Merge branch 'stack_vars_and_phonics' into 'master'

Stack vars



See merge request !11

Author: JonathanBeverley

atxmega128a4u/scripts/README.md

@@ -28,7 +28,14 @@ Python>avr_bss_emu(0x2174,0x223D)
 
 ```
 Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_dumb_seq_load_xrefs.py')
+Python>all_avr_dumb_seq_load_xrefs()
 Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_codatafy.py')
 Python>dref_all_fixer()
 ```
 
+6. (optional) create stack variables in a function containing the `idc.here()` with
+```
+Python>runscript('.../rhme3/atxmega128a4u/scripts/avr_stack_vars.py')
+Python>all_y_stack_vars_here()
+```
+

atxmega128a4u/scripts/__init__.py

@@ -9,7 +9,7 @@
 if not logger.handlers:
     handler = logging.StreamHandler(stream=sys.stdout)
     logger.addHandler(handler)
-logger.setLevel(logging.WARNING)
+logger.setLevel(logging.INFO)
 
 # just try the dumb thing and make xrefs based on seq load of pairs of immediates.
 # doesn't consider RAMP% register values, doesn't consider anything more complicated than:
@@ -21,6 +21,10 @@
     import idaapi
     import sark
 
+    print os.path.dirname(__file__)
+    sys.path.insert(0, os.path.dirname(__file__))
+    from avr_utils import *
+
     ram_segment = None
     rom_segment = None
     for segment in sark.segments():
@@ -29,75 +33,20 @@
         elif segment.name == 'ROM' or segment.name == '.text':
             rom_segment = segment
 
-    rpairs = dict()
-
-    for i in range(1,33):
-        rpairs.update({"r%d" % i: "r%d" % (i-1)})
-
-    rpairs.update({
-        'XL': 'r25',
-        'YL': 'XH',
-        'ZL': 'YH',
-
-        'XH': 'XL',
-        'YH': 'YL',
-        'ZH': 'ZL'
-    })
-
-    prev = None
-    for line in sark.lines(rom_segment.startEA, rom_segment.endEA):
-        if prev is None:
-            prev = line
-            continue
-
-        try:
-            curr_insn = line.insn
-            prev_insn = prev.insn
-        except sark.exceptions.SarkNoInstruction:
-            logger.debug("skipping @ 0x%x" % line.ea)
-            prev = line
-            continue
-
-
-        if (len(prev_insn.operands) != 2 or len(curr_insn.operands) != 2 or
-            str(prev_insn.operands[0]) == '' or str(prev_insn.operands[1]) == '' or str(curr_insn.operands[0]) == '' or str(curr_insn.operands[1]) == '' or
-            str(prev_insn.operands[0].type) != 'General_Register' or str(curr_insn.operands[0].type) != 'General_Register' or
-            str(prev_insn.operands[1].type) != 'Immediate_Value' or str(curr_insn.operands[1].type) != 'Immediate_Value'
-            ):
-            logger.debug("filtering: %s && %s" % (prev, line))
-
-            if curr_insn.mnem == 'ldi' and prev_insn.mnem == 'ldi':
-                logger.warning("false filtered %s && %s\n\t%s %s %s\n\t%s %s %s" % (prev, line, len(prev_insn.operands), prev_insn.operands[0].type, prev_insn.operands[1].type, len(curr_insn.operands), curr_insn.operands[0].type, curr_insn.operands[1].type))
-
-            prev = line
-            continue
-
-        def safe_name(address):
-            name = sark.Line(address).name
-            if name[0:4] == 'unk_':
-                 return "0x%x" % address
-            else:
-                return  "%s" % name
-
-        logger.debug("testing @ 0x%x %s == %s" % (line.ea, prev_insn.operands[0].reg, rpairs.get(curr_insn.operands[0].reg)))
-        if prev_insn.operands[0].reg == rpairs.get(curr_insn.operands[0].reg):
-                word = int(curr_insn.operands[1].text, 0) * 256 + int(prev_insn.operands[1].text, 0)
-                address = ram_segment.startEA + word
-
-                if address <= ram_segment.endEA:
-                    result = add_dref(line.ea, address, dr_T)
-                    logger.debug("add dref from 0x%x to 0x%x: %s" % (line.ea, address, str(result)))
-                    line.comments.repeat = safe_name(address)
-
-        prev = line
+    def safe_name(address):
+        name = sark.Line(address).name
+        if name is None or name == '' or name[0:4] == 'unk_':
+             return "0x%x" % address
+        else:
+            return  "%s" % name
 
     def dref_range_fixer(startEA, endEA):
         for line in sark.lines(startEA, endEA):
             for xref in line.xrefs_to:
                 if xref.iscode or xref.frm == idc.BADADDR or str(xref.type) != 'Data_Text': # only try to fix data references from code in ROM of the Data_Text type (as created by the dumb seq xref routine above)
                     continue
                 logger.debug("fixing xref (type:%s) to %s from ROM:%x" % (xref.type, safe_name(line.ea), xref.frm))
-                sark.Line(xref.frm).comments.repeat = safe_name(line.ea)
+                sark.Line(xref.frm).comments.repeat = str(sark.Line(xref.frm).comments.repeat).replace("0x%x" % line.ea, safe_name(line.ea))
         return
 
     def dref_fixer():
@@ -108,7 +57,68 @@ def dref_all_fixer():
         dref_range_fixer(ram_segment.startEA, ram_segment.endEA)
         return
 
-    print("data xrefs (drefs) added for all sequential loads of the bytes 16-bit addresses into RAM.\nIf any lines are renamed in the RAM segment, then the drefs can be fixed by running dref_fixer() on a selection of ram addresses or dref_all_fixer() to perform this operation over all of the RAM segment.")
+    def avr_dumb_seq_load_xrefs(startEA, endEA):
+        prev = None
+        for line in sark.lines(startEA, endEA):
+            if prev is None:
+                prev = line
+                continue
+
+            try:
+                curr_insn = line.insn
+                prev_insn = prev.insn
+            except sark.exceptions.SarkNoInstruction:
+                logger.debug("skipping @ 0x%x" % line.ea)
+                prev = line
+                continue
+
+            if (len(prev_insn.operands) != 2 or len(curr_insn.operands) != 2 or
+                str(prev_insn.operands[1]) == '' or str(curr_insn.operands[1]) == ''
+                ):
+                logger.debug("filtering: %s && %s" % (prev, line))
+                prev = line
+                continue
+
+            logger.debug("testing %s && %s" % (prev, line))
+            if (is_latter_of_rxN_sequential_instructions(prev, line, 0) and
+                str(prev_insn.operands[1].type) == 'Immediate_Value' and str(curr_insn.operands[1].type) == 'Immediate_Value'
+               ):
+                idc.OpHex(prev.ea, 1)
+                idc.OpHex(line.ea, 1)
+                if prev_insn.mnem == 'subi' and curr_insn.mnem == 'sbci':
+                    word = (int(curr_insn.operands[1].text, 0) + 1) * -256 + int(prev_insn.operands[1].text, 0) * -1
+                    address = ram_segment.startEA + word
+
+                    if (address > ram_segment.startEA + 0x2000 and address < ram_segment.endEA and
+                        str(prev_insn.operands[0]) != 'YL' and str(prev_insn.operands[0].reg) != 'r28' # ignore indexed access into stack
+                       ):
+                        result = add_dref(line.ea, address, dr_T)
+                        logger.info("%s adding dref to %s at ROM:%x \"%s\"" % ("Success" if result else "Error", safe_name(address), line.ea, line))
+                        line.comments.repeat = "indexed access into %s" % safe_name(address)
+                else:
+                    word = int(curr_insn.operands[1].text, 0) * 256 + int(prev_insn.operands[1].text, 0)
+                    address = ram_segment.startEA + word
+
+                    if address >= ram_segment.startEA and address < ram_segment.endEA:
+                        result = add_dref(line.ea, address, dr_T)
+                        logger.info("%s adding dref to %s at ROM:%x \"%s\"" % ("Success" if result else "Error", safe_name(address), line.ea, line))
+                        if address <= ram_segment.startEA + 32:
+                            line.comments.repeat = "possible %s" % sark.Line(address).comments.repeat # use the ioport name in the comments
+                        else:
+                            line.comments.repeat = safe_name(address)
+
+            prev = line
+
+    def all_avr_dumb_seq_load_xrefs():
+        avr_dumb_seq_load_xrefs(rom_segment.startEA, rom_segment.endEA)
+        return
+
+    def all_avr_dumb_seq_load_xrefs_here():
+        this_function = sark.Function(idc.here())
+        avr_dumb_seq_load_xrefs(this_function.startEA, this_function.endEA)
+        return
+
+    print("some utility functions are defined. run\nall_avr_dumb_seq_load_xrefs() to define data xrefs (drefs) for all sequential loads of the bytes 16-bit addresses into RAM throughout the whole binary,\nall_avr_dumb_seq_load_xrefs_here() for the current function and\navr_dumb_seq_load_xrefs(startEA, endEA) for a custom range\nIf any lines are renamed in the RAM segment, then the drefs can be fixed by running dref_fixer() on a selection of ram addresses or dref_all_fixer() to perform this operation over all of the RAM segment.")
 
 except:
     exc_type, exc_value, exc_traceback = sys.exc_info()

atxmega128a4u/scripts/avr_dumb_seq_load_xrefs.py

@@ -0,0 +1,143 @@
+import idascript
+
+import sys
+import os
+import traceback
+
+import logging
+logger = logging.getLogger(__name__)
+if not logger.handlers:
+    handler = logging.StreamHandler(stream=sys.stdout)
+    logger.addHandler(handler)
+logger.setLevel(logging.INFO)
+
+try:
+    import idautils
+    import idaapi
+    import sark
+
+    print os.path.dirname(__file__)
+    sys.path.insert(0, os.path.dirname(__file__))
+    from avr_utils import *
+
+    def make_stack_variable(func_start, offset, name, size):
+        func = idaapi.get_func(func_start)
+        frame = idaapi.get_frame(func)
+        if frame is None:
+            if idaapi.add_frame(func, 0, 0, 0) == -1:
+                raise ValueError("couldn't create frame for function @ 0x%x" % func_start)
+            frame = idaapi.get_frame(func)
+
+        offset += func.frsize
+        member = idaapi.get_member(frame, offset)
+
+        if member:
+            return 0
+        else:
+            # No member at the offset, create a new one
+            if idaapi.add_struc_member(frame,
+                    name,
+                    offset,
+                    idaapi.wordflag() if size == 2 else idaapi.byteflag(),
+                    None, size) == 0:
+                return 1
+            else:
+                return 0
+
+    def is_latter_of_stack_sequential_instructions(prev_line, curr_line, op_num):
+        other_op_num = 0
+        if op_num == 0:
+            other_op_num = 1
+
+        if not is_latter_of_rxN_sequential_instructions(prev_line, curr_line, other_op_num):
+            return False
+
+        try:
+            curr_insn = curr_line.insn
+            prev_insn = prev_line.insn
+        except sark.exceptions.SarkNoInstruction:
+            return False
+
+        if (str(prev_insn.operands[op_num]).startswith('Y+') and
+            prev_insn.operands[op_num].offset == curr_insn.operands[op_num].offset - 1
+           ):
+            logger.debug("offsets 0x%x && 0x%x are sequential: %s && %s" % (prev_insn.operands[op_num].offset, curr_insn.operands[op_num].offset, prev_line, curr_line))
+            return True
+
+        return False
+
+    def doesnt_imply_stack_var(curr_insn):
+        return str(curr_insn.operands[1].reg) == 'r1'
+
+    def operand_to_stack_variable(curr_line, op_num):
+        logger.debug("setting stack var operand %d of %s" % (op_num, curr_line))
+        idc.OpStkvar(curr_line.ea, op_num)
+        return
+
+    def create_stack_variable_from_operand(curr_line, op_num):
+        try:
+            curr_insn = curr_line.insn
+        except sark.exceptions.SarkNoInstruction:
+            return
+
+        if doesnt_imply_stack_var(curr_insn):
+            return
+
+        stack_offset = curr_insn.operands[op_num].offset
+        this_function = sark.Function(curr_line.ea)
+
+        next_line = sark.Line(curr_line.ea + len(curr_line.bytes))
+        size = 2 if is_latter_of_stack_sequential_instructions(curr_line, next_line, op_num) else 1
+
+        logger.info("creating %d byte stack variable @ 0x%x based on %s && %s" % (size, stack_offset, curr_line, next_line))
+
+        make_stack_variable(this_function.startEA, stack_offset, "var_%x" % stack_offset, size)
+        return
+
+    def all_y_stack_vars_here():
+        ea = idc.here()
+        this_function = sark.Function(ea)
+
+        prev = None
+        for line in this_function.lines:
+            if prev is None:
+                prev = line
+                continue
+
+            try:
+                curr_insn = line.insn
+                prev_insn = prev.insn
+            except sark.exceptions.SarkNoInstruction:
+                logger.debug("skipping @ 0x%x" % line.ea)
+                prev = line
+                continue
+
+            if (len(curr_insn.operands) != 2 or
+                str(curr_insn.operands[0]) == '' or str(curr_insn.operands[1]) == ''
+                ):
+                logger.debug("filtering: %s" % (line))
+                prev = line
+                continue
+
+            logger.debug("testing %s" % (line))
+
+            if str(curr_insn.operands[1]).startswith('Y+'):
+                operand_to_stack_variable(line, 1)
+                if not is_latter_of_stack_sequential_instructions(prev, line, 1): # avoid marking a stack var for the second part of a sequential load
+                    create_stack_variable_from_operand(line, 1)
+
+            if str(curr_insn.operands[0]).startswith('Y+'):
+                operand_to_stack_variable(line, 0)
+                if not is_latter_of_stack_sequential_instructions(prev, line, 0): # avoid marking a stack var for the second part of a sequential load
+                    create_stack_variable_from_operand(line, 0)
+
+            # TODO also for Y+ in operand 0
+            prev = line
+
+    print("some utility functions are defined:\nall_y_stack_vars_here()")
+
+except:
+    exc_type, exc_value, exc_traceback = sys.exc_info()
+    logger.error("Uncaught exception", exc_info=(exc_type, exc_value, exc_traceback))
+
+idascript.exit()

atxmega128a4u/scripts/avr_stack_vars.py

@@ -0,0 +1,43 @@
+import sys
+import logging
+utils_logger = logging.getLogger(__name__)
+if not utils_logger.handlers:
+    handler = logging.StreamHandler(stream=sys.stdout)
+    utils_logger.addHandler(handler)
+utils_logger.setLevel(logging.INFO)
+
+def avr_get_register_pairs():
+    rpairs = dict()
+
+    for i in range(1, 33, 2):
+        rpairs.update({"r%d" % i: "r%d" % (i-1)})
+
+    rpairs.update({
+        'XH': 'XL',
+        'YH': 'YL',
+        'ZH': 'ZL'
+    })
+
+    return rpairs
+
+def is_latter_of_rxN_sequential_instructions(prev_line, curr_line, op_num):
+    if prev_line is None:
+        return False
+
+    try:
+        curr_insn = curr_line.insn
+        prev_insn = prev_line.insn
+    except sark.exceptions.SarkNoInstruction:
+        return False
+
+    if (len(prev_insn.operands) != 2 or len(curr_insn.operands) != 2 or
+        str(prev_insn.operands[0]) == '' or str(prev_insn.operands[1]) == '' or str(curr_insn.operands[0]) == '' or str(curr_insn.operands[1]) == '' or
+        str(prev_insn.operands[op_num].type) != 'General_Register' or str(curr_insn.operands[op_num].type) != 'General_Register'
+       ):
+        return False
+
+    if prev_insn.operands[op_num].reg == avr_get_register_pairs().get(curr_insn.operands[op_num].reg):
+        utils_logger.debug("registers %s and %s are sequential: %s && %s" % (prev_insn.operands[op_num].reg, curr_insn.operands[op_num].reg, prev_line, curr_line))
+        return True
+
+    return False