Description
Base class for semantics machine states.
Binary semantic analysis usually progresses one instruction at a time–one starts with an initial state and the act of processing an instruction modifies the state. The State is the base class class for the semantic states of various instruction semantic policies.
A state contains storage, in the form of AddressSpace objects, for all the machine registers and memory. It normally has one register address space and one memory address space, although any number of address spaces are allowed. Additional address spaces can be used for such things as temporary variables and constants used during semantic analysis.
States refer to their address spaces using shared-ownership smart pointers, but one can also make deep copies of the state using it's clone method. Deep copies generally copy only those parts of the state that are mutable, thus the individual symbolic expressions for a symbolic state are not copied. But since symbolic expressions are immutable, the lack of copying at that level is irrelevant. Many analyses keep a copy of the machine state for each instruction or each CFG vertex.
This BaseSemantics::State is an abstract class that defines the interface. See the Rose::BinaryAnalysis::InstructionSemantics namespace for an overview of how the parts fit together.
#include <Rose/BinaryAnalysis/InstructionSemantics/BaseSemantics/State.h>
Classes | |
| class | WithFormatter |
| State with formatter. More... | |
Public Types | |
| using | Ptr = StatePtr |
| Shared-ownership pointer. | |
Public Member Functions | |
| virtual StatePtr | create (const RegisterStatePtr ®isters, const MemoryStatePtr &memory) const |
| Virtual constructor. | |
| virtual StatePtr | clone () const |
| Virtual copy constructor. | |
| SValuePtr | protoval () const |
| Property: Prototypical value. | |
| void | insertAddressSpace (const AddressSpacePtr &) |
| Insert an address space into this state. | |
| const std::vector< AddressSpacePtr > & | addressSpaces () const |
| The list of all address spaces. | |
| AddressSpacePtr | findFirstAddressSpace (AddressSpacePurpose) const |
| Find the first address space with the specified purpose. | |
| AddressSpacePtr | findFirstAddressSpace (AddressSpacePurpose, const std::string &name) const |
| Find the first address space with the specified purpose and name. | |
| SValuePtr | read (const AddressSpacePtr &, const AddressSpaceAddress &, const SValuePtr &dflt, RiscOperators &addrOps, RiscOperators &valOps) |
| Read a value from an address space. | |
| SValuePtr | peek (const AddressSpacePtr &, const AddressSpaceAddress &, const SValuePtr &dflt, RiscOperators &addrOps, RiscOperators &valOps) |
| Peek at a value in an address space. | |
| void | write (const AddressSpacePtr &, const AddressSpaceAddress &, const SValuePtr &value, RiscOperators &addrOps, RiscOperators &valOps) |
| Write a value to an address space. | |
| virtual bool | merge (const StatePtr &other, RiscOperators *addrOps, RiscOperators *valOps) |
| Merge operation for data flow analysis. | |
| virtual void | clear () |
| Initialize state. | |
| void | zeroRegisters () |
| Initialize all registers to zero. | |
| void | clearMemory () |
| Clear all memory locations. | |
| RegisterStatePtr | registerState () const |
| Property: Register state. | |
| MemoryStatePtr | memoryState () const |
| Property: Memory state. | |
| RegisterStatePtr | interruptState () const |
| Property: Interrupt state. | |
| void | interruptState (const RegisterStatePtr &) |
| Property: Interrupt state. | |
| bool | hasInterruptState () const |
| Tests whether an interrupt state is present. | |
| virtual SValuePtr | readRegister (RegisterDescriptor desc, const SValuePtr &dflt, RiscOperators *ops) |
| Read a value from a register. | |
| virtual SValuePtr | peekRegister (RegisterDescriptor desc, const SValuePtr &dflt, RiscOperators *ops) |
| Read register without side effects. | |
| virtual void | writeRegister (RegisterDescriptor desc, const SValuePtr &value, RiscOperators *ops) |
| Write a value to a register. | |
| virtual SValuePtr | readMemory (const SValuePtr &address, const SValuePtr &dflt, RiscOperators *addrOps, RiscOperators *valOps) |
| Read a value from memory. | |
| virtual SValuePtr | peekMemory (const SValuePtr &address, const SValuePtr &dflt, RiscOperators *addrOps, RiscOperators *valOps) |
| Read from memory without side effects. | |
