ROSE  0.11.87.0
Classes | Public Types | Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators Class Referenceabstract

Description

Base class for most instruction semantics RISC operators.

This class is responsible for defining the semantics of the RISC-like operations invoked by the translation object (e.g., X86InstructionSemantics). We omit the definitions for most of the RISC operations from the base class so that failure to implement them in a subclass is an error.

RISC operator arguments are, in general, SValue pointers. However, if the width of a RISC operator's result depends on an argument's value (as opposed to depending on the argument width), then that argument must be a concrete value (i.e., an integral type). This requirement is due to the fact that SMT solvers need to know the sizes of their bit vectors. Operators extract, unsignedExtend, signExtend, readRegister, and readMemory fall into this category.

Operators with side effects (writeRegister, writeMemory, and possibly others) usually modify a State object pointed to by the currentState property. Keeping side effects in states allows RiscOperators to be used in data-flow analysis where meeting control flow edges cause states to be merged. Side effects that don't need to be part of a data-flow can be stored elsewhere, such as data members of a subclass or the initialState property.

RiscOperator objects are allocated on the heap and reference counted. The BaseSemantics::RiscOperator is an abstract class that defines the interface. See the Rose::BinaryAnalysis::InstructionSemantics2 namespace for an overview of how the parts fit together.

Definition at line 48 of file RiscOperators.h.

#include <Rose/BinaryAnalysis/InstructionSemantics2/BaseSemantics/RiscOperators.h>

Inheritance diagram for Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators:
Inheritance graph
[legend]
Collaboration diagram for Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators:
Collaboration graph
[legend]

Classes

class  WithFormatter
 RiscOperators with formatter. More...
 

Public Types

using Ptr = RiscOperatorsPtr
 Shared-ownership pointer for a RiscOperators object. More...
 

Public Member Functions

virtual RiscOperatorsPtr create (const SValuePtr &protoval, const SmtSolverPtr &solver=SmtSolverPtr()) const =0
 Virtual allocating constructor. More...
 
virtual RiscOperatorsPtr create (const StatePtr &state, const SmtSolverPtr &solver=SmtSolverPtr()) const =0
 Virtual allocating constructor. More...
 
virtual SValuePtr protoval () const
 Property: Prototypical semantic value. More...
 
virtual void hash (Combinatorics::Hasher &)
 Compute hash of current state. More...
 
virtual void startInstruction (SgAsmInstruction *insn)
 Called at the beginning of every instruction. More...
 
virtual void finishInstruction (SgAsmInstruction *insn)
 Called at the end of every instruction. More...
 
virtual SValuePtr number_ (size_t nbits, uint64_t value)
 Returns a number of the specified bit width. More...
 
virtual SValuePtr boolean_ (bool value)
 Returns a Boolean value. More...
 
virtual SValuePtr bottom_ (size_t nbits)
 Returns a data-flow bottom value. More...
 
virtual SValuePtr filterCallTarget (const SValuePtr &a)
 Invoked to filter call targets. More...
 
virtual SValuePtr filterReturnTarget (const SValuePtr &a)
 Invoked to filter return targets. More...
 
virtual SValuePtr filterIndirectJumpTarget (const SValuePtr &a)
 Invoked to filter indirect jumps. More...
 
virtual void hlt ()
 Invoked for the x86 HLT instruction. More...
 
virtual void cpuid ()
 Invoked for the x86 CPUID instruction. More...
 
virtual SValuePtr rdtsc ()
 Invoked for the x86 RDTSC instruction. More...
 
virtual SValuePtr and_ (const SValuePtr &a, const SValuePtr &b)=0
 Computes bit-wise AND of two values. More...
 
virtual SValuePtr or_ (const SValuePtr &a, const SValuePtr &b)=0
 Computes bit-wise OR of two values. More...
 
virtual SValuePtr xor_ (const SValuePtr &a, const SValuePtr &b)=0
 Computes bit-wise XOR of two values. More...
 
virtual SValuePtr invert (const SValuePtr &a)=0
 One's complement. More...
 
virtual SValuePtr extract (const SValuePtr &a, size_t begin_bit, size_t end_bit)=0
 Extracts bits from a value. More...
 
virtual SValuePtr concat (const SValuePtr &lowBits, const SValuePtr &highBits)=0
 Concatenates the bits of two values. More...
 
virtual std::pair< SValuePtr, SValuePtrsplit (const SValuePtr &a, size_t splitPoint)
 Split a value into two narrower values. More...
 
virtual SValuePtr leastSignificantSetBit (const SValuePtr &a)=0
 Returns position of least significant set bit; zero when no bits are set. More...
 
virtual SValuePtr mostSignificantSetBit (const SValuePtr &a)=0
 Returns position of most significant set bit; zero when no bits are set. More...
 
virtual SValuePtr countLeadingZeros (const SValuePtr &a)
 Count leading zero bits. More...
 
virtual SValuePtr countLeadingOnes (const SValuePtr &a)
 Count leading one bits. More...
 
virtual SValuePtr rotateLeft (const SValuePtr &a, const SValuePtr &nbits)=0
 Rotate bits to the left. More...
 
virtual SValuePtr rotateRight (const SValuePtr &a, const SValuePtr &nbits)=0
 Rotate bits to the right. More...
 
virtual SValuePtr shiftLeft (const SValuePtr &a, const SValuePtr &nbits)=0
 Returns arg shifted left. More...
 
virtual SValuePtr shiftRight (const SValuePtr &a, const SValuePtr &nbits)=0
 Returns arg shifted right logically (no sign bit). More...
 
virtual SValuePtr shiftRightArithmetic (const SValuePtr &a, const SValuePtr &nbits)=0
 Returns arg shifted right arithmetically (with sign bit). More...
 
