hexrays.hpp

Go to the documentation of this file.

/*
 *      Hex-Rays Decompiler project
 *      Copyright (c) 1990-2015 Hex-Rays
 *      ALL RIGHTS RESERVED.
 */

#ifndef __HEXRAYS_HPP
#define __HEXRAYS_HPP

#define CHECKED_BUILD
#include <pro.h>
#include <fpro.h>
#include <ida.hpp>
#include <idp.hpp>
#include <gdl.hpp>
#include <ieee.h>
#include <loader.hpp>
#include <kernwin.hpp>
#include <typeinf.hpp>
#include <set>
#include <map>
#include <deque>
#include <queue>
#include <algorithm>
/*-
 *      Decompiler project (internal name: vd)
 *      Copyright (c) 2005-2018 Hex-Rays SA <[email protected]>
 *      ALL RIGHTS RESERVED.
 *
 *      The virtual micro machine has many registers.
 *      Each register is 8 bits wide. Multibyte processor registers are mapped
 *      to adjacent microregisters. Processor condition codes are also
 *      represented by microregisters. The unaliasable part of the stack
 *      frame is too mapped to microregisters. The microregisters are grouped
 *      into following groups:
 *        0..7: condition codes
 *        8..n: all processor registers (including fpu registers, if necessary)
 *              this range may also include temporary registers used during
 *              the initial microcode generation
 *        n..n+256: so called kernel registers; they are used during optimization
 *                  see is_kreg()
 *        n+256..: unaliasable part of the stack frame, so called
 *                 virtual stack registers. see get_first_stack_reg()
 *
 *      Each micro-instruction (minsn_t) has zero to three operands.
 *      Some of the possible operands types are:
 *        - immediate value
 *        - register
 *        - memory reference
 *        - result of another micro-instruction
 *
 *      The operands (mop_t) are l (left), r (right), d (destination).
 *      'd' is almost always the destination but there are exceptions.
 *      See is_dest_target_mcode(). For example, stx does not modify 'd'.
 *      See the opcode map below for the list of microinstructions and their
 *      operands. Most instructions are very simple and do not need
 *      detailed explanations. There are no side effects.
 *
 *      Each operand has a size specifier. The following sizes can be used in
 *      practically all contexts: 1, 2, 4, 8, 16 bytes. Floating types may have
 *      other sizes. Functions may return objects of arbitrary size, as well as
 *      operations upon UDT's (user-defined types, which are structs are unions).
 *
 *      Memory is considered to consist of several segments.
 *      We don't make any assumptions about the segments: whether they overlap
 *      or not, etc. A memory reference is made using a (selector, offset) pair.
 *      A selector is always 2 bytes long. An offset can be 2 or 4 bytes long.
 *      Currently the selectors are not used very much. The decompiler tries to
 *      resolve (selector, offset) pairs into direct memory references at each
 *      opportunity and then operates on mop_v operands. In other words,
 *      while the decompiler can handle segmented memory models, internally
 *      it still uses simple linear addresses.
 *
 *      The following memory regions are recognized:
 *        - GLBLOW   global memory: low part, everything below the stack
 *        - LVARS    stack: local variables
 *        - RETADDR  stack: return address
 *        - SHADOW   stack: shadow arguments
 *        - ARGS     stack: regular stack arguments
 *        - GLBHIGH  global memory: high part, everything below the stack
 *      Any stack region may be empty. Objects residing in one memory region
 *      are considered to be completely distinct from objects in other regions.
 *      We allocate the stack frame in some memory region, which is not
 *      allocated for any purposes in IDA. This permits us to use linear addresses
 *      for all memory references, including the stack frame.
 *
 *      If the operand size is bigger than a byte then the register
 *      operand references a block of registers. For example:
 *
 *              ldc   #1.4, r8.4
 *
 *      loads a constant 1 to registers 8, 9, 10, 11:
 *
 *               #1  ->  r8
 *               #0  ->  r9
 *               #0  ->  r10
 *               #0  ->  r11
 *
 *      This example uses little-endian byte ordering.
 *      Big-endian byte ordering is supported too.
 *
 *      Each instruction has 'next' and 'prev' fields that are used to form
 *      a doubly linked list. Such lists are present for each basic block (mblock_t).
 *      Basic blocks have other attributes, including:
 *        - dead_at_start: list of dead locations at the block start
 *        - maybuse:  list of locations the block may use
 *        - maybdef:  list of locations the block may define (or spoil)
 *        - mustbuse: list of locations the block will certainly use
 *        - mustbdef: list of locations the block will certainly define
 *        - dnu:      list of locations the block will certainly define
 *                    but will not use
 *
 *      These lists are represented by the mlist_t class. It consists of 2 parts:
 *        - rlist_t: list of microregisters (possibly including virtual stack locations)
 *        - ivlset_t: list of memory locations represented as intervals
 *                    we use linear addresses in this list.
 *      The mlist_t class is used quite often. For example, to find what an operand
 *      can spoil, we build its 'maybe-use' list. Then we can find out if this list
 *      is accessed using the is_accessed() or is_accessed_globally() functions.
 *
 *      All basic blocks of the decompiled function constite an array called
 *      mbl_array_t (array of microblocks). This is a huge class that has too
 *      many fields to describe here (some of the fields are not visible in the sdk)
 *      The most importants ones are:
 *        - stack frame: frregs, stacksize, etc
 *        - memory: aliased, restricted, and other ranges
 *        - type: type of the current function, its arguments (argidx) and
 *                local variables (vars)
 *        - natural: array of basic blocks. they are also accessible as a
 *                   doubly linked list starting from 'blocks'.
 *        - bg: control flow graph. the graph gives access to use use-def
 *                   chains, which how data dependencies between basic blocks
 *
 */

#ifdef __VC__
#pragma warning(push)
#pragma warning(disable:4062) // enumerator 'x' in switch of enum 'y' is not handled
#pragma warning(disable:4265) // virtual functions without virtual destructor
#endif

#define hexapi                ///< Public functions are marked with this keyword

//-V:2:654 The condition '2' of loop is always true.
//-V::719  The switch statement does not cover all values
//-V:verify:678
//-V:chain_keeper_t:690 copy ctr will be generated
//-V:ivlset_t:690 lacks the '=' operator
//-V:add_block:656 call to the same function
//-V:add:792 The 'add' function located to the right of the operator '|' will be called regardless of the value of the left operand
//-V:sub:792 The 'sub' function located to the right of the operator '|' will be called regardless of the value of the left operand
//-V:intersect:792 The 'intersect' function located to the right of the operator '|' will be called regardless of the value of the left operand
class mop_t;
class mop_pair_t;
class mop_addr_t;
class mfuncinfo_t;
class mcases_t;
class minsn_t;
class mblock_t;
class mbl_array_t;
class codegen_t;
class mbl_graph_t;
struct vdui_t;
struct hexrays_failure_t;
struct mba_stats_t;
struct mlist_t;
typedef int mreg_t;     ///< Micro register

struct cfunc_t;
struct citem_t;
struct cexpr_t;
struct cinsn_t;
struct cblock_t;
struct cswitch_t;
struct carg_t;
struct carglist_t;

typedef std::set<ea_t> easet_t;
typedef std::set<minsn_t *> minsn_ptr_set_t;
typedef std::set<qstring> strings_t;
typedef qvector<minsn_t*> minsnptrs_t;
typedef qvector<mop_t*> mopptrs_t;
typedef qvector<mop_t> mopvec_t;
typedef qvector<uint64> uint64vec_t;
typedef qvector<mreg_t> mregvec_t;
#define MAX_SUPPORTED_STACK_SIZE 0x100000 // 1MByte

//-------------------------------------------------------------------------
enum access_type_t
{
  NO_ACCESS = 0,
  WRITE_ACCESS = 1,
  READ_ACCESS = 2,
  RW_ACCESS = WRITE_ACCESS | READ_ACCESS,
};

typedef int maymust_t;
const maymust_t
  MUST_ACCESS = 0x00, // access information we can count on
  MAY_ACCESS  = 0x01, // access information we should take into account
  MAYMUST_ACCESS_MASK = 0x01,

  ONE_ACCESS_TYPE = 0x20,      // for find_first_use:
                               // use only the specified maymust access type
                               // (by default it inverts the access type for def-lists)
  INCLUDE_SPOILED_REGS = 0x40, // for build_def_list with MUST_ACCESS:
                               // include spoiled registers in the list
  EXCLUDE_PASS_REGS = 0x80,    // for build_def_list with MAY_ACCESS:
                               // exclude pass_regs from the list
  FULL_XDSU = 0x100,           // for build_def_list:
                               // if xdsu source and targets are the same
                               // treat it as if xdsu redefines the whole destination
  WITH_ASSERTS = 0x200,        // for find_first_use:
                               // do not ignore assertions
  EXCLUDE_VOLATILE = 0x400,    // for build_def_list:
                               // exclude volatile memory from the list
  INCLUDE_UNUSED_SRC = 0x800;  // for build_use_list:
                               // do not exclude unused source bytes for m_and/m_or insns

inline bool is_may_access(maymust_t maymust)
{
  return (maymust & MAYMUST_ACCESS_MASK) != MUST_ACCESS;
}

//-------------------------------------------------------------------------
/// \defgroup MERR_ Microcode error codes
//@{
enum merror_t
{
  MERR_OK        = 0,   ///< ok
  MERR_BLOCK     = 1,   ///< no error, switch to new block
  MERR_INTERR    = -1,  ///< internal error
  MERR_INSN      = -2,  ///< can not convert to microcode
  MERR_MEM       = -3,  ///< not enough memory
  MERR_BADBLK    = -4,  ///< bad block found
  MERR_BADSP     = -5,  ///< positive sp value has been found
  MERR_PROLOG    = -6,  ///< prolog analysis failed
  MERR_SWITCH    = -7,  ///< wrong switch idiom
  MERR_EXCEPTION = -8,  ///< exception analysis failed
  MERR_HUGESTACK = -9,  ///< stack frame is too big
  MERR_LVARS     = -10, ///< local variable allocation failed
  MERR_BITNESS   = -11, ///< only 32/16bit functions can be decompiled
  MERR_BADCALL   = -12, ///< could not determine call arguments
  MERR_BADFRAME  = -13, ///< function frame is wrong
  MERR_UNKTYPE   = -14, ///< undefined type %s (currently unused error code)
  MERR_BADIDB    = -15, ///< inconsistent database information
  MERR_SIZEOF    = -16, ///< wrong basic type sizes in compiler settings
  MERR_REDO      = -17, ///< redecompilation has been requested
  MERR_CANCELED  = -18, ///< decompilation has been cancelled
  MERR_RECDEPTH  = -19, ///< max recursion depth reached during lvar allocation
  MERR_OVERLAP   = -20, ///< variables would overlap: %s
  MERR_PARTINIT  = -21, ///< partially initialized variable %s
  MERR_COMPLEX   = -22, ///< too complex function
  MERR_LICENSE   = -23, ///< no license available
  MERR_ONLY32    = -24, ///< only 32-bit functions can be decompiled for the current database
  MERR_ONLY64    = -25, ///< only 64-bit functions can be decompiled for the current database
  MERR_BUSY      = -26, ///< already decompiling a function
  MERR_FARPTR    = -27, ///< far memory model is supported only for pc
  MERR_EXTERN    = -28, ///< special segments can not be decompiled
  MERR_FUNCSIZE  = -29, ///< too big function
  MERR_BADRANGES = -30, ///< bad input ranges
  MERR_STOP      = -31, ///< no error, stop the analysis
  MERR_MAX_ERR   = 31,
  MERR_LOOP      = -32, ///< internal code: redo last loop (never reported)
};
//@}

/// Get textual description of an error code
/// \param out  the output buffer for the error description
/// \param code \ref MERR_
/// \param mba  the microcode array
/// \return the error address

ea_t hexapi get_merror_desc(qstring *out, merror_t code, mbl_array_t *mba);

///------------------------------------------------------------------------
/// Map a processor register to microregister.
/// \param reg   processor register number
/// \return microregister register id or mr_none

mreg_t hexapi reg2mreg(int reg);


/// Map a microregister to processor register.
/// \param reg   microregister number
/// \param width size of microregister in bytes
/// \return processor register id or -1

int hexapi mreg2reg(mreg_t reg, int width);


//-------------------------------------------------------------------------
/// User defined callbacks to optimize individual microcode instructions
struct optinsn_t
{
  /// Optimize an instruction.
  /// \param blk current basic block. maybe NULL, which means that
  ///            the instruction must be optimized without context
  /// \param ins instruction to optimize; it may be a sub-instruction of some
  ///            other instruction. such sub-instructions may be optimized up
  ///            to "mov x,x". for example: add x,0,x => mov x,x.
  ///            top level instruction may be optimized up to "nop".
  /// \return number of changes made to the instruction.
  virtual int idaapi func(mblock_t *blk, minsn_t *ins) = 0;
};

void hexapi install_optinsn_handler(optinsn_t *opt);
bool hexapi remove_optinsn_handler(optinsn_t *opt);

/// User defined callbacks to optimize microcode blocks
struct optblock_t
{
  /// Optimize a block.
  /// This function usually performs the optimizations that require analyzing
  /// the entire block and/or its neighbors. For example it can recognize
  /// patterns and perform conversions like:
  /// b0:                                 b0:
  ///    ...                                 ...
  ///    jnz x, 0, @b2      =>               jnz x, 0, @b2
  /// b1:                                 b1:
  ///    add x, 0, y                         mov x, y
  ///    ...                                 ...
  /// \param blk Basic block to optimize as a whole.
  /// \return number of changes made to the block.
  virtual int idaapi func(mblock_t *blk) = 0;
};

void hexapi install_optblock_handler(optblock_t *opt);
bool hexapi remove_optblock_handler(optblock_t *opt);


//-------------------------------------------------------------------------
// The order of setX and jX insns is important, it is used in the code.

// Instructions marked with *F may have FPINSN bit set and operate on fp values
// Instructions marked with +F must have FPINSN bit set. They always operate on fp values
// Other instructions do not operate on fp values.

enum mcode_t
{
  m_nop    = 0x00, // nop                       // no operation
  m_stx    = 0x01, // stx  l,    {r=sel, d=off} // store register to memory     *F
  m_ldx    = 0x02, // ldx  {l=sel,r=off}, d     // load register from memory    *F
  m_ldc    = 0x03, // ldc  l=const,     d       // load constant
  m_mov    = 0x04, // mov  l,           d       // move                         *F
  m_neg    = 0x05, // neg  l,           d       // negate
  m_lnot   = 0x06, // lnot l,           d       // logical not
  m_bnot   = 0x07, // bnot l,           d       // bitwise not
  m_xds    = 0x08, // xds  l,           d       // extend (signed)
  m_xdu    = 0x09, // xdu  l,           d       // extend (unsigned)
  m_low    = 0x0A, // low  l,           d       // take low part
  m_high   = 0x0B, // high l,           d       // take high part
  m_add    = 0x0C, // add  l,   r,      d       // l + r -> dst
  m_sub    = 0x0D, // sub  l,   r,      d       // l - r -> dst
  m_mul    = 0x0E, // mul  l,   r,      d       // l * r -> dst
  m_udiv   = 0x0F, // udiv l,   r,      d       // l / r -> dst
  m_sdiv   = 0x10, // sdiv l,   r,      d       // l / r -> dst
  m_umod   = 0x11, // umod l,   r,      d       // l % r -> dst
  m_smod   = 0x12, // smod l,   r,      d       // l % r -> dst
  m_or     = 0x13, // or   l,   r,      d       // bitwise or
  m_and    = 0x14, // and  l,   r,      d       // bitwise and
  m_xor    = 0x15, // xor  l,   r,      d       // bitwise xor
  m_shl    = 0x16, // shl  l,   r,      d       // shift logical left
  m_shr    = 0x17, // shr  l,   r,      d       // shift logical right
  m_sar    = 0x18, // sar  l,   r,      d       // shift arithmetic right
  m_cfadd  = 0x19, // cfadd l,  r,    d=carry   // calculate carry    bit of (l+r)
  m_ofadd  = 0x1A, // ofadd l,  r,    d=overf   // calculate overflow bit of (l+r)
  m_cfshl  = 0x1B, // cfshl l,  r,    d=carry   // calculate carry    bit of (l<<r)
  m_cfshr  = 0x1C, // cfshr l,  r,    d=carry   // calculate carry    bit of (l>>r)
  m_sets   = 0x1D, // sets  l,          d=byte  SF=1          Sign
  m_seto   = 0x1E, // seto  l,  r,      d=byte  OF=1          Overflow of (l-r)
  m_setp   = 0x1F, // setp  l,  r,      d=byte  PF=1          Unordered/Parity  *F
  m_setnz  = 0x20, // setnz l,  r,      d=byte  ZF=0          Not Equal         *F
  m_setz   = 0x21, // setz  l,  r,      d=byte  ZF=1          Equal             *F
  m_setae  = 0x22, // setae l,  r,      d=byte  CF=0          Above or Equal    *F
  m_setb   = 0x23, // setb  l,  r,      d=byte  CF=1          Below             *F
  m_seta   = 0x24, // seta  l,  r,      d=byte  CF=0 & ZF=0   Above             *F
  m_setbe  = 0x25, // setbe l,  r,      d=byte  CF=1 | ZF=1   Below or Equal    *F
  m_setg   = 0x26, // setg  l,  r,      d=byte  SF=OF & ZF=0  Greater
  m_setge  = 0x27, // setge l,  r,      d=byte  SF=OF         Greater or Equal
  m_setl   = 0x28, // setl  l,  r,      d=byte  SF!=OF        Less
  m_setle  = 0x29, // setle l,  r,      d=byte  SF!=OF | ZF=1 Less or Equal
  m_jcnd   = 0x2A, // jcnd   l,         d       // d is mop_v or mop_b
  m_jnz    = 0x2B, // jnz    l, r,      d       // ZF=0          Not Equal      *F
  m_jz     = 0x2C, // jz     l, r,      d       // ZF=1          Equal          *F
  m_jae    = 0x2D, // jae    l, r,      d       // CF=0          Above or Equal *F
  m_jb     = 0x2E, // jb     l, r,      d       // CF=1          Below          *F
  m_ja     = 0x2F, // ja     l, r,      d       // CF=0 & ZF=0   Above          *F
  m_jbe    = 0x30, // jbe    l, r,      d       // CF=1 | ZF=1   Below or Equal *F
  m_jg     = 0x31, // jg     l, r,      d       // SF=OF & ZF=0  Greater
  m_jge    = 0x32, // jge    l, r,      d       // SF=OF         Greater or Equal
  m_jl     = 0x33, // jl     l, r,      d       // SF!=OF        Less
  m_jle    = 0x34, // jle    l, r,      d       // SF!=OF | ZF=1 Less or Equal
  m_jtbl   = 0x35, // jtbl   l, r=mcases        // Table jump
  m_ijmp   = 0x36, // ijmp       {r=sel, d=off} // indirect unconditional jump
  m_goto   = 0x37, // goto   l                  // l is mop_v or mop_b
  m_call   = 0x38, // call   l          d       // l is mop_v or mop_b or mop_h
  m_icall  = 0x39, // icall  {l=sel, r=off} d   // indirect call
  m_ret    = 0x3A, // ret
  m_push   = 0x3B, // push   l
  m_pop    = 0x3C, // pop               d
  m_und    = 0x3D, // und               d       // undefine
  m_ext    = 0x3E, // ext  in1, in2,  out1      // external insn, not microcode *F
  m_f2i    = 0x3F, // f2i     l,    d      int(l) => d; convert fp -> integer   +F
  m_f2u    = 0x40, // f2u     l,    d      uint(l)=> d; convert fp -> uinteger  +F
  m_i2f    = 0x41, // i2f     l,    d      fp(l)  => d; convert integer -> fp e +F
  m_u2f    = 0x42, // i2f     l,    d      fp(l)  => d; convert uinteger -> fp  +F
  m_f2f    = 0x43, // f2f     l,    d      l      => d; change fp precision     +F
  m_fneg   = 0x44, // fneg    l,    d      -l     => d; change sign             +F
  m_fadd   = 0x45, // fadd    l, r, d      l + r  => d; add                     +F
  m_fsub   = 0x46, // fsub    l, r, d      l - r  => d; subtract                +F
  m_fmul   = 0x47, // fmul    l, r, d      l * r  => d; multiply                +F
  m_fdiv   = 0x48, // fdiv    l, r, d      l / r  => d; divide                  +F
#define m_max 0x49 // first unused opcode
};

bool must_mcode_close_block(mcode_t opcode, bool including_calls);
bool is_mcode_propagatable(mcode_t mcode);
inline bool is_mcode_addsub(mcode_t mcode) { return mcode == m_add || mcode == m_sub; }
inline bool is_mcode_xdsu(mcode_t mcode) { return mcode == m_xds || mcode == m_xdu; }
inline bool is_mcode_set(mcode_t mcode) { return mcode >= m_sets && mcode <= m_setle; }
inline bool is_mcode_set1(mcode_t mcode) { return mcode == m_sets; }
inline bool is_mcode_j1(mcode_t mcode) { return mcode == m_jcnd; }
inline bool is_mcode_jcond(mcode_t mcode) { return mcode >= m_jcnd && mcode <= m_jle; }
inline bool is_mcode_convertible_to_jmp(mcode_t mcode) { return mcode >= m_setnz && mcode <= m_setle; }
inline bool is_mcode_convertible_to_set(mcode_t mcode) { return mcode >= m_jnz && mcode <= m_jle; }
inline bool is_mcode_call(mcode_t mcode) { return mcode == m_call || mcode == m_icall; }
inline bool is_mcode_fpu(mcode_t mcode) { return mcode >= m_f2i; } // must be fpu
inline bool is_mcode_commutative(mcode_t mcode)
{
  return mcode == m_add
      || mcode == m_mul
      || mcode == m_or
      || mcode == m_and
      || mcode == m_xor
      || mcode == m_setz
      || mcode == m_setnz
      || mcode == m_cfadd
      || mcode == m_ofadd;
}
inline bool is_mcode_shift(mcode_t mcode)
{
  return mcode == m_shl
      || mcode == m_shr
      || mcode == m_sar;
}

// Convert setX opcode into corresponding jX opcode
// This function relies on the order of setX and jX opcodes!
inline mcode_t set2jcnd(mcode_t code)
{
  return mcode_t(code - m_setnz + m_jnz);
}

// Convert setX opcode into corresponding jX opcode
// This function relies on the order of setX and jX opcodes!
inline mcode_t jcnd2set(mcode_t code)
{
  return mcode_t(code + m_setnz - m_jnz);
}

mcode_t hexapi negate_mcode_relation(mcode_t code);
mcode_t hexapi swap_mcode_relation(mcode_t code);
mcode_t hexapi get_signed_mcode(mcode_t code);
mcode_t hexapi get_unsigned_mcode(mcode_t code);
inline bool is_signed_mcode(mcode_t code) { return get_unsigned_mcode(code) != code; }
inline bool is_unsigned_mcode(mcode_t code) { return get_signed_mcode(code) != code; }

// is the 'd' field a destination microreg?
// insns like jcnd, ijmp, stx etc. reuse 'd' as a source operand
// NB: use minsn_t::is_dest_target() if you have minsn_t (it returns proper value for m_ext)
bool hexapi is_dest_target_mcode(mcode_t mcode);

// Map the processor condition codes to the first virtual registers:
const mreg_t mr_none  = mreg_t(-1);
const mreg_t mr_cf    = mreg_t(0);       // the order is important, see mop_t::is_cc()
const mreg_t mr_zf    = mreg_t(1);
const mreg_t mr_sf    = mreg_t(2);
const mreg_t mr_of    = mreg_t(3);
const mreg_t mr_pf    = mreg_t(4);
const int    cc_count = mr_pf - mr_cf + 1; // number of condition code registers
const mreg_t mr_cc    = mreg_t(5);       // synthetic condition code, used internally
const mreg_t mr_first = mreg_t(8);       // the first processor specific register

// It is ok to use the gap between mr_pf and mr_first for bit registers

//------------------------------------------------------------------------
/// Macro to declare standard inline comparison operators
#define DECLARE_COMPARISON_OPERATORS(type)                              \
  bool operator==(const type &r) const { return compare(r) == 0; }      \
  bool operator!=(const type &r) const { return compare(r) != 0; }      \
  bool operator< (const type &r) const { return compare(r) <  0; }      \
  bool operator> (const type &r) const { return compare(r) >  0; }      \
  bool operator<=(const type &r) const { return compare(r) <= 0; }      \
  bool operator>=(const type &r) const { return compare(r) >= 0; }

/// Macro to declare comparisons for our classes
/// All comparison operators call the compare() function which returns -1/0/1
#define DECLARE_COMPARISONS(type)    \
  DECLARE_COMPARISON_OPERATORS(type) \
  friend int compare(const type &a, const type &b) { return a.compare(b); } \
  int compare(const type &r) const

/// Operand locator.
struct operand_locator_t
{
private:
  //forbid the default constructor
  operand_locator_t(void) {}
public:
  ea_t ea;              ///< address of the original instruction
  int opnum;            ///< operand number in the instruction
  operand_locator_t(ea_t _ea, int _opnum) : ea(_ea), opnum(_opnum) {}
  DECLARE_COMPARISONS(operand_locator_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

