ROSE  0.9.10.91
BinaryFeasiblePath.h
1 #ifndef ROSE_BinaryAnalysis_FeasiblePath_H
2 #define ROSE_BinaryAnalysis_FeasiblePath_H
3 
4 #include <BaseSemantics2.h>
5 #include <BinarySmtSolver.h>
6 #include <BinarySymbolicExprParser.h>
7 #include <Partitioner2/CfgPath.h>
8 #include <Sawyer/CommandLine.h>
9 #include <Sawyer/Message.h>
10 #include <boost/filesystem/path.hpp>
11 
12 namespace Rose {
13 namespace BinaryAnalysis {
14 
18 class FeasiblePath {
20  // Types and public data members
22 public:
23  enum SearchMode { SEARCH_SINGLE_DFS, SEARCH_SINGLE_BFS, SEARCH_MULTI };
24 
26  enum SemanticMemoryParadigm {
27  LIST_BASED_MEMORY,
28  MAP_BASED_MEMORY
29  };
30 
32  enum IoMode { READ, WRITE };
33 
35  enum MayOrMust { MAY, MUST };
36 
38  struct Settings {
39  // Path feasibility
40  SearchMode searchMode;
41  Sawyer::Optional<rose_addr_t> initialStackPtr;
42  size_t vertexVisitLimit;
43  size_t maxPathLength;
44  size_t maxCallDepth;
45  size_t maxRecursionDepth;
46  std::vector<SymbolicExpr::Ptr> postConditions;
47  std::vector<std::string> postConditionStrings;
48  std::vector<rose_addr_t> summarizeFunctions;
49  bool nonAddressIsFeasible;
50  std::string solverName;
51  SemanticMemoryParadigm memoryParadigm;
53  // Null dereferences
54  struct NullDeref {
55  bool check;
56  MayOrMust mode;
57  bool constOnly;
59  NullDeref()
60  : check(false), mode(MUST), constOnly(false) {}
61  } nullDeref;
64  Settings()
65  : searchMode(SEARCH_SINGLE_DFS), vertexVisitLimit((size_t)-1), maxPathLength((size_t)-1), maxCallDepth((size_t)-1),
66  maxRecursionDepth((size_t)-1), nonAddressIsFeasible(true), solverName("best"),
67  memoryParadigm(LIST_BASED_MEMORY) {}
68  };
69 
71  static Sawyer::Message::Facility mlog;
72 
80  RegisterDescriptor REG_PATH;
81 
83  struct VarDetail {
84  std::string registerName;
85  std::string firstAccessMode;
86  SgAsmInstruction *firstAccessInsn;
87  Sawyer::Optional<size_t> firstAccessIdx;
88  SymbolicExpr::Ptr memAddress;
89  size_t memSize;
90  size_t memByteNumber;
91  Sawyer::Optional<rose_addr_t> returnFrom;
93  VarDetail(): firstAccessInsn(NULL), memSize(0), memByteNumber(0) {}
94  std::string toString() const;
95  };
96 
98  typedef Sawyer::Container::Map<std::string /*name*/, FeasiblePath::VarDetail> VarDetails;
99 
103  class PathProcessor {
104  public:
105  enum Action {
106  BREAK,
107  CONTINUE
108  };
109 
110  virtual ~PathProcessor() {}
111 
113  virtual Action found(const FeasiblePath &analyzer, const Partitioner2::CfgPath &path,
114  const std::vector<SymbolicExpr::Ptr> &pathConditions,
115  const InstructionSemantics2::BaseSemantics::DispatcherPtr&,
116  const SmtSolverPtr &solver) { return CONTINUE; };
117 
129  virtual void nullDeref(IoMode ioMode, const InstructionSemantics2::BaseSemantics::SValuePtr &addr, SgAsmInstruction*) {}
130 
135  virtual void memoryIo(const FeasiblePath &analyzer, IoMode ioMode,
136  const InstructionSemantics2::BaseSemantics::SValuePtr &addr,
137  const InstructionSemantics2::BaseSemantics::SValuePtr &value,
138  const InstructionSemantics2::BaseSemantics::RiscOperatorsPtr &ops) {}
139  };
140 
144  struct FunctionSummary {
145  rose_addr_t address;
146  int64_t stackDelta;
147  std::string name;
150  FunctionSummary(): stackDelta(SgAsmInstruction::INVALID_STACK_DELTA) {}
151 
153  FunctionSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgFuncVertex, uint64_t stackDelta);
154  };
155 
157  typedef Sawyer::Container::Map<rose_addr_t, FunctionSummary> FunctionSummaries;
158 
162  class FunctionSummarizer: public Sawyer::SharedObject {
163  public:
165  typedef Sawyer::SharedPointer<FunctionSummarizer> Ptr;
166  protected:
167  FunctionSummarizer() {}
168  public:
170  virtual void init(const FeasiblePath &analysis, FunctionSummary &summary /*in,out*/,
171  const Partitioner2::Function::Ptr &function,
172  Partitioner2::ControlFlowGraph::ConstVertexIterator cfgCallTarget) = 0;
173 
178  virtual bool process(const FeasiblePath &analysis, const FunctionSummary &summary,
179  const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops) = 0;
180 
185  virtual InstructionSemantics2::SymbolicSemantics::SValuePtr
186  returnValue(const FeasiblePath &analysis, const FunctionSummary &summary,
187  const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops) = 0;
188  };
189 
191  // Private data members
193 private:
194  const Partitioner2::Partitioner *partitioner_; // binary analysis context
195  RegisterDictionary *registers_; // registers augmented with "path" pseudo-register
196  RegisterDescriptor REG_RETURN_; // FIXME[Robb P Matzke 2016-10-11]: see source
197  Settings settings_;
198  FunctionSummaries functionSummaries_;
199  Partitioner2::CfgVertexMap vmap_; // relates CFG vertices to path vertices
200  Partitioner2::ControlFlowGraph paths_; // all possible paths, feasible or otherwise
201  Partitioner2::CfgConstVertexSet pathsBeginVertices_;// vertices of paths_ where searching starts
202  Partitioner2::CfgConstVertexSet pathsEndVertices_; // vertices of paths_ where searching stops
203  Partitioner2::CfgConstEdgeSet cfgAvoidEdges_; // CFG edges to avoid
204  Partitioner2::CfgConstVertexSet cfgEndAvoidVertices_;// CFG end-of-path and other avoidance vertices
205  FunctionSummarizer::Ptr functionSummarizer_; // user-defined function for handling function summaries
206 
207 
209  // Construction, destruction
211 public:
213  FeasiblePath()
214  : registers_(NULL) {}
215 
216  virtual ~FeasiblePath() {}
217 
219  void reset() {
220  partitioner_ = NULL;
221  registers_ = NULL;
222  REG_PATH = REG_RETURN_ = RegisterDescriptor();
223  functionSummaries_.clear();
224  vmap_.clear();
225  paths_.clear();
226  pathsBeginVertices_.clear();
227  pathsEndVertices_.clear();
228  cfgAvoidEdges_.clear();
229  cfgEndAvoidVertices_.clear();
230  }
231 
233  static void initDiagnostics();
234 
235 
237  // Settings affecting behavior
239 public:
243  const Settings& settings() const { return settings_; }
244  Settings& settings() { return settings_; }
245  void settings(const Settings &s) { settings_ = s; }
252  static Sawyer::CommandLine::SwitchGroup commandLineSwitches(Settings &settings);
253 
254 
256  // Overridable processing functions
258 public:
264  virtual InstructionSemantics2::BaseSemantics::DispatcherPtr
265  buildVirtualCpu(const Partitioner2::Partitioner&, PathProcessor*);
266 
273  virtual void
274  setInitialState(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
275  const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsBeginVertex);
276 
281  virtual void
282  processBasicBlock(const Partitioner2::BasicBlock::Ptr &bblock,
283  const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex);
284 
288  virtual void
289  processIndeterminateBlock(const Partitioner2::ControlFlowGraph::ConstVertexIterator &vertex,
290  const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
291  size_t pathInsnIndex);
292 
296  virtual void
297  processFunctionSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex,
298  const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
299  size_t pathInsnIndex);
300 
304  virtual void
305  processVertex(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
306  const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex,
307  size_t &pathInsnIndex /*in,out*/);
308 
310  virtual bool
311  shouldSummarizeCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex,
312  const Partitioner2::ControlFlowGraph &cfg,
313  const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget);
314 
316  virtual bool
317  shouldInline(const Partitioner2::CfgPath &path, const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget);
318 
