fkie-cad · github-actions · Feb 22, 2024 · Feb 22, 2024 · Feb 22, 2024 · Feb 22, 2024
diff --git a/decompiler/pipeline/pipeline.py b/decompiler/pipeline/pipeline.py
@@ -9,6 +9,7 @@
 from decompiler.pipeline.preprocessing import (
     Coherence,
     CompilerIdiomHandling,
+    FindFunctionPointer,
     InsertMissingDefinitions,
     MemPhiConverter,
     PhiFunctionFixer,
@@ -35,6 +36,7 @@
     MemPhiConverter,
     InsertMissingDefinitions,
     PhiFunctionFixer,
+    FindFunctionPointer,
 ]
 
 POSTPROCESSING_STAGES = [OutOfSsaTranslation, PatternIndependentRestructuring]

diff --git a/decompiler/pipeline/preprocessing/__init__.py b/decompiler/pipeline/preprocessing/__init__.py
@@ -2,6 +2,7 @@
 
 from .coherence import Coherence
 from .compiler_idiom_handling import CompilerIdiomHandling
+from .find_function_pointer import FindFunctionPointer
 from .mem_phi_conversion import MemPhiConverter
 from .missing_definitions import InsertMissingDefinitions
 from .phi_predecessors import PhiFunctionFixer

diff --git a/decompiler/pipeline/preprocessing/find_function_pointer.py b/decompiler/pipeline/preprocessing/find_function_pointer.py
@@ -0,0 +1,27 @@
+"""Module to find and declare function pointer variables"""
+
+from decompiler.pipeline.stage import PipelineStage
+from decompiler.structures.pseudo.instructions import Assignment, Variable
+from decompiler.structures.pseudo.operations import Call
+from decompiler.structures.pseudo.typing import FunctionPointer, Pointer
+from decompiler.task import DecompilerTask
+
+
+class FindFunctionPointer(PipelineStage):
+    name = "find-function-pointer"
+
+    def run(self, task: DecompilerTask):
+        for block in task.graph:
+            for expression in block:
+                if (
+                    isinstance(expression, Assignment)
+                    and isinstance(expression.value, Call)
+                    and isinstance(expression.value.function, Variable)
+                ):
+                    expression.value.function._type = Pointer(
+                        basetype=FunctionPointer(
+                            size=expression.value.function.type.size,
+                            return_type=expression.value.function.type,
+                            parameters=tuple(expression.value.parameters),
+                        ),
+                    )
diff --git a/decompiler/structures/pseudo/typing.py b/decompiler/structures/pseudo/typing.py
@@ -218,6 +218,11 @@ def __str__(self) -> str:
         return f"{self.return_type}({', '.join(str(x) for x in self.parameters)})"
 
 
+@dataclass(frozen=True, order=True)
+class FunctionPointer(FunctionTypeDef):
+    pass
+
+
 class TypeParser:
     """A type parser in charge of creating types."""
 

diff --git a/decompiler/util/default.json b/decompiler/util/default.json
@@ -507,10 +507,10 @@
                 "default": [
                     "expression-propagation",
                     "bit-field-comparison-unrolling",
-                    "type-propagation",
                     "dead-path-elimination",
                     "dead-loop-elimination",
                     "dead-code-elimination",
+                    "type-propagation",
                     "expression-propagation-memory",
                     "expression-propagation-function-call",
                     "expression-simplification-cfg",

diff --git a/tests/backend/test_codegenerator.py b/tests/backend/test_codegenerator.py
@@ -33,7 +33,7 @@
     OperationType,
     UnaryOperation,
 )
-from decompiler.structures.pseudo.typing import CustomType, Float, Integer, Pointer, Type
+from decompiler.structures.pseudo.typing import CustomType, Float, FunctionPointer, Integer, Pointer, Type
 from decompiler.task import DecompilerTask
 from decompiler.util.options import Options
 
@@ -80,6 +80,8 @@ def logic_cond(name: str, context) -> LogicCondition:
 var_p = Variable("p", Pointer(int32))
 var_fun_p = Variable("p", Pointer(FunctionTypeDef(0, int32, (int32,))))
 var_fun_p0 = Variable("p0", Pointer(FunctionTypeDef(0, int32, (int32,))))
+var_fun_ptr = Variable("ptr", Pointer(FunctionPointer(0, int32, (int32,))))
+var_fun_ptr0 = Variable("ptr0", Pointer(FunctionPointer(0, int32, (int32,))))
 
 const_0 = Constant(0, int32)
 const_1 = Constant(1, int32)
@@ -1286,6 +1288,8 @@ class TestLocalDeclarationGenerator:
             (1, [var_x.copy(), var_y.copy(), var_p.copy()], "int x;\nint y;\nint * p;"),
             (1, [var_x.copy(), var_y.copy(), var_fun_p.copy()], "int x;\nint y;\nint (* p)(int);"),
             (2, [var_x.copy(), var_y.copy(), var_fun_p.copy(), var_fun_p0.copy()], "int x, y;\nint (* p)(int), (* p0)(int);"),
+            (1, [var_x.copy(), var_y.copy(), var_fun_ptr.copy()], "int x;\nint y;\nint (* ptr)(int);"),
+            (2, [var_x.copy(), var_y.copy(), var_fun_ptr.copy(), var_fun_ptr0.copy()], "int x, y;\nint (* ptr)(int), (* ptr0)(int);"),
         ],
     )
     def test_variable_declaration(self, vars_per_line: int, variables: List[Variable], expected: str):

diff --git a/tests/pipeline/preprocessing/test_find_function_pointer.py b/tests/pipeline/preprocessing/test_find_function_pointer.py
@@ -0,0 +1,101 @@
+from decompiler.pipeline.preprocessing import FindFunctionPointer
+from decompiler.structures.graphs.cfg import BasicBlock, ControlFlowGraph, FalseCase, TrueCase, UnconditionalEdge
+from decompiler.structures.pseudo import (
+    Assignment,
+    Call,
+    Condition,
+    Constant,
+    ImportedFunctionSymbol,
+    Integer,
+    ListOperation,
+    OperationType,
+    Variable,
+)
+from decompiler.structures.pseudo.instructions import Branch, Return
+from decompiler.structures.pseudo.typing import FunctionPointer, Pointer
+from decompiler.task import DecompilerTask
+
+
+def test_set_variable_to_function_pointer():
+    """
+    Test the change of a variable type to FunctionPointer if there is a call on this variable.
+
+    a = 0x0804c020
+    b = 1
+    if (a == 0)
+        return b
+    else
+        a()
+    """
+    cfg = ControlFlowGraph()
+    var_a = Variable("a", Integer.int32_t())
+    var_b = Variable("b", Integer.int32_t())
+    cfg.add_nodes_from(
+        [
+            n0 := BasicBlock(0, instructions=[Assignment(var_a, Constant(0x0804C020)), Assignment(var_b, Constant(1))]),
+            n1 := BasicBlock(1, instructions=[Branch(Condition(OperationType.equal, [var_a, Constant(0)]))]),
+            n2 := BasicBlock(2, instructions=[Return([var_b])]),
+            n3 := BasicBlock(3, instructions=[Assignment(ListOperation([]), Call(var_a, []))]),
+        ]
+    )
+    cfg.add_edges_from([UnconditionalEdge(n0, n1), TrueCase(n1, n2), FalseCase(n1, n3)])
+    FindFunctionPointer().run(DecompilerTask("test", cfg))
+    assert var_a.type == Pointer(FunctionPointer(32, Integer.int32_t(), ()))
+
+
+def test_set_variable_to_function_pointer_with_parameters():
+    """
+    Test the change of a variable type to FunctionPointer if there is a call on this variable with parameters.
+
+    a = 0x0804c020
+    b = 1
+    if (a == 0)
+        return b
+    else
+        a(c, d)
+    """
+    cfg = ControlFlowGraph()
+    var_a = Variable("a", Integer.int32_t())
+    var_b = Variable("b", Integer.int32_t())
+    var_c = Variable("c", Integer.int32_t())
+    var_d = Variable("d", Integer.int32_t())
+    cfg.add_nodes_from(
+        [
+            n0 := BasicBlock(0, instructions=[Assignment(var_a, Constant(0x0804C020)), Assignment(var_b, Constant(1))]),
+            n1 := BasicBlock(1, instructions=[Branch(Condition(OperationType.equal, [var_a, Constant(0)]))]),
+            n2 := BasicBlock(2, instructions=[Return([var_b])]),
+            n3 := BasicBlock(3, instructions=[Assignment(ListOperation([]), Call(var_a, [var_c, var_d]))]),
+        ]
+    )
+    cfg.add_edges_from([UnconditionalEdge(n0, n1), TrueCase(n1, n2), FalseCase(n1, n3)])
+    FindFunctionPointer().run(DecompilerTask("test", cfg))
+    assert var_a.type == Pointer(FunctionPointer(32, Integer.int32_t(), (var_c, var_d)))
+
+
+def test_skip_set_variable_to_function_pointer():
+    """
+    Test the skip of a change of a variable type to FunctionPointer if there is a call without a variable.
+
+    a = 0x0804c020
+    b = 1
+    if (a == 0)
+        return b
+    else
+        printf("%d\n", a)
+    """
+    cfg = ControlFlowGraph()
+    var_a = Variable("a", Integer.int32_t())
+    var_b = Variable("b", Integer.int32_t())
+    cfg.add_nodes_from(
+        [
+            n0 := BasicBlock(0, instructions=[Assignment(var_a, Constant(0x0804C020)), Assignment(var_b, Constant(1))]),
+            n1 := BasicBlock(1, instructions=[Branch(Condition(OperationType.equal, [var_a, Constant(0)]))]),
+            n2 := BasicBlock(2, instructions=[Return([var_b])]),
+            n3 := BasicBlock(
+                3, instructions=[Assignment(ListOperation([]), Call(ImportedFunctionSymbol("printf", 0), [Constant("%d\n"), var_a]))]
+            ),
+        ]
+    )
+    cfg.add_edges_from([UnconditionalEdge(n0, n1), TrueCase(n1, n2), FalseCase(n1, n3)])
+    FindFunctionPointer().run(DecompilerTask("test", cfg))
+    assert not any(isinstance(variable.type, Pointer) for variable in cfg.get_variables())