search

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
https://triton-library.github.io
Apache License 2.0
3.4k stars 524 forks source link

Dead memory store elimination #1210

Closed khang06 closed 1 year ago

khang06 commented 1 year ago

I'm trying to use the basic block dead store elimination feature on this in-the-wild target, but it seems to miss these kinds of dead stores:

0x4c: mov dword ptr [rsp], ebp
0x4f: mov dword ptr [rsp], ebx
0x52: mov dword ptr [rsp], eax

Here's the code I'm using (Binary Ninja script):

instrs = []
block = bv.get_basic_blocks_at(here)[0]
addr = block.start
for x in block:
    #print(f"{hex(addr)}: {x[0]}")
    instrs.append(Instruction(bv.read(addr, length=x[1])))
    addr += x[1]

ctx = TritonContext(ARCH.X86_64)
triton_block = BasicBlock(instrs)
ctx.disassembly(triton_block)
triton_block_simp = ctx.simplify(triton_block)
ctx.disassembly(triton_block_simp)
print(triton_block_simp)
print(f"from {triton_block.getSize()} to {triton_block_simp.getSize()}")

This is on latest master (ae619d4482cab41334b16c67d95de84c491b3386), so it should be using MEMORY_ARRAY. Not sure if I'm missing something or if this is a bug.

JonathanSalwan commented 1 year ago

Erf, you're right, array is not efficient for this kind of simplification. Should be ok now.