327  FunctionSummarizer::Ptr functionSummarizer() const { return functionSummarizer_; }
328  void functionSummarizer(const FunctionSummarizer::Ptr &f) { functionSummarizer_ = f; }
331  // Utilities
334 public:
336  Partitioner2::ControlFlowGraph::ConstVertexIterator
337  pathToCfg(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex) const;
338 
340  Partitioner2::CfgConstVertexSet
341  cfgToPaths(const Partitioner2::CfgConstVertexSet&) const;
342 
344  bool pathEndsWithFunctionCall(const Partitioner2::CfgPath&) const;
345 
347  bool isFunctionCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator&) const;
348 
350  void printPathVertex(std::ostream &out, const Partitioner2::ControlFlowGraph::Vertex &pathVertex,
351  size_t &insnIdx /*in,out*/) const;
352 
356  void printPath(std::ostream &out, const Partitioner2::CfgPath&) const;
357 
363  virtual boost::tribool
364  isPathFeasible(const Partitioner2::CfgPath &path, const SmtSolverPtr&,
365  std::vector<SymbolicExpr::Ptr> postConditions, const SymbolicExprParser::RegisterSubstituter::Ptr&,
366  PathProcessor *pathProcessor, std::vector<SymbolicExpr::Ptr> &pathConditions /*in,out*/,
367  InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu /*out*/);
368 
369 
371  // Functions for describing the search space
373 public:
374 
381  void
382  setSearchBoundary(const Partitioner2::Partitioner &partitioner,
383  const Partitioner2::CfgConstVertexSet &cfgBeginVertices,
384  const Partitioner2::CfgConstVertexSet &cfgEndVertices,
385  const Partitioner2::CfgConstVertexSet &cfgAvoidVertices = Partitioner2::CfgConstVertexSet(),
386  const Partitioner2::CfgConstEdgeSet &cfgAvoidEdges = Partitioner2::CfgConstEdgeSet());
387  void
388  setSearchBoundary(const Partitioner2::Partitioner &partitioner,
389  const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgBeginVertex,
390  const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgEndVertex,
391  const Partitioner2::CfgConstVertexSet &cfgAvoidVertices = Partitioner2::CfgConstVertexSet(),
392  const Partitioner2::CfgConstEdgeSet &cfgAvoidEdges = Partitioner2::CfgConstEdgeSet());
396  // Functions for searching for paths
399 public:
404  void depthFirstSearch(PathProcessor &pathProcessor);
405 
406 
408  // Functions for getting the results
410 public:
415  const Partitioner2::Partitioner& partitioner() const;
416 
420  const FunctionSummaries& functionSummaries() const {
421  return functionSummaries_;
422  }
423 
428  const FunctionSummary& functionSummary(rose_addr_t entryVa) const;
429 
431  const VarDetail& varDetail(const InstructionSemantics2::BaseSemantics::StatePtr &state, const std::string &varName) const;
432 
434  const VarDetails& varDetails(const InstructionSemantics2::BaseSemantics::StatePtr &state) const;
435 
436 
438  // Private supporting functions
440 private:
441  static rose_addr_t virtualAddress(const Partitioner2::ControlFlowGraph::ConstVertexIterator &vertex);
442 
443  void insertCallSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsCallSite,
444  const Partitioner2::ControlFlowGraph &cfg,
445  const Partitioner2::ControlFlowGraph::ConstEdgeIterator &cfgCallEdge);
446 
447  boost::filesystem::path emitPathGraph(size_t callId, size_t graphId); // emit paths graph to "rose-debug" directory
448 };
449 
450 } // namespace
451 } // namespace
452 
453 #endif
Rose::BinaryAnalysis::FeasiblePath::VarDetail::firstAccessMode
std::string firstAccessMode
How was variable first accessed ("read" or "write").
Definition: BinaryFeasiblePath.h:85
Rose::BinaryAnalysis::FeasiblePath::Settings::summarizeFunctions
std::vector< rose_addr_t > summarizeFunctions
Functions to always summarize.
Definition: BinaryFeasiblePath.h:48
Rose::BinaryAnalysis::FeasiblePath::FunctionSummaries
Sawyer::Container::Map< rose_addr_t, FunctionSummary > FunctionSummaries
Summaries for multiple functions.
Definition: BinaryFeasiblePath.h:157
Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref::mode
MayOrMust mode
Check for addrs that may or must be null.
Definition: BinaryFeasiblePath.h:56
Rose::BinaryAnalysis::FeasiblePath::Settings::vertexVisitLimit
size_t vertexVisitLimit
Max times to visit a particular vertex in one path.
Definition: BinaryFeasiblePath.h:42
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::returnValue
virtual InstructionSemantics2::SymbolicSemantics::SValuePtr returnValue(const FeasiblePath &analysis, const FunctionSummary &summary, const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops)=0
Return value for function.
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::address
rose_addr_t address
Address of summarized function.
Definition: BinaryFeasiblePath.h:145
Rose::BinaryAnalysis::FeasiblePath::Settings::memoryParadigm
SemanticMemoryParadigm memoryParadigm
Type of memory state when there's a choice to be made.
Definition: BinaryFeasiblePath.h:51
Rose::BinaryAnalysis::FeasiblePath::printPathVertex
void printPathVertex(std::ostream &out, const Partitioner2::ControlFlowGraph::Vertex &pathVertex, size_t &insnIdx) const
Print one vertex of a path for debugging.
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary
Information stored per V_USER_DEFINED path vertex.
Definition: BinaryFeasiblePath.h:144
Rose::BinaryAnalysis::FeasiblePath::VarDetails
Sawyer::Container::Map< std::string, FeasiblePath::VarDetail > VarDetails
Variable detail by name.
Definition: BinaryFeasiblePath.h:98
Rose::BinaryAnalysis::FeasiblePath::setSearchBoundary
void setSearchBoundary(const Partitioner2::Partitioner &partitioner, const Partitioner2::CfgConstVertexSet &cfgBeginVertices, const Partitioner2::CfgConstVertexSet &cfgEndVertices, const Partitioner2::CfgConstVertexSet &cfgAvoidVertices=Partitioner2::CfgConstVertexSet(), const Partitioner2::CfgConstEdgeSet &cfgAvoidEdges=Partitioner2::CfgConstEdgeSet())
Specify search boundary.
Rose::BinaryAnalysis::FeasiblePath::depthFirstSearch
void depthFirstSearch(PathProcessor &pathProcessor)
Find all feasible paths.
Rose::BinaryAnalysis::FeasiblePath::processIndeterminateBlock
virtual void processIndeterminateBlock(const Partitioner2::ControlFlowGraph::ConstVertexIterator &vertex, const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex)
Process an indeterminate block.
Rose::BinaryAnalysis::FeasiblePath::PathProcessor::found
virtual Action found(const FeasiblePath &analyzer, const Partitioner2::CfgPath &path, const std::vector< SymbolicExpr::Ptr > &pathConditions, const InstructionSemantics2::BaseSemantics::DispatcherPtr &, const SmtSolverPtr &solver)
Function invoked whenever a complete path is found.
Definition: BinaryFeasiblePath.h:113
SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:664
Rose::BinaryAnalysis::FeasiblePath::VarDetail::returnFrom
Sawyer::Optional< rose_addr_t > returnFrom
This variable is the return value from the specified function.
Definition: BinaryFeasiblePath.h:91
Sawyer::Message::Facility
Collection of streams.
Definition: Message.h:1579
Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr
boost::shared_ptr< class RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to symbolic RISC operations.
Definition: SymbolicSemantics2.h:773
Rose::BinaryAnalysis::FeasiblePath::FeasiblePath
FeasiblePath()
Constructs a new feasible path analyzer.
Definition: BinaryFeasiblePath.h:213
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::process
virtual bool process(const FeasiblePath &analysis, const FunctionSummary &summary, const InstructionSemantics2::SymbolicSemantics::RiscOperatorsPtr &ops)=0
Invoked when the analysis traverses the summary.
Sawyer::Container::BiMap::clear
void clear()
Erase all mappings.
Definition: BiMap.h:63
Rose::BinaryAnalysis::Partitioner2::CfgConstVertexSet
std::set< ControlFlowGraph::ConstVertexIterator > CfgConstVertexSet
Set of CFG vertex pointers.
Definition: ControlFlowGraph.h:225
Rose::BinaryAnalysis::FeasiblePath::processFunctionSummary
virtual void processFunctionSummary(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex, const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex)
Process a function summary vertex.
Rose::BinaryAnalysis::FeasiblePath::PathProcessor::nullDeref
virtual void nullDeref(IoMode ioMode, const InstructionSemantics2::BaseSemantics::SValuePtr &addr, SgAsmInstruction *)
Function invoked whenever a null pointer dereference is detected.
Definition: BinaryFeasiblePath.h:129
Rose::BinaryAnalysis::FeasiblePath::REG_PATH
RegisterDescriptor REG_PATH
Descriptor of path pseudo-registers.
Definition: BinaryFeasiblePath.h:80
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::name
std::string name
Name of summarized function.
Definition: BinaryFeasiblePath.h:147
Rose::BinaryAnalysis::FeasiblePath::VarDetail::firstAccessIdx
Sawyer::Optional< size_t > firstAccessIdx
Instruction position in path where this var was first read.
Definition: BinaryFeasiblePath.h:87
Sawyer::CommandLine::SwitchGroup
A collection of related switch declarations.
Definition: util/Sawyer/CommandLine.h:2488
Rose::BinaryAnalysis::FeasiblePath::varDetails
const VarDetails & varDetails(const InstructionSemantics2::BaseSemantics::StatePtr &state) const
Details about all variables by name.
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
RegisterDescriptor
Describes (part of) a physical CPU register.
Definition: RegisterDescriptor.h:25
Rose::BinaryAnalysis::FeasiblePath::Settings::maxCallDepth
size_t maxCallDepth
Max length of path in terms of function calls.
Definition: BinaryFeasiblePath.h:44
Rose::BinaryAnalysis::FeasiblePath::Settings::nullDeref
struct Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref nullDeref
Settings for null-dereference analysis.
Rose::BinaryAnalysis::FeasiblePath::isPathFeasible
virtual boost::tribool isPathFeasible(const Partitioner2::CfgPath &path, const SmtSolverPtr &, std::vector< SymbolicExpr::Ptr > postConditions, const SymbolicExprParser::RegisterSubstituter::Ptr &, PathProcessor *pathProcessor, std::vector< SymbolicExpr::Ptr > &pathConditions, InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu)
Determine whether a single path is feasible.
Rose::BinaryAnalysis::FeasiblePath::functionSummaries
const FunctionSummaries & functionSummaries() const
Function summary information.
Definition: BinaryFeasiblePath.h:420
Rose::BinaryAnalysis::FeasiblePath::cfgToPaths
Partitioner2::CfgConstVertexSet cfgToPaths(const Partitioner2::CfgConstVertexSet &) const
Convert CFG vertices to path vertices.
Rose::BinaryAnalysis::FeasiblePath::shouldInline
virtual bool shouldInline(const Partitioner2::CfgPath &path, const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget)
Determines whether a function call should be inlined.
Rose::BinaryAnalysis::FeasiblePath::PathProcessor::memoryIo
virtual void memoryIo(const FeasiblePath &analyzer, IoMode ioMode, const InstructionSemantics2::BaseSemantics::SValuePtr &addr, const InstructionSemantics2::BaseSemantics::SValuePtr &value, const InstructionSemantics2::BaseSemantics::RiscOperatorsPtr &ops)
Function invoked every time a memory reference occurs.
Definition: BinaryFeasiblePath.h:135
Rose::BinaryAnalysis::FeasiblePath::settings
void settings(const Settings &s)
Property: Settings used by this analysis.
Definition: BinaryFeasiblePath.h:245
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::StatePtr
boost::shared_ptr< class State > StatePtr
Shared-ownership pointer to a semantic state.
Definition: BaseSemantics2.h:1125
Rose::BinaryAnalysis::FeasiblePath::Settings::maxPathLength
size_t maxPathLength
Limit path length in terms of number of instructions.
Definition: BinaryFeasiblePath.h:43
Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref::constOnly
bool constOnly
If true, check only constants or sets of constants.
Definition: BinaryFeasiblePath.h:57
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer
Base class for callbacks for function summaries.
Definition: BinaryFeasiblePath.h:162
Rose::BinaryAnalysis::FeasiblePath::varDetail
const VarDetail & varDetail(const InstructionSemantics2::BaseSemantics::StatePtr &state, const std::string &varName) const
Details about a variable.
