My Project
Public Types | Public Member Functions | Static Public Member Functions | Friends | List of all members
ProtoModel Class Reference

A prototype model: a model for passing parameters between functions. More...

#include <fspec.hh>

Inheritance diagram for ProtoModel:
Inheritance graph
[legend]

Public Types

enum  { extrapop_unknown = 0x8000 }
 

Public Member Functions

 ProtoModel (Architecture *g)
 Constructor for use with restoreXml() More...
 
 ProtoModel (const string &nm, const ProtoModel &op2)
 Copy constructor changing the name. More...
 
virtual ~ProtoModel (void)
 Destructor.
 
const string & getName (void) const
 Get the name of the prototype model.
 
ArchitecturegetArch (void) const
 Get the owning Architecture.
 
uint4 hasEffect (const Address &addr, int4 size) const
 Determine side-effect of this on the given memory range. More...
 
int4 getExtraPop (void) const
 Get the stack-pointer extrapop for this model.
 
void setExtraPop (int4 ep)
 Set the stack-pointer extrapop.
 
int4 getInjectUponEntry (void) const
 Get the inject uponentry id.
 
int4 getInjectUponReturn (void) const
 Get the inject uponreturn id.
 
void deriveInputMap (ParamActive *active) const
 Given a list of input trials, derive the most likely input prototype. More...
 
void deriveOutputMap (ParamActive *active) const
 Given a list of output trials, derive the most likely output prototype. More...
 
void assignParameterStorage (const vector< Datatype *> &typelist, vector< ParameterPieces > &res, bool ignoreOutputError)
 Calculate input and output storage locations given a function prototype. More...
 
bool checkInputJoin (const Address &hiaddr, int4 hisize, const Address &loaddr, int4 losize) const
 Check if the given two input storage locations can represent a single logical parameter. More...
 
bool checkOutputJoin (const Address &hiaddr, int4 hisize, const Address &loaddr, int4 losize) const
 Check if the given two output storage locations can represent a single logical return value. More...
 
bool checkInputSplit (const Address &loc, int4 size, int4 splitpoint) const
 Check if it makes sense to split a single storage location into two input parameters. More...
 
const RangeListgetLocalRange (void) const
 Get the range of (possible) local stack variables.
 
const RangeListgetParamRange (void) const
 Get the range of (possible) stack parameters.
 
vector< EffectRecord >::const_iterator effectBegin (void) const
 Get an iterator to the first EffectRecord.
 
vector< EffectRecord >::const_iterator effectEnd (void) const
 Get an iterator to the last EffectRecord.
 
int4 numLikelyTrash (void) const
 Get the number of likelytrash locations.
 
const VarnodeDatagetLikelyTrash (int4 i) const
 Get the i-th likelytrashh location.
 
int4 characterizeAsInputParam (const Address &loc, int4 size) const
 Characterize whether the given range overlaps parameter storage. More...
 
bool possibleInputParam (const Address &loc, int4 size) const
 Does the given storage location make sense as an input parameter. More...
 
bool possibleOutputParam (const Address &loc, int4 size) const
 Does the given storage location make sense as a return value. More...
 
bool possibleInputParamWithSlot (const Address &loc, int4 size, int4 &slot, int4 &slotsize) const
 Pass-back the slot and slot size for the given storage location as an input parameter. More...
 
bool possibleOutputParamWithSlot (const Address &loc, int4 size, int4 &slot, int4 &slotsize) const
 Pass-back the slot and slot size for the given storage location as a return value. More...
 
bool unjustifiedInputParam (const Address &loc, int4 size, VarnodeData &res) const
 Check if the given storage location looks like an unjustified input parameter. More...
 
OpCode assumedInputExtension (const Address &addr, int4 size, VarnodeData &res) const
 Get the type of extension and containing input parameter for the given storage. More...
 
OpCode assumedOutputExtension (const Address &addr, int4 size, VarnodeData &res) const
 Get the type of extension and containing return value location for the given storage. More...
 
bool getBiggestContainedInputParam (const Address &loc, int4 size, VarnodeData &res) const
 Pass-back the biggest input parameter contained within the given range. More...
 
AddrSpacegetSpacebase (void) const
 Get the stack space associated with this model.
 
bool isStackGrowsNegative (void) const
 Return true if the stack grows toward smaller addresses.
 
bool hasThisPointer (void) const
 Is this a model for (non-static) class methods.
 
bool isConstructor (void) const
 Is this model for class constructors.
 
int4 getMaxInputDelay (void) const
 Return the maximum heritage delay across all possible input parameters. More...
 
int4 getMaxOutputDelay (void) const
 Return the maximum heritage delay across all possible return values. More...
 
virtual bool isMerged (void) const
 Is this a merged prototype model.
 
virtual void restoreXml (const Element *el)
 Restore this model from an XML stream. More...
 

Static Public Member Functions

static uint4 lookupEffect (const vector< EffectRecord > &efflist, const Address &addr, int4 size)
 Look up an effect from the given EffectRecord list. More...
 

Friends

class ProtoModelMerged
 

Detailed Description

A prototype model: a model for passing parameters between functions.

This encompasses both input parameters and return values. It attempts to describe the ABI, Application Binary Interface, of the processor or compiler. Any number of function prototypes (FuncProto) can be implemented under a prototype model, which represents a static rule set the compiler uses to decide:

Major analysis concerns are:

A prototype model supports the concept of extrapop, which is defined as the change in value of the stack pointer (or the number of bytes popped from the stack) across a call. This value is calculated starting from the point of the p-code CALL or CALLIND op, when the stack parameters have already been pushed by the calling function. So extrapop only reflects changes made by the callee.

Member Enumeration Documentation

◆ anonymous enum

anonymous enum
Enumerator
extrapop_unknown 

Reserved extrapop value meaning the function's extrapop is unknown.

Constructor & Destructor Documentation

◆ ProtoModel() [1/2]

ProtoModel::ProtoModel ( Architecture g)

Constructor for use with restoreXml()

Parameters
gis the Architecture that will own the new prototype model

◆ ProtoModel() [2/2]

ProtoModel::ProtoModel ( const string &  nm,
const ProtoModel op2 
)

Copy constructor changing the name.

Everything is copied from the given prototype model except the name

Parameters
nmis the new name for this copy
op2is the prototype model to copy

Member Function Documentation

◆ assignParameterStorage()

void ProtoModel::assignParameterStorage ( const vector< Datatype *> &  typelist,
vector< ParameterPieces > &  res,
bool  ignoreOutputError 
)

Calculate input and output storage locations given a function prototype.

The data-types of the function prototype are passed in as an ordered list, with the first data-type corresponding to the return value and all remaining data-types corresponding to the input parameters. Based on this model, a storage location is selected for each (input and output) parameter and passed back to the caller. The passed back storage locations are ordered similarly, with the output storage as the first entry. The model has the option of inserting a hidden return value pointer in the input storage locations.

A void return type is indicated by the formal TYPE_VOID in the (either) list. If the model can't map the specific output prototype, the caller has the option of whether an exception (ParamUnassignedError) is thrown. If they choose not to throw, the unmapped return value is assumed to be void.

Parameters
typelistis the list of data-types from the function prototype
reswill hold the storage locations for each parameter
ignoreOutputErroris true if problems assigning the output parameter are ignored

◆ assumedInputExtension()

OpCode ProtoModel::assumedInputExtension ( const Address addr,
int4  size,
VarnodeData res 
) const
inline

Get the type of extension and containing input parameter for the given storage.

If the given storage is properly contained within a normal parameter and the model typically extends a small value into the full container, pass back the full container and the type of extension.

Parameters
addris the starting address of the given storage
sizeis the number of bytes in the given storage
resis the parameter storage to pass back
Returns
the extension operator (INT_ZEXT INT_SEXT) or INT_COPY if there is no extension. INT_PIECE indicates the extension is determined by the specific prototype.

◆ assumedOutputExtension()

OpCode ProtoModel::assumedOutputExtension ( const Address addr,
int4  size,
VarnodeData res 
) const
inline

Get the type of extension and containing return value location for the given storage.

If the given storage is properly contained within a normal return value location and the model typically extends a small value into the full container, pass back the full container and the type of extension.

Parameters
addris the starting address of the given storage
sizeis the number of bytes in the given storage
resis the parameter storage to pass back
Returns
the extension operator (INT_ZEXT INT_SEXT) or INT_COPY if there is no extension. INT_PIECE indicates the extension is determined by the specific prototype.

◆ characterizeAsInputParam()

int4 ProtoModel::characterizeAsInputParam ( const Address loc,
int4  size 
) const
inline

Characterize whether the given range overlaps parameter storage.

Does the range naturally fit inside a potential parameter entry from this model or does it contain a parameter entry. Return one of three values indicating this characterization:

  • 0 means there is no intersection between the range and any ParamEntry
  • 1 means that at least one ParamEntry contains the range in a properly justified manner
  • 2 means no ParamEntry contains the range, but the range contains at least one ParamEntry
    Parameters
    locis the starting address of the given range
    sizeis the number of bytes in the given range
    Returns
    the characterization code

◆ checkInputJoin()

bool ProtoModel::checkInputJoin ( const Address hiaddr,
int4  hisize,
const Address loaddr,
int4  losize 
) const
inline

Check if the given two input storage locations can represent a single logical parameter.

Within the conventions of this model, do the two (hi/lo) locations represent consecutive input parameter locations that can be replaced by a single logical parameter.

Parameters
hiaddris the address of the most significant part of the value
hisizeis the size of the most significant part in bytes
loaddris the address of the least significant part of the value
losizeis the size of the least significant part in bytes
Returns
true if the two pieces can be joined

◆ checkInputSplit()

bool ProtoModel::checkInputSplit ( const Address loc,
int4  size,
int4  splitpoint 
) const
inline

Check if it makes sense to split a single storage location into two input parameters.

A storage location and split point is provided, implying two new storage locations. Does this model allow these locations to be considered separate parameters.

Parameters
locis the starting address of provided storage location
sizeis the size of the location in bytes
splitpointis the number of bytes to consider in the first (in address order) piece
Returns
true if the storage location can be split

◆ checkOutputJoin()

bool ProtoModel::checkOutputJoin ( const Address hiaddr,
int4  hisize,
const Address loaddr,
int4  losize 
) const
inline

Check if the given two output storage locations can represent a single logical return value.

Within the conventions of this model, do the two (hi/lo) locations represent consecutive locations that can be replaced by a single logical return value.

Parameters
hiaddris the address of the most significant part of the value
hisizeis the size of the most significant part in bytes
loaddris the address of the least significant part of the value
losizeis the size of the least significant part in bytes
Returns
true if the two pieces can be joined

◆ deriveInputMap()

void ProtoModel::deriveInputMap ( ParamActive active) const
inline

Given a list of input trials, derive the most likely input prototype.

Trials are sorted and marked as used or not.

Parameters
activeis the collection of Varnode input trials

◆ deriveOutputMap()

void ProtoModel::deriveOutputMap ( ParamActive active) const
inline

Given a list of output trials, derive the most likely output prototype.

One trial (at most) is marked used and moved to the front of the list

Parameters
activeis the collection of output trials

◆ getBiggestContainedInputParam()

bool ProtoModel::getBiggestContainedInputParam ( const Address loc,
int4  size,
VarnodeData res 
) const
inline

Pass-back the biggest input parameter contained within the given range.

Parameters
locis the starting address of the given range
sizeis the number of bytes in the range
reswill hold the parameter storage description being passed back
Returns
true if there is at least one parameter contained in the range

◆ getMaxInputDelay()

int4 ProtoModel::getMaxInputDelay ( void  ) const
inline

Return the maximum heritage delay across all possible input parameters.

Depending on the address space, data-flow for a parameter may not be available until extra transform passes have completed. This method returns the number of passes that must occur before we can guarantee that all parameters have data-flow info.

Returns
the maximum number of passes across all input parameters in this model

◆ getMaxOutputDelay()

int4 ProtoModel::getMaxOutputDelay ( void  ) const
inline

Return the maximum heritage delay across all possible return values.

Depending on the address space, data-flow for a parameter may not be available until extra transform passes have completed. This method returns the number of passes that must occur before we can guarantee that any return value has data-flow info.

Returns
the maximum number of passes across all output parameters in this model

◆ hasEffect()

uint4 ProtoModel::hasEffect ( const Address addr,
int4  size 
) const

Determine side-effect of this on the given memory range.

The model is searched for an EffectRecord matching the given range and the effect type is returned. If there is no EffectRecord or the effect generally isn't known, EffectRecord::unknown_effect is returned.

Parameters
addris the starting address of the given memory range
sizeis the number of bytes in the given range
Returns
the EffectRecord type

◆ lookupEffect()

uint4 ProtoModel::lookupEffect ( const vector< EffectRecord > &  efflist,
const Address addr,
int4  size 
)
static

Look up an effect from the given EffectRecord list.

If a given memory range matches an EffectRecord, return the effect type. Otherwise return EffectRecord::unknown_effect

Parameters
efflistis the list of EffectRecords which must be sorted
addris the starting address of the given memory range
sizeis the number of bytes in the memory range
Returns
the EffectRecord type

◆ possibleInputParam()

bool ProtoModel::possibleInputParam ( const Address loc,
int4  size 
) const
inline

Does the given storage location make sense as an input parameter.

Within this model, decide if the storage location can be considered an input parameter.

Parameters
locis the starting address of the storage location
sizeis the number of bytes in the storage location
Returns
true if the location can be a parameter

◆ possibleInputParamWithSlot()

bool ProtoModel::possibleInputParamWithSlot ( const Address loc,
int4  size,
int4 &  slot,
int4 &  slotsize 
) const
inline

Pass-back the slot and slot size for the given storage location as an input parameter.

This checks if the given storage location acts as an input parameter in this model and passes back the number of slots that it occupies.

Parameters
locis the starting address of the storage location
sizeis the number of bytes in the storage location
slotif the slot number to pass back
slotsizeis the number of consumed slots to pass back
Returns
true if the location can be a parameter

◆ possibleOutputParam()

bool ProtoModel::possibleOutputParam ( const Address loc,
int4  size 
) const
inline

Does the given storage location make sense as a return value.

Within this model, decide if the storage location can be considered an output parameter.

Parameters
locis the starting address of the storage location
sizeis the number of bytes in the storage location
Returns
true if the location can be a parameter

◆ possibleOutputParamWithSlot()

bool ProtoModel::possibleOutputParamWithSlot ( const Address loc,
int4  size,
int4 &  slot,
int4 &  slotsize 
) const
inline

Pass-back the slot and slot size for the given storage location as a return value.

This checks if the given storage location acts as an output parameter in this model and passes back the number of slots that it occupies.

Parameters
locis the starting address of the storage location
sizeis the number of bytes in the storage location
slotif the slot number to pass back
slotsizeis the number of consumed slots to pass back
Returns
true if the location can be a parameter

◆ restoreXml()

void ProtoModel::restoreXml ( const Element el)
virtual

Restore this model from an XML stream.

Read in details about this model from a <prototype> tag

Parameters
elis the <prototype> element

Reimplemented in ProtoModelMerged.

◆ unjustifiedInputParam()

bool ProtoModel::unjustifiedInputParam ( const Address loc,
int4  size,
VarnodeData res 
) const
inline

Check if the given storage location looks like an unjustified input parameter.

The storage for a value may be contained in a normal parameter location but be unjustified within that container, i.e. the least significant bytes are not being used. If this is the case, pass back the full parameter location and return true.

Parameters
locis the starting address of the given storage
sizeis the number of bytes in the given storage
resis the full parameter storage to pass back
Returns
true if the given storage is unjustified within its parameter container

The documentation for this class was generated from the following files: