From 3bd62f77a0e85cfb40ca047a8151597e4308c66e Mon Sep 17 00:00:00 2001 From: Xiaozhu Meng Date: Wed, 17 May 2017 09:32:16 -0500 Subject: [PATCH] Fix indirect jumps in variable argument functions, where there is no memory read --- parseAPI/src/IndirectASTVisitor.C | 10 ++++++++++ parseAPI/src/IndirectAnalyzer.C | 1 + parseAPI/src/JumpTableFormatPred.C | 2 ++ parseAPI/src/JumpTableFormatPred.h | 22 ++-------------------- 4 files changed, 15 insertions(+), 20 deletions(-) diff --git a/parseAPI/src/IndirectASTVisitor.C b/parseAPI/src/IndirectASTVisitor.C index fcabb7ce6c..b46c430c2d 100644 --- a/parseAPI/src/IndirectASTVisitor.C +++ b/parseAPI/src/IndirectASTVisitor.C @@ -312,6 +312,16 @@ bool JumpTableFormatVisitor::PotentialIndexing(AST::Ptr ast) { if (ast->getID() == AST::V_RoseAST) { RoseAST::Ptr r = boost::static_pointer_cast(ast); if (r->val().op == ROSEOperation::uMultOp || r->val().op == ROSEOperation::sMultOp) return true; + if (r->val().op == ROSEOperation::addOp) { + // The index can be subtracted + if (r->child(0)->getID() == AST::V_RoseAST && r->child(1)->getID() == AST::V_ConstantAST) { + RoseAST::Ptr lc = boost::static_pointer_cast(r->child(0)); + ConstantAST::Ptr rc = boost::static_pointer_cast(r->child(1)); + if (lc->val().op == ROSEOperation::invertOp && rc->val().val == 1) { + return PotentialIndexing(lc->child(0)); + } + } + } } return false; } diff --git a/parseAPI/src/IndirectAnalyzer.C b/parseAPI/src/IndirectAnalyzer.C index 83a6d9cc42..2799005516 100644 --- a/parseAPI/src/IndirectAnalyzer.C +++ b/parseAPI/src/IndirectAnalyzer.C @@ -206,6 +206,7 @@ void IndirectControlFlowAnalyzer::ReadTable(AST::Ptr jumpTargetExpr, } int IndirectControlFlowAnalyzer::GetMemoryReadSize(Assignment::Ptr memLoc) { + if (!memLoc) return 0; Instruction::Ptr i = memLoc->insn(); std::vector ops; i->getOperands(ops); diff --git a/parseAPI/src/JumpTableFormatPred.C b/parseAPI/src/JumpTableFormatPred.C index 33e610bf86..3d7b4b9a53 100644 --- a/parseAPI/src/JumpTableFormatPred.C +++ b/parseAPI/src/JumpTableFormatPred.C @@ -154,6 +154,7 @@ bool JumpTableFormatPred::modifyCurrentFrame(Slicer::SliceFrame &frame, Graph::P // The last expression should be the jump target jumpTarget = exp; } + parsing_printf("Check expression %s\n", jumpTarget->format().c_str()); JumpTableFormatVisitor jtfv(block); jumpTarget->accept(&jtfv); if (jtfv.findIncorrectFormat) { @@ -178,6 +179,7 @@ bool JumpTableFormatPred::modifyCurrentFrame(Slicer::SliceFrame &frame, Graph::P findIndex = true; } if (jtfv.findIndex && jtfv.findTableBase) { + parsing_printf("\tRecord jump target expr\n"); jumpTargetExpr = jumpTarget; return false; } diff --git a/parseAPI/src/JumpTableFormatPred.h b/parseAPI/src/JumpTableFormatPred.h index 17f7bf2a41..13650430e6 100644 --- a/parseAPI/src/JumpTableFormatPred.h +++ b/parseAPI/src/JumpTableFormatPred.h @@ -18,18 +18,6 @@ class JumpTableFormatPred : public Slicer::Predicates { ThunkData &thunks; SymbolicExpression &se; - Address targetBase; - // If tableReadSize == 0, this does not represent a memory access - // Otherwise, tableReadSize reprenents the number bytes of the access - int tableReadSize; - int tableStride; - - // On ARM, the table content is often multiplied by 4 before adding with targetBase - int tcMultiply; - bool isInverted; - bool isSubReadContent; - bool isZeroExtend; - bool jumpTableFormat; bool unknownInstruction; bool findIndex; @@ -48,13 +36,7 @@ class JumpTableFormatPred : public Slicer::Predicates { ThunkData &t, SymbolicExpression &sym): func(f), block(b), rf(r), thunks(t), se(sym) { - targetBase = 0; - tableReadSize = 0; - tcMultiply = 1; - isInverted = false; - isSubReadContent = false; - isZeroExtend = false; - jumpTableFormat = true; + jumpTableFormat = true; unknownInstruction = false; findIndex = false; firstMemoryRead = true; @@ -62,7 +44,7 @@ class JumpTableFormatPred : public Slicer::Predicates { virtual bool modifyCurrentFrame(Slicer::SliceFrame &frame, Graph::Ptr g); std::string format(); - bool isJumpTableFormat() { return jumpTableFormat && findIndex; } + bool isJumpTableFormat() { return jumpTableFormat && findIndex && jumpTargetExpr;} bool findSpillRead(Graph::Ptr g, SliceNode::Ptr &); void adjustActiveMap(Slicer::SliceFrame &frame, SliceNode::Ptr); };