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::DispatcherPtr
boost::shared_ptr< class Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
Definition: BaseSemantics2.h:2108
Rose::BinaryAnalysis::FeasiblePath::Settings::postConditionStrings
std::vector< std::string > postConditionStrings
Additional post conditions as strings to be parsed.
Definition: BinaryFeasiblePath.h:47
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::FunctionSummary
FunctionSummary()
Construct empty function summary.
Definition: BinaryFeasiblePath.h:150
Rose::BinaryAnalysis::FeasiblePath::Settings::nonAddressIsFeasible
bool nonAddressIsFeasible
Indeterminate/undiscovered vertices are feasible?
Definition: BinaryFeasiblePath.h:49
Rose::BinaryAnalysis::FeasiblePath::Settings::maxRecursionDepth
size_t maxRecursionDepth
Max path length in terms of recursive function calls.
Definition: BinaryFeasiblePath.h:45
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperatorsPtr
boost::shared_ptr< class RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to a RISC operators object.
Definition: BaseSemantics2.h:1393
Rose::BinaryAnalysis::FeasiblePath::reset
void reset()
Reset to initial state without changing settings.
Definition: BinaryFeasiblePath.h:219
Rose::BinaryAnalysis::Partitioner2::CfgPath
A path through a control flow graph.
Definition: CfgPath.h:15
Rose::BinaryAnalysis::Partitioner2::CfgConstEdgeSet
std::set< ControlFlowGraph::ConstEdgeIterator > CfgConstEdgeSet
Set of CFG edge pointers.
Definition: ControlFlowGraph.h:232
Rose::BinaryAnalysis::FeasiblePath::VarDetail
Information about a variable seen on a path.
Definition: BinaryFeasiblePath.h:83
Rose::BinaryAnalysis::FeasiblePath::functionSummarizer
FunctionSummarizer::Ptr functionSummarizer() const
Property: Function summary handling.
Definition: BinaryFeasiblePath.h:327
Rose::BinaryAnalysis::FeasiblePath::shouldSummarizeCall
virtual bool shouldSummarizeCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex, const Partitioner2::ControlFlowGraph &cfg, const Partitioner2::ControlFlowGraph::ConstVertexIterator &cfgCallTarget)
Determines whether a function call should be summarized instead of inlined.
Rose::BinaryAnalysis::FeasiblePath::isFunctionCall
bool isFunctionCall(const Partitioner2::ControlFlowGraph::ConstVertexIterator &) const
True if vertex is a function call.
RegisterDictionary
Defines registers available for a particular architecture.
Definition: Registers.h:32
Rose::BinaryAnalysis::FeasiblePath::Settings::searchMode
SearchMode searchMode
Method to use when searching for feasible paths.
Definition: BinaryFeasiblePath.h:40
Sawyer::Container::Graph::clear
void clear()
Remove all vertices and edges.
Definition: Graph.h:1984
Rose::BinaryAnalysis::FeasiblePath::pathEndsWithFunctionCall
bool pathEndsWithFunctionCall(const Partitioner2::CfgPath &) const
True if path ends with a function call.
Rose::BinaryAnalysis::FeasiblePath::printPath
void printPath(std::ostream &out, const Partitioner2::CfgPath &) const
Print the path to the specified output stream.
Rose::BinaryAnalysis::FeasiblePath::settings
const Settings & settings() const
Property: Settings used by this analysis.
Definition: BinaryFeasiblePath.h:243
Rose::BinaryAnalysis::FeasiblePath::VarDetail::memByteNumber
size_t memByteNumber
Byte number for memory access.
Definition: BinaryFeasiblePath.h:90
Rose::BinaryAnalysis::FeasiblePath::FunctionSummary::stackDelta
int64_t stackDelta
Stack delta for summarized function.
Definition: BinaryFeasiblePath.h:146
Sawyer::SharedObject
Base class for reference counted objects.
Definition: SharedObject.h:22
Rose::BinaryAnalysis::FeasiblePath::commandLineSwitches
static Sawyer::CommandLine::SwitchGroup commandLineSwitches(Settings &settings)
Describe command-line switches.
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::Ptr
Sawyer::SharedPointer< FunctionSummarizer > Ptr
Reference counting pointer.
Definition: BinaryFeasiblePath.h:165
Rose::BinaryAnalysis::FeasiblePath::mlog
static Sawyer::Message::Facility mlog
Diagnostic output.
Definition: BinaryFeasiblePath.h:71
Rose::BinaryAnalysis::FeasiblePath::processVertex
virtual void processVertex(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsVertex, size_t &pathInsnIndex)
Process one vertex.
Rose::BinaryAnalysis::FeasiblePath::pathToCfg
Partitioner2::ControlFlowGraph::ConstVertexIterator pathToCfg(const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathVertex) const
Convert path vertex to a CFG vertex.
Rose::BinaryAnalysis::FeasiblePath::functionSummary
const FunctionSummary & functionSummary(rose_addr_t entryVa) const
Function summary information.
Rose::BinaryAnalysis::FeasiblePath::Settings::postConditions
std::vector< SymbolicExpr::Ptr > postConditions
Additional constraints to be satisifed at the end of a path.
Definition: BinaryFeasiblePath.h:46
Rose::BinaryAnalysis::FeasiblePath::partitioner
const Partitioner2::Partitioner & partitioner() const
Property: Partitioner currently in use.
Rose::BinaryAnalysis::FeasiblePath::processBasicBlock
virtual void processBasicBlock(const Partitioner2::BasicBlock::Ptr &bblock, const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, size_t pathInsnIndex)
Process instructions for one basic block on the specified virtual CPU.
Rose::BinaryAnalysis::FeasiblePath::VarDetail::memAddress
SymbolicExpr::Ptr memAddress
Address where variable is located.
Definition: BinaryFeasiblePath.h:88
Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:293
Rose::BinaryAnalysis::FeasiblePath::buildVirtualCpu
virtual InstructionSemantics2::BaseSemantics::DispatcherPtr buildVirtualCpu(const Partitioner2::Partitioner &, PathProcessor *)
Create the virtual CPU.
Rose::BinaryAnalysis::FeasiblePath::Settings::solverName
std::string solverName
Type of SMT solver.
Definition: BinaryFeasiblePath.h:50
Rose::BinaryAnalysis::FeasiblePath::functionSummarizer
void functionSummarizer(const FunctionSummarizer::Ptr &f)
Property: Function summary handling.
Definition: BinaryFeasiblePath.h:328
Rose::BinaryAnalysis::FeasiblePath::settings
Settings & settings()
Property: Settings used by this analysis.
Definition: BinaryFeasiblePath.h:244
Rose::BinaryAnalysis::FeasiblePath::VarDetail::memSize
size_t memSize
Size of total memory access in bytes.
Definition: BinaryFeasiblePath.h:89
Sawyer::Container::Map
Container associating values with keys.
Definition: Sawyer/Map.h:66
Rose::BinaryAnalysis::FeasiblePath::VarDetail::firstAccessInsn
SgAsmInstruction * firstAccessInsn
Instruction address where this var was first read.
Definition: BinaryFeasiblePath.h:86
Rose::BinaryAnalysis::FeasiblePath::Settings
Settings that control this analysis.
Definition: BinaryFeasiblePath.h:38
Rose::BinaryAnalysis::FeasiblePath::initDiagnostics
static void initDiagnostics()
Initialize diagnostic output.
Rose::BinaryAnalysis::FeasiblePath::Settings::NullDeref::check
bool check
If true, look for null dereferences along the paths.
Definition: BinaryFeasiblePath.h:55
Rose::BinaryAnalysis::FeasiblePath::setInitialState
virtual void setInitialState(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, const Partitioner2::ControlFlowGraph::ConstVertexIterator &pathsBeginVertex)
Initialize state for first vertex of path.
Rose::BinaryAnalysis::FeasiblePath::Settings::initialStackPtr
Sawyer::Optional< rose_addr_t > initialStackPtr
Concrete value to use for stack pointer register initial value.
Definition: BinaryFeasiblePath.h:41
Rose::BinaryAnalysis::FeasiblePath::SemanticMemoryParadigm
SemanticMemoryParadigm
Organization of semantic memory.
Definition: BinaryFeasiblePath.h:26
Rose::BinaryAnalysis::FeasiblePath::FunctionSummarizer::init
virtual void init(const FeasiblePath &analysis, FunctionSummary &summary, const Partitioner2::Function::Ptr &function, Partitioner2::ControlFlowGraph::ConstVertexIterator cfgCallTarget)=0
Invoked when a new summary is created.
Generated on Mon Nov 12 2018 04:01:34 for ROSE by   doxygen 1.8.10