ROSE 0.11.145.192
Classes | Public Types | Public Member Functions | Static Public Member Functions | List of all members
Rose::BinaryAnalysis::SystemCall Class Reference

Description

Analyzes basic blocks to get system call names.

After being initialized with information about how system calls operate, this analysis is able to analyze a basic block that contains a system call and return information about the call such as its name.

Definition at line 22 of file SystemCall.h.

#include <Rose/BinaryAnalysis/SystemCall.h>

Classes

struct  Declaration
 Declarative information about a system call. More...
 
class  Exception
 Exceptions for system call analysis. More...
 

Public Types

typedef Sawyer::Container::Map< uint64_t, DeclarationDeclarations
 Table of syscall declarations indexed by syscall IDs.
 

Public Member Functions

void declare (const Declaration &declaration)
 Declare a system call.
 
void declare (const std::vector< Declaration > &declarations)
 Declare multiple system calls.
 
void declare (const boost::filesystem::path &headerFileName)
 Declare multiple system calls by parsing a Linux header file.
 
const Declarationsdeclarations () const
 All declarations.
 
Sawyer::Optional< Declarationlookup (uint64_t id) const
 Look up a system call by ID number.
 
std::vector< Declarationlookup (const std::string &name) const
 Look up system calls by name.
 
SgAsmInstructionhasSystemCall (const Partitioner2::BasicBlockPtr &) const
 Determine whether a basic block has a system call.
 
virtual Sawyer::Optional< Declarationanalyze (const Partitioner2::PartitionerConstPtr &, const Partitioner2::BasicBlockPtr &, SgAsmInstruction *, const SmtSolver::Ptr &solver=SmtSolver::Ptr()) const
 Analyze a basic block and return the system calls.
 
virtual bool isSystemCall (SgAsmInstruction *) const
 Predicate to determine whether an instruction is a system call.
 
const AbstractLocationident () const
 Property: Abstract location that identifies the particular system call.
 
void ident (const AbstractLocation &location)
 Property: Abstract location that identifies the particular system call.
 

Static Public Member Functions

static std::vector< DeclarationparseHeaderFile (const boost::filesystem::path &headerFileName)
 Parse a Linux header file to obtain declarations for system calls.
 

Member Typedef Documentation

◆ Declarations

Table of syscall declarations indexed by syscall IDs.

Definition at line 49 of file SystemCall.h.

Constructor & Destructor Documentation

◆ ~SystemCall()

virtual Rose::BinaryAnalysis::SystemCall::~SystemCall ( )
inlinevirtual

Definition at line 56 of file SystemCall.h.

Member Function Documentation

◆ declarations()

const Declarations & Rose::BinaryAnalysis::SystemCall::declarations ( ) const
inline

All declarations.

Definition at line 68 of file SystemCall.h.

◆ lookup() [1/2]

Sawyer::Optional< Declaration > Rose::BinaryAnalysis::SystemCall::lookup ( uint64_t  id) const

Look up a system call by ID number.

There is at most one system call declaration per ID.

◆ lookup() [2/2]

std::vector< Declaration > Rose::BinaryAnalysis::SystemCall::lookup ( const std::string &  name) const

Look up system calls by name.

There can be more than one system call with the same name, although this is uncommon.

◆ hasSystemCall()

SgAsmInstruction * Rose::BinaryAnalysis::SystemCall::hasSystemCall ( const Partitioner2::BasicBlockPtr ) const

Determine whether a basic block has a system call.

If the specified basic block has a system call instruction, then the pointer to that instruction is returned. Otherwise a null pointer is returned. The determination is made by invoking isSystemCall for each instruction, which is intended to be a fairly inexpensive operation (certainly less expensive than analyze).

◆ ident() [1/2]

const AbstractLocation & Rose::BinaryAnalysis::SystemCall::ident ( ) const
inline

Property: Abstract location that identifies the particular system call.

This is a register or memory location that identifies which system call is being invoked. For instance, for a specimen that's intended to run on 32-bit i386 Linux, the identifying location is the EAX register.

Definition at line 92 of file SystemCall.h.

◆ ident() [2/2]

void Rose::BinaryAnalysis::SystemCall::ident ( const AbstractLocation location)
inline

Property: Abstract location that identifies the particular system call.

This is a register or memory location that identifies which system call is being invoked. For instance, for a specimen that's intended to run on 32-bit i386 Linux, the identifying location is the EAX register.

Definition at line 93 of file SystemCall.h.

◆ analyze()

virtual Sawyer::Optional< Declaration > Rose::BinaryAnalysis::SystemCall::analyze ( const Partitioner2::PartitionerConstPtr ,
const Partitioner2::BasicBlockPtr ,
SgAsmInstruction ,
const SmtSolver::Ptr solver = SmtSolver::Ptr() 
) const
virtual

Analyze a basic block and return the system calls.

Analyzes the basic block using the same instruction semantics as the partitioner. If an instruction is specified then it should be the instruction that is the actual system call within the specified basic block. If no instruction is specified then isSystemCall is invoked for each instruction and the first for which it returns true is considered to be the system call instruction.

If a system call instruction is specified or found, then the pre-instruction semantic state is queried according to ident to obtain a concrete value of a register or memory location. This value is looked up in the list of known system calls to return either a system call declaration or nothing.

Throws an exception if semantic analysis fails.


The documentation for this class was generated from the following file: