You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With #1276 Dyninst (will) support parsing unknown instructions, the proposed interface allows injecting a more-or-less suitable Instruction for the unknown sequence of bytes. One caveat is that there may be unknown instructions that have unknown semantics (or semantics that are not supported by Dyninst yet). If these are converted to no-op Instructions, dataflow analysis on the code segment will generate a plausible but very wrong answer.
This discussion proposes the addition of a synthetic Instruction (hereby termed nuke), with the following semantics:
nuke does not branch or stop the program (FAIAP it's an arithmetic instruction), and
nuke reads all registers and memory, and writes to the same with indeterminate values.
In summary, for dataflow analysis nuke is a brick wall, it uses everything defined before it and provides values for everything used after it (without an intervening write). If unknown instructions are parsed as nuke, this makes it very obvious from the dataflow output that the input CFG was incomplete and exactly where it was incomplete, until support can be added to Dyninst for the missing instruction/semantics.
Since nuke is synthetic, it should never be the result of "successful" machine code parsing (i.e. no unknown instructions), and it cannot be "lowered" into any machine code. The interfaces which do this should appropriately balk when nuke is in their inputs.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
With #1276 Dyninst (will) support parsing unknown instructions, the proposed interface allows injecting a more-or-less suitable
Instruction
for the unknown sequence of bytes. One caveat is that there may be unknown instructions that have unknown semantics (or semantics that are not supported by Dyninst yet). If these are converted to no-opInstruction
s, dataflow analysis on the code segment will generate a plausible but very wrong answer.This discussion proposes the addition of a synthetic
Instruction
(hereby termednuke
), with the following semantics:nuke
does not branch or stop the program (FAIAP it's an arithmetic instruction), andnuke
reads all registers and memory, and writes to the same with indeterminate values.In summary, for dataflow analysis
nuke
is a brick wall, it uses everything defined before it and provides values for everything used after it (without an intervening write). If unknown instructions are parsed asnuke
, this makes it very obvious from the dataflow output that the input CFG was incomplete and exactly where it was incomplete, until support can be added to Dyninst for the missing instruction/semantics.Since
nuke
is synthetic, it should never be the result of "successful" machine code parsing (i.e. no unknown instructions), and it cannot be "lowered" into any machine code. The interfaces which do this should appropriately balk whennuke
is in their inputs./cc @hainest @jmellorcrummey
Beta Was this translation helpful? Give feedback.
All reactions