ROSE_HTML_Reference/Emulation_8h_source.html

#ifndef ROSE_BinaryAnalysis_Concolic_Emulation_H

#define ROSE_BinaryAnalysis_Concolic_Emulation_H

#include <featureTests.h>

#ifdef ROSE_ENABLE_CONCOLIC_TESTING

#include <Rose/BinaryAnalysis/Concolic/BasicTypes.h>


#include <Rose/BinaryAnalysis/BasicTypes.h>

#include <Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h>

#include <Rose/BinaryAnalysis/InstructionSemantics/SymbolicSemantics.h>

#include <Sawyer/FileSystem.h>


namespace Rose {

namespace BinaryAnalysis {

namespace Concolic {


namespace Emulation {


typedef InstructionSemantics::SymbolicSemantics::Formatter SValueFormatter;

typedef InstructionSemantics::SymbolicSemantics::SValuePtr SValuePtr;

typedef InstructionSemantics::SymbolicSemantics::SValue SValue;

typedef InstructionSemantics::SymbolicSemantics::RegisterStatePtr RegisterStatePtr;

typedef InstructionSemantics::SymbolicSemantics::RegisterState RegisterState;

typedef InstructionSemantics::SymbolicSemantics::MemoryStatePtr MemoryStatePtr;

typedef InstructionSemantics::SymbolicSemantics::MemoryState MemoryState;

typedef InstructionSemantics::SymbolicSemantics::StatePtr StatePtr;

typedef InstructionSemantics::SymbolicSemantics::State State;

class Exit: public Exception {

    uint64_t status_;


public:

    explicit Exit(uint64_t status)

        : Exception("subordinate exit"), status_(status) {}


    ~Exit() throw () {}


    uint64_t status() const {

        return status_;

    }

};


class RiscOperators: public InstructionSemantics::SymbolicSemantics::RiscOperators {

public:

    using Ptr = RiscOperatorsPtr;


    typedef InstructionSemantics::SymbolicSemantics::RiscOperators Super;


    const RegisterDescriptor REG_PATH;


    struct Settings {

    };


private:

    Settings settings_;                                 // emulation settings

    DatabasePtr db_;                                    // concolic database connection

    TestCasePtr testCase_;                              // test case whose instructions are being processed

    Partitioner2::PartitionerConstPtr partitioner_;     // ROSE disassembly info about the specimen

    ArchitecturePtr process_;                           // subordinate process, concrete state

    bool hadSystemCall_ = false;                        // true if we need to call process_->systemCall, cleared each insn

    ExecutionEventPtr hadSharedMemoryAccess_;           // set when shared memory is read, cleared each instruction

    bool isRecursive_ = false;                          // if set, avoid calling user-defined functions


protected:

    RiscOperators(const Settings&, const DatabasePtr&, const TestCasePtr&, const Partitioner2::PartitionerConstPtr&,

                  const ArchitecturePtr&, const InstructionSemantics::BaseSemantics::StatePtr&, const SmtSolverPtr&);

public:

    ~RiscOperators();


public:

    static RiscOperatorsPtr instance(const Settings &settings, const DatabasePtr&, const TestCasePtr&,

                                     const Partitioner2::PartitionerConstPtr&, const ArchitecturePtr &process,

                                     const InstructionSemantics::BaseSemantics::SValuePtr &protoval,

                                     const SmtSolverPtr &solver = SmtSolverPtr());


    static RiscOperatorsPtr promote(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&);


    // Overrides documented in base class

    virtual InstructionSemantics::BaseSemantics::RiscOperatorsPtr

    create(const InstructionSemantics::BaseSemantics::SValuePtr &/*protoval*/,

           const SmtSolverPtr& = SmtSolverPtr()) const override;

    virtual InstructionSemantics::BaseSemantics::RiscOperatorsPtr

    create(const InstructionSemantics::BaseSemantics::StatePtr &/*state*/,

           const SmtSolverPtr& = SmtSolverPtr()) const override;


public:

    const Settings& settings() const;


    Partitioner2::PartitionerConstPtr partitioner() const;


    TestCasePtr testCase() const;


    DatabasePtr database() const;


    ArchitecturePtr process() const;


    InputVariablesPtr inputVariables() const;

    bool hadSystemCall() const;

    void hadSystemCall(bool);

    ExecutionEventPtr hadSharedMemoryAccess() const;

    void hadSharedMemoryAccess(const ExecutionEventPtr&);

    bool isRecursive() const;

    void isRecursive(bool);

    size_t wordSizeBits() const;


    RegisterDictionaryPtr registerDictionary() const;


    void createInputVariables(const SmtSolver::Ptr&);


    void restoreInputVariables(const SmtSolver::Ptr&);


    void printInputVariables(std::ostream&) const;


    void printAssertions(std::ostream&) const;


public:

    // Base class overrides -- the acutal RISC operations


    virtual void startInstruction(SgAsmInstruction*) override;


    virtual void interrupt(int majr, int minr) override;


    virtual InstructionSemantics::BaseSemantics::SValuePtr

    readRegister(RegisterDescriptor reg, const InstructionSemantics::BaseSemantics::SValuePtr &dflt) override;


    virtual InstructionSemantics::BaseSemantics::SValuePtr

    readRegister(RegisterDescriptor reg) override;


    virtual InstructionSemantics::BaseSemantics::SValuePtr

    peekRegister(RegisterDescriptor reg, const InstructionSemantics::BaseSemantics::SValuePtr &dflt) override;


    virtual void

    writeRegister(RegisterDescriptor, const InstructionSemantics::BaseSemantics::SValuePtr&) override;


    virtual InstructionSemantics::BaseSemantics::SValuePtr

    readMemory(RegisterDescriptor segreg, const InstructionSemantics::BaseSemantics::SValuePtr &addr,

               const InstructionSemantics::BaseSemantics::SValuePtr &dflt,

               const InstructionSemantics::BaseSemantics::SValuePtr &cond) override;


    virtual InstructionSemantics::BaseSemantics::SValuePtr

    peekMemory(RegisterDescriptor segreg, const InstructionSemantics::BaseSemantics::SValuePtr &addr,

               const InstructionSemantics::BaseSemantics::SValuePtr &dflt) override;


    virtual void

    writeMemory(RegisterDescriptor segreg, const InstructionSemantics::BaseSemantics::SValuePtr &addr,

                const InstructionSemantics::BaseSemantics::SValuePtr &value,

                const InstructionSemantics::BaseSemantics::SValuePtr &cond) override;


    // Call this when the concrete simulation exits.

    void doExit(uint64_t);

};


using DispatcherPtr = Sawyer::SharedPointer<class Dispatcher>;


class Dispatcher: public Sawyer::SharedObject {

public:

    using Ptr = DispatcherPtr;


private:

    InstructionSemantics::BaseSemantics::DispatcherPtr inner_;


protected:

    explicit Dispatcher(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&, const ArchitecturePtr&);

public:

    ~Dispatcher();


public:

    static Ptr instance(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&, const ArchitecturePtr&);


public:

    // These functions are similar to InstructionSemantics::BaseSemantics::Dispatcher

    InstructionSemantics::BaseSemantics::RiscOperators::Ptr operators() const;


public:

    Address concreteInstructionPointer() const;


    bool isTerminated() const;


    RiscOperatorsPtr emulationOperators() const;


    static RiscOperatorsPtr unwrapEmulationOperators(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&);


    virtual void processInstruction(SgAsmInstruction*);


    void processConcreteInstruction(SgAsmInstruction*);


    RegisterDictionaryPtr registerDictionary() const;

};


} // namespace

} // namespace

} // namespace

} // namespace


#endif

#endif

Sawyer::SharedObject
Base class for reference counted objects.
Definition SharedObject.h:64

Sawyer::SharedPointer
Reference-counting intrusive smart pointer.
Definition SharedPointer.h:65

SgAsmInstruction
Base class for machine instructions.
Definition binaryInstruction.C:44827

Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::DispatcherPtr
boost::shared_ptr< Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
Definition Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h:80

Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::MemoryStatePtr
boost::shared_ptr< class MemoryState > MemoryStatePtr
Shared-ownership pointer to a concrete memory state.
Definition ConcreteSemantics.h:146

Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperatorsPtr
boost::shared_ptr< class RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to concrete RISC operations.
Definition ConcreteSemantics.h:284

Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::SValuePtr
Sawyer::SharedPointer< class SValue > SValuePtr
Smart-ownership pointer to a concrete semantic value.
Definition ConcreteSemantics.h:27

Rose::BinaryAnalysis::Strings::State
State
Decoder state.
Definition String.h:198

Rose::BinaryAnalysis::SymbolicExpression::Ptr
Sawyer::SharedPointer< Node > Ptr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:114

Rose::BinaryAnalysis::Address
std::uint64_t Address
Address.
Definition Address.h:11

Rose::BinaryAnalysis::SmtSolverPtr
std::shared_ptr< SmtSolver > SmtSolverPtr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:59

Rose::BinaryAnalysis::RegisterDictionaryPtr
Sawyer::SharedPointer< RegisterDictionary > RegisterDictionaryPtr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:48

Rose
The ROSE library.
Definition BinaryTutorial.dox:3

Rosebud::settings
Settings settings
Command-line settings for the rosebud tool.