2over12
commented
2 years ago The thought on how to approach this in a way that isnt a big lift is to utilize ghidra globals to bootstrap. We would export ghidra globals then in constraint generation, check when a value is being loaded or stored to. If the address coincides with a ghidra global then export a variable for that global. This feature would also be affected by #22 since we couldnt just inject the globals into the constraints at that point ie. each function would end up with a different view of the global. For non polymorphic globals perhaps a solution is as follows add globals as nodes to the graph just like any other DTV. when collecting an SCC into a sketch dont only copy inter relations, also copy capabilities from the global
Inferring global types requires to major features. The VSA does not track pointers into the global region. Even if we had pointers into the global region we would still need some sort of notion of a-locs (potentially, unless maybe we wanted to treat offsets universally). One solution would be to just consume ghidra's globals.
Additionally, we would have to actually collect constraints about globals and solve at some point. We could maybe do this during function aggregation and just add globals as additional interesting variables.