yetangitu/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2025-10-04 18:29:37 +02:00
Code Issues Releases Wiki Activity
ghidra/Ghidra/Features/Decompiler/src/decompile/cpp/rangeutil.cc

2605 lines
76 KiB
C++
Raw Blame History

/* ###
* IP: GHIDRA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "rangeutil.hh"
#include "block.hh"
namespace ghidra {
const char CircleRange::arrange[] = "gcgbegdagggggggeggggcgbggggggggcdfgggggggegdggggbgggfggggcgbegda";
/// All the instantiations where left == right represent the same set. We
/// normalize the representation so we can compare sets easily.
void CircleRange::normalize(void)
{
if (left == right) {
if (step != 1)
left = left % step;
else
left = 0;
right = left;
}
}
/// This method \b only works if \b step is 1
void CircleRange::complement(void)
{
if (isempty) {
left=0;
right=0;
isempty = false;
return;
}
if (left==right) {
isempty = true;
return;
}
uintb tmp = left;
left = right;
right = tmp;
}
/// If the original range contained
/// - 0 and 1 => the new range is [0,2)
/// - 0 only => the new range is [0,1)
/// - 1 only => the new range is [1,2)
/// - neither 0 or 1 => the new range is empty
///
/// \return \b true if the range contains both 0 and 1
bool CircleRange::convertToBoolean(void)
{
if (isempty) return false;
bool contains_zero = contains(0);
bool contains_one = contains(1);
mask = 0xff;
step = 1;
if (contains_zero && contains_one) {
left = 0;
right = 2;
isempty = false;
return true;
}
else if (contains_zero) {
left = 0;
right = 1;
isempty = false;
}
else if (contains_one) {
left = 1;
right = 2;
isempty = false;
}
else
isempty = true;
return false;
}
/// \brief Recalculate range based on new stride
///
/// Restrict a left/right specified range to a new stride, given the step and
/// remainder it needs to match. This assumes the specified range is not empty.
/// \param mask is the domain mask
/// \param step is the new stride
/// \param oldStep is the original step (always smaller)
/// \param rem is the given remainder to match
/// \param myleft is a reference to the left boundary of the specified range
/// \param myright is a reference to the right boundary of the specified range
/// \return \b true if result is empty
bool CircleRange::newStride(uintb mask,int4 step,int4 oldStep,uint4 rem,uintb &myleft,uintb &myright)
{
if (oldStep != 1) {
uint4 oldRem = (uint4)(myleft % oldStep);
if (oldRem != (rem % oldStep))
return true; // Step is completely off
}
bool origOrder = (myleft < myright);
uint4 leftRem = (uint4)(myleft % step);
uint4 rightRem = (uint4)(myright % step);
if (leftRem > rem)
myleft += rem + step - leftRem;
else
myleft += rem - leftRem;
if (rightRem > rem)
myright += rem + step - rightRem;
else
myright += rem - rightRem;
myleft &= mask;
myright &= mask;
bool newOrder = (myleft < myright);
if (origOrder != newOrder)
return true;
return false; // not empty
}
/// \brief Make \b this range fit in a new domain
///
/// Truncate any part of the range outside of the new domain.
/// If the original range is completely outside of the new domain,
/// return \b true (empty). Step information is preserved.
/// \param newMask is the mask for the new domain
/// \param newStep is the step associated with the range
/// \param myleft is a reference to the left edge of the range to fit
/// \param myright is a reference to the right edge of the range to fit
/// \return \b true if the truncated domain is empty
bool CircleRange::newDomain(uintb newMask,int4 newStep,uintb &myleft,uintb &myright)
{
uintb rem;
if (newStep != 1)
rem = myleft % newStep;
else
rem = 0;
if (myleft > newMask) {
if (myright > newMask) { // Both bounds out of range of newMask
if (myleft < myright) return true; // Old range is completely out of bounds of new mask
myleft = rem;
myright = rem; // Old range contained everything in newMask
return false;
}
myleft = rem; // Take everything up to left edge of new range
}
if (myright > newMask) {
myright = rem; // Take everything up to right edge of new range
}
if (myleft == myright) {
myleft = rem; // Normalize the everything
myright = rem;
}
return false; // not empty
}
/// Give specific left/right boundaries and step information.
/// The first element in the set is given left boundary. The sequence
/// then proceeds by the given \e step up to (but not including) the given
/// right boundary. Care should be taken to make sure the remainders of the
/// left and right boundaries modulo the step are equal.
/// \param lft is the left boundary of the range
/// \param rgt is the right boundary of the range
/// \param size is the domain size in bytes (1,2,4,8,..)
/// \param stp is the desired step (1,2,4,8,..)
CircleRange::CircleRange(uintb lft,uintb rgt,int4 size,int4 stp)
{
mask = calc_mask(size);
step = stp;
left = lft;
right = rgt;
isempty = false;
}
/// The range contains only a single integer, 0 or 1, depending on the boolean parameter.
/// \param val is the boolean parameter
CircleRange::CircleRange(bool val)
{
mask = 0xff;
step = 1;
left = val ? 1: 0;
right = val + 1;
isempty = false;
}
/// A size specifies the number of bytes (*8 to get number of bits) in the mask.
/// The stride is assumed to be 1.
/// \param val is is the single value
/// \param size is the size of the mask in bytes
CircleRange::CircleRange(uintb val,int4 size)
{
mask = calc_mask(size);
step = 1;
left = val;
right = (left+1)&mask;
isempty = false;
}
/// \param lft is the left boundary of the range
/// \param rgt is the right boundary of the range
/// \param size is the size of the range domain in bytes
/// \param stp is the step/stride of the range
void CircleRange::setRange(uintb lft,uintb rgt,int4 size,int4 stp)
{
mask = calc_mask(size);
left = lft;
right = rgt;
step = stp;
isempty = false;
}
/// A size specifies the number of bytes (*8 to get number of bits) in the mask.
/// The stride is assumed to be 1.
/// \param val is is the single value
/// \param size is the size of the mask in bytes
void CircleRange::setRange(uintb val,int4 size)
{
mask = calc_mask(size);
step = 1;
left = val;
right = (left+1)&mask;
isempty = false;
}
/// Make a range of values that holds everything.
/// \param size is the size (in bytes) of the range
void CircleRange::setFull(int4 size)
{
mask = calc_mask(size);
step = 1;
left = 0;
right = 0;
isempty = false;
}
/// \return the number of integers contained in this range
uintb CircleRange::getSize(void) const
{
if (isempty) return 0;
uintb val;
if (left < right)
val = (right-left) / step;
else {
val = (mask - (left-right) + step) / step;
if (val == 0) { // This is an overflow, when all uintb values are in the range
val = mask; // We lie by one, which shouldn't matter for our jumptable application
if (step > 1) {
val = val / step;
val += 1;
}
}
}
return val;
}
/// In this context, the information content of a value is the index (+1) of the
/// most significant non-zero bit (of the absolute value). This routine returns
/// the maximum information across all values in the range.
/// \return the maximum information
int4 CircleRange::getMaxInfo(void) const
{
uintb halfPoint = mask ^ (mask >> 1);
if (contains(halfPoint))
return 8*sizeof(uintb) - count_leading_zeros(halfPoint);
int4 sizeLeft,sizeRight;
if ((halfPoint & left) == 0)
sizeLeft = count_leading_zeros(left);
else
sizeLeft = count_leading_zeros(~left & mask);
if ((halfPoint & right) == 0)
sizeRight = count_leading_zeros(right);
else
sizeRight = count_leading_zeros(~right & mask);
int4 size1 = 8*sizeof(uintb) - (sizeRight < sizeLeft ? sizeRight : sizeLeft);
return size1;
}
/// \param op2 is the specific range to test for containment.
/// \return \b true if \b this contains the interval \b op2
bool CircleRange::contains(const CircleRange &op2) const
{
if (isempty)
return op2.isempty;
if (op2.isempty)
return true;
if (step > op2.step) {
// This must have a smaller or equal step to op2 or containment is impossible
// except in the corner case where op2 consists of a single element (its step is meaningless)
if (!op2.isSingle())
return false;
}
if (left == right) return true;
if (op2.left == op2.right) return false;
if (left % step != op2.left % step) return false; // Wrong phase
if (left == op2.left && right == op2.right) return true;
char overlapCode = encodeRangeOverlaps(left, right, op2.left, op2.right);
if (overlapCode == 'c')
return true;
if (overlapCode == 'b' && (right == op2.right))
return true;
return false;
// Missing one case where op2.step > this->step, and the boundaries don't show containment,
// but there is containment because the lower step size UP TO right still contains the edge points
}
/// Check if a specific integer is a member of \b this range.
/// \param val is the specific integer
/// \return \b true if it is contained in \b this
bool CircleRange::contains(uintb val) const
{
if (isempty) return false;
if (step != 1) {
if ((left % step)!=(val%step))
return false; // Phase is wrong
}
if (left < right) {
if (val < left) return false;
if (right <= val) return false;
}
else if (right < left) {
if (val<right) return true;
if (val>=left) return true;
return false;
}
return true;
}
/// Set \b this to the union of \b this and \b op2 as a single interval.
/// Return 0 if the result is valid.
/// Return 2 if the union is two pieces.
/// If result is not zero, \b this is not modified.
/// \param op2 is the range to union with
/// \return the result code
int4 CircleRange::circleUnion(const CircleRange &op2)
{
if (op2.isempty) return 0;
if (isempty) {
*this = op2;
return 0;
}
if (mask != op2.mask) return 2; // Cannot do proper union with different domains
uintb aRight = right;
uintb bRight = op2.right;
int4 newStep = step;
if (step < op2.step) {
if (isSingle()) {
newStep = op2.step;
aRight = (left + newStep) & mask;
}
else
return 2;
}
else if (op2.step < step) {
if (op2.isSingle()) {
newStep = step;
bRight = (op2.left + newStep) & mask;
}
else
return 2;
}
uintb rem;
if (newStep != 1) {
rem = left % newStep;
if (rem != (op2.left % newStep))
return 2;
}
else
rem = 0;
if ((left==aRight)||(op2.left==bRight)) {
left = rem;
right = rem;
step = newStep;
return 0;
}
char overlapCode = encodeRangeOverlaps(left, aRight, op2.left, bRight);
switch(overlapCode) {
case 'a': // order (l r op2.l op2.r)
case 'f': // order (op2.l op2.r l r)
if (aRight==op2.left) {
right = bRight;
step = newStep;
return 0;
}
if (left==bRight) {
left = op2.left;
right = aRight;
step = newStep;
return 0;
}
return 2; // 2 pieces;
case 'b': // order (l op2.l r op2.r)
right = bRight;
step = newStep;
return 0;
case 'c': // order (l op2.l op2.r r)
right = aRight;
step = newStep;
return 0;
case 'd': // order (op2.l l r op2.r)
left = op2.left;
right = bRight;
step = newStep;
return 0;
case 'e': // order (op2.l l op2.r r)
left = op2.left;
right = aRight;
step = newStep;
return 0;
case 'g': // either impossible or covers whole circle
left = rem;
right = rem;
step = newStep;
return 0; // entire circle is covered
}
return -1; // Never reach here
}
/// Turn \b this into a range that contains both the original range and
/// the other given range. The resulting range may contain values that were in neither
/// of the original ranges (not a strict union). But the number of added values will be
/// minimal. This method will create a range with step if the input ranges hold single values
/// and the distance between them is a power of 2 and less or equal than a given bound.
/// \param op2 is the other given range to combine with \b this
/// \param maxStep is the step bound that can be induced for a container with two singles
/// \return \b true if the container is everything (full)
bool CircleRange::minimalContainer(const CircleRange &op2,int4 maxStep)
{
if (isSingle() && op2.isSingle()) {
uintb min,max;
if (getMin() < op2.getMin()) {
min = getMin();
max = op2.getMin();
}
else {
min = op2.getMin();
max = getMin();
}
uintb diff = max - min;
if (diff > 0 && diff <= maxStep) {
if (leastsigbit_set(diff) == mostsigbit_set(diff)) {
step = (int4) diff;
left = min;
right = (max + step) & mask;
return false;
}
}
}
uintb aRight = right - step + 1; // Treat original ranges as having step=1
uintb bRight = op2.right - op2.step + 1;
step = 1;
mask |= op2.mask;
uintb vacantSize1,vacantSize2;
char overlapCode = encodeRangeOverlaps(left, aRight, op2.left, bRight);
switch(overlapCode) {
case 'a': // order (l r op2.l op2.r)
vacantSize1 = left + (mask - bRight) + 1;
vacantSize2 = op2.left - aRight;
if (vacantSize1 < vacantSize2) {
left = op2.left;
right = aRight;
}
else {
right = bRight;
}
break;
case 'f': // order (op2.l op2.r l r)
vacantSize1 = op2.left + (mask-aRight) + 1;
vacantSize2 = left - bRight;
if (vacantSize1 < vacantSize2) {
right = bRight;
}
else {
left = op2.left;
right = aRight;
}
break;
case 'b': // order (l op2.l r op2.r)
right = bRight;
break;
case 'c': // order (l op2.l op2.r r)
right = aRight;
break;
case 'd': // order (op2.l l r op2.r)
left = op2.left;
right = bRight;
break;
case 'e': // order (op2.l l op2.r r)
left = op2.left;
right = aRight;
break;
case 'g': // order (l op2.r op2.l r)
left = 0; // Entire circle is covered
right = 0;
break;
}
normalize();
return (left == right);
}
/// Convert range to its complement. The step is automatically converted to 1 first.
/// \return the original step size
int4 CircleRange::invert(void)
{
int4 res = step;
step = 1;
complement();
return res;
}
/// Set \b this to the intersection of \b this and \b op2 as a
/// single interval if possible.
/// Return 0 if the result is valid
/// Return 2 if the intersection is two pieces
/// If result is not zero, \b this is not modified
/// \param op2 is the second range
/// \return the intersection code
int4 CircleRange::intersect(const CircleRange &op2)
{
int4 retval,newStep;
uintb newMask,myleft,myright,op2left,op2right;
if (isempty) return 0; // Intersection with empty is empty
if (op2.isempty) {
isempty = true;
return 0;
}
myleft = left;
myright = right;
op2left = op2.left;
op2right = op2.right;
if (step < op2.step) {
newStep = op2.step;
uint4 rem = (uint4)(op2left % newStep);
if (newStride(mask,newStep,step,rem,myleft,myright)) { // Increase the smaller stride
isempty = true;
return 0;
}
}
else if (op2.step < step) {
newStep = step;
uint4 rem = (uint4)(myleft % newStep);
if (newStride(op2.mask,newStep,op2.step,rem,op2left,op2right)) {
isempty = true;
return 0;
}
}
else
newStep = step;
newMask = mask & op2.mask;
if (mask != newMask) {
if (newDomain(newMask,newStep,myleft,myright)) {
isempty = true;
return 0;
}
}
else if (op2.mask != newMask) {
if (newDomain(newMask,newStep,op2left,op2right)) {
isempty = true;
return 0;
}
}
if (myleft==myright) { // Intersect with this everything
left = op2left;
right = op2right;
retval = 0;
}
else if (op2left == op2right) { // Intersect with op2 everything
left = myleft;
right = myright;
retval = 0;
}
else {
char overlapCode = encodeRangeOverlaps(myleft, myright, op2left, op2right);
switch(overlapCode) {
case 'a': // order (l r op2.l op2.r)
case 'f': // order (op2.l op2.r l r)
isempty = true;
retval = 0; // empty set
break;
case 'b': // order (l op2.l r op2.r)
left = op2left;
right = myright;
if (left==right)
isempty = true;
retval = 0;
break;
case 'c': // order (l op2.l op2.r r)
left = op2left;
right = op2right;
retval = 0;
break;
case 'd': // order (op2.l l r op2.r)
left = myleft;
right = myright;
retval = 0;
break;
case 'e': // order (op2.l l op2.r r)
left = myleft;
right = op2right;
if (left==right)
isempty = true;
retval = 0;
break;
case 'g': // order (l op2.r op2.l r)
if (myleft==op2right) {
left = op2left;
right = myright;
if (left==right)
isempty = true;
retval = 0;
}
else if (op2left==myright) {
left = myleft;
right = op2right;
if (left==right)
isempty = true;
retval = 0;
}
else
retval = 2; // 2 pieces
break;
default:
retval = 2; // Will never reach here
break;
}
}
if (retval != 0) return retval;
mask = newMask;
step = newStep;
return 0;
}
/// Try to create a range given a value that is not necessarily a valid mask.
/// If the mask is valid, range is set to all possible values that whose non-zero
/// bits are contained in the mask. If the mask is invalid, \b this range is not modified.
/// \param nzmask is the putative mask
/// \param size is a maximum size (in bytes) for the mask
/// \return \b true if the mask is valid
bool CircleRange::setNZMask(uintb nzmask,int4 size)
{
int4 trans = bit_transitions(nzmask,size);
if (trans>2) return false; // Too many transitions to form a valid range
bool hasstep = ((nzmask&1)==0);
if ((!hasstep)&&(trans==2)) return false; // Two sections of non-zero bits
isempty = false;
if (trans == 0) {
mask = calc_mask(size);
if (hasstep) { // All zeros
step = 1;
left = 0;
right = 1; // Range containing only zero
}
else { // All ones
step = 1;
left = 0;
right = 0; // Everything
}
return true;
}
int4 shift = leastsigbit_set(nzmask);
step = 1;
step <<= shift;
mask = calc_mask(size);
left = 0;
right = (nzmask + step) & mask;
return true;
}
/// This method changes the step for \b this range, i.e. elements are removed.
/// The boundaries of the range do not change except for the remainder modulo the new step.
/// \param newStep is the new step amount
/// \param rem is the desired phase (remainder of the values modulo the step)
void CircleRange::setStride(int4 newStep,uintb rem)
{
bool iseverything = (!isempty) && (left==right);
if (newStep == step) return;
uintb aRight = right - step;
step = newStep;
if (step == 1) return; // No remainder to fill in
uintb curRem = left % step;
left = (left - curRem) + rem;
curRem = aRight % step;
aRight = (aRight - curRem) + rem;
right = aRight + step;
if ((!iseverything)&&(left == right))
isempty = true;
}
/// \param opc is the OpCode to pull the range back through
/// \param inSize is the storage size in bytes of the resulting input
/// \param outSize is the storage size in bytes of the range to pull-back
/// \return \b true if a valid range is formed in the pull-back
bool CircleRange::pullBackUnary(OpCode opc,int4 inSize,int4 outSize)
{
uintb val;
// If there is nothing in the output set, no input will map to it
if (isempty) return true;
switch(opc) {
case CPUI_BOOL_NEGATE:
if (convertToBoolean())
break; // Both outputs possible => both inputs possible
left = left ^ 1; // Flip the boolean range
right = left +1;
break;
case CPUI_COPY:
break; // Identity transform on range
case CPUI_INT_2COMP:
val = (~left + 1 + step) & mask;
left = (~right + 1 + step) & mask;
right = val;
break;
case CPUI_INT_NEGATE:
val = (~left + step) & mask;
left = (~right + step) & mask;
right = val;
break;
case CPUI_INT_ZEXT:
{
val = calc_mask(inSize); // (smaller) input mask
uintb rem = left % step;
CircleRange zextrange;
zextrange.left = rem;
zextrange.right = val + 1 + rem; // Biggest possible range of ZEXT
zextrange.mask = mask;
zextrange.step = step; // Keep the same stride
zextrange.isempty = false;
if (0 != intersect(zextrange))
return false;
left &= val;
right &= val;
mask &= val; // Preserve the stride
break;
}
case CPUI_INT_SEXT:
{
val = calc_mask(inSize); // (smaller) input mask
uintb rem = left & step;
CircleRange sextrange;
sextrange.left = val ^ (val >> 1); // High order bit for (small) input space
sextrange.left += rem;
sextrange.right = sign_extend(sextrange.left, inSize, outSize);
sextrange.mask = mask;
sextrange.step = step; // Keep the same stride
sextrange.isempty = false;
if (sextrange.intersect(*this) != 0)
return false;
else {
if (!sextrange.isEmpty())
return false;
else {
left &= val;
right &= val;
mask &= val; // Preserve the stride
}
}
break;
}
default:
return false;
}
return true;
}
/// \param opc is the OpCode to pull the range back through
/// \param val is the constant value of the other input parameter (if present)
/// \param slot is the slot of the input variable whose range gets produced
/// \param inSize is the storage size in bytes of the resulting input
/// \param outSize is the storage size in bytes of the range to pull-back
/// \return \b true if a valid range is formed in the pull-back
bool CircleRange::pullBackBinary(OpCode opc,uintb val,int4 slot,int4 inSize,int4 outSize)
{
bool yescomplement;
bool bothTrueFalse;
// If there is nothing in the output set, no input will map to it
if (isempty) return true;
switch(opc) {
case CPUI_INT_EQUAL:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse)
break; // All possible outs => all possible ins
yescomplement = (left == 0);
left = val;
right = (val + 1) & mask;
if (yescomplement)
complement();
break;
case CPUI_INT_NOTEQUAL:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse) break; // All possible outs => all possible ins
yescomplement = (left==0);
left = (val+1)&mask;
right = val;
if (yescomplement)
complement();
break;
case CPUI_INT_LESS:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse) break; // All possible outs => all possible ins
yescomplement = (left==0);
if (slot==0) {
if (val==0)
isempty = true; // X < 0 is always false
else {
left = 0;
right = val;
}
}
else {
if (val==mask)
isempty = true; // 0xffff < X is always false
else {
left = (val+1)&mask;
right = 0;
}
}
if (yescomplement)
complement();
break;
case CPUI_INT_LESSEQUAL:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse) break; // All possible outs => all possible ins
yescomplement = (left==0);
if (slot==0) {
left = 0;
right = (val+1)&mask;
}
else {
left = val;
right = 0;
}
if (yescomplement)
complement();
break;
case CPUI_INT_SLESS:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse) break; // All possible outs => all possible ins
yescomplement = (left==0);
if (slot==0) {
if (val == (mask>>1)+1)
isempty = true; // X < -infinity, is always false
else {
left = (mask >> 1)+1; // -infinity
right = val;
}
}
else {
if ( val == (mask>>1) )
isempty = true; // infinity < X, is always false
else {
left = (val+1)&mask;
right = (mask >> 1)+1; // -infinity
}
}
if (yescomplement)
complement();
break;
case CPUI_INT_SLESSEQUAL:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse) break; // All possible outs => all possible ins
yescomplement = (left==0);
if (slot==0) {
left = (mask >> 1)+1; // -infinity
right = (val+1)&mask;
}
else {
left = val;
right = (mask >> 1)+1; // -infinity
}
if (yescomplement)
complement();
break;
case CPUI_INT_CARRY:
bothTrueFalse = convertToBoolean();
mask = calc_mask(inSize);
if (bothTrueFalse) break; // All possible outs => all possible ins
yescomplement = (left==0);
if (val==0)
isempty = true; // Nothing carries adding zero
else {
left = ((mask-val)+1)&mask;
right = 0;
}
if (yescomplement)
complement();
break;
case CPUI_INT_ADD:
left = (left-val)&mask;
right = (right-val)&mask;
break;
case CPUI_INT_SUB:
if (slot==0) {
left = (left+val)&mask;
right = (right+val)&mask;
}
else {
left = (val-left)&mask;
right = (val-right)&mask;
}
break;
case CPUI_INT_RIGHT:
{
if (step == 1) {
uintb rightBound = (calc_mask(inSize) >> val) + 1; // The maximal right bound
if (((left >= rightBound) && (right >= rightBound) && (left >= right))
|| ((left == 0) && (right >= rightBound)) || (left == right)) {
// covers everything in range of shift
left = 0; // So domain is everything
right = 0;
}
else {
if (left > rightBound)
left = rightBound;
if (right > rightBound)
right = 0;
left = (left << val) & mask;
right = (right << val) & mask;
if (left == right)
isempty = true;
}
}
else
return false;
break;
}
case CPUI_INT_SRIGHT:
{
if (step == 1) {
uintb rightb = calc_mask(inSize);
uintb leftb = rightb >> (val + 1);
rightb = leftb ^ rightb; // Smallest negative possible
leftb += 1; // Biggest positive (+1) possible
if (((left >= leftb) && (left <= rightb) && (right >= leftb)
&& (right <= rightb) && (left >= right)) || (left == right)) {
// covers everything in range of shift
left = 0; // So domain is everything
right = 0;
}
else {
if ((left > leftb) && (left < rightb))
left = leftb;
if ((right > leftb) && (right < rightb))
right = rightb;
left = (left << val) & mask;
right = (right << val) & mask;
if (left == right)
isempty = true;
}
}
else
return false;
break;
}
default:
return false;
}
return true;
}
/// The pull-back is performed through a given p-code \b op and set \b this
/// to the resulting range (if possible).
/// If there is a single unknown input, and the set of values
/// for this input that cause the output of \b op to fall
/// into \b this form a range, then set \b this to the
/// range (the "pullBack") and return the unknown varnode.
/// Return null otherwise.
///
/// We may know something about the input varnode in the form of its NZMASK, which can further
/// restrict the range we return. If \b usenzmask is true, and NZMASK forms a range, intersect
/// \b this with the result.
///
/// If there is Symbol markup on any constant passed into the op, pass that information back.
/// \param op is the given PcodeOp
/// \param constMarkup is the reference for passing back the constant relevant to the pull-back
/// \param usenzmask specifies whether to use the NZMASK
/// \return the input Varnode or NULL
Varnode *CircleRange::pullBack(PcodeOp *op,Varnode **constMarkup,bool usenzmask)
{
Varnode *res;
if (op->numInput() == 1) {
res = op->getIn(0);
if (res->isConstant()) return (Varnode *)0;
if (!pullBackUnary(op->code(),res->getSize(),op->getOut()->getSize()))
return (Varnode *)0;
}
else if (op->numInput() == 2) {
Varnode *constvn;
uintb val;
// Find non-constant varnode input, and slot
// Make sure second input is constant
int4 slot = 0;
res = op->getIn(slot);
constvn = op->getIn(1 - slot);
if (res->isConstant()) {
slot = 1;
constvn = res;
res = op->getIn(slot);
if (res->isConstant())
return (Varnode *) 0;
}
else if (!constvn->isConstant())
return (Varnode *) 0;
val = constvn->getOffset();
OpCode opc = op->code();
if (!pullBackBinary(opc, val, slot, res->getSize(), op->getOut()->getSize())) {
if (usenzmask && opc == CPUI_SUBPIECE && val == 0) {
// If everything we are truncating is known to be zero, we may still have a range
int4 msbset = mostsigbit_set(res->getNZMask());
msbset = (msbset + 8) / 8;
if (op->getOut()->getSize() < msbset) // Some bytes we are chopping off might not be zero
return (Varnode *) 0;
else {
mask = calc_mask(res->getSize()); // Keep the range but make the mask bigger
// If the range wraps (left>right) then, increasing the mask adds all the new space into
// the range, and it would be an inaccurate pullback by itself, but with the nzmask intersection
// all the new space will get intersected away again.
}
}
else
return (Varnode *) 0;
}
if (constvn->getSymbolEntry() != (SymbolEntry *) 0)
*constMarkup = constvn;
}
else // Neither unary or binary
return (Varnode *)0;
if (usenzmask) {
CircleRange nzrange;
if (!nzrange.setNZMask(res->getNZMask(),res->getSize()))
return res;
intersect(nzrange);
// If the intersect does not succeed (i.e. produces 2 pieces) the original range is
// preserved and we still consider this pullback successful.
}
return res;
}
/// Push all values in the given range through a p-code operator.
/// If the output set of values forms a range, then set \b this to the range and return \b true.
/// \param opc is the given p-code operator
/// \param in1 is the given input range
/// \param inSize is the storage space in bytes for the input
/// \param outSize is the storage space in bytes for the output
/// \return \b true if the result is known and forms a range
bool CircleRange::pushForwardUnary(OpCode opc,const CircleRange &in1,int4 inSize,int4 outSize)
{
if (in1.isempty) {
isempty = true;
return true;
}
switch(opc) {
case CPUI_CAST:
case CPUI_COPY:
*this = in1;
break;
case CPUI_INT_ZEXT:
isempty = false;
step = in1.step;
mask = calc_mask(outSize);
if (in1.left == in1.right) {
left = in1.left % step;
right = in1.mask + 1 + left;
}
else {
left = in1.left;
right = (in1.right - in1.step) & in1.mask;
if (right < left)
return false; // Extending causes 2 pieces
right += step; // Impossible for it to wrap with bigger mask
}
break;
case CPUI_INT_SEXT:
isempty = false;
step = in1.step;
mask = calc_mask(outSize);
if (in1.left == in1.right) {
uintb rem = in1.left % step;
right = calc_mask(inSize) >> 1;
left = (calc_mask(outSize) ^ right) + rem;
right = right + 1 + rem;
}
else {
left = sign_extend(in1.left, inSize, outSize);
right = sign_extend((in1.right - in1.step)&in1.mask, inSize, outSize);
if ((intb)right < (intb)left)
return false; // Extending causes 2 pieces
right = (right + step) & mask;
}
break;
case CPUI_INT_2COMP:
isempty = false;
step = in1.step;
mask = in1.mask;
right = (~in1.left + 1 + step) & mask;
left = (~in1.right + 1 + step) & mask;
normalize();
break;
case CPUI_INT_NEGATE:
isempty = false;
step = in1.step;
mask = in1.mask;
left = (~in1.right + step) & mask;
right =(~in1.left + step) & mask;
normalize();
break;
case CPUI_BOOL_NEGATE:
case CPUI_FLOAT_NAN:
isempty = false;
mask = 0xff;
step = 1;
left = 0;
right = 2;
break;
default:
return false;
}
return true;
}
/// \brief Push \b this range forward through a binary operation
///
/// Push all values in the given ranges through a binary p-code operator.
/// If the output set of values forms a range, then set \b this to the range and return \b true.
/// \param opc is the given p-code operator
/// \param in1 is the first given input range
/// \param in2 is the second given input range
/// \param inSize is the storage space in bytes for the input
/// \param outSize is the storage space in bytes for the output
/// \param maxStep is the maximum to allow step to grow via multiplication
/// \return \b true if the result is known and forms a range
bool CircleRange::pushForwardBinary(OpCode opc,const CircleRange &in1,const CircleRange &in2,int4 inSize,int4 outSize,int4 maxStep)
{
if (in1.isempty || in2.isempty) {
isempty = true;
return true;
}
switch(opc) {
case CPUI_PTRSUB:
case CPUI_INT_ADD:
isempty = false;
mask = in1.mask | in2.mask;
if (in1.left == in1.right || in2.left == in2.right) {
step = (in1.step < in2.step) ? in1.step : in2.step; // Smaller step
left = (in1.left + in2.left) % step;
right = left;
}
else if (in2.isSingle()) {
step = in1.step;
left = (in1.left + in2.left) & mask;
right = (in1.right + in2.left) & mask;
}
else if (in1.isSingle()) {
step = in2.step;
left = (in2.left + in1.left) & mask;
right = (in2.right +in1.left) & mask;
}
else {
step = (in1.step < in2.step) ? in1.step : in2.step; // Smaller step
uintb size1 = (in1.left < in1.right) ? (in1.right-in1.left) : (in1.mask - (in1.left-in1.right) + in1.step);
left = (in1.left + in2.left) & mask;
right = (in1.right - in1.step + in2.right - in2.step + step) & mask;
uintb sizenew = (left < right) ? (right-left) : (mask - (left-right) + step);
if (sizenew < size1) {
right = left; // Over-flow, we covered everything
}
normalize();
}
break;
case CPUI_INT_MULT:
{
isempty = false;
mask = in1.mask | in2.mask;
uintb constVal;
if (in1.isSingle()) {
constVal = in1.getMin();
step = in2.step;
}
else if (in2.isSingle()) {
constVal = in2.getMin();
step = in1.step;
}
else
return false;
uint4 tmp = (uint4)constVal;
while(step < maxStep) {
if ((tmp & 1) != 0) break;
step <<= 1;
tmp >>= 1;
}
int4 wholeSize = 8*sizeof(uintb) - count_leading_zeros(mask);
if (in1.getMaxInfo() + in2.getMaxInfo() > wholeSize) {
left = (in1.left * in2.left) % step;
right = left; // Covered everything
normalize();
return true;
}
if ((constVal & (mask ^ (mask >> 1))) != 0) { // Multiplying by negative number
left = ((in1.right - in1.step) * (in2.right - in2.step)) & mask;
right = ((in1.left * in2.left) + step) & mask;
}
else {
left = (in1.left * in2.left)&mask;
right = ((in1.right - in1.step) * (in2.right - in2.step) + step) & mask;
}
break;
}
case CPUI_INT_LEFT:
{
if (!in2.isSingle()) return false;
isempty = false;
mask = in1.mask;
step = in1.step;
uint4 sa = (uint4)in2.getMin();
uint4 tmp = sa;
while(step < maxStep && tmp > 0) {
step <<= 1;
tmp -= 1;
}
left = (in1.left << sa)&mask;
right = (in1.right << sa)&mask;
int4 wholeSize = 8*sizeof(uintb) - count_leading_zeros(mask);
if (in1.getMaxInfo() + sa > wholeSize) {
right = left; // Covered everything
normalize();
return true;
}
break;
}
case CPUI_SUBPIECE:
{
if (!in2.isSingle()) return false;
isempty = false;
int4 sa = (int4)in2.left * 8;
mask = calc_mask(outSize);
step = (sa == 0) ? in1.step : 1;
uintb range = (in1.left < in1.right) ? in1.right-in1.left : in1.left - in1.right;
if (range == 0 || ((range >> sa) > mask )) {
left = right = 0; // We cover everything
}
else {
left = in1.left >> sa;
right = ((in1.right - in1.step) >> sa) + step;
left &= mask;
right &= mask;
normalize();
}
break;
}
case CPUI_INT_RIGHT:
{
if (!in2.isSingle()) return false;
isempty = false;
int4 sa = (int4)in2.left;
mask = calc_mask(outSize);
step = 1; // Lose any step
if (in1.left < in1.right) {
left = in1.left >> sa;
right = ((in1.right - in1.step) >> sa) + 1;
}
else {
left = 0;
right = in1.mask >> sa;
}
if (left == right) // Don't truncate accidentally to everything
right = (left + 1)&mask;
break;
}
case CPUI_INT_SRIGHT:
{
if (!in2.isSingle()) return false;
isempty = false;
int4 sa = (int4)in2.left;
mask = calc_mask(outSize);
step = 1; // Lose any step
int4 bitPos = 8*inSize - 1;
intb valLeft = sign_extend(in1.left,bitPos);
intb valRight = sign_extend(in1.right,bitPos);
if (valLeft >= valRight) {
valRight = (intb)(mask >> 1); // Max positive
valLeft = valRight + 1; // Min negative
valLeft = sign_extend(valLeft,bitPos);
}
left = (valLeft >> sa) & mask;
right = (((valRight - in1.step) >> sa) + 1) & mask;
if (left == right) // Don't truncate accidentally to everything
right = (left + 1)&mask;
break;
}
case CPUI_INT_EQUAL:
case CPUI_INT_NOTEQUAL:
case CPUI_INT_SLESS:
case CPUI_INT_SLESSEQUAL:
case CPUI_INT_LESS:
case CPUI_INT_LESSEQUAL:
case CPUI_INT_CARRY:
case CPUI_INT_SCARRY:
case CPUI_INT_SBORROW:
case CPUI_BOOL_XOR:
case CPUI_BOOL_AND:
case CPUI_BOOL_OR:
case CPUI_FLOAT_EQUAL:
case CPUI_FLOAT_NOTEQUAL:
case CPUI_FLOAT_LESS:
case CPUI_FLOAT_LESSEQUAL:
// Ops with boolean outcome. We don't try to eliminate outcomes here.
isempty = false;
mask = 0xff;
step = 1;
left = 0; // Both true and false are possible
right = 2;
break;
default:
return false;
}
return true;
}
/// \brief Push \b this range forward through a trinary operation
///
/// Push all values in the given ranges through a trinary p-code operator (currenly only CPUI_PTRADD).
/// If the output set of values forms a range, then set \b this to the range and return \b true.
/// \param opc is the given p-code operator
/// \param in1 is the first given input range
/// \param in2 is the second given input range
/// \param in3 is the third given input range
/// \param inSize is the storage space in bytes for the input
/// \param outSize is the storage space in bytes for the output
/// \param maxStep is the maximum to allow step to grow via multiplication
/// \return \b true if the result is known and forms a range
bool CircleRange::pushForwardTrinary(OpCode opc,const CircleRange &in1,const CircleRange &in2,const CircleRange &in3,
int4 inSize,int4 outSize,int4 maxStep)
{
if (opc != CPUI_PTRADD) return false;
CircleRange tmpRange;
if (!tmpRange.pushForwardBinary(CPUI_INT_MULT, in2, in3, inSize, inSize, maxStep))
return false;
return pushForwardBinary(CPUI_INT_ADD, in1, tmpRange, inSize, outSize, maxStep);
}
/// Widen \b this range so at least one of the boundaries matches with the given
/// range, which must contain \b this.
/// \param op2 is the given containing range
/// \param leftIsStable is \b true if we want to match right boundaries
void CircleRange::widen(const CircleRange &op2,bool leftIsStable)
{
if (leftIsStable) {
uintb lmod = left % step;
uintb mod = op2.right % step;
if (mod <= lmod)
right = op2.right + (lmod - mod);
else
right = op2.right - (mod - lmod);
right &= mask;
}
else {
left = op2.left & mask;
}
normalize();
}
/// Recover parameters for a comparison PcodeOp, that returns true for
/// input values exactly in \b this range.
/// Return:
/// - 0 on success
/// - 1 if all inputs must return true
/// - 2 if this is not possible
/// - 3 if no inputs must return true
/// \param opc will contain the OpCode for the comparison PcodeOp
/// \param c will contain the constant input to the op
/// \param cslot will indicate the slot holding the constant
/// \return the success code
int4 CircleRange::translate2Op(OpCode &opc,uintb &c,int4 &cslot) const
{
if (isempty) return 3;
if (step != 1) return 2; // Not possible with a stride
if (right==((left+1)&mask)) { // Single value
opc = CPUI_INT_EQUAL;
cslot = 0;
c = left;
return 0;
}
if (left==((right+1)&mask)) { // All but one value
opc = CPUI_INT_NOTEQUAL;
cslot = 0;
c = right;
return 0;
}
if (left==right) return 1; // All outputs are possible
if (left==0) {
opc = CPUI_INT_LESS;
cslot = 1;
c = right;
return 0;
}
if (right==0) {
opc = CPUI_INT_LESS;
cslot = 0;
c = (left-1)&mask;
return 0;
}
if (left==(mask>>1)+1) {
opc = CPUI_INT_SLESS;
cslot = 1;
c = right;
return 0;
}
if (right==(mask>>1)+1) {
opc = CPUI_INT_SLESS;
cslot = 0;
c = (left-1)&mask;
return 0;
}
return 2; // Cannot represent
}
/// \param s is the stream to write to
void CircleRange::printRaw(ostream &s) const
{
if (isempty) {
s << "(empty)";
return;
}
if (left == right) {
s << "(full";
if (step != 1)
s << ',' << dec << step;
s << ')';
}
else if (right == ((left+1)&mask)) {
s << '[' << hex << left << ']';
}
else {
s << '[' << hex << left << ',' << right;
if (step != 1)
s << ',' << dec << step;
s << ')';
}
}
const int4 ValueSet::MAX_STEP = 32;
/// The initial values in \b this are set based on the type of Varnode:
/// - Constant gets the single value
/// - Input gets all possible values
/// - Other Varnodes that are written start with an empty set
///
/// \param v is the given Varnode to attach to
/// \param tCode indicates whether to treat values as constants are relative offsets
void ValueSet::setVarnode(Varnode *v,int4 tCode)
{
typeCode = tCode;
vn = v;
vn->setValueSet(this);
if (typeCode != 0) {
opCode = CPUI_MAX;
numParams = 0;
range.setRange(0,vn->getSize()); // Treat as offset of 0 relative to special value
leftIsStable = true;
rightIsStable = true;
}
else if (vn->isWritten()) {
PcodeOp *op = vn->getDef();
opCode = op->code();
if (opCode == CPUI_INDIRECT) { // Treat CPUI_INDIRECT as CPUI_COPY
numParams = 1;
opCode = CPUI_COPY;
}
else
numParams = op->numInput();
leftIsStable = false;
rightIsStable = false;
}
else if (vn->isConstant()) {
opCode = CPUI_MAX;
numParams = 0;
range.setRange(vn->getOffset(),vn->getSize());
leftIsStable = true;
rightIsStable = true;
}
else { // Some other form of input
opCode = CPUI_MAX;
numParams = 0;
typeCode = 0;
range.setFull(vn->getSize());
leftIsStable = false;
rightIsStable = false;
}
}
/// Equations are stored as an array of (slot,range) pairs, ordered on slot.
/// \param slot is the given slot
/// \param type is the constraint characteristic
/// \param constraint is the given range
void ValueSet::addEquation(int4 slot,int4 type,const CircleRange &constraint)
{
vector<Equation>::iterator iter;
iter = equations.begin();
while(iter != equations.end()) {
if ((*iter).slot > slot)
break;
++iter;
}
equations.insert(iter,Equation(slot,type,constraint));
}
/// Examine the input value sets that determine \b this set and decide if it
/// is relative. In general, \b this will be relative if any of its inputs are.
/// Certain combinations are indeterminate, which this method flags by
/// returning \b true. The Varnode attached to \b this must have a defining op.
/// \return \b true if there is an indeterminate combination
bool ValueSet::computeTypeCode(void)
{
int4 relCount = 0;
int4 lastTypeCode = 0;
PcodeOp *op = vn->getDef();
for(int4 i=0;i<numParams;++i) {
ValueSet *valueSet = op->getIn(i)->getValueSet();
if (valueSet->typeCode != 0) {
relCount += 1;
lastTypeCode = valueSet->typeCode;
}
}
if (relCount == 0) {
typeCode = 0;
return false;
}
// Only certain operations can propagate a relative value set
switch(opCode) {
case CPUI_PTRSUB:
case CPUI_PTRADD:
case CPUI_INT_ADD:
case CPUI_INT_SUB:
if (relCount == 1)
typeCode = lastTypeCode;
else
return true;
break;
case CPUI_CAST:
case CPUI_COPY:
case CPUI_INDIRECT:
case CPUI_MULTIEQUAL:
typeCode = lastTypeCode;
break;
default:
return true;
}
return false;
}
/// Recalculate \b this value set by grabbing the value sets of the inputs to the
/// operator defining the Varnode attached to \b this value set and pushing them
/// forward through the operator.
/// \return \b true if there was a change to \b this value set
bool ValueSet::iterate(Widener &widener)
{
if (!vn->isWritten()) return false;
if (widener.checkFreeze(*this)) return false;
if (count == 0) {
if (computeTypeCode()) {
setFull();
return true;
}
}
count += 1; // Count this iteration
CircleRange res;
PcodeOp *op = vn->getDef();
int4 eqPos = 0;
if (opCode == CPUI_MULTIEQUAL) {
int4 pieces = 0;
for(int4 i=0;i<numParams;++i) {
ValueSet *inSet = op->getIn(i)->getValueSet();
if (doesEquationApply(eqPos, i)) {
CircleRange rangeCopy(inSet->range);
if (0 !=rangeCopy.intersect(equations[eqPos].range)) {
rangeCopy = equations[eqPos].range;
}
pieces = res.circleUnion(rangeCopy);
eqPos += 1; // Equation was used
}
else {
pieces = res.circleUnion(inSet->range);
}
if (pieces == 2) {
if (res.minimalContainer(inSet->range,MAX_STEP)) // Could not get clean union, force it
break;
}
}
if (0 != res.circleUnion(range)) { // Union with the previous iteration's set
res.minimalContainer(range,MAX_STEP);
}
if (!range.isEmpty() && !res.isEmpty()) {
leftIsStable = range.getMin() == res.getMin();
rightIsStable = range.getEnd() == res.getEnd();
}
}
else if (numParams == 1) {
ValueSet *inSet1 = op->getIn(0)->getValueSet();
if (doesEquationApply(eqPos, 0)) {
CircleRange rangeCopy(inSet1->range);
if (0 != rangeCopy.intersect(equations[eqPos].range)) {
rangeCopy = equations[eqPos].range;
}
if (!res.pushForwardUnary(opCode, rangeCopy, inSet1->vn->getSize(), vn->getSize())) {
setFull();
return true;
}
eqPos += 1;
}
else if (!res.pushForwardUnary(opCode, inSet1->range, inSet1->vn->getSize(), vn->getSize())) {
setFull();
return true;
}
leftIsStable = inSet1->leftIsStable;
rightIsStable = inSet1->rightIsStable;
}
else if (numParams == 2) {
ValueSet *inSet1 = op->getIn(0)->getValueSet();
ValueSet *inSet2 = op->getIn(1)->getValueSet();
if (equations.size() == 0) {
if (!res.pushForwardBinary(opCode, inSet1->range, inSet2->range, inSet1->vn->getSize(), vn->getSize(), MAX_STEP)) {
setFull();
return true;
}
}
else {
CircleRange range1 = inSet1->range;
CircleRange range2 = inSet2->range;
if (doesEquationApply(eqPos, 0)) {
if (0 != range1.intersect(equations[eqPos].range))
range1 = equations[eqPos].range;
eqPos += 1;
}
if (doesEquationApply(eqPos, 1)) {
if (0 != range2.intersect(equations[eqPos].range))
range2 = equations[eqPos].range;
}
if (!res.pushForwardBinary(opCode, range1, range2, inSet1->vn->getSize(), vn->getSize(), MAX_STEP)) {
setFull();
return true;
}
}
leftIsStable = inSet1->leftIsStable && inSet2->leftIsStable;
rightIsStable = inSet1->rightIsStable && inSet2->rightIsStable;
}
else if (numParams == 3) {
ValueSet *inSet1 = op->getIn(0)->getValueSet();
ValueSet *inSet2 = op->getIn(1)->getValueSet();
ValueSet *inSet3 = op->getIn(2)->getValueSet();
CircleRange range1 = inSet1->range;
CircleRange range2 = inSet2->range;
if (doesEquationApply(eqPos, 0)) {
if (0 != range1.intersect(equations[eqPos].range))
range1 = equations[eqPos].range;
eqPos += 1;
}
if (doesEquationApply(eqPos, 1)) {
if (0 != range2.intersect(equations[eqPos].range))
range2 = equations[eqPos].range;
}
if (!res.pushForwardTrinary(opCode, range1, range2, inSet3->range, inSet1->vn->getSize(), vn->getSize(), MAX_STEP)) {
setFull();
return true;
}
leftIsStable = inSet1->leftIsStable && inSet2->leftIsStable;
rightIsStable = inSet1->rightIsStable && inSet2->rightIsStable;
}
else
return false; // No way to change this value set
if (res == range)
return false;
if (partHead != (Partition *)0) {
if (!widener.doWidening(*this, range, res))
setFull();
}
else
range = res;
return true;
}
/// If a landmark was associated with \b this value set, return its range,
/// otherwise return null.
/// \return the landmark range or null
const CircleRange *ValueSet::getLandMark(void) const
{
// Any equation can serve as a landmark. We prefer the one restricting the
// value of an input branch, as these usually give a tighter approximation
// of the stable point.
for(int4 i=0;i<equations.size();++i) {
if (equations[i].typeCode == typeCode)
return &equations[i].range;
}
return (const CircleRange *)0;
}
/// \param s is the stream to print to
void ValueSet::printRaw(ostream &s) const
{
if (vn == (Varnode *)0)
s << "root";
else
vn->printRaw(s);
if (typeCode == 0)
s << " absolute";
else
s << " stackptr";
if (opCode == CPUI_MAX) {
if (vn->isConstant())
s << " const";
else
s << " input";
}
else
s << ' ' << get_opname(opCode);
s << ' ';
range.printRaw(s);
}
/// \param o is the PcodeOp reading the value set
/// \param slt is the input slot the values are coming in from
void ValueSetRead::setPcodeOp(PcodeOp *o,int4 slt)
{
typeCode = 0;
op = o;
slot = slt;
equationTypeCode = -1;
}
/// \param slt is the given slot
/// \param type is the constraint characteristic
/// \param constraint is the given range
void ValueSetRead::addEquation(int4 slt,int4 type,const CircleRange &constraint)
{
if (slot == slt) {
equationTypeCode = type;
equationConstraint = constraint;
}
}
/// This value set will be the same as the ValueSet of the Varnode being read but may
/// be modified due to additional control-flow constraints
void ValueSetRead::compute(void)
{
Varnode *vn = op->getIn(slot);
ValueSet *valueSet = vn->getValueSet();
typeCode = valueSet->getTypeCode();
range = valueSet->getRange();
leftIsStable = valueSet->isLeftStable();
rightIsStable = valueSet->isRightStable();
if (typeCode == equationTypeCode) {
if (0 != range.intersect(equationConstraint)) {
range = equationConstraint;
}
}
}
/// \param s is the stream to print to
void ValueSetRead::printRaw(ostream &s) const
{
s << "Read: " << get_opname(op->code());
s << '(' << op->getSeqNum() << ')';
if (typeCode == 0)
s << " absolute ";
else
s << " stackptr ";
range.printRaw(s);
}
int4 WidenerFull::determineIterationReset(const ValueSet &valueSet)
{
if (valueSet.getCount() >= widenIteration)
return widenIteration; // Reset to point just after any widening
return 0; // Delay widening, if we haven't performed it yet
}
bool WidenerFull::checkFreeze(const ValueSet &valueSet)
{
return valueSet.getRange().isFull();
}
bool WidenerFull::doWidening(const ValueSet &valueSet,CircleRange &range,const CircleRange &newRange)
{
if (valueSet.getCount() < widenIteration) {
range = newRange;
return true;
}
else if (valueSet.getCount() == widenIteration) {
const CircleRange *landmark = valueSet.getLandMark();
if (landmark != (const CircleRange *)0) {
bool leftIsStable = range.getMin() == newRange.getMin();
range = newRange; // Preserve any new step information
if (landmark->contains(range)) {
range.widen(*landmark,leftIsStable);
return true;
}
else {
CircleRange constraint = *landmark;
constraint.invert();
if (constraint.contains(range)) {
range.widen(constraint,leftIsStable);
return true;
}
}
}
}
else if (valueSet.getCount() < fullIteration) {
range = newRange;
return true;
}
return false; // Indicate that constrained widening failed (set to full)
}
int4 WidenerNone::determineIterationReset(const ValueSet &valueSet)
{
if (valueSet.getCount() >= freezeIteration)
return freezeIteration; // Reset to point just after any widening
return valueSet.getCount();
}
bool WidenerNone::checkFreeze(const ValueSet &valueSet)
{
if (valueSet.getRange().isFull())
return true;
return (valueSet.getCount() >= freezeIteration);
}
bool WidenerNone::doWidening(const ValueSet &valueSet,CircleRange &range,const CircleRange &newRange)
{
range = newRange;
return true;
}
/// \brief Construct an iterator over the outbound edges of the given ValueSet node
///
/// Mostly this just forwards the ValueSets attached to output Varnodes
/// of the descendant ops of the Varnode attached to the given node, but this
/// allows for an artificial root node so we can simulate multiple input nodes.
/// \param node is the given ValueSet node (NULL if this is the simulated root)
/// \param roots is the list of input ValueSets to use for the simulated root
ValueSetSolver::ValueSetEdge::ValueSetEdge(ValueSet *node,const vector<ValueSet *> &roots)
{
vn = node->getVarnode();
if (vn == (Varnode *)0) { // Assume this is the simulated root
rootEdges = &roots; // Set up for simulated edges
rootPos = 0;
}
else {
rootEdges = (const vector<ValueSet *> *)0;
iter = vn->beginDescend();
}
}
/// \brief Get the ValueSet pointed to by this iterator and advance the iterator
///
/// This method assumes all Varnodes with an attached ValueSet have been marked.
/// \return the next ValueSet or NULL if the end of the list is reached
ValueSet *ValueSetSolver::ValueSetEdge::getNext(void)
{
if (vn == (Varnode *)0) {
if (rootPos < rootEdges->size()) {
ValueSet *res = (*rootEdges)[rootPos];
rootPos += 1;
return res;
}
return (ValueSet *)0;
}
while(iter != vn->endDescend()) {
PcodeOp *op = *iter;
++iter;
Varnode *outVn = op->getOut();
if (outVn != (Varnode *)0 && outVn->isMark()) {
return outVn->getValueSet();
}
}
return (ValueSet *)0;
}
/// The new ValueSet is attached to the given Varnode
/// \param vn is the given Varnode
/// \param tCode is the type to associate with the Varnode
void ValueSetSolver::newValueSet(Varnode *vn,int4 tCode)
{
valueNodes.emplace_back();
valueNodes.back().setVarnode(vn, tCode);
}
/// This method saves a Partition to permanent storage. It marks the
/// starting node of the partition and sets up for the iterating algorithm.
/// \param part is the partition to store
void ValueSetSolver::partitionSurround(Partition &part)
{
recordStorage.push_back(part);
part.startNode->partHead = &recordStorage.back();
}
/// Knowing that the given Varnode is the head of a partition, generate
/// the partition recursively and generate the formal Partition object.
/// \param vertex is the given ValueSet (attached to the head Varnode)
/// \param part will hold the constructed Partition
void ValueSetSolver::component(ValueSet *vertex,Partition &part)
{
ValueSetEdge edgeIterator(vertex,rootNodes);
ValueSet *succ = edgeIterator.getNext();
while(succ != (ValueSet *)0) {
if (succ->count == 0)
visit(succ,part);
succ = edgeIterator.getNext();
}
partitionPrepend(vertex, part);
partitionSurround(part);
}
/// \param vertex is the current Varnode being walked
/// \param part is the current Partition being constructed
/// \return the index of calculated head ValueSet for the current Parition
int4 ValueSetSolver::visit(ValueSet *vertex,Partition &part)
{
nodeStack.push_back(vertex);
depthFirstIndex += 1;
vertex->count = depthFirstIndex;
int4 head = depthFirstIndex;
bool loop = false;
ValueSetEdge edgeIterator(vertex,rootNodes);
ValueSet *succ = edgeIterator.getNext();
while(succ != (ValueSet *)0) {
int4 min;
if (succ->count == 0)
min = visit(succ,part);
else
min = succ->count;
if (min <= head) {
head = min;
loop = true;
}
succ = edgeIterator.getNext();
}
if (head == vertex->count) {
vertex->count = 0x7fffffff; // Set to "infinity"
ValueSet *element = nodeStack.back();
nodeStack.pop_back();
if (loop) {
while(element != vertex) {
element->count = 0;
element = nodeStack.back();
nodeStack.pop_back();
}
Partition compPart; // empty partition
component(vertex,compPart);
partitionPrepend(compPart, part);
}
else {
partitionPrepend(vertex, part);
}
}
return head;
}
/// \brief Establish the recursive node ordering for iteratively solving the value set system.
///
/// This algorithm is based on "Efficient chaotic iteration strategies with widenings" by
/// Francois Bourdoncle. The Varnodes in the system are ordered and a set of nested
/// Partition components are generated. Iterating the ValueSets proceeds in this order,
/// looping through the components recursively until a fixed point is reached.
/// This implementation assumes all Varnodes in the system are distinguished by
/// Varnode::isMark() returning \b true.
void ValueSetSolver::establishTopologicalOrder(void)
{
for(list<ValueSet>::iterator iter=valueNodes.begin();iter!=valueNodes.end();++iter) {
(*iter).count = 0;
(*iter).next = (ValueSet *)0;
(*iter).partHead = (Partition *)0;
}
ValueSet rootNode;
rootNode.vn = (Varnode *)0;
depthFirstIndex = 0;
visit(&rootNode,orderPartition);
orderPartition.startNode = orderPartition.startNode->next; // Remove simulated root
}
/// \brief Generate an equation given a \b true constraint and the input/output Varnodes it affects
///
/// The equation is expressed as: only \b true values can reach the indicated input to a specific PcodeOp.
/// The equation is attached to the output of the PcodeOp.
/// \param vn is the output Varnode the equation will be attached to
/// \param op is the specific PcodeOp
/// \param slot is the input slot of the constrained input Varnode
/// \param type is the type of values
/// \param range is the range of \b true values
void ValueSetSolver::generateTrueEquation(Varnode *vn,PcodeOp *op,int4 slot,int4 type,const CircleRange &range)
{
if (vn != (Varnode *) 0)
vn->getValueSet()->addEquation(slot, type, range);
else
readNodes[op->getSeqNum()].addEquation(slot, type, range);// Special read site
}
/// \brief Generate the complementary equation given a \b true constraint and the input/output Varnodes it affects
///
/// The equation is expressed as: only \b false values can reach the indicated input to a specific PcodeOp.
/// The equation is attached to the output of the PcodeOp.
/// \param vn is the output Varnode the equation will be attached to
/// \param op is the specific PcodeOp
/// \param slot is the input slot of the constrained input Varnode
/// \param type is the type of values
/// \param range is the range of \b true values, which must be complemented
void ValueSetSolver::generateFalseEquation(Varnode *vn,PcodeOp *op,int4 slot,int4 type,const CircleRange &range)
{
CircleRange falseRange(range);
falseRange.invert();
if (vn != (Varnode *) 0)
vn->getValueSet()->addEquation(slot, type, falseRange);
else
readNodes[op->getSeqNum()].addEquation(slot, type, falseRange);// Special read site
}
/// \brief Look for PcodeOps where the given constraint range applies and instantiate an equation
///
/// If a read of the given Varnode is in a basic block dominated by the condition producing the
/// constraint, then either the constraint or its complement applies to the PcodeOp reading
/// the Varnode. An equation holding the constraint is added to the ValueSet of the Varnode
/// output of the PcodeOp.
/// \param vn is the given Varnode
/// \param type is the constraint characteristic
/// \param range is the known constraint (assuming the \b true branch was taken)
/// \param cbranch is conditional branch creating the constraint
void ValueSetSolver::applyConstraints(Varnode *vn,int4 type,const CircleRange &range,PcodeOp *cbranch)
{
FlowBlock *splitPoint = cbranch->getParent();
FlowBlock *trueBlock,*falseBlock;
if (cbranch->isBooleanFlip()) {
trueBlock = splitPoint->getFalseOut();
falseBlock = splitPoint->getTrueOut();
}
else {
trueBlock = splitPoint->getTrueOut();
falseBlock = splitPoint->getFalseOut();
}
// Check if the only path to trueBlock or falseBlock is via a splitPoint out-edge induced by the condition
bool trueIsRestricted = trueBlock->restrictedByConditional(splitPoint);
bool falseIsRestricted = falseBlock->restrictedByConditional(splitPoint);
list<PcodeOp *>::const_iterator iter;
if (vn->isWritten()) {
ValueSet *vSet = vn->getValueSet();
if (vSet->opCode == CPUI_MULTIEQUAL) {
vSet->addLandmark(type,range); // Leave landmark for widening
}
}
for(iter=vn->beginDescend();iter!=vn->endDescend();++iter) {
PcodeOp *op = *iter;
Varnode *outVn = (Varnode *)0;
if (!op->isMark()) { // If this is not a special read site
outVn = op->getOut(); // Make sure there is a Varnode in the system
if (outVn == (Varnode *)0) continue;
if (!outVn->isMark()) continue;
}
FlowBlock *curBlock = op->getParent();
int4 slot = op->getSlot(vn);
if (op->code() == CPUI_MULTIEQUAL) {
if (curBlock == trueBlock) {
// If its possible that both the true and false edges can reach trueBlock
// then the only input we can restrict is a MULTIEQUAL input along the exact true edge
if (trueIsRestricted || trueBlock->getIn(slot) == splitPoint)
generateTrueEquation(outVn, op, slot, type, range);
continue;
}
else if (curBlock == falseBlock) {
// If its possible that both the true and false edges can reach falseBlock
// then the only input we can restrict is a MULTIEQUAL input along the exact false edge
if (falseIsRestricted || falseBlock->getIn(slot) == splitPoint)
generateFalseEquation(outVn, op, slot, type, range);
continue;
}
else
curBlock = curBlock->getIn(slot); // MULTIEQUAL input is really only from one in-block
}
for(;;) {
if (curBlock == trueBlock) {
if (trueIsRestricted)
generateTrueEquation(outVn, op, slot, type, range);
break;
}
else if (curBlock == falseBlock) {
if (falseIsRestricted)
generateFalseEquation(outVn, op, slot, type, range);
break;
}
else if (curBlock == splitPoint || curBlock == (FlowBlock *)0)
break;
curBlock = curBlock->getImmedDom();
}
}
}
/// \brief Generate constraints given a Varnode path
///
/// Knowing that there is a lifting path from the given starting Varnode to an ending Varnode
/// in the system, go ahead and lift the given range to a final constraint on the ending
/// Varnode. Then look for reads of the Varnode where the constraint applies.
/// \param type is the constraint characteristic
/// \param lift is the given range that will be lifted
/// \param startVn is the starting Varnode
/// \param endVn is the given ending Varnode in the system
/// \param cbranch is the PcodeOp causing the control-flow split
void ValueSetSolver::constraintsFromPath(int4 type,CircleRange &lift,Varnode *startVn,Varnode *endVn,PcodeOp *cbranch)
{
while(startVn != endVn) {
Varnode *constVn;
startVn = lift.pullBack(startVn->getDef(),&constVn,false);
if (startVn == (Varnode *)0) return; // Couldn't pull all the way back to our value set
}
for(;;) {
Varnode *constVn;
applyConstraints(endVn,type,lift,cbranch);
if (!endVn->isWritten()) break;
PcodeOp *op = endVn->getDef();
if (op->isCall() || op->isMarker()) break;
endVn = lift.pullBack(op,&constVn,false);
if (endVn == (Varnode *)0) break;
if (!endVn->isMark()) break;
}
}
/// Lift the set of values on the condition for the given CBRANCH to any
/// Varnode in the system, and label (the reads) of any such Varnode with
/// the constraint. If the values cannot be lifted or no Varnode in the system
/// is found, no constraints are generated.
/// \param cbranch is the given condition branch
void ValueSetSolver::constraintsFromCBranch(PcodeOp *cbranch)
{
Varnode *vn = cbranch->getIn(1); // Get Varnode deciding the condition
while(!vn->isMark()) {
if (!vn->isWritten()) break;
PcodeOp *op = vn->getDef();
if (op->isCall() || op->isMarker())
break;
int4 num = op->numInput();
if (num == 0 || num > 2) break;
vn = op->getIn(0);
if (num == 2) {
if (vn->isConstant())
vn = op->getIn(1);
else if (!op->getIn(1)->isConstant()) {
// If we reach here, both inputs are non-constant
generateRelativeConstraint(op, cbranch);
return;
}
// If we reach here, vn is non-constant, other input is constant
}
}
if (vn->isMark()) {
CircleRange lift(true);
Varnode *startVn = cbranch->getIn(1);
constraintsFromPath(0,lift,startVn,vn,cbranch);
}
}
/// Given a complete data-flow system of Varnodes, look for any \e constraint:
/// - For a particular Varnode
/// - A limited set of values
/// - Due to its involvement in a branch condition
/// - Which applies at a particular \e read of the Varnode
///
/// \param worklist is the set of Varnodes in the data-flow system (all marked)
/// \param reads is the additional set of PcodeOps that read a Varnode from the system
void ValueSetSolver::generateConstraints(const vector<Varnode *> &worklist,const vector<PcodeOp *> &reads)
{
vector<FlowBlock *> blockList;
// Collect all blocks that contain a system op (input) or dominate a container
for(int4 i=0;i<worklist.size();++i) {
PcodeOp *op = worklist[i]->getDef();
if (op == (PcodeOp *)0) continue;
FlowBlock *bl = op->getParent();
if (op->code() == CPUI_MULTIEQUAL) {
for(int4 j=0;j<bl->sizeIn();++j) {
FlowBlock *curBl = bl->getIn(j);
do {
if (curBl->isMark()) break;
curBl->setMark();
blockList.push_back(curBl);
curBl = curBl->getImmedDom();
} while(curBl != (FlowBlock *)0);
}
}
else {
do {
if (bl->isMark()) break;
bl->setMark();
blockList.push_back(bl);
bl = bl->getImmedDom();
} while(bl != (FlowBlock *)0);
}
}
for(int4 i=0;i<reads.size();++i) {
FlowBlock *bl = reads[i]->getParent();
do {
if (bl->isMark()) break;
bl->setMark();
blockList.push_back(bl);
bl = bl->getImmedDom();
} while(bl != (FlowBlock *)0);
}
for(int4 i=0;i<blockList.size();++i)
blockList[i]->clearMark();
vector<FlowBlock *> finalList;
// Now go through input blocks to the previously calculated blocks
for(int4 i=0;i<blockList.size();++i) {
FlowBlock *bl = blockList[i];
for(int4 j=0;j<bl->sizeIn();++j) {
BlockBasic *splitPoint = (BlockBasic *)bl->getIn(j);
if (splitPoint->isMark()) continue;
if (splitPoint->sizeOut() != 2) continue;
PcodeOp *lastOp = splitPoint->lastOp();
if (lastOp != (PcodeOp *)0 && lastOp->code() == CPUI_CBRANCH) {
splitPoint->setMark();
finalList.push_back(splitPoint);
constraintsFromCBranch(lastOp); // Try to generate constraints from this splitPoint
}
}
}
for(int4 i=0;i<finalList.size();++i)
finalList[i]->clearMark();
}
/// Verify that the given Varnode is produced by a straight line sequence of
/// COPYs, INT_ADDs with a constant, from the base register marked as \e relative
/// for our system.
/// \param vn is the given Varnode
/// \param typeCode will hold the base register code (if found)
/// \param value will hold the additive value relative to the base register (if found)
/// \return \b true if the Varnode is a \e relative constant
bool ValueSetSolver::checkRelativeConstant(Varnode *vn,int4 &typeCode,uintb &value) const
{
value = 0;
for(;;) {
if (vn->isMark()) {
ValueSet *valueSet = vn->getValueSet();
if (valueSet->typeCode != 0) {
typeCode = valueSet->typeCode;
break;
}
}
if (!vn->isWritten()) return false;
PcodeOp *op = vn->getDef();
OpCode opc = op->code();
if (opc == CPUI_COPY || opc == CPUI_INDIRECT)
vn = op->getIn(0);
else if (opc == CPUI_INT_ADD || opc == CPUI_PTRSUB) {
Varnode *constVn = op->getIn(1);
if (!constVn->isConstant())
return false;
value = (value + constVn->getOffset()) & calc_mask(constVn->getSize());
vn = op->getIn(0);
}
else
return false;
}
return true;
}
/// Given a binary PcodeOp producing a conditional branch, check if it can be interpreted
/// as a constraint relative to (the) base register specified for this system. If it can
/// be, a \e relative Equation is generated, which will apply to \e relative ValueSets.
/// \param compOp is the comparison PcodeOp
/// \param cbranch is the conditional branch
void ValueSetSolver::generateRelativeConstraint(PcodeOp *compOp,PcodeOp *cbranch)
{
OpCode opc = compOp->code();
switch(opc) {
case CPUI_INT_LESS:
opc = CPUI_INT_SLESS; // Treat unsigned pointer comparisons as signed relative to the base register
break;
case CPUI_INT_LESSEQUAL:
opc = CPUI_INT_SLESSEQUAL;
break;
case CPUI_INT_SLESS:
case CPUI_INT_SLESSEQUAL:
case CPUI_INT_EQUAL:
case CPUI_INT_NOTEQUAL:
break;
default:
return;
}
int4 typeCode;
uintb value;
Varnode *vn;
Varnode *inVn0 = compOp->getIn(0);
Varnode *inVn1 = compOp->getIn(1);
CircleRange lift(true);
if (checkRelativeConstant(inVn0, typeCode, value)) {
vn = inVn1;
if (!lift.pullBackBinary(opc, value, 1, vn->getSize(), 1))
return;
}
else if (checkRelativeConstant(inVn1,typeCode,value)) {
vn = inVn0;
if (!lift.pullBackBinary(opc, value, 0, vn->getSize(), 1))
return;
}
else
return; // Neither side looks like a relative constant
Varnode *endVn = vn;
while(!endVn->isMark()) {
if (!endVn->isWritten()) return;
PcodeOp *op = endVn->getDef();
opc = op->code();
if (opc == CPUI_COPY || opc == CPUI_PTRSUB) {
endVn = op->getIn(0);
}
else if (opc == CPUI_INT_ADD) { // Can pull-back through INT_ADD
if (!op->getIn(1)->isConstant()) // if second param is constant
return;
endVn = op->getIn(0);
}
else
return;
}
constraintsFromPath(typeCode,lift,vn,endVn,cbranch);
}
/// \brief Build value sets for a data-flow system
///
/// Given a set of sinks, find all the Varnodes that flow directly into them and set up their
/// initial ValueSet objects.
/// \param sinks is the list terminating Varnodes
/// \param reads are add-on PcodeOps where we would like to know input ValueSets at the point of read
/// \param stackReg (if non-NULL) gives the stack pointer (for keeping track of relative offsets)
/// \param indirectAsCopy is \b true if solver should treat CPUI_INDIRECT as CPUI_COPY operations
void ValueSetSolver::establishValueSets(const vector<Varnode *> &sinks,const vector<PcodeOp *> &reads,Varnode *stackReg,
bool indirectAsCopy)
{
vector<Varnode *> worklist;
int4 workPos = 0;
if (stackReg != (Varnode *)0) {
newValueSet(stackReg,1); // Establish stack pointer as special
stackReg->setMark();
worklist.push_back(stackReg);
workPos += 1;
rootNodes.push_back(stackReg->getValueSet());
}
for(int4 i=0;i<sinks.size();++i) {
Varnode *vn = sinks[i];
newValueSet(vn,0);
vn->setMark();
worklist.push_back(vn);
}
while(workPos < worklist.size()) {
Varnode *vn = worklist[workPos];
workPos += 1;
if (!vn->isWritten()) {
if (vn->isConstant()) {
// Constant inputs to binary ops should not be treated as root nodes as they
// get picked up during iteration by the other input, except in the case of a
// a PTRSUB from a spacebase constant.
if (vn->isSpacebase() || vn->loneDescend()->numInput() == 1)
rootNodes.push_back(vn->getValueSet());
}
else
rootNodes.push_back(vn->getValueSet());
continue;
}
PcodeOp *op = vn->getDef();
switch(op->code()) { // Distinguish ops where we can never predict an integer range
case CPUI_INDIRECT:
if (indirectAsCopy || op->isIndirectStore()) {
Varnode *inVn = op->getIn(0);
if (!inVn->isMark()) {
newValueSet(inVn,0);
inVn->setMark();
worklist.push_back(inVn);
}
}
else {
vn->getValueSet()->setFull();
rootNodes.push_back(vn->getValueSet());
}
break;
case CPUI_CALL:
case CPUI_CALLIND:
case CPUI_CALLOTHER:
case CPUI_LOAD:
case CPUI_NEW:
case CPUI_SEGMENTOP:
case CPUI_CPOOLREF:
case CPUI_FLOAT_ADD:
case CPUI_FLOAT_DIV:
case CPUI_FLOAT_MULT:
case CPUI_FLOAT_SUB:
case CPUI_FLOAT_NEG:
case CPUI_FLOAT_ABS:
case CPUI_FLOAT_SQRT:
case CPUI_FLOAT_INT2FLOAT:
case CPUI_FLOAT_FLOAT2FLOAT:
case CPUI_FLOAT_TRUNC:
case CPUI_FLOAT_CEIL:
case CPUI_FLOAT_FLOOR:
case CPUI_FLOAT_ROUND:
vn->getValueSet()->setFull();
rootNodes.push_back(vn->getValueSet());
break;
default:
for(int4 i=0;i<op->numInput();++i) {
Varnode *inVn = op->getIn(i);
if (inVn->isMark() || inVn->isAnnotation()) continue;
newValueSet(inVn,0);
inVn->setMark();
worklist.push_back(inVn);
}
break;
}
}
for(int4 i=0;i<reads.size();++i) {
PcodeOp *op = reads[i];
for(int4 slot=0;slot<op->numInput();++slot) {
Varnode *vn = op->getIn(slot);
if (vn->isMark()) {
readNodes[op->getSeqNum()].setPcodeOp(op, slot);
op->setMark(); // Mark read ops for equation generation stage
break; // Only 1 read allowed
}
}
}
generateConstraints(worklist,reads);
for(int4 i=0;i<reads.size();++i)
reads[i]->clearMark(); // Clear marks on read ops
establishTopologicalOrder();
for(int4 i=0;i<worklist.size();++i)
worklist[i]->clearMark();
}
/// The ValueSets are recalculated in the established topological ordering, with looping
/// at various levels until a fixed point is reached.
/// \param max is the maximum number of iterations to allow before forcing termination
/// \param widener is the Widening strategy to use to accelerate stabilization
void ValueSetSolver::solve(int4 max,Widener &widener)
{
maxIterations = max;
numIterations = 0;
for(list<ValueSet>::iterator iter=valueNodes.begin();iter!=valueNodes.end();++iter)
(*iter).count = 0;
vector<Partition *> componentStack;
Partition *curComponent = (Partition *)0;
ValueSet *curSet = orderPartition.startNode;
while(curSet != (ValueSet *)0) {
numIterations += 1;
if (numIterations > maxIterations) break; // Quit if max iterations exceeded
if (curSet->partHead != (Partition *)0 && curSet->partHead != curComponent) {
componentStack.push_back(curSet->partHead);
curComponent = curSet->partHead;
curComponent->isDirty = false;
// Reset component counter upon entry
curComponent->startNode->count = widener.determineIterationReset(*curComponent->startNode);
}
if (curComponent != (Partition *)0) {
if (curSet->iterate(widener))
curComponent->isDirty = true;
if (curComponent->stopNode != curSet) {
curSet = curSet->next;
}
else {
for(;;) {
if (curComponent->isDirty) {
curComponent->isDirty = false;
curSet = curComponent->startNode;
if (componentStack.size() > 1) { // Mark parent as dirty if we are restarting dirty child
componentStack[componentStack.size()-2]->isDirty = true;
}
break;
}
componentStack.pop_back();
if (componentStack.empty()) {
curComponent = (Partition *)0;
curSet = curSet->next;
break;
}
curComponent = componentStack.back();
if (curComponent->stopNode != curSet) {
curSet = curSet->next;
break;
}
}
}
}
else {
curSet->iterate(widener);
curSet = curSet->next;
}
}
map<SeqNum,ValueSetRead>::iterator riter;
for(riter=readNodes.begin();riter!=readNodes.end();++riter)
(*riter).second.compute(); // Calculate any follow-on value sets
}
#ifdef CPUI_DEBUG
void ValueSetSolver::dumpValueSets(ostream &s) const
{
list<ValueSet>::const_iterator iter;
for(iter=valueNodes.begin();iter!=valueNodes.end();++iter) {
(*iter).printRaw(s);
s << endl;
}
map<SeqNum,ValueSetRead>::const_iterator riter;
for(riter=readNodes.begin();riter!=readNodes.end();++riter) {
(*riter).second.printRaw(s);
s << endl;
}
}
#endif
} // End namespace ghidra
Reference in a new issue View git blame Copy permalink