BOIL detection

[amberdespair]

When you detect an operand backward dependency chain as cyclic, do you consider that the first operand of the chain may be cleared somewhere else in this loop? For example, fragment of loop (x86):

... 1: str eax, ,t0 ;add eax, eax 2: str eax, ,t1 3: and t0, 80000000h, t2 4: and t1, 80000000h, t3 5: add t0, t1, qword t4 6: and qword t4, qword 80000000h, t5 7: bsh t5, -31, byte SF 8: xor t2, t3, t6 9: xor t6, 80000000, t7 10: xor t2, t5, t8 11: and t7, t8, t9 12: bsh t9, -31, byte OF 13: and qword t4, qword 100000000h, qword t10 14: qword t10, qword -32, byte CF 15: and qword t4, qword ffffffffh, t11 16: bisz t11, ,byte ZF 17: str t11, ,eax 18: and eax, word ffffh, t1 ;mov word ss:[ebp + var_8], word ax 19: add fffffff8h, ebp, qword t4 20: and qword t4, qword ffffffffh, t4 21: add t4, ssbase, t6 22: stm word t1, ,t6 ...

There is a cyclic backward dependency chain from the first operand of STM:

t1 --> eax --> t4 --> t1 (cycle)

22: stm word t1, ,t6 18: and eax, word ffffh, t1 17: str t11, ,eax 15: and qword t4, qword ffffffffh, t11 5: add t0, t1, qword t4

but instruction:

2: str eax, ,t1

clears register t1 and this chain does not make any sense.