ROSE 0.11.145.147
|
Generate static semantics and attach to the AST.
ROSE normally uses dynamically generated semantics, where the user instantiates a state (where register and memory values are stored), attaches the state to a semantic domain (risc operators and an associated value type), and the "executes" an instruction and looks at the effect that occurred on the state. For instance, if one wants to see whether an instruction is a RET-like instruction, one constructs an initial state, executes the instruction in the chosen domain (e.g., symbolic), and then examines the final state. If the final state's instruction pointer register has a value which equal to the value stored in memory just past (above or below according to stack direction) the stack pointer register, then the instruction is behaving like an x86 RET instruction, at least on architectures that use this calling convention.
On the other hand, some people like to work with semantics that are represented statically as part of the AST. In this case, each instruction has a non-null SgAsmInstruction::semantics property that returns a list (SgAsmExprListExp) of semantic expression trees consisting mostly of SgAsmRiscOperation nodes. The list is in the order that the instruction's side effects occur. Many subtrees of the semantics
property are similar to each other, but cannot be shared due to the design of ROSE AST (each node has a single parent pointer). Thus the AST with static semantics attached can be many times larger than when using dynamic semantics.
By default, ROSE does not generate the static semantics, and each instruction's SgAsmInstruction::semantics property will be null. Semantics can be added to any instruction by executing the instruction in this StaticSemantics domain. Each time the instruction is executed in this domain its previous semantics are thrown away and recalculated, so you should generally only do this once; that's the nature that makes these semantics "static". If you want to calculate static semantics for lots of instructions, which is often the case, the attachInstructionSemantics functions can do that: they process an entire AST, adding semantics to all the instructions they find.
Classes | |
class | RiscOperators |
Basic semantic operations. More... | |
class | SValue |
Semantic values for generating static semantic ASTs. More... | |
Typedefs | |
typedef Sawyer::SharedPointer< class SValue > | SValuePtr |
Shared-ownership pointer for a static-semantics value. | |
typedef NullSemantics::RegisterState | RegisterState |
typedef NullSemantics::RegisterStatePtr | RegisterStatePtr |
typedef NullSemantics::MemoryState | MemoryState |
typedef NullSemantics::MemoryStatePtr | MemoryStatePtr |
typedef NullSemantics::State | State |
typedef NullSemantics::StatePtr | StatePtr |
typedef boost::shared_ptr< class RiscOperators > | RiscOperatorsPtr |
Shared-ownership pointer for basic semantic operations. | |
Functions | |
void | attachInstructionSemantics (SgNode *ast, const Architecture::BaseConstPtr &) |
Build and attach static semantics to all instructions. | |
void | attachInstructionSemantics (SgNode *ast, const BaseSemantics::DispatcherPtr &) |
Build and attach static semantics to all instructions. | |
typedef Sawyer::SharedPointer<class SValue> Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::SValuePtr |
Shared-ownership pointer for a static-semantics value.
Definition at line 67 of file StaticSemantics.h.
typedef NullSemantics::RegisterState Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RegisterState |
Definition at line 160 of file StaticSemantics.h.
typedef NullSemantics::RegisterStatePtr Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RegisterStatePtr |
Definition at line 161 of file StaticSemantics.h.
typedef NullSemantics::MemoryState Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::MemoryState |
Definition at line 163 of file StaticSemantics.h.
typedef NullSemantics::MemoryStatePtr Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::MemoryStatePtr |
Definition at line 164 of file StaticSemantics.h.
Definition at line 166 of file StaticSemantics.h.
typedef NullSemantics::StatePtr Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::StatePtr |
Definition at line 167 of file StaticSemantics.h.
typedef boost::shared_ptr<class RiscOperators> Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::RiscOperatorsPtr |
Shared-ownership pointer for basic semantic operations.
Definition at line 175 of file StaticSemantics.h.
void Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::attachInstructionSemantics | ( | SgNode * | ast, |
const Architecture::BaseConstPtr & | |||
) |
Build and attach static semantics to all instructions.
Traverses the specified AST to find instructions that have no static semantics yet. For each such instruction, static semantics are calculated and the instruction's SgAsmInstruction::semantics property is set to non-null and will contain a list of instruction side effects.
If processing lots of unrelated instructions, it is best to use the version of this function that takes a dispatcher, or virtual CPU, so that the same dispatcher can be used over and over. There is no register or memory state associated with a StaticSemantics dispatcher since all side effects are attached to the AST instead of being written to some state.
void Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::attachInstructionSemantics | ( | SgNode * | ast, |
const BaseSemantics::DispatcherPtr & | |||
) |
Build and attach static semantics to all instructions.
Traverses the specified AST to find instructions that have no static semantics yet. For each such instruction, static semantics are calculated and the instruction's SgAsmInstruction::semantics property is set to non-null and will contain a list of instruction side effects.
If processing lots of unrelated instructions, it is best to use the version of this function that takes a dispatcher, or virtual CPU, so that the same dispatcher can be used over and over. There is no register or memory state associated with a StaticSemantics dispatcher since all side effects are attached to the AST instead of being written to some state.