|
Thanks Bill.
Is there a documentation for DataflowAPI or should I browse the source code?
-Milind On Tue, Jun 4, 2013 at 1:09 PM, Bill Williams <bill@xxxxxxxxxxx> wrote:
On 06/03/2013 10:38 PM, Milind Chabbi wrote:
I am considering using Dyninst for a binary analysis (not rewriting).
My particular use case involves answering questions such as:
1. Is the memory address accessed by this instruction loop invariant or not?
2. Is the value read/written in this instruction loop invariant or not?
3. May/Must given two memory accesses alias?
Does Dyninst have facilities for such data flow analysis on x86_64
binaries?
Our slicer in dataflowAPI will help with all of these, but slicing in general is a tricky problem both with respect to how to bound the slice and how to handle stack/heap accesses. We make a best effort at tracking dependencies through stack slots and punt on the heap; that's a long-standing "would be nice if we have time" feature.
General outline of approach:
1) Get effective address _expression_ from InstructionAPI, slice on that _expression_ within the loop, verify that all data dependencies are external (or on expressions that are themselves loop invariants).
2) As per 1 but for the other operand.
3) Tricky. In cases that can be broken into (base + index), you can use slicing to prove that index1 == index2 and base1 == base2; from our package of slicing + symbolic evaluation + instruction semantics you *could* do pretty much any analysis you wanted. Not going to be easy though.
-Milind
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
--
--bw
Bill Williams
Paradyn Project
bill@xxxxxxxxxxx
_______________________________________________
Dyninst-api mailing list
Dyninst-api@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/dyninst-api
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}