bulldozer icon indicating copy to clipboard operation
bulldozer copied to clipboard

Published 20 hours ago verified publisher icon ceres-c

hi,Does this can also be used to decompile fireyejs_1.222.3?

Open lyx1104 opened this issue 2 years ago • 15 comments

hi,i used this code on fireyejs_1.222.3,but I encounter difficulties,some error,can you give me some guidance?

lyx1104 avatar Jun 13 '22 09:06 lyx1104

The project is currently targeted only for Collina.js, you should make some changes to fit your particular target (especially the basic blocks identification process).

MrMoDDoM avatar Jun 13 '22 09:06 MrMoDDoM

I've made some changes,RegionIdentifier.analyze() can get,but IterativeStructurer(ri).structure() get exception "Maximum call stack size exceeded",It bothered me for a long time

lyx1104 avatar Jun 13 '22 09:06 lyx1104

Hi @lyx1104, you've encountered a long-standing issue with the code. When you hit the max stack size it (most likely) means some cycles haven't been identified and wrapped in a cyclic region. We've noticed the same issue when analyzing um.js (also from AliExpress) and were not able to pinpoint the source of the problem. Debugging was complicated by the sheer size of the candidate (but unsuccessfully extracted) loop (thousands of nodes), thus manual analysis was prohibitive. You'd be of great help if you could pinpoint which component of the global CFG can't be converted to a cyclic region. Coming up with a MWE of a graph would be great.

BTW Probably this project could do with a complete rewrite, but I'm currently busy expanding a library. My final goal would be to integrate this in a new, better organized, universal project

ceres-c avatar Jun 13 '22 14:06 ceres-c

so if i want make a picture or other file to show the CFG(means the DiGraph),which tool or package can help me? Thanks for your guidance,It helped me a lot

lyx1104 avatar Jun 14 '22 01:06 lyx1104

Yes, the CFG is contained in a DiGraph. Once you identify the nodes and the edges connecting them, you can format it as a graphviz digraph and plot it using the dot library. If the graph contains many nodes (thousands), you can play around with the nslimit option in your .dot file like this.

digraph G {
    graph [nslimit=30 ];
    1 -> 2;
}

Then generate the graphh with dot <FILENAME.dot> -Tsvg -O -v

ceres-c avatar Jun 14 '22 14:06 ceres-c

OH,your recommend is awesome. I can turn dot files into SVG files already,but i can't find any usages in your code how to get dot file,how to get the dot file like collina_loop.dot and so on in your entire project?

lyx1104 avatar Jun 15 '22 02:06 lyx1104

There is currently no way to do so in the code. You have to run the project with a debugger and stop it where you deem it necessary. You can create a graphviz file by dumping all the edges in the graph (use Digraph.edges()), and then run a forEach over all of them to convert to graphviz syntax

ceres-c avatar Jun 15 '22 09:06 ceres-c

thanks,I will have a try. Chinese proverb--->"laotie 666",haha

lyx1104 avatar Jun 15 '22 09:06 lyx1104

PSA I've updated my comment https://github.com/ceres-c/bulldozer/issues/2#issuecomment-1155228396 to correct a mistake about nslimit option.

ceres-c avatar Jun 15 '22 11:06 ceres-c

Hi,if my global CFG can't generate the graph with dot <FILENAME.dot> -Tsvg -O -v,what is the probable cause? I can't generate the graph,so I can't pinpoint which component of the global CFG can't be converted to a cyclic region

lyx1104 avatar Jun 22 '22 07:06 lyx1104

Is dot failing or what? Have you managed to export a graphviz-compatible file from the internal DiGraph? Do you have graphviz installed? Post some output and your .dot file

ceres-c avatar Jun 22 '22 11:06 ceres-c

some_output.zip. Hi,this file package contains the fireyejs,compare with original code,I did some AST transform make it look like collina,for instance, void 0 (some code)------>!function(){some code} and the dot file, I used your program , when I get the big CFG, I used cfg.edges() get a list , then for of the list,used the FS write in dot file.But not lucky enough, I can't get PDF of SVG file by the dot file.

lyx1104 avatar Jun 23 '22 01:06 lyx1104

You just have to wait and limit the number of iterations wit graph [nslimit=1 ];, as I told you. Just add that option inside the digraph and you'll get this output in a couple of minutes (warning: BIG svg!). This is pretty ugly, so you might want to increase the nslmit value to something higher but still reasonable (check the number of iterations for the second simplex)

To get a more accurate representation try forcing head position in the top of the graph with something like HEAD_NODE_ID[pos = "0,0"] # head

You probably want to analyze this graph with some automated process like a connected components analyzer. Maybe export the JSNetworkX to a NetworkX structure and use the python lib, which has far more functions

ceres-c avatar Jun 24 '22 10:06 ceres-c

Oh my god,the output of the digraph is so complex,Compared with collina (just many standard loop execute in sequence),but the fireyejs have many strange and big loop,which I haven't seen it in your paper.I have no way to start.

lyx1104 avatar Jun 27 '22 02:06 lyx1104

Yes, it's pretty bad. um.js was similar in this regard (completely effed up) and we had similar issues with cycles not being detected in it. Please note: my paper has plenty of graphs but they're all simplified. If you do the same with collina you'll get a complex output as well. Your best bet is, as I said, to study a bit of graph theory and programmatically identify the surviving loops

ceres-c avatar Jun 27 '22 11:06 ceres-c