Latest available version: IDA and decompilers v8.3.230608 see all releases
Hex-Rays logo State-of-the-art binary code analysis tools
email icon
You are here: Hex Rays > Decompiler Manual > SDK Reference
hexrays.hpp
Go to the documentation of this file.
1/*!
2 * Hex-Rays Decompiler project
3 * Copyright (c) 1990-2023 Hex-Rays
4 * ALL RIGHTS RESERVED.
5 * \mainpage
6 * There are 2 representations of the binary code in the decompiler:
7 * - microcode: processor instructions are translated into it and then
8 * the decompiler optimizes and transforms it
9 * - ctree: ctree is built from the optimized microcode and represents
10 * AST-like tree with C statements and expressions. It can
11 * be printed as C code.
12 *
13 * Microcode is represented by the following classes:
14 * - mba_t keeps general info about the decompiled code and
15 * array of basic blocks. usually mba_t is named 'mba'
16 * - mblock_t a basic block. includes list of instructions
17 * - minsn_t an instruction. contains 3 operands: left, right, and
18 * destination
19 * - mop_t an operand. depending on its type may hold various info
20 * like a number, register, stack variable, etc.
21 * - mlist_t list of memory or register locations; can hold vast areas
22 * of memory and multiple registers. this class is used
23 * very extensively in the decompiler. it may represent
24 * list of locations accessed by an instruction or even
25 * an entire basic block. it is also used as argument of
26 * many functions. for example, there is a function
27 * that searches for an instruction that refers to a mlist_t.
28
29 * See https://www.hex-rays.com/blog/microcode-in-pictures for some pictures.
30 *
31 * Ctree is represented by:
32 * - cfunc_t keeps general info about the decompiled code, including a
33 * pointer to mba_t. deleting cfunc_t will delete
34 * mba_t too (however, decompiler returns cfuncptr_t,
35 * which is a reference counting object and deletes the
36 * underlying function as soon as all references to it go
37 * out of scope). cfunc_t has 'body', which represents the
38 * decompiled function body as cinsn_t.
39 * - cinsn_t a C statement. can be a compound statement or any other
40 * legal C statements (like if, for, while, return,
41 * expression-statement, etc). depending on the statement
42 * type has pointers to additional info. for example, the
43 * 'if' statement has poiner to cif_t, which holds the
44 * 'if' condition, 'then' branch, and optionally 'else'
45 * branch. Please note that despite of the name cinsn_t
46 * we say "statements", not "instructions". For us
47 * instructions are part of microcode, not ctree.
48 * - cexpr_t a C expression. is used as part of a C statement, when
49 * necessary. cexpr_t has 'type' field, which keeps the
50 * expression type.
51 * - citem_t a base class for cinsn_t and cexpr_t, holds common info
52 * like the address, label, and opcode.
53 * - cnumber_t a constant 64-bit number. in addition to its value also
54 * holds information how to represent it: decimal, hex, or
55 * as a symbolic constant (enum member). please note that
56 * numbers are represented by another class (mnumber_t)
57 * in microcode.
58
59 * See https://www.hex-rays.com/blog/hex-rays-decompiler-primer
60 * for some pictures and more details.
61 *
62 * Both microcode and ctree use the following class:
63 * - lvar_t a local variable. may represent a stack or register
64 * variable. a variable has a name, type, location, etc.
65 * the list of variables is stored in mba->vars.
66 * - lvar_locator_t holds a variable location (vdloc_t) and its definition
67 * address.
68 * - vdloc_t describes a variable location, like a register number,
69 * a stack offset, or, in complex cases, can be a mix of
70 * register and stack locations. very similar to argloc_t,
71 * which is used in ida. the differences between argloc_t
72 * and vdloc_t are:
73 * - vdloc_t never uses ARGLOC_REG2
74 * - vdloc_t uses micro register numbers instead of
75 * processor register numbers
76 * - the stack offsets are never negative in vdloc_t, while
77 * in argloc_t there can be negative offsets
78 *
79 * The above are the most important classes in this header file. There are
80 * many auxiliary classes, please see their definitions in the header file.
81 *
82 * See also the description of \ref vmpage.
83 *
84 */
85
86#ifndef __HEXRAYS_HPP
87#define __HEXRAYS_HPP
88
89#include <pro.h>
90#include <fpro.h>
91#include <ida.hpp>
92#include <idp.hpp>
93#include <gdl.hpp>
94#include <ieee.h>
95#include <loader.hpp>
96#include <kernwin.hpp>
97#include <typeinf.hpp>
98#include <deque>
99#include <queue>
100
101/*!
102 * \page vmpage Virtual Machine used by Microcode
103 * We can imagine a virtual micro machine that executes microcode.
104 * This virtual micro machine has many registers.
105 * Each register is 8 bits wide. During translation of processor
106 * instructions into microcode, multibyte processor registers are mapped
107 * to adjacent microregisters. Processor condition codes are also
108 * represented by microregisters. The microregisters are grouped
109 * into following groups:
110 * - 0..7: condition codes
111 * - 8..n: all processor registers (including fpu registers, if necessary)
112 * this range may also include temporary registers used during
113 * the initial microcode generation
114 * - n.. : so called kernel registers; they are used during optimization
115 * see is_kreg()
116 *
117 * Each micro-instruction (minsn_t) has zero to three operands.
118 * Some of the possible operands types are:
119 * - immediate value
120 * - register
121 * - memory reference
122 * - result of another micro-instruction
123 *
124 * The operands (mop_t) are l (left), r (right), d (destination).
125 * An example of a microinstruction:
126 *
127 * add r0.4, #8.4, r2.4
128 *
129 * which means 'add constant 8 to r0 and place the result into r2'.
130 * where
131 * - the left operand is 'r0', its size is 4 bytes (r0.4)
132 * - the right operand is a constant '8', its size is 4 bytes (#8.4)
133 * - the destination operand is 'r2', its size is 4 bytes (r2.4)
134 * Note that 'd' is almost always the destination but there are exceptions.
135 * See mcode_modifies_d(). For example, stx does not modify 'd'.
136 * See the opcode map below for the list of microinstructions and their
137 * operands. Most instructions are very simple and do not need
138 * detailed explanations. There are no side effects in microinstructions.
139 *
140 * Each operand has a size specifier. The following sizes can be used in
141 * practically all contexts: 1, 2, 4, 8, 16 bytes. Floating types may have
142 * other sizes. Functions may return objects of arbitrary size, as well as
143 * operations upon UDT's (user-defined types, i.e. are structs and unions).
144 *
145 * Memory is considered to consist of several segments.
146 * A memory reference is made using a (selector, offset) pair.
147 * A selector is always 2 bytes long. An offset can be 4 or 8 bytes long,
148 * depending on the bitness of the target processor.
149 * Currently the selectors are not used very much. The decompiler tries to
150 * resolve (selector, offset) pairs into direct memory references at each
151 * opportunity and then operates on mop_v operands. In other words,
152 * while the decompiler can handle segmented memory models, internally
153 * it still uses simple linear addresses.
154 *
155 * The following memory regions are recognized:
156 * - GLBLOW global memory: low part, everything below the stack
157 * - LVARS stack: local variables
158 * - RETADDR stack: return address
159 * - SHADOW stack: shadow arguments
160 * - ARGS stack: regular stack arguments
161 * - GLBHIGH global memory: high part, everything above the stack
162 * Any stack region may be empty. Objects residing in one memory region
163 * are considered to be completely distinct from objects in other regions.
164 * We allocate the stack frame in some memory region, which is not
165 * allocated for any purposes in IDA. This permits us to use linear addresses
166 * for all memory references, including the stack frame.
167 *
168 * If the operand size is bigger than 1 then the register
169 * operand references a block of registers. For example:
170 *
171 * ldc #1.4, r8.4
172 *
173 * loads the constant 1 to registers 8, 9, 10, 11:
174 *
175 * #1 -> r8
176 * #0 -> r9
177 * #0 -> r10
178 * #0 -> r11
179 *
180 * This example uses little-endian byte ordering.
181 * Big-endian byte ordering is supported too. Registers are always little-
182 * endian, regardless of the memory endianness.
183 *
184 * Each instruction has 'next' and 'prev' fields that are used to form
185 * a doubly linked list. Such lists are present for each basic block (mblock_t).
186 * Basic blocks have other attributes, including:
187 * - dead_at_start: list of dead locations at the block start
188 * - maybuse: list of locations the block may use
189 * - maybdef: list of locations the block may define (or spoil)
190 * - mustbuse: list of locations the block will certainly use
191 * - mustbdef: list of locations the block will certainly define
192 * - dnu: list of locations the block will certainly define
193 * but will not use (registers or non-aliasable stkack vars)
194 *
195 * These lists are represented by the mlist_t class. It consists of 2 parts:
196 * - rlist_t: list of microregisters (possibly including virtual stack locations)
197 * - ivlset_t: list of memory locations represented as intervals
198 * we use linear addresses in this list.
199 * The mlist_t class is used quite often. For example, to find what an operand
200 * can spoil, we build its 'maybe-use' list. Then we can find out if this list
201 * is accessed using the is_accessed() or is_accessed_globally() functions.
202 *
203 * All basic blocks of the decompiled function constitute an array called
204 * mba_t (array of microblocks). This is a huge class that has too
205 * many fields to describe here (some of the fields are not visible in the sdk)
206 * The most importants ones are:
207 * - stack frame: frregs, stacksize, etc
208 * - memory: aliased, restricted, and other ranges
209 * - type: type of the current function, its arguments (argidx) and
210 * local variables (vars)
211 * - natural: array of pointers to basic blocks. the basic blocks
212 * are also accessible as a doubly linked list starting from 'blocks'.
213 * - bg: control flow graph. the graph gives access to the use-def
214 * chains that describe data dependencies between basic blocks
215 *
216 * Facilities for debugging decompiler plugins:
217 * Many decompiler objects have a member function named dstr().
218 * These functions create a text representation of the object and return
219 * a pointer to it. They are very convenient to use in a debugger instead of
220 * inspecting class fields manually. The mba_t object does not have the
221 * dstr() function because its text representation very long. Instead, we
222 * provide the mba_t::dump_mba() and mba_t::dump() functions.
223 *
224 * To ensure that your plugin manipulates the microcode in a correct way,
225 * please call mba_t::verify() before returning control to the decompiler.
226 *
227 */
228
229#ifdef __NT__
230#pragma warning(push)
231#pragma warning(disable:4062) // enumerator 'x' in switch of enum 'y' is not handled
232#pragma warning(disable:4265) // virtual functions without virtual destructor
233#endif
234
235#define hexapi ///< Public functions are marked with this keyword
236
237// Warning suppressions for PVS Studio:
238//-V:2:654 The condition '2' of loop is always true.
239//-V::719 The switch statement does not cover all values
240//-V:verify:678
241//-V:chain_keeper_t:690 copy ctr will be generated
242//-V:add_block:656 call to the same function
243//-V:add:792 The 'add' function located to the right of the operator '|' will be called regardless of the value of the left operand
244//-V:sub:792 The 'sub' function located to the right of the operator '|' will be called regardless of the value of the left operand
245//-V:intersect:792 The 'intersect' function located to the right of the operator '|' will be called regardless of the value of the left operand
246// Lint suppressions:
247//lint -sem(mop_t::_make_cases, custodial(1))
248//lint -sem(mop_t::_make_pair, custodial(1))
249//lint -sem(mop_t::_make_callinfo, custodial(1))
250//lint -sem(mop_t::_make_insn, custodial(1))
251//lint -sem(mop_t::make_insn, custodial(1))
252
253// Microcode level forward definitions:
254class mop_t; // microinstruction operand
255class mop_pair_t; // pair of operands. example, :(edx.4,eax.4).8
256class mop_addr_t; // address of an operand. example: &global_var
257class mcallinfo_t; // function call info. example: <cdecl:"int x" #10.4>.8
258class mcases_t; // jump table cases. example: {0 => 12, 1 => 13}
259class minsn_t; // microinstruction
260class mblock_t; // basic block
261class mba_t; // array of blocks, represents microcode for a function
262class codegen_t; // helper class to generate the initial microcode
263class mbl_graph_t; // control graph of microcode
264struct vdui_t; // widget representing the pseudocode window
265struct hexrays_failure_t; // decompilation failure object, is thrown by exceptions
266struct mba_stats_t; // statistics about decompilation of a function
267struct mlist_t; // list of memory and register locations
268struct voff_t; // value offset (microregister number or stack offset)
269typedef std::set<voff_t> voff_set_t;
270struct vivl_t; // value interval (register or stack range)
271typedef int mreg_t; ///< Micro register
272
273// Ctree level forward definitions:
274struct cfunc_t; // result of decompilation, the highest level object
275struct citem_t; // base class for cexpr_t and cinsn_t
276struct cexpr_t; // C expression
277struct cinsn_t; // C statement
278struct cblock_t; // C statement block (sequence of statements)
279struct cswitch_t; // C switch statement
280struct carg_t; // call argument
281struct carglist_t; // vector of call arguments
282
283typedef std::set<ea_t> easet_t;
284typedef std::set<minsn_t *> minsn_ptr_set_t;
285typedef std::set<qstring> strings_t;
286typedef qvector<minsn_t*> minsnptrs_t;
287typedef qvector<mop_t*> mopptrs_t;
288typedef qvector<mop_t> mopvec_t;
289typedef qvector<uint64> uint64vec_t;
290typedef qvector<mreg_t> mregvec_t;
291typedef qrefcnt_t<cfunc_t> cfuncptr_t;
292
293// Function frames must be smaller than this value, otherwise
294// the decompiler will bail out with MERR_HUGESTACK
295#define MAX_SUPPORTED_STACK_SIZE 0x100000 // 1MB
296
297//-------------------------------------------------------------------------
298// Original version of macro DEFINE_MEMORY_ALLOCATION_FUNCS
299// (uses decompiler-specific memory allocation functions)
300#define HEXRAYS_PLACEMENT_DELETE void operator delete(void *, void *) {}
301#define HEXRAYS_MEMORY_ALLOCATION_FUNCS() \
302 void *operator new (size_t _s) { return hexrays_alloc(_s); } \
303 void *operator new[](size_t _s) { return hexrays_alloc(_s); } \
304 void *operator new(size_t /*size*/, void *_v) { return _v; } \
305 void operator delete (void *_blk) { hexrays_free(_blk); } \
306 void operator delete[](void *_blk) { hexrays_free(_blk); } \
307 HEXRAYS_PLACEMENT_DELETE
308
309void *hexapi hexrays_alloc(size_t size);
310void hexapi hexrays_free(void *ptr);
311
312typedef uint64 uvlr_t;
313typedef int64 svlr_t;
314enum { MAX_VLR_SIZE = sizeof(uvlr_t) };
315const uvlr_t MAX_VALUE = uvlr_t(-1);
316const svlr_t MAX_SVALUE = svlr_t(uvlr_t(-1) >> 1);
317const svlr_t MIN_SVALUE = ~MAX_SVALUE;
318
319enum cmpop_t
320{ // the order of comparisons is the same as in microcode opcodes
321 CMP_NZ,
322 CMP_Z,
323 CMP_AE,
324 CMP_B,
325 CMP_A,
326 CMP_BE,
327 CMP_GT,
328 CMP_GE,
329 CMP_LT,
330 CMP_LE,
331};
332
333//-------------------------------------------------------------------------
334// value-range class to keep possible operand value(s).
335class valrng_t
336{
337protected:
338 int flags;
339#define VLR_TYPE 0x0F // valrng_t type
340#define VLR_NONE 0x00 // no values
341#define VLR_ALL 0x01 // all values
342#define VLR_IVLS 0x02 // union of disjoint intervals
343#define VLR_RANGE 0x03 // strided range
344#define VLR_SRANGE 0x04 // strided range with signed bound
345#define VLR_BITS 0x05 // known bits
346#define VLR_SECT 0x06 // intersection of sub-ranges
347 // each sub-range should be simple or union
348#define VLR_UNION 0x07 // union of sub-ranges
349 // each sub-range should be simple or
350 // intersection
351#define VLR_UNK 0x08 // unknown value (like 'null' in SQL)
352 int size; // operand size: 1..8 bytes
353 // all values must fall within the size
354 union
355 {
356 struct // VLR_RANGE/VLR_SRANGE
357 { // values that are between VALUE and LIMIT
358 // and conform to: value+stride*N
359 uvlr_t value; // initial value
360 uvlr_t limit; // final value
361 // we adjust LIMIT to be on the STRIDE lattice
362 svlr_t stride; // stride between values
363 };
364 struct // VLR_BITS
365 {
366 uvlr_t zeroes; // bits known to be clear
367 uvlr_t ones; // bits known to be set
368 };
369 char reserved[sizeof(qvector<int>)];
370 // VLR_IVLS/VLR_SECT/VLR_UNION
371 };
372 void hexapi clear(void);
373 void hexapi copy(const valrng_t &r);
374 valrng_t &hexapi assign(const valrng_t &r);
375
376public:
377 explicit valrng_t(int size_ = MAX_VLR_SIZE)
378 : flags(VLR_NONE), size(size_), value(0), limit(0), stride(0) {}
379 valrng_t(const valrng_t &r) { copy(r); }
380 ~valrng_t(void) { clear(); }
381 valrng_t &operator=(const valrng_t &r) { return assign(r); }
382 void swap(valrng_t &r) { qswap(*this, r); }
383 DECLARE_COMPARISONS(valrng_t);
384 DEFINE_MEMORY_ALLOCATION_FUNCS()
385
386 void set_none(void) { clear(); }
387 void set_all(void) { clear(); flags = VLR_ALL; }
388 void set_unk(void) { clear(); flags = VLR_UNK; }
389 void hexapi set_eq(uvlr_t v);
390 void hexapi set_cmp(cmpop_t cmp, uvlr_t _value);
391
392 // reduce size
393 // it takes the low part of size NEW_SIZE
394 // it returns "true" if size is changed successfully.
395 // e.g.: valrng_t vr(2); vr.set_eq(0x1234);
396 // vr.reduce_size(1);
397 // uvlr_t v; vr.cvt_to_single_value(&v);
398 // assert(v == 0x34);
399 bool hexapi reduce_size(int new_size);
400
401 // Perform intersection or union or inversion.
402 // \return did we change something in THIS?
403 bool hexapi intersect_with(const valrng_t &r);
404 bool hexapi unite_with(const valrng_t &r);
405 void hexapi inverse(); // works for VLR_IVLS only
406
407 bool empty(void) const { return flags == VLR_NONE; }
408 bool all_values(void) const { return flags == VLR_ALL; }
409 bool is_unknown(void) const { return flags == VLR_UNK; }
410 bool hexapi has(uvlr_t v) const;
411
412 void hexapi print(qstring *vout) const;
413 const char *hexapi dstr(void) const;
414
415 bool hexapi cvt_to_single_value(uvlr_t *v) const;
416 bool hexapi cvt_to_cmp(cmpop_t *cmp, uvlr_t *val, bool strict) const;
417
418 int get_size() const { return size; }
419 static uvlr_t max_value(int size_)
420 {
421 return size_ == MAX_VLR_SIZE
422 ? MAX_VALUE
423 : (uvlr_t(1) << (size_ * 8)) - 1;
424 }
425 static uvlr_t min_svalue(int size_)
426 {
427 return size_ == MAX_VLR_SIZE
428 ? MIN_SVALUE
429 : (uvlr_t(1) << (size_ * 8 - 1));
430 }
431 static uvlr_t max_svalue(int size_)
432 {
433 return size_ == MAX_VLR_SIZE
434 ? MAX_SVALUE
435 : (uvlr_t(1) << (size_ * 8 - 1)) - 1;
436 }
437 uvlr_t max_value() const { return max_value(size); }
438 uvlr_t min_svalue() const { return min_svalue(size); }
439 uvlr_t max_svalue() const { return max_svalue(size); }
440};
441DECLARE_TYPE_AS_MOVABLE(valrng_t);
442
443//-------------------------------------------------------------------------
444// Are we looking for 'must access' or 'may access' information?
445// 'must access' means that the code will always access the specified location(s)
446// 'may access' means that the code may in some cases access the specified location(s)
447// Example: ldx cs.2, r0.4, r1.4
448// MUST_ACCESS: r0.4 and r1.4, usually displayed as r0.8 because r0 and r1 are adjacent
449// MAY_ACCESS: r0.4 and r1.4, and all aliasable memory, because
450// ldx may access any part of the aliasable memory
451typedef int maymust_t;
452const maymust_t
453 // One of the following two bits should be specified:
454 MUST_ACCESS = 0x00, // access information we can count on
455 MAY_ACCESS = 0x01, // access information we should take into account
456 // Optionally combined with the following bits:
457 MAYMUST_ACCESS_MASK = 0x01,
458
459 ONE_ACCESS_TYPE = 0x20, // for find_first_use():
460 // use only the specified maymust access type
461 // (by default it inverts the access type for def-lists)
462 INCLUDE_SPOILED_REGS = 0x40, // for build_def_list() with MUST_ACCESS:
463 // include spoiled registers in the list
464 EXCLUDE_PASS_REGS = 0x80, // for build_def_list() with MAY_ACCESS:
465 // exclude pass_regs from the list
466 FULL_XDSU = 0x100, // for build_def_list():
467 // if xds/xdu source and targets are the same
468 // treat it as if xdsu redefines the entire destination
469 WITH_ASSERTS = 0x200, // for find_first_use():
470 // do not ignore assertions
471 EXCLUDE_VOLATILE = 0x400, // for build_def_list():
472 // exclude volatile memory from the list
473 INCLUDE_UNUSED_SRC = 0x800, // for build_use_list():
474 // do not exclude unused source bytes for m_and/m_or insns
475 INCLUDE_DEAD_RETREGS = 0x1000, // for build_def_list():
476 // include dead returned registers in the list
477 INCLUDE_RESTRICTED = 0x2000,// for MAY_ACCESS: include restricted memory
478 CALL_SPOILS_ONLY_ARGS = 0x4000;// for build_def_list() & MAY_ACCESS:
479 // do not include global memory into the
480 // spoiled list of a call
481
482inline THREAD_SAFE bool is_may_access(maymust_t maymust)
483{
484 return (maymust & MAYMUST_ACCESS_MASK) != MUST_ACCESS;
485}
486
487//-------------------------------------------------------------------------
488/// \defgroup MERR_ Microcode error codes
489//@{
490enum merror_t
491{
492 MERR_OK = 0, ///< ok
493 MERR_BLOCK = 1, ///< no error, switch to new block
494 MERR_INTERR = -1, ///< internal error
495 MERR_INSN = -2, ///< cannot convert to microcode
496 MERR_MEM = -3, ///< not enough memory
497 MERR_BADBLK = -4, ///< bad block found
498 MERR_BADSP = -5, ///< positive sp value has been found
499 MERR_PROLOG = -6, ///< prolog analysis failed
500 MERR_SWITCH = -7, ///< wrong switch idiom
501 MERR_EXCEPTION = -8, ///< exception analysis failed
502 MERR_HUGESTACK = -9, ///< stack frame is too big
503 MERR_LVARS = -10, ///< local variable allocation failed
504 MERR_BITNESS = -11, ///< 16-bit functions cannot be decompiled
505 MERR_BADCALL = -12, ///< could not determine call arguments
506 MERR_BADFRAME = -13, ///< function frame is wrong
507 MERR_UNKTYPE = -14, ///< undefined type %s (currently unused error code)
508 MERR_BADIDB = -15, ///< inconsistent database information
509 MERR_SIZEOF = -16, ///< wrong basic type sizes in compiler settings
510 MERR_REDO = -17, ///< redecompilation has been requested
511 MERR_CANCELED = -18, ///< decompilation has been cancelled
512 MERR_RECDEPTH = -19, ///< max recursion depth reached during lvar allocation
513 MERR_OVERLAP = -20, ///< variables would overlap: %s
514 MERR_PARTINIT = -21, ///< partially initialized variable %s
515 MERR_COMPLEX = -22, ///< too complex function
516 MERR_LICENSE = -23, ///< no license available
517 MERR_ONLY32 = -24, ///< only 32-bit functions can be decompiled for the current database
518 MERR_ONLY64 = -25, ///< only 64-bit functions can be decompiled for the current database
519 MERR_BUSY = -26, ///< already decompiling a function
520 MERR_FARPTR = -27, ///< far memory model is supported only for pc
521 MERR_EXTERN = -28, ///< special segments cannot be decompiled
522 MERR_FUNCSIZE = -29, ///< too big function
523 MERR_BADRANGES = -30, ///< bad input ranges
524 MERR_BADARCH = -31, ///< current architecture is not supported
525 MERR_DSLOT = -32, ///< bad instruction in the delay slot
526 MERR_STOP = -33, ///< no error, stop the analysis
527 MERR_CLOUD = -34, ///< cloud: %s
528 MERR_MAX_ERR = 34,
529 MERR_LOOP = -35, ///< internal code: redo last loop (never reported)
530};
531//@}
532
533/// Get textual description of an error code
534/// \param out the output buffer for the error description
535/// \param code \ref MERR_
536/// \param mba the microcode array
537/// \return the error address
538
539ea_t hexapi get_merror_desc(qstring *out, merror_t code, mba_t *mba);
540
541//-------------------------------------------------------------------------
542// List of microinstruction opcodes.
543// The order of setX and jX insns is important, it is used in the code.
544
545// Instructions marked with *F may have the FPINSN bit set and operate on fp values
546// Instructions marked with +F must have the FPINSN bit set. They always operate on fp values
547// Other instructions do not operate on fp values.
548
549enum mcode_t
550{
551 m_nop = 0x00, // nop // no operation
552 m_stx = 0x01, // stx l, {r=sel, d=off} // store register to memory *F
553 m_ldx = 0x02, // ldx {l=sel,r=off}, d // load register from memory *F
554 m_ldc = 0x03, // ldc l=const, d // load constant
555 m_mov = 0x04, // mov l, d // move *F
556 m_neg = 0x05, // neg l, d // negate
557 m_lnot = 0x06, // lnot l, d // logical not
558 m_bnot = 0x07, // bnot l, d // bitwise not
559 m_xds = 0x08, // xds l, d // extend (signed)
560 m_xdu = 0x09, // xdu l, d // extend (unsigned)
561 m_low = 0x0A, // low l, d // take low part
562 m_high = 0x0B, // high l, d // take high part
563 m_add = 0x0C, // add l, r, d // l + r -> dst
564 m_sub = 0x0D, // sub l, r, d // l - r -> dst
565 m_mul = 0x0E, // mul l, r, d // l * r -> dst
566 m_udiv = 0x0F, // udiv l, r, d // l / r -> dst
567 m_sdiv = 0x10, // sdiv l, r, d // l / r -> dst
568 m_umod = 0x11, // umod l, r, d // l % r -> dst
569 m_smod = 0x12, // smod l, r, d // l % r -> dst
570 m_or = 0x13, // or l, r, d // bitwise or
571 m_and = 0x14, // and l, r, d // bitwise and
572 m_xor = 0x15, // xor l, r, d // bitwise xor
573 m_shl = 0x16, // shl l, r, d // shift logical left
574 m_shr = 0x17, // shr l, r, d // shift logical right
575 m_sar = 0x18, // sar l, r, d // shift arithmetic right
576 m_cfadd = 0x19, // cfadd l, r, d=carry // calculate carry bit of (l+r)
577 m_ofadd = 0x1A, // ofadd l, r, d=overf // calculate overflow bit of (l+r)
578 m_cfshl = 0x1B, // cfshl l, r, d=carry // calculate carry bit of (l<<r)
579 m_cfshr = 0x1C, // cfshr l, r, d=carry // calculate carry bit of (l>>r)
580 m_sets = 0x1D, // sets l, d=byte SF=1 Sign
581 m_seto = 0x1E, // seto l, r, d=byte OF=1 Overflow of (l-r)
582 m_setp = 0x1F, // setp l, r, d=byte PF=1 Unordered/Parity *F
583 m_setnz = 0x20, // setnz l, r, d=byte ZF=0 Not Equal *F
584 m_setz = 0x21, // setz l, r, d=byte ZF=1 Equal *F
585 m_setae = 0x22, // setae l, r, d=byte CF=0 Unsigned Above or Equal *F
586 m_setb = 0x23, // setb l, r, d=byte CF=1 Unsigned Below *F
587 m_seta = 0x24, // seta l, r, d=byte CF=0 & ZF=0 Unsigned Above *F
588 m_setbe = 0x25, // setbe l, r, d=byte CF=1 | ZF=1 Unsigned Below or Equal *F
589 m_setg = 0x26, // setg l, r, d=byte SF=OF & ZF=0 Signed Greater
590 m_setge = 0x27, // setge l, r, d=byte SF=OF Signed Greater or Equal
591 m_setl = 0x28, // setl l, r, d=byte SF!=OF Signed Less
592 m_setle = 0x29, // setle l, r, d=byte SF!=OF | ZF=1 Signed Less or Equal
593 m_jcnd = 0x2A, // jcnd l, d // d is mop_v or mop_b
594 m_jnz = 0x2B, // jnz l, r, d // ZF=0 Not Equal *F
595 m_jz = 0x2C, // jz l, r, d // ZF=1 Equal *F
596 m_jae = 0x2D, // jae l, r, d // CF=0 Unsigned Above or Equal *F
597 m_jb = 0x2E, // jb l, r, d // CF=1 Unsigned Below *F
598 m_ja = 0x2F, // ja l, r, d // CF=0 & ZF=0 Unsigned Above *F
599 m_jbe = 0x30, // jbe l, r, d // CF=1 | ZF=1 Unsigned Below or Equal *F
600 m_jg = 0x31, // jg l, r, d // SF=OF & ZF=0 Signed Greater
601 m_jge = 0x32, // jge l, r, d // SF=OF Signed Greater or Equal
602 m_jl = 0x33, // jl l, r, d // SF!=OF Signed Less
603 m_jle = 0x34, // jle l, r, d // SF!=OF | ZF=1 Signed Less or Equal
604 m_jtbl = 0x35, // jtbl l, r=mcases // Table jump
605 m_ijmp = 0x36, // ijmp {r=sel, d=off} // indirect unconditional jump
606 m_goto = 0x37, // goto l // l is mop_v or mop_b
607 m_call = 0x38, // call l d // l is mop_v or mop_b or mop_h
608 m_icall = 0x39, // icall {l=sel, r=off} d // indirect call
609 m_ret = 0x3A, // ret
610 m_push = 0x3B, // push l
611 m_pop = 0x3C, // pop d
612 m_und = 0x3D, // und d // undefine
613 m_ext = 0x3E, // ext in1, in2, out1 // external insn, not microcode *F
614 m_f2i = 0x3F, // f2i l, d int(l) => d; convert fp -> integer +F
615 m_f2u = 0x40, // f2u l, d uint(l)=> d; convert fp -> uinteger +F
616 m_i2f = 0x41, // i2f l, d fp(l) => d; convert integer -> fp +F
617 m_u2f = 0x42, // i2f l, d fp(l) => d; convert uinteger -> fp +F
618 m_f2f = 0x43, // f2f l, d l => d; change fp precision +F
619 m_fneg = 0x44, // fneg l, d -l => d; change sign +F
620 m_fadd = 0x45, // fadd l, r, d l + r => d; add +F
621 m_fsub = 0x46, // fsub l, r, d l - r => d; subtract +F
622 m_fmul = 0x47, // fmul l, r, d l * r => d; multiply +F
623 m_fdiv = 0x48, // fdiv l, r, d l / r => d; divide +F
624#define m_max 0x49 // first unused opcode
625};
626
627/// Must an instruction with the given opcode be the last one in a block?
