Support SSA form properly in low level IL Rust API

Author: emesare

rust/src/low_level_il.rs

@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use std::borrow::Cow;
 use std::fmt;
 
 // TODO : provide some way to forbid emitting register reads for certain registers
@@ -125,12 +126,19 @@ impl<R: ArchReg> LowLevelILRegisterKind<R> {
         LowLevelILRegisterKind::Temp(temp.into())
     }
 
-    fn id(&self) -> RegisterId {
+    pub fn id(&self) -> RegisterId {
         match *self {
             LowLevelILRegisterKind::Arch(ref r) => r.id(),
             LowLevelILRegisterKind::Temp(temp) => temp.id(),
         }
     }
+
+    pub fn name(&self) -> Cow<str> {
+        match *self {
+            LowLevelILRegisterKind::Arch(ref r) => r.name(),
+            LowLevelILRegisterKind::Temp(temp) => Cow::Owned(format!("temp{}", temp.temp_id)),
+        }
+    }
 }
 
 impl<R: ArchReg> fmt::Debug for LowLevelILRegisterKind<R> {
@@ -149,15 +157,16 @@ impl From<LowLevelILTempRegister> for LowLevelILRegisterKind<CoreRegister> {
 }
 
 #[derive(Copy, Clone, Debug)]
-pub enum LowLevelILSSARegister<R: ArchReg> {
+pub enum LowLevelILSSARegisterKind<R: ArchReg> {
     Full(LowLevelILRegisterKind<R>, u32), // no such thing as partial access to a temp register, I think
     Partial(R, u32, R), // partial accesses only possible for arch registers, I think
 }
 
-impl<R: ArchReg> LowLevelILSSARegister<R> {
+impl<R: ArchReg> LowLevelILSSARegisterKind<R> {
     pub fn version(&self) -> u32 {
         match *self {
-            LowLevelILSSARegister::Full(_, ver) | LowLevelILSSARegister::Partial(_, ver, _) => ver,
+            LowLevelILSSARegisterKind::Full(_, ver)
+            | LowLevelILSSARegisterKind::Partial(_, ver, _) => ver,
         }
     }
 }

rust/src/low_level_il/expression.rs

@@ -216,9 +216,13 @@ where
     F: FunctionForm,
 {
     Load(Operation<'func, M, F, operation::Load>),
+    LoadSsa(Operation<'func, M, F, operation::LoadSsa>),
     Pop(Operation<'func, M, F, operation::Pop>),
     Reg(Operation<'func, M, F, operation::Reg>),
+    RegSsa(Operation<'func, M, F, operation::RegSsa>),
+    RegPartialSsa(Operation<'func, M, F, operation::RegPartialSsa>),
     RegSplit(Operation<'func, M, F, operation::RegSplit>),
+    RegSplitSsa(Operation<'func, M, F, operation::RegSplitSsa>),
     Const(Operation<'func, M, F, operation::Const>),
     ConstPtr(Operation<'func, M, F, operation::Const>),
     Flag(Operation<'func, M, F, operation::Flag>),
@@ -327,15 +331,17 @@ where
         use binaryninjacore_sys::BNLowLevelILOperation::*;
 
