Skip to content

Liftingsupport #212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Apr 21, 2025
Merged

Liftingsupport #212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
012bdcf
ASTI: add support for trampoline compound condition
sipma Apr 21, 2025
7b6f3e7
REL: replace print stmts with warnings
sipma Apr 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion chb/app/CHVersion.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
chbversion: str = "0.3.0-20250417"
chbversion: str = "0.3.0-20250420"
43 changes: 42 additions & 1 deletion chb/astinterface/ASTInterfaceBasicBlock.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,47 @@ def trampoline_payload_sideeffect_ast(
return astree.mk_branch(cond, tr_stmt, estmt, "0x0")
return tr_stmt

def trampoline_payload_compound_ast(
self, astree: "ASTInterface") -> AST.ASTStmt:
"""
compound condition: fallthrough / exit function (return):
B <condition 1>
B <condition 2>
B <return 0> (fallthrough)
B set function return value
<return 1>
===> if (condition1 || condition2):
return (new return value)
fallthrough

Note: recognition of return value not yet implemented.
"""

bl3 = self.trampoline["payload-2"]
bl3instrs = sorted(bl3.instructions.items())
if not len(bl3instrs) == 2:
return self.trampoline_payload_loop_ast(astree)
instr31 = bl3instrs[0][1]
if not instr31.mnemonic_stem == "MOV":
return self.trampoline_payload_loop_ast(astree)
instr32 = bl3instrs[1][1]
if not instr32.mnemonic_stem == "BX":
return self.trampoline_payload_loop_ast(astree)

cond1 = self.trampoline_ast_condition("payload-0", astree)
cond2 = self.trampoline_ast_condition("payload-1", astree)
if cond1 is not None and cond2 is not None:
cond = astree.mk_binary_op("lor", cond1, cond2)
rstmt = astree.mk_return_stmt(None)
estmt = astree.mk_instr_sequence([])
brstmt = astree.mk_branch(cond, rstmt, estmt, "0x0")
return brstmt
else:
chklogger.logger.error(
"Not all conditions resolved in compound trampoline condition: "
"cond1: %s; cond2: %s", str(cond1), str(cond2))
return self.trampoline_payload_loop_ast(astree)

def trampoline_payload_loop_ast(
self, astree: "ASTInterface") -> AST.ASTStmt:
"""Assumes a return via conditional POP."""
Expand Down Expand Up @@ -404,7 +445,7 @@ def trampoline_ast(self, astree: "ASTInterface") -> AST.ASTStmt:
stmts.append(self.trampoline_setup_ast(astree))
if "payload-0" in self.trampoline or "payload" in self.trampoline:
if len(self.trampoline_payload_roles) == 4:
stmts.append(self.trampoline_payload_loop_ast(astree))
stmts.append(self.trampoline_payload_compound_ast(astree))
elif len(self.trampoline_payload_roles) == 3:
stmts.append(self.trampoline_payload_sideeffect_ast(astree))
elif len(self.trampoline_payload_roles) == 1:
Expand Down
11 changes: 8 additions & 3 deletions chb/relational/CfgMatcher.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
from chb.graphics.DotCfg import DotCfg

import chb.util.fileutil as UF
from chb.util.loggingutil import chklogger


if TYPE_CHECKING:
from chb.app.AppAccess import AppAccess
Expand Down Expand Up @@ -290,7 +292,8 @@ def match_blockstrings(self) -> None:
if b1 not in self.blockmapping:
self._blockmapping[b1] = b2
elif self.blockmapping[b1] != b2:
print("Conflicting mapping (strings): " + b1 + ", " + b2)
chklogger.logger.warning(
"Conflicting mapping (strings): %s, %s", b1, b2)

def match_blockcalls(self) -> None:
for (s, (b1s, b2s)) in self._blockcalls.items():
Expand All @@ -300,7 +303,8 @@ def match_blockcalls(self) -> None:
if b1 not in self.blockmapping:
self._blockmapping[b1] = b2
elif self.blockmapping[b1] != b2:
print("Conflicting mapping (calls): " + b1 + ", " + b2)
chklogger.logger.warning(
"Conflicting mapping (calls): %s, %s", b1, b2)

def match_branch_conditions(self) -> None:
for (s, (b1s, b2s)) in self._blockbranches.items():
Expand All @@ -310,7 +314,8 @@ def match_branch_conditions(self) -> None:
if b1 not in self.blockmapping:
self._blockmapping[b1] = b2
elif self.blockmapping[b1] != b2:
print("Conflicting mapping (branches): " + b1 + ", " + b2)
chklogger.logger.warning(
"Conflicting mapping (branches): %s, %s", b1, b2)

def match_edges(self) -> None:

Expand Down