| virtual void | writeMemory (const SValuePtr &addr, const SValuePtr &value, RiscOperators *addrOps, RiscOperators *valOps) |
| Write a value to memory. | |
| virtual SValuePtr | readInterrupt (unsigned major, unsigned minor, const SValuePtr &dflt, RiscOperators *valOps) |
| Read an interrupt state. | |
| virtual SValuePtr | peekInterrupt (unsigned major, unsigned minor, const SValuePtr &dflt, RiscOperators *valOps) |
| Read an interrupt state without side effects. | |
| virtual bool | writeInterrupt (unsigned major, unsigned minor, const SValuePtr &value, RiscOperators *valOps) |
| Write an interrupt state. | |
| SValuePtr | raiseInterrupt (unsigned major, unsigned minor, RiscOperators *valOps) |
| Raise an interrupt. | |
| SValuePtr | clearInterrupt (unsigned major, unsigned minor, RiscOperators *valOps) |
| Clear an interrupt. | |
| bool | isInterruptDefinitelyRaised (unsigned major, unsigned minor, RiscOperators *valOps) |
| Test an interrupt. | |
| bool | isInterruptDefinitelyClear (unsigned major, unsigned minor, RiscOperators *valOps) |
| Test an interrupt. | |
| virtual void | hash (Combinatorics::Hasher &, RiscOperators *addrOps, RiscOperators *valOps) const |
| Compute a hash of the state. | |
| std::string | toString () const |
| Convert the state to a string for debugging. | |
| void | printRegisters (std::ostream &stream, const std::string &prefix="") |
| Print the register contents. | |
| virtual void | printRegisters (std::ostream &stream, Formatter &fmt) const |
| Print the register contents. | |
| void | printMemory (std::ostream &stream, const std::string &prefix="") const |
| Print memory contents. | |
| virtual void | printMemory (std::ostream &stream, Formatter &fmt) const |
| Print memory contents. | |
| void | printInterrupts (std::ostream &, const std::string &prefix="") |
| Print interrupt states. | |
| virtual void | printInterrupts (std::ostream &stream, Formatter &fmt) const |
| Print interrupt states. | |
| void | print (std::ostream &stream, const std::string &prefix="") const |
| Print the state. | |
| virtual void | print (std::ostream &, Formatter &) const |
| Print the state. | |
| WithFormatter | with_format (Formatter &fmt) |
| Used for printing states with formatting. | |
| WithFormatter | operator+ (Formatter &fmt) |
| Used for printing states with formatting. | |
| WithFormatter | operator+ (const std::string &linePrefix) |
| Used for printing states with formatting. | |
Static Public Member Functions | |
| static StatePtr | instance (const RegisterStatePtr ®isters, const MemoryStatePtr &memory, const RegisterStatePtr &interrupts) |
| Instantiate a new state object with specified register, memory, and interrupt address spaces. | |
| static StatePtr | instance (const RegisterStatePtr ®isters, const MemoryStatePtr &memory) |
| Instantiate a new state object with specified register and memory address spaces. | |
| static StatePtr | instance (const StatePtr &other) |
| Instantiate a new copy of an existing state. | |
| static StatePtr | promote (const StatePtr &) |
Protected Member Functions | |
| State (const RegisterStatePtr ®isters, const MemoryStatePtr &memory, const RegisterStatePtr &interrupts) | |
| State (const RegisterStatePtr ®isters, const MemoryStatePtr &memory) | |
| State (const State &other) | |
Member Typedef Documentation
◆ Ptr
Member Function Documentation
◆ instance()
|
static |
Instantiate a new copy of an existing state.
The existing state is deep-copied to form the new returned state. Immutable parts of the state (such as symbolic expressions) are not actually copied since both states can safely refer to the same immutable data. See also, clone.
◆ create()
|
virtual |
Virtual constructor.
Constructs a new instance of a state from an existing state without copying the existing state. The register and memory address spaces will be set to the specified states and the optional interruptState will be a null pointer.
Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::PartialSymbolicSemantics::State.
◆ clone()
|
virtual |
Virtual copy constructor.
Allocates a new state object which is a deep copy of this state. States must be copyable objects because many analyses depend on being able to make a copy of the entire semantic state at each machine instruction, at each CFG vertex, etc.
Reimplemented in Rose::BinaryAnalysis::InstructionSemantics::PartialSymbolicSemantics::State.
◆ protoval()
| SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::protoval | ( | ) | const |
Property: Prototypical value.
The protoval is used to construct other values via its virtual constructors. For instance, if the protoval is of class Rose::BinaryAnalysis::InstructionSemantics::SymbolicSemantics::SValue then new values that need to be created as part of operations performed on this state will also be symbolic values. Similarly, if the protoval is a value of type Rose::BinaryAnalysis::InstructionSemantics::ConcreteSemantics::SValue then new values will be concrete values using that same type. This allows the state to support any user-defined value type even if it wasn't linked as part of the original ROSE library source code. One just has to be sure that the user-defined SValue type implements the correct virtual constructors named create and clone.
◆ insertAddressSpace()
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::insertAddressSpace | ( | const AddressSpacePtr & | ) |
Insert an address space into this state.
The specified address space, which must not be null, is appended to the list of address spaces for this state. A state can have any number of address spaces, but it usually has one register space and one memory space. It is also permissible for a state to have multiple address spaces with the same purpose property but which serve slightly different purposes, in which case functions that look up a space by its purpose generally return the first such space that's found.
◆ findFirstAddressSpace() [1/2]
| AddressSpacePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::findFirstAddressSpace | ( | AddressSpacePurpose | ) | const |
Find the first address space with the specified purpose.
Returns a pointer to the first address space in the addressSpaces such that its purpose is as specified. If no such address space exists, then the null pointer is returned.
◆ findFirstAddressSpace() [2/2]
| AddressSpacePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::findFirstAddressSpace | ( | AddressSpacePurpose | , |
| const std::string & | name | ||
| ) | const |
Find the first address space with the specified purpose and name.
Returns a pointer to the first address space in the addressSpaces such that its purpose and name are as specified. If no such address space exists, then the null pointer is returned.
◆ read()
| SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::read | ( | const AddressSpacePtr & | , |
| const AddressSpaceAddress & | , | ||
| const SValuePtr & | dflt, | ||
| RiscOperators & | addrOps, | ||
| RiscOperators & | valOps | ||
| ) |
Read a value from an address space.
Reads a value from the specified address space at the specified address. If the address space does not hold a value for that address then the specified default value is written to the address space and returned. The default value also determines how many bytes are read from the address space.
The addrOps and valOps arguments provide the operators that might be needed for the address and value, respectively. For instance, when reading multiple bytes from a memory address space, the address operators are used to increment the starting address and the value operators are used to concatenate the individual bytes. Oftentimes the address and value operators are the same.
The specified address space need not be an address space that's owned by either of the provided operator arguments, although it usually is owned by one or the other.
See also peek, which has no side effects.
◆ peek()
| SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::peek | ( | const AddressSpacePtr & | , |
| const AddressSpaceAddress & | , | ||
| const SValuePtr & | dflt, | ||
| RiscOperators & | addrOps, | ||
| RiscOperators & | valOps | ||
| ) |
Peek at a value in an address space.
This is similar to the read method except it has no side effects. See that method for more complete documentation.
◆ write()
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::write | ( | const AddressSpacePtr & | , |
| const AddressSpaceAddress & | , | ||
| const SValuePtr & | value, | ||
| RiscOperators & | addrOps, | ||
| RiscOperators & | valOps | ||
| ) |
Write a value to an address space.
The specified value is written to the address space at the specified address.
The addrOps and valOps arguments provide the operators that might be needed for the address and value, respectively. For instance, when writing multiple bytes to a memory address space, the address operators are used to increment the starting address and the value operators are used to extract the individual byte values. Oftentimes the address and value operators are the same.
The specified address space need not be an address space that's owned by either of the provided operator arguments, although it usually is owned by one or the other.
◆ merge()
|
virtual |
Merge operation for data flow analysis.
Merges the other state into this state. Returns true if this state changed, false otherwise. This method usually isn't overridden in subclasses since all the base implementation does is invoke the merge operation on each of the address spaces.
Every address space of other is merged into this state as follows: if this state has an address space with the same purpose and name the first such address space is chosen to be the target and the other address space is merged into the target. Otherwise, when this state has no matching target, the other address space is deep-copied into this state. Address spaces in this state that were not used as targets for any step are not modified by this function.
Returns true if this state was modified in any way, and false if no modifications occurred.
◆ clear()
|
virtual |
Initialize state.
All attached address spaces are cleared by calling their clear method, removing all addresses and values. The address spaces themselves are not removed from this state.
◆ zeroRegisters()
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::zeroRegisters | ( | ) |
Initialize all registers to zero.
Calls the BaseSemantics::RegisterState::zero method on each address space that inherits from BaseSemantics::RegisterState and whose purpose is REGISTERS. This causes the values for each register to be set to a concrete zero value.
◆ clearMemory()
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::clearMemory | ( | ) |
Clear all memory locations.
Calls the BaseSemantics::MemoryState::clear method on each address space that inherits from BaseSemantics::MemoryState. This causes the addresses and values to be removed from the memory states but does not remove the memory from this state.
◆ registerState()
| RegisterStatePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::registerState | ( | ) | const |
Property: Register state.
Returns the first address space of type BaseSemantics::RegisterState whose purpose is REGISTERS from this state's list of address spaces. If there is no such address space then a null pointer is returned.
◆ memoryState()
| MemoryStatePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::memoryState | ( | ) | const |
Property: Memory state.
Returns the first address space of type BaseSemantics::MemoryState whose purpose is AddressSpace::Purpose::MEMORY from this state's list of address spaces. If there is no such address space then a null pointer is returned.
◆ interruptState() [1/2]
| RegisterStatePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::interruptState | ( | ) | const |
Property: Interrupt state.
Returns the first address space of type BaseSemantics::RegisterState whose purpose is INTERRUPTS from this state's list of address spaces. If there is no such address space then a null pointer is returned.
The interrupt state is modeled as bit flags specifying whether the interrupt has been raised. Interrupts have concrete major and minor numbers that correspond to the RegisterDescriptor major and minor properties. It is permissible for this state to have a null interrupt state, in which case the BaseSemantics::RiscOperators do something else (such as throw an exception).
◆ interruptState() [2/2]
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::interruptState | ( | const RegisterStatePtr & | ) |
Property: Interrupt state.
If the specified state is non-null, then this function replaces the first address space of type BaseSemantics::RegisterState whose purpose is INTERRUPTS from this state's list of address spaces with the specified address space. If there is no such existing address space then the specified space is appended to the list of address spaces.
If the specified state is null, then the first address space of type BaseSemantics::RegisterState whose purpose is INTERRUPTS is removed from this state's list of address spaces. If there is no such existing state then this function does nothing.
◆ hasInterruptState()
| bool Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::hasInterruptState | ( | ) | const |
Tests whether an interrupt state is present.
A state may have an interrupt state (similar to the register and memory states). This function returns true if and only if the interrupt state is present.
See also interruptState, which returns a null pointer if the interrupt state is not present.
◆ readRegister()
|
virtual |
Read a value from a register.
Calls read on the address space returned by registerState, which must be non-null.
◆ peekRegister()
|
virtual |
Read register without side effects.
Calls peek on the address space returned by registerState, which must be non-null.
◆ writeRegister()
|
virtual |
Write a value to a register.
Calls write on the address space returned by registerState, which must be non-null.
◆ readMemory()
|
virtual |
Read a value from memory.
Calls read on the address space returned by memoryState, which must be non-null.
◆ peekMemory()
|
virtual |
Read from memory without side effects.
Calls peek on the address space returned by memoryState, which must be non-null.
◆ writeMemory()
|
virtual |
Write a value to memory.
Calls write on the address space returned by memoryState, which must be non-null.
◆ readInterrupt()
|
virtual |
Read an interrupt state.
Calls read on the address space returned by interruptState, if any. If there is no interrupt state then this function returns null.
The default value dflt value will be written to the interrupt state if that interrupt has no previous value. The default value and the return value (when non-null) are always Boolean values (single bits) to indicate whether that interrupt is raised.
◆ peekInterrupt()
|
virtual |
Read an interrupt state without side effects.
Calls peek on the address space returned by interruptState, if any. If there is no interrupt state then this function returns null.
The default value dflt value will be written to the interrupt state if that interrupt has no previous value. The default value and the return value (when non-null) are always Boolean values (single bits) to indicate whether that interrupt is raised.
◆ writeInterrupt()
|
virtual |
Write an interrupt state.
Calls write on the address space returned by interruptState, if any. If there is no interrupt state then this function returns false.
The value argument is Boolean (single bit) to indicate whether the interrupt has been raised.
◆ raiseInterrupt()
| SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::raiseInterrupt | ( | unsigned | major, |
| unsigned | minor, | ||
| RiscOperators * | valOps | ||
| ) |
Raise an interrupt.
Raises an interrupt by writing a concrete true value to the address space returned by interruptState, if any, and returns the interupt state's previous value. If there is no interrupt state then this function returns null.
◆ clearInterrupt()
| SValuePtr Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::clearInterrupt | ( | unsigned | major, |
| unsigned | minor, | ||
| RiscOperators * | valOps | ||
| ) |
Clear an interrupt.
Clears an interrupt by writing a concrete false value to the address space returned by interruptState, if any. If the interrupt state exists then the return value is the old Boolean value for that interrupt; otherwise this function returns a null pointer.
◆ isInterruptDefinitelyRaised()
| bool Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::isInterruptDefinitelyRaised | ( | unsigned | major, |
| unsigned | minor, | ||
| RiscOperators * | valOps | ||
| ) |
Test an interrupt.
Returns true if this state has an interrupt address space returned by interruptState, and the specified interrupt in that substate has a concrete true value. Returns false in all other cases.
If the caller needs to handle values other than concrete true and false (such as unknown states) then use readInterrupt or peekInterrupt instead.
◆ isInterruptDefinitelyClear()
| bool Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::isInterruptDefinitelyClear | ( | unsigned | major, |
| unsigned | minor, | ||
| RiscOperators * | valOps | ||
| ) |
Test an interrupt.
Returns true if this state has an interrupt sub-state returned by interruptState and the specified interrupt in that substate has a concrete false value. Returns false in all other cases.
If the caller needs to handle values other than concrete true and false (such as unknown states) then use readInterrupt or peekInterrupt instead.
◆ hash()
|
virtual |
Compute a hash of the state.
The hash is computed across all address spaces that are part of this state. That typically includes register values, memory addresses and values, and interrupts.
◆ printRegisters() [1/2]
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::printRegisters | ( | std::ostream & | stream, |
| const std::string & | prefix = "" |
||
| ) |
Print the register contents.
This method emits one line per register and contains the register name and its value. It gets the register state by calling registerState.
◆ printRegisters() [2/2]
|
virtual |
Print the register contents.
This method emits one line per register and contains the register name and its value. It gets the register state by calling registerState.
◆ printMemory() [1/2]
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::printMemory | ( | std::ostream & | stream, |
| const std::string & | prefix = "" |
||
| ) | const |
Print memory contents.
This simply calls the MemoryState::print method for the address space returned by memoryState, if any.
◆ printMemory() [2/2]
|
virtual |
Print memory contents.
This simply calls the MemoryState::print method for the address space returned by memoryState, if any.
◆ printInterrupts() [1/2]
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::printInterrupts | ( | std::ostream & | , |
| const std::string & | prefix = "" |
||
| ) |
Print interrupt states.
This method emits one line per interrupt and contains the interrupt major and minor numbers and a Boolean expression indicating whether the interrupt is currently raised. It uses the address space returned by interruptState, if any.
◆ printInterrupts() [2/2]
|
virtual |
Print interrupt states.
This method emits one line per interrupt and contains the interrupt major and minor numbers and a Boolean expression indicating whether the interrupt is currently raised. It uses the address space returned by interruptState, if any.
◆ print() [1/2]
| void Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::print | ( | std::ostream & | stream, |
| const std::string & | prefix = "" |
||
| ) | const |
Print the state.
This emits a multi-line string describing the contents of all address spaces. This typically includes an address space for the registers and another representing the memory. Other address spaces may be present also.
◆ print() [2/2]
|
virtual |
Print the state.
This emits a multi-line string describing the contents of all address spaces. This typically includes an address space for the registers and another representing the memory. Other address spaces may be present also.
◆ toString()
| std::string Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::toString | ( | ) | const |
Convert the state to a string for debugging.
This is intended mainly for debugging so that you can easily print the state from within a debugger.
◆ with_format()
|
inline |
Used for printing states with formatting.
The usual way to use this is:
Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.
Definition at line 452 of file State.h.
Referenced by operator+().
◆ operator+() [1/2]
|
inline |
Used for printing states with formatting.
The usual way to use this is:
Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.
Definition at line 453 of file State.h.
References with_format().
◆ operator+() [2/2]
| WithFormatter Rose::BinaryAnalysis::InstructionSemantics::BaseSemantics::State::operator+ | ( | const std::string & | linePrefix | ) |
Used for printing states with formatting.
The usual way to use this is:
Since specifying a line prefix string for indentation purposes is such a common use case, the indentation can be given instead of a format, as in the following code that indents the prefixes each line of the expression with four spaces.
The documentation for this class was generated from the following file:
