I am not familiar with BAP, but taking a quick look, it seems like using the two together might produce the best results. Using BAP to lift assembly into an SSA form then translating that to LLVM's version of SSA and using LLVM's optimizations to clean it up.<div>
<br></div><div>My project is currently independent of LLVM, it just so happens that a text dump of the output looks very similar to LLVM IR (once I learned of LLVM, I started using its syntax in a lot of places)<br><br></div>
<div>One of the really difficult parts is properly lifting an assembly instruction into its SSA equivalent. This is not terribly complicated in and of itself, but given the shear number of instructions in a typical processors instruction requires a lot of work and presents many opportunity for mistakes that would be amplified by subsequent analysis. In my opinion, this alone would be a reason to look to something like BAP as it has done the work and has controls in places to help insure it is done correctly.</div>
<div><br></div><div>-Nathan</div><div><br><div class="gmail_quote">On Fri, Jun 11, 2010 at 10:37 AM, Bob Grandish <span dir="ltr"><<a href="mailto:redcurbs@yahoo.com">redcurbs@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Thanks for your response. In your experience, was it worth the conversion hassle and code expansion to have the code in a platform-independent SSA form and be able to apply LLVM-based analysis tools? Or is it better to convert to another IR (such as BAP[1]) and work in that form?<br>
<br>
Bob<br>
<br>
[1] Binary Analysis Platform, <a href="http://bap.ece.cmu.edu/" target="_blank">http://bap.ece.cmu.edu/</a><br>
<div><div></div><div class="h5"><br>
--- On Thu, 6/10/10, Nathan Jeffords <<a href="mailto:blunted2night@gmail.com">blunted2night@gmail.com</a>> wrote:<br>
As an ongoing personal research project, I have something like this. I actually learned of LLVM as part of some research I was doing on this project. It is a quite complicated though, each assembly language instruction expands to a number of SSA instructions, as each flag/register affected becomes a separate instruction, every register used in the method has phi functions in every basic block, the initial generation produces much more code that the original assembly language which then need to have certain optimization passes to weed out unneeded effects. reconstructing local variables from stack usage, and picking out method inputs/outputs that are real as opposed to just being saved and restored is tricky too.<br>
<br>
<br>
On Thu, Jun 10, 2010 at 10:24 PM, Bob Grandish <<a href="mailto:redcurbs@yahoo.com">redcurbs@yahoo.com</a>> wrote:<br>
<br>
I'm wondering if anyone is working on a machine code -> LLVM bitcode disassembler? Obviously, there won't be a one-to-one correspondence but it seems like you should be able to get close. There's always inline asm for the remaining fragments.<br>
<br>
So is there such a thing?<br>
<br>
Thank you,<br>
<br>
Bob<br>
<br>
<br>
<br>
<br>
</div></div></blockquote></div><br></div>