decompiler  1.0.0
Classes | Public Member Functions | Private Types | Private Member Functions | Private Attributes | List of all members
ghidra::AncestorRealistic Class Reference

Helper class for determining if Varnodes can trace their value from a legitimate source. More...

#include <funcdata.hh>

Classes

class  State
 Node in a depth first traversal of ancestors. More...
 

Public Member Functions

bool execute (PcodeOp *op, int4 slot, ParamTrial *t, bool allowFail)
 Perform a full ancestor check on a given parameter trial. More...
 

Private Types

enum  {
  enter_node, pop_success, pop_solid, pop_fail,
  pop_failkill
}
 Enumerations for state of depth first traversal. More...
 

Private Member Functions

void mark (Varnode *vn)
 Mark given Varnode is visited by the traversal. More...
 
int4 enterNode (void)
 Traverse into a new Varnode. More...
 
int4 uponPop (int4 command)
 Pop a Varnode from the traversal stack. More...
 
bool checkConditionalExe (State &state)
 Check if current Varnode produced by conditional flow. More...
 

Private Attributes

ParamTrialtrial
 Current trial being analyzed for suitability.
 
vector< StatestateStack
 Holds the depth-first traversal stack.
 
vector< const Varnode * > markedVn
 Holds visited Varnodes to properly trim cycles.
 
int4 multiDepth
 Number of MULTIEQUAL ops along current traversal path.
 
bool allowFailingPath
 True if we allow and test for failing paths due to conditional execution.
 

Detailed Description

Helper class for determining if Varnodes can trace their value from a legitimate source.

Try to determine if a Varnode (expressed as a particular input to a CALL, CALLIND, or RETURN op) makes sense as parameter passing (or return value) storage by examining the Varnode's ancestors. If it has ancestors that are unaffected, abnormal inputs, or killedbycall, then this is a sign that the Varnode doesn't make a good parameter.

Member Enumeration Documentation

◆ anonymous enum

anonymous enum
private

Enumerations for state of depth first traversal.

Enumerator
enter_node 

Extending path into new Varnode.

pop_success 

Backtracking, from path that contained a reasonable ancestor.

pop_solid 

Backtracking, from path with successful, solid, movement, via COPY, LOAD, or other arith/logical.

pop_fail 

Backtracking, from path with a bad ancestor.

pop_failkill 

Backtracking, from path with a bad ancestor, specifically killedbycall.

Member Function Documentation

◆ checkConditionalExe()

bool ghidra::AncestorRealistic::checkConditionalExe ( State state)
private

Check if current Varnode produced by conditional flow.

Returns
true if there are two input flows, one of which is a normal solid flow

References ghidra::FlowBlock::getIn(), ghidra::PcodeOp::getParent(), ghidra::AncestorRealistic::State::getSolidSlot(), ghidra::AncestorRealistic::State::op, ghidra::FlowBlock::sizeIn(), and ghidra::FlowBlock::sizeOut().

◆ enterNode()

int4 ghidra::AncestorRealistic::enterNode ( void  )
private

Traverse into a new Varnode.

Analyze a new node that has just entered, during the depth-first traversal

Returns
the command indicating the next traversal step: push (enter_node), or pop (pop_success, pop_fail, pop_solid...)

References ghidra::PcodeOp::code(), ghidra::CPUI_COPY, ghidra::CPUI_INDIRECT, ghidra::CPUI_MULTIEQUAL, ghidra::CPUI_PIECE, ghidra::CPUI_SUBPIECE, ghidra::Varnode::getAddr(), ghidra::Varnode::getDef(), ghidra::PcodeOp::getIn(), ghidra::Varnode::getOffset(), ghidra::PcodeOp::getOut(), ghidra::Varnode::getSize(), ghidra::Varnode::getSpace(), ghidra::AddrSpace::getType(), ghidra::IPTR_INTERNAL, ghidra::IPTR_SPACEBASE, ghidra::Varnode::isDirectWrite(), ghidra::PcodeOp::isIncidentalCopy(), ghidra::Varnode::isIncidentalCopy(), ghidra::PcodeOp::isIndirectCreation(), ghidra::PcodeOp::isIndirectStore(), ghidra::Varnode::isIndirectZero(), ghidra::Varnode::isInput(), ghidra::Varnode::isMark(), ghidra::Varnode::isReturnAddress(), ghidra::Varnode::isUnaffected(), and ghidra::Varnode::overlap().

◆ execute()

bool ghidra::AncestorRealistic::execute ( PcodeOp op,
int4  slot,
ParamTrial t,
bool  allowFail 
)

Perform a full ancestor check on a given parameter trial.

Parameters
opis the CALL or RETURN to test parameter passing for
slotis the index of the particular input varnode to test
tis the ParamTrial object corresponding to the varnode
allowFailis true if we allow and test for failing paths due to conditional execution
Returns
true if the varnode has realistic ancestors for a parameter passing location

References ghidra::PcodeOp::getIn(), and ghidra::Varnode::isInput().

Referenced by ghidra::ActionReturnRecovery::apply(), ghidra::FuncCallSpecs::checkInputTrialUse(), and ghidra::FuncCallSpecs::finalInputCheck().

◆ mark()

void ghidra::AncestorRealistic::mark ( Varnode vn)
inlineprivate

Mark given Varnode is visited by the traversal.

Parameters
vnis the given Varnode

References ghidra::cseEliminateList(), ghidra::cseElimination(), ghidra::cseFindInBlock(), ghidra::earliestUseInBlock(), ghidra::opFlipInPlaceExecute(), ghidra::opFlipInPlaceTest(), and ghidra::Varnode::setMark().

◆ uponPop()

int4 ghidra::AncestorRealistic::uponPop ( int4  pop_command)
private

Pop a Varnode from the traversal stack.

Backtrack into a previously visited node

Parameters
pop_commandis the type of pop (pop_success, pop_fail, pop_failkill, pop_solid) being performed
Returns
the command to execute (push or pop) after the current pop

References ghidra::CPUI_MULTIEQUAL, and ghidra::AncestorRealistic::State::markSolid().

The documentation for this class was generated from the following files:
Generated by   doxygen 1.8.13