diff --git a/.gitignore b/.gitignore index a05cb4ab0..d68010264 100644 --- a/.gitignore +++ b/.gitignore @@ -8,10 +8,7 @@ gen/ out/ target/ -boogie_out.txt -boogie_out.bpl metals.sbt -password.txt *.iml *.out samples/const_prop_tests/ @@ -19,7 +16,7 @@ src/main/antlr4/.antlr *.bpl *.dot *.il -result.txt +*.txt examplesold/ src/test/scala/dump/ src/test/analysis/dump/ \ No newline at end of file diff --git a/examples/basic_local_reassign/basic_local_reassign.adt b/examples/basic_local_reassign/basic_local_reassign.adt new file mode 100644 index 000000000..79ae1001b --- /dev/null +++ b/examples/basic_local_reassign/basic_local_reassign.adt @@ -0,0 +1,518 @@ +Project(Attrs([Attr("filename","/tmp/tmpnl_na9_i/a.out"), +Attr("image-specification","(declare abi (name str))\n(declare arch (name str))\n(declare base-address (addr int))\n(declare bias (off int))\n(declare bits (size int))\n(declare code-region (addr int) (size int) (off int))\n(declare code-start (addr int))\n(declare entry-point (addr int))\n(declare external-reference (addr int) (name str))\n(declare format (name str))\n(declare is-executable (flag bool))\n(declare is-little-endian (flag bool))\n(declare llvm:base-address (addr int))\n(declare llvm:code-entry (name str) (off int) (size int))\n(declare llvm:coff-import-library (name str))\n(declare llvm:coff-virtual-section-header (name str) (addr int) (size int))\n(declare llvm:elf-program-header (name str) (off int) (size int))\n(declare llvm:elf-program-header-flags (name str) (ld bool) (r bool) \n (w bool) (x bool))\n(declare llvm:elf-virtual-program-header (name str) (addr int) (size int))\n(declare llvm:entry-point (addr int))\n(declare llvm:macho-symbol (name str) (value int))\n(declare llvm:name-reference (at int) (name str))\n(declare llvm:relocation (at int) (addr int))\n(declare llvm:section-entry (name str) (addr int) (size int) (off int))\n(declare llvm:section-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:segment-command (name str) (off int) (size int))\n(declare llvm:segment-command-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:symbol-entry (name str) (addr int) (size int) (off int)\n (value int))\n(declare llvm:virtual-segment-command (name str) (addr int) (size int))\n(declare mapped (addr int) (size int) (off int))\n(declare named-region (addr int) (size int) (name str))\n(declare named-symbol (addr int) (name str))\n(declare require (name str))\n(declare section (addr int) (size int))\n(declare segment (addr int) (size int) (r bool) (w bool) (x bool))\n(declare subarch (name str))\n(declare symbol-chunk (addr int) (size int) (root int))\n(declare symbol-value (addr int) (value int))\n(declare system (name str))\n(declare vendor (name str))\n\n(abi unknown)\n(arch aarch64)\n(base-address 0)\n(bias 0)\n(bits 64)\n(code-region 1860 20 1860)\n(code-region 1536 324 1536)\n(code-region 1440 96 1440)\n(code-region 1416 24 1416)\n(code-start 1588)\n(code-start 1536)\n(code-start 1812)\n(entry-point 1536)\n(external-reference 131032 _ITM_deregisterTMCloneTable)\n(external-reference 131040 __cxa_finalize)\n(external-reference 131048 __gmon_start__)\n(external-reference 131064 _ITM_registerTMCloneTable)\n(external-reference 130992 __libc_start_main)\n(external-reference 131000 __cxa_finalize)\n(external-reference 131008 __gmon_start__)\n(external-reference 131016 abort)\n(format elf)\n(is-executable true)\n(is-little-endian true)\n(llvm:base-address 0)\n(llvm:code-entry abort 0 0)\n(llvm:code-entry __cxa_finalize 0 0)\n(llvm:code-entry __libc_start_main 0 0)\n(llvm:code-entry _init 1416 0)\n(llvm:code-entry main 1812 48)\n(llvm:code-entry _start 1536 52)\n(llvm:code-entry abort@GLIBC_2.17 0 0)\n(llvm:code-entry _fini 1860 0)\n(llvm:code-entry __cxa_finalize@GLIBC_2.17 0 0)\n(llvm:code-entry __libc_start_main@GLIBC_2.34 0 0)\n(llvm:code-entry frame_dummy 1808 0)\n(llvm:code-entry __do_global_dtors_aux 1728 0)\n(llvm:code-entry register_tm_clones 1664 0)\n(llvm:code-entry deregister_tm_clones 1616 0)\n(llvm:code-entry call_weak_fn 1588 20)\n(llvm:code-entry .fini 1860 20)\n(llvm:code-entry .text 1536 324)\n(llvm:code-entry .plt 1440 96)\n(llvm:code-entry .init 1416 24)\n(llvm:elf-program-header 08 64904 632)\n(llvm:elf-program-header 07 0 0)\n(llvm:elf-program-header 06 1884 60)\n(llvm:elf-program-header 05 596 68)\n(llvm:elf-program-header 04 64920 512)\n(llvm:elf-program-header 03 64904 648)\n(llvm:elf-program-header 02 0 2108)\n(llvm:elf-program-header 01 568 27)\n(llvm:elf-program-header 00 64 504)\n(llvm:elf-program-header-flags 08 false true false false)\n(llvm:elf-program-header-flags 07 false true true false)\n(llvm:elf-program-header-flags 06 false true false false)\n(llvm:elf-program-header-flags 05 false true false false)\n(llvm:elf-program-header-flags 04 false true true false)\n(llvm:elf-program-header-flags 03 true true true false)\n(llvm:elf-program-header-flags 02 true true false true)\n(llvm:elf-program-header-flags 01 false true false false)\n(llvm:elf-program-header-flags 00 false true false false)\n(llvm:elf-virtual-program-header 08 130440 632)\n(llvm:elf-virtual-program-header 07 0 0)\n(llvm:elf-virtual-program-header 06 1884 60)\n(llvm:elf-virtual-program-header 05 596 68)\n(llvm:elf-virtual-program-header 04 130456 512)\n(llvm:elf-virtual-program-header 03 130440 656)\n(llvm:elf-virtual-program-header 02 0 2108)\n(llvm:elf-virtual-program-header 01 568 27)\n(llvm:elf-virtual-program-header 00 64 504)\n(llvm:entry-point 1536)\n(llvm:name-reference 131016 abort)\n(llvm:name-reference 131008 __gmon_start__)\n(llvm:name-reference 131000 __cxa_finalize)\n(llvm:name-reference 130992 __libc_start_main)\n(llvm:name-reference 131064 _ITM_registerTMCloneTable)\n(llvm:name-reference 131048 __gmon_start__)\n(llvm:name-reference 131040 __cxa_finalize)\n(llvm:name-reference 131032 _ITM_deregisterTMCloneTable)\n(llvm:section-entry .shstrtab 0 330 68919)\n(llvm:section-entry .strtab 0 543 68376)\n(llvm:section-entry .symtab 0 2208 66168)\n(llvm:section-entry .debug_line_str 0 124 66037)\n(llvm:section-entry .debug_str 0 129 65908)\n(llvm:section-entry .debug_line 0 88 65820)\n(llvm:section-entry .debug_abbrev 0 75 65745)\n(llvm:section-entry .debug_info 0 102 65643)\n(llvm:section-entry .debug_aranges 0 48 65595)\n(llvm:section-entry .comment 0 43 65552)\n(llvm:section-entry .bss 131088 8 65552)\n(llvm:section-entry .data 131072 16 65536)\n(llvm:section-entry .got 130968 104 65432)\n(llvm:section-entry .dynamic 130456 512 64920)\n(llvm:section-entry .fini_array 130448 8 64912)\n(llvm:section-entry .init_array 130440 8 64904)\n(llvm:section-entry .eh_frame 1944 164 1944)\n(llvm:section-entry .eh_frame_hdr 1884 60 1884)\n(llvm:section-entry .rodata 1880 4 1880)\n(llvm:section-entry .fini 1860 20 1860)\n(llvm:section-entry .text 1536 324 1536)\n(llvm:section-entry .plt 1440 96 1440)\n(llvm:section-entry .init 1416 24 1416)\n(llvm:section-entry .rela.plt 1320 96 1320)\n(llvm:section-entry .rela.dyn 1128 192 1128)\n(llvm:section-entry .gnu.version_r 1080 48 1080)\n(llvm:section-entry .gnu.version 1060 18 1060)\n(llvm:section-entry .dynstr 912 147 912)\n(llvm:section-entry .dynsym 696 216 696)\n(llvm:section-entry .gnu.hash 664 28 664)\n(llvm:section-entry .note.ABI-tag 632 32 632)\n(llvm:section-entry .note.gnu.build-id 596 36 596)\n(llvm:section-entry .interp 568 27 568)\n(llvm:section-flags .shstrtab true false false)\n(llvm:section-flags .strtab true false false)\n(llvm:section-flags .symtab true false false)\n(llvm:section-flags .debug_line_str true false false)\n(llvm:section-flags .debug_str true false false)\n(llvm:section-flags .debug_line true false false)\n(llvm:section-flags .debug_abbrev true false false)\n(llvm:section-flags .debug_info true false false)\n(llvm:section-flags .debug_aranges true false false)\n(llvm:section-flags .comment true false false)\n(llvm:section-flags .bss true true false)\n(llvm:section-flags .data true true false)\n(llvm:section-flags .got true true false)\n(llvm:section-flags .dynamic true true false)\n(llvm:section-flags .fini_array true true false)\n(llvm:section-flags .init_array true true false)\n(llvm:section-flags .eh_frame true false false)\n(llvm:section-flags .eh_frame_hdr true false false)\n(llvm:section-flags .rodata true false false)\n(llvm:section-flags .fini true false true)\n(llvm:section-flags .text true false true)\n(llvm:section-flags .plt true false true)\n(llvm:section-flags .init true false true)\n(llvm:section-flags .rela.plt true false false)\n(llvm:section-flags .rela.dyn true false false)\n(llvm:section-flags .gnu.version_r true false false)\n(llvm:section-flags .gnu.version true false false)\n(llvm:section-flags .dynstr true false false)\n(llvm:section-flags .dynsym true false false)\n(llvm:section-flags .gnu.hash true false false)\n(llvm:section-flags .note.ABI-tag true false false)\n(llvm:section-flags .note.gnu.build-id true false false)\n(llvm:section-flags .interp true false false)\n(llvm:symbol-entry abort 0 0 0 0)\n(llvm:symbol-entry __cxa_finalize 0 0 0 0)\n(llvm:symbol-entry __libc_start_main 0 0 0 0)\n(llvm:symbol-entry _init 1416 0 1416 1416)\n(llvm:symbol-entry main 1812 48 1812 1812)\n(llvm:symbol-entry _start 1536 52 1536 1536)\n(llvm:symbol-entry abort@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry _fini 1860 0 1860 1860)\n(llvm:symbol-entry __cxa_finalize@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry __libc_start_main@GLIBC_2.34 0 0 0 0)\n(llvm:symbol-entry frame_dummy 1808 0 1808 1808)\n(llvm:symbol-entry __do_global_dtors_aux 1728 0 1728 1728)\n(llvm:symbol-entry register_tm_clones 1664 0 1664 1664)\n(llvm:symbol-entry deregister_tm_clones 1616 0 1616 1616)\n(llvm:symbol-entry call_weak_fn 1588 20 1588 1588)\n(mapped 0 2108 0)\n(mapped 130440 648 64904)\n(named-region 0 2108 02)\n(named-region 130440 656 03)\n(named-region 568 27 .interp)\n(named-region 596 36 .note.gnu.build-id)\n(named-region 632 32 .note.ABI-tag)\n(named-region 664 28 .gnu.hash)\n(named-region 696 216 .dynsym)\n(named-region 912 147 .dynstr)\n(named-region 1060 18 .gnu.version)\n(named-region 1080 48 .gnu.version_r)\n(named-region 1128 192 .rela.dyn)\n(named-region 1320 96 .rela.plt)\n(named-region 1416 24 .init)\n(named-region 1440 96 .plt)\n(named-region 1536 324 .text)\n(named-region 1860 20 .fini)\n(named-region 1880 4 .rodata)\n(named-region 1884 60 .eh_frame_hdr)\n(named-region 1944 164 .eh_frame)\n(named-region 130440 8 .init_array)\n(named-region 130448 8 .fini_array)\n(named-region 130456 512 .dynamic)\n(named-region 130968 104 .got)\n(named-region 131072 16 .data)\n(named-region 131088 8 .bss)\n(named-region 0 43 .comment)\n(named-region 0 48 .debug_aranges)\n(named-region 0 102 .debug_info)\n(named-region 0 75 .debug_abbrev)\n(named-region 0 88 .debug_line)\n(named-region 0 129 .debug_str)\n(named-region 0 124 .debug_line_str)\n(named-region 0 2208 .symtab)\n(named-region 0 543 .strtab)\n(named-region 0 330 .shstrtab)\n(named-symbol 1588 call_weak_fn)\n(named-symbol 1616 deregister_tm_clones)\n(named-symbol 1664 register_tm_clones)\n(named-symbol 1728 __do_global_dtors_aux)\n(named-symbol 1808 frame_dummy)\n(named-symbol 0 __libc_start_main@GLIBC_2.34)\n(named-symbol 0 __cxa_finalize@GLIBC_2.17)\n(named-symbol 1860 _fini)\n(named-symbol 0 abort@GLIBC_2.17)\n(named-symbol 1536 _start)\n(named-symbol 1812 main)\n(named-symbol 1416 _init)\n(named-symbol 0 __libc_start_main)\n(named-symbol 0 __cxa_finalize)\n(named-symbol 0 abort)\n(require libc.so.6)\n(section 568 27)\n(section 596 36)\n(section 632 32)\n(section 664 28)\n(section 696 216)\n(section 912 147)\n(section 1060 18)\n(section 1080 48)\n(section 1128 192)\n(section 1320 96)\n(section 1416 24)\n(section 1440 96)\n(section 1536 324)\n(section 1860 20)\n(section 1880 4)\n(section 1884 60)\n(section 1944 164)\n(section 130440 8)\n(section 130448 8)\n(section 130456 512)\n(section 130968 104)\n(section 131072 16)\n(section 131088 8)\n(section 0 43)\n(section 0 48)\n(section 0 102)\n(section 0 75)\n(section 0 88)\n(section 0 129)\n(section 0 124)\n(section 0 2208)\n(section 0 543)\n(section 0 330)\n(segment 0 2108 true false true)\n(segment 130440 656 true true false)\n(subarch v8)\n(symbol-chunk 1588 20 1588)\n(symbol-chunk 1536 52 1536)\n(symbol-chunk 1812 48 1812)\n(symbol-value 1588 1588)\n(symbol-value 1616 1616)\n(symbol-value 1664 1664)\n(symbol-value 1728 1728)\n(symbol-value 1808 1808)\n(symbol-value 1860 1860)\n(symbol-value 1536 1536)\n(symbol-value 1812 1812)\n(symbol-value 1416 1416)\n(symbol-value 0 0)\n(system \"\")\n(vendor \"\")\n"), +Attr("abi-name","aarch64-linux-gnu-elf")]), +Sections([Section(".shstrtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x88\xfd\x00\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00\x00\x88\x02\x00\x00\x00\x00\x00\x00\x90\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x98\xfd\x00\x00\x00\x00\x00\x00\x98\xfd\x01\x00\x00\x00\x00\x00\x98\xfd\x01\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02"), +Section(".strtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x88\xfd\x00\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00\x00\x88\x02\x00\x00\x00\x00\x00\x00\x90\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x98\xfd\x00\x00\x00\x00\x00\x00\x98\xfd\x01\x00\x00\x00\x00\x00\x98\xfd\x01\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\x5c\x07\x00\x00\x00\x00\x00\x00\x5c\x07\x00\x00\x00\x00\x00\x00\x5c\x07\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x3c\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\x88\xfd\x00\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00"), +Section(".debug_line_str", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00"), +Section(".debug_str", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38"), +Section(".debug_line", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00"), +Section(".debug_abbrev", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00"), +Section(".debug_info", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00"), +Section(".debug_aranges", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01\x00\x00\x00\x00\x00"), +Section(".comment", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x88\x0e\x01"), +Section(".interp", 0x238, "\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00"), +Section(".note.gnu.build-id", 0x254, "\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\x4a\x2d\xf0\xf7\xf3\xcf\xec\xd7\xe3\xb8\xf2\xd7\xff\x28\x77\x85\x03\x6c\xef\x11"), +Section(".note.ABI-tag", 0x278, "\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00"), +Section(".gnu.hash", 0x298, "\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".dynsym", 0x2B8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\x88\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x16\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4e\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6a\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x79\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".dynstr", 0x390, "\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x61\x62\x6f\x72\x74\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x2e\x2f\x6c\x69\x62\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00"), +Section(".gnu.version", 0x424, "\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x03\x00\x01\x00\x03\x00\x01\x00"), +Section(".gnu.version_r", 0x438, "\x01\x00\x02\x00\x28\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x97\x91\x96\x06\x00\x00\x03\x00\x32\x00\x00\x00\x10\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x02\x00\x3d\x00\x00\x00\x00\x00\x00\x00"), +Section(".rela.dyn", 0x468, "\x88\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x10\x07\x00\x00\x00\x00\x00\x00\x90\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xc0\x06\x00\x00\x00\x00\x00\x00\xf0\xff\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x14\x07\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\xd8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".rela.plt", 0x528, "\xb0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".init", 0x588, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x28\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), +Section(".plt", 0x5A0, "\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xd6\x47\xf9\x10\xa2\x3e\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xf0\x00\x00\xf0\x11\xda\x47\xf9\x10\xc2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xde\x47\xf9\x10\xe2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xe2\x47\xf9\x10\x02\x3f\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xe6\x47\xf9\x10\x22\x3f\x91\x20\x02\x1f\xd6"), +Section(".fini", 0x744, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), +Section(".rodata", 0x758, "\x01\x00\x02\x00"), +Section(".eh_frame_hdr", 0x75C, "\x01\x1b\x03\x3b\x38\x00\x00\x00\x06\x00\x00\x00\xa4\xfe\xff\xff\x50\x00\x00\x00\xf4\xfe\xff\xff\x64\x00\x00\x00\x24\xff\xff\xff\x78\x00\x00\x00\x64\xff\xff\xff\x8c\x00\x00\x00\xb4\xff\xff\xff\xb0\x00\x00\x00\xb8\xff\xff\xff\xc4\x00\x00\x00"), +Section(".eh_frame", 0x798, "\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00\x18\x00\x00\x00\x4c\xfe\xff\xff\x34\x00\x00\x00\x00\x41\x07\x1e\x10\x00\x00\x00\x2c\x00\x00\x00\x88\xfe\xff\xff\x30\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x40\x00\x00\x00\xa4\xfe\xff\xff\x3c\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x54\x00\x00\x00\xd0\xfe\xff\xff\x48\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x42\x93\x02\x4e\xde\xdd\xd3\x0e\x00\x00\x00\x00\x10\x00\x00\x00\x78\x00\x00\x00\xfc\xfe\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x8c\x00\x00\x00\xec\xfe\xff\xff\x30\x00\x00\x00\x00\x41\x0e\x10\x4a\x0e\x00\x00\x00\x00\x00\x00"), +Section(".fini_array", 0x1FD90, "\xc0\x06\x00\x00\x00\x00\x00\x00"), +Section(".dynamic", 0x1FD98, "\x01\x00\x00\x00\x00\x00\x00\x00\x28\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x88\x05\x00\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\x44\x07\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x88\xfd\x01\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x90\xfd\x01\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xf5\xfe\xff\x6f\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x90\x03\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\xb8\x02\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x93\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x98\xff\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\x28\x05\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x68\x04\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xfb\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x08\x00\x00\x00\x00\xfe\xff\xff\x6f\x00\x00\x00\x00\x38\x04\x00\x00\x00\x00\x00\x00\xff\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x6f\x00\x00\x00\x00\x24\x04\x00\x00\x00\x00\x00\x00\xf9\xff\xff\x6f\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".got", 0x1FF98, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x05\x00\x00\x00\x00\x00\x00\xa0\x05\x00\x00\x00\x00\x00\x00\xa0\x05\x00\x00\x00\x00\x00\x00\xa0\x05\x00\x00\x00\x00\x00\x00\x98\xfd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".data", 0x20000, "\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00"), +Section(".init_array", 0x1FD88, "\x10\x07\x00\x00\x00\x00\x00\x00"), +Section(".text", 0x600, "\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\xe0\x00\x00\xf0\x00\xf8\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xe5\xff\xff\x97\xf0\xff\xff\x97\xe0\x00\x00\xf0\x00\xf4\x47\xf9\x40\x00\x00\xb4\xe8\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\x40\x00\x91\x01\x01\x00\x90\x21\x40\x00\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xec\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\x40\x00\x91\x01\x01\x00\x90\x21\x40\x00\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xfc\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\x42\x40\x39\x40\x01\x00\x35\xe0\x00\x00\xf0\x00\xf0\x47\xf9\x80\x00\x00\xb4\x00\x01\x00\x90\x00\x04\x40\xf9\xb9\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\x42\x00\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xff\x43\x00\xd1\xff\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x04\x00\x11\xe0\x0f\x00\xb9\x60\x00\x80\x52\xe0\x0f\x00\xb9\x40\x01\x80\x52\xe0\x0f\x00\xb9\x00\x00\x80\x52\xff\x43\x00\x91\xc0\x03\x5f\xd6")]), +Memmap([Annotation(Region(0x0,0x83B), Attr("segment","02 0 2108")), +Annotation(Region(0x600,0x633), Attr("symbol","_start")), +Annotation(Region(0x0,0x149), Attr("section",".shstrtab")), +Annotation(Region(0x0,0x21E), Attr("section",".strtab")), +Annotation(Region(0x0,0x7B), Attr("section",".debug_line_str")), +Annotation(Region(0x0,0x80), Attr("section",".debug_str")), +Annotation(Region(0x0,0x57), Attr("section",".debug_line")), +Annotation(Region(0x0,0x4A), Attr("section",".debug_abbrev")), +Annotation(Region(0x0,0x65), Attr("section",".debug_info")), +Annotation(Region(0x0,0x2F), Attr("section",".debug_aranges")), +Annotation(Region(0x0,0x2A), Attr("section",".comment")), +Annotation(Region(0x238,0x252), Attr("section",".interp")), +Annotation(Region(0x254,0x277), Attr("section",".note.gnu.build-id")), +Annotation(Region(0x278,0x297), Attr("section",".note.ABI-tag")), +Annotation(Region(0x298,0x2B3), Attr("section",".gnu.hash")), +Annotation(Region(0x2B8,0x38F), Attr("section",".dynsym")), +Annotation(Region(0x390,0x422), Attr("section",".dynstr")), +Annotation(Region(0x424,0x435), Attr("section",".gnu.version")), +Annotation(Region(0x438,0x467), Attr("section",".gnu.version_r")), +Annotation(Region(0x468,0x527), Attr("section",".rela.dyn")), +Annotation(Region(0x528,0x587), Attr("section",".rela.plt")), +Annotation(Region(0x588,0x59F), Attr("section",".init")), +Annotation(Region(0x5A0,0x5FF), Attr("section",".plt")), +Annotation(Region(0x588,0x59F), Attr("code-region","()")), +Annotation(Region(0x5A0,0x5FF), Attr("code-region","()")), +Annotation(Region(0x600,0x633), Attr("symbol-info","_start 0x600 52")), +Annotation(Region(0x634,0x647), Attr("symbol","call_weak_fn")), +Annotation(Region(0x634,0x647), Attr("symbol-info","call_weak_fn 0x634 20")), +Annotation(Region(0x714,0x743), Attr("symbol","main")), +Annotation(Region(0x714,0x743), Attr("symbol-info","main 0x714 48")), +Annotation(Region(0x744,0x757), Attr("section",".fini")), +Annotation(Region(0x758,0x75B), Attr("section",".rodata")), +Annotation(Region(0x75C,0x797), Attr("section",".eh_frame_hdr")), +Annotation(Region(0x798,0x83B), Attr("section",".eh_frame")), +Annotation(Region(0x1FD88,0x2000F), Attr("segment","03 0x1FD88 656")), +Annotation(Region(0x1FD90,0x1FD97), Attr("section",".fini_array")), +Annotation(Region(0x1FD98,0x1FF97), Attr("section",".dynamic")), +Annotation(Region(0x1FF98,0x1FFFF), Attr("section",".got")), +Annotation(Region(0x20000,0x2000F), Attr("section",".data")), +Annotation(Region(0x1FD88,0x1FD8F), Attr("section",".init_array")), +Annotation(Region(0x600,0x743), Attr("section",".text")), +Annotation(Region(0x600,0x743), Attr("code-region","()")), +Annotation(Region(0x744,0x757), Attr("code-region","()"))]), +Program(Tid(1_495, "%000005d7"), Attrs([]), + Subs([Sub(Tid(1_473, "@__cxa_finalize"), Attrs([Attr("address","0x5D0"), +Attr("stub","()"), Attr("c.proto","signed (*)(void)")]), "__cxa_finalize", + Args([Arg(Tid(1_496, "%000005d8"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__cxa_finalize_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(877, "@__cxa_finalize"), Attrs([Attr("address","0x5D0")]), + Phis([]), Defs([Def(Tid(1_125, "%00000465"), Attrs([Attr("address","0x5D0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_132, "%0000046c"), Attrs([Attr("address","0x5D4"), +Attr("insn","ldr x17, [x16, #0xfb8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4024,64)),LittleEndian(),64)), +Def(Tid(1_138, "%00000472"), Attrs([Attr("address","0x5D8"), +Attr("insn","add x16, x16, #0xfb8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4024,64)))]), Jmps([Call(Tid(1_143, "%00000477"), + Attrs([Attr("address","0x5DC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), +Sub(Tid(1_474, "@__do_global_dtors_aux"), Attrs([Attr("address","0x6C0"), +Attr("c.proto","signed (*)(void)")]), "__do_global_dtors_aux", + Args([Arg(Tid(1_497, "%000005d9"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__do_global_dtors_aux_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(654, "@__do_global_dtors_aux"), + Attrs([Attr("address","0x6C0")]), Phis([]), Defs([Def(Tid(658, "%00000292"), + Attrs([Attr("address","0x6C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#3",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))), +Def(Tid(664, "%00000298"), Attrs([Attr("address","0x6C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#3",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(670, "%0000029e"), Attrs([Attr("address","0x6C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#3",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(674, "%000002a2"), Attrs([Attr("address","0x6C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)), +Var("#3",Imm(64))), Def(Tid(680, "%000002a8"), + Attrs([Attr("address","0x6C4"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(688, "%000002b0"), + Attrs([Attr("address","0x6C8"), Attr("insn","str x19, [sp, #0x10]")]), + Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)), +Def(Tid(693, "%000002b5"), Attrs([Attr("address","0x6CC"), +Attr("insn","adrp x19, #131072")]), Var("R19",Imm(64)), Int(131072,64)), +Def(Tid(700, "%000002bc"), Attrs([Attr("address","0x6D0"), +Attr("insn","ldrb w0, [x19, #0x10]")]), Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(16,64)),LittleEndian(),8)))]), +Jmps([Goto(Tid(707, "%000002c3"), Attrs([Attr("address","0x6D4"), +Attr("insn","cbnz w0, #0x28")]), + NEQ(Extract(31,0,Var("R0",Imm(64))),Int(0,32)), +Direct(Tid(705, "%000002c1"))), Goto(Tid(1_475, "%000005c3"), Attrs([]), + Int(1,1), Direct(Tid(822, "%00000336")))])), Blk(Tid(822, "%00000336"), + Attrs([Attr("address","0x6D8")]), Phis([]), Defs([Def(Tid(825, "%00000339"), + Attrs([Attr("address","0x6D8"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(832, "%00000340"), + Attrs([Attr("address","0x6DC"), Attr("insn","ldr x0, [x0, #0xfe0]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4064,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(838, "%00000346"), Attrs([Attr("address","0x6E0"), +Attr("insn","cbz x0, #0x10")]), EQ(Var("R0",Imm(64)),Int(0,64)), +Direct(Tid(836, "%00000344"))), Goto(Tid(1_476, "%000005c4"), Attrs([]), + Int(1,1), Direct(Tid(861, "%0000035d")))])), Blk(Tid(861, "%0000035d"), + Attrs([Attr("address","0x6E4")]), Phis([]), Defs([Def(Tid(864, "%00000360"), + Attrs([Attr("address","0x6E4"), Attr("insn","adrp x0, #131072")]), + Var("R0",Imm(64)), Int(131072,64)), Def(Tid(871, "%00000367"), + Attrs([Attr("address","0x6E8"), Attr("insn","ldr x0, [x0, #0x8]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(876, "%0000036c"), Attrs([Attr("address","0x6EC"), +Attr("insn","bl #-0x11c")]), Var("R30",Imm(64)), Int(1776,64))]), +Jmps([Call(Tid(879, "%0000036f"), Attrs([Attr("address","0x6EC"), +Attr("insn","bl #-0x11c")]), Int(1,1), +(Direct(Tid(1_473, "@__cxa_finalize")),Direct(Tid(836, "%00000344"))))])), +Blk(Tid(836, "%00000344"), Attrs([Attr("address","0x6F0")]), Phis([]), +Defs([Def(Tid(844, "%0000034c"), Attrs([Attr("address","0x6F0"), +Attr("insn","bl #-0xa0")]), Var("R30",Imm(64)), Int(1780,64))]), +Jmps([Call(Tid(846, "%0000034e"), Attrs([Attr("address","0x6F0"), +Attr("insn","bl #-0xa0")]), Int(1,1), +(Direct(Tid(1_487, "@deregister_tm_clones")),Direct(Tid(848, "%00000350"))))])), +Blk(Tid(848, "%00000350"), Attrs([Attr("address","0x6F4")]), Phis([]), +Defs([Def(Tid(851, "%00000353"), Attrs([Attr("address","0x6F4"), +Attr("insn","mov w0, #0x1")]), Var("R0",Imm(64)), Int(1,64)), +Def(Tid(859, "%0000035b"), Attrs([Attr("address","0x6F8"), +Attr("insn","strb w0, [x19, #0x10]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(16,64)),Extract(7,0,Var("R0",Imm(64))),LittleEndian(),8))]), +Jmps([Goto(Tid(1_477, "%000005c5"), Attrs([]), Int(1,1), +Direct(Tid(705, "%000002c1")))])), Blk(Tid(705, "%000002c1"), + Attrs([Attr("address","0x6FC")]), Phis([]), Defs([Def(Tid(715, "%000002cb"), + Attrs([Attr("address","0x6FC"), Attr("insn","ldr x19, [sp, #0x10]")]), + Var("R19",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)), +Def(Tid(722, "%000002d2"), Attrs([Attr("address","0x700"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(727, "%000002d7"), Attrs([Attr("address","0x700"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(731, "%000002db"), Attrs([Attr("address","0x700"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(736, "%000002e0"), + Attrs([Attr("address","0x704"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_478, "@__libc_start_main"), + Attrs([Attr("address","0x5C0"), Attr("stub","()"), +Attr("c.proto","signed (*)(signed (*)(signed , char** , char** );* main, signed , char** , \nvoid* auxv)")]), + "__libc_start_main", Args([Arg(Tid(1_498, "%000005da"), + Attrs([Attr("c.data","Top:u64 ptr ptr"), +Attr("c.layout","**[ : 64]"), +Attr("c.type","signed (*)(signed , char** , char** );*")]), + Var("__libc_start_main_main",Imm(64)), Var("R0",Imm(64)), In()), +Arg(Tid(1_499, "%000005db"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__libc_start_main_arg2",Imm(32)), LOW(32,Var("R1",Imm(64))), In()), +Arg(Tid(1_500, "%000005dc"), Attrs([Attr("c.data","Top:u8 ptr ptr"), +Attr("c.layout","**[char : 8]"), Attr("c.type","char**")]), + Var("__libc_start_main_arg3",Imm(64)), Var("R2",Imm(64)), Both()), +Arg(Tid(1_501, "%000005dd"), Attrs([Attr("c.data","{} ptr"), +Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), + Var("__libc_start_main_auxv",Imm(64)), Var("R3",Imm(64)), Both()), +Arg(Tid(1_502, "%000005de"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__libc_start_main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(487, "@__libc_start_main"), + Attrs([Attr("address","0x5C0")]), Phis([]), +Defs([Def(Tid(1_103, "%0000044f"), Attrs([Attr("address","0x5C0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_110, "%00000456"), Attrs([Attr("address","0x5C4"), +Attr("insn","ldr x17, [x16, #0xfb0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4016,64)),LittleEndian(),64)), +Def(Tid(1_116, "%0000045c"), Attrs([Attr("address","0x5C8"), +Attr("insn","add x16, x16, #0xfb0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4016,64)))]), Jmps([Call(Tid(1_121, "%00000461"), + Attrs([Attr("address","0x5CC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_479, "@_fini"), + Attrs([Attr("address","0x744"), Attr("c.proto","signed (*)(void)")]), + "_fini", Args([Arg(Tid(1_503, "%000005df"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("_fini_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(47, "@_fini"), Attrs([Attr("address","0x744")]), Phis([]), +Defs([Def(Tid(53, "%00000035"), Attrs([Attr("address","0x748"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#0",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(59, "%0000003b"), Attrs([Attr("address","0x748"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#0",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(65, "%00000041"), Attrs([Attr("address","0x748"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#0",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(69, "%00000045"), Attrs([Attr("address","0x748"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#0",Imm(64))), Def(Tid(75, "%0000004b"), Attrs([Attr("address","0x74C"), +Attr("insn","mov x29, sp")]), Var("R29",Imm(64)), Var("R31",Imm(64))), +Def(Tid(82, "%00000052"), Attrs([Attr("address","0x750"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(87, "%00000057"), Attrs([Attr("address","0x750"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(91, "%0000005b"), Attrs([Attr("address","0x750"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(96, "%00000060"), + Attrs([Attr("address","0x754"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_480, "@_init"), + Attrs([Attr("address","0x588"), Attr("c.proto","signed (*)(void)")]), + "_init", Args([Arg(Tid(1_504, "%000005e0"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("_init_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(1_303, "@_init"), Attrs([Attr("address","0x588")]), Phis([]), +Defs([Def(Tid(1_309, "%0000051d"), Attrs([Attr("address","0x58C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#5",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(1_315, "%00000523"), Attrs([Attr("address","0x58C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#5",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(1_321, "%00000529"), Attrs([Attr("address","0x58C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#5",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(1_325, "%0000052d"), Attrs([Attr("address","0x58C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#5",Imm(64))), Def(Tid(1_331, "%00000533"), + Attrs([Attr("address","0x590"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(1_336, "%00000538"), + Attrs([Attr("address","0x594"), Attr("insn","bl #0xa0")]), + Var("R30",Imm(64)), Int(1432,64))]), Jmps([Call(Tid(1_338, "%0000053a"), + Attrs([Attr("address","0x594"), Attr("insn","bl #0xa0")]), Int(1,1), +(Direct(Tid(1_485, "@call_weak_fn")),Direct(Tid(1_340, "%0000053c"))))])), +Blk(Tid(1_340, "%0000053c"), Attrs([Attr("address","0x598")]), Phis([]), +Defs([Def(Tid(1_345, "%00000541"), Attrs([Attr("address","0x598"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(1_350, "%00000546"), Attrs([Attr("address","0x598"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(1_354, "%0000054a"), Attrs([Attr("address","0x598"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_359, "%0000054f"), + Attrs([Attr("address","0x59C"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_481, "@_start"), + Attrs([Attr("address","0x600"), Attr("stub","()"), Attr("entry-point","()"), +Attr("c.proto","signed (*)(void)")]), "_start", + Args([Arg(Tid(1_505, "%000005e1"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("_start_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(424, "@_start"), Attrs([Attr("address","0x600")]), Phis([]), +Defs([Def(Tid(429, "%000001ad"), Attrs([Attr("address","0x604"), +Attr("insn","mov x29, #0x0")]), Var("R29",Imm(64)), Int(0,64)), +Def(Tid(434, "%000001b2"), Attrs([Attr("address","0x608"), +Attr("insn","mov x30, #0x0")]), Var("R30",Imm(64)), Int(0,64)), +Def(Tid(440, "%000001b8"), Attrs([Attr("address","0x60C"), +Attr("insn","mov x5, x0")]), Var("R5",Imm(64)), Var("R0",Imm(64))), +Def(Tid(447, "%000001bf"), Attrs([Attr("address","0x610"), +Attr("insn","ldr x1, [sp]")]), Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(453, "%000001c5"), Attrs([Attr("address","0x614"), +Attr("insn","add x2, sp, #0x8")]), Var("R2",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(8,64))), Def(Tid(459, "%000001cb"), + Attrs([Attr("address","0x618"), Attr("insn","mov x6, sp")]), + Var("R6",Imm(64)), Var("R31",Imm(64))), Def(Tid(464, "%000001d0"), + Attrs([Attr("address","0x61C"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(471, "%000001d7"), + Attrs([Attr("address","0x620"), Attr("insn","ldr x0, [x0, #0xff0]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4080,64)),LittleEndian(),64)), +Def(Tid(476, "%000001dc"), Attrs([Attr("address","0x624"), +Attr("insn","mov x3, #0x0")]), Var("R3",Imm(64)), Int(0,64)), +Def(Tid(481, "%000001e1"), Attrs([Attr("address","0x628"), +Attr("insn","mov x4, #0x0")]), Var("R4",Imm(64)), Int(0,64)), +Def(Tid(486, "%000001e6"), Attrs([Attr("address","0x62C"), +Attr("insn","bl #-0x6c")]), Var("R30",Imm(64)), Int(1584,64))]), +Jmps([Call(Tid(489, "%000001e9"), Attrs([Attr("address","0x62C"), +Attr("insn","bl #-0x6c")]), Int(1,1), +(Direct(Tid(1_478, "@__libc_start_main")),Direct(Tid(491, "%000001eb"))))])), +Blk(Tid(491, "%000001eb"), Attrs([Attr("address","0x630")]), Phis([]), +Defs([Def(Tid(494, "%000001ee"), Attrs([Attr("address","0x630"), +Attr("insn","bl #-0x40")]), Var("R30",Imm(64)), Int(1588,64))]), +Jmps([Call(Tid(497, "%000001f1"), Attrs([Attr("address","0x630"), +Attr("insn","bl #-0x40")]), Int(1,1), +(Direct(Tid(1_484, "@abort")),Direct(Tid(1_482, "%000005ca"))))])), +Blk(Tid(1_482, "%000005ca"), Attrs([]), Phis([]), Defs([]), +Jmps([Call(Tid(1_483, "%000005cb"), Attrs([]), Int(1,1), +(Direct(Tid(1_485, "@call_weak_fn")),))]))])), Sub(Tid(1_484, "@abort"), + Attrs([Attr("address","0x5F0"), Attr("stub","()"), Attr("noreturn","()"), +Attr("c.proto","void (*)(void)")]), "abort", Args([]), +Blks([Blk(Tid(495, "@abort"), Attrs([Attr("address","0x5F0")]), Phis([]), +Defs([Def(Tid(1_169, "%00000491"), Attrs([Attr("address","0x5F0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_176, "%00000498"), Attrs([Attr("address","0x5F4"), +Attr("insn","ldr x17, [x16, #0xfc8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4040,64)),LittleEndian(),64)), +Def(Tid(1_182, "%0000049e"), Attrs([Attr("address","0x5F8"), +Attr("insn","add x16, x16, #0xfc8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4040,64)))]), Jmps([Call(Tid(1_187, "%000004a3"), + Attrs([Attr("address","0x5FC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_485, "@call_weak_fn"), + Attrs([Attr("address","0x634"), Attr("c.proto","signed (*)(void)")]), + "call_weak_fn", Args([Arg(Tid(1_506, "%000005e2"), + Attrs([Attr("c.data","Top:u32"), Attr("c.layout","[signed : 32]"), +Attr("c.type","signed")]), Var("call_weak_fn_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(499, "@call_weak_fn"), + Attrs([Attr("address","0x634")]), Phis([]), Defs([Def(Tid(502, "%000001f6"), + Attrs([Attr("address","0x634"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(509, "%000001fd"), + Attrs([Attr("address","0x638"), Attr("insn","ldr x0, [x0, #0xfe8]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4072,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(515, "%00000203"), Attrs([Attr("address","0x63C"), +Attr("insn","cbz x0, #0x8")]), EQ(Var("R0",Imm(64)),Int(0,64)), +Direct(Tid(513, "%00000201"))), Goto(Tid(1_486, "%000005ce"), Attrs([]), + Int(1,1), Direct(Tid(941, "%000003ad")))])), Blk(Tid(513, "%00000201"), + Attrs([Attr("address","0x644")]), Phis([]), Defs([]), +Jmps([Call(Tid(521, "%00000209"), Attrs([Attr("address","0x644"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(941, "%000003ad"), Attrs([Attr("address","0x640")]), Phis([]), +Defs([]), Jmps([Goto(Tid(944, "%000003b0"), Attrs([Attr("address","0x640"), +Attr("insn","b #-0x60")]), Int(1,1), Direct(Tid(942, "@__gmon_start__")))])), +Blk(Tid(942, "@__gmon_start__"), Attrs([Attr("address","0x5E0")]), Phis([]), +Defs([Def(Tid(1_147, "%0000047b"), Attrs([Attr("address","0x5E0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_154, "%00000482"), Attrs([Attr("address","0x5E4"), +Attr("insn","ldr x17, [x16, #0xfc0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4032,64)),LittleEndian(),64)), +Def(Tid(1_160, "%00000488"), Attrs([Attr("address","0x5E8"), +Attr("insn","add x16, x16, #0xfc0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4032,64)))]), Jmps([Call(Tid(1_165, "%0000048d"), + Attrs([Attr("address","0x5EC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), +Sub(Tid(1_487, "@deregister_tm_clones"), Attrs([Attr("address","0x650"), +Attr("c.proto","signed (*)(void)")]), "deregister_tm_clones", + Args([Arg(Tid(1_507, "%000005e3"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("deregister_tm_clones_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(527, "@deregister_tm_clones"), + Attrs([Attr("address","0x650")]), Phis([]), Defs([Def(Tid(530, "%00000212"), + Attrs([Attr("address","0x650"), Attr("insn","adrp x0, #131072")]), + Var("R0",Imm(64)), Int(131072,64)), Def(Tid(536, "%00000218"), + Attrs([Attr("address","0x654"), Attr("insn","add x0, x0, #0x10")]), + Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(16,64))), +Def(Tid(541, "%0000021d"), Attrs([Attr("address","0x658"), +Attr("insn","adrp x1, #131072")]), Var("R1",Imm(64)), Int(131072,64)), +Def(Tid(547, "%00000223"), Attrs([Attr("address","0x65C"), +Attr("insn","add x1, x1, #0x10")]), Var("R1",Imm(64)), +PLUS(Var("R1",Imm(64)),Int(16,64))), Def(Tid(553, "%00000229"), + Attrs([Attr("address","0x660"), Attr("insn","cmp x1, x0")]), + Var("#1",Imm(64)), NOT(Var("R0",Imm(64)))), Def(Tid(558, "%0000022e"), + Attrs([Attr("address","0x660"), Attr("insn","cmp x1, x0")]), + Var("#2",Imm(64)), PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64))))), +Def(Tid(564, "%00000234"), Attrs([Attr("address","0x660"), +Attr("insn","cmp x1, x0")]), Var("VF",Imm(1)), +NEQ(SIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R1",Imm(64))),SIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), +Def(Tid(570, "%0000023a"), Attrs([Attr("address","0x660"), +Attr("insn","cmp x1, x0")]), Var("CF",Imm(1)), +NEQ(UNSIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R1",Imm(64))),UNSIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), +Def(Tid(574, "%0000023e"), Attrs([Attr("address","0x660"), +Attr("insn","cmp x1, x0")]), Var("ZF",Imm(1)), +EQ(PLUS(Var("#2",Imm(64)),Int(1,64)),Int(0,64))), Def(Tid(578, "%00000242"), + Attrs([Attr("address","0x660"), Attr("insn","cmp x1, x0")]), + Var("NF",Imm(1)), Extract(63,63,PLUS(Var("#2",Imm(64)),Int(1,64))))]), +Jmps([Goto(Tid(584, "%00000248"), Attrs([Attr("address","0x664"), +Attr("insn","b.eq #0x18")]), EQ(Var("ZF",Imm(1)),Int(1,1)), +Direct(Tid(582, "%00000246"))), Goto(Tid(1_488, "%000005d0"), Attrs([]), + Int(1,1), Direct(Tid(911, "%0000038f")))])), Blk(Tid(911, "%0000038f"), + Attrs([Attr("address","0x668")]), Phis([]), Defs([Def(Tid(914, "%00000392"), + Attrs([Attr("address","0x668"), Attr("insn","adrp x1, #126976")]), + Var("R1",Imm(64)), Int(126976,64)), Def(Tid(921, "%00000399"), + Attrs([Attr("address","0x66C"), Attr("insn","ldr x1, [x1, #0xfd8]")]), + Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R1",Imm(64)),Int(4056,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(926, "%0000039e"), Attrs([Attr("address","0x670"), +Attr("insn","cbz x1, #0xc")]), EQ(Var("R1",Imm(64)),Int(0,64)), +Direct(Tid(582, "%00000246"))), Goto(Tid(1_489, "%000005d1"), Attrs([]), + Int(1,1), Direct(Tid(930, "%000003a2")))])), Blk(Tid(582, "%00000246"), + Attrs([Attr("address","0x67C")]), Phis([]), Defs([]), +Jmps([Call(Tid(590, "%0000024e"), Attrs([Attr("address","0x67C"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(930, "%000003a2"), Attrs([Attr("address","0x674")]), Phis([]), +Defs([Def(Tid(934, "%000003a6"), Attrs([Attr("address","0x674"), +Attr("insn","mov x16, x1")]), Var("R16",Imm(64)), Var("R1",Imm(64)))]), +Jmps([Call(Tid(939, "%000003ab"), Attrs([Attr("address","0x678"), +Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), +Sub(Tid(1_490, "@frame_dummy"), Attrs([Attr("address","0x710"), +Attr("c.proto","signed (*)(void)")]), "frame_dummy", + Args([Arg(Tid(1_508, "%000005e4"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("frame_dummy_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(742, "@frame_dummy"), Attrs([Attr("address","0x710")]), + Phis([]), Defs([]), Jmps([Call(Tid(744, "%000002e8"), + Attrs([Attr("address","0x710"), Attr("insn","b #-0x90")]), Int(1,1), +(Direct(Tid(1_492, "@register_tm_clones")),))]))])), Sub(Tid(1_491, "@main"), + Attrs([Attr("address","0x714"), +Attr("c.proto","signed (*)(signed argc, const char** argv)")]), "main", + Args([Arg(Tid(1_509, "%000005e5"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("main_argc",Imm(32)), LOW(32,Var("R0",Imm(64))), In()), +Arg(Tid(1_510, "%000005e6"), Attrs([Attr("c.data","Top:u8 ptr ptr"), +Attr("c.layout","**[char : 8]"), Attr("c.type"," const char**")]), + Var("main_argv",Imm(64)), Var("R1",Imm(64)), Both()), +Arg(Tid(1_511, "%000005e7"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(746, "@main"), Attrs([Attr("address","0x714")]), Phis([]), +Defs([Def(Tid(750, "%000002ee"), Attrs([Attr("address","0x714"), +Attr("insn","sub sp, sp, #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(757, "%000002f5"), Attrs([Attr("address","0x718"), +Attr("insn","str wzr, [sp, #0xc]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),Int(0,32),LittleEndian(),32)), +Def(Tid(764, "%000002fc"), Attrs([Attr("address","0x71C"), +Attr("insn","ldr w0, [sp, #0xc]")]), Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),LittleEndian(),32))), +Def(Tid(770, "%00000302"), Attrs([Attr("address","0x720"), +Attr("insn","add w0, w0, #0x1")]), Var("R0",Imm(64)), +UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(1,32)))), +Def(Tid(778, "%0000030a"), Attrs([Attr("address","0x724"), +Attr("insn","str w0, [sp, #0xc]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),Extract(31,0,Var("R0",Imm(64))),LittleEndian(),32)), +Def(Tid(783, "%0000030f"), Attrs([Attr("address","0x728"), +Attr("insn","mov w0, #0x3")]), Var("R0",Imm(64)), Int(3,64)), +Def(Tid(791, "%00000317"), Attrs([Attr("address","0x72C"), +Attr("insn","str w0, [sp, #0xc]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),Extract(31,0,Var("R0",Imm(64))),LittleEndian(),32)), +Def(Tid(796, "%0000031c"), Attrs([Attr("address","0x730"), +Attr("insn","mov w0, #0xa")]), Var("R0",Imm(64)), Int(10,64)), +Def(Tid(804, "%00000324"), Attrs([Attr("address","0x734"), +Attr("insn","str w0, [sp, #0xc]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(12,64)),Extract(31,0,Var("R0",Imm(64))),LittleEndian(),32)), +Def(Tid(809, "%00000329"), Attrs([Attr("address","0x738"), +Attr("insn","mov w0, #0x0")]), Var("R0",Imm(64)), Int(0,64)), +Def(Tid(815, "%0000032f"), Attrs([Attr("address","0x73C"), +Attr("insn","add sp, sp, #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(820, "%00000334"), + Attrs([Attr("address","0x740"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), +Sub(Tid(1_492, "@register_tm_clones"), Attrs([Attr("address","0x680"), +Attr("c.proto","signed (*)(void)")]), "register_tm_clones", + Args([Arg(Tid(1_512, "%000005e8"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("register_tm_clones_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(592, "@register_tm_clones"), + Attrs([Attr("address","0x680")]), Phis([]), Defs([Def(Tid(595, "%00000253"), + Attrs([Attr("address","0x680"), Attr("insn","adrp x0, #131072")]), + Var("R0",Imm(64)), Int(131072,64)), Def(Tid(601, "%00000259"), + Attrs([Attr("address","0x684"), Attr("insn","add x0, x0, #0x10")]), + Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(16,64))), +Def(Tid(606, "%0000025e"), Attrs([Attr("address","0x688"), +Attr("insn","adrp x1, #131072")]), Var("R1",Imm(64)), Int(131072,64)), +Def(Tid(612, "%00000264"), Attrs([Attr("address","0x68C"), +Attr("insn","add x1, x1, #0x10")]), Var("R1",Imm(64)), +PLUS(Var("R1",Imm(64)),Int(16,64))), Def(Tid(619, "%0000026b"), + Attrs([Attr("address","0x690"), Attr("insn","sub x1, x1, x0")]), + Var("R1",Imm(64)), +PLUS(PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64)))),Int(1,64))), +Def(Tid(625, "%00000271"), Attrs([Attr("address","0x694"), +Attr("insn","lsr x2, x1, #63")]), Var("R2",Imm(64)), +Concat(Int(0,63),Extract(63,63,Var("R1",Imm(64))))), +Def(Tid(632, "%00000278"), Attrs([Attr("address","0x698"), +Attr("insn","add x1, x2, x1, asr #3")]), Var("R1",Imm(64)), +PLUS(Var("R2",Imm(64)),ARSHIFT(Var("R1",Imm(64)),Int(3,3)))), +Def(Tid(638, "%0000027e"), Attrs([Attr("address","0x69C"), +Attr("insn","asr x1, x1, #1")]), Var("R1",Imm(64)), +SIGNED(64,Extract(63,1,Var("R1",Imm(64)))))]), +Jmps([Goto(Tid(644, "%00000284"), Attrs([Attr("address","0x6A0"), +Attr("insn","cbz x1, #0x18")]), EQ(Var("R1",Imm(64)),Int(0,64)), +Direct(Tid(642, "%00000282"))), Goto(Tid(1_493, "%000005d5"), Attrs([]), + Int(1,1), Direct(Tid(881, "%00000371")))])), Blk(Tid(881, "%00000371"), + Attrs([Attr("address","0x6A4")]), Phis([]), Defs([Def(Tid(884, "%00000374"), + Attrs([Attr("address","0x6A4"), Attr("insn","adrp x2, #126976")]), + Var("R2",Imm(64)), Int(126976,64)), Def(Tid(891, "%0000037b"), + Attrs([Attr("address","0x6A8"), Attr("insn","ldr x2, [x2, #0xff8]")]), + Var("R2",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R2",Imm(64)),Int(4088,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(896, "%00000380"), Attrs([Attr("address","0x6AC"), +Attr("insn","cbz x2, #0xc")]), EQ(Var("R2",Imm(64)),Int(0,64)), +Direct(Tid(642, "%00000282"))), Goto(Tid(1_494, "%000005d6"), Attrs([]), + Int(1,1), Direct(Tid(900, "%00000384")))])), Blk(Tid(642, "%00000282"), + Attrs([Attr("address","0x6B8")]), Phis([]), Defs([]), +Jmps([Call(Tid(650, "%0000028a"), Attrs([Attr("address","0x6B8"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(900, "%00000384"), Attrs([Attr("address","0x6B0")]), Phis([]), +Defs([Def(Tid(904, "%00000388"), Attrs([Attr("address","0x6B0"), +Attr("insn","mov x16, x2")]), Var("R16",Imm(64)), Var("R2",Imm(64)))]), +Jmps([Call(Tid(909, "%0000038d"), Attrs([Attr("address","0x6B4"), +Attr("insn","br x16")]), Int(1,1), +(Indirect(Var("R16",Imm(64))),))]))]))]))) \ No newline at end of file diff --git a/examples/basic_local_reassign/basic_local_reassign.bir b/examples/basic_local_reassign/basic_local_reassign.bir new file mode 100644 index 000000000..9150c452a --- /dev/null +++ b/examples/basic_local_reassign/basic_local_reassign.bir @@ -0,0 +1,234 @@ +000005d7: program +000005c1: sub __cxa_finalize(__cxa_finalize_result) +000005d8: __cxa_finalize_result :: out u32 = low:32[R0] + +0000036d: +00000465: R16 := 0x1F000 +0000046c: R17 := mem[R16 + 0xFB8, el]:u64 +00000472: R16 := R16 + 0xFB8 +00000477: call R17 with noreturn + +000005c2: sub __do_global_dtors_aux(__do_global_dtors_aux_result) +000005d9: __do_global_dtors_aux_result :: out u32 = low:32[R0] + +0000028e: +00000292: #3 := R31 - 0x20 +00000298: mem := mem with [#3, el]:u64 <- R29 +0000029e: mem := mem with [#3 + 8, el]:u64 <- R30 +000002a2: R31 := #3 +000002a8: R29 := R31 +000002b0: mem := mem with [R31 + 0x10, el]:u64 <- R19 +000002b5: R19 := 0x20000 +000002bc: R0 := pad:64[mem[R19 + 0x10]] +000002c3: when 31:0[R0] <> 0 goto %000002c1 +000005c3: goto %00000336 + +00000336: +00000339: R0 := 0x1F000 +00000340: R0 := mem[R0 + 0xFE0, el]:u64 +00000346: when R0 = 0 goto %00000344 +000005c4: goto %0000035d + +0000035d: +00000360: R0 := 0x20000 +00000367: R0 := mem[R0 + 8, el]:u64 +0000036c: R30 := 0x6F0 +0000036f: call @__cxa_finalize with return %00000344 + +00000344: +0000034c: R30 := 0x6F4 +0000034e: call @deregister_tm_clones with return %00000350 + +00000350: +00000353: R0 := 1 +0000035b: mem := mem with [R19 + 0x10] <- 7:0[R0] +000005c5: goto %000002c1 + +000002c1: +000002cb: R19 := mem[R31 + 0x10, el]:u64 +000002d2: R29 := mem[R31, el]:u64 +000002d7: R30 := mem[R31 + 8, el]:u64 +000002db: R31 := R31 + 0x20 +000002e0: call R30 with noreturn + +000005c6: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result) +000005da: __libc_start_main_main :: in u64 = R0 +000005db: __libc_start_main_arg2 :: in u32 = low:32[R1] +000005dc: __libc_start_main_arg3 :: in out u64 = R2 +000005dd: __libc_start_main_auxv :: in out u64 = R3 +000005de: __libc_start_main_result :: out u32 = low:32[R0] + +000001e7: +0000044f: R16 := 0x1F000 +00000456: R17 := mem[R16 + 0xFB0, el]:u64 +0000045c: R16 := R16 + 0xFB0 +00000461: call R17 with noreturn + +000005c7: sub _fini(_fini_result) +000005df: _fini_result :: out u32 = low:32[R0] + +0000002f: +00000035: #0 := R31 - 0x10 +0000003b: mem := mem with [#0, el]:u64 <- R29 +00000041: mem := mem with [#0 + 8, el]:u64 <- R30 +00000045: R31 := #0 +0000004b: R29 := R31 +00000052: R29 := mem[R31, el]:u64 +00000057: R30 := mem[R31 + 8, el]:u64 +0000005b: R31 := R31 + 0x10 +00000060: call R30 with noreturn + +000005c8: sub _init(_init_result) +000005e0: _init_result :: out u32 = low:32[R0] + +00000517: +0000051d: #5 := R31 - 0x10 +00000523: mem := mem with [#5, el]:u64 <- R29 +00000529: mem := mem with [#5 + 8, el]:u64 <- R30 +0000052d: R31 := #5 +00000533: R29 := R31 +00000538: R30 := 0x598 +0000053a: call @call_weak_fn with return %0000053c + +0000053c: +00000541: R29 := mem[R31, el]:u64 +00000546: R30 := mem[R31 + 8, el]:u64 +0000054a: R31 := R31 + 0x10 +0000054f: call R30 with noreturn + +000005c9: sub _start(_start_result) +000005e1: _start_result :: out u32 = low:32[R0] + +000001a8: +000001ad: R29 := 0 +000001b2: R30 := 0 +000001b8: R5 := R0 +000001bf: R1 := mem[R31, el]:u64 +000001c5: R2 := R31 + 8 +000001cb: R6 := R31 +000001d0: R0 := 0x1F000 +000001d7: R0 := mem[R0 + 0xFF0, el]:u64 +000001dc: R3 := 0 +000001e1: R4 := 0 +000001e6: R30 := 0x630 +000001e9: call @__libc_start_main with return %000001eb + +000001eb: +000001ee: R30 := 0x634 +000001f1: call @abort with return %000005ca + +000005ca: +000005cb: call @call_weak_fn with noreturn + +000005cc: sub abort() + + +000001ef: +00000491: R16 := 0x1F000 +00000498: R17 := mem[R16 + 0xFC8, el]:u64 +0000049e: R16 := R16 + 0xFC8 +000004a3: call R17 with noreturn + +000005cd: sub call_weak_fn(call_weak_fn_result) +000005e2: call_weak_fn_result :: out u32 = low:32[R0] + +000001f3: +000001f6: R0 := 0x1F000 +000001fd: R0 := mem[R0 + 0xFE8, el]:u64 +00000203: when R0 = 0 goto %00000201 +000005ce: goto %000003ad + +00000201: +00000209: call R30 with noreturn + +000003ad: +000003b0: goto @__gmon_start__ + +000003ae: +0000047b: R16 := 0x1F000 +00000482: R17 := mem[R16 + 0xFC0, el]:u64 +00000488: R16 := R16 + 0xFC0 +0000048d: call R17 with noreturn + +000005cf: sub deregister_tm_clones(deregister_tm_clones_result) +000005e3: deregister_tm_clones_result :: out u32 = low:32[R0] + +0000020f: +00000212: R0 := 0x20000 +00000218: R0 := R0 + 0x10 +0000021d: R1 := 0x20000 +00000223: R1 := R1 + 0x10 +00000229: #1 := ~R0 +0000022e: #2 := R1 + ~R0 +00000234: VF := extend:65[#2 + 1] <> extend:65[R1] + extend:65[#1] + 1 +0000023a: CF := pad:65[#2 + 1] <> pad:65[R1] + pad:65[#1] + 1 +0000023e: ZF := #2 + 1 = 0 +00000242: NF := 63:63[#2 + 1] +00000248: when ZF goto %00000246 +000005d0: goto %0000038f + +0000038f: +00000392: R1 := 0x1F000 +00000399: R1 := mem[R1 + 0xFD8, el]:u64 +0000039e: when R1 = 0 goto %00000246 +000005d1: goto %000003a2 + +00000246: +0000024e: call R30 with noreturn + +000003a2: +000003a6: R16 := R1 +000003ab: call R16 with noreturn + +000005d2: sub frame_dummy(frame_dummy_result) +000005e4: frame_dummy_result :: out u32 = low:32[R0] + +000002e6: +000002e8: call @register_tm_clones with noreturn + +000005d3: sub main(main_argc, main_argv, main_result) +000005e5: main_argc :: in u32 = low:32[R0] +000005e6: main_argv :: in out u64 = R1 +000005e7: main_result :: out u32 = low:32[R0] + +000002ea: +000002ee: R31 := R31 - 0x10 +000002f5: mem := mem with [R31 + 0xC, el]:u32 <- 0 +000002fc: R0 := pad:64[mem[R31 + 0xC, el]:u32] +00000302: R0 := pad:64[31:0[R0] + 1] +0000030a: mem := mem with [R31 + 0xC, el]:u32 <- 31:0[R0] +0000030f: R0 := 3 +00000317: mem := mem with [R31 + 0xC, el]:u32 <- 31:0[R0] +0000031c: R0 := 0xA +00000324: mem := mem with [R31 + 0xC, el]:u32 <- 31:0[R0] +00000329: R0 := 0 +0000032f: R31 := R31 + 0x10 +00000334: call R30 with noreturn + +000005d4: sub register_tm_clones(register_tm_clones_result) +000005e8: register_tm_clones_result :: out u32 = low:32[R0] + +00000250: +00000253: R0 := 0x20000 +00000259: R0 := R0 + 0x10 +0000025e: R1 := 0x20000 +00000264: R1 := R1 + 0x10 +0000026b: R1 := R1 + ~R0 + 1 +00000271: R2 := 0.63:63[R1] +00000278: R1 := R2 + (R1 ~>> 3) +0000027e: R1 := extend:64[63:1[R1]] +00000284: when R1 = 0 goto %00000282 +000005d5: goto %00000371 + +00000371: +00000374: R2 := 0x1F000 +0000037b: R2 := mem[R2 + 0xFF8, el]:u64 +00000380: when R2 = 0 goto %00000282 +000005d6: goto %00000384 + +00000282: +0000028a: call R30 with noreturn + +00000384: +00000388: R16 := R2 +0000038d: call R16 with noreturn diff --git a/examples/basic_local_reassign/basic_local_reassign.c b/examples/basic_local_reassign/basic_local_reassign.c new file mode 100644 index 000000000..3a5dbc052 --- /dev/null +++ b/examples/basic_local_reassign/basic_local_reassign.c @@ -0,0 +1,6 @@ +int main() { + int z = 0; + z = z + 1; + z = 3; + z = 10; +} \ No newline at end of file diff --git a/examples/basic_local_reassign/basic_local_reassign.relf b/examples/basic_local_reassign/basic_local_reassign.relf new file mode 100644 index 000000000..d05fa7597 --- /dev/null +++ b/examples/basic_local_reassign/basic_local_reassign.relf @@ -0,0 +1,125 @@ + +Relocation section '.rela.dyn' at offset 0x468 contains 8 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend +000000000001fd88 0000000000000403 R_AARCH64_RELATIVE 710 +000000000001fd90 0000000000000403 R_AARCH64_RELATIVE 6c0 +000000000001fff0 0000000000000403 R_AARCH64_RELATIVE 714 +0000000000020008 0000000000000403 R_AARCH64_RELATIVE 20008 +000000000001ffd8 0000000400000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_deregisterTMCloneTable + 0 +000000000001ffe0 0000000500000401 R_AARCH64_GLOB_DAT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 +000000000001ffe8 0000000600000401 R_AARCH64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 +000000000001fff8 0000000800000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_registerTMCloneTable + 0 + +Relocation section '.rela.plt' at offset 0x528 contains 4 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend +000000000001ffb0 0000000300000402 R_AARCH64_JUMP_SLOT 0000000000000000 __libc_start_main@GLIBC_2.34 + 0 +000000000001ffb8 0000000500000402 R_AARCH64_JUMP_SLOT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 +000000000001ffc0 0000000600000402 R_AARCH64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 +000000000001ffc8 0000000700000402 R_AARCH64_JUMP_SLOT 0000000000000000 abort@GLIBC_2.17 + 0 + +Symbol table '.dynsym' contains 9 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 0000000000000588 0 SECTION LOCAL DEFAULT 11 .init + 2: 0000000000020000 0 SECTION LOCAL DEFAULT 22 .data + 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 (2) + 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable + 5: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 (3) + 6: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 7: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 (3) + 8: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable + +Symbol table '.symtab' contains 92 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 0000000000000238 0 SECTION LOCAL DEFAULT 1 .interp + 2: 0000000000000254 0 SECTION LOCAL DEFAULT 2 .note.gnu.build-id + 3: 0000000000000278 0 SECTION LOCAL DEFAULT 3 .note.ABI-tag + 4: 0000000000000298 0 SECTION LOCAL DEFAULT 4 .gnu.hash + 5: 00000000000002b8 0 SECTION LOCAL DEFAULT 5 .dynsym + 6: 0000000000000390 0 SECTION LOCAL DEFAULT 6 .dynstr + 7: 0000000000000424 0 SECTION LOCAL DEFAULT 7 .gnu.version + 8: 0000000000000438 0 SECTION LOCAL DEFAULT 8 .gnu.version_r + 9: 0000000000000468 0 SECTION LOCAL DEFAULT 9 .rela.dyn + 10: 0000000000000528 0 SECTION LOCAL DEFAULT 10 .rela.plt + 11: 0000000000000588 0 SECTION LOCAL DEFAULT 11 .init + 12: 00000000000005a0 0 SECTION LOCAL DEFAULT 12 .plt + 13: 0000000000000600 0 SECTION LOCAL DEFAULT 13 .text + 14: 0000000000000744 0 SECTION LOCAL DEFAULT 14 .fini + 15: 0000000000000758 0 SECTION LOCAL DEFAULT 15 .rodata + 16: 000000000000075c 0 SECTION LOCAL DEFAULT 16 .eh_frame_hdr + 17: 0000000000000798 0 SECTION LOCAL DEFAULT 17 .eh_frame + 18: 000000000001fd88 0 SECTION LOCAL DEFAULT 18 .init_array + 19: 000000000001fd90 0 SECTION LOCAL DEFAULT 19 .fini_array + 20: 000000000001fd98 0 SECTION LOCAL DEFAULT 20 .dynamic + 21: 000000000001ff98 0 SECTION LOCAL DEFAULT 21 .got + 22: 0000000000020000 0 SECTION LOCAL DEFAULT 22 .data + 23: 0000000000020010 0 SECTION LOCAL DEFAULT 23 .bss + 24: 0000000000000000 0 SECTION LOCAL DEFAULT 24 .comment + 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25 .debug_aranges + 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26 .debug_info + 27: 0000000000000000 0 SECTION LOCAL DEFAULT 27 .debug_abbrev + 28: 0000000000000000 0 SECTION LOCAL DEFAULT 28 .debug_line + 29: 0000000000000000 0 SECTION LOCAL DEFAULT 29 .debug_str + 30: 0000000000000000 0 SECTION LOCAL DEFAULT 30 .debug_line_str + 31: 0000000000000000 0 FILE LOCAL DEFAULT ABS Scrt1.o + 32: 0000000000000278 0 NOTYPE LOCAL DEFAULT 3 $d + 33: 0000000000000278 32 OBJECT LOCAL DEFAULT 3 __abi_tag + 34: 0000000000000600 0 NOTYPE LOCAL DEFAULT 13 $x + 35: 00000000000007ac 0 NOTYPE LOCAL DEFAULT 17 $d + 36: 0000000000000758 0 NOTYPE LOCAL DEFAULT 15 $d + 37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crti.o + 38: 0000000000000634 0 NOTYPE LOCAL DEFAULT 13 $x + 39: 0000000000000634 20 FUNC LOCAL DEFAULT 13 call_weak_fn + 40: 0000000000000588 0 NOTYPE LOCAL DEFAULT 11 $x + 41: 0000000000000744 0 NOTYPE LOCAL DEFAULT 14 $x + 42: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtn.o + 43: 0000000000000598 0 NOTYPE LOCAL DEFAULT 11 $x + 44: 0000000000000750 0 NOTYPE LOCAL DEFAULT 14 $x + 45: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 46: 0000000000000650 0 NOTYPE LOCAL DEFAULT 13 $x + 47: 0000000000000650 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones + 48: 0000000000000680 0 FUNC LOCAL DEFAULT 13 register_tm_clones + 49: 0000000000020008 0 NOTYPE LOCAL DEFAULT 22 $d + 50: 00000000000006c0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux + 51: 0000000000020010 1 OBJECT LOCAL DEFAULT 23 completed.0 + 52: 000000000001fd90 0 NOTYPE LOCAL DEFAULT 19 $d + 53: 000000000001fd90 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry + 54: 0000000000000710 0 FUNC LOCAL DEFAULT 13 frame_dummy + 55: 000000000001fd88 0 NOTYPE LOCAL DEFAULT 18 $d + 56: 000000000001fd88 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry + 57: 00000000000007c0 0 NOTYPE LOCAL DEFAULT 17 $d + 58: 0000000000020010 0 NOTYPE LOCAL DEFAULT 23 $d + 59: 0000000000000000 0 FILE LOCAL DEFAULT ABS example.c + 60: 0000000000000714 0 NOTYPE LOCAL DEFAULT 13 $x + 61: 0000000000000820 0 NOTYPE LOCAL DEFAULT 17 $d + 62: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 63: 0000000000000838 0 NOTYPE LOCAL DEFAULT 17 $d + 64: 0000000000000838 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ + 65: 0000000000000000 0 FILE LOCAL DEFAULT ABS + 66: 000000000001fd98 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC + 67: 000000000000075c 0 NOTYPE LOCAL DEFAULT 16 __GNU_EH_FRAME_HDR + 68: 000000000001ffd0 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ + 69: 00000000000005a0 0 NOTYPE LOCAL DEFAULT 12 $x + 70: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 + 71: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable + 72: 0000000000020000 0 NOTYPE WEAK DEFAULT 22 data_start + 73: 0000000000020010 0 NOTYPE GLOBAL DEFAULT 23 __bss_start__ + 74: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 + 75: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 _bss_end__ + 76: 0000000000020010 0 NOTYPE GLOBAL DEFAULT 22 _edata + 77: 0000000000000744 0 FUNC GLOBAL HIDDEN 14 _fini + 78: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 __bss_end__ + 79: 0000000000020000 0 NOTYPE GLOBAL DEFAULT 22 __data_start + 80: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 81: 0000000000020008 0 OBJECT GLOBAL HIDDEN 22 __dso_handle + 82: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 + 83: 0000000000000758 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used + 84: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 _end + 85: 0000000000000600 52 FUNC GLOBAL DEFAULT 13 _start + 86: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 __end__ + 87: 0000000000020010 0 NOTYPE GLOBAL DEFAULT 23 __bss_start + 88: 0000000000000714 48 FUNC GLOBAL DEFAULT 13 main + 89: 0000000000020010 0 OBJECT GLOBAL HIDDEN 22 __TMC_END__ + 90: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable + 91: 0000000000000588 0 FUNC GLOBAL HIDDEN 11 _init diff --git a/examples/pass_stack_ptr/pass_stack_ptr.adt b/examples/pass_stack_ptr/pass_stack_ptr.adt new file mode 100644 index 000000000..f73e4ad5e --- /dev/null +++ b/examples/pass_stack_ptr/pass_stack_ptr.adt @@ -0,0 +1,654 @@ +Project(Attrs([Attr("filename","/tmp/tmpz3l6fobl/a.out"), +Attr("image-specification","(declare abi (name str))\n(declare arch (name str))\n(declare base-address (addr int))\n(declare bias (off int))\n(declare bits (size int))\n(declare code-region (addr int) (size int) (off int))\n(declare code-start (addr int))\n(declare entry-point (addr int))\n(declare external-reference (addr int) (name str))\n(declare format (name str))\n(declare is-executable (flag bool))\n(declare is-little-endian (flag bool))\n(declare llvm:base-address (addr int))\n(declare llvm:code-entry (name str) (off int) (size int))\n(declare llvm:coff-import-library (name str))\n(declare llvm:coff-virtual-section-header (name str) (addr int) (size int))\n(declare llvm:elf-program-header (name str) (off int) (size int))\n(declare llvm:elf-program-header-flags (name str) (ld bool) (r bool) \n (w bool) (x bool))\n(declare llvm:elf-virtual-program-header (name str) (addr int) (size int))\n(declare llvm:entry-point (addr int))\n(declare llvm:macho-symbol (name str) (value int))\n(declare llvm:name-reference (at int) (name str))\n(declare llvm:relocation (at int) (addr int))\n(declare llvm:section-entry (name str) (addr int) (size int) (off int))\n(declare llvm:section-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:segment-command (name str) (off int) (size int))\n(declare llvm:segment-command-flags (name str) (r bool) (w bool) (x bool))\n(declare llvm:symbol-entry (name str) (addr int) (size int) (off int)\n (value int))\n(declare llvm:virtual-segment-command (name str) (addr int) (size int))\n(declare mapped (addr int) (size int) (off int))\n(declare named-region (addr int) (size int) (name str))\n(declare named-symbol (addr int) (name str))\n(declare require (name str))\n(declare section (addr int) (size int))\n(declare segment (addr int) (size int) (r bool) (w bool) (x bool))\n(declare subarch (name str))\n(declare symbol-chunk (addr int) (size int) (root int))\n(declare symbol-value (addr int) (value int))\n(declare system (name str))\n(declare vendor (name str))\n\n(abi unknown)\n(arch aarch64)\n(base-address 0)\n(bias 0)\n(bits 64)\n(code-region 2220 20 2220)\n(code-region 1792 428 1792)\n(code-region 1632 112 1632)\n(code-region 1608 24 1608)\n(code-start 1844)\n(code-start 2068)\n(code-start 1792)\n(code-start 2108)\n(entry-point 1792)\n(external-reference 131024 _ITM_deregisterTMCloneTable)\n(external-reference 131032 __cxa_finalize)\n(external-reference 131040 __gmon_start__)\n(external-reference 131064 _ITM_registerTMCloneTable)\n(external-reference 130976 __libc_start_main)\n(external-reference 130984 __cxa_finalize)\n(external-reference 130992 __stack_chk_fail)\n(external-reference 131000 __gmon_start__)\n(external-reference 131008 abort)\n(format elf)\n(is-executable true)\n(is-little-endian true)\n(llvm:base-address 0)\n(llvm:code-entry abort 0 0)\n(llvm:code-entry __stack_chk_fail 0 0)\n(llvm:code-entry __cxa_finalize 0 0)\n(llvm:code-entry __libc_start_main 0 0)\n(llvm:code-entry _init 1608 0)\n(llvm:code-entry main 2108 112)\n(llvm:code-entry _start 1792 52)\n(llvm:code-entry abort@GLIBC_2.17 0 0)\n(llvm:code-entry modifyValue 2068 40)\n(llvm:code-entry __stack_chk_fail@GLIBC_2.17 0 0)\n(llvm:code-entry _fini 2220 0)\n(llvm:code-entry __cxa_finalize@GLIBC_2.17 0 0)\n(llvm:code-entry __libc_start_main@GLIBC_2.34 0 0)\n(llvm:code-entry frame_dummy 2064 0)\n(llvm:code-entry __do_global_dtors_aux 1984 0)\n(llvm:code-entry register_tm_clones 1920 0)\n(llvm:code-entry deregister_tm_clones 1872 0)\n(llvm:code-entry call_weak_fn 1844 20)\n(llvm:code-entry .fini 2220 20)\n(llvm:code-entry .text 1792 428)\n(llvm:code-entry .plt 1632 112)\n(llvm:code-entry .init 1608 24)\n(llvm:elf-program-header 08 64872 664)\n(llvm:elf-program-header 07 0 0)\n(llvm:elf-program-header 06 2244 68)\n(llvm:elf-program-header 05 596 68)\n(llvm:elf-program-header 04 64888 528)\n(llvm:elf-program-header 03 64872 680)\n(llvm:elf-program-header 02 0 2508)\n(llvm:elf-program-header 01 568 27)\n(llvm:elf-program-header 00 64 504)\n(llvm:elf-program-header-flags 08 false true false false)\n(llvm:elf-program-header-flags 07 false true true false)\n(llvm:elf-program-header-flags 06 false true false false)\n(llvm:elf-program-header-flags 05 false true false false)\n(llvm:elf-program-header-flags 04 false true true false)\n(llvm:elf-program-header-flags 03 true true true false)\n(llvm:elf-program-header-flags 02 true true false true)\n(llvm:elf-program-header-flags 01 false true false false)\n(llvm:elf-program-header-flags 00 false true false false)\n(llvm:elf-virtual-program-header 08 130408 664)\n(llvm:elf-virtual-program-header 07 0 0)\n(llvm:elf-virtual-program-header 06 2244 68)\n(llvm:elf-virtual-program-header 05 596 68)\n(llvm:elf-virtual-program-header 04 130424 528)\n(llvm:elf-virtual-program-header 03 130408 688)\n(llvm:elf-virtual-program-header 02 0 2508)\n(llvm:elf-virtual-program-header 01 568 27)\n(llvm:elf-virtual-program-header 00 64 504)\n(llvm:entry-point 1792)\n(llvm:name-reference 131008 abort)\n(llvm:name-reference 131000 __gmon_start__)\n(llvm:name-reference 130992 __stack_chk_fail)\n(llvm:name-reference 130984 __cxa_finalize)\n(llvm:name-reference 130976 __libc_start_main)\n(llvm:name-reference 131064 _ITM_registerTMCloneTable)\n(llvm:name-reference 131040 __gmon_start__)\n(llvm:name-reference 131032 __cxa_finalize)\n(llvm:name-reference 131024 _ITM_deregisterTMCloneTable)\n(llvm:section-entry .shstrtab 0 330 69372)\n(llvm:section-entry .strtab 0 612 68760)\n(llvm:section-entry .symtab 0 2280 66480)\n(llvm:section-entry .debug_line_str 0 122 66355)\n(llvm:section-entry .debug_str 0 229 66126)\n(llvm:section-entry .debug_line 0 107 66019)\n(llvm:section-entry .debug_abbrev 0 141 65878)\n(llvm:section-entry .debug_info 0 235 65643)\n(llvm:section-entry .debug_aranges 0 48 65595)\n(llvm:section-entry .comment 0 43 65552)\n(llvm:section-entry .bss 131088 8 65552)\n(llvm:section-entry .data 131072 16 65536)\n(llvm:section-entry .got 130952 120 65416)\n(llvm:section-entry .dynamic 130424 528 64888)\n(llvm:section-entry .fini_array 130416 8 64880)\n(llvm:section-entry .init_array 130408 8 64872)\n(llvm:section-entry .eh_frame 2312 196 2312)\n(llvm:section-entry .eh_frame_hdr 2244 68 2244)\n(llvm:section-entry .rodata 2240 4 2240)\n(llvm:section-entry .fini 2220 20 2220)\n(llvm:section-entry .text 1792 428 1792)\n(llvm:section-entry .plt 1632 112 1632)\n(llvm:section-entry .init 1608 24 1608)\n(llvm:section-entry .rela.plt 1488 120 1488)\n(llvm:section-entry .rela.dyn 1272 216 1272)\n(llvm:section-entry .gnu.version_r 1192 80 1192)\n(llvm:section-entry .gnu.version 1164 22 1164)\n(llvm:section-entry .dynstr 960 204 960)\n(llvm:section-entry .dynsym 696 264 696)\n(llvm:section-entry .gnu.hash 664 28 664)\n(llvm:section-entry .note.ABI-tag 632 32 632)\n(llvm:section-entry .note.gnu.build-id 596 36 596)\n(llvm:section-entry .interp 568 27 568)\n(llvm:section-flags .shstrtab true false false)\n(llvm:section-flags .strtab true false false)\n(llvm:section-flags .symtab true false false)\n(llvm:section-flags .debug_line_str true false false)\n(llvm:section-flags .debug_str true false false)\n(llvm:section-flags .debug_line true false false)\n(llvm:section-flags .debug_abbrev true false false)\n(llvm:section-flags .debug_info true false false)\n(llvm:section-flags .debug_aranges true false false)\n(llvm:section-flags .comment true false false)\n(llvm:section-flags .bss true true false)\n(llvm:section-flags .data true true false)\n(llvm:section-flags .got true true false)\n(llvm:section-flags .dynamic true true false)\n(llvm:section-flags .fini_array true true false)\n(llvm:section-flags .init_array true true false)\n(llvm:section-flags .eh_frame true false false)\n(llvm:section-flags .eh_frame_hdr true false false)\n(llvm:section-flags .rodata true false false)\n(llvm:section-flags .fini true false true)\n(llvm:section-flags .text true false true)\n(llvm:section-flags .plt true false true)\n(llvm:section-flags .init true false true)\n(llvm:section-flags .rela.plt true false false)\n(llvm:section-flags .rela.dyn true false false)\n(llvm:section-flags .gnu.version_r true false false)\n(llvm:section-flags .gnu.version true false false)\n(llvm:section-flags .dynstr true false false)\n(llvm:section-flags .dynsym true false false)\n(llvm:section-flags .gnu.hash true false false)\n(llvm:section-flags .note.ABI-tag true false false)\n(llvm:section-flags .note.gnu.build-id true false false)\n(llvm:section-flags .interp true false false)\n(llvm:symbol-entry abort 0 0 0 0)\n(llvm:symbol-entry __stack_chk_fail 0 0 0 0)\n(llvm:symbol-entry __cxa_finalize 0 0 0 0)\n(llvm:symbol-entry __libc_start_main 0 0 0 0)\n(llvm:symbol-entry _init 1608 0 1608 1608)\n(llvm:symbol-entry main 2108 112 2108 2108)\n(llvm:symbol-entry _start 1792 52 1792 1792)\n(llvm:symbol-entry abort@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry modifyValue 2068 40 2068 2068)\n(llvm:symbol-entry __stack_chk_fail@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry _fini 2220 0 2220 2220)\n(llvm:symbol-entry __cxa_finalize@GLIBC_2.17 0 0 0 0)\n(llvm:symbol-entry __libc_start_main@GLIBC_2.34 0 0 0 0)\n(llvm:symbol-entry frame_dummy 2064 0 2064 2064)\n(llvm:symbol-entry __do_global_dtors_aux 1984 0 1984 1984)\n(llvm:symbol-entry register_tm_clones 1920 0 1920 1920)\n(llvm:symbol-entry deregister_tm_clones 1872 0 1872 1872)\n(llvm:symbol-entry call_weak_fn 1844 20 1844 1844)\n(mapped 0 2508 0)\n(mapped 130408 680 64872)\n(named-region 0 2508 02)\n(named-region 130408 688 03)\n(named-region 568 27 .interp)\n(named-region 596 36 .note.gnu.build-id)\n(named-region 632 32 .note.ABI-tag)\n(named-region 664 28 .gnu.hash)\n(named-region 696 264 .dynsym)\n(named-region 960 204 .dynstr)\n(named-region 1164 22 .gnu.version)\n(named-region 1192 80 .gnu.version_r)\n(named-region 1272 216 .rela.dyn)\n(named-region 1488 120 .rela.plt)\n(named-region 1608 24 .init)\n(named-region 1632 112 .plt)\n(named-region 1792 428 .text)\n(named-region 2220 20 .fini)\n(named-region 2240 4 .rodata)\n(named-region 2244 68 .eh_frame_hdr)\n(named-region 2312 196 .eh_frame)\n(named-region 130408 8 .init_array)\n(named-region 130416 8 .fini_array)\n(named-region 130424 528 .dynamic)\n(named-region 130952 120 .got)\n(named-region 131072 16 .data)\n(named-region 131088 8 .bss)\n(named-region 0 43 .comment)\n(named-region 0 48 .debug_aranges)\n(named-region 0 235 .debug_info)\n(named-region 0 141 .debug_abbrev)\n(named-region 0 107 .debug_line)\n(named-region 0 229 .debug_str)\n(named-region 0 122 .debug_line_str)\n(named-region 0 2280 .symtab)\n(named-region 0 612 .strtab)\n(named-region 0 330 .shstrtab)\n(named-symbol 1844 call_weak_fn)\n(named-symbol 1872 deregister_tm_clones)\n(named-symbol 1920 register_tm_clones)\n(named-symbol 1984 __do_global_dtors_aux)\n(named-symbol 2064 frame_dummy)\n(named-symbol 0 __libc_start_main@GLIBC_2.34)\n(named-symbol 0 __cxa_finalize@GLIBC_2.17)\n(named-symbol 2220 _fini)\n(named-symbol 0 __stack_chk_fail@GLIBC_2.17)\n(named-symbol 2068 modifyValue)\n(named-symbol 0 abort@GLIBC_2.17)\n(named-symbol 1792 _start)\n(named-symbol 2108 main)\n(named-symbol 1608 _init)\n(named-symbol 0 __libc_start_main)\n(named-symbol 0 __cxa_finalize)\n(named-symbol 0 __stack_chk_fail)\n(named-symbol 0 abort)\n(require ld-linux-aarch64.so.1)\n(require libc.so.6)\n(section 568 27)\n(section 596 36)\n(section 632 32)\n(section 664 28)\n(section 696 264)\n(section 960 204)\n(section 1164 22)\n(section 1192 80)\n(section 1272 216)\n(section 1488 120)\n(section 1608 24)\n(section 1632 112)\n(section 1792 428)\n(section 2220 20)\n(section 2240 4)\n(section 2244 68)\n(section 2312 196)\n(section 130408 8)\n(section 130416 8)\n(section 130424 528)\n(section 130952 120)\n(section 131072 16)\n(section 131088 8)\n(section 0 43)\n(section 0 48)\n(section 0 235)\n(section 0 141)\n(section 0 107)\n(section 0 229)\n(section 0 122)\n(section 0 2280)\n(section 0 612)\n(section 0 330)\n(segment 0 2508 true false true)\n(segment 130408 688 true true false)\n(subarch v8)\n(symbol-chunk 1844 20 1844)\n(symbol-chunk 2068 40 2068)\n(symbol-chunk 1792 52 1792)\n(symbol-chunk 2108 112 2108)\n(symbol-value 1844 1844)\n(symbol-value 1872 1872)\n(symbol-value 1920 1920)\n(symbol-value 1984 1984)\n(symbol-value 2064 2064)\n(symbol-value 2220 2220)\n(symbol-value 2068 2068)\n(symbol-value 1792 1792)\n(symbol-value 2108 2108)\n(symbol-value 1608 1608)\n(symbol-value 0 0)\n(system \"\")\n(vendor \"\")\n"), +Attr("abi-name","aarch64-linux-gnu-elf")]), +Sections([Section(".shstrtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x68\xfd\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\xa8\x02\x00\x00\x00\x00\x00\x00\xb0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x78\xfd\x00\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x10\x02"), +Section(".strtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x68\xfd\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\xa8\x02\x00\x00\x00\x00\x00\x00\xb0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x78\xfd\x00\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\xc4\x08\x00\x00\x00\x00\x00\x00\xc4\x08\x00\x00\x00\x00\x00\x00\xc4\x08\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\x68\xfd\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00"), +Section(".symtab", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x68\xfd\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\xa8\x02\x00\x00\x00\x00\x00\x00\xb0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x78\xfd\x00\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x54\x02\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x50\xe5\x74\x64\x04\x00\x00\x00\xc4\x08\x00\x00\x00\x00\x00\x00\xc4\x08\x00\x00\x00\x00\x00\x00\xc4\x08\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x44\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x51\xe5\x74\x64\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x52\xe5\x74\x64\x04\x00\x00\x00\x68\xfd\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xd4\x83\xaa\x27\x86\x77\x4c\x65\xb4\x34\x52\x69\x26\x27\x74\x74\xf0\x5b\x03\x39\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\x48\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x16\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x87\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x24\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x33\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5f\x5f\x73\x74\x61\x63\x6b\x5f\x63\x68\x6b\x5f\x66\x61\x69\x6c\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x61\x62\x6f\x72\x74\x00\x5f\x5f\x73\x74\x61\x63\x6b\x5f\x63\x68\x6b\x5f\x67\x75\x61\x72\x64\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x2e\x2f\x6c\x69\x62\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x03\x00\x03\x00\x01\x00\x04\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x55\x00\x00\x00\x10\x00\x00\x00\x20\x00\x00\x00\x97\x91\x96\x06\x00\x00\x04\x00\x6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x4b\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x97\x91\x96\x06\x00\x00\x03\x00\x6b\x00\x00\x00\x10\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x02\x00\x76\x00\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x70\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xc0\x07\x00\x00\x00\x00\x00\x00\xf0\xff\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\xd0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x38\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xce\x47\xf9\x10\x62\x3e\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xf0\x00\x00\xf0\x11\xd2\x47\xf9\x10\x82\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xd6\x47\xf9\x10\xa2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xda\x47\xf9\x10\xc2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xde\x47\xf9\x10\xe2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xe2\x47\xf9\x10\x02\x3f\x91\x20\x02\x1f\xd6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\xe0\x00\x00\xf0\x00\xf8\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd5\xff\xff\x97\xe4\xff\xff\x97\xe0\x00\x00\xf0\x00\xf0\x47\xf9\x40\x00\x00\xb4\xdc\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\x40\x00\x91\x01\x01\x00\x90\x21\x40\x00\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xe8\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\x40\x00\x91\x01\x01\x00\x90\x21\x40\x00\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xfc\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\x42\x40\x39\x40\x01\x00\x35\xe0\x00\x00\xf0\x00\xec\x47\xf9\x80\x00\x00\xb4\x00\x01\x00\x90\x00\x04\x40\xf9\xa9\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\x42\x00\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xff\x43\x00\xd1\xe0\x07\x00\xf9\xe0\x07\x40\xf9\x00\x00\x40\xb9\x01\x28\x00\x11\xe0\x07\x40\xf9\x01\x00\x00\xb9\x1f\x20\x03\xd5\xff\x43\x00\x91\xc0\x03\x5f\xd6\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xe0\x00\x00\xf0\x00\xf4\x47\xf9\x01\x00\x40\xf9\xe1\x0f\x00\xf9\x01\x00\x80\xd2\xa0\x00\x80\x52\xe0\x13\x00\xb9\x20\x03\x80\x52\xe0\x17\x00\xb9\xe0\x43\x00\x91\xea\xff\xff\x97\xe0\x53\x00\x91\xe8\xff\xff\x97\x00\x00\x80\x52\xe1\x03\x00\x2a\xe0\x00\x00\xf0\x00\xf4\x47\xf9\xe3\x0f\x40\xf9\x02\x00\x40\xf9\x63\x00\x02\xeb\x02\x00\x80\xd2\x40\x00\x00\x54\x81\xff\xff\x97\xe0\x03\x01\x2a\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6\x01\x00\x02\x00\x01\x1b\x03\x3b\x40\x00\x00\x00\x07\x00\x00\x00\x3c\xfe\xff\xff\x58\x00\x00\x00\x8c\xfe\xff\xff\x6c\x00\x00\x00\xbc\xfe\xff\xff\x80\x00\x00\x00"), +Section(".debug_line_str", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00"), +Section(".debug_str", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00"), +Section(".debug_line", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00"), +Section(".debug_abbrev", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00"), +Section(".debug_info", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x38\x00\x09\x00\x40\x00\x22\x00\x21\x00\x06\x00\x00\x00\x04\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x38\x02\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\xcc\x09\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00"), +Section(".debug_aranges", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01\x00\x00\x00\x00\x00"), +Section(".comment", 0x0, "\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x48\x10\x01"), +Section(".interp", 0x238, "\x2f\x6c\x69\x62\x2f\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00"), +Section(".note.gnu.build-id", 0x254, "\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00\x47\x4e\x55\x00\xd4\x83\xaa\x27\x86\x77\x4c\x65\xb4\x34\x52\x69\x26\x27\x74\x74\xf0\x5b\x03\x39"), +Section(".note.ABI-tag", 0x278, "\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x47\x4e\x55\x00\x00\x00\x00\x00\x03\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00"), +Section(".gnu.hash", 0x298, "\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".dynsym", 0x2B8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x0b\x00\x48\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x16\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x87\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x24\x00\x00\x00\x22\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x39\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x33\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".dynstr", 0x3C0, "\x00\x5f\x5f\x73\x74\x61\x63\x6b\x5f\x63\x68\x6b\x5f\x66\x61\x69\x6c\x00\x5f\x5f\x6c\x69\x62\x63\x5f\x73\x74\x61\x72\x74\x5f\x6d\x61\x69\x6e\x00\x5f\x5f\x63\x78\x61\x5f\x66\x69\x6e\x61\x6c\x69\x7a\x65\x00\x61\x62\x6f\x72\x74\x00\x5f\x5f\x73\x74\x61\x63\x6b\x5f\x63\x68\x6b\x5f\x67\x75\x61\x72\x64\x00\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36\x00\x6c\x64\x2d\x6c\x69\x6e\x75\x78\x2d\x61\x61\x72\x63\x68\x36\x34\x2e\x73\x6f\x2e\x31\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x31\x37\x00\x47\x4c\x49\x42\x43\x5f\x32\x2e\x33\x34\x00\x2e\x2f\x6c\x69\x62\x00\x5f\x49\x54\x4d\x5f\x64\x65\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00\x5f\x5f\x67\x6d\x6f\x6e\x5f\x73\x74\x61\x72\x74\x5f\x5f\x00\x5f\x49\x54\x4d\x5f\x72\x65\x67\x69\x73\x74\x65\x72\x54\x4d\x43\x6c\x6f\x6e\x65\x54\x61\x62\x6c\x65\x00"), +Section(".gnu.version", 0x48C, "\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x03\x00\x03\x00\x01\x00\x04\x00\x03\x00\x01\x00"), +Section(".gnu.version_r", 0x4A8, "\x01\x00\x01\x00\x55\x00\x00\x00\x10\x00\x00\x00\x20\x00\x00\x00\x97\x91\x96\x06\x00\x00\x04\x00\x6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x4b\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x97\x91\x96\x06\x00\x00\x03\x00\x6b\x00\x00\x00\x10\x00\x00\x00\xb4\x91\x96\x06\x00\x00\x02\x00\x76\x00\x00\x00\x00\x00\x00\x00"), +Section(".rela.dyn", 0x4F8, "\x68\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x70\xfd\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\xc0\x07\x00\x00\x00\x00\x00\x00\xf0\xff\x01\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\x03\x04\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00\xd0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe0\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\xff\x01\x00\x00\x00\x00\x00\x01\x04\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".rela.plt", 0x5D0, "\xa0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xff\x01\x00\x00\x00\x00\x00\x02\x04\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".init", 0x648, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\x38\x00\x00\x94\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), +Section(".plt", 0x660, "\xf0\x7b\xbf\xa9\xf0\x00\x00\xf0\x11\xce\x47\xf9\x10\x62\x3e\x91\x20\x02\x1f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xf0\x00\x00\xf0\x11\xd2\x47\xf9\x10\x82\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xd6\x47\xf9\x10\xa2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xda\x47\xf9\x10\xc2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xde\x47\xf9\x10\xe2\x3e\x91\x20\x02\x1f\xd6\xf0\x00\x00\xf0\x11\xe2\x47\xf9\x10\x02\x3f\x91\x20\x02\x1f\xd6"), +Section(".fini", 0x8AC, "\x1f\x20\x03\xd5\xfd\x7b\xbf\xa9\xfd\x03\x00\x91\xfd\x7b\xc1\xa8\xc0\x03\x5f\xd6"), +Section(".rodata", 0x8C0, "\x01\x00\x02\x00"), +Section(".eh_frame_hdr", 0x8C4, "\x01\x1b\x03\x3b\x40\x00\x00\x00\x07\x00\x00\x00\x3c\xfe\xff\xff\x58\x00\x00\x00\x8c\xfe\xff\xff\x6c\x00\x00\x00\xbc\xfe\xff\xff\x80\x00\x00\x00\xfc\xfe\xff\xff\x94\x00\x00\x00\x4c\xff\xff\xff\xb8\x00\x00\x00\x50\xff\xff\xff\xcc\x00\x00\x00\x78\xff\xff\xff\xe4\x00\x00\x00"), +Section(".eh_frame", 0x908, "\x10\x00\x00\x00\x00\x00\x00\x00\x01\x7a\x52\x00\x04\x78\x1e\x01\x1b\x0c\x1f\x00\x10\x00\x00\x00\x18\x00\x00\x00\xdc\xfd\xff\xff\x34\x00\x00\x00\x00\x41\x07\x1e\x10\x00\x00\x00\x2c\x00\x00\x00\x18\xfe\xff\xff\x30\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x40\x00\x00\x00\x34\xfe\xff\xff\x3c\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x54\x00\x00\x00\x60\xfe\xff\xff\x48\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x42\x93\x02\x4e\xde\xdd\xd3\x0e\x00\x00\x00\x00\x10\x00\x00\x00\x78\x00\x00\x00\x8c\xfe\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x8c\x00\x00\x00\x7c\xfe\xff\xff\x28\x00\x00\x00\x00\x41\x0e\x10\x48\x0e\x00\x00\x1c\x00\x00\x00\xa4\x00\x00\x00\x8c\xfe\xff\xff\x70\x00\x00\x00\x00\x41\x0e\x20\x9d\x04\x9e\x03\x5a\xde\xdd\x0e\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".fini_array", 0x1FD70, "\xc0\x07\x00\x00\x00\x00\x00\x00"), +Section(".dynamic", 0x1FD78, "\x01\x00\x00\x00\x00\x00\x00\x00\x4b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x55\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x81\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x48\x06\x00\x00\x00\x00\x00\x00\x0d\x00\x00\x00\x00\x00\x00\x00\xac\x08\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x68\xfd\x01\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x70\xfd\x01\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xf5\xfe\xff\x6f\x00\x00\x00\x00\x98\x02\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\xb8\x02\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\xcc\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x88\xff\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x78\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00\xd0\x05\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\xf8\x04\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xd8\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xfb\xff\xff\x6f\x00\x00\x00\x00\x01\x00\x00\x08\x00\x00\x00\x00\xfe\xff\xff\x6f\x00\x00\x00\x00\xa8\x04\x00\x00\x00\x00\x00\x00\xff\xff\xff\x6f\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x6f\x00\x00\x00\x00\x8c\x04\x00\x00\x00\x00\x00\x00\xf9\xff\xff\x6f\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".got", 0x1FF88, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x60\x06\x00\x00\x00\x00\x00\x00\x60\x06\x00\x00\x00\x00\x00\x00\x60\x06\x00\x00\x00\x00\x00\x00\x60\x06\x00\x00\x00\x00\x00\x00\x60\x06\x00\x00\x00\x00\x00\x00\x78\xfd\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), +Section(".data", 0x20000, "\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x02\x00\x00\x00\x00\x00"), +Section(".init_array", 0x1FD68, "\x10\x08\x00\x00\x00\x00\x00\x00"), +Section(".text", 0x700, "\x1f\x20\x03\xd5\x1d\x00\x80\xd2\x1e\x00\x80\xd2\xe5\x03\x00\xaa\xe1\x03\x40\xf9\xe2\x23\x00\x91\xe6\x03\x00\x91\xe0\x00\x00\xf0\x00\xf8\x47\xf9\x03\x00\x80\xd2\x04\x00\x80\xd2\xd5\xff\xff\x97\xe4\xff\xff\x97\xe0\x00\x00\xf0\x00\xf0\x47\xf9\x40\x00\x00\xb4\xdc\xff\xff\x17\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\x00\x01\x00\x90\x00\x40\x00\x91\x01\x01\x00\x90\x21\x40\x00\x91\x3f\x00\x00\xeb\xc0\x00\x00\x54\xe1\x00\x00\xf0\x21\xe8\x47\xf9\x61\x00\x00\xb4\xf0\x03\x01\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x00\x01\x00\x90\x00\x40\x00\x91\x01\x01\x00\x90\x21\x40\x00\x91\x21\x00\x00\xcb\x22\xfc\x7f\xd3\x41\x0c\x81\x8b\x21\xfc\x41\x93\xc1\x00\x00\xb4\xe2\x00\x00\xf0\x42\xfc\x47\xf9\x62\x00\x00\xb4\xf0\x03\x02\xaa\x00\x02\x1f\xd6\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xf3\x0b\x00\xf9\x13\x01\x00\x90\x60\x42\x40\x39\x40\x01\x00\x35\xe0\x00\x00\xf0\x00\xec\x47\xf9\x80\x00\x00\xb4\x00\x01\x00\x90\x00\x04\x40\xf9\xa9\xff\xff\x97\xd8\xff\xff\x97\x20\x00\x80\x52\x60\x42\x00\x39\xf3\x0b\x40\xf9\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6\x1f\x20\x03\xd5\x1f\x20\x03\xd5\xdc\xff\xff\x17\xff\x43\x00\xd1\xe0\x07\x00\xf9\xe0\x07\x40\xf9\x00\x00\x40\xb9\x01\x28\x00\x11\xe0\x07\x40\xf9\x01\x00\x00\xb9\x1f\x20\x03\xd5\xff\x43\x00\x91\xc0\x03\x5f\xd6\xfd\x7b\xbe\xa9\xfd\x03\x00\x91\xe0\x00\x00\xf0\x00\xf4\x47\xf9\x01\x00\x40\xf9\xe1\x0f\x00\xf9\x01\x00\x80\xd2\xa0\x00\x80\x52\xe0\x13\x00\xb9\x20\x03\x80\x52\xe0\x17\x00\xb9\xe0\x43\x00\x91\xea\xff\xff\x97\xe0\x53\x00\x91\xe8\xff\xff\x97\x00\x00\x80\x52\xe1\x03\x00\x2a\xe0\x00\x00\xf0\x00\xf4\x47\xf9\xe3\x0f\x40\xf9\x02\x00\x40\xf9\x63\x00\x02\xeb\x02\x00\x80\xd2\x40\x00\x00\x54\x81\xff\xff\x97\xe0\x03\x01\x2a\xfd\x7b\xc2\xa8\xc0\x03\x5f\xd6")]), +Memmap([Annotation(Region(0x0,0x9CB), Attr("segment","02 0 2508")), +Annotation(Region(0x700,0x733), Attr("symbol","_start")), +Annotation(Region(0x0,0x149), Attr("section",".shstrtab")), +Annotation(Region(0x0,0x263), Attr("section",".strtab")), +Annotation(Region(0x0,0x8E7), Attr("section",".symtab")), +Annotation(Region(0x0,0x79), Attr("section",".debug_line_str")), +Annotation(Region(0x0,0xE4), Attr("section",".debug_str")), +Annotation(Region(0x0,0x6A), Attr("section",".debug_line")), +Annotation(Region(0x0,0x8C), Attr("section",".debug_abbrev")), +Annotation(Region(0x0,0xEA), Attr("section",".debug_info")), +Annotation(Region(0x0,0x2F), Attr("section",".debug_aranges")), +Annotation(Region(0x0,0x2A), Attr("section",".comment")), +Annotation(Region(0x238,0x252), Attr("section",".interp")), +Annotation(Region(0x254,0x277), Attr("section",".note.gnu.build-id")), +Annotation(Region(0x278,0x297), Attr("section",".note.ABI-tag")), +Annotation(Region(0x298,0x2B3), Attr("section",".gnu.hash")), +Annotation(Region(0x2B8,0x3BF), Attr("section",".dynsym")), +Annotation(Region(0x3C0,0x48B), Attr("section",".dynstr")), +Annotation(Region(0x48C,0x4A1), Attr("section",".gnu.version")), +Annotation(Region(0x4A8,0x4F7), Attr("section",".gnu.version_r")), +Annotation(Region(0x4F8,0x5CF), Attr("section",".rela.dyn")), +Annotation(Region(0x5D0,0x647), Attr("section",".rela.plt")), +Annotation(Region(0x648,0x65F), Attr("section",".init")), +Annotation(Region(0x660,0x6CF), Attr("section",".plt")), +Annotation(Region(0x648,0x65F), Attr("code-region","()")), +Annotation(Region(0x660,0x6CF), Attr("code-region","()")), +Annotation(Region(0x700,0x733), Attr("symbol-info","_start 0x700 52")), +Annotation(Region(0x734,0x747), Attr("symbol","call_weak_fn")), +Annotation(Region(0x734,0x747), Attr("symbol-info","call_weak_fn 0x734 20")), +Annotation(Region(0x814,0x83B), Attr("symbol","modifyValue")), +Annotation(Region(0x814,0x83B), Attr("symbol-info","modifyValue 0x814 40")), +Annotation(Region(0x700,0x8AB), Attr("code-region","()")), +Annotation(Region(0x83C,0x8AB), Attr("symbol","main")), +Annotation(Region(0x83C,0x8AB), Attr("symbol-info","main 0x83C 112")), +Annotation(Region(0x8AC,0x8BF), Attr("section",".fini")), +Annotation(Region(0x8C0,0x8C3), Attr("section",".rodata")), +Annotation(Region(0x8C4,0x907), Attr("section",".eh_frame_hdr")), +Annotation(Region(0x908,0x9CB), Attr("section",".eh_frame")), +Annotation(Region(0x1FD68,0x2000F), Attr("segment","03 0x1FD68 688")), +Annotation(Region(0x1FD70,0x1FD77), Attr("section",".fini_array")), +Annotation(Region(0x1FD78,0x1FF87), Attr("section",".dynamic")), +Annotation(Region(0x1FF88,0x1FFFF), Attr("section",".got")), +Annotation(Region(0x20000,0x2000F), Attr("section",".data")), +Annotation(Region(0x1FD68,0x1FD6F), Attr("section",".init_array")), +Annotation(Region(0x700,0x8AB), Attr("section",".text")), +Annotation(Region(0x8AC,0x8BF), Attr("code-region","()"))]), +Program(Tid(1_804, "%0000070c"), Attrs([]), + Subs([Sub(Tid(1_779, "@__cxa_finalize"), Attrs([Attr("address","0x690"), +Attr("stub","()"), Attr("c.proto","signed (*)(void)")]), "__cxa_finalize", + Args([Arg(Tid(1_805, "%0000070d"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__cxa_finalize_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(1_203, "@__cxa_finalize"), Attrs([Attr("address","0x690")]), + Phis([]), Defs([Def(Tid(1_467, "%000005bb"), Attrs([Attr("address","0x690"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_474, "%000005c2"), Attrs([Attr("address","0x694"), +Attr("insn","ldr x17, [x16, #0xfa8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4008,64)),LittleEndian(),64)), +Def(Tid(1_480, "%000005c8"), Attrs([Attr("address","0x698"), +Attr("insn","add x16, x16, #0xfa8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4008,64)))]), Jmps([Call(Tid(1_485, "%000005cd"), + Attrs([Attr("address","0x69C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), +Sub(Tid(1_780, "@__do_global_dtors_aux"), Attrs([Attr("address","0x7C0"), +Attr("c.proto","signed (*)(void)")]), "__do_global_dtors_aux", + Args([Arg(Tid(1_806, "%0000070e"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__do_global_dtors_aux_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(763, "@__do_global_dtors_aux"), + Attrs([Attr("address","0x7C0")]), Phis([]), Defs([Def(Tid(767, "%000002ff"), + Attrs([Attr("address","0x7C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#3",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))), +Def(Tid(773, "%00000305"), Attrs([Attr("address","0x7C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#3",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(779, "%0000030b"), Attrs([Attr("address","0x7C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#3",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(783, "%0000030f"), Attrs([Attr("address","0x7C0"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)), +Var("#3",Imm(64))), Def(Tid(789, "%00000315"), + Attrs([Attr("address","0x7C4"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(797, "%0000031d"), + Attrs([Attr("address","0x7C8"), Attr("insn","str x19, [sp, #0x10]")]), + Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Var("R19",Imm(64)),LittleEndian(),64)), +Def(Tid(802, "%00000322"), Attrs([Attr("address","0x7CC"), +Attr("insn","adrp x19, #131072")]), Var("R19",Imm(64)), Int(131072,64)), +Def(Tid(809, "%00000329"), Attrs([Attr("address","0x7D0"), +Attr("insn","ldrb w0, [x19, #0x10]")]), Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(16,64)),LittleEndian(),8)))]), +Jmps([Goto(Tid(816, "%00000330"), Attrs([Attr("address","0x7D4"), +Attr("insn","cbnz w0, #0x28")]), + NEQ(Extract(31,0,Var("R0",Imm(64))),Int(0,32)), +Direct(Tid(814, "%0000032e"))), Goto(Tid(1_781, "%000006f5"), Attrs([]), + Int(1,1), Direct(Tid(1_148, "%0000047c")))])), Blk(Tid(1_148, "%0000047c"), + Attrs([Attr("address","0x7D8")]), Phis([]), +Defs([Def(Tid(1_151, "%0000047f"), Attrs([Attr("address","0x7D8"), +Attr("insn","adrp x0, #126976")]), Var("R0",Imm(64)), Int(126976,64)), +Def(Tid(1_158, "%00000486"), Attrs([Attr("address","0x7DC"), +Attr("insn","ldr x0, [x0, #0xfd8]")]), Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4056,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(1_164, "%0000048c"), Attrs([Attr("address","0x7E0"), +Attr("insn","cbz x0, #0x10")]), EQ(Var("R0",Imm(64)),Int(0,64)), +Direct(Tid(1_162, "%0000048a"))), Goto(Tid(1_782, "%000006f6"), Attrs([]), + Int(1,1), Direct(Tid(1_187, "%000004a3")))])), Blk(Tid(1_187, "%000004a3"), + Attrs([Attr("address","0x7E4")]), Phis([]), +Defs([Def(Tid(1_190, "%000004a6"), Attrs([Attr("address","0x7E4"), +Attr("insn","adrp x0, #131072")]), Var("R0",Imm(64)), Int(131072,64)), +Def(Tid(1_197, "%000004ad"), Attrs([Attr("address","0x7E8"), +Attr("insn","ldr x0, [x0, #0x8]")]), Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(1_202, "%000004b2"), Attrs([Attr("address","0x7EC"), +Attr("insn","bl #-0x15c")]), Var("R30",Imm(64)), Int(2032,64))]), +Jmps([Call(Tid(1_205, "%000004b5"), Attrs([Attr("address","0x7EC"), +Attr("insn","bl #-0x15c")]), Int(1,1), +(Direct(Tid(1_779, "@__cxa_finalize")),Direct(Tid(1_162, "%0000048a"))))])), +Blk(Tid(1_162, "%0000048a"), Attrs([Attr("address","0x7F0")]), Phis([]), +Defs([Def(Tid(1_170, "%00000492"), Attrs([Attr("address","0x7F0"), +Attr("insn","bl #-0xa0")]), Var("R30",Imm(64)), Int(2036,64))]), +Jmps([Call(Tid(1_172, "%00000494"), Attrs([Attr("address","0x7F0"), +Attr("insn","bl #-0xa0")]), Int(1,1), +(Direct(Tid(1_794, "@deregister_tm_clones")),Direct(Tid(1_174, "%00000496"))))])), +Blk(Tid(1_174, "%00000496"), Attrs([Attr("address","0x7F4")]), Phis([]), +Defs([Def(Tid(1_177, "%00000499"), Attrs([Attr("address","0x7F4"), +Attr("insn","mov w0, #0x1")]), Var("R0",Imm(64)), Int(1,64)), +Def(Tid(1_185, "%000004a1"), Attrs([Attr("address","0x7F8"), +Attr("insn","strb w0, [x19, #0x10]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R19",Imm(64)),Int(16,64)),Extract(7,0,Var("R0",Imm(64))),LittleEndian(),8))]), +Jmps([Goto(Tid(1_783, "%000006f7"), Attrs([]), Int(1,1), +Direct(Tid(814, "%0000032e")))])), Blk(Tid(814, "%0000032e"), + Attrs([Attr("address","0x7FC")]), Phis([]), Defs([Def(Tid(824, "%00000338"), + Attrs([Attr("address","0x7FC"), Attr("insn","ldr x19, [sp, #0x10]")]), + Var("R19",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),LittleEndian(),64)), +Def(Tid(831, "%0000033f"), Attrs([Attr("address","0x800"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(836, "%00000344"), Attrs([Attr("address","0x800"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(840, "%00000348"), Attrs([Attr("address","0x800"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(845, "%0000034d"), + Attrs([Attr("address","0x804"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_784, "@__libc_start_main"), + Attrs([Attr("address","0x680"), Attr("stub","()"), +Attr("c.proto","signed (*)(signed (*)(signed , char** , char** );* main, signed , char** , \nvoid* auxv)")]), + "__libc_start_main", Args([Arg(Tid(1_807, "%0000070f"), + Attrs([Attr("c.data","Top:u64 ptr ptr"), +Attr("c.layout","**[ : 64]"), +Attr("c.type","signed (*)(signed , char** , char** );*")]), + Var("__libc_start_main_main",Imm(64)), Var("R0",Imm(64)), In()), +Arg(Tid(1_808, "%00000710"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__libc_start_main_arg2",Imm(32)), LOW(32,Var("R1",Imm(64))), In()), +Arg(Tid(1_809, "%00000711"), Attrs([Attr("c.data","Top:u8 ptr ptr"), +Attr("c.layout","**[char : 8]"), Attr("c.type","char**")]), + Var("__libc_start_main_arg3",Imm(64)), Var("R2",Imm(64)), Both()), +Arg(Tid(1_810, "%00000712"), Attrs([Attr("c.data","{} ptr"), +Attr("c.layout","*[ : 8]"), Attr("c.type","void*")]), + Var("__libc_start_main_auxv",Imm(64)), Var("R3",Imm(64)), Both()), +Arg(Tid(1_811, "%00000713"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__libc_start_main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(596, "@__libc_start_main"), + Attrs([Attr("address","0x680")]), Phis([]), +Defs([Def(Tid(1_445, "%000005a5"), Attrs([Attr("address","0x680"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_452, "%000005ac"), Attrs([Attr("address","0x684"), +Attr("insn","ldr x17, [x16, #0xfa0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4000,64)),LittleEndian(),64)), +Def(Tid(1_458, "%000005b2"), Attrs([Attr("address","0x688"), +Attr("insn","add x16, x16, #0xfa0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4000,64)))]), Jmps([Call(Tid(1_463, "%000005b7"), + Attrs([Attr("address","0x68C"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_785, "@__stack_chk_fail"), + Attrs([Attr("address","0x6A0"), Attr("stub","()"), +Attr("c.proto","signed (*)(void)")]), "__stack_chk_fail", + Args([Arg(Tid(1_812, "%00000714"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("__stack_chk_fail_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(1_144, "@__stack_chk_fail"), Attrs([Attr("address","0x6A0")]), + Phis([]), Defs([Def(Tid(1_489, "%000005d1"), Attrs([Attr("address","0x6A0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_496, "%000005d8"), Attrs([Attr("address","0x6A4"), +Attr("insn","ldr x17, [x16, #0xfb0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4016,64)),LittleEndian(),64)), +Def(Tid(1_502, "%000005de"), Attrs([Attr("address","0x6A8"), +Attr("insn","add x16, x16, #0xfb0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4016,64)))]), Jmps([Call(Tid(1_507, "%000005e3"), + Attrs([Attr("address","0x6AC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_786, "@_fini"), + Attrs([Attr("address","0x8AC"), Attr("c.proto","signed (*)(void)")]), + "_fini", Args([Arg(Tid(1_813, "%00000715"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("_fini_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(52, "@_fini"), Attrs([Attr("address","0x8AC")]), Phis([]), +Defs([Def(Tid(58, "%0000003a"), Attrs([Attr("address","0x8B0"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#0",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(64, "%00000040"), Attrs([Attr("address","0x8B0"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#0",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(70, "%00000046"), Attrs([Attr("address","0x8B0"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#0",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(74, "%0000004a"), Attrs([Attr("address","0x8B0"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#0",Imm(64))), Def(Tid(80, "%00000050"), Attrs([Attr("address","0x8B4"), +Attr("insn","mov x29, sp")]), Var("R29",Imm(64)), Var("R31",Imm(64))), +Def(Tid(87, "%00000057"), Attrs([Attr("address","0x8B8"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(92, "%0000005c"), Attrs([Attr("address","0x8B8"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(96, "%00000060"), Attrs([Attr("address","0x8B8"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(101, "%00000065"), + Attrs([Attr("address","0x8BC"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_787, "@_init"), + Attrs([Attr("address","0x648"), Attr("c.proto","signed (*)(void)")]), + "_init", Args([Arg(Tid(1_814, "%00000716"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("_init_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(1_579, "@_init"), Attrs([Attr("address","0x648")]), Phis([]), +Defs([Def(Tid(1_585, "%00000631"), Attrs([Attr("address","0x64C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("#8",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(1_591, "%00000637"), Attrs([Attr("address","0x64C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#8",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(1_597, "%0000063d"), Attrs([Attr("address","0x64C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#8",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(1_601, "%00000641"), Attrs([Attr("address","0x64C"), +Attr("insn","stp x29, x30, [sp, #-0x10]!")]), Var("R31",Imm(64)), +Var("#8",Imm(64))), Def(Tid(1_607, "%00000647"), + Attrs([Attr("address","0x650"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(1_612, "%0000064c"), + Attrs([Attr("address","0x654"), Attr("insn","bl #0xe0")]), + Var("R30",Imm(64)), Int(1624,64))]), Jmps([Call(Tid(1_614, "%0000064e"), + Attrs([Attr("address","0x654"), Attr("insn","bl #0xe0")]), Int(1,1), +(Direct(Tid(1_792, "@call_weak_fn")),Direct(Tid(1_616, "%00000650"))))])), +Blk(Tid(1_616, "%00000650"), Attrs([Attr("address","0x658")]), Phis([]), +Defs([Def(Tid(1_621, "%00000655"), Attrs([Attr("address","0x658"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(1_626, "%0000065a"), Attrs([Attr("address","0x658"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(1_630, "%0000065e"), Attrs([Attr("address","0x658"), +Attr("insn","ldp x29, x30, [sp], #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(1_635, "%00000663"), + Attrs([Attr("address","0x65C"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_788, "@_start"), + Attrs([Attr("address","0x700"), Attr("entry-point","()"), +Attr("c.proto","signed (*)(void)")]), "_start", + Args([Arg(Tid(1_815, "%00000717"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("_start_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(533, "@_start"), Attrs([Attr("address","0x700")]), Phis([]), +Defs([Def(Tid(538, "%0000021a"), Attrs([Attr("address","0x704"), +Attr("insn","mov x29, #0x0")]), Var("R29",Imm(64)), Int(0,64)), +Def(Tid(543, "%0000021f"), Attrs([Attr("address","0x708"), +Attr("insn","mov x30, #0x0")]), Var("R30",Imm(64)), Int(0,64)), +Def(Tid(549, "%00000225"), Attrs([Attr("address","0x70C"), +Attr("insn","mov x5, x0")]), Var("R5",Imm(64)), Var("R0",Imm(64))), +Def(Tid(556, "%0000022c"), Attrs([Attr("address","0x710"), +Attr("insn","ldr x1, [sp]")]), Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(562, "%00000232"), Attrs([Attr("address","0x714"), +Attr("insn","add x2, sp, #0x8")]), Var("R2",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(8,64))), Def(Tid(568, "%00000238"), + Attrs([Attr("address","0x718"), Attr("insn","mov x6, sp")]), + Var("R6",Imm(64)), Var("R31",Imm(64))), Def(Tid(573, "%0000023d"), + Attrs([Attr("address","0x71C"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(580, "%00000244"), + Attrs([Attr("address","0x720"), Attr("insn","ldr x0, [x0, #0xff0]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4080,64)),LittleEndian(),64)), +Def(Tid(585, "%00000249"), Attrs([Attr("address","0x724"), +Attr("insn","mov x3, #0x0")]), Var("R3",Imm(64)), Int(0,64)), +Def(Tid(590, "%0000024e"), Attrs([Attr("address","0x728"), +Attr("insn","mov x4, #0x0")]), Var("R4",Imm(64)), Int(0,64)), +Def(Tid(595, "%00000253"), Attrs([Attr("address","0x72C"), +Attr("insn","bl #-0xac")]), Var("R30",Imm(64)), Int(1840,64))]), +Jmps([Call(Tid(598, "%00000256"), Attrs([Attr("address","0x72C"), +Attr("insn","bl #-0xac")]), Int(1,1), +(Direct(Tid(1_784, "@__libc_start_main")),Direct(Tid(600, "%00000258"))))])), +Blk(Tid(600, "%00000258"), Attrs([Attr("address","0x730")]), Phis([]), +Defs([Def(Tid(603, "%0000025b"), Attrs([Attr("address","0x730"), +Attr("insn","bl #-0x70")]), Var("R30",Imm(64)), Int(1844,64))]), +Jmps([Call(Tid(606, "%0000025e"), Attrs([Attr("address","0x730"), +Attr("insn","bl #-0x70")]), Int(1,1), +(Direct(Tid(1_791, "@abort")),Direct(Tid(1_789, "%000006fd"))))])), +Blk(Tid(1_789, "%000006fd"), Attrs([]), Phis([]), Defs([]), +Jmps([Call(Tid(1_790, "%000006fe"), Attrs([]), Int(1,1), +(Direct(Tid(1_792, "@call_weak_fn")),))]))])), Sub(Tid(1_791, "@abort"), + Attrs([Attr("address","0x6C0"), Attr("stub","()"), Attr("noreturn","()"), +Attr("c.proto","void (*)(void)")]), "abort", Args([]), +Blks([Blk(Tid(604, "@abort"), Attrs([Attr("address","0x6C0")]), Phis([]), +Defs([Def(Tid(1_533, "%000005fd"), Attrs([Attr("address","0x6C0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_540, "%00000604"), Attrs([Attr("address","0x6C4"), +Attr("insn","ldr x17, [x16, #0xfc0]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4032,64)),LittleEndian(),64)), +Def(Tid(1_546, "%0000060a"), Attrs([Attr("address","0x6C8"), +Attr("insn","add x16, x16, #0xfc0")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4032,64)))]), Jmps([Call(Tid(1_551, "%0000060f"), + Attrs([Attr("address","0x6CC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), Sub(Tid(1_792, "@call_weak_fn"), + Attrs([Attr("address","0x734"), Attr("c.proto","signed (*)(void)")]), + "call_weak_fn", Args([Arg(Tid(1_816, "%00000718"), + Attrs([Attr("c.data","Top:u32"), Attr("c.layout","[signed : 32]"), +Attr("c.type","signed")]), Var("call_weak_fn_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(608, "@call_weak_fn"), + Attrs([Attr("address","0x734")]), Phis([]), Defs([Def(Tid(611, "%00000263"), + Attrs([Attr("address","0x734"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(618, "%0000026a"), + Attrs([Attr("address","0x738"), Attr("insn","ldr x0, [x0, #0xfe0]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4064,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(624, "%00000270"), Attrs([Attr("address","0x73C"), +Attr("insn","cbz x0, #0x8")]), EQ(Var("R0",Imm(64)),Int(0,64)), +Direct(Tid(622, "%0000026e"))), Goto(Tid(1_793, "%00000701"), Attrs([]), + Int(1,1), Direct(Tid(1_267, "%000004f3")))])), Blk(Tid(622, "%0000026e"), + Attrs([Attr("address","0x744")]), Phis([]), Defs([]), +Jmps([Call(Tid(630, "%00000276"), Attrs([Attr("address","0x744"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(1_267, "%000004f3"), Attrs([Attr("address","0x740")]), Phis([]), +Defs([]), Jmps([Goto(Tid(1_270, "%000004f6"), Attrs([Attr("address","0x740"), +Attr("insn","b #-0x90")]), Int(1,1), +Direct(Tid(1_268, "@__gmon_start__")))])), Blk(Tid(1_268, "@__gmon_start__"), + Attrs([Attr("address","0x6B0")]), Phis([]), +Defs([Def(Tid(1_511, "%000005e7"), Attrs([Attr("address","0x6B0"), +Attr("insn","adrp x16, #126976")]), Var("R16",Imm(64)), Int(126976,64)), +Def(Tid(1_518, "%000005ee"), Attrs([Attr("address","0x6B4"), +Attr("insn","ldr x17, [x16, #0xfb8]")]), Var("R17",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R16",Imm(64)),Int(4024,64)),LittleEndian(),64)), +Def(Tid(1_524, "%000005f4"), Attrs([Attr("address","0x6B8"), +Attr("insn","add x16, x16, #0xfb8")]), Var("R16",Imm(64)), +PLUS(Var("R16",Imm(64)),Int(4024,64)))]), Jmps([Call(Tid(1_529, "%000005f9"), + Attrs([Attr("address","0x6BC"), Attr("insn","br x17")]), Int(1,1), +(Indirect(Var("R17",Imm(64))),))]))])), +Sub(Tid(1_794, "@deregister_tm_clones"), Attrs([Attr("address","0x750"), +Attr("c.proto","signed (*)(void)")]), "deregister_tm_clones", + Args([Arg(Tid(1_817, "%00000719"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("deregister_tm_clones_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(636, "@deregister_tm_clones"), + Attrs([Attr("address","0x750")]), Phis([]), Defs([Def(Tid(639, "%0000027f"), + Attrs([Attr("address","0x750"), Attr("insn","adrp x0, #131072")]), + Var("R0",Imm(64)), Int(131072,64)), Def(Tid(645, "%00000285"), + Attrs([Attr("address","0x754"), Attr("insn","add x0, x0, #0x10")]), + Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(16,64))), +Def(Tid(650, "%0000028a"), Attrs([Attr("address","0x758"), +Attr("insn","adrp x1, #131072")]), Var("R1",Imm(64)), Int(131072,64)), +Def(Tid(656, "%00000290"), Attrs([Attr("address","0x75C"), +Attr("insn","add x1, x1, #0x10")]), Var("R1",Imm(64)), +PLUS(Var("R1",Imm(64)),Int(16,64))), Def(Tid(662, "%00000296"), + Attrs([Attr("address","0x760"), Attr("insn","cmp x1, x0")]), + Var("#1",Imm(64)), NOT(Var("R0",Imm(64)))), Def(Tid(667, "%0000029b"), + Attrs([Attr("address","0x760"), Attr("insn","cmp x1, x0")]), + Var("#2",Imm(64)), PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64))))), +Def(Tid(673, "%000002a1"), Attrs([Attr("address","0x760"), +Attr("insn","cmp x1, x0")]), Var("VF",Imm(1)), +NEQ(SIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R1",Imm(64))),SIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), +Def(Tid(679, "%000002a7"), Attrs([Attr("address","0x760"), +Attr("insn","cmp x1, x0")]), Var("CF",Imm(1)), +NEQ(UNSIGNED(65,PLUS(Var("#2",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R1",Imm(64))),UNSIGNED(65,Var("#1",Imm(64)))),Int(1,65)))), +Def(Tid(683, "%000002ab"), Attrs([Attr("address","0x760"), +Attr("insn","cmp x1, x0")]), Var("ZF",Imm(1)), +EQ(PLUS(Var("#2",Imm(64)),Int(1,64)),Int(0,64))), Def(Tid(687, "%000002af"), + Attrs([Attr("address","0x760"), Attr("insn","cmp x1, x0")]), + Var("NF",Imm(1)), Extract(63,63,PLUS(Var("#2",Imm(64)),Int(1,64))))]), +Jmps([Goto(Tid(693, "%000002b5"), Attrs([Attr("address","0x764"), +Attr("insn","b.eq #0x18")]), EQ(Var("ZF",Imm(1)),Int(1,1)), +Direct(Tid(691, "%000002b3"))), Goto(Tid(1_795, "%00000703"), Attrs([]), + Int(1,1), Direct(Tid(1_237, "%000004d5")))])), Blk(Tid(1_237, "%000004d5"), + Attrs([Attr("address","0x768")]), Phis([]), +Defs([Def(Tid(1_240, "%000004d8"), Attrs([Attr("address","0x768"), +Attr("insn","adrp x1, #126976")]), Var("R1",Imm(64)), Int(126976,64)), +Def(Tid(1_247, "%000004df"), Attrs([Attr("address","0x76C"), +Attr("insn","ldr x1, [x1, #0xfd0]")]), Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R1",Imm(64)),Int(4048,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(1_252, "%000004e4"), Attrs([Attr("address","0x770"), +Attr("insn","cbz x1, #0xc")]), EQ(Var("R1",Imm(64)),Int(0,64)), +Direct(Tid(691, "%000002b3"))), Goto(Tid(1_796, "%00000704"), Attrs([]), + Int(1,1), Direct(Tid(1_256, "%000004e8")))])), Blk(Tid(691, "%000002b3"), + Attrs([Attr("address","0x77C")]), Phis([]), Defs([]), +Jmps([Call(Tid(699, "%000002bb"), Attrs([Attr("address","0x77C"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(1_256, "%000004e8"), Attrs([Attr("address","0x774")]), Phis([]), +Defs([Def(Tid(1_260, "%000004ec"), Attrs([Attr("address","0x774"), +Attr("insn","mov x16, x1")]), Var("R16",Imm(64)), Var("R1",Imm(64)))]), +Jmps([Call(Tid(1_265, "%000004f1"), Attrs([Attr("address","0x778"), +Attr("insn","br x16")]), Int(1,1), (Indirect(Var("R16",Imm(64))),))]))])), +Sub(Tid(1_797, "@frame_dummy"), Attrs([Attr("address","0x810"), +Attr("c.proto","signed (*)(void)")]), "frame_dummy", + Args([Arg(Tid(1_818, "%0000071a"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("frame_dummy_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(851, "@frame_dummy"), Attrs([Attr("address","0x810")]), + Phis([]), Defs([]), Jmps([Call(Tid(853, "%00000355"), + Attrs([Attr("address","0x810"), Attr("insn","b #-0x90")]), Int(1,1), +(Direct(Tid(1_801, "@register_tm_clones")),))]))])), Sub(Tid(1_798, "@main"), + Attrs([Attr("address","0x83C"), +Attr("c.proto","signed (*)(signed argc, const char** argv)")]), "main", + Args([Arg(Tid(1_819, "%0000071b"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("main_argc",Imm(32)), LOW(32,Var("R0",Imm(64))), In()), +Arg(Tid(1_820, "%0000071c"), Attrs([Attr("c.data","Top:u8 ptr ptr"), +Attr("c.layout","**[char : 8]"), Attr("c.type"," const char**")]), + Var("main_argv",Imm(64)), Var("R1",Imm(64)), Both()), +Arg(Tid(1_821, "%0000071d"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("main_result",Imm(32)), LOW(32,Var("R0",Imm(64))), Out())]), +Blks([Blk(Tid(917, "@main"), Attrs([Attr("address","0x83C")]), Phis([]), +Defs([Def(Tid(921, "%00000399"), Attrs([Attr("address","0x83C"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("#4",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(18446744073709551584,64))), +Def(Tid(927, "%0000039f"), Attrs([Attr("address","0x83C"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("#4",Imm(64)),Var("R29",Imm(64)),LittleEndian(),64)), +Def(Tid(933, "%000003a5"), Attrs([Attr("address","0x83C"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("#4",Imm(64)),Int(8,64)),Var("R30",Imm(64)),LittleEndian(),64)), +Def(Tid(937, "%000003a9"), Attrs([Attr("address","0x83C"), +Attr("insn","stp x29, x30, [sp, #-0x20]!")]), Var("R31",Imm(64)), +Var("#4",Imm(64))), Def(Tid(943, "%000003af"), + Attrs([Attr("address","0x840"), Attr("insn","mov x29, sp")]), + Var("R29",Imm(64)), Var("R31",Imm(64))), Def(Tid(948, "%000003b4"), + Attrs([Attr("address","0x844"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(955, "%000003bb"), + Attrs([Attr("address","0x848"), Attr("insn","ldr x0, [x0, #0xfe8]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4072,64)),LittleEndian(),64)), +Def(Tid(962, "%000003c2"), Attrs([Attr("address","0x84C"), +Attr("insn","ldr x1, [x0]")]), Var("R1",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), +Def(Tid(970, "%000003ca"), Attrs([Attr("address","0x850"), +Attr("insn","str x1, [sp, #0x18]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(24,64)),Var("R1",Imm(64)),LittleEndian(),64)), +Def(Tid(975, "%000003cf"), Attrs([Attr("address","0x854"), +Attr("insn","mov x1, #0x0")]), Var("R1",Imm(64)), Int(0,64)), +Def(Tid(980, "%000003d4"), Attrs([Attr("address","0x858"), +Attr("insn","mov w0, #0x5")]), Var("R0",Imm(64)), Int(5,64)), +Def(Tid(988, "%000003dc"), Attrs([Attr("address","0x85C"), +Attr("insn","str w0, [sp, #0x10]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(16,64)),Extract(31,0,Var("R0",Imm(64))),LittleEndian(),32)), +Def(Tid(993, "%000003e1"), Attrs([Attr("address","0x860"), +Attr("insn","mov w0, #0x19")]), Var("R0",Imm(64)), Int(25,64)), +Def(Tid(1_001, "%000003e9"), Attrs([Attr("address","0x864"), +Attr("insn","str w0, [sp, #0x14]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(20,64)),Extract(31,0,Var("R0",Imm(64))),LittleEndian(),32)), +Def(Tid(1_007, "%000003ef"), Attrs([Attr("address","0x868"), +Attr("insn","add x0, sp, #0x10")]), Var("R0",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64))), Def(Tid(1_012, "%000003f4"), + Attrs([Attr("address","0x86C"), Attr("insn","bl #-0x58")]), + Var("R30",Imm(64)), Int(2160,64))]), Jmps([Call(Tid(1_014, "%000003f6"), + Attrs([Attr("address","0x86C"), Attr("insn","bl #-0x58")]), Int(1,1), +(Direct(Tid(1_800, "@modifyValue")),Direct(Tid(1_016, "%000003f8"))))])), +Blk(Tid(1_016, "%000003f8"), Attrs([Attr("address","0x870")]), Phis([]), +Defs([Def(Tid(1_020, "%000003fc"), Attrs([Attr("address","0x870"), +Attr("insn","add x0, sp, #0x14")]), Var("R0",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(20,64))), Def(Tid(1_025, "%00000401"), + Attrs([Attr("address","0x874"), Attr("insn","bl #-0x60")]), + Var("R30",Imm(64)), Int(2168,64))]), Jmps([Call(Tid(1_027, "%00000403"), + Attrs([Attr("address","0x874"), Attr("insn","bl #-0x60")]), Int(1,1), +(Direct(Tid(1_800, "@modifyValue")),Direct(Tid(1_029, "%00000405"))))])), +Blk(Tid(1_029, "%00000405"), Attrs([Attr("address","0x878")]), Phis([]), +Defs([Def(Tid(1_032, "%00000408"), Attrs([Attr("address","0x878"), +Attr("insn","mov w0, #0x0")]), Var("R0",Imm(64)), Int(0,64)), +Def(Tid(1_038, "%0000040e"), Attrs([Attr("address","0x87C"), +Attr("insn","mov w1, w0")]), Var("R1",Imm(64)), +UNSIGNED(64,Extract(31,0,Var("R0",Imm(64))))), Def(Tid(1_043, "%00000413"), + Attrs([Attr("address","0x880"), Attr("insn","adrp x0, #126976")]), + Var("R0",Imm(64)), Int(126976,64)), Def(Tid(1_050, "%0000041a"), + Attrs([Attr("address","0x884"), Attr("insn","ldr x0, [x0, #0xfe8]")]), + Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R0",Imm(64)),Int(4072,64)),LittleEndian(),64)), +Def(Tid(1_057, "%00000421"), Attrs([Attr("address","0x888"), +Attr("insn","ldr x3, [sp, #0x18]")]), Var("R3",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(24,64)),LittleEndian(),64)), +Def(Tid(1_064, "%00000428"), Attrs([Attr("address","0x88C"), +Attr("insn","ldr x2, [x0]")]), Var("R2",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),64)), +Def(Tid(1_070, "%0000042e"), Attrs([Attr("address","0x890"), +Attr("insn","subs x3, x3, x2")]), Var("#5",Imm(64)), NOT(Var("R2",Imm(64)))), +Def(Tid(1_075, "%00000433"), Attrs([Attr("address","0x890"), +Attr("insn","subs x3, x3, x2")]), Var("#6",Imm(64)), +PLUS(Var("R3",Imm(64)),NOT(Var("R2",Imm(64))))), Def(Tid(1_081, "%00000439"), + Attrs([Attr("address","0x890"), Attr("insn","subs x3, x3, x2")]), + Var("VF",Imm(1)), +NEQ(SIGNED(65,PLUS(Var("#6",Imm(64)),Int(1,64))),PLUS(PLUS(SIGNED(65,Var("R3",Imm(64))),SIGNED(65,Var("#5",Imm(64)))),Int(1,65)))), +Def(Tid(1_087, "%0000043f"), Attrs([Attr("address","0x890"), +Attr("insn","subs x3, x3, x2")]), Var("CF",Imm(1)), +NEQ(UNSIGNED(65,PLUS(Var("#6",Imm(64)),Int(1,64))),PLUS(PLUS(UNSIGNED(65,Var("R3",Imm(64))),UNSIGNED(65,Var("#5",Imm(64)))),Int(1,65)))), +Def(Tid(1_091, "%00000443"), Attrs([Attr("address","0x890"), +Attr("insn","subs x3, x3, x2")]), Var("ZF",Imm(1)), +EQ(PLUS(Var("#6",Imm(64)),Int(1,64)),Int(0,64))), +Def(Tid(1_095, "%00000447"), Attrs([Attr("address","0x890"), +Attr("insn","subs x3, x3, x2")]), Var("NF",Imm(1)), +Extract(63,63,PLUS(Var("#6",Imm(64)),Int(1,64)))), +Def(Tid(1_099, "%0000044b"), Attrs([Attr("address","0x890"), +Attr("insn","subs x3, x3, x2")]), Var("R3",Imm(64)), +PLUS(Var("#6",Imm(64)),Int(1,64))), Def(Tid(1_104, "%00000450"), + Attrs([Attr("address","0x894"), Attr("insn","mov x2, #0x0")]), + Var("R2",Imm(64)), Int(0,64))]), Jmps([Goto(Tid(1_110, "%00000456"), + Attrs([Attr("address","0x898"), Attr("insn","b.eq #0x8")]), + EQ(Var("ZF",Imm(1)),Int(1,1)), Direct(Tid(1_108, "%00000454"))), +Goto(Tid(1_799, "%00000707"), Attrs([]), Int(1,1), +Direct(Tid(1_140, "%00000474")))])), Blk(Tid(1_140, "%00000474"), + Attrs([Attr("address","0x89C")]), Phis([]), +Defs([Def(Tid(1_143, "%00000477"), Attrs([Attr("address","0x89C"), +Attr("insn","bl #-0x1fc")]), Var("R30",Imm(64)), Int(2208,64))]), +Jmps([Call(Tid(1_146, "%0000047a"), Attrs([Attr("address","0x89C"), +Attr("insn","bl #-0x1fc")]), Int(1,1), +(Direct(Tid(1_785, "@__stack_chk_fail")),Direct(Tid(1_108, "%00000454"))))])), +Blk(Tid(1_108, "%00000454"), Attrs([Attr("address","0x8A0")]), Phis([]), +Defs([Def(Tid(1_117, "%0000045d"), Attrs([Attr("address","0x8A0"), +Attr("insn","mov w0, w1")]), Var("R0",Imm(64)), +UNSIGNED(64,Extract(31,0,Var("R1",Imm(64))))), Def(Tid(1_124, "%00000464"), + Attrs([Attr("address","0x8A4"), Attr("insn","ldp x29, x30, [sp], #0x20")]), + Var("R29",Imm(64)), +Load(Var("mem",Mem(64,8)),Var("R31",Imm(64)),LittleEndian(),64)), +Def(Tid(1_129, "%00000469"), Attrs([Attr("address","0x8A4"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R30",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(1_133, "%0000046d"), Attrs([Attr("address","0x8A4"), +Attr("insn","ldp x29, x30, [sp], #0x20")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(32,64)))]), Jmps([Call(Tid(1_138, "%00000472"), + Attrs([Attr("address","0x8A8"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), Sub(Tid(1_800, "@modifyValue"), + Attrs([Attr("address","0x814"), Attr("c.proto","signed (*)(void)")]), + "modifyValue", Args([Arg(Tid(1_822, "%0000071e"), + Attrs([Attr("c.data","Top:u32"), Attr("c.layout","[signed : 32]"), +Attr("c.type","signed")]), Var("modifyValue_result",Imm(32)), +LOW(32,Var("R0",Imm(64))), Out())]), Blks([Blk(Tid(855, "@modifyValue"), + Attrs([Attr("address","0x814")]), Phis([]), Defs([Def(Tid(859, "%0000035b"), + Attrs([Attr("address","0x814"), Attr("insn","sub sp, sp, #0x10")]), + Var("R31",Imm(64)), PLUS(Var("R31",Imm(64)),Int(18446744073709551600,64))), +Def(Tid(867, "%00000363"), Attrs([Attr("address","0x818"), +Attr("insn","str x0, [sp, #0x8]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),Var("R0",Imm(64)),LittleEndian(),64)), +Def(Tid(874, "%0000036a"), Attrs([Attr("address","0x81C"), +Attr("insn","ldr x0, [sp, #0x8]")]), Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(881, "%00000371"), Attrs([Attr("address","0x820"), +Attr("insn","ldr w0, [x0]")]), Var("R0",Imm(64)), +UNSIGNED(64,Load(Var("mem",Mem(64,8)),Var("R0",Imm(64)),LittleEndian(),32))), +Def(Tid(887, "%00000377"), Attrs([Attr("address","0x824"), +Attr("insn","add w1, w0, #0xa")]), Var("R1",Imm(64)), +UNSIGNED(64,PLUS(Extract(31,0,Var("R0",Imm(64))),Int(10,32)))), +Def(Tid(894, "%0000037e"), Attrs([Attr("address","0x828"), +Attr("insn","ldr x0, [sp, #0x8]")]), Var("R0",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R31",Imm(64)),Int(8,64)),LittleEndian(),64)), +Def(Tid(902, "%00000386"), Attrs([Attr("address","0x82C"), +Attr("insn","str w1, [x0]")]), Var("mem",Mem(64,8)), +Store(Var("mem",Mem(64,8)),Var("R0",Imm(64)),Extract(31,0,Var("R1",Imm(64))),LittleEndian(),32)), +Def(Tid(910, "%0000038e"), Attrs([Attr("address","0x834"), +Attr("insn","add sp, sp, #0x10")]), Var("R31",Imm(64)), +PLUS(Var("R31",Imm(64)),Int(16,64)))]), Jmps([Call(Tid(915, "%00000393"), + Attrs([Attr("address","0x838"), Attr("insn","ret")]), Int(1,1), +(Indirect(Var("R30",Imm(64))),))]))])), +Sub(Tid(1_801, "@register_tm_clones"), Attrs([Attr("address","0x780"), +Attr("c.proto","signed (*)(void)")]), "register_tm_clones", + Args([Arg(Tid(1_823, "%0000071f"), Attrs([Attr("c.data","Top:u32"), +Attr("c.layout","[signed : 32]"), Attr("c.type","signed")]), + Var("register_tm_clones_result",Imm(32)), LOW(32,Var("R0",Imm(64))), +Out())]), Blks([Blk(Tid(701, "@register_tm_clones"), + Attrs([Attr("address","0x780")]), Phis([]), Defs([Def(Tid(704, "%000002c0"), + Attrs([Attr("address","0x780"), Attr("insn","adrp x0, #131072")]), + Var("R0",Imm(64)), Int(131072,64)), Def(Tid(710, "%000002c6"), + Attrs([Attr("address","0x784"), Attr("insn","add x0, x0, #0x10")]), + Var("R0",Imm(64)), PLUS(Var("R0",Imm(64)),Int(16,64))), +Def(Tid(715, "%000002cb"), Attrs([Attr("address","0x788"), +Attr("insn","adrp x1, #131072")]), Var("R1",Imm(64)), Int(131072,64)), +Def(Tid(721, "%000002d1"), Attrs([Attr("address","0x78C"), +Attr("insn","add x1, x1, #0x10")]), Var("R1",Imm(64)), +PLUS(Var("R1",Imm(64)),Int(16,64))), Def(Tid(728, "%000002d8"), + Attrs([Attr("address","0x790"), Attr("insn","sub x1, x1, x0")]), + Var("R1",Imm(64)), +PLUS(PLUS(Var("R1",Imm(64)),NOT(Var("R0",Imm(64)))),Int(1,64))), +Def(Tid(734, "%000002de"), Attrs([Attr("address","0x794"), +Attr("insn","lsr x2, x1, #63")]), Var("R2",Imm(64)), +Concat(Int(0,63),Extract(63,63,Var("R1",Imm(64))))), +Def(Tid(741, "%000002e5"), Attrs([Attr("address","0x798"), +Attr("insn","add x1, x2, x1, asr #3")]), Var("R1",Imm(64)), +PLUS(Var("R2",Imm(64)),ARSHIFT(Var("R1",Imm(64)),Int(3,3)))), +Def(Tid(747, "%000002eb"), Attrs([Attr("address","0x79C"), +Attr("insn","asr x1, x1, #1")]), Var("R1",Imm(64)), +SIGNED(64,Extract(63,1,Var("R1",Imm(64)))))]), +Jmps([Goto(Tid(753, "%000002f1"), Attrs([Attr("address","0x7A0"), +Attr("insn","cbz x1, #0x18")]), EQ(Var("R1",Imm(64)),Int(0,64)), +Direct(Tid(751, "%000002ef"))), Goto(Tid(1_802, "%0000070a"), Attrs([]), + Int(1,1), Direct(Tid(1_207, "%000004b7")))])), Blk(Tid(1_207, "%000004b7"), + Attrs([Attr("address","0x7A4")]), Phis([]), +Defs([Def(Tid(1_210, "%000004ba"), Attrs([Attr("address","0x7A4"), +Attr("insn","adrp x2, #126976")]), Var("R2",Imm(64)), Int(126976,64)), +Def(Tid(1_217, "%000004c1"), Attrs([Attr("address","0x7A8"), +Attr("insn","ldr x2, [x2, #0xff8]")]), Var("R2",Imm(64)), +Load(Var("mem",Mem(64,8)),PLUS(Var("R2",Imm(64)),Int(4088,64)),LittleEndian(),64))]), +Jmps([Goto(Tid(1_222, "%000004c6"), Attrs([Attr("address","0x7AC"), +Attr("insn","cbz x2, #0xc")]), EQ(Var("R2",Imm(64)),Int(0,64)), +Direct(Tid(751, "%000002ef"))), Goto(Tid(1_803, "%0000070b"), Attrs([]), + Int(1,1), Direct(Tid(1_226, "%000004ca")))])), Blk(Tid(751, "%000002ef"), + Attrs([Attr("address","0x7B8")]), Phis([]), Defs([]), +Jmps([Call(Tid(759, "%000002f7"), Attrs([Attr("address","0x7B8"), +Attr("insn","ret")]), Int(1,1), (Indirect(Var("R30",Imm(64))),))])), +Blk(Tid(1_226, "%000004ca"), Attrs([Attr("address","0x7B0")]), Phis([]), +Defs([Def(Tid(1_230, "%000004ce"), Attrs([Attr("address","0x7B0"), +Attr("insn","mov x16, x2")]), Var("R16",Imm(64)), Var("R2",Imm(64)))]), +Jmps([Call(Tid(1_235, "%000004d3"), Attrs([Attr("address","0x7B4"), +Attr("insn","br x16")]), Int(1,1), +(Indirect(Var("R16",Imm(64))),))]))]))]))) \ No newline at end of file diff --git a/examples/pass_stack_ptr/pass_stack_ptr.bir b/examples/pass_stack_ptr/pass_stack_ptr.bir new file mode 100644 index 000000000..04e32bb44 --- /dev/null +++ b/examples/pass_stack_ptr/pass_stack_ptr.bir @@ -0,0 +1,296 @@ +0000070c: program +000006f3: sub __cxa_finalize(__cxa_finalize_result) +0000070d: __cxa_finalize_result :: out u32 = low:32[R0] + +000004b3: +000005bb: R16 := 0x1F000 +000005c2: R17 := mem[R16 + 0xFA8, el]:u64 +000005c8: R16 := R16 + 0xFA8 +000005cd: call R17 with noreturn + +000006f4: sub __do_global_dtors_aux(__do_global_dtors_aux_result) +0000070e: __do_global_dtors_aux_result :: out u32 = low:32[R0] + +000002fb: +000002ff: #3 := R31 - 0x20 +00000305: mem := mem with [#3, el]:u64 <- R29 +0000030b: mem := mem with [#3 + 8, el]:u64 <- R30 +0000030f: R31 := #3 +00000315: R29 := R31 +0000031d: mem := mem with [R31 + 0x10, el]:u64 <- R19 +00000322: R19 := 0x20000 +00000329: R0 := pad:64[mem[R19 + 0x10]] +00000330: when 31:0[R0] <> 0 goto %0000032e +000006f5: goto %0000047c + +0000047c: +0000047f: R0 := 0x1F000 +00000486: R0 := mem[R0 + 0xFD8, el]:u64 +0000048c: when R0 = 0 goto %0000048a +000006f6: goto %000004a3 + +000004a3: +000004a6: R0 := 0x20000 +000004ad: R0 := mem[R0 + 8, el]:u64 +000004b2: R30 := 0x7F0 +000004b5: call @__cxa_finalize with return %0000048a + +0000048a: +00000492: R30 := 0x7F4 +00000494: call @deregister_tm_clones with return %00000496 + +00000496: +00000499: R0 := 1 +000004a1: mem := mem with [R19 + 0x10] <- 7:0[R0] +000006f7: goto %0000032e + +0000032e: +00000338: R19 := mem[R31 + 0x10, el]:u64 +0000033f: R29 := mem[R31, el]:u64 +00000344: R30 := mem[R31 + 8, el]:u64 +00000348: R31 := R31 + 0x20 +0000034d: call R30 with noreturn + +000006f8: sub __libc_start_main(__libc_start_main_main, __libc_start_main_arg2, __libc_start_main_arg3, __libc_start_main_auxv, __libc_start_main_result) +0000070f: __libc_start_main_main :: in u64 = R0 +00000710: __libc_start_main_arg2 :: in u32 = low:32[R1] +00000711: __libc_start_main_arg3 :: in out u64 = R2 +00000712: __libc_start_main_auxv :: in out u64 = R3 +00000713: __libc_start_main_result :: out u32 = low:32[R0] + +00000254: +000005a5: R16 := 0x1F000 +000005ac: R17 := mem[R16 + 0xFA0, el]:u64 +000005b2: R16 := R16 + 0xFA0 +000005b7: call R17 with noreturn + +000006f9: sub __stack_chk_fail(__stack_chk_fail_result) +00000714: __stack_chk_fail_result :: out u32 = low:32[R0] + +00000478: +000005d1: R16 := 0x1F000 +000005d8: R17 := mem[R16 + 0xFB0, el]:u64 +000005de: R16 := R16 + 0xFB0 +000005e3: call R17 with noreturn + +000006fa: sub _fini(_fini_result) +00000715: _fini_result :: out u32 = low:32[R0] + +00000034: +0000003a: #0 := R31 - 0x10 +00000040: mem := mem with [#0, el]:u64 <- R29 +00000046: mem := mem with [#0 + 8, el]:u64 <- R30 +0000004a: R31 := #0 +00000050: R29 := R31 +00000057: R29 := mem[R31, el]:u64 +0000005c: R30 := mem[R31 + 8, el]:u64 +00000060: R31 := R31 + 0x10 +00000065: call R30 with noreturn + +000006fb: sub _init(_init_result) +00000716: _init_result :: out u32 = low:32[R0] + +0000062b: +00000631: #8 := R31 - 0x10 +00000637: mem := mem with [#8, el]:u64 <- R29 +0000063d: mem := mem with [#8 + 8, el]:u64 <- R30 +00000641: R31 := #8 +00000647: R29 := R31 +0000064c: R30 := 0x658 +0000064e: call @call_weak_fn with return %00000650 + +00000650: +00000655: R29 := mem[R31, el]:u64 +0000065a: R30 := mem[R31 + 8, el]:u64 +0000065e: R31 := R31 + 0x10 +00000663: call R30 with noreturn + +000006fc: sub _start(_start_result) +00000717: _start_result :: out u32 = low:32[R0] + +00000215: +0000021a: R29 := 0 +0000021f: R30 := 0 +00000225: R5 := R0 +0000022c: R1 := mem[R31, el]:u64 +00000232: R2 := R31 + 8 +00000238: R6 := R31 +0000023d: R0 := 0x1F000 +00000244: R0 := mem[R0 + 0xFF0, el]:u64 +00000249: R3 := 0 +0000024e: R4 := 0 +00000253: R30 := 0x730 +00000256: call @__libc_start_main with return %00000258 + +00000258: +0000025b: R30 := 0x734 +0000025e: call @abort with return %000006fd + +000006fd: +000006fe: call @call_weak_fn with noreturn + +000006ff: sub abort() + + +0000025c: +000005fd: R16 := 0x1F000 +00000604: R17 := mem[R16 + 0xFC0, el]:u64 +0000060a: R16 := R16 + 0xFC0 +0000060f: call R17 with noreturn + +00000700: sub call_weak_fn(call_weak_fn_result) +00000718: call_weak_fn_result :: out u32 = low:32[R0] + +00000260: +00000263: R0 := 0x1F000 +0000026a: R0 := mem[R0 + 0xFE0, el]:u64 +00000270: when R0 = 0 goto %0000026e +00000701: goto %000004f3 + +0000026e: +00000276: call R30 with noreturn + +000004f3: +000004f6: goto @__gmon_start__ + +000004f4: +000005e7: R16 := 0x1F000 +000005ee: R17 := mem[R16 + 0xFB8, el]:u64 +000005f4: R16 := R16 + 0xFB8 +000005f9: call R17 with noreturn + +00000702: sub deregister_tm_clones(deregister_tm_clones_result) +00000719: deregister_tm_clones_result :: out u32 = low:32[R0] + +0000027c: +0000027f: R0 := 0x20000 +00000285: R0 := R0 + 0x10 +0000028a: R1 := 0x20000 +00000290: R1 := R1 + 0x10 +00000296: #1 := ~R0 +0000029b: #2 := R1 + ~R0 +000002a1: VF := extend:65[#2 + 1] <> extend:65[R1] + extend:65[#1] + 1 +000002a7: CF := pad:65[#2 + 1] <> pad:65[R1] + pad:65[#1] + 1 +000002ab: ZF := #2 + 1 = 0 +000002af: NF := 63:63[#2 + 1] +000002b5: when ZF goto %000002b3 +00000703: goto %000004d5 + +000004d5: +000004d8: R1 := 0x1F000 +000004df: R1 := mem[R1 + 0xFD0, el]:u64 +000004e4: when R1 = 0 goto %000002b3 +00000704: goto %000004e8 + +000002b3: +000002bb: call R30 with noreturn + +000004e8: +000004ec: R16 := R1 +000004f1: call R16 with noreturn + +00000705: sub frame_dummy(frame_dummy_result) +0000071a: frame_dummy_result :: out u32 = low:32[R0] + +00000353: +00000355: call @register_tm_clones with noreturn + +00000706: sub main(main_argc, main_argv, main_result) +0000071b: main_argc :: in u32 = low:32[R0] +0000071c: main_argv :: in out u64 = R1 +0000071d: main_result :: out u32 = low:32[R0] + +00000395: +00000399: #4 := R31 - 0x20 +0000039f: mem := mem with [#4, el]:u64 <- R29 +000003a5: mem := mem with [#4 + 8, el]:u64 <- R30 +000003a9: R31 := #4 +000003af: R29 := R31 +000003b4: R0 := 0x1F000 +000003bb: R0 := mem[R0 + 0xFE8, el]:u64 +000003c2: R1 := mem[R0, el]:u64 +000003ca: mem := mem with [R31 + 0x18, el]:u64 <- R1 +000003cf: R1 := 0 +000003d4: R0 := 5 +000003dc: mem := mem with [R31 + 0x10, el]:u32 <- 31:0[R0] +000003e1: R0 := 0x19 +000003e9: mem := mem with [R31 + 0x14, el]:u32 <- 31:0[R0] +000003ef: R0 := R31 + 0x10 +000003f4: R30 := 0x870 +000003f6: call @modifyValue with return %000003f8 + +000003f8: +000003fc: R0 := R31 + 0x14 +00000401: R30 := 0x878 +00000403: call @modifyValue with return %00000405 + +00000405: +00000408: R0 := 0 +0000040e: R1 := pad:64[31:0[R0]] +00000413: R0 := 0x1F000 +0000041a: R0 := mem[R0 + 0xFE8, el]:u64 +00000421: R3 := mem[R31 + 0x18, el]:u64 +00000428: R2 := mem[R0, el]:u64 +0000042e: #5 := ~R2 +00000433: #6 := R3 + ~R2 +00000439: VF := extend:65[#6 + 1] <> extend:65[R3] + extend:65[#5] + 1 +0000043f: CF := pad:65[#6 + 1] <> pad:65[R3] + pad:65[#5] + 1 +00000443: ZF := #6 + 1 = 0 +00000447: NF := 63:63[#6 + 1] +0000044b: R3 := #6 + 1 +00000450: R2 := 0 +00000456: when ZF goto %00000454 +00000707: goto %00000474 + +00000474: +00000477: R30 := 0x8A0 +0000047a: call @__stack_chk_fail with return %00000454 + +00000454: +0000045d: R0 := pad:64[31:0[R1]] +00000464: R29 := mem[R31, el]:u64 +00000469: R30 := mem[R31 + 8, el]:u64 +0000046d: R31 := R31 + 0x20 +00000472: call R30 with noreturn + +00000708: sub modifyValue(modifyValue_result) +0000071e: modifyValue_result :: out u32 = low:32[R0] + +00000357: +0000035b: R31 := R31 - 0x10 +00000363: mem := mem with [R31 + 8, el]:u64 <- R0 +0000036a: R0 := mem[R31 + 8, el]:u64 +00000371: R0 := pad:64[mem[R0, el]:u32] +00000377: R1 := pad:64[31:0[R0] + 0xA] +0000037e: R0 := mem[R31 + 8, el]:u64 +00000386: mem := mem with [R0, el]:u32 <- 31:0[R1] +0000038e: R31 := R31 + 0x10 +00000393: call R30 with noreturn + +00000709: sub register_tm_clones(register_tm_clones_result) +0000071f: register_tm_clones_result :: out u32 = low:32[R0] + +000002bd: +000002c0: R0 := 0x20000 +000002c6: R0 := R0 + 0x10 +000002cb: R1 := 0x20000 +000002d1: R1 := R1 + 0x10 +000002d8: R1 := R1 + ~R0 + 1 +000002de: R2 := 0.63:63[R1] +000002e5: R1 := R2 + (R1 ~>> 3) +000002eb: R1 := extend:64[63:1[R1]] +000002f1: when R1 = 0 goto %000002ef +0000070a: goto %000004b7 + +000004b7: +000004ba: R2 := 0x1F000 +000004c1: R2 := mem[R2 + 0xFF8, el]:u64 +000004c6: when R2 = 0 goto %000002ef +0000070b: goto %000004ca + +000002ef: +000002f7: call R30 with noreturn + +000004ca: +000004ce: R16 := R2 +000004d3: call R16 with noreturn diff --git a/examples/pass_stack_ptr/pass_stack_ptr.c b/examples/pass_stack_ptr/pass_stack_ptr.c new file mode 100644 index 000000000..05916e37b --- /dev/null +++ b/examples/pass_stack_ptr/pass_stack_ptr.c @@ -0,0 +1,13 @@ +#include + +void modifyValue(int *a) { + *a = *a + 10; +} + +int main() { + int number = 5; + int xnumber = 25; + modifyValue(&number); // Passing address of the stack variable + modifyValue(&xnumber); // Passing address of the stack variable + return 0; +} diff --git a/examples/pass_stack_ptr/pass_stack_ptr.relf b/examples/pass_stack_ptr/pass_stack_ptr.relf new file mode 100644 index 000000000..aca1454ba --- /dev/null +++ b/examples/pass_stack_ptr/pass_stack_ptr.relf @@ -0,0 +1,132 @@ + +Relocation section '.rela.dyn' at offset 0x4f8 contains 9 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend +000000000001fd68 0000000000000403 R_AARCH64_RELATIVE 810 +000000000001fd70 0000000000000403 R_AARCH64_RELATIVE 7c0 +000000000001fff0 0000000000000403 R_AARCH64_RELATIVE 83c +0000000000020008 0000000000000403 R_AARCH64_RELATIVE 20008 +000000000001ffd0 0000000400000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_deregisterTMCloneTable + 0 +000000000001ffd8 0000000500000401 R_AARCH64_GLOB_DAT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 +000000000001ffe0 0000000700000401 R_AARCH64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 +000000000001ffe8 0000000800000401 R_AARCH64_GLOB_DAT 0000000000000000 __stack_chk_guard@GLIBC_2.17 + 0 +000000000001fff8 0000000a00000401 R_AARCH64_GLOB_DAT 0000000000000000 _ITM_registerTMCloneTable + 0 + +Relocation section '.rela.plt' at offset 0x5d0 contains 5 entries: + Offset Info Type Symbol's Value Symbol's Name + Addend +000000000001ffa0 0000000300000402 R_AARCH64_JUMP_SLOT 0000000000000000 __libc_start_main@GLIBC_2.34 + 0 +000000000001ffa8 0000000500000402 R_AARCH64_JUMP_SLOT 0000000000000000 __cxa_finalize@GLIBC_2.17 + 0 +000000000001ffb0 0000000600000402 R_AARCH64_JUMP_SLOT 0000000000000000 __stack_chk_fail@GLIBC_2.17 + 0 +000000000001ffb8 0000000700000402 R_AARCH64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 +000000000001ffc0 0000000900000402 R_AARCH64_JUMP_SLOT 0000000000000000 abort@GLIBC_2.17 + 0 + +Symbol table '.dynsym' contains 11 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 0000000000000648 0 SECTION LOCAL DEFAULT 11 .init + 2: 0000000000020000 0 SECTION LOCAL DEFAULT 22 .data + 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 (2) + 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable + 5: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 (3) + 6: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.17 (3) + 7: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 8: 0000000000000000 0 OBJECT GLOBAL DEFAULT UND __stack_chk_guard@GLIBC_2.17 (4) + 9: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 (3) + 10: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable + +Symbol table '.symtab' contains 95 entries: + Num: Value Size Type Bind Vis Ndx Name + 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND + 1: 0000000000000238 0 SECTION LOCAL DEFAULT 1 .interp + 2: 0000000000000254 0 SECTION LOCAL DEFAULT 2 .note.gnu.build-id + 3: 0000000000000278 0 SECTION LOCAL DEFAULT 3 .note.ABI-tag + 4: 0000000000000298 0 SECTION LOCAL DEFAULT 4 .gnu.hash + 5: 00000000000002b8 0 SECTION LOCAL DEFAULT 5 .dynsym + 6: 00000000000003c0 0 SECTION LOCAL DEFAULT 6 .dynstr + 7: 000000000000048c 0 SECTION LOCAL DEFAULT 7 .gnu.version + 8: 00000000000004a8 0 SECTION LOCAL DEFAULT 8 .gnu.version_r + 9: 00000000000004f8 0 SECTION LOCAL DEFAULT 9 .rela.dyn + 10: 00000000000005d0 0 SECTION LOCAL DEFAULT 10 .rela.plt + 11: 0000000000000648 0 SECTION LOCAL DEFAULT 11 .init + 12: 0000000000000660 0 SECTION LOCAL DEFAULT 12 .plt + 13: 0000000000000700 0 SECTION LOCAL DEFAULT 13 .text + 14: 00000000000008ac 0 SECTION LOCAL DEFAULT 14 .fini + 15: 00000000000008c0 0 SECTION LOCAL DEFAULT 15 .rodata + 16: 00000000000008c4 0 SECTION LOCAL DEFAULT 16 .eh_frame_hdr + 17: 0000000000000908 0 SECTION LOCAL DEFAULT 17 .eh_frame + 18: 000000000001fd68 0 SECTION LOCAL DEFAULT 18 .init_array + 19: 000000000001fd70 0 SECTION LOCAL DEFAULT 19 .fini_array + 20: 000000000001fd78 0 SECTION LOCAL DEFAULT 20 .dynamic + 21: 000000000001ff88 0 SECTION LOCAL DEFAULT 21 .got + 22: 0000000000020000 0 SECTION LOCAL DEFAULT 22 .data + 23: 0000000000020010 0 SECTION LOCAL DEFAULT 23 .bss + 24: 0000000000000000 0 SECTION LOCAL DEFAULT 24 .comment + 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25 .debug_aranges + 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26 .debug_info + 27: 0000000000000000 0 SECTION LOCAL DEFAULT 27 .debug_abbrev + 28: 0000000000000000 0 SECTION LOCAL DEFAULT 28 .debug_line + 29: 0000000000000000 0 SECTION LOCAL DEFAULT 29 .debug_str + 30: 0000000000000000 0 SECTION LOCAL DEFAULT 30 .debug_line_str + 31: 0000000000000000 0 FILE LOCAL DEFAULT ABS Scrt1.o + 32: 0000000000000278 0 NOTYPE LOCAL DEFAULT 3 $d + 33: 0000000000000278 32 OBJECT LOCAL DEFAULT 3 __abi_tag + 34: 0000000000000700 0 NOTYPE LOCAL DEFAULT 13 $x + 35: 000000000000091c 0 NOTYPE LOCAL DEFAULT 17 $d + 36: 00000000000008c0 0 NOTYPE LOCAL DEFAULT 15 $d + 37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crti.o + 38: 0000000000000734 0 NOTYPE LOCAL DEFAULT 13 $x + 39: 0000000000000734 20 FUNC LOCAL DEFAULT 13 call_weak_fn + 40: 0000000000000648 0 NOTYPE LOCAL DEFAULT 11 $x + 41: 00000000000008ac 0 NOTYPE LOCAL DEFAULT 14 $x + 42: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtn.o + 43: 0000000000000658 0 NOTYPE LOCAL DEFAULT 11 $x + 44: 00000000000008b8 0 NOTYPE LOCAL DEFAULT 14 $x + 45: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 46: 0000000000000750 0 NOTYPE LOCAL DEFAULT 13 $x + 47: 0000000000000750 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones + 48: 0000000000000780 0 FUNC LOCAL DEFAULT 13 register_tm_clones + 49: 0000000000020008 0 NOTYPE LOCAL DEFAULT 22 $d + 50: 00000000000007c0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux + 51: 0000000000020010 1 OBJECT LOCAL DEFAULT 23 completed.0 + 52: 000000000001fd70 0 NOTYPE LOCAL DEFAULT 19 $d + 53: 000000000001fd70 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry + 54: 0000000000000810 0 FUNC LOCAL DEFAULT 13 frame_dummy + 55: 000000000001fd68 0 NOTYPE LOCAL DEFAULT 18 $d + 56: 000000000001fd68 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry + 57: 0000000000000930 0 NOTYPE LOCAL DEFAULT 17 $d + 58: 0000000000020010 0 NOTYPE LOCAL DEFAULT 23 $d + 59: 0000000000000000 0 FILE LOCAL DEFAULT ABS example.c + 60: 0000000000000814 0 NOTYPE LOCAL DEFAULT 13 $x + 61: 0000000000000990 0 NOTYPE LOCAL DEFAULT 17 $d + 62: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c + 63: 00000000000009c8 0 NOTYPE LOCAL DEFAULT 17 $d + 64: 00000000000009c8 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ + 65: 0000000000000000 0 FILE LOCAL DEFAULT ABS + 66: 000000000001fd78 0 OBJECT LOCAL DEFAULT ABS _DYNAMIC + 67: 00000000000008c4 0 NOTYPE LOCAL DEFAULT 16 __GNU_EH_FRAME_HDR + 68: 000000000001ffc8 0 OBJECT LOCAL DEFAULT ABS _GLOBAL_OFFSET_TABLE_ + 69: 0000000000000660 0 NOTYPE LOCAL DEFAULT 12 $x + 70: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.34 + 71: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable + 72: 0000000000020000 0 NOTYPE WEAK DEFAULT 22 data_start + 73: 0000000000020010 0 NOTYPE GLOBAL DEFAULT 23 __bss_start__ + 74: 0000000000000000 0 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.17 + 75: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 _bss_end__ + 76: 0000000000020010 0 NOTYPE GLOBAL DEFAULT 22 _edata + 77: 00000000000008ac 0 FUNC GLOBAL HIDDEN 14 _fini + 78: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 __bss_end__ + 79: 0000000000020000 0 NOTYPE GLOBAL DEFAULT 22 __data_start + 80: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.17 + 81: 0000000000000814 40 FUNC GLOBAL DEFAULT 13 modifyValue + 82: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ + 83: 0000000000000000 0 OBJECT GLOBAL DEFAULT UND __stack_chk_guard@GLIBC_2.17 + 84: 0000000000020008 0 OBJECT GLOBAL HIDDEN 22 __dso_handle + 85: 0000000000000000 0 FUNC GLOBAL DEFAULT UND abort@GLIBC_2.17 + 86: 00000000000008c0 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used + 87: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 _end + 88: 0000000000000700 52 FUNC GLOBAL DEFAULT 13 _start + 89: 0000000000020018 0 NOTYPE GLOBAL DEFAULT 23 __end__ + 90: 0000000000020010 0 NOTYPE GLOBAL DEFAULT 23 __bss_start + 91: 000000000000083c 112 FUNC GLOBAL DEFAULT 13 main + 92: 0000000000020010 0 OBJECT GLOBAL HIDDEN 22 __TMC_END__ + 93: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable + 94: 0000000000000648 0 FUNC GLOBAL HIDDEN 11 _init \ No newline at end of file diff --git a/src/main/scala/Main.scala b/src/main/scala/Main.scala index b83f06b3f..3fb3f0139 100644 --- a/src/main/scala/Main.scala +++ b/src/main/scala/Main.scala @@ -8,7 +8,7 @@ import util.RunUtils import scala.collection.mutable.{ArrayBuffer, Set} import scala.collection.{immutable, mutable} import scala.language.postfixOps -import scala.sys.process._ +import scala.sys.process.* import util.* import mainargs.{main, arg, ParserForClass, Flag} @@ -35,7 +35,11 @@ object Main { @arg(name = "dump-il", doc = "Dump the Intermediate Language to text.") dumpIL: Option[String], @arg(name = "help", short = 'h', doc = "Show this help message.") - help: Flag + help: Flag, + @arg(name = "analysis-results", doc = "Log analysis results in files at specified path.") + analysisResults: Option[String], + @arg(name = "analysis-results-dot", doc = "Log analysis results in .dot form at specified path.") + analysisResultsDot: Option[String] ) def main(args: Array[String]): Unit = { @@ -44,14 +48,13 @@ object Main { val conf = parsed match { case Right(r) => r - case Left(l) => { + case Left(l) => println(l) return - } } if (conf.help.value) { - println(parser.helpText(sorted = false)); + println(parser.helpText(sorted = false)) } Logger.setLevel(LogLevel.INFO) @@ -62,12 +65,12 @@ object Main { val q = BASILConfig( loading = ILLoadingConfig(conf.adtFileName, conf.relfFileName, conf.specFileName, conf.dumpIL), runInterpret = conf.interpret.value, - staticAnalysis = if (conf.analyse.value) then Some(StaticAnalysisConfig(conf.dumpIL)) else None, - boogieTranslation = BoogieGeneratorConfig(if (conf.lambdaStores.value) then BoogieMemoryAccessMode.LambdaStoreSelect else BoogieMemoryAccessMode.SuccessiveStoreSelect), - outputPrefix = conf.outFileName + staticAnalysis = if conf.analyse.value then Some(StaticAnalysisConfig(conf.dumpIL, conf.analysisResults, conf.analysisResultsDot)) else None, + boogieTranslation = BoogieGeneratorConfig(if conf.lambdaStores.value then BoogieMemoryAccessMode.LambdaStoreSelect else BoogieMemoryAccessMode.SuccessiveStoreSelect), + outputPrefix = conf.outFileName, ) - RunUtils.run(q); + RunUtils.run(q) } } diff --git a/src/main/scala/analysis/Analysis.scala b/src/main/scala/analysis/Analysis.scala index ac1863062..b7584bae7 100644 --- a/src/main/scala/analysis/Analysis.scala +++ b/src/main/scala/analysis/Analysis.scala @@ -147,73 +147,90 @@ object Fresh { } } -trait MemoryRegion - -/** Represents a stack region. The region is defined by a region Identifier identifying the assignment location. There - * can exist two regions with the same size (offset) but have a different base pointer. As such the base pointer is - * tracked but not printed in the toString method. - * @param start - * 0x1234 in case of mem[R1 + 0x1234] <- ... - * @param regionType - * The type of the region. This is used to distinguish between stack, heap, data and code regions. - * @param extent - * the start and end of the region - */ -case class StackRegion(regionIdentifier: String, start: Expr, var extent: Option[RangeKey]) extends MemoryRegion: - override def toString: String = s"Stack(${regionIdentifier}, ${start})" - override def hashCode(): Int = regionIdentifier.hashCode() +trait MemoryRegion { + val regionIdentifier: String + var extent: Option[RangeKey] = None +} + +class StackRegion(override val regionIdentifier: String, val start: BitVecLiteral) extends MemoryRegion { + override def toString: String = s"Stack($regionIdentifier, $start)" + override def hashCode(): Int = regionIdentifier.hashCode() * start.hashCode() override def equals(obj: Any): Boolean = obj match { - case StackRegion(ri, st, _) => st == start - case _ => false + case s: StackRegion => s.start == start && s.regionIdentifier == regionIdentifier + case _ => false } +} -/** Represents a Heap region. The region is defined by its identifier which is defined by the allocation site. - * @param regionIdentifier - * region id identifying the call-site - * @param start - * the start address - * @param extent - * the start and end of the region - */ -case class HeapRegion(regionIdentifier: String, start: Expr, var extent: Option[RangeKey]) extends MemoryRegion: - override def toString: String = s"Heap(${regionIdentifier}, ${start})" +class HeapRegion(override val regionIdentifier: String) extends MemoryRegion { + override def toString: String = s"Heap($regionIdentifier)" override def hashCode(): Int = regionIdentifier.hashCode() override def equals(obj: Any): Boolean = obj match { - case r: HeapRegion => regionIdentifier.equals(r.regionIdentifier) - case _ => false + case h: HeapRegion => h.regionIdentifier == regionIdentifier + case _ => false } +} -case class DataRegion(regionIdentifier: String, start: Expr, var extent: Option[RangeKey]) extends MemoryRegion: - override def toString: String = s"Data(${regionIdentifier}, ${start})" - -case class RegionAccess(regionBase: String, start: Expr) extends MemoryRegion: - override def toString: String = s"RegionAccess(${regionBase}, ${start})" +class DataRegion(override val regionIdentifier: String, val start: BitVecLiteral) extends MemoryRegion { + override def toString: String = s"Data($regionIdentifier, $start)" + override def hashCode(): Int = regionIdentifier.hashCode() * start.hashCode() + override def equals(obj: Any): Boolean = obj match { + case d: DataRegion => d.start == start && d.regionIdentifier == regionIdentifier + case _ => false + } +} trait MemoryRegionAnalysisMisc: var mallocCount: Int = 0 var stackCount: Int = 0 - var stackPool: mutable.Map[Expr, StackRegion] = mutable.HashMap() - private def getNextMallocCount(): String = { + val stackMap: mutable.Map[CfgFunctionEntryNode, mutable.Map[Expr, StackRegion]] = mutable.HashMap() + private def nextMallocCount() = { mallocCount += 1 s"malloc_$mallocCount" } - private def getNextStackCount(): String = { + private def nextStackCount() = { stackCount += 1 s"stack_$stackCount" } - def poolMaster(expr: Expr): StackRegion = { + /** + * Controls the pool of stack regions. Each pool is unique to a function. + * If the offset has already been defined in the context of the function, then the same region is returned. + * @param expr: the offset + * @param parent: the function entry node + * @return the stack region corresponding to the offset + */ + def poolMaster(expr: BitVecLiteral, parent: CfgFunctionEntryNode): StackRegion = { + val stackPool = stackMap.getOrElseUpdate(parent, mutable.HashMap()) if (stackPool.contains(expr)) { stackPool(expr) } else { - val newRegion = StackRegion(getNextStackCount(), expr, None) + val newRegion = StackRegion(nextStackCount(), expr) stackPool += (expr -> newRegion) newRegion } } + def unwrapExpr(expr: Expr) : ListBuffer[Expr] = { + val buffers = ListBuffer[Expr]() + expr match { + case e: Extract => unwrapExpr(e.body) + case e: SignExtend => unwrapExpr(e.body) + case e: ZeroExtend => unwrapExpr(e.body) + case repeat: Repeat => unwrapExpr(repeat.body) + case unaryExpr: UnaryExpr => unwrapExpr(unaryExpr.arg) + case binaryExpr: BinaryExpr => + unwrapExpr(binaryExpr.arg1) + unwrapExpr(binaryExpr.arg2) + case memoryLoad: MemoryLoad => + buffers.addOne(memoryLoad) + unwrapExpr(memoryLoad.index) + case _ => + } + buffers + } + val cfg: ProgramCfg val globals: Map[BigInt, String] val globalOffsets: Map[BigInt, BigInt] @@ -238,58 +255,57 @@ trait MemoryRegionAnalysisMisc: private val mallocVariable = Register("R0", BitVecType(64)) - /** Default implementation of eval. - */ - def eval(exp: Expr, env: lattice.sublattice.Element, n: CfgNode): lattice.sublattice.Element = { + def eval(exp: Expr, env: lattice.sublattice.Element, n: CfgCommandNode): lattice.sublattice.Element = { Logger.debug(s"evaluating $exp") Logger.debug(s"env: $env") Logger.debug(s"n: $n") exp match { case binOp: BinaryExpr => if (binOp.arg1 == stackPointer) { - val rhs: Expr = evaluateExpression(binOp.arg2, n, constantProp(n)) - Set(StackRegion(getNextStackCount(), rhs, None)) + evaluateExpression(binOp.arg2, constantProp(n)) match { + case Some(b: BitVecLiteral) => Set(poolMaster(b, n.parent)) + case None => env + } } else { - val evaluation: Expr = evaluateExpression(binOp, n, constantProp(n)) - if (evaluation.equals(binOp)) { - return env + evaluateExpression(binOp, constantProp(n)) match { + case Some(b: BitVecLiteral) => eval(b, env, n) + case None => env } - eval(evaluation, env, n) } case bitVecLiteral: BitVecLiteral => if (globals.contains(bitVecLiteral.value)) { val globalName = globals(bitVecLiteral.value) - Set(DataRegion(globalName, bitVecLiteral, None)) + Set(DataRegion(globalName, bitVecLiteral)) } else if (subroutines.contains(bitVecLiteral.value)) { val subroutineName = subroutines(bitVecLiteral.value) - Set(DataRegion(subroutineName, bitVecLiteral, None)) + Set(DataRegion(subroutineName, bitVecLiteral)) } else if (globalOffsets.contains(bitVecLiteral.value)) { val val1 = globalOffsets(bitVecLiteral.value) if (subroutines.contains(val1)) { val globalName = subroutines(val1) - Set(DataRegion(globalName, bitVecLiteral, None)) + Set(DataRegion(globalName, bitVecLiteral)) } else { - Set(DataRegion(s"Unknown_${bitVecLiteral}", bitVecLiteral, None)) + Set(DataRegion(s"Unknown_$bitVecLiteral", bitVecLiteral)) } } else { //throw new Exception(s"Unknown type for $bitVecLiteral") // unknown region here - Set(DataRegion(s"Unknown_${bitVecLiteral}", bitVecLiteral, None)) + Set(DataRegion(s"Unknown_$bitVecLiteral", bitVecLiteral)) } case variable: Variable => variable match { case _: LocalVar => - return env + env case reg: Register if reg == stackPointer => - return env + env case _ => + evaluateExpression(variable, constantProp(n)) match { + case Some(b: BitVecLiteral) => + eval(b, env, n) + case _ => + env // we cannot evaluate this to a concrete value, we need VSA for this + } } - - val evaluation: Expr = evaluateExpression(variable, n, constantProp(n)) - evaluation match - case bitVecLiteral: BitVecLiteral => - eval(bitVecLiteral, env, n) - case _ => env // we cannot evaluate this to a concrete value, we need VSA for this case _ => Logger.debug(s"type: ${exp.getClass} $exp\n") throw new Exception("Unknown type") @@ -304,23 +320,34 @@ trait MemoryRegionAnalysisMisc: cmd.data match { case directCall: DirectCall => if (directCall.target.name == "malloc") { - return lattice.sublattice.lub( - s, - Set(HeapRegion(getNextMallocCount(), evaluateExpression(mallocVariable, n, constantProp(n)), None)) - ) + evaluateExpression(mallocVariable, constantProp(n)) match { + case Some(b: BitVecLiteral) => + lattice.sublattice.lub(s, Set(HeapRegion(nextMallocCount()))) + case None => s + } + } else { + s } - s case memAssign: MemoryAssign => if (ignoreRegions.contains(memAssign.rhs.value)) { return s } - val result = eval(memAssign.rhs.index, s, n) + val result = eval(memAssign.rhs.index, s, cmd) /* don't modify the IR in the middle of the analysis like this, also this produces a lot of incorrect results result.collectFirst({ - case StackRegion(_, _, _) => + case StackRegion(name, _, _, _) => + memAssign.rhs = MemoryStore( + Memory(name, + memAssign.rhs.mem.addressSize, + memAssign.rhs.mem.valueSize), + memAssign.rhs.index, + memAssign.rhs.value, memAssign.rhs.endian, + memAssign.rhs.size + ) + case DataRegion(name, _, _, _) => memAssign.rhs = MemoryStore( - Memory("stack", memAssign.rhs.mem.addressSize, memAssign.rhs.mem.valueSize), + Memory(name, memAssign.rhs.mem.addressSize, memAssign.rhs.mem.valueSize), memAssign.rhs.index, memAssign.rhs.value, memAssign.rhs.endian, @@ -331,19 +358,24 @@ trait MemoryRegionAnalysisMisc: */ lattice.sublattice.lub(s, result) case localAssign: LocalAssign => - localAssign.rhs match + var m = s + unwrapExpr(localAssign.rhs).foreach { case memoryLoad: MemoryLoad => - val result = eval(memoryLoad.index, s, n) + val result = eval(memoryLoad.index, s, cmd) /* don't modify the IR in the middle of the analysis like this, this also produces incorrect results result.collectFirst({ - case StackRegion(_, _, _) => - memoryLoad.mem = Memory("stack", memoryLoad.mem.addressSize, memoryLoad.mem.valueSize) + case StackRegion(name, _, _, _) => + memoryLoad.mem = Memory(name, memoryLoad.mem.addressSize, memoryLoad.mem.valueSize) + case DataRegion(name, _, _, _) => + memoryLoad.mem = Memory(name, memoryLoad.mem.addressSize, memoryLoad.mem.valueSize) case _ => }) */ - lattice.sublattice.lub(s, result) - case _ => s + m = lattice.sublattice.lub(m, result) + case _ => m + } + m case _ => s } case _ => s // ignore other kinds of nodes diff --git a/src/main/scala/analysis/Cfg.scala b/src/main/scala/analysis/Cfg.scala index c382c1dc3..2c0c2e4d7 100644 --- a/src/main/scala/analysis/Cfg.scala +++ b/src/main/scala/analysis/Cfg.scala @@ -109,9 +109,10 @@ trait CfgNode: * Set of predecessor nodes */ def pred(intra: Boolean): mutable.Set[CfgNode] = { - intra match - case true => predIntra.map(edge => edge.getFrom) - case false => predInter.map(edge => edge.getFrom) + if intra then + predIntra.map(edge => edge.getFrom) + else + predInter.map(edge => edge.getFrom) } /** Retrieve predecessor edges to this node. @@ -131,9 +132,10 @@ trait CfgNode: * (Node, EdgeCondition) */ def predConds(intra: Boolean): mutable.Set[(CfgNode, Expr)] = { - intra match - case true => predIntra.map(edge => (edge.getFrom, edge.getCond)) - case false => predInter.map(edge => (edge.getFrom, edge.getCond)) + if intra then + predIntra.map(edge => (edge.getFrom, edge.getCond)) + else + predInter.map(edge => (edge.getFrom, edge.getCond)) } /** Edges to successor nodes, either regular or ignored procedure calls @@ -156,9 +158,10 @@ trait CfgNode: * Set of successor nodes */ def succ(intra: Boolean): mutable.Set[CfgNode] = { - intra match - case true => succIntra.map(edge => edge.getTo) - case false => succInter.map(edge => edge.getTo) + if intra then + succIntra.map(edge => edge.getTo) + else + succInter.map(edge => edge.getTo) } /** Retrieve successor edges from this node. @@ -178,9 +181,10 @@ trait CfgNode: * (Node, EdgeCondition) */ def succConds(intra: Boolean): mutable.Set[(CfgNode, Expr)] = { - intra match - case true => succIntra.map(edge => (edge.getTo, edge.getCond)) - case false => succInter.map(edge => (edge.getTo, edge.getCond)) + if intra then + succIntra.map(edge => (edge.getTo, edge.getCond)) + else + succInter.map(edge => (edge.getTo, edge.getCond)) } /** Unique identifier. */ @@ -212,7 +216,7 @@ case class CfgFunctionEntryNode( override val succInter: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), data: Procedure ) extends CfgNodeWithData[Procedure]: - override def block = data.blocks.head + override def block: Block = data.blocks.head override def toString: String = s"[FunctionEntry] $data" /** Copy this node, but give unique ID and reset edges */ @@ -228,7 +232,7 @@ case class CfgFunctionExitNode( override val succInter: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), data: Procedure ) extends CfgNodeWithData[Procedure]: - override def block = data.blocks.head + override def block: Block = data.blocks.head override def toString: String = s"[FunctionExit] $data" /** Copy this node, but give unique ID and reset edges */ @@ -304,6 +308,8 @@ case class CfgCallReturnNode( */ trait CfgCommandNode extends CfgNodeWithData[Command] { override def copyNode(): CfgCommandNode + val block: Block + val parent: CfgFunctionEntryNode } /** CFG's representation of a single statement. @@ -315,12 +321,13 @@ case class CfgStatementNode( override val succIntra: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), override val succInter: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), data: Statement, - block: Block + override val block: Block, + override val parent: CfgFunctionEntryNode ) extends CfgCommandNode: override def toString: String = s"[Stmt] $data" /** Copy this node, but give unique ID and reset edges */ - override def copyNode(): CfgStatementNode = CfgStatementNode(data = this.data, block = this.block) + override def copyNode(): CfgStatementNode = CfgStatementNode(data = this.data, block = this.block, parent = this.parent) /** CFG's representation of a jump. This is used as a general jump node, for both indirect and direct calls. */ @@ -331,12 +338,13 @@ case class CfgJumpNode( override val succIntra: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), override val succInter: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), data: Jump, - block: Block + override val block: Block, + override val parent: CfgFunctionEntryNode ) extends CfgCommandNode: override def toString: String = s"[Jmp] $data" /** Copy this node, but give unique ID and reset edges */ - override def copyNode(): CfgJumpNode = CfgJumpNode(data = this.data, block = this.block) + override def copyNode(): CfgJumpNode = CfgJumpNode(data = this.data, block = this.block, parent = this.parent) /** A general purpose node which in terms of the IR has no functionality, but can have purpose in the CFG. As example, * this is used as a "block" start node for the case that a block contains no statements, but has a `GoTo` as its jump. @@ -349,13 +357,14 @@ case class CfgGhostNode( override val predInter: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), override val succIntra: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), override val succInter: mutable.Set[CfgEdge] = mutable.Set[CfgEdge](), - block: Block + override val block: Block, + override val parent: CfgFunctionEntryNode, + override val data: NOP ) extends CfgCommandNode: - override val data: Statement = NOP - override def toString: String = s"[NOP]" + override def toString: String = s"[NOP] $data" /** Copy this node, but give unique ID and reset edges */ - override def copyNode(): CfgGhostNode = CfgGhostNode(block = this.block) + override def copyNode(): CfgGhostNode = CfgGhostNode(block = this.block, parent = this.parent, data = this.data) /** A control-flow graph. Nodes provide the ability to walk it as both an intra and inter procedural CFG. */ @@ -467,7 +476,7 @@ class ProgramCfg: case (from: CfgCallReturnNode, to: CfgCommandNode) => addRegularEdge(from, to, cond) // Regular flow of instructions case (from: CfgCommandNode, to: (CfgCommandNode | CfgFunctionExitNode)) => addRegularEdge(from, to, cond) - case _ => throw new Exception(s"[!] Unexpected edge combination when adding cfg edge between ${from} -> ${to}.") + case _ => throw new Exception(s"[!] Unexpected edge combination when adding cfg edge between $from -> $to.") } edges += newEdge @@ -636,7 +645,7 @@ class ProgramCfgFactory: // Procedure has no content (in our case this probably means it's an ignored procedure, e.g., an external function such as @printf) if (proc.blocks.isEmpty) { cfg.addEdge(funcEntryNode, funcExitNode) - return; + return } // Track blocks we've already processed so we don't double up @@ -700,7 +709,7 @@ class ProgramCfgFactory: */ def visitStmts(stmts: ArrayBuffer[Statement], prevNode: CfgNode, cond: Expr): CfgCommandNode = { - val firstNode: CfgStatementNode = CfgStatementNode(data = stmts.head, block = block) + val firstNode: CfgStatementNode = CfgStatementNode(data = stmts.head, block = block, parent = funcEntryNode) cfg.addEdge(prevNode, firstNode, cond) visitedBlocks += (block -> firstNode) // This is guaranteed to be entrance to block if we are here @@ -713,7 +722,7 @@ class ProgramCfgFactory: // `tail` takes everything after the first element of the iterable stmts.tail.foreach(stmt => - val stmtNode: CfgStatementNode = CfgStatementNode(data = stmt, block = block) + val stmtNode: CfgStatementNode = CfgStatementNode(data = stmt, block = block, parent = funcEntryNode) cfg.addEdge(prevStmtNode, stmtNode) prevStmtNode = stmtNode ) @@ -737,7 +746,7 @@ class ProgramCfgFactory: */ def visitJumps(jmps: ArrayBuffer[Jump], prevNode: CfgNode, cond: Expr, solitary: Boolean): Unit = { - val jmpNode: CfgJumpNode = CfgJumpNode(data = jmps.head, block = block) + val jmpNode: CfgJumpNode = CfgJumpNode(data = jmps.head, block = block, parent = funcEntryNode) var precNode: CfgNode = prevNode if (solitary) { @@ -752,7 +761,7 @@ class ProgramCfgFactory: jmps.head match { case jmp: GoTo => // `GoTo`s are just edges, so introduce a fake `start of block` that can be jmp'd to - val ghostNode = CfgGhostNode(block = block) + val ghostNode = CfgGhostNode(block = block, parent = funcEntryNode, data = NOP(jmp.label)) cfg.addEdge(prevNode, ghostNode, cond) precNode = ghostNode visitedBlocks += (block -> ghostNode) @@ -797,15 +806,23 @@ class ProgramCfgFactory: visitBlock(targetBlock, precNode, targetCond) } } - + case n: NonDetGoTo => + for (targetBlock <- n.targets) { + if (visitedBlocks.contains(targetBlock)) { + val targetBlockEntry: CfgCommandNode = visitedBlocks(targetBlock) + cfg.addEdge(precNode, targetBlockEntry) + } else { + visitBlock(targetBlock, precNode, TrueLiteral) + } + } case dCall: DirectCall => val targetProc: Procedure = dCall.target // Branch to this call - val calls = jmps.filter(_.isInstanceOf[DirectCall]).map(x => CfgJumpNode(data = x, block = block)) + val calls = jmps.filter(_.isInstanceOf[DirectCall]).map(x => CfgJumpNode(data = x, block = block, parent = funcEntryNode)) calls.foreach(node => { - cfg.addEdge(precNode, node, node.data.asInstanceOf[DirectCall].condition.getOrElse(TrueLiteral)) + cfg.addEdge(precNode, node) procToCalls(proc) += node procToCallers(targetProc) += node @@ -836,7 +853,7 @@ class ProgramCfgFactory: }) cfg.addEdge(noReturn, funcExitNode) } - case iCall: IndirectCall => { + case iCall: IndirectCall => Logger.info(s"Indirect call found: $iCall in ${proc.name}") // Branch to this call @@ -852,7 +869,7 @@ class ProgramCfgFactory: val returnNode = CfgProcedureReturnNode() cfg.addEdge(jmpNode, returnNode) cfg.addEdge(returnNode, funcExitNode) - return; + return } // Jump to return location @@ -872,8 +889,7 @@ class ProgramCfgFactory: cfg.addEdge(jmpNode, noReturn) cfg.addEdge(noReturn, funcExitNode) } - } - case _ => assert(false, s"unexpected jump encountered, jumps: ${jmps}") + case _ => assert(false, s"unexpected jump encountered, jumps: $jmps") } // `jmps.head` match } // `visitJumps` function } // `visitBlocks` function @@ -943,10 +959,10 @@ class ProgramCfgFactory: */ private def inlineProcedureCalls(procNodes: Set[CfgCommandNode], inlineAmount: Int): Set[CfgCommandNode] = { assert(inlineAmount >= 0) - Logger.info(s"[+] Inlining ${procNodes.size} leaf call nodes with ${inlineAmount} level(s) left") + Logger.info(s"[+] Inlining ${procNodes.size} leaf call nodes with $inlineAmount level(s) left") if (inlineAmount == 0 || procNodes.isEmpty) { - return procNodes; + return procNodes } // Set of procedure calls to be discovered by inlining the ones in `procNodes` @@ -957,20 +973,15 @@ class ProgramCfgFactory: case targetCall: DirectCall => // Retrieve information about the call to the target procedure val targetProc: Procedure = targetCall.target - val targetCond: Expr = targetCall.condition match { - case Some(c) => c - case None => TrueLiteral - } - val (procEntry, procExit) = cloneProcedureCFG(targetProc) // Add link between call node and the procedure's `Entry`. - cfg.addInlineEdge(procNode, procEntry, targetCond) + cfg.addInlineEdge(procNode, procEntry) // Link the procedure's `Exit` to the return point. There should only be one. assert( procNode.succ(intra = true).size == 1, - s"More than 1 return node... ${procNode} has ${procNode.succ(intra = true)}" + s"More than 1 return node... $procNode has ${procNode.succ(intra = true)}" ) val returnNode = procNode.succ(intra = true).head cfg.addInlineEdge(procExit, returnNode) @@ -988,7 +999,7 @@ class ProgramCfgFactory: Logger.info(s"[+] Unifyig ${procNodes.size} leaf call nodest") if (procNodes.isEmpty) { - return procNodes; + return procNodes } // Set of procedure calls to be discovered by unifying the ones in `procNodes` @@ -998,20 +1009,16 @@ class ProgramCfgFactory: procNode.data match { case targetCall: DirectCall => // Retrieve information about the call to the target procedure val targetProc: Procedure = targetCall.target - val targetCond: Expr = targetCall.condition match { - case Some(c) => c - case None => TrueLiteral - } val (procEntry, procExit) = procToCfg(targetProc) // Add link between call node and the procedure's `Entry`. - cfg.addInlineEdge(procNode, procEntry, targetCond) + cfg.addInlineEdge(procNode, procEntry) // Link the procedure's `Exit` to the return point. There should only be one. assert( procNode.succ(intra = true).size == 1, - s"More than 1 return node... ${procNode} has ${procNode.succ(intra = true)}" + s"More than 1 return node... $procNode has ${procNode.succ(intra = true)}" ) val returnNode = procNode.succ(intra = true).head cfg.addInlineEdge(procExit, returnNode) @@ -1041,7 +1048,7 @@ class ProgramCfgFactory: callToNodes += (newEntry -> mutable.Set[CfgCommandNode]()) // Entry is guaranteed to only have one successor (by our cfg design) - var currNode: CfgNode = entryNode.succ(intra = true).head + val currNode: CfgNode = entryNode.succ(intra = true).head visitNode(currNode, newEntry, TrueLiteral) /** Walk this proc's cfg until we reach the exit node on each branch. We do this recursively, tracking the previous @@ -1111,17 +1118,12 @@ class ProgramCfgFactory: callNode.data match { case targetCall: DirectCall => val targetProc: Procedure = targetCall.target - val targetCond: Expr = targetCall.condition match { - case Some(c) => c - case None => TrueLiteral - } - // We don't care about returns, as this is context dependent. It is up to the caller // (in our case, the analyses) to keep track of context so that it knows where to return to // at the exit of the target procedure val (targetEntry: CfgFunctionEntryNode, _) = procToCfg(targetProc) - cfg.addInterprocCallEdge(callNode, targetEntry, targetCond) + cfg.addInterprocCallEdge(callNode, targetEntry) case _ => } } diff --git a/src/main/scala/analysis/MemoryModelMap.scala b/src/main/scala/analysis/MemoryModelMap.scala index f5d3c5f55..b68b353b7 100644 --- a/src/main/scala/analysis/MemoryModelMap.scala +++ b/src/main/scala/analysis/MemoryModelMap.scala @@ -46,7 +46,7 @@ class MemoryModelMap { def convertMemoryRegions(memoryRegions: Map[CfgNode, Set[MemoryRegion]], externalFunctions: Map[BigInt, String]): Unit = { // map externalFunctions name, value to DataRegion(name, value) and then sort by value - val externalFunctionRgns = externalFunctions.map((offset, name) => DataRegion(name, BitVecLiteral(offset, 64), None)) + val externalFunctionRgns = externalFunctions.map((offset, name) => DataRegion(name, BitVecLiteral(offset, 64))) // get all function exit node val exitNodes = memoryRegions.keys.collect { case e: CfgFunctionExitNode => e } @@ -54,16 +54,16 @@ class MemoryModelMap { val node = memoryRegions(exitNode) // for each function exit node we get the memory region and add it to the mapping - val stackRgns = node.collect { case r: StackRegion => r }.toList.sortBy(_.start.asInstanceOf[BitVecLiteral].value) + val stackRgns = node.collect { case r: StackRegion => r }.toList.sortBy(_.start.value) val dataRgns = node.collect { case r: DataRegion => r } // add externalFunctionRgn to dataRgns and sort by value - val allDataRgns = (dataRgns ++ externalFunctionRgns).toList.sortBy(_.start.asInstanceOf[BitVecLiteral].value) + val allDataRgns = (dataRgns ++ externalFunctionRgns).toList.sortBy(_.start.value) allStacks(exitNode.data.name) = stackRgns for (dataRgn <- allDataRgns) { - add(dataRgn.start.asInstanceOf[BitVecLiteral].value, dataRgn) + add(dataRgn.start.value, dataRgn) } ) } @@ -72,7 +72,7 @@ class MemoryModelMap { contextStack.push(allStacks(funName)) rangeMap.stackMap.clear() for (stackRgn <- contextStack.top) { - add(stackRgn.start.asInstanceOf[BitVecLiteral].value, stackRgn) + add(stackRgn.start.value, stackRgn) } } @@ -81,7 +81,7 @@ class MemoryModelMap { contextStack.pop() rangeMap.stackMap.clear() for (stackRgn <- contextStack.top) { - add(stackRgn.start.asInstanceOf[BitVecLiteral].value, stackRgn) + add(stackRgn.start.value, stackRgn) } } } @@ -99,10 +99,10 @@ class MemoryModelMap { def findStackObject(value: BigInt): Option[StackRegion] = - rangeMap.stackMap.find((range, _) => (range.start <= value && value <= range.end)).map((range, obj) => {obj.extent = Some(range); obj}); + rangeMap.stackMap.find((range, _) => range.start <= value && value <= range.end).map((range, obj) => {obj.extent = Some(range); obj}); def findDataObject(value: BigInt): Option[DataRegion] = - rangeMap.dataMap.find((range, _) => (range.start <= value && value <= range.end)).map((range, obj) => {obj.extent = Some(range); obj}); + rangeMap.dataMap.find((range, _) => range.start <= value && value <= range.end).map((range, obj) => {obj.extent = Some(range); obj}); override def toString: String = s"Stack: ${rangeMap.stackMap}\n Heap: ${rangeMap.heapMap}\n Data: ${rangeMap.dataMap}\n" diff --git a/src/main/scala/analysis/SteensgaardAnalysis.scala b/src/main/scala/analysis/SteensgaardAnalysis.scala index 9b7e4f9a3..d2d771ea2 100644 --- a/src/main/scala/analysis/SteensgaardAnalysis.scala +++ b/src/main/scala/analysis/SteensgaardAnalysis.scala @@ -20,7 +20,7 @@ class SteensgaardAnalysis(program: Program, constantPropResult: Map[CfgNode, Map val constantPropResult2: Map[CfgNode, Map[Variable, ConstantPropagationLattice.Element]] = constantPropResult - constantPropResult2.values.foreach(v => Logger.info(s"${v}")) + constantPropResult2.values.foreach(v => Logger.info(s"$v")) /** @inheritdoc */ @@ -29,7 +29,7 @@ class SteensgaardAnalysis(program: Program, constantPropResult: Map[CfgNode, Map visit(program, ()) def dump_file(content: ArrayBuffer[String], name: String): Unit = { - val outFile = File(s"${name}") + val outFile = File(s"$name") val pw = PrintWriter(outFile, "UTF-8") for (s <- content) { pw.append(s + "\n") } pw.close() diff --git a/src/main/scala/analysis/UtilMethods.scala b/src/main/scala/analysis/UtilMethods.scala index 3b76466c0..d72acd22d 100644 --- a/src/main/scala/analysis/UtilMethods.scala +++ b/src/main/scala/analysis/UtilMethods.scala @@ -11,42 +11,42 @@ import util.Logger * @return: * The evaluated expression (e.g. 0x69632) */ -def evaluateExpression(exp: Expr, n: CfgNode, constantPropResult: Map[Variable, ConstantPropagationLattice.Element]): Expr = { +def evaluateExpression(exp: Expr, constantPropResult: Map[Variable, ConstantPropagationLattice.FlatElement]): Option[BitVecLiteral] = { Logger.debug(s"evaluateExpression: $exp") exp match { case binOp: BinaryExpr => - val lhs = evaluateExpression(binOp.arg1, n, constantPropResult) - val rhs = evaluateExpression(binOp.arg2, n, constantPropResult) + val lhs = evaluateExpression(binOp.arg1, constantPropResult) + val rhs = evaluateExpression(binOp.arg2, constantPropResult) (lhs, rhs) match { - case (l: BitVecLiteral, r: BitVecLiteral) => + case (Some(l: BitVecLiteral), Some(r: BitVecLiteral)) => binOp.op match { - case BVADD => BitVectorEval.smt_bvadd(l, r) - case BVSUB => BitVectorEval.smt_bvsub(l, r) - case BVASHR => BitVectorEval.smt_bvashr(l, r) - case BVCOMP => BitVectorEval.smt_bvcomp(l, r) + case BVADD => Some(BitVectorEval.smt_bvadd(l, r)) + case BVSUB => Some(BitVectorEval.smt_bvsub(l, r)) + case BVASHR => Some(BitVectorEval.smt_bvashr(l, r)) + case BVCOMP => Some(BitVectorEval.smt_bvcomp(l, r)) case _ => throw new RuntimeException("Binary operation support not implemented: " + binOp.op) } - case _ => exp + case _ => None } case extend: ZeroExtend => - evaluateExpression(extend.body, n, constantPropResult) match { - case literal: Literal => BitVectorEval.smt_zero_extend(extend.extension, literal) - case _ => exp + evaluateExpression(extend.body, constantPropResult) match { + case Some(b: BitVecLiteral) => Some(BitVectorEval.smt_zero_extend(extend.extension, b)) + case None => None } case e: Extract => - evaluateExpression(e.body, n, constantPropResult) match { - case literal: Literal => BitVectorEval.boogie_extract(e.end, e.start, literal) - case _ => exp + evaluateExpression(e.body, constantPropResult) match { + case Some(b: BitVecLiteral) => Some(BitVectorEval.boogie_extract(e.end, e.start, b)) + case None => None } case variable: Variable => - val nodeResult = constantPropResult - nodeResult(variable) match { - case ConstantPropagationLattice.FlatElement.FlatEl(value) => value.asInstanceOf[BitVecLiteral] - case ConstantPropagationLattice.FlatElement.Top => variable - case ConstantPropagationLattice.FlatElement.Bot => variable + constantPropResult(variable) match { + case ConstantPropagationLattice.FlatElement.FlatEl(value) => Some(value.asInstanceOf[BitVecLiteral]) + case ConstantPropagationLattice.FlatElement.Top => None + case ConstantPropagationLattice.FlatElement.Bot => None } + case b: BitVecLiteral => Some(b) case _ => //throw new RuntimeException("ERROR: CASE NOT HANDLED: " + exp + "\n") - exp + None } } diff --git a/src/main/scala/analysis/VSA.scala b/src/main/scala/analysis/VSA.scala index dfae2a804..c83a5ed59 100644 --- a/src/main/scala/analysis/VSA.scala +++ b/src/main/scala/analysis/VSA.scala @@ -10,14 +10,18 @@ import scala.collection.immutable import util.Logger /** ValueSets are PowerSet of possible values */ -trait Value -trait AddressValue(val expr: Expr, val name: String) extends Value +trait Value { + val expr: BitVecLiteral +} +trait AddressValue extends Value { + val name: String +} -case class GlobalAddress(val e: Expr, val n: String) extends AddressValue(e, n) { +case class GlobalAddress(override val expr: BitVecLiteral, override val name: String) extends AddressValue { override def toString: String = "GlobalAddress(" + expr + ", " + name + ")" } -case class LocalAddress(val e: Expr, val n: String) extends AddressValue(e, n) { +case class LocalAddress(override val expr: BitVecLiteral, override val name: String) extends AddressValue { override def toString: String = "LocalAddress(" + expr + ", " + name + ")" } @@ -68,20 +72,18 @@ trait MemoryRegionValueSetAnalysis: } def exprToRegion(expr: Expr, n: CfgNode): Option[MemoryRegion] = { - expr match - case binOp: BinaryExpr => - if (binOp.arg1 == stackPointer) { - val rhs: Expr = evaluateExpression(binOp.arg2, n, constantProp(n)) - mmm.findStackObject(rhs.asInstanceOf[BitVecLiteral].value) - } else { - val evaluation: Expr = evaluateExpression(binOp, n, constantProp(n)) - if (!evaluation.isInstanceOf[BitVecLiteral]) { - return None - } - mmm.findDataObject(evaluation.asInstanceOf[BitVecLiteral].value) + expr match { + case binOp: BinaryExpr if binOp.arg1 == stackPointer => + evaluateExpression(binOp.arg2, constantProp(n)) match { + case Some(b: BitVecLiteral) => mmm.findStackObject(b.value) + case None => None } case _ => - None + evaluateExpression(expr, constantProp(n)) match { + case Some(b: BitVecLiteral) => mmm.findDataObject(b.value) + case None => None + } + } } def getValueType(bitVecLiteral: BitVecLiteral): Value = { @@ -108,41 +110,48 @@ trait MemoryRegionValueSetAnalysis: case localAssign: LocalAssign => localAssign.rhs match case memoryLoad: MemoryLoad => - val region: Option[MemoryRegion] = exprToRegion(memoryLoad.index, n) - region match + exprToRegion(memoryLoad.index, n) match case Some(r: MemoryRegion) => // this is an exception to the rule and only applies to data regions - evaluateExpression(memoryLoad.index, n, constantProp(n)) match - case bitVecLiteral: BitVecLiteral => + evaluateExpression(memoryLoad.index, constantProp(n)) match + case Some(bitVecLiteral: BitVecLiteral) => val m = s + (r -> Set(getValueType(bitVecLiteral))) m + (localAssign.lhs -> m(r)) - case _ => + case None => s + (localAssign.lhs -> s(r)) case None => Logger.warn("could not find region for " + localAssign) s - case e: Expr => { - val evaled = evaluateExpression(e, n, constantProp(n)) - evaled match - case bv: BitVecLiteral => s + (localAssign.lhs -> Set(getValueType(bv))) - case _ => + case e: Expr => + evaluateExpression(e, constantProp(n)) match { + case Some(bv: BitVecLiteral) => s + (localAssign.lhs -> Set(getValueType(bv))) + case None => Logger.warn("could not evaluate expression" + e) s - } + } case memAssign: MemoryAssign => memAssign.rhs.index match case binOp: BinaryExpr => val region: Option[MemoryRegion] = exprToRegion(binOp, n) region match case Some(r: MemoryRegion) => - evaluateExpression(memAssign.rhs.value, n, constantProp(n)) match - case bitVecLiteral: BitVecLiteral => - return s + (r -> Set(getValueType(bitVecLiteral))) - case variable: Variable => // constant prop returned BOT OR TOP. Merge regions because RHS could be a memory loaded address - return s + (r -> s(variable)) - - case _ => Logger.warn("Too Complex or Wrapped i.e. Extract(Variable)") // do nothing - s + val storeValue = memAssign.rhs.value + evaluateExpression(storeValue, constantProp(n)) match + case Some(bitVecLiteral: BitVecLiteral) => + s + (r -> Set(getValueType(bitVecLiteral))) + /* + // TODO constant prop returned BOT OR TOP. Merge regions because RHS could be a memory loaded address + case variable: Variable => + s + (r -> s(variable)) + */ + case None => + storeValue.match { + case v: Variable => + s + (r -> s(v)) + case _ => + Logger.warn(s"Too Complex: $storeValue") // do nothing + s + } case None => Logger.warn("could not find region for " + memAssign) s diff --git a/src/main/scala/analysis/solvers/FixPointSolver.scala b/src/main/scala/analysis/solvers/FixPointSolver.scala index 064a3c619..6bbe4be53 100644 --- a/src/main/scala/analysis/solvers/FixPointSolver.scala +++ b/src/main/scala/analysis/solvers/FixPointSolver.scala @@ -91,8 +91,8 @@ trait ListSetWorklist[N] extends Worklist[N]: def run(first: Set[N], intra: Boolean) = worklist = new ListSet[N] ++ first - while (worklist.nonEmpty) do - val n = worklist.head; + while worklist.nonEmpty do + val n = worklist.head worklist = worklist.tail process(n, intra) @@ -109,7 +109,7 @@ trait WorklistFixpointSolver[N] extends MapLatticeSolver[N] with ListSetWorklist def process(n: N, intra: Boolean) = val xn = x(n) val y = funsub(n, x, intra) - if (y != xn) then + if y != xn then x += n -> y add(outdep(n, intra)) diff --git a/src/main/scala/bap/BAPStatement.scala b/src/main/scala/bap/BAPStatement.scala index 24f7541fe..6f8ce85aa 100644 --- a/src/main/scala/bap/BAPStatement.scala +++ b/src/main/scala/bap/BAPStatement.scala @@ -1,10 +1,9 @@ package bap -trait BAPJump +sealed trait BAPJump case class BAPDirectCall( target: String, - condition: BAPExpr, returnTarget: Option[String], line: String, instruction: String @@ -12,7 +11,6 @@ case class BAPDirectCall( case class BAPIndirectCall( target: BAPVar, - condition: BAPExpr, returnTarget: Option[String], line: String, instruction: String @@ -20,13 +18,9 @@ case class BAPIndirectCall( case class BAPGoTo(target: String, condition: BAPExpr, line: String, instruction: String) extends BAPJump -trait BAPStatement +sealed trait BAPStatement -case class BAPSkip(line: String, instruction: String) extends BAPStatement { - override def toString: String = "skip;" -} - -trait BAPAssign(lhs: BAPVariable, rhs: BAPExpr, line: String, instruction: String) extends BAPStatement { +sealed trait BAPAssign(lhs: BAPVariable, rhs: BAPExpr, line: String, instruction: String) extends BAPStatement { override def toString: String = String.format("%s := %s;", lhs, rhs) } @@ -35,17 +29,5 @@ trait BAPAssign(lhs: BAPVariable, rhs: BAPExpr, line: String, instruction: Strin case class BAPMemAssign(lhs: BAPMemory, rhs: BAPStore, line: String, instruction: String, address: Option[Int] = None) extends BAPAssign(lhs, rhs, line, instruction) -/* -case object BAPMemAssign { - def init(lhs: BAPMemory, rhs: BAPStore, line: String, instruction: String): BAPMemAssign = { - if (rhs.memory.name == "stack") { - BAPMemAssign(lhs.copy(name = "stack"), rhs, line, instruction) - } else { - BAPMemAssign(lhs, rhs, line, instruction) - } - } -} - */ - case class BAPLocalAssign(lhs: BAPVar, rhs: BAPExpr, line: String, instruction: String, address: Option[Int] = None) extends BAPAssign(lhs, rhs, line, instruction) diff --git a/src/main/scala/boogie/BCmd.scala b/src/main/scala/boogie/BCmd.scala index fdd088303..fd4fc5335 100644 --- a/src/main/scala/boogie/BCmd.scala +++ b/src/main/scala/boogie/BCmd.scala @@ -95,8 +95,8 @@ case class IfCmd(guard: BExpr, thenCmds: List[BCmd], comment: Option[String] = N override def globals: Set[BVar] = guard.globals ++ thenCmds.flatMap(c => c.globals).toSet } -case class GoToCmd(destination: String, comment: Option[String] = None) extends BCmd { - override def toString: String = s"goto $destination;" +case class GoToCmd(destinations: Seq[String], comment: Option[String] = None) extends BCmd { + override def toString: String = s"goto ${destinations.mkString(", ")};" } case object ReturnCmd extends BCmd { diff --git a/src/main/scala/boogie/BExpr.scala b/src/main/scala/boogie/BExpr.scala index 03b982870..2c5dd37b7 100644 --- a/src/main/scala/boogie/BExpr.scala +++ b/src/main/scala/boogie/BExpr.scala @@ -273,7 +273,6 @@ case class BinaryBExpr(op: BinOp, arg1: BExpr, arg2: BExpr) extends BExpr { BitVecBType(1) } else { throw new Exception("bitvector size mismatch") - BitVecBType(1) } case BVULT | BVULE | BVUGT | BVUGE | BVSLT | BVSLE | BVSGT | BVSGE => if (bv1.size == bv2.size) { diff --git a/src/main/scala/cfg_visualiser/DotTools.scala b/src/main/scala/cfg_visualiser/DotTools.scala index d6179c7c7..d50897b44 100644 --- a/src/main/scala/cfg_visualiser/DotTools.scala +++ b/src/main/scala/cfg_visualiser/DotTools.scala @@ -11,6 +11,24 @@ object IDGenerator { } } +def wrap(input: String, width: Integer = 20): String = + if (input.length() <= width) { + input + } else { + var splitPoint = width; + while (input.charAt(splitPoint).isLetterOrDigit && splitPoint > width / 2) { + // search backwards for a non alphanumeric charcter to split on + splitPoint -= 1 + } + if (input.charAt(splitPoint).isLetterOrDigit) { + // didn't find a character to split on + splitPoint = width; + } + val line = input.substring(0, splitPoint) + line + "\\l" + wrap(input.substring(splitPoint), width) + } + + /** Super-class for elements of a Graphviz dot file. */ abstract class DotElement { @@ -33,7 +51,7 @@ class DotNode(val id: String, val label: String) extends DotElement { override def toString: String = toDotString def toDotString: String = - s"\"${id}\"" + "[label=\"" + label + "\"]" + s"\"$id\"" + "[label=\"" + wrap(label, 80) + "\"]" } @@ -51,7 +69,7 @@ class DotArrow( def equals(other: DotArrow): Boolean = toDotString.equals(other.toDotString) def toDotString: String = - s"\"${fromNode.id}\" ${arrow} \"${toNode.id}\"[label=\"${label}\", style=\"${style}\", color=\"${colour}\"]" + s"\"${fromNode.id}\" $arrow \"${toNode.id}\"[label=\"$label\", style=\"$style\", color=\"$colour\"]" } /** Represents a directed edge between two regular cfg nodes in a Graphviz dot file. @@ -116,6 +134,5 @@ class DotGraph(val title: String, val nodes: Iterable[DotNode], val edges: Itera override def toString: String = toDotString - def toDotString: String = - "digraph " + title + "{" + (nodes ++ edges).foldLeft("")((str, elm) => str + elm.toDotString + "\n") + "}" + def toDotString: String = "digraph " + title + " {\n" + (nodes ++ edges).foldLeft("")((str, elm) => str + elm.toDotString + "\n") + "}" } diff --git a/src/main/scala/cfg_visualiser/Output.scala b/src/main/scala/cfg_visualiser/Output.scala index 9e74f2335..e75b3ef29 100644 --- a/src/main/scala/cfg_visualiser/Output.scala +++ b/src/main/scala/cfg_visualiser/Output.scala @@ -7,71 +7,6 @@ import analysis._ */ object Output { - /** Generate an output to a file. - * @param file - * the output file - * @param kind - * output kind (determines the file name suffix) - * @param outFolder - * the output directory - */ - def output(kind: OutputKind, content: String, fileName: String): Unit = { - val extension = kind match { - case OtherOutput(OutputKindE.`cfg`) => "_cfg.dot" - case OtherOutput(OutputKindE.`icfg`) => "_icfg.dot" -// case DataFlowOutput(k) => -// s"_$k.dot" - case _ => ??? - } - val outFile = new File(s"${fileName}.dot") - val pw = new PrintWriter(outFile, "UTF-8") - pw.write(content) - pw.close() - } - - /** Escapes special characters in the given string. Special characters are all Unicode chars except 0x20-0x7e but - * including \, ", {, and }. - */ - def escape(s: String): String = { - if (s == null) - return null - val b = new StringBuilder() - for (i <- 0 until s.length) { - val c = s.charAt(i) - c match { - case '"' => - b.append("\\\"") - case '\\' => - b.append("\\\\") - case '\b' => - b.append("\\b") - case '\t' => - b.append("\\t") - case '\n' => - b.append("\\n") - case '\r' => - b.append("\\r") - case '\f' => - b.append("\\f") - case '<' => - b.append("\\<") - case '>' => - b.append("\\>") - case '{' => - b.append("\\{") - case '}' => - b.append("\\}") - case _ => - if (c >= 0x20 && c <= 0x7e) - b.append(c) - else { - b.append("\\%04X".format(c.toInt)) - } - } - } - b.toString() - } - /** Helper function for producing string output for a control-flow graph node after an analysis. * @param res * map from control-flow graph nodes to strings, as produced by the analysis @@ -91,26 +26,12 @@ object Output { */ def dotIder(n: CfgNode, uniqueId: Int): String = n match { - case real: CfgCommandNode => s"real${real.data}_${uniqueId}" - case entry: CfgFunctionEntryNode => s"entry${entry.data}_${uniqueId}" - case exit: CfgFunctionExitNode => s"exit${exit.data}_${uniqueId}" - case ret: CfgProcedureReturnNode => s"return_${uniqueId}" - case noCallRet: CfgCallNoReturnNode => s"callnoreturn_${uniqueId}" - case callRet: CfgCallReturnNode => s"callreturn_${uniqueId}" + case real: CfgCommandNode => s"real${real.data}_$uniqueId" + case entry: CfgFunctionEntryNode => s"entry${entry.data}_$uniqueId" + case exit: CfgFunctionExitNode => s"exit${exit.data}_$uniqueId" + case ret: CfgProcedureReturnNode => s"return_$uniqueId" + case noCallRet: CfgCallNoReturnNode => s"callnoreturn_$uniqueId" + case callRet: CfgCallReturnNode => s"callreturn_$uniqueId" case _ => ??? } -} - -/** Different kinds of output (determine output file names). - */ -object OutputKindE extends Enumeration { - val cfg, icfg = Value -} - -sealed trait OutputKind - -/** Other output kinds (for other processing phases than the actual analysis). - */ -case class OtherOutput(kind: OutputKindE.Value) extends OutputKind { - override def toString: String = kind.toString -} +} \ No newline at end of file diff --git a/src/main/scala/ir/Interpreter.scala b/src/main/scala/ir/Interpreter.scala index 96b32e71a..be4fe3b85 100644 --- a/src/main/scala/ir/Interpreter.scala +++ b/src/main/scala/ir/Interpreter.scala @@ -195,21 +195,11 @@ class Interpreter() { } case dc: DirectCall => Logger.debug(s"$dc") - dc.condition match { - case Some(value) => - eval(value, regs) match { - case TrueLiteral => - interpretProcedure(dc.target) - break - case FalseLiteral => - } - case None => - interpretProcedure(dc.target) - break - } + interpretProcedure(dc.target) + break case ic: IndirectCall => Logger.debug(s"$ic") - if (ic.target == Register("R30", BitVecType(64)) & ic.condition.isEmpty & ic.returnTarget.isEmpty) { + if (ic.target == Register("R30", BitVecType(64)) & ic.returnTarget.isEmpty) { nextBlock = None break } else { @@ -259,7 +249,7 @@ class Interpreter() { val start = im.address.max(currentAddress) val data = if (im.address < currentAddress) im.bytes.slice(currentAddress - im.address, im.size) else im.bytes data.zipWithIndex.foreach { (byte, index) => - mems(start + index) = byte.asInstanceOf[BitVecLiteral] + mems(start + index) = byte } currentAddress = im.address + im.size } diff --git a/src/main/scala/ir/Program.scala b/src/main/scala/ir/Program.scala index fcb5c4a33..c14ff8661 100644 --- a/src/main/scala/ir/Program.scala +++ b/src/main/scala/ir/Program.scala @@ -14,7 +14,7 @@ class Program(var procedures: ArrayBuffer[Procedure], var mainProcedure: Procedu var next = mainProcedure.name var reachableNames: Set[String] = Set(next) var toVisit: List[String] = List() - var reachableFound = true; + var reachableFound = true while (reachableFound) { val children = functionToChildren(next) -- reachableNames -- toVisit - next reachableNames = reachableNames ++ children @@ -175,6 +175,7 @@ class Procedure( case g: GoTo => visitBlock(g.target) case d: DirectCall => d.returnTarget.foreach(visitBlock) case i: IndirectCall => i.returnTarget.foreach(visitBlock) + case n: NonDetGoTo => n.targets.foreach(visitBlock) } } } diff --git a/src/main/scala/ir/Statement.scala b/src/main/scala/ir/Statement.scala index ff614c89e..07a65fe4b 100644 --- a/src/main/scala/ir/Statement.scala +++ b/src/main/scala/ir/Statement.scala @@ -1,7 +1,11 @@ package ir trait Command { - def label: Option[String] + val label: Option[String] + def labelStr: String = label match { + case Some(s) => s"$s: " + case None => "" + } } trait Statement extends Command { @@ -18,7 +22,7 @@ class LocalAssign(var lhs: Variable, var rhs: Expr, override val label: Option[S case r: Register => Set(r) case _ => Set() } - override def toString: String = s"$lhs := $rhs" + override def toString: String = s"$labelStr$lhs := $rhs" override def acceptVisit(visitor: Visitor): Statement = visitor.visitLocalAssign(this) } @@ -28,47 +32,47 @@ object LocalAssign: class MemoryAssign(var lhs: Memory, var rhs: MemoryStore, override val label: Option[String] = None) extends Statement { override def modifies: Set[Global] = Set(lhs) //override def locals: Set[Variable] = rhs.locals - override def toString: String = s"$lhs := $rhs" + override def toString: String = s"$labelStr$lhs := $rhs" override def acceptVisit(visitor: Visitor): Statement = visitor.visitMemoryAssign(this) } object MemoryAssign: def unapply(m: MemoryAssign): Option[(Memory, MemoryStore, Option[String])] = Some(m.lhs, m.rhs, m.label) -case object NOP extends Statement { - override def label: Option[String] = None - override def toString: String = "" +case class NOP(override val label: Option[String] = None) extends Statement { + override def toString: String = s"$labelStr" override def acceptVisit(visitor: Visitor): Statement = this } -class Assume(var body: Expr, var comment: Option[String], override val label: Option[String] = None) extends Statement { - override def toString: String = s"assume $body" + comment.map(" //" + _) - override def acceptVisit(visitor: Visitor): Statement = visitor.visitAssume(this) -} - -object Assume: - def unapply(a: Assume): Option[(Expr, Option[String], Option[String])] = Some(a.body, a.comment, a.label) - -class Assert(var body: Expr, var comment: Option[String], override val label: Option[String] = None) extends Statement { - override def toString: String = s"assert $body" + comment.map(" //" + _) +class Assert(var body: Expr, var comment: Option[String] = None, override val label: Option[String] = None) extends Statement { + override def toString: String = s"${labelStr}assert $body" + comment.map(" //" + _) override def acceptVisit(visitor: Visitor): Statement = visitor.visitAssert(this) } object Assert: def unapply(a: Assert): Option[(Expr, Option[String], Option[String])] = Some(a.body, a.comment, a.label) +class Assume(var body: Expr, var comment: Option[String] = None, override val label: Option[String] = None) extends Statement { + override def toString: String = s"${labelStr}assume $body" + comment.map(" //" + _) + override def acceptVisit(visitor: Visitor): Statement = visitor.visitAssume(this) +} + +object Assume: + def unapply(a: Assume): Option[(Expr, Option[String], Option[String])] = Some(a.body, a.comment, a.label) + trait Jump extends Command { def modifies: Set[Global] = Set() //def locals: Set[Variable] = Set() def calls: Set[Procedure] = Set() def acceptVisit(visitor: Visitor): Jump = throw new Exception("visitor " + visitor + " unimplemented for: " + this) } + class GoTo(var target: Block, var condition: Option[Expr], override val label: Option[String] = None) extends Jump { /* override def locals: Set[Variable] = condition match { case Some(c) => c.locals case None => Set() } */ - override def toString: String = s"GoTo(${target.label}, $condition)" + override def toString: String = s"${labelStr}GoTo(${target.label}, $condition)" override def acceptVisit(visitor: Visitor): Jump = visitor.visitGoTo(this) } @@ -76,28 +80,32 @@ class GoTo(var target: Block, var condition: Option[Expr], override val label: O object GoTo: def unapply(g: GoTo): Option[(Block, Option[Expr], Option[String])] = Some(g.target, g.condition, g.label) -class DirectCall(var target: Procedure, var condition: Option[Expr], var returnTarget: Option[Block], override val label: Option[String] = None) extends Jump { +class NonDetGoTo(var targets: Seq[Block], override val label: Option[String] = None) extends Jump { + override def toString: String = s"${labelStr}NonDetGoTo(${targets.map(_.label).mkString(", ")})" + override def acceptVisit(visitor: Visitor): Jump = visitor.visitNonDetGoTo(this) +} + +class DirectCall(var target: Procedure, var returnTarget: Option[Block], override val label: Option[String] = None) extends Jump { /* override def locals: Set[Variable] = condition match { case Some(c) => c.locals case None => Set() } */ override def calls: Set[Procedure] = Set(target) - override def toString: String = s"DirectCall(${target.name}, $condition, ${returnTarget.map(_.label)})" + override def toString: String = s"${labelStr}DirectCall(${target.name}, ${returnTarget.map(_.label)})" override def acceptVisit(visitor: Visitor): Jump = visitor.visitDirectCall(this) } object DirectCall: - def unapply(i: DirectCall): Option[(Procedure, Option[Expr], Option[Block], Option[String])] = Some(i.target, i.condition, i.returnTarget, i.label) + def unapply(i: DirectCall): Option[(Procedure, Option[Block], Option[String])] = Some(i.target, i.returnTarget, i.label) -class IndirectCall(var target: Variable, var condition: Option[Expr], var returnTarget: Option[Block], - override val label: Option[String] = None) extends Jump { +class IndirectCall(var target: Variable, var returnTarget: Option[Block], override val label: Option[String] = None) extends Jump { /* override def locals: Set[Variable] = condition match { case Some(c) => c.locals + target case None => Set(target) } */ - override def toString: String = s"IndirectCall($target, $condition, ${returnTarget.map(_.label)})" + override def toString: String = s"${labelStr}IndirectCall($target, ${returnTarget.map(_.label)})" override def acceptVisit(visitor: Visitor): Jump = visitor.visitIndirectCall(this) } object IndirectCall: - def unapply(i: IndirectCall): Option[(Variable, Option[Expr], Option[Block], Option[String])] = Some(i.target, i.condition, i.returnTarget, i.label) \ No newline at end of file + def unapply(i: IndirectCall): Option[(Variable, Option[Block], Option[String])] = Some(i.target, i.returnTarget, i.label) \ No newline at end of file diff --git a/src/main/scala/ir/Visitor.scala b/src/main/scala/ir/Visitor.scala index fa88da27f..c121bfc4b 100644 --- a/src/main/scala/ir/Visitor.scala +++ b/src/main/scala/ir/Visitor.scala @@ -38,13 +38,15 @@ abstract class Visitor { node } + def visitNonDetGoTo(node: NonDetGoTo): Jump = { + node + } + def visitDirectCall(node: DirectCall): Jump = { - node.condition = node.condition.map(visitExpr) node } def visitIndirectCall(node: IndirectCall): Jump = { - node.condition = node.condition.map(visitExpr) node.target = visitVariable(node.target) node } @@ -213,17 +215,14 @@ abstract class ReadOnlyVisitor extends Visitor { } override def visitGoTo(node: GoTo): Jump = { - node.condition.map(visitExpr) node } override def visitDirectCall(node: DirectCall): Jump = { - node.condition.map(visitExpr) node } override def visitIndirectCall(node: IndirectCall): Jump = { - node.condition.map(visitExpr) visitVariable(node.target) node } diff --git a/src/main/scala/translating/BAPLoader.scala b/src/main/scala/translating/BAPLoader.scala index 979fdafb8..0bed4383a 100644 --- a/src/main/scala/translating/BAPLoader.scala +++ b/src/main/scala/translating/BAPLoader.scala @@ -113,7 +113,8 @@ object BAPLoader { } val line = visitQuoteString(ctx.tid.name) val insn = parseFromAttrs(ctx.attrs, "insn").getOrElse("") - BAPIndirectCall(visitImmVar(ctx.callee.immVar), visitExp(ctx.cond), returnTarget, line, insn) + checkCondition(ctx.cond, ctx) + BAPIndirectCall(visitImmVar(ctx.callee.immVar), returnTarget, line, insn) } def visitDirectCall(ctx: DirectCallContext): BAPDirectCall = { @@ -123,15 +124,24 @@ object BAPLoader { } val line = visitQuoteString(ctx.tid.name) val insn = parseFromAttrs(ctx.attrs, "insn").getOrElse("") + checkCondition(ctx.cond, ctx) BAPDirectCall( parseAllowed(visitQuoteString(ctx.callee.tid.name).stripPrefix("@")), - visitExp(ctx.cond), returnTarget, line, insn ) } + def checkCondition(condition: ExpContext, ctx: JmpContext): Unit = { + val conditionParsed = visitExp(condition) + if (conditionParsed != BAPLiteral(1, 1)) { + // If this is thrown then we have will have to actually support BAP giving calls (as opposed to gotos). + // This is not something that it seems like the ARM64 instruction set should produce. + throw BAPCallConditionParsingException(s"Error parsing BAP at \"${ctx.getText}\": call contains non-true condition: \"${condition.getText}\", parsed as $conditionParsed") + } + } + def visitGotoJmp(ctx: GotoJmpContext): BAPGoTo = { val line = visitQuoteString(ctx.tid.name) val insn = parseFromAttrs(ctx.attrs, "insn").getOrElse("") @@ -270,4 +280,13 @@ object BAPLoader { val allowedChars: Set[Char] = Set('_', '\'', '~', '#', '$', '^', '_', '.', '?', '`') ++ ('A' to 'Z') ++ ('a' to 'z') ++ ('0' to '9') + class BAPCallConditionParsingException(message: String) + extends Exception(message) { + + def this(message: String, cause: Throwable) = { + this(message) + initCause(cause) + } + } + } diff --git a/src/main/scala/translating/BAPToIR.scala b/src/main/scala/translating/BAPToIR.scala index 0243400d1..1ba1099d6 100644 --- a/src/main/scala/translating/BAPToIR.scala +++ b/src/main/scala/translating/BAPToIR.scala @@ -62,23 +62,19 @@ class BAPToIR(var program: BAPProgram, mainAddress: Int) { private def translate(s: BAPStatement) = s match { case b: BAPMemAssign => MemoryAssign(b.lhs.toIR, b.rhs.toIR, Some(b.line)) case b: BAPLocalAssign => LocalAssign(b.lhs.toIR, b.rhs.toIR, Some(b.line)) - case _ => throw new Exception("unsupported statement: " + s) } private def translate(j: BAPJump) = j match { case b: BAPDirectCall => DirectCall( nameToProcedure(b.target), - coerceToBool(b.condition), - b.returnTarget.map { (t: String) => labelToBlock(t) }, + b.returnTarget.map(t => labelToBlock(t)), Some(b.line) ) case b: BAPIndirectCall => - IndirectCall(b.target.toIR, coerceToBool(b.condition), b.returnTarget.map { (t: String) => labelToBlock(t) }, Some(b.line)) + IndirectCall(b.target.toIR, b.returnTarget.map(t => labelToBlock(t)), Some(b.line)) case b: BAPGoTo => GoTo(labelToBlock(b.target), coerceToBool(b.condition), Some(b.line)) - case _ => - throw new Exception("unsupported jump: " + j) } /* diff --git a/src/main/scala/translating/ILtoIL.scala b/src/main/scala/translating/ILtoIL.scala index d0aad93f5..18cfa8d57 100644 --- a/src/main/scala/translating/ILtoIL.scala +++ b/src/main/scala/translating/ILtoIL.scala @@ -12,7 +12,7 @@ private class ILSerialiser extends ReadOnlyVisitor { def blockIdentifier(block: Block): String = { val i = block.address match { - case Some(addr) => f"${addr}:${block.label}" + case Some(addr) => f"$addr:${block.label}" case None => f"?:${block.label}" } s"\"$i\"" @@ -20,7 +20,7 @@ private class ILSerialiser extends ReadOnlyVisitor { def procedureIdentifier(proc: Procedure): String = { val i = proc.address match { - case Some(addr) => f"${addr}:${proc.name}" + case Some(addr) => f"$addr:${proc.name}" case None => f"?:${proc.name}" } s"\"$i\"" @@ -76,9 +76,6 @@ private class ILSerialiser extends ReadOnlyVisitor { program ++= "DirectCall(" program ++= procedureIdentifier(node.target) program ++= ", " - program ++= "condition(" - node.condition.map(visitExpr) - program ++= ")" // Condition program ++= ")" // DirectCall node } @@ -87,9 +84,6 @@ private class ILSerialiser extends ReadOnlyVisitor { program ++= "IndirectCall(" visitVariable(node.target) program ++= ", " - program ++= "condition(" - node.condition.map(visitExpr) - program ++= ")" // Condition program ++= ")" // IndirectCall node } diff --git a/src/main/scala/translating/IRToBoogie.scala b/src/main/scala/translating/IRToBoogie.scala index dbfcbcb48..a20f63aa6 100644 --- a/src/main/scala/translating/IRToBoogie.scala +++ b/src/main/scala/translating/IRToBoogie.scala @@ -397,45 +397,32 @@ class IRToBoogie(var program: Program, var spec: Specification) { case d: DirectCall => val call = List(BProcedureCall(d.target.name, List(), List())) val returnTarget = d.returnTarget match { - case Some(r) => List(GoToCmd(r.label)) + case Some(r) => List(GoToCmd(Seq(r.label))) case None => List(Comment("no return target"), BAssume(FalseBLiteral)) } - d.condition match { - case Some(c) => - val guard = c.toBoogie - val guardGamma = c.toGamma - List(BAssert(guardGamma), IfCmd(guard, call ++ returnTarget)) - case None => - call ++ returnTarget - } + call ++ returnTarget case i: IndirectCall => // TODO put this elsewhere - val call: List[BCmd] = if (i.target.name == "R30") { + if (i.target.name == "R30") { List(ReturnCmd) } else { val unresolved: List[BCmd] = List(Comment(s"UNRESOLVED: call ${i.target.name}"), BAssert(FalseBLiteral)) i.returnTarget match { - case Some(r) => unresolved :+ GoToCmd(r.label) + case Some(r) => unresolved :+ GoToCmd(Seq(r.label)) case None => unresolved ++ List(Comment("no return target"), BAssume(FalseBLiteral)) } } - i.condition match { - case Some(c) => - val guard = c.toBoogie - val guardGamma = c.toGamma - List(BAssert(guardGamma), IfCmd(guard, call)) - case None => - call - } case g: GoTo => g.condition match { case Some(c) => val guard = c.toBoogie val guardGamma = c.toGamma - List(BAssert(guardGamma), IfCmd(guard, List(GoToCmd(g.target.label)))) + List(BAssert(guardGamma), IfCmd(guard, List(GoToCmd(Seq(g.target.label))))) case None => - List(GoToCmd(g.target.label)) + List(GoToCmd(Seq(g.target.label))) } + case n: NonDetGoTo => + List(GoToCmd(n.targets.map(_.label))) } def translate(s: Statement): List[BCmd] = s match { @@ -492,5 +479,8 @@ class IRToBoogie(var program: Program, var spec: Specification) { case a: Assert => val body = a.body.toBoogie List(BAssert(body, a.comment)) + case a: Assume => + val body = a.body.toBoogie + List(BAssume(body, a.comment)) } } diff --git a/src/main/scala/translating/SpecificationLoader.scala b/src/main/scala/translating/SpecificationLoader.scala index 9fe6d26cc..968bad056 100644 --- a/src/main/scala/translating/SpecificationLoader.scala +++ b/src/main/scala/translating/SpecificationLoader.scala @@ -361,7 +361,7 @@ case class SpecificationLoader(symbols: Set[SpecGlobal], program: Program) { val params: Map[String, Parameter] = irProc match { case None => Map() case Some(p) => - p.in.map { (p: Parameter) => p.name -> p }.toMap ++ p.out.map { (p: Parameter) => p.name -> p }.toMap + p.in.map(p => p.name -> p).toMap ++ p.out.map(p => p.name -> p).toMap } val requires = ctx.requires.asScala.collect { case r: ParsedRequiresContext => diff --git a/src/main/scala/util/BASILConfig.scala b/src/main/scala/util/BASILConfig.scala index 7b80888a1..ac0e3d5f7 100644 --- a/src/main/scala/util/BASILConfig.scala +++ b/src/main/scala/util/BASILConfig.scala @@ -2,15 +2,14 @@ package util case class ILLoadingConfig(adtFile: String, relfFile: String, specFile: Option[String], dumpIL: Option[String]) case class BoogieGeneratorConfig(memoryFunctionType: BoogieMemoryAccessMode = BoogieMemoryAccessMode.SuccessiveStoreSelect) -case class StaticAnalysisConfig(dumpILToPath: Option[String] = None) +case class StaticAnalysisConfig(dumpILToPath: Option[String] = None, analysisResultsPath: Option[String] = None, analysisDotPath: Option[String] = None) enum BoogieMemoryAccessMode: case SuccessiveStoreSelect, LambdaStoreSelect -case class BASILConfig( - loading: ILLoadingConfig, - runInterpret: Boolean = false, - staticAnalysis: Option[StaticAnalysisConfig] = None, - boogieTranslation: BoogieGeneratorConfig = BoogieGeneratorConfig(), - outputPrefix: String - ) +case class BASILConfig(loading: ILLoadingConfig, + runInterpret: Boolean = false, + staticAnalysis: Option[StaticAnalysisConfig] = None, + boogieTranslation: BoogieGeneratorConfig = BoogieGeneratorConfig(), + outputPrefix: String, + ) diff --git a/src/main/scala/util/RunUtils.scala b/src/main/scala/util/RunUtils.scala index ddffd96ee..4e29d94c0 100644 --- a/src/main/scala/util/RunUtils.scala +++ b/src/main/scala/util/RunUtils.scala @@ -5,26 +5,25 @@ import scala.collection.mutable.ArrayBuffer import scala.collection.mutable.Set as MutableSet import java.io.{File, PrintWriter} import java.io.{BufferedWriter, FileWriter, IOException} -import scala.jdk.CollectionConverters._ -import analysis.solvers._ - -import analysis._ -import cfg_visualiser.{OtherOutput, Output, OutputKindE} -import bap._ -import ir._ -import boogie._ -import specification._ -import Parsers._ +import scala.jdk.CollectionConverters.* +import analysis.solvers.* +import analysis.* +import cfg_visualiser.Output +import bap.* +import ir.* +import boogie.* +import specification.* +import Parsers.* import org.antlr.v4.runtime.tree.ParseTreeWalker import org.antlr.v4.runtime.{CharStreams, CommonTokenStream} -import translating._ +import translating.* import util.Logger +import scala.collection.mutable + object RunUtils { var memoryRegionAnalysisResults: Map[CfgNode, Set[MemoryRegion]] = Map() - var iterations = 0; - // ids reserved by boogie val reserved: Set[String] = Set("free") @@ -65,12 +64,10 @@ object RunUtils { def run(q: BASILConfig): Unit = { Logger.info("[!] Writing file...") val boogieProgram = loadAndTranslate(q) - RunUtils.writeToFile(boogieProgram.toString, (q.outputPrefix)) + writeToFile(boogieProgram.toString, q.outputPrefix) } - def loadAndTranslate( - q: BASILConfig - ): BProgram = { + def loadAndTranslate(q: BASILConfig): BProgram = { /** * Loading phase */ @@ -93,21 +90,11 @@ object RunUtils { IRProgram = externalRemover.visitProgram(IRProgram) IRProgram = renamer.visitProgram(IRProgram) - q.loading.dumpIL match { - case Some(s) => writeToFile(serialiseIL(IRProgram), s + "-before-analysis.il") - case _ => - } - - q.staticAnalysis match { - case Some(analysisConfig) => { - IRProgram = analyse(IRProgram, externalFunctions, globals, globalOffsets) + q.loading.dumpIL.foreach(s => writeToFile(serialiseIL(IRProgram), s"$s-before-analysis.il")) - analysisConfig.dumpILToPath match { - case Some(s) => writeToFile(serialiseIL(IRProgram), s + "-after-analysis.il") - case _ => - } - } - case None => {} + q.staticAnalysis.foreach { analysisConfig => + IRProgram = analyse(IRProgram, externalFunctions, globals, globalOffsets, analysisConfig, 1) + analysisConfig.dumpILToPath.foreach(s => writeToFile(serialiseIL(IRProgram), s"$s-after-analysis.il")) } IRProgram.determineRelevantMemory(globalOffsets) @@ -133,15 +120,16 @@ object RunUtils { IRProgram: Program, externalFunctions: Set[ExternalFunction], globals: Set[SpecGlobal], - globalOffsets: Map[BigInt, BigInt] + globalOffsets: Map[BigInt, BigInt], + config: StaticAnalysisConfig, + iteration: Int ): Program = { - iterations += 1 val subroutines = IRProgram.procedures .filter(p => p.address.isDefined) - .map { (p: Procedure) => BigInt(p.address.get) -> p.name } + .map(p => BigInt(p.address.get) -> p.name) .toMap - val globalAddresses = globals.map { (s: SpecGlobal) => s.address -> s.name }.toMap - val externalAddresses = externalFunctions.map { (e: ExternalFunction) => e.offset -> e.name }.toMap + val globalAddresses = globals.map(s => s.address -> s.name).toMap + val externalAddresses = externalFunctions.map(e => e.offset -> e.name).toMap Logger.info("Globals:") Logger.info(globalAddresses) Logger.info("Global Offsets: ") @@ -153,26 +141,22 @@ object RunUtils { val mergedSubroutines = subroutines ++ externalAddresses - val cfg = ProgramCfgFactory().fromIR(IRProgram, false, 0) + val cfg = ProgramCfgFactory().fromIR(IRProgram) Logger.info("[!] Running Constant Propagation") val constPropSolver = ConstantPropagationAnalysis.WorklistSolver(cfg) val constPropResult: Map[CfgNode, Map[Variable, ConstantPropagationLattice.Element]] = constPropSolver.analyze(true) - Output.output( - OtherOutput(OutputKindE.cfg), - cfg.toDot(Output.labeler(constPropResult, constPropSolver.stateAfterNode), Output.dotIder), - "cpa" - ) + + config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(constPropResult, constPropSolver.stateAfterNode), Output.dotIder), s"${s}_constprop$iteration.dot")) + config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(cfg, constPropResult, iteration), s"${s}_constprop$iteration.txt")) Logger.info("[!] Running MRA") val mraSolver = MemoryRegionAnalysis.WorklistSolver(cfg, globalAddresses, globalOffsets, mergedSubroutines, constPropResult) val mraResult: Map[CfgNode, Set[MemoryRegion]] = mraSolver.analyze(true) memoryRegionAnalysisResults = mraResult - Output.output( - OtherOutput(OutputKindE.cfg), - cfg.toDot(Output.labeler(mraResult, mraSolver.stateAfterNode), Output.dotIder), - "mra" - ) + + config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(mraResult, mraSolver.stateAfterNode), Output.dotIder), s"${s}_mra$iteration.dot")) + config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(cfg, mraResult, iteration), s"${s}_mra$iteration.txt")) Logger.info("[!] Running MMM") val mmm = MemoryModelMap() @@ -182,29 +166,107 @@ object RunUtils { val vsaSolver = ValueSetAnalysis.WorklistSolver(cfg, globalAddresses, externalAddresses, globalOffsets, subroutines, mmm, constPropResult) val vsaResult: Map[CfgNode, Map[Variable | MemoryRegion, Set[Value]]] = vsaSolver.analyze(false) - Output.output( - OtherOutput(OutputKindE.cfg), - cfg.toDot(Output.labeler(vsaResult, vsaSolver.stateAfterNode), Output.dotIder), - "vsa" - ) + + config.analysisDotPath.foreach(s => writeToFile(cfg.toDot(Output.labeler(vsaResult, vsaSolver.stateAfterNode), Output.dotIder), s"${s}_vsa$iteration.dot")) + config.analysisResultsPath.foreach(s => writeToFile(printAnalysisResults(cfg, vsaResult, iteration), s"${s}_vsa$iteration.txt")) Logger.info("[!] Resolving CFG") - val (newIR, modified) = resolveCFG(cfg, vsaResult.asInstanceOf[Map[CfgNode, Map[Variable, Set[Value]]]], IRProgram) + val (newIR, modified): (Program, Boolean) = resolveCFG(cfg, vsaResult, IRProgram) if (modified) { - Logger.info(s"[!] Analysing again (iter $iterations)") - return analyse(newIR, externalFunctions, globals, globalOffsets) + Logger.info(s"[!] Analysing again (iter $iteration)") + return analyse(newIR, externalFunctions, globals, globalOffsets, config, iteration + 1) + } + + config.analysisDotPath.foreach { s => + val newCFG = ProgramCfgFactory().fromIR(newIR) + writeToFile(newCFG.toDot(x => x.toString, Output.dotIder), s"${s}_resolvedCFG.dot") } - val newCFG = ProgramCfgFactory().fromIR(newIR) - Output.output(OtherOutput(OutputKindE.cfg), newCFG.toDot(x => x.toString, Output.dotIder), "resolvedCFG") - Logger.info(s"[!] Finished indirect call resolution after $iterations iterations") + Logger.info(s"[!] Finished indirect call resolution after $iteration iterations") newIR } + def printAnalysisResults(cfg: ProgramCfg, result: Map[CfgNode, _], iteration: Int): String = { + val functionEntries = cfg.nodes.collect { case n: CfgFunctionEntryNode => n }.toSeq.sortBy(_.data.name) + val s = StringBuilder() + s.append(System.lineSeparator()) + for (f <- functionEntries) { + val stack: mutable.Stack[CfgNode] = mutable.Stack() + val visited: mutable.Set[CfgNode] = mutable.Set() + stack.push(f) + var previousBlock: String = "" + var isEntryNode = false + while (stack.nonEmpty) { + val next = stack.pop() + if (!visited.contains(next)) { + visited.add(next) + next.match { + case c: CfgCommandNode => + if (c.block.label != previousBlock) { + printBlock(c) + } + printNode(c) + previousBlock = c.block.label + isEntryNode = false + case c: CfgFunctionEntryNode => + printNode(c) + isEntryNode = true + case c: + CfgCallNoReturnNode => s.append(System.lineSeparator()) + isEntryNode = false + case _ => isEntryNode = false + } + val successors = next.succ(true) + if (successors.size > 1) { + val successorsCmd = successors.collect { case c: CfgCommandNode => c }.toSeq.sortBy(_.data.label) + printGoTo(successorsCmd) + for (s <- successorsCmd) { + if (!visited.contains(s)) { + stack.push(s) + } + } + } else if (successors.size == 1) { + val successor = successors.head + if (!visited.contains(successor)) { + stack.push(successor) + } + successor.match { + case c: CfgCommandNode if (c.block.label != previousBlock) && (!isEntryNode) => printGoTo(Seq(c)) + case _ => + } + } + } + } + s.append(System.lineSeparator()) + } + + def printNode(node: CfgNode): Unit = { + s.append(node) + s.append(" :: ") + s.append(result(node)) + s.append(System.lineSeparator()) + } + + def printGoTo(nodes: Seq[CfgCommandNode]): Unit = { + s.append("[GoTo] ") + s.append(nodes.map(_.block.label).mkString(", ")) + s.append(System.lineSeparator()) + s.append(System.lineSeparator()) + } + + def printBlock(node: CfgCommandNode): Unit = { + s.append("[Block] ") + s.append(node.block.label) + s.append(System.lineSeparator()) + } + + s.toString + } + def resolveCFG( cfg: ProgramCfg, - valueSets: Map[CfgNode, Map[Variable, Set[Value]]], + valueSets: Map[CfgNode, Map[Variable | MemoryRegion, Set[Value]]], IRProgram: Program ): (Program, Boolean) = { var modified: Boolean = false @@ -221,18 +283,12 @@ object RunUtils { } } - def extractExprFromValue(v: Value): Expr = v match { - case LiteralValue(expr) => expr - case localAddress: LocalAddress => localAddress.expr - case globalAddress: GlobalAddress => globalAddress.expr - case _ => throw new Exception("Expected a Value with an Expr") - } - def process(n: CfgNode): Unit = n match { - case commandNode: CfgCommandNode => - commandNode.data match - /* - We do not want to insert the VSA results into the IR like this + /* + case c: CfgStatementNode => + c.data match + + //We do not want to insert the VSA results into the IR like this case localAssign: LocalAssign => localAssign.rhs match case _: MemoryLoad => @@ -254,58 +310,39 @@ object RunUtils { */ } case _ => - */ + */ + case c: CfgJumpNode => + val block = c.block + c.data match case indirectCall: IndirectCall => - if (!commandNode.block.jumps.contains(indirectCall)) { + if (!block.jumps.contains(indirectCall)) { // We only replace the calls with DirectCalls in the IR, and don't replace the CommandNode.data // Hence if we have already processed this CFG node there will be no corresponding IndirectCall in the IR // to replace. // We want to replace all possible indirect calls based on this CFG, before regenerating it from the IR return } - val valueSet: Map[Variable, Set[Value]] = valueSets(n) - val functionNames = resolveAddresses(valueSet(indirectCall.target)) - if (functionNames.size == 1) { + val valueSet = valueSets(n) + val targetNames = resolveAddresses(valueSet(indirectCall.target)).map(_.name).toList.sorted + val targets = targetNames.map(name => IRProgram.procedures.filter(_.name.equals(name)).head) + if (targets.size == 1) { modified = true - val block = commandNode.block - block.jumps = block.jumps.filter(!_.equals(indirectCall)) - block.jumps += DirectCall( - IRProgram.procedures.filter(_.name.equals(functionNames.head.name)).head, - indirectCall.condition, - indirectCall.returnTarget - ) - } else if (functionNames.size > 1) { + val newCall = DirectCall(targets.head, indirectCall.returnTarget) + block.jumps.remove(block.jumps.indexOf(indirectCall)) + block.jumps.append(newCall) + } else if (targets.size > 1) { modified = true - functionNames.foreach(addressValue => - val block = commandNode.block - block.jumps = block.jumps.filter(!_.equals(indirectCall)) - if (indirectCall.condition.isDefined) { - block.jumps += DirectCall( - IRProgram.procedures.filter(_.name.equals(addressValue.name)).head, - Option( - BinaryExpr( - BVAND, - indirectCall.condition.get, - BinaryExpr(BVEQ, indirectCall.target, addressValue.expr) - ) - ), - indirectCall.returnTarget - ) - } else { - block.jumps += DirectCall( - IRProgram.procedures.filter(_.name.equals(addressValue.name)).head, - Option(BinaryExpr(BVEQ, indirectCall.target, addressValue.expr)), - indirectCall.returnTarget - ) - } - ) - } else { - // must be a call to R30 - if (!indirectCall.target.equals(exitRegister)) { - throw new Exception( - s"Indirect call ${indirectCall} has no possible targets. Value set: ${valueSet(indirectCall.target)}" - ) + val procedure = c.parent.data + val newBlocks = for (t <- targets) yield { + val assume = Assume(BinaryExpr(BVEQ, indirectCall.target, BitVecLiteral(t.address.get, 64))) + val newLabel: String = block.label + t.name + val directCall = DirectCall(t, indirectCall.returnTarget) + Block(newLabel, None, ArrayBuffer(assume), ArrayBuffer(directCall)) } + procedure.blocks.addAll(newBlocks) + block.jumps.remove(block.jumps.indexOf(indirectCall)) + val newCall = NonDetGoTo(newBlocks) + block.jumps.append(newCall) } case _ => case _ => @@ -347,10 +384,11 @@ object RunUtils { (IRProgram, modified) } - def writeToFile(content: String, name: String): Unit = { - val outFile = new File(name) - val pw = new PrintWriter(outFile, "UTF-8") + def writeToFile(content: String, fileName: String): Unit = { + val outFile = File(fileName) + val pw = PrintWriter(outFile, "UTF-8") pw.write(content) pw.close() } + } diff --git a/src/test/scala/MemoryRegionAnalysisMiscTest.scala b/src/test/scala/MemoryRegionAnalysisMiscTest.scala index 9aa5c1546..93cad362e 100644 --- a/src/test/scala/MemoryRegionAnalysisMiscTest.scala +++ b/src/test/scala/MemoryRegionAnalysisMiscTest.scala @@ -9,9 +9,9 @@ import java.io.{File, OutputStream, PrintStream, PrintWriter} class MemoryRegionAnalysisMiscTest extends AnyFunSuite with OneInstancePerTest { //C:\workdir\bil-to-boogie-translator\examples - private val examplesPath = System.getProperty("user.dir") + "/examples/"; - private val expectedPath = System.getProperty("user.dir") + "/src/test/analysis/dotExpected/"; - private val tempPath = System.getProperty("user.dir") + "/src/test/analysis/dump/"; + private val examplesPath = System.getProperty("user.dir") + "/examples/" + private val expectedPath = System.getProperty("user.dir") + "/src/test/analysis/dotExpected/" + private val tempPath = System.getProperty("user.dir") + "/src/test/analysis/dump/" def runMain(name: String, dump: Boolean = false): Unit = { var expected = "" var actual = "" @@ -19,8 +19,8 @@ class MemoryRegionAnalysisMiscTest extends AnyFunSuite with OneInstancePerTest { RunUtils.loadAndTranslate( BASILConfig( loading = ILLoadingConfig( - adtFile = examplesPath + s"${name}/${name}.adt", - relfFile = examplesPath + s"${name}/${name}.relf", + adtFile = examplesPath + s"$name/$name.adt", + relfFile = examplesPath + s"$name/$name.relf", specFile = None, dumpIL = None, ), @@ -38,33 +38,33 @@ class MemoryRegionAnalysisMiscTest extends AnyFunSuite with OneInstancePerTest { } output = RunUtils.memoryRegionAnalysisResults - val outFile = new File(tempPath + s"${name}") + val outFile = new File(tempPath + s"$name") val pw = new PrintWriter(outFile, "UTF-8") output.foreach { case (k, v) => - pw.write(s"${k} -> ${v}") + pw.write(s"$k -> $v") pw.write("\n") } pw.close() - val actualFile = scala.io.Source.fromFile(tempPath + s"${name}") + val actualFile = scala.io.Source.fromFile(tempPath + s"$name") actual = actualFile.mkString actualFile.close() - val expectedFile = scala.io.Source.fromFile(expectedPath + s"${name}") + val expectedFile = scala.io.Source.fromFile(expectedPath + s"$name") expected = expectedFile.mkString expectedFile.close() } catch { case e: Exception => if (dump) { - val outFile = new File(expectedPath + s"${name}") + val outFile = new File(expectedPath + s"$name") val pw = new PrintWriter(outFile, "UTF-8") output.foreach { case (k, v) => - pw.write(s"${k} -> ${v}") + pw.write(s"$k -> $v") pw.write("\n") } pw.close() assert(true) return } - throw new Exception("TEST NOT SUPPORTED: Expected file not found " + expectedPath + s"${name}") + throw new Exception("TEST NOT SUPPORTED: Expected file not found " + expectedPath + s"$name") } assert(actual.split("\n").toList.sorted.map(_.trim) == expected.split("\n").toList.sorted.map(_.trim)) } @@ -82,31 +82,31 @@ class MemoryRegionAnalysisMiscTest extends AnyFunSuite with OneInstancePerTest { // } test("ifglobal") { - runMain("ifglobal"); + runMain("ifglobal") } test("iflocal") { - runMain("iflocal"); + runMain("iflocal") } test("secret_write") { - runMain("secret_write"); + runMain("secret_write") } test("basic_arrays_read") { - runMain("basic_arrays_read"); + runMain("basic_arrays_read") } test("basic_arrays_write") { - runMain("basic_arrays_write"); + runMain("basic_arrays_write") } test("basicfree") { - runMain("basicfree"); + runMain("basicfree") } test("arrays") { - runMain("arrays"); + runMain("arrays") } // used to generate the expected files (DO NOT RUN)