BinaryPointerDetection.h

#ifndef ROSE_BinaryAnalysis_PointerDetection_H
#define ROSE_BinaryAnalysis_PointerDetection_H
#include <featureTests.h>
#ifdef ROSE_ENABLE_BINARY_ANALYSIS

#include <BaseSemantics2.h>
#include <MemoryCellList.h>
#include <Sawyer/Set.h>

namespace Rose {
namespace BinaryAnalysis {

// Forwards
class Disassembler;
namespace Partitioner2 {
    class Partitioner;
    class Function;
}


namespace PointerDetection {

void initDiagnostics();

extern Sawyer::Message::Facility mlog;

struct Settings {
    bool ignoreConstIp;

    bool ignoreStrangeSizes;

    Settings()
        : ignoreConstIp(true), ignoreStrangeSizes(true) {}
};

struct PointerDescriptor {
    SymbolicExpr::Ptr lvalue;                           
    size_t nBits;                                       
    PointerDescriptor(const SymbolicExpr::Ptr &lvalue, size_t nBits)
        : lvalue(lvalue), nBits(nBits) {}
};

class PointerDescriptorLessp {
public:
    bool operator()(const PointerDescriptor &a, const PointerDescriptor &b) const;
};

typedef std::set<PointerDescriptor, PointerDescriptorLessp> PointerDescriptors;
    
class Analysis {
public:

private:
    Settings settings_;
    InstructionSemantics2::BaseSemantics::DispatcherPtr cpu_;
    bool hasResults_;                                   // Are the following data members initialized?
    bool didConverge_;                                  // Are the following data members valid (else only appoximations)?
    PointerDescriptors codePointers_;                   // Memory addresses that hold a pointer to code
    PointerDescriptors dataPointers_;                   // Memory addresses that hold a pointer to data
    InstructionSemantics2::BaseSemantics::StatePtr initialState_; // Initial state for analysis
    InstructionSemantics2::BaseSemantics::StatePtr finalState_;   // Final state for analysis

public:
    Analysis()
        : hasResults_(false), didConverge_(false) {}

    explicit Analysis(Disassembler *d, const Settings &settings = Settings())
        : hasResults_(false), didConverge_(false) {
        init(d);
    }

    explicit Analysis(const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu,
                      const Settings &settings = Settings())
        : cpu_(cpu), hasResults_(false), didConverge_(false) {}

    const Settings& settings() const { return settings_; }
    
    void analyzeFunction(const Partitioner2::Partitioner&, const Sawyer::SharedPointer<Partitioner2::Function>&);

    bool hasResults() const { return hasResults_; }

    bool didConverge() const { return didConverge_; }

    void clearResults();

    void clearNonResults();

    const PointerDescriptors& codePointers() const {
        return codePointers_;
    }

    const PointerDescriptors& dataPointers() const {
        return dataPointers_;
    }
    
    InstructionSemantics2::BaseSemantics::StatePtr initialState() const {
        return initialState_;
    }

    InstructionSemantics2::BaseSemantics::StatePtr finalState() const {
        return finalState_;
    }
    
private:
    void init(Disassembler*);

    InstructionSemantics2::BaseSemantics::RiscOperatorsPtr
    makeRiscOperators(const Partitioner2::Partitioner&) const;

    // Prints instructions to the mlog[DEBUG] diagnostic stream if that stream is enabled.
    void
    printInstructionsForDebugging(const Partitioner2::Partitioner&, const Sawyer::SharedPointer<Partitioner2::Function>&);

    // Given a potential pointer's r-value, determine if the r-value is a pointer and if so, store its address in the
    // result. The pointer's value and the defining instructions are added to the two sets, and the result is not updated for
    // values and instructions that have already been processed.
    void
    conditionallySavePointer(const InstructionSemantics2::BaseSemantics::SValuePtr &ptrValue,
                             Sawyer::Container::Set<uint64_t> &ptrValueSeen,
                             size_t wordSize, PointerDescriptors &result);
};

} // namespace
} // namespace
} // namespace

#endif
#endif