ROSE  0.9.10.25
BinaryFeasiblePath.h
1 #ifndef ROSE_BinaryAnalysis_FeasiblePath_H
2 #define ROSE_BinaryAnalysis_FeasiblePath_H
3 
4 #include <BaseSemantics2.h>
5 #include <BinarySmtSolver.h>
6 #include <Partitioner2/CfgPath.h>
7 #include <Sawyer/Message.h>
8 #include <boost/filesystem/path.hpp>
9 
10 namespace Rose {
11 namespace BinaryAnalysis {
12 
16 class FeasiblePath {
18  // Types and public data members
20 public:
21  enum SearchMode { SEARCH_SINGLE_DFS, SEARCH_SINGLE_BFS, SEARCH_MULTI };
22 
24  enum SemanticMemoryParadigm {
25  LIST_BASED_MEMORY,
26  MAP_BASED_MEMORY
27  };
28 
30  enum IoMode { READ, WRITE };
31 
33  enum MayOrMust { MAY, MUST };
34 
36  struct Settings {
37  // Path feasibility
38  SearchMode searchMode;
39  Sawyer::Optional<rose_addr_t> initialStackPtr;
40  size_t vertexVisitLimit;
41  size_t maxPathLength;
42  size_t maxCallDepth;
43  size_t maxRecursionDepth;
44  std::vector<SymbolicExpr::Ptr> postConditions;
45  std::vector<rose_addr_t> summarizeFunctions;
46  bool nonAddressIsFeasible;
47  std::string solverName;
48  SemanticMemoryParadigm memoryParadigm;
50  // Null dereferences
51  struct NullDeref {
52  bool check;
53  MayOrMust mode;
54  bool constOnly;
56  NullDeref()
57  : check(false), mode(MUST), constOnly(false) {}
58  } nullDeref;
61  Settings()
62  : searchMode(SEARCH_SINGLE_DFS), vertexVisitLimit((size_t)-1), maxPathLength((size_t)-1), maxCallDepth((size_t)-1),
63  maxRecursionDepth((size_t)-1), nonAddressIsFeasible(true), solverName("best"),
64  memoryParadigm(LIST_BASED_MEMORY) {}
65  };
66 
68  static Sawyer::Message::Facility mlog;
69 
77  RegisterDescriptor REG_PATH;
78 
80  struct VarDetail {
81  std::string registerName;
82  std::string firstAccessMode;
83  SgAsmInstruction *firstAccessInsn;
84  Sawyer::Optional<size_t> firstAccessIdx;
85  SymbolicExpr::Ptr memAddress;
86  size_t memSize;
87  size_t memByteNumber;
88  Sawyer::Optional<rose_addr_t> returnFrom;
90  VarDetail(): firstAccessInsn(NULL), memSize(0), memByteNumber(0) {}
91  std::string toString() const;
92  };
93 
97  class PathProcessor {
98  public:
99  enum Action {
100  BREAK,
101  CONTINUE
102  };
103 
104  virtual ~PathProcessor() {}
105 
107  virtual Action found(const FeasiblePath &analyzer, const Partitioner2::CfgPath &path,
108  const std::vector<SymbolicExpr::Ptr> &pathConditions,
109  const InstructionSemantics2::BaseSemantics::DispatcherPtr&,
110  const SmtSolverPtr &solver) = 0;
111 
123  virtual void nullDeref(IoMode ioMode, const InstructionSemantics2::BaseSemantics::SValuePtr &addr, SgAsmInstruction*) {}
124  };
125 
129  struct FunctionSummary {
130  rose_addr_t address;
131  int64_t stackDelta;
132  std::string name;
135  FunctionSummary(): stackDelta(SgAsmInstruction::INVALID_STACK_DELTA) {}
136 
138  FunctionSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgFuncVertex, uint64_t stackDelta);
139  };
140 
142  typedef Sawyer::Container::Map<rose_addr_t, FunctionSummary> FunctionSummaries;
143 
147  class FunctionSummarizer: public Sawyer::SharedObject {
148  public:
150  typedef Sawyer::SharedPointer<FunctionSummarizer> Ptr;
151  protected:
152  FunctionSummarizer() {}
153  public:
155  virtual void init(const FeasiblePath &analysis, FunctionSummary &summary /*in,out*/,
156  const Partitioner2::Function::Ptr &function,
157  Partitioner2::ControlFlowGraph::ConstVertexIterator cfgCallTarget) = 0;
158 
163  virtual bool process(const FeasiblePath &analysis, const FunctionSummary &summary,
164  const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops) = 0;
165 
170  virtual InstructionSemantics2::SymbolicSemantics::SValuePtr
171  returnValue(const FeasiblePath &analysis, const FunctionSummary &summary,
172  const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops) = 0;
173  };
174 
176  // Private data members
178 private:
179  const Partitioner2::Partitioner *partitioner_; // binary analysis context
180  RegisterDictionary *registers_; // registers augmented with "path" pseudo-register
