|
ROSE
0.9.10.47
|
Pointer analysis.
This class is the main analysis class for pointer detection. See the Rose::BinaryAnalysis::PointerDetection namespace for details.
Definition at line 165 of file BinaryPointerDetection.h.
#include <BinaryPointerDetection.h>
Public Member Functions | |
| Analysis () | |
| Default constructor. More... | |
| Analysis (Disassembler *d, const Settings &settings=Settings()) | |
| Construct an analysis using a specific disassembler. More... | |
| Analysis (const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, const Settings &settings=Settings()) | |
| Construct an analysis using a specified dispatcher. More... | |
| const Settings & | settings () const |
| Property: Analysis settings. More... | |
| void | analyzeFunction (const Partitioner2::Partitioner &, const Sawyer::SharedPointer< Partitioner2::Function > &) |
| Analyze one function. More... | |
| bool | hasResults () const |
| Whether a function has been analyzed. More... | |
| bool | didConverge () const |
| Whether the analysis results are valid. More... | |
| void | clearResults () |
| Clear analysis results. More... | |
| void | clearNonResults () |
| Clears everything but results. More... | |
| const PointerDescriptors & | codePointers () const |
| Property: Code pointers. More... | |
| const PointerDescriptors & | dataPointers () const |
| Property: Data pointers. More... | |
| InstructionSemantics2::BaseSemantics::StatePtr | initialState () const |
| Initial state for analysis. More... | |
| InstructionSemantics2::BaseSemantics::StatePtr | finalState () const |
| Final state for analysis. More... | |
|
inline |
Default constructor.
This creates an analyzer that is not suitable for analysis since it doesn't know anything about the architecture it would be analyzing. This is mostly for use in situations where an analyzer must be constructed as a member of another class's default constructor, in containers that initialize their contents with a default constructor, etc.
Definition at line 184 of file BinaryPointerDetection.h.
|
inlineexplicit |
Construct an analysis using a specific disassembler.
This constructor chooses a symbolic domain and a dispatcher appropriate for the disassembler's architecture.
Definition at line 190 of file BinaryPointerDetection.h.
|
inlineexplicit |
Construct an analysis using a specified dispatcher.
This constructor uses the supplied dispatcher and associated semantic domain. For best results, the semantic domain should be a symbolic domain that uses MemoryCellList and RegisterStateGeneric. These happen to also be the defaults used by InstructionSemantics2::SymbolicSemantics.
Definition at line 201 of file BinaryPointerDetection.h.
|
inline |
Property: Analysis settings.
Returns the settings that are being used for this analysis. Settings are read-only, initialized by the constructor.
Definition at line 208 of file BinaryPointerDetection.h.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::analyzeFunction | ( | const Partitioner2::Partitioner & | , |
| const Sawyer::SharedPointer< Partitioner2::Function > & | |||
| ) |
Analyze one function.
This analysis method uses Partitioner2 data structures which are generally faster than using the AST. The specified function need not be attached to the partitioner. Results of the analysis are stored in this analysis object to be queried after the analysis completes.
|
inline |
Whether a function has been analyzed.
Returns true if this analysis object holds results from analyzing a function. The results might be only approximations depending on whether didConverge also returns true.
Definition at line 221 of file BinaryPointerDetection.h.
|
inline |
Whether the analysis results are valid.
Returns true if hasResults is true and the analysis converted to a solution. If the analysis did not converge then the other results are only approximations.
Definition at line 227 of file BinaryPointerDetection.h.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::clearResults | ( | ) |
Clear analysis results.
Resets the analysis results so it looks like this analyzer is initialized but has not run yet. When this method returns, hasResults and didConverge will both return false.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::clearNonResults | ( | ) |
Clears everything but results.
This resets the virtual CPU to the null pointer, possibly freeing some memory if the CPU isn't being used for other things. Once the CPU is removed it's no longer possible to do more analysis with this object.
|
inline |
Property: Code pointers.
These are memory addresses that store a value that was used to initialize the instruction pointer register. If sort is true then the return value is sorted lexically.
Definition at line 245 of file BinaryPointerDetection.h.
|
inline |
Property: Data pointers.
These are memory addresses that store a value that was used as an address to dereference other memory. If sort is true then the return value is sorted lexically.
Definition at line 253 of file BinaryPointerDetection.h.
|
inline |
Initial state for analysis.
Returns symbolic state that initialized the analysis. This is the state at the function entry address and is reinitialized each time analyzeFunction is called. This state is cleared by calling clearNonResults, after which this function returns a null pointer.
Definition at line 262 of file BinaryPointerDetection.h.
|
inline |
Final state for analysis.
Returns the symbolic state for the function return point. If the function has multiple return points then this is the state resulting from merging the states after each return. This state is initialized by calling analyzeFunction. It is cleared by calling clearNonResults, after which it returns a null pointer.
Definition at line 271 of file BinaryPointerDetection.h.
1.8.5