metasm 1.0.0 → 1.0.5

data/{lib/metasm → metasm}/gui/x11.rb

@@ -9,31 +9,31 @@ module Metasm
 module Gui
 class XGui < DynLdr
 	new_api_c <<EOS, 'libX11.so'
-#define KeyPressMask                    (1L<<0)  
-#define KeyReleaseMask                  (1L<<1)  
-#define ButtonPressMask                 (1L<<2)  
-#define ButtonReleaseMask               (1L<<3)  
-#define EnterWindowMask                 (1L<<4)  
-#define LeaveWindowMask                 (1L<<5)  
-#define PointerMotionMask               (1L<<6)  
-#define PointerMotionHintMask           (1L<<7)  
-#define Button1MotionMask               (1L<<8)  
-#define Button2MotionMask               (1L<<9)  
-#define Button3MotionMask               (1L<<10) 
-#define Button4MotionMask               (1L<<11) 
-#define Button5MotionMask               (1L<<12) 
-#define ButtonMotionMask                (1L<<13) 
+#define KeyPressMask                    (1L<<0)
+#define KeyReleaseMask                  (1L<<1)
+#define ButtonPressMask                 (1L<<2)
+#define ButtonReleaseMask               (1L<<3)
+#define EnterWindowMask                 (1L<<4)
+#define LeaveWindowMask                 (1L<<5)
+#define PointerMotionMask               (1L<<6)
+#define PointerMotionHintMask           (1L<<7)
+#define Button1MotionMask               (1L<<8)
+#define Button2MotionMask               (1L<<9)
+#define Button3MotionMask               (1L<<10)
+#define Button4MotionMask               (1L<<11)
+#define Button5MotionMask               (1L<<12)
+#define ButtonMotionMask                (1L<<13)
 #define KeymapStateMask                 (1L<<14)
-#define ExposureMask                    (1L<<15) 
-#define VisibilityChangeMask            (1L<<16) 
-#define StructureNotifyMask             (1L<<17) 
-#define ResizeRedirectMask              (1L<<18) 
-#define SubstructureNotifyMask          (1L<<19) 
-#define SubstructureRedirectMask        (1L<<20) 
-#define FocusChangeMask                 (1L<<21) 
-#define PropertyChangeMask              (1L<<22) 
-#define ColormapChangeMask              (1L<<23) 
-#define OwnerGrabButtonMask             (1L<<24) 
+#define ExposureMask                    (1L<<15)
+#define VisibilityChangeMask            (1L<<16)
+#define StructureNotifyMask             (1L<<17)
+#define ResizeRedirectMask              (1L<<18)
+#define SubstructureNotifyMask          (1L<<19)
+#define SubstructureRedirectMask        (1L<<20)
+#define FocusChangeMask                 (1L<<21)
+#define PropertyChangeMask              (1L<<22)
+#define ColormapChangeMask              (1L<<23)
+#define OwnerGrabButtonMask             (1L<<24)
 
 #define KeyPress                2
 #define KeyRelease              3
@@ -84,7 +84,7 @@ typedef struct _XGC *GC;
 typedef XID Pixmap;
 typedef XID Window;
 
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -92,7 +92,7 @@ struct {
 	Display *display;
 	Window window;
 } XAnyEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -110,7 +110,7 @@ struct {
 	unsigned int button;
 	int same_screen;
 } XButtonEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -120,7 +120,7 @@ struct {
 	Window window;
 	int place;
 } XCirculateEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -130,7 +130,7 @@ struct {
 	Window window;
 	int place;
 } XCirculateRequestEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -146,7 +146,7 @@ struct {
 		long l[5];
 	} data;
 } XClientMessageEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -157,7 +157,7 @@ struct {
 	int new;
 	int state;
 } XColormapEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -173,7 +173,7 @@ struct {
 	Window above;
 	int override_redirect;
 } XConfigureEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -190,7 +190,7 @@ struct {
 	int detail;
 	unsigned long value_mask;
 } XConfigureRequestEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -205,7 +205,7 @@ struct {
 	int border_width;
 	int override_redirect;
 } XCreateWindowEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -225,7 +225,7 @@ struct {
 	int focus;
 	unsigned int state;
 } XCrossingEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -234,7 +234,7 @@ struct {
 	Window event;
 	Window window;
 } XDestroyWindowEvent;
-typedef 
+typedef
 struct {
 	int type;
 	Display *display;
@@ -244,7 +244,7 @@ struct {
 	unsigned char request_code;
 	unsigned char minor_code;
 } XErrorEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -257,7 +257,7 @@ struct {
 	int height;
 	int count;
 } XExposeEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -267,7 +267,7 @@ struct {
 	int mode;
 	int detail;
 } XFocusChangeEvent;
-typedef 
+typedef
 struct {
 	int function;
 	unsigned long plane_mask;
@@ -293,7 +293,7 @@ struct {
 	int dash_offset;
 	char dashes;
 } XGCValues;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -302,7 +302,7 @@ struct {
 	int extension;
 	int evtype;
 } XGenericEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -313,7 +313,7 @@ struct {
 	unsigned int cookie;
 	void *data;
 } XGenericEventCookie;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -328,7 +328,7 @@ struct {
 	int major_code;
 	int minor_code;
 } XGraphicsExposeEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -339,7 +339,7 @@ struct {
 	int x;
 	int y;
 } XGravityEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -357,7 +357,7 @@ struct {
 	unsigned int keycode;
 	int same_screen;
 } XKeyEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -366,7 +366,7 @@ struct {
 	Window window;
 	char key_vector[32];
 } XKeymapEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -376,7 +376,7 @@ struct {
 	Window window;
 	int override_redirect;
 } XMapEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -385,7 +385,7 @@ struct {
 	Window parent;
 	Window window;
 } XMapRequestEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -396,7 +396,7 @@ struct {
 	int first_keycode;
 	int count;
 } XMappingEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -414,7 +414,7 @@ struct {
 	char is_hint;
 	int same_screen;
 } XMotionEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -424,7 +424,7 @@ struct {
 	int major_code;
 	int minor_code;
 } XNoExposeEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -435,7 +435,7 @@ struct {
 	Time time;
 	int state;
 } XPropertyEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -448,7 +448,7 @@ struct {
 	int y;
 	int override_redirect;
 } XReparentEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -458,7 +458,7 @@ struct {
 	int width;
 	int height;
 } XResizeRequestEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -468,7 +468,7 @@ struct {
 	Atom selection;
 	Time time;
 } XSelectionClearEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -480,7 +480,7 @@ struct {
 	Atom property;
 	Time time;
 } XSelectionEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -493,7 +493,7 @@ struct {
 	Atom property;
 	Time time;
 } XSelectionRequestEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -503,7 +503,7 @@ struct {
 	Window window;
 	int from_configure;
 } XUnmapEvent;
-typedef 
+typedef
 struct {
 	int type;
 	unsigned long serial;
@@ -579,7 +579,7 @@ EOS
 def self.test
 	d = xopendisplay(nil)
 	s = xdefaultscreen(d)
-	cmap = xdefaultcolormap(d, s)
+	#cmap = xdefaultcolormap(d, s)
 	w = xcreatesimplewindow(d, xdefaultrootwindow(d), 0, 0, 28, 28, 0, xblackpixel(d, s), xblackpixel(d, s))
 	xstorename(d, w, "lol")
 	gc = xcreategc(d, w, 0, 0)

data/{lib/metasm → metasm}/main.rb

@@ -23,7 +23,7 @@ class CPU
 	attr_accessor :valid_args, :valid_props, :fields_mask
 	attr_accessor :endianness, :size
 	attr_accessor :generate_PIC
-	
+
 	def opcode_list
 		@opcode_list ||= init_opcode_list
 	end
@@ -32,8 +32,8 @@ class CPU
 	def initialize
 		@fields_mask = {}
 		@fields_shift= {}
-		@valid_args  = []
-		@valid_props = [:setip, :saveip, :stopexec]
+		@valid_args  = {}
+		@valid_props = { :setip => true, :saveip => true, :stopexec => true }
 		@generate_PIC = true
 	end
 
@@ -81,6 +81,17 @@ class CPU
 	def shortname
 		self.class.name.sub(/.*::/, '').downcase
 	end
+
+	# some userinterface wants to hilight a word, return a regexp
+	# useful for register aliases
+	# the regexp will be enclosed in \b and should not contain captures
+	def gui_hilight_word_regexp(word)
+		Regexp.escape(word)
+	end
+
+	# returns true if the name is invalid as a label name (eg register name)
+	def check_reserved_name(name)
+	end
 end
 
 # generic CPU, with no instructions, just size/endianness
@@ -120,6 +131,15 @@ class Opcode
 	def basename
 		@name.sub(/\..*/, '')
 	end
+
+	def dup
+		o = Opcode.new(@name.dup, @bin)
+		o.bin    = @bin.dup if @bin.kind_of?(::Array)
+		o.args   = @args.dup
+		o.fields = @fields.dup
+		o.props  = @props.dup
+		o
+	end
 end
 
 # defines an attribute self.backtrace (array of filename/lineno)
@@ -287,7 +307,7 @@ class ExeFormat
 	def new_label(base = '')
 		base = base.dup.tr('^a-zA-Z0-9_', '_')
 		# use %x instead of to_s(16) for negative values
-		base = (base << '_uuid' << ('%08x' % base.object_id)).freeze if base.empty? or @unique_labels_cache[base]
+		base = (base << '_uuid' << ('%08x' % (base.object_id & 0xffff_ffff_ffff_ffff))).freeze if base.empty? or @unique_labels_cache[base]
 		@unique_labels_cache[base] = true
 		base
 	end
@@ -307,12 +327,16 @@ end
 class ExpressionType
 	def +(o) Expression[self, :+, o].reduce end
 	def -(o) Expression[self, :-, o].reduce end
+	# if the expression is constrained, this holds the mask of the maximum value
+	# (eg int16 => 0xffff)
+	attr_accessor :max_bits_mask
 end
 
 # handle immediate values, and arbitrary arithmetic/logic expression involving variables
 # boolean values are treated as in C : true is 1, false is 0
 # TODO replace #type with #size => bits + #type => [:signed/:unsigned/:any/:floating]
 # TODO handle floats
+# TODO ternary operator ?
 class Expression < ExpressionType
 	INT_SIZE = {}
 	INT_MIN = {}
@@ -341,7 +365,7 @@ class Expression < ExpressionType
 			if not op
 				raise ArgumentError, 'invalid Expression[nil]' if not l
 				return l if l.kind_of? Expression
-				if l.kind_of? ::Numeric and l < 0
+				if l.kind_of?(::Numeric) and l < 0
 					r = -l
 					op = :'-'
 				else
@@ -354,17 +378,17 @@ class Expression < ExpressionType
 			end
 			l = nil
 		else
-			l = self[*l] if l.kind_of? ::Array
+			l = self[*l] if l.kind_of?(::Array)
 		end
-		r = self[*r] if r.kind_of? ::Array
+		r = self[*r] if r.kind_of?(::Array)
 		new(op, r, l)
 	end
 
 	# checks if a given Expression/Integer is in the type range
 	# returns true if it is, false if it overflows, and nil if cannot be determined (eg unresolved variable)
 	def self.in_range?(val, type)
-		val = val.reduce if val.kind_of? self
-		return unless val.kind_of? ::Numeric
+		val = val.reduce if val.kind_of?(self)
+		return unless val.kind_of?(::Numeric)
 
 		if INT_MIN[type]
 			val == val.to_i and
@@ -374,8 +398,11 @@ class Expression < ExpressionType
 
 	# casts an unsigned value to a two-complement signed if the sign bit is set
 	def self.make_signed(val, bitlength)
-		if val.kind_of? Integer
-			val = val - (1 << bitlength) if val >> (bitlength - 1) == 1
+		case val
+		when Integer
+			val = val - (1 << bitlength) if val > 0 and val >> (bitlength - 1) == 1
+		when Expression
+			val = Expression[val, :-, [(1<<bitlength), :*, [[val, :>>, (bitlength-1)], :==, 1]]]
 		end
 		val
 	end
@@ -390,8 +417,10 @@ class Expression < ExpressionType
 	# basic constructor
 	# XXX funny args order, you should use +Expression[]+ instead
 	def initialize(op, rexpr, lexpr)
-		raise ArgumentError, "Expression: invalid arg order: #{[lexpr, op, rexpr].inspect}" if not op.kind_of? ::Symbol
-		@op, @lexpr, @rexpr = op, lexpr, rexpr
+		raise ArgumentError, "Expression: invalid arg order: #{[lexpr, op, rexpr].inspect}" if not op.kind_of?(::Symbol)
+		@op = op
+		@lexpr = lexpr
+		@rexpr = rexpr
 	end
 
 	# recursive check of equity using #==
@@ -415,20 +444,21 @@ class Expression < ExpressionType
 			return binding[self].dup
 		end
 
-		l, r = @lexpr, @rexpr
+		l = @lexpr
+		r = @rexpr
 		if l and binding[l]
-			raise "internal error - bound #{l.inspect}" if l.kind_of? ::Numeric
+			raise "internal error - bound #{l.inspect}" if l.kind_of?(::Numeric)
 			l = binding[l]
 		elsif l.kind_of? ExpressionType
 			l = l.bind(binding)
 		end
 		if r and binding[r]
-			raise "internal error - bound #{r.inspect}" if r.kind_of? ::Numeric
+			raise "internal error - bound #{r.inspect}" if r.kind_of?(::Numeric)
 			r = binding[r]
 		elsif r.kind_of? ExpressionType
 			r = r.bind(binding)
 		end
-		Expression[l, @op, r]
+		Expression.new(@op, r, l)
 	end
 
 	# bind in place (replace self.lexpr/self.rexpr with the binding value)
@@ -464,15 +494,13 @@ class Expression < ExpressionType
 	# returns a simplified copy of self
 	# can return an +Expression+ or a +Numeric+, may return self
 	# see +reduce_rec+ for simplifications description
-	# if given a block, it will temporarily overwrite the global @@reduce_lambda XXX THIS IS NOT THREADSAFE
-	def reduce(&b)
-		old_rp, @@reduce_lambda = @@reduce_lambda, b if b
-		case e = reduce_rec
+	# if given a block, will use it instead of @@reduce_lambda
+	def reduce(&cb)
+		cb ||= @@reduce_lambda
+		case e = reduce_rec(cb)
 		when Expression, Numeric; e
 		else Expression[e]
 		end
-	ensure
-		@@reduce_lambda = old_rp if b
 	end
 
 	# resolves logic operations (true || false, etc)
@@ -482,20 +510,23 @@ class Expression < ExpressionType
 	# reduces addition of 0 and unary +
 	# canonicalize additions: put variables in the lhs, descend addition tree in the rhs => (a + (b + (c + 12)))
 	# make formal reduction if finds somewhere in addition tree (a) and (-a)
-	def reduce_rec
-		l = @lexpr.kind_of?(ExpressionType) ? @lexpr.reduce_rec : @lexpr
-		r = @rexpr.kind_of?(ExpressionType) ? @rexpr.reduce_rec : @rexpr
+	def reduce_rec(cb = @@reduce_lambda)
+		l = @lexpr.kind_of?(ExpressionType) ? @lexpr.reduce_rec(cb) : @lexpr
+		r = @rexpr.kind_of?(ExpressionType) ? @rexpr.reduce_rec(cb) : @rexpr
 
-		if @@reduce_lambda
-			l = @@reduce_lambda[l] || l if not @lexpr.kind_of? Expression
-			r = @@reduce_lambda[r] || r if not @rexpr.kind_of? Expression
+		if cb
+			l = cb[l] || l if l and not @lexpr.kind_of?(Expression)
+			r = cb[r] || r if r and not @rexpr.kind_of?(Expression)
 		end
 
 		v =
-		if r.kind_of?(::Numeric) and (l == nil or l.kind_of?(::Numeric))
-			# calculate numerics
-			if [:'&&', :'||', :'>', :'<', :'>=', :'<=', :'==', :'!='].include?(@op)
-				# bool expr
+		if r.kind_of?(::Numeric) and (not l or l.kind_of?(::Numeric))
+			case @op
+			when :+; l ? l + r : r
+			when :-; l ? l - r : -r
+			when :'!'; raise 'internal error' if l ; (r == 0) ? 1 : 0
+			when :'~'; raise 'internal error' if l ; ~r
+			when :'&&', :'||', :'>', :'<', :'>=', :'<=', :'==', :'!='
 				raise 'internal error' if not l
 				case @op
 				when :'&&'; (l != 0) && (r != 0)
@@ -507,201 +538,25 @@ class Expression < ExpressionType
 				when :'=='; l == r
 				when :'!='; l != r
 				end ? 1 : 0
-			elsif not l
-				case @op
-				when :'!'; (r == 0) ? 1 : 0
-				when :+;  r
-				when :-; -r
-				when :~; ~r
-				end
 			else
-				# use ruby evaluator
 				l.send(@op, r)
 			end
-
-		elsif @op == :'&&'
-			if l == 0	# shortcircuit eval
-				0
-			elsif l == 1
-				Expression[r, :'!=', 0].reduce_rec
-			elsif r == 0
-				0	# XXX l could be a special ExprType with sideeffects ?
-			end
-		elsif @op == :'||'
-			if l.kind_of? ::Numeric and l != 0	# shortcircuit eval
-				1
-			elsif l == 0
-				Expression[r, :'!=', 0].reduce_rec
-			elsif r == 0
-				Expression[l, :'!=', 0].reduce_rec
-			end
-		elsif @op == :>> or @op == :<<
-			if l == 0; 0
-			elsif r == 0; l
-			elsif l.kind_of? Expression and l.op == @op
-				Expression[l.lexpr, @op, [l.rexpr, :+, r]].reduce_rec
-			# XXX (a >> 1) << 1  !=  a (lose low bit)
-			# XXX (a << 1) >> 1  !=  a (with real cpus, lose high bit)
-			# (a | b) << i
-			elsif r.kind_of? Integer and l.kind_of? Expression and [:&, :|, :^].include? l.op
-				Expression[[l.lexpr, @op, r], l.op, [l.rexpr, @op, r]].reduce_rec
-			end
-		elsif @op == :'!'
-			if r.kind_of? Expression and op = {:'==' => :'!=', :'!=' => :'==', :< => :>=, :> => :<=, :<= => :>, :>= => :<}[r.op]
-				Expression[r.lexpr, op, r.rexpr].reduce_rec
-			end
-		elsif @op == :==
-			if l == r; 1
-			elsif r == 0 and l.kind_of? Expression and op = {:'==' => :'!=', :'!=' => :'==', :< => :>=, :> => :<=, :<= => :>, :>= => :<}[l.op]
-				Expression[l.lexpr, op, l.rexpr].reduce_rec
-			elsif r == 1 and l.kind_of? Expression and op = {:'==' => :'!=', :'!=' => :'==', :< => :>=, :> => :<=, :<= => :>, :>= => :<}[l.op]
-				l
-			elsif r == 0 and l.kind_of? Expression and l.op == :+
-				if l.rexpr.kind_of? Expression and l.rexpr.op == :- and not l.rexpr.lexpr
-					Expression[l.lexpr, @op, l.rexpr.rexpr].reduce_rec
-				elsif l.rexpr.kind_of? ::Integer
-					Expression[l.lexpr, @op, -l.rexpr].reduce_rec
-				end
-			end
-		elsif @op == :'!='
-			if l == r; 0
-			end
-		elsif @op == :^
-			if l == :unknown or r == :unknown; :unknown
-			elsif l == 0; r
-			elsif r == 0; l
-			elsif l == r; 0
-			elsif r == 1 and l.kind_of? Expression and [:'==', :'!=', :<, :>, :<=, :>=].include? l.op
-				Expression[nil, :'!', l].reduce_rec
-			elsif l.kind_of?(::Numeric)
-				if r.kind_of? Expression and r.op == :^
-					# 1^(x^y) => x^(y^1)
-					Expression[r.lexpr, :^, [r.rexpr, :^, l]].reduce_rec
-				else
-					# 1^a => a^1
-					Expression[r, :^, l].reduce_rec
-				end
-			elsif l.kind_of? Expression and l.op == :^
-				# (a^b)^c => a^(b^c)
-				Expression[l.lexpr, :^, [l.rexpr, :^, r]].reduce_rec
-			elsif r.kind_of? Expression and r.op == :^
-				if r.rexpr == l
-					# a^(a^b) => b
-					r.lexpr
-				elsif r.lexpr == l
-					# a^(b^a) => b
-					r.rexpr
-				else
-					# a^(b^(c^(a^d)))  =>  b^(a^(c^(a^d)))
-					# XXX ugly..
-					tr = r
-					found = false
-					while not found and tr.kind_of?(Expression) and tr.op == :^
-						found = true if tr.lexpr == l or tr.rexpr == l
-						tr = tr.rexpr
-					end
-					if found
-						Expression[r.lexpr, :^, [l, :^, r.rexpr]].reduce_rec
-					end
-				end
-			elsif l.kind_of?(Expression) and l.op == :& and l.rexpr.kind_of?(::Integer) and (l.rexpr & (l.rexpr+1)) == 0
-				if r.kind_of?(::Integer) and r & l.rexpr == r
-					# (a&0xfff)^12 => (a^12)&0xfff
-					Expression[[l.lexpr, :^, r], :&, l.rexpr].reduce_rec
-				elsif r.kind_of?(Expression) and r.op == :& and r.rexpr.kind_of?(::Integer) and r.rexpr == l.rexpr
-					# (a&0xfff)^(b&0xfff) => (a^b)&0xfff
-					Expression[[l.lexpr, :^, r.lexpr], :&, l.rexpr].reduce_rec
-				end
-			end
-		elsif @op == :&
-			if l == 0 or r == 0; 0
-			elsif r == 1 and l.kind_of?(Expression) and [:'==', :'!=', :<, :>, :<=, :>=].include?(l.op)
-				l
-			elsif l == r; l
-			elsif l.kind_of?(Integer); Expression[r, @op, l].reduce_rec
-			elsif l.kind_of?(Expression) and l.op == @op; Expression[l.lexpr, @op, [l.rexpr, @op, r]].reduce_rec
-			elsif l.kind_of?(Expression) and [:|, :^].include?(l.op) and r.kind_of?(Integer) and (l.op == :| or (r & (r+1)) != 0)
-				# (a ^| b) & i => (a&i ^| b&i)
-				Expression[[l.lexpr, :&, r], l.op, [l.rexpr, :&, r]].reduce_rec
-			elsif r.kind_of?(::Integer) and l.kind_of?(Expression) and (r & (r+1)) == 0
-				# foo & 0xffff
-				reduce_rec_mod2(l, r)
-			end
-		elsif @op == :|
-			if    l == 0; r
-			elsif r == 0; l
-			elsif l == -1 or r == -1; -1
-			elsif l == r; l
-			elsif l.kind_of? Integer; Expression[r, @op, l].reduce_rec
-			elsif l.kind_of? Expression and l.op == @op; Expression[l.lexpr, @op, [l.rexpr, @op, r]].reduce_rec
-			end
-		elsif @op == :*
-			if    l == 0 or r == 0; 0
-			elsif l == 1; r
-			elsif r == 1; l
-			elsif r.kind_of? Integer; Expression[r, @op, l].reduce_rec
-			elsif r.kind_of? Expression and r.op == @op; Expression[[l, @op, r.lexpr], @op, r.rexpr].reduce_rec
-			elsif l.kind_of? Integer and r.kind_of? Expression and r.op == :* and r.lexpr.kind_of? Integer; Expression[l*r.lexpr, :*, r.rexpr].reduce_rec	# XXX need & regsize..
-			elsif l.kind_of? Integer and r.kind_of? Expression and r.op == :+ and r.rexpr.kind_of? Integer; Expression[[l, :*, r.lexpr], :+, l*r.rexpr].reduce_rec
-			end
-		elsif @op == :/
-			if r == 0
-			elsif r.kind_of? Integer and l.kind_of? Expression and l.op == :+ and l.rexpr.kind_of? Integer and l.rexpr % r == 0
-				Expression[[l.lexpr, :/, r], :+, l.rexpr/r].reduce_rec
-			elsif r.kind_of? Integer and l.kind_of? Expression and l.op == :* and l.lexpr % r == 0
-				Expression[l.lexpr/r, :*, l.rexpr].reduce_rec
-			end
-		elsif @op == :-
-			if l == :unknown or r == :unknown; :unknown
-			elsif not l and r.kind_of? Expression and (r.op == :- or r.op == :+)
-				if r.op == :- # no lexpr (reduced)
-					# -(-x) => x
-					r.rexpr
-				else # :+ and lexpr (r is reduced)
-					# -(a+b) => (-a)+(-b)
-					Expression[[:-, r.lexpr], :+, [:-, r.rexpr]].reduce_rec
-				end
-			elsif l.kind_of? Expression and l.op == :+ and l.lexpr == r
-				# shortcircuit for a common occurence [citation needed]
-				# (a+b)-a
-				l.rexpr
-			elsif l
-				# a-b => a+(-b)
-				Expression[l, :+, [:-, r]].reduce_rec
-			end
-		elsif @op == :+
-			if l == :unknown or r == :unknown; :unknown
-			elsif not l; r	# +x  => x
-			elsif r == 0; l	# x+0 => x
-			elsif l.kind_of?(::Numeric)
-				if r.kind_of? Expression and r.op == :+
-					# 1+(x+y) => x+(y+1)
-					Expression[r.lexpr, :+, [r.rexpr, :+, l]].reduce_rec
-				else
-					# 1+a => a+1
-					Expression[r, :+, l].reduce_rec
-				end
-				# (a+b)+foo => a+(b+foo)
-			elsif l.kind_of? Expression and l.op == @op; Expression[l.lexpr, @op, [l.rexpr, @op, r]].reduce_rec
-			elsif l.kind_of? Expression and r.kind_of? Expression and l.op == :% and r.op == :% and l.rexpr.kind_of?(::Integer) and l.rexpr == r.rexpr
-				Expression[[l.lexpr, :+, r.lexpr], :%, l.rexpr].reduce_rec
-			else
-				reduce_rec_add(l, r)
-			end
+		elsif rp = @@reduce_op[@op]
+			rp[self, l, r, cb]
 		end
 
 		ret = case v
 		when nil
 			# no dup if no new value
 			(r == :unknown or l == :unknown) ? :unknown :
-			((r == @rexpr and l == @lexpr) ? self : Expression[l, @op, r])
+			((r == @rexpr and l == @lexpr) ? self : Expression.new(@op, r, l))
 		when Expression
 			(v.lexpr == :unknown or v.rexpr == :unknown) ? :unknown : v
 		else v
 		end
-		if @@reduce_lambda and ret.kind_of? ExpressionType and newret = @@reduce_lambda[ret] and newret != ret
-			if newret.kind_of? ExpressionType
-				ret = newret.reduce_rec
+		if cb and ret.kind_of?(ExpressionType) and newret = cb[ret] and newret != ret
+			if newret.kind_of?(ExpressionType)
+				ret = newret.reduce_rec(cb)
 			else
 				ret = newret
 			end
@@ -709,71 +564,267 @@ class Expression < ExpressionType
 		ret
 	end
 
+	@@reduce_op = {
+		:+    => lambda { |e, l, r, cb| e.reduce_op_plus(l, r, cb) },
+		:-    => lambda { |e, l, r, cb| e.reduce_op_minus(l, r, cb) },
+		:'&&' => lambda { |e, l, r, cb| e.reduce_op_andand(l, r, cb) },
+		:'||' => lambda { |e, l, r, cb| e.reduce_op_oror(l, r, cb) },
+		:>>   => lambda { |e, l, r, cb| e.reduce_op_shr(l, r, cb) },
+		:<<   => lambda { |e, l, r, cb| e.reduce_op_shl(l, r, cb) },
+		:'!'  => lambda { |e, l, r, cb| e.reduce_op_not(l, r, cb) },
+		:==   => lambda { |e, l, r, cb| e.reduce_op_eql(l, r, cb) },
+		:'!=' => lambda { |e, l, r, cb| e.reduce_op_neq(l, r, cb) },
+		:^    => lambda { |e, l, r, cb| e.reduce_op_xor(l, r, cb) },
+		:&    => lambda { |e, l, r, cb| e.reduce_op_and(l, r, cb) },
+		:|    => lambda { |e, l, r, cb| e.reduce_op_or(l, r, cb) },
+		:*    => lambda { |e, l, r, cb| e.reduce_op_times(l, r, cb) },
+		:/    => lambda { |e, l, r, cb| e.reduce_op_div(l, r, cb) },
+		:%    => lambda { |e, l, r, cb| e.reduce_op_mod(l, r, cb) },
+	}
+
+
+	def self.reduce_op
+		@@reduce_op
+	end
 
-	# a+(b+(c+(-a))) => b+c+0
-	# a+((-a)+(b+c)) => 0+b+c
-	def reduce_rec_add(l, r)
-		if l.kind_of? Expression and l.op == :- and not l.lexpr
-			neg_l = l.rexpr
+	def reduce_op_plus(l, r, cb)
+		if not l; r	# +x  => x
+		elsif r == 0; l	# x+0 => x
+		elsif l == :unknown or r == :unknown; :unknown
+		elsif l.kind_of?(::Numeric)
+			if r.kind_of? Expression and r.op == :+
+				# 1+(x+y) => x+(y+1)
+				Expression[r.lexpr, :+, [r.rexpr, :+, l]].reduce_rec(cb)
+			else
+				# 1+a => a+1
+				Expression[r, :+, l].reduce_rec(cb)
+			end
+			# (a+b)+foo => a+(b+foo)
+		elsif l.kind_of? Expression and l.op == :+; Expression[l.lexpr, :+, [l.rexpr, :+, r]].reduce_rec(cb)
+		elsif l.kind_of? Expression and r.kind_of? Expression and l.op == :% and r.op == :% and l.rexpr.kind_of?(::Integer) and l.rexpr == r.rexpr
+			Expression[[l.lexpr, :+, r.lexpr], :%, l.rexpr].reduce_rec(cb)
+		elsif l.kind_of? Expression and l.op == :- and not l.lexpr
+			reduce_rec_add_rec(r, l.rexpr, cb)
+		elsif l.kind_of? Expression and r.kind_of? Expression and l.op == :& and r.op == :& and l.rexpr.kind_of?(::Integer) and r.rexpr.kind_of?(::Integer) and l.rexpr & r.rexpr == 0
+			# (a&0xf0)+(b&0x0f) => (a&0xf0)|(b&0x0f)
+			Expression[l, :|, r].reduce_rec(cb)
 		else
-			neg_l = Expression[:-, l]
+			reduce_rec_add_rec(r, Expression.new(:-, l, nil), cb)
+		end
+	end
+
+	def reduce_rec_add_rec(cur, neg_l, cb)
+		if neg_l == cur
+			# -l found
+			0
+		elsif cur.kind_of?(Expression) and cur.op == :+
+			# recurse
+			if newl = reduce_rec_add_rec(cur.lexpr, neg_l, cb)
+				Expression[newl, cur.op, cur.rexpr].reduce_rec(cb)
+			elsif newr = reduce_rec_add_rec(cur.rexpr, neg_l, cb)
+				Expression[cur.lexpr, cur.op, newr].reduce_rec(cb)
+			end
+		end
+	end
+
+	def reduce_op_minus(l, r, cb)
+		if l == :unknown or r == :unknown; :unknown
+		elsif not l and r.kind_of? Expression and (r.op == :- or r.op == :+)
+			if r.op == :- # no lexpr (reduced)
+				# -(-x) => x
+				r.rexpr
+			else # :+ and lexpr (r is reduced)
+				# -(a+b) => (-a)+(-b)
+				Expression.new(:+, Expression.new(:-, r.rexpr, nil), Expression.new(:-, r.lexpr, nil)).reduce_rec(cb)
+			end
+		elsif l.kind_of? Expression and l.op == :+ and l.lexpr == r
+			# shortcircuit for a common occurence [citation needed]
+			# (a+b)-a
+			l.rexpr
+		elsif l
+			# a-b => a+(-b)
+			Expression[l, :+, [:-, r]].reduce_rec(cb)
+		end
+	end
+
+	def reduce_op_andand(l, r, cb)
+		if l == 0	# shortcircuit eval
+			0
+		elsif l == 1
+			Expression[r, :'!=', 0].reduce_rec(cb)
+		elsif r == 0
+			0	# XXX l could be a special ExprType with sideeffects ?
 		end
+	end
+
+	def reduce_op_oror(l, r, cb)
+		if l.kind_of?(::Numeric) and l != 0	# shortcircuit eval
+			1
+		elsif l == 0
+			Expression[r, :'!=', 0].reduce_rec(cb)
+		elsif r == 0
+			Expression[l, :'!=', 0].reduce_rec(cb)
+		end
+	end
+
+	def reduce_op_shr(l, r, cb)
+		if l == 0; 0
+		elsif r == 0; l
+		elsif l.kind_of? Expression and l.op == :>>
+			Expression[l.lexpr, :>>, [l.rexpr, :+, r]].reduce_rec(cb)
+		elsif r.kind_of? Integer and l.kind_of? Expression and [:&, :|, :^].include? l.op
+			# (a | b) << i => (a<<i | b<<i)
+			Expression[[l.lexpr, :>>, r], l.op, [l.rexpr, :>>, r]].reduce_rec(cb)
+		end
+	end
 
-		# recursive search & replace -lexpr by 0
-		simplifier = lambda { |cur|
-			if neg_l == cur
-				# -l found
-				0
-			elsif cur.kind_of? Expression and cur.op == :+
-				# recurse
-				if newl = simplifier[cur.lexpr]
-					Expression[newl, cur.op, cur.rexpr].reduce_rec
-				elsif newr = simplifier[cur.rexpr]
-					Expression[cur.lexpr, cur.op, newr].reduce_rec
+	def reduce_op_shl(l, r, cb)
+		if l == 0; 0
+		elsif r == 0; l
+		elsif l.kind_of? Expression and l.op == :<<
+			Expression[l.lexpr, :<<, [l.rexpr, :+, r]].reduce_rec(cb)
+		elsif l.kind_of? Expression and l.op == :>> and r.kind_of? Integer and l.rexpr.kind_of? Integer
+			# (a >> 1) << 1  ==  a & 0xfffffe
+			if r == l.rexpr
+				Expression[l.lexpr, :&, (-1 << r)].reduce_rec(cb)
+			elsif r > l.rexpr
+				Expression[[l.lexpr, :<<, r-l.rexpr], :&, (-1 << r)].reduce_rec(cb)
+			else
+				Expression[[l.lexpr, :>>, l.rexpr-r], :&, (-1 << r)].reduce_rec(cb)
+			end
+		elsif r.kind_of?(::Integer) and l.kind_of?(Expression) and [:&, :|, :^].include?(l.op)
+			# (a | b) << i => (a<<i | b<<i)
+			Expression[[l.lexpr, :<<, r], l.op, [l.rexpr, :<<, r]].reduce_rec(cb)
+		end
+	end
+
+	NEG_OP = {:'==' => :'!=', :'!=' => :'==', :< => :>=, :> => :<=, :<= => :>, :>= => :<}
+
+	def reduce_op_not(l, r, cb)
+		if r.kind_of? Expression and nop = NEG_OP[r.op]
+			Expression[r.lexpr, nop, r.rexpr].reduce_rec(cb)
+		end
+	end
+
+	def reduce_op_eql(l, r, cb)
+		if l == r; 1
+		elsif r == 0 and l.kind_of? Expression and nop = NEG_OP[l.op]
+			Expression[l.lexpr, nop, l.rexpr].reduce_rec(cb)
+		elsif r == 1 and l.kind_of? Expression and NEG_OP[l.op]
+			l
+		elsif r == 0 and l.kind_of? Expression and l.op == :+
+			if l.rexpr.kind_of? Expression and l.rexpr.op == :- and not l.rexpr.lexpr
+				Expression[l.lexpr, :==, l.rexpr.rexpr].reduce_rec(cb)
+			elsif l.rexpr.kind_of?(::Integer)
+				Expression[l.lexpr, :==, -l.rexpr].reduce_rec(cb)
+			end
+		end
+	end
+
+	def reduce_op_neq(l, r, cb)
+		if l == r; 0
+		end
+	end
+
+	def reduce_op_xor(l, r, cb)
+		if l == :unknown or r == :unknown; :unknown
+		elsif l == 0; r
+		elsif r == 0; l
+		elsif l == r; 0
+		elsif r == 1 and l.kind_of? Expression and NEG_OP[l.op]
+			Expression[nil, :'!', l].reduce_rec(cb)
+		elsif l.kind_of?(::Numeric)
+			if r.kind_of? Expression and r.op == :^
+				# 1^(x^y) => x^(y^1)
+				Expression[r.lexpr, :^, [r.rexpr, :^, l]].reduce_rec(cb)
+			else
+				# 1^a => a^1
+				Expression[r, :^, l].reduce_rec(cb)
+			end
+		elsif l.kind_of? Expression and l.op == :^
+			# (a^b)^c => a^(b^c)
+			Expression[l.lexpr, :^, [l.rexpr, :^, r]].reduce_rec(cb)
+		elsif r.kind_of? Expression and r.op == :^
+			if r.rexpr == l
+				# a^(a^b) => b
+				r.lexpr
+			elsif r.lexpr == l
+				# a^(b^a) => b
+				r.rexpr
+			else
+				# a^(b^(c^(a^d)))  =>  b^(a^(c^(a^d)))
+				# XXX ugly..
+				tr = r
+				found = false
+				while not found and tr.kind_of?(Expression) and tr.op == :^
+					found = true if tr.lexpr == l or tr.rexpr == l
+					tr = tr.rexpr
+				end
+				if found
+					Expression[r.lexpr, :^, [l, :^, r.rexpr]].reduce_rec(cb)
 				end
 			end
-		}
+		elsif l.kind_of?(Expression) and l.op == :& and l.rexpr.kind_of?(::Integer) and (l.rexpr & (l.rexpr+1)) == 0
+			if r.kind_of?(::Integer) and r & l.rexpr == r
+				# (a&0xfff)^12 => (a^12)&0xfff
+				Expression[[l.lexpr, :^, r], :&, l.rexpr].reduce_rec(cb)
+			elsif r.kind_of?(Expression) and r.op == :& and r.rexpr.kind_of?(::Integer) and r.rexpr == l.rexpr
+				# (a&0xfff)^(b&0xfff) => (a^b)&0xfff
+				Expression[[l.lexpr, :^, r.lexpr], :&, l.rexpr].reduce_rec(cb)
+			end
+		end
+	end
 
-		simplifier[r]
-	end
-
-	# expr & 0xffff
-	def reduce_rec_mod2(e, mask)
-		case e.op
-		when :+, :^
-			if e.lexpr.kind_of?(Expression) and e.lexpr.op == :& and
-			   e.lexpr.rexpr.kind_of?(::Integer) and e.lexpr.rexpr & mask == mask
-				# ((a&m) + b) & m  =>  (a+b) & m
-				Expression[[e.lexpr.lexpr, e.op, e.rexpr], :&, mask].reduce_rec
-			elsif e.rexpr.kind_of?(Expression) and e.rexpr.op == :& and
-			      e.rexpr.rexpr.kind_of?(::Integer) and e.rexpr.rexpr & mask == mask
-				# (a + (b&m)) & m  =>  (a+b) & m
-				Expression[[e.lexpr, e.op, e.rexpr.lexpr], :&, mask].reduce_rec
+	def reduce_op_and(l, r, cb)
+		if l == 0 or r == 0; 0
+		elsif r == 1 and l.kind_of?(Expression) and [:'==', :'!=', :<, :>, :<=, :>=].include?(l.op)
+			l
+		elsif l == r; l
+		elsif l.kind_of?(Integer); Expression[r, :&, l].reduce_rec(cb)
+		elsif l.kind_of?(Expression) and l.op == :&; Expression[l.lexpr, :&, [l.rexpr, :&, r]].reduce_rec(cb)
+		elsif l.kind_of?(Expression) and [:|, :^].include?(l.op) and r.kind_of?(Integer) and (l.op == :| or (r & (r+1)) != 0)
+			# (a ^| b) & i => (a&i ^| b&i)
+			Expression[[l.lexpr, :&, r], l.op, [l.rexpr, :&, r]].reduce_rec(cb)
+		elsif r.kind_of?(::Integer) and l.kind_of?(ExpressionType) and r == l.max_bits_mask
+			l
+		elsif r.kind_of?(::Integer) and l.kind_of?(Expression) and (r & (r+1)) == 0
+			# foo & 0xffff
+			case l.op
+			when :+, :^
+				if l.lexpr.kind_of?(Expression) and l.lexpr.op == :& and
+					l.lexpr.rexpr.kind_of?(::Integer) and l.lexpr.rexpr & r == r
+					# ((a&m) + b) & m  =>  (a+b) & m
+					Expression[[l.lexpr.lexpr, l.op, l.rexpr], :&, r].reduce_rec(cb)
+				elsif l.rexpr.kind_of?(Expression) and l.rexpr.op == :& and
+					l.rexpr.rexpr.kind_of?(::Integer) and l.rexpr.rexpr & r == r
+					# (a + (b&m)) & m  =>  (a+b) & m
+					Expression[[l.lexpr, l.op, l.rexpr.lexpr], :&, r].reduce_rec(cb)
+				else
+					Expression[l, :&, r]
+				end
+			when :|
+				# rol/ror composition
+				reduce_rec_composerol(l, r, cb)
 			else
-				Expression[e, :&, mask]
+				Expression[l, :&, r]
 			end
-		when :|
-			# rol/ror composition
-			reduce_rec_composerol e, mask
-		else
-			Expression[e, :&, mask]
 		end
 	end
 
 	# a check to see if an Expr is the composition of two rotations (rol eax, 4 ; rol eax, 6 => rol eax, 10)
 	# this is a bit too ugly to stay in the main reduce_rec body.
-	def reduce_rec_composerol(e, mask)
+	def reduce_rec_composerol(e, mask, cb)
 		m = Expression[['var', :sh_op, 'amt'], :|, ['var', :inv_sh_op, 'inv_amt']]
 		if vars = e.match(m, 'var', :sh_op, 'amt', :inv_sh_op, 'inv_amt') and vars[:sh_op] == {:>> => :<<, :<< => :>>}[vars[:inv_sh_op]] and
 		   ((vars['amt'].kind_of?(::Integer) and  vars['inv_amt'].kind_of?(::Integer) and ampl = vars['amt'] + vars['inv_amt']) or
-		    (vars['amt'].kind_of? Expression and vars['amt'].op == :% and vars['amt'].rexpr.kind_of? ::Integer and
+		    (vars['amt'].kind_of? Expression and vars['amt'].op == :% and vars['amt'].rexpr.kind_of?(::Integer) and
 		     vars['inv_amt'].kind_of? Expression and vars['inv_amt'].op == :% and vars['amt'].rexpr == vars['inv_amt'].rexpr and ampl = vars['amt'].rexpr)) and
 		   mask == (1<<ampl)-1 and vars['var'].kind_of? Expression and	# it's a rotation
 
 		   vars['var'].op == :& and vars['var'].rexpr == mask and
 		  ivars = vars['var'].lexpr.match(m, 'var', :sh_op, 'amt', :inv_sh_op, 'inv_amt') and ivars[:sh_op] == {:>> => :<<, :<< => :>>}[ivars[:inv_sh_op]] and
 		   ((ivars['amt'].kind_of?(::Integer) and  ivars['inv_amt'].kind_of?(::Integer) and ampl = ivars['amt'] + ivars['inv_amt']) or
-		    (ivars['amt'].kind_of? Expression and ivars['amt'].op == :% and ivars['amt'].rexpr.kind_of? ::Integer and
+		    (ivars['amt'].kind_of? Expression and ivars['amt'].op == :% and ivars['amt'].rexpr.kind_of?(::Integer) and
 		     ivars['inv_amt'].kind_of? Expression and ivars['inv_amt'].op == :% and ivars['amt'].rexpr == ivars['inv_amt'].rexpr and ampl = ivars['amt'].rexpr))
 			if ivars[:sh_op] != vars[:sh_op]
 				# ensure the rotations are the same orientation
@@ -782,12 +833,54 @@ class Expression < ExpressionType
 			end
 			amt = Expression[[vars['amt'], :+, ivars['amt']], :%, ampl]
 			invamt = Expression[[vars['inv_amt'], :+, ivars['inv_amt']], :%, ampl]
-			Expression[[[[ivars['var'], :&, mask], vars[:sh_op], amt], :|, [[ivars['var'], :&, mask], vars[:inv_sh_op], invamt]], :&, mask].reduce_rec
+			Expression[[[[ivars['var'], :&, mask], vars[:sh_op], amt], :|, [[ivars['var'], :&, mask], vars[:inv_sh_op], invamt]], :&, mask].reduce_rec(cb)
 		else
 			Expression[e, :&, mask]
 		end
 	end
 
+	def reduce_op_or(l, r, cb)
+		if    l == 0; r
+		elsif r == 0; l
+		elsif l == -1 or r == -1; -1
+		elsif l == r; l
+		elsif l.kind_of? Integer; Expression[r, :|, l].reduce_rec(cb)
+		elsif l.kind_of? Expression and l.op == :|
+			# (a|b)|c => a|(b|c)
+			Expression[l.lexpr, :|, [l.rexpr, :|, r]].reduce_rec(cb)
+		elsif l.kind_of? Expression and l.op == :& and r.kind_of? Expression and r.op == :& and l.lexpr == r.lexpr
+			# (a&b)|(a&c) => a&(b|c)
+			Expression[l.lexpr, :&, [l.rexpr, :|, r.rexpr]].reduce_rec(cb)
+		end
+	end
+
+	def reduce_op_times(l, r, cb)
+		if    l == 0 or r == 0; 0
+		elsif l == 1; r
+		elsif r == 1; l
+		elsif r.kind_of? Integer; Expression[r, :*, l].reduce_rec(cb)
+		elsif r.kind_of? Expression and r.op == :*; Expression[[l, :*, r.lexpr], :*, r.rexpr].reduce_rec(cb)
+		elsif l.kind_of? Integer and r.kind_of? Expression and r.op == :* and r.lexpr.kind_of? Integer; Expression[l*r.lexpr, :*, r.rexpr].reduce_rec(cb)	# XXX need & regsize..
+		elsif l.kind_of? Integer and r.kind_of? Expression and r.op == :+ and r.rexpr.kind_of? Integer; Expression[[l, :*, r.lexpr], :+, l*r.rexpr].reduce_rec(cb)
+		end
+	end
+
+	def reduce_op_div(l, r, cb)
+		if r == 0
+		elsif r.kind_of? Integer and l.kind_of? Expression and l.op == :+ and l.rexpr.kind_of? Integer and l.rexpr % r == 0
+			Expression[[l.lexpr, :/, r], :+, l.rexpr/r].reduce_rec(cb)
+		elsif r.kind_of? Integer and l.kind_of? Expression and l.op == :* and l.lexpr % r == 0
+			Expression[l.lexpr/r, :*, l.rexpr].reduce_rec(cb)
+		end
+	end
+
+	def reduce_op_mod(l, r, cb)
+		if r.kind_of?(Integer) and r != 0 and (r & (r-1) == 0)
+			Expression[l, :&, r-1].reduce_rec(cb)
+		end
+	end
+
+
 	# a pattern-matching method
 	# Expression[42, :+, 28].match(Expression['any', :+, 28], 'any') => {'any' => 42}
 	# Expression[42, :+, 28].match(Expression['any', :+, 'any'], 'any') => false
@@ -803,7 +896,7 @@ class Expression < ExpressionType
 			if targ and vars[targ]
 				return false if exp != vars[targ]
 			elsif targ and vars.has_key? targ
-				return false if not vars[targ] = exp
+				vars[targ] = exp
 			elsif targ.kind_of? ExpressionType
 				return false if not exp.kind_of? ExpressionType or not exp.match_rec(targ, vars)
 			else
@@ -816,24 +909,29 @@ class Expression < ExpressionType
 	# returns the array of non-numeric members of the expression
 	# if a variables appears 3 times, it will be present 3 times in the returned array
 	def externals
-		[@rexpr, @lexpr].inject([]) { |a, e|
+		a = []
+		[@rexpr, @lexpr].each { |e|
 			case e
 			when ExpressionType; a.concat e.externals
 			when nil, ::Numeric; a
 			else a << e
 			end
 		}
+		a
 	end
 
 	# returns the externals that appears in the expression, does not walk through other ExpressionType
-	def expr_externals
-		[@rexpr, @lexpr].inject([]) { |a, e|
+	def expr_externals(include_exprs=false)
+		a = []
+		[@rexpr, @lexpr].each { |e|
 			case e
-			when Expression; a.concat e.expr_externals
-			when nil, ::Numeric, ExpressionType; a
+			when Expression; a.concat e.expr_externals(include_exprs)
+			when nil, ::Numeric; a
+			when ExpressionType; include_exprs ? a << e : a
 			else a << e
 			end
 		}
+		a
 	end
 
 	def inspect
@@ -843,6 +941,26 @@ class Expression < ExpressionType
 	Unknown = self[:unknown]
 end
 
+# An Expression with a custom string representation
+# used to show #define constants, struct offsets, func local vars, etc
+class ExpressionString < ExpressionType
+	attr_accessor :expr, :str, :type, :hide_str
+	def reduce(&b); expr.reduce(&b); end
+	def reduce_rec(cb=@@reduce_lambda); expr.reduce_rec(cb); end
+	def bind(*a); expr.bind(*a); end
+	def externals; expr.externals; end
+	def expr_externals; expr.expr_externals; end
+	def match_rec(*a); expr.match_rec(*a); end
+	def max_bits_mask; expr.max_bits_mask; end
+	def initialize(expr, str, type=nil)
+		@expr = Expression[expr]
+		@str = str
+		@type = type
+	end
+	def render_str ; [str] ; end
+	def inspect ; "ExpressionString.new(#{@expr.inspect}, #{str.inspect}, #{type.inspect})" ; end
+end
+
 # an EncodedData relocation, specifies a value to patch in
 class Relocation
 	# the relocation value (an Expression)
@@ -855,7 +973,7 @@ class Relocation
 	include Backtrace
 
 	def initialize(target, type, endianness, backtrace = nil)
-		raise ArgumentError, "bad args #{[target, type, endianness].inspect}" if not target.kind_of? Expression or not type.kind_of? ::Symbol or not endianness.kind_of? ::Symbol
+		raise ArgumentError, "bad args #{[target, type, endianness].inspect}" if not target.kind_of? Expression or not type.kind_of?(::Symbol) or not endianness.kind_of?(::Symbol)
 		@target, @type, @endianness, @backtrace = target, type, endianness, backtrace
 	end
 
@@ -889,8 +1007,15 @@ class EncodedData
 	attr_reader   :ptr	# custom writer
 	def ptr=(p) @ptr = @export[p] || p end
 
+	INITIAL_DATA = ''
+	INITIAL_DATA.force_encoding('BINARY') if INITIAL_DATA.respond_to?(:force_encoding)
+
 	# opts' keys in :reloc, :export, :virtsize, defaults to empty/empty/data.length
-	def initialize(data = '', opts={})
+	def initialize(data=INITIAL_DATA.dup, opts={})
+		if data.respond_to?(:force_encoding) and data.encoding.name != 'ASCII-8BIT' and data.length > 0
+			puts "Forcing edata.data.encoding = BINARY at", caller if $DEBUG
+			data = data.dup.force_encoding('binary')
+		end
 		@data     = data
 		@reloc    = opts[:reloc]    || {}
 		@export   = opts[:export]   || {}
@@ -904,9 +1029,10 @@ class EncodedData
 		if set_inv or not @inv_export[off]
 			@inv_export[off] = label
 		end
+		label
 	end
 
-	def del_export(label, off=@ptr)
+	def del_export(label, off=@export[label])
 		@export.delete label
 		if e = @export.index(off)
 			@inv_export[off] = e
@@ -942,6 +1068,7 @@ class EncodedData
 	# if numeric, replace the raw data with the encoding of this value (+fill+s preceding data if needed) and remove the reloc
 	# if replace_target is true, the reloc target is replaced with its bound counterpart
 	def fixup_choice(binding, replace_target)
+		return if binding.empty?
 		@reloc.keys.each { |off|
 			val = @reloc[off].target.bind(binding).reduce
 			if val.kind_of? Integer
@@ -973,13 +1100,15 @@ class EncodedData
 			return {} if not key
 			base = (@export[key] == 0 ? key : Expression[key, :-, @export[key]])
 		end
-		@export.inject({}) { |binding, (n, o)| binding.update n => Expression.new(:+, o, base) }
+		binding = {}
+		@export.each { |n, o| binding.update n => Expression.new(:+, o, base) }
+		binding
 	end
 
 	# returns an array of variables that needs to be defined for a complete #fixup
 	# ie the list of externals for all relocations
-	def reloc_externals
-		@reloc.values.map { |r| r.target.externals }.flatten.uniq - @export.keys
+	def reloc_externals(interns = @export.keys)
+		@reloc.values.map { |r| r.target.externals }.flatten.uniq - interns
 	end
 
 	# returns the offset where the relocation for target t is to be applied
@@ -1007,11 +1136,11 @@ class EncodedData
 		((val + len - 1) / len).to_i * len
 	end
 
-	# concatenation of another +EncodedData+ (or nil/Fixnum/anything supporting String#<<)
-	def << other
+	# concatenation of another +EncodedData+ (or nil/Integer/anything supporting String#<<)
+	def <<(other)
 		case other
 		when nil
-		when ::Fixnum
+		when ::Integer
 			fill
 			@data = @data.to_str if not @data.kind_of? String
 			@data << other
@@ -1030,13 +1159,19 @@ class EncodedData
 				other.inv_export.each { |k, v| @inv_export[@virtsize + k] = v }
 			end
 			if @data.empty?; @data = other.data.dup
+			elsif other.empty?
 			elsif not @data.kind_of?(String); @data = @data.to_str << other.data
 			else @data << other.data
 			end
 			@virtsize += other.virtsize
 		else
 			fill
+			if other.respond_to?(:force_encoding) and other.encoding.name != 'ASCII-8BIT' and other.length > 0
+				puts "Forcing edata.data.encoding = BINARY at", caller if $DEBUG
+				other = other.dup.force_encoding('binary')
+			end
 			if @data.empty?; @data = other.dup
+			elsif other.empty?
 			elsif not @data.kind_of?(String); @data = @data.to_str << other
 			else @data << other
 			end
@@ -1047,7 +1182,7 @@ class EncodedData
 	end
 
 	# equivalent to dup << other, filters out Integers & nil
-	def + other
+	def +(other)
 		raise ArgumentError if not other or other.kind_of?(Integer)
 		dup << other
 	end
@@ -1092,7 +1227,7 @@ class EncodedData
 			val = len
 			len = nil
 		end
-		if not len and from.kind_of? ::Range
+		if not len and from.kind_of?(::Range)
 			b = from.begin
 			e = from.end
 			b = @export[b] if @export[b]
@@ -1104,14 +1239,14 @@ class EncodedData
 			from = b
 		end
 		from = @export[from] || from
-		raise "invalid offset #{from}" if not from.kind_of? ::Integer
+		raise "invalid offset #{from}" if not from.kind_of?(::Integer)
 		from = from + @virtsize if from < 0
 
 		if not len
-			val = val.chr if val.kind_of? ::Integer
+			val = val.chr if val.kind_of?(::Integer)
 			len = val.length
 		end
-		raise "invalid slice length #{len}" if not len.kind_of? ::Integer or len < 0
+		raise "invalid slice length #{len}" if not len.kind_of?(::Integer) or len < 0
 
 		if from >= @virtsize
 			len = 0
@@ -1170,24 +1305,24 @@ class EncodedData
 	def pattern_scan(pat, chunksz=nil, margin=nil)
 		chunksz ||= 4*1024*1024 # scan 4MB at a time
 		margin  ||= 65536        # add this much bytes at each chunk to find /pat/ over chunk boundaries
-		pat = Regexp.new(Regexp.escape(pat)) if pat.kind_of? ::String
+		pat = Regexp.new(Regexp.escape(pat)) if pat.kind_of?(::String)
 
 		found = []
 		chunkoff = 0
 		while chunkoff < @data.length
 			chunk = @data[chunkoff, chunksz+margin].to_str
 			off = 0
-			while match_off = (chunk[off..-1] =~ pat)
-				break if off+match_off >= chunksz	# match fully in margin
-				match_addr = chunkoff + off + match_off
+			while match = chunk[off..-1].match(pat)
+				off += match.pre_match.length
+				m_l = match[0].length
+				break if off >= chunksz	# match fully in margin
+				match_addr = chunkoff + off
 				found << match_addr if not block_given? or yield(match_addr)
-				off += match_off + 1
-				# XXX +1 or +lastmatch.length ?
-				# 'aaaabc'.pattern_scan(/a*bc/) will match 5 times here
+				off += m_l
 			end
 			chunkoff += chunksz
 		end
-     		found
+		found
 	end
 end
 end