always enforce expression complexity limit (#428)

src/cwe_checker_lib/src/analysis/expression_propagation/mod.rs

@@ -233,10 +233,20 @@ pub fn propagate_input_expressions(
                 var,
                 value: expression,
             } => {
-                // insert known input expressions
-                for (input_var, input_expr) in insertable_expressions.iter() {
-                    expression.substitute_input_var(input_var, input_expr);
+                // Extend the considered expression with already known expressions.
+                let mut extended_expression = expression.clone();
+                for input_var in expression.input_vars().into_iter() {
+                    if let Some(expr) = insertable_expressions.get(input_var) {
+                        // We limit the complexity of expressions to insert.
+                        // This prevents extremely large expressions that can lead to extremely high RAM usage.
+                        // FIXME: Right now this limit is quite arbitrary. Maybe there is a better way to achieve the same result?
+                        if expr.recursion_depth() < 10 {
+                            extended_expression.substitute_input_var(input_var, expr)
+                        }
+                    }
                 }
+                extended_expression.substitute_trivial_operations();
+                *expression = extended_expression;
                 // expressions dependent on the assigned variable are no longer insertable
                 insertable_expressions.retain(|input_var, input_expr| {
                     input_var != var && !input_expr.input_vars().into_iter().any(|x| x == var)

src/cwe_checker_lib/src/analysis/expression_propagation/tests.rs

@@ -142,11 +142,7 @@ fn inter_block_propagation() {
                 variable!("X:8"),
                 expr!("-(42:4)").un_op(UnOpType::BoolNegate),
             ),
-            Def::assign(
-                "entry_jmp_def_2",
-                variable!("Z:8"),
-                expr!("-(42:4)").un_op(UnOpType::IntNegate),
-            )
+            Def::assign("entry_jmp_def_2", variable!("Z:8"), expr!("42:4"),)
         ]
     )
 }
@@ -290,11 +286,7 @@ fn expressions_inserted() {
                 variable!("X:8"),
                 expr!("-(42:4)").un_op(UnOpType::BoolNegate),
             ),
-            Def::assign(
-                "entry_jmp_def_2",
-                variable!("Z:8"),
-                expr!("-(42:4)").un_op(UnOpType::IntNegate)
-            )
+            Def::assign("entry_jmp_def_2", variable!("Z:8"), expr!("42:4"))
         ]
     );
     assert_eq!(

src/ghidra/p_code_extractor/internal/ParseCspecContent.java

@@ -165,7 +165,7 @@ public static ResourceFile getLdefFile() {
         String languageId = program.getLanguageID().toString();
 
         if (processorDef.startsWith("AARCH64") && languageId.endsWith("AppleSilicon")) {
-            processorDef = "AppleSilicon.ldef";
+            processorDef = "AppleSilicon.ldefs";
         }
         if(processorDef.startsWith("MIPS") || processorDef.startsWith("AVR")) {
             processorDef = processorDef.toLowerCase();