Miasm2: miasm2.ir.analysis.ira Class Reference

def miasm2.ir.analysis.ira._test_kill_reach_fix ( self )

private

Return True iff a fixed point has been reached during reach
analysis

Definition at line 311 of file analysis.py.

 
     def _test_kill_reach_fix(self):
         """Return True iff a fixed point has been reached during reach
         analysis"""
 
         fixed = True
         for node in self.g.nodes():
             if node in self.blocs:
                 irb = self.blocs[node]
                 if (irb.cur_reach != irb.prev_reach or
                     irb.cur_kill != irb.prev_kill):
                     fixed = False
                     irb.prev_reach = irb.cur_reach[:]
                     irb.prev_kill = irb.cur_kill[:]
         return fixed

miasm2.ir.analysis.ira._test_kill_reach_fix

def _test_kill_reach_fix

Definition: analysis.py:311

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.add_unused_regs ( self )

Definition at line 238 of file analysis.py.

 
     def add_unused_regs(self):
         pass

miasm2.ir.analysis.ira.add_unused_regs

def add_unused_regs

Definition: analysis.py:238

def miasm2.ir.analysis.ira.compute_reach ( self )

Compute reach, defout and kill sets until a fixed point is reached.

Source : Kennedy, K. (1979). A survey of data flow analysis techniques.
IBM Thomas J. Watson Research Division, page 43

PRE: gen_graph()

Definition at line 326 of file analysis.py.

 
     def compute_reach(self):
         """
         Compute reach, defout and kill sets until a fixed point is reached.
 
         Source : Kennedy, K. (1979). A survey of data flow analysis techniques.
         IBM Thomas J. Watson Research Division, page 43
 
         PRE: gen_graph()
         """
         fixed_point = False
         log.debug('iteration...')
         while not fixed_point:
             for node in self.g.nodes():
                 if node in self.blocs:
                     self.compute_reach_block(self.blocs[node])
             fixed_point = self._test_kill_reach_fix()

miasm2.ir.analysis.ira._test_kill_reach_fix

def _test_kill_reach_fix

Definition: analysis.py:311

miasm2.ir.analysis.ira.compute_reach_block

def compute_reach_block

Definition: analysis.py:267

miasm2.ir.analysis.ira.compute_reach

def compute_reach

Definition: analysis.py:326

Here is the call graph for this function:

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.compute_reach_block	(	self,
		irb
	)

Variable influence computation for a single block
@irb: irbloc instance
PRE: init_reach()

Definition at line 267 of file analysis.py.

 
     def compute_reach_block(self, irb):
         """Variable influence computation for a single block
         @irb: irbloc instance
         PRE: init_reach()
         """
 
         reach_block = {key: value.copy()
                       for key, value in irb.cur_reach[0].iteritems()}
 
         # Compute reach from predecessors
         for n_pred in self.g.predecessors(irb.label):
             p_block = self.blocs[n_pred]
 
             # Handle each register definition
             for c_reg in self.ira_regs_ids():
                 # REACH(n) = U[p in pred] DEFOUT(p) U REACH(p)\KILL(p)
                 pred_through = p_block.defout[-1][c_reg].union(
                     p_block.cur_reach[-1][c_reg].difference(
                         p_block.cur_kill[-1][c_reg]))
                 reach_block[c_reg].update(pred_through)
 
         # If a predecessor has changed
         if reach_block != irb.cur_reach[0]:
             irb.cur_reach[0] = reach_block
             for c_reg in self.ira_regs_ids():
                 if irb.defout[0][c_reg]:
                     # KILL(n) = DEFOUT(n) ? REACH(n)\DEFOUT(n) : EMPTY
                     irb.cur_kill[0][c_reg].update(
                         reach_block[c_reg].difference(irb.defout[0][c_reg]))
 
         # Compute reach and kill for block's instructions
         for i in xrange(1, len(irb.irs)):
             for c_reg in self.ira_regs_ids():
                 # REACH(n) = U[p in pred] DEFOUT(p) U REACH(p)\KILL(p)
                 pred_through = irb.defout[i - 1][c_reg].union(
                     irb.cur_reach[i - 1][c_reg].difference(
                         irb.cur_kill[i - 1][c_reg]))
                 irb.cur_reach[i][c_reg].update(pred_through)
                 if irb.defout[i][c_reg]:
                     # KILL(n) = DEFOUT(n) ? REACH(n)\DEFOUT(n) : EMPTY
                     irb.cur_kill[i][c_reg].update(
                         irb.cur_reach[i][c_reg].difference(
                             irb.defout[i][c_reg]))

miasm2.ir.analysis.ira.ira_regs_ids

def ira_regs_ids

Definition: analysis.py:19

miasm2.ir.analysis.ira.compute_reach_block

def compute_reach_block

Definition: analysis.py:267

Here is the call graph for this function:

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.dead_simp ( self )

This function is used to analyse relation of a * complete function *
This means the blocks under study represent a solid full function graph.

Source : Kennedy, K. (1979). A survey of data flow analysis techniques.
IBM Thomas J. Watson Research Division, page 43

PRE: gen_graph()

Definition at line 343 of file analysis.py.

 
     def dead_simp(self):
         """
         This function is used to analyse relation of a * complete function *
         This means the blocks under study represent a solid full function graph.
 
         Source : Kennedy, K. (1979). A survey of data flow analysis techniques.
         IBM Thomas J. Watson Research Division, page 43
 
         PRE: gen_graph()
         """
         # Update r/w variables for all irblocs
         self.get_rw(self.ira_regs_ids())
         # Liveness step
         self.compute_reach()
         self.remove_dead_code()
         # Simplify expressions
         self.simplify_blocs()

miasm2.ir.analysis.ira.dead_simp

def dead_simp

Definition: analysis.py:343

miasm2.ir.analysis.ira.ira_regs_ids

def ira_regs_ids

Definition: analysis.py:19

miasm2.ir.analysis.ira.compute_reach

def compute_reach

Definition: analysis.py:326

miasm2.ir.analysis.ira.remove_dead_code

def remove_dead_code

Definition: analysis.py:223

Here is the call graph for this function:

def miasm2.ir.analysis.ira.dst_trackback	(	self,
		b
	)

Definition at line 40 of file analysis.py.

 
     def dst_trackback(self, b):
         dst = b.dst
         todo = set([dst])
         done = set()
 
         for irs in reversed(b.irs):
             if len(todo) == 0:
                 break
             out = self.sort_dst(todo, done)
             found = set()
             follow = set()
             for i in irs:
                 if not out:
                     break
                 for o in out:
                     if i.dst == o:
                         follow.add(i.src)
                         found.add(o)
                 for o in found:
                     out.remove(o)
 
             for o in out:
                 if o not in found:
                     follow.add(o)
             todo = follow
 
         return done

miasm2.ir.analysis.ira.sort_dst

def sort_dst

Definition: analysis.py:23

miasm2.ir.analysis.ira.dst_trackback

def dst_trackback

Definition: analysis.py:40

Here is the call graph for this function:

def miasm2.ir.analysis.ira.dump_bloc_state	(	self,
		irb
	)

Definition at line 249 of file analysis.py.

 
     def dump_bloc_state(self, irb):
         print '*'*80
         for k, irs in enumerate(irb.irs):
             for i in xrange(len(irs)):
                 print 5*"-"
                 print 'instr', k, irs[i]
                 print 5*"-"
                 for v in self.ira_regs_ids():
                     if irb.cur_reach[k][v]:
                         print 'REACH[%d][%s]' % (k, v)
                         self.print_set(irb.cur_reach[k][v])
                     if irb.cur_kill[k][v]:
                         print 'KILL[%d][%s]' % (k, v)
                         self.print_set(irb.cur_kill[k][v])
                     if irb.defout[k][v]:
                         print 'DEFOUT[%d][%s]' % (k, v)
                         self.print_set(irb.defout[k][v])

miasm2.ir.analysis.ira.dump_bloc_state

def dump_bloc_state

Definition: analysis.py:249

miasm2.ir.analysis.ira.ira_regs_ids

def ira_regs_ids

Definition: analysis.py:19

miasm2.ir.analysis.ira.print_set

def print_set

Definition: analysis.py:242

Here is the call graph for this function:

def miasm2.ir.analysis.ira.gen_equations ( self )

