Re: When will gcc assign local variables to registers?

[x visitor <visitor20212@outlook.com>]

Thank you, Henri.

The goal is to determine whether two instructions in binary access the same variable. This
information will be very helpful to detect code similarity and homology.

The challenge is that source code is not available (yes, it's more like a reverse-engineer). Even
worse, the compiler options used to generate the target binary remains unknown and out of
control in a more common case. I suppose this task is a little easier than reverse-engineer
because the latter aims at complete recovery of source code. I'm collecting alias analysis
techniques applicable to binary-only situation with the hope of a solution.

I will try -fdump option and take it as a good way to learn gcc's behavior.

Thank you again.


From: Gcc-help <gcc-help-bounces@gcc.gnu.org> on behalf of Henri Cloetens <henri.cloetens@blueice.be>
Sent: Thursday, November 12, 2020 14:54
To: gcc-help@gcc.gnu.org <gcc-help@gcc.gnu.org>
Subject: Re: When will gcc assign local variables to registers?

Dear Sir,

What do you want to do ?.

- Gcc, especially when the optimizers are turned on, heavily optimizes
the source code.
   If you want to reverse-engineer, in order to recognize the C-source
in the assembly,
   some suggestions:
1. Turn on the debug option. Then, GCC annotates the assembly
introducing info as to which
     assembly statement belongs to which source line. It may not work
with the optimizer on.
2. Run the compiler with -fdump-all. Then, it outputs a lot of verbose
files, documenting how
     the compile and optimizations have been done. It includes all the
restructuring, and also
     the register allocation. Now, good luck with that, it are long and
difficult to read files.

Best Regards,

Henri.


On 11/12/20 6:04 AM, visitor x via Gcc-help wrote:
> Thank you for the pointer.
>
> I learned SSA and realized that the problem is more challenging than I thought. As far, my understanding of SSA is that compilers restrict the definition site of each variable to only one by introducing phi-function and other tools. In this way it facilitates data flow analysis and further optimization such as dead code elimination.
>
> My idea before is to list all possible manners that compilers assign variables to registers, then it may be easier to recover variables from binary. Now it seems to be an impossible mission. So I rethink my ultimate goal, essentially a track to variable access sequence, which doesn’t require full decompilation (maybe).
>
> All we need to know is whether two instructions access the same variable (or say object if compilers care about only values). It sounds like an alias analysis in binary. Is it a specialized subfield in program/binary analysis?
>