The patch in covers cases where Source operand of the Machine Instruction is an immediate value, which corresponds to the address of the global variable symbol in the Symbol Table.
The immediate Machine Operand, with value 6295592, represents a global variable, which address in the symbol table is 6295592 (or 0x601028).
$ llvm-readelf -s ./glob | grep "601028"
Num: Value Size Type Bind Vis Ndx Name
90: 0000000000601028 8 OBJECT GLOBAL DEFAULT 23 p
Without this patch, MI $rdi = MOV64ri 6295592 is treated like a constant loading instruction, which would terminate the Taint Analysis path. Additionally, the TA cannot recognize that constant {imm: 6295592} describes the same location as {reg:$noreg; off:6295592} (global variable p).
This patch adds support for global variables in two steps:
Detection of global variables, by a symbol table lookup
Representation of all global variable locations as {reg:$noreg; off:SYM_TAB_ADDR}
TODOs:
check if other operands (Dest, Src2) need the same handling
check if there are other representations of global variables in decompiled MIR
check if some specific program symbols infrastructure needs a different handling
The patch in covers cases where Source operand of the Machine Instruction is an immediate value, which corresponds to the address of the global variable symbol in the Symbol Table.
Please, consider the following MIR from test/Analysis/global-0.mir:
The immediate Machine Operand, with value
6295592, represents a global variable, which address in the symbol table is6295592(or0x601028).Without this patch, MI
$rdi = MOV64ri 6295592is treated like a constant loading instruction, which would terminate the Taint Analysis path. Additionally, the TA cannot recognize that constant{imm: 6295592}describes the same location as{reg:$noreg; off:6295592}(global variablep).This patch adds support for global variables in two steps:
{reg:$noreg; off:SYM_TAB_ADDR}TODOs: