API Cleanup (#35)

* Target newer z3, fmt, clippy

* Remove reference

* Add catch for sleigh size mismatch

* Fix condition

* fmt

* Initial context work

* Add context; will slowly move stuff over to using this instead

* Add derives

* Pub z3

* cargo fmt

* Ditch cargo lock

* Update ci

* Remove registers from context for now
until link issues are fixed

* Relax context requirement

* Add state equality helper

* Bump z3

* Store language id in sleigh context

* Update image section debug

* Oops

* Actually run cargo check this time; comment out thing I didn't finish writing

* Try section flags instead of segment flags

* Add bb-read

* Only load executable sections into ghidra for now

* Only load executable sections into ghidra for now

* Try bumping to ghidra 11.1

* Update how loading is done for ghidra 11.1

* Fix get_registers()

* Update test

* Add section parsing log

* Fmt

* Show range instead

* Kludgy try_from impl, silencing warnings, fmt, clippy

* Clone if there's only one

* impl (Partial)Eq for Instruction

* Derive ParitalEq/Eq so that I can derive Hash soundly

* Readme tweak

* Remove unnecessary compile API now that Ghidraships with precompiled sla.
Also added a new bin target for jingle

* Initial CLI

* cargo fmt

* Basic bin functionality

* Add readme note and two missing operations

* Simplify printed model

* Sleigh parsing tweaks

* Update logo

* Gimli change

* Block tweak

* Add input enumeration

* Add constraint

* Explicitly add pointer dependencies to input call

* Add arch and fmt

* Initial context stuff

* Fixed up C++ build side, now to fix FFI

* Fix stuff and fmt. Builds, but need to make sure it actually works

* Need to fix tests now

* Some small tweaks

* Gitignore, heap-allocate some stuff

* Tweaks

* Move back to storing all images directly in context

* Add test

* Bump ghidra to 11.2

* Fix jingle build

* Fix jingle binary build

* Fixes context variables

* Re-add image

* Add initialize call

* Some bounds checking fixes

* Move pcode/assembly emitters into their own files

* Add test

* Change get_reg impl for now

* Add wrapper to ensure an image is loaded before parsing

* Fmt

* Clippy

* More clippy

* Fix jingle

* fmt

* Clippy

* Fix binary

* Don't consume varnode in `get_register_name`

* Initial trait work

* Tweaks

* Some build fixes

* More stuff

* Maybe just need to add the impls now?

* Build fixed

* fmt

* Clippy

* Actually fix build

* Fix crashes

* Start on gimli

* Impl gimli

* actually actually fix build

* Fmt and gimli tweak

* Remove unused file

* Remove more unused files

* Fix build

* clippy --fix

* Clippy fixes

* Changes to traits

* fmt

* Clippy

* pub perms

* More trait stuff

* Convert LoadedSleighContext to struct

* Trying more stuff

* More trait gymnastics

* Clippy

* Remove unused generic bounds

* Add owned file

* Pub all of gimli

* Reshuffle

* Filter

* Fix loading

* Display register names

* Change display impl

* fmt

* clippy

* fmt

* broken

* Add new address type

* More stuff

* Name tweak

* Changes

* Add memory state relation

* Clippy and fmt

* Fix imports

* More formatting

* Some little pcode tweaks

* Add in pcode operation cpu relations

* Fix CLI build

* Remove extra file

* Simplify concretize

* Add clone to context

* Remove extra lifetime

* ide warnings

* Add methods to apply operations to state

* Remove unsued method

* Add read_bytes

* Initial cache for building cfg

* Add read_bytes

* cherrypick get_bytes

* Fix relative pcode branch destination

* Add helper to summarize branches

* Add helper to summarize branches

* Add initial operation visitor

* Very initial gross control flow recovery

* Add merge of cache

* Update logo

* Update jingle.svg

* Change branch flag

* Remove duplicate def

* Add call

* Made ImageSectionIterator::new pub

This would allow users to implement ImageProvider trait for their datatypes

* Target master branch of z3.rs

* Add rebasing API

* Fix rebasing API

* Context refactor

* Fix formatting

* fmt

* Clippy

* Tweaks

* Make writing to a state consume the state

* Slight reorganization

* Use separate symbolic BVs to avoid unnecessary extract/concat operations
Also fmt

* Clippy --fix

* Clear internal space

* Stop carting around the sleigh context in the modeling context

* Small tweaks

* Only expose image bytes in the code space

* Add doc comment

* clippy

* fmt

* Blanket impl for ImageProvider

* Fmt

* Pub bmc

* re-exports and fallthrough

* Fix spaces

* Bundle Zlib (#23)

