My Project
|
A function prototype. More...
#include <fspec.hh>
Public Member Functions | |
FuncProto (void) | |
Constructor. | |
~FuncProto (void) | |
Destructor. | |
Architecture * | getArch (void) const |
Get the Architecture owning this. | |
void | copy (const FuncProto &op2) |
Copy another function prototype. More... | |
void | copyFlowEffects (const FuncProto &op2) |
Copy properties that affect data-flow. | |
void | getPieces (PrototypePieces &pieces) const |
Get the raw pieces of the prototype. More... | |
void | setPieces (const PrototypePieces &pieces) |
Set this prototype based on raw pieces. More... | |
void | setScope (Scope *s, const Address &startpoint) |
Set a backing symbol Scope for this. More... | |
void | setInternal (ProtoModel *m, Datatype *vt) |
Set internal backing storage for this. More... | |
void | setModel (ProtoModel *m) |
Set the prototype model for this. More... | |
bool | hasModel (void) const |
Does this prototype have a model. | |
bool | hasMatchingModel (const FuncProto *op2) const |
Does this have a matching model. | |
bool | hasMatchingModel (const ProtoModel *op2) const |
Does this use the given model. | |
const string & | getModelName (void) const |
Get the prototype model name. | |
int4 | getModelExtraPop (void) const |
Get the extrapop of the prototype model. | |
bool | isInputLocked (void) const |
Are input data-types locked. | |
bool | isOutputLocked (void) const |
Is the output data-type locked. | |
bool | isModelLocked (void) const |
Is the prototype model for this locked. | |
bool | isUnknownModel (void) const |
Is prototype model officially "unknown". | |
bool | hasCustomStorage (void) const |
Is this a "custom" function prototype. | |
void | setInputLock (bool val) |
Toggle the data-type lock on input parameters. More... | |
void | setOutputLock (bool val) |
Toggle the data-type lock on the return value. More... | |
void | setModelLock (bool val) |
Toggle the lock on the prototype model for this. More... | |
bool | isInline (void) const |
Does this function get in-lined during decompilation. | |
void | setInline (bool val) |
Toggle the in-line setting for functions with this prototype. More... | |
int4 | getInjectId (void) const |
Get the injection id associated with this. More... | |
int4 | getReturnBytesConsumed (void) const |
Get an estimate of the number of bytes consumed by callers of this prototype. More... | |
bool | setReturnBytesConsumed (int4 val) |
Set the number of bytes consumed by callers of this. More... | |
bool | isNoReturn (void) const |
Does a function with this prototype never return. | |
void | setNoReturn (bool val) |
Toggle the no-return setting for functions with this prototype. More... | |
bool | hasThisPointer (void) const |
Is this a prototype for a class method, taking a this pointer. | |
void | setThisPointer (bool val) |
Toggle the this-call setting for this prototype. More... | |
bool | isConstructor (void) const |
Is this prototype for a class constructor method. | |
void | setConstructor (bool val) |
Toggle whether this prototype is a constructor method. More... | |
bool | isDestructor (void) const |
Is this prototype for a class destructor method. | |
void | setDestructor (bool val) |
Toggle whether this prototype is a destructor method. More... | |
bool | hasInputErrors (void) const |
Has this prototype been marked as having an incorrect input parameter descriptions. | |
bool | hasOutputErrors (void) const |
Has this prototype been marked as having an incorrect return value description. | |
void | setInputErrors (bool val) |
Toggle the input error setting for this prototype. More... | |
void | setOutputErrors (bool val) |
Toggle the output error setting for this prototype. More... | |
int4 | getExtraPop (void) const |
Get the general extrapop setting for this prototype. | |
void | setExtraPop (int4 ep) |
Set the general extrapop for this prototype. | |
int4 | getInjectUponEntry (void) const |
Get any upon-entry injection id (or -1) | |
int4 | getInjectUponReturn (void) const |
Get any upon-return injection id (or -1) | |
void | resolveExtraPop (void) |
Assuming this prototype is locked, calculate the extrapop. More... | |
void | clearUnlockedInput (void) |
Clear input parameters that have not been locked. | |
void | clearUnlockedOutput (void) |
Clear the return value if it has not been locked. | |
void | clearInput (void) |
Clear all input parameters regardless of lock. | |
void | cancelInjectId (void) |
Turn-off any in-lining for this function. | |
void | resolveModel (ParamActive *active) |
If this has a merged model, pick the most likely model (from the merged set) More... | |
void | deriveInputMap (ParamActive *active) const |
Given a list of input trials, derive the most likely inputs for this prototype. More... | |
void | deriveOutputMap (ParamActive *active) const |
Given a list of output trials, derive the most likely return value for this prototype. More... | |
bool | checkInputJoin (const Address &hiaddr, int4 hisz, const Address &loaddr, int4 losz) const |
Check if the given two input storage locations can represent a single logical parameter. More... | |
bool | checkInputSplit (const Address &loc, int4 size, int4 splitpoint) const |
Check if it makes sense to split a single storage location into two input parameters. More... | |
void | updateInputTypes (const vector< Varnode *> &triallist, ParamActive *activeinput) |
Update input parameters based on Varnode trials. More... | |
void | updateInputNoTypes (const vector< Varnode *> &triallist, ParamActive *activeinput, TypeFactory *factory) |
Update input parameters based on Varnode trials, but do not store the data-type. More... | |
void | updateOutputTypes (const vector< Varnode *> &triallist) |
Update the return value based on Varnode trials. More... | |
void | updateOutputNoTypes (const vector< Varnode *> &triallist, TypeFactory *factory) |
Update the return value based on Varnode trials, but don't store the data-type. More... | |
void | updateAllTypes (const vector< string > &namelist, const vector< Datatype *> &typelist, bool dtdtdt) |
Set this entire function prototype based on a list of names and data-types. More... | |
ProtoParameter * | getParam (int4 i) const |
Get the i-th input parameter. | |
void | removeParam (int4 i) |
Remove the i-th input parameter. | |
int4 | numParams (void) const |
Get the number of input parameters. | |
ProtoParameter * | getOutput (void) const |
Get the return value. | |
Datatype * | getOutputType (void) const |
Get the return value data-type. | |
const RangeList & | getLocalRange (void) const |
Get the range of potential local stack variables. | |
const RangeList & | getParamRange (void) const |
Get the range of potential stack parameters. | |
bool | isStackGrowsNegative (void) const |
Return true if the stack grows toward smaller addresses. | |
bool | isDotdotdot (void) const |
Return true if this takes a variable number of arguments. | |
void | setDotdotdot (bool val) |
Toggle whether this takes variable arguments. | |
bool | isOverride (void) const |
Return true if this is a call site override. | |
void | setOverride (bool val) |
Toggle whether this is a call site override. | |
uint4 | hasEffect (const Address &addr, int4 size) const |
Calculate the effect this has an a given storage location. More... | |
vector< EffectRecord >::const_iterator | effectBegin (void) const |
Get iterator to front of EffectRecord list. | |
vector< EffectRecord >::const_iterator | effectEnd (void) const |
Get iterator to end of EffectRecord list. | |
int4 | numLikelyTrash (void) const |
Get the number of likely-trash locations. More... | |
const VarnodeData & | getLikelyTrash (int4 i) const |
Get the i-th likely-trash location. More... | |
int4 | characterizeAsInputParam (const Address &addr, int4 size) const |
Decide whether a given storage location could be, or could hold, an input parameter. More... | |
bool | possibleInputParam (const Address &addr, int4 size) const |
Decide whether a given storage location could be an input parameter. More... | |
bool | possibleOutputParam (const Address &addr, int4 size) const |
Decide whether a given storage location could be a return value. More... | |
int4 | getMaxInputDelay (void) const |
Return the maximum heritage delay across all possible input parameters. More... | |
int4 | getMaxOutputDelay (void) const |
Return the maximum heritage delay across all possible return values. More... | |
bool | unjustifiedInputParam (const Address &addr, int4 size, VarnodeData &res) const |
Check if the given storage location looks like an unjustified input parameter. More... | |
OpCode | assumedInputExtension (const Address &addr, int4 size, VarnodeData &res) const |
Get the type of extension and containing input parameter for the given storage. More... | |
OpCode | assumedOutputExtension (const Address &addr, int4 size, VarnodeData &res) const |
Get the type of extension and containing return value location for the given storage. More... | |
bool | getBiggestContainedInputParam (const Address &loc, int4 size, VarnodeData &res) const |
Pass-back the biggest potential input parameter contained within the given range. More... | |
bool | isCompatible (const FuncProto &op2) const |
Decide if this can be safely restricted to match another prototype. More... | |
AddrSpace * | getSpacebase (void) const |
Get the stack address space. | |
void | printRaw (const string &funcname, ostream &s) const |
Print this prototype as a single line of text. More... | |
uint4 | getComparableFlags (void) const |
Get the comparable properties of this prototype. More... | |
void | saveXml (ostream &s) const |
Save this to an XML stream as a <prototype> tag. More... | |
void | restoreXml (const Element *el, Architecture *glb) |
Restore this from an XML stream. More... | |
Protected Member Functions | |
void | paramShift (int4 paramshift) |
Add parameters to the front of the input parameter list. More... | |
bool | isParamshiftApplied (void) const |
void | setParamshiftApplied (bool val) |
Toggle whether a parameter shift has been applied. | |
A function prototype.
A description of the parameters and return value for a specific function. Parameter descriptions include both source code features like name and data-type but also give the storage location. Storage follows a specific parameter passing convention (ProtoModel), although individual parameters may be customized. The prototype describes numerous properties related to calling the specific function:
|
inline |
Get the type of extension and containing input parameter for the given storage.
If the given storage is properly contained within a normal parameter and the model typically extends a small value into the full container, pass back the full container and the type of extension.
addr | is the starting address of the given storage |
size | is the number of bytes in the given storage |
res | is the parameter storage to pass back |
|
inline |
Get the type of extension and containing return value location for the given storage.
If the given storage is properly contained within a normal return value location and the model typically extends a small value into the full container, pass back the full container and the type of extension.
addr | is the starting address of the given storage |
size | is the number of bytes in the given storage |
res | is the parameter storage to pass back |
int4 FuncProto::characterizeAsInputParam | ( | const Address & | addr, |
int4 | size | ||
) | const |
Decide whether a given storage location could be, or could hold, an input parameter.
If the input is locked, check if the location overlaps one of the current parameters. Otherwise, check if the location overlaps an entry in the prototype model. Return:
addr | is the starting address of the given storage location |
size | is the number of bytes in the storage |
|
inline |
Check if the given two input storage locations can represent a single logical parameter.
For this prototype, do the two (hi/lo) locations represent consecutive input parameter locations that can be replaced by a single logical parameter.
hiaddr | is the address of the most significant part of the value |
hisz | is the size of the most significant part in bytes |
loaddr | is the address of the least significant part of the value |
losz | is the size of the least significant part in bytes |
|
inline |
Check if it makes sense to split a single storage location into two input parameters.
A storage location and split point is provided, implying two new storage locations. Does this prototype allow these locations to be considered separate parameters.
loc | is the starting address of provided storage location |
size | is the size of the location in bytes |
splitpoint | is the number of bytes to consider in the first (in address order) piece |
void FuncProto::copy | ( | const FuncProto & | op2 | ) |
Copy another function prototype.
op2 | is the other function prototype to copy into this |
|
inline |
Given a list of input trials, derive the most likely inputs for this prototype.
Trials are sorted and marked as used or not.
active | is the collection of Varnode input trials |
|
inline |
Given a list of output trials, derive the most likely return value for this prototype.
One trial (at most) is marked used and moved to the front of the list
active | is the collection of output trials |
bool FuncProto::getBiggestContainedInputParam | ( | const Address & | loc, |
int4 | size, | ||
VarnodeData & | res | ||
) | const |
Pass-back the biggest potential input parameter contained within the given range.
Pass-back the biggest input parameter contained within the given range.
loc | is the starting address of the given range |
size | is the number of bytes in the range |
res | will hold the parameter storage description being passed back |
|
inline |
Get the comparable properties of this prototype.
Get properties not including locking, error, and inlining flags.
|
inline |
Get the injection id associated with this.
A non-negative id indicates a call-fixup is used to in-line function's with this prototype.
const VarnodeData & FuncProto::getLikelyTrash | ( | int4 | i | ) | const |
Get the i-th likely-trash location.
i | is the index of the storage location |
|
inline |
Return the maximum heritage delay across all possible input parameters.
Depending on the address space, data-flow for a parameter may not be available until extra transform passes have completed. This method returns the number of passes that must occur before we can guarantee that all parameters have data-flow info.
|
inline |
Return the maximum heritage delay across all possible return values.
Depending on the address space, data-flow for a parameter may not be available until extra transform passes have completed. This method returns the number of passes that must occur before we can guarantee that any return value has data-flow info.
void FuncProto::getPieces | ( | PrototypePieces & | pieces | ) | const |
Get the raw pieces of the prototype.
Copy out the raw pieces of this prototype as stand-alone objects, includings model, names, and data-types
pieces | will hold the raw pieces |
|
inline |
Get an estimate of the number of bytes consumed by callers of this prototype.
A value of 0 means all possible bytes of the storage location are consumed.
uint4 FuncProto::hasEffect | ( | const Address & | addr, |
int4 | size | ||
) | const |
Calculate the effect this has an a given storage location.
For a storage location that is active before and after a call to a function with this prototype, we determine the type of side-effect the function will have on the storage.
addr | is the starting address of the storage location |
size | is the number of bytes in the storage |
bool FuncProto::isCompatible | ( | const FuncProto & | op2 | ) | const |
Decide if this can be safely restricted to match another prototype.
Do this and another given function prototype share enough of their model, that if we restrict this to the other prototype, we know we won't miss data-flow.
op2 | is the other restricting prototype |
|
inlineprotected |
Has a parameter shift been applied
int4 FuncProto::numLikelyTrash | ( | void | ) | const |
Get the number of likely-trash locations.
|
protected |
Add parameters to the front of the input parameter list.
Prepend the indicated number of input parameters to this. The new parameters have a data-type of xunknown4. If they were originally locked, the existing parameters are preserved.
paramshift | is the number of parameters to add (must be >0) |
bool FuncProto::possibleInputParam | ( | const Address & | addr, |
int4 | size | ||
) | const |
Decide whether a given storage location could be an input parameter.
If the input is locked, check if the location matches one of the current parameters. Otherwise, check if the location could be a parameter based on the prototype model.
addr | is the starting address of the given storage location |
size | is the number of bytes in the storage |
bool FuncProto::possibleOutputParam | ( | const Address & | addr, |
int4 | size | ||
) | const |
Decide whether a given storage location could be a return value.
If the output is locked, check if the location matches the current return value. Otherwise, check if the location could be a return value based on the prototype model.
addr | is the starting address of the given storage location |
size | is the number of bytes in the storage |
void FuncProto::printRaw | ( | const string & | funcname, |
ostream & | s | ||
) | const |
Print this prototype as a single line of text.
funcname | is an identifier of the function using this prototype |
s | is the output stream |
void FuncProto::resolveExtraPop | ( | void | ) |
Assuming this prototype is locked, calculate the extrapop.
If extrapop is unknown and this prototype is locked, try to directly calculate what the extrapop should be. This is really only designed to work with 32-bit x86 binaries.
void FuncProto::resolveModel | ( | ParamActive * | active | ) |
If this has a merged model, pick the most likely model (from the merged set)
The given parameter trials are used to pick from among the merged ProtoModels and this prototype is changed (specialized) to the pick
active | is the set of parameter trials to evaluate with |
void FuncProto::restoreXml | ( | const Element * | el, |
Architecture * | glb | ||
) |
Restore this from an XML stream.
The backing store for the parameters must already be established using either setStore() or setInternal().
el | is the <prototype> XML element |
glb | is the Architecture owning the prototype |
void FuncProto::saveXml | ( | ostream & | s | ) | const |
Save this to an XML stream as a <prototype> tag.
Save everything under the control of this prototype, which may not include input parameters, as these are typically controlled by the function's symbol table scope.
s | is the output stream |
|
inline |
Toggle whether this prototype is a constructor method.
val | is true if this is a constructor, false otherwise |
|
inline |
Toggle whether this prototype is a destructor method.
val | is true if this is a destructor |
|
inline |
Toggle the in-line setting for functions with this prototype.
In-lining can be based on a call-fixup, or the full body of the function can be in-lined.
val | is true if in-lining should be performed. |
|
inline |
Toggle the input error setting for this prototype.
val | is true if input parameters should be marked as in error |
void FuncProto::setInputLock | ( | bool | val | ) |
Toggle the data-type lock on input parameters.
The lock on the data-type of input parameters is set as specified. A true value indicates that future analysis will not change the number of input parameters or their data-type. Zero parameters or void can be locked.
val | is true to indicate a lock, false for unlocked |
void FuncProto::setInternal | ( | ProtoModel * | m, |
Datatype * | vt | ||
) |
Set internal backing storage for this.
A prototype model is set, and any parameters added to this during analysis will be backed internally.
m | is the prototype model to set |
vt | is the default void data-type to use if the return-value remains unassigned |
void FuncProto::setModel | ( | ProtoModel * | m | ) |
Set the prototype model for this.
Establish a specific prototype model for this function prototype. Some basic properties are inherited from the model, otherwise parameters are unchanged.
m | is the new prototype model to set |
|
inline |
Toggle the lock on the prototype model for this.
The prototype model can be locked while still leaving parameters unlocked. Parameter recovery will follow the rules of the locked model.
val | is true to indicate a lock, false for unlocked |
|
inline |
Toggle the no-return setting for functions with this prototype.
val | is true to treat the function as never returning |
|
inline |
Toggle the output error setting for this prototype.
val | is true if return value should be marked as in error |
void FuncProto::setOutputLock | ( | bool | val | ) |
Toggle the data-type lock on the return value.
The lock of the data-type of the return value is set as specified. A true value indicates that future analysis will not change the presence of or the data-type of the return value. A void return value can be locked.
val | is true to indicate a lock, false for unlocked |
void FuncProto::setPieces | ( | const PrototypePieces & | pieces | ) |
Set this prototype based on raw pieces.
The full function prototype is (re)set from a model, names, and data-types The new input and output parameters are both assumed to be locked.
pieces | is the raw collection of names and data-types |
bool FuncProto::setReturnBytesConsumed | ( | int4 | val | ) |
Set the number of bytes consumed by callers of this.
This value can be used as a hint as to how much of the return value is important and is used to inform the dead code consume algorithm.
val | is the estimated number of bytes or 0 |
Set a backing symbol Scope for this.
Input parameters are set based on an existing function Scope and if there is no prototype model the default model is set. Parameters that are added to this during analysis will automatically be reflected in the symbol table. This should only be called during initialization of this prototype.
s | is the Scope to set |
startpoint | is a usepoint to associate with the parameters |
|
inline |
Toggle the this-call setting for this prototype.
val | is true if this prototype uses a this pointer |
bool FuncProto::unjustifiedInputParam | ( | const Address & | addr, |
int4 | size, | ||
VarnodeData & | res | ||
) | const |
Check if the given storage location looks like an unjustified input parameter.
The storage for a value may be contained in a normal parameter location but be unjustified within that container, i.e. the least significant bytes are not being used. If this is the case, pass back the full parameter location and return true. If the input is locked, checking is againt the set parameters, otherwise the check is against the prototype model.
addr | is the starting address of the given storage |
size | is the number of bytes in the given storage |
res | is the full parameter storage to pass back |
void FuncProto::updateAllTypes | ( | const vector< string > & | namelist, |
const vector< Datatype *> & | typelist, | ||
bool | dtdtdt | ||
) |
Set this entire function prototype based on a list of names and data-types.
Prototype information is provided as separate lists of names and data-types, where the first entry corresponds to the output parameter (return value) and the remaining entries correspond to input parameters. Storage locations and hidden return parameters are calculated, creating a complete function protototype. Existing locks are overridden.
namelist | is the list of parameter names |
typelist | is the list of data-types |
dtdtdt | is true if the new prototype accepts variable argument lists |
void FuncProto::updateInputNoTypes | ( | const vector< Varnode *> & | triallist, |
ParamActive * | activeinput, | ||
TypeFactory * | factory | ||
) |
Update input parameters based on Varnode trials, but do not store the data-type.
This is accomplished in the same way as if there were data-types but instead of pulling a data-type from the Varnode, only the size is used. Undefined data-types are pulled from the given TypeFactory
triallist | is the list of Varnodes |
activeinput | is the trial container |
factory | is the given TypeFactory |
void FuncProto::updateInputTypes | ( | const vector< Varnode *> & | triallist, |
ParamActive * | activeinput | ||
) |
Update input parameters based on Varnode trials.
If the input parameters are locked, don't do anything. Otherwise, given a list of Varnodes and their associated trial information, create an input parameter for each trial in order, grabbing data-type information from the Varnode. Any old input parameters are cleared.
triallist | is the list of Varnodes |
activeinput | is the trial container |
void FuncProto::updateOutputNoTypes | ( | const vector< Varnode *> & | triallist, |
TypeFactory * | factory | ||
) |
Update the return value based on Varnode trials, but don't store the data-type.
If the output parameter is locked, don't do anything. Otherwise, given a list of (at most 1) Varnode, create a return value, grabbing size information from the Varnode. An undefined data-type is created from the given TypeFactory. Any old return value is removed.
triallist | is the list of Varnodes |
factory | is the given TypeFactory |
void FuncProto::updateOutputTypes | ( | const vector< Varnode *> & | triallist | ) |