Skip to content

C
cwe_checker
Commit c1e142eb by Enkelmann Committed by Enkelmann
Options

Finish P-Code to internal IR deserialization.

parent b70f9910
Showing with 550 additions and 83 deletions
cwe_checker_rs/src/bil/mod.rs
......@@ -266,7 +266,7 @@ impl From<Expression> for IrExpression {
},
HIGH => {
assert!(width % 8 == 0);
let low_byte = (arg.bitsize() - BitSize::from(width)).into();
let low_byte = (arg.bitsize() - width).into();
IrExpression::Subpiece {
arg: Box::new(IrExpression::from(*arg)),
low_byte,
......
cwe_checker_rs/src/intermediate_representation/mod.rs
use crate::prelude::*;
use crate::term::{Term, Tid};
use derive_more::*;
use std::convert::TryFrom;
......@@ -60,3 +59,17 @@ impl From<ByteSize> for apint::BitWidth {
apint::BitWidth::from((u64::from(bytesize) * 8) as usize)
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn check_bit_to_byte_conversion() {
let bits: BitSize = 8;
let bytes: ByteSize = bits.into();
assert_eq!(u64::from(bytes), 1);
let bits: BitSize = bytes.into();
assert_eq!(bits, 8);
}
}
cwe_checker_rs/src/intermediate_representation/term.rs
......@@ -52,3 +52,33 @@ pub struct Sub {
pub name: String,
pub blocks: Vec<Term<Blk>>,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub enum Arg {
Register(Variable),
Stack { offset: i64, size: ByteSize },
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct ExternSymbol {
pub tid: Tid,
pub name: String,
pub calling_convention: Option<String>,
pub parameters: Vec<Arg>,
pub return_values: Vec<Arg>,
pub no_return: bool,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Program {
pub subs: Vec<Term<Sub>>,
pub extern_symbols: Vec<ExternSymbol>,
pub entry_points: Vec<Tid>,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Project {
pub program: Term<Program>,
pub cpu_architecture: String,
pub stack_pointer_register: Variable,
}
cwe_checker_rs/src/pcode/expressions.rs
use super::Def;
use crate::intermediate_representation::BinOpType as IrBinOpType;
use crate::intermediate_representation::ByteSize;
use crate::intermediate_representation::CastOpType as IrCastOpType;
......@@ -5,17 +6,19 @@ use crate::intermediate_representation::Expression as IrExpression;
use crate::intermediate_representation::UnOpType as IrUnOpType;
use crate::intermediate_representation::Variable as IrVariable;
use crate::prelude::*;
use crate::term::{Term, Tid};
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Variable {
pub name: Option<String>,
pub value: Option<String>,
pub address: Option<String>,
pub size: ByteSize,
pub is_virtual: bool,
}
impl From<Variable> for IrVariable {
/// Translate a P-Code variable into a register variable of the internally used IR.
/// Panic if the variable does not represent a register.
fn from(pcode_var: Variable) -> IrVariable {
IrVariable {
name: pcode_var.name.unwrap(),
......@@ -26,12 +29,24 @@ impl From<Variable> for IrVariable {
}
impl From<Variable> for IrExpression {
/// Translate a P-Code variable into a `Var`or `Const` expression of the internally used IR.
/// Panics if the translation fails.
fn from(pcode_var: Variable) -> IrExpression {
match (&pcode_var.name, &pcode_var.value) {
(Some(_name), None) => IrExpression::Var(pcode_var.into()),
(None, Some(hex_value)) => {
(None, Some(_hex_value)) => IrExpression::Const(pcode_var.parse_to_bitvector()),
_ => panic!("Conversion failed:\n{:?}", pcode_var),
}
}
}
impl Variable {
/// Parses a variable representing a concrete value or a concrete address to a bitvector containing the value or address.
pub fn parse_to_bitvector(&self) -> Bitvector {
match (&self.value, &self.address) {
(Some(hex_value), None) | (None, Some(hex_value)) => {
// TODO: Implement parsing for large hex values.
if u64::from(pcode_var.size) > 8 {
if u64::from(self.size) > 8 {
panic!(
"Parsing of immediates greater than 8 bytes not yet implemented: {}",
hex_value
......@@ -39,25 +54,58 @@ impl From<Variable> for IrExpression {
}
let val: u64 = u64::from_str_radix(&hex_value, 16).unwrap();
let mut bitvector: Bitvector = Bitvector::from_u64(val);
bitvector.truncate(pcode_var.size).unwrap();
IrExpression::Const(bitvector)
bitvector.truncate(self.size).unwrap();
bitvector
}
_ => panic!(),
}
}
}
impl From<Variable> for ByteSize {
fn from(pcode_var: Variable) -> ByteSize {
match (&pcode_var.name, &pcode_var.value) {
(None, Some(hex_value)) => {
// TODO: Implement parsing for large hex values.
if u64::from(pcode_var.size) > 8 {
panic!(
"Parsing of immediates greater than 8 bytes not yet implemented: {}",
hex_value
);
/// Generate a virtual variable with the given name and size.
pub fn new_virtual(name: impl Into<String>, size: ByteSize) -> Variable {
Variable {
name: Some(name.into()),
value: None,
address: None,
size,
is_virtual: true,
}
}
/// Generate a variable representing a constant
pub fn new_const(value_string: impl Into<String>, size: ByteSize) -> Variable {
Variable {
name: None,
value: Some(value_string.into()),
address: None,
size,
is_virtual: false,
}
}
/// Create a LOAD instruction out of a variable representing a load from a constant address into a virtual register.
///
/// Note that the address pointer size gets set to zero, since the function does not know the correct size for pointers.
pub fn to_load_def(&self, target_register_name: impl Into<String>) -> Def {
Def {
lhs: Some(Variable::new_virtual(target_register_name, self.size)),
rhs: Expression {
mnemonic: ExpressionType::LOAD,
input0: None,
input1: Some(Variable::new_const(
self.address.as_ref().unwrap(),
ByteSize::from(0 as u64), // We do not know the correct pointer size here.
)),
input2: None,
},
}
}
/// Translates a variable into the byte size that it represents. Panics on error.
pub fn parse_to_bytesize(self) -> ByteSize {
match (&self.name, &self.value) {
(None, Some(hex_value)) => {
assert!(u64::from(self.size) <= 8);
let val: u64 = u64::from_str_radix(&hex_value, 16).unwrap();
val.into()
}
......@@ -144,6 +192,8 @@ pub enum ExpressionType {
}
impl From<ExpressionType> for IrBinOpType {
/// Translates expression types.
/// Panics when given a type not representable by the target type.
fn from(expr_type: ExpressionType) -> IrBinOpType {
use ExpressionType::*;
use IrBinOpType::*;
......@@ -195,6 +245,8 @@ impl From<ExpressionType> for IrBinOpType {
}
impl From<ExpressionType> for IrUnOpType {
/// Translates expression types.
/// Panics when given a type not representable by the target type.
fn from(expr_type: ExpressionType) -> IrUnOpType {
use ExpressionType::*;
match expr_type {
......@@ -214,6 +266,8 @@ impl From<ExpressionType> for IrUnOpType {
}
impl From<ExpressionType> for IrCastOpType {
/// Translates expression types.
/// Panics when given a type not representable by the target type.
fn from(expr_type: ExpressionType) -> IrCastOpType {
use ExpressionType::*;
match expr_type {
......@@ -250,15 +304,15 @@ mod tests {
let _: Expression = serde_json::from_str(
r#"
{
"mnemonic": "INT_SUB",
"mnemonic": "INT_SLESS",
"input0": {
"name": "RSP",
"size": 8,
"name": "EAX",
"size": 4,
"is_virtual": false
},
"input1": {
"name": "00000008",
"size": 8,
"value": "00000000",
"size": 4,
"is_virtual": false
}
}
......
cwe_checker_rs/src/pcode/mod.rs
use crate::prelude::*;
use crate::term::{Term, Tid};
use derive_more::*;
use std::convert::TryFrom;
mod expressions;
pub use expressions::*;
mod term;
......
cwe_checker_rs/src/pcode/term.rs
use super::{Expression, Variable};
use super::{Expression, ExpressionType, Variable};
use crate::intermediate_representation::Arg as IrArg;
use crate::intermediate_representation::Blk as IrBlk;
use crate::intermediate_representation::ByteSize;
use crate::intermediate_representation::Def as IrDef;
use crate::intermediate_representation::Expression as IrExpression;
use crate::intermediate_representation::ExternSymbol as IrExternSymbol;
use crate::intermediate_representation::Jmp as IrJmp;
use crate::intermediate_representation::Program as IrProgram;
use crate::intermediate_representation::Project as IrProject;
use crate::intermediate_representation::Sub as IrSub;
use crate::prelude::*;
use crate::term::{Term, Tid};
......@@ -35,6 +40,7 @@ pub enum JmpType {
}
impl From<Jmp> for IrJmp {
/// Convert a P-Code jump to the internally used IR.
fn from(jmp: Jmp) -> IrJmp {
use JmpType::*;
let unwrap_label_direct = |label| {
......@@ -77,7 +83,6 @@ impl From<Jmp> for IrJmp {
}
}
// TODO: Remove since code duplication?
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub enum Label {
Direct(Tid),
......@@ -86,20 +91,21 @@ pub enum Label {
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Def {
pub lhs: Variable,
pub lhs: Option<Variable>,
pub rhs: Expression,
}
impl From<Def> for IrDef {
/// Convert a P-Code instruction to the internally used IR.
fn from(def: Def) -> IrDef {
use super::ExpressionType::*;
match def.rhs.mnemonic {
COPY => IrDef::Assign {
var: def.lhs.into(),
var: def.lhs.unwrap().into(),
value: def.rhs.input0.unwrap().into(),
},
LOAD => IrDef::Load {
var: def.lhs.into(),
var: def.lhs.unwrap().into(),
address: def.rhs.input1.unwrap().into(),
},
STORE => IrDef::Store {
......@@ -112,7 +118,7 @@ impl From<Def> for IrDef {
| INT_DIV | INT_REM | INT_SDIV | INT_SREM | BOOL_XOR | BOOL_AND | BOOL_OR
| FLOAT_EQUAL | FLOAT_NOTEQUAL | FLOAT_LESS | FLOAT_LESSEQUAL | FLOAT_ADD
| FLOAT_SUB | FLOAT_MULT | FLOAT_DIV => IrDef::Assign {
var: def.lhs.into(),
var: def.lhs.unwrap().into(),
value: IrExpression::BinOp {
op: def.rhs.mnemonic.into(),
lhs: Box::new(def.rhs.input0.unwrap().into()),
......@@ -120,26 +126,26 @@ impl From<Def> for IrDef {
},
},
SUBPIECE => IrDef::Assign {
var: def.lhs.clone().into(),
var: def.lhs.clone().unwrap().into(),
value: IrExpression::Subpiece {
low_byte: def.rhs.input1.unwrap().into(),
size: def.lhs.size,
low_byte: def.rhs.input1.unwrap().parse_to_bytesize(),
size: def.lhs.unwrap().size,
arg: Box::new(def.rhs.input0.unwrap().into()),
},
},
INT_NEGATE | INT_2COMP | BOOL_NEGATE | FLOAT_NEGATE | FLOAT_ABS | FLOAT_SQRT
| FLOAT_CEIL | FLOAT_FLOOR | FLOAT_ROUND | FLOAT_NAN => IrDef::Assign {
var: def.lhs.into(),
var: def.lhs.unwrap().into(),
value: IrExpression::UnOp {
op: def.rhs.mnemonic.into(),
arg: Box::new(def.rhs.input0.unwrap().into()),
},
},
INT_ZEXT | INT_SEXT | INT2FLOAT | FLOAT2FLOAT | TRUNC => IrDef::Assign {
var: def.lhs.clone().into(),
var: def.lhs.clone().unwrap().into(),
value: IrExpression::Cast {
op: def.rhs.mnemonic.into(),
size: def.lhs.size,
size: def.lhs.unwrap().size,
arg: Box::new(def.rhs.input0.unwrap().into()),
},
},
......@@ -147,6 +153,19 @@ impl From<Def> for IrDef {
}
}
impl Def {
/// For `LOAD` instruction with address pointer size zero,
/// correct the address size to the given pointer size.
pub fn correct_pointer_sizes(&mut self, pointer_size: ByteSize) {
if self.rhs.mnemonic == ExpressionType::LOAD {
let input1 = self.rhs.input1.as_mut().unwrap();
if input1.size == ByteSize::from(0 as u64) {
input1.size = pointer_size;
}
}
}
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Blk {
pub defs: Vec<Term<Def>>,
......@@ -154,6 +173,7 @@ pub struct Blk {
}
impl From<Blk> for IrBlk {
/// Convert a P-Code block to the internally used IR.
fn from(blk: Blk) -> IrBlk {
let defs: Vec<Term<IrDef>> = blk
.defs
......@@ -175,7 +195,53 @@ impl From<Blk> for IrBlk {
}
}
// TODO: We need a unit test for stack parameter (that use location instead of var)!
impl Blk {
/// Add `LOAD` instructions for implicit memory accesses
/// to convert them to explicit memory accesses.
///
/// The generates `LOAD`s will have (incorrect) address sizes of zero,
/// which must be corrected afterwards.
fn add_load_defs_for_implicit_ram_access(&mut self) {
let mut refactored_defs = Vec::new();
for def in self.defs.iter() {
let mut cleaned_def = def.clone();
if let Some(input) = &def.term.rhs.input0 {
if input.address.is_some() {
let load_def = input.to_load_def("$load_temp0");
cleaned_def.term.rhs.input0 = load_def.lhs.clone();
refactored_defs.push(Term {
tid: def.tid.clone().with_id_suffix("_load0"),
term: load_def,
});
}
}
if let Some(input) = &def.term.rhs.input1 {
if input.address.is_some() {
let load_def = input.to_load_def("$load_temp1");
cleaned_def.term.rhs.input1 = load_def.lhs.clone();
refactored_defs.push(Term {
tid: def.tid.clone().with_id_suffix("_load1"),
term: load_def,
});
}
}
if let Some(input) = &def.term.rhs.input2 {
if input.address.is_some() {
let load_def = input.to_load_def("$load_temp2");
cleaned_def.term.rhs.input2 = load_def.lhs.clone();
refactored_defs.push(Term {
tid: def.tid.clone().with_id_suffix("_load2"),
term: load_def,
});
}
}
refactored_defs.push(cleaned_def);
}
self.defs = refactored_defs;
}
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Arg {
pub var: Option<Variable>,
......@@ -187,7 +253,6 @@ pub struct Arg {
pub enum ArgIntent {
INPUT,
OUTPUT,
BOTH,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
......@@ -220,6 +285,52 @@ pub struct ExternSymbol {
pub name: String,
pub calling_convention: Option<String>,
pub arguments: Vec<Arg>,
pub no_return: bool,
}
impl From<ExternSymbol> for IrExternSymbol {
/// Convert an extern symbol parsed from Ghidra to the internally used IR.
fn from(symbol: ExternSymbol) -> IrExternSymbol {
let mut parameters = Vec::new();
let mut return_values = Vec::new();
for arg in symbol.arguments {
let ir_arg = if let Some(var) = arg.var {
IrArg::Register(var.into())
} else if let Some(expr) = arg.location {
if expr.mnemonic == ExpressionType::LOAD {
IrArg::Stack {
offset: i64::from_str_radix(
expr.input0
.clone()
.unwrap()
.address
.unwrap()
.trim_start_matches("0x"),
16,
)
.unwrap(),
size: expr.input0.unwrap().size,
}
} else {
panic!()
}
} else {
panic!()
};
match arg.intent {
ArgIntent::INPUT => parameters.push(ir_arg),
ArgIntent::OUTPUT => return_values.push(ir_arg),
}
}
IrExternSymbol {
tid: symbol.tid,
name: symbol.name,
calling_convention: symbol.calling_convention,
parameters,
return_values,
no_return: symbol.no_return,
}
}
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
......@@ -229,6 +340,77 @@ pub struct Program {
pub entry_points: Vec<Tid>,
}
impl From<Program> for IrProgram {
/// Convert a program parsed from Ghidra to the internally used IR.
fn from(program: Program) -> IrProgram {
let subs = program
.subs
.into_iter()
.map(|sub_term| Term {
tid: sub_term.tid,
term: sub_term.term.into(),
})
.collect();
IrProgram {
subs,
extern_symbols: program
.extern_symbols
.into_iter()
.map(|symbol| symbol.into())
.collect(),
entry_points: program.entry_points,
}
}
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Project {
pub program: Term<Program>,
pub cpu_architecture: String,
pub stack_pointer_register: Variable,
}
impl From<Project> for IrProject {
/// Convert a project parsed from Ghidra to the internally used IR.
fn from(project: Project) -> IrProject {
let program = Term {
tid: project.program.tid,
term: project.program.term.into(),
};
IrProject {
program,
cpu_architecture: project.cpu_architecture,
stack_pointer_register: project.stack_pointer_register.into(),
}
}
}
impl Project {
/// This function runs normalization passes to bring the project into a form
/// that can be translated into the internally used intermediate representation.
///
/// Currently implemented normalization passes:
///
/// ### Insert explicit `LOAD` instructions for implicit memory loads in P-Code.
///
/// Ghidra generates implicit loads for memory accesses, whose address is a constant.
/// The pass converts them to explicit `LOAD` instructions.
pub fn normalize(&mut self) {
// Insert explicit `LOAD` instructions for implicit memory loads in P-Code.
let generic_pointer_size = self.stack_pointer_register.size;
for sub in self.program.term.subs.iter_mut() {
for block in sub.term.blocks.iter_mut() {
block.term.add_load_defs_for_implicit_ram_access();
// The artificially created LOADs have pointers of size 0,
// which we have to correct.
for def in block.term.defs.iter_mut() {
def.term.correct_pointer_sizes(generic_pointer_size);
}
}
}
}
}
#[cfg(test)]
mod tests {
use super::*;
......@@ -292,7 +474,7 @@ mod tests {
#[test]
fn jmp_deserialization() {
let _: Term<Jmp> = serde_json::from_str(
let jmp_term: Term<Jmp> = serde_json::from_str(
r#"
{
"tid": {
......@@ -322,11 +504,12 @@ mod tests {
"#,
)
.unwrap();
let _: IrJmp = jmp_term.term.into();
}
#[test]
fn blk_deserialization() {
let _: Term<Blk> = serde_json::from_str(
let block_term: Term<Blk> = serde_json::from_str(
r#"
{
"tid": {
......@@ -341,6 +524,7 @@ mod tests {
"#,
)
.unwrap();
let _: IrBlk = block_term.term.into();
}
#[test]
......@@ -358,11 +542,27 @@ mod tests {
"#,
)
.unwrap();
let _: Arg = serde_json::from_str(
r#"
{
"location": {
"mnemonic": "LOAD",
"input0": {
"address": "0x4",
"size": 4,
"is_virtual": false
}
},
"intent": "INPUT"
}
"#,
)
.unwrap();
}
#[test]
fn sub_deserialization() {
let _: Term<Sub> = serde_json::from_str(
let sub_term: Term<Sub> = serde_json::from_str(
r#"
{
"tid": {
......@@ -377,42 +577,30 @@ mod tests {
"#,
)
.unwrap();
let _: IrSub = sub_term.term.into();
}
#[test]
fn extern_symbol_deserialization() {
let _: ExternSymbol = serde_json::from_str(
let symbol: ExternSymbol = serde_json::from_str(
r#"
{
"tid": {
"id": "sub_0010b020",
"address": "0010b020"
"id": "sub_08048410",
"address": "08048410"
},
"address": "0010b020",
"name": "strncmp",
"calling_convention": "__stdcall",
"address": "08048410",
"name": "atoi",
"calling_convention": "__cdecl",
"arguments": [
{
"var": {
"name": "RDI",
"size": 8,
"is_virtual": false
},
"intent": "INPUT"
},
{
"var": {
"name": "RSI",
"size": 8,
"is_virtual": false
},
"intent": "INPUT"
},
{
"var": {
"name": "RDX",
"size": 8,
"location": {
"mnemonic": "LOAD",
"input0": {
"address": "0x4",
"size": 4,
"is_virtual": false
}
},
"intent": "INPUT"
},
......@@ -424,16 +612,18 @@ mod tests {
},
"intent": "OUTPUT"
}
]
],
"no_return": false
}
"#,
)
.unwrap();
let _: IrExternSymbol = symbol.into();
}
#[test]
fn program_deserialization() {
let _: Term<Program> = serde_json::from_str(
let program_term: Term<Program> = serde_json::from_str(
r#"
{
"tid": {
......@@ -449,5 +639,73 @@ mod tests {
"#,
)
.unwrap();
let _: IrProgram = program_term.term.into();
}
#[test]
fn project_deserialization() {
let project: Project = serde_json::from_str(
r#"
{
"program": {
"tid": {
"id": "prog_08048000",
"address": "08048000"
},
"term": {
"subs": [],
"extern_symbols": [],
"entry_points":[]
}
},
"stack_pointer_register": {
"name": "ESP",
"size": 32,