//-------------------------------------------------------------------------
/// Number represenation.
/// This structure holds information about number format.
struct number_format_t
{
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  flags_t flags;          ///< ida flags, which describe number radix, enum, etc
  char opnum;             ///< operand number: 0..UA_MAXOP
  char props;             ///< properties: combination of NF_ bits (\ref NF_)
/// \defgroup NF_ Number format property bits
/// Used in number_format_t::props
//@{
#define NF_FIXED    0x01  ///< number format has been defined by the user
#define NF_NEGDONE  0x02  ///< temporary internal bit: negation has been performed
#define NF_BINVDONE 0x04  ///< temporary internal bit: inverting bits is done
#define NF_NEGATE   0x08  ///< The user asked to negate the constant
#define NF_BITNOT   0x10  ///< The user asked to invert bits of the constant
#define NF_STROFF   0x20  ///< internal bit: used as stroff, valid iff is_stroff()
//@}
  uchar serial;           ///< for enums: constant serial number
  char org_nbytes;        ///< original number size in bytes
  qstring type_name;      ///< for stroffs: structure for offsetof()\n
                          ///< for enums: enum name
  /// Contructor
  number_format_t(int _opnum=0)
    : flags(0), opnum(char(_opnum)), props(0), serial(0), org_nbytes(0) {}
  /// Get number radix
  /// \return 2,8,10, or 16
  int get_radix(void) const { return ::get_radix(flags, opnum); }
  /// Is number representation fixed?
  /// Fixed representation can not be modified by the decompiler
  bool is_fixed(void) const { return props != 0; }
  /// Is a hexadecimal number?
  bool is_hex(void) const { return ::is_numop(flags, opnum) && get_radix() == 16; }
  /// Is a decimal number?
  bool is_dec(void) const { return ::is_numop(flags, opnum) && get_radix() == 10; }
  /// Is a octal number?
  bool is_oct(void) const { return ::is_numop(flags, opnum) && get_radix() == 8; }
  /// Is a symbolic constant?
  bool is_enum(void) const { return ::is_enum(flags, opnum); }
  /// Is a character constant?
  bool is_char(void) const { return ::is_char(flags, opnum); }
  /// Is a structure field offset?
  bool is_stroff(void) const { return ::is_stroff(flags, opnum); }
  /// Is a number?
  bool is_numop(void) const { return !is_enum() && !is_char() && !is_stroff(); }
  /// Does the number need to be negated or bitwise negated?
  /// Returns true if the user requested a negation but it is not done yet
  bool needs_to_be_inverted(void) const
  {
    return (props & (NF_NEGATE|NF_BITNOT)) != 0      // the user requested it
        && (props & (NF_NEGDONE|NF_BINVDONE)) == 0;  // not done yet
  }
};

// Number formats are attached to (ea,opnum) pairs
typedef std::map<operand_locator_t, number_format_t> user_numforms_t;

//-------------------------------------------------------------------------
/// Base helper class to convert binary data structures into text.
/// Other classes are derived from this class.
struct vd_printer_t
{
  qstring tmpbuf;
  int hdrlines;         ///< number of header lines (prototype+typedef+lvars)
                        ///< valid at the end of print process
  /// Print.
  /// This function is called to generate a portion of the output text.
  /// The output text may contain color codes.
  /// \return the number of printed characters
  /// \param indent  number of spaces to generate as prefix
  /// \param format  printf-style format specifier
  /// \return length of printed string
  AS_PRINTF(3, 4) virtual int hexapi print(int indent, const char *format,...);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

/// Helper class to convert cfunc_t into text.
struct vc_printer_t : public vd_printer_t
{
  const cfunc_t *func;          ///< cfunc_t to generate text for
  char lastchar;                ///< internal: last printed character
  /// Constructor
  vc_printer_t(const cfunc_t *f) : func(f), lastchar(0) {}
  /// Are we generating one-line text representation?
  /// \return \c true if the output will occupy one line without line breaks
  virtual bool idaapi oneliner(void) const { return false; }
};

/// Helper class to convert binary data structures into text and put into a file.
struct file_printer_t : public vd_printer_t
{
  FILE *fp;                     ///< Output file pointer
  /// Print.
  /// This function is called to generate a portion of the output text.
  /// The output text may contain color codes.
  /// \return the number of printed characters
  /// \param indent  number of spaces to generate as prefix
  /// \param format  printf-style format specifier
  /// \return length of printed string
  AS_PRINTF(3, 4) int hexapi print(int indent, const char *format, ...);
  /// Constructor
  file_printer_t(FILE *_fp) : fp(_fp) {}
};

/// Helper class to convert cfunc_t into a text string
struct qstring_printer_t : public vc_printer_t
{
  bool with_tags;               ///< Generate output with color tags
  qstring &s;                   ///< Reference to the output string
  /// Constructor
  qstring_printer_t(const cfunc_t *f, qstring &_s, bool tags)
    : vc_printer_t(f), with_tags(tags), s(_s) {}
  /// Print.
  /// This function is called to generate a portion of the output text.
  /// The output text may contain color codes.
  /// \return the number of printed characters
  /// \param indent  number of spaces to generate as prefix
  /// \param format  printf-style format specifier
  /// \return length of printed string
  AS_PRINTF(3, 4) int hexapi print(int indent, const char *format, ...);
};

//-------------------------------------------------------------------------
/// \defgroup type Type string related declarations
/// Type related functions and class.
//@{

/// Verify a type string.
/// \return true if type string is correct

bool hexapi is_type_correct(const type_t *ptr);


/// Is a small structure or union?
/// \return true if the type is a small UDT (user defined type).
///              Small UDTs fit into a register (or pair or registers) as a rule.

bool hexapi is_small_struni(const tinfo_t &tif);


/// Is definitely a non-boolean type?
/// \return true if the type is a non-boolean type (non bool and well defined)

bool hexapi is_nonbool_type(const tinfo_t &type);


/// Is a boolean type?
/// \return true if the type is a boolean type

bool hexapi is_bool_type(const tinfo_t &type);


/// Is a pointer or array type?
inline bool is_ptr_or_array(type_t t)
{
  return is_type_ptr(t) || is_type_array(t);
}

/// Is a pointer, array, or function type?
inline bool is_paf(type_t t)
{
  return is_ptr_or_array(t) || is_type_func(t);
}

/// Is struct/union/enum definition (not declaration)?
inline bool is_inplace_def(const tinfo_t &type)
{
  return type.is_decl_complex() && !type.is_typeref();
}

/// Calculate number of partial subtypes.
/// \return number of partial subtypes. The bigger is this number, the uglier is the type.

int hexapi partial_type_num(const tinfo_t &type);


/// Get a type of a floating point value with the specified width
/// \returns type info object
/// \param width width of the desired type

tinfo_t hexapi get_float_type(int width);


/// Create a type info by width and sign.
/// Returns a simple type (examples: int, short) with the given width and sign.
/// \param srcwidth size of the type in bytes
/// \param sign sign of the type

tinfo_t hexapi get_int_type_by_width_and_sign(int srcwidth, type_sign_t sign);


/// Create a partial type info by width.
/// Returns a partially defined type (examples: _DWORD, _BYTE) with the given width.
/// \param size size of the type in bytes

tinfo_t hexapi get_unk_type(int size);


/// Generate a dummy pointer type
///  \param ptrsize size of pointed object
///  \param isfp is floating point object?

tinfo_t hexapi dummy_ptrtype(int ptrsize, bool isfp);


/// Get type of a structure field.
/// This function performs validity checks of the field type. Wrong types are rejected.
/// \param mptr structure field
/// \param type pointer to the variable where the type is returned. This parameter can be NULL.
/// \return false if failed

bool hexapi get_member_type(const member_t *mptr, tinfo_t *type);


/// Create a pointer type.
/// This function performs the following conversion: "type" -> "type*"
/// \param type object type.
/// \return "type*". for example, if 'char' is passed as the argument,
//          the function will return 'char *'

tinfo_t hexapi make_pointer(const tinfo_t &type);


/// Create a reference to a named type.
/// \param name type name
/// \return type which refers to the specified name. For example, if name is "DWORD",
///             the type info which refers to "DWORD" is created.

tinfo_t hexapi create_typedef(const char *name);


/// Create a reference to an ordinal type.
/// \param n ordinal number of the type
/// \return type which refers to the specified ordianl. For example, if n is 1,
///             the type info which refers to ordinal type 1 is created.

inline tinfo_t create_typedef(int n)
{
  tinfo_t tif;
  tif.create_typedef(NULL, n);
  return tif;
}

/// Type source (where the type information comes from)
enum type_source_t
{
  GUESSED_NONE,  // not guessed, specified by the user
  GUESSED_WEAK,  // not guessed, comes from idb
  GUESSED_FUNC,  // guessed as a function
  GUESSED_DATA,  // guessed as a data item
  TS_NOELL  = 0x8000000, // can be used in set_type() to avoid merging into ellipsis
  TS_SHRINK = 0x4000000, // can be used in set_type() to prefer smaller arguments
  TS_MASK   = 0xC000000, // all high bits
};

inline int compare_typsrc(type_source_t s1, type_source_t s2)
{
  if ( s1 > GUESSED_WEAK && s2 > GUESSED_WEAK )
    return 0; // both guessed, consider equal
  return compare(s1, s2);
}


/// Get a global type.
/// Global types are types of addressable objects and struct/union/enum types
/// \param id address or id of the object
/// \param tif buffer for the answer
/// \param guess what kind of types to consider
/// \return success

bool hexapi get_type(uval_t id, tinfo_t *tif, type_source_t guess);


/// Set a global type.
/// \param id address or id of the object
/// \param tif new type info
/// \param source where the type comes from
/// \param force true means to set the type as is, false means to merge the
///        new type with the possibly existing old type info.
/// \return success

bool hexapi set_type(uval_t id, const tinfo_t &tif, type_source_t source, bool force=false);

//@}

//-------------------------------------------------------------------------
// We use our own class to store argument and variable locations.
// The main differences between vdloc and argloc_t:
//   VLOC_REG1: the offset is always 0, so it is not used. the register number
//              uses the whole ~VLOC_MASK field.
//   VLOCK_STKOFF: stack offsets are always positive because they are based on
//              the lowest value of sp in the function.
class vdloc_t : public argloc_t
{
  int regoff(void); // inaccessible & undefined: regoff() should not be used
public:
  // use all available bits for register number for VLOC_REG1
  int reg1(void) const { return atype() == ALOC_REG2 ? argloc_t::reg1() : get_reginfo(); }
  void _set_reg1(int r1) { argloc_t::_set_reg1(r1, r1>>16); } // it works fine
  void set_reg1(int r1) { cleanup_argloc(this); _set_reg1(r1); }
  inline bool is_fpu_mreg() const;
  const char *hexapi dstr(int width=0) const;
};

void hexapi print_vdloc(qstring *vout, const vdloc_t &loc, int w);
//-------------------------------------------------------------------------
/// Do two arglocs overlap?
bool hexapi arglocs_overlap(const vdloc_t &loc1, size_t w1, const vdloc_t &loc2, size_t w2);

/// Local variable locator. Local variables are located using: definition ea, location
struct lvar_locator_t
{
  vdloc_t location;     ///< Variable location.
  ea_t defea;           ///< Definition address. The address of an instruction
                        ///< that initializes the variable. This value is
                        ///< assigned to each lvar by lvar allocator.
                        ///< BADADDR for function arguments
  lvar_locator_t(void) : defea(BADADDR) {}
  lvar_locator_t(const vdloc_t &loc, ea_t ea) : location(loc), defea(ea) {}
  /// Calculate the variable location (only for continuous variables)
  /// \return if the variable is register-hosted, the register number
  ///         otherwise, return the virtual stack register number that
  ///         corresponds to the stack location
  sval_t hexapi get_regnum(void) const;
  /// Is variable located on one register?
  bool is_reg1(void) const { return  location.is_reg1(); }
  /// Is variable located on two registers?
  bool is_reg2(void) const { return  location.is_reg2(); }
  /// Is variable located on register(s)?
  bool is_reg_var(void) const { return location.is_reg(); }
  /// Is variable located on the stack?
  bool is_stk_var(void) const { return location.is_stkoff(); }
  /// Is variable scattered?
  bool is_scattered(void) const { return location.is_scattered(); }
  /// Get number of the register for the variable
  mreg_t get_reg1(void) const { return location.reg1(); }
  /// Get number of the second register (only for tworeg lvars)
  mreg_t get_reg2(void) const { return location.reg2(); }
  /// Get information about scattered variable
  const scattered_aloc_t &get_scattered(void) const { return location.scattered(); }
        scattered_aloc_t &get_scattered(void)       { return location.scattered(); }
  DECLARE_COMPARISONS(lvar_locator_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  const char *hexapi dstr(void) const;
};

/// Definition of a local variable (register or stack) #var #lvar
class lvar_t : public lvar_locator_t
{
  friend class mbl_array_t;
  int flags;                    ///< \ref CVAR_
/// \defgroup CVAR_ Local variable property bits
/// Used in lvar_t::flags
//@{
#define CVAR_USED    0x0001     ///< is used in the code?
#define CVAR_TYPE    0x0002     ///< the type is defined?
#define CVAR_NAME    0x0004     ///< has nice name?
#define CVAR_MREG    0x0008     ///< corresponding mregs were replaced?
#define CVAR_NOWD    0x0010     ///< width is unknown
#define CVAR_UNAME   0x0020     ///< user-defined name
#define CVAR_UTYPE   0x0040     ///< user-defined type
#define CVAR_RESULT  0x0080     ///< function result variable
#define CVAR_ARG     0x0100     ///< function argument
#define CVAR_FAKE    0x0200     ///< fake return variable
#define CVAR_OVER    0x0400     ///< overlapping variable
#define CVAR_FLOAT   0x0800     ///< used in a fpu insn
#define CVAR_SPOILED 0x1000     ///< internal flag, do not use: spoiled var
#define CVAR_MAPDST  0x2000     ///< other variables are mapped to this var
#define CVAR_PARTIAL 0x4000     ///< variable type is partialy defined
//@}

public:
  qstring name;          ///< variable name.
                         ///< use mbl_array_t::set_nice_lvar_name() and
                         ///< mbl_array_t::set_user_lvar_name() to modify it
  qstring cmt;           ///< variable comment string
  tinfo_t tif;           ///< variable type
  int width;             ///< variable size in bytes
  int defblk;            ///< first block defining the variable.
                         ///< 0 for args, -1 if unknown
  uint64 divisor;        ///< max known divisor of the variable

  lvar_t(void) : flags(CVAR_USED), width(0), defblk(-1), divisor(0) {}
  lvar_t(const qstring &n, const vdloc_t &l, ea_t e, const tinfo_t &t, int w, int db)
    : lvar_locator_t(l, e), flags(CVAR_USED), name(n), tif(t), width(w),
      defblk(db), divisor(0) {}
  lvar_t(mreg_t reg, int width, const tinfo_t &type, int nblock, ea_t defea);
  const char *hexapi dstr(void) const;

  /// Is the variable used in the code?
  bool used(void)  const { return (flags & CVAR_USED) != 0; }
  /// Has the variable a type?
  bool typed(void) const { return (flags & CVAR_TYPE) != 0; }
  /// Have corresponding microregs been replaced by references to this variable?
  bool mreg_done(void) const { return (flags & CVAR_MREG) != 0; }
  /// Does the variable have a nice name?
  bool has_nice_name(void) const { return (flags & CVAR_NAME) != 0; }
  /// Do we know the width of the variable?
  bool is_unknown_width(void) const { return (flags & CVAR_NOWD) != 0; }
  /// Has any user-defined information?
  bool has_user_info(void) const { return (flags & (CVAR_UNAME|CVAR_UTYPE)) != 0 || !cmt.empty(); }
  /// Has user-defined name?
  bool has_user_name(void) const { return (flags & CVAR_UNAME) != 0; }
  /// Has user-defined type?
  bool has_user_type(void) const { return (flags & CVAR_UTYPE) != 0; }
  /// Is the function result?
  bool is_result_var(void) const { return (flags & CVAR_RESULT) != 0; }
  /// Is the function argument?
  bool is_arg_var(void) const { return (flags & CVAR_ARG) != 0; }
  /// Is the promoted function argument?
  bool is_promoted_arg(void) const;
  /// Is fake return variable?
  bool is_fake_var(void) const { return (flags & CVAR_FAKE) != 0; }
  /// Is overlapped variable?
  bool is_overlapped_var(void) const { return (flags & CVAR_OVER) != 0; }
  /// Used by a fpu insn?
  bool is_floating_var(void) const { return (flags & CVAR_FLOAT) != 0; }
  /// Is spoiled var? (meaningful only during lvar allocation)
  bool is_spoiled_var(void) const { return (flags & CVAR_SPOILED) != 0; }
  /// Other variable(s) map to this var?
  bool is_partialy_typed(void) const { return (flags & CVAR_PARTIAL) != 0; }
  /// Other variable(s) map to this var?
  bool is_mapdst_var(void) const { return (flags & CVAR_MAPDST) != 0; }
  void set_used(void) { flags |= CVAR_USED; }
  void clear_used(void) { flags &= ~CVAR_USED; }
  void set_typed(void) { flags |= CVAR_TYPE; }
  void set_non_typed(void) { flags &= ~CVAR_TYPE; }
  void clr_user_info(void) { flags &= ~(CVAR_UNAME|CVAR_UTYPE); }
  void set_user_name(void) { flags |= CVAR_NAME|CVAR_UNAME; }
  void set_user_type(void) { flags |= CVAR_TYPE|CVAR_UTYPE; }
  void clr_user_type(void) { flags &= ~CVAR_UTYPE; }
  void clr_user_name(void) { flags &= ~CVAR_UNAME; }
  void set_mreg_done(void) { flags |= CVAR_MREG; }
  void clr_mreg_done(void) { flags &= ~CVAR_MREG; }
  void set_unknown_width(void) { flags |= CVAR_NOWD; }
  void clr_unknown_width(void) { flags &= ~CVAR_NOWD; }
  void set_arg_var(void) { flags |= CVAR_ARG; }
  void clr_arg_var(void) { flags &= ~CVAR_ARG; }
  void set_fake_var(void) { flags |= CVAR_FAKE; }
  void clr_fake_var(void) { flags &= ~CVAR_FAKE; }
  void set_overlapped_var(void) { flags |= CVAR_OVER; }
  void clr_overlapped_var(void) { flags &= ~CVAR_OVER; }
  void set_floating_var(void) { flags |= CVAR_FLOAT; }
  void clr_floating_var(void) { flags &= ~CVAR_FLOAT; }
  void set_spoiled_var(void) { flags |= CVAR_SPOILED; }
  void clr_spoiled_var(void) { flags &= ~CVAR_SPOILED; }
  void set_mapdst_var(void) { flags |= CVAR_MAPDST; }
  void clr_mapdst_var(void) { flags &= ~CVAR_MAPDST; }
  void set_partialy_typed(void) { flags |= CVAR_PARTIAL; }
  void clr_partialy_typed(void) { flags &= ~CVAR_PARTIAL; }

  void set_reg_name(const char *n)
  {
    name = n;              // do not verify uniqueness
    flags &= ~CVAR_USED;   // do not display the declaration
    flags |= CVAR_NAME;    // do not autorename
  }
  /// Do variables overlap?
  bool has_common(const lvar_t &v) const
  {
    return arglocs_overlap(location, width, v.location, v.width);
  }
  /// Does the variable overlap with the specified location?
  bool has_common_bit(const vdloc_t &loc, asize_t width2) const
  {
    return arglocs_overlap(location, width, loc, width2);
  }
  /// Get variable type
  const tinfo_t &type(void) const { return tif; }
  tinfo_t &type(void) { return tif; }

  /// Check if the variable accept the specified type.
  /// Some types are forbidden (void, function types, wrong arrays, etc)
  bool hexapi accepts_type(const tinfo_t &t);

  /// Set variable type without any validation.
  void force_lvar_type(const tinfo_t &t);

  /// Set variable type
  /// Note: this function does not modify the idb, only the lvar instance
  /// in the memory. for permanent changes see modify_user_lvars()
  /// \param t new type
  /// \param may_fail if false and type is bad, interr
  /// \return success
  bool hexapi set_lvar_type(const tinfo_t &t, bool may_fail=false);

  /// Set final variable type.
  void set_final_lvar_type(const tinfo_t &t)
  {
    set_lvar_type(t);
    set_typed();
  }

  /// Change the variable width. This function also changes
  /// the variable type.
  /// \param w new width
  /// \param svw_flags combination of SVW_... bits
  /// \return success
  bool hexapi set_width(int w, int svw_flags=0);
#define SVW_INT   0x00 // integer value
#define SVW_FLOAT 0x01 // floating point value
#define SVW_SOFT  0x02 // may fail and return false;
                       // if this bit is not set and the type is bad, interr

};
DECLARE_TYPE_AS_MOVABLE(lvar_t);

/// Set of local variables
struct lvars_t : public qvector<lvar_t>
{
  /// Find input variable at the specified location.
  /// \param argloc variable location
  /// \param _size variable size
  /// \return -1 if failed, otherwise the index into the variables vector.
  int find_input_lvar(const vdloc_t &argloc, int _size) { return find_lvar(argloc, _size, 0); }

  /// Find stack variable at the specified location.
  /// \param spoff offset from the minimal sp
  /// \param width variable size
  /// \return -1 if failed, otherwise the index into the variables vector.
  int hexapi find_stkvar(int32 spoff, int width);

  /// Find variable at the specified location.
  /// \param ll variable location
  /// \return pointer to variable or NULL
  lvar_t *hexapi find(const lvar_locator_t &ll);


  /// Find variable at the specified location.
  /// \param location variable location
  /// \param width variable size
  /// \param defblk definition block of the lvar. -1 means any block
  /// \return -1 if failed, otherwise the index into the variables vector.
  int hexapi find_lvar(const vdloc_t &location, int width, int defblk=-1);
};

/// Saved user settings for local variables: name, type, comment
struct lvar_saved_info_t
{
  lvar_locator_t ll;
  qstring name;
  tinfo_t type;
  qstring cmt;
  ssize_t size;                 ///< type size (if not initialized then -1)
  int flags;                    ///< \ref LVINF_
/// \defgroup LVINF_ saved user lvar info property bits
/// Used in lvar_saved_info_t::flags
//@{
#define LVINF_KEEP   0x0001     ///< keep saved user settings regardless of vars
//@}
  lvar_saved_info_t(void) : size(BADSIZE), flags(0) {}
  bool has_info(void) const { return !name.empty() || !type.empty() || !cmt.empty(); }
  bool operator==(const lvar_saved_info_t &r) const
  {
    return name == r.name
        && cmt == r.cmt
        && ll == r.ll
        && type == r.type;
  }
  bool operator!=(const lvar_saved_info_t &r) const { return !(*this == r); }
  bool is_kept(void) const { return (flags & LVINF_KEEP) != 0; }
  void clear_keep(void) { flags &= ~LVINF_KEEP; }
  void set_keep(void) { flags |= LVINF_KEEP; }
};
DECLARE_TYPE_AS_MOVABLE(lvar_saved_info_t);
typedef qvector<lvar_saved_info_t> lvar_saved_infos_t;

/// Local variable mapping (is used to merge variables)
typedef std::map<lvar_locator_t, lvar_locator_t> lvar_mapping_t;

/// All user-defined information about local variables
struct lvar_uservec_t
{
  /// User-specified names, types, comments for lvars. Variables without
  /// user-specified info are not present in this vector.
  lvar_saved_infos_t lvvec;

  /// Local variable mapping (used for merging variables)
  lvar_mapping_t lmaps;

  /// Delta to add to IDA stack offset to calculate Hex-Rays stack offsets.
  /// Should be set by the caller before calling save_user_lvar_settings();
  uval_t stkoff_delta;

  /// Various flags. Possible values are from \ref ULV_
  int ulv_flags;
/// \defgroup ULV_ lvar_uservec_t property bits
/// Used in lvar_uservec_t::ulv_flags
//@{
#define ULV_PRECISE_DEFEA 0x0001        ///< Use precise defea's for lvar locations
//@}

  lvar_uservec_t(void) : stkoff_delta(0), ulv_flags(ULV_PRECISE_DEFEA) {}
  void swap(lvar_uservec_t &r)
  {
    lvvec.swap(r.lvvec);
    lmaps.swap(r.lmaps);
    std::swap(stkoff_delta, r.stkoff_delta);
    std::swap(ulv_flags, r.ulv_flags);
  }

  /// find saved user settings for given var
  lvar_saved_info_t *find_info(const lvar_locator_t &vloc)
  {
    for ( lvar_saved_infos_t::iterator p=lvvec.begin(); p != lvvec.end(); ++p )
    {
      if ( p->ll == vloc )
        return p;
    }
    return NULL;
  }

  /// keep user settings for given var
  void keep_info(const lvar_t &v)
  {
    lvar_saved_info_t *p = find_info(v);
    if ( p != NULL )
      p->set_keep();
  }
};

/// Restore user defined local variable settings in the database.
/// \param func_ea entry address of the function
/// \param lvinf ptr to output buffer
/// \return success

bool hexapi restore_user_lvar_settings(lvar_uservec_t *lvinf, ea_t func_ea);


/// Save user defined local variable settings into the database.
/// \param func_ea entry address of the function
/// \param lvinf user-specified info about local variables

void hexapi save_user_lvar_settings(ea_t func_ea, const lvar_uservec_t &lvinf);


/// Helper class to modify saved local variable settings.
struct user_lvar_modifier_t
{
  /// Modify lvar settings.
  /// Returns: true-modified
  virtual bool idaapi modify_lvars(lvar_uservec_t *lvinf) = 0;
};

/// Modify saved local variable settings.
///     \param entry_ea         function start address
///     \param mlv              local variable modifier
/// \return true if modified variables

bool hexapi modify_user_lvars(ea_t entry_ea, user_lvar_modifier_t &mlv);


//-------------------------------------------------------------------------
/// User-defined function calls
struct udcall_t
{
  qstring name;         // name of the function
  tinfo_t tif;          // function prototype
};

// All user-defined function calls (map address -> udcall)
typedef std::map<ea_t, udcall_t> udcall_map_t;

/// Restore user defined function calls from the database.
/// \param udcalls ptr to output buffer
/// \param func_ea entry address of the function
/// \return success

bool hexapi restore_user_defined_calls(udcall_map_t *udcalls, ea_t func_ea);


/// Save user defined local function calls into the database.
/// \param func_ea entry address of the function
/// \param udcalls user-specified info about user defined function calls

void hexapi save_user_defined_calls(ea_t func_ea, const udcall_map_t &udcalls);


/// Convert function type declaration into internal structure
/// \param udc    - pointer to output structure
/// \param decl   - function type declaration
/// \param silent - if TRUE: do not show warning in case of incorrect type
/// \return success

bool hexapi parse_user_call(udcall_t *udc, const char *decl, bool silent);


/// try to generate user-defined call for an instruction
/// \return \ref MERR_ code:
///   MERR_OK      - user-defined call generated
///   else         - error (MERR_INSN == inacceptable udc.tif)

merror_t hexapi convert_to_user_call(const udcall_t &udc, codegen_t &cdg);


//-------------------------------------------------------------------------
/// Generic microcode generator class.
/// An instance of a derived class can be registered to be used for
/// non-standard microcode generation. Before microcode generation for an
/// instruction all registered object will be visited by the following way:
///   if ( filter->match(cdg) )
///     code = filter->apply(cdg);
///   if ( code == MERR_OK )
///     continue;     // filter generated microcode, go to the next instruction
struct microcode_filter_t
{
  /// check if the filter object is to be appied
  /// \return success
  virtual bool match(codegen_t &cdg) = 0;
  /// generate microcode for an instruction
  /// \return MERR_... code:
  ///   MERR_OK      - user-defined call generated, go to the next instruction
  ///   MERR_INSN    - not generated - the caller should try the standard way
  ///   else         - error
  virtual merror_t apply(codegen_t &cdg) = 0;
};

