Description

Base class for most instruction semantics RISC operators.

This class is responsible for defining the semantics of the RISC-like operations invoked by the translation object (e.g., X86InstructionSemantics). We omit the definitions for most of the RISC operations from the base class so that failure to implement them in a subclass is an error.

RISC operator arguments are, in general, SValue pointers. However, if the width of a RISC operator's result depends on an argument's value (as opposed to depending on the argument width), then that argument must be a concrete value (i.e., an integral type). This requirement is due to the fact that SMT solvers need to know the sizes of their bit vectors. Operators extract, unsignedExtend, signExtend, readRegister, and readMemory fall into this category.

Operators with side effects (writeRegister, writeMemory, and possibly others) usually modify a BaseSemantics::State object pointed to by the currentState property. Keeping side effects in states allows RiscOperators to be used in data-flow analysis where meeting control flow edges cause states to be merged. Side effects that don't need to be part of a data-flow can be stored elsewhere, such as data members of a subclass or the initialState property.

RiscOperator objects are allocated on the heap and reference counted. The BaseSemantics::RiscOperator is an abstract class that defines the interface. See the Rose::BinaryAnalysis::InstructionSemantics namespace for an overview of how the parts fit together.

Definition at line 49 of file RiscOperators.h.

#include <Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/RiscOperators.h>

Inheritance diagram for Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators:

[legend]

Collaboration diagram for Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators:

[legend]

Classes
class	WithFormatter
	RiscOperators with formatter. More...

Public Types
enum class	IteStatus { NEITHER , A , B , BOTH }
	Status for iteWithStatus operation. More...

using	Ptr = RiscOperatorsPtr
	Shared-ownership pointer.

Public Member Functions
virtual RiscOperatorsPtr	create (const SValuePtr &protoval, const SmtSolverPtr &solver=SmtSolverPtr()) const =0
	Virtual allocating constructor.

virtual RiscOperatorsPtr	create (const StatePtr &state, const SmtSolverPtr &solver=SmtSolverPtr()) const =0
	Virtual allocating constructor.

virtual SValuePtr	protoval () const
	Property: Prototypical semantic value.

virtual void	hash (Combinatorics::Hasher &)
	Compute hash of current state.

virtual void	startInstruction (SgAsmInstruction *insn)
	Called at the beginning of every instruction.

virtual void	finishInstruction (SgAsmInstruction *insn)
	Called at the end of every instruction.

virtual void	comment (const std::string &)
	Inject a line comment into debugging streams.

virtual SValuePtr	number_ (size_t nbits, uint64_t value)
	Returns a number of the specified bit width.

virtual SValuePtr	boolean_ (bool value)
	Returns a Boolean value.

virtual SValuePtr	bottom_ (size_t nbits)
	Returns a data-flow bottom value.

virtual SValuePtr	filterCallTarget (const SValuePtr &a)
	Invoked to filter call targets.

virtual SValuePtr	filterReturnTarget (const SValuePtr &a)
	Invoked to filter return targets.

virtual SValuePtr	filterIndirectJumpTarget (const SValuePtr &a)
	Invoked to filter indirect jumps.

virtual void	hlt ()
	Invoked for the x86 HLT instruction.

virtual void	cpuid ()
	Invoked for the x86 CPUID instruction.

virtual SValuePtr	rdtsc ()
	Invoked for the x86 RDTSC instruction.

virtual SValuePtr	and_ (const SValuePtr &a, const SValuePtr &b)=0
	Computes bit-wise AND of two values.

virtual SValuePtr	or_ (const SValuePtr &a, const SValuePtr &b)=0
	Computes bit-wise OR of two values.

virtual SValuePtr	xor_ (const SValuePtr &a, const SValuePtr &b)=0
	Computes bit-wise XOR of two values.

virtual SValuePtr	invert (const SValuePtr &a)=0
	One's complement.

virtual SValuePtr	extract (const SValuePtr &a, size_t begin_bit, size_t end_bit)=0
	Extracts bits from a value.

virtual SValuePtr	concat (const SValuePtr &lowBits, const SValuePtr &highBits)=0
	Concatenates the bits of two values.

virtual std::pair< SValuePtr, SValuePtr >	split (const SValuePtr &a, size_t splitPoint)
	Split a value into two narrower values.

virtual SValuePtr	leastSignificantSetBit (const SValuePtr &a)=0
	Returns position of least significant set bit; zero when no bits are set.

virtual SValuePtr	mostSignificantSetBit (const SValuePtr &a)=0
	Returns position of most significant set bit; zero when no bits are set.

virtual SValuePtr	countLeadingZeros (const SValuePtr &a)
	Count leading zero bits.

virtual SValuePtr	countLeadingOnes (const SValuePtr &a)
	Count leading one bits.

virtual SValuePtr	rotateLeft (const SValuePtr &a, const SValuePtr &nbits)=0
	Rotate bits to the left.

virtual SValuePtr	rotateRight (const SValuePtr &a, const SValuePtr &nbits)=0
	Rotate bits to the right.

virtual SValuePtr	shiftLeft (const SValuePtr &a, const SValuePtr &nbits)=0
	Returns arg shifted left.

virtual SValuePtr	shiftRight (const SValuePtr &a, const SValuePtr &nbits)=0
	Returns arg shifted right logically (no sign bit).

virtual SValuePtr	shiftRightArithmetic (const SValuePtr &a, const SValuePtr &nbits)=0
	Returns arg shifted right arithmetically (with sign bit).

virtual SValuePtr	reverseElmts (const SValuePtr &a, size_t elmtNBits)
	Reverse parts of a value.

virtual SValuePtr	equalToZero (const SValuePtr &a)=0
	Determines whether a value is equal to zero.

virtual SValuePtr	iteWithStatus (const SValuePtr &cond, const SValuePtr &a, const SValuePtr &b, IteStatus &status)=0
	If-then-else with status.

virtual SValuePtr	ite (const SValuePtr &cond, const SValuePtr &a, const SValuePtr &b) final
	If-then-else.

virtual SValuePtr	unsignedExtend (const SValuePtr &a, size_t new_width)
	Extend (or shrink) operand `a` so it is `nbits` wide by adding or removing high-order bits.

virtual SValuePtr	signExtend (const SValuePtr &a, size_t new_width)=0
	Sign extends a value.

virtual SValuePtr	add (const SValuePtr &a, const SValuePtr &b)=0
	Adds two integers of equal size.

virtual SValuePtr	addCarry (const SValuePtr &a, const SValuePtr &b, SValuePtr &carryOut, SValuePtr &overflowed)
	Adds two integers of equal size and carry.

virtual SValuePtr	subtract (const SValuePtr &minuend, const SValuePtr &subtrahend)
	Subtract one value from another.

virtual SValuePtr	subtractCarry (const SValuePtr &minuend, const SValuePtr &subtrahend, SValuePtr &carryOut, SValuePtr &overflowed)
	Subtract one value from another and carry.

virtual SValuePtr	addWithCarries (const SValuePtr &a, const SValuePtr &b, const SValuePtr &c, SValuePtr &carry_out)=0
	Add two values of equal size and a carry bit.

virtual SValuePtr	negate (const SValuePtr &a)=0
	Two's complement.

virtual SValuePtr	signedDivide (const SValuePtr &dividend, const SValuePtr &divisor)=0
	Divides two signed values.

virtual SValuePtr	signedModulo (const SValuePtr &a, const SValuePtr &b)=0
	Calculates modulo with signed values.

virtual SValuePtr	signedMultiply (const SValuePtr &a, const SValuePtr &b)=0
	Multiplies two signed values.

virtual SValuePtr	unsignedDivide (const SValuePtr &dividend, const SValuePtr &divisor)=0
	Divides two unsigned values.

virtual SValuePtr	unsignedModulo (const SValuePtr &a, const SValuePtr &b)=0
	Calculates modulo with unsigned values.

virtual SValuePtr	unsignedMultiply (const SValuePtr &a, const SValuePtr &b)=0
	Multiply two unsigned values.

virtual void	interrupt (int majorNumber, int minorNumber)
	Unconditionally raise an interrupt.

virtual void	interrupt (const SValuePtr &majr, const SValuePtr &minr, const SValuePtr &raise)
	Invoked for instructions that cause an interrupt.

virtual void	raiseInterrupt (unsigned majorNumber, unsigned minorNumber, const SValuePtr &raise)
	Conditionally raise an interrupt.

virtual SValuePtr	fpFromInteger (const SValuePtr &intValue, SgAsmFloatType *fpType)
	Construct a floating-point value from an integer value.

virtual SValuePtr	fpToInteger (const SValuePtr &fpValue, SgAsmFloatType *fpType, const SValuePtr &dflt)
	Construct an integer value from a floating-point value.

virtual SValuePtr	fpConvert (const SValuePtr &a, SgAsmFloatType aType, SgAsmFloatType retType)
	Convert from one floating-point type to another.

virtual SValuePtr	fpIsNan (const SValuePtr &fpValue, SgAsmFloatType *fpType)
	Whether a floating-point value is a special not-a-number bit pattern.

virtual SValuePtr	fpIsDenormalized (const SValuePtr &fpValue, SgAsmFloatType *fpType)
	Whether a floating-point value is denormalized.

virtual SValuePtr	fpIsZero (const SValuePtr &fpValue, SgAsmFloatType *fpType)
	Whether a floating-point value is equal to zero.

virtual SValuePtr	fpIsInfinity (const SValuePtr &fpValue, SgAsmFloatType *fpType)
	Whether a floating-point value is infinity.

virtual SValuePtr	fpSign (const SValuePtr &fpValue, SgAsmFloatType *fpType)
	Sign of floating-point value.

virtual SValuePtr	fpEffectiveExponent (const SValuePtr &fpValue, SgAsmFloatType *fpType)
	Exponent of floating-point value.

virtual SValuePtr	fpAdd (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
	Add two floating-point values.

virtual SValuePtr	fpSubtract (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
	Subtract one floating-point value from another.

virtual SValuePtr	fpMultiply (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
	Multiply two floating-point values.

virtual SValuePtr	fpDivide (const SValuePtr &a, const SValuePtr &b, SgAsmFloatType *fpType)
	Divide one floating-point value by another.

virtual SValuePtr	fpSquareRoot (const SValuePtr &a, SgAsmFloatType *fpType)
	Square root.

virtual SValuePtr	fpRoundTowardZero (const SValuePtr &a, SgAsmFloatType *fpType)
	Round toward zero.

virtual SValuePtr	reinterpret (const SValuePtr &a, SgAsmType *retType)
	Reinterpret an expression as a different type.

virtual SValuePtr	convert (const SValuePtr &a, SgAsmType srcType, SgAsmType dstType)
	Convert value from one type to another.

virtual void	writeRegister (RegisterDescriptor reg, const SValuePtr &a)
	Writes a value to a register.

virtual SValuePtr	readMemory (RegisterDescriptor segreg, const SValuePtr &addr, const SValuePtr &dflt, const SValuePtr &cond)=0
	Reads a value from memory.

virtual void	writeMemory (RegisterDescriptor segreg, const SValuePtr &addr, const SValuePtr &data, const SValuePtr &cond)=0
	Writes a value to memory.

virtual SValuePtr	peekMemory (RegisterDescriptor segreg, const SValuePtr &addr, const SValuePtr &dflt)=0
	Read memory without side effects.


virtual SmtSolverPtr	solver () const
	Property: Satisfiability module theory (SMT) solver.

virtual void	solver (const SmtSolverPtr &s)
	Property: Satisfiability module theory (SMT) solver.


const HotPatch &	hotPatch () const
	Property: Post-instruction hot patches.

HotPatch &	hotPatch ()
	Property: Post-instruction hot patches.

void	hotPatch (const HotPatch &hp)
	Property: Post-instruction hot patches.


virtual StatePtr	currentState () const
	Property: Current semantic state.

virtual void	currentState (const StatePtr &s)
	Property: Current semantic state.


virtual StatePtr	initialState () const
	Property: Optional lazily updated initial state.

virtual void	initialState (const StatePtr &s)
	Property: Optional lazily updated initial state.


virtual const std::string &	name () const
	Property: Name used for debugging.

virtual void	name (const std::string &s)
	Property: Name used for debugging.


void	print (std::ostream &stream, const std::string prefix="") const
	Print multi-line output for this object.

virtual void	print (std::ostream &stream, Formatter &fmt) const
	Print multi-line output for this object.


WithFormatter	with_format (Formatter &fmt)
	Used for printing RISC operators with formatting.

WithFormatter	operator+ (Formatter &fmt)
	Used for printing RISC operators with formatting.

WithFormatter	operator+ (const std::string &linePrefix)
	Used for printing RISC operators with formatting.


virtual size_t	nInsns () const
	Property: Number of instructions processed.

virtual void	nInsns (size_t n)
	Property: Number of instructions processed.


virtual SgAsmInstruction *	currentInstruction () const
	Property: Current instruction.

virtual void	currentInstruction (SgAsmInstruction *insn)
	Property: Current instruction.


virtual bool	isNoopRead () const
	Property: No-op read.

virtual void	isNoopRead (bool b)
	Property: No-op read.


virtual SValuePtr	undefined_ (size_t nbits)
	Returns a new undefined value.

virtual SValuePtr	unspecified_ (size_t nbits)
	Returns a new undefined value.


virtual SValuePtr	concatLoHi (const SValuePtr &lowBits, const SValuePtr &highBits)
	Aliases for concatenation.

virtual SValuePtr	concatHiLo (const SValuePtr &highBits, const SValuePtr &lowBits)
	Aliases for concatenation.


virtual SValuePtr	isEqual (const SValuePtr &a, const SValuePtr &b)
	Equality comparison.

virtual SValuePtr	isNotEqual (const SValuePtr &a, const SValuePtr &b)
	Equality comparison.


virtual SValuePtr	isUnsignedLessThan (const SValuePtr &a, const SValuePtr &b)
	Comparison for unsigned values.

virtual SValuePtr	isUnsignedLessThanOrEqual (const SValuePtr &a, const SValuePtr &b)
	Comparison for unsigned values.

virtual SValuePtr	isUnsignedGreaterThan (const SValuePtr &a, const SValuePtr &b)
	Comparison for unsigned values.

virtual SValuePtr	isUnsignedGreaterThanOrEqual (const SValuePtr &a, const SValuePtr &b)
	Comparison for unsigned values.


virtual SValuePtr	isSignedLessThan (const SValuePtr &a, const SValuePtr &b)
	Comparison for signed values.

virtual SValuePtr	isSignedLessThanOrEqual (const SValuePtr &a, const SValuePtr &b)
	Comparison for signed values.

virtual SValuePtr	isSignedGreaterThan (const SValuePtr &a, const SValuePtr &b)
	Comparison for signed values.

virtual SValuePtr	isSignedGreaterThanOrEqual (const SValuePtr &a, const SValuePtr &b)
	Comparison for signed values.


virtual SValuePtr	readRegister (RegisterDescriptor reg)
	Reads a value from a register.

virtual SValuePtr	readRegister (RegisterDescriptor reg, const SValuePtr &dflt)
	Reads a value from a register.


virtual SValuePtr	peekRegister (RegisterDescriptor, const SValuePtr &dflt)
	Obtain a register value without side effects.

SValuePtr	peekRegister (RegisterDescriptor reg)
	Obtain a register value without side effects.

Static Public Member Functions
static RiscOperatorsPtr	promote (const RiscOperatorsPtr &x)

Protected Member Functions
	RiscOperators (const SValuePtr &protoval, const SmtSolverPtr &solver=SmtSolverPtr())

	RiscOperators (const StatePtr &state, const SmtSolverPtr &solver=SmtSolverPtr())

Member Typedef Documentation

◆ Ptr

using Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::Ptr = RiscOperatorsPtr

Shared-ownership pointer.

Definition at line 52 of file RiscOperators.h.

Member Enumeration Documentation

◆ IteStatus

enum class Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::IteStatus

strong

Status for iteWithStatus operation.

Enumerator
NEITHER	Return value is formed from neither A nor B.
A	Return value is formed from A since condition was true.
B	Return value is formed from B since condition was false.
BOTH	Return value is formed from both A and B.

Definition at line 483 of file RiscOperators.h.

Member Function Documentation

◆ create() [1/2]

virtual RiscOperatorsPtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::create	(	const SValuePtr &	protoval,
		const SmtSolverPtr &	solver = `SmtSolverPtr()`
	)		const

pure virtual

Virtual allocating constructor.

The protoval is a prototypical semantic value that is used as a factory to create additional values as necessary via its virtual constructors. The state upon which the RISC operations operate must be set by modifying the currentState property. An optional SMT solver may be specified (see solver).

◆ create() [2/2]

virtual RiscOperatorsPtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::create	(	const StatePtr &	state,
		const SmtSolverPtr &	solver = `SmtSolverPtr()`
	)		const

pure virtual

Virtual allocating constructor.

The supplied state is that upon which the RISC operations operate and is also used to define the prototypical semantic value. Other states can be supplied by setting currentState. The prototypical semantic value is used as a factory to create additional values as necessary via its virtual constructors. An optional SMT solver may be specified (see solver).

◆ promote()

static RiscOperatorsPtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::promote ( const RiscOperatorsPtr & x )

inlinestatic

Definition at line 120 of file RiscOperators.h.

◆ protoval()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::protoval ( ) const

inlinevirtual

Property: Prototypical semantic value.

The protoval is used to construct other values via its virtual constructors.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 131 of file RiscOperators.h.

Referenced by Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators::create(), and Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators::svalue_empty().

◆ solver() [1/2]

virtual SmtSolverPtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::solver ( ) const

inlinevirtual

Property: Satisfiability module theory (SMT) solver.

This property holds a pointer to the satisfiability modulo theory (SMT) solver to use for certain operations. An SMT solver is optional and not all semantic domains will make use of a solver. Domains that use a solver will fall back to naive implementations when a solver is not available (for instance, equality of two values might be checked by looking at whether the values are identical).

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 141 of file RiscOperators.h.

Referenced by Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators::create(), and Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators::create().

◆ solver() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::solver ( const SmtSolverPtr & s )

inlinevirtual

Property: Satisfiability module theory (SMT) solver.

This property holds a pointer to the satisfiability modulo theory (SMT) solver to use for certain operations. An SMT solver is optional and not all semantic domains will make use of a solver. Domains that use a solver will fall back to naive implementations when a solver is not available (for instance, equality of two values might be checked by looking at whether the values are identical).

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 142 of file RiscOperators.h.

◆ hotPatch() [1/3]

const HotPatch & Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::hotPatch ( ) const

inline

Property: Post-instruction hot patches.

The hot patches describe how to modify the current state after each instruction is executed. This is performed by the finishInstruction method.

Definition at line 151 of file RiscOperators.h.

◆ hotPatch() [2/3]

HotPatch & Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::hotPatch ( )

inline

Property: Post-instruction hot patches.

The hot patches describe how to modify the current state after each instruction is executed. This is performed by the finishInstruction method.

Definition at line 152 of file RiscOperators.h.

◆ hotPatch() [3/3]

void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::hotPatch ( const HotPatch & hp )

inline

Property: Post-instruction hot patches.

The hot patches describe how to modify the current state after each instruction is executed. This is performed by the finishInstruction method.

Definition at line 153 of file RiscOperators.h.

◆ currentState() [1/2]

virtual StatePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::currentState ( ) const

inlinevirtual

Property: Current semantic state.

This is the state upon which the RISC operations operate. The state need not be set until the first instruction is executed (and even then, some RISC operations don't need any machine state; typically, only register and memory read and write operators need state). Different state objects can be swapped in at pretty much any time. Modifying the state has no effect on this object's prototypical value which was initialized by the constructor; new states should have a prototyipcal value of the same dynamic type.

◆ currentState() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::currentState ( const StatePtr & s )

inlinevirtual

Property: Current semantic state.

This is the state upon which the RISC operations operate. The state need not be set until the first instruction is executed (and even then, some RISC operations don't need any machine state; typically, only register and memory read and write operators need state). Different state objects can be swapped in at pretty much any time. Modifying the state has no effect on this object's prototypical value which was initialized by the constructor; new states should have a prototyipcal value of the same dynamic type.

◆ initialState() [1/2]

virtual StatePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::initialState ( ) const

inlinevirtual

Property: Optional lazily updated initial state.

If non-null, then any calls to readMemory or readRegister which do not find that the address or register has a value, not only instantiate the value in the current state, but also write the same value to this initial state. In effect, this is like Schrodinger's cat: every memory address and register has a value, we just don't know what it is until we try to read it. Once we read it, it becomes instantiated in the current state and the initial state. The default initial state is the null pointer.

Changing the current state does not affect the initial state. This makes it easier to use a state as part of a data-flow analysis, in which one typically swaps in different current states as the data-flow progresses.

The initial state need not be the same type as the current state, as long as they both have the same prototypical value type. For instance, a symbolic domain could use a MemoryCellList for its currentState and a state based on a MemoryMap of concrete values for its initial state, as long as those concrete values are converted to symbolic values when they're read.

Caveats: Not all semantic domains use the initial state. The order that values are added to an initial state depends on the order they're encountered during the analysis.

Example 1: Simple usage

This example, shows one way to use an initial state and the effect is has on memory and register I/O. It uses the same type for the initial state as it does for the current states.

Example 2: Advanced usage

This example is somwewhat more advanced. It uses a custom state, which is a relatively common practice of users, and augments it to do something special when it's used as an initial state. When it's used as an initial state, it sets a flag for the values produced so that an analysis can presumably detect that the value is an initial value.

Definition at line 208 of file RiscOperators.h.

◆ initialState() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::initialState ( const StatePtr & s )

inlinevirtual

Property: Optional lazily updated initial state.

If non-null, then any calls to readMemory or readRegister which do not find that the address or register has a value, not only instantiate the value in the current state, but also write the same value to this initial state. In effect, this is like Schrodinger's cat: every memory address and register has a value, we just don't know what it is until we try to read it. Once we read it, it becomes instantiated in the current state and the initial state. The default initial state is the null pointer.

Changing the current state does not affect the initial state. This makes it easier to use a state as part of a data-flow analysis, in which one typically swaps in different current states as the data-flow progresses.

The initial state need not be the same type as the current state, as long as they both have the same prototypical value type. For instance, a symbolic domain could use a MemoryCellList for its currentState and a state based on a MemoryMap of concrete values for its initial state, as long as those concrete values are converted to symbolic values when they're read.

Caveats: Not all semantic domains use the initial state. The order that values are added to an initial state depends on the order they're encountered during the analysis.

Example 1: Simple usage

This example, shows one way to use an initial state and the effect is has on memory and register I/O. It uses the same type for the initial state as it does for the current states.

Example 2: Advanced usage

This example is somwewhat more advanced. It uses a custom state, which is a relatively common practice of users, and augments it to do something special when it's used as an initial state. When it's used as an initial state, it sets a flag for the values produced so that an analysis can presumably detect that the value is an initial value.

Definition at line 209 of file RiscOperators.h.

◆ name() [1/2]

virtual const std::string & Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::name ( ) const

inlinevirtual

Property: Name used for debugging.

This property is the name of the semantic domain and is used in diagnostic messages.

Definition at line 217 of file RiscOperators.h.

◆ name() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::name ( const std::string & s )

inlinevirtual

Property: Name used for debugging.

This property is the name of the semantic domain and is used in diagnostic messages.

Definition at line 218 of file RiscOperators.h.

◆ hash()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::hash ( Combinatorics::Hasher & )

virtual

Compute hash of current state.

Computes a hash of the current state by hashing its registers and memory.

◆ print()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::print	(	std::ostream &	stream,
		Formatter &	fmt
	)		const

virtual

Print multi-line output for this object.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators.

◆ with_format()

WithFormatter Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::with_format ( Formatter & fmt )

inline

Used for printing RISC operators with formatting.

The usual way to use this is:

RiscOperatorsPtr obj = ...;
Formatter fmt = ...;
std::cout <<"The value is: " <<(*obj+fmt) <<"\n";

Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.

std::cout <<"Machine state:\n" <<*(obj + " ");

Definition at line 256 of file RiscOperators.h.

Referenced by operator+().

◆ operator+() [1/2]

WithFormatter Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::operator+ ( Formatter & fmt )

inline

Used for printing RISC operators with formatting.

The usual way to use this is:

RiscOperatorsPtr obj = ...;
Formatter fmt = ...;
std::cout <<"The value is: " <<(*obj+fmt) <<"\n";

Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.

std::cout <<"Machine state:\n" <<*(obj + " ");

Definition at line 257 of file RiscOperators.h.

References with_format().

◆ operator+() [2/2]

WithFormatter Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::operator+ ( const std::string & linePrefix )

Used for printing RISC operators with formatting.

The usual way to use this is:

RiscOperatorsPtr obj = ...;
Formatter fmt = ...;
std::cout <<"The value is: " <<(*obj+fmt) <<"\n";

Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.

std::cout <<"Machine state:\n" <<*(obj + " ");

◆ nInsns() [1/2]

virtual size_t Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::nInsns ( ) const

inlinevirtual

Property: Number of instructions processed.

This counter is incremented at the beginning of each instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 266 of file RiscOperators.h.

◆ nInsns() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::nInsns ( size_t n )

inlinevirtual

Property: Number of instructions processed.

This counter is incremented at the beginning of each instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 267 of file RiscOperators.h.

◆ currentInstruction() [1/2]

virtual SgAsmInstruction * Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::currentInstruction ( ) const

inlinevirtual

Property: Current instruction.

Returns the instruction which is being processed. This is set by startInstruction and cleared by finishInstruction. Returns null if we are not processing an instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 276 of file RiscOperators.h.

◆ currentInstruction() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::currentInstruction ( SgAsmInstruction * insn )

inlinevirtual

Property: Current instruction.

Returns the instruction which is being processed. This is set by startInstruction and cleared by finishInstruction. Returns null if we are not processing an instruction.

Definition at line 279 of file RiscOperators.h.

◆ isNoopRead() [1/2]

virtual bool Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isNoopRead ( ) const

inlinevirtual

Property: No-op read.

This property can be set to indicate that the next read operation(s) are part of a possible read-then-write no-op sequence. This property is normally reset at the beginning and end of each instruction by startInstruction and finishInstruction.

For example, most ARM AArch32 A32 instructions are conditionally executed. Therefore any instruction that writes to memory will either write a newly calculated value, or will write the original value. When expressed symbolically, the expression is something like (writeMemory ADDRESS (ite CONDITION VALUE (readMemory ADDRESS))). In this case, the readMemory is part of a read-then-write sequence that has no effect, and this no-op read property can be set in order to express this intent to any analysis that might be triggered by memory reads.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 297 of file RiscOperators.h.

◆ isNoopRead() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isNoopRead ( bool b )

inlinevirtual

Property: No-op read.

This property can be set to indicate that the next read operation(s) are part of a possible read-then-write no-op sequence. This property is normally reset at the beginning and end of each instruction by startInstruction and finishInstruction.

For example, most ARM AArch32 A32 instructions are conditionally executed. Therefore any instruction that writes to memory will either write a newly calculated value, or will write the original value. When expressed symbolically, the expression is something like (writeMemory ADDRESS (ite CONDITION VALUE (readMemory ADDRESS))). In this case, the readMemory is part of a read-then-write sequence that has no effect, and this no-op read property can be set in order to express this intent to any analysis that might be triggered by memory reads.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 298 of file RiscOperators.h.

◆ startInstruction()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::startInstruction ( SgAsmInstruction * insn )

virtual

Called at the beginning of every instruction.

This method is invoked every time the translation object begins processing an instruction. Some policies use this to update a pointer to the current instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, Rose::BinaryAnalysis::Partitioner2::Semantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators.

◆ finishInstruction()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::finishInstruction ( SgAsmInstruction * insn )

virtual

Called at the end of every instruction.

This method is invoked whenever the translation object ends processing for an instruction. This is not called if there's an exception during processing.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators.

◆ comment()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::comment ( const std::string & )

virtual

Inject a line comment into debugging streams.

If this operators object supports it, the specified string will appear in the debugging output as a comment.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ undefined_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::undefined_ ( size_t nbits )

virtual

Returns a new undefined value.

Uses the prototypical value to virtually construct the new value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Referenced by peekRegister(), readRegister(), and Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::MemoryCellList::scan().

◆ unspecified_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::unspecified_ ( size_t nbits )

virtual

Returns a new undefined value.

Uses the prototypical value to virtually construct the new value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Referenced by rdtsc().

◆ number_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::number_	(	size_t	nbits,
		uint64_t	value
	)

virtual

Returns a number of the specified bit width.

