of loosing such behaviour in future. 3) updated documentation for reconstructor in `bap.mli`, since it looks like quite outdated
gitoleg
changed the title
ivg
requested changes
Aug 29, 2018
| Block can be a function start in the next cases: | ||
| - block address is in a set of [roots] | ||
| - block doesn't have any input edges in [cfg]. | ||
| The later is extremly important in case of pure code input. *) |
There was a problem hiding this comment.
Let's rephrase it as I'm afraid that we won't be able to decipher this later... today for example :)
A block is considered to be a function start if one of the following is true:
- the block address belongs to the provided set of roots;
- the block has no incoming edges
In general, all blocks should be reachable from the set of roots, thus a block without incoming edges should belong to the set of roots, so it might be tempting to say that the second clause is redundant.
However, our implementation of the recursive descent disassembler can generate blocks that are not reachable from the initial set of roots. This can happen only if the set of roots is empty, which is treated as a special case, that instructs the disassembler to treat the first byte of the provided input as a root.
Beyond being a questionable design decision, this behavior is actually just an example of a more general problem. The reconstructor and disassemblers could be called with different sets of roots. So, in general, we can't rely on the set of roots passed to the reconstructor for functions start classification.
ivg
approved these changes
Aug 29, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Actually, this PR just restores the previous behavior, that was lost due to lack of tests and comments.
So this PR:
symtab.bap.mli, since it looks quite outdated