/// \brief Duplicate non-Phi instructions from the beginning of block up to
/// StopAt instruction into a split block between BB and its predecessor.
BasicBlock *
llvm::DuplicateInstructionsInSplitBetween(BasicBlock *BB, BasicBlock *PredBB,
Instruction *StopAt,
ValueToValueMapTy &ValueMapping) {
// We are going to have to map operands from the original BB block to the new
// copy of the block 'NewBB'. If there are PHI nodes in BB, evaluate them to
// account for entry from PredBB.
BasicBlock::iterator BI = BB->begin();
for (; PHINode *PN = dyn_cast<PHINode>(BI); ++BI)
ValueMapping[PN] = PN->getIncomingValueForBlock(PredBB);
BasicBlock *NewBB = SplitEdge(PredBB, BB);
NewBB->setName(PredBB->getName() + ".split");
Instruction *NewTerm = NewBB->getTerminator();
// Clone the non-phi instructions of BB into NewBB, keeping track of the
// mapping and using it to remap operands in the cloned instructions.
for (; StopAt != &*BI; ++BI) {
Instruction *New = BI->clone();
New->setName(BI->getName());
New->insertBefore(NewTerm);
ValueMapping[&*BI] = New;
// Remap operands to patch up intra-block references.
for (unsigned i = 0, e = New->getNumOperands(); i != e; ++i)
if (Instruction *Inst = dyn_cast<Instruction>(New->getOperand(i))) {
auto I = ValueMapping.find(Inst);
if (I != ValueMapping.end())
New->setOperand(i, I->second);
}
}
return NewBB;
}
void ModuloSchedulerDriverPass::duplicateValuesWithMultipleUses(BasicBlock* bb, Instruction* ind) {
// While we keep duplicating nodes (and create more possible work), keep going
bool keep_going = false;
do {
keep_going = false;
// For each instruction in this BB
for (BasicBlock::iterator it = bb->begin(); it!= bb->end(); ++it) {
// if it is not the induction variable and it has more than one use
if ((!dyn_cast<PHINode>(it)) && // Do not clone PHINodes
(ind != it) && // Do not clone induction pointer
// Only clone when you have more than one #uses
(instructionPriority::getLocalUses(it,bb) >1)) {
Instruction* cloned = it->clone(); // duplicate it
it->getParent()->getInstList().insert(it, cloned);
//Can also do: cloned->insertBefore(it); // on newer LLVMS
cloned->setName("cloned");
instructionPriority::replaceFirstUseOfWith(it, cloned);
// we may have created potential candidates for duplication.
// you have to keep going
keep_going = true;
}
} // foe rach inst
} while (keep_going);
}
/// eliminateUnconditionalBranch - Clone the instructions from the destination
/// block into the source block, eliminating the specified unconditional branch.
/// If the destination block defines values used by successors of the dest
/// block, we may need to insert PHI nodes.
///
void TailDup::eliminateUnconditionalBranch(BranchInst *Branch) {
BasicBlock *SourceBlock = Branch->getParent();
BasicBlock *DestBlock = Branch->getSuccessor(0);
assert(SourceBlock != DestBlock && "Our predicate is broken!");
DEBUG(errs() << "TailDuplication[" << SourceBlock->getParent()->getName()
<< "]: Eliminating branch: " << *Branch);
// See if we can avoid duplicating code by moving it up to a dominator of both
// blocks.
if (BasicBlock *DomBlock = FindObviousSharedDomOf(SourceBlock, DestBlock)) {
DEBUG(errs() << "Found shared dominator: " << DomBlock->getName() << "\n");
// If there are non-phi instructions in DestBlock that have no operands
// defined in DestBlock, and if the instruction has no side effects, we can
// move the instruction to DomBlock instead of duplicating it.
BasicBlock::iterator BBI = DestBlock->getFirstNonPHI();
while (!isa<TerminatorInst>(BBI)) {
Instruction *I = BBI++;
bool CanHoist = I->isSafeToSpeculativelyExecute() &&
!I->mayReadFromMemory();
if (CanHoist) {
for (unsigned op = 0, e = I->getNumOperands(); op != e; ++op)
if (Instruction *OpI = dyn_cast<Instruction>(I->getOperand(op)))
if (OpI->getParent() == DestBlock ||
(isa<InvokeInst>(OpI) && OpI->getParent() == DomBlock)) {
CanHoist = false;
break;
}
if (CanHoist) {
// Remove from DestBlock, move right before the term in DomBlock.
DestBlock->getInstList().remove(I);
DomBlock->getInstList().insert(DomBlock->getTerminator(), I);
DEBUG(errs() << "Hoisted: " << *I);
}
}
}
}
// Tail duplication can not update SSA properties correctly if the values
// defined in the duplicated tail are used outside of the tail itself. For
// this reason, we spill all values that are used outside of the tail to the
// stack.
for (BasicBlock::iterator I = DestBlock->begin(); I != DestBlock->end(); ++I)
if (I->isUsedOutsideOfBlock(DestBlock)) {
// We found a use outside of the tail. Create a new stack slot to
// break this inter-block usage pattern.
DemoteRegToStack(*I);
}
// We are going to have to map operands from the original block B to the new
// copy of the block B'. If there are PHI nodes in the DestBlock, these PHI
// nodes also define part of this mapping. Loop over these PHI nodes, adding
// them to our mapping.
//
std::map<Value*, Value*> ValueMapping;
BasicBlock::iterator BI = DestBlock->begin();
bool HadPHINodes = isa<PHINode>(BI);
for (; PHINode *PN = dyn_cast<PHINode>(BI); ++BI)
ValueMapping[PN] = PN->getIncomingValueForBlock(SourceBlock);
// Clone the non-phi instructions of the dest block into the source block,
// keeping track of the mapping...
//
for (; BI != DestBlock->end(); ++BI) {
Instruction *New = BI->clone();
New->setName(BI->getName());
SourceBlock->getInstList().push_back(New);
ValueMapping[BI] = New;
}
// Now that we have built the mapping information and cloned all of the
// instructions (giving us a new terminator, among other things), walk the new
// instructions, rewriting references of old instructions to use new
// instructions.
//
BI = Branch; ++BI; // Get an iterator to the first new instruction
for (; BI != SourceBlock->end(); ++BI)
for (unsigned i = 0, e = BI->getNumOperands(); i != e; ++i) {
std::map<Value*, Value*>::const_iterator I =
ValueMapping.find(BI->getOperand(i));
if (I != ValueMapping.end())
BI->setOperand(i, I->second);
}
// Next we check to see if any of the successors of DestBlock had PHI nodes.
// If so, we need to add entries to the PHI nodes for SourceBlock now.
for (succ_iterator SI = succ_begin(DestBlock), SE = succ_end(DestBlock);
SI != SE; ++SI) {
BasicBlock *Succ = *SI;
for (BasicBlock::iterator PNI = Succ->begin(); isa<PHINode>(PNI); ++PNI) {
PHINode *PN = cast<PHINode>(PNI);
// Ok, we have a PHI node. Figure out what the incoming value was for the
// DestBlock.
Value *IV = PN->getIncomingValueForBlock(DestBlock);
// Remap the value if necessary...
std::map<Value*, Value*>::const_iterator I = ValueMapping.find(IV);
if (I != ValueMapping.end())
IV = I->second;
PN->addIncoming(IV, SourceBlock);
}
}
// Next, remove the old branch instruction, and any PHI node entries that we
// had.
BI = Branch; ++BI; // Get an iterator to the first new instruction
DestBlock->removePredecessor(SourceBlock); // Remove entries in PHI nodes...
SourceBlock->getInstList().erase(Branch); // Destroy the uncond branch...
// Final step: now that we have finished everything up, walk the cloned
// instructions one last time, constant propagating and DCE'ing them, because
// they may not be needed anymore.
//
if (HadPHINodes) {
while (BI != SourceBlock->end()) {
Instruction *Inst = BI++;
if (isInstructionTriviallyDead(Inst))
Inst->eraseFromParent();
else if (Constant *C = ConstantFoldInstruction(Inst)) {
Inst->replaceAllUsesWith(C);
Inst->eraseFromParent();
}
}
}
++NumEliminated; // We just killed a branch!
}
void ArrayObfs::ArrObfuscate ( Function *F )
{
// Iterate the whole Function
Function *f = F;
for ( Function::iterator bb = f->begin(); bb != f->end(); ++bb )
{
for ( BasicBlock::iterator inst = bb->begin(); inst != bb->end(); )
{
if ( inst->getOpcode() == 29 ) // getelementptr
{
//errs() << "INST : " << *inst << "\n";
GetElementPtrInst *Ary = dyn_cast<GetElementPtrInst>(&*inst);
Value *ptrVal = Ary->getOperand(0);
Type *type = ptrVal->getType();
unsigned numOfOprand = Ary->getNumOperands();
unsigned lastOprand = numOfOprand - 1;
// Check Type Array
if ( PointerType *ptrType = dyn_cast<PointerType>( type ) )
{
Type *elementType = ptrType->getElementType();
if ( elementType->isArrayTy() )
{
// Skip if Index is a Variable
if ( dyn_cast<ConstantInt>( Ary->getOperand( lastOprand ) ) )
{
//////////////////////////////////////////////////////////////////////////////
// Do Real Stuff
Value *oprand = Ary->getOperand( lastOprand );
Value *basePtr = Ary->getOperand( 0 );
APInt offset = dyn_cast<ConstantInt>(oprand)->getValue();
Value *prevPtr = basePtr;
// Enter a Loop to Perform Random Obfuscation
unsigned cnt = 100;
// Prelog : Clone the Original Inst
unsigned ObfsIdx = cryptoutils->get_uint64_t() & 0xffff;
Value *newOprand = ConstantInt::get( oprand->getType(), ObfsIdx );
Instruction *gep = inst->clone();
gep->setOperand( lastOprand, newOprand );
gep->setOperand( 0, prevPtr );
gep->insertBefore( inst );
prevPtr = gep;
offset = offset - ObfsIdx;
// Create a Global Variable to Avoid Optimization
Module *M = f->getParent();
Constant *initGV = ConstantInt::get( prevPtr->getType(), 0 );
GlobalVariable *gv = new GlobalVariable( *M, prevPtr->getType(), false, GlobalValue::CommonLinkage, initGV );
while ( cnt-- )
{
// Iteratively Generate Obfuscated Code
switch( cryptoutils->get_uint64_t() & 7 )
{
// Random Indexing Obfuscation
case 0 :
case 1 :
case 2 :
{
//errs() << "=> Random Index \n";
// Create New Instruction
// Create Obfuscated New Oprand in ConstantInt Type
unsigned ObfsIdx = cryptoutils->get_uint64_t() & 0xffff;
Value *newOprand = ConstantInt::get( oprand->getType(), ObfsIdx );
// Create GetElementPtrInst Instruction
GetElementPtrInst *gep = GetElementPtrInst::Create( prevPtr, newOprand, "", inst );
//Set prevPtr
prevPtr = gep;
//errs() << "Created : " << *prevPtr << "\n";
offset = offset - ObfsIdx;
break;
}
// Ptr Dereference
case 3 :
case 4 :
{
//errs() << "=> Ptr Dereference \n";
Module *M = f->getParent();
Value *ONE = ConstantInt::get( Type::getInt32Ty( M->getContext() ), 1 );
Value *tmp = new AllocaInst( prevPtr->getType(), ONE, "", inst );
new StoreInst( prevPtr, tmp, inst );
prevPtr = new LoadInst( tmp, "", inst );
break;
}
// Ptr Value Transform
case 5 :
case 6 :
case 7 :
{
//errs() << "=> Ptr Value Trans \n";
unsigned RandNum = cryptoutils->get_uint64_t();
Value *ObfsVal = ConstantInt::get( prevPtr->getType(), RandNum );
BinaryOperator *op = BinaryOperator::Create( Instruction::FAdd, prevPtr, ObfsVal, "", inst );
new StoreInst( prevPtr, gv, inst );
BinaryOperator::Create( Instruction::FSub, gv, ObfsVal, "", inst );
prevPtr = new LoadInst( gv, "", inst );
break;
}
}
}
// Postlog : Fix the Original Indexing
{
Value *fixOprand = ConstantInt::get( oprand->getType(), offset );
// Refine the Last Instruction
GetElementPtrInst *gep = GetElementPtrInst::Create( prevPtr, fixOprand, "", inst );
// Fix the Relationship
inst->replaceAllUsesWith( gep );
// Finally : Unlink This Instruction From Parent
Instruction *DI = inst++;
//errs() << "user_back : " << *(DI->user_back()) << "\n";
DI->removeFromParent();
}
//////////////////////////////////////////////////////////////////////////////
// End : Variable Index
} else { inst++; }
// End : Check Array Type
} else { inst++; }
// End : Check Pointer Type
} else { inst++; }
// End : Check Opcode GetElementPtr
} else { inst++; }
}
}
++ArrayMod;
}