问题
For context, I'm attempting to write a decompiler from AVM2 (ActionScript Virtual machine 2) bytecode/assembly to high-level ActionScript 3 code. As far as I am aware, this requires me to analyze the assembly and generate resulting Control Flow Graph from this, in order to deduce structures such as loops, and conditional branching (if/else).
Given some assembly like:
0 getlocal0
1 pushscope
2 findpropstrict {, private, }::trace
4 pushstring "one"
6 callproperty {, private, }::trace (1)
9 pop
10 pushbyte 5
12 pushbyte 3
14 ifngt L1
18 findpropstrict {, private, }::trace
20 pushstring "two"
22 callproperty {, private, }::trace (1)
25 pop
L1:
26 findpropstrict {, private, }::trace
28 pushstring "three"
30 callproperty {, private, }::trace (1)
33 coerce_a
34 setlocal1
35 getlocal1
36 returnvalue
37 kill 1
What is an algorithm to generate a Control Flow Graph?
回答1:
I figured this out. Basically, keep a list of labels (which in my case are indices to instructions in an array). Each list of instructions between the labels are blocks (which are vertices in the graph). Label the instruction after each branch (so that the branch is the last instruction of the block, that way you can figure out what kind of edge it is. Alternatively, you could tag on the branch type to the edge.), and the target of each branch.
Once you have the labels, just split them up into blocks. I loop through each sorted index in the labels and if the last block's last instruction was a branch, I add an edge from it to the target. If not, I add an edge from it to the current block (as a fall-through node).
来源:https://stackoverflow.com/questions/17715147/how-to-generate-a-control-flow-graph-from-assembly