Some more changes

Author: emesare

rust/src/architecture.rs

@@ -1291,7 +1291,7 @@ impl FlagGroup for CoreFlagGroup {
     }
 }
 
-#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+#[derive(Copy, Clone, Eq, PartialEq)]
 pub struct CoreIntrinsic {
     pub arch: CoreArchitecture,
     pub id: IntrinsicId,
@@ -1377,6 +1377,18 @@ impl Intrinsic for CoreIntrinsic {
     }
 }
 
+impl Debug for CoreIntrinsic {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("CoreIntrinsic")
+            .field("id", &self.id)
+            .field("name", &self.name())
+            .field("class", &self.class())
+            .field("inputs", &self.inputs())
+            .field("outputs", &self.outputs())
+            .finish()
+    }
+}
+
 // TODO: WTF?!?!?!?
 pub struct CoreArchitectureList(*mut *mut BNArchitecture, usize);
 

rust/src/low_level_il/operation.rs

@@ -230,19 +230,19 @@ where
 // LLIL_INTRINSIC, LLIL_INTRINSIC_SSA
 pub struct Intrinsic;
 
-#[derive(Debug, Clone, Copy)]
-pub enum RegOrFlag {
+#[derive(Debug, Clone, Copy, PartialEq)]
+pub enum IntrinsicOutput {
     Reg(CoreRegister),
     Flag(CoreFlag),
 }
 
-impl From<CoreRegister> for RegOrFlag {
+impl From<CoreRegister> for IntrinsicOutput {
     fn from(value: CoreRegister) -> Self {
         Self::Reg(value)
     }
 }
 
-impl From<CoreFlag> for RegOrFlag {
+impl From<CoreFlag> for IntrinsicOutput {
     fn from(value: CoreFlag) -> Self {
         Self::Flag(value)
     }
@@ -253,63 +253,34 @@ where
     M: FunctionMutability,
     F: FunctionForm,
 {
-    // Order of operands for this operation:
-    // 1. Number of outputs in the reg or flag list
-    // 2. Reg or flag list
-    // 3. Intrinsic id
-    // 4. Operand list
-
-    // TODO: Support register and expression lists
     pub fn intrinsic(&self) -> Option<CoreIntrinsic> {
         let raw_id = self.op.operands[2] as u32;
         self.function.arch().intrinsic_from_id(IntrinsicId(raw_id))
     }
 
-    /// Number of outputs the intrinsic has.
-    #[inline]
-    pub fn output_count(&self) -> usize {
-        self.op.operands[0] as usize
-    }
-
     /// Get the output list.
-    pub fn outputs(&self) -> Vec<RegOrFlag> {
-        let mut outputs = Vec::new();
-        let mut output_size = self.op.operands[0] as usize;
-        if output_size == 0 {
-            return outputs;
-        }
-        let out_list = unsafe {
-            BNLowLevelILGetOperandList(
-                self.function.handle,
-                self.expr_idx.0,
-                0,
-                &mut output_size as *mut _,
-            )
-        };
-        let out_list = unsafe { std::slice::from_raw_parts_mut(out_list, output_size) };
-        for val in out_list.iter() {
-            if *val & (1 << 32) != 0 {
-                outputs.push(
-                    self.function
-                        .arch()
-                        .flag_from_id(FlagId((*val & 0xffffffff) as u32))
-                        .expect("Invalid core flag ID")
-                        .into(),
-                );
+    pub fn outputs(&self) -> Vec<IntrinsicOutput> {
+        // Convert the operand to either a register or flag id.
+        let operand_to_output = |o: u64| {
+            if o & (1 << 32) != 0 {
+                self.function
+                    .arch()
+                    .flag_from_id(FlagId((o & 0xffffffff) as u32))
+                    .expect("Invalid core flag ID")
+                    .into()
             } else {
-                outputs.push(
-                    self.function
-                        .arch()
-                        .register_from_id(RegisterId((*val & 0xffffffff) as u32))
-                        .expect("Invalid register ID")
-                        .into(),
-                );
+                self.function
+                    .arch()
+                    .register_from_id(RegisterId((o & 0xffffffff) as u32))
+                    .expect("Invalid register ID")
+                    .into()
             }
-        }
-        // Need to drop the list at the end. This will get leaked if there's a panic anywhere.
-        // TODO: Make a new type for this that implements drop so it can't be leaked.
-        unsafe { BNLowLevelILFreeOperandList(out_list.as_mut_ptr()) };
-        outputs
+        };
+
+        self.get_operand_list(0)
+            .into_iter()
+            .map(operand_to_output)
+            .collect::<Vec<_>>()
     }
 
     /// Get the input list for the intrinsic.
@@ -330,9 +301,15 @@ where
     F: FunctionForm,
 {
     fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+        use crate::architecture::Intrinsic;
         f.debug_struct("Intrinsic")
             .field("address", &self.address())
-            .field("size", &self.intrinsic())
+            .field(
+                "intrinsic",
+                &self.intrinsic().expect("Valid intrinsic").name(),
+            )
+            .field("outputs", &self.outputs())
+            .field("inputs", &self.inputs())
             .finish()
     }
 }

rust/tests/low_level_il.rs

@@ -1,4 +1,4 @@
-use binaryninja::architecture::Register;
+use binaryninja::architecture::{ArchitectureExt, Intrinsic, Register};
 use binaryninja::binary_view::BinaryViewExt;
 use binaryninja::headless::Session;
 use binaryninja::low_level_il::expression::{
@@ -7,6 +7,7 @@ use binaryninja::low_level_il::expression::{
 use binaryninja::low_level_il::instruction::{
     InstructionHandler, LowLevelILInstructionKind, LowLevelInstructionIndex,
 };
+use binaryninja::low_level_il::operation::IntrinsicOutput;
 use binaryninja::low_level_il::{LowLevelILRegisterKind, LowLevelILSSARegisterKind, VisitorAction};
 use std::path::PathBuf;
 
@@ -308,3 +309,43 @@ fn test_llil_ssa() {
         _ => panic!("Expected CallSsa"),
     }
 }
+
+#[test]
+fn test_llil_intrinsic() {
+    let _session = Session::new().expect("Failed to initialize session");
+    let out_dir = env!("OUT_DIR").parse::<PathBuf>().unwrap();
+    let view = binaryninja::load(out_dir.join("atof.obj")).expect("Failed to create view");
+    let image_base = view.original_image_base();
+    let platform = view.default_platform().unwrap();
+    let arch = platform.arch();
+
+    // Sample function: __crt_strtox::bit_scan_reverse
+    let sample_function = view
+        .function_at(&platform, image_base + 0x00037310)
+        .unwrap();
+    let llil_function = sample_function.low_level_il().unwrap();
+
+    // 5 @ 0004731d  (LLIL_INTRINSIC eax, eflags = __bsr_gprv_memv((LLIL_LOAD.d [(LLIL_ADD.d (LLIL_REG.d ebp) + (LLIL_CONST.d 8)) {arg1}].d)))
+    let instr_5 = llil_function
+        .instruction_from_index(LowLevelInstructionIndex(5))
+        .expect("Valid instruction");
+    assert_eq!(instr_5.address(), image_base + 0x0003731d);
+    println!("{:?}", instr_5);
+    println!("{:#?}", instr_5.kind());
+    match instr_5.kind() {
+        LowLevelILInstructionKind::Intrinsic(op) => {
+            assert_eq!(op.intrinsic().unwrap().name(), "__bsr_gprv_memv");
+            assert_eq!(op.outputs().len(), 2);
+            let reg_out_0 = arch.register_by_name("eax").unwrap();
+            let reg_out_1 = arch.register_by_name("eflags").unwrap();
+            assert_eq!(
+                op.outputs(),
+                vec![
+                    IntrinsicOutput::Reg(reg_out_0),
+                    IntrinsicOutput::Reg(reg_out_1),
+                ]
+            );
+        }
+        _ => panic!("Expected Intrinsic"),
+    }
+}