ROSE 0.11.145.290
Partitioner2/DataFlow.h
1#ifndef ROSE_BinaryAnalysis_Partitioner2_DataFlow_H
2#define ROSE_BinaryAnalysis_Partitioner2_DataFlow_H
3#include <featureTests.h>
4#ifdef ROSE_ENABLE_BINARY_ANALYSIS
5#include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>
6#include <Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h>
7
8#include <Rose/BinaryAnalysis/DataFlow.h>
9#include <Rose/BinaryAnalysis/Variables.h>
10#include <Sawyer/Graph.h>
11
12#include <ostream>
13#include <string>
14
15namespace Rose {
16namespace BinaryAnalysis {
17namespace Partitioner2 {
18
20namespace DataFlow {
21
23// Control Flow Graph
25
29class DfCfgVertex {
30public:
38
39private:
40 Type type_;
41 BasicBlockPtr bblock_; // attached to BBLOCK vertices
42 FunctionPtr callee_; // function represented by FAKED_CALL
43 FunctionPtr parentFunction_; // function "owning" this vertex
44 size_t inliningId_; // invocation ID for inlining functions during inter-procedural
45
46public:
47 ~DfCfgVertex();
48
50 DfCfgVertex(const BasicBlockPtr&, const FunctionPtr &parentFunction, size_t inliningId);
51
53 DfCfgVertex(const FunctionPtr &function, const FunctionPtr &parentFunction, size_t inliningId);
54
56 DfCfgVertex(Type type, const FunctionPtr &parentFunction, size_t inliningId);
57
61 Type type() const;
62
67 const BasicBlockPtr& bblock() const;
68
70 const FunctionPtr& callee() const;
71
77 FunctionPtr parentFunction() const;
78
84 size_t inliningId() const;
85
89 Sawyer::Optional<Address> address() const;
90
94 void print(std::ostream&) const;
95
99 std::string toString() const;
100};
101
123using DfCfg = Sawyer::Container::Graph<DfCfgVertex>;
124
130class InterproceduralPredicate {
131public:
132 virtual ~InterproceduralPredicate() {}
133 virtual bool operator()(const ControlFlowGraph&, const ControlFlowGraph::ConstEdgeIterator&, size_t depth) = 0;
134};
135
137class NotInterprocedural: public InterproceduralPredicate {
138public:
139 bool operator()(const ControlFlowGraph&, const ControlFlowGraph::ConstEdgeIterator&, size_t /*depth*/) override {
140 return false;
141 }
142};
143extern NotInterprocedural NOT_INTERPROCEDURAL;
144
146std::vector<SgAsmInstruction*> vertexUnpacker(const DfCfgVertex&);
147
154DfCfg buildDfCfg(const PartitionerConstPtr&, const ControlFlowGraph&, const ControlFlowGraph::ConstVertexIterator &startVertex,
155 InterproceduralPredicate &predicate = NOT_INTERPROCEDURAL);
156
158void dumpDfCfg(std::ostream&, const DfCfg&);
159
165FunctionPtr bestSummaryFunction(const FunctionSet &functions);
166
172template<class DfCfg>
173typename Sawyer::Container::GraphTraits<DfCfg>::VertexIterator
174findReturnVertex(DfCfg &dfCfg) {
175 using namespace Sawyer::Container;
176 typename GraphTraits<DfCfg>::VertexIterator retval = dfCfg.vertices().end();
177 for (typename GraphTraits<DfCfg>::VertexIterator vi = dfCfg.vertices().begin(); vi != dfCfg.vertices().end(); ++vi) {
178 if (vi->value().type() == DfCfgVertex::FUNCRET) {
179 ASSERT_require(retval == dfCfg.vertices().end());
180 retval = vi;
181 }
182 }
183 return retval;
184}
185
187// Transfer function
188//
189// The transfer function is reponsible for taking a CFG vertex and an initial state and producing the next state, the final
190// state for that vertex. Users can use whatever transfer function they want; this one is based on the DfCfg and an
191// instruction semantics state.
193
195class TransferFunction {
196 InstructionSemantics::BaseSemantics::DispatcherPtr cpu_;
197 InstructionSemantics::BaseSemantics::SValuePtr callRetAdjustment_;
198 const RegisterDescriptor STACK_POINTER_REG;
199 const RegisterDescriptor INSN_POINTER_REG;
200 CallingConvention::DefinitionPtr defaultCallingConvention_;
201 bool ignoringSemanticFailures_;
202
203public:
204 ~TransferFunction();
205
209 explicit TransferFunction(const InstructionSemantics::BaseSemantics::DispatcherPtr&);
210
212 InstructionSemantics::BaseSemantics::StatePtr initialState() const;
213
217 InstructionSemantics::BaseSemantics::DispatcherPtr cpu() const;
218
227 CallingConvention::DefinitionPtr defaultCallingConvention() const;
228 void defaultCallingConvention(const CallingConvention::DefinitionPtr&);
238 bool ignoringSemanticFailures() const;
239 void ignoringSemanticFailures(bool);
242 // Required by data-flow engine
243 std::string toString(const InstructionSemantics::BaseSemantics::StatePtr &state);
244
245 // Required by data-flow engine: compute new output state given a vertex and input state.
246 InstructionSemantics::BaseSemantics::StatePtr
247 operator()(const DfCfg&, size_t vertexId, const InstructionSemantics::BaseSemantics::StatePtr &incomingState) const;
248};
249
254typedef Rose::BinaryAnalysis::DataFlow::SemanticsMerge MergeFunction;
255
257using Engine = Rose::BinaryAnalysis::DataFlow::Engine<DfCfg,
258 InstructionSemantics::BaseSemantics::StatePtr,
259 TransferFunction,
260 MergeFunction>;
261
273Variables::StackVariables findStackVariables(const FunctionPtr &function,
274 const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops,
275 const InstructionSemantics::BaseSemantics::SValuePtr &initialStackPointer);
276
281Variables::StackVariables findLocalVariables(const FunctionPtr &function,
282 const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops,
283 const InstructionSemantics::BaseSemantics::SValuePtr &initialStackPointer);
284
290Variables::StackVariables findFunctionArguments(const FunctionPtr &function,
291 const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops,
292 const InstructionSemantics::BaseSemantics::SValuePtr &initialStackPointer);
293
298std::vector<AbstractLocation> findGlobalVariables(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops,
299 size_t wordNBytes);
300
301} // namespace
302} // namespace
303} // namespace
304} // namespace
305
306#endif
307#endif
Rose::BinaryAnalysis::DataFlow::SemanticsMerge
Basic merge operation for instruction semantics.
Definition DataFlow.h:217
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::address
Sawyer::Optional< Address > address() const
Virtual address of vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::DfCfgVertex
DfCfgVertex(const BasicBlockPtr &, const FunctionPtr &parentFunction, size_t inliningId)
Construct a basic block vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::toString
std::string toString() const
Single-line description of this vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::print
void print(std::ostream &) const
Print a short description of this vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::DfCfgVertex
DfCfgVertex(Type type, const FunctionPtr &parentFunction, size_t inliningId)
Construct a vertex of specified type that takes no auxiliary data.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::parentFunction
FunctionPtr parentFunction() const
Function owning this vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::inliningId
size_t inliningId() const
Inlining invocation number.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::DfCfgVertex
DfCfgVertex(const FunctionPtr &function, const FunctionPtr &parentFunction, size_t inliningId)
Construct a faked call vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::FUNCRET
@ FUNCRET
Vertex represents returning to the caller.
Definition Partitioner2/DataFlow.h:35
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::INDET
@ INDET
Indeterminate basic block where no information is available.
Definition Partitioner2/DataFlow.h:36
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::callee
const FunctionPtr & callee() const
Function represented by faked call.
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfgVertex::bblock
const BasicBlockPtr & bblock() const
Basic block.
Rose::BinaryAnalysis::Partitioner2::DataFlow::InterproceduralPredicate
Predicate that decides when to use inter-procedural data-flow.
Definition Partitioner2/DataFlow.h:130
Rose::BinaryAnalysis::Partitioner2::DataFlow::NotInterprocedural
Predicate that always returns false, preventing interprocedural analysis.
Definition Partitioner2/DataFlow.h:137
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::ignoringSemanticFailures
void ignoringSemanticFailures(bool)
Property: Whether to ignore instructions with unknown semantics.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::cpu
InstructionSemantics::BaseSemantics::DispatcherPtr cpu() const
Property: Virtual CPU.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::ignoringSemanticFailures
bool ignoringSemanticFailures() const
Property: Whether to ignore instructions with unknown semantics.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::TransferFunction
TransferFunction(const InstructionSemantics::BaseSemantics::DispatcherPtr &)
Construct from a CPU.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::defaultCallingConvention
void defaultCallingConvention(const CallingConvention::DefinitionPtr &)
Property: Default calling convention.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::initialState
InstructionSemantics::BaseSemantics::StatePtr initialState() const
Construct an initial state.