"is_virtual": false
},
"cpu_architecture": "x86_32"
}
"#,
)
.unwrap();
let _: IrProject = project.into();
}
#[test]
fn add_load_defs_for_implicit_ram_access() {
let mut blk: Blk = Blk { defs: Vec::new(), jmps: Vec::new()};
blk.defs.push(serde_json::from_str(r#"
{
"tid": {
"id": "instr_001053f8_0",
"address": "001053f8"
},
"term": {
"lhs": {
"name": "EDI",
"value": null,
"address": null,
"size": 4,
"is_virtual": false
},
"rhs": {
"mnemonic": "COPY",
"input0": {
"name": null,
"value": null,
"address": "0010a018",
"size": 4,
"is_virtual": false
},
"input1": null,
"input2": null
}
}
}
"#).unwrap());
blk.add_load_defs_for_implicit_ram_access();
assert_eq!(blk.defs[0].term.lhs.as_ref().unwrap().name.as_ref().unwrap(), "$load_temp0");
assert_eq!(blk.defs[1].term.rhs.input0.as_ref().unwrap().name.as_ref().unwrap(), "$load_temp0");
assert_eq!(blk.defs.len(), 2);
}
}
cwe_checker_rs/src/term/mod.rs
use crate::bil::*;
use crate::intermediate_representation::Arg as IrArg;
use crate::intermediate_representation::Blk as IrBlk;
use crate::intermediate_representation::Def as IrDef;
use crate::intermediate_representation::Expression as IrExpression;
use crate::intermediate_representation::Jmp as IrJmp;
use crate::intermediate_representation::Program as IrProgram;
use crate::intermediate_representation::Project as IrProject;
use crate::intermediate_representation::Sub as IrSub;
use serde::{Deserialize, Serialize};
......@@ -22,6 +25,14 @@ impl Tid {
address: "UNKNOWN".to_string(),
}
}
/// Add a suffix to the ID string and return the new `Tid`
pub fn with_id_suffix(self, suffix: &str) -> Self {
Tid {
id: self.id + suffix,
address: self.address,
}
}
}
impl std::fmt::Display for Tid {
......@@ -43,12 +54,14 @@ pub struct Def {
}
impl Def {
fn to_ir_defs(self) -> Vec<IrDef> {
fn into_ir_defs(self) -> Vec<IrDef> {
match self.rhs {
Expression::Load { address, .. } => {
let (defs, cleaned_address, _) = extract_loads_from_expression(*address, 0);
let mut ir_defs: Vec<IrDef> =
defs.into_iter().map(|def| def.to_ir_assignment()).collect();
let mut ir_defs: Vec<IrDef> = defs
.into_iter()
.map(|def| def.into_ir_assignment())
.collect();
ir_defs.push(IrDef::Load {
address: cleaned_address.into(),
var: self.lhs.into(),
......@@ -61,8 +74,10 @@ impl Def {
let (mut more_defs, cleaned_value, _) =
extract_loads_from_expression(*value, counter);
defs.append(&mut more_defs);
let mut ir_defs: Vec<IrDef> =
defs.into_iter().map(|def| def.to_ir_assignment()).collect();
let mut ir_defs: Vec<IrDef> = defs
.into_iter()
.map(|def| def.into_ir_assignment())
.collect();
ir_defs.push(IrDef::Store {
address: cleaned_address.into(),
value: cleaned_value.into(),
......@@ -93,8 +108,10 @@ impl Def {
extract_loads_from_expression(*value, counter);
defs.append(&mut more_defs);
defs.append(&mut even_more_defs);
let mut ir_defs: Vec<IrDef> =
defs.into_iter().map(|def| def.to_ir_assignment()).collect();
let mut ir_defs: Vec<IrDef> = defs
.into_iter()
.map(|def| def.into_ir_assignment())
.collect();
ir_defs.push(IrDef::Store {
address: cleaned_adress.into(),
value: IrExpression::Unknown {
......@@ -104,11 +121,11 @@ impl Def {
});
ir_defs
}
_ => vec![self.to_ir_assignment()],
_ => vec![self.into_ir_assignment()],
}
}
fn to_ir_assignment(self) -> IrDef {
fn into_ir_assignment(self) -> IrDef {
IrDef::Assign {
var: self.lhs.into(),
value: self.rhs.into(),
......@@ -184,7 +201,7 @@ impl From<Blk> for IrBlk {
fn from(blk: Blk) -> IrBlk {
let mut ir_def_terms = Vec::new();
for def_term in blk.defs {
let ir_defs = def_term.term.to_ir_defs();
let ir_defs = def_term.term.into_ir_defs();
assert!(!ir_defs.is_empty());
if ir_defs.len() == 1 {
ir_def_terms.push(Term {
......@@ -248,6 +265,28 @@ pub struct Program {
pub entry_points: Vec<Tid>,
}
impl From<Program> for IrProgram {
fn from(program: Program) -> IrProgram {
let subs = program
.subs
.into_iter()
.map(|sub_term| Term {
tid: sub_term.tid,
term: sub_term.term.into(),
})
.collect();
IrProgram {
subs,
extern_symbols: program
.extern_symbols
.into_iter()
.map(|symbol| symbol.into())
.collect(),
entry_points: program.entry_points,
}
}
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
pub struct Project {
pub program: Term<Program>,
......@@ -294,6 +333,20 @@ impl Project {
}
}
impl From<Project> for IrProject {
fn from(project: Project) -> IrProject {
let program = Term {
tid: project.program.tid,
term: project.program.term.into(),
};
IrProject {
program,
cpu_architecture: project.cpu_architecture,
stack_pointer_register: project.stack_pointer_register.into(),
}
}
}
impl Label {
/// Replace let-bindings inside the expression for `Indirect` labels.
fn replace_let_bindings(&mut self) {
......@@ -334,6 +387,40 @@ impl ArgIntent {
}
}
impl From<Arg> for IrArg {
fn from(arg: Arg) -> IrArg {
match arg.location {
Expression::Var(var) => IrArg::Register(var.into()),
Expression::Load {
address,
size: bitsize,
..
} => {
let offset = match *address {
Expression::BinOp {
op: BinOpType::PLUS,
lhs,
rhs,
} => {
assert!(matches!(*lhs, Expression::Var(_)));
if let Expression::Const(bitvec) = *rhs {
bitvec.try_to_i64().unwrap()
} else {
panic!()
}
}
_ => panic!(),
};
IrArg::Stack {
offset,
size: bitsize.into(),
}
}
_ => panic!(),
}
}
}
fn extract_loads_from_expression(expr: Expression, counter: u64) -> (Vec<Def>, Expression, u64) {
use Expression::*;
match expr {
......
cwe_checker_rs/src/term/symbol.rs
use super::Arg;
use super::{Arg, ArgIntent};
use crate::bil::*;
use crate::intermediate_representation::ExternSymbol as IrExternSymbol;
use crate::prelude::*;
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Hash, Clone)]
......@@ -51,6 +52,35 @@ impl ExternSymbol {
}
}
impl From<ExternSymbol> for IrExternSymbol {
fn from(symbol: ExternSymbol) -> IrExternSymbol {
let mut parameters = Vec::new();
let mut return_values = Vec::new();
for arg in symbol.arguments.into_iter() {
if matches!(
arg.intent,
ArgIntent::Input | ArgIntent::Both | ArgIntent::Unknown
) {
parameters.push(arg.clone().into());
}
if matches!(
arg.intent,
ArgIntent::Output | ArgIntent::Both | ArgIntent::Unknown
) {
return_values.push(arg.into());
}
}
IrExternSymbol {
tid: symbol.tid,
name: symbol.name,
calling_convention: symbol.calling_convention,
parameters,
return_values,
no_return: false, // Last time I checked BAP had an attribute for non-returning functions, but did not actually set it.
}
}
}
#[cfg(test)]
mod tests {
use super::*;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment