|
decompiler
1.0.0
|
A low-level variable or contiguous set of bytes described by an Address and a size. More...
#include <varnode.hh>
Public Types | |
| enum | varnode_flags { mark = 0x01, constant = 0x02, annotation = 0x04, input = 0x08, written = 0x10, insert = 0x20, implied = 0x40, explict = 0x80, typelock = 0x100, namelock = 0x200, nolocalalias = 0x400, volatil = 0x800, externref = 0x1000, readonly = 0x2000, persist = 0x4000, addrtied = 0x8000, unaffected = 0x10000, spacebase = 0x20000, indirectonly = 0x40000, directwrite = 0x80000, addrforce = 0x100000, mapped = 0x200000, indirect_creation = 0x400000, return_address = 0x800000, coverdirty = 0x1000000, precislo = 0x2000000, precishi = 0x4000000, indirectstorage = 0x8000000, hiddenretparm = 0x10000000, incidental_copy = 0x20000000, autolive_hold = 0x40000000 } |
| enum | addl_flags { activeheritage = 0x01, writemask = 0x02, vacconsume = 0x04, lisconsume = 0x08, ptrcheck = 0x10, ptrflow = 0x20, unsignedprint = 0x40, stack_store = 0x80, locked_input = 0x100, spacebase_placeholder = 0x200 } |
| Additional boolean properties on a Varnode. More... | |
Public Member Functions | |
| void | setHigh (HighVariable *tv, int2 mg) |
| Set the HighVariable owning this Varnode. | |
| const Address & | getAddr (void) const |
| Get the storage Address. | |
| AddrSpace * | getSpace (void) const |
| Get the AddrSpace storing this Varnode. | |
| uintb | getOffset (void) const |
| Get the offset (within its AddrSpace) where this is stored. | |
| int4 | getSize (void) const |
| Get the number of bytes this Varnode stores. | |
| int2 | getMergeGroup (void) const |
| Get the forced merge group of this Varnode. | |
| PcodeOp * | getDef (void) |
| Get the defining PcodeOp of this Varnode. | |
| const PcodeOp * | getDef (void) const |
| Get the defining PcodeOp. | |
| HighVariable * | getHigh (void) const |
| Get the high-level variable associated with this Varnode. More... | |
| SymbolEntry * | getSymbolEntry (void) const |
| Get symbol and scope information associated with this Varnode. | |
| uint4 | getFlags (void) const |
| Get all the boolean attributes. | |
| Datatype * | getType (void) const |
| Get the Datatype associated with this Varnode. | |
| void | setTempType (Datatype *t) const |
| Set the temporary Datatype. | |
| Datatype * | getTempType (void) const |
| Get the temporary Datatype (used during type propagation) | |
| void | setValueSet (ValueSet *v) const |
| Set the temporary ValueSet record. | |
| ValueSet * | getValueSet (void) const |
| Get the temporary ValueSet record. | |
| uint4 | getCreateIndex (void) const |
| Get the creation index. | |
| Cover * | getCover (void) const |
| Get Varnode coverage information. | |
| list< PcodeOp * >::const_iterator | beginDescend (void) const |
| Get iterator to list of syntax tree descendants (reads) | |
| list< PcodeOp * >::const_iterator | endDescend (void) const |
| Get the end iterator to list of descendants. | |
| uintb | getConsume (void) const |
| Get mask of consumed bits. | |
| void | setConsume (uintb val) |
| Set the mask of consumed bits (used by dead-code algorithm) | |
| bool | isConsumeList (void) const |
| Get marker used by dead-code algorithm. | |
| bool | isConsumeVacuous (void) const |
| Get marker used by dead-code algorithm. | |
| void | setConsumeList (void) |
| Set marker used by dead-code algorithm. | |
| void | setConsumeVacuous (void) |
| Set marker used by dead-code algorithm. | |
| void | clearConsumeList (void) |
| Clear marker used by dead-code algorithm. | |
| void | clearConsumeVacuous (void) |
| Clear marker used by dead-code algorithm. | |
| PcodeOp * | loneDescend (void) const |
| Return unique reading PcodeOp, or null if there are zero or more than 1. More... | |
| Address | getUsePoint (const Funcdata &fd) const |
| Get Address when this Varnode first comes into scope. More... | |
| int4 | printRawNoMarkup (ostream &s) const |
| Print a simple identifier for the Varnode. More... | |
| void | printRaw (ostream &s) const |
| Print a simple identifier plus additional info identifying Varnode with SSA form. More... | |
| void | printCover (ostream &s) const |
| Print raw coverage info about the Varnode. More... | |
| void | printInfo (ostream &s) const |
| Print raw attribute info about the Varnode. More... | |
| Varnode (int4 s, const Address &m, Datatype *dt) | |
| Construct a free Varnode. More... | |
| bool | operator< (const Varnode &op2) const |
| Comparison operator on Varnode. More... | |
| bool | operator== (const Varnode &op2) const |
| Equality operator. More... | |
| bool | operator!= (const Varnode &op2) const |
| Inequality operator. | |
| ~Varnode (void) | |
| Destructor. More... | |
| bool | intersects (const Varnode &op) const |
| Return true if the storage locations intersect. More... | |
| bool | intersects (const Address &op2loc, int4 op2size) const |
| Check intersection against an Address range. More... | |
| int4 | contains (const Varnode &op) const |
| Return info about the containment of op in this. More... | |
| int4 | characterizeOverlap (const Varnode &op) const |
| Return 0, 1, or 2 for "no overlap", "partial overlap", "identical storage". | |
| int4 | overlap (const Varnode &op) const |
| Return relative point of overlap between two Varnodes. More... | |
| int4 | overlap (const Address &op2loc, int4 op2size) const |
| Return relative point of overlap with Address range. More... | |
| uintb | getNZMask (void) const |
| Get the mask of bits within this that are known to be zero. | |
| int4 | termOrder (const Varnode *op) const |
| Compare two Varnodes based on their term order. More... | |
| void | printRawHeritage (ostream &s, int4 depth) const |
| Print a simple SSA subtree rooted at this. More... | |
| bool | isAnnotation (void) const |
| Is this an annotation? | |
| bool | isImplied (void) const |
| Is this an implied variable? | |
| bool | isExplicit (void) const |
| Is this an explicitly printed variable? | |
| bool | isConstant (void) const |
| Is this a constant? | |
| bool | isFree (void) const |
| Is this free, not in SSA form? | |
| bool | isInput (void) const |
| Is this an SSA input node? | |
| bool | isIllegalInput (void) const |
| Is this an abnormal input to the function? | |
| bool | isIndirectOnly (void) const |
| Is this read only by INDIRECT operations? | |
| bool | isExternalRef (void) const |
| Is this storage location mapped by the loader to an external location? | |
| bool | hasActionProperty (void) const |
| Will this Varnode be replaced dynamically? | |
| bool | isReadOnly (void) const |
| Is this a read-only storage location? | |
| bool | isVolatile (void) const |
| Is this a volatile storage location? | |
| bool | isPersist (void) const |
| Does this storage location persist beyond the end of the function? | |
| bool | isDirectWrite (void) const |
| Is this value affected by a legitimate function input. | |
| bool | isAddrTied (void) const |
| Are all Varnodes at this storage location components of the same high-level variable? | |
| bool | isAddrForce (void) const |
| Is this value forced into a particular storage location? | |
| bool | isAutoLive (void) const |
| Is this varnode exempt from dead-code removal? | |
| bool | isAutoLiveHold (void) const |
| Is there a temporary hold on dead-code removal? | |
| bool | isMapped (void) const |
| Is there or should be formal symbol information associated with this? | |
| bool | isUnaffected (void) const |
| Is this a value that is supposed to be preserved across the function? | |
| bool | isSpacebase (void) const |
| Is this location used to store the base point for a virtual address space? | |
| bool | isReturnAddress (void) const |
| Is this storage for a calls return address? | |
| bool | isPtrCheck (void) const |
| Has this been checked as a constant pointer to a mapped symbol? | |
| bool | isPtrFlow (void) const |
| Does this varnode flow to or from a known pointer. | |
| bool | isSpacebasePlaceholder (void) const |
| Is this used specifically to track stackpointer values? | |
| bool | hasNoLocalAlias (void) const |
| Are there (not) any local pointers that might affect this? | |
| bool | isMark (void) const |
| Has this been visited by the current algorithm? | |
| bool | isActiveHeritage (void) const |
| Is this currently being traced by the Heritage algorithm? | |
| bool | isStackStore (void) const |
| Was this originally produced by an explicit STORE. | |
| bool | isLockedInput (void) const |
| Is always an input, even if unused. | |
| bool | isIndirectZero (void) const |
| Is this just a special placeholder representing INDIRECT creation? | |
| bool | isExtraOut (void) const |
| Is this Varnode created indirectly by a CALL operation? | |
| bool | isPrecisLo (void) const |
| Is this the low portion of a double precision value? | |
| bool | isPrecisHi (void) const |
| Is this the high portion of a double precision value? | |
| bool | isIncidentalCopy (void) const |
| Does this varnode get copied as a side-effect. | |
| bool | isWriteMask (void) const |
| Is this (not) considered a true write location when calculating SSA form? | |
| bool | isUnsignedPrint (void) const |
| Must this be printed as unsigned. | |
| bool | isWritten (void) const |
| Does this have a defining write operation? | |
| bool | hasCover (void) const |
| Does this have Cover information? | |
| bool | hasNoDescend (void) const |
| Return true if nothing reads this Varnode. | |
| bool | constantMatch (uintb val) const |
| Return true if this is a constant with value val. | |
| int4 | isConstantExtended (uintb &val) const |
| bool | isHeritageKnown (void) const |
| Return true if this Varnode is linked into the SSA tree. | |
| bool | isTypeLock (void) const |
| Does this have a locked Datatype? | |
| bool | isNameLock (void) const |
| Does this have a locked name? | |
| void | setActiveHeritage (void) |
| Mark this as currently being linked into the SSA tree. | |
| void | clearActiveHeritage (void) |
| Mark this as not (actively) being linked into the SSA tree. | |
| void | setMark (void) const |
| Mark this Varnode for breadcrumb algorithms. | |
| void | clearMark (void) const |
| Clear the mark on this Varnode. | |
| void | setDirectWrite (void) |
| Mark this as directly affected by a legal input. | |
| void | clearDirectWrite (void) |
| Mark this as not directly affected by a legal input. | |
| void | setAddrForce (void) |
| Mark as forcing a value into this particular storage location. | |
| void | clearAddrForce (void) |
| Clear the forcing attribute. | |
| void | setImplied (void) |
| Mark this as an implied variable in the final C source. | |
| void | clearImplied (void) |
| Clear the implied mark on this Varnode. | |
| void | setExplicit (void) |
| Mark this as an explicit variable in the final C source. | |
| void | clearExplicit (void) |
| Clear the explicit mark on this Varnode. | |
| void | setReturnAddress (void) |
| Mark as storage location for a return address. | |
| void | clearReturnAddress (void) |
| Clear return address attribute. | |
| void | setPtrCheck (void) |
| Set this as checked for a constant symbol reference. | |
| void | clearPtrCheck (void) |
| Clear the pointer check mark on this Varnode. | |
| void | setPtrFlow (void) |
| Set this as flowing to or from pointer. | |
| void | clearPtrFlow (void) |
| Indicate that this varnode is not flowing to or from pointer. | |
| void | setSpacebasePlaceholder (void) |
| Mark this as a special Varnode for tracking stackpointer values. | |
| void | clearSpacebasePlaceholder (void) |
| Clear the stackpointer tracking mark. | |
| void | setPrecisLo (void) |
| Mark this as the low portion of a double precision value. | |
| void | clearPrecisLo (void) |
| Clear the mark indicating a double precision portion. | |
| void | setPrecisHi (void) |
| Mark this as the high portion of a double precision value. | |
| void | clearPrecisHi (void) |
| Clear the mark indicating a double precision portion. | |
| void | setWriteMask (void) |
| Mark this as not a true write when computing SSA form. | |
| void | clearWriteMask (void) |
| Clear the mark indicating this is not a true write. | |
| void | setAutoLiveHold (void) |
| Place temporary hold on dead code removal. | |
| void | clearAutoLiveHold (void) |
| Clear temporary hold on dead code removal. | |
| void | setUnsignedPrint (void) |
| Force this to be printed as unsigned. | |
| bool | updateType (Datatype *ct, bool lock, bool override) |
| (Possibly) set the Datatype given various restrictions More... | |
| void | setStackStore (void) |
| Mark as produced by explicit CPUI_STORE. | |
| void | setLockedInput (void) |
| Mark as existing input, even if unused. | |
| void | copySymbol (const Varnode *vn) |
| Copy symbol info from vn. More... | |
| void | copySymbolIfValid (const Varnode *vn) |
| Copy symbol info from vn if constant value matches. More... | |
| Datatype * | getLocalType (void) const |
| Calculate type of Varnode based on local information. More... | |
| bool | copyShadow (const Varnode *op2) const |
| Are this and op2 copied from the same source? More... | |
| void | saveXml (ostream &s) const |
| Save a description of this as an XML tag. More... | |
Static Public Member Functions | |
| static bool | comparePointers (const Varnode *a, const Varnode *b) |
| Compare Varnodes as pointers. | |
Private Member Functions | |
| void | updateCover (void) const |
| Internal function for update coverage information. More... | |
| void | calcCover (void) const |
| Turn on the Cover object for this Varnode. More... | |
| void | clearCover (void) const |
| Turn off any coverage information. More... | |
| void | setFlags (uint4 fl) const |
| Internal method for setting boolean attributes. More... | |
| void | clearFlags (uint4 fl) const |
| Internal method for clearing boolean attributes. More... | |
| void | setUnaffected (void) |
| Mark Varnode as unaffected. | |
| void | setInput (void) |
| Mark Varnode as input. | |
| void | setDef (PcodeOp *op) |
| Set the defining PcodeOp of this Varnode. More... | |
| bool | setSymbolProperties (SymbolEntry *entry) |
| Set properties from the given Symbol to this Varnode. More... | |
| void | setSymbolEntry (SymbolEntry *entry) |
| Attach a Symbol to this Varnode. More... | |
| void | setSymbolReference (SymbolEntry *entry, int4 off) |
| Attach a Symbol reference to this. More... | |
| void | addDescend (PcodeOp *op) |
| Add a descendant (reading) PcodeOp to this Varnode's list. More... | |
| void | eraseDescend (PcodeOp *op) |
| Erase a descendant (reading) PcodeOp from this Varnode's list. More... | |
| void | destroyDescend (void) |
| Clear all descendant (reading) PcodeOps. More... | |
Private Attributes | |
| uint4 | flags |
| The collection of boolean attributes for this Varnode. | |
| int4 | size |
| Size of the Varnode in bytes. | |
| uint4 | create_index |
| A unique one-up index assigned to Varnode at its creation. | |
| int2 | mergegroup |
| Which group of forced merges does this Varnode belong to. | |
| uint2 | addlflags |
| Additional flags. | |
| Address | loc |
| Storage location (or constant value) of the Varnode. | |
| PcodeOp * | def |
| The defining operation of this Varnode. | |
| HighVariable * | high |
| High-level variable of which this is an instantiation. | |
| SymbolEntry * | mapentry |
| cached SymbolEntry associated with Varnode | |
| Datatype * | type |
| Datatype associated with this varnode. | |
| VarnodeLocSet::iterator | lociter |
| Iterator into VarnodeBank sorted by location. | |
| VarnodeDefSet::iterator | defiter |
| Iterator into VarnodeBank sorted by definition. | |
| list< PcodeOp * > | descend |
| List of every op using this varnode as input. | |
| Cover * | cover |
| Addresses covered by the def->use of this Varnode. | |
| union { | |
| Datatype * dataType | |
| Temporary data-type associated with this for use in type propagate algorithm. | |
| ValueSet * valueSet | |
| Value set associated with this when performing Value Set Analysis. | |
| } | temp |
| Temporary storage for analysis algorithms. | |
| uintb | consumed |
| What parts of this varnode are used. | |
| uintb | nzm |
| Which bits do we know are zero. | |
Friends | |
| class | VarnodeBank |
| class | Merge |
| class | Funcdata |
A low-level variable or contiguous set of bytes described by an Address and a size.
A Varnode is the fundemental variable in the p-code language model. A Varnode represents anything that holds data, including registers, stack locations, global RAM locations, and constants. It is described most simply as a storage location for some number of bytes, and is identified by
In its raw form, the Varnode is referred to as free, and this pair uniquely identifies the Varnode, as determined by its comparison operators. In terms of the Static Single Assignment (SSA) form for the decompiler analysis, the Varnode class also represents a node in the tree. In this case the Varnode is not free, and each individual write to a storage location, as per SSA form, creates a unique Varnode, which is represented by a separate instance, so there may be multiple Varnode instances with the same Address and size.
| enum Varnode::addl_flags |
Additional boolean properties on a Varnode.
| Enumerator | |
|---|---|
| activeheritage |
The varnode is actively being heritaged. |
| writemask |
Should not be considered a write in heritage calculation. |
| vacconsume |
Vacuous consume. |
| lisconsume |
In consume worklist. |
| ptrcheck |
The Varnode value is NOT a pointer. |
| ptrflow |
If this varnode flows to or from a pointer. |
| unsignedprint |
Constant that must be explicitly printed as unsigned. |
| stack_store |
Created by an explicit STORE. |
| locked_input |
Input that exists even if its unused. |
| spacebase_placeholder |
value at a specific point in the code This varnode is inserted artificially to track a register |
There are a large number of boolean attributes that can be placed on a Varnode. Some are calculated and maintained by the friend classes Funcdata and VarnodeBank, and others can be set and cleared publicly by separate subsystems.
| Enumerator | |
|---|---|
| mark |
Prevents infinite loops. |
| constant |
The varnode is constant. |
| annotation |
This varnode is an annotation and has no dataflow. |
| input |
This varnode has no ancestor. |
| written |
This varnode has a defining op (def is nonzero) |
| insert |
This varnode has been inserted in a tree This means the varnode is the output of an op or The output is a constant or the output is an input |
| implied |
This varnode is a temporary variable. |
| explict |
This varnode CANNOT be a temporary variable. |
| typelock |
The Dataype of the Varnode is locked. |
| namelock |
The Name of the Varnode is locked. |
| nolocalalias |
There are no aliases pointing to this varnode. |
| volatil |
This varnode's value is volatile. |
| externref |
Varnode address is specially mapped by the loader. |
| readonly |
Varnode is stored at a readonly location. |
| persist |
Persists after (and before) function. |
| addrtied |
High-level variable is tied to address. |
| unaffected |
Input which is unaffected by the function. |
| spacebase |
This is a base register for an address space. |
| indirectonly |
If all uses of illegalinput varnode are inputs to INDIRECT. |
| directwrite |
(could be) Directly affected by a valid input |
| addrforce |
Varnode is used to force variable into an address. |
| mapped |
Varnode has a database entry associated with it. |
| indirect_creation |
The value in this Varnode is created indirectly. |
| return_address |
Is the varnode storage for a return address. |
| coverdirty |
Cover is not upto date. |
| precislo |
Is this Varnode the low part of a double precision value. |
| precishi |
Is this Varnode the high part of a double precision value. |
| indirectstorage |
Is this Varnode storing a pointer to the actual symbol. |
| hiddenretparm |
Does this varnode point to the return value storage location. |
| incidental_copy |
Do copies of this varnode happen as a side-effect. |
| autolive_hold |
Temporarily block dead-code removal of this. |
Construct a free Varnode.
This is the constructor for making an unmanaged Varnode It creates a free Varnode with possibly a Datatype attribute. Most applications create Varnodes through the Funcdata interface
References addlflags, annotation, constant, consumed, cover, coverdirty, def, flags, Address::getOffset(), Address::getSpace(), AddrSpace::getType(), high, IPTR_CONSTANT, IPTR_FSPEC, IPTR_IOP, mapentry, mergegroup, nzm, size, and type.
| Varnode::~Varnode | ( | void | ) |
Destructor.
Delete the Varnode object. This routine assumes all other cross-references have been removed.
References cover, high, HighVariable::isUnattached(), and HighVariable::remove().
|
private |
Add a descendant (reading) PcodeOp to this Varnode's list.
Put a new operator in the descendant list and set the cover dirty flag
| op | is PcodeOp to add |
References coverdirty.
Referenced by Funcdata::opSetInput(), and VarnodeBank::replace().
|
private |
Turn on the Cover object for this Varnode.
Initialize a new Cover and set dirty bit so that updateCover will rebuild.
References coverdirty.
Referenced by Funcdata::assignHigh(), and Funcdata::setVarnodeProperties().
|
private |
Turn off any coverage information.
Delete the Cover object. Used for dead Varnodes before full deletion.
Referenced by Funcdata::clearDeadVarnodes(), and Funcdata::opUnsetOutput().
|
private |
Internal method for clearing boolean attributes.
Clear desired boolean attributes on this Varnode and then set dirty bits if appropriate
| fl | is the mask containing the list of attributes to clear |
References coverdirty.
Referenced by Funcdata::clearSymbolLinks(), Funcdata::fillinReadOnly(), VarnodeBank::makeFree(), and Funcdata::syncVarnodesWithSymbol().
| int4 Varnode::contains | ( | const Varnode & | op | ) | const |
Return info about the containment of op in this.
Return various values depending on the containment of another Varnode within this. Return
| op | is the Varnode to test for containment |
References Address::getOffset(), Address::getSpace(), IPTR_CONSTANT, loc, and size.
Referenced by ActionMarkExplicit::baseExplicit().
| bool Varnode::copyShadow | ( | const Varnode * | op2 | ) | const |
Are this and op2 copied from the same source?
Make a local determination if this and op2 hold the same value. We check if there is a common ancester for which both this and op2 are created from a direct sequence of COPY operations. NOTE: This is a transitive relationship
| op2 | is the Varnode to compare to this |
References PcodeOp::code(), CPUI_COPY, getDef(), PcodeOp::getIn(), and isWritten().
Referenced by Merge::blockIntersection(), Merge::buildDominantCopy(), Merge::eliminateIntersect(), Merge::hideShadows(), and Merge::inflateTest().
| void Varnode::copySymbol | ( | const Varnode * | vn | ) |
Copy symbol info from vn.
Copy any symbol and type information from -vn- into this
| vn | is the Varnode to copy from |
References flags, mapentry, namelock, type, and typelock.
Referenced by RuleAndCompare::applyOp(), RuleAddUnsigned::applyOp(), Funcdata::opSetInput(), and Funcdata::replaceLessequal().
| void Varnode::copySymbolIfValid | ( | const Varnode * | vn | ) |
Copy symbol info from vn if constant value matches.
Symbol information (if present) is copied from the given constant Varnode into this, which also must be constant, but only if the two constants are close in the sense of an equate.
| vn | is the given constant Varnode |
References SymbolEntry::getSymbol(), getSymbolEntry(), and EquateSymbol::isValueClose().
Referenced by RuleRangeMeld::applyOp(), RuleEqual2Zero::applyOp(), and PcodeOp::collapseConstantSymbol().
|
private |
Clear all descendant (reading) PcodeOps.
Completely clear the descendant list Only called if Varnode is about to be irrevocably destroyed
Referenced by Funcdata::destroyVarnode().
|
private |
Erase a descendant (reading) PcodeOp from this Varnode's list.
Erase the operation from our descendant list and set the cover dirty flag
| op | is the PcodeOp to remove |
References coverdirty.
Referenced by Funcdata::opUnsetInput().
| HighVariable * Varnode::getHigh | ( | void | ) | const |
Get the high-level variable associated with this Varnode.
During the course of analysis Varnodes are merged into high-level variables that are intended to be closer to the concept of variables in C source code. For a large portion of the decompiler analysis this concept hasn't been built yet, and this routine will return null. But after a certain point, every Varnode managed by the Funcdata object, with the exception of ones that are marked as annotations, is associated with some HighVariable and will return a non-null result.
Referenced by ActionSetCasts::apply(), ActionMarkImplied::apply(), ActionNameVars::apply(), CastStrategyC::arithmeticOutputStandard(), ActionMarkExplicit::baseExplicit(), Scope::buildDefaultName(), Merge::buildDominantCopy(), Funcdata::buildDynamicSymbol(), ActionSetCasts::castOutput(), ActionMarkImplied::checkImpliedCover(), Funcdata::coverVarnodes(), PrintC::emitInplaceOp(), Merge::findAllIntoCopies(), Funcdata::findHigh(), Merge::findSingleCopy(), MapState::gatherHighs(), TypeOp::getInputCast(), TypeOpCopy::getInputCast(), TypeOpLoad::getInputCast(), TypeOpStore::getInputCast(), TypeOpEqual::getInputCast(), TypeOpNotEqual::getInputCast(), TypeOpIntSless::getInputCast(), TypeOpIntSlessEqual::getInputCast(), TypeOpIntLess::getInputCast(), TypeOpIntLessEqual::getInputCast(), TypeOpIntZext::getInputCast(), TypeOpIntSext::getInputCast(), TypeOpIntRight::getInputCast(), TypeOpIntSright::getInputCast(), TypeOpIntDiv::getInputCast(), TypeOpIntSdiv::getInputCast(), TypeOpIntRem::getInputCast(), TypeOpIntSrem::getInputCast(), TypeOpPtradd::getInputCast(), TypeOpPtrsub::getInputCast(), TypeOpCopy::getOutputToken(), TypeOpLoad::getOutputToken(), TypeOpIntLeft::getOutputToken(), TypeOpIntRight::getOutputToken(), TypeOpIntSright::getOutputToken(), TypeOpPtradd::getOutputToken(), TypeOpPtrsub::getOutputToken(), TypeOpSegment::getOutputToken(), BlockSwitch::getSwitchType(), Funcdata::handleSymbolConflict(), Merge::inflate(), Merge::inflateTest(), CastStrategyC::isExtensionCastImplied(), Funcdata::linkSymbol(), Funcdata::linkSymbolReference(), ActionNameVars::linkSymbols(), CastStrategyC::localExtensionType(), ActionNameVars::lookForBadJumpTables(), ActionNameVars::lookForFuncParamNames(), ActionNameVars::makeRec(), Funcdata::mapGlobals(), TypeOp::markExplicitUnsigned(), Merge::markInternalCopies(), Merge::mergeAdjacent(), Merge::mergeIndirect(), Merge::mergeOp(), Merge::mergeOpcode(), Merge::mergeRangeMust(), Merge::mergeTest(), PrintC::opIntSext(), PrintC::opIntZext(), PrintC::opPtradd(), PrintC::opPtrsub(), PrintC::opSubpiece(), PrintC::opTypeCast(), PrintC::push_integer(), PrintC::pushSymbol(), PrintLanguage::pushVnExplicit(), PrintLanguage::pushVnLHS(), ScopeLocal::recoverNameRecommendationsForSymbols(), Funcdata::remapDynamicVarnode(), Funcdata::remapVarnode(), Funcdata::saveXmlHigh(), Merge::shadowedVarnode(), Merge::snipIndirect(), Funcdata::syncVarnodesWithSymbol(), and FuncProto::updateInputTypes().
| Datatype * Varnode::getLocalType | ( | void | ) | const |
Calculate type of Varnode based on local information.
Make an initial determination of the Datatype of this Varnode. If a Datatype is already set and locked return it. Otherwise look through all the read PcodeOps and the write PcodeOp to determine if the Varnode is getting used as an int, float, or pointer, etc. Throw an exception if no Datatype can be found at all.
References def, descend, PcodeOp::getSlot(), PcodeOp::inputTypeLocal(), isTypeLock(), PcodeOp::outputTypeLocal(), type, and Datatype::typeOrder().
Referenced by ActionInferTypes::buildLocaltypes().
Get Address when this Varnode first comes into scope.
A Varnode can be defined as "coming into scope" at the Address of the first PcodeOp that writes to that storage location. Within SSA form this first-use address always exists and is unique if we consider inputs to come into scope at the start Address of the function they are in
| fd | is the Funcdata containing the tree |
References def, PcodeOp::getAddr(), Funcdata::getAddress(), and isWritten().
Referenced by Scope::buildDefaultName(), Funcdata::coverVarnodes(), Funcdata::findLinkedVarnode(), Funcdata::findLinkedVarnodes(), Funcdata::linkSymbol(), Funcdata::setVarnodeProperties(), and Funcdata::syncVarnodesWithSymbols().
| bool Varnode::intersects | ( | const Varnode & | op | ) | const |
Return true if the storage locations intersect.
Check whether the storage locations of two varnodes intersect
| op | is the Varnode to compare with this |
References Address::getOffset(), Address::getSpace(), IPTR_CONSTANT, loc, and size.
| bool Varnode::intersects | ( | const Address & | op2loc, |
| int4 | op2size | ||
| ) | const |
Check intersection against an Address range.
Check if this intersects the given Address range
| op2loc | is the start of the range |
| op2size | is the size of the range in bytes |
References Address::getOffset(), Address::getSpace(), and IPTR_CONSTANT.
| int4 Varnode::isConstantExtended | ( | uintb & | val | ) | const |
Is this an (extended) constant
If this is a constant, or is extended (INT_ZEXT,INT_SEXT) from a constant, the value of the constant is passed back and a non-negative integer is returned, either:
| val | is a reference to the constant value that is passed back |
References PcodeOp::code(), CPUI_INT_SEXT, CPUI_INT_ZEXT, def, PcodeOp::getIn(), getOffset(), isConstant(), and isWritten().
Referenced by RuleDivTermAdd::applyOp(), and RuleDivOpt::findForm().
| PcodeOp * Varnode::loneDescend | ( | void | ) | const |
Return unique reading PcodeOp, or null if there are zero or more than 1.
This is a convenience method for quickly finding the unique PcodeOp that reads this Varnode
References descend.
Referenced by ActionConstantPtr::apply(), RuleCollectTerms::applyOp(), RulePushMulti::applyOp(), RuleHighOrderAnd::applyOp(), RuleAndCommute::applyOp(), RuleLeftRight::applyOp(), RuleShiftCompare::applyOp(), RuleZextEliminate::applyOp(), RuleBoolZext::applyOp(), RuleXorCollapse::applyOp(), RuleLoadVarnode::applyOp(), RuleSubCommute::applyOp(), RuleZextShiftZext::applyOp(), RuleShiftAnd::applyOp(), RuleSubZext::applyOp(), RuleSLess2Zero::applyOp(), RulePushPtr::applyOp(), Rule2Comp2Sub::applyOp(), RuleSubRight::applyOp(), RuleSubvarSubpiece::applyOp(), Funcdata::attemptDynamicMappingLate(), DynamicHash::buildVnDown(), RuleSubCommute::cancelExtensions(), ActionSetCasts::castInput(), RuleOrPredicate::checkSingle(), TermOrder::collect(), ValueSetSolver::establishValueSets(), FuncCallSpecs::findPreexistingWhole(), Heritage::floatExtensionRead(), DynamicHash::gatherFirstLevelVars(), TypeOpStore::getInputCast(), Funcdata::linkSymbolReference(), TypeOp::markExplicitUnsigned(), opFlipInPlaceExecute(), opFlipInPlaceTest(), ActionConditionalConst::propagateConstant(), Heritage::refineRead(), Funcdata::replaceVolatile(), ActionConstantPtr::searchForLoadStore(), and Heritage::splitJoinRead().
| bool Varnode::operator< | ( | const Varnode & | op2 | ) | const |
| bool Varnode::operator== | ( | const Varnode & | op2 | ) | const |
| int4 Varnode::overlap | ( | const Varnode & | op | ) | const |
Return relative point of overlap between two Varnodes.
Return whether Least Signifigant Byte of this occurs in op I.e. return
| op | is Varnode to test for overlap |
Referenced by RuleSubRight::applyOp(), ActionMarkExplicit::baseExplicit(), AncestorRealistic::enterNode(), Merge::markInternalCopies(), Heritage::normalizeReadSize(), Heritage::normalizeWriteSize(), Heritage::removeRevisitedMarkers(), and Funcdata::setInputVarnode().
| int4 Varnode::overlap | ( | const Address & | op2loc, |
| int4 | op2size | ||
| ) | const |
Return relative point of overlap with Address range.
Return whether Least Signifigant Byte of this occurs in an Address range I.e. return
| op2loc | is the starting Address of the range |
| op2size | is the size of the range in bytes |
| void Varnode::printCover | ( | ostream & | s | ) | const |
Print raw coverage info about the Varnode.
Print, to a stream, textual information about where this Varnode is in scope within its particular Funcdata. This amounts to a list of address ranges bounding the writes and reads of the Varnode
| s | is the output stream |
References coverdirty.
| void Varnode::printInfo | ( | ostream & | s | ) | const |
Print raw attribute info about the Varnode.
Print boolean attribute information about this as keywords to a stream
| s | is the output stream |
Referenced by HighVariable::printInfo(), and Funcdata::printVarnodeTree().
| void Varnode::printRaw | ( | ostream & | s | ) | const |
Print a simple identifier plus additional info identifying Varnode with SSA form.
Print textual information about this Varnode including a base identifier along with enough size and attribute information to uniquely identify the Varnode within a text SSA listing In particular, the identifiers have either "i" or defining op SeqNum information appended to them in parantheses.
| s | is the output stream |
References constant, def, flags, PcodeOp::getSeqNum(), input, insert, isWritten(), printRawNoMarkup(), and size.
Referenced by ActionPrototypeWarnings::apply(), TypeOpCallother::getOperatorName(), TypeOpBinary::printRaw(), TypeOpUnary::printRaw(), TypeOpFunc::printRaw(), TypeOpCopy::printRaw(), TypeOpLoad::printRaw(), TypeOpStore::printRaw(), TypeOpBranch::printRaw(), TypeOpCbranch::printRaw(), TypeOpBranchind::printRaw(), TypeOpCall::printRaw(), TypeOpCallind::printRaw(), TypeOpCallother::printRaw(), TypeOpReturn::printRaw(), TypeOpIntSright::printRaw(), TypeOpMulti::printRaw(), TypeOpIndirect::printRaw(), TypeOpCast::printRaw(), TypeOpPtradd::printRaw(), TypeOpPtrsub::printRaw(), TypeOpSegment::printRaw(), TypeOpCpoolref::printRaw(), TypeOpNew::printRaw(), and printRawHeritage().
| void Varnode::printRawHeritage | ( | ostream & | s, |
| int4 | depth | ||
| ) | const |
Print a simple SSA subtree rooted at this.
Recursively print a terse textual representation of the data-flow (SSA) tree rooted at this Varnode
| s | is the output stream |
| depth | is the current depth of the tree we are at |
References annotation, constant, def, flags, PcodeOp::getIn(), PcodeOp::getSeqNum(), input, isConstant(), PcodeOp::numInput(), printRaw(), PcodeOp::printRaw(), and printRawHeritage().
Referenced by printRawHeritage().
| int4 Varnode::printRawNoMarkup | ( | ostream & | s | ) | const |
Print a simple identifier for the Varnode.
Print to the stream either the name of the Varnode, such as a register name, if it exists or print a shortcut character representing the AddrSpace and a hex representation of the offset. This function also computes and returns the expected size of the identifier it prints to facilitate the printing of size modifiers by other print routines
| s | is the output stream |
References AddrSpaceManager::getDefaultSize(), Address::getOffset(), Translate::getRegister(), Translate::getRegisterName(), Address::getShortcut(), Address::getSpace(), AddrSpace::getTrans(), loc, Address::printRaw(), and size.
Referenced by Heritage::heritage(), and printRaw().
| void Varnode::saveXml | ( | ostream & | s | ) | const |
Save a description of this as an XML tag.
Write an XML tag, <addr>, with at least the following attributes:
Additionally the tag will contain other optional attributes.
| s | is the stream to write the tag to |
References a_v_i(), a_v_u(), getCreateIndex(), getMergeGroup(), Address::getOffset(), Address::getSpace(), isAddrTied(), isInput(), isPersist(), isUnaffected(), loc, mergegroup, AddrSpace::saveXmlAttributes(), and size.
Referenced by Funcdata::saveVarnodeXml().
|
private |
Set the defining PcodeOp of this Varnode.
Directly change the defining PcodeOp and set appropriate dirty bits
| op | is the pointer to the new PcodeOp, which can be null |
References coverdirty, and written.
Referenced by VarnodeBank::createDef(), VarnodeBank::makeFree(), and VarnodeBank::setDef().
|
private |
Internal method for setting boolean attributes.
Set desired boolean attributes on this Varnode and then set dirty bits if appropriate
| fl | is the mask containing the list of attributes to set |
References coverdirty.
Referenced by Funcdata::cloneVarnode(), Funcdata::markIndirectOnly(), Funcdata::newCodeRef(), Funcdata::newVarnode(), Funcdata::newVarnodeOut(), Funcdata::nodeSplitCloneVarnode(), VarnodeBank::replace(), Funcdata::setVarnodeProperties(), Funcdata::spacebase(), Funcdata::spacebaseConstant(), Funcdata::syncVarnodesWithSymbol(), Funcdata::transferVarnodeProperties(), and VarnodeBank::xref().
|
private |
Attach a Symbol to this Varnode.
A reference to the given Symbol is set on this Varnode. The data-type on this Varnode is not changed.
| entry | is a mapping to the given Symbol |
References SymbolEntry::getSymbol(), Symbol::isNameLocked(), mapped, and namelock.
Referenced by Funcdata::attemptDynamicMapping(), Funcdata::attemptDynamicMappingLate(), Funcdata::buildDynamicSymbol(), Funcdata::handleSymbolConflict(), Funcdata::linkSymbol(), Funcdata::remapDynamicVarnode(), and Funcdata::remapVarnode().
|
private |
Set properties from the given Symbol to this Varnode.
The given Symbol's data-type and flags are inherited by this Varnode. If the Symbol is type-locked, a reference to the Symbol is set on this Varnode.
| entry | is a mapping to the given Symbol |
References SymbolEntry::getAllFlags(), SymbolEntry::getSymbol(), Symbol::isTypeLocked(), and SymbolEntry::updateType().
Referenced by Funcdata::attemptDynamicMapping(), Funcdata::newVarnode(), Funcdata::newVarnodeOut(), and Funcdata::setVarnodeProperties().
|
private |
Attach a Symbol reference to this.
Link Symbol information to this as a reference. This only works for a constant Varnode. This used when there is a constant address reference to the Symbol and the Varnode holds the reference, not the actual value of the Symbol.
| entry | is a mapping to the given Symbol is the byte offset into the Symbol of the reference |
References SymbolEntry::getSymbol().
Referenced by Funcdata::linkSymbolReference().
| int4 Varnode::termOrder | ( | const Varnode * | op | ) | const |
Compare two Varnodes based on their term order.
Compare term order of two Varnodes. Used in Term Rewriting strategies to order operands of commutative ops
| op | is the Varnode to order against this |
References PcodeOp::code(), CPUI_INT_MULT, getAddr(), getDef(), PcodeOp::getIn(), isConstant(), and isWritten().
Referenced by TermOrder::additiveCompare().
|
private |
Internal function for update coverage information.
Rebuild variable cover based on where the Varnode is defined and read. This is only called by the Merge class which knows when to call it properly
References coverdirty.
Referenced by Merge::updateHigh().
| bool Varnode::updateType | ( | Datatype * | ct, |
| bool | lock, | ||
| bool | override | ||
| ) |
(Possibly) set the Datatype given various restrictions
Change the Datatype and lock state associated with this Varnode if various conditions are met
| ct | is the Datatype to change to |
| lock | is true if the new Datatype should be locked |
| override | is true if an old lock should be overridden |
References Datatype::getMetatype(), TYPE_UNKNOWN, and typelock.
Referenced by ActionPrototypeTypes::apply(), RuleTransformCpool::applyOp(), RulePtrsubCharConstant::applyOp(), ScopeLocal::applyTypeRecommendations(), ActionSetCasts::castInput(), ActionSetCasts::castOutput(), Funcdata::fillinReadOnly(), Funcdata::opUndoPtradd(), RulePtrsubCharConstant::pushConstFurther(), Funcdata::spacebase(), Funcdata::spacebaseConstant(), Funcdata::syncVarnodesWithSymbol(), SymbolEntry::updateType(), and ActionInferTypes::writeBack().
1.8.11