Ghidra Decompiler Analysis Engine
Classes
ruleaction.hh File Reference

This is the basic set of transformation Rule objects. More...

#include "action.hh"
Include dependency graph for ruleaction.hh:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

class  AddTreeState
 Structure for sorting out pointer expression trees. More...
 
class  RuleEarlyRemoval
 Get rid of unused PcodeOp objects where we can guarantee the output is unused. More...
 
class  RuleCollectTerms
 Collect terms in a sum: V * c + V * d => V * (c + d) More...
 
class  RuleSelectCse
 Look for common sub-expressions (built out of a restricted set of ops) More...
 
class  RulePiece2Zext
 Concatenation with 0 becomes an extension: V = concat(#0,W) => V = zext(W) More...
 
class  RulePiece2Sext
 Concatenation with sign bits becomes an extension: concat( V s>> #0x1f , V) => sext(V) More...
 
class  RuleBxor2NotEqual
 Eliminate BOOL_XOR: V ^^ W => V != W More...
 
class  RuleOrMask
 Simplify INT_OR with full mask: V = W | 0xffff => V = W More...
 
class  RuleAndMask
 Collapse unnecessary INT_AND. More...
 
class  RuleOrConsume
 Simply OR with unconsumed input: `V = A | B => V = B if nzm(A) & consume(V) == 0. More...
 
class  RuleOrCollapse
 Collapse unnecessary INT_OR. More...
 
class  RuleAndOrLump
 Collapse constants in logical expressions: (V & c) & d => V & (c & d) More...
 
class  RuleNegateIdentity
 Apply INT_NEGATE identities: V & ~V => #0, V | ~V -> #-1 More...
 
class  RuleShiftBitops
 Shifting away all non-zero bits of one-side of a logical/arithmetic op. More...
 
class  RuleRightShiftAnd
 Simplify INT_RIGHT and INT_SRIGHT ops where an INT_AND mask becomes unnecessary. More...
 
class  RuleIntLessEqual
 Convert LESSEQUAL to LESS: V <= c => V < (c+1) More...
 
class  RuleEquality
 Collapse INT_EQUAL and INT_NOTEQUAL: f(V,W) == f(V,W) => true More...
 
class  RuleTermOrder
 Order the inputs to commutative operations. More...
 
class  RulePullsubMulti
 Pull SUBPIECE back through MULTIEQUAL. More...
 
class  RulePullsubIndirect
 Pull-back SUBPIECE through INDIRECT. More...
 
class  RulePushMulti
 Simplify MULTIEQUAL operations where the branches hold the same value. More...
 
class  RuleNotDistribute
 Distribute BOOL_NEGATE: !(V && W) => !V || !W More...
 
class  RuleHighOrderAnd
 Simplify INT_AND when applied to aligned INT_ADD: (V + c) & 0xfff0 => V + (c & 0xfff0) More...
 
class  RuleAndDistribute
 Distribute INT_AND through INT_OR if result is simpler. More...
 
class  RuleLessOne
 Transform INT_LESS of 0 or 1: V < 1 => V == 0, V <= 0 => V == 0 More...
 
class  RuleRangeMeld
 Merge range conditions of the form: V s< c, c s< V, V == c, V != c More...
 
class  RuleFloatRange
 Merge range conditions of the form: V f< c, c f< V, V f== c etc. More...
 
class  RuleAndCommute
 Commute INT_AND with INT_LEFT and INT_RIGHT: (V << W) & d => (V & (W >> c)) << c More...
 
class  RuleAndPiece
 Convert PIECE to INT_ZEXT where appropriate: V & concat(W,X) => zext(X) More...
 
class  RuleAndCompare
 Simplify INT_ZEXT and SUBPIECE in masked comparison: zext(V) & c == 0 => V & (c & mask) == 0 More...
 
class  RuleDoubleSub
 Simplify chained SUBPIECE: sub( sub(V,c), d) => sub(V, c+d) More...
 
class  RuleDoubleShift
 Simplify chained shifts INT_LEFT and INT_RIGHT. More...
 
class  RuleDoubleArithShift
 Simplify two sequential INT_SRIGHT: (x s>> #c) s>> #d => x s>> saturate(#c + #d) More...
 
class  RuleConcatShift
 Simplify INT_RIGHT canceling PIECE: concat(V,W) >> c => zext(V) More...
 
class  RuleLeftRight
 Transform canceling INT_RIGHT or INT_SRIGHT of INT_LEFT. More...
 
class  RuleShiftCompare
 Transform shifts in comparisons: V >> c == d => V == (d << c) More...
 
class  RuleLessEqual
 Simplify 'less than or equal': V < W || V == W => V <= W More...
 
class  RuleLessNotEqual
 Simplify INT_LESSEQUAL && INT_NOTEQUAL: V <= W && V != W => V < W More...
 
class  RuleTrivialArith
 Simplify trivial arithmetic expressions. More...
 
class  RuleTrivialBool
 Simplify boolean expressions when one side is constant. More...
 
class  RuleZextEliminate
 Eliminate INT_ZEXT in comparisons: zext(V) == c => V == c More...
 
class  RuleSlessToLess
 Convert INT_SLESS to INT_LESS when comparing positive values. More...
 
class  RuleZextSless
 Transform INT_ZEXT and INT_SLESS: zext(V) s< c => V < c More...
 
class  RuleBitUndistribute
 Undo distributed operations through INT_AND, INT_OR, and INT_XOR. More...
 
class  RuleBooleanNegate
 Simplify comparisons with boolean values: V == false => !V, V == true => V More...
 
class  RuleBoolZext
 Simplify boolean expressions of the form zext(V) * -1. More...
 
class  RuleLogic2Bool
 Convert logical to boolean operations: V & W => V && W, V | W => V || W More...
 
class  RuleIndirectCollapse
 Remove a CPUI_INDIRECT if its blocking PcodeOp is dead. More...
 
class  RuleMultiCollapse
 Collapse MULTIEQUAL whose inputs all trace to the same value. More...
 
class  RuleSborrow
 Simplify signed comparisons using INT_SBORROW. More...
 
class  RuleTrivialShift
 Simplify trivial shifts: V << 0 => V, V << #64 => 0 More...
 
class  RuleSignShift
 Normalize sign-bit extraction: V >> 0x1f => (V s>> 0x1f) * -1 More...
 
class  RuleTestSign
 Convert sign-bit test to signed comparison: (V s>> 0x1f) != 0 => V s< 0 More...
 
class  RuleIdentityEl
 Collapse operations using identity element: V + 0 => V More...
 
class  RuleShift2Mult
 Convert INT_LEFT to INT_MULT: V << 2 => V * 4 More...
 
class  RuleShiftPiece
 Convert "shift and add" to PIECE: (zext(V) << 16) + zext(W) => concat(V,W) More...
 
class  RuleCollapseConstants
 Collapse constant expressions. More...
 
class  RuleTransformCpool
 Transform CPOOLREF operations by looking up the value in the constant pool. More...
 
class  RulePropagateCopy
 Propagate the input of a COPY to all the places that read the output. More...
 
class  Rule2Comp2Mult
 Eliminate INT_2COMP: -V => V * -1 More...
 
class  RuleCarryElim
 Transform INT_CARRY using a constant: carry(V,c) => -c <= V More...
 
class  RuleSub2Add
 Eliminate INT_SUB: V - W => V + W * -1 More...
 
class  RuleXorCollapse
 Eliminate INT_XOR in comparisons: (V ^ W) == 0 => V == W More...
 
class  RuleAddMultCollapse
 Collapse constants in an additive or multiplicative expression. More...
 
class  RuleLoadVarnode
 Convert LOAD operations using a constant offset to COPY. More...
 
class  RuleStoreVarnode
 Convert STORE operations using a constant offset to COPY. More...
 
class  RuleSubExtComm
 Commute SUBPIECE and INT_ZEXT: sub(zext(V),c) => zext(sub(V,c)) More...
 
class  RuleSubCommute
 Commute SUBPIECE operations with earlier operations where possible. More...
 
class  RuleConcatCommute
 Commute PIECE with INT_AND, INT_OR, and INT_XOR. More...
 
class  RuleConcatZext
 Commute PIECE with INT_ZEXT: concat(zext(V),W) => zext(concat(V,W)) More...
 
class  RuleZextCommute
 Commute INT_ZEXT with INT_RIGHT: zext(V) >> W => zext(V >> W) More...
 
class  RuleZextShiftZext
 Simplify multiple INT_ZEXT operations: zext( zext(V) << c ) => zext(V) << c More...
 
class  RuleShiftAnd
 Eliminate any INT_AND when the bits it zeroes out are discarded by a shift. More...
 
class  RuleConcatZero
 Simplify concatenation with zero: concat(V,0) => zext(V) << c More...
 
class  RuleConcatLeftShift
 Simplify concatenation of extended value: concat(V, zext(W) << c) => concat( concat(V,W), 0) More...
 
class  RuleSubZext
 Simplify INT_ZEXT applied to SUBPIECE expressions. More...
 
class  RuleSubCancel
 Simplify composition of SUBPIECE with INT_ZEXT or INT_SEXT. More...
 
class  RuleShiftSub
 Simplify SUBPIECE applied to INT_LEFT: sub( V << 8*c, c) => sub(V,0) More...
 
class  RuleHumptyDumpty
 Simplify break and rejoin: concat( sub(V,c), sub(V,0) ) => V More...
 
class  RuleDumptyHump
 Simplify join and break apart: sub( concat(V,W), c) => sub(W,c) More...
 
class  RuleHumptyOr
 Simplify masked pieces INT_ORed together: (V & ff00) | (V & 00ff) => V More...
 
class  RuleEmbed
 Simplify PIECE intended as embedding: concat(V, sub(W,0)) => W & 0xff | (zext(W) << 8) More...
 
class  RuleSwitchSingle
 Convert BRANCHIND with only one computed destination to a BRANCH. More...
 
class  RuleCondNegate
 Flip conditions to match structuring cues. More...
 
class  RuleBoolNegate
 Apply a set of identities involving BOOL_NEGATE. More...
 
class  RuleLess2Zero
 Simplify INT_LESS applied to extremal constants. More...
 
class  RuleLessEqual2Zero
 Simplify INT_LESSEQUAL applied to extremal constants. More...
 
class  RuleSLess2Zero
 Simplify INT_SLESS applied to 0 or -1. More...
 
class  RuleEqual2Zero
 Simplify INT_EQUAL applied to 0: 0 == V + W * -1 => V == W or 0 == V + c => V == -c More...
 
class  RuleEqual2Constant
 Simplify INT_EQUAL applied to arithmetic expressions. More...
 
class  RulePtrArith
 Transform pointer arithmetic. More...
 
class  RuleStructOffset0
 Convert a LOAD or STORE to the first element of a structure to a PTRSUB. More...
 
class  RulePushPtr
 Push a Varnode with known pointer data-type to the bottom of its additive expression. More...
 
class  RulePtraddUndo
 Remove PTRADD operations with mismatched data-type information. More...
 
class  RulePtrsubUndo
 Remove PTRSUB operations with mismatched data-type information. More...
 
class  RuleMultNegOne
 Cleanup: Convert INT_2COMP from INT_MULT: V * -1 => -V More...
 
class  RuleAddUnsigned
 Cleanup: Convert INT_ADD of constants to INT_SUB: V + 0xff... => V - 0x00... More...
 
class  Rule2Comp2Sub
 Cleanup: Convert INT_ADD back to INT_SUB: V + -W ==> V - W More...
 
class  RuleSubRight
 Cleanup: Convert truncation to cast: sub(V,c) => sub(V>>c*8,0) More...
 
class  RulePtrsubCharConstant
 Cleanup: Set-up to print string constants. More...
 
class  RuleSubNormal
 Pull-back SUBPIECE through INT_RIGHT and INT_SRIGHT. More...
 
class  RulePositiveDiv
 Signed division of positive values is unsigned division. More...
 
class  RuleDivTermAdd
 Simplify expressions associated with optimized division expressions. More...
 
class  RuleDivTermAdd2
 Simplify another expression associated with optimized division. More...
 
class  RuleDivOpt
 Convert INT_MULT and shift forms into INT_DIV or INT_SDIV. More...
 
class  RuleSignDiv2
 Convert INT_SRIGHT form into INT_SDIV: (V + -1*(V s>> 31)) s>> 1 => V s/ 2 More...
 
class  RuleSignForm
 Normalize sign extraction: sub(sext(V),c) => V s>> 31 More...
 
class  RuleSignNearMult
 Simplify division form: (V + (V s>> 0x1f)>>(32-n)) & (-1<<n) => (V s/ 2^n) * 2^n More...
 
class  RuleModOpt
 Simplify expressions that optimize INT_REM and INT_SREM. More...
 
class  RuleSegment
 Propagate constants through a SEGMENTOP. More...
 
class  RuleSubvarAnd
 Perform SubVariableFlow analysis triggered by INT_AND. More...
 
class  RuleSubvarSubpiece
 Perform SubVariableFlow analysis triggered by SUBPIECE. More...
 
class  RuleSplitFlow
 Try to detect and split artificially joined Varnodes. More...
 
class  RulePtrFlow
 Mark Varnode and PcodeOp objects that are carrying or operating on pointers. More...
 
class  RuleSubvarCompZero
 Perform SubvariableFlow analysis triggered by testing of a single bit. More...
 
class  RuleSubvarShift
 Perform SubvariableFlow analysis triggered by INT_RIGHT. More...
 
class  RuleSubvarZext
 Perform SubvariableFlow analysis triggered by INT_ZEXT. More...
 
class  RuleSubvarSext
 Perform SubvariableFlow analysis triggered by INT_SEXT. More...
 
class  RuleSubfloatConvert
 Perform SubfloatFlow analysis triggered by FLOAT_FLOAT2FLOAT. More...
 
class  RuleNegateNegate
 Simplify INT_NEGATE chains: ~~V => V More...
 
class  RuleConditionalMove
 Simplify various conditional move situations. More...
 
class  RuleFloatCast
 Replace (casttosmall)(casttobig)V with identity or with single cast. More...
 
class  RuleIgnoreNan
 Treat FLOAT_NAN as always evaluating to false. More...
 
class  RuleFuncPtrEncoding
 Eliminate ARM/THUMB style masking of the low order bits on function pointers. More...
 
class  RuleThreeWayCompare
 Simplify expressions involving three-way comparisons. More...
 
class  RulePopcountBoolXor
 Simplify boolean expressions that are combined through POPCOUNT. More...
 
class  RulePiecePathology
 Search for concatenations with unlikely things to inform return/parameter consumption calculation. More...
 
class  RuleXorSwap
 Simplify limited chains of XOR operations. More...
 

Detailed Description

This is the basic set of transformation Rule objects.

Each Rule triggers on a specific localized data-flow configuration. They are generally applied simultaneously from a pool (see ActionPool) and can interact with each other to produce an emergent transformation. The Rules are applied repeatedly until no Rule can make any additional transformations.