@krx @pgoodman
krx and pgoodman [WIP] Binja cfg updates (#329)
329b6e2 Jan 18, 2018
[WIP] Binja cfg updates (#329) 
* Fix incorrect stack var sizes

* Recover references to stack vars

* Fix requested changes

* Skip jump table entries in segment xrefs

* Fix sections being incorrectly considered code

* Ignore some symbols binja inserts

Binja inserts a few symbols it identifies that shouldn't be picked up as
globals, so skip these.

TODO: Look into a better way to identify globals than looking through
and filtering variable symbols

* Fix the links to our repos (#364)

* Bring back the mcsema-lift option for --list-supported (#365)

* Bring back the mcsema-lift option for --list-supported

* Discard changes to whitespace from last commit.

* Fix several xref warnings and issues

* Tail call targets now picked up as control flow xrefs
* Tail call targets added as successors
* Fix duplicate blocks being lifted as a result of tail calls being inlined
* Ignore duplicate xrefs as a result of how binja shows the instruction in IL
* Pick up missing xrefs when an instruction is expanded to multiple IL instructions
* Only classify the memory operand of a LOAD/STORE as a memory/displacement xref

* Fixes an issue where we assume that every symbol in the module passed to --library is external, whereas that's false. (#368)

* Bump up commit id to include support of atomic intrinsic (#367)

* Bump up commit id to include support of atomic intrinsic

* update remill commit id

* change cs_action to catch & cleanup type, not looking into catch types; (#371)

* Klee maze example (#369)

* In progress. Working on an example of using KLEE on a Maze, but with the maze program being compiled to x86, amd64, and aarch64.

* Making lots of progress on getting lifting and runnning an aarch64 maze program on amd64, but using --explicit_args. The key thing I'm working through right now is a jump offset table, but where the offset is a block pc, rather than a table base. Also adding various bits of code here and there to making runnning with klee more directly doable, and working on a debugging facility to track down when the emulated program counter gets out of sync with the original program.

* Fixed a subtle @page and @PAGEOFF-related reference bug on AArch64. Partially disabled the special jump offset table handling I had in table.py, as it doesn't (yet) handle the shifted table values. However, I still have the code there, so that it can recognize that a basic block address is used as a possible offset, so that I can remove the block address as a reference, which permits a new heuristic on the C++ side to work. On the C++ side, when there's a jump instruction that isn't associated with a cross-reference flow, I try to auto-augment it with addition switch cases, targeting blocks with no predecessors (as present in the CFG). This seems to work reasonably well.

* Improved the scripts and updated the READMEs.

* Minor rephrase

* Minor rephrase

* Making the stack start a bit further back reduces things like KLEE messing up (#373)

* Changing indentation level, adding more logging statements to track what's going on.

* Manually merged in Kareem's changes before doing an auto merge.

* Got the Maze example working with binary ninja.
329b6e2