Uses the prototypical value to virtually construct a new value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ boolean_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::boolean_ ( bool value )

virtual

Returns a Boolean value.

Uses the prototypical value to virtually construct a new value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators.

◆ bottom_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::bottom_ ( size_t nbits )

virtual

Returns a data-flow bottom value.

Uses the prototypical value to virtually construct a new value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ filterCallTarget()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::filterCallTarget ( const SValuePtr & a )

virtual

Invoked to filter call targets.

This method is called whenever the translation object is about to invoke a function call. The target address is passed as an argument and a (new) target should be returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ filterReturnTarget()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::filterReturnTarget ( const SValuePtr & a )

virtual

Invoked to filter return targets.

This method is called whenever the translation object is about to return from a function call (such as for the x86 "RET" instruction). The return address is passed as an argument and a (new) return address should be returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ filterIndirectJumpTarget()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::filterIndirectJumpTarget ( const SValuePtr & a )

virtual

Invoked to filter indirect jumps.

This method is called whenever the translation object is about to unconditionally jump to a new address (such as for the x86 "JMP" instruction). The target address is passed as an argument and a (new) target address should be returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ hlt()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::hlt ( )

inlinevirtual

Invoked for the x86 HLT instruction.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 357 of file RiscOperators.h.

◆ cpuid()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::cpuid ( )

inlinevirtual

Invoked for the x86 CPUID instruction.

FIXME: x86-specific stuff should be in the dispatcher.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 360 of file RiscOperators.h.

◆ rdtsc()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::rdtsc ( )

inlinevirtual

Invoked for the x86 RDTSC instruction.

FIXME: x86-specific stuff should be in the dispatcher.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Definition at line 363 of file RiscOperators.h.

References unspecified_().

◆ and_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::and_	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Computes bit-wise AND of two values.

The operands must both have the same width; the result must be the same width as the operands.

◆ or_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::or_	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Computes bit-wise OR of two values.

The operands a and b must have the same width; the return value width will be the same as a and b.

◆ xor_()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::xor_	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Computes bit-wise XOR of two values.

The operands a and b must have the same width; the result will be the same width as a and b.

◆ invert()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::invert ( const SValuePtr & a )

pure virtual

One's complement.

The result will be the same size as the operand.

◆ extract()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::extract	(	const SValuePtr &	a,
		size_t	begin_bit,
		size_t	end_bit
	)

pure virtual

Extracts bits from a value.

The specified bits from begin_bit (inclusive) through end_bit (exclusive) are copied into the low-order bits of the return value (other bits in the return value are cleared). The least significant bit is number zero. The begin_bit and end_bit values must be valid for the width of a.

◆ concat()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::concat	(	const SValuePtr &	lowBits,
		const SValuePtr &	highBits
	)

pure virtual

Concatenates the bits of two values.

The bits of lowBits and highBits are concatenated so that the result has lowBits in the low-order bits and highBits in the high order bits. The width of the return value is the sum of the widths of lowBits and highBits.

Note that the order of arguments for this method is the reverse of the SymbolicExpression concatenation function.

Referenced by concatHiLo(), and concatLoHi().

◆ concatLoHi()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::concatLoHi	(	const SValuePtr &	lowBits,
		const SValuePtr &	highBits
	)

inlinevirtual

Aliases for concatenation.

It's hard to remember whether the arguments of the concatenation operator are low bits followed by high bits, or high bits followed by low bits, and getting it wrong doesn't result in any kind of immediate error. This alias makes it more clear.

Definition at line 405 of file RiscOperators.h.

References concat().

◆ concatHiLo()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::concatHiLo	(	const SValuePtr &	highBits,
		const SValuePtr &	lowBits
	)

inlinevirtual

Aliases for concatenation.

It's hard to remember whether the arguments of the concatenation operator are low bits followed by high bits, or high bits followed by low bits, and getting it wrong doesn't result in any kind of immediate error. This alias makes it more clear.

Definition at line 408 of file RiscOperators.h.

References concat().

◆ split()

virtual std::pair< SValuePtr, SValuePtr > Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::split	(	const SValuePtr &	a,
		size_t	splitPoint
	)

virtual

Split a value into two narrower values.

Returns the two parts as a pair consisting of the low-order bits of a and the high-order bits of a. The returned low-order bits are bits zero (inclusive) to splitPoint (exclusive) and has width splitPoint. The returned high-order bits are bits splitPoint (inclusive) to the width of a (exclusive) and has width which is the width of a minus splitPoint. This is not a pure virtual function because it can be implemented in terms of extract.

◆ leastSignificantSetBit()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::leastSignificantSetBit ( const SValuePtr & a )

pure virtual

Returns position of least significant set bit; zero when no bits are set.

The return value will have the same width as the operand, although this can be safely truncated to the log-base-2 + 1 width.

◆ mostSignificantSetBit()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::mostSignificantSetBit ( const SValuePtr & a )

pure virtual

Returns position of most significant set bit; zero when no bits are set.

The return value will have the same width as the operand, although this can be safely truncated to the log-base-2 + 1 width.

◆ countLeadingZeros()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::countLeadingZeros ( const SValuePtr & a )

virtual

Count leading zero bits.

Counts the number of consecutive clear bits starting with the msb. The return value is the same width as the argument.

◆ countLeadingOnes()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::countLeadingOnes ( const SValuePtr & a )

virtual

Count leading one bits.

Counts the number of consecutive set bits starting with the msb. The return value is the same width as the argument.

◆ rotateLeft()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::rotateLeft	(	const SValuePtr &	a,
		const SValuePtr &	nbits
	)

pure virtual

Rotate bits to the left.

The return value will have the same width as operand a. The nbits is interpreted as unsigned. The behavior is modulo the width of a regardless of whether the implementation makes that a special case or handles it naturally.

◆ rotateRight()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::rotateRight	(	const SValuePtr &	a,
		const SValuePtr &	nbits
	)

pure virtual

Rotate bits to the right.

The return value will have the same width as operand a. The nbits is interpreted as unsigned. The behavior is modulo the width of a regardless of whether the implementation makes that a special case or handles it naturally.

◆ shiftLeft()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::shiftLeft	(	const SValuePtr &	a,
		const SValuePtr &	nbits
	)

pure virtual

Returns arg shifted left.

The return value will have the same width as operand a. The nbits is interpreted as unsigned. New bits shifted into the value are zero. If nbits is equal to or larger than the width of a then the result is zero.

◆ shiftRight()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::shiftRight	(	const SValuePtr &	a,
		const SValuePtr &	nbits
	)

pure virtual

Returns arg shifted right logically (no sign bit).

The return value will have the same width as operand a. The nbits is interpreted as unsigned. New bits shifted into the value are zero. If nbits is equal to or larger than the width of a then the result is zero.

◆ shiftRightArithmetic()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::shiftRightArithmetic	(	const SValuePtr &	a,
		const SValuePtr &	nbits
	)

pure virtual

Returns arg shifted right arithmetically (with sign bit).

The return value will have the same width as operand a. The nbits is interpreted as unsigned. New bits shifted into the value are the same as the most significant bit (the "sign bit"). If nbits is equal to or larger than the width of a then the result has all bits cleared or all bits set depending on whether the most significant bit was originally clear or set.

◆ reverseElmts()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::reverseElmts	(	const SValuePtr &	a,
		size_t	elmtNBits
	)

virtual

Reverse parts of a value.

This is a convenience wrapper around other operations. It splits the value a into equal sized parts, each elmtNBits in width, and reverses them to create the return value. The width of a must be a multiple of elmtNBits.

◆ equalToZero()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::equalToZero ( const SValuePtr & a )

pure virtual

Determines whether a value is equal to zero.

Returns true, false, or undefined (in the semantic domain) depending on whether argument is zero.

◆ iteWithStatus()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::iteWithStatus	(	const SValuePtr &	cond,
		const SValuePtr &	a,
		const SValuePtr &	b,
		IteStatus &	status
	)

pure virtual

If-then-else with status.

Returns operand a if cond is true, operand b if cond is false, or some other value if the condition is unknown. The condition must be one bit wide; the widths of a and b must be equal; the return value width will be the same as a and b.

The status is an output that indicates how the main return value was determined.

Referenced by ite().

◆ ite()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::ite	(	const SValuePtr &	cond,
		const SValuePtr &	a,
		const SValuePtr &	b
	)

inlinefinalvirtual

If-then-else.

Returns operand a if cond is true, operand b if cond is false, or some other value if the condition is unknown. The condition must be one bit wide; the widths of a and b must be equal; the return value width will be the same as a and b.

This method was once pure virtual and some old subclasses might try to override it. Those subclasses should be changed so they override iteWithStatus instead.

Definition at line 507 of file RiscOperators.h.

References iteWithStatus(), and NEITHER.

◆ isEqual()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isEqual	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Equality comparison.

Returns a Boolean to indicate whether the relationship between a and b holds. Both operands must be the same width. It doesn't matter if they are interpreted as signed or unsigned quantities.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isNotEqual()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isNotEqual	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Equality comparison.

Returns a Boolean to indicate whether the relationship between a and b holds. Both operands must be the same width. It doesn't matter if they are interpreted as signed or unsigned quantities.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isUnsignedLessThan()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isUnsignedLessThan	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isUnsignedLessThanOrEqual()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isUnsignedLessThanOrEqual	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isUnsignedGreaterThan()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isUnsignedGreaterThan	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isUnsignedGreaterThanOrEqual()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isUnsignedGreaterThanOrEqual	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for unsigned values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as unsigned values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isSignedLessThan()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isSignedLessThan	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isSignedLessThanOrEqual()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isSignedLessThanOrEqual	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isSignedGreaterThan()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isSignedGreaterThan	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ isSignedGreaterThanOrEqual()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::isSignedGreaterThanOrEqual	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

virtual

Comparison for signed values.

Returns a Boolean to indicate whether the relationship between a and b is true when a and b are interpreted as signed values. Both values must have the same width. This operation is a convenience wrapper around other RISC operators.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ unsignedExtend()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::unsignedExtend	(	const SValuePtr &	a,
		size_t	new_width
	)

virtual

Extend (or shrink) operand a so it is nbits wide by adding or removing high-order bits.

Added bits are always zeros. The result will be the specified new_width.

◆ signExtend()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::signExtend	(	const SValuePtr &	a,
		size_t	new_width
	)

pure virtual

Sign extends a value.

The result will be the specified new_width, which must be at least as large as the original width.

◆ add()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::add	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Adds two integers of equal size.

The width of a and b must be equal; the return value will have the same width as a and b.

◆ addCarry()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::addCarry	(	const SValuePtr &	a,
		const SValuePtr &	b,
		SValuePtr &	carryOut,
		SValuePtr &	overflowed
	)

virtual

Adds two integers of equal size and carry.

The width of a and b must be the same, and the resulting sum will also have the same width. Returns the sum by value and a carry-out bit by reference. An overflow bit is also returned and is useful when a and b are interpreted as signed values. This method is not pure abstract and is generally not overridden in subclasses because it can be implemented in terms of other operations.

◆ subtract()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::subtract	(	const SValuePtr &	minuend,
		const SValuePtr &	subtrahend
	)

virtual

Subtract one value from another.

Subtracts the subtrahend from the minuend and returns the result. The two arguments must be the same width and the return value will also be that same width. This method is not pure virtual and is not usually overridden by subclasses because it can be implemented in terms of other operations.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators.

◆ subtractCarry()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::subtractCarry	(	const SValuePtr &	minuend,
		const SValuePtr &	subtrahend,
		SValuePtr &	carryOut,
		SValuePtr &	overflowed
	)

virtual

Subtract one value from another and carry.

Subtracts the subtrahend from the minuend and returns the result. The two arguments must be the same width and the return value will also be that same width. A carry-out bit and overflow bit are returned by reference. The carry out bit is simply the carry out from adding the minuend and negated subtrahend. The overflow bit is set if the result would overflow the width of the return value, and is calculated as the XOR of the two most significant carray-out bits. This method is not pure virtual and is not usually overridden by subclasses because it can be implemented in terms of other operations.

◆ addWithCarries()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::addWithCarries	(	const SValuePtr &	a,
		const SValuePtr &	b,
		const SValuePtr &	c,
		SValuePtr &	carry_out
	)

pure virtual

Add two values of equal size and a carry bit.

Carry information is returned via carry_out argument. The carry_out value is the tick marks that are written above the first addend when doing long arithmetic like a 2nd grader would do (of course, they'd probably be adding two base-10 numbers). For instance, when adding 00110110 and 11100100:

 '''..'..         <-- carry tick marks: '=carry .=no carry
  00110110
+ 11100100
----------
 100011010

The carry_out value is 11100100.

The width of a and b must be equal; c must have a width of one bit; the return value and carry_out will be the same width as a and b. The carry_out value is allocated herein.

◆ negate()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::negate ( const SValuePtr & a )

pure virtual

Two's complement.

The return value will have the same width as the operand.

◆ signedDivide()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::signedDivide	(	const SValuePtr &	dividend,
		const SValuePtr &	divisor
	)

pure virtual

Divides two signed values.

The width of the result will be the same as the width of the dividend.

◆ signedModulo()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::signedModulo	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Calculates modulo with signed values.

The width of the result will be the same as the width of operand b.

◆ signedMultiply()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::signedMultiply	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Multiplies two signed values.

The width of the result will be the sum of the widths of a and b.

◆ unsignedDivide()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::unsignedDivide	(	const SValuePtr &	dividend,
		const SValuePtr &	divisor
	)

pure virtual

Divides two unsigned values.

The width of the result is the same as the width of the dividend.

◆ unsignedModulo()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::unsignedModulo	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Calculates modulo with unsigned values.

The width of the result is the same as the width of operand b.

◆ unsignedMultiply()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::unsignedMultiply	(	const SValuePtr &	a,
		const SValuePtr &	b
	)

pure virtual

Multiply two unsigned values.

The width of the result is the sum of the widths of a and b.

◆ interrupt() [1/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::interrupt	(	int	majorNumber,
		int	minorNumber
	)

virtual

Unconditionally raise an interrupt.

The major and minor numbers are architecture specific. For instance, an x86 INT instruction uses major number zero and the minor number is the interrupt number (e.g., 0x80 for Linux system calls), while an x86 SYSENTER instruction uses major number one.

The base implementation does one of two things. If the current state has an interrupt sub-state then the specified interrupt is raised in that state by setting that interrupt to true. Otherwise, the base implementation does nothing.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::PartialSymbolicSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ interrupt() [2/2]

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::interrupt	(	const SValuePtr &	majr,
		const SValuePtr &	minr,
		const SValuePtr &	raise
	)

virtual

Invoked for instructions that cause an interrupt.

This overload is for cases when the major and minor numbers are not integers, and/or when the interrupt is conditionally executed.

The default implementation calls raiseInterrupt if both majorNumber and minorNumber are concrete values, otherwise it throws an exception.

◆ raiseInterrupt()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::raiseInterrupt	(	unsigned	majorNumber,
		unsigned	minorNumber,
		const SValuePtr &	raise
	)

virtual

Conditionally raise an interrupt.

The base implementation does one of these things:

If the current state has an interrupt sub-state then the interrupt's Boolean value in that state is OR'd with the specified raise value. In other words, the interrupt is raised if it wasn't already raised before.

Otherwise if raise is a concrete value, then the interrupt function is called if raise is true, or nothing is done if raise is false.

Otherwise an exception is thrown.

◆ fpFromInteger()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpFromInteger	(	const SValuePtr &	intValue,
		SgAsmFloatType *	fpType
	)

virtual

Construct a floating-point value from an integer value.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators.

◆ fpToInteger()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpToInteger	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType,
		const SValuePtr &	dflt
	)

virtual

Construct an integer value from a floating-point value.

The bits of fpValue are interpreted according to the fpType and converted to a signed integer value that fits in integerWidth bits. This is done by truncating the fractional part of the floating point number, thus rounding toward zero. If fpValue is not a number then dflt is returned.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators.

◆ fpConvert()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpConvert	(	const SValuePtr &	a,
		SgAsmFloatType *	aType,
		SgAsmFloatType *	retType
	)

virtual

Convert from one floating-point type to another.

Converts the floating-point value a having type aType to the return value having retType.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TaintSemantics::RiscOperators.

◆ fpIsNan()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpIsNan	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType
	)

virtual

Whether a floating-point value is a special not-a-number bit pattern.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpIsDenormalized()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpIsDenormalized	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType
	)

virtual

Whether a floating-point value is denormalized.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpIsZero()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpIsZero	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType
	)

virtual

Whether a floating-point value is equal to zero.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpIsInfinity()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpIsInfinity	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType
	)

virtual

Whether a floating-point value is infinity.

Returns true if the floating point value is plus or minus infinity. Querying the sign bit will return the sign of the infinity.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpSign()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpSign	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType
	)

virtual

Sign of floating-point value.

Returns the value of the floating-point sign bit.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpEffectiveExponent()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpEffectiveExponent	(	const SValuePtr &	fpValue,
		SgAsmFloatType *	fpType
	)

virtual

Exponent of floating-point value.

Returns the exponent of the floating point value. For normalized values this returns the stored exponent minus the exponent bias. For denormalized numbers this returns the stored exponent minus the exponent bias minus an additional amount to normalize the significand.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpAdd()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpAdd	(	const SValuePtr &	a,
		const SValuePtr &	b,
		SgAsmFloatType *	fpType
	)

virtual

Add two floating-point values.

Adds two floating-point values that have the same type and returns the sum in the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators.

◆ fpSubtract()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpSubtract	(	const SValuePtr &	a,
		const SValuePtr &	b,
		SgAsmFloatType *	fpType
	)

virtual

Subtract one floating-point value from another.

Subtracts b from a and returns the difference. All three floating-point values have the same type. The default implementation is in terms of negate and add.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators.

◆ fpMultiply()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpMultiply	(	const SValuePtr &	a,
		const SValuePtr &	b,
		SgAsmFloatType *	fpType
	)

virtual

Multiply two floating-point values.

Multiplies two floating-point values and returns the product. All three values have the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators.

◆ fpDivide()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpDivide	(	const SValuePtr &	a,
		const SValuePtr &	b,
		SgAsmFloatType *	fpType
	)

virtual

Divide one floating-point value by another.

Computes a divided by b and returns the result. All three floating-point values have the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpSquareRoot()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpSquareRoot	(	const SValuePtr &	a,
		SgAsmFloatType *	fpType
	)

virtual

Square root.

Computes and returns the square root of the specified floating-point value. Both values have the same type.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ fpRoundTowardZero()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::fpRoundTowardZero	(	const SValuePtr &	a,
		SgAsmFloatType *	fpType
	)

virtual

Round toward zero.

Truncate the fractional part of the floating point number.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::RiscOperators.

◆ reinterpret()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::reinterpret	(	const SValuePtr &	a,
		SgAsmType *	retType
	)

virtual

Reinterpret an expression as a different type.

For semantic domains whose values don't carry type information this is a no-op. For other domains, this creates a new value having the same bits as the original value but a new type. The old and new types must be the same size. This is similar to a C++ reinterpret_cast.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TaintSemantics::RiscOperators.

◆ convert()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::convert	(	const SValuePtr &	a,
		SgAsmType *	srcType,
		SgAsmType *	dstType
	)

virtual

Convert value from one type to another.

This method converts the argument value from one type to another and returns the new value. This is more than what reinterpret does. For instance, if the argument is an integer with the value "-42" and the dstType is an IEEE-754 32-bit floating-point type, then the return value will have an entirely different bit pattern that is "-42" as a floating-point value.

The srcType is necessary for semantic domains whose values don't carry type information, and is redundant for domains whose values do carry type information. In order to be more useful, the input value, a, is always reinterpreted as type srcType by calling reinterpret before any conversion takes place.

◆ readRegister() [1/2]

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::readRegister ( RegisterDescriptor reg )

inlinevirtual

Reads a value from a register.

The base implementation simply delegates to the current semantic State, which probably delegates to a register state, but subclasses are welcome to override this behavior at any level.

A register state will typically implement storage for hardware registers, but higher layers (the State, RiscOperators, Dispatcher, ...) should not be concerned about the size of the register they're trying to read. For example, a register state for a 32-bit x86 architecture will likely have a storage location for the 32-bit EAX register, but it should be possible to ask readRegister to return the value of AX (the low-order 16-bits). In order to accomplish this, some level of the readRegister delegations needs to invoke extract to obtain the low 16 bits. The RiscOperators object is passed along the delegation path for this purpose. The inverse concat operation will be needed at some level when we ask readRegister to return a value that comes from multiple storage locations in the register state (such as can happen if an x86 register state holds individual status flags and we ask for the 32-bit EFLAGS register).

If the register state can distinguish between a register that has never been accessed and a register that has only been read, then the dflt value is stored into the register the first time it's read. This ensures that reading the register a second time with no intervening write will return the same value as the first read. If a dflt is not provided then one is constructed by invoking undefined_.

There needs to be a certain level of cooperation between the RiscOperators, State, and register state classes to decide which layer should invoke the extract or concat (or whatever other RISC operations might be necessary).

Definition at line 799 of file RiscOperators.h.

References Rose::BinaryAnalysis::RegisterDescriptor::nBits(), readRegister(), and undefined_().

Referenced by readRegister().

◆ readRegister() [2/2]

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::readRegister	(	RegisterDescriptor	reg,
		const SValuePtr &	dflt
	)

virtual

Reads a value from a register.

The base implementation simply delegates to the current semantic State, which probably delegates to a register state, but subclasses are welcome to override this behavior at any level.

A register state will typically implement storage for hardware registers, but higher layers (the State, RiscOperators, Dispatcher, ...) should not be concerned about the size of the register they're trying to read. For example, a register state for a 32-bit x86 architecture will likely have a storage location for the 32-bit EAX register, but it should be possible to ask readRegister to return the value of AX (the low-order 16-bits). In order to accomplish this, some level of the readRegister delegations needs to invoke extract to obtain the low 16 bits. The RiscOperators object is passed along the delegation path for this purpose. The inverse concat operation will be needed at some level when we ask readRegister to return a value that comes from multiple storage locations in the register state (such as can happen if an x86 register state holds individual status flags and we ask for the 32-bit EFLAGS register).

If the register state can distinguish between a register that has never been accessed and a register that has only been read, then the dflt value is stored into the register the first time it's read. This ensures that reading the register a second time with no intervening write will return the same value as the first read. If a dflt is not provided then one is constructed by invoking undefined_.

There needs to be a certain level of cooperation between the RiscOperators, State, and register state classes to decide which layer should invoke the extract or concat (or whatever other RISC operations might be necessary).

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::DataFlowSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ writeRegister()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::writeRegister	(	RegisterDescriptor	reg,
		const SValuePtr &	a
	)

virtual

Writes a value to a register.

The base implementation simply delegates to the current semantic State, which probably delegates to a register state, but subclasses are welcome to override this behavior at any level.

As with readRegister, writeRegister may need to perform various RISC operations in order to accomplish the task of writing a value to the specified register when the underlying register state doesn't actually store a value for that specific register. The RiscOperations object is passed along for that purpose. See readRegister for more details.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::DataFlowSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

◆ peekRegister() [1/2]

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::peekRegister	(	RegisterDescriptor	,
		const SValuePtr &	dflt
	)

virtual

Obtain a register value without side effects.

This is a lower-level operation than readRegister in that it doesn't cause the register to be marked as having been read. It is typically used in situations where the register is being accessed for analysis purposes rather than as part of an instruction emulation.

Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::DataFlowSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::MultiSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SourceAstSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperators, Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::RiscOperators, and Rose::BinaryAnalysis::InstructionSemantics::TraceSemantics::RiscOperators.

Referenced by peekRegister().

◆ peekRegister() [2/2]

SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::peekRegister ( RegisterDescriptor reg )

inline

Obtain a register value without side effects.

This is a lower-level operation than readRegister in that it doesn't cause the register to be marked as having been read. It is typically used in situations where the register is being accessed for analysis purposes rather than as part of an instruction emulation.

Definition at line 824 of file RiscOperators.h.

References Rose::BinaryAnalysis::RegisterDescriptor::nBits(), peekRegister(), and undefined_().

◆ readMemory()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::readMemory	(	RegisterDescriptor	segreg,
		const SValuePtr &	addr,
		const SValuePtr &	dflt,
		const SValuePtr &	cond
	)

pure virtual

Reads a value from memory.

The implementation (in subclasses) will typically delegate much of the work to the current state's readMemory method.

A MemoryState will implement storage for memory locations and might impose certain restrictions, such as "all memory values must be eight bits". However, the readMemory should not have these constraints so that it can be called from a variety of Dispatcher subclass (e.g., the DispatcherX86 class assumes that readMemory is capable of reading 32-bit values from little-endian memory). The designers of the MemoryState, State, and RiscOperators should collaborate to decide which layer (RiscOperators, State, or MemoryState) is reponsible for combining individual memory locations into larger values. A RiscOperators object is passed along the chain of delegations for this purpose. The RiscOperators might also contain other data that's important during the process, such as an SMT solver.

The segreg argument is an optional segment register. Most architectures have a flat virtual address space and will pass a default-constructed register descriptor whose is_valid() method returns false.

The cond argument is a Boolean value that indicates whether this is a true read operation. If cond can be proven to be false then the read is a no-op and returns an arbitrary value.

The dflt argument determines the size of the value to be read. This argument is also passed along to the lower layers so that they can, if they desire, use it to initialize memory that has never been read or written before.

◆ writeMemory()

virtual void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::writeMemory	(	RegisterDescriptor	segreg,
		const SValuePtr &	addr,
		const SValuePtr &	data,
		const SValuePtr &	cond
	)

pure virtual

Writes a value to memory.

The implementation (in subclasses) will typically delegate much of the work to the current state's writeMemory method.

The segreg argument is an optional segment register. Most architectures have a flat virtual address space and will pass a default-constructed register descriptor whose is_valid() method returns false.

The cond argument is a Boolean value that indicates whether this is a true write operation. If cond can be proved to be false then writeMemory is a no-op.

◆ peekMemory()

virtual SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::RiscOperators::peekMemory	(	RegisterDescriptor	segreg,
		const SValuePtr &	addr,
		const SValuePtr &	dflt
	)

pure virtual

Read memory without side effects.

This is a lower-level operation than readMemory in that it doesn't cause any side effects in the memory state. In all other respects, it's similar to readMemory.

The documentation for this class was generated from the following file:

RiscOperators.h

Description

Classes

Public Types

Public Member Functions

Static Public Member Functions

Protected Member Functions

Member Typedef Documentation

◆ Ptr

Member Enumeration Documentation

◆ IteStatus

Member Function Documentation

◆ create() [1/2]

◆ create() [2/2]

◆ promote()

◆ protoval()

◆ solver() [1/2]

◆ solver() [2/2]

◆ hotPatch() [1/3]

◆ hotPatch() [2/3]

◆ hotPatch() [3/3]

◆ currentState() [1/2]

◆ currentState() [2/2]

◆ initialState() [1/2]

Example 1: Simple usage

Example 2: Advanced usage

◆ initialState() [2/2]

Example 1: Simple usage

Example 2: Advanced usage

◆ name() [1/2]

◆ name() [2/2]

◆ hash()

◆ print()

◆ with_format()

◆ operator+() [1/2]

◆ operator+() [2/2]

◆ nInsns() [1/2]

◆ nInsns() [2/2]

◆ currentInstruction() [1/2]

◆ currentInstruction() [2/2]

◆ isNoopRead() [1/2]

◆ isNoopRead() [2/2]

◆ startInstruction()

◆ finishInstruction()

◆ comment()

◆ undefined_()

◆ unspecified_()

◆ number_()

◆ boolean_()

◆ bottom_()

◆ filterCallTarget()

◆ filterReturnTarget()

◆ filterIndirectJumpTarget()

◆ hlt()

◆ cpuid()

◆ rdtsc()

◆ and_()

◆ or_()

◆ xor_()

◆ invert()

◆ extract()

◆ concat()

◆ concatLoHi()

◆ concatHiLo()

◆ split()

◆ leastSignificantSetBit()

◆ mostSignificantSetBit()

◆ countLeadingZeros()

◆ countLeadingOnes()

◆ rotateLeft()

◆ rotateRight()

◆ shiftLeft()

◆ shiftRight()

◆ shiftRightArithmetic()

◆ reverseElmts()

◆ equalToZero()

◆ iteWithStatus()

◆ ite()

◆ isEqual()

◆ isNotEqual()

◆ isUnsignedLessThan()