ROSE 0.11.145.147
Emulation.h
1#ifndef ROSE_BinaryAnalysis_Concolic_Emulation_H
2#define ROSE_BinaryAnalysis_Concolic_Emulation_H
3#include <featureTests.h>
4#ifdef ROSE_ENABLE_CONCOLIC_TESTING
5#include <Rose/BinaryAnalysis/Concolic/BasicTypes.h>
6
7#include <Rose/BinaryAnalysis/BasicTypes.h>
8#include <Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h>
9#include <Rose/BinaryAnalysis/InstructionSemantics/SymbolicSemantics.h>
10#include <Sawyer/FileSystem.h>
11
12namespace Rose {
13namespace BinaryAnalysis {
14namespace Concolic {
15
17namespace Emulation {
18
19typedef InstructionSemantics::SymbolicSemantics::Formatter SValueFormatter;
20typedef InstructionSemantics::SymbolicSemantics::SValuePtr SValuePtr;
21typedef InstructionSemantics::SymbolicSemantics::SValue SValue;
22typedef InstructionSemantics::SymbolicSemantics::RegisterStatePtr RegisterStatePtr;
23typedef InstructionSemantics::SymbolicSemantics::RegisterState RegisterState;
24typedef InstructionSemantics::SymbolicSemantics::MemoryStatePtr MemoryStatePtr;
25typedef InstructionSemantics::SymbolicSemantics::MemoryState MemoryState;
26typedef InstructionSemantics::SymbolicSemantics::StatePtr StatePtr;
27typedef InstructionSemantics::SymbolicSemantics::State State;
30class Exit: public Exception {
31 uint64_t status_;
32
33public:
34 explicit Exit(uint64_t status)
35 : Exception("subordinate exit"), status_(status) {}
36
37 ~Exit() throw () {}
38
40 uint64_t status() const {
41 return status_;
42 }
43};
44
46class RiscOperators: public InstructionSemantics::SymbolicSemantics::RiscOperators {
47public:
49 using Ptr = RiscOperatorsPtr;
50
52 typedef InstructionSemantics::SymbolicSemantics::RiscOperators Super;
53
55 const RegisterDescriptor REG_PATH;
56
58 struct Settings {
59 };
60
61private:
62 Settings settings_; // emulation settings
63 DatabasePtr db_; // concolic database connection
64 TestCasePtr testCase_; // test case whose instructions are being processed
65 Partitioner2::PartitionerConstPtr partitioner_; // ROSE disassembly info about the specimen
66 ArchitecturePtr process_; // subordinate process, concrete state
67 bool hadSystemCall_ = false; // true if we need to call process_->systemCall, cleared each insn
68 ExecutionEventPtr hadSharedMemoryAccess_; // set when shared memory is read, cleared each instruction
69 bool isRecursive_ = false; // if set, avoid calling user-defined functions
70
71protected:
73 RiscOperators(const Settings&, const DatabasePtr&, const TestCasePtr&, const Partitioner2::PartitionerConstPtr&,
74 const ArchitecturePtr&, const InstructionSemantics::BaseSemantics::StatePtr&, const SmtSolverPtr&);
75public:
76 ~RiscOperators();
77
78public:
80 static RiscOperatorsPtr instance(const Settings &settings, const DatabasePtr&, const TestCasePtr&,
81 const Partitioner2::PartitionerConstPtr&, const ArchitecturePtr &process,
82 const InstructionSemantics::BaseSemantics::SValuePtr &protoval,
83 const SmtSolverPtr &solver = SmtSolverPtr());
84
86 static RiscOperatorsPtr promote(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&);
87
88 // Overrides documented in base class
89 virtual InstructionSemantics::BaseSemantics::RiscOperatorsPtr
90 create(const InstructionSemantics::BaseSemantics::SValuePtr &/*protoval*/,
91 const SmtSolverPtr& = SmtSolverPtr()) const override;
92 virtual InstructionSemantics::BaseSemantics::RiscOperatorsPtr
93 create(const InstructionSemantics::BaseSemantics::StatePtr &/*state*/,
94 const SmtSolverPtr& = SmtSolverPtr()) const override;
95
96public:
100 const Settings& settings() const;
101
103 Partitioner2::PartitionerConstPtr partitioner() const;
104
106 TestCasePtr testCase() const;
107
109 DatabasePtr database() const;
110
112 ArchitecturePtr process() const;
113
119 InputVariablesPtr inputVariables() const;
129 bool hadSystemCall() const;
130 void hadSystemCall(bool);
139 ExecutionEventPtr hadSharedMemoryAccess() const;
140 void hadSharedMemoryAccess(const ExecutionEventPtr&);
149 bool isRecursive() const;
150 void isRecursive(bool);
157 size_t wordSizeBits() const;
158
160 RegisterDictionaryPtr registerDictionary() const;
161
167 void createInputVariables(const SmtSolver::Ptr&);
168
172 void restoreInputVariables(const SmtSolver::Ptr&);
173
177 void printInputVariables(std::ostream&) const;
178
180 void printAssertions(std::ostream&) const;
181
182public:
183 // Base class overrides -- the acutal RISC operations
184
185 virtual void startInstruction(SgAsmInstruction*) override;
186
187 virtual void interrupt(int majr, int minr) override;
188
189 virtual InstructionSemantics::BaseSemantics::SValuePtr
190 readRegister(RegisterDescriptor reg, const InstructionSemantics::BaseSemantics::SValuePtr &dflt) override;
191
192 virtual InstructionSemantics::BaseSemantics::SValuePtr
193 readRegister(RegisterDescriptor reg) override;
194
195 virtual InstructionSemantics::BaseSemantics::SValuePtr
196 peekRegister(RegisterDescriptor reg, const InstructionSemantics::BaseSemantics::SValuePtr &dflt) override;
197
198 virtual void
199 writeRegister(RegisterDescriptor, const InstructionSemantics::BaseSemantics::SValuePtr&) override;
200
201 virtual InstructionSemantics::BaseSemantics::SValuePtr
202 readMemory(RegisterDescriptor segreg, const InstructionSemantics::BaseSemantics::SValuePtr &addr,
203 const InstructionSemantics::BaseSemantics::SValuePtr &dflt,
204 const InstructionSemantics::BaseSemantics::SValuePtr &cond) override;
205
206 virtual InstructionSemantics::BaseSemantics::SValuePtr
207 peekMemory(RegisterDescriptor segreg, const InstructionSemantics::BaseSemantics::SValuePtr &addr,
208 const InstructionSemantics::BaseSemantics::SValuePtr &dflt) override;
209
210 virtual void
211 writeMemory(RegisterDescriptor segreg, const InstructionSemantics::BaseSemantics::SValuePtr &addr,
212 const InstructionSemantics::BaseSemantics::SValuePtr &value,
213 const InstructionSemantics::BaseSemantics::SValuePtr &cond) override;
214
215 // Call this when the concrete simulation exits.
216 void doExit(uint64_t);
217};
218
220using DispatcherPtr = Sawyer::SharedPointer<class Dispatcher>;
221
222class Dispatcher: public Sawyer::SharedObject {
223public:
224 using Ptr = DispatcherPtr;
225
226private:
227 InstructionSemantics::BaseSemantics::DispatcherPtr inner_;
228
229protected:
230 explicit Dispatcher(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&, const ArchitecturePtr&);
231public:
232 ~Dispatcher();
233
234public:
235 static Ptr instance(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&, const ArchitecturePtr&);
236
237public:
238 // These functions are similar to InstructionSemantics::BaseSemantics::Dispatcher
239 InstructionSemantics::BaseSemantics::RiscOperators::Ptr operators() const;
240
241public:
243 rose_addr_t concreteInstructionPointer() const;
244
249 bool isTerminated() const;
250
255 RiscOperatorsPtr emulationOperators() const;
256
258 static RiscOperatorsPtr unwrapEmulationOperators(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr&);
259
261 virtual void processInstruction(SgAsmInstruction*);
262
264 void processConcreteInstruction(SgAsmInstruction*);
265
267 RegisterDictionaryPtr registerDictionary() const;
268};
269
270} // namespace
271} // namespace
272} // namespace
273} // namespace
274
275#endif
276#endif
Sawyer::SharedObject
Base class for reference counted objects.
Definition SharedObject.h:64
Sawyer::SharedPointer
Reference-counting intrusive smart pointer.
Definition SharedPointer.h:65
SgAsmInstruction
Base class for machine instructions.
Definition binaryInstruction.C:43518
Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::DispatcherPtr
boost::shared_ptr< Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
Definition Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h:69
Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::MemoryStatePtr
boost::shared_ptr< class MemoryState > MemoryStatePtr
Shared-ownership pointer to a concrete memory state.
Definition ConcreteSemantics.h:146
Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperatorsPtr
boost::shared_ptr< class RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to concrete RISC operations.
Definition ConcreteSemantics.h:284
Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::SValuePtr
Sawyer::SharedPointer< class SValue > SValuePtr
Smart-ownership pointer to a concrete semantic value.
Definition ConcreteSemantics.h:27
Rose::BinaryAnalysis::SymbolicExpression::Ptr
Sawyer::SharedPointer< Node > Ptr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:109
Rose::BinaryAnalysis::SmtSolverPtr
std::shared_ptr< SmtSolver > SmtSolverPtr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:57
Rose::BinaryAnalysis::RegisterDictionaryPtr
Sawyer::SharedPointer< RegisterDictionary > RegisterDictionaryPtr
Reference counting pointer.
Definition Rose/BinaryAnalysis/BasicTypes.h:46
Rose
The ROSE library.
Definition BinaryTutorial.dox:3
Rosebud::settings
Settings settings
Command-line settings for the rosebud tool.
Generated on Mon Sep 30 2024 03:25:28 for ROSE by doxygen 1.9.8