Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recover SimpleCAST from IR #162

Merged
merged 27 commits into from Jun 14, 2018

Conversation

Projects
None yet
4 participants
@kriw
Copy link
Collaborator

kriw commented May 27, 2018

  • Recover CFG
  • Emit decompilation result with dummy expression
  • Determine register nodes from propagated ssa nodes

kriw added some commits May 24, 2018

@kriw

This comment has been minimized.

Copy link
Collaborator Author

kriw commented Jun 10, 2018

I have updated the check lists.
There might be other tasks such as beautifying output/expression, recovering strings, global variable for better results, but such tasks should be done in other PRs.

This PR is for generating pseudo-C code with local variables.
This PR is still WIP.

kriw added some commits Jun 10, 2018

@chinmaydd

This comment has been minimized.

Copy link
Contributor

chinmaydd commented Jun 12, 2018

@kriw this is going good. I think it would be better if you create incremental pull requests since those would be easier to review and integrate rather than a major ~2000 line one (If you still think this helps your development cycle, feel free to continue this way but include comments in the PR on a regular basis)

@kriw

This comment has been minimized.

Copy link
Collaborator Author

kriw commented Jun 12, 2018

That would be better than going this way. I have updated TODOs at the top of this PR, I will send PRs for remain tasks respectively.

  • Recover expressions, statements
    - Determine local variables from ssa nodes and RadecoFunction
    - Replace dummy expressions with local variables/registers
    - Recover function call
  • Splitting into modules
  • Unit tests

kriw added some commits Jun 12, 2018

@kriw kriw changed the title WIP Recover SimpleCAST from IR Recover SimpleCAST from IR Jun 12, 2018

@kriw

This comment has been minimized.

Copy link
Collaborator Author

kriw commented Jun 12, 2018

@sushant94 @chinmaydd This PR is ready to be merged.

///////////////////////
println!(" [*] Generating psuedo code");
fname.set_extension("c");
let mut df = File::create(&fname).expect("Unable to create .dot file");

This comment has been minimized.

@chinmaydd

chinmaydd Jun 12, 2018

Contributor

Aren't we creating a .c file here? Please update the expect error.

/// Name of function of this AST
fname: String,
/// Entry node of this function
pub entry: NodeIndex,
/// Unknown node
pub unknown: NodeIndex,

This comment has been minimized.

@chinmaydd

chinmaydd Jun 12, 2018

Contributor

@kriw, I am a bit confused as to why this needs to be a default in a SimpleCAST structure?

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

I think this is to have a single unknown index, which is later used in several places. @kriw please clarify.

This comment has been minimized.

@kriw

kriw Jun 13, 2018

Author Collaborator

unknown is used as a default node which is used in the functions of c_simple_ast_builder so that var_map.get(node) returns some value instead of None.

pub fn deref(&mut self, operand: NodeIndex) -> NodeIndex {
let node = self.ast.add_node(SimpleCASTNode::Value(ValueNode::Expression(c_simple::Expr::DeRef)));
let _ = self.ast.add_edge(node, operand, SimpleCASTEdge::Value(ValueEdge::DeRef));
// XXX

This comment has been minimized.

@chinmaydd

chinmaydd Jun 12, 2018

Contributor

Please explain 😅

@chinmaydd

This comment has been minimized.

Copy link
Contributor

chinmaydd commented Jun 12, 2018

See a lot of XXX, TODO, Used only for debugging comments. Please try and explain if possible.

let reg_map = utils::call_rets(call_node, self.ssa);
for (idx, (node, vt)) in reg_map.into_iter() {
let name = self.ssa.regfile.get_name(idx).unwrap_or("mem").to_string();
// TODO

This comment has been minimized.

@chinmaydd

chinmaydd Jun 12, 2018

Contributor

Priority IMO

@chinmaydd

This comment has been minimized.

Copy link
Contributor

chinmaydd commented Jun 12, 2018

Overall, good work @kriw ! 👍

@@ -438,11 +484,21 @@ impl<'a> CASTConverter<'a> {
/// Entry point of Simple-C-AST to C-AST conversion.
pub fn to_c_ast(&mut self) -> CAST {
let mut c_ast = CAST::new(&self.ast.fname);
for var in self.ast.vars.iter() {
if let Some(&SimpleCASTNode::Value(ValueNode::Variable(ref ty_opt, ref var_name))) = self.ast.ast.node_weight(*var) {
// XXX

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

Same thing as @chinmaydd said, please write at least a line as to what this XXX is, it may be clear to you, but anyone else reading this code will not understand what this is for or what's missing.

@@ -0,0 +1,371 @@
use std::collections::{HashMap, HashSet};

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

Add a module doc indicating what this module is for; what purpose does it serve, which piece of the building block does it implement, how and who is supposed to use this module. Think of it as giving a high level overview as to where this fits in the puzzle.

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

(This may be applicable in other modules as well, please add them too)


macro_rules! add_jump_to_cfg {
($self: ident, $source: expr, $target: expr, $edge: expr) => {
let src_node = $self.action_map.get(&$source).unwrap();

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

Please use expect wherever possible as it makes it easier to pinpoint the location of a panic.

}

impl<'a> CASTBuilder<'a> {
fn new(f: &'a RadecoFunction) -> CASTBuilder {

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

Avoid single character names, makes it harder to find its use by search for example.


fn handle_binop(&mut self, ret_node: NodeIndex, ops: Vec<NodeIndex>,
expr: c_simple::Expr, ast: &mut SimpleCAST) {
// XXX for debbuging, do not use filter_map

This comment has been minimized.

@sushant94

sushant94 Jun 13, 2018

Collaborator

Why not use filter_map here?

This comment has been minimized.

@kriw

kriw Jun 13, 2018

Author Collaborator

If the length of result of filter_map is different from the one of ops, we can not recover expression correctly. So None node has to be replaced with unknown node.

kriw added some commits Jun 13, 2018

@XVilka XVilka merged commit 2bce768 into radareorg:master Jun 14, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.