ROSE  0.11.87.0
Public Types | Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue Class Reference

Description

Type of values manipulated by the SymbolicSemantics domain.

Values of type type are used whenever a value needs to be stored, such as memory addresses, the values stored at those addresses, the values stored in registers, the operands for RISC operations, and the results of those operations.

An SValue points to an expression composed of the ExprNode types defined in Rose/BinaryAnalysis/SymbolicExpr.h, and also stores the set of instructions that were used to define the value. This provides a framework for some simple forms of value-based def-use analysis. See get_defining_instructions() for details.

Unknown versus Uninitialized Values

One sometimes needs to distinguish between registers (or other named storage locations) that contain an "unknown" value versus registers that have not been initialized. By "unknown" we mean a value that has no constraints except for its size (e.g., a register that contains "any 32-bit value"). By "uninitialized" we mean a register that still contains the value that was placed there before we started symbolically evaluating instructions (i.e., a register to which symbolic evaluation hasn't written a new value).

An "unknown" value might be produced by a RISC operation that is unable/unwilling to express its result symbolically. For instance, the RISC "add(A,B)" operation could return an unknown/unconstrained result if either A or B are unknown/unconstrained (in other words, add(A,B) returns C). An unconstrained value is represented by a free variable. ROSE's SymbolicSemantics RISC operations never return unconstrained values, but rather always return a new expression (add(A,B) returns the symbolic expression A+B). However, user-defined subclasses of ROSE's SymbolicSemantics classes might return unconstrained values, and in fact it is quite common for a programmer to first stub out all the RISC operations to return unconstrained values and then gradually implement them as they're required. When a RISC operation returns an unconstrained value, it should set the returned value's defining instructions to the CPU instruction that caused the RISC operation to be called (and possibly the union of the sets of instructions that defined the RISC operation's operands).

An "uninitialized" register (or other storage location) is a register that hasn't ever had a value written to it as a side effect of a machine instruction, and thus still contains the value that was initialially stored there before analysis started (perhaps by a default constructor). Such values will generally be unconstrained (i.e., "unknown" as defined above) but will have an empty defining instruction set. The defining instruction set is empty because the register contains a value that was not generated as the result of simulating some machine instruction.

Therefore, it is possible to destinguish between an uninitialized register and an unconstrained register by looking at its value. If the value is a variable with an empty set of defining instructions, then it must be an initial value. If the value is a variable but has a non-empty set of defining instructions, then it must be a value that came from some RISC operation invoked on behalf of a machine instruction.

One should note that a register that contains a variable is not necessarily unconstrained: another register might contain the same variable, in which case the two registers are constrained to have the same value, although that value could be anything. Consider the following example:

Step 1: Initialize registers. At this point EAX contains v1[32]{}, EBX contains v2[32]{}, and ECX contains v3[32]{}. The notation "vN" is a variable, "[32]" means the variable is 32-bits wide, and "{}" indicates that the set of defining instructions is empty. Since the defining sets are empty, the registers can be considered to be "uninitialized" (more specifically, they contain initial values that were created by the symbolic machine state constructor, or by the user explicitly initializing the registers; they don't contain values that were put there as a side effect of executing some machine instruction).

Step 2: Execute an x86 "I1: MOV EAX, EBX" instruction that moves the value stored in EBX into the EAX register. After this instruction executes, EAX contains v2[32]{I1}, EBX contains v2[32]{}, and ECX contains v3[32]{}. Registers EBX and ECX continue to have empty sets of defining instructions and thus contain their initial values. Reigister EAX refers to the same variable (v2) as EBX and therefore must have the same value as EBX, although that value can be any 32-bit value. We can also tell that EAX no longer contains its initial value because the set of defining instructions is non-empty ({I1}).

Step 3: Execute the imaginary "I2: FOO ECX, EAX" instruction and presume that it performs an operation using ECX and EAX and stores the result in ECX. The operation is implemented by a new user-defined RISC operation called "doFoo(A,B)". Furthermore, presume that the operation encoded by doFoo(A,B) cannot be represented by ROSE's expression trees either directly or indirectly via other expression tree operations. Therefore, the implementation of doFoo(A,B) is such that it always returns an unconstrained value (i.e., a new variable): doFoo(A,B) returns C. After this instruction executes, EAX and EBX continue to contain the results they had after step 2, and ECX now contains v4[32]{I2}. We can tell that ECX contains an unknown value (because its value is a variable) that is 32-bits wide. We can also tell that ECX no longer contains its initial value because its set of defining instructions is non-empty ({I2}).

