[angr] Data Dependence Graph

Hira Agrawal hagrawal at appcomsci.com
Tue May 31 12:18:23 PDT 2016


I have a few questions about the VSA_DDG graph produced by Angr.

1. Each node in this graph has fields named ins_addr and stmt_index, 
among others.  I believe the former specifies the address of the 
associated binary instruction. What does the latter specify?  Does it 
indicate the index of the vex-stmt in the vex-stmt-array for the 
associated basic block?  If so, are the IMark and AbiHint "statements" 
included in that array?

2. Many nodes in the VSA_DDG graph have their ins_addr field set to 
None. What does this signify?

3. Does the VSA_DDG graph also capture data flow dependencies resulting 
from library calls such as read() and gets()? If not, is there a 
programmatic way to infer those dependencies?

Thanks.

-- Hira.



More information about the angr mailing list