628/// Such opcodes are called closing opcodes.
629/// \param mcode instruction opcode
630/// \param including_calls should m_call/m_icall be considered as the closing opcodes?
631/// If this function returns true, the opcode cannot appear in the middle
632/// of a block. Calls are a special case: unknown calls (\ref is_unknown_call)
633/// are considered as closing opcodes.
634
635THREAD_SAFE bool hexapi must_mcode_close_block(mcode_t mcode, bool including_calls);
636
637
638/// May opcode be propagated?
639/// Such opcodes can be used in sub-instructions (nested instructions)
640/// There is a handful of non-propagatable opcodes, like jumps, ret, nop, etc
641/// All other regular opcodes are propagatable and may appear in a nested
642/// instruction.
643
644THREAD_SAFE bool hexapi is_mcode_propagatable(mcode_t mcode);
645
646
647// Is add or sub instruction?
648inline THREAD_SAFE bool is_mcode_addsub(mcode_t mcode) { return mcode == m_add || mcode == m_sub; }
649// Is xds or xdu instruction? We use 'xdsu' as a shortcut for 'xds or xdu'
650inline THREAD_SAFE bool is_mcode_xdsu(mcode_t mcode) { return mcode == m_xds || mcode == m_xdu; }
651// Is a 'set' instruction? (an instruction that sets a condition code)
652inline THREAD_SAFE bool is_mcode_set(mcode_t mcode) { return mcode >= m_sets && mcode <= m_setle; }
653// Is a 1-operand 'set' instruction? Only 'sets' is in this group
654inline THREAD_SAFE bool is_mcode_set1(mcode_t mcode) { return mcode == m_sets; }
655// Is a 1-operand conditional jump instruction? Only 'jcnd' is in this group
656inline THREAD_SAFE bool is_mcode_j1(mcode_t mcode) { return mcode == m_jcnd; }
657// Is a conditional jump?
658inline THREAD_SAFE bool is_mcode_jcond(mcode_t mcode) { return mcode >= m_jcnd && mcode <= m_jle; }
659// Is a 'set' instruction that can be converted into a conditional jump?
660inline THREAD_SAFE bool is_mcode_convertible_to_jmp(mcode_t mcode) { return mcode >= m_setnz && mcode <= m_setle; }
661// Is a conditional jump instruction that can be converted into a 'set'?
662inline THREAD_SAFE bool is_mcode_convertible_to_set(mcode_t mcode) { return mcode >= m_jnz && mcode <= m_jle; }
663// Is a call instruction? (direct or indirect)
664inline THREAD_SAFE bool is_mcode_call(mcode_t mcode) { return mcode == m_call || mcode == m_icall; }
665// Must be an FPU instruction?
666inline THREAD_SAFE bool is_mcode_fpu(mcode_t mcode) { return mcode >= m_f2i; }
667// Is a commutative instruction?
668inline THREAD_SAFE bool is_mcode_commutative(mcode_t mcode)
669{
670 return mcode == m_add
671 || mcode == m_mul
672 || mcode == m_or
673 || mcode == m_and
674 || mcode == m_xor
675 || mcode == m_setz
676 || mcode == m_setnz
677 || mcode == m_cfadd
678 || mcode == m_ofadd;
679}
680// Is a shift instruction?
681inline THREAD_SAFE bool is_mcode_shift(mcode_t mcode)
682{
683 return mcode == m_shl
684 || mcode == m_shr
685 || mcode == m_sar;
686}
687// Is a kind of div or mod instruction?
688inline THREAD_SAFE bool is_mcode_divmod(mcode_t op)
689{
690 return op == m_udiv || op == m_sdiv || op == m_umod || op == m_smod;
691}
692// Is an instruction with the selector/offset pair?
693inline THREAD_SAFE bool has_mcode_seloff(mcode_t op)
694{
695 return op == m_ldx || op == m_stx || op == m_icall || op == m_ijmp;
696}
697
698// Convert setX opcode into corresponding jX opcode
699// This function relies on the order of setX and jX opcodes!
700inline THREAD_SAFE mcode_t set2jcnd(mcode_t code)
701{
702 return mcode_t(code - m_setnz + m_jnz);
703}
704
705// Convert setX opcode into corresponding jX opcode
706// This function relies on the order of setX and jX opcodes!
707inline THREAD_SAFE mcode_t jcnd2set(mcode_t code)
708{
709 return mcode_t(code + m_setnz - m_jnz);
710}
711
712// Negate a conditional opcode.
713// Conditional jumps can be negated, example: jle -> jg
714// 'Set' instruction can be negated, example: seta -> setbe
715// If the opcode cannot be negated, return m_nop
716THREAD_SAFE mcode_t hexapi negate_mcode_relation(mcode_t code);
717
718
719// Swap a conditional opcode.
720// Only conditional jumps and set instructions can be swapped.
721// The returned opcode the one required for swapped operands.
722// Example "x > y" is the same as "y < x", therefore swap(m_jg) is m_jl.
723// If the opcode cannot be swapped, return m_nop
724
725THREAD_SAFE mcode_t hexapi swap_mcode_relation(mcode_t code);
726
727// Return the opcode that performs signed operation.
728// Examples: jae -> jge; udiv -> sdiv
729// If the opcode cannot be transformed into signed form, simply return it.
730
731THREAD_SAFE mcode_t hexapi get_signed_mcode(mcode_t code);
732
733
734// Return the opcode that performs unsigned operation.
735// Examples: jl -> jb; xds -> xdu
736// If the opcode cannot be transformed into unsigned form, simply return it.
737
738THREAD_SAFE mcode_t hexapi get_unsigned_mcode(mcode_t code);
739
740// Does the opcode perform a signed operation?
741inline THREAD_SAFE bool is_signed_mcode(mcode_t code) { return get_unsigned_mcode(code) != code; }
742// Does the opcode perform a unsigned operation?
743inline THREAD_SAFE bool is_unsigned_mcode(mcode_t code) { return get_signed_mcode(code) != code; }
744
745
746// Does the 'd' operand gets modified by the instruction?
747// Example: "add l,r,d" modifies d, while instructions
748// like jcnd, ijmp, stx does not modify it.
749// Note: this function returns 'true' for m_ext but it may be wrong.
750// Use minsn_t::modifies_d() if you have minsn_t.
751
752THREAD_SAFE bool hexapi mcode_modifies_d(mcode_t mcode);
753
754
755// Processor condition codes are mapped to the first microregisters
756// The order is important, see mop_t::is_cc()
757const mreg_t mr_none = mreg_t(-1);
758const mreg_t mr_cf = mreg_t(0); // carry bit
759const mreg_t mr_zf = mreg_t(1); // zero bit
760const mreg_t mr_sf = mreg_t(2); // sign bit
761const mreg_t mr_of = mreg_t(3); // overflow bit
762const mreg_t mr_pf = mreg_t(4); // parity bit
763const int cc_count = mr_pf - mr_cf + 1; // number of condition code registers
764const mreg_t mr_cc = mreg_t(5); // synthetic condition code, used internally
765const mreg_t mr_first = mreg_t(8); // the first processor specific register
766
767//-------------------------------------------------------------------------
768/// Operand locator.