Definition at line 194 of file SymbolicSemantics.h.

#include <Rose/BinaryAnalysis/InstructionSemantics2/SymbolicSemantics.h>

Inheritance diagram for Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue:
Inheritance graph
[legend]
Collaboration diagram for Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue:
Collaboration graph
[legend]

Public Types

using Super = BaseSemantics::SValue
 Base type. More...
 
using Ptr = SValuePtr
 Shared-ownership pointer. More...
 
- Public Types inherited from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue
using Ptr = SValuePtr
 Shared-ownership pointer for an SValue object. More...
 

Public Member Functions

virtual BaseSemantics::SValuePtr bottom_ (size_t nbits) const override
 Data-flow bottom value. More...
 
virtual BaseSemantics::SValuePtr undefined_ (size_t nbits) const override
 Create a new undefined semantic value. More...
 
virtual BaseSemantics::SValuePtr unspecified_ (size_t nbits) const override
 Create a new unspecified semantic value. More...
 
virtual BaseSemantics::SValuePtr number_ (size_t nbits, uint64_t value) const override
 Create a new concrete semantic value. More...
 
virtual BaseSemantics::SValuePtr boolean_ (bool value) const override
 Create a new, Boolean value. More...
 
virtual BaseSemantics::SValuePtr copy (size_t new_width=0) const override
 Create a new value from an existing value, changing the width if new_width is non-zero. More...
 
virtual Sawyer::Optional< BaseSemantics::SValuePtrcreateOptionalMerge (const BaseSemantics::SValuePtr &other, const BaseSemantics::MergerPtr &, const SmtSolverPtr &) const override
 Possibly create a new value by merging two existing values. More...
 
virtual bool isBottom () const override
 Determines whether a value is a data-flow bottom. More...
 
virtual void print (std::ostream &, BaseSemantics::Formatter &) const override
 Print a value to a stream using default format. More...
 
virtual void hash (Combinatorics::Hasher &) const override
 Hash this semantic value. More...
 
virtual SValuePtr substitute (const SValuePtr &from, const SValuePtr &to, const SmtSolverPtr &solver) const
 Substitute one value for another throughout a value. More...
 
virtual const ExprPtrget_expression () const
 Returns the expression stored in this value. More...
 
virtual const InsnSet & get_defining_instructions () const
 Returns the set of instructions that defined this value. More...
 
virtual void defined_by (SgAsmInstruction *insn, const InsnSet &set1, const InsnSet &set2, const InsnSet &set3)
 Adds instructions to the list of defining instructions. More...
 
virtual void defined_by (SgAsmInstruction *insn, const InsnSet &set1, const InsnSet &set2)
 Adds instructions to the list of defining instructions. More...
 
virtual void defined_by (SgAsmInstruction *insn, const InsnSet &set1)
 Adds instructions to the list of defining instructions. More...
 
virtual void defined_by (SgAsmInstruction *insn)
 Adds instructions to the list of defining instructions. More...
 
virtual void set_expression (const ExprPtr &new_expr)
 Changes the expression stored in the value.
 
virtual void set_expression (const SValuePtr &source)
 Changes the expression stored in the value.
 
virtual size_t add_defining_instructions (const InsnSet &to_add)
 Adds definitions to the list of defining instructions. More...
 
virtual size_t add_defining_instructions (const SValuePtr &source)
 Adds definitions to the list of defining instructions. More...
 
virtual size_t add_defining_instructions (SgAsmInstruction *insn)
 Adds definitions to the list of defining instructions. More...
 
virtual void set_defining_instructions (const InsnSet &new_defs)
 Set defining instructions. More...
 
virtual void set_defining_instructions (const SValuePtr &source)
 Set defining instructions. More...
 
virtual void set_defining_instructions (SgAsmInstruction *insn)
 Set defining instructions. More...
 
- Public Member Functions inherited from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue
SValuePtr createMerged (const SValuePtr &other, const MergerPtr &merger, const SmtSolverPtr &solver) const
 Create a new value by merging two existing values. More...
 
size_t nBits () const
 Property: value width. More...
 
bool isConcrete () const
 Determines if the value is a concrete number. More...
 
Sawyer::Optional< uint64_t > toUnsigned () const
 Converts a concrete value to a native unsigned integer. More...
 
Sawyer::Optional< int64_t > toSigned () const
 Converts a concrete value to a native signed integer. More...
 
bool mustEqual (const SValuePtr &other, const SmtSolverPtr &solver=SmtSolverPtr()) const
 Tests two values for equality. More...
 
bool mayEqual (const SValuePtr &other, const SmtSolverPtr &solver=SmtSolverPtr()) const
 Tests two values for possible equality. More...
 
bool isTrue () const
 Returns true if concrete non-zero. More...
 
bool isFalse () const
 Returns true if concrete zero. More...
 
std::string comment () const
 Property: Comment. More...
 
void comment (const std::string &) const
 Property: Comment. More...
 
void print (std::ostream &) const
 Print a value to a stream using default format. More...
 
WithFormatter with_format (Formatter &fmt)
 Used for printing values with formatting. More...
 
WithFormatter operator+ (Formatter &fmt)
 Used for printing values with formatting. More...
 
WithFormatter operator+ (const std::string &linePrefix)
 Used for printing values with formatting. More...
 
virtual size_t get_width () const
 Virtual API. More...
 
- Public Member Functions inherited from Sawyer::SharedObject
 SharedObject ()
 Default constructor. More...
 
 SharedObject (const SharedObject &)
 Copy constructor. More...
 
virtual ~SharedObject ()
 Virtual destructor. More...
 
SharedObjectoperator= (const SharedObject &)
 Assignment. More...
 
- Public Member Functions inherited from Sawyer::SharedFromThis< SValue >
SharedPointer< SValue > sharedFromThis ()
 Create a shared pointer from this. More...
 
SharedPointer< const SValue > sharedFromThis () const
 Create a shared pointer from this. More...
 

Static Public Member Functions

static SValuePtr instance ()
 Instantiate a new prototypical value. More...
 
static SValuePtr instance_bottom (size_t nbits)
 Instantiate a new data-flow bottom value of specified width. More...
 
static SValuePtr instance_undefined (size_t nbits)
 Instantiate a new undefined value of specified width. More...
 
static SValuePtr instance_unspecified (size_t nbits)
 Instantiate a new unspecified value of specified width. More...
 
static SValuePtr instance_integer (size_t nbits, uint64_t value)
 Instantiate a new concrete value. More...
 
static SValuePtr instance_symbolic (const SymbolicExpr::Ptr &value)
 Instantiate a new symbolic value. More...
 
static SValuePtr promote (const BaseSemantics::SValuePtr &v)
 Promote a base value to a SymbolicSemantics value. More...
 
- Static Public Member Functions inherited from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue
static SValuePtr promote (const SValuePtr &x)
 
- Static Public Member Functions inherited from Sawyer::SmallObject
static SynchronizedPoolAllocatorpoolAllocator ()
 Return the pool allocator for this class. More...
 
static void * operator new (size_t size)
 
static void operator delete (void *ptr, size_t size)
 

Protected Member Functions

 SValue (size_t nbits)
 
 SValue (size_t nbits, uint64_t number)
 
 SValue (ExprPtr expr)
 
virtual bool may_equal (const BaseSemantics::SValuePtr &other, const SmtSolverPtr &solver=SmtSolverPtr()) const override
 Virtual API. More...
 
virtual bool must_equal (const BaseSemantics::SValuePtr &other, const SmtSolverPtr &solver=SmtSolverPtr()) const override
 Virtual API. More...
 
virtual void set_width (size_t nbits) override
 Virtual API. More...
 
virtual bool is_number () const override
 Virtual API. More...
 
virtual uint64_t get_number () const override
 Virtual API. More...
 
virtual std::string get_comment () const override
 Some subclasses support the ability to add comments to values. More...
 
virtual void set_comment (const std::string &) const override
 Some subclasses support the ability to add comments to values. More...
 
- Protected Member Functions inherited from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue
 SValue (size_t nbits)
 
 SValue (const SValue &other)
 

Protected Attributes

ExprPtr expr
 The symbolic expression for this value. More...
 
