GitHub/Mergen
1
0
Fork 0
mirror of https://github.com/NaC-L/Mergen.git synced 2026-05-12 09:40:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d0a9d7fc9dc6a661f44962c249433f94faf85008
Mergen/docs
T
History
naci d0a9d7fc9d lifter: remove resolveTargetedThemidaR9 - obsoleted by generalized-loop phi infrastructure (#120) 
resolveTargetedThemidaR9 was added to recover the controlCursor identity
of R9 at three hardcoded Themida instruction addresses where the symbolic
pipeline had lost provenance. PR #112 (generalized-loop control-field /
slot phi infrastructure) since landed retrieve_generalized_loop_control_*
helpers that produce the correct phi shape through the normal
GetMemoryValue path. The R9 override is now dead code: it overwrites a
correct value with another correct value at three sites that the
upstream pipeline already handles.

Empirical bisect on the reference Themida sample
(../testthemida/example2-virt.bin @ 0x140001000) confirmed:

  - site 0x140023671 disabled alone:    2544 lifted, 0 warn, 0 err
  - site 0x14002368D disabled alone:    2544 lifted, 0 warn, 0 err
  - site 0x140023741 disabled alone:    2544 lifted, 0 warn, 0 err
  - all three disabled simultaneously:  2544 lifted, 0 warn, 0 err
  - baseline (override active):         2544 lifted, 0 warn, 0 err

The MERGEN_DIAG_LIFT_PROGRESS=1 trace at site 0x14002368D shows R9 is
already `add i64 %generalized_phi_load, 10` before the override fires -
the generalized-loop machinery produced the correct phi independently.

Removed:
  - resolveTargetedThemidaR9() in lifter/core/LifterClass_Concolic.hpp
  - R9 special-case branch + session-scaffolding diag block in
    GetRegisterValue_impl (now just `return get_impl(key)`)
  - Three microtests in lifter/test/Tester.hpp:
      runTargetedThemidaR9OverrideProducesPhi
      runTargetedThemidaR9OverrideDoesNotFireAtAdjacentAddress
      runTargetedThemidaR9OverrideFallsThroughWithoutLoopState
  - Their three runCustom() registrations
  - Override row in helper table, hardcoded-address subsection, and
    limitations row in docs/LOOP_HANDLING.md

Retained: kThemidaControlCursorSlot, kThemidaLoopCarriedSlot, and
kSupportedGeneralizedControlFieldOffsets - still consumed by the
generalized-loop control-field/slot retrieve_* helpers.

Verified:
  - python test.py micro: all instruction microtests passed
  - python test.py baseline: all rewrite regression checks passed,
    determinism check passed (42 golden files match)
  - Themida sample: 2544 instructions lifted, 0 warnings, 0 errors

Co-authored-by: yusufcanislek <yusuf.canislek@meetdandy.com>
2026-04-23 00:37:04 +03:00
..
BUILDING.md
lifter: allow resolved indirect jumps to participate in structured loop generalization (#98)
2026-04-19 05:36:45 +03:00
LOOP_HANDLING.md
lifter: remove resolveTargetedThemidaR9 - obsoleted by generalized-loop phi infrastructure (#120)
2026-04-23 00:37:04 +03:00
REVIEWER_RULES.md
feat: commit working-tree changes required by rewrite gates
2026-03-26 07:53:43 +03:00
REWRITE_BASELINE.md
lifter: allow resolved indirect jumps to participate in structured loop generalization (#98)
2026-04-19 05:36:45 +03:00
SCOPE.md
docs: correct SCOPE loop-header generalization status (#117)
2026-04-22 23:06:47 +03:00
themida_output_lazy_fix.ll
make readme readable
2024-06-11 15:26:55 +03:00
themida_output.ll
make readme readable
2024-06-11 15:26:55 +03:00