virtual SValuePtr reverseElmts (const SValuePtr &a, size_t elmtNBits)
 Reverse parts of a value. More...
 
virtual SValuePtr equalToZero (const SValuePtr &a)=0
 Determines whether a value is equal to zero. More...
 
virtual SValuePtr ite (const SValuePtr &cond, const SValuePtr &a, const SValuePtr &b)=0
 If-then-else. More...
 
virtual SValuePtr unsignedExtend (const SValuePtr &a, size_t new_width)
 Extend (or shrink) operand a so it is nbits wide by adding or removing high-order bits. More...
 
virtual SValuePtr signExtend (const SValuePtr &a, size_t new_width)=0
 Sign extends a value. More...
 
virtual SValuePtr add (const SValuePtr &a, const SValuePtr &b)=0
 Adds two integers of equal size. More...
 
virtual SValuePtr addCarry (const SValuePtr &a, const SValuePtr &b, SValuePtr &carryOut, SValuePtr &overflowed)
 Adds two integers of equal size and carry. More...
 
virtual SValuePtr subtract (const SValuePtr &minuend, const SValuePtr &subtrahend)
 Subtract one value from another. More...
 
virtual SValuePtr subtractCarry (const SValuePtr &minuend, const SValuePtr &subtrahend, SValuePtr &carryOut, SValuePtr &overflowed)
 Subtract one value from another and carry. More...
 
virtual SValuePtr addWithCarries (const SValuePtr &a, const SValuePtr &b, const SValuePtr &c, SValuePtr &carry_out)=0
 Add two values of equal size and a carry bit. More...
 
virtual SValuePtr negate (const SValuePtr &a)=0
 Two's complement. More...
 
virtual SValuePtr signedDivide (const SValuePtr &dividend, const SValuePtr &divisor)=0
 Divides two signed values. More...
 
virtual SValuePtr signedModulo (const SValuePtr &a, const SValuePtr &b)=0
 Calculates modulo with signed values. More...
 
virtual SValuePtr signedMultiply (const SValuePtr &a, const SValuePtr &b)=0
 Multiplies two signed values. More...
 
virtual SValuePtr unsignedDivide (const SValuePtr &dividend, const SValuePtr &divisor)=0
 Divides two unsigned values. More...
 
virtual SValuePtr unsignedModulo (const SValuePtr &a, const SValuePtr &b)=0
 Calculates modulo with unsigned values. More...
 
virtual SValuePtr unsignedMultiply (const SValuePtr &a, const SValuePtr &b)=0
 Multiply two unsigned values. More...
 
virtual void interrupt (int majr, int minr)
 Invoked for instructions that cause an interrupt. More...
 
virtual void interrupt (const SValuePtr &majr, const SValuePtr &minr, const SValuePtr &enabled)
 Invoked for instructions that cause an interrupt. More...
 
virtual SValuePtr fpFromInteger (const SValuePtr &intValue, SgAsmFloatType *fpType)
 Construct a floating-point value from an integer value. More...
 
virtual SValuePtr fpToInteger (const SValuePtr &fpValue, SgAsmFloatType *fpType, const SValuePtr &dflt)
 Construct an integer value from a floating-point value. More...
 
virtual SValuePtr fpConvert (const SValuePtr &a, SgAsmFloatType *aType, SgAsmFloatType *retType)
 Convert from one floating-point type to another. More...
 
virtual SValuePtr fpIsNan (const SValuePtr &fpValue, SgAsmFloatType *fpType)
 Whether a floating-point value is a special not-a-number bit pattern. More...
 
virtual SValuePtr fpIsDenormalized (const SValuePtr &fpValue, SgAsmFloatType *fpType)
 Whether a floating-point value is denormalized. More...
 
virtual SValuePtr fpIsZero (const SValuePtr &fpValue, SgAsmFloatType *fpType)
 Whether a floating-point value is equal to zero. More...
 
virtual SValuePtr fpIsInfinity (const SValuePtr &fpValue, SgAsmFloatType *fpType)
 Whether a floating-point value is infinity. More...
 
virtual SValuePtr fpSign (const SValuePtr &fpValue, SgAsmFloatType *fpType)
 Sign of floating-point value. More...
 
virtual SValuePtr fpEffectiveExponent (const SValuePtr &fpValue, SgAsmFloatType *fpType)
 Exponent of floating-point value. More...
 
virtual SValuePtr fpAdd (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
 Add two floating-point values. More...
 
virtual SValuePtr fpSubtract (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
 Subtract one floating-point value from another. More...
 
virtual SValuePtr fpMultiply (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
 Multiply two floating-point values. More...
 
virtual SValuePtr fpDivide (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
 Divide one floating-point value by another. More...
 
virtual SValuePtr fpSquareRoot (const SValuePtr &a, SgAsmFloatType *fpType)
 Square root. More...
 
virtual SValuePtr fpRoundTowardZero (const SValuePtr &a, SgAsmFloatType *fpType)
 Round toward zero. More...
 
virtual SValuePtr reinterpret (const SValuePtr &a, SgAsmType *retType)
 Reinterpret an expression as a different type. More...
 
virtual SValuePtr convert (const SValuePtr &a, SgAsmType *srcType, SgAsmType *dstType)
 Convert value from one type to another. More...
 
virtual void writeRegister (RegisterDescriptor reg, const SValuePtr &a)
 Writes a value to a register. More...
 
virtual SValuePtr readMemory (RegisterDescriptor segreg, const SValuePtr &addr, const SValuePtr &dflt, const SValuePtr &cond)=0
 Reads a value from memory. More...
 
virtual void writeMemory (RegisterDescriptor segreg, const SValuePtr &addr, const SValuePtr &data, const SValuePtr &cond)=0
 Writes a value to memory. More...
 
virtual SValuePtr peekMemory (RegisterDescriptor segreg, const SValuePtr &addr, const SValuePtr &dflt)=0
 Read memory without side effects. More...
 
virtual SmtSolverPtr solver () const
 Property: Satisfiability module theory (SMT) solver. More...
 
virtual void solver (const SmtSolverPtr &s)
 Property: Satisfiability module theory (SMT) solver. More...
 
const HotPatchhotPatch () const
 Property: Post-instruction hot patches. More...
 
HotPatchhotPatch ()
 Property: Post-instruction hot patches. More...
 
void hotPatch (const HotPatch &hp)
 Property: Post-instruction hot patches. More...
 
virtual StatePtr currentState () const
 Property: Current semantic state. More...
 
virtual void currentState (const StatePtr &s)
 Property: Current semantic state. More...
 
virtual StatePtr initialState () const
 Property: Optional lazily updated initial state. More...
 
virtual void initialState (const StatePtr &s)
 Property: Optional lazily updated initial state. More...
 
virtual const std::string & name () const
 Property: Name used for debugging. More...
 
virtual void name (const std::string &s)
 Property: Name used for debugging. More...
 
void print (std::ostream &stream, const std::string prefix="") const
 Print multi-line output for this object.
 
virtual void print (std::ostream &stream, Formatter &fmt) const
 Print multi-line output for this object.
 
WithFormatter with_format (Formatter &fmt)
 Used for printing RISC operators with formatting. More...
 
WithFormatter operator+ (Formatter &fmt)
 Used for printing RISC operators with formatting. More...
 
WithFormatter operator+ (const std::string &linePrefix)
 Used for printing RISC operators with formatting. More...
 
virtual size_t nInsns () const
 Property: Number of instructions processed. More...
 
virtual void nInsns (size_t n)
 Property: Number of instructions processed. More...
 
virtual SgAsmInstructioncurrentInstruction () const
 Property: Current instruction. More...
 
virtual void currentInstruction (SgAsmInstruction *insn)
 Property: Current instruction. More...
 
virtual bool isNoopRead () const
 Property: No-op read. More...
 
virtual void isNoopRead (bool b)
 Property: No-op read. More...
 
virtual SValuePtr undefined_ (size_t nbits)
 Returns a new undefined value. More...
 
virtual SValuePtr unspecified_ (size_t nbits)
 Returns a new undefined value. More...
 
virtual SValuePtr concatLoHi (const SValuePtr &lowBits, const SValuePtr &highBits)
 Aliases for concatenation. More...
 
virtual SValuePtr concatHiLo (const SValuePtr &highBits, const SValuePtr &lowBits)
 Aliases for concatenation. More...
 
virtual SValuePtr isEqual (const SValuePtr &a, const SValuePtr &b)
 Equality comparison. More...
 
virtual SValuePtr isNotEqual (const SValuePtr &a, const SValuePtr &b)
 Equality comparison. More...
 
virtual SValuePtr isUnsignedLessThan (const SValuePtr &a, const SValuePtr &b)
 Comparison for unsigned values. More...
 
virtual SValuePtr isUnsignedLessThanOrEqual (const SValuePtr &a, const SValuePtr &b)
 Comparison for unsigned values. More...
 
virtual SValuePtr isUnsignedGreaterThan (const SValuePtr &a, const SValuePtr &b)
 Comparison for unsigned values. More...
 
virtual SValuePtr isUnsignedGreaterThanOrEqual (const SValuePtr &a, const SValuePtr &b)
 Comparison for unsigned values. More...
 
virtual SValuePtr isSignedLessThan (const SValuePtr &a, const SValuePtr &b)
 Comparison for signed values. More...
 
virtual SValuePtr isSignedLessThanOrEqual (const SValuePtr &a, const SValuePtr &b)
 Comparison for signed values. More...
 
virtual SValuePtr isSignedGreaterThan (const SValuePtr &a, const SValuePtr &b)
 Comparison for signed values. More...
 
virtual SValuePtr isSignedGreaterThanOrEqual (const SValuePtr &a, const SValuePtr &b)
 Comparison for signed values. More...
 
virtual SValuePtr readRegister (RegisterDescriptor reg)
 Reads a value from a register. More...
 
virtual SValuePtr readRegister (RegisterDescriptor reg, const SValuePtr &dflt)
 Reads a value from a register. More...
 
virtual SValuePtr peekRegister (RegisterDescriptor, const SValuePtr &dflt)
 Obtain a register value without side effects. More...
 
SValuePtr peekRegister (RegisterDescriptor reg)
 Obtain a register value without side effects. More...
 

Static Public Member Functions

static RiscOperatorsPtr promote (const RiscOperatorsPtr &x)
 

Protected Member Functions

 RiscOperators (const SValuePtr &protoval, const SmtSolverPtr &solver=SmtSolverPtr())
 
 RiscOperators (const StatePtr &state, const SmtSolverPtr &solver=SmtSolverPtr())
 

Member Typedef Documentation

Shared-ownership pointer for a RiscOperators object.

See Shared ownership.

Definition at line 51 of file RiscOperators.h.

Member Function Documentation

virtual RiscOperatorsPtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::create ( const SValuePtr protoval,
const SmtSolverPtr solver = SmtSolverPtr() 
) const
pure virtual
virtual RiscOperatorsPtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::create ( const StatePtr state,
const SmtSolverPtr solver = SmtSolverPtr() 
) const
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::protoval ( ) const
inlinevirtual
virtual SmtSolverPtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::solver ( ) const
inlinevirtual

Property: Satisfiability module theory (SMT) solver.

This property holds a pointer to the satisfiability modulo theory (SMT) solver to use for certain operations. An SMT solver is optional and not all semantic domains will make use of a solver. Domains that use a solver will fall back to naive implementations when a solver is not available (for instance, equality of two values might be checked by looking at whether the values are identical).