/// register/unregister non-standard microcode generator
/// \param filter  - microcode generator object
/// \param install - TRUE - register the object, FALSE - unregister
void hexapi install_microcode_filter(microcode_filter_t *filter, bool install=true);

//-------------------------------------------------------------------------
/// Abstract class: User-defined call generator
/// derived classes should implement method 'match'
class udc_filter_t : public microcode_filter_t
{
  udcall_t udc;

public:
  /// return true if the filter object should be appied to given instruction
  virtual bool match(codegen_t &cdg) = 0;

  bool hexapi init(const char *decl);
  virtual merror_t hexapi apply(codegen_t &cdg);
};

//-------------------------------------------------------------------------
typedef int mbitmap_t;
const int bitset_width = (sizeof(mbitmap_t)*CHAR_BIT);
const int bitset_align = bitset_width - 1;

/// Bit set class
class bitset_t
{
  mbitmap_t *bitmap;    ///< pointer to bitmap
  int high;             ///< highest bit+1 (multiply of bitset_width)

public:
  bitset_t(void) : bitmap(NULL), high(0) {}
  hexapi bitset_t(const bitset_t &m);          // copy constructor
  ~bitset_t(void)
  {
    qfree(bitmap);
    bitmap = NULL;
  }
  void swap(bitset_t &r)
  {
    std::swap(bitmap, r.bitmap);
    std::swap(high, r.high);
  }
  bitset_t &operator=(const bitset_t &m); // assignment operator
  bool hexapi add(int bit);                    // add a bit
  bool hexapi add(int bit, int width);         // add bits
  bool hexapi add(const bitset_t &ml);         // add another bitset
  bool hexapi sub(int bit);                    // delete a bit
  bool hexapi sub(int bit, int width);         // delete bits
  bool hexapi sub(const bitset_t &ml);         // delete another bitset
  bool hexapi cut_at(int maxbit);              // delete bits >= maxbit
  void hexapi shift_down(int shift);           // shift bits down
  bool hexapi has(int bit) const;       // test presence of a bit
  bool hexapi has_all(int bit, int width) const; // test presence of bits
  bool hexapi has_any(int bit, int width) const; // test presence of bits
  void print(
        qstring *vout,
        int (*get_bit_name)(qstring *out, int bit, int width, void *ud)=NULL,
        void *ud=NULL) const;
  const char *hexapi dstr(void) const;
  bool hexapi empty(void) const;        // is empty?
  int hexapi count(void) const;         // number of set bits
  int hexapi count(int bit) const;      // get number set bits starting from 'bit'
  int hexapi last(void) const;          // get the number of the last bit (-1-no bits)
  void clear(void) { high = 0; }        // make empty
  void hexapi fill_with_ones(int maxbit);
  bool fill_gaps(int total_nbits);
  bool hexapi has_common(const bitset_t &ml) const; // has common elements?
  bool hexapi intersect(const bitset_t &ml);    // intersect sets. returns true if changed
  bool hexapi is_subset_of(const bitset_t &ml) const; // is subset of?
  bool includes(const bitset_t &ml) const { return ml.is_subset_of(*this); }
  void extract(intvec_t &out) const;
  DECLARE_COMPARISONS(bitset_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
#ifndef SWIG
  class iterator
  {
    friend class bitset_t;
    int i;
    iterator(int n) : i(n) {}
  public:
    bool operator==(const iterator &n) const { return i == n.i; }
    bool operator!=(const iterator &n) const { return i != n.i; }
    int operator*(void) const { return i; }
  };
  typedef iterator const_iterator;
  iterator itat(int n) const { return iterator(goup(n)); }
  iterator begin(void) const { return itat(0); }
  iterator end(void)   const { return iterator(high); }
  int front(void)      const { return *begin(); }
  int back(void)       const { return *end(); }
  void inc(iterator &p, int n=1) const { p.i = goup(p.i+n); }
#endif
private:
  int hexapi goup(int reg) const;
};
DECLARE_TYPE_AS_MOVABLE(bitset_t);
typedef qvector<bitset_t> array_of_bitsets;

//-------------------------------------------------------------------------
struct ivl_t  // an interval
{
private:
  //forbid the default constructor
  ivl_t(void) {}
  //...except for use in a vector
  friend class qvector<ivl_t>;
public:
  uval_t off;
  asize_t size;
  ivl_t(uval_t _off, asize_t _size) : off(_off), size(_size) {}
  bool empty(void) const { return size == 0; }
  void clear(void) { size = 0; }
  uval_t end(void) const { return off+size; }
  void print(qstring *vout) const;
  const char *hexapi dstr(void) const;
  bool extend_to_cover(const ivl_t &r) // extend interval to cover 'r'
  {
    bool changed = false;
    sval_t d = off - r.off;
    if ( d > 0 )
    {
      off -= d;
      size += d;
      changed = true;
    }
    if ( end() < r.end() )
    {
      size = r.end() - off;
      changed = true;
    }
    return changed;
  }
  void intersect(const ivl_t &r)
  {
    uval_t s1 = qmax(off, r.off);
    uval_t s2 = qmin(end(), r.end());
    if ( s1 < s2 )
    {
      off = s1;
      size = s2 - s1;
    }
    else
    {
      size = 0;
    }
  }

  // do *this and ivl overlap?
  bool overlap(const ivl_t &ivl) const
  {
    return interval::overlap(off, size, ivl.off, ivl.size);
  }
  // does *this include ivl?
  bool includes(const ivl_t &ivl) const
  {
    return interval::includes(off, size, ivl.off, ivl.size);
  }
  // does *this contain off2?
  bool contains(uval_t off2) const
  {
    return interval::contains(off, size, off2);
  }

  DECLARE_COMPARISONS(ivl_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()

  static const ivl_t allmem;
#define ALLMEM ivl_t::allmem
};
DECLARE_TYPE_AS_MOVABLE(ivl_t);

//-------------------------------------------------------------------------
class ivlset_t // set of intervals
{
  typedef qvector<ivl_t> bag_t;
  bag_t bag;
  bool verify(void) const;
public:
  ivlset_t(void) {}
  ivlset_t(const ivl_t &ivl);
  ivlset_t(const ivlset_t &ivs) : bag(ivs.bag)
  {
  }
  DEFINE_MEMORY_ALLOCATION_FUNCS()

  void swap(ivlset_t &r) { bag.swap(r.bag); }
  bool hexapi add(const ivl_t &ivl);
  bool add(ea_t ea, asize_t size) { return add(ivl_t(ea, size)); }
  bool hexapi add(const ivlset_t &ivs);
  bool hexapi addmasked(const ivlset_t &ivs, const ivl_t &mask);
  bool hexapi sub(const ivl_t &ivl);
  bool sub(ea_t ea, asize_t size) { return sub(ivl_t(ea, size)); }
  bool hexapi sub(const ivlset_t &ivs);
  bool hexapi has_common(const ivl_t &ivl, bool strict=false) const;
  void hexapi print(qstring *vout) const;
  const char *hexapi dstr(void) const;
  asize_t hexapi count(void) const; // size in bytes
  const ivl_t &getivl(int idx) const { return bag[idx]; }
  const ivl_t &lastivl(void) const { return bag.back(); }
  size_t nivls(void) const { return bag.size(); }
  bool empty(void) const { return bag.empty(); }
  void clear(void) { bag.clear(); }
  void qclear(void) { bag.qclear(); }
  bool hexapi has_common(const ivlset_t &ivs) const;
  bool hexapi contains(uval_t off) const;
  bool hexapi includes(const ivlset_t &ivs) const;
  bool hexapi intersect(const ivlset_t &ivs);
  bool is_subset_of(const ivlset_t &ivs) const { return ivs.includes(*this); }
  bool single_value(uval_t v) const { return nivls() == 1 && bag[0].off == v && bag[0].size == 1; }

  DECLARE_COMPARISONS(ivlset_t);
  bool operator==(const ivl_t &v) const { return nivls() == 1 && bag[0] == v; }
  bool operator!=(const ivl_t &v) const { return !(*this == v); }

  typedef bag_t::iterator iterator;
  typedef bag_t::const_iterator const_iterator;
  const_iterator begin(void) const { return bag.begin(); }
  const_iterator end(void)   const { return bag.end(); }
  iterator begin(void) { return bag.begin(); }
  iterator end(void)   { return bag.end(); }

};
DECLARE_TYPE_AS_MOVABLE(ivlset_t);
typedef qvector<ivlset_t> array_of_ivlsets;
int hexapi get_mreg_name(qstring *out, int bit, int width, void *ud=NULL);
//-------------------------------------------------------------------------
class rlist_t : public bitset_t // list of registers
{
public:
  rlist_t(void) {}
  rlist_t(const rlist_t &m) : bitset_t(m)
  {
  }
  rlist_t(mreg_t reg, int width) { add(reg, width); }
  ~rlist_t(void) {}
  void hexapi print(qstring *vout) const;
  const char *hexapi dstr(void) const;
};
DECLARE_TYPE_AS_MOVABLE(rlist_t);

//-------------------------------------------------------------------------
// Microlist: register and memory sets
struct mlist_t
{
  rlist_t reg;         // registers
  ivlset_t mem;        // memory locations

  mlist_t(void) {}
  mlist_t(const ivl_t &ivl) : mem(ivl) {}
  mlist_t(mreg_t r, int size) : reg(r, size) {}

  void swap(mlist_t &r) { reg.swap(r.reg); mem.swap(r.mem); }
  bool hexapi addmem(ea_t ea, asize_t size);
  bool add(mreg_t r, int size) { return add(mlist_t(r, size)); }
  bool add(const rlist_t &r)   { return reg.add(r); }
  bool add(const ivl_t &ivl)   { return add(mlist_t(ivl)); }
  bool add(const mlist_t &lst) { return reg.add(lst.reg) | mem.add(lst.mem); }
  bool sub(mreg_t r, int size) { return sub(mlist_t(r, size)); }
  bool sub(const ivl_t &ivl)   { return sub(mlist_t(ivl)); }
  bool sub(const mlist_t &lst) { return reg.sub(lst.reg) | mem.sub(lst.mem); }
  asize_t count(void) const { return reg.count() + mem.count(); }
  void hexapi print(qstring *vout) const;
  const char *hexapi dstr(void) const;
  bool empty(void) const { return reg.empty() && mem.empty(); }
  void clear(void) { reg.clear(); mem.clear(); }
  bool has(mreg_t r) const { return reg.has(r); }
  bool has_all(mreg_t r, int size) const { return reg.has_all(r, size); }
  bool has_any(mreg_t r, int size) const { return reg.has_any(r, size); }
  bool has_memory(void) const { return !mem.empty(); }
  bool has_allmem(void) const { return mem == ALLMEM; }
  bool has_common(const mlist_t &lst) const { return reg.has_common(lst.reg) || mem.has_common(lst.mem); }
  bool includes(const mlist_t &lst) const { return reg.includes(lst.reg) && mem.includes(lst.mem); }
  bool intersect(const mlist_t &lst) { return reg.intersect(lst.reg) | mem.intersect(lst.mem); }
  bool is_subset_of(const mlist_t &lst) const { return lst.includes(*this); }

  DECLARE_COMPARISONS(mlist_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};
DECLARE_TYPE_AS_MOVABLE(mlist_t);
typedef qvector<mlist_t> mlistvec_t;
DECLARE_TYPE_AS_MOVABLE(mlistvec_t);

//-------------------------------------------------------------------------
// abstract graph interface
class simple_graph_t : public gdl_graph_t
{
public:
  qstring title;
  bool colored_gdl_edges;
};

//-------------------------------------------------------------------------
// various visitors:

struct op_parent_info_t
{
  mbl_array_t *mba;    // current block array
  mblock_t *blk;       // current block
  minsn_t *topins;     // top level instruction (parent of curins or curins itself)
  minsn_t *curins;     // currently visited instruction
  op_parent_info_t(void) : mba(NULL), blk(NULL), topins(NULL), curins(NULL) {}
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  bool really_alloc(void) const;
};

// micro insn visitor
struct minsn_visitor_t : public op_parent_info_t
{
  virtual int idaapi visit_minsn(void) = 0;
};

// micro operand visitor
struct mop_visitor_t : public op_parent_info_t
{
  bool prune;
  virtual int idaapi visit_mop(mop_t *op, const tinfo_t *type, bool is_target) = 0;
};

// micro source operand visitor
struct srcop_visitor_t
{
  virtual int idaapi visit_srcop(minsn_t &ui, mop_t &uop, bool is_src) = 0;
};

// scattered mop: visit each of the scattered locations as a separate mop
struct scif_visitor_t
{
  virtual int idaapi visit_scif_mop(const mop_t &r, int off) = 0;
};

//-------------------------------------------------------------------------
// micro instruction operand types

typedef uint8 mopt_t;
const mopt_t
  mop_z   = 0,  // none
  mop_r   = 1,  // register                                 LOW
  mop_n   = 2,  // immediate number constant
  mop_str = 3,  // immediate string constant
  mop_d   = 4,  // result of another instruction
  mop_S   = 5,  // local stack variable (base:stack bottom) LOW
  mop_v   = 6,  // global variable
  mop_b   = 7,  // micro basic block (mblock_t)
  mop_f   = 8,  // list of arguments
  mop_l   = 9,  // local variable
  mop_a   = 10, // mop_addr_t: address of operand (mop_l, mop_v, mop_S, mop_r)
  mop_h   = 11, // helper function
  mop_c   = 12, // mcases
  mop_fn  = 13, // floating point constant
  mop_p   = 14, // operand pair
  mop_sc  = 15, // scattered

  // used only in the serialized form
  mop_sl  = 3,  // short local variable encoding (size SPWIDTH bytes)
  mop_sn  = 13, // small positive constant (size SPWIDTH bytes)
  mop_esc = 15, // escape character for serialized form
  mop_sstr = 1, // serialized mop_str
  mop_sfn  = 2, // serialized mop_fn
  mop_scs  = 3; // serialized mop_sc

const int NOSIZE = -1; // wrong operand size

//-------------------------------------------------------------------------
struct lvar_ref_t //-V690
{
public:
  mbl_array_t *const mba;
  sval_t off;           // offset from the beginning of the variable
  int idx;              // index into lvars_t
  lvar_ref_t(mbl_array_t *m, int i, sval_t o=0) : mba(m), off(o), idx(i) {}
  lvar_ref_t &operator=(const lvar_ref_t &r)
  {
    off = r.off;
    idx = r.idx;
    return *this;
  }
  DECLARE_COMPARISONS(lvar_ref_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  void swap(lvar_ref_t &r)
  {
    std::swap(off, r.off);
    std::swap(idx, r.idx);
  }
  lvar_t &hexapi var(void) const;
};

//-------------------------------------------------------------------------
struct stkvar_ref_t
{
  mbl_array_t *const mba;
  sval_t off;           // stack offset (from the stack bottom)
  stkvar_ref_t(mbl_array_t *m, sval_t o) : mba(m), off(o) {}
  DECLARE_COMPARISONS(stkvar_ref_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  void swap(stkvar_ref_t &r)
  {
    std::swap(off, r.off);
  }
  member_t *hexapi get_stkvar(uval_t *p_off) const;
};

//-------------------------------------------------------------------------
struct mnumber_t : public operand_locator_t
{
  uint64 value;         // number value
  uint64 org_value;     // original value before changing the operand size
  mnumber_t(uint64 v, ea_t _ea=BADADDR, int n=0)
    : operand_locator_t(_ea, n), value(v), org_value(v) {}
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  DECLARE_COMPARISONS(mnumber_t)
  {
    if ( value < r.value )
      return -1;
    if ( value > r.value )
      return -1;
    return 0;
  }
  // always use this function instead of manually modifying the 'value' field
  void update_value(uint64 val64)
  {
    value = val64;
    org_value = val64;
  }
};

//-------------------------------------------------------------------------
// scattered operand info
struct scif_t : public vdloc_t
{
  mbl_array_t *mba;
  qstring name;
  tinfo_t type;
  scif_t(mbl_array_t *_mba, qstring *n, tinfo_t *tif) : mba(_mba)
  {
    n->swap(name);
    tif->swap(type);
  }
  scif_t &operator =(const vdloc_t &loc)
  {
    *(vdloc_t *)this = loc;
    return *this;
  }
};

//-------------------------------------------------------------------------
struct fnumber_t        /// Floating point constant.
                        /// For more details, please see the ieee.h file from IDA SDK.
{
  uint16 fnum[6];       ///< Internal representation of the number
  int nbytes;           ///< Original size of the constant in bytes
  operator       uint16 *(void)       { return fnum; }
  operator const uint16 *(void) const { return fnum; }
  void hexapi print(qstring *vout) const;
  const char *hexapi dstr(void) const;
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  DECLARE_COMPARISONS(fnumber_t)
  {
    return ecmp(fnum, r.fnum);
  }
};

// Bits to control how we print instructions
#define SHINS_NUMADDR 0x01      // display definition addresses for numbers
#define SHINS_VALNUM  0x02      // display value numbers
#define SHINS_SHORT   0x04      // do not display use-def chains and other attrs
#define SHINS_LDXEA   0x08      // display address of ldx expressions (not used)


//-------------------------------------------------------------------------
// How to handle side effect of change_size()
// Sometimes we need to create a temporary operand and change its size in order
// to check some hypothesis. If we revert our changes, we do not want that the
// database (global variables, stack frame, etc) changes in any manner.
enum side_effect_t
{
  NO_SIDEFF,          // change operand size but ignore side effects
                      // if you decide to keep the changed operand,
                      // handle_new_size() must be called
  WITH_SIDEFF,        // change operand size and handle side effects
  ONLY_SIDEFF,        // only handle side effects
  ANY_REGSIZE = 0x80, // any register size is permitted
};

// max size of simple operands
// there are many exceptions: udts, floating point, xmm/ymm, etc
const int MAX_OPSIZE = 2 * sizeof(ea_t);
const int DOUBLE_OPSIZE = 2 * MAX_OPSIZE;
//-------------------------------------------------------------------------
class mop_t
{
  void hexapi copy(const mop_t &rop);
public:
  // field definitions
  mopt_t t;
  uint8 oprops;         // operand properties
#define OPROP_IMPDONE 0x01 // imported operand (a pointer) has been dereferenced
#define OPROP_UDT     0x02 // a struct or union
#define OPROP_FLOAT   0x04 // possibly floating value
#define OPROP_CCFLAGS 0x08 // condition codes register value
  uint16 valnum;        // value number. 0 means unknown.
                        // operands with the same value number are equal.
  int size;             // operand size: 1,2,4,8 bytes or NOSIZE
                        // for structures, other sizes are allowed
  union
  {
    mreg_t r;           // mop_r   register number
    mnumber_t *nnn;     // mop_n   immediate value
    minsn_t *d;         // mop_d   result (destination) of another instruction
    stkvar_ref_t *s;    // mop_S   stack variable
    ea_t g;             // mop_v   global variable (its linear address)
    int b;              // mop_b   block number (used in jmp,call instructions)
    mfuncinfo_t *f;     // mop_f   function call information
    lvar_ref_t *l;      // mop_l   local variable
    mop_addr_t *a;      // mop_a   variable whose address is taken
    char *helper;       // mop_h   helper function name
    char *cstr;         // mop_str string constant
    mcases_t *c;        // mop_c   cases
    fnumber_t *fpc;     // mop_fn  floating point constant
    mop_pair_t *pair;   // mop_p   operand pair
    scif_t *scif;       // mop_sc  scattered operand info
  };

  // function definitions
  void set_impptr_done(void) { oprops |= OPROP_IMPDONE; }
  void set_udt(void)         { oprops |= OPROP_UDT; }
  bool is_impptr_done(void) const { return (oprops & OPROP_IMPDONE) != 0; }
  bool is_udt(void)         const { return (oprops & OPROP_UDT) != 0; }
  bool probably_floating(void) const { return (oprops & OPROP_FLOAT) != 0; }
  bool is_ccflags(void)     const { return (oprops & OPROP_CCFLAGS) != 0; }

  mop_t(void) { zero(); }
  mop_t(mreg_t rg, int _size) { t = mop_r; oprops = 0; valnum = 0; r = rg; size = _size; }
  mop_t(const mop_t &rop) { copy(rop); }
  ~mop_t(void)
  {
    erase();
  }
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  void zero(void) { t = mop_z; oprops = 0; valnum = 0; size = NOSIZE; }
  void hexapi swap(mop_t &rop);
  void hexapi erase(void);
  void erase_but_keep_size(void) { int s2 = size; erase(); size = s2; }
  bool hexapi create_from_rlist(const rlist_t &lst);
  bool hexapi create_from_mlist(mbl_array_t *mba, const mlist_t &lst, sval_t fullsize);
  bool hexapi create_from_ivlset(mbl_array_t *mba, const ivlset_t &ivs, sval_t fullsize);
  void hexapi create_from_vdloc(mbl_array_t *mba, const vdloc_t &loc, int _size);
  void hexapi create_from_scattered_vdloc(mbl_array_t *mba, const char *name, tinfo_t type, const vdloc_t &loc);
  mop_t &hexapi create_from_insn(const minsn_t *m);
  void hexapi print(qstring *vout, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
  const char *hexapi dstr(void) const;
  void hexapi create_pair(int loreg, int hireg, int halfsize);
  void hexapi make_number(uint64 _value, int _size, ea_t _ea=BADADDR, int opnum=0);
  bool hexapi make_fpnum(const void *bytes, size_t _size);
  // value() can be used only on mop_n operands:
  uint64 value(bool is_signed) const { return extend_sign(nnn->value, size, is_signed); }
  int64 signed_value(void) const { return value(true); }
  uint64 unsigned_value(void) const { return value(false); }
  bool is_constant(uint64 *n=NULL, bool is_signed=true) const;
  bool is_equal_to(uint64 n, bool is_signed=type_signed) const
  {
    uint64 v;
    return is_constant(&v, is_signed) && v == n;
  }
  bool is_zero(void) const { return is_equal_to(0, false); }
  bool is_one(void) const { return is_equal_to(1, false); }
  bool is_positive_constant(void) const
  {
    uint64 v;
    return is_constant(&v, true) && int64(v) > 0;
  }
  bool is_negative_constant(void) const
  {
    uint64 v;
    return is_constant(&v, true) && int64(v) < 0;
  }
  bool hexapi is01(void) const; // can be only 0 or 1?
  void hexapi make_helper(const char *name);
  bool hexapi may_use_aliased_memory(void) const;
  bool is_reg(mreg_t _r, int _size) const { return t == mop_r && r == _r && size == _size; }
  bool is_reg(mreg_t _r) const { return t == mop_r && r == _r; }
  bool is_reg(void) const { return t == mop_r; }
  bool is_cc(void) const { return is_reg() && r >= mr_cf && r < mr_first; }
  static bool is_bit_reg(mreg_t reg);
  bool is_bit_reg(void) const { return is_reg() && is_bit_reg(r); }
  bool is_mob(int serial) const { return t == mop_b && b == serial; }
  bool is_scattered(void) const { return t == mop_sc; }
  inline bool is_mreg(void) const;
  inline bool is_virtual_stack_reg(void) const;
  inline bool is_kreg(void) const;
  inline bool is_glbaddr() const;
  inline bool is_glbaddr(ea_t ea) const;
  inline bool is_stkaddr() const;
  inline bool is_insn(mcode_t code) const;
  bool is_insn(void) const { return t == mop_d; }
  bool hexapi has_side_effects(bool include_ldx=false) const;
  const minsn_t *get_insn(mcode_t code) const;
        minsn_t *get_insn(mcode_t code);
  bool is_promoted_arg(void) const { return t == mop_l && l->var().is_promoted_arg(); }
  member_t *get_stkvar(uval_t *p_off) const { return s->get_stkvar(p_off); }
  // mop_S or a stack register or a scattered entirely mapped into a continuous stack region
  bool hexapi get_stkoff(sval_t *dest) const;
  bool equal_mops(const mop_t &rop, int eqflags) const; // eqflags: EQ_... constants
  bool operator==(const mop_t &rop) const { return  equal_mops(rop, 0); }
  bool operator!=(const mop_t &rop) const { return !equal_mops(rop, 0); }
  mop_t &operator=(const mop_t &rop) { return assign(rop); }
  mop_t &hexapi assign(const mop_t &rop);
  bool hexapi low_half(int width);
  bool hexapi high_half(int width);
  bool hexapi first_half(int width);
  bool hexapi second_half(int width);
  bool hexapi shift_mop(int offset);
  bool hexapi is_sign_extended_from(int width) const;
  bool hexapi is_zero_extended_from(int width) const;
  bool is_extended_from(int width, bool is_signed) const
  {
    if ( is_signed )
      return is_sign_extended_from(width);
    else
      return is_zero_extended_from(width);
  }
  bool hexapi change_size(int nsize, side_effect_t sideff=WITH_SIDEFF); // with all possible subtree
  bool double_size(side_effect_t sideff=WITH_SIDEFF) { return change_size(size*2, sideff); }
  mreg_t hexapi get_regnum(void) const;
  int hexapi for_all_ops(mop_visitor_t &mv, const tinfo_t *type=NULL, bool is_target=false);
};
DECLARE_TYPE_AS_MOVABLE(mop_t);

class mop_pair_t
{
public:
  mop_t lop;            // low operand
  mop_t hop;            // high operand
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

// address of an operand (mop_l, mop_v, mop_S, mop_r)
class mop_addr_t : public mop_t
{
public:
  int insize;   // how many bytes of the pointed operand can be read
  int outsize;  // how many bytes of the pointed operand can be written

  mop_addr_t(): insize(NOSIZE), outsize(NOSIZE) {}
  mop_addr_t(const mop_addr_t &ra)
    : mop_t(ra), insize(ra.insize), outsize(ra.outsize) {}
  mop_addr_t(const mop_t &ra, int isz, int osz)
    : mop_t(ra), insize(isz), outsize(osz) {}

  mop_addr_t &operator=(const mop_addr_t &rop)
  {
    *(mop_t *)this = mop_t(rop);
    insize = rop.insize;
    outsize = rop.outsize;
    return *this;
  }
};

class mfuncarg_t : public mop_t // #funcarg
{
public:
  ea_t ea;
  tinfo_t type;
  qstring name;
  argloc_t argloc;              // ida argloc
  mfuncarg_t(void) : ea(BADADDR) {}
  mfuncarg_t(const mop_t &rarg) : mop_t(rarg), ea(BADADDR) {}
  void hexapi print(qstring *vout, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
  const char *hexapi dstr(void) const;
  void hexapi set_regarg(mreg_t mr, int sz, const tinfo_t &tif);
  void set_regarg(mreg_t mr, const tinfo_t &tif)
  {
    set_regarg(mr, tif.get_size(), tif);
  }
  void set_regarg(mreg_t mr, char dt, type_sign_t sign = type_unsigned)
  {
    int sz = get_dtype_size(dt);
    set_regarg(mr, sz, get_int_type_by_width_and_sign(sz, sign));
  }
  void make_int(int val, ea_t val_ea, int opno = 0)
  {
    type = tinfo_t(BTF_INT);
    make_number(val, inf.cc.size_i, val_ea, opno);
  }
  void make_uint(int val, ea_t val_ea, int opno = 0)
  {
    type = tinfo_t(BTF_UINT);
    make_number(val, inf.cc.size_i, val_ea, opno);
  }
};
DECLARE_TYPE_AS_MOVABLE(mfuncarg_t);
typedef qvector<mfuncarg_t> mfuncargs_t;

enum funcrole_t                 // function roles
                                // they are used to calculate use/def lists
                                // and to recognize a function without using strcmp
{
  ROLE_UNK,                     // unknown function role
  ROLE_EMPTY,                   // empty, does not do anything (maybe spoils regs)
  ROLE_MEMSET,                  // memset(void *dst, uchar value, size_t count);
  ROLE_MEMSET32,                // memset32(void *dst, uint32 value, size_t count);
  ROLE_MEMSET64,                // memset32(void *dst, uint64 value, size_t count);
  ROLE_MEMCPY,                  // memcpy(void *dst, const void *src, size_t count);
  ROLE_STRCPY,                  // strcpy(char *dst, const char *src);
  ROLE_STRLEN,                  // strlen(const char *src);
  ROLE_STRCAT,                  // strcat(char *dst, const char *src);
  ROLE_TAIL,                    // char *tail(const char *str);
  ROLE_BUG,                     // BUG() helper macro: never returns, causes exception
  ROLE_JUMPOUT,                 // inconditional jump out of function
  ROLE_ALLOCA,                  // alloca() function
  ROLE_BSWAP,                   // bswap() function (any size)
  ROLE_PRESENT,                 // present() function (used in patterns)
  ROLE_CONTAINING_RECORD,       // CONTAINING_RECORD() macro
  ROLE_FASTFAIL,                // __fastfail()
  ROLE_READFLAGS,               // __readeflags, __readcallersflags
  ROLE_IS_MUL_OK,               // is_mul_ok
  ROLE_SATURATED_MUL,           // saturated_mul
  ROLE_BITTEST,                 // [lock] bt
  ROLE_BITTESTANDSET,           // [lock] bts
  ROLE_BITTESTANDRESET,         // [lock] btr
  ROLE_BITTESTANDCOMPLEMENT,    // [lock] btc
  ROLE_VA_ARG,                  // va_arg() macro
  ROLE_VA_COPY,                 // va_copy() function
  ROLE_VA_START,                // va_start() function
  ROLE_VA_END,                  // va_end() function
  ROLE_ROL,                     // rotate left
  ROLE_ROR,                     // rotate right
};

#define FUNC_NAME_MEMCPY   "memcpy"
#define FUNC_NAME_MEMSET   "memset"
#define FUNC_NAME_MEMSET32 "memset32"
#define FUNC_NAME_MEMSET64 "memset64"
#define FUNC_NAME_STRCPY   "strcpy"
#define FUNC_NAME_STRLEN   "strlen"
#define FUNC_NAME_STRCAT   "strcat"
#define FUNC_NAME_TAIL     "tail"
#define FUNC_NAME_VA_ARG   "va_arg"
#define FUNC_NAME_EMPTY    "$empty"
#define FUNC_NAME_PRESENT  "$present"
#define FUNC_NAME_CONTAINING_RECORD "CONTAINING_RECORD"


// the default 256 function arguments is too big, we use a lower value
#undef MAX_FUNC_ARGS
#define MAX_FUNC_ARGS 64

class mfuncinfo_t               // #funcinfo
{
public:
  ea_t callee;                  // called function address, if known
  int solid_args;               // number of solid args
                                // the rest is varargs
  int call_spd;                 // sp value at call insn
  int stkargs_top;              // top of stkargs on the stack
  cm_t cc;                      // calling convention
  mfuncargs_t args;             // function arguments
  mopvec_t retregs;             // return register(s) (e.g., AX, AX:DX, etc.)
                                // this vector is built from return_regs
  tinfo_t return_type;
  argloc_t return_argloc;

  mlist_t return_regs;          // everything returned by the function
  mlist_t spoiled;              // includes return_regs
  mlist_t pass_regs;            // passthrough registers: registers that depend on input
                                // values (this is subset of spoiled)
  ivlset_t visible_memory;      // what memory is visible to the call?
  mlist_t dead_regs;            // registers defined by the function but never used
                                // upon propagation we do the following:
                                //   - dead_regs += return_regs
                                //   - ret.clear() since the call is propagated
  int flags;
#define FCI_PROP    0x01        // call has been propagated
#define FCI_DEAD    0x02        // some return registers were determined dead
#define FCI_FINAL   0x04        // function call type is final, should not be changed
#define FCI_NORET   0x08        // function call does not return
#define FCI_PURE    0x10        // pure function
#define FCI_SPLOK   0x20        // function spoiled/visible_memory lists have been
                                // optimized. for some functions we can reduce them
                                // as soon as information about the arguments becomes
                                // available. in order not to try optimize them again
                                // we use this bit.
#define FCI_NOSIDE  0x40        // function does not have side effects
  funcrole_t role;              // function role
  void hexapi print(qstring *vout, int size=-1, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
  const char *hexapi dstr(void) const;
};

class mcases_t                  // #cases
{
public:
  casevec_t values;             // expression values for each target
  intvec_t targets;             // target block numbers

  void swap(mcases_t &r) { values.swap(r.values); targets.swap(r.targets); }
  DECLARE_COMPARISONS(mcases_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  const char *hexapi dstr(void) const;
};

//-------------------------------------------------------------------------
// ud and du chains
// we combine chains for several adjacent mreg_t if they are the same.
// the number of combined chains is kept in "width"
class chain_t : public intvec_t // sequence of block numbers
{
public:
  mreg_t reg;           // number of the first chain in the current combination
  int width;            // number of combined chains
  int varnum;           // allocated variable (-1 - not allocated yet)
  uchar flags;          // combination of:
#define CHF_INITED     0x01 // is chain initialized? (valid only after lvar allocation)
#define CHF_STKVAR     0x02 // stkvar chain?
#define CHF_REPLACED   0x04 // chain operands have been replaced?
#define CHF_OVER       0x08 // overlapped chain
#define CHF_FAKE       0x10 // fake chain created by widen_chains()
#define CHF_PASSTHRU   0x20 // pass-thru chain, must use the input variable to the block
#define CHF_TERM       0x40 // terminating chain; the variable does not survive across the block
  chain_t(mreg_t r=mr_none, int w=1, int v=-1)
    : reg(r), width(w), varnum(v), flags(CHF_INITED) {}
  bool is_inited(void) const { return (flags & CHF_INITED) != 0; }
  bool is_stkvar(void) const { return (flags & CHF_STKVAR) != 0; }
  bool is_replaced(void) const { return (flags & CHF_REPLACED) != 0; }
  bool is_overlapped(void) const { return (flags & CHF_OVER) != 0; }
  bool is_fake(void) const { return (flags & CHF_FAKE) != 0; }
  bool is_passreg(void) const { return (flags & CHF_PASSTHRU) != 0; }
  bool is_term(void) const { return (flags & CHF_TERM) != 0; }
  void set_inited(bool b) { setflag(flags, CHF_INITED, b); }
  void set_replaced(bool b) { setflag(flags, CHF_REPLACED, b); }
  void set_overlapped(bool b) { setflag(flags, CHF_OVER, b); }
  void set_term(bool b) { setflag(flags, CHF_TERM, b); }
  void hexapi print(qstring *vout) const;
  const char *hexapi dstr(void) const;
};
//-------------------------------------------------------------------------
// Chains of one block.
// Please note that this class is based on std::map and it must be accessed
// using the block_chains_begin(), block_chains_find() and similar functions.
// This is required because different compilers use different implementations
// of std::map. However, since the size of std::map depends on the compilation
// options, we replace it with a byte array.
#ifdef __NT__
#define SIZEOF_BLOCK_CHAINS  24
#else
#define SIZEOF_BLOCK_CHAINS  56
#endif

class block_chains_t
{
  size_t body[SIZEOF_BLOCK_CHAINS/sizeof(size_t)]; // opaque std::map, uncopyable
public:
  const chain_t *hexapi get_chain(mreg_t reg, int width=1) const;
  chain_t *get_chain(mreg_t reg, int width=1)
    { return (chain_t*)((const block_chains_t *)this)->get_chain(reg, width); }
  void hexapi print(qstring *vout) const;
  const char *hexapi dstr(void) const;
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

struct chain_visitor_t
{
  block_chains_t *parent;          // parent of the current chain
  chain_visitor_t(void) : parent(NULL) {}
  virtual int idaapi visit_chain(int nblock, chain_t &ch) = 0;
};

class graph_chains_t : public qvector<block_chains_t> // chains of a graph
{
  int lock;
public:
  graph_chains_t(void) : lock(0) {}
  ~graph_chains_t(void) { QASSERT(50444, !lock); }
  int hexapi for_all_chains(chain_visitor_t &cv, int gca_flags);
#define GCA_EMPTY  0x01 // include empty chains
#define GCA_SPEC   0x02 // include chains for special registers
#define GCA_ALLOC  0x04 // enumerate only allocated chains
#define GCA_NALLOC 0x08 // enumerate only non-allocated chains
#define GCA_OFIRST 0x10 // consider only chains of the first block
#define GCA_OLAST  0x20 // consider only chains of the last block
  bool is_locked(void) const { return lock != 0; }
  void acquire(void) { lock++; }
  void hexapi release(void);
  void swap(graph_chains_t &r)
  {
    qvector<block_chains_t>::swap(r);
    std::swap(lock, r.lock);
  }
};
//-------------------------------------------------------------------------
class minsn_t
{
public:
  mcode_t opcode;
  int iprops;           // instruction properties (see IPROP_... constants)
  minsn_t *next;        // double linked list. check also nexti(), previ()
  minsn_t *prev;
  ea_t ea;
  mop_t l;              // left
  mop_t r;              // right
  mop_t d;              // destination
                               // bits to be used in patterns:
#define IPROP_OPTIONAL  0x0001 // optional instruction
#define IPROP_PERSIST   0x0002 // persistent insn; they are not destroyed
#define IPROP_WILDMATCH 0x0004 // match multiple insns

                               // instruction attributes:
#define IPROP_CLNPOP    0x0008 // the purpose of the instructions is to clean stack
                               // (this flag may be set for pop ecx instruction)
#define IPROP_FPINSN    0x0010 // floating point insn
#define IPROP_FARCALL   0x0020 // call of a far function using push cs/call sequence
#define IPROP_TAILCALL  0x0040 // tail call
#define IPROP_ASSERT    0x0080 // assertion: usually mov #val, op
                               // assertions help the decompiler with the operand values
                               // ctree output is not generated for assertions

                               // instruction history:
#define IPROP_SPLIT     0x0700 // the instruction has been split:
#define IPROP_SPLIT1    0x0100 //   into 1 byte
#define IPROP_SPLIT2    0x0200 //   into 2 bytes
#define IPROP_SPLIT4    0x0300 //   into 4 bytes
#define IPROP_SPLIT8    0x0400 //   into 8 bytes
#define IPROP_COMBINED  0x0800 // insn has been modified because of partial reference
#define IPROP_EXTSTX    0x1000 // this is m_ext propagated into m_stx
#define IPROP_IGNLOWSRC 0x2000 // low part of the instruction source operand
                               // has been created artificially
                               // (this bit is used only for 'and x, 80...')
#define IPROP_INV_JX    0x4000 // inverted conditional jump
#define IPROP_WAS_NORET 0x8000 // was noret icall
#define IPROP_MULTI_MOV 0x10000 // the minsn was generated as part of insn that moves multiple registers
                                // (example: STM on ARM may transfer multiple registers)

                                // bits that can be set by plugins:
#define IPROP_DONT_PROP 0x20000 // may not propagate
#define IPROP_DONT_COMB 0x40000 // may not combine this instruction with others

  bool is_optional(void)     const { return (iprops & IPROP_OPTIONAL)  != 0; }
  bool is_combined(void)     const { return (iprops & IPROP_COMBINED)  != 0; }
  bool is_farcall(void)      const { return (iprops & IPROP_FARCALL)   != 0; }
  bool is_cleaning_pop(void) const { return (iprops & IPROP_CLNPOP)    != 0; }
  bool is_extstx(void)       const { return (iprops & IPROP_EXTSTX)    != 0; }
  bool is_tailcall(void)     const { return (iprops & IPROP_TAILCALL)  != 0; }
  bool is_fpinsn(void)       const { return (iprops & IPROP_FPINSN)    != 0; }
  bool is_assert(void)       const { return (iprops & IPROP_ASSERT)    != 0; }
  bool is_persistent(void)   const { return (iprops & IPROP_PERSIST)   != 0; }
  bool is_wild_match(void)   const { return (iprops & IPROP_WILDMATCH) != 0; }
  bool is_propagatable(void) const { return (iprops & IPROP_DONT_PROP) == 0; }
  bool is_ignlowsrc(void)    const { return (iprops & IPROP_IGNLOWSRC) != 0; }
  bool is_inverted_jx(void)  const { return (iprops & IPROP_INV_JX)    != 0; }
  bool was_noret_icall(void) const { return (iprops & IPROP_WAS_NORET) != 0; }
  bool is_multimov(void)     const { return (iprops & IPROP_MULTI_MOV) != 0; }
  bool is_combinable(void)   const { return (iprops & IPROP_DONT_COMB) == 0; }
  bool was_split(void)       const { return (iprops & IPROP_SPLIT)     != 0; }

  void set_optional(void) { iprops |= IPROP_OPTIONAL; }
  void set_combined(void);
  void clr_combined(void) { iprops &= ~IPROP_COMBINED; }
  void set_farcall(void)  { iprops |= IPROP_FARCALL; }
  void set_cleaning_pop(void) { iprops |= IPROP_CLNPOP; }
  void set_extstx(void)   { iprops |= IPROP_EXTSTX; }
  void set_tailcall(void) { iprops |= IPROP_TAILCALL; }
  void clr_tailcall(void) { iprops &= ~IPROP_TAILCALL; }
  void set_fpinsn(void)   { iprops |= IPROP_FPINSN; }
  void clr_fpinsn(void)   { iprops &= ~IPROP_FPINSN; }
  void set_assert(void)   { iprops |= IPROP_ASSERT; }
  void clr_assert(void)   { iprops &= ~IPROP_ASSERT; }
  void set_persistent(void) { iprops |= IPROP_PERSIST; }
  void set_wild_match(void) { iprops |= IPROP_WILDMATCH; }
  void clr_propagatable(void) { iprops |= IPROP_DONT_PROP; }
  void set_ignlowsrc(void) { iprops |= IPROP_IGNLOWSRC; }
  void clr_ignlowsrc(void) { iprops &= ~IPROP_IGNLOWSRC; }
  void set_inverted_jx(void) { iprops |= IPROP_INV_JX; }
  void set_noret_icall(void) { iprops |= IPROP_WAS_NORET; }
  void clr_noret_icall(void) { iprops &= ~IPROP_WAS_NORET; }
  void set_multimov(void) { iprops |= IPROP_MULTI_MOV; }
  void clr_multimov(void) { iprops &= ~IPROP_MULTI_MOV; }
  void set_combinable(void) { iprops &= ~IPROP_DONT_COMB; }
  void clr_combinable(void) { iprops |= IPROP_DONT_COMB; }
  void set_split_size(int s)
  { // s may be only 1,2,4,8. other values are ignored
    iprops &= ~IPROP_SPLIT;
    iprops |= (s == 1 ? IPROP_SPLIT1
             : s == 2 ? IPROP_SPLIT2
             : s == 4 ? IPROP_SPLIT4
             : s == 8 ? IPROP_SPLIT8 : 0);
  }
  int get_split_size(void) const
  {
    int cnt = (iprops & IPROP_SPLIT) >> 8;
    return cnt == 0 ? 0 : 1 << (cnt-1);
  }

  minsn_t(ea_t _ea) { init(_ea); }
  minsn_t(const minsn_t &m) { next = prev = NULL; copy(m); }
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  void swap(minsn_t &m) { qswap(*this, m); }
  void hexapi swap_nolist(minsn_t &m); // do not modify prev/next fields
  minsn_t &operator=(const minsn_t &m) { copy(m); return *this; }
  void hexapi init(ea_t _ea);
  void hexapi copy(const minsn_t &m);
  void hexapi setaddr(ea_t nea);
  int optimize_flat(int optflags=0) { return optimize_subtree(NULL, NULL, NULL, NULL, optflags); }
#define OPTI_ADDREXPRS 0x0001   // optimize all address expressions (&x+N; &x-&y)
#define OPTI_MINSTKREF 0x0002   // may update minstkref
  int hexapi optimize_subtree(
        mblock_t *blk,
        minsn_t *top,
        minsn_t *parent,
        minsn_t **converted_call,
        int optflags=OPTI_MINSTKREF);

  int hexapi for_src_ops(srcop_visitor_t &sv);
  int hexapi for_all_ops(mop_visitor_t &mv);
  int hexapi for_all_insns(minsn_visitor_t &mv);
  void hexapi _make_nop(void);
  bool hexapi is_between(const minsn_t *m1, const minsn_t *m2) const;
  bool is_after(const minsn_t *m) const { return m != NULL && is_between(m->next, NULL); }
  bool hexapi equal_insns(const minsn_t &m, int eqflags) const; // intelligent comparison
#define EQ_IGNSIZE 0x0001      // ignore operand sizes
#define EQ_IGNCODE 0x0002      // ignore instruction opcodes
#define EQ_CMPDEST 0x0004      // compare instruction destinations
#define EQ_OPTINSN 0x0008      // optimize mop_d operands
  bool contains_opcode(mcode_t mcode) const { return find_opcode(mcode) != NULL; }
  const minsn_t *find_opcode(mcode_t mcode) const { return (CONST_CAST(minsn_t*)(this))->find_opcode(mcode); }
  minsn_t *hexapi find_opcode(mcode_t mcode);
  const minsn_t *hexapi find_ins_op(const mop_t **other, mcode_t op=m_nop) const;
  const mop_t *hexapi find_num_op(const mop_t **other) const;
  mop_t *find_num_op(mop_t **other) { return CONST_CAST(mop_t*)((CONST_CAST(const minsn_t*)(this))->find_num_op((const mop_t**)other)); }
  minsn_t *find_ins_op(mop_t **other, mcode_t op=m_nop) { return CONST_CAST(minsn_t*)((CONST_CAST(const minsn_t*)(this))->find_ins_op((const mop_t**)other, op)); }
  // ops is combination of bits 1, 0x10, 0x100
  // 1-l, 0x10-r, 0x100-d
  bool change_insn_size(int new_size, int ops, side_effect_t sideff=WITH_SIDEFF);
  bool double_insn_size(int ops) { return change_insn_size(l.size*2, ops); }
  bool is_mov(void) const { return opcode == m_mov || (opcode == m_f2f && l.size == d.size); }
  void hexapi print(qstring *vout, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
  const char *hexapi dstr(void) const;
  minsn_t *hexapi find_call(bool with_helpers=false) const;
  bool hexapi has_side_effects(bool include_ldx=false) const;
  bool hexapi is_helper(const char *name) const;
  bool hexapi is_noret_call(bool ignore_noret_icall=false);
private:
};

/// Skip assertions forward
const minsn_t *hexapi getf_reginsn(const minsn_t *ins);
/// Skip assertions backward
const minsn_t *hexapi getb_reginsn(const minsn_t *ins);
inline minsn_t *getf_reginsn(minsn_t *ins) { return CONST_CAST(minsn_t*)(getf_reginsn(CONST_CAST(const minsn_t *)(ins))); }
inline minsn_t *getb_reginsn(minsn_t *ins) { return CONST_CAST(minsn_t*)(getb_reginsn(CONST_CAST(const minsn_t *)(ins))); }

//-------------------------------------------------------------------------
enum vrcode_t           // value range codes
{
  VRC_FAILED = -1,      // failed to determine the value, it can be anything
  VRC_OK = 0,           // determined the range ok
  VRC_NONE = 1,         // could not find any assignments
};

//-------------------------------------------------------------------------
enum mblock_type_t
{
  BLT_NONE = 0,                 // unknown block type
  BLT_STOP = 1,                 // stops execution (must be the last block)
  BLT_0WAY = 2,                 // does not have successors (e.g. tail is a noret function)
  BLT_1WAY = 3,                 // passes execution to one block
  BLT_2WAY = 4,                 // passes execution to two blocks
  BLT_NWAY = 5                  // passes execution to many blocks
};

//-------------------------------------------------------------------------
class mblock_t
{
  friend class codegen_t;
  DECLARE_UNCOPYABLE(mblock_t)
public:
  mblock_t *nextb;              // next block in the chain
  mblock_t *prevb;              // previous block in the chain
  uint32 flags;
#define MBL_PRIV        0x0001  // private block - no instructions except
                                // the specified are accepted (used in patterns)
#define MBL_NONFAKE     0x0000  // regular block
#define MBL_FAKE        0x0002  // fake block (after a tail call)
#define MBL_GOTO        0x0004  // this block is a goto target
#define MBL_TCAL        0x0008  // aritifical call block for tail calls
#define MBL_PUSH        0x0010  // needs "convert push/pop instructions"
#define MBL_DMT64       0x0020  // needs "demote 64bits"
#define MBL_COMB        0x0040  // needs "combine" pass
#define MBL_PROP        0x0080  // needs 'propagation' pass
#define MBL_DEAD        0x0100  // needs "eliminate deads" pass
#define MBL_LIST        0x0200  // use/def lists are ready
#define MBL_INCONST     0x0400  // inconsistent lists: we are building them
#define MBL_CALL        0x0800  // call information has been built
#define MBL_BACKPROP    0x1000  // performed backprop_cc
#define MBL_NORET       0x2000  // dead end block: doesn't return execution control
  ea_t start;                   // start address
  ea_t end;                     // end address
  minsn_t *head;                // pointer to the first instruction
  minsn_t *tail;                // pointer to the last instruction
  mbl_array_t *mba;             // the parent array
  int serial;                   // number of the block in the function
  mblock_type_t type;           // type of block (BLT_NONE - not computed yet)

  mlist_t dead_at_start;        // data that is dead at the block entry
  mlist_t mustbuse;             // data that must be used by the block
  mlist_t maybuse;              // data that may  be used by the block
  mlist_t mustbdef;             // data that must be defined by the block
  mlist_t maybdef;              // data that may  be defined by the block
  rlist_t dnu;                  // defined but not used data

  sval_t maxbsp;                // maximal sp value in the block (0...stacksize)
  sval_t minbstkref;            // lowest stack location accessible with indirect
                                // addressing (offset from stack bottom)
                                // initially 0 (not computed)
  sval_t minbargref;            // the same for arguments

  intvec_t predset;             // predecessors
  intvec_t succset;             // successors
  qstring label;                // block label. used for blocks loaded by load_gdl

  void mark_lists_dirty(void) { flags &= ~MBL_LIST; request_propagation(); }
  void request_propagation(void) { flags |= MBL_PROP; }
  bool needs_propagation(void) const { return (flags & MBL_PROP) != 0; }
  void request_demote64(void) { flags |= MBL_DMT64; }
  bool lists_dirty(void) const { return (flags & MBL_LIST) == 0; }
  bool lists_ready(void) const { return (flags & (MBL_LIST|MBL_INCONST)) == MBL_LIST; }
  int make_lists_ready(void) // returns number of changes
  {
    if ( lists_ready() )
      return 0;
    return build_lists(false);
  }

  int npred(void) const { return predset.size(); } // number of xrefs to the block
  int nsucc(void) const { return succset.size(); } // number of xrefs from the block
  int pred(int n) const { return predset[n]; }
  int succ(int n) const { return succset[n]; }
  virtual ~mblock_t(void);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  minsn_t *hexapi insert_into_block(minsn_t *nm, minsn_t *om); // insert 'nm' after 'om'
  minsn_t *hexapi remove_from_block(minsn_t *m);  // returns next minsn. does not destroy m!
  void hexapi print(vd_printer_t &vp) const;
  void hexapi dump(void) const; // see mbl_array_t::dump for info
  AS_PRINTF(2, 0) void hexapi vdump_block(const char *title, va_list va) const;
  void hexapi print_block_header(qstrvec_t *vec) const;
  int hexapi build_lists(bool kill_deads);    // build def-use lists and eliminate deads
                                              // returns the number of eliminated registers
#define MAXRANGE bitrange_t(0, USHRT_MAX)
  void hexapi append_use_list(
        mlist_t *lst,
        const mop_t &op,
        maymust_t maymust,
        bitrange_t mask=MAXRANGE) const;

  void hexapi append_def_list(mlist_t *lst, const mop_t &op, maymust_t maymust) const;
  mlist_t hexapi build_use_list(const minsn_t &ins, maymust_t maymust) const;
  mlist_t hexapi build_def_list(const minsn_t &ins, maymust_t maymust) const;
  int hexapi for_all_ops(mop_visitor_t &mv);
  int hexapi for_all_insns(minsn_visitor_t &mv);
  void make_nop(minsn_t *m) { m->_make_nop(); mark_lists_dirty(); }
  bool is_used(mlist_t *list, const minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const
    { return find_first_use(list, i1, i2, maymust) != NULL; }
  // find first insn using mlist_t in [i1, i2) range
  // upon return list will contain only regs not redefined by insns [i1..answer]
  const minsn_t *hexapi find_first_use(mlist_t *list, const minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const;
  minsn_t *find_first_use(mlist_t *list, minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const
  {
    return CONST_CAST(minsn_t*)(find_first_use(list,
                                               CONST_CAST(const minsn_t*)(i1),
                                               i2,
                                               maymust));
  }
  bool is_redefined(const mlist_t &list, const minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const
    { return find_redefinition(list, i1, i2, maymust) != NULL; }
  // is the mlist_t redefined in [i1,i2)?
  const minsn_t *hexapi find_redefinition(const mlist_t &list, const minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const;
  minsn_t *find_redefinition(const mlist_t &list, minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const
  {
    return CONST_CAST(minsn_t*)(find_redefinition(list,
                                                  CONST_CAST(const minsn_t*)(i1),
                                                  i2,
                                                  maymust));
  }
  // is rhs of instruction redefined in [from, to)
  bool hexapi is_rhs_redefined(minsn_t *m, minsn_t *from, minsn_t *to);

  bool hexapi is_accessed(mlist_t *list, const minsn_t *i1, const minsn_t *i2, access_type_t access_type, maymust_t maymust=MAY_ACCESS) const;
  // visit all using operands
  // this function modified list: removes redefined parts from it
  int hexapi for_all_uses(mlist_t *list, minsn_t *i1, minsn_t *i2, struct mlist_mop_visitor_t &mmv);

  /// Find the instruction that accesses the specified operand.
  /// This function searches inside the current basic block.
  /// \param op     operand to search for
  /// \param parent ptr to ptr to a top level instruction.
  ///               denotes the beginning of the search range.
  /// \param mend   end of the search range (excluded). NULL means to search
  ///               until the block boundary.
  /// \fdflags      combination of FD_... bits
  /// \return       the instruction that accesses the operand. this instruction
  ///               may be a sub-instruction. to find out the top level
  ///               instruction, check out *parent.
  ///               NULL means 'not found'.
  minsn_t *hexapi find_access(const mop_t &op, minsn_t **parent, const minsn_t *mend, int fdflags) const;
#define FD_BACKWARD 0x0000  // search direction
#define FD_FORWARD  0x0001  // search direction
#define FD_USE      0x0000  // look for use
#define FD_DEF      0x0002  // look for definition
#define FD_DIRTY    0x0004  // ignore possible implicit definitions
                            // by function calls and indirect memory access
                            // (not implemented yet)
  minsn_t *find_def(const mop_t &op, minsn_t **parent, const minsn_t *mend, int fdflags) { return find_access(op, parent, mend, fdflags|FD_DEF); }
  minsn_t *find_use(const mop_t &op, minsn_t **parent, const minsn_t *mend, int fdflags) { return find_access(op, parent, mend, fdflags|FD_USE); }
  vrcode_t hexapi find_value_of(ivlset_t *vals, minsn_t *top, const mop_t &op);
};
//-------------------------------------------------------------------------
// Warning ids
enum warnid_t
{
  WARN_VARARG_REGS,   //  0 can not handle register arguments in vararg function, discarded them
  WARN_ILL_PURGED,    //  1 odd caller purged bytes %d, correcting
  WARN_ILL_FUNCTYPE,  //  2 invalid function type has been ignored
  WARN_VARARG_TCAL,   //  3 can not handle tail call to vararg
  WARN_VARARG_NOSTK,  //  4 call vararg without local stack
  WARN_VARARG_MANY,   //  5 too many varargs, some ignored
  WARN_ADDR_OUTARGS,  //  6 can not handle address arithmetics in outgoing argument area of stack frame -- unused
  WARN_DEP_UNK_CALLS, //  7 found interdependent unknown calls
  WARN_ILL_ELLIPSIS,  //  8 erroneously detected ellipsis type has been ignored
  WARN_GUESSED_TYPE,  //  9 using guessed type %s;
  WARN_EXP_LINVAR,    // 10 failed to expand a linear variable
  WARN_WIDEN_CHAINS,  // 11 failed to widen chains
  WARN_BAD_PURGED,    // 12 inconsistent function type and number of purged bytes
  WARN_CBUILD_LOOPS,  // 13 too many cbuild loops
  WARN_NO_SAVE_REST,  // 14 could not find valid save-restore pair for %s
  WARN_ODD_INPUT_REG, // 15 odd input register %s
  WARN_ODD_ADDR_USE,  // 16 odd use of a variable address
  WARN_MUST_RET_FP,   // 17 function return type is incorrect (must be floating point)
  WARN_ILL_FPU_STACK, // 18 inconsistent fpu stack
  WARN_SELFREF_PROP,  // 19 self-referencing variable has been detected
  WARN_WOULD_OVERLAP, // 20 variables would overlap: %s
  WARN_ARRAY_INARG,   // 21 array has been used for an input argument
  WARN_MAX_ARGS,      // 22 too many input arguments, some ignored
  WARN_BAD_FIELD_TYPE,// 23 incorrect structure member type for %s::%s, ignored
  WARN_WRITE_CONST,   // 24 write access to const memory at %a has been detected
  WARN_BAD_RETVAR,    // 25 wrong return variable
  WARN_FRAG_LVAR,     // 26 fragmented variable at %s may be wrong
  WARN_HUGE_STKOFF,   // 27 exceedingly huge offset into the stack frame
  WARN_UNINITED_REG,  // 28 reference to an uninitialized register has been removed: %s
  WARN_FIXED_MACRO,   // 29 fixed broken macro-insn
  WARN_WRONG_VA_OFF,  // 30 wrong offset of va_list variable
  WARN_CR_NOFIELD,    // 31 CONTAINING_RECORD: no field '%s' in struct '%s' at %d
  WARN_CR_BADOFF,     // 32 CONTAINING_RECORD: too small offset %d for struct '%s'
  WARN_BAD_STROFF,    // 33 user specified stroff has not been processed: %s
  WARN_BAD_VARSIZE,   // 34 inconsistent variable size for '%s'
  WARN_UNSUPP_REG,    // 35 unsupported processor register '%s'
  WARN_UNALIGNED_ARG, // 36 unaligned function argument '%s'
  WARN_BAD_STD_TYPE,  // 37 corrupted or unexisting local type '%s'
  WARN_BAD_CALL_SP,   // 38 bad sp value at call
  WARN_MISSED_SWITCH, // 39 wrong markup of switch jump, skipped it
  WARN_BAD_SP,        // 40 positive sp value %a has been found
  WARN_BAD_STKPNT,    // 41 wrong sp change point

  WARN_MAX,
};

// Warnings
struct hexwarn_t
{
  ea_t ea;
  warnid_t id;
  qstring text;
  DECLARE_COMPARISONS(hexwarn_t)
  {
    if ( ea < r.ea )
      return -1;
    if ( ea > r.ea )
      return 1;
    if ( id < r.id )
      return -1;
    if ( id > r.id )
      return 1;
    return strcmp(text.c_str(), r.text.c_str());
  }
};
DECLARE_TYPE_AS_MOVABLE(hexwarn_t);
typedef qvector<hexwarn_t> hexwarns_t;

//-------------------------------------------------------------------------
/// Microcode maturity levels
enum mba_maturity_t
{
  MMAT_ZERO,         ///< microcode does not exist
  MMAT_GENERATED,    ///< generated microcode
  MMAT_PREOPTIMIZED, ///< preoptimized pass is complete
  MMAT_LOCOPT,       ///< local optimization of each basic block is complete
  MMAT_CALLS,        ///< detected call arguments
  MMAT_GLBOPT1,      ///< performed the first pass of global optimization
  MMAT_GLBOPT2,      ///< most global optimization passes are done
  MMAT_GLBOPT3,      ///< completed all global optimization
  MMAT_LVARS,        ///< allocated local variables
};

//-------------------------------------------------------------------------
/// Ranges to decompile. Either a function, either explicit vector of ranges.
struct mba_ranges_t
{
  func_t *pfn;          ///< function to decompile
  rangevec_t ranges;    ///< empty ? snippet mode : function mode
  mba_ranges_t(func_t *_pfn=NULL) : pfn(_pfn) {}
  mba_ranges_t(const rangevec_t &r) : pfn(NULL), ranges(r) {}
  ea_t start(void) const { return (ranges.empty() ? *pfn : ranges[0]).start_ea; }
  bool empty(void) const { return pfn == NULL && ranges.empty(); }
  void clear(void) { pfn = NULL; ranges.clear(); }
  bool is_snippet(void) const { return !ranges.empty(); }
  bool range_contains(ea_t ea) const;
  bool is_fragmented(void) const { return ranges.empty() ? pfn->tailqty > 0 : ranges.size() > 1; }
};

/// Item iterator of arbitrary rangevec items
struct range_item_iterator_t
{
  const rangevec_t *ranges;
  const range_t *rptr;          // pointer into ranges
  ea_t cur;                     // current address
  range_item_iterator_t(void) : ranges(NULL), rptr(NULL), cur(BADADDR) {}
  bool set(const rangevec_t &r);
  bool next_code(void);
  ea_t current(void) const { return cur; }
};

/// Item iterator for mba_ranges_t
struct mba_item_iterator_t
{
  range_item_iterator_t rii;
  func_item_iterator_t fii;     // this is used if rii.ranges==NULL
  bool is_snippet(void) const { return rii.ranges != NULL; }
  bool set(const mba_ranges_t &mbr)
  {
    if ( mbr.is_snippet() )
      return rii.set(mbr.ranges);
    else
      return fii.set(mbr.pfn);
  }
  bool next_code(void)
  {
    if ( is_snippet() )
      return rii.next_code();
    else
      return fii.next_code();
  }
  ea_t current(void) const
  {
    return is_snippet() ? rii.current() : fii.current();
  }
};

/// Chunk iterator of arbitrary rangevec items
struct range_chunk_iterator_t
{
  const range_t *rptr;          // pointer into ranges
  const range_t *rend;
  range_chunk_iterator_t(void) : rptr(NULL), rend(NULL) {}
  bool set(const rangevec_t &r) { rptr = r.begin(); rend = r.end(); return rptr != rend; }
  bool next(void) { return ++rptr != rend; }
  const range_t &chunk(void) const { return *rptr; }
};

/// Chunk iterator for mba_ranges_t
struct mba_range_iterator_t
{
  range_chunk_iterator_t rii;
  func_tail_iterator_t fii;     // this is used if rii.rptr==NULL
  bool is_snippet(void) const { return rii.rptr != NULL; }
  bool set(const mba_ranges_t &mbr)
  {
    if ( mbr.is_snippet() )
      return rii.set(mbr.ranges);
    else
      return fii.set(mbr.pfn);
  }
  bool next(void)
  {
    if ( is_snippet() )
      return rii.next();
    else
      return fii.next();
  }
  const range_t &chunk(void) const
  {
    return is_snippet() ? rii.chunk() : fii.chunk();
  }
};

//-------------------------------------------------------------------------
/// Array of micro blocks represents the currently decompiled function.
/// The first micro block is the entry point, the last one if the exit point.
/// The entry and exit blocks are always empty. The exit block is generated
/// at MMAT_LOCOPT maturity level.
class mbl_array_t
{
  DECLARE_UNCOPYABLE(mbl_array_t)
  uint32 flags;
  uint32 flags2;
public:
/*
                     +-----------+ <- inargtop
                     |   prmN    |
                     |   ...     | <- minargref
                     |   prm0    |
                     +-----------+ <- inargoff
                     |shadow_args|
                     +-----------+
                     |  retaddr  |
     frsize+frregs   +-----------+ <- initial esp  |
                     |  frregs   |                 |
           +frsize   +-----------+ <- typical ebp  |
                     |           |  |              |
                     |           |  | fpd          |
                     |           |  |              |
                     |  frsize   | <- current ebp  |
                     |           |                 |
                     |           |                 |
                     |           |                 | stacksize
                     |           |                 |
                     |           |                 |
                     |           | <- minstkref    |
 stkvar base off 0   +---..      |                 |    | current
                     |           |                 |    | stack
                     |           |                 |    | pointer
                     |           |                 |    | range
                     |  tmpstk   |                 |    | (what getspd() returns)
                     |           |                 |    |
                     |           |                 |    |
                     +-----------+ <- minimal sp   |    | offset 0 for the decompiler (vd)
*/

  // convert a stack offset used in vd to a stack offset used in ida stack frame
  sval_t stkoff_vd2ida(sval_t off) const
  {
    return off - tmpstk_size;
  }
  // convert a ida stack frame offset to a stack offset used in vd
  sval_t stkoff_ida2vd(sval_t off) const
  {
    return off + tmpstk_size;
  }
  sval_t argbase() const
  {
    return retsize + stacksize;
  }
  static vdloc_t idaloc2vd(const argloc_t &loc, int width, sval_t spd);
  vdloc_t idaloc2vd(const argloc_t &loc, int width) const
  {
    return idaloc2vd(loc, width, argbase());
  }
  // helper for mvm.get_func_output_regs
  static vdloc_t idaloc2vd(const mbl_array_t *mba, const argloc_t &loc, int width)
  {
    return mbl_array_t::idaloc2vd(loc, width, mba == NULL ? 0 : mba->argbase());
  }

  static argloc_t vd2idaloc(const vdloc_t &loc, int width, sval_t spd);
  argloc_t vd2idaloc(const vdloc_t &loc, int width) const
  {
    return vd2idaloc(loc, width, argbase());
  }

  bool is_stkarg(const lvar_t &v) const
  {
    return v.location.is_stkoff() && v.location.stkoff() >= inargoff;
  }
  member_t *get_stkvar(sval_t vd_stkoff, uval_t *poff) const;
  // get lvar location
  argloc_t get_ida_argloc(const lvar_t &v) const
  {
    return vd2idaloc(v.location, v.width);
  }
  mba_ranges_t mbr;
  ea_t entry_ea;
  ea_t last_prolog_ea;
  ea_t first_epilog_ea;
  int qty;                      // number of basic blocks
  int npurged;                  // -1 - unknown
  cm_t cc;                      // calling convention
  sval_t tmpstk_size;           // size of the temporary stack part
                                // (which dynamically changes with push/pops)
  sval_t frsize;                // size of local stkvars range in the stack frame
  sval_t frregs;                // size of saved registers range in the stack frame
  sval_t fpd;                   // frame pointer delta
  int pfn_flags;                // copy of func_t::flags
  int retsize;                  // size of return address in the stack frame
  int shadow_args;              // size of shadow argument area
  sval_t fullsize;              // Full stack size including incoming args
  sval_t stacksize;             // The maximal size of the function stack including
                                // bytes allocated for outgoing call arguments
                                // (up to retaddr)
  sval_t inargoff;              // offset of the first stack argument
  sval_t minstkref;             // The lowest stack location whose address was taken
  ea_t minstkref_ea;            // address with lowest minstkref (for debugging)
  sval_t minargref;             // The lowest stack argument location whose address was taken
                                // This location and locations above it can be aliased
                                // It controls locations >= inargoff-shadow_args
  ivl_t aliased_vars;           // Aliased stkvar locations
  ivl_t aliased_args;           // Aliased stkarg locations
  ivlset_t gotoff_stkvars;      // stkvars that hold .got offsets. considered to be unaliasable
  ivlset_t restricted_memory;
  ivlset_t aliased_memory;      // aliased_memory+restricted_memory=ALLMEM
  mlist_t nodel_memory;         // global dead elimination may not delete references to this area
  rlist_t consumed_argregs;     // registers converted into stack arguments, should not be used as arguments

  mba_maturity_t maturity;      // current maturity level
  mba_maturity_t reqmat;        // required maturity level

  bool final_type;              // is the function type final? (specified by the user)
  tinfo_t idb_type;
  reginfovec_t idb_spoiled;     // MBL_SPLINFO && final_type: info in ida format
  mlist_t spoiled_list;         // MBL_SPLINFO && !final_type: info in vd format
  int fti_flags;                // FTI_... constants for the current function

  netnode idb_node;
#define NALT_VD 2               // this index is not used by ida

  qstring label;                // name of the function or pattern (colored)
  lvars_t vars;                 // local variables
  intvec_t argidx;              // input arguments (indexes into 'vars')
  int retvaridx;                // index of variable holding the return value
                                // -1 means none

  ea_t error_ea;                // during microcode generation holds ins.ea
  qstring error_strarg;

  mblock_t *blocks;             // double linked list of blocks
  mblock_t **natural;           // natural order of blocks

  mutable hexwarns_t notes;
  mutable uchar occurred_warns[32]; // occurred warning messages
                                    // (even disabled warnings are taken into account)
  bool write_to_const_detected(void) const
  {
    return test_bit(occurred_warns, WARN_WRITE_CONST);
  }
  bool bad_call_sp_detected(void) const
  {
    return test_bit(occurred_warns, WARN_BAD_CALL_SP);
  }
  bool regargs_is_not_aligned(void) const
  {
    return test_bit(occurred_warns, WARN_UNALIGNED_ARG);
  }
  bool has_bad_sp(void) const
  {
    return test_bit(occurred_warns, WARN_BAD_SP);
  }

  // the exact size of this class is not documented, they may be more fields
  char reserved[];
  mbl_array_t(void);
  ~mbl_array_t(void) { term(); }
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  void hexapi term(void);
  void clear(void);
  func_t *get_curfunc(void) const { return mbr.pfn; }
  bool use_frame(void) const { return mbr.pfn != NULL; }
  bool range_contains(ea_t ea) const { return mbr.range_contains(ea); }
  /// Optimize each basic block locally
  /// \return number of changes. 0 means nothing changed
  int hexapi optimize_local(int todo); // locopt_all_blocks + refine_return_type
#define LOCOPT_ALL     0x0001 // redo optimization for all blocks. if this bit
                              // is not set, only dirty blocks will be optimized
#define LOCOPT_REFINE  0x0002 // refine return type, ok to fail
#define LOCOPT_REFINE2 0x0004 // refine return type, try harder
  /// Build control flow graph
  /// This function may be called only once. It calculates the type of each
  /// basic block and the adjacency list.
  /// \return error code
  merror_t hexapi build_graph(void);
  /// Get control graph
  mbl_graph_t *hexapi get_graph(void);
  /// Analyze calls and determine calling conventions
  /// \param acflags permitted actions that are necessary for successful detection
  ///                of calling conventions.
  /// \return number of calls. -1 means error.
  int hexapi analyze_calls(int acflags);
#define ACFL_LOCOPT  0x01 /// perform local propagation (requires ACFL_BLKOPT)
#define ACFL_BLKOPT  0x02 /// perform interblock transformations
#define ACFL_GLBPROP 0x04 /// perform global propagation
#define ACFL_GLBDEL  0x08 /// perform dead code eliminition
#define ACFL_GUESS   0x10 /// may guess calling conventions
  /// Optimize microcode globally
  /// This function applies various optimization methods until we reach the
  /// fixed point. At all preallocates lvars unless reqmat forbids it.
  /// \return error code
  merror_t hexapi optimize_global(void);
  /// Allocate local variables.
  /// Must be called only immediately after optimize_global(). Converts registers,
  /// stack variables, and similar operands into mop_l. This call will not fail
  /// because all necessary checks were performed in optimize_global().
  /// After this call the microcode reaches its final state. However, data
  /// dependency are lost after lvar allocation.
  void hexapi alloc_lvars(void);
  /// Dump microcode to a file
  /// The file will be created in the directory pointed by IDA_DUMPDIR envvar.
  /// Dump will be created only if IDA is run under debugger.
  void hexapi dump(void) const;
  const mblock_t *get_mblock(int n) const { return natural[n]; }
  mblock_t *get_mblock(int n) { return CONST_CAST(mblock_t*)((CONST_CAST(const mbl_array_t *)(this))->get_mblock(n)); }
  int hexapi for_all_ops(mop_visitor_t &mv);
  int hexapi for_all_insns(minsn_visitor_t &mv);
  int hexapi for_all_topinsns(minsn_visitor_t &mv);
  bool hexapi remove_empty_blocks(void);
  bool hexapi combine_blocks(void);
  AS_PRINTF(3, 0) void hexapi vdump_mba(bool _verify, const char *title, va_list va) const;
  void hexapi print(vd_printer_t &vp) const;
  void hexapi serialize(bytevec_t &b) const; // See also deserialize_mbl_array()
  void hexapi verify(bool always) const;
  void hexapi make_chains_dirty(void);
  lvar_t &hexapi arg(int n);
  const lvar_t &arg(int n) const { return CONST_CAST(mbl_array_t*)(this)->arg(n); }
};
//-------------------------------------------------------------------------
// convenience class to release graph chains automatically
class chain_keeper_t
{
  graph_chains_t *gc;
  chain_keeper_t &operator=(const chain_keeper_t &); // not defined
public:
  chain_keeper_t(graph_chains_t *_gc) : gc(_gc) { QASSERT(50446, gc != NULL); gc->acquire(); }
  ~chain_keeper_t(void)
  {
    gc->release();
  }
  block_chains_t &operator[](size_t idx) { return (*gc)[idx]; }
  block_chains_t &front(void) { return gc->front(); }
  block_chains_t &back(void) { return gc->back(); }
  operator graph_chains_t &(void) { return *gc; }
  int for_all_chains(chain_visitor_t &cv, int gca) { return gc->for_all_chains(cv, gca); }
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

//-------------------------------------------------------------------------
// kind of du-ud chains to calculate
enum gctype_t
{
  GC_ONLY_REGS,        // only registers
  GC_REGS_AND_STKVARS, // registers and stkvars
  GC_ASR,              // all the above and assertions
  GC_XDSU,             // only registers calculated with FULL_XDSU
  GC_END,              // number of chain types
  GC_DIRTY_ALL = (1 << (2*GC_END))-1, // bitmask to represent all chains
};

#ifndef SWIG
class mbl_graph_t : public simple_graph_t
{
  mbl_array_t *mba;
  int dirty;
  int chain_stamp;   // we increment this counter each time chains are recalculated
  graph_chains_t gcs[2*GC_END];

  bool hexapi is_accessed_globally(
        const mlist_t &list,   // list to verify
        int b1,                // starting block
        int b2,                // ending block
        const minsn_t *m1,     // starting instruction (in b1)
        const minsn_t *m2,     // ending instruction (in b2)
        access_type_t access_type,
        maymust_t maymust) const;

  int get_ud_gc_idx(gctype_t gctype) const { return (gctype << 1); }
  int get_du_gc_idx(gctype_t gctype) const { return (gctype << 1)+1; }
  int get_ud_dirty_bit(gctype_t gctype) { return 1 << get_ud_gc_idx(gctype); }
  int get_du_dirty_bit(gctype_t gctype) { return 1 << get_du_gc_idx(gctype); }

public:
  void make_chains_dirty(void) { dirty = GC_DIRTY_ALL; }
  bool is_ud_chain_dirty(gctype_t gctype)
  {
    int bit = get_ud_dirty_bit(gctype);
    return (dirty & bit) != 0;
  }
  bool is_du_chain_dirty(gctype_t gctype)
  {
    int bit = get_du_dirty_bit(gctype);
    return (dirty & bit) != 0;
  }
  int get_chain_stamp(void) const { return chain_stamp; }

  graph_chains_t *hexapi get_ud(gctype_t gctype);
  graph_chains_t *hexapi get_du(gctype_t gctype);
  // is the list redefined/used in the graph?
  // b2 may be = -1 and m2 = NULL. This means to follow all paths
  bool is_redefined_globally(const mlist_t &list, int b1, int b2, const minsn_t *m1, const minsn_t *m2, maymust_t maymust=MAY_ACCESS) const
    { return is_accessed_globally(list, b1, b2, m1, m2, WRITE_ACCESS, maymust); }
  bool is_used_globally(const mlist_t &list, int b1, int b2, const minsn_t *m1, const minsn_t *m2, maymust_t maymust=MAY_ACCESS) const
    { return is_accessed_globally(list, b1, b2, m1, m2, READ_ACCESS, maymust); }
  mblock_t *get_mblock(int n) const { return mba->get_mblock(n); }
  void compute_stkvar_chains(
        graph_chains_t &du,
        graph_chains_t &ud,
        int flags,
        block_chains_t *p_reachcall,
        int reachcall_block) const;
  void compute_stkvar_ud(graph_chains_t *sud, int chcalc_flags=0) const;
  void compute_stkvar_du(graph_chains_t *sdu, int chcalc_flags=0) const;
};
#endif

//-------------------------------------------------------------------------
// helper class to generate the initial microcode
class codegen_t
{
public:
  mbl_array_t *mba;
  mblock_t *mb;
  insn_t insn;
  char ignore_micro;

  codegen_t(mbl_array_t *m)
    : mba(m), mb(NULL), ignore_micro(IM_NONE) {}
  virtual ~codegen_t(void)
  {
  }

  // Analyze prolog/epilog of the function to decompile
  // If found, allocate and fill 'mba->pi' structure.
  virtual merror_t idaapi analyze_prolog(
        const class qflow_chart_t &fc,
        const class bitset_t &reachable) = 0;

  // Generate microcode for one instruction
  virtual merror_t idaapi gen_micro() = 0;

  // Generate microcode to load one operand
  virtual mreg_t idaapi load_operand(int opnum) = 0;
};

//-------------------------------------------------------------------------
/// Get decompiler version.
/// The returned string is of the form <major>.<minor>.<revision>.<build-date>
/// \return pointer to version string. For example: "2.0.0.140605"

const char *hexapi get_hexrays_version(void);


/// Open pseudocode window.
/// The specified function is decompiled and the pseudocode window is opened.
/// \param ea function to decompile
/// \param new_window 0:reuse existing window; 1:open new window;
///        -1: reuse existing window if the current view is pseudocode
/// \return false if failed

vdui_t *hexapi open_pseudocode(ea_t ea, int new_window);


/// Close pseudocode window.
/// \param f pointer to window
/// \return false if failed

bool hexapi close_pseudocode(TWidget *f);


/// Get the vdui_t instance associated to the TWidget
/// \param f pointer to window
/// \return a vdui_t *, or NULL

vdui_t *hexapi get_widget_vdui(TWidget *f);


/// \defgroup VDRUN_ Batch decompilation bits
//@{
#define VDRUN_NEWFILE 0x0000  ///< Create a new file or overwrite existing file
#define VDRUN_APPEND  0x0001  ///< Create a new file or append to existing file
#define VDRUN_ONLYNEW 0x0002  ///< Fail if output file already exists
#define VDRUN_SILENT  0x0004  ///< Silent decompilation
#define VDRUN_SENDIDB 0x0008  ///< Send problematic databases to hex-rays.com
#define VDRUN_MAYSTOP 0x0010  ///< the user can cancel decompilation
#define VDRUN_CMDLINE 0x0020  ///< called from ida's command line
#define VDRUN_STATS   0x0040  ///< print statistics into vd_stats.txt
//@}

/// Batch decompilation.
/// Decompile all or the specified functions
/// \return true if no internal error occurred and the user has not cancelled decompilation
/// \param outfile name of the output file
/// \param funcaddrs list of functions to decompile.
///                  If NULL or empty, then decompile all nonlib functions
/// \param flags \ref VDRUN_

bool hexapi decompile_many(const char *outfile, eavec_t *funcaddrs, int flags);


/// Exception object: decompiler failure information
struct hexrays_failure_t
{
  merror_t code;                ///< \ref MERR_
  ea_t errea;                   ///< associated address
  qstring str;                  ///< string information
  hexrays_failure_t(void) : code(MERR_OK), errea(BADADDR) {}
  hexrays_failure_t(merror_t c, ea_t ea, const char *buf=NULL) : code(c), errea(ea), str(buf) {}
  hexrays_failure_t(merror_t c, ea_t ea, const qstring &buf) : code(c), errea(ea), str(buf) {}
  qstring hexapi desc(void) const;
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

/// Exception object: decompiler exception
struct vd_failure_t : public std::exception
{
  hexrays_failure_t hf;
  vd_failure_t(void) {}
  vd_failure_t(merror_t code, ea_t ea, const char *buf=NULL) : hf(code, ea, buf) {}
  vd_failure_t(merror_t code, ea_t ea, const qstring &buf) : hf(code, ea, buf) {}
  vd_failure_t(const hexrays_failure_t &_hf) : hf(_hf) {}
  qstring desc(void) const { return hf.desc(); }
#ifdef __GNUC__
  ~vd_failure_t(void) throw() {}
#endif
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

/// Exception object: decompiler internal error
struct vd_interr_t : public vd_failure_t
{
  vd_interr_t(ea_t ea, const qstring &buf) : vd_failure_t(MERR_INTERR, ea, buf) {}
  vd_interr_t(ea_t ea, const char *buf) : vd_failure_t(MERR_INTERR, ea, buf) {}
};

/// Send the database to Hex-Rays.
/// This function sends the current database to the hex-rays server.
/// The database is sent in the compressed form over an encrypted (SSL) connection.
/// \param err failure description object. Empty hexrays_failure_t object can be used if error information is not available.
/// \param silent if false, a dialog box will be displayed before sending the database.

void hexapi send_database(const hexrays_failure_t &err, bool silent);

const char *hexapi dstr(const tinfo_t *tif);
mbl_array_t *hexapi deserialize_mbl_array(const uchar *bytes, size_t nbytes);
void hexapi remitem(const citem_t *e);
//-------------------------------------------------------------------------
/// Ctree element type. At the beginning of this list there are expression
/// elements (cot_...), followed by statement elements (cit_...).
enum ctype_t
{
  cot_empty    = 0,
  cot_comma    = 1,   ///< x, y
  cot_asg      = 2,   ///< x = y
  cot_asgbor   = 3,   ///< x |= y
  cot_asgxor   = 4,   ///< x ^= y
  cot_asgband  = 5,   ///< x &= y
  cot_asgadd   = 6,   ///< x += y
  cot_asgsub   = 7,   ///< x -= y
  cot_asgmul   = 8,   ///< x *= y
  cot_asgsshr  = 9,   ///< x >>= y signed
  cot_asgushr  = 10,  ///< x >>= y unsigned
  cot_asgshl   = 11,  ///< x <<= y
  cot_asgsdiv  = 12,  ///< x /= y signed
  cot_asgudiv  = 13,  ///< x /= y unsigned
  cot_asgsmod  = 14,  ///< x %= y signed
  cot_asgumod  = 15,  ///< x %= y unsigned
  cot_tern     = 16,  ///< x ? y : z
  cot_lor      = 17,  ///< x || y
  cot_land     = 18,  ///< x && y
  cot_bor      = 19,  ///< x | y
  cot_xor      = 20,  ///< x ^ y
  cot_band     = 21,  ///< x & y
  cot_eq       = 22,  ///< x == y int or fpu (see EXFL_FPOP)
  cot_ne       = 23,  ///< x != y int or fpu (see EXFL_FPOP)
  cot_sge      = 24,  ///< x >= y signed or fpu (see EXFL_FPOP)
  cot_uge      = 25,  ///< x >= y unsigned
  cot_sle      = 26,  ///< x <= y signed or fpu (see EXFL_FPOP)
  cot_ule      = 27,  ///< x <= y unsigned
  cot_sgt      = 28,  ///< x >  y signed or fpu (see EXFL_FPOP)
  cot_ugt      = 29,  ///< x >  y unsigned
  cot_slt      = 30,  ///< x <  y signed or fpu (see EXFL_FPOP)
  cot_ult      = 31,  ///< x <  y unsigned
  cot_sshr     = 32,  ///< x >> y signed
  cot_ushr     = 33,  ///< x >> y unsigned
  cot_shl      = 34,  ///< x << y
  cot_add      = 35,  ///< x + y
  cot_sub      = 36,  ///< x - y
  cot_mul      = 37,  ///< x * y
  cot_sdiv     = 38,  ///< x / y signed
  cot_udiv     = 39,  ///< x / y unsigned
  cot_smod     = 40,  ///< x % y signed
  cot_umod     = 41,  ///< x % y unsigned
  cot_fadd     = 42,  ///< x + y fp
  cot_fsub     = 43,  ///< x - y fp
  cot_fmul     = 44,  ///< x * y fp
  cot_fdiv     = 45,  ///< x / y fp
  cot_fneg     = 46,  ///< -x fp
  cot_neg      = 47,  ///< -x
  cot_cast     = 48,  ///< (type)x
  cot_lnot     = 49,  ///< !x
  cot_bnot     = 50,  ///< ~x
  cot_ptr      = 51,  ///< *x, access size in 'ptrsize'
  cot_ref      = 52,  ///< &x
  cot_postinc  = 53,  ///< x++
  cot_postdec  = 54,  ///< x--
  cot_preinc   = 55,  ///< ++x
  cot_predec   = 56,  ///< --x
  cot_call     = 57,  ///< x(...)
  cot_idx      = 58,  ///< x[y]
  cot_memref   = 59,  ///< x.m
  cot_memptr   = 60,  ///< x->m, access size in 'ptrsize'
  cot_num      = 61,  ///< n
  cot_fnum     = 62,  ///< fpc
  cot_str      = 63,  ///< string constant
  cot_obj      = 64,  ///< obj_ea
  cot_var      = 65,  ///< v
  cot_insn     = 66,  ///< instruction in expression, internal representation only
  cot_sizeof   = 67,  ///< sizeof(x)
  cot_helper   = 68,  ///< arbitrary name
  cot_type     = 69,  ///< arbitrary type
  cot_last     = cot_type,
  cit_empty    = 70,  ///< instruction types start here
  cit_block    = 71,  ///< block-statement: { ... }
  cit_expr     = 72,  ///< expression-statement: expr;
  cit_if       = 73,  ///< if-statement
  cit_for      = 74,  ///< for-statement
  cit_while    = 75,  ///< while-statement
  cit_do       = 76,  ///< do-statement
  cit_switch   = 77,  ///< switch-statement
  cit_break    = 78,  ///< break-statement
  cit_continue = 79,  ///< continue-statement
  cit_return   = 80,  ///< return-statement
  cit_goto     = 81,  ///< goto-statement
  cit_asm      = 82,  ///< asm-statement
  cit_end
};

/// \defgroup fixtype_t C operator writing styles
/// Used in operator_info_t::fixtype
//@{
const uchar
  FX_NONE    = 0,       ///< not applicable
  FX_INFIX   = 1,       ///< infix: a + b
  FX_PREFIX  = 2,       ///< prefix: *a
  FX_POSTFIX = 3,       ///< postfix: a++
  FX_TERNARY = 4;       ///< ternary: a ? b : c
//@}

/// \defgroup opattrs_t C operator attributes
/// Used in operator_info_t::flags
//@{
const uchar
  COI_RL     = 0x00,    ///< right to left
  COI_LR     = 0x01,    ///< left to right
  COI_INT    = 0x02,    ///< requires integer operands
  COI_FP     = 0x04,    ///< requires floating point operands
  COI_SH     = 0x08,    ///< is shift operation?
  COI_SGN    = 0x10,    ///< sign sensitive?
  COI_SBN    = 0x20;    ///< is simple binary?
//@}

/// Information about C operator
struct operator_info_t
{
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  const char *text;     ///< Text representation
  uchar precedence;     ///< Operator precedence (lower: more priority)
  uchar valency;        ///< Number of operator arguments
  uchar fixtype;        ///< \ref fixtype_t
  uchar flags;          ///< \ref opattrs_t
};



/// Negate a comparison operator. For example, \ref cot_sge becomes \ref cot_slt
ctype_t hexapi negated_relation(ctype_t op);
/// Get operator sign. Meaningful for sign-dependent operators, like \ref cot_sdiv
type_sign_t hexapi get_op_signness(ctype_t op);
/// Convert plain operator into assignment operator. For example, \ref cot_add returns \ref cot_asgadd
ctype_t hexapi asgop(ctype_t cop);
/// Convert assignment operator into plain operator. For example, \ref cot_asgadd returns \ref cot_add
/// \return cot_empty is the input operator is not an assignment operator.
ctype_t hexapi asgop_revert(ctype_t cop);
/// Does operator use the 'x' field of cexpr_t?
inline bool op_uses_x(ctype_t op) { return op >= cot_comma && op <= cot_memptr; }
/// Does operator use the 'y' field of cexpr_t?
inline bool op_uses_y(ctype_t op) { return (op >= cot_comma && op <= cot_fdiv) || op == cot_idx; }
/// Does operator use the 'z' field of cexpr_t?
inline bool op_uses_z(ctype_t op) { return op == cot_tern; }
/// Is binary operator?
inline bool is_binary(ctype_t op) { return op_uses_y(op) && op != cot_tern; } // x,y
/// Is unary operator?
inline bool is_unary(ctype_t op) { return op >= cot_fneg && op <= cot_predec; }
/// Is comparison operator?
inline bool is_relational(ctype_t op) { return op >= cot_eq && op <= cot_ult; }
/// Is assignment operator?
inline bool is_assignment(ctype_t op) { return op >= cot_asg && op <= cot_asgumod; }
// Can operate on UDTs?
inline bool accepts_udts(ctype_t op) { return op == cot_asg || op == cot_comma || op > cot_last; }
/// Is pre/post increment/decrement operator?
inline bool is_prepost(ctype_t op)    { return op >= cot_postinc && op <= cot_predec; }
/// Is commutative operator?
inline bool is_commutative(ctype_t op)
{
  return op == cot_bor
      || op == cot_xor
      || op == cot_band
      || op == cot_add
      || op == cot_mul
      || op == cot_fadd
      || op == cot_fmul
      || op == cot_ne
      || op == cot_eq;
}
/// Is additive operator?
inline bool is_additive(ctype_t op)
{
  return op == cot_add
      || op == cot_sub
      || op == cot_fadd
      || op == cot_fsub;
}
/// Is multiplicative operator?
inline bool is_multiplicative(ctype_t op)
{
  return op == cot_mul
      || op == cot_sdiv
      || op == cot_udiv
      || op == cot_fmul
      || op == cot_fdiv;
}

/// Is bit related operator?
inline bool is_bitop(ctype_t op)
{
  return op == cot_bor
      || op == cot_xor
      || op == cot_band
      || op == cot_bnot;
}

/// Is logical operator?
inline bool is_logical(ctype_t op)
{
  return op == cot_lor
      || op == cot_land
      || op == cot_lnot;
}

/// Is loop statement code?
inline bool is_loop(ctype_t op)
{
  return op == cit_for
      || op == cit_while
      || op == cit_do;
}
/// Does a break statement influence the specified statement code?
inline bool is_break_consumer(ctype_t op)
{
  return is_loop(op) || op == cit_switch;
}

/// Is Lvalue operator?
inline bool is_lvalue(ctype_t op)
{
  return op == cot_ptr      // *x
      || op == cot_idx      // x[y]
      || op == cot_memref   // x.m
      || op == cot_memptr   // x->m
      || op == cot_obj      // v
      || op == cot_var;     // l
}

/// Is the operator allowed on small struni (structure/union)?
inline bool is_allowed_on_small_struni(ctype_t op)
{
  return op == cit_return
      || op == cot_asg
      || op == cot_eq
      || op == cot_ne
      || op == cot_comma
      || op == cot_tern
      || (op > cot_last && op < cit_end); // any insn
}

/// An immediate number
struct cnumber_t
{
  uint64 _value;                ///< its value
  number_format_t nf;           ///< how to represent it
  cnumber_t(int _opnum=0) : _value(0), nf(_opnum) {}

  /// Get text representation
  /// \param vout output buffer
  /// \param type number type
  /// \param parent parent expression
  /// \param nice_stroff out: printed as stroff expression
  void hexapi print(
        qstring *vout,
        const tinfo_t &type,
        const citem_t *parent=NULL,
        bool *nice_stroff=NULL) const;


  /// Get value.
  /// This function will properly extend the number sign to 64bits
  /// depending on the type sign.
  uint64 hexapi value(const tinfo_t &type) const;

  /// Assign new value
  /// \param v new value
  /// \param nbytes size of the new value in bytes
  /// \param sign sign of the value
  void hexapi assign(uint64 v, int nbytes, type_sign_t sign);

  DECLARE_COMPARISONS(cnumber_t);
};

/// Reference to a local variable
struct var_ref_t
{
  mbl_array_t *mba;     ///< pointer to the underlying micro array
  int idx;              ///< index into lvars_t
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  DECLARE_COMPARISONS(var_ref_t);
};

/// Vector of parents
typedef qvector<citem_t *> ctree_items_t;
typedef ctree_items_t parents_t;

/// A generic helper class that is used for ctree traversal
struct ctree_visitor_t
{
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  int cv_flags;           ///< \ref CV_
/// \defgroup CV_ Ctree visitor property bits
/// Used in ctree_visitor_t::cv_flags
//@{
#define CV_FAST    0x0000 ///< do not maintain parent information
#define CV_PRUNE   0x0001 ///< this bit is set by visit...() to prune the walk
#define CV_PARENTS 0x0002 ///< maintain parent information
#define CV_POST    0x0004 ///< call the leave...() functions
#define CV_RESTART 0x0008 ///< restart enumeration at the top expr (apply_to_exprs)
#define CV_INSNS   0x0010 ///< visit only statements, prune all expressions
                          ///< do not use before the final ctree maturity because
                          ///< expressions may contain statements at intermediate
                          ///< stages (see cot_insn). Otherwise you risk missing
                          ///< statements embedded into expressions.
//@}
  /// Should the parent information by maintained?
  bool maintain_parents(void) const { return (cv_flags & CV_PARENTS) != 0; }
  /// Should the traversal skip the children of the current item?
  bool must_prune(void)       const { return (cv_flags & CV_PRUNE) != 0; }
  /// Should the traversal restart?
  bool must_restart(void)     const { return (cv_flags & CV_RESTART) != 0; }
  /// Should the leave...() functions be called?
  bool is_postorder(void)     const { return (cv_flags & CV_POST) != 0; }
  /// Should all expressions be automatically pruned?
  bool only_insns(void)       const { return (cv_flags & CV_INSNS) != 0; }
  /// Prune children.
  /// This function may be called by a visitor() to skip all children of the current item.
  void prune_now(void) { cv_flags |= CV_PRUNE; }
  /// Do not prune children. This is an internal function, no need to call it.
  void clr_prune(void) { cv_flags &= ~CV_PRUNE; }
  /// Restart the travesal. Meaningful only in apply_to_exprs()
  void set_restart(void) { cv_flags |= CV_RESTART; }
  /// Do not restart. This is an internal function, no need to call it.
  void clr_restart(void) { cv_flags &= ~CV_RESTART; }

  parents_t parents;      ///< Vector of parents of the current item

  /// Constructor.
  /// This constructor can be used with CV_FAST, CV_PARENTS
  /// combined with CV_POST, CV_ONLYINS
  ctree_visitor_t(int _flags) : cv_flags(_flags) {}

  DEFINE_VIRTUAL_DTOR(ctree_visitor_t);
  /// Traverse ctree.
  /// The traversal will start at the specified item and continue until
  /// of one the visit_...() functions return a non-zero value.
  /// \param item root of the ctree to traverse
  /// \param parent parent of the specified item. can be specified as NULL.
  /// \return 0 or a non-zero value returned by a visit_...() function
  int hexapi apply_to(citem_t *item, citem_t *parent);

  /// Traverse only expressions.
  /// The traversal will start at the specified item and continue until
  /// of one the visit_...() functions return a non-zero value.
  /// \param item root of the ctree to traverse
  /// \param parent parent of the specified item. can be specified as NULL.
  /// \return 0 or a non-zero value returned by a visit_...() function
  int hexapi apply_to_exprs(citem_t *item, citem_t *parent);

  /// Get parent of the current item as an expression
  cexpr_t *parent_expr(void) { return (cexpr_t *)parents.back(); }
  /// Get parent of the current item as a statement
  cinsn_t *parent_insn(void) { return (cinsn_t *)parents.back(); }

  // the following functions are redefined by the derived class
  // in order to perform the desired actions during the traversal

  /// Visit a statement.
  /// This is a visitor function which should be overridden by a derived
  /// class to do some useful work.
  /// This visitor performs pre-order traserval, i.e. an item is visited before
  /// its children.
  /// \return 0 to continue the traversal, nonzero to stop.
  virtual int idaapi visit_insn(cinsn_t *) { return 0; }

  /// Visit an expression.
  /// This is a visitor function which should be overridden by a derived
  /// class to do some useful work.
  /// This visitor performs pre-order traserval, i.e. an item is visited before
  /// its children.
  /// \return 0 to continue the traversal, nonzero to stop.
  virtual int idaapi visit_expr(cexpr_t *) { return 0; }

  /// Visit a statement after having visited its children
  /// This is a visitor function which should be overridden by a derived
  /// class to do some useful work.
  /// This visitor performs post-order traserval, i.e. an item is visited after
  /// its children.
  /// \return 0 to continue the traversal, nonzero to stop.
  virtual int idaapi leave_insn(cinsn_t *) { return 0; }

  /// Visit an expression after having visited its children
  /// This is a visitor function which should be overridden by a derived
  /// class to do some useful work.
  /// This visitor performs post-order traserval, i.e. an item is visited after
  /// its children.
  /// \return 0 to continue the traversal, nonzero to stop.
  virtual int idaapi leave_expr(cexpr_t *) { return 0; }
};

/// A helper ctree traversal class that maintains parent information
struct ctree_parentee_t : public ctree_visitor_t
{
  ctree_parentee_t(bool post=false)
    : ctree_visitor_t((post ? CV_POST : 0)|CV_PARENTS) {}

  /// Recalculate types of parent node.
  /// If a node type has been changed, the visitor must recalculate
  /// all parent types, otherwise the ctree becomes inconsistent.
  /// If during this recalculation a parent node is added/deleted,
  /// this function returns true. In this case it is recommended
  /// to restart the traversal because the information about parent nodes
  /// is stale.
  /// \return false-ok to continue the traversal, true-must stop.
  bool hexapi recalc_parent_types(void);
};

/// Class to traverse the whole function
struct cfunc_parentee_t : public ctree_parentee_t
{
  cfunc_t *func;        ///< Pointer to current function
  cfunc_parentee_t(cfunc_t *f, bool post=false)
    : ctree_parentee_t(post), func(f) {}

  /// Calculate rvalue type.
  /// This function tries to determine the type of the specified item
  /// based on its context. For example, if the current expression is the
  /// right side of an assignment operator, the type
  /// of its left side will be returned. This function can be used to determine the 'best'
  /// type of the specified expression.
  /// \param[in] e expression to determine the desired type
  /// \param[out] target 'best' type of the expression will be returned here
  /// \return false if failed
  bool hexapi calc_rvalue_type(tinfo_t *target, const cexpr_t *e);
};

/// Ctree maturity level. The level will increase
/// as we switch from one phase of ctree generation to the next one
enum ctree_maturity_t
{
  CMAT_ZERO,            ///< does not exist
  CMAT_BUILT,           ///< just generated
  CMAT_TRANS1,          ///< applied first wave of transformations
  CMAT_NICE,            ///< nicefied expressions
  CMAT_TRANS2,          ///< applied second wave of transformations
  CMAT_CPA,             ///< corrected pointer arithmetic
  CMAT_TRANS3,          ///< applied third wave of transformations
  CMAT_CASTED,          ///< added necessary casts
  CMAT_FINAL,           ///< ready-to-use
};

//--------------------------------------------------------------------------
/// Comment item preciser.
/// Item preciser is used to assign comments to ctree items
/// A ctree item may have several comments attached to it. For example,
/// an if-statement may have the following comments: <pre>
///  if ( ... )    // cmt1
///  {             // cmt2
///  }             // cmt3
///  else          // cmt4
///  {                     -- usually the else block has a separate ea
///  } </pre>
/// The first 4 comments will have the same ea. In order to denote the exact
/// line for the comment, we store the item_preciser along with ea.
enum item_preciser_t
{
  // inner comments (comments within an expression)
  ITP_EMPTY,    ///< nothing
  ITP_ARG1,     ///< , (64 entries are reserved for 64 call arguments)
  ITP_ARG64 = ITP_ARG1+63, // ,
  ITP_BRACE1,   // (
  ITP_INNER_LAST = ITP_BRACE1,
  // outer comments
  ITP_ASM,      ///< __asm-line
  ITP_ELSE,     ///< else-line
  ITP_DO,       ///< do-line
  ITP_SEMI,     ///< semicolon
  ITP_CURLY1,   ///< {
  ITP_CURLY2,   ///< }
  ITP_BRACE2,   ///< )
  ITP_COLON,    ///< : (label)
  ITP_BLOCK1,   ///< opening block comment. this comment is printed before the item
                ///< (other comments are indented and printed after the item)
  ITP_BLOCK2,   ///< closing block comment.
  ITP_CASE = 0x40000000, ///< bit for switch cases
  ITP_SIGN = 0x20000000, ///< if this bit is set too, then we have a negative case value
                         // this is a hack, we better introduce special indexes for case values
                         // case value >= ITP_CASE will be processed incorrectly
};
/// Ctree location. Used to denote comment locations.
struct treeloc_t
{
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  ea_t ea;
  item_preciser_t itp;
  bool operator < (const treeloc_t &r) const
  {
    return ea < r.ea
        || (ea == r.ea && itp < r.itp);
  }
  bool operator == (const treeloc_t &r) const
  {
    return ea == r.ea && itp == r.itp;
  }
};

/// Comment retrieval type.
/// Ctree remembers what comments have already been retrieved.
/// This is done because our mechanism of item_precisers is still
/// not perfect and in theory some listing lines can not be told
/// apart. To avoid comment duplication, we remember if a comment
/// has already been used or not.
enum cmt_retrieval_type_t
{
  RETRIEVE_ONCE,        ///< Retrieve comment if it has not been used yet
  RETRIEVE_ALWAYS,      ///< Retrieve comment even if it has been used
};

/// Ctree item comment.
/// For each comment we remember its body and the fact of its retrieval
struct citem_cmt_t : public qstring
{
  mutable bool used;    ///< the comment has been retrieved?
  citem_cmt_t(void) : used(false) {}
  citem_cmt_t(const char *s) : qstring(s), used(false) {}
};

// Comments are attached to tree locations:
typedef std::map<treeloc_t, citem_cmt_t> user_cmts_t;

/// Generic ctree element locator. It can be used for instructions and some expression
/// types. However, we need more precise locators for other items (e.g. for numbers)
struct citem_locator_t
{
  ea_t ea;              ///< citem address
  ctype_t op;           ///< citem operation
private:
  //forbid the default constructor
  citem_locator_t(void) {}
public:
  citem_locator_t(ea_t _ea, ctype_t _op) : ea(_ea), op(_op) {}
  citem_locator_t(const citem_t *i);
  DECLARE_COMPARISONS(citem_locator_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

// citem_t::iflags are attached to (ea,op) pairs
typedef std::map<citem_locator_t, int32> user_iflags_t;

// union field selections
// they are represented as a vector of integers. each integer represents the
// number of union field (0 means the first union field, etc)
// the size of this vector is equal to the number of nested unions in the selection.
typedef std::map<ea_t, intvec_t> user_unions_t;

//--------------------------------------------------------------------------
/// Basic ctree element. This is an abstract class (but we don't use virtual
/// functions in ctree, so the compiler will not disallow you to create citem_t
/// instances). However, elements of pure citem_t type must never be created.
/// Two classes, cexpr_t and cinsn_t are derived from it.
struct citem_t
{
  ea_t ea;              ///< address that corresponds to the item
  ctype_t op;           ///< element type
  int label_num;        ///< label number. -1 means no label. items of expression
                        ///< types (cot_...) should not have labels at the final maturity
                        ///< level, but at the intermediate levels any ctree element
                        ///< may have a label. Labels must be unique. Usually
                        ///< they correspond to the basic block numbers.
  mutable int index;    ///< item index. meaningful only after print_func()
  citem_t(void) : ea(BADADDR), op(cot_empty), label_num(-1), index(-1) {}
  citem_t(ctype_t o) : ea(BADADDR), op(o), label_num(-1), index(-1) {}
  /// Swap two citem_t
  void swap(citem_t &r)
  {
    std::swap(ea, r.ea);
    std::swap(op, r.op);
    std::swap(label_num, r.label_num);
  }
  /// Is an expression?
  bool is_expr(void) const { return op <= cot_last; }
  /// Does the item contain a label?
  bool hexapi contains_label(void) const;
  /// Find parent of the specified item.
  /// \param sitem Item to find the parent of. The search will be performed
  ///            among the children of the item pointed by \c this.
  /// \return NULL if not found
  const citem_t *hexapi find_parent_of(const citem_t *sitem) const;
  citem_t *find_parent_of(const citem_t *item)
  { return CONST_CAST(citem_t*)((CONST_CAST(const citem_t*)(this))->find_parent_of(item)); }
  citem_t *hexapi find_closest_addr(ea_t _ea);
  void print1(qstring *vout, const cfunc_t *func) const;
  ~citem_t(void)
  {
    remitem(this);
  }
  DEFINE_MEMORY_ALLOCATION_FUNCS()
};

/// Ctree element: expression.
/// Depending on the exact expression item type, various fields of this structure are used.
struct cexpr_t : public citem_t
{
  union
  {
    cnumber_t *n;     ///< used for \ref cot_num
    fnumber_t *fpc;   ///< used for \ref cot_fnum
    struct
    {
      union
      {
        var_ref_t v;  ///< used for \ref cot_var
        ea_t obj_ea;  ///< used for \ref cot_obj
      };
      int refwidth;   ///< how many bytes are accessed? (-1: none)
    };
    struct
    {
      cexpr_t *x;     ///< the first operand of the expression
      union
      {
        cexpr_t *y;   ///< the second operand of the expression
        carglist_t *a;///< argument list (used for \ref cot_call)
        uint32 m;     ///< member offset (used for \ref cot_memptr, \ref cot_memref)
                      ///< for unions, the member number
      };
      union
      {
        cexpr_t *z;   ///< the third operand of the expression
        int ptrsize;  ///< memory access size (used for \ref cot_ptr, \ref cot_memptr)
      };
    };
    cinsn_t *insn;    ///< an embedded statement, they are prohibited
                      ///< at the final maturity stage (\ref CMAT_FINAL)
    char *helper;     ///< helper name (used for \ref cot_helper)
    char *string;     ///< string constant (used for \ref cot_str)
  };
  tinfo_t type;       ///< expression type. must be carefully maintained
  int exflags;        ///< \ref EXFL_
/// \defgroup EXFL_ Expression attributes
/// Used in cexpr_t::exflags
//@{
#define EXFL_CPADONE 0x0001 ///< pointer arithmetic correction done
#define EXFL_LVALUE  0x0002 ///< expression is lvalue even if it doesn't look like it
#define EXFL_FPOP    0x0004 ///< floating point operation
#define EXFL_ALONE   0x0008 ///< standalone helper
#define EXFL_CSTR    0x0010 ///< string literal
#define EXFL_PARTIAL 0x0020 ///< type of the expression is considered partial
#define EXFL_ALL     0x003F ///< all currently defined bits
//@}
  /// Pointer arithmetic correction done for this expression?
  bool cpadone(void) const         { return (exflags & EXFL_CPADONE) != 0; }
  bool is_odd_lvalue(void) const   { return (exflags & EXFL_LVALUE) != 0; }
  bool is_fpop(void) const         { return (exflags & EXFL_FPOP) != 0; }
  bool is_cstr(void) const         { return (exflags & EXFL_CSTR) != 0; }
  bool is_type_partial(void) const { return (exflags & EXFL_PARTIAL) != 0; }


  void set_cpadone(void)      { exflags |= EXFL_CPADONE; }
  void set_type_partial(void) { exflags |= EXFL_PARTIAL; }

  cexpr_t(void) : x(NULL), y(NULL), z(NULL), exflags(0) {}
  cexpr_t(ctype_t cop, cexpr_t *_x) : citem_t(cop), x(_x), y(NULL), z(NULL), exflags(0) {}
  cexpr_t(ctype_t cop, cexpr_t *_x, cexpr_t *_y) : citem_t(cop), x(_x), y(_y), z(NULL), exflags(0) {}
  cexpr_t(ctype_t cop, cexpr_t *_x, cexpr_t *_y, cexpr_t *_z) : citem_t(cop), x(_x), y(_y), z(_z), exflags(0) {}
  cexpr_t(mbl_array_t *mba, const lvar_t &v);
  cexpr_t(const cexpr_t &r) : citem_t() { *this = r; }
  void swap(cexpr_t &r) { qswap(*this, r); }
  cexpr_t &operator=(const cexpr_t &r) { return assign(r); }
  cexpr_t &hexapi assign(const cexpr_t &r);
  DECLARE_COMPARISONS(cexpr_t);
  ~cexpr_t(void) { cleanup(); }

  /// Replace the expression.
  /// The children of the expression are abandoned (not freed).
  /// The expression pointed by 'r' is moved to 'this' expression
  /// \param r the source expression. It is deleted after being copied
  void hexapi replace_by(cexpr_t *r);

  /// Cleanup the expression.
  /// This function properly deletes all children and sets the item type to cot_empty.
  void hexapi cleanup(void);

  /// Assign a number to the expression.
  /// \param func current function
  /// \param value number value
  /// \param nbytes size of the number in bytes
  /// \param sign number sign
  void hexapi put_number(cfunc_t *func, uint64 value, int nbytes, type_sign_t sign=no_sign);

  /// Print expression into one line.
  /// \param vout output buffer
  /// \param func parent function. This argument is used to find out the referenced variable names.
  void hexapi print1(qstring *vout, const cfunc_t *func) const;

  /// Calculate the type of the expression.
  /// Use this function to calculate the expression type when a new expression is built
  /// \param recursive if true, types of all children expression will be calculated
  ///                  before calculating our type
  void hexapi calc_type(bool recursive);

  /// Compare two expressions.
  /// This function tries to compare two expressions in an 'intelligent' manner.
  /// For example, it knows about commutitive operators and can ignore useless casts.
  /// \param r the expression to compare against the current expression
  /// \return true expressions can be considered equal
  bool hexapi equal_effect(const cexpr_t &r) const;

  /// Verify if the specified item is our parent.
  /// \param parent possible parent item
  /// \return true if the specified item is our parent
  bool hexapi is_child_of(const citem_t *parent) const;

  /// Check if the expression contains the specified operator.
  /// \param needed_op operator code to search for
  /// \param times how many times the operator code should be present
  /// \return true if the expression has at least TIMES children with NEEDED_OP
  bool hexapi contains_operator(ctype_t needed_op, int times=1) const;

  /// Does the expression contain another expression?
  bool contains_expr(const cexpr_t *e) const;
  /// Does the expression contain a comma operator?
  bool contains_comma(int times=1) const { return contains_operator(cot_comma, times); }
  /// Does the expression contain an embedded statement operator?
  bool contains_insn(int times=1) const { return contains_operator(cot_insn, times); }
  /// Does the expression contain an embedded statement operator or a label?
  bool contains_insn_or_label(void) const { return contains_insn() || contains_label(); }
  /// Does the expression contain a comma operator or an embedded statement operator or a label?
  bool contains_comma_or_insn_or_label(int maxcommas=1) const { return contains_comma(maxcommas) || contains_insn_or_label(); }
  /// Is nice expression?
  /// Nice expressions do not contain comma operators, embedded statements, or labels.
  bool is_nice_expr(void) const { return !contains_comma_or_insn_or_label(); }
  /// Is nice condition?.
  /// Nice condition is a nice expression of the boolean type.
  bool is_nice_cond(void) const { return is_nice_expr() && type.is_bool(); }
  /// Is call object?
  /// \return true if our expression is the call object of the specified parent expression.
  bool is_call_object_of(const citem_t *parent) const { return parent != NULL && parent->op == cot_call && ((cexpr_t*)parent)->x == this; }
  /// Is call argument?
  /// \return true if our expression is a call argument of the specified parent expression.
  bool is_call_arg_of(const citem_t *parent) const { return parent != NULL && parent->op == cot_call && ((cexpr_t*)parent)->x != this; }
  /// Get expression sign
  type_sign_t get_type_sign(void) const { return type.get_sign(); }
  /// Is expression unsigned?
  bool is_type_unsigned(void) const { return type.is_unsigned(); }
  /// Is expression signed?
  bool is_type_signed(void) const { return type.is_signed(); }
  /// Get max number of bits that can really be used by the expression.
  /// For example, x % 16 can yield only 4 non-zero bits
  int hexapi get_high_nbit_bound(int pbits, type_sign_t psign, bool *p_maybe_negative=NULL) const;
  /// Get min number of bits that are always present in the expression.
  /// For example, 16 always uses 5 bits.
  int hexapi get_low_nbit_bound(type_sign_t psign, bool *p_maybe_negative=NULL) const;
  /// Check if the expression requires an lvalue.
  /// \param child The function will check if this child of our expression must be an lvalue.
  /// \return true if child must be an lvalue.
  bool hexapi requires_lvalue(const cexpr_t *child) const;
  /// Check if the expression has side effects.
  /// Calls, pre/post inc/dec, and assignments have side effects.
  bool hexapi has_side_effects(void) const;
  /// Check if the expression if aliasable.
  /// Simple registers and non-aliasble stack slots return false.
  bool is_aliasable(void) const;
  /// Get numeric value of the expression.
  /// This function can be called only on cot_num expressions!
  uint64 numval(void) const
  {
    QASSERT(50071, op == cot_num);
    return n->value(type);
  }
  /// Check if the expression is a number with the specified value.
  bool is_const_value(uint64 _v) const
  {
    return op == cot_num && numval() == _v;
  }
  /// Check if the expression is a negative number.
  bool is_negative_const(void) const
  {
    return op == cot_num && int64(numval()) < 0;
  }
  /// Check if the expression is a non-zero number.
  bool is_non_zero_const(void) const
  {
    return op == cot_num && numval() != 0;
  }
  /// Check if the expression is a zero.
  bool is_zero_const(void) const { return is_const_value(0); }
  /// Does the PARENT need the expression value
  bool is_value_used(const citem_t *parent) const;
  /// Get expression value.
  /// \param out Pointer to the variable where the expression value is returned.
  /// \return true if the expression is a number.
  bool get_const_value(uint64 *out) const
  {
    if ( op == cot_num )
    {
      if ( out != NULL )
        *out = numval();
      return true;
    }
    return false;
  }
  /// May the expression be a pointer?
  bool maybe_ptr(void) const
  {
    uint64 val;
    if ( get_const_value(&val)
      && (ea_t(val) != val || !is_mapped((ea_t)val)) )
    {
      return false;
    }
    return true;
  }
  /// Find pointer or array child.
  cexpr_t *get_ptr_or_array(void)
  {
    if ( x->type.is_ptr_or_array() )
      return x;
    if ( y->type.is_ptr_or_array() )
      return y;
    return NULL;
  }
  /// Find the child with the specified operator.
  const cexpr_t *find_op(ctype_t _op) const
  {
    if ( x->op == _op )
      return x;
    if ( y->op == _op )
      return y;
    return NULL;
  }
  cexpr_t *find_op(ctype_t _op)
  {
    return (cexpr_t *)((const cexpr_t *)this)->find_op(_op);
  }

  /// Find the operand with a numeric value
  const cexpr_t *find_num_op(void) const { return find_op(cot_num); }
        cexpr_t *find_num_op(void)       { return find_op(cot_num); }
  /// Find the pointer operand.
  /// This function returns the pointer operand for binary expressions.
  const cexpr_t *find_ptr_or_array(bool remove_eqsize_casts) const;
  /// Get the other operand.
  /// This function returns the other operand (not the specified one)
  /// for binary expressions.
  const cexpr_t *theother(const cexpr_t *what) const { return what == x ? y : x; }
        cexpr_t *theother(const cexpr_t *what)       { return what == x ? y : x; }

  // these are inline functions, see below
  bool get_1num_op(cexpr_t **o1, cexpr_t **o2);
  bool get_1num_op(const cexpr_t **o1, const cexpr_t **o2) const;

};

/// Statement with an expression.
/// This is a base class for various statements with expressions.
struct ceinsn_t
{
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  cexpr_t expr;         ///< Expression of the statement
};

/// Should curly braces be printed?
enum use_curly_t
{
  CALC_CURLY_BRACES,    ///< print curly braces if necessary
  NO_CURLY_BRACES,      ///< don't print curly braces
  USE_CURLY_BRACES,     ///< print curly braces without any checks
};

/// If statement
struct cif_t : public ceinsn_t
{
  cinsn_t *ithen;       ///< Then-branch of the if-statement
  cinsn_t *ielse;       ///< Else-branch of the if-statement. May be NULL.
  cif_t(void) : ithen(NULL), ielse(NULL) {}
  cif_t(const cif_t &r) : ceinsn_t(), ithen(NULL), ielse(NULL) { *this = r; }
  cif_t &operator=(const cif_t &r) { return assign(r); }
  cif_t &hexapi assign(const cif_t &r);
  DECLARE_COMPARISONS(cif_t);
  ~cif_t(void) { cleanup(); }
  void cleanup(void);
};

/// Base class for loop statements
struct cloop_t : public ceinsn_t
{
  cinsn_t *body;
  cloop_t(void) : body(NULL) {}
  cloop_t(cinsn_t *b) : body(b) {}
  cloop_t(const cloop_t &r) : ceinsn_t(), body(NULL) { *this = r; }
  cloop_t &operator=(const cloop_t &r) { return assign(r); }
  cloop_t &hexapi assign(const cloop_t &r);
  ~cloop_t(void) { cleanup(); }
  void cleanup(void);
};

/// For-loop
struct cfor_t : public cloop_t
{
  cexpr_t init;                 ///< Initialization expression
  cexpr_t step;                 ///< Step expression
  DECLARE_COMPARISONS(cfor_t);
};

/// While-loop
struct cwhile_t : public cloop_t
{
  DECLARE_COMPARISONS(cwhile_t);
};

/// Do-loop
struct cdo_t : public cloop_t
{
  DECLARE_COMPARISONS(cdo_t);
};

/// Return statement
struct creturn_t : public ceinsn_t
{
  DECLARE_COMPARISONS(creturn_t);
};

/// Goto statement
struct cgoto_t
{
  int label_num;        ///< Target label number
  DECLARE_COMPARISONS(cgoto_t);
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  void print(const citem_t *parent, int indent, vc_printer_t &vp) const;
};

/// asm statement
struct casm_t : public eavec_t
{
  casm_t(ea_t ea) { push_back(ea); }
  casm_t(const casm_t &r) : eavec_t(eavec_t(r)) {}
  DECLARE_COMPARISONS(casm_t);
  void print(const citem_t *parent, int indent, vc_printer_t &vp) const;
  bool one_insn(void) const { return size() == 1; }
  void genasm(qstring *buf, ea_t ea) const;
};

/// Vector of pointers to statements.
typedef qvector<cinsn_t *> cinsnptrvec_t;

/// Ctree element: statement.
/// Depending on the exact statement type, various fields of the union are used.
struct cinsn_t : public citem_t
{
  union
  {
    cblock_t *cblock;   ///< details of block-statement
    cexpr_t *cexpr;     ///< details of expression-statement
    cif_t *cif;         ///< details of if-statement
    cfor_t *cfor;       ///< details of for-statement
    cwhile_t *cwhile;   ///< details of while-statement
    cdo_t *cdo;         ///< details of do-statement
    cswitch_t *cswitch; ///< details of switch-statement
    creturn_t *creturn; ///< details of return-statement
    cgoto_t *cgoto;     ///< details of goto-statement
    casm_t *casm;       ///< details of asm-statement
  };

  cinsn_t(void) : citem_t(cit_empty) {}
  cinsn_t(const cinsn_t &r) : citem_t(cit_empty) { *this = r; }
  void swap(cinsn_t &r) { citem_t::swap(r); std::swap(cblock, r.cblock); }
  cinsn_t &operator=(const cinsn_t &r) { return assign(r); }
  cinsn_t &hexapi assign(const cinsn_t &r);
  DECLARE_COMPARISONS(cinsn_t);
  ~cinsn_t(void) { cleanup(); }

  /// Replace the statement.
  /// The children of the statement are abandoned (not freed).
  /// The statement pointed by 'r' is moved to 'this' statement
  /// \param r the source statement. It is deleted after being copied
  void hexapi replace_by(cinsn_t *r);

  /// Cleanup the statement.
  /// This function properly deletes all children and sets the item type to cit_empty.
  void hexapi cleanup(void);

  /// Overwrite with zeroes without cleaning memory or deleting children
  void zero(void) { op = cit_empty; cblock = NULL; }

  /// Create a new statement.
  /// The current statement must be a block. The new statement will be appended to it.
  /// \param insn_ea statement address
  cinsn_t &hexapi new_insn(ea_t insn_ea);

  /// Create a new if-statement.
  /// The current statement must be a block. The new statement will be appended to it.
  /// \param cnd if condition. It will be deleted after being copied.
  cif_t &hexapi create_if(cexpr_t *cnd);

  /// Print the statement into many lines.
  /// \param indent indention (number of spaces) for the statement
  /// \param vp printer helper class which will receive the generated text.
  /// \param use_curly if the statement is a block, how should curly braces be printed.
  void hexapi print(int indent, vc_printer_t &vp, use_curly_t use_curly=CALC_CURLY_BRACES) const;

  /// Print the statement into one line.
  /// Currently this function is not available.
  /// \param vout output buffer
  /// \param func parent function. This argument is used to find out the referenced variable names.
  void hexapi print1(qstring *vout, const cfunc_t *func) const;

  /// Check if the statement passes execution to the next statement.
  /// \return false if the statement breaks the control flow (like goto, return, etc)
  bool hexapi is_ordinary_flow(void) const;

  /// Check if the statement contains a statement of the specified type.
  /// \param type statement opcode to look for
  /// \param times how many times TYPE should be present
  /// \return true if the statement has at least TIMES children with opcode == TYPE
  bool hexapi contains_insn(ctype_t type, int times=1) const;

  /// Collect free \c break statements.
  /// This function finds all free \c break statements within the current statement.
  /// A \c break statement is free if it does not have a loop or switch parent that
  /// that is also within the current statement.
  /// \param breaks pointer to the variable where the vector of all found free
  ///               \c break statements is returned. This argument can be NULL.
  /// \return true if some free \c break statements have been found
  bool hexapi collect_free_breaks(cinsnptrvec_t *breaks);

  /// Collect free \c continue statements.
  /// This function finds all free \c continue statements within the current statement.
  /// A \c continue statement is free if it does not have a loop parent that
  /// that is also within the current statement.
  /// \param continues pointer to the variable where the vector of all found free
  ///               \c continue statements is returned. This argument can be NULL.
  /// \return true if some free \c continue statements have been found
  bool hexapi collect_free_continues(cinsnptrvec_t *continues);

  /// Check if the statement has free \c break statements.
  bool contains_free_break(void) const { return CONST_CAST(cinsn_t*)(this)->collect_free_breaks(NULL); }
  /// Check if the statement has free \c continue statements.
  bool contains_free_continue(void) const { return CONST_CAST(cinsn_t*)(this)->collect_free_continues(NULL); }

};

/// Compound statement (curly braces)
struct cblock_t : public qlist<cinsn_t> // we need list to be able to manipulate
{                                       // its elements freely
  DECLARE_COMPARISONS(cblock_t);
};

/// Function argument
struct carg_t : public cexpr_t
{
  bool is_vararg;             ///< is a vararg (matches ...)
  tinfo_t formal_type;        ///< formal parameter type (if known)
  void consume_cexpr(cexpr_t *e)
  {
    qswap(*(cexpr_t*)this, *e);
    delete e;
  }
  carg_t(void) : is_vararg(false) {}
  DECLARE_COMPARISONS(carg_t)
  {
    return cexpr_t::compare(r);
  }
};
DECLARE_TYPE_AS_MOVABLE(carg_t);

/// Function argument list
struct carglist_t : public qvector<carg_t>
{
  tinfo_t functype;   ///< function object type
  int flags;          ///< call flags
#define CFL_FINAL   0x0001  ///< call type is final, should not be changed
#define CFL_HELPER  0x0002  ///< created from a decompiler helper function
  carglist_t(void) : flags(0) {}
  carglist_t(const tinfo_t &ftype, int fl = 0) : functype(ftype), flags(fl) {}
  DECLARE_COMPARISONS(carglist_t);
  void print(qstring *vout, const cfunc_t *func) const;
  int print(int curpos, vc_printer_t &vp) const;
};

/// Switch case. Usually cinsn_t is a block
struct ccase_t : public cinsn_t
{
  qvector<uint64> values;    ///< List of case values.
                             ///< if empty, then 'default' case
  DECLARE_COMPARISONS(ccase_t);
  void print(const cinsn_t *parent, int indent, vc_printer_t &vp) const;
  void set_insn(cinsn_t *i); // deletes 'i'
  size_t size(void) const { return values.size(); }
  const uint64 &value(int i) const { return values[i]; }
};
DECLARE_TYPE_AS_MOVABLE(ccase_t);

/// Vector of switch cases
struct ccases_t : public qvector<ccase_t>
{
  DECLARE_COMPARISONS(ccases_t);
  void print(const cinsn_t *parent, int indent, vc_printer_t &vp) const;
  int find_value(uint64 v) const;
};

/// Switch statement
struct cswitch_t : public ceinsn_t
{
  cnumber_t mvnf;       ///< Maximal switch value and number format
  ccases_t cases;       ///< Switch cases: values and instructions
  DECLARE_COMPARISONS(cswitch_t);
};

//---------------------------------------------------------------------------
/// Invisible COLOR_ADDR tags in the output text are used to refer to ctree items and variables
struct ctree_anchor_t
{
  uval_t value;
#define ANCHOR_INDEX  0x1FFFFFFF
#define ANCHOR_MASK   0xC0000000
#define   ANCHOR_CITEM 0x00000000 ///< c-tree item
#define   ANCHOR_LVAR  0x40000000 ///< declaration of local variable
#define   ANCHOR_ITP   0x80000000 ///< item type preciser
#define ANCHOR_BLKCMT 0x20000000  ///< block comment (for ctree items)
  ctree_anchor_t(void) : value(BADADDR) {}
  int get_index(void) const { return value & ANCHOR_INDEX; }
  item_preciser_t get_itp(void) const { return item_preciser_t(value & ~ANCHOR_ITP); }
  bool is_valid_anchor(void) const { return value != BADADDR; }
  bool is_citem_anchor(void) const { return (value & ANCHOR_MASK) == ANCHOR_CITEM; }
  bool is_lvar_anchor(void) const { return (value & ANCHOR_MASK) == ANCHOR_LVAR; }
  bool is_itp_anchor(void) const { return (value & ANCHOR_ITP) != 0; }
  bool is_blkcmt_anchor(void) const { return (value & ANCHOR_BLKCMT) != 0; }
};

/// Type of the cursor item.
enum cursor_item_type_t
{
  VDI_NONE, ///< undefined
  VDI_EXPR, ///< c-tree item
  VDI_LVAR, ///< declaration of local variable
  VDI_FUNC, ///< the function itself (the very first line with the function prototype)
  VDI_TAIL, ///< cursor is at (beyond) the line end (commentable line)
};

/// Cursor item.
/// Information about the item under the cursor
struct ctree_item_t
{
  DEFINE_MEMORY_ALLOCATION_FUNCS()
  cursor_item_type_t citype; ///< Item type
  union
  {
    citem_t *it;
    cexpr_t *e;         ///< VDI_EXPR: Expression
    cinsn_t *i;         ///< VDI_EXPR: Statement
    lvar_t *l;          ///< VDI_LVAR: Local variable
    cfunc_t *f;         ///< VDI_FUNC: Function
    treeloc_t loc;      ///< VDI_TAIL: Line tail
  };

  ctree_item_t(): citype(VDI_NONE) {}

  void verify(const mbl_array_t *mba) const;

  /// Get pointer to structure member.
  /// If the current item is a structure field,
  /// this function will return pointer to its definition.
  /// \return NULL if failed
  /// \param[out] p_sptr pointer to the variable where the pointer to the
  ///               parent structure is returned. This parameter can be NULL.

  member_t *hexapi get_memptr(struc_t **p_sptr=NULL) const;

  /// Get pointer to local variable.
  /// If the current item is a local variable,
  /// this function will return pointer to its definition.
  /// \return NULL if failed

  lvar_t *hexapi get_lvar(void) const;


  /// Get address of the current item.
  /// Each ctree item has an address.
  /// \return BADADDR if failed

  ea_t hexapi get_ea(void) const;


  /// Get label number of the current item.
  /// \param[in] gln_flags Combination of \ref GLN_ bits
  /// \return -1 if failed or no label

  int hexapi get_label_num(int gln_flags) const;
/// \defgroup GLN_ get_label_num control
//@{
#define GLN_CURRENT     0x01 ///< get label of the current item
#define GLN_GOTO_TARGET 0x02 ///< get goto target
#define GLN_ALL         0x03 ///< get both
//@}

  /// Is the current item is a ctree item?
  bool is_citem(void) const { return citype == VDI_EXPR; }

};

/// Unused label disposition.
enum allow_unused_labels_t
{
  FORBID_UNUSED_LABELS = 0,     ///< Unused labels cause interr
  ALLOW_UNUSED_LABELS = 1,      ///< Unused labels are permitted
};

typedef std::map<int, qstring> user_labels_t;

/// Logically negate the specified expression.
/// The specified expression will be logically negated.
/// For example, "x == y" is converted into "x != y" by this function.
/// \param e expression to negate. After the call, e must not be used anymore
///          because it can be changed by the function. The function return value
///          must be used to refer to the expression.
/// \return logically negated expression.

cexpr_t *hexapi lnot(cexpr_t *e);


/// Create a new block-statement.

cinsn_t *hexapi new_block(void);


/// Create a helper object.
/// This function creates a helper object.
/// The named function is not required to exist, the decompiler will only print
/// its name in the output. Helper functions are usually used to represent arbitrary
/// function or macro calls in the output.
/// \param standalone false:helper must be called; true:helper can be used in any expression
/// \param type type of the create function object
/// \param format printf-style format string that will be used to create the function name.
/// \param va additional arguments for printf
/// \return the created expression.

AS_PRINTF(3, 0) cexpr_t *hexapi vcreate_helper(bool standalone, const tinfo_t &type, const char *format, va_list va);

/// Create a helper object..
AS_PRINTF(3, 4) inline cexpr_t *create_helper(bool standalone, const tinfo_t &type, const char *format, ...)
{
  va_list va;
  va_start(va, format);
  cexpr_t *e = vcreate_helper(standalone, type, format, va);
  va_end(va);
  return e;
}


/// Create a helper call expression.
/// This function creates a new expression: a call of a helper function.
/// \param rettype type of the whole expression.
/// \param args helper arguments. this object will be consumed by the function.
///             if there are no args, this parameter may be specified as NULL.
/// \param format printf-style format string that will be used to create the function name.
/// \param va additional arguments for printf
/// \return the created expression.

AS_PRINTF(3, 0) cexpr_t *hexapi vcall_helper(const tinfo_t &rettype, carglist_t *args, const char *format, va_list va);

/// Create a helper call.
AS_PRINTF(3, 4) inline cexpr_t *call_helper(
        const tinfo_t &rettype,
        carglist_t *args,
        const char *format, ...)
{
  va_list va;
  va_start(va, format);
  cexpr_t *e = vcall_helper(rettype, args, format, va);
  va_end(va);
  return e;
}


/// Create a number expression
/// \param n value
/// \param func current function
/// \param ea definition address of the number
/// \param opnum operand number of the number (in the disassembly listing)
/// \param sign number sign
/// \param size size of number in bytes

cexpr_t *hexapi make_num(uint64 n, cfunc_t *func=NULL, ea_t ea=BADADDR, int opnum=0, type_sign_t sign=no_sign, int size=0);


/// Create a reference.
/// This function performs the following conversion: "obj" => "&obj".
/// It can handle casts, annihilate "&*", and process other special cases.

cexpr_t *hexapi make_ref(cexpr_t *e);


/// Dereference a pointer.
/// This function dereferences a pointer expression.
/// It performs the following conversion: "ptr" => "*ptr"
/// It can handle discrepancies in the pointer type and the access size.
/// \param e expression to deference
/// \param ptrsize access size
/// \param is_flt dereferencing for floating point access?
/// \return dereferenced expression

cexpr_t *hexapi dereference(cexpr_t *e, int ptrsize, bool is_flt=false);


/// Save user defined labels into the database.
/// \param func_ea the entry address of the function
/// \param user_labels collection of user defined labels

void hexapi save_user_labels(ea_t func_ea, const user_labels_t *user_labels);


/// Save user defined comments into the database.
/// \param func_ea the entry address of the function
/// \param user_cmts collection of user defined comments

void hexapi save_user_cmts(ea_t func_ea, const user_cmts_t *user_cmts);

/// Save user defined number formats into the database.
/// \param func_ea the entry address of the function
/// \param numforms collection of user defined comments

void hexapi save_user_numforms(ea_t func_ea, const user_numforms_t *numforms);


/// Save user defined citem iflags into the database.
/// \param func_ea the entry address of the function
/// \param iflags collection of user defined citem iflags

void hexapi save_user_iflags(ea_t func_ea, const user_iflags_t *iflags);


/// Save user defined union field selections into the database.
/// \param func_ea the entry address of the function
/// \param unions collection of union field selections

void hexapi save_user_unions(ea_t func_ea, const user_unions_t *unions);


/// Restore user defined labels from the database.
/// \param func_ea the entry address of the function
/// \return collection of user defined labels.
///         The returned object must be deleted by the caller using delete_user_labels()

user_labels_t *hexapi restore_user_labels(ea_t func_ea);


/// Restore user defined comments from the database.
/// \param func_ea the entry address of the function
/// \return collection of user defined comments.
///         The returned object must be deleted by the caller using delete_user_cmts()

user_cmts_t *hexapi restore_user_cmts(ea_t func_ea);


/// Restore user defined number formats from the database.
/// \param func_ea the entry address of the function
/// \return collection of user defined number formats.
///         The returned object must be deleted by the caller using delete_user_numforms()

user_numforms_t *hexapi restore_user_numforms(ea_t func_ea);


/// Restore user defined citem iflags from the database.
/// \param func_ea the entry address of the function
/// \return collection of user defined iflags.
///         The returned object must be deleted by the caller using delete_user_iflags()

user_iflags_t *hexapi restore_user_iflags(ea_t func_ea);


/// Restore user defined union field selections from the database.
/// \param func_ea the entry address of the function
/// \return collection of union field selections
///         The returned object must be deleted by the caller using delete_user_unions()

user_unions_t *hexapi restore_user_unions(ea_t func_ea);


typedef std::map<ea_t, cinsnptrvec_t> eamap_t;
// map of instruction boundaries. may contain INS_EPILOG for the epilog instructions
typedef std::map<cinsn_t *, rangeset_t> boundaries_t;
#define INS_EPILOG ((cinsn_t *)1)
// Tags to find this location quickly: #cfunc_t #func_t
//-------------------------------------------------------------------------
/// Decompiled function. Decompilation result is kept here.
struct cfunc_t
{
  ea_t entry_ea;             ///< function entry address
  mbl_array_t *mba;          ///< underlying microcode
  cinsn_t body;              ///< function body, must be a block
  intvec_t &argidx;          ///< list of arguments (indexes into vars)
  ctree_maturity_t maturity; ///< maturity level
  // The following maps must be accessed using helper functions.
  // Example: for user_labels_t, see functions starting with "user_labels_".
  user_labels_t *user_labels;///< user-defined labels.
  user_cmts_t *user_cmts;    ///< user-defined comments.
  user_numforms_t *numforms; ///< user-defined number formats.
  user_iflags_t *user_iflags;///< user-defined item flags \ref CIT_
  user_unions_t *user_unions;///< user-defined union field selections.
/// \defgroup CIT_ ctree item iflags bits
//@{
#define CIT_COLLAPSED 0x0001 ///< display element in collapsed form
//@}
  int refcnt;                ///< reference count to this object. use cfuncptr_t
  int statebits;             ///< current cfunc_t state. see \ref CFS_
/// \defgroup CFS_ cfunc state bits
#define CFS_BOUNDS       0x0001 ///< 'eamap' and 'boundaries' are ready
#define CFS_TEXT         0x0002 ///< 'sv' is ready (and hdrlines)
#define CFS_LVARS_HIDDEN 0x0004 ///< local variable definitions are collapsed
  eamap_t *eamap;            ///< ea->insn map. use \ref get_eamap
  boundaries_t *boundaries;  ///< map of instruction boundaries. use \ref get_boundaries
  strvec_t sv;               ///< decompilation output: function text. use \ref get_pseudocode
  int hdrlines;              ///< number of lines in the declaration area
  mutable ctree_items_t treeitems; ///< vector of ctree items

public:
  cfunc_t(mbl_array_t *mba);
  ~cfunc_t(void) { cleanup(); }
  void release(void) { delete this; }
  DEFINE_MEMORY_ALLOCATION_FUNCS()

  /// Generate the function body.
  /// This function (re)generates the function body from the underlying microcode.
  void hexapi build_c_tree(void);

  /// Verify the ctree.
  /// This function verifies the ctree. If the ctree is malformed, an internal error
  /// is generated. Use it to verify the ctree after your modifications.
  /// \param aul Are unused labels acceptable?
  /// \param even_without_debugger if false and there is no debugger, the verification will be skipped
  void hexapi verify(allow_unused_labels_t aul, bool even_without_debugger) const;

  /// Print function prototype.
  /// \param vout output buffer
  void hexapi print_dcl(qstring *vout) const;

  /// Print function text.
  /// \param vp printer helper class to receive the generated text.
  void hexapi print_func(vc_printer_t &vp) const;

  /// Get the function type.
  /// \param type variable where the function type is returned
  /// \return false if failure
  bool hexapi get_func_type(tinfo_t *type) const;

  /// Get vector of local variables.
  /// \return pointer to the vector of local variables. If you modify this vector,
  ///         the ctree must be regenerated in order to have correct cast operators.
  ///         Use build_c_tree() for that.
  ///         Removing lvars should be done carefully: all references in ctree
  ///         and microcode must be corrected after that.
  lvars_t *hexapi get_lvars(void);

  /// Get stack offset delta.
  /// The local variable stack offsets retrieved by v.location.stkoff()
  /// should be adjusted before being used as stack frame offsets in IDA.
  /// \return the delta to apply.
  ///         example: ida_stkoff = v.location.stkoff() - f->get_stkoff_delta()
  sval_t hexapi get_stkoff_delta(void);

  /// Find the label.
  /// \return pointer to the ctree item with the specified label number.
  citem_t *hexapi find_label(int label);

  /// Remove unused labels.
  /// This function check what labels are really used by the function and
  /// removes the unused ones.
  void hexapi remove_unused_labels(void);

  /// Retrieve a user defined comment.
  /// \param loc ctree location
  /// \param rt should already retrieved comments retrieved again?
  /// \return pointer to the comment string or NULL
  const char *hexapi get_user_cmt(const treeloc_t &loc, cmt_retrieval_type_t rt) const;

  /// Set a user defined comment.
  /// This function stores the specified comment in the cfunc_t structure.
  /// The save_user_cmts() function must be called after it.
  /// \param loc ctree location
  /// \param cmt new comment. if empty or NULL, then an existing comment is deleted.
  void hexapi set_user_cmt(const treeloc_t &loc, const char *cmt);

  /// Retrieve citem iflags.
  /// \param loc citem locator
  /// \return \ref CIT_ or 0
  int32 hexapi get_user_iflags(const citem_locator_t &loc) const;

  /// Set citem iflags.
  /// \param loc citem locator
  /// \param iflags new iflags
  void hexapi set_user_iflags(const citem_locator_t &loc, int32 iflags);

  /// Check if there are orphan comments.
  bool hexapi has_orphan_cmts(void) const;

  /// Delete all orphan comments.
  /// The save_user_cmts() function must be called after this call.
  int hexapi del_orphan_cmts(void);

  /// Retrieve a user defined union field selection.
  /// \param ea address
  /// \param path out: path describing the union selection.
  /// \return pointer to the path or NULL
  bool hexapi get_user_union_selection(ea_t ea, intvec_t *path);

  /// Set a union field selection.
  /// The save_user_unions() function must be called after calling this function.
  /// \param ea address
  /// \param path in: path describing the union selection.
  void hexapi set_user_union_selection(ea_t ea, const intvec_t &path);

  /// Save user-defined labels into the database
  void save_user_labels(void) const { ::save_user_labels(entry_ea, user_labels); }
  /// Save user-defined comments into the database
  void save_user_cmts(void) const { ::save_user_cmts(entry_ea, user_cmts); }
  /// Save user-defined number formats into the database
  void save_user_numforms(void) const { ::save_user_numforms(entry_ea, numforms); }
  /// Save user-defined iflags into the database
  void save_user_iflags(void) const { ::save_user_iflags(entry_ea, user_iflags); }
  /// Save user-defined union field selections into the database
  void save_user_unions(void) const { ::save_user_unions(entry_ea, user_unions); }

  /// Get ctree item for the specified cursor position.
  /// \return false if failed to get the current item
  /// \param line line of decompilation text (element of \ref sv)
  /// \param x x cursor coordinate in the line
  /// \param is_ctree_line does the line belong to statement area? (if not, it is assumed to belong to the declaration area)
  /// \param phead ptr to the first item on the line (used to attach block comments). May be NULL
  /// \param pitem ptr to the current item. May be NULL
  /// \param ptail ptr to the last item on the line (used to attach indented comments). May be NULL
  /// \sa vdui_t::get_current_item()
  bool hexapi get_line_item(const char *line, int x, bool is_ctree_line, ctree_item_t *phead, ctree_item_t *pitem, ctree_item_t *ptail);

  /// Get information about decompilation warnings.
  /// \return reference to the vector of warnings
  hexwarns_t &hexapi get_warnings(void);

  /// Get pointer to ea->insn map.
  /// This function initializes eamap if not done yet.
  eamap_t &hexapi get_eamap(void);

  /// Get pointer to map of instruction boundaries.
  /// This function initializes the boundary map if not done yet.
  boundaries_t &hexapi get_boundaries(void);

  /// Get pointer to decompilation output: the pseudocode.
  /// This function generates pseudocode if not done yet.
  const strvec_t &hexapi get_pseudocode(void);

  bool hexapi gather_derefs(const ctree_item_t &ci, udt_type_data_t *udm=NULL) const;
  bool hexapi find_item_coords(const citem_t *item, int *px, int *py);
private:
  /// Cleanup.
  /// Properly delete all children and free memory.
  void hexapi cleanup(void);
  DECLARE_UNCOPYABLE(cfunc_t)
};
typedef qrefcnt_t<cfunc_t> cfuncptr_t;

/// \defgroup DECOMP_ decompile() flags
//@{
#define DECOMP_NO_WAIT  0x0001 ///< do not display waitbox
#define DECOMP_NO_CACHE 0x0002 ///< do not use decompilation cache
#define DECOMP_NO_FRAME 0x0004 ///< do not use function frame info (only snippet mode)
//@}


/// Decompile a snippet or a function.
/// \param mbr         what to decompile
/// \param hf          extended error information (if failed)
/// \param flags       bitwise combination of \ref DECOMP_... bits
/// \return pointer to the decompilation result (a reference counted pointer).
///         NULL if failed.

cfuncptr_t hexapi decompile(
        const mba_ranges_t &mbr,
        hexrays_failure_t *hf,
        int flags=0);



/// Decompile a function.
/// Multiple decompilations of the same function return the same object.
/// \param pfn pointer to function to decompile
/// \param hf  extended error information (if failed)
/// \return pointer to the decompilation result (a reference counted pointer).
///         NULL if failed.

inline cfuncptr_t decompile_func(func_t *pfn, hexrays_failure_t *hf)
{
  mba_ranges_t mbr(pfn);
  return decompile(mbr, hf, 0);
}


/// Decompile a snippet.
/// \param ranges    snippet ranges. ranges[0].start_ea is the entry point
/// \param hf        extended error information (if failed)
/// \param flags     bitwise combination of \ref DECOMP_... bits
/// \return pointer to the decompilation result (a reference counted pointer).
///         NULL if failed.

inline cfuncptr_t decompile_snippet(
        const rangevec_t &ranges,
        hexrays_failure_t *hf,
        int flags=0)
{
  mba_ranges_t mbr(ranges);
  return decompile(mbr, hf, flags);
}


/// Generate microcode of an arbitrary code snippet
/// \param mbr         snippet ranges
/// \param retlist     list of registers the snippet returns
/// \param hf          extended error information (if failed)
/// \param flags       bitwise combination of \ref DECOMP_... bits
/// \param reqmat      required microcode maturity
/// \return pointer to the microcode, NULL if failed.

mbl_array_t *hexapi gen_microcode(
        const mba_ranges_t &mbr,
        hexrays_failure_t *hf,
        const mlist_t *retlist=NULL,
        int flags=0,
        mba_maturity_t reqmat=MMAT_GLBOPT3);



/// Flush the cached decompilation results.
/// Erases a cache entry for the specified function.
/// \param ea function to erase from the cache
/// \param close_views close pseudocode windows that show the function
/// \return if a cache entry existed.

bool hexapi mark_cfunc_dirty(ea_t ea, bool close_views=false);


/// Flush all cached decompilation results.

void hexapi clear_cached_cfuncs(void);


/// Do we have a cached decompilation result for 'ea'?

bool hexapi has_cached_cfunc(ea_t ea);

//--------------------------------------------------------------------------
// Now cinsn_t class is defined, define the cleanup functions:
inline void cif_t::cleanup(void)     { delete ithen; delete ielse; }
inline void cloop_t::cleanup(void)   { delete body; }

/// Print item into one line.
/// \param vout output buffer
/// \param func parent function. This argument is used to find out the referenced variable names.
/// \return length of the generated text.

inline void citem_t::print1(qstring *vout, const cfunc_t *func) const
{
  if ( is_expr() )
    ((cexpr_t*)this)->print1(vout, func);
  else
    ((cinsn_t*)this)->print1(vout, func);
}

/// Get pointers to operands. at last one operand should be a number
/// o1 will be pointer to the number

inline bool cexpr_t::get_1num_op(cexpr_t **o1, cexpr_t **o2)
{
  if ( x->op == cot_num )
  {
    *o1 = x;
    *o2 = y;
  }
  else
  {
    if ( y->op != cot_num )
      return false;
    *o1 = y;
    *o2 = x;
  }
  return true;
}

inline bool cexpr_t::get_1num_op(const cexpr_t **o1, const cexpr_t **o2) const
{
  return CONST_CAST(cexpr_t*)(this)->get_1num_op(
         CONST_CAST(cexpr_t**)(o1),
         CONST_CAST(cexpr_t**)(o2));
}

inline citem_locator_t::citem_locator_t(const citem_t *i) : ea(i->ea), op(i->op)
{
}

const char *hexapi get_ctype_name(ctype_t op);
qstring hexapi create_field_name(const tinfo_t &type, uval_t offset=BADADDR);
typedef void *hexdsp_t(int code, ...);
const int64 HEXRAYS_API_MAGIC = 0x00DEC0DE00000002LL;

/// Decompiler events.
/// Use install_hexrays_callback() to install a handler for decompiler events.
/// When the possible return value is not specified, your callback
/// must return zero.
enum hexrays_event_t
{
  // When a function is decompiled, the following events occur:

  hxe_flowchart,        ///< Flowchart has been generated.
                        ///< qflow_chart_t *fc

  hxe_stkpnts,          ///< SP change points have been calculated.
                        ///< mbl_array_t *mba                                 \n
                        ///< stkpnts_t *stkpnts                               \n
                        ///< return \ref MERR_ code

  hxe_prolog,           ///< Prolog analysis has been finished.
                        ///< mbl_array_t *mba                                 \n
                        ///< qflow_chart_t *fc                                \n
                        ///< bitset_t *reachable_blocks
                        ///< return \ref MERR_ code

  hxe_microcode,        ///< Microcode has been generated.
                        ///< mbl_array_t *mba
                        ///< return \ref MERR_ code

  hxe_preoptimized,     ///< Microcode has been preoptimized.
                        ///< mbl_array_t *mba
                        ///< return \ref MERR_ code

  hxe_locopt,           ///< Basic block level optimization has been finished.
                        ///< mbl_array_t *mba
                        ///< return \ref MERR_ code

  hxe_prealloc,         ///< Local variables: preallocation step begins.      \n
                        ///< mbl_array_t *mba                                 \n
                        ///< This event may occur several times               \n
                        ///< Should return: 1 if modified microcode           \n
                        ///< Negative values are \ref MERR_ error codes

  hxe_glbopt,           ///< Global optimization has been finished.
                        ///< mbl_array_t *mba
                        ///< return \ref MERR_ code

  hxe_structural,       ///< Structural analysis has been finished.
                        ///< control_graph_t *ct

  hxe_maturity,         ///< Ctree maturity level is being changed.
                        ///< cfunc_t *cfunc                                   \n
                        ///< ctree_maturity_t new_maturity

  hxe_interr,           ///< Internal error has occurred.
                        ///< int errcode

  hxe_combine,          ///< Trying to combine instructions of basic block.
                        ///< mblock_t *blk                                    \n
                        ///< minsn_t *insn                                    \n
                        ///< Should return: 1 if combined the current instruction
                        ///< with a preceding one

  hxe_print_func,       ///< Printing ctree and generating text.
                        ///< cfunc_t *cfunc                                   \n
                        ///< vc_printer_t *vp                                 \n
                        ///< Returns: 1 if text has been generated by the plugin

  hxe_func_printed,     ///< Function text has been generated. Plugins may
                        ///< modify the text in \ref cfunc_t::sv.
                        ///< cfunc_t *cfunc

  hxe_resolve_stkaddrs, ///< The optimizer is about to resolve stack addresses.
                        ///< mbl_array_t *mba

  // User interface related events:

  hxe_open_pseudocode=100,
                        ///< New pseudocode view has been opened.
                        ///< vdui_t *vu

  hxe_switch_pseudocode,///< Existing pseudocode view has been reloaded
                        ///< with a new function. Its text has not been
                        ///< refreshed yet, only cfunc and mba pointers are ready.\n
                        ///< vdui_t *vu

  hxe_refresh_pseudocode,///< Existing pseudocode text has been refreshed.
                        ///< Adding/removing pseudocode lines is forbidden in this event.
                        ///< This event is obsolete, please use \ref hxe_func_printed.
                        ///< vdui_t *vu                                       \n
                        ///< See also hxe_text_ready, which happens earlier

  hxe_close_pseudocode, ///< Pseudocode view is being closed.
                        ///< vdui_t *vu

  hxe_keyboard,         ///< Keyboard has been hit.
                        ///< vdui_t *vu                                       \n
                        ///< int key_code (VK_...)                            \n
                        ///< int shift_state                                  \n
                        ///< Should return: 1 if the event has been handled

  hxe_right_click,      ///< Mouse right click.
                        ///< Use hxe_populating_popup instead, in case you
                        ///< want to add items in the popup menu.
                        ///< vdui_t *vu

  hxe_double_click,     ///< Mouse double click.
                        ///< vdui_t *vu                                       \n
                        ///< int shift_state                                  \n
                        ///< Should return: 1 if the event has been handled

  hxe_curpos,           ///< Current cursor position has been changed.
                        ///< (for example, by left-clicking or using keyboard)\n
                        ///< vdui_t *vu

  hxe_create_hint,      ///< Create a hint for the current item.
                        ///< vdui_t *vu                                       \n
                        ///< qstring *result_hint                             \n
                        ///< int *implines                                    \n
                        ///< Possible return values:                          \n
                        ///<  0: the event has not been handled               \n
                        ///<  1: hint has been created (should set *implines to nonzero as well)\n
                        ///<  2: hint has been created but the standard hints must be
                        ///<     appended by the decompiler

  hxe_text_ready,       ///< Decompiled text is ready.
                        ///< vdui_t *vu                                       \n
                        ///< This event can be used to modify the output text (sv).
                        ///< The text uses regular color codes (see lines.hpp)
                        ///< COLOR_ADDR is used to store pointers to ctree elements

  hxe_populating_popup, ///< Populating popup menu. We can add menu items now.
                        ///< TWidget *widget                                  \n
                        ///< TPopupMenu *popup_handle                         \n
                        ///< vdui_t *vu                                       \n

  lxe_lvar_name_changed,///< Local variable got renamed.
                        ///< vdui_t *vu                                       \n
                        ///< lvar_t *v                                        \n
                        ///< const char *name                                 \n
                        ///< bool is_user_name                                \n
                        ///< Please note that it is possible to read/write
                        ///< user settings for lvars directly from the idb.

  lxe_lvar_type_changed,///< Local variable type got changed.
                        ///< vdui_t *vu                                       \n
                        ///< lvar_t *v                                        \n
                        ///< const char *tinfo                                \n
                        ///< Please note that it is possible to read/write
                        ///< user settings for lvars directly from the idb.

  lxe_lvar_cmt_changed, ///< Local variable comment got changed.
                        ///< vdui_t *vu                                       \n
                        ///< lvar_t *v                                        \n
                        ///< const char *cmt                                  \n
                        ///< Please note that it is possible to read/write
                        ///< user settings for lvars directly from the idb.

  lxe_lvar_mapping_changed, ///< Local variable mapping got changed.
                        ///< vdui_t *vu                                       \n
                        ///< lvar_t *from                                     \n
                        ///< lvar_t *to                                       \n
                        ///< Please note that it is possible to read/write
                        ///< user settings for lvars directly from the idb.
};

/// Handler of decompiler events.
/// \param ud user data. the value specified at the handler installation time
///           is passed here.
/// \param event decompiler event code
/// \param va additional arguments
/// \return as a rule the callback must return 0 unless specified otherwise
///         in the event description.

typedef ssize_t idaapi hexrays_cb_t(void *ud, hexrays_event_t event, va_list va);


/// Install handler for decompiler events.
/// \param callback handler to install
/// \param ud user data. this pointer will be passed to your handler by the decompiler.
/// \return false if failed

bool hexapi install_hexrays_callback(hexrays_cb_t *callback, void *ud);

/// Uninstall handler for decompiler events.
/// \param callback handler to uninstall
/// \param ud user data. if NULL, all handler corresponding to \c callback is uninstalled.
///             if not NULL, only the callback instance with the specified \c ud value is uninstalled.
/// \return number of uninstalled handlers.

int hexapi remove_hexrays_callback(hexrays_cb_t *callback, void *ud);



//---------------------------------------------------------------------------
/// \defgroup vdui User interface definitions
//@{

/// Type of the input device.
/// How the user command has been invoked
enum input_device_t
{
  USE_KEYBOARD = 0,     ///< Keyboard
  USE_MOUSE = 1,        ///< Mouse
};
//@}

//---------------------------------------------------------------------------
/// Cursor position in the output text (pseudocode).
struct ctext_position_t
{
  int lnnum;            ///< Line number
  int x;                ///< x coordinate of the cursor within the window
  int y;                ///< y coordinate of the cursor within the window
  /// Is the cursor in the variable/type declaration area?
  /// \param hdrlines Number of lines of the declaration area
  bool in_ctree(int hdrlines) const { return lnnum >= hdrlines; }
  /// Comparison operators
  DECLARE_COMPARISONS(ctext_position_t)
  {
    if ( lnnum < r.lnnum ) return -1;
    if ( lnnum > r.lnnum ) return  1;
    if ( x < r.x ) return -1;
    if ( x > r.x ) return  1;
    return 0;
  }
  ctext_position_t(int _lnnum=-1, int _x=0, int _y=0)
    : lnnum(_lnnum), x(_x), y(_y) {}
};

/// Navigation history item.
/// Holds information about interactive decompilation history.
/// Currently this is not saved in the database.
struct history_item_t : public ctext_position_t
{
  ea_t ea;              ///< The entry address of the decompiled function
  ea_t end;             ///< BADADDR-decompile function; otherwise end of the range
  history_item_t(ea_t _ea=BADADDR, int _lnnum=-1, int _x=0, int _y=0)
    : ctext_position_t(_lnnum, _x, _y), ea(_ea), end(BADADDR) {}
  history_item_t(ea_t _ea, const ctext_position_t &p)
    : ctext_position_t(p), ea(_ea), end(BADADDR) {}
};

/// Navigation history.
typedef qstack<history_item_t> history_t;

/// Comment types
typedef int cmt_type_t;
const cmt_type_t
  CMT_NONE   = 0x0000,  ///< No comment is possible
  CMT_TAIL   = 0x0001,  ///< Indented comment
  CMT_BLOCK1 = 0x0002,  ///< Anterioir block comment
  CMT_BLOCK2 = 0x0004,  ///< Posterior block comment
  CMT_LVAR   = 0x0008,  ///< Local variable comment
  CMT_FUNC   = 0x0010,  ///< Function comment
  CMT_ALL    = 0x001F;  ///< All comments

//---------------------------------------------------------------------------
/// Information about pseudocode window
struct vdui_t
{
  int flags;            ///< \ref VDUI_
/// \defgroup VDUI_ Properties of pseudocode window
/// Used in vdui_t::flags
//@{
#define VDUI_VISIBLE 0x0001     ///< is visible?
#define VDUI_VALID   0x0002     ///< is valid?
#define VDUI_LOCKED  0x0004     ///< is locked?
//@}

  /// Is the pseudocode window visible?
  /// if not, it might be invisible or destroyed
  bool visible(void) const { return (flags & VDUI_VISIBLE) != 0; }
  /// Does the pseudocode window contain valid code?
  /// It can become invalid if the function type gets changed in IDA.
  bool valid(void) const { return (flags & VDUI_VALID) != 0; }
  /// Does the pseudocode window contain valid code?
  /// We lock windows before modifying them
  bool locked(void) const { return (flags &