ROSE  0.9.11.158
DataFlow.h
1 #ifndef ROSE_Partitioner2_DataFlow_H
2 #define ROSE_Partitioner2_DataFlow_H
3 
4 #include <BinaryDataFlow.h>
5 #include <BinaryStackVariable.h>
6 #include <Partitioner2/BasicBlock.h>
7 #include <Partitioner2/ControlFlowGraph.h>
8 #include <Partitioner2/Function.h>
9 #include <Sawyer/Graph.h>
10 
11 namespace Rose {
12 namespace BinaryAnalysis {
13 namespace Partitioner2 {
14 
16 namespace DataFlow {
17 
19 // Control Flow Graph
21 
25 class DfCfgVertex {
26 public:
28  enum Type {
29  BBLOCK,
30  FAKED_CALL,
31  FUNCRET,
32  INDET,
33  };
34 
35 private:
36  Type type_;
37  BasicBlock::Ptr bblock_; // attached to BBLOCK vertices
38  Function::Ptr callee_; // function represented by FAKED_CALL
39  Function::Ptr parentFunction_; // function "owning" this vertex
40  size_t inliningId_; // invocation ID for inlining functions during inter-procedural
41 
42 public:
44  explicit DfCfgVertex(const BasicBlock::Ptr &bblock, const Function::Ptr &parentFunction, size_t inliningId)
45  : type_(BBLOCK), bblock_(bblock), parentFunction_(parentFunction), inliningId_(inliningId) {
46  ASSERT_not_null(bblock);
47  }
48 
50  explicit DfCfgVertex(const Function::Ptr &function, const Function::Ptr &parentFunction, size_t inliningId)
51  : type_(FAKED_CALL), callee_(function), parentFunction_(parentFunction), inliningId_(inliningId) {}
52 
54  explicit DfCfgVertex(Type type, const Function::Ptr &parentFunction, size_t inliningId)
55  : type_(type), parentFunction_(parentFunction), inliningId_(inliningId) {
56  ASSERT_require2(BBLOCK!=type && FAKED_CALL!=type, "use a different constructor");
57  }
58 
62  Type type() const { return type_; }
63 
68  const BasicBlock::Ptr& bblock() const { return bblock_; }
69 
71  const Function::Ptr& callee() const { return callee_; }
72 
78  Function::Ptr parentFunction() const { return parentFunction_; }
79 
85  size_t inliningId() const { return inliningId_; }
86 };
87 
109 typedef Sawyer::Container::Graph<DfCfgVertex> DfCfg;
110 
116 class InterproceduralPredicate {
117 public:
118  virtual ~InterproceduralPredicate() {}
119  virtual bool operator()(const ControlFlowGraph&, const ControlFlowGraph::ConstEdgeIterator&, size_t depth) = 0;
120 };
121 
123 class NotInterprocedural: public InterproceduralPredicate {
124 public:
125  bool operator()(const ControlFlowGraph&, const ControlFlowGraph::ConstEdgeIterator&, size_t depth) ROSE_OVERRIDE {
126  return false;
127  }
128 };
129 extern NotInterprocedural NOT_INTERPROCEDURAL;
130 
132 std::vector<SgAsmInstruction*> vertexUnpacker(const DfCfgVertex&);
133 
140 DfCfg buildDfCfg(const Partitioner&, const ControlFlowGraph&, const ControlFlowGraph::ConstVertexIterator &startVertex,
141  InterproceduralPredicate &predicate = NOT_INTERPROCEDURAL);
142 
144 void dumpDfCfg(std::ostream&, const DfCfg&);
145 
151 Function::Ptr bestSummaryFunction(const FunctionSet &functions);
152 
158 template<class DfCfg>
159 typename Sawyer::Container::GraphTraits<DfCfg>::VertexIterator
160 findReturnVertex(DfCfg &dfCfg) {
161  using namespace Sawyer::Container;
162  typename GraphTraits<DfCfg>::VertexIterator retval = dfCfg.vertices().end();
163  for (typename GraphTraits<DfCfg>::VertexIterator vi = dfCfg.vertices().begin(); vi != dfCfg.vertices().end(); ++vi) {
164  if (vi->value().type() == DfCfgVertex::FUNCRET) {
165  ASSERT_require(retval == dfCfg.vertices().end());
166  retval = vi;
167  }
168  }
169  return retval;
170 }
171 
173 // Transfer function
174 //
175 // The transfer function is reponsible for taking a CFG vertex and an initial state and producing the next state, the final
176 // state for that vertex. Users can use whatever transfer function they want; this one is based on the DfCfg and an
177 // instruction semantics state.
179 
181 class TransferFunction {
182  BaseSemantics::DispatcherPtr cpu_;
183  BaseSemantics::SValuePtr callRetAdjustment_;
184  const RegisterDescriptor STACK_POINTER_REG;
185  const RegisterDescriptor INSN_POINTER_REG;
186  CallingConvention::DefinitionPtr defaultCallingConvention_;
187 public:
191  explicit TransferFunction(const BaseSemantics::DispatcherPtr &cpu)
192  : cpu_(cpu), STACK_POINTER_REG(cpu->stackPointerRegister()), INSN_POINTER_REG(cpu->instructionPointerRegister()) {
193  size_t adjustment = STACK_POINTER_REG.nBits() / 8; // sizeof return address on top of stack
194  callRetAdjustment_ = cpu->number_(STACK_POINTER_REG.nBits(), adjustment);
195  }
196 
198  BaseSemantics::StatePtr initialState() const;
199 
203  BaseSemantics::DispatcherPtr cpu() const { return cpu_; }
204 
213  CallingConvention::DefinitionPtr defaultCallingConvention() const { return defaultCallingConvention_; }
214  void defaultCallingConvention(const CallingConvention::DefinitionPtr &x) { defaultCallingConvention_ = x; }
217  // Required by data-flow engine
218  std::string printState(const BaseSemantics::StatePtr &state);
219 
220  // Required by data-flow engine: compute new output state given a vertex and input state.
221  BaseSemantics::StatePtr operator()(const DfCfg&, size_t vertexId, const BaseSemantics::StatePtr &incomingState) const;
222 };
223 
228 typedef Rose::BinaryAnalysis::DataFlow::SemanticsMerge MergeFunction;
229 
231 typedef Rose::BinaryAnalysis::DataFlow::Engine<DfCfg, BaseSemantics::StatePtr, TransferFunction, MergeFunction> Engine;
232 
244 StackVariables findStackVariables(const BaseSemantics::RiscOperatorsPtr &ops,
245  const BaseSemantics::SValuePtr &initialStackPointer);
246 
251 StackVariables findLocalVariables(const BaseSemantics::RiscOperatorsPtr &ops,
252  const BaseSemantics::SValuePtr &initialStackPointer);
253 
259 StackVariables findFunctionArguments(const BaseSemantics::RiscOperatorsPtr &ops,
260  const BaseSemantics::SValuePtr &initialStackPointer);
261 
266 std::vector<AbstractLocation> findGlobalVariables(const BaseSemantics::RiscOperatorsPtr &ops, size_t wordNBytes);
267 
268 
269 
270 } // namespace
271 } // namespace
272 } // namespace
273 } // namespace
274 
275 #endif
Rose::BinaryAnalysis::Partitioner2::DataFlow::Engine
Rose::BinaryAnalysis::DataFlow::Engine< DfCfg, BaseSemantics::StatePtr, TransferFunction, MergeFunction > Engine
Data-Flow engine.
Definition: DataFlow.h:231
Rose::BinaryAnalysis::Partitioner2::DataFlow::MergeFunction
Rose::BinaryAnalysis::DataFlow::SemanticsMerge MergeFunction
Data-flow merge function.
Definition: DataFlow.h:228
Rose::BinaryAnalysis::Partitioner2::DataFlow::findGlobalVariables
std::vector< AbstractLocation > findGlobalVariables(const BaseSemantics::RiscOperatorsPtr &ops, size_t wordNBytes)
Returns a list of global variables.
Rose::BinaryAnalysis::Partitioner2::DataFlow::NotInterprocedural
Predicate that always returns false, preventing interprocedural analysis.
Definition: DataFlow.h:123
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::cpu
BaseSemantics::DispatcherPtr cpu() const
Property: Virtual CPU.
Definition: DataFlow.h:203
Sawyer::Container::Graph
Graph containing user-defined vertices and edges.
Definition: Graph.h:625
Rose::BinaryAnalysis::RegisterDescriptor::nBits
size_t nBits() const
Property: Size in bits.
Definition: RegisterDescriptor.h:131
Rose::BinaryAnalysis::Partitioner2::DataFlow::bestSummaryFunction
Function::Ptr bestSummaryFunction(const FunctionSet &functions)
Choose best function for data-flow summary vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::bblock
const BasicBlock::Ptr & bblock() const
Basic block.
Definition: DataFlow.h:68
Rose::BinaryAnalysis::Partitioner2::DataFlow::findReturnVertex
Sawyer::Container::GraphTraits< DfCfg >::VertexIterator findReturnVertex(DfCfg &dfCfg)
Find the return vertex.
Definition: DataFlow.h:160
Rose::BinaryAnalysis::StackVariables
std::vector< StackVariable > StackVariables
Multiple stack variables.
Definition: BinaryStackVariable.h:88
Rose::BinaryAnalysis::DataFlow::SemanticsMerge
Basic merge operation for instruction semantics.
Definition: BinaryDataFlow.h:210
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::DfCfgVertex
DfCfgVertex(Type type, const Function::Ptr &parentFunction, size_t inliningId)
Construct a vertex of specified type that takes no auxiliary data.
Definition: DataFlow.h:54
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::defaultCallingConvention
void defaultCallingConvention(const CallingConvention::DefinitionPtr &x)
Property: Default calling convention.
Definition: DataFlow.h:214
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::DfCfgVertex
DfCfgVertex(const Function::Ptr &function, const Function::Ptr &parentFunction, size_t inliningId)
Construct a faked call vertex.
Definition: DataFlow.h:50
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::parentFunction
Function::Ptr parentFunction() const
Function owning this vertex.
Definition: DataFlow.h:78
Sawyer::Container::Graph::vertices
boost::iterator_range< VertexIterator > vertices()
Iterators for all vertices.
Definition: Graph.h:1442
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
Rose::BinaryAnalysis::Partitioner2::DataFlow::findStackVariables
StackVariables findStackVariables(const BaseSemantics::RiscOperatorsPtr &ops, const BaseSemantics::SValuePtr &initialStackPointer)
Returns the list of all known stack variables.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::TransferFunction
TransferFunction(const BaseSemantics::DispatcherPtr &cpu)
Construct from a CPU.
Definition: DataFlow.h:191
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex
CFG vertex for data-flow analysis.
Definition: DataFlow.h:25
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::FUNCRET
Vertex represents returning to the caller.
Definition: DataFlow.h:31
Rose::BinaryAnalysis::Partitioner2::DataFlow::buildDfCfg
DfCfg buildDfCfg(const Partitioner &, const ControlFlowGraph &, const ControlFlowGraph::ConstVertexIterator &startVertex, InterproceduralPredicate &predicate=NOT_INTERPROCEDURAL)
build a cfg useful for data-flow analysis.
Sawyer::Container
Container classes that store user-defined values.
Definition: AddressMap.h:31
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::StatePtr
boost::shared_ptr< class State > StatePtr
Shared-ownership pointer to a semantic state.
Definition: BaseSemantics2.h:1124
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::DispatcherPtr
boost::shared_ptr< class Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
Definition: BaseSemantics2.h:2079
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::initialState
BaseSemantics::StatePtr initialState() const
Construct an initial state.
Rose::BinaryAnalysis::RegisterDescriptor
Describes (part of) a physical CPU register.
Definition: RegisterDescriptor.h:25
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperatorsPtr
boost::shared_ptr< class RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to a RISC operators object.
Definition: BaseSemantics2.h:1357
Rose::BinaryAnalysis::Partitioner2::DataFlow::InterproceduralPredicate
Predicate that decides when to use inter-procedural data-flow.
Definition: DataFlow.h:116
Rose::BinaryAnalysis::Partitioner2::DataFlow::findLocalVariables
StackVariables findLocalVariables(const BaseSemantics::RiscOperatorsPtr &ops, const BaseSemantics::SValuePtr &initialStackPointer)
Returns the list of all known local variables.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::inliningId
size_t inliningId() const
Inlining invocation number.
Definition: DataFlow.h:85
Rose::BinaryAnalysis::Partitioner2::DataFlow::findFunctionArguments
StackVariables findFunctionArguments(const BaseSemantics::RiscOperatorsPtr &ops, const BaseSemantics::SValuePtr &initialStackPointer)
Returns the list of all known function arguments.
Rose::BinaryAnalysis::Partitioner2::DataFlow::vertexUnpacker
std::vector< SgAsmInstruction * > vertexUnpacker(const DfCfgVertex &)
Unpacks a vertex into a list of instructions.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::DfCfgVertex
DfCfgVertex(const BasicBlock::Ptr &bblock, const Function::Ptr &parentFunction, size_t inliningId)
Construct a basic block vertex.
Definition: DataFlow.h:44
Rose::BinaryAnalysis::DataFlow
Various tools for data-flow analysis.
Definition: BinaryDataFlow.h:68
Sawyer::Container::GraphTraits::VertexIterator
G::VertexIterator VertexIterator
Const or non-const vertex iterator.
Definition: Graph.h:295
Rose::BinaryAnalysis::Partitioner2::DataFlow::dumpDfCfg
void dumpDfCfg(std::ostream &, const DfCfg &)
Emit a data-flow CFG as a GraphViz file.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::INDET
Indeterminate basic block where no information is available.
Definition: DataFlow.h:32
Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:316
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfg
Sawyer::Container::Graph< DfCfgVertex > DfCfg
Control flow graph used by data-flow analysis.
Definition: DataFlow.h:109
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::callee
const Function::Ptr & callee() const
Function represented by faked call.
Definition: DataFlow.h:71
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::defaultCallingConvention
CallingConvention::DefinitionPtr defaultCallingConvention() const
Property: Default calling convention.
Definition: DataFlow.h:213
Generated on Mon Oct 21 2019 09:30:28 for ROSE by   doxygen 1.8.10