Fixes handling of let-bound variables in flatten pass (#1359)

bmourad01 · web-flow · commit ea2f03d11957 · 2021-11-04T09:41:18.000-04:00
* Update LLVM backend to work with version 12 This may also work with later versions, but I did not test them * Fixes handling of let-bound variables in flatten pass The pass was incorrectly handling lexically-scoped variables introduced by "let" expressions. For example, the following code: ``` 00000015: PF := ~low:1[let $1 = RSP >> 4 ^ RSP in let $2 = $1 >> 2 ^ $1 in $2 >> 1 ^ $2] ``` Was transformed to: ``` 00005ebd: #11 := RSP >> 4 00005ebe: #12 := #11 ^ RSP 00005ebf: #13 := $1 >> 2 00005ec0: #14 := #13 ^ $1 00005ec1: #15 := $2 >> 1 00005ec2: #16 := #15 ^ $2 00005ec3: #17 := let $2 = #14 in #16 00005ec4: #18 := let $1 = #12 in #17 00005ec5: #19 := low:1[#18] 00005ec6: #20 := ~#19 00000015: PF := #20 ``` Notice how the terms at `00005ebf` and so on contain lexically-scoped variables which are not bound to any expression. This commit fixes that behavior to the following: ``` 00005ebd: #11 := RSP >> 4 00005ebe: #12 := #11 ^ RSP 00005ebf: #13 := #12 >> 2 00005ec0: #14 := #13 ^ #12 00005ec1: #15 := #14 >> 1 00005ec2: #16 := #15 ^ #14 00005ec3: #17 := low:1[#16] 00005ec4: #18 := ~#17 00000015: PF := #18 ``` So, the pass seems better off discarding the "let" entirely. * Fix capture-avoiding substitution * Runs `make indent`
diff --git a/plugins/flatten/.merlin b/plugins/flatten/.merlin
@@ -1,7 +1,3 @@
-PKG core_kernel
-PKG bap
-PKG ocamlgraph
+REC
 
-B _build
-FLG -short-paths
-FLG -w -4-33-40-41-42-43-34-44
+B ../../_build
diff --git a/plugins/flatten/flatten_main.ml b/plugins/flatten/flatten_main.ml
@@ -1,14 +1,26 @@
 open Bap.Std
 open Core_kernel
-include Self()
 
+include Self()
 
 let get_direct_typ (e : exp) : Type.t = match e with
   | Bil.Var v -> Var.typ v
   | Bil.Unknown (_,t) -> t
   | Bil.Int w -> Type.Imm (Word.bitwidth w)
   | _ -> failwith "the expression is not flattened"
 
+class substituter (x : var) (x' : var) = object
+  inherit Exp.mapper as super
+
+  method! map_var v =
+    if Var.equal x v then Var x' else super#map_var v
+
+  method! map_let v ~exp ~body =
+    let exp = super#map_exp exp in
+    let body = if Var.equal x v then body else super#map_exp body in
+    Let (v, exp, body)
+end
+
 let flatten_exp (exp : exp) (blk : blk term) (before : tid) : exp * blk term =
   let is_virtual = true in
   let fresh = true in
@@ -61,13 +73,15 @@ let flatten_exp (exp : exp) (blk : blk term) (before : tid) : exp * blk term =
       Term.prepend def_t ~before blk def
     | Bil.Let (v, x, y) ->
       let x, blk = aux x blk in
-      let y, blk = aux y blk in
-      let vtype = Var.typ v in
-      let var = Var.create ~is_virtual ~fresh "flt" vtype in
-      let e = Bil.Let (v, x, y) in
-      let def = Def.create var e in
-      Bil.Var var,
-      Term.prepend def_t ~before blk def
+      let var, blk = match x with
+        | Var v -> v, blk
+        | _ ->
+          let vtype = Var.typ v in
+          let var = Var.create ~is_virtual ~fresh "flt" vtype in
+          let def = Def.create var x in
+          var, Term.prepend def_t ~before blk def in
+      let y = (new substituter v var)#map_exp y in
+      aux y blk
     | Bil.Unknown (_, _) -> exp, blk
     | Bil.Ite (x, y, z) ->
       let x, blk = aux x blk in
