Skip to content

fixes instruction properties #1000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 16, 2019
Merged

fixes instruction properties #1000

merged 1 commit into from
Oct 16, 2019

Conversation

@gitoleg
Copy link
Contributor

@gitoleg gitoleg commented Oct 15, 2019

The instructions properties are computed from the semantics tags
provided by a backend and from the BIL provided by a lifter.
There was a bug the algorithm that was analyzing the BIL code,
which, in particular, lead to a classification of a machine instruction
as a barrier, when it wasn't.

The essence of the bug

When the semantic tags were inferred from the BIL we didn't accumulate
newly inferred tags to the list of existing ones but, instead, were
overriding it. As a result, if an instruction contained more than one
jump only the last jump was taken into account. This is a rare case,
that was happening with the rep prefixed instructions (which had three)
jumps with the latter being unconditional.
Therefore such instructions were classified as barriers.

Solution

First, we accumulate tags to make sure we won't override anything.
Second, we hold an invariant that instruction can't possess both
Conditional_branch and Unconditional_branch tags at the same time.
That means that an instruction with a conditional jump will preserve this
property, even in the presence of unconditional jumps.

Better solution

Going back to the rep prefixed instructions, they shouldn't be
classified as jumps at all, and the right solution for them would be
using the while statement (or repeat from the Core Theory), so that
they will be classified as data having only data effects.
But this is a story for a completely different PR

@gitoleg
fixes instruction properties
88c18d9 
The instructions properties are computed from the semantics tags
provided by a backend and from the BIL provided by a lifter.
There was a bug the algorithm that was analyzing the BIL code,
which, in particular, lead to a classification of a machine instruction
as a barrier, when it wasn't.

When the semantic tags were inferred from the BIL we didn't accumulate
newly inferred tags to the list of existing ones but, instead, were
overriding it. As a result, if an instruction contained more than one
jump only the last jump was taken into account. This is a rare case,
that was happening with the rep prefixed instructions (which had three)
jumps with the latter being unconditional.
Therefore such instructions were classified as barriers.

First, we accumulate tags to make sure we won't override anything.
Second, we hold an invariant that instruction can't possess both
`Conditional_branch` and `Unconditional_branch` tags at the same time.
That means that an instruction with a conditional jump will preserve this
property, even in the presence of unconditional jumps.

Going back to the rep prefixed instructions, they shouldn't be
classified as jumps at all, and the right solution for them would be
using the while statement (or repeat from the Core Theory), so that
they will be classified as data having only data effects.
But this is a story for a completely different PR
@ivg ivg merged commit 2db6590 into BinaryAnalysisPlatform:master Oct 16, 2019
@ivg ivg mentioned this pull request Nov 14, 2019
Merged
@gitoleg gitoleg deleted the fix-instruction-properties branch May 13, 2020 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ivg ivg ivg approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gitoleg @ivg