ROSE  0.11.145.0
Classes | Typedefs
Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics Namespace Reference

Description

Generate static semantics and attach to the AST.

ROSE normally uses dynamically generated semantics, where the user instantiates a state (where register and memory values are stored), attaches the state to a semantic domain (risc operators and an associated value type), and the "executes" an instruction and looks at the effect that occurred on the state. For instance, if one wants to see whether an instruction is a RET-like instruction, one constructs an initial state, executes the instruction in the chosen domain (e.g., symbolic), and then examines the final state. If the final state's instruction pointer register has a value which equal to the value stored in memory just past (above or below according to stack direction) the stack pointer register, then the instruction is behaving like an x86 RET instruction, at least on architectures that use this calling convention.

On the other hand, some people like to work with semantics that are represented statically as part of the AST. In this case, each instruction has a non-null semantics property that returns a list (SgAsmExprListExp) of semantic expression trees consisting mostly of SgAsmRiscOperation nodes. The list is in the order that the instruction's side effects occur. Many subtrees of the semantics property are similar to each other, but cannot be shared due to the design of ROSE AST (each node has a single parent pointer). Thus the AST with static semantics attached can be many times larger than when using dynamic semantics.

By default, ROSE does not generate the static semantics, and each instruction's semantics property will be null. Semantics can be added to any instruction by executing the instruction in this StaticSemantics domain. Each time the instruction is executed in this domain its previous semantics are thrown away and recalculated, so you should generally only do this once; that's the nature that makes these semantics "static". If you want to calculate static semantics for lots of instructions, which is often the case, the attachInstructionSemantics functions can do that: they process an entire AST, adding semantics to all the instructions they find.

Classes

class  RiscOperators
 Basic semantic operations. More...
 
class  SValue
 Semantic values for generating static semantic ASTs. More...
 

Typedefs

typedef Sawyer::SharedPointer< class SValueSValuePtr
 Shared-ownership pointer for a static-semantics value. More...
 
typedef NullSemantics::RegisterState RegisterState
 
typedef NullSemantics::RegisterStatePtr RegisterStatePtr
 
typedef NullSemantics::MemoryState MemoryState
 
typedef NullSemantics::MemoryStatePtr MemoryStatePtr
 
typedef NullSemantics::State State
 
typedef NullSemantics::StatePtr StatePtr
 
typedef boost::shared_ptr< class RiscOperatorsRiscOperatorsPtr
 Shared-ownership pointer for basic semantic operations. More...
 

Functions

void attachInstructionSemantics (SgNode *ast, const Disassembler::BasePtr &)
 Build and attach static semantics to all instructions. More...
 
void attachInstructionSemantics (SgNode *ast, const BaseSemantics::DispatcherPtr &)
 Build and attach static semantics to all instructions. More...
 

Typedef Documentation

Shared-ownership pointer for a static-semantics value.

Definition at line 66 of file StaticSemantics.h.

Shared-ownership pointer for basic semantic operations.

Definition at line 248 of file StaticSemantics.h.

Function Documentation

void Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::attachInstructionSemantics ( SgNode ast,
const Disassembler::BasePtr  
)

Build and attach static semantics to all instructions.

Traverses the specified AST to find instructions that have no static semantics yet. For each such instruction, static semantics are calculated and the instruction's semantics property is set to non-null and will contain a list of instruction side effects.

If processing lots of unrelated instructions, it is best to use the version of this function that takes a dispatcher, or virtual CPU, so that the same dispatcher can be used over and over. There is no register or memory state associated with a StaticSemantics dispatcher since all side effects are attached to the AST instead of being written to some state.

void Rose::BinaryAnalysis::InstructionSemantics::StaticSemantics::attachInstructionSemantics ( SgNode ast,
const BaseSemantics::DispatcherPtr  
)

Build and attach static semantics to all instructions.

Traverses the specified AST to find instructions that have no static semantics yet. For each such instruction, static semantics are calculated and the instruction's semantics property is set to non-null and will contain a list of instruction side effects.

If processing lots of unrelated instructions, it is best to use the version of this function that takes a dispatcher, or virtual CPU, so that the same dispatcher can be used over and over. There is no register or memory state associated with a StaticSemantics dispatcher since all side effects are attached to the AST instead of being written to some state.