181  RegisterDescriptor REG_RETURN_; // FIXME[Robb P Matzke 2016-10-11]: see source
182  Settings settings_;
183  FunctionSummaries functionSummaries_;
184  Partitioner2::CfgVertexMap vmap_; // relates CFG vertices to path vertices
185  Partitioner2::ControlFlowGraph paths_; // all possible paths, feasible or otherwise
186  Partitioner2::CfgConstVertexSet pathsBeginVertices_;// vertices of paths_ where searching starts
187  Partitioner2::CfgConstVertexSet pathsEndVertices_; // vertices of paths_ where searching stops
188  Partitioner2::CfgConstEdgeSet cfgAvoidEdges_; // CFG edges to avoid
189  Partitioner2::CfgConstVertexSet cfgEndAvoidVertices_;// CFG end-of-path and other avoidance vertices
190  FunctionSummarizer::Ptr functionSummarizer_; // user-defined function for handling function summaries
191 
192 
194  // Construction, destruction
196 public:
198  FeasiblePath()
199  : registers_(NULL) {}
200 
201  virtual ~FeasiblePath() {}
202 
204  void reset() {
205  partitioner_ = NULL;
206  registers_ = NULL;
207  REG_PATH = REG_RETURN_ = RegisterDescriptor();
208  functionSummaries_.clear();
209  vmap_.clear();
210  paths_.clear();
211  pathsBeginVertices_.clear();
212  pathsEndVertices_.clear();
213  cfgAvoidEdges_.clear();
214  cfgEndAvoidVertices_.clear();
215  }
216 
218  static void initDiagnostics();
219 
220 
222  // Settings affecting behavior
224 public:
228  const Settings& settings() const { return settings_; }
229  Settings& settings() { return settings_; }
230  void settings(const Settings &s) { settings_ = s; }
234  // Overridable processing functions
237 public:
243  virtual InstructionSemantics2::BaseSemantics::DispatcherPtr
244  buildVirtualCpu(const Partitioner2::Partitioner&, PathProcessor*);
245 
252  virtual void
253  setInitialState(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
254  const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsBeginVertex);
255 
260  virtual void
261  processBasicBlock(const Partitioner2::BasicBlock::Ptr &bblock,
262  const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex);
263 
267  virtual void
268  processIndeterminateBlock(const Partitioner2::ControlFlowGraph::ConstVertexIterator &vertex,
269  const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
270  size_t pathInsnIndex);
271 
275  virtual void
276  processFunctionSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex,
277  const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
278  size_t pathInsnIndex);
279 
283  virtual void
284  processVertex(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
285  const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex,
286  size_t &pathInsnIndex /*in,out*/);
287 
289  virtual bool
290  shouldSummarizeCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex,
291  const Partitioner2::ControlFlowGraph &cfg,
292  const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget);
293 
295  virtual bool
296  shouldInline(const Partitioner2::CfgPath &path, const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget);
297 
306  FunctionSummarizer::Ptr functionSummarizer() const { return functionSummarizer_; }
307  void functionSummarizer(const FunctionSummarizer::Ptr &f) { functionSummarizer_ = f; }
310  // Utilities
313 public:
315  Partitioner2::ControlFlowGraph::ConstVertexIterator
316  pathToCfg(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex) const;
317 
319  Partitioner2::CfgConstVertexSet
320  cfgToPaths(const Partitioner2::CfgConstVertexSet&) const;
321 
323  bool pathEndsWithFunctionCall(const Partitioner2::CfgPath&) const;
324 
326  bool isFunctionCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator&) const;
327 
329  void printPathVertex(std::ostream &out, const Partitioner2::ControlFlowGraph::Vertex &pathVertex,
330  size_t &insnIdx /*in,out*/) const;
331 
335  void printPath(std::ostream &out, const Partitioner2::CfgPath&) const;
336 
342  virtual boost::tribool
343  isPathFeasible(const Partitioner2::CfgPath &path, const SmtSolverPtr&,
344  const std::vector<SymbolicExpr::Ptr> &postConditions, PathProcessor *pathProcessor,
345  std::vector<SymbolicExpr::Ptr> &pathConditions /*in,out*/,
346  InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu /*out*/);
347 
348 
350  // Functions for describing the search space
352 public:
353 
360  void
361  setSearchBoundary(const Partitioner2::Partitioner &partitioner,
362  const Partitioner2::CfgConstVertexSet &cfgBeginVertices,
363  const Partitioner2::CfgConstVertexSet &cfgEndVertices,
364  const Partitioner2::CfgConstVertexSet &cfgAvoidVertices = Partitioner2::CfgConstVertexSet(),
365  const Partitioner2::CfgConstEdgeSet &cfgAvoidEdges = Partitioner2::CfgConstEdgeSet());
366  void
367  setSearchBoundary(const Partitioner2::Partitioner &partitioner,
368  const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgBeginVertex,
369  const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgEndVertex,
370  const Partitioner2::CfgConstVertexSet &cfgAvoidVertices = Partitioner2::CfgConstVertexSet(),
371  const Partitioner2::CfgConstEdgeSet &cfgAvoidEdges = Partitioner2::CfgConstEdgeSet());
375  // Functions for searching for paths
378 public:
383  void depthFirstSearch(PathProcessor &pathProcessor);
384 
385 
387  // Functions for getting the results
389 public:
394  const Partitioner2::Partitioner& partitioner() const;
395 
399  const FunctionSummaries& functionSummaries() const {
400  return functionSummaries_;
401  }
402 
407  const FunctionSummary& functionSummary(rose_addr_t entryVa) const;
408 
410  const VarDetail& varDetail(const InstructionSemantics2::BaseSemantics::StatePtr &state, const std::string &varName) const;
411 
412 
414  // Private supporting functions
416 private:
417  static rose_addr_t virtualAddress(const Partitioner2::ControlFlowGraph::ConstVertexIterator &vertex);
418 
419  void insertCallSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsCallSite,
420  const Partitioner2::ControlFlowGraph &cfg,
421  const Partitioner2::ControlFlowGraph::ConstEdgeIterator &cfgCallEdge);
422 
423  boost::filesystem::path emitPathGraph(size_t callId, size_t graphId); // emit paths graph to "rose-debug" directory
424 };
425 
426 } // namespace
427 } // namespace
428 
429 #endif
Rose::BinaryAnalysis::FeasiblePath::VarDetail::firstAccessMode
std::string firstAccessMode
How was variable first accessed ("read" or "write").
Definition: BinaryFeasiblePath.h:82
Rose::BinaryAnalysis::FeasiblePath::Settings::summarizeFunctions
std::vector< rose_addr_t > summarizeFunctions
Functions to always summarize.
Definition: BinaryFeasiblePath.h:45
Rose::BinaryAnalysis::FeasiblePath::FunctionSummaries
Sawyer::Container::Map< rose_addr_t, FunctionSummary > FunctionSummaries
Summaries for multiple functions.
Definition: BinaryFeasiblePath.h:142
Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref::mode
MayOrMust mode
Check for addrs that may or must be null.
Definition: BinaryFeasiblePath.h:53
Rose::BinaryAnalysis::FeasiblePath::Settings::vertexVisitLimit
size_t vertexVisitLimit
Max times to visit a particular vertex in one path.
Definition: BinaryFeasiblePath.h:40
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::returnValue
virtual InstructionSemantics2::SymbolicSemantics::SValuePtr returnValue(const FeasiblePath &analysis, const FunctionSummary &summary, const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops)=0
Return value for function.
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::address
rose_addr_t address
Address of summarized function.
Definition: BinaryFeasiblePath.h:130
Rose::BinaryAnalysis::FeasiblePath::Settings::memoryParadigm
SemanticMemoryParadigm memoryParadigm
Type of memory state when there's a choice to be made.
Definition: BinaryFeasiblePath.h:48
Rose::BinaryAnalysis::FeasiblePath::printPathVertex
void printPathVertex(std::ostream &out, const Partitioner2::ControlFlowGraph::Vertex &pathVertex, size_t &insnIdx) const
Print one vertex of a path for debugging.
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary
Information stored per V_USER_DEFINED path vertex.
Definition: BinaryFeasiblePath.h:129
Rose::BinaryAnalysis::FeasiblePath::setSearchBoundary
void setSearchBoundary(const Partitioner2::Partitioner &partitioner, const Partitioner2::CfgConstVertexSet &cfgBeginVertices, const Partitioner2::CfgConstVertexSet &cfgEndVertices, const Partitioner2::CfgConstVertexSet &cfgAvoidVertices=Partitioner2::CfgConstVertexSet(), const Partitioner2::CfgConstEdgeSet &cfgAvoidEdges=Partitioner2::CfgConstEdgeSet())
Specify search boundary.
Rose::BinaryAnalysis::FeasiblePath::depthFirstSearch
void depthFirstSearch(PathProcessor &pathProcessor)
Find all feasible paths.
Rose::BinaryAnalysis::FeasiblePath::processIndeterminateBlock
virtual void processIndeterminateBlock(const Partitioner2::ControlFlowGraph::ConstVertexIterator &vertex, const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex)
Process an indeterminate block.
SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:658
Rose::BinaryAnalysis::FeasiblePath::VarDetail::returnFrom
Sawyer::Optional< rose_addr_t > returnFrom
This variable is the return value from the specified function.
Definition: BinaryFeasiblePath.h:88
Sawyer::Message::Facility
Collection of streams.
Definition: Message.h:1579
Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr
boost::shared_ptr< class RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to symbolic RISC operations.
Definition: SymbolicSemantics2.h:773
Rose::BinaryAnalysis::FeasiblePath::FeasiblePath
FeasiblePath()
Constructs a new feasible path analyzer.
Definition: BinaryFeasiblePath.h:198
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::process
virtual bool process(const FeasiblePath &analysis, const FunctionSummary &summary, const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops)=0
Invoked when the analysis traverses the summary.
Sawyer::Container::BiMap::clear
void clear()
Erase all mappings.
Definition: BiMap.h:63
Rose::BinaryAnalysis::Partitioner2::CfgConstVertexSet
std::set< ControlFlowGraph::ConstVertexIterator > CfgConstVertexSet
Set of CFG vertex pointers.
Definition: ControlFlowGraph.h:212
Rose::BinaryAnalysis::FeasiblePath::processFunctionSummary
virtual void processFunctionSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex, const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex)
Process a function summary vertex.
Rose::BinaryAnalysis::FeasiblePath::PathProcessor::nullDeref
virtual void nullDeref(IoMode ioMode, const InstructionSemantics2::BaseSemantics::SValuePtr &addr, SgAsmInstruction *)
Function invoked whenever a null pointer dereference is detected.
Definition: BinaryFeasiblePath.h:123
Rose::BinaryAnalysis::FeasiblePath::REG_PATH
RegisterDescriptor REG_PATH
Descriptor of path pseudo-registers.
Definition: BinaryFeasiblePath.h:77
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::name
std::string name
Name of summarized function.
Definition: BinaryFeasiblePath.h:132
Rose::BinaryAnalysis::FeasiblePath::VarDetail::firstAccessIdx
Sawyer::Optional< size_t > firstAccessIdx
Instruction position in path where this var was first read.
Definition: BinaryFeasiblePath.h:84
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
RegisterDescriptor
Describes (part of) a physical CPU register.
Definition: RegisterDescriptor.h:25
Rose::BinaryAnalysis::FeasiblePath::Settings::maxCallDepth
size_t maxCallDepth
Max length of path in terms of function calls.
Definition: BinaryFeasiblePath.h:42
Rose::BinaryAnalysis::FeasiblePath::Settings::nullDeref
struct Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref nullDeref
Settings for null-dereference analysis.
Rose::BinaryAnalysis::FeasiblePath::functionSummaries
const FunctionSummaries & functionSummaries() const
Function summary information.
Definition: BinaryFeasiblePath.h:399
Rose::BinaryAnalysis::FeasiblePath::cfgToPaths
Partitioner2::CfgConstVertexSet cfgToPaths(const Partitioner2::CfgConstVertexSet &) const
Convert CFG vertices to path vertices.
Rose::BinaryAnalysis::FeasiblePath::shouldInline
virtual bool shouldInline(const Partitioner2::CfgPath &path, const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget)
Determines whether a function call should be inlined.
Rose::BinaryAnalysis::FeasiblePath::settings
void settings(const Settings &s)
Property: Settings used by this analysis.
Definition: BinaryFeasiblePath.h:230
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::StatePtr
boost::shared_ptr< class State > StatePtr
Shared-ownership pointer to a semantic state.
Definition: BaseSemantics2.h:1249
Rose::BinaryAnalysis::FeasiblePath::Settings::maxPathLength
size_t maxPathLength
Limit path length in terms of number of instructions.
Definition: BinaryFeasiblePath.h:41
Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref::constOnly
bool constOnly
If true, check only constants or sets of constants.
Definition: BinaryFeasiblePath.h:54
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer
Base class for callbacks for function summaries.
Definition: BinaryFeasiblePath.h:147
Rose::BinaryAnalysis::FeasiblePath::varDetail
const VarDetail & varDetail(const InstructionSemantics2::BaseSemantics::StatePtr &state, const std::string &varName) const
Details about a variable.
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::DispatcherPtr
boost::shared_ptr< class Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
Definition: BaseSemantics2.h:2232
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::FunctionSummary
FunctionSummary()
Construct empty function summary.
Definition: BinaryFeasiblePath.h:135
Rose::BinaryAnalysis::FeasiblePath::Settings::nonAddressIsFeasible
bool nonAddressIsFeasible
Indeterminate/undiscovered vertices are feasible?
Definition: BinaryFeasiblePath.h:46
Rose::BinaryAnalysis::FeasiblePath::PathProcessor::found
virtual Action found(const FeasiblePath &analyzer, const Partitioner2::CfgPath &path, const std::vector< SymbolicExpr::Ptr > &pathConditions, const InstructionSemantics2::BaseSemantics::DispatcherPtr &, const SmtSolverPtr &solver)=0
Function invoked whenever a complete path is found.
Rose::BinaryAnalysis::FeasiblePath::Settings::maxRecursionDepth
size_t maxRecursionDepth
Max path length in terms of recursive function calls.
Definition: BinaryFeasiblePath.h:43
Rose::BinaryAnalysis::FeasiblePath::reset
void reset()
Reset to initial state without changing settings.
Definition: BinaryFeasiblePath.h:204
Rose::BinaryAnalysis::Partitioner2::CfgPath
A path through a control flow graph.
Definition: CfgPath.h:15
Rose::BinaryAnalysis::Partitioner2::CfgConstEdgeSet
std::set< ControlFlowGraph::ConstEdgeIterator > CfgConstEdgeSet
Set of CFG edge pointers.
Definition: ControlFlowGraph.h:219
Rose::BinaryAnalysis::FeasiblePath::VarDetail
Information about a variable seen on a path.
Definition: BinaryFeasiblePath.h:80
Rose::BinaryAnalysis::FeasiblePath::functionSummarizer
FunctionSummarizer::Ptr functionSummarizer() const
Property: Function summary handling.
Definition: BinaryFeasiblePath.h:306
Rose::BinaryAnalysis::FeasiblePath::shouldSummarizeCall
virtual bool shouldSummarizeCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex, const Partitioner2::ControlFlowGraph &cfg, const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget)
Determines whether a function call should be summarized instead of inlined.
Rose::BinaryAnalysis::FeasiblePath::isFunctionCall
bool isFunctionCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator &) const
True if vertex is a function call.
Rose::BinaryAnalysis::FeasiblePath::isPathFeasible
virtual boost::tribool isPathFeasible(const Partitioner2::CfgPath &path, const SmtSolverPtr &, const std::vector< SymbolicExpr::Ptr > &postConditions, PathProcessor *pathProcessor, std::vector< SymbolicExpr::Ptr > &pathConditions, InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu)
Determine whether a single path is feasible.
RegisterDictionary
Defines registers available for a particular architecture.
Definition: Registers.h:32
Rose::BinaryAnalysis::FeasiblePath::Settings::searchMode
SearchMode searchMode
Method to use when searching for feasible paths.
Definition: BinaryFeasiblePath.h:38
Sawyer::Container::Graph::clear
void clear()
Remove all vertices and edges.
Definition: Graph.h:1984
Rose::BinaryAnalysis::FeasiblePath::pathEndsWithFunctionCall
bool pathEndsWithFunctionCall(const Partitioner2::CfgPath &) const
True if path ends with a function call.
Rose::BinaryAnalysis::FeasiblePath::printPath
void printPath(std::ostream &out, const Partitioner2::CfgPath &) const
Print the path to the specified output stream.
Rose::BinaryAnalysis::FeasiblePath::settings
const Settings & settings() const
Property: Settings used by this analysis.
Definition: BinaryFeasiblePath.h:228
Rose::BinaryAnalysis::FeasiblePath::VarDetail::memByteNumber
size_t memByteNumber
Byte number for memory access.
Definition: BinaryFeasiblePath.h:87
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::stackDelta
int64_t stackDelta
Stack delta for summarized function.
Definition: BinaryFeasiblePath.h:131
Sawyer::SharedObject
Base class for reference counted objects.
Definition: SharedObject.h:22
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::Ptr
Sawyer::SharedPointer< FunctionSummarizer > Ptr
Reference counting pointer.
Definition: BinaryFeasiblePath.h:150
Rose::BinaryAnalysis::FeasiblePath::mlog
static Sawyer::Message::Facility mlog
Diagnostic output.
Definition: BinaryFeasiblePath.h:68
Rose::BinaryAnalysis::FeasiblePath::processVertex
virtual void processVertex(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex, size_t &pathInsnIndex)
Process one vertex.
Rose::BinaryAnalysis::FeasiblePath::pathToCfg
Partitioner2::ControlFlowGraph::ConstVertexIterator pathToCfg(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex) const
Convert path vertex to a CFG vertex.
Rose::BinaryAnalysis::FeasiblePath::functionSummary
const FunctionSummary & functionSummary(rose_addr_t entryVa) const
Function summary information.
Rose::BinaryAnalysis::FeasiblePath::Settings::postConditions
std::vector< SymbolicExpr::Ptr > postConditions
Additional constraints to be satisifed at the end of a path.
Definition: BinaryFeasiblePath.h:44
Rose::BinaryAnalysis::FeasiblePath::partitioner
const Partitioner2::Partitioner & partitioner() const
Property: Partitioner currently in use.
Rose::BinaryAnalysis::FeasiblePath::processBasicBlock
virtual void processBasicBlock(const Partitioner2::BasicBlock::Ptr &bblock, const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex)
Process instructions for one basic block on the specified virtual CPU.
Rose::BinaryAnalysis::FeasiblePath::VarDetail::memAddress
SymbolicExpr::Ptr memAddress
Address where variable is located.
Definition: BinaryFeasiblePath.h:85
Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:292
Rose::BinaryAnalysis::FeasiblePath::buildVirtualCpu
virtual InstructionSemantics2::BaseSemantics::DispatcherPtr buildVirtualCpu(const Partitioner2::Partitioner &, PathProcessor *)
Create the virtual CPU.
Rose::BinaryAnalysis::FeasiblePath::Settings::solverName
std::string solverName
Type of SMT solver.
Definition: BinaryFeasiblePath.h:47
Rose::BinaryAnalysis::FeasiblePath::functionSummarizer
void functionSummarizer(const FunctionSummarizer::Ptr &f)
Property: Function summary handling.
Definition: BinaryFeasiblePath.h:307
Rose::BinaryAnalysis::FeasiblePath::settings
Settings & settings()
Property: Settings used by this analysis.
Definition: BinaryFeasiblePath.h:229
Rose::BinaryAnalysis::FeasiblePath::VarDetail::memSize
size_t memSize
Size of total memory access in bytes.
Definition: BinaryFeasiblePath.h:86
Rose::BinaryAnalysis::FeasiblePath::VarDetail::firstAccessInsn
SgAsmInstruction * firstAccessInsn
Instruction address where this var was first read.
Definition: BinaryFeasiblePath.h:83
Rose::BinaryAnalysis::FeasiblePath::Settings
Settings that control this analysis.
Definition: BinaryFeasiblePath.h:36
Rose::BinaryAnalysis::FeasiblePath::initDiagnostics
static void initDiagnostics()
Initialize diagnostic output.
Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref::check
bool check
If true, look for null dereferences along the paths.
Definition: BinaryFeasiblePath.h:52
Rose::BinaryAnalysis::FeasiblePath::setInitialState
virtual void setInitialState(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsBeginVertex)
Initialize state for first vertex of path.
Rose::BinaryAnalysis::FeasiblePath::Settings::initialStackPtr
Sawyer::Optional< rose_addr_t > initialStackPtr
Concrete value to use for stack pointer register initial value.
Definition: BinaryFeasiblePath.h:39
Rose::BinaryAnalysis::FeasiblePath::SemanticMemoryParadigm
SemanticMemoryParadigm
Organization of semantic memory.
Definition: BinaryFeasiblePath.h:24
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::init
virtual void init(const FeasiblePath &analysis, FunctionSummary &summary, const Partitioner2::Function::Ptr &function, Partitioner2::ControlFlowGraph::ConstVertexIterator cfgCallTarget)=0
Invoked when a new summary is created.
Generated on Thu May 17 2018 04:04:10 for ROSE by   doxygen 1.8.10