Effortlessly analyze program structures, functions, and call sites, and save time by quickly identifying complex variables with support for SSA variables, control flow graphs (CFGs), and more in a simple, Pythonic way. Think of it as Binary Ninja, but for source code.
Code is lifted into Sophia-IR, our lightweight, Pythonic intermediate representation inspired by GCC GIMPLE. It includes several key enhancements and provides consistent APIs across programming languages, bytecode formats, and other intermediate representations, making it easy to work with.
In Sophia-IR, everything is a FunctionModel, and instructions or steps within a FunctionModel can fall into one of the 7 OpType models:
SophiaIRNopModel: Represents a no-operation (IR) model.SophiaIRAssignModel: Represents an assignment (IR) model.SophiaIRCallModel: Represents a call (IR) model.SophiaIRCondModel: Represents a conditional (IR) model.SophiaIRReturnModel: Represents a return (IR) model.SophiaIRGotoModel: Represents a goto (IR) model.SophiaIRSwitchModel: Represents a switch (IR) model.
Search and navigate variables and their type information within FunctionModel and where they are defined or used.
for var in fn.variable_manager.search(name="argc"):
print(f"varname={var.name}")
"""
varname=argc
"""
for var in fn.variable_manager.used_or_defined_at_step(step_index):
print(f"variables_used_or_defined_at_step = {var.name}")
# output
"""
variables_used_or_defined_at_step = p
variables_used_or_defined_at_step = c
"""
Given the overloaded functions Geeks::func#1 and Geeks::func#2, which have the same number of arguments but differ in argument types, we can inspect them using the variable manager.
func1_id = "/example/src/09_function_overloading.cpp:Geeks::func#1"
func2_id = "/example/src/09_function_overloading.cpp:Geeks::func#2"
fn1 = api.get_function_by_id(func1_id)
fn2 = api.get_function_by_id(func2_id)
print("func#1 = ", fn1.variable_manager.get('x').full_declaration)
print("func#2 = ", fn2.variable_manager.get('x').full_declaration)
# output
"""
func#1 = int x
func#2 = double x
"""
Easily access the steps or instructions within a function, or print out its pseudo-code for a user-friendly view.
for step in fn.steps:
print(step.op, step.decompile())
"""
ASSIGN sum = 0;
CALL printf ( R"("Enter number of elements: ")" );
CALL *__isoc99_scanf ( R"("%d")", &n );
ASSIGN $T1 = n;
ASSIGN $T2 = $T1;
ASSIGN $T3 = $T2 * 4;
CALL ptr = malloc ( $T3 );
COND if ( ptr == 0 )
goto <bb 5>;
else
goto <bb 7>;
CALL printf ( R"("Error! memory not allocated.")" );
CALL exit ( 0 );
"""
Get a full introduction to SophiaIR in this blog post, or quickly try out our example repository on GitHub. No login required.
Supported Language
Our Philosophy
- All software/programs get broken down into some lower form (bytecode, instructions, IR) before execution.
- Mostly, these forms (bytecode, instructions, IR) are accurate representation of how the program will be executed.
- Our philosophy advocates for conducting code analysis at these lower forms (bytecode, instructions, IR) for enhanced accuracy, as opposed to the AST or source-like levels.
- Our innovative technology extracts comprehensive program information (functions, instructions, SSA variables, call sites) from these forms (bytecode, instructions, IR), maintaining all necessary details and representing them in a standardized data model.
- Our standardized data model is accessible through our Python library, offering a more intuitive interface compared to using a custom DSL language.
Consulting
- We are open to working together to create customized solutions for your specific needs to optimize your business processes, save time and increase productivity.
- Building Custom Program Analysis tools/software leveraging Eptalights Sophia platform/apis/tools.
- Building GCC Gimple Plugins.