* Experiment with bundling zlib

* Check if testing works in CI

* Suppress warnings

* Revert workflow change

* Re-add all-features

* Multiplatform CI (#24)

* Enforce Fmt and Lint in CI
* Build jingle_sleigh on linux, macos, and windows
* Build jingle on linux

* Fix ldefs (#26)

* fix ldef

* return error if there are not ldefs

* fix clippy

---------

Co-authored-by: daniele.linguaglossa <[email protected]>

* Remove explicit dependence on p-code operation memory location from SMT encoding

* fmt

* pub ctx

* Add fun

* Add eq stufff

* Add lazy helper

* Simplify stuff for merge

* fmt + clippy

* Fix some awkward APIs

* Bump version since I probably broke things

* fmt

* fmt

* Clippy

* Clippy

* Re-add api I was using

---------

Co-authored-by: chf0x <[email protected]>
Co-authored-by: Daniele Linguaglossa <[email protected]>
Co-authored-by: daniele.linguaglossa <[email protected]>

Author: 4 people

jingle/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "jingle"
-version = "0.1.1"
+version = "0.2.1"
 edition = "2021"
 description = "SMT Modeling for Ghidra's PCODE"
 homepage = "https://github.com/toolCHAINZ/jingle"
@@ -19,7 +19,7 @@ name = "jingle"
 required-features = ["bin_features"]
 
 [dependencies]
-jingle_sleigh = { path = "../jingle_sleigh", version = "0.1.1" }
+jingle_sleigh = { path = "../jingle_sleigh", version = "0.2.0" }
 z3 = { git = "https://github.com/prove-rs/z3.rs.git", branch = "master" }
 thiserror = "1.0.58"
 serde = { version = "1.0.197", features = ["derive"] }

jingle/src/context.rs

@@ -1,15 +1,54 @@
 use crate::modeling::State;
-use jingle_sleigh::{RegisterManager, SpaceInfo, SpaceManager, VarNode};
+use jingle_sleigh::{ArchInfoProvider, SpaceInfo, VarNode};
 use std::ops::Deref;
 use std::rc::Rc;
 use z3::Context;
 
+#[derive(Clone, Debug)]
+pub struct CachedArchInfo {
+    registers: Vec<(VarNode, String)>,
+    spaces: Vec<SpaceInfo>,
+    default_code_space: usize,
+}
+
+impl ArchInfoProvider for JingleContext<'_> {
+    fn get_space_info(&self, idx: usize) -> Option<&SpaceInfo> {
+        self.info.spaces.get(idx)
+    }
+
+    fn get_all_space_info(&self) -> impl Iterator<Item = &SpaceInfo> {
+        self.info.spaces.iter()
+    }
+
+    fn get_code_space_idx(&self) -> usize {
+        self.info.default_code_space
+    }
+
+    fn get_register(&self, name: &str) -> Option<&VarNode> {
+        self.info
+            .registers
+            .iter()
+            .find(|(_, reg_name)| reg_name.as_str() == name)
+            .map(|(vn, _)| vn)
+    }
+
+    fn get_register_name(&self, location: &VarNode) -> Option<&str> {
+        self.info
+            .registers
+            .iter()
+            .find(|(vn, _)| vn == location)
+            .map(|(_, name)| name.as_str())
+    }
+
+    fn get_registers(&self) -> impl Iterator<Item = (&VarNode, &str)> {
+        self.info.registers.iter().map(|(a, b)| (a, b.as_str()))
+    }
+}
+
 #[derive(Clone, Debug)]
 pub struct JingleContextInternal<'ctx> {
     pub z3: &'ctx Context,
-    spaces: Vec<SpaceInfo>,
-    default_code_space_index: usize,
-    registers: Vec<(VarNode, String)>,
+    pub info: CachedArchInfo,
 }
 
 #[derive(Clone, Debug)]
@@ -23,49 +62,27 @@ impl<'ctx> Deref for JingleContext<'ctx> {
     }
 }
 impl<'ctx> JingleContext<'ctx> {
-    pub fn new<S: RegisterManager>(z3: &'ctx Context, r: &S) -> Self {
-        let spaces = r.get_all_space_info().to_vec();
-        let default_code_space_index = r.get_code_space_idx();
+    pub fn new<S: ArchInfoProvider>(z3: &'ctx Context, r: &S) -> Self {
         Self(Rc::new(JingleContextInternal {
             z3,
-            spaces,
-            default_code_space_index,
-            registers: r.get_registers(),
+            info: CachedArchInfo {
+                spaces: r.get_all_space_info().cloned().collect(),
+                registers: r
+                    .get_registers()
+                    .map(|(a, b)| (a.clone(), b.to_string()))
+                    .collect(),
+                default_code_space: r.get_code_space_idx(),
+            },
         }))
     }
     pub fn fresh_state(&self) -> State<'ctx> {
         State::new(self)
     }
-}
-
-impl SpaceManager for JingleContext<'_> {
-    fn get_space_info(&self, idx: usize) -> Option<&SpaceInfo> {
-        self.spaces.get(idx)
-    }
-
-    fn get_all_space_info(&self) -> &[SpaceInfo] {
-        self.spaces.as_slice()
-    }
-
-    fn get_code_space_idx(&self) -> usize {
-        self.default_code_space_index
-    }
-}
-
-impl RegisterManager for JingleContext<'_> {
-    fn get_register(&self, name: &str) -> Option<VarNode> {
-        self.registers
-            .iter()
-            .find_map(|i| i.1.eq(name).then_some(i.0.clone()))
-    }
 
-    fn get_register_name(&self, location: &VarNode) -> Option<&str> {
-        self.registers
-            .iter()
-            .find_map(|i| i.0.eq(location).then_some(i.1.as_str()))
-    }
-
-    fn get_registers(&self) -> Vec<(VarNode, String)> {
-        self.registers.clone()
+    pub fn with_fresh_z3_context(&self, z3: &'ctx Context) -> Self {
+        Self(Rc::new(JingleContextInternal {
+            z3,
+            info: self.info.clone(),
+        }))
     }
 }

jingle/src/error.rs

@@ -7,8 +7,8 @@ pub enum JingleError {
     Sleigh(#[from] JingleSleighError),
     #[error("Given address disassembles cleanly but does not terminate within the given bound")]
     DisassemblyLengthBound,
-    #[error("This block exhibits unhandled intra-instruction control-flow")]
-    IntraInstructionControlFlow,
+    #[error("Attempted to construct an illegally-sized branch target")]
+    InvalidBranchTargetSize,
     #[error("A z3 array selection operation returned something other than a bitvector")]
     UnexpectedArraySort,
     #[error("Something referenced a space that isn't declared")]

jingle/src/modeling/block.rs

@@ -6,9 +6,9 @@ use crate::modeling::{ModelingContext, TranslationContext};
 use crate::varnode::ResolvedVarnode;
 use crate::JingleContext;
 use crate::JingleError::EmptyBlock;
-use jingle_sleigh::Instruction;
 use jingle_sleigh::PcodeOperation;
-use jingle_sleigh::{SpaceInfo, SpaceManager};
+use jingle_sleigh::SpaceInfo;
+use jingle_sleigh::{ArchInfoProvider, Instruction, VarNode};
 use std::collections::HashSet;
 use std::fmt::{Display, Formatter};
 
@@ -122,16 +122,29 @@ impl<'ctx> ModeledBlock<'ctx> {
     }
 }
 
-impl SpaceManager for ModeledBlock<'_> {
+impl ArchInfoProvider for ModeledBlock<'_> {
     fn get_space_info(&self, idx: usize) -> Option<&SpaceInfo> {
-        self.state.get_space_info(idx)
+        self.jingle.get_space_info(idx)
     }
 
-    fn get_all_space_info(&self) -> &[SpaceInfo] {
-        self.state.get_all_space_info()
+    fn get_all_space_info(&self) -> impl Iterator<Item = &SpaceInfo> {
+        self.jingle.get_all_space_info()
     }
+
     fn get_code_space_idx(&self) -> usize {
-        self.state.get_code_space_idx()
+        self.jingle.get_code_space_idx()
+    }
+
+    fn get_register(&self, name: &str) -> Option<&VarNode> {
+        self.jingle.get_register(name)
+    }
+
+    fn get_register_name(&self, location: &VarNode) -> Option<&str> {
+        self.jingle.get_register_name(location)
+    }
+
+    fn get_registers(&self) -> impl Iterator<Item = (&VarNode, &str)> {
+        self.jingle.get_registers()
     }
 }
 

jingle/src/modeling/instruction.rs

@@ -1,6 +1,6 @@
 use crate::modeling::{ModelingContext, TranslationContext};
-use jingle_sleigh::Instruction;
 use jingle_sleigh::PcodeOperation;
+use jingle_sleigh::{Instruction, VarNode};
 
 use std::collections::HashSet;
 
@@ -9,7 +9,7 @@ use crate::modeling::state::State;
 
 use crate::varnode::ResolvedVarnode;
 use crate::{JingleContext, JingleError};
-use jingle_sleigh::{SpaceInfo, SpaceManager};
+use jingle_sleigh::{ArchInfoProvider, SpaceInfo};
 
 /// A `jingle` model of an individual SLEIGH instruction
 #[derive(Debug, Clone)]
@@ -51,17 +51,29 @@ impl<'ctx> ModeledInstruction<'ctx> {
     }
 }
 
-impl SpaceManager for ModeledInstruction<'_> {
+impl ArchInfoProvider for ModeledInstruction<'_> {
     fn get_space_info(&self, idx: usize) -> Option<&SpaceInfo> {
-        self.state.get_space_info(idx)
+        self.jingle.get_space_info(idx)
     }
 
-    fn get_all_space_info(&self) -> &[SpaceInfo] {
-        self.state.get_all_space_info()
+    fn get_all_space_info(&self) -> impl Iterator<Item = &SpaceInfo> {
+        self.jingle.get_all_space_info()
     }
 
     fn get_code_space_idx(&self) -> usize {
-        self.state.get_code_space_idx()
+        self.jingle.get_code_space_idx()
+    }
+
+    fn get_register(&self, name: &str) -> Option<&VarNode> {
+        self.jingle.get_register(name)
+    }
+
+    fn get_register_name(&self, location: &VarNode) -> Option<&str> {
+        self.jingle.get_register_name(location)
+    }
+
+    fn get_registers(&self) -> impl Iterator<Item = (&VarNode, &str)> {
+        self.jingle.get_registers()
     }
 }
 

jingle/src/modeling/machine/cpu/concrete.rs

@@ -0,0 +1,78 @@
+use crate::modeling::machine::cpu::symbolic::SymbolicPcodeAddress;
+use jingle_sleigh::VarNode;
+use std::fmt::{Display, Formatter, LowerHex};
+use z3::ast::BV;
+use z3::Context;
+
+pub type PcodeMachineAddress = u64;
+pub type PcodeOffset = u8;
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash, Ord, PartialOrd)]
+pub struct ConcretePcodeAddress {
+    pub(crate) machine: PcodeMachineAddress,
+    pub(crate) pcode: PcodeOffset,
+}
+
+impl Display for ConcretePcodeAddress {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}:{}", self.machine, self.pcode)
+    }
+}
+
+impl LowerHex for ConcretePcodeAddress {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{:x}:{:x}", self.machine, self.pcode)
+    }
+}
+
+impl ConcretePcodeAddress {
+    pub fn next_pcode(&self) -> Self {
+        self.add_pcode_offset(1)
+    }
+
+    pub fn machine(&self) -> PcodeMachineAddress {
+        self.machine
+    }
+
+    pub fn pcode(&self) -> PcodeOffset {
+        self.pcode
+    }
+
+    pub(crate) fn add_pcode_offset(&self, off: PcodeOffset) -> Self {
+        Self {
+            machine: self.machine,
+            pcode: self.pcode.wrapping_add(off),
+        }
+    }
+    pub fn symbolize<'ctx>(&self, z3: &'ctx Context) -> SymbolicPcodeAddress<'ctx> {
+        SymbolicPcodeAddress {
+            machine: BV::from_u64(
+                z3,
+                self.machine,
+                size_of::<PcodeMachineAddress>() as u32 * 8,
+            ),
+            pcode: BV::from_u64(z3, self.pcode as u64, size_of::<PcodeOffset>() as u32 * 8),
+        }
+    }
+
+    pub fn resolve_from_varnode(vn: &VarNode, loc: ConcretePcodeAddress) -> Self {
+        if vn.is_const() {
+            // relative jump
+            loc.add_pcode_offset(vn.offset as u8)
+        } else {
+            // absolute jump
+            ConcretePcodeAddress {
+                machine: vn.offset,
+                pcode: 0,
+            }
+        }
+    }
+}
+
+impl From<PcodeMachineAddress> for ConcretePcodeAddress {
+    fn from(value: PcodeMachineAddress) -> Self {
+        Self {
+            machine: value,
+            pcode: 0,
+        }
+    }
+}