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 140 of file RiscOperators.h.

Referenced by Rose::BinaryAnalysis::InstructionSemantics2::LlvmSemantics::RiscOperators::create(), Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators::create(), Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators::create(), Rose::BinaryAnalysis::InstructionSemantics2::NullSemantics::RiscOperators::create(), Rose::BinaryAnalysis::InstructionSemantics2::PartialSymbolicSemantics::RiscOperators::create(), Rose::BinaryAnalysis::InstructionSemantics2::IntervalSemantics::RiscOperators::create(), Rose::BinaryAnalysis::InstructionSemantics2::LlvmSemantics::RiscOperators::instance(), Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators::instance(), Rose::BinaryAnalysis::InstructionSemantics2::NullSemantics::RiscOperators::instance(), Rose::BinaryAnalysis::InstructionSemantics2::PartialSymbolicSemantics::RiscOperators::instance(), and Rose::BinaryAnalysis::InstructionSemantics2::IntervalSemantics::RiscOperators::instance().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::solver ( const SmtSolverPtr s)
inlinevirtual

Property: Satisfiability module theory (SMT) solver.

This property holds a pointer to the satisfiability modulo theory (SMT) solver to use for certain operations. An SMT solver is optional and not all semantic domains will make use of a solver. Domains that use a solver will fall back to naive implementations when a solver is not available (for instance, equality of two values might be checked by looking at whether the values are identical).

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 141 of file RiscOperators.h.

const HotPatch& Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::hotPatch ( ) const
inline

Property: Post-instruction hot patches.

The hot patches describe how to modify the current state after each instruction is executed. This is performed by the finishInstruction method.

Definition at line 150 of file RiscOperators.h.

HotPatch& Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::hotPatch ( )
inline

Property: Post-instruction hot patches.

The hot patches describe how to modify the current state after each instruction is executed. This is performed by the finishInstruction method.

Definition at line 151 of file RiscOperators.h.

void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::hotPatch ( const HotPatch hp)
inline

Property: Post-instruction hot patches.

The hot patches describe how to modify the current state after each instruction is executed. This is performed by the finishInstruction method.

Definition at line 152 of file RiscOperators.h.

virtual StatePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::currentState ( ) const
inlinevirtual

Property: Current semantic state.

This is the state upon which the RISC operations operate. The state need not be set until the first instruction is executed (and even then, some RISC operations don't need any machine state; typically, only register and memory read and write operators need state). Different state objects can be swapped in at pretty much any time. Modifying the state has no effect on this object's prototypical value which was initialized by the constructor; new states should have a prototyipcal value of the same dynamic type.

See also, initialState.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 166 of file RiscOperators.h.

Referenced by Rose::BinaryAnalysis::InstructionSemantics2::NativeSemantics::RiscOperators::process().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::currentState ( const StatePtr s)
inlinevirtual

Property: Current semantic state.

This is the state upon which the RISC operations operate. The state need not be set until the first instruction is executed (and even then, some RISC operations don't need any machine state; typically, only register and memory read and write operators need state). Different state objects can be swapped in at pretty much any time. Modifying the state has no effect on this object's prototypical value which was initialized by the constructor; new states should have a prototyipcal value of the same dynamic type.

See also, initialState.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 167 of file RiscOperators.h.

virtual StatePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::initialState ( ) const
inlinevirtual

Property: Optional lazily updated initial state.

If non-null, then any calls to readMemory or readRegister which do not find that the address or register has a value, not only instantiate the value in the current state, but also write the same value to this initial state. In effect, this is like Schrodinger's cat: every memory address and register has a value, we just don't know what it is until we try to read it. Once we read it, it becomes instantiated in the current state and the initial state. The default initial state is the null pointer.

Changing the current state does not affect the initial state. This makes it easier to use a state as part of a data-flow analysis, in which one typically swaps in different current states as the data-flow progresses.

The initial state need not be the same type as the current state, as long as they both have the same prototypical value type. For instance, a symbolic domain could use a MemoryCellList for its currentState and a state based on a MemoryMap of concrete values for its initial state, as long as those concrete values are converted to symbolic values when they're read.

Caveats: Not all semantic domains use the initial state. The order that values are added to an initial state depends on the order they're encountered during the analysis.

See also, currentState.

Example 1: Simple usage

This example, shows one way to use an initial state and the effect is has on memory and register I/O. It uses the same type for the initial state as it does for the current states.

Example 2: Advanced usage

This example is somwewhat more advanced. It uses a custom state, which is a relatively common practice of users, and augments it to do something special when it's used as an initial state. When it's used as an initial state, it sets a flag for the values produced so that an analysis can presumably detect that the value is an initial value.

Definition at line 207 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::initialState ( const StatePtr s)
inlinevirtual

Property: Optional lazily updated initial state.

If non-null, then any calls to readMemory or readRegister which do not find that the address or register has a value, not only instantiate the value in the current state, but also write the same value to this initial state. In effect, this is like Schrodinger's cat: every memory address and register has a value, we just don't know what it is until we try to read it. Once we read it, it becomes instantiated in the current state and the initial state. The default initial state is the null pointer.

Changing the current state does not affect the initial state. This makes it easier to use a state as part of a data-flow analysis, in which one typically swaps in different current states as the data-flow progresses.

The initial state need not be the same type as the current state, as long as they both have the same prototypical value type. For instance, a symbolic domain could use a MemoryCellList for its currentState and a state based on a MemoryMap of concrete values for its initial state, as long as those concrete values are converted to symbolic values when they're read.

Caveats: Not all semantic domains use the initial state. The order that values are added to an initial state depends on the order they're encountered during the analysis.

