|
ROSE
0.11.83.2
|
Pointer analysis.
This class is the main analysis class for pointer detection. See the Rose::BinaryAnalysis::PointerDetection namespace for details.
Definition at line 166 of file PointerDetection.h.
#include <Rose/BinaryAnalysis/PointerDetection.h>
Public Member Functions | |
| Analysis () | |
| Default constructor. More... | |
| Analysis (Disassembler *d, const Settings &settings=Settings()) | |
| Construct an analysis using a specific disassembler. More... | |
| Analysis (const InstructionSemantics2::BaseSemantics::DispatcherPtr &cpu, const Settings &settings=Settings()) | |
| Construct an analysis using a specified dispatcher. More... | |
| const Settings & | settings () const |
| Property: Analysis settings. More... | |
| void | analyzeFunction (const Partitioner2::Partitioner &, const Sawyer::SharedPointer< Partitioner2::Function > &) |
| Analyze one function. More... | |
| bool | hasResults () const |
| Whether a function has been analyzed. More... | |
| bool | didConverge () const |
| Whether the analysis results are valid. More... | |
| void | clearResults () |
| Clear analysis results. More... | |
| void | clearNonResults () |
| Clears everything but results. More... | |
| const PointerDescriptors & | codePointers () const |
| Property: Code pointers. More... | |
| const PointerDescriptors & | dataPointers () const |
| Property: Data pointers. More... | |
| InstructionSemantics2::BaseSemantics::StatePtr | initialState () const |
| Initial state for analysis. More... | |
| InstructionSemantics2::BaseSemantics::StatePtr | finalState () const |
| Final state for analysis. More... | |
|
inline |
Default constructor.
This creates an analyzer that is not suitable for analysis since it doesn't know anything about the architecture it would be analyzing. This is mostly for use in situations where an analyzer must be constructed as a member of another class's default constructor, in containers that initialize their contents with a default constructor, etc.
Definition at line 185 of file PointerDetection.h.
|
inlineexplicit |
Construct an analysis using a specific disassembler.
This constructor chooses a symbolic domain and a dispatcher appropriate for the disassembler's architecture.
Definition at line 191 of file PointerDetection.h.
|
inlineexplicit |
Construct an analysis using a specified dispatcher.
This constructor uses the supplied dispatcher and associated semantic domain. For best results, the semantic domain should be a symbolic domain that uses MemoryCellList and RegisterStateGeneric. These happen to also be the defaults used by InstructionSemantics2::SymbolicSemantics.
Definition at line 202 of file PointerDetection.h.
|
inline |
Property: Analysis settings.
Returns the settings that are being used for this analysis. Settings are read-only, initialized by the constructor.
Definition at line 209 of file PointerDetection.h.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::analyzeFunction | ( | const Partitioner2::Partitioner & | , |
| const Sawyer::SharedPointer< Partitioner2::Function > & | |||
| ) |
Analyze one function.
This analysis method uses Partitioner2 data structures which are generally faster than using the AST. The specified function need not be attached to the partitioner. Results of the analysis are stored in this analysis object to be queried after the analysis completes.
|
inline |
Whether a function has been analyzed.
Returns true if this analysis object holds results from analyzing a function. The results might be only approximations depending on whether didConverge also returns true.
Definition at line 222 of file PointerDetection.h.
|
inline |
Whether the analysis results are valid.
Returns true if hasResults is true and the analysis converted to a solution. If the analysis did not converge then the other results are only approximations.
Definition at line 228 of file PointerDetection.h.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::clearResults | ( | ) |
Clear analysis results.
Resets the analysis results so it looks like this analyzer is initialized but has not run yet. When this method returns, hasResults and didConverge will both return false.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::clearNonResults | ( | ) |
Clears everything but results.
This resets the virtual CPU to the null pointer, possibly freeing some memory if the CPU isn't being used for other things. Once the CPU is removed it's no longer possible to do more analysis with this object.
|
inline |
Property: Code pointers.
These are memory addresses that store a value that was used to initialize the instruction pointer register. If sort is true then the return value is sorted lexically.
Definition at line 246 of file PointerDetection.h.
|
inline |
Property: Data pointers.
These are memory addresses that store a value that was used as an address to dereference other memory. If sort is true then the return value is sorted lexically.
Definition at line 254 of file PointerDetection.h.
|
inline |
Initial state for analysis.
Returns symbolic state that initialized the analysis. This is the state at the function entry address and is reinitialized each time analyzeFunction is called. This state is cleared by calling clearNonResults, after which this function returns a null pointer.
Definition at line 263 of file PointerDetection.h.
|
inline |
Final state for analysis.
Returns the symbolic state for the function return point. If the function has multiple return points then this is the state resulting from merging the states after each return. This state is initialized by calling analyzeFunction. It is cleared by calling clearNonResults, after which it returns a null pointer.
Definition at line 272 of file PointerDetection.h.
1.8.10