Definition at line 361 of file analysis.py.

 
     def gen_equations(self):
         for irb in self.blocs.values():
             symbols_init = {}
             for r in self.arch.regs.all_regs_ids:
                 x = ExprId(r.name, r.size)
                 x.is_term = True
                 symbols_init[r] = x
             sb = symbexec(self, dict(symbols_init))
             sb.emulbloc(irb)
             eqs = []
             for n_w in sb.symbols:
                 v = sb.symbols[n_w]
                 if n_w in symbols_init and symbols_init[n_w] == v:
                     continue
                 eqs.append(ExprAff(n_w, v))
             print '*' * 40
             print irb
             irb.irs = [eqs]
             irb.lines = [None]

miasm2.ir.symbexec.symbexec

Definition: symbexec.py:83

miasm2.ir.analysis.ira.gen_equations

def gen_equations

Definition: analysis.py:361

def miasm2.ir.analysis.ira.gen_graph	(	self,
		link_all = `True`
	)

Gen irbloc digraph
@link_all: also gen edges to non present irblocs

Definition at line 68 of file analysis.py.

 
     def gen_graph(self, link_all = True):
         """
         Gen irbloc digraph
         @link_all: also gen edges to non present irblocs
         """
         self.g = DiGraph()
         for lbl, b in self.blocs.items():
             # print 'add', lbl
             self.g.add_node(lbl)
             # dst = self.get_bloc_dst(b)
             dst = self.dst_trackback(b)
             # print "\tdst", dst
             for d in dst:
                 if isinstance(d, ExprInt):
                     d = ExprId(
                         self.symbol_pool.getby_offset_create(int(d.arg)))
                 if self.ExprIsLabel(d):
                     if d.name in self.blocs or link_all is True:
                         self.g.add_edge(lbl, d.name)

miasm2.ir.analysis.ira.g

g

Definition: analysis.py:73

miasm2.ir.analysis.ira.gen_graph

def gen_graph

Definition: analysis.py:68

miasm2.core.graph.DiGraph

Definition: graph.py:3

miasm2.ir.analysis.ira.dst_trackback

def dst_trackback

Definition: analysis.py:40

def miasm2.ir.analysis.ira.graph ( self )

Output the graphviz script

Definition at line 88 of file analysis.py.

 
     def graph(self):
         """Output the graphviz script"""
         out = """
     digraph asm_graph {
     size="80,50";
     node [
     fontsize = "16",
     shape = "box"
     ];
         """
         all_lbls = {}
         for lbl in self.g.nodes():
             if lbl not in self.blocs:
                 continue
             irb = self.blocs[lbl]
             ir_txt = [str(lbl)]
             for irs in irb.irs:
                 for l in irs:
                     ir_txt.append(str(l))
                 ir_txt.append("")
             ir_txt.append("")
             all_lbls[hash(lbl)] = "\l\\\n".join(ir_txt)
         for l, v in all_lbls.items():
             # print l, v
             out += '%s [label="%s"];\n' % (l, v)
 
         for a, b in self.g.edges():
             # print 'edge', a, b, hash(a), hash(b)
             out += '%s -> %s;\n' % (hash(a), hash(b))
         out += '}'
         return out

miasm2.ir.analysis.ira.graph

def graph

Definition: analysis.py:88

def miasm2.ir.analysis.ira.init_useful_instr ( self )

Computes a set of triples (block, instruction number, instruction)
containing initially useful instructions :
  - Instructions affecting final value of return registers
  - Instructions affecting IRDst register
  - Instructions writing in memory
  - Function call instructions
Return set of intial useful instructions

Definition at line 140 of file analysis.py.

 
     def init_useful_instr(self):
         """Computes a set of triples (block, instruction number, instruction)
         containing initially useful instructions :
           - Instructions affecting final value of return registers
           - Instructions affecting IRDst register
           - Instructions writing in memory
           - Function call instructions
         Return set of intial useful instructions
         """
 
         useful = set()
 
         for node in self.g.nodes():
             if node not in self.blocs:
                 continue
 
             block = self.blocs[node]
             successors = self.g.successors(node)
             has_son = bool(successors)
             for p_son in successors:
                 if p_son not in self.blocs:
                     # Leaf has lost its son: don't remove anything
                     # reaching this block
                     for r in self.ira_regs_ids():
                         useful.update(block.cur_reach[-1][r].union(
                                 block.defout[-1][r]))
 
             # Function call, memory write or IRDst affectation
             for k, ir in enumerate(block.irs):
                 for i_cur in ir:
                     if i_cur.src.is_function_call():
                         # /!\ never remove ir calls
                         useful.add((block.label, k, i_cur))
                     if isinstance(i_cur.dst, ExprMem):
                         useful.add((block.label, k, i_cur))
                     useful.update(block.defout[k][self.IRDst])
 
             # Affecting return registers
             if not has_son:
                 for r in self.get_out_regs(block):
                     useful.update(block.defout[-1][r]
                                   if block.defout[-1][r] else
                                   block.cur_reach[-1][r])
 
         return useful

miasm2.ir.analysis.ira.ira_regs_ids

def ira_regs_ids

Definition: analysis.py:19

miasm2.ir.analysis.ira.init_useful_instr

def init_useful_instr

Definition: analysis.py:140

Here is the call graph for this function:

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.ira_regs_ids ( self )

Returns ids of all registers used in the IR

Definition at line 19 of file analysis.py.

 
     def ira_regs_ids(self):
         """Returns ids of all registers used in the IR"""
         return self.arch.regs.all_regs_ids + [self.IRDst]

miasm2.ir.analysis.ira.ira_regs_ids

def ira_regs_ids

Definition: analysis.py:19

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.print_set ( v_set )

static

Print each triplet contained in a set
@v_set: set containing triplets elements

Definition at line 242 of file analysis.py.

 
     def print_set(v_set):
         """Print each triplet contained in a set
         @v_set: set containing triplets elements
         """
         for p in v_set:
             print '    (%s, %s, %s)' % p

miasm2.ir.analysis.ira.print_set

def print_set

Definition: analysis.py:242

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.remove_dead_code ( self )

Remove dead instructions in each block of the graph using the reach
analysis .
Returns True if a block has been modified
PRE : compute_reach(self)

Definition at line 223 of file analysis.py.

 
     def remove_dead_code(self):
         """Remove dead instructions in each block of the graph using the reach
         analysis .
         Returns True if a block has been modified
         PRE : compute_reach(self)
         """
         useful = self._mark_useful_code()
         modified = False
         for block in self.blocs.values():
             modified |= self.remove_dead_instr(block, useful)
         return modified

miasm2.ir.analysis.ira.remove_dead_instr

def remove_dead_instr

Definition: analysis.py:120

miasm2.ir.analysis.ira._mark_useful_code

def _mark_useful_code

Definition: analysis.py:186

miasm2.ir.analysis.ira.remove_dead_code

def remove_dead_code

Definition: analysis.py:223

Here is the call graph for this function:

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.remove_dead_instr	(	self,
		irb,
		useful
	)

Remove dead affectations using previous reaches analysis
@irb: irbloc instance
@useful: useful statements from previous reach analysis
Return True iff the block state has changed
PRE: compute_reach(self)

Definition at line 120 of file analysis.py.

 
     def remove_dead_instr(self, irb, useful):
         """Remove dead affectations using previous reaches analysis
         @irb: irbloc instance
         @useful: useful statements from previous reach analysis
         Return True iff the block state has changed
         PRE: compute_reach(self)
         """
         modified = False
         for k, ir in enumerate(irb.irs):
             j = 0
             while j < len(ir):
                 cur_instr = ir[j]
                 if (isinstance(cur_instr.dst, ExprId)
                     and (irb.label, k, cur_instr) not in useful):
                     del ir[j]
                     modified = True
                 else:
                     j += 1
         return modified

miasm2.ir.analysis.ira.remove_dead_instr

def remove_dead_instr

Definition: analysis.py:120

Here is the caller graph for this function:

def miasm2.ir.analysis.ira.set_dead_regs	(	self,
		b
	)

Definition at line 235 of file analysis.py.

 
     def set_dead_regs(self, b):
         pass

miasm2.ir.analysis.ira.set_dead_regs

def set_dead_regs

Definition: analysis.py:235

def miasm2.ir.analysis.ira.sizeof_char ( self )

Definition at line 381 of file analysis.py.

 
     def sizeof_char(self):
         "Return the size of a char in bits"
         raise NotImplementedError("Abstract method")

miasm2.ir.analysis.ira.sizeof_char

def sizeof_char

Definition: analysis.py:381

def miasm2.ir.analysis.ira.sizeof_int ( self )

Definition at line 389 of file analysis.py.

 
     def sizeof_int(self):
         "Return the size of an int in bits"
         raise NotImplementedError("Abstract method")

miasm2.ir.analysis.ira.sizeof_int

def sizeof_int

Definition: analysis.py:389

def miasm2.ir.analysis.ira.sizeof_long ( self )

Definition at line 393 of file analysis.py.

 
     def sizeof_long(self):
         "Return the size of a long in bits"
         raise NotImplementedError("Abstract method")

miasm2.ir.analysis.ira.sizeof_long

def sizeof_long

Definition: analysis.py:393

def miasm2.ir.analysis.ira.sizeof_pointer ( self )

Definition at line 397 of file analysis.py.

 
     def sizeof_pointer(self):
         "Return the size of a void* in bits"
         raise NotImplementedError("Abstract method")

def miasm2.ir.analysis.ira.sizeof_short ( self )

Definition at line 385 of file analysis.py.

 
     def sizeof_short(self):
         "Return the size of a short in bits"
         raise NotImplementedError("Abstract method")

miasm2.ir.analysis.ira.sizeof_short

def sizeof_short

Definition: analysis.py:385

def miasm2.ir.analysis.ira.sort_dst	(	self,
		todo,
		done
	)

Definition at line 23 of file analysis.py.

 
     def sort_dst(self, todo, done):
         out = set()
         while todo:
             dst = todo.pop()
             if self.ExprIsLabel(dst):
                 done.add(dst)
             elif isinstance(dst, ExprMem) or isinstance(dst, ExprInt):
                 done.add(dst)
             elif isinstance(dst, ExprCond):
                 todo.add(dst.src1)
                 todo.add(dst.src2)
             elif isinstance(dst, ExprId):
                 out.add(dst)
             else:
                 done.add(dst)
         return out

miasm2.ir.analysis.ira.sort_dst

def sort_dst

Definition: analysis.py:23

Here is the call graph for this function:

Here is the caller graph for this function:

miasm2.ir.analysis.ira.g

Definition at line 73 of file analysis.py.

Public Member Functions

Static Public Member Functions

Public Attributes

Private Member Functions

Detailed Description

Member Function Documentation

Member Data Documentation

Public Member Functions
def	ira_regs_ids

def	sort_dst

def	dst_trackback

def	gen_graph

def	graph

def	remove_dead_instr

def	init_useful_instr

def	remove_dead_code

def	set_dead_regs

def	add_unused_regs

def	dump_bloc_state

def	compute_reach_block

def	compute_reach

def	dead_simp

def	gen_equations

def	sizeof_char

def	sizeof_short

def	sizeof_int

def	sizeof_long

def	sizeof_pointer

Private Member Functions
def	_mark_useful_code

def	_test_kill_reach_fix