Rose::BinaryAnalysis::Partitioner2::DataFlow::TransferFunction::defaultCallingConvention
CallingConvention::DefinitionPtr defaultCallingConvention() const
Property: Default calling convention.
Rose::BinaryAnalysis::RegisterDescriptor
Describes (part of) a physical CPU register.
Definition RegisterDescriptor.h:31
Sawyer::Container::Graph
Graph containing user-defined vertices and edges.
Definition Graph.h:634
Sawyer::Container::Graph::vertices
boost::iterator_range< VertexIterator > vertices()
Iterators for all vertices.
Definition Graph.h:1538
Sawyer::Optional
Holds a value or nothing.
Definition Optional.h:56
Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperatorsPtr
boost::shared_ptr< RiscOperators > RiscOperatorsPtr
Shared-ownership pointer to a RISC operators object.
Definition Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h:77
Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::DispatcherPtr
boost::shared_ptr< Dispatcher > DispatcherPtr
Shared-ownership pointer to a semantics instruction dispatcher.
Definition Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/BasicTypes.h:80
Rose::BinaryAnalysis::Partitioner2::DataFlow::vertexUnpacker
std::vector< SgAsmInstruction * > vertexUnpacker(const DfCfgVertex &)
Unpacks a vertex into a list of instructions.
Rose::BinaryAnalysis::Partitioner2::DataFlow::bestSummaryFunction
FunctionPtr bestSummaryFunction(const FunctionSet &functions)
Choose best function for data-flow summary vertex.
Rose::BinaryAnalysis::Partitioner2::DataFlow::findFunctionArguments
Variables::StackVariables findFunctionArguments(const FunctionPtr &function, const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops, const InstructionSemantics::BaseSemantics::SValuePtr &initialStackPointer)
Returns the list of all known function arguments.
Rose::BinaryAnalysis::Partitioner2::DataFlow::findStackVariables
Variables::StackVariables findStackVariables(const FunctionPtr &function, const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops, const InstructionSemantics::BaseSemantics::SValuePtr &initialStackPointer)
Returns the list of all known stack variables.
Rose::BinaryAnalysis::Partitioner2::DataFlow::MergeFunction
Rose::BinaryAnalysis::DataFlow::SemanticsMerge MergeFunction
Data-flow merge function.
Definition Partitioner2/DataFlow.h:254
Rose::BinaryAnalysis::Partitioner2::DataFlow::DfCfg
Sawyer::Container::Graph< DfCfgVertex > DfCfg
Control flow graph used by data-flow analysis.
Definition Partitioner2/DataFlow.h:123
Rose::BinaryAnalysis::Partitioner2::DataFlow::findGlobalVariables
std::vector< AbstractLocation > findGlobalVariables(const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops, size_t wordNBytes)
Returns a list of global variables.
Rose::BinaryAnalysis::Partitioner2::DataFlow::findReturnVertex
Sawyer::Container::GraphTraits< DfCfg >::VertexIterator findReturnVertex(DfCfg &dfCfg)
Find the return vertex.
Definition Partitioner2/DataFlow.h:174
Rose::BinaryAnalysis::Partitioner2::DataFlow::buildDfCfg
DfCfg buildDfCfg(const PartitionerConstPtr &, const ControlFlowGraph &, const ControlFlowGraph::ConstVertexIterator &startVertex, InterproceduralPredicate &predicate=NOT_INTERPROCEDURAL)
build a cfg useful for data-flow analysis.
Rose::BinaryAnalysis::Partitioner2::DataFlow::findLocalVariables
Variables::StackVariables findLocalVariables(const FunctionPtr &function, const InstructionSemantics::BaseSemantics::RiscOperatorsPtr &ops, const InstructionSemantics::BaseSemantics::SValuePtr &initialStackPointer)
Returns the list of all known local variables.
Rose::BinaryAnalysis::Partitioner2::DataFlow::dumpDfCfg
void dumpDfCfg(std::ostream &, const DfCfg &)
Emit a data-flow CFG as a GraphViz file.
Rose
The ROSE library.
Definition BinaryTutorial.dox:3
Sawyer::Container
Container classes that store user-defined values.
Definition AddressMap.h:31
Sawyer::Container::GraphTraits::VertexIterator
G::VertexIterator VertexIterator
Const or non-const vertex iterator.
Definition Graph.h:292
Generated on Sun Jul 6 2025 23:39:59 for ROSE by doxygen 1.9.8