New RZIL integration

[Heersin]

Your checklist for this pull request

• I've read the guidelines for contributing to this repository
• I made sure to follow the project's coding style
• I've added tests that prove my fix is effective or that my feature works (if possible)
• I've updated the documentation and the rizin book with the relevant information (if needed)

Detailed description

1. New IL as an independent library which relies on rz_util only.
2. IL in core analysis are moved to core/cil.c. (Related pr of moving esil -> Reorganize esil directory #1360 )
3. Change the tech of collecting stats and trace in the old ESIL
4. Fix some bugs in the old pr New Rizin IL integration #1361 New Rizin IL integration #1451

Test plan

Should pass the old rizin tests.

Closing issues

closes #277

More Info
0. Use tree-like approach

1. This pr created for asan build to detect bug.
2. Only enabled in analysis_bf.c.
3. Register arena changes in other module (such as debug) are not covered in current new IL.

[Heersin]

The trace and stats techs of the old index approach replies on temporary value. Now it has been removed. We need to implement the trace/stats in the rzil. It aims to collect info reg/mem read/write.

Currently, the API of opcode evaluation is :
rzil_parse_root(RzILVM *vm, RzILOp *op);

it's a recursive function to evaluate the expression. so we may add an extra arg as Callback function
rzil_parse_root(RzILVM *vm, RzILOp *op, ParseCallbacks f);

the callback function ccould be

rzil_focus_trace (RzILOp *op)
 - mem read
 - mem write
 - reg read
 - reg write

etc.

but what I worry about is the possible header conflict.
Since our new trace info structure defined in higher level of rizin project while the rzil can only rely on rz_util

we may not be able to directly use the function and trace info struct in rz_analysis.h

1. Defined a temporary struct to store the collected info ?
2. Implement the similar parse/emulate function in the same level or higher one. As esil did.

That's two possible solutions I have for now. Do you have any idea ?

[XVilka]

@Heersin I think adding some new structure is a way to go. Not sure what @ret2libc @thestr4ng3r @wargio think.

[wargio]

looks good with these new changes.

[wargio]

if you have core->analysis why passing core->analysis->rzil ?

[Heersin]

Yes it passes these 2 because I followed the ESIL api. We can only maintain one argument core->analysis.

[XVilka]

Yes, lets skip and use just core->analysis for both.

[wargio]

since you are ignoring the rz_io_read_at_mapped return value, maybe it should be better to initialize code to 0 or any other value that represent NOP or invalid op.

[XVilka]

I recommend not to ignore the value and do the function exit on the error

[ret2libc]

The trace and stats techs of the old index approach replies on temporary value. Now it has been removed. We need to implement the trace/stats in the rzil. It aims to collect info reg/mem read/write.

Currently, the API of opcode evaluation is :
rzil_parse_root(RzILVM *vm, RzILOp *op);

it's a recursive function to evaluate the expression. so we may add an extra arg as Callback function
rzil_parse_root(RzILVM *vm, RzILOp *op, ParseCallbacks f);

I'm not 100% sure I understood the problem, but I think having a callback that takes the ILOp as argument (maybe also the RzILVM as well) should be enough to support all kinds of traversal of the OPs without putting anything specific in the RzIL module.

[XVilka]

Overall in a good shape now. Only a few minor nitpicks left, and should be ready to merge. We can improve the implementation further after merging, IMHO.

[XVilka]

@Heersin could you please rebase on the latest dev and fix some unaddressed comments - there is a conflict now?

[thestr4ng3r]

Shouldn't this rather just contain a single RzILBitVector and be called something like RzILOpBitVector?

[thestr4ng3r]

Wouldn't RZIL_OP_LOAD actually be a bit vector op and RZIL_OP_STORE be an effect?

[XVilka]

No, the operand and effect are separated in this case, see the original implementation:

• http://binaryanalysisplatform.github.io/bap/api/odoc/bap-core-theory/Bap_core_theory/Theory/Effect/Sort/index.html

[thestr4ng3r]

Interesting, where are the operands in this link?

[ret2libc]

There's a lot of work here, nice job. I don't want to be tooo picky here, as otherwise we'll never merge this. I think there are however just few more things to adjust, in particular the void * thing as mentioned also by @thestr4ng3r .

[XVilka]

@Heersin could you please rebase your PR and address the feedback?

[Heersin]

@Heersin could you please rebase your PR and address the feedback?

Sure, I will review it tonight

[XVilka]

@Heersin you forgot 6 more feedback comments, please take a look again. Apart from that, it's good to merge, I think. cc @ret2libc @thestr4ng3r

[XVilka]

Two ASAN failed tests are unrelated to this PR and happen on the latest dev as well:

[XX] TIMEOUT db/formats/elf/sections more than 65535 segments
RZ_NOPLUGINS=1 rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc iSS~? gzip://bins/elf/core/more-than-65535-segments.gz
-- stdout
--- expected
+++ actual
@@ -1,1 +1,0 @@
-131073

-- stderr
Cannot retrieve regstate on: AMD x86-64 architecture (not yet supported)

-- exit status: -1

[XX] TIMEOUT db/formats/mdmp mdmp 64bit - strings
RZ_NOPLUGINS=1 rizin -escr.utf8=0 -escr.color=0 -escr.interactive=0 -N -Qc 'iz~0x002e2fe1[1,2,3,4,5,6,7,8]
iz~0x002e2feb[1,2,3,4,5,6,7,8]
iz~0x002e2ff5[1,2,3,4,5,6,7,8]
iz~0x00330d85[1,2,3,4,5,6,7,8]
iz~0x003310c1[1,2,3,4,5,6,7,8]
iz~0x00161a37[1,2,3,4,5,6,7,8]
iz~0x00161c7f[1,2,3,4,5,6,7,8]
iz~0x00161dbf[1,2,3,4,5,6,7,8]
iz~0x001d9d45[1,2,3,4,5,6,7,8]
iz~0x001da0a5[1,2,3,4,5,6,7,8]
iz~0x003fad45[1,2,3,4,5,6,7,8]
iz~0x003fb0ad[1,2,3,4,5,6,7,8]
iz~0x00480857[1,2,3,4,5,6,7,8]
iz~0x004808c7[1,2,3,4,5,6,7,8]
iz~0x00499cf5[1,2,3,4,5,6,7,8]
iz~0x0049a045[1,2,3,4,5,6,7,8]
' bins/mdmp/hello64.dmp
-- stdout
--- expected
+++ actual
@@ -8,9 +8,3 @@
 0x00161dbf 0x7759e130 45 92 C:_Windows_System32_kernel32.dll utf16le \REGISTRY\USER\*\SOFTWARE\Classes\Wow6432Node
 0x001d9d45 0x776160b6 15 32 C:_Windows_System32_kernel32.dll utf16le VS_VERSION_INFO
 0x001da0a5 0x77616416 11 24 C:_Windows_System32_kernel32.dll utf16le VarFileInfo
-0x003fad45 0x7fefd5080b6 15 32 C:_Windows_System32_KERNELBASE.dll utf16le VS_VERSION_INFO
-0x003fb0ad 0x7fefd50841e 11 24 C:_Windows_System32_KERNELBASE.dll utf16le VarFileInfo
-0x00480857 0x7fefdb33bc8 4 10 C:_Windows_System32_msvcrt.dll utf16le PATH
-0x004808c7 0x7fefdb33c38 10 22 C:_Windows_System32_msvcrt.dll utf16le SystemRoot
-0x00499cf5 0x7fefdb4d066 15 32 C:_Windows_System32_msvcrt.dll utf16le VS_VERSION_INFO
-0x0049a045 0x7fefdb4d3b6 11 24 C:_Windows_System32_msvcrt.dll utf16le VarFileInfo

-- stderr
[WARN] Invalid or unsupported enumeration encountered 21
[WARN] Invalid or unsupported enumeration encountered 22
[INFO] Parsing data sections for large dumps can take time, please be patient (but if strings ain't your thing try with -z)!

-- exit status: -1