769/// It is used to denote a particular operand in the ctree, for example,
770/// when the user right clicks on a constant and requests to represent it, say,
771/// as a hexadecimal number.
772struct operand_locator_t
773{
774private:
775 // forbid the default constructor, force the user to initialize objects of this class.
776 operand_locator_t(void) {}
777public:
778 ea_t ea; ///< address of the original processor instruction
779 int opnum; ///< operand number in the instruction
780 operand_locator_t(ea_t _ea, int _opnum) : ea(_ea), opnum(_opnum) {}
781 DECLARE_COMPARISONS(operand_locator_t);
782 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
783};
784
785//-------------------------------------------------------------------------
786/// Number representation.
787/// This structure holds information about a number format.
788struct number_format_t
789{
790 flags_t flags32 = 0; ///< low 32bit of flags (for compatibility)
791 char opnum; ///< operand number: 0..UA_MAXOP
792 char props = 0; ///< properties: combination of NF_ bits (\ref NF_)
793/// \defgroup NF_ Number format property bits
794/// Used in number_format_t::props
795//@{
796#define NF_FIXED 0x01 ///< number format has been defined by the user
797#define NF_NEGDONE 0x02 ///< temporary internal bit: negation has been performed
798#define NF_BINVDONE 0x04 ///< temporary internal bit: inverting bits is done
799#define NF_NEGATE 0x08 ///< The user asked to negate the constant
800#define NF_BITNOT 0x10 ///< The user asked to invert bits of the constant
801#define NF_VALID 0x20 ///< internal bit: stroff or enum is valid
802 ///< for enums: this bit is set immediately
803 ///< for stroffs: this bit is set at the end of decompilation
804//@}
805 uchar serial = 0; ///< for enums: constant serial number
806 char org_nbytes = 0; ///< original number size in bytes
807 qstring type_name; ///< for stroffs: structure for offsetof()\n
808 ///< for enums: enum name
809 flags64_t flags = 0; ///< ida flags, which describe number radix, enum, etc
810 /// Contructor
811 number_format_t(int _opnum=0) : opnum(char(_opnum)) {}
812 /// Get number radix
813 /// \return 2,8,10, or 16
814 int get_radix() const { return ::get_radix(flags, opnum); }
815 /// Is number representation fixed?
816 /// Fixed representation cannot be modified by the decompiler
817 bool is_fixed() const { return props != 0; }
818 /// Is a hexadecimal number?
819 bool is_hex() const { return ::is_numop(flags, opnum) && get_radix() == 16; }
820 /// Is a decimal number?
821 bool is_dec() const { return ::is_numop(flags, opnum) && get_radix() == 10; }
822 /// Is a octal number?
823 bool is_oct() const { return ::is_numop(flags, opnum) && get_radix() == 8; }
824 /// Is a symbolic constant?
825 bool is_enum() const { return ::is_enum(flags, opnum); }
826 /// Is a character constant?
827 bool is_char() const { return ::is_char(flags, opnum); }
828 /// Is a structure field offset?
829 bool is_stroff() const { return ::is_stroff(flags, opnum); }
830 /// Is a number?
831 bool is_numop() const { return !is_enum() && !is_char() && !is_stroff(); }
832 /// Does the number need to be negated or bitwise negated?
833 /// Returns true if the user requested a negation but it is not done yet
834 bool needs_to_be_inverted() const
835 {
836 return (props & (NF_NEGATE|NF_BITNOT)) != 0 // the user requested it
837 && (props & (NF_NEGDONE|NF_BINVDONE)) == 0; // not done yet
838 }
839 // symbolic constants and struct offsets cannot easily change
840 // their sign or size without a cast. only simple numbers can do that.
841 // for example, by modifying the expression type we can convert:
842 // 10u -> 10
843 // but replacing the type of a symbol constant would lead to an inconsistency.
844 bool has_unmutable_type() const
845 {
846 return (props & NF_VALID) != 0 && (is_stroff() || is_enum());
847 }
848 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
849};
850
851// Number formats are attached to (ea,opnum) pairs
852typedef std::map<operand_locator_t, number_format_t> user_numforms_t;
853
854//-------------------------------------------------------------------------
855/// Base helper class to convert binary data structures into text.
856/// Other classes are derived from this class.
857struct vd_printer_t
858{
859 qstring tmpbuf;
860 int hdrlines; ///< number of header lines (prototype+typedef+lvars)
861 ///< valid at the end of print process
862 /// Print.
863 /// This function is called to generate a portion of the output text.
864 /// The output text may contain color codes.
865 /// \return the number of printed characters
866 /// \param indent number of spaces to generate as prefix
867 /// \param format printf-style format specifier
868 /// \return length of printed string
869 AS_PRINTF(3, 4) virtual int hexapi print(int indent, const char *format, ...);
870 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
871};
872
873/// Helper class to convert cfunc_t into text.
874struct vc_printer_t : public vd_printer_t
875{
876 const cfunc_t *func; ///< cfunc_t to generate text for
877 char lastchar; ///< internal: last printed character
878 /// Constructor
879 vc_printer_t(const cfunc_t *f) : func(f), lastchar(0) {}
880 /// Are we generating one-line text representation?
881 /// \return \c true if the output will occupy one line without line breaks
882 virtual bool idaapi oneliner(void) const newapi { return false; }
883};
884
885/// Helper class to convert binary data structures into text and put into a file.
886struct file_printer_t : public vd_printer_t
887{
888 FILE *fp; ///< Output file pointer
889 /// Print.
890 /// This function is called to generate a portion of the output text.
891 /// The output text may contain color codes.
892 /// \return the number of printed characters
893 /// \param indent number of spaces to generate as prefix
894 /// \param format printf-style format specifier
895 /// \return length of printed string
896 AS_PRINTF(3, 4) int hexapi print(int indent, const char *format, ...) override;
897 /// Constructor
898 file_printer_t(FILE *_fp) : fp(_fp) {}
899};
900
901/// Helper class to convert cfunc_t into a text string
902struct qstring_printer_t : public vc_printer_t
903{
904 bool with_tags; ///< Generate output with color tags
905 qstring &s; ///< Reference to the output string
906 /// Constructor
907 qstring_printer_t(const cfunc_t *f, qstring &_s, bool tags)
908 : vc_printer_t(f), with_tags(tags), s(_s) {}
909 /// Print.
910 /// This function is called to generate a portion of the output text.
911 /// The output text may contain color codes.
912 /// \return the number of printed characters
913 /// \param indent number of spaces to generate as prefix
914 /// \param format printf-style format specifier
915 /// \return length of the printed string
916 AS_PRINTF(3, 4) int hexapi print(int indent, const char *format, ...) override;
917};
918
919//-------------------------------------------------------------------------
920/// \defgroup type Type string related declarations
921/// Type related functions and class.
922//@{
923
924/// Print the specified type info.
925/// This function can be used from a debugger by typing "tif->dstr()"
926
927const char *hexapi dstr(const tinfo_t *tif);
928
929
930/// Verify a type string.
931/// \return true if type string is correct
932
933bool hexapi is_type_correct(const type_t *ptr);
934
935
936/// Is a small structure or union?
937/// \return true if the type is a small UDT (user defined type).
938/// Small UDTs fit into a register (or pair or registers) as a rule.
939
940bool hexapi is_small_udt(const tinfo_t &tif);
941
942
943/// Is definitely a non-boolean type?
944/// \return true if the type is a non-boolean type (non bool and well defined)
945
946bool hexapi is_nonbool_type(const tinfo_t &type);
947
948
949/// Is a boolean type?
950/// \return true if the type is a boolean type
951
952bool hexapi is_bool_type(const tinfo_t &type);
953
954
955/// Is a pointer or array type?
956inline THREAD_SAFE bool is_ptr_or_array(type_t t)
957{
958 return is_type_ptr(t) || is_type_array(t);
959}
960
961/// Is a pointer, array, or function type?
962inline THREAD_SAFE bool is_paf(type_t t)
963{
964 return is_ptr_or_array(t) || is_type_func(t);
965}
966
967/// Is struct/union/enum definition (not declaration)?
968inline THREAD_SAFE bool is_inplace_def(const tinfo_t &type)
969{
970 return type.is_decl_complex() && !type.is_typeref();
971}
972
973/// Calculate number of partial subtypes.
974/// \return number of partial subtypes. The bigger is this number, the uglier is the type.
975
976int hexapi partial_type_num(const tinfo_t &type);
977
978
979/// Get a type of a floating point value with the specified width
980/// \returns type info object
981/// \param width width of the desired type
982
983tinfo_t hexapi get_float_type(int width);
984
985
986/// Create a type info by width and sign.
987/// Returns a simple type (examples: int, short) with the given width and sign.
988/// \param srcwidth size of the type in bytes
989/// \param sign sign of the type
990
991tinfo_t hexapi get_int_type_by_width_and_sign(int srcwidth, type_sign_t sign);
992
993
994/// Create a partial type info by width.
995/// Returns a partially defined type (examples: _DWORD, _BYTE) with the given width.
996/// \param size size of the type in bytes
997
998tinfo_t hexapi get_unk_type(int size);
999
1000
1001/// Generate a dummy pointer type
1002/// \param ptrsize size of pointed object
1003/// \param isfp is floating point object?
1004
1005tinfo_t hexapi dummy_ptrtype(int ptrsize, bool isfp);
1006
1007
1008/// Get type of a structure field.
1009/// This function performs validity checks of the field type. Wrong types are rejected.
1010/// \param mptr structure field
1011/// \param type pointer to the variable where the type is returned. This parameter can be nullptr.
1012/// \return false if failed
1013
1014bool hexapi get_member_type(const member_t *mptr, tinfo_t *type);
1015
1016
1017/// Create a pointer type.
1018/// This function performs the following conversion: "type" -> "type*"
1019/// \param type object type.
1020/// \return "type*". for example, if 'char' is passed as the argument,
1021// the function will return 'char *'
1022
1023tinfo_t hexapi make_pointer(const tinfo_t &type);
1024
1025
1026/// Create a reference to a named type.
1027/// \param name type name
1028/// \return type which refers to the specified name. For example, if name is "DWORD",
1029/// the type info which refers to "DWORD" is created.
1030
1031tinfo_t hexapi create_typedef(const char *name);
1032
1033
1034/// Create a reference to an ordinal type.
1035/// \param n ordinal number of the type
1036/// \return type which refers to the specified ordinal. For example, if n is 1,
1037/// the type info which refers to ordinal type 1 is created.
1038
1039inline tinfo_t create_typedef(int n)
1040{
1041 tinfo_t tif;
1042 tif.create_typedef(nullptr, n);
1043 return tif;
1044}
1045
1046/// Type source (where the type information comes from)
1047enum type_source_t
1048{
1049 GUESSED_NONE, // not guessed, specified by the user
1050 GUESSED_WEAK, // not guessed, comes from idb
1051 GUESSED_FUNC, // guessed as a function
1052 GUESSED_DATA, // guessed as a data item
1053 TS_NOELL = 0x8000000, // can be used in set_type() to avoid merging into ellipsis
1054 TS_SHRINK = 0x4000000, // can be used in set_type() to prefer smaller arguments
1055 TS_DONTREF = 0x2000000, // do not mark type as referenced (referenced_types)
1056 TS_MASK = 0xE000000, // all high bits
1057};
1058
1059
1060/// Get a global type.
1061/// Global types are types of addressable objects and struct/union/enum types
1062/// \param id address or id of the object
1063/// \param tif buffer for the answer
1064/// \param guess what kind of types to consider
1065/// \return success
1066
1067bool hexapi get_type(uval_t id, tinfo_t *tif, type_source_t guess);
1068
1069
1070/// Set a global type.
1071/// \param id address or id of the object
1072/// \param tif new type info
1073/// \param source where the type comes from
1074/// \param force true means to set the type as is, false means to merge the
1075/// new type with the possibly existing old type info.
1076/// \return success
1077
1078bool hexapi set_type(uval_t id, const tinfo_t &tif, type_source_t source, bool force=false);
1079
1080//@}
1081
1082//-------------------------------------------------------------------------
1083// We use our own class to store argument and variable locations.
1084// It is called vdloc_t that stands for 'vd location'.
1085// 'vd' is the internal name of the decompiler, it stands for 'visual decompiler'.
1086// The main differences between vdloc and argloc_t:
1087// ALOC_REG1: the offset is always 0, so it is not used. the register number
1088// uses the whole ~VLOC_MASK field.
1089// ALOCK_STKOFF: stack offsets are always positive because they are based on
1090// the lowest value of sp in the function.
1091class vdloc_t : public argloc_t
1092{
1093 int regoff(void); // inaccessible & undefined: regoff() should not be used
1094public:
1095 // Get the register number.
1096 // This function works only for ALOC_REG1 and ALOC_REG2 location types.
1097 // It uses all available bits for register number for ALOC_REG1
1098 int reg1(void) const { return atype() == ALOC_REG2 ? argloc_t::reg1() : get_reginfo(); }
1099
1100 // Set vdloc to point to the specified register without cleaning it up.
1101 // This is a dangerous function, use set_reg1() instead unless you understand
1102 // what it means to cleanup an argloc.
1103 void _set_reg1(int r1) { argloc_t::_set_reg1(r1, r1>>16); }
1104
1105 // Set vdloc to point to the specified register.
1106 void set_reg1(int r1) { cleanup_argloc(this); _set_reg1(r1); }
1107
1108 // Use member functions of argloc_t for other location types.
1109
1110 // Return textual representation.
1111 // Note: this and all other dstr() functions can be used from a debugger.
1112 // It is much easier than to inspect the memory contents byte by byte.
1113 const char *hexapi dstr(int width=0) const;
1114 DECLARE_COMPARISONS(vdloc_t);
1115 bool hexapi is_aliasable(const mba_t *mb, int size) const;
1116};
1117
1118/// Print vdloc.
1119/// Since vdloc does not always carry the size info, we pass it as NBYTES..
1120void hexapi print_vdloc(qstring *vout, const vdloc_t &loc, int nbytes);
1121
1122//-------------------------------------------------------------------------
1123/// Do two arglocs overlap?
1124bool hexapi arglocs_overlap(const vdloc_t &loc1, size_t w1, const vdloc_t &loc2, size_t w2);
1125
1126/// Local variable locator.
1127/// Local variables are located using definition ea and location.
1128/// Each variable must have a unique locator, this is how we tell them apart.
1129struct lvar_locator_t
1130{
1131 vdloc_t location; ///< Variable location.
1132 ea_t defea; ///< Definition address. Usually, this is the address
1133 ///< of the instruction that initializes the variable.
1134 ///< In some cases it can be a fictional address.
1135
1136 lvar_locator_t(void) : defea(BADADDR) {}
1137 lvar_locator_t(const vdloc_t &loc, ea_t ea) : location(loc), defea(ea) {}
1138 /// Get offset of the varialbe in the stack frame.
1139 /// \return a non-negative value for stack variables. The value is
1140 /// an offset from the bottom of the stack frame in terms of
1141 /// vd-offsets.
1142 /// negative values mean error (not a stack variable)
1143 sval_t get_stkoff(void) const
1144 {
1145 return location.is_stkoff() ? location.stkoff() : -1;
1146 }
1147 /// Is variable located on one register?
1148 bool is_reg1(void) const { return location.is_reg1(); }
1149 /// Is variable located on two registers?
1150 bool is_reg2(void) const { return location.is_reg2(); }
1151 /// Is variable located on register(s)?
1152 bool is_reg_var(void) const { return location.is_reg(); }
1153 /// Is variable located on the stack?
1154 bool is_stk_var(void) const { return location.is_stkoff(); }
1155 /// Is variable scattered?
1156 bool is_scattered(void) const { return location.is_scattered(); }
1157 /// Get the register number of the variable
1158 mreg_t get_reg1(void) const { return location.reg1(); }
1159 /// Get the number of the second register (works only for ALOC_REG2 lvars)
1160 mreg_t get_reg2(void) const { return location.reg2(); }
1161 /// Get information about scattered variable
1162 const scattered_aloc_t &get_scattered(void) const { return location.scattered(); }
1163 scattered_aloc_t &get_scattered(void) { return location.scattered(); }
1164 DECLARE_COMPARISONS(lvar_locator_t);
1165 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
1166 // Debugging: get textual representation of a lvar locator.
1167 const char *hexapi dstr() const;
1168};
1169
1170/// Definition of a local variable (register or stack) #var #lvar
1171class lvar_t : public lvar_locator_t
1172{
1173 friend class mba_t;
1174 int flags; ///< \ref CVAR_
1175/// \defgroup CVAR_ Local variable property bits
1176/// Used in lvar_t::flags
1177//@{
1178#define CVAR_USED 0x00000001 ///< is used in the code?
1179#define CVAR_TYPE 0x00000002 ///< the type is defined?
1180#define CVAR_NAME 0x00000004 ///< has nice name?
1181#define CVAR_MREG 0x00000008 ///< corresponding mregs were replaced?
1182#define CVAR_NOWD 0x00000010 ///< width is unknown
1183#define CVAR_UNAME 0x00000020 ///< user-defined name
1184#define CVAR_UTYPE 0x00000040 ///< user-defined type
1185#define CVAR_RESULT 0x00000080 ///< function result variable
1186#define CVAR_ARG 0x00000100 ///< function argument
1187#define CVAR_FAKE 0x00000200 ///< fake variable (return var or va_list)
1188#define CVAR_OVER 0x00000400 ///< overlapping variable
1189#define CVAR_FLOAT 0x00000800 ///< used in a fpu insn
1190#define CVAR_SPOILED 0x00001000 ///< internal flag, do not use: spoiled var
1191#define CVAR_MAPDST 0x00002000 ///< other variables are mapped to this var
1192#define CVAR_PARTIAL 0x00004000 ///< variable type is partialy defined
1193#define CVAR_THISARG 0x00008000 ///< 'this' argument of c++ member functions
1194#define CVAR_FORCED 0x00010000 ///< variable was created by an explicit request
1195 ///< otherwise we could reuse an existing var
1196#define CVAR_REGNAME 0x00020000 ///< has a register name (like _RAX): if lvar
1197 ///< is used by an m_ext instruction
1198#define CVAR_NOPTR 0x00040000 ///< variable cannot be a pointer (user choice)
1199#define CVAR_DUMMY 0x00080000 ///< dummy argument (added to fill a hole in
1200 ///< the argument list)
1201#define CVAR_NOTARG 0x00100000 ///< variable cannot be an input argument
1202#define CVAR_AUTOMAP 0x00200000 ///< variable was automatically mapped
1203#define CVAR_BYREF 0x00400000 ///< the address of the variable was taken
1204#define CVAR_INASM 0x00800000 ///< variable is used in instructions translated
1205 ///< into __asm {...}
1206#define CVAR_UNUSED 0x01000000 ///< user-defined __unused attribute
1207 ///< meaningful only if: is_arg_var() && !mba->final_type
1208#define CVAR_SHARED 0x02000000 ///< variable is mapped to several chains
1209//@}
1210
1211public:
1212 qstring name; ///< variable name.
1213 ///< use mba_t::set_nice_lvar_name() and
1214 ///< mba_t::set_user_lvar_name() to modify it
1215 qstring cmt; ///< variable comment string
1216 tinfo_t tif; ///< variable type
1217 int width = 0; ///< variable size in bytes
1218 int defblk = -1; ///< first block defining the variable.
1219 ///< 0 for args, -1 if unknown
1220 uint64 divisor = 0; ///< max known divisor of the variable
1221
1222 lvar_t(void) : flags(CVAR_USED) {}
1223 lvar_t(const qstring &n, const vdloc_t &l, ea_t e, const tinfo_t &t, int w, int db)
1224 : lvar_locator_t(l, e), flags(CVAR_USED), name(n), tif(t), width(w), defblk(db)
1225 {
1226 }
1227 // Debugging: get textual representation of a local variable.
1228 const char *hexapi dstr() const;
1229
1230 /// Is the variable used in the code?
1231 bool used(void) const { return (flags & CVAR_USED) != 0; }
1232 /// Has the variable a type?
1233 bool typed(void) const { return (flags & CVAR_TYPE) != 0; }
1234 /// Have corresponding microregs been replaced by references to this variable?
1235 bool mreg_done(void) const { return (flags & CVAR_MREG) != 0; }
1236 /// Does the variable have a nice name?
1237 bool has_nice_name(void) const { return (flags & CVAR_NAME) != 0; }
1238 /// Do we know the width of the variable?
1239 bool is_unknown_width(void) const { return (flags & CVAR_NOWD) != 0; }
1240 /// Has any user-defined information?
1241 bool has_user_info(void) const
1242 {
1243 return (flags & (CVAR_UNAME|CVAR_UTYPE|CVAR_NOPTR|CVAR_UNUSED)) != 0
1244 || !cmt.empty();
1245 }
1246 /// Has user-defined name?
1247 bool has_user_name(void) const { return (flags & CVAR_UNAME) != 0; }
1248 /// Has user-defined type?
1249 bool has_user_type(void) const { return (flags & CVAR_UTYPE) != 0; }
1250 /// Is the function result?
1251 bool is_result_var(void) const { return (flags & CVAR_RESULT) != 0; }
1252 /// Is the function argument?
1253 bool is_arg_var(void) const { return (flags & CVAR_ARG) != 0; }
1254 /// Is the promoted function argument?
1255 bool hexapi is_promoted_arg(void) const;
1256 /// Is fake return variable?
1257 bool is_fake_var(void) const { return (flags & CVAR_FAKE) != 0; }
1258 /// Is overlapped variable?
1259 bool is_overlapped_var(void) const { return (flags & CVAR_OVER) != 0; }
1260 /// Used by a fpu insn?
1261 bool is_floating_var(void) const { return (flags & CVAR_FLOAT) != 0; }
1262 /// Is spoiled var? (meaningful only during lvar allocation)
1263 bool is_spoiled_var(void) const { return (flags & CVAR_SPOILED) != 0; }
1264 /// Variable type should be handled as a partial one
1265 bool is_partialy_typed(void) const { return (flags & CVAR_PARTIAL) != 0; }
1266 /// Variable type should not be a pointer
1267 bool is_noptr_var(void) const { return (flags & CVAR_NOPTR) != 0; }
1268 /// Other variable(s) map to this var?
1269 bool is_mapdst_var(void) const { return (flags & CVAR_MAPDST) != 0; }
1270 /// Is 'this' argument of a C++ member function?
1271 bool is_thisarg(void) const { return (flags & CVAR_THISARG) != 0; }
1272 /// Is a forced variable?
1273 bool is_forced_var(void) const { return (flags & CVAR_FORCED) != 0; }
1274 /// Has a