See also, currentState.

Example 1: Simple usage

This example, shows one way to use an initial state and the effect is has on memory and register I/O. It uses the same type for the initial state as it does for the current states.

Example 2: Advanced usage

This example is somwewhat more advanced. It uses a custom state, which is a relatively common practice of users, and augments it to do something special when it's used as an initial state. When it's used as an initial state, it sets a flag for the values produced so that an analysis can presumably detect that the value is an initial value.

Definition at line 208 of file RiscOperators.h.

virtual const std::string& Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::name ( ) const
inlinevirtual

Property: Name used for debugging.

This property is the name of the semantic domain and is used in diagnostic messages.

Definition at line 216 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::name ( const std::string &  s)
inlinevirtual

Property: Name used for debugging.

This property is the name of the semantic domain and is used in diagnostic messages.

Definition at line 217 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::hash ( Combinatorics::Hasher )
virtual

Compute hash of current state.

Computes a hash of the current state by hashing its registers and memory.

WithFormatter Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::with_format ( Formatter fmt)
inline

Used for printing RISC operators with formatting.

The usual way to use this is:

RiscOperatorsPtr obj = ...;
Formatter fmt = ...;
std::cout <<"The value is: " <<(*obj+fmt) <<"\n";

Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.

std::cout <<"Machine state:\n" <<*(obj + " ");

Definition at line 255 of file RiscOperators.h.

Referenced by operator+().

WithFormatter Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::operator+ ( Formatter fmt)
inline

Used for printing RISC operators with formatting.

The usual way to use this is:

RiscOperatorsPtr obj = ...;
Formatter fmt = ...;
std::cout <<"The value is: " <<(*obj+fmt) <<"\n";

Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.

std::cout <<"Machine state:\n" <<*(obj + " ");

Definition at line 256 of file RiscOperators.h.

References with_format().

WithFormatter Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::operator+ ( const std::string &  linePrefix)

Used for printing RISC operators with formatting.

The usual way to use this is:

RiscOperatorsPtr obj = ...;
Formatter fmt = ...;
std::cout <<"The value is: " <<(*obj+fmt) <<"\n";

Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.

std::cout <<"Machine state:\n" <<*(obj + " ");
virtual size_t Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::nInsns ( ) const
inlinevirtual

Property: Number of instructions processed.

This counter is incremented at the beginning of each instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 265 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::nInsns ( size_t  n)
inlinevirtual

Property: Number of instructions processed.

This counter is incremented at the beginning of each instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 266 of file RiscOperators.h.

virtual SgAsmInstruction* Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::currentInstruction ( ) const
inlinevirtual

Property: Current instruction.

Returns the instruction which is being processed. This is set by startInstruction and cleared by finishInstruction. Returns null if we are not processing an instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 275 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::currentInstruction ( SgAsmInstruction insn)
inlinevirtual

Property: Current instruction.

Returns the instruction which is being processed. This is set by startInstruction and cleared by finishInstruction. Returns null if we are not processing an instruction.

Definition at line 278 of file RiscOperators.h.

virtual bool Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isNoopRead ( ) const
inlinevirtual

Property: No-op read.

This property can be set to indicate that the next read operation(s) are part of a possible read-then-write no-op sequence. This property is normally reset at the beginning and end of each instruction by startInstruction and finishInstruction.

For example, most ARM AArch32 A32 instructions are conditionally executed. Therefore any instruction that writes to memory will either write a newly calculated value, or will write the original value. When expressed symbolically, the expression is something like (writeMemory ADDRESS (ite CONDITION VALUE (readMemory ADDRESS))). In this case, the readMemory is part of a read-then-write sequence that has no effect, and this no-op read property can be set in order to express this intent to any analysis that might be triggered by memory reads.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 296 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isNoopRead ( bool  b)
inlinevirtual

Property: No-op read.

This property can be set to indicate that the next read operation(s) are part of a possible read-then-write no-op sequence. This property is normally reset at the beginning and end of each instruction by startInstruction and finishInstruction.

For example, most ARM AArch32 A32 instructions are conditionally executed. Therefore any instruction that writes to memory will either write a newly calculated value, or will write the original value. When expressed symbolically, the expression is something like (writeMemory ADDRESS (ite CONDITION VALUE (readMemory ADDRESS))). In this case, the readMemory is part of a read-then-write sequence that has no effect, and this no-op read property can be set in order to express this intent to any analysis that might be triggered by memory reads.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 297 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::startInstruction ( SgAsmInstruction insn)
virtual

Called at the beginning of every instruction.

This method is invoked every time the translation object begins processing an instruction. Some policies use this to update a pointer to the current instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::finishInstruction ( SgAsmInstruction insn)
virtual

Called at the end of every instruction.

This method is invoked whenever the translation object ends processing for an instruction. This is not called if there's an exception during processing.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::undefined_ ( size_t  nbits)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::unspecified_ ( size_t  nbits)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::number_ ( size_t  nbits,
uint64_t  value 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::boolean_ ( bool  value)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::bottom_ ( size_t  nbits)
virtual

Returns a data-flow bottom value.

Uses the prototypical value to virtually construct a new value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::filterCallTarget ( const SValuePtr a)
virtual

Invoked to filter call targets.

This method is called whenever the translation object is about to invoke a function call. The target address is passed as an argument and a (new) target should be returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::filterReturnTarget ( const SValuePtr a)
virtual

Invoked to filter return targets.

This method is called whenever the translation object is about to return from a function call (such as for the x86 "RET" instruction). The return address is passed as an argument and a (new) return address should be returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::filterIndirectJumpTarget ( const SValuePtr a)
virtual

Invoked to filter indirect jumps.