         match op.operation {
-            LLIL_LOAD | LLIL_LOAD_SSA => {
-                LowLevelILExpressionKind::Load(Operation::new(function, op))
-            }
+            LLIL_LOAD => LowLevelILExpressionKind::Load(Operation::new(function, op)),
+            LLIL_LOAD_SSA => LowLevelILExpressionKind::LoadSsa(Operation::new(function, op)),
             LLIL_POP => LowLevelILExpressionKind::Pop(Operation::new(function, op)),
-            LLIL_REG | LLIL_REG_SSA | LLIL_REG_SSA_PARTIAL => {
-                LowLevelILExpressionKind::Reg(Operation::new(function, op))
+            LLIL_REG => LowLevelILExpressionKind::Reg(Operation::new(function, op)),
+            LLIL_REG_SSA => LowLevelILExpressionKind::RegSsa(Operation::new(function, op)),
+            LLIL_REG_SSA_PARTIAL => {
+                LowLevelILExpressionKind::RegPartialSsa(Operation::new(function, op))
             }
-            LLIL_REG_SPLIT | LLIL_REG_SPLIT_SSA => {
-                LowLevelILExpressionKind::RegSplit(Operation::new(function, op))
+            LLIL_REG_SPLIT => LowLevelILExpressionKind::RegSplit(Operation::new(function, op)),
+            LLIL_REG_SPLIT_SSA => {
+                LowLevelILExpressionKind::RegSplitSsa(Operation::new(function, op))
             }
             LLIL_CONST => LowLevelILExpressionKind::Const(Operation::new(function, op)),
             LLIL_CONST_PTR => LowLevelILExpressionKind::ConstPtr(Operation::new(function, op)),
@@ -587,10 +593,13 @@ where
             Load(ref op) => {
                 visit!(op.source_mem_expr());
             }
-            // Do not have any sub expressions.
-            Pop(_) | Reg(_) | RegSplit(_) | Const(_) | ConstPtr(_) | Flag(_) | FlagBit(_)
-            | ExternPtr(_) | FlagCond(_) | FlagGroup(_) | Unimpl(_) | Undef(_) | RegStackPop(_) => {
+            LoadSsa(ref op) => {
+                visit!(op.source_mem_expr().0);
             }
+            // Do not have any sub expressions.
+            Pop(_) | Reg(_) | RegSsa(_) | RegPartialSsa(_) | RegSplit(_) | RegSplitSsa(_)
+            | Const(_) | ConstPtr(_) | Flag(_) | FlagBit(_) | ExternPtr(_) | FlagCond(_)
+            | FlagGroup(_) | Unimpl(_) | Undef(_) | RegStackPop(_) => {}
         }
 
         VisitorAction::Sibling
@@ -614,12 +623,20 @@ where
 
             Load(ref op) => &op.op,
 
+            LoadSsa(ref op) => &op.op,
+
             Pop(ref op) => &op.op,
 
             Reg(ref op) => &op.op,
 
+            RegSsa(ref op) => &op.op,
+
+            RegPartialSsa(ref op) => &op.op,
+
             RegSplit(ref op) => &op.op,
 
+            RegSplitSsa(ref op) => &op.op,
+
             Flag(ref op) => &op.op,
 
             FlagBit(ref op) => &op.op,
@@ -670,12 +687,20 @@ impl LowLevelILExpressionKind<'_, Mutable, NonSSA<LiftedNonSSA>> {
 
             Load(ref op) => op.flag_write(),
 
+            LoadSsa(ref op) => op.flag_write(),
+
             Pop(ref op) => op.flag_write(),
 
             Reg(ref op) => op.flag_write(),
 
+            RegSsa(ref op) => op.flag_write(),
+
+            RegPartialSsa(ref op) => op.flag_write(),
+
             RegSplit(ref op) => op.flag_write(),
 
+            RegSplitSsa(ref op) => op.flag_write(),
+
             Flag(ref op) => op.flag_write(),
 
             FlagBit(ref op) => op.flag_write(),

rust/src/low_level_il/function.rs

@@ -12,15 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use binaryninjacore_sys::BNFreeLowLevelILFunction;
-use binaryninjacore_sys::BNGetLowLevelILOwnerFunction;
-use binaryninjacore_sys::BNLowLevelILFunction;
-use binaryninjacore_sys::BNNewLowLevelILFunctionReference;
-
 use std::fmt::Debug;
 use std::hash::{Hash, Hasher};
 use std::marker::PhantomData;
 
+use binaryninjacore_sys::*;
+
 use crate::architecture::CoreArchitecture;
 use crate::basic_block::BasicBlock;
 use crate::function::Function;
@@ -160,13 +157,8 @@ where
             Function::ref_from_raw(func)
         }
     }
-}
 
-// LLIL basic blocks are not available until the function object
-// is finalized, so ensure we can't try requesting basic blocks
-// during lifting
-impl<F: FunctionForm> LowLevelILFunction<Finalized, F> {
-    pub fn basic_blocks(&self) -> Array<BasicBlock<LowLevelILBlock<Finalized, F>>> {
+    pub fn basic_blocks(&self) -> Array<BasicBlock<LowLevelILBlock<M, F>>> {
         use binaryninjacore_sys::BNGetLowLevelILBasicBlockList;
 
         unsafe {
@@ -178,6 +170,17 @@ impl<F: FunctionForm> LowLevelILFunction<Finalized, F> {
     }
 }
 
+impl<M: FunctionMutability, V: NonSSAVariant> LowLevelILFunction<M, NonSSA<V>> {
+    /// Retrieve the SSA form of the function.
+    pub fn ssa_form(&self) -> Option<Ref<LowLevelILFunction<M, SSA>>> {
+        let handle = unsafe { BNGetLowLevelILSSAForm(self.handle) };
+        if handle.is_null() {
+            return None;
+        }
+        Some(unsafe { LowLevelILFunction::ref_from_raw(handle) })
+    }
+}
+
 // Allow instantiating Lifted IL functions for querying Lifted IL from Architectures
 impl LowLevelILFunction<Mutable, NonSSA<LiftedNonSSA>> {
     // TODO: Document what happens when you pass None for `source_func`.
@@ -201,7 +204,6 @@ impl LowLevelILFunction<Mutable, NonSSA<LiftedNonSSA>> {
 
     pub fn generate_ssa_form(&self) {
         use binaryninjacore_sys::BNGenerateLowLevelILSSAForm;
-
         unsafe { BNGenerateLowLevelILSSAForm(self.handle) };
     }
 }

rust/src/low_level_il/instruction.rs

@@ -207,9 +207,12 @@ where
 {
     Nop(Operation<'func, M, F, operation::NoArgs>),
     SetReg(Operation<'func, M, F, operation::SetReg>),
+    SetRegSsa(Operation<'func, M, F, operation::SetRegSsa>),
+    SetRegPartialSsa(Operation<'func, M, F, operation::SetRegPartialSsa>),
     SetRegSplit(Operation<'func, M, F, operation::SetRegSplit>),
     SetFlag(Operation<'func, M, F, operation::SetFlag>),
     Store(Operation<'func, M, F, operation::Store>),
+    StoreSsa(Operation<'func, M, F, operation::StoreSsa>),
     // TODO needs a real op
     Push(Operation<'func, M, F, operation::UnaryOp>),
 
@@ -251,18 +254,19 @@ where
 
         match op.operation {
             LLIL_NOP => LowLevelILInstructionKind::Nop(Operation::new(function, op)),
-            LLIL_SET_REG | LLIL_SET_REG_SSA => {
-                LowLevelILInstructionKind::SetReg(Operation::new(function, op))
+            LLIL_SET_REG => LowLevelILInstructionKind::SetReg(Operation::new(function, op)),
+            LLIL_SET_REG_SSA => LowLevelILInstructionKind::SetRegSsa(Operation::new(function, op)),
+            LLIL_SET_REG_SSA_PARTIAL => {
+                LowLevelILInstructionKind::SetRegPartialSsa(Operation::new(function, op))
             }
             LLIL_SET_REG_SPLIT | LLIL_SET_REG_SPLIT_SSA => {
                 LowLevelILInstructionKind::SetRegSplit(Operation::new(function, op))
             }
             LLIL_SET_FLAG | LLIL_SET_FLAG_SSA => {
                 LowLevelILInstructionKind::SetFlag(Operation::new(function, op))
             }
-            LLIL_STORE | LLIL_STORE_SSA => {
-                LowLevelILInstructionKind::Store(Operation::new(function, op))
-            }
+            LLIL_STORE => LowLevelILInstructionKind::Store(Operation::new(function, op)),
+            LLIL_STORE_SSA => LowLevelILInstructionKind::StoreSsa(Operation::new(function, op)),
             LLIL_PUSH => LowLevelILInstructionKind::Push(Operation::new(function, op)),
 
             LLIL_REG_STACK_PUSH => {
@@ -314,12 +318,18 @@ where
 
         match self {
             SetReg(ref op) => visit!(&op.source_expr()),
+            SetRegSsa(ref op) => visit!(&op.source_expr()),
+            SetRegPartialSsa(ref op) => visit!(&op.source_expr()),
             SetRegSplit(ref op) => visit!(&op.source_expr()),
             SetFlag(ref op) => visit!(&op.source_expr()),
             Store(ref op) => {
                 visit!(&op.dest_mem_expr());
                 visit!(&op.source_expr());
             }
+            StoreSsa(ref op) => {
+                visit!(&op.dest_mem_expr().0);
+                visit!(&op.source_expr().0);
+            }
             Push(ref op) => visit!(&op.operand()),
             RegStackPush(ref op) => visit!(&op.source_expr()),
             Jump(ref op) => visit!(&op.target()),