pukeko is an experimental code fragment generator. Pukeko takes an assembly opcode name, and returns a code fragment that has the same function as the input opcode. The code fragments are generated using the SMT solver Z3.
- Python 3.9 (or higher)
- z3py
- docopt
Overview:
Generates an LLVM IR-like code fragment that can replace the input opcode.
Usage:
generate <opname> [-l <L>] [-a] [-f]
Options:
opname : Opcode name of target instruction (add, sub, or, and, xor)
-l <L> : Length of instruction sequence to be generated [default: 10]
-f : Output formulas
-a : (Experimental) Generate all possible instruction sequences
python generate.py add -l 5 -f
This is an example of replacing an add instruction of an LLVM IR program with a code fragment generated by pukeko.
%1 = load i32, i32* %x, align 4
%2 = load i32, i32* %x, align 4
- %3 = add i32 %1, %2
+ %3 = and i32 %1, %2
+ %4 = and i32 %3, %2
+ %5 = sub i32 %4, %3
+ %6 = and i32 %1, %5
+ %7 = and i32 %1, %6
+ %8 = or i32 %7, %6
+ %9 = sub i32 %8, %5
+ %10 = and i32 %1, %9
+ %11 = or i32 %10, %1
+ %12 = add i32 %11, %2