This method is called whenever the translation object is about to unconditionally jump to a new address (such as for the x86 "JMP" instruction). The target address is passed as an argument and a (new) target address should be returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::hlt ( )
inlinevirtual
virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::cpuid ( )
inlinevirtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::rdtsc ( )
inlinevirtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::and_ ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::or_ ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::xor_ ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::invert ( const SValuePtr a)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::extract ( const SValuePtr a,
size_t  begin_bit,
size_t  end_bit 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::concat ( const SValuePtr lowBits,
const SValuePtr highBits 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::concatLoHi ( const SValuePtr lowBits,
const SValuePtr highBits 
)
inlinevirtual

Aliases for concatenation.

It's hard to remember whether the arguments of the concatenation operator are low bits followed by high bits, or high bits followed by low bits, and getting it wrong doesn't result in any kind of immediate error. This alias makes it more clear.

Definition at line 398 of file RiscOperators.h.

References concat().

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::concatHiLo ( const SValuePtr highBits,
const SValuePtr lowBits 
)
inlinevirtual

Aliases for concatenation.

It's hard to remember whether the arguments of the concatenation operator are low bits followed by high bits, or high bits followed by low bits, and getting it wrong doesn't result in any kind of immediate error. This alias makes it more clear.

Definition at line 401 of file RiscOperators.h.

References concat().

virtual std::pair<SValuePtr , SValuePtr > Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::split ( const SValuePtr a,
size_t  splitPoint 
)
virtual

Split a value into two narrower values.

Returns the two parts as a pair consisting of the low-order bits of a and the high-order bits of a. The returned low-order bits are bits zero (inclusive) to splitPoint (exclusvie) and has width splitPoint. The returned high-order bits are bits splitPoint (inclusive) to the width of a (exclusive) and has width which is the width of a minus splitPoint. This is not a pure virtual function because it can be implemented in terms of extract.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::leastSignificantSetBit ( const SValuePtr a)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::mostSignificantSetBit ( const SValuePtr a)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::countLeadingZeros ( const SValuePtr a)
virtual

Count leading zero bits.

Counts the number of consecutive clear bits starting with the msb. The return value is the same width as the argument.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::countLeadingOnes ( const SValuePtr a)
virtual

Count leading one bits.

Counts the number of consecutive set bits starting with the msb. The return value is the same width as the argument.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::rotateLeft ( const SValuePtr a,
const SValuePtr nbits 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::rotateRight ( const SValuePtr a,
const SValuePtr nbits 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::shiftLeft ( const SValuePtr a,
const SValuePtr nbits 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::shiftRight ( const SValuePtr a,
const SValuePtr nbits 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::shiftRightArithmetic ( const SValuePtr a,
const SValuePtr nbits 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::reverseElmts ( const SValuePtr a,
size_t  elmtNBits 
)
virtual

Reverse parts of a value.

This is a convenience wrapper around other operations. It splits the value a into equal sized parts, each elmtNBits in width, and reverses them to create the return value. The width of a must be a multiple of elmtNBits.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::equalToZero ( const SValuePtr a)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::ite ( const SValuePtr cond,
const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isEqual ( const SValuePtr a,
const SValuePtr b 
)
virtual

Equality comparison.

Returns a Boolean to indicate whether the relationship between a and b holds. Both operands must be the same width. It doesn't matter if they are interpreted as signed or unsigned quantities.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isNotEqual ( const SValuePtr a,
const SValuePtr b 
)
virtual

Equality comparison.

Returns a Boolean to indicate whether the relationship between a and b holds. Both operands must be the same width. It doesn't matter if they are interpreted as signed or unsigned quantities.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isUnsignedLessThan ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isUnsignedLessThanOrEqual ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isUnsignedGreaterThan ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isUnsignedGreaterThanOrEqual ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isSignedLessThan ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isSignedLessThanOrEqual ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isSignedGreaterThan ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::isSignedGreaterThanOrEqual ( const SValuePtr a,
const SValuePtr b 
)
virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::unsignedExtend ( const SValuePtr a,
size_t  new_width 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::signExtend ( const SValuePtr a,
size_t  new_width 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::add ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::addCarry ( const SValuePtr a,
const SValuePtr b,
SValuePtr carryOut,
SValuePtr overflowed 
)
virtual

Adds two integers of equal size and carry.

The width of a and b must be the same, and the resulting sum will also have the same width. Returns the sum by value and a carry-out bit by reference. An overflow bit is also returned and is useful when a and b are interpreted as signed values. This method is not pure abstract and is generally not overridden in subclasses because it can be implemented in terms of other operations.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::subtract ( const SValuePtr minuend,
const SValuePtr subtrahend 
)
virtual

Subtract one value from another.

Subtracts the subtrahend from the minuend and returns the result. The two arguments must be the same width and the return value will also be that same width. This method is not pure virtual and is not usually overridden by subclasses because it can be implemented in terms of other operations.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::subtractCarry ( const SValuePtr minuend,
const SValuePtr subtrahend,
SValuePtr carryOut,
SValuePtr overflowed 
)
virtual

Subtract one value from another and carry.

Subtracts the subtrahend from the minuend and returns the result. The two arguments must be the same width and the return value will also be that same width. A carry-out bit and overflow bit are returned by reference. The carry out bit is simply the carry out from adding the minuend and negated subtrahend. The overflow bit is set if the result would overflow the width of the return value, and is calculated as the XOR of the two most significant carray-out bits. This method is not pure virtual and is not usually overridden by subclasses because it can be implemented in terms of other operations.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::addWithCarries ( const SValuePtr a,
const SValuePtr b,
const SValuePtr c,
SValuePtr carry_out 
)
pure virtual

Add two values of equal size and a carry bit.

Carry information is returned via carry_out argument. The carry_out value is the tick marks that are written above the first addend when doing long arithmetic like a 2nd grader would do (of course, they'd probably be adding two base-10 numbers). For instance, when adding 00110110 and 11100100:

'''..'.. <-- carry tick marks: '=carry .=no carry
00110110
+ 11100100
----------
100011010

The carry_out value is 11100100.

The width of a and b must be equal; c must have a width of one bit; the return value and carry_out will be the same width as a and b. The carry_out value is allocated herein.

Implemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::IntervalSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::PartialSymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::NullSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::negate ( const SValuePtr a)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::signedDivide ( const SValuePtr dividend,
const SValuePtr divisor 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::signedModulo ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::signedMultiply ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::unsignedDivide ( const SValuePtr dividend,
const SValuePtr divisor 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::unsignedModulo ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::unsignedMultiply ( const SValuePtr a,
const SValuePtr b 
)
pure virtual
virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::interrupt ( int  majr,
int  minr 
)
inlinevirtual

Invoked for instructions that cause an interrupt.

The major and minor numbers are architecture specific. For instance, an x86 INT instruction uses major number zero and the minor number is the interrupt number (e.g., 0x80 for Linux system calls), while an x86 SYSENTER instruction uses major number one. The minr operand for INT3 is -3 to distinguish it from the one-argument "INT 3" instruction which has slightly different semantics.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::PartialSymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

Definition at line 608 of file RiscOperators.h.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::interrupt ( const SValuePtr majr,
const SValuePtr minr,
const SValuePtr enabled 
)
virtual

Invoked for instructions that cause an interrupt.

This overload is for cases when the major and minor numbers are not integers, and/or when the interrupt is conditionally executed. The default implementation just calls the concrete overload, throwing an exception if that's not possible.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpFromInteger ( const SValuePtr intValue,
SgAsmFloatType fpType 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpToInteger ( const SValuePtr fpValue,
SgAsmFloatType fpType,
const SValuePtr dflt 
)
virtual

Construct an integer value from a floating-point value.

The bits of fpValue are interpreted according to the fpType and converted to a signed integer value that fits in integerWidth bits. This is done by truncating the fractional part of the floating point number, thus rounding toward zero. If fpValue is not a number then dflt is returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpConvert ( const SValuePtr a,
SgAsmFloatType aType,
SgAsmFloatType retType 
)
virtual

Convert from one floating-point type to another.

Converts the floating-point value a having type aType to the return value having retType.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpIsNan ( const SValuePtr fpValue,
SgAsmFloatType fpType 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpIsDenormalized ( const SValuePtr fpValue,
SgAsmFloatType fpType 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpIsZero ( const SValuePtr fpValue,
SgAsmFloatType fpType 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpIsInfinity ( const SValuePtr fpValue,
SgAsmFloatType fpType 
)
virtual

Whether a floating-point value is infinity.

Returns true if the floating point value is plus or minus infinity. Querying the sign bit will return the sign of the infinity.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpSign ( const SValuePtr fpValue,
SgAsmFloatType fpType 
)
virtual

Sign of floating-point value.

Returns the value of the floating-point sign bit.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpEffectiveExponent ( const SValuePtr fpValue,
SgAsmFloatType fpType 
)
virtual

Exponent of floating-point value.

Returns the exponent of the floating point value. For normalized values this returns the stored exponent minus the exponent bias. For denormalized numbers this returns the stored exponent minus the exponent bias minus an additional amount to normalize the significand.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpAdd ( const SValuePtr a,
const SValuePtr b,
SgAsmFloatType fpType 
)
virtual

Add two floating-point values.

Adds two floating-point values that have the same type and returns the sum in the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpSubtract ( const SValuePtr a,
const SValuePtr b,
SgAsmFloatType fpType 
)
virtual

Subtract one floating-point value from another.

Subtracts b from a and returns the difference. All three floating-point values have the same type. The default implementation is in terms of negate and add.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpMultiply ( const SValuePtr a,
const SValuePtr b,
SgAsmFloatType fpType 
)
virtual

Multiply two floating-point values.

Multiplies two floating-point values and returns the product. All three values have the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpDivide ( const SValuePtr a,
const SValuePtr b,
SgAsmFloatType fpType 
)
virtual

Divide one floating-point value by another.

Computes a divided by b and returns the result. All three floating-point values have the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpSquareRoot ( const SValuePtr a,
SgAsmFloatType fpType 
)
virtual

Square root.

Computes and returns the square root of the specified floating-point value. Both values have the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::fpRoundTowardZero ( const SValuePtr a,
SgAsmFloatType fpType 
)
virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::reinterpret ( const SValuePtr a,
SgAsmType retType 
)
virtual

Reinterpret an expression as a different type.

For semantic domains whose values don't carry type information this is a no-op. For other domains, this creates a new value having the same bits as the original value but a new type. The old and new types must be the same size. This is similar to a C++ reinterpret_cast.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::convert ( const SValuePtr a,
SgAsmType srcType,
SgAsmType dstType 
)
virtual

Convert value from one type to another.

This method converts the argument value from one type to another and returns the new value. This is more than what reinterpret does. For instance, if the argument is an integer with the value "-42" and the dstType is an IEEE-754 32-bit floating-point type, then the return value will have an entirely different bit pattern that is "-42" as a floating-point value.

The srcType is necessary for semantic domains whose values don't carry type information, and is redundant for domains whose values do carry type information. In order to be more useful, the input value, a, is always reinterpreted as type srcType by calling reinterpret before any conversion takes place.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::readRegister ( RegisterDescriptor  reg)
inlinevirtual

Reads a value from a register.

The base implementation simply delegates to the current semantic State, which probably delegates to a register state, but subclasses are welcome to override this behavior at any level.

A register state will typically implement storage for hardware registers, but higher layers (the State, RiscOperators, Dispatcher, ...) should not be concerned about the size of the register they're trying to read. For example, a register state for a 32-bit x86 architecture will likely have a storage location for the 32-bit EAX register, but it should be possible to ask readRegister to return the value of AX (the low-order 16-bits). In order to accomplish this, some level of the readRegister delegations needs to invoke extract to obtain the low 16 bits. The RiscOperators object is passed along the delegation path for this purpose. The inverse concat operation will be needed at some level when we ask readRegister to return a value that comes from multiple storage locations in the register state (such as can happen if an x86 register state holds individual status flags and we ask for the 32-bit EFLAGS register).

If the register state can distinguish between a register that has never been accessed and a register that has only been read, then the dflt value is stored into the register the first time it's read. This ensures that reading the register a second time with no intervening write will return the same value as the first read. If a dflt is not provided then one is constructed by invoking undefined_.

There needs to be a certain level of cooperation between the RiscOperators, State, and register state classes to decide which layer should invoke the extract or concat (or whatever other RISC operations might be necessary).

Definition at line 750 of file RiscOperators.h.

References Rose::BinaryAnalysis::RegisterDescriptor::nBits(), and undefined_().

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::readRegister ( RegisterDescriptor  reg,
const SValuePtr dflt 
)
virtual

Reads a value from a register.

The base implementation simply delegates to the current semantic State, which probably delegates to a register state, but subclasses are welcome to override this behavior at any level.

A register state will typically implement storage for hardware registers, but higher layers (the State, RiscOperators, Dispatcher, ...) should not be concerned about the size of the register they're trying to read. For example, a register state for a 32-bit x86 architecture will likely have a storage location for the 32-bit EAX register, but it should be possible to ask readRegister to return the value of AX (the low-order 16-bits). In order to accomplish this, some level of the readRegister delegations needs to invoke extract to obtain the low 16 bits. The RiscOperators object is passed along the delegation path for this purpose. The inverse concat operation will be needed at some level when we ask readRegister to return a value that comes from multiple storage locations in the register state (such as can happen if an x86 register state holds individual status flags and we ask for the 32-bit EFLAGS register).

If the register state can distinguish between a register that has never been accessed and a register that has only been read, then the dflt value is stored into the register the first time it's read. This ensures that reading the register a second time with no intervening write will return the same value as the first read. If a dflt is not provided then one is constructed by invoking undefined_.

There needs to be a certain level of cooperation between the RiscOperators, State, and register state classes to decide which layer should invoke the extract or concat (or whatever other RISC operations might be necessary).

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::DataFlowSemantics::RiscOperators.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::writeRegister ( RegisterDescriptor  reg,
const SValuePtr a 
)
virtual

Writes a value to a register.

The base implementation simply delegates to the current semantic State, which probably delegates to a register state, but subclasses are welcome to override this behavior at any level.

As with readRegister, writeRegister may need to perform various RISC operations in order to accomplish the task of writing a value to the specified register when the underlying register state doesn't actually store a value for that specific register. The RiscOperations object is passed along for that purpose. See readRegister for more details.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::DataFlowSemantics::RiscOperators.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::peekRegister ( RegisterDescriptor  ,
const SValuePtr dflt 
)
virtual

Obtain a register value without side effects.

This is a lower-level operation than readRegister in that it doesn't cause the register to be marked as having been read. It is typically used in situations where the register is being accessed for analysis purposes rather than as part of an instruction emulation.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::DataFlowSemantics::RiscOperators.

Referenced by peekRegister().

SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::peekRegister ( RegisterDescriptor  reg)
inline

Obtain a register value without side effects.

This is a lower-level operation than readRegister in that it doesn't cause the register to be marked as having been read. It is typically used in situations where the register is being accessed for analysis purposes rather than as part of an instruction emulation.

Definition at line 775 of file RiscOperators.h.

References Rose::BinaryAnalysis::RegisterDescriptor::nBits(), peekRegister(), and undefined_().

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::readMemory ( RegisterDescriptor  segreg,
const SValuePtr addr,
const SValuePtr dflt,
const SValuePtr cond 
)
pure virtual

Reads a value from memory.

The implementation (in subclasses) will typically delegate much of the work to the current state's readMemory method.

A MemoryState will implement storage for memory locations and might impose certain restrictions, such as "all memory values must be eight bits". However, the readMemory should not have these constraints so that it can be called from a variety of Dispatcher subclass (e.g., the DispatcherX86 class assumes that readMemory is capable of reading 32-bit values from little-endian memory). The designers of the MemoryState, State, and RiscOperators should collaborate to decide which layer (RiscOperators, State, or MemoryState) is reponsible for combining individual memory locations into larger values. A RiscOperators object is passed along the chain of delegations for this purpose. The RiscOperators might also contain other data that's important during the process, such as an SMT solver.

The segreg argument is an optional segment register. Most architectures have a flat virtual address space and will pass a default-constructed register descriptor whose is_valid() method returns false.

The cond argument is a Boolean value that indicates whether this is a true read operation. If cond can be proven to be false then the read is a no-op and returns an arbitrary value.

The dflt argument determines the size of the value to be read. This argument is also passed along to the lower layers so that they can, if they desire, use it to initialize memory that has never been read or written before.

Implemented in Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::ModelChecker::P2Model::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::IntervalSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::PartialSymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::NullSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::TraceSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics2::DataFlowSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics2::LlvmSemantics::RiscOperators.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::writeMemory ( RegisterDescriptor  segreg,
const SValuePtr addr,
const SValuePtr data,
const SValuePtr cond 
)
pure virtual
virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::RiscOperators::peekMemory ( RegisterDescriptor  segreg,
const SValuePtr addr,
const SValuePtr dflt 
)
pure virtual

The documentation for this class was generated from the following file: