A prototype model: a model for passing parameters between functions. More...
#include <fspec.hh>
Public Types | |
| enum | { extrapop_unknown = 0x8000 } |
Public Member Functions | |
| ProtoModel (Architecture *g) | |
| Constructor for use with restoreXml() More... | |
| ProtoModel (const string &nm, const ProtoModel &op2) | |
| Copy constructor changing the name. More... | |
| virtual | ~ProtoModel (void) |
| Destructor. | |
| uint4 | hasEffect (const Address &addr, int4 size) const |
| Determine side-effect of this on the given memory range. More... | |
| bool | isCompatible (const ProtoModel *op2) const |
| Return true if other given model can be substituted for this. More... | |
| void | deriveInputMap (ParamActive *active) const |
| Given a list of input trials, derive the most likely input prototype. More... | |
| void | deriveOutputMap (ParamActive *active) const |
| Given a list of output trials, derive the most likely output prototype. More... | |
| void | assignParameterStorage (const vector< Datatype * > &typelist, vector< ParameterPieces > &res, bool ignoreOutputError) |
| Calculate input and output storage locations given a function prototype. More... | |
| bool | checkInputJoin (const Address &hiaddr, int4 hisize, const Address &loaddr, int4 losize) const |
| Check if the given two input storage locations can represent a single logical parameter. More... | |
| bool | checkOutputJoin (const Address &hiaddr, int4 hisize, const Address &loaddr, int4 losize) const |
| Check if the given two output storage locations can represent a single logical return value. More... | |
| bool | checkInputSplit (const Address &loc, int4 size, int4 splitpoint) const |
| Check if it makes sense to split a single storage location into two input parameters. More... | |
| int4 | characterizeAsInputParam (const Address &loc, int4 size) const |
| Characterize whether the given range overlaps parameter storage. More... | |
| bool | possibleInputParam (const Address &loc, int4 size) const |
| Does the given storage location make sense as an input parameter. More... | |
| bool | possibleOutputParam (const Address &loc, int4 size) const |
| Does the given storage location make sense as a return value. More... | |
| bool | possibleInputParamWithSlot (const Address &loc, int4 size, int4 &slot, int4 &slotsize) const |
| Pass-back the slot and slot size for the given storage location as an input parameter. More... | |
| bool | possibleOutputParamWithSlot (const Address &loc, int4 size, int4 &slot, int4 &slotsize) const |
| Pass-back the slot and slot size for the given storage location as a return value. More... | |
| bool | unjustifiedInputParam (const Address &loc, int4 size, VarnodeData &res) const |
| Check if the given storage location looks like an unjustified input parameter. More... | |
| OpCode | assumedInputExtension (const Address &addr, int4 size, VarnodeData &res) const |
| Get the type of extension and containing input parameter for the given storage. More... | |
| OpCode | assumedOutputExtension (const Address &addr, int4 size, VarnodeData &res) const |
| Get the type of extension and containing return value location for the given storage. More... | |
| bool | getBiggestContainedInputParam (const Address &loc, int4 size, VarnodeData &res) const |
| Pass-back the biggest input parameter contained within the given range. More... | |
| int4 | getMaxInputDelay (void) const |
| Return the maximum heritage delay across all possible input parameters. More... | |
| int4 | getMaxOutputDelay (void) const |
| Return the maximum heritage delay across all possible return values. More... | |
| virtual void | restoreXml (const Element *el) |
| Restore this model from an XML stream. More... | |
Static Public Member Functions | |
| static uint4 | lookupEffect (const vector< EffectRecord > &efflist, const Address &addr, int4 size) |
| Look up an effect from the given EffectRecord list. More... | |
Friends | |
| class | ProtoModelMerged |
Detailed Description
A prototype model: a model for passing parameters between functions.
This encompasses both input parameters and return values. It attempts to describe the ABI, Application Binary Interface, of the processor or compiler. Any number of function prototypes (FuncProto) can be implemented under a prototype model, which represents a static rule set the compiler uses to decide:
- Storage locations for input parameters
- Storage locations for return values
- Expected side-effects of a function on other (non-parameter) registers and storage locations
- Behavior of the stack and the stack pointer across function calls
Major analysis concerns are:
- Recovering function prototypes from data-flow information: deriveInputMap() and deriveOutputMap()
- Calculating parameter storage locations given a function prototype: assignParameterStorage()
- Behavior of data-flow around call sites
A prototype model supports the concept of extrapop, which is defined as the change in value of the stack pointer (or the number of bytes popped from the stack) across a call. This value is calculated starting from the point of the p-code CALL or CALLIND op, when the stack parameters have already been pushed by the calling function. So extrapop only reflects changes made by the callee.
Member Enumeration Documentation
◆ anonymous enum
| anonymous enum |
Constructor & Destructor Documentation
◆ ProtoModel() [1/2]
| ProtoModel::ProtoModel | ( | Architecture * | g | ) |
Constructor for use with restoreXml()
- Parameters
-
g is the Architecture that will own the new prototype model
◆ ProtoModel() [2/2]
| ProtoModel::ProtoModel | ( | const string & | nm, |
| const ProtoModel & | op2 | ||
| ) |
Copy constructor changing the name.
Everything is copied from the given prototype model except the name
- Parameters
-
nm is the new name for this copy op2 is the prototype model to copy
Member Function Documentation
◆ assignParameterStorage()
| void ProtoModel::assignParameterStorage | ( | const vector< Datatype * > & | typelist, |
| vector< ParameterPieces > & | res, | ||
| bool | ignoreOutputError | ||
| ) |
Calculate input and output storage locations given a function prototype.
The data-types of the function prototype are passed in as an ordered list, with the first data-type corresponding to the return value and all remaining data-types corresponding to the input parameters. Based on this model, a storage location is selected for each (input and output) parameter and passed back to the caller. The passed back storage locations are ordered similarly, with the output storage as the first entry. The model has the option of inserting a hidden return value pointer in the input storage locations.
A void return type is indicated by the formal TYPE_VOID in the (either) list. If the model can't map the specific output prototype, the caller has the option of whether an exception (ParamUnassignedError) is thrown. If they choose not to throw, the unmapped return value is assumed to be void.
- Parameters
-
typelist is the list of data-types from the function prototype res will hold the storage locations for each parameter ignoreOutputError is true if problems assigning the output parameter are ignored
◆ assumedInputExtension()
|
inline |
Get the type of extension and containing input parameter for the given storage.
If the given storage is properly contained within a normal parameter and the model typically extends a small value into the full container, pass back the full container and the type of extension.
- Parameters
-
addr is the starting address of the given storage size is the number of bytes in the given storage res is the parameter storage to pass back
- Returns
- the extension operator (INT_ZEXT INT_SEXT) or INT_COPY if there is no extension. INT_PIECE indicates the extension is determined by the specific prototype.
◆ assumedOutputExtension()
|
inline |
Get the type of extension and containing return value location for the given storage.
If the given storage is properly contained within a normal return value location and the model typically extends a small value into the full container, pass back the full container and the type of extension.
- Parameters
-
addr is the starting address of the given storage size is the number of bytes in the given storage res is the parameter storage to pass back
- Returns
- the extension operator (INT_ZEXT INT_SEXT) or INT_COPY if there is no extension. INT_PIECE indicates the extension is determined by the specific prototype.
◆ characterizeAsInputParam()
|
inline |
Characterize whether the given range overlaps parameter storage.
Does the range naturally fit inside a potential parameter entry from this model or does it contain a parameter entry. Return one of three values indicating this characterization:
- 0 means there is no intersection between the range and any ParamEntry
- 1 means that at least one ParamEntry contains the range in a properly justified manner
- 2 means no ParamEntry contains the range, but the range contains at least one ParamEntry
- Parameters
-
loc is the starting address of the given range size is the number of bytes in the given range
- Returns
- the characterization code
◆ checkInputJoin()
|
inline |
Check if the given two input storage locations can represent a single logical parameter.
Within the conventions of this model, do the two (hi/lo) locations represent consecutive input parameter locations that can be replaced by a single logical parameter.
- Parameters
-
hiaddr is the address of the most significant part of the value hisize is the size of the most significant part in bytes loaddr is the address of the least significant part of the value losize is the size of the least significant part in bytes
- Returns
- true if the two pieces can be joined
◆ checkInputSplit()
|
inline |
Check if it makes sense to split a single storage location into two input parameters.
A storage location and split point is provided, implying two new storage locations. Does this model allow these locations to be considered separate parameters.
- Parameters
-
loc is the starting address of provided storage location size is the size of the location in bytes splitpoint is the number of bytes to consider in the first (in address order) piece
- Returns
- true if the storage location can be split
◆ checkOutputJoin()
|
inline |
Check if the given two output storage locations can represent a single logical return value.
Within the conventions of this model, do the two (hi/lo) locations represent consecutive locations that can be replaced by a single logical return value.
- Parameters
-
hiaddr is the address of the most significant part of the value hisize is the size of the most significant part in bytes loaddr is the address of the least significant part of the value losize is the size of the least significant part in bytes
- Returns
- true if the two pieces can be joined
◆ deriveInputMap()
|
inline |
Given a list of input trials, derive the most likely input prototype.
Trials are sorted and marked as used or not.
- Parameters
-
active is the collection of Varnode input trials
◆ deriveOutputMap()
|
inline |
Given a list of output trials, derive the most likely output prototype.
One trial (at most) is marked used and moved to the front of the list
- Parameters
-
active is the collection of output trials
◆ getBiggestContainedInputParam()
|
inline |
Pass-back the biggest input parameter contained within the given range.
- Parameters
-
loc is the starting address of the given range size is the number of bytes in the range res will hold the parameter storage description being passed back
- Returns
- true if there is at least one parameter contained in the range
◆ getMaxInputDelay()
|
inline |
Return the maximum heritage delay across all possible input parameters.
Depending on the address space, data-flow for a parameter may not be available until extra transform passes have completed. This method returns the number of passes that must occur before we can guarantee that all parameters have data-flow info.
- Returns
- the maximum number of passes across all input parameters in this model
◆ getMaxOutputDelay()
|
inline |
Return the maximum heritage delay across all possible return values.
Depending on the address space, data-flow for a parameter may not be available until extra transform passes have completed. This method returns the number of passes that must occur before we can guarantee that any return value has data-flow info.
- Returns
- the maximum number of passes across all output parameters in this model
◆ hasEffect()
| uint4 ProtoModel::hasEffect | ( | const Address & | addr, |
| int4 | size | ||
| ) | const |
Determine side-effect of this on the given memory range.
The model is searched for an EffectRecord matching the given range and the effect type is returned. If there is no EffectRecord or the effect generally isn't known, EffectRecord::unknown_effect is returned.
- Parameters
-
addr is the starting address of the given memory range size is the number of bytes in the given range
- Returns
- the EffectRecord type
◆ isCompatible()
| bool ProtoModel::isCompatible | ( | const ProtoModel * | op2 | ) | const |
Return true if other given model can be substituted for this.
Test whether one ProtoModel can substituted for another during FuncCallSpecs::deindirect Currently this can only happen if one model is a copy of the other except for the hasThis boolean property.
- Parameters
-
op2 is the other ProtoModel to compare with this
- Returns
- true if the two models are compatible
◆ lookupEffect()
|
static |
Look up an effect from the given EffectRecord list.
If a given memory range matches an EffectRecord, return the effect type. Otherwise return EffectRecord::unknown_effect
- Parameters
-
efflist is the list of EffectRecords which must be sorted addr is the starting address of the given memory range size is the number of bytes in the memory range
- Returns
- the EffectRecord type
◆ possibleInputParam()
|
inline |
Does the given storage location make sense as an input parameter.
Within this model, decide if the storage location can be considered an input parameter.
- Parameters
-
loc is the starting address of the storage location size is the number of bytes in the storage location
- Returns
- true if the location can be a parameter
◆ possibleInputParamWithSlot()
|
inline |
Pass-back the slot and slot size for the given storage location as an input parameter.
This checks if the given storage location acts as an input parameter in this model and passes back the number of slots that it occupies.
- Parameters
-
loc is the starting address of the storage location size is the number of bytes in the storage location slot if the slot number to pass back slotsize is the number of consumed slots to pass back
- Returns
- true if the location can be a parameter
◆ possibleOutputParam()
|
inline |
Does the given storage location make sense as a return value.
Within this model, decide if the storage location can be considered an output parameter.
- Parameters
-
loc is the starting address of the storage location size is the number of bytes in the storage location
- Returns
- true if the location can be a parameter
◆ possibleOutputParamWithSlot()
|
inline |
Pass-back the slot and slot size for the given storage location as a return value.
This checks if the given storage location acts as an output parameter in this model and passes back the number of slots that it occupies.
- Parameters
-
loc is the starting address of the storage location size is the number of bytes in the storage location slot if the slot number to pass back slotsize is the number of consumed slots to pass back
- Returns
- true if the location can be a parameter
◆ restoreXml()
|
virtual |
Restore this model from an XML stream.
Read in details about this model from a <prototype> tag
- Parameters
-
el is the <prototype> element
Reimplemented in ProtoModelMerged.
◆ unjustifiedInputParam()
|
inline |
Check if the given storage location looks like an unjustified input parameter.
The storage for a value may be contained in a normal parameter location but be unjustified within that container, i.e. the least significant bytes are not being used. If this is the case, pass back the full parameter location and return true.
- Parameters
-
loc is the starting address of the given storage size is the number of bytes in the given storage res is the full parameter storage to pass back
- Returns
- true if the given storage is unjustified within its parameter container
The documentation for this class was generated from the following files:
- fspec.hh
- fspec.cc
