I am not familiar with BAP, but taking a quick look, it seems like using the
two together might produce the best results. Using BAP to lift assembly into
an SSA form then translating that to LLVM's version of SSA and using
LLVM's
optimizations to clean it up.
My project is currently independent of LLVM, it just so happens that a text
dump of the output looks very similar to LLVM IR (once I learned of LLVM, I
started using its syntax in a lot of places)
One of the really difficult parts is properly lifting an assembly
instruction into its SSA equivalent. This is not terribly complicated in and
of itself, but given the shear number of instructions in
a typical processors instruction requires a lot of work and presents
many opportunity for mistakes that would be amplified by
subsequent analysis. In my opinion, this alone would be a reason to look to
something like BAP as it has done the work and has controls in places to
help insure it is done correctly.
-Nathan
On Fri, Jun 11, 2010 at 10:37 AM, Bob Grandish <redcurbs at yahoo.com>
wrote:
> Thanks for your response. In your experience, was it worth the conversion
> hassle and code expansion to have the code in a platform-independent SSA
> form and be able to apply LLVM-based analysis tools? Or is it better to
> convert to another IR (such as BAP[1]) and work in that form?
>
> Bob
>
> [1] Binary Analysis Platform, http://bap.ece.cmu.edu/
>
> --- On Thu, 6/10/10, Nathan Jeffords <blunted2night at gmail.com>
wrote:
> As an ongoing personal research project, I have something like this. I
> actually learned of LLVM as part of some research I was doing on this
> project. It is a quite complicated though, each assembly language
> instruction expands to a number of SSA instructions, as each flag/register
> affected becomes a separate instruction, every register used in the method
> has phi functions in every basic block, the initial generation produces
much
> more code that the original assembly language which then need to have
> certain optimization passes to weed out unneeded effects. reconstructing
> local variables from stack usage, and picking out method inputs/outputs
that
> are real as opposed to just being saved and restored is tricky too.
>
>
> On Thu, Jun 10, 2010 at 10:24 PM, Bob Grandish <redcurbs at
yahoo.com> wrote:
>
> I'm wondering if anyone is working on a machine code -> LLVM bitcode
> disassembler? Obviously, there won't be a one-to-one correspondence but
it
> seems like you should be able to get close. There's always inline asm
for
> the remaining fragments.
>
> So is there such a thing?
>
> Thank you,
>
> Bob
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20100611/06147e52/attachment.html>