Skip to main content

analyssa/scheduling/
capability.rs

1//! Shared deobfuscation capability vocabulary used for pass ordering.
2//!
3//! Hosts that run the pass scheduler embed [`DeobfuscationCapability`] in
4//! their concrete `T::Capability` enum. Generic analyssa passes declare
5//! [`provides`](crate::scheduling::SsaPass::provides) and
6//! [`requires`](crate::scheduling::SsaPass::requires) using these variants;
7//! the host's `From<DeobfuscationCapability>` impl bridges into its own
8//! capability enum so target-specific tags can sit alongside the shared
9//! vocabulary.
10//!
11//! These milestones describe the *outcome* of a pass, not its mechanism —
12//! "static fields have been resolved to concrete constants" applies just
13//! as well to a CIL field-decryption pass as to a VB6 GoSub-table resolver.
14
15/// Capability milestone produced or consumed by a deobfuscation pass.
16///
17/// The scheduler uses these to compute pass-execution order: if pass A
18/// provides a capability and pass B requires it, B is scheduled in a
19/// later layer than A.
20#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
21pub enum DeobfuscationCapability {
22    /// Static field values have been resolved to concrete constants.
23    ///
24    /// Provided by passes that analyze static initializers or field
25    /// decryptors. Required by passes that need constant values for
26    /// further simplification.
27    ResolvedStaticFields,
28    /// Encrypted strings have been decrypted to their plaintext values.
29    ///
30    /// Provided by string decryption passes. Required by passes that
31    /// analyze string content (e.g., proxy call resolution).
32    DecryptedStrings,
33    /// Control flow flattening has been reversed to normal structured
34    /// control flow.
35    ///
36    /// Provided by CFG unflattening passes. Required by passes that
37    /// assume natural loop structure.
38    RestoredControlFlow,
39    /// Opaque predicates have been simplified or removed.
40    ///
41    /// Provided by [`OpaquePredicatePass`](crate::passes::OpaquePredicatePass).
42    /// Required by passes that need unobscured branch targets.
43    SimplifiedPredicates,
44    /// Proxy or virtual calls have been devirtualized to direct calls.
45    ///
46    /// Provided by devirtualization passes. Required by passes that
47    /// need accurate call graphs (e.g., inlining, dead method detection).
48    DevirtualizedCalls,
49    /// Small or pure methods have been inlined at their call sites.
50    ///
51    /// Provided by inlining passes. Required by passes that benefit
52    /// from a flattened call graph.
53    InlinedMethods,
54}