ROSE 0.11.145.357
Concolic/Architecture.h
1#ifndef ROSE_BinaryAnalysis_Concolic_Architecture_H
2#define ROSE_BinaryAnalysis_Concolic_Architecture_H
3#include <featureTests.h>
4#ifdef ROSE_ENABLE_CONCOLIC_TESTING
5
6#include <Rose/BinaryAnalysis/ByteOrder.h>
7#include <Rose/BinaryAnalysis/Concolic/BasicTypes.h>
8#include <Rose/BinaryAnalysis/Concolic/ExecutionLocation.h>
9#include <Rose/BinaryAnalysis/Debugger/BasicTypes.h>
10#include <Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h>
11#include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>
12#include <Rose/BinaryAnalysis/Partitioner2/Engine.h>
13#include <Rose/BinaryAnalysis/RegisterDescriptor.h>
14#include <Rose/BinaryAnalysis/SmtSolver.h>
15#include <Rose/Yaml.h>
16
17#include <Sawyer/BitVector.h>
18
19#include <boost/filesystem.hpp>
20
21#include <string>
22#include <vector>
23
24namespace Rose {
25namespace BinaryAnalysis {
26namespace Concolic {
27
29class Architecture: public Sawyer::SharedObject, public Sawyer::SharedFromThis<Architecture> {
30public:
32 using Ptr = ArchitecturePtr;
33
35 using SystemCallMap = Sawyer::Container::Map<int /*syscall*/, SyscallCallbacks>;
36
38 using SharedMemoryMap = Sawyer::Container::IntervalMap<AddressInterval, SharedMemoryCallbacks>;
39
40private:
41 std::string name_; // architecture name for factory matching
42 DatabasePtr db_;
43 TestCaseId testCaseId_;
44 TestCasePtr testCase_;
45 Partitioner2::PartitionerConstPtr partitioner_;
46 Debugger::BasePtr debugger_;
47 ExecutionLocation currentLocation_; // incremented when the instruction begins execution
48 SystemCallMap systemCalls_; // callbacks for syscalls
49 SharedMemoryMap sharedMemory_; // callbacks for shared memory
50 InputVariablesPtr inputVariables_; // info about variables for events and inputs
51 Sawyer::Optional<Address> scratchVa_; // scratch page for internal use in subordinate address space
52
53protected:
54 // See "instance" methods in subclasses
55 explicit Architecture(const std::string&); // for factories
56 Architecture(const DatabasePtr&, TestCaseId); // for non-factories
57public:
58 virtual ~Architecture();
59
61 // Factory
63public:
72 static void registerFactory(const Ptr &factory);
73
80 static bool deregisterFactory(const Ptr &factory);
81
88 static std::vector<Ptr> registeredFactories();
89
100 static Ptr forge(const DatabasePtr&, TestCaseId, const Yaml::Node &config);
101 static Ptr forge(const DatabasePtr&, const TestCasePtr&, const Yaml::Node &config);
105 virtual bool matchFactory(const Yaml::Node &config) const = 0;
106
111 virtual Ptr instanceFromFactory(const DatabasePtr&, TestCaseId, const Yaml::Node &config) const = 0;
112
118 bool isFactory() const;
119
121 // Properties
123public:
130 const std::string& name() const;
131 void name(const std::string&);
138 DatabasePtr database() const;
139
144 TestCaseId testCaseId() const;
145
150 TestCasePtr testCase() const;
151
155 Partitioner2::PartitionerConstPtr partitioner() const;
156 void partitioner(const Partitioner2::PartitionerConstPtr&);
157
163 Debugger::BasePtr debugger() const;
164 void debugger(const Debugger::BasePtr&);
173 Sawyer::Optional<Address> scratchVa() const;
174 void scratchVa(const Sawyer::Optional<Address>&);
189 ExecutionLocation currentLocation() const;
190 void currentLocation(const ExecutionLocation&);
202 const SystemCallMap& systemCalls() const;
203
216 const SharedMemoryMap& sharedMemory() const;
217
224 InputVariablesPtr inputVariables() const;
225 void inputVariables(const InputVariablesPtr&);
229 // Functions that can be called before execution starts.
231public:
233 virtual Partitioner2::PartitionerPtr partition(const Partitioner2::EnginePtr&, const std::string &specimenName) = 0;
234
238 virtual void configureSystemCalls() = 0;
239
245 virtual void configureSharedMemory(const Yaml::Node &config);
246
255 void sharedMemory(const SharedMemoryCallbackPtr&);
256 void sharedMemory(const SharedMemoryCallbackPtr&, const AddressInterval&);
260 void systemCalls(size_t syscallId, const SyscallCallbackPtr&);
261
271 virtual void load(const boost::filesystem::path &tempDirectory) = 0;
272
277 virtual bool isTerminated();
278
280 virtual InstructionSemantics::BaseSemantics::DispatcherPtr
281 makeDispatcher(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&) = 0;
282
284 // Functions that create execution events. These query the concrete state but do not modify it.
286public:
291 virtual std::vector<ExecutionEventPtr> createMemoryRestoreEvents() = 0;
292 std::vector<ExecutionEventPtr> createMemoryRestoreEvents(const MemoryMapPtr&);
293
298 virtual std::vector<ExecutionEventPtr> createMemoryHashEvents() = 0;
299
305 virtual std::vector<ExecutionEventPtr> createMemoryAdjustEvents(const MemoryMapPtr&, Address insnVa) = 0;
306
311 virtual std::vector<ExecutionEventPtr> createRegisterRestoreEvents();
312
317 void saveEvents(const std::vector<ExecutionEventPtr>&, When);
318
320 // High-level functions controlling concrete execution.
322public:
328 size_t playAllEvents(const Partitioner2::PartitionerConstPtr&);
329
336 virtual bool playEvent(const ExecutionEventPtr&);
337
341 virtual void runToEvent(const ExecutionEventPtr&, const Partitioner2::PartitionerConstPtr&);
342
346 uint64_t readMemoryUnsigned(Address va, size_t nBytes);
347
353 virtual std::string readCString(Address va, size_t maxBytes = UNLIMITED);
354
356 // Low-level functions controlling concrete execution.
358public:
362 virtual ByteOrder::Endianness memoryByteOrder() = 0;
363
367 virtual Address ip();
368 virtual void ip(Address);
375 virtual void mapMemory(const AddressInterval &where, unsigned permissions);
376
380 virtual void unmapMemory(const AddressInterval &where);
381
385 virtual size_t writeMemory(Address startVa, const std::vector<uint8_t> &bytes);
386
391 virtual std::vector<uint8_t> readMemory(Address startVa, size_t nBytes);
392
399 virtual void writeRegister(RegisterDescriptor, uint64_t value);
400 virtual void writeRegister(RegisterDescriptor, const Sawyer::Container::BitVector&);
404 virtual Sawyer::Container::BitVector readRegister(RegisterDescriptor);
405
410 virtual void checkInstruction(SgAsmInstruction*);
411
416 virtual void advanceExecution(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&);
417
423 virtual void executeInstruction(const Partitioner2::PartitionerConstPtr&);
424 virtual void executeInstruction(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&, SgAsmInstruction*);
431 const ExecutionLocation& nextInstructionLocation();
432
439 const ExecutionLocation& nextEventLocation(When);
446 std::vector<ExecutionEventPtr> getRelatedEvents(const ExecutionEventPtr&) const;
447
449 // Functions related to symbolic states.
451public:
459 virtual void createInputVariables(const Partitioner2::PartitionerConstPtr&, const Emulation::RiscOperatorsPtr&,
460 const SmtSolver::Ptr&) = 0;
461
479 virtual void restoreInputVariables(const Partitioner2::PartitionerConstPtr&, const Emulation::RiscOperatorsPtr&,
480 const SmtSolver::Ptr&);
481
483 // Functions related to operating system emulation
485public:
490 virtual void systemCall(const Partitioner2::PartitionerConstPtr&,
491 const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&) {}
492
505 virtual std::pair<ExecutionEventPtr, SymbolicExpressionPtr>
506 sharedMemoryRead(const SharedMemoryCallbacks&, const Partitioner2::PartitionerConstPtr&, const Emulation::RiscOperatorsPtr&,
507 Address memVa, size_t nBytes);
508 virtual bool
509 sharedMemoryWrite(const SharedMemoryCallbacks&, const Partitioner2::PartitionerConstPtr&, const Emulation::RiscOperatorsPtr&,
510 Address memVa, const InstructionSemantics::BaseSemantics::SValuePtr&);
517 virtual void runSharedMemoryPostCallbacks(const ExecutionEventPtr &sharedMemoryEvent, const Emulation::RiscOperatorsPtr&);
518
546 void fixupSharedMemoryEvents(const ExecutionEventPtr &sharedMemoryEvent, const Emulation::RiscOperatorsPtr&);
547
549 void printSharedMemoryEvents(const ExecutionEventPtr &sharedMemoryEvent, const Emulation::RiscOperatorsPtr&);
550
552 virtual void sharedMemoryAccessPost(const Partitioner2::PartitionerConstPtr&, const Emulation::RiscOperatorsPtr&);
553};
554
555} // namespace
556} // namespace
557} // namespace
558
559#endif
560#endif
Sawyer::Container::IntervalMap
An associative container whose keys are non-overlapping intervals.
Definition IntervalMap.h:180
Sawyer::Container::Map
Container associating values with keys.
Definition Sawyer/Map.h:72
Sawyer::Optional
Holds a value or nothing.
Definition Optional.h:54
Sawyer::SharedFromThis
Creates SharedPointer from this.
Definition SharedPointer.h:398
Sawyer::SharedObject
Base class for reference counted objects.
Definition SharedObject.h:64
SgAsmInstruction
Base class for machine instructions.
Definition binaryInstruction.C:44827
Rose::BinaryAnalysis::SymbolicExpression::Ptr
Sawyer::SharedPointer< Node > Ptr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:114
Rose::BinaryAnalysis::Address
std::uint64_t Address
Address.
Definition Address.h:11
Rose::Source::AST::IO::load
ROSE_DLL_API void load(SgProject *project, std::list< std::string > const &filepaths)
Load ASTs that have been saved to files.
Rose
The ROSE library.
Definition BinaryTutorial.dox:3
stringify::Rose::BinaryAnalysis::Disassembler::Mips::Decoder::Architecture
const char * Architecture(int64_t)
Convert Rose::BinaryAnalysis::Disassembler::Mips::Decoder::Architecture enum constant to a string.
Generated on Mon Nov 3 2025 05:39:36 for ROSE by doxygen 1.9.8