InsnSet defs
 Instructions defining this value. More...
 
- Protected Attributes inherited from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue
size_t width
 

Member Typedef Documentation

Base type.

Definition at line 197 of file SymbolicSemantics.h.

Shared-ownership pointer.

Definition at line 200 of file SymbolicSemantics.h.

Member Function Documentation

static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::instance ( )
inlinestatic
static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::instance_bottom ( size_t  nbits)
inlinestatic

Instantiate a new data-flow bottom value of specified width.

Definition at line 248 of file SymbolicSemantics.h.

References Rose::BinaryAnalysis::SymbolicExpr::Node::BOTTOM, and Rose::BinaryAnalysis::SymbolicExpr::makeIntegerVariable().

Referenced by bottom_().

static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::instance_undefined ( size_t  nbits)
inlinestatic

Instantiate a new undefined value of specified width.

Definition at line 253 of file SymbolicSemantics.h.

References Rose::BinaryAnalysis::SymbolicExpr::makeIntegerVariable().

Referenced by undefined_().

static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::instance_unspecified ( size_t  nbits)
inlinestatic

Instantiate a new unspecified value of specified width.

Definition at line 258 of file SymbolicSemantics.h.

References Rose::BinaryAnalysis::SymbolicExpr::makeIntegerVariable(), and Rose::BinaryAnalysis::SymbolicExpr::Node::UNSPECIFIED.

Referenced by unspecified_().

static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::instance_integer ( size_t  nbits,
uint64_t  value 
)
inlinestatic

Instantiate a new concrete value.

Definition at line 263 of file SymbolicSemantics.h.

References Rose::BinaryAnalysis::SymbolicExpr::makeIntegerConstant().

Referenced by boolean_(), and number_().

static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::instance_symbolic ( const SymbolicExpr::Ptr value)
inlinestatic

Instantiate a new symbolic value.

Definition at line 268 of file SymbolicSemantics.h.

virtual BaseSemantics::SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::bottom_ ( size_t  nBits) const
inlineoverridevirtual

Data-flow bottom value.

Returns a new value that represents bottom in a data-flow analysis. If a semantic domain can represent a bottom value then the isBottom predicate is true when invoked on this method's return value. If a semantic domain cannot support a bottom value, then it may return some other value.

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

Definition at line 276 of file SymbolicSemantics.h.

References instance_bottom().

virtual BaseSemantics::SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::undefined_ ( size_t  nbits) const
inlineoverridevirtual

Create a new undefined semantic value.

The new semantic value will have the same dynamic type as the value on which this virtual method is called. This is the most common way that a new value is created. The unspecified_ method is closely related.

See also
unspecified_

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

Definition at line 279 of file SymbolicSemantics.h.

References instance_undefined().

virtual BaseSemantics::SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::unspecified_ ( size_t  nbits) const
inlineoverridevirtual

Create a new unspecified semantic value.

The new semantic value will have the same dynamic type as the value on which this virtual method is called. Undefined (undefined_) and unspecified are closely related. Unspecified values are the same as undefined values except they're instantiated as the result of some machine instruction where the ISA documentation indicates that the value is unspecified (e.g., status flags for x86 shift and rotate instructions).

Most semantic domains make no distinction between undefined and unspecified.

See also
undefined_

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

Definition at line 282 of file SymbolicSemantics.h.

References instance_unspecified().

virtual BaseSemantics::SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::number_ ( size_t  nbits,
uint64_t  number 
) const
inlineoverridevirtual

Create a new concrete semantic value.

The new value will represent the specified concrete value and have the same dynamic type as the value on which this virtual method is called. This is the most common way that a new constant is created. The number is truncated to contain nbits bits (higher order bits are cleared).

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

Definition at line 285 of file SymbolicSemantics.h.

References instance_integer().

virtual BaseSemantics::SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::boolean_ ( bool  value) const
inlineoverridevirtual

Create a new, Boolean value.

The new semantic value will have the same dynamic type as the value on which this virtual method is called. This is how 1-bit flag register values (among others) are created. The base implementation uses number_() to construct a 1-bit value whose bit is zero (false) or one (true).

Reimplemented from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

Definition at line 288 of file SymbolicSemantics.h.

References instance_integer().

virtual BaseSemantics::SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::copy ( size_t  new_width = 0) const
inlineoverridevirtual

Create a new value from an existing value, changing the width if new_width is non-zero.

Increasing the width logically adds zero bits to the most significant side of the value; decreasing the width logically removes bits from the most significant side of the value.

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

Definition at line 291 of file SymbolicSemantics.h.

virtual Sawyer::Optional<BaseSemantics::SValuePtr> Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::createOptionalMerge ( const BaseSemantics::SValuePtr other,
const BaseSemantics::MergerPtr merger,
const SmtSolverPtr solver 
) const
overridevirtual

Possibly create a new value by merging two existing values.

This method optionally returns a new semantic value as the data-flow merge of this and other. If the two inputs are "equal" in some sense of the dataflow implementation then nothing is returned, otherwise a new value is returned. Typical usage is like this:

if (SValuePtr merged = v1->createOptionalMerge(v2).orDefault()) {
std::cout <<"v1 and v2 were merged to " <<*merged <<"\n";
} else {
std::cout <<"no merge is necessary\n";
}
or
@code
SValuePtr merge;
if (v1->createOptionalMerge(v2).assignTo(merged)) {
std::cout <<"v1 and v2 were merged to " <<*merged <<"\n";
} else {
std::cout <<"v1 and v2 are equal in some sense (no merge necessary)\n";
}

If you always want a copy regardless of whether the merge is necessary, then use the createMerged convenience function instead.

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

static SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::promote ( const BaseSemantics::SValuePtr v)
inlinestatic
virtual bool Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::isBottom ( ) const
overridevirtual

Determines whether a value is a data-flow bottom.

Returns true if this value represents a bottom value for data-flow analysis. Any RiscOperation performed on an operand whose isBottom predicate returns true will itself return a bottom value. This includes operations like "xor x x" which would normally return zero.

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::print ( std::ostream &  ,
BaseSemantics::Formatter  
) const
overridevirtual

Print a value to a stream using default format.

The value will normally occupy a single line and not contain leading space or line termination. See also, with_format().

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::hash ( Combinatorics::Hasher ) const
overridevirtual

Hash this semantic value.

Hashes the value by appending it to the specified hasher.

Implements Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

Reimplemented in Rose::BinaryAnalysis::ModelChecker::P2Model::SValue.

virtual bool Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::may_equal ( const BaseSemantics::SValuePtr other,
const SmtSolverPtr solver = SmtSolverPtr() 
) const
overrideprotectedvirtual
virtual bool Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::must_equal ( const BaseSemantics::SValuePtr other,
const SmtSolverPtr solver = SmtSolverPtr() 
) const
overrideprotectedvirtual
virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::set_width ( size_t  nbits)
inlineoverrideprotectedvirtual
virtual bool Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::is_number ( ) const
inlineoverrideprotectedvirtual
virtual uint64_t Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::get_number ( ) const
overrideprotectedvirtual
virtual std::string Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::get_comment ( ) const
overrideprotectedvirtual

Some subclasses support the ability to add comments to values.

We define no-op versions of these methods here because it makes things easier. The base class tries to be as small as possible by not storing comments at all. Comments should not affect any computation (comparisons, hash values, etc), and therefore are allowed to be modified even for const objects.

Reimplemented from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::set_comment ( const std::string &  ) const
overrideprotectedvirtual

Some subclasses support the ability to add comments to values.

We define no-op versions of these methods here because it makes things easier. The base class tries to be as small as possible by not storing comments at all. Comments should not affect any computation (comparisons, hash values, etc), and therefore are allowed to be modified even for const objects.

Reimplemented from Rose::BinaryAnalysis::InstructionSemantics2::BaseSemantics::SValue.

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::substitute ( const SValuePtr from,
const SValuePtr to,
const SmtSolverPtr solver 
) const
virtual

Substitute one value for another throughout a value.

For example, if this value is "(add esp_0, -12)" and we substitute "esp_0" with "(add stack_frame 4)", this method would return "(add stack_frame -8)". It is also possible for the from value to be a more complicated expression. This method attempts to match from at all nodes of this expression and substitutes at eac node that matches. The from and to must have the same width. The solver is optional and used during simplification of the result.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::defined_by ( SgAsmInstruction insn,
const InsnSet &  set1,
const InsnSet &  set2,
const InsnSet &  set3 
)
inlinevirtual

Adds instructions to the list of defining instructions.

Adds the specified instruction and defining sets into this value and returns a reference to this value. See also add_defining_instructions().

Definition at line 359 of file SymbolicSemantics.h.

References add_defining_instructions().

Referenced by defined_by().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::defined_by ( SgAsmInstruction insn,
const InsnSet &  set1,
const InsnSet &  set2 
)
inlinevirtual

Adds instructions to the list of defining instructions.

Adds the specified instruction and defining sets into this value and returns a reference to this value. See also add_defining_instructions().

Definition at line 363 of file SymbolicSemantics.h.

References add_defining_instructions(), and defined_by().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::defined_by ( SgAsmInstruction insn,
const InsnSet &  set1 
)
inlinevirtual

Adds instructions to the list of defining instructions.

Adds the specified instruction and defining sets into this value and returns a reference to this value. See also add_defining_instructions().

Definition at line 367 of file SymbolicSemantics.h.

References add_defining_instructions(), and defined_by().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::defined_by ( SgAsmInstruction insn)
inlinevirtual

Adds instructions to the list of defining instructions.

Adds the specified instruction and defining sets into this value and returns a reference to this value. See also add_defining_instructions().

Definition at line 371 of file SymbolicSemantics.h.

References add_defining_instructions().

virtual const ExprPtr& Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::get_expression ( ) const
inlinevirtual

Returns the expression stored in this value.

Expressions are reference counted; the reference count of the returned expression is not incremented.

Definition at line 379 of file SymbolicSemantics.h.

References expr.

virtual const InsnSet& Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::get_defining_instructions ( ) const
inlinevirtual

Returns the set of instructions that defined this value.

The return value is a flattened lattice represented as a set. When analyzing this basic block starting with an initial default state:

1: mov eax, 2
2: add eax, 1
3: mov ebx, eax;
4: mov ebx, 3

the defining set for the value stored in EAX will be instructions {1, 2} and the defining set for the value stored in EBX will be {4}. Defining sets for values stored in other registers are the empty set.

Definition at line 409 of file SymbolicSemantics.h.

References defs.

virtual size_t Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::add_defining_instructions ( const InsnSet &  to_add)
virtual

Adds definitions to the list of defining instructions.

Returns the number of items added that weren't already in the list of defining instructions.

Referenced by add_defining_instructions(), and defined_by().

virtual size_t Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::add_defining_instructions ( const SValuePtr source)
inlinevirtual

Adds definitions to the list of defining instructions.

Returns the number of items added that weren't already in the list of defining instructions.

Definition at line 419 of file SymbolicSemantics.h.

References add_defining_instructions().

virtual size_t Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::add_defining_instructions ( SgAsmInstruction insn)
virtual

Adds definitions to the list of defining instructions.

Returns the number of items added that weren't already in the list of defining instructions.

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::set_defining_instructions ( const InsnSet &  new_defs)
inlinevirtual

Set defining instructions.

This discards the old set of defining instructions and replaces it with the specified set.

Definition at line 430 of file SymbolicSemantics.h.

Referenced by set_defining_instructions().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::set_defining_instructions ( const SValuePtr source)
inlinevirtual

Set defining instructions.

This discards the old set of defining instructions and replaces it with the specified set.

Definition at line 433 of file SymbolicSemantics.h.

References set_defining_instructions().

virtual void Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::set_defining_instructions ( SgAsmInstruction insn)
virtual

Set defining instructions.

This discards the old set of defining instructions and replaces it with the specified set.

Member Data Documentation

ExprPtr Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::expr
protected

The symbolic expression for this value.

Symbolic expressions are reference counted.

Definition at line 204 of file SymbolicSemantics.h.

Referenced by get_expression().

InsnSet Rose::BinaryAnalysis::InstructionSemantics2::SymbolicSemantics::SValue::defs
protected

Instructions defining this value.

Any instruction that saves the value to a register or memory location adds itself to the saved value.

Definition at line 208 of file SymbolicSemantics.h.

Referenced by get_defining_instructions().


The documentation for this class was generated from the following file: