fortunac
commented
4 years ago When adding in registers I:
- Add all registers seen in the sub.
- Call
init_varson those registers to update their init maps- Add in all registers listed in
pointer-reg-listthat don't already exist in the corresponding init map.- Call
init_varson the registers introduced in (3).
What was your reasoning for calling init_vars twice? Does creating a set that contains all the registers found in the sub and all the registers listed in pointer-reg-list, and then passing that to init_vars not work?
DieracDelta
230 introduced a bug where including a register not in the analyzed sub would result in an error. For example, when invoking cbat with
--pointer-reg-list=ASDFon any binary, we would like to continue with analysis and ignore these extraneous registers that are not used. Additionally, the error was a string error, which should occur at the start/frontend instead of in the middle of analysis. (note: I'm mostly paraphrasing things @codyroux mentioned in slack)construct_pointer_constraintnow takes in lists ofConstr.z3_exprs instead of strings. Thestring -> z3_exproccurs much earlier on.To continue with analysis and not throw an error, we do two things:
--pointer-reg-listright after the registers for the sub are initializedThis should allow us to add in constraints for all registers provided (even if they do not exist or are unused in the sub).
The tests seem to pass. I'm not 100% sure that I'm adding in the registers correctly. On the other hand, perhaps I'm being too careful. When adding in registers I:
1) Add all registers seen in the sub. 2) Call
init_varson those registers to update their init maps 3) Add in all registers listed inpointer-reg-listthat don't already exist in the corresponding init map. 4) Callinit_varson the registers introduced in (3).I'm not sure if this is overcomplicating things. Perhaps I should just
Var.createon all the strings provided bypointer-reg-listand then union them with the set of variables found byPre.get_vars?