Skip to main content

Crate analyssa

Crate analyssa 

Source
Expand description

Target-agnostic SSA IR, analyses, and optimization pipeline.

analyssa provides a reusable SSA (Static Single Assignment) intermediate representation designed for lifters, deobfuscators, and binary-analysis tooling that need target-specific metadata outside the IR. Hosts implement the Target trait plus optional scheduler adapter traits to run analyssa analyses and transformation passes over their own method storage.

§Architecture

The crate is organized into several layers:

Core IR (ir): The SSA representation itself, including blocks (crate::ir::SsaBlock), instructions (crate::ir::SsaInstruction), operations (crate::ir::SsaOp), phi nodes (crate::ir::PhiNode), constant values (crate::ir::ConstValue), variables (crate::ir::SsaVariable), exception handlers (crate::ir::SsaExceptionHandler), and the function container (crate::ir::SsaFunction).

Graph Infrastructure (graph): A generic directed graph with node, edge, and indexed-graph abstractions, plus algorithms for dominators, strongly-connected components, cycle detection, topological sort, and traversal (BFS/DFS).

Analyses (analysis): A suite of SSA analyses including control-flow graph computation, constant propagation, def-use chains, liveness analysis, memory SSA, pattern matching, phi placement, range analysis, symbolic execution via an abstract evaluator, a dataflow-analysis framework (lattice, solver, SCCP, reaching definitions, dataflow liveness), and a verifier.

Transformation Passes (passes): Optimization and deobfuscation passes including algebraic simplification, block merging, control-flow restructuring, copy propagation, dead code elimination, global value numbering (GVN), loop-invariant code motion (LICM), loop canonicalization, predicate simplification, range propagation, reassociation, strength reduction, and jump threading.

Pass Scheduling (scheduling): A framework for declaring pass capabilities, dependencies, and ordering via SsaPass, SsaPassHost, and PassScheduler, augmented by DeobfuscationCapability and ModificationScope for dependency-aware scheduling.

Host Abstractions: The Target trait defines the contract between analyssa and the host instruction set. The World trait provides an interprocedural view of the program under analysis. SsaStore and DirtySet provide storage and dirty-tracking.

Utilities: BitSet for efficient bit-vector operations in dataflow analyses, PointerSize for target pointer width, and event logging (Event, EventLog, EventKind, DerivedStats) for observing pass transformations.

§Design Principles

  • Target agnosticism: All IR types are generic over <T: Target>; host-specific metadata is hidden behind associated types.
  • Explicit data flow: Every SSA instruction has explicit operands (uses) and results (defs), enabling straightforward analysis.
  • Thread safety: Analyses and passes use &self with interior mutability where needed; event logging is lock-free via boxcar::Vec.
  • Composability: Passes declare their capabilities and dependencies through the scheduling framework, supporting automatic ordering.

§Usage

  1. Implement Target for your instruction set
  2. Implement SsaStore to manage method storage
  3. Optionally implement World for interprocedural passes
  4. Run individual analyses and passes, or use PassScheduler for automatic pipeline execution

Re-exports§

pub use bitset::BitSet;
pub use events::DerivedStats;
pub use events::Event;
pub use events::EventBuilder;
pub use events::EventKind;
pub use events::EventListener;
pub use events::EventLog;
pub use events::NullListener;
pub use host::DirtySet;
pub use host::SsaStore;
pub use scheduling::DeobfuscationCapability;
pub use scheduling::ModificationScope;
pub use scheduling::PassScheduler;
pub use scheduling::SsaPass;
pub use scheduling::SsaPassHost;
pub use target::Endianness;
pub use target::Target;
pub use testing::MockTarget;
pub use testing::MockType;
pub use world::World;

Modules§

analysis
SSA analyses: target-agnostic dataflow, liveness, type/value tracking, constant evaluation, memory model, and symbolic execution.
bitset
A bit vector for efficient set operations.
error 🔒
Error and result types used throughout the analyssa codebase.
events
Event logging for the SSA optimization pipeline.
graph
Generic directed graph infrastructure for program analysis.
host
Host adapter traits for the pass scheduler’s storage and scheduling primitives.
ir
Target-agnostic SSA (Static Single Assignment) intermediate representation core.
passes
Built-in SSA optimization passes for the analyssa deobfuscation framework.
pointer 🔒
Target pointer width abstraction.
scheduling
Pass-pipeline scheduling engine — orchestrates SsaPass execution across methods with capability-based layering, fixpoint iteration, and parallel dispatch.
target
Target trait — the abstraction that lets the SSA IR core be generic over the source instruction set.
testing
Test fixtures for target-agnostic examples and downstream host tests.
world
World<T> — a minimal interprocedural view of the program-under-analysis.

Structs§

Error
Primary error type for analyssa operations.

Enums§

PointerSize
Target pointer width for 8, 16, 32, 64, and 128-bit architectures.

Type Aliases§

GraphError
Graph-operation error alias.
Result
Convenience alias for results from analyssa APIs.