|
My Project
|
Class for shrinking big Varnodes carrying smaller logical values. More...
#include <subflow.hh>
Public Member Functions | |
| SubvariableFlow (Funcdata *f, Varnode *root, uintb mask, bool aggr, bool sext, bool big) | |
| Constructor. More... | |
| bool | doTrace (void) |
| Trace logical value through data-flow, constructing transform. More... | |
| void | doReplacement (void) |
| Perform the discovered transform, making logical values explicit. | |
Class for shrinking big Varnodes carrying smaller logical values.
Given a root within the syntax tree and dimensions of a logical variable, this class traces the flow of this logical variable through its containing Varnodes. It then creates a subgraph of this flow, where there is a correspondence between nodes in the subgraph and nodes in the original graph containing the logical variable. When doReplacement is called, this subgraph is duplicated as a new separate piece within the syntax tree. Ops are replaced to reflect the manipulation of of the logical variable, rather than the containing variable. Operations in the original graph which pluck out the logical variable from the containing variable, are replaced with copies from the corresponding node in the new section of the graph, which frequently causes the operations on the original container Varnodes to becomes dead code.
| SubvariableFlow::SubvariableFlow | ( | Funcdata * | f, |
| Varnode * | root, | ||
| uintb | mask, | ||
| bool | aggr, | ||
| bool | sext, | ||
| bool | big | ||
| ) |
| f | is the function to attempt the subvariable transform on |
| root | is a starting Varnode containing a smaller logical value |
| mask | is a mask where 1 bits indicate the position of the logical value within the root Varnode |
| aggr | is true if we should use aggressive (less restrictive) tests during the trace |
| sext | is true if we should assume sign extensions from the logical value into its container |
| big | is true if we look for subvariable flow for big (8-byte) logical values |
| bool SubvariableFlow::doTrace | ( | void | ) |
Trace logical value through data-flow, constructing transform.
Push the logical value around, setting up explicit transforms as we go that convert them into explicit Varnodes. If at any point, we cannot naturally interpret the flow of the logical value, return false.
1.8.13