Re: [DynInst_API:] Slicing across blocks

[Mohamed Elsabagh <melsabag@xxxxxxx>]

So I enabled debug mode for the slicer, and it seems that the slicer kills the assignment to ebx at call foo(). I can see that ebx is (implicitly) added to the call-written list here:Â

dataflowAPI/src/ABI.C:

185: Â // PLT entries use ebx

186: Â callRead_[machRegIndex_x86()[x86::ebx]] = true;

187:

188: Â // TODO: Fix this for platform-specific calling conventions

189:

189: Â // Assume calls write flags

191: Â callWritten_ = callRead_;

Moving line 186 after the assignment to callWritten (line 191) seems to solve the issue for me.

Thoughts?Â

On Sun, Apr 24, 2016 at 4:43 PM, Mohamed Elsabagh <melsabag@xxxxxxx> wrote:

I am trying to slice on the last call in the snippet below, using the default predicate, but the returned slice only contains a single node (the call instruction itself):

mov 0x804ba3, %ebx
add 0x5, %ebx
call foo()
mov %eax, 0x1c(%esp)
call *%ebx // backward slice from here

The same exact slicing code is working fine on all other indirect calls in the binary. This particular call differs from the rest in that the dereferenced register (ebx) is in a different basic block than the call instruction. Are there any flags that I need to pass to the slicer to resolve this? Â

I am invoking the slicer as follows:Â

AssignmentConverter ac(true, false);

vector<Assignment::Ptr> assigns;

ac.convert(insn, insn_addr, func, block, assigns);

Slicer slicer(assigns.back(), block, func);

Slicer::Predicates defaultPredicates;

GraphPtr graph = slicer.backwardSlice(defaultPredicates);

Thanks,

Mohamed