|
ROSE
0.11.123.0
|
Pointer analysis.
This class is the main analysis class for pointer detection. See the Rose::BinaryAnalysis::PointerDetection namespace for details.
Definition at line 227 of file PointerDetection.h.
#include <Rose/BinaryAnalysis/PointerDetection.h>
Public Member Functions | |
| Analysis () | |
| Default constructor. More... | |
| Analysis (const Disassembler::BasePtr &d, const Settings &settings=Settings()) | |
| Construct an analysis using a specific disassembler. More... | |
| Analysis (const InstructionSemantics::BaseSemantics::DispatcherPtr &cpu, const Settings &settings=Settings()) | |
| Construct an analysis using a specified dispatcher. More... | |
| const Settings & | settings () const |
| Property: Analysis settings. More... | |
| void | analyzeFunction (const Partitioner2::PartitionerConstPtr &, const Sawyer::SharedPointer< Partitioner2::Function > &) |
| Analyze one function. More... | |
| bool | hasResults () const |
| Whether a function has been analyzed. More... | |
| bool | didConverge () const |
| Whether the analysis results are valid. More... | |
| void | clearResults () |
| Clear analysis results. More... | |
| void | clearNonResults () |
| Clears everything but results. More... | |
| const PointerDescriptors & | codePointers () const |
| Property: Code pointers. More... | |
| const PointerDescriptors & | dataPointers () const |
| Property: Data pointers. More... | |
| InstructionSemantics::BaseSemantics::StatePtr | initialState () const |
| Initial state for analysis. More... | |
| InstructionSemantics::BaseSemantics::StatePtr | finalState () const |
| Final state for analysis. More... | |
|
inline |
Default constructor.
This creates an analyzer that is not suitable for analysis since it doesn't know anything about the architecture it would be analyzing. This is mostly for use in situations where an analyzer must be constructed as a member of another class's default constructor, in containers that initialize their contents with a default constructor, etc.
Definition at line 246 of file PointerDetection.h.
|
inlineexplicit |
Construct an analysis using a specific disassembler.
This constructor chooses a symbolic domain and a dispatcher appropriate for the disassembler's architecture.
Definition at line 252 of file PointerDetection.h.
|
inlineexplicit |
Construct an analysis using a specified dispatcher.
This constructor uses the supplied dispatcher and associated semantic domain. For best results, the semantic domain should be a symbolic domain that uses MemoryCellList and RegisterStateGeneric. These happen to also be the defaults used by InstructionSemantics::SymbolicSemantics.
Definition at line 263 of file PointerDetection.h.
|
inline |
Property: Analysis settings.
Returns the settings that are being used for this analysis. Settings are read-only, initialized by the constructor.
Definition at line 270 of file PointerDetection.h.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::analyzeFunction | ( | const Partitioner2::PartitionerConstPtr & | , |
| const Sawyer::SharedPointer< Partitioner2::Function > & | |||
| ) |
Analyze one function.
This analysis method uses Partitioner2 data structures which are generally faster than using the AST. The specified function need not be attached to the partitioner. Results of the analysis are stored in this analysis object to be queried after the analysis completes.
|
inline |
Whether a function has been analyzed.
Returns true if this analysis object holds results from analyzing a function. The results might be only approximations depending on whether didConverge also returns true.
Definition at line 283 of file PointerDetection.h.
|
inline |
Whether the analysis results are valid.
Returns true if hasResults is true and the analysis converted to a solution. If the analysis did not converge then the other results are only approximations.
Definition at line 289 of file PointerDetection.h.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::clearResults | ( | ) |
Clear analysis results.
Resets the analysis results so it looks like this analyzer is initialized but has not run yet. When this method returns, hasResults and didConverge will both return false.
| void Rose::BinaryAnalysis::PointerDetection::Analysis::clearNonResults | ( | ) |
Clears everything but results.
This resets the virtual CPU to the null pointer, possibly freeing some memory if the CPU isn't being used for other things. Once the CPU is removed it's no longer possible to do more analysis with this object.
|
inline |
Property: Code pointers.
These are memory addresses that store a value that was used to initialize the instruction pointer register. If sort is true then the return value is sorted lexically.
Definition at line 307 of file PointerDetection.h.
|
inline |
Property: Data pointers.
These are memory addresses that store a value that was used as an address to dereference other memory. If sort is true then the return value is sorted lexically.
Definition at line 315 of file PointerDetection.h.
|
inline |
Initial state for analysis.
Returns symbolic state that initialized the analysis. This is the state at the function entry address and is reinitialized each time analyzeFunction is called. This state is cleared by calling clearNonResults, after which this function returns a null pointer.
Definition at line 324 of file PointerDetection.h.
|
inline |
Final state for analysis.
Returns the symbolic state for the function return point. If the function has multiple return points then this is the state resulting from merging the states after each return. This state is initialized by calling analyzeFunction. It is cleared by calling clearNonResults, after which it returns a null pointer.
Definition at line 333 of file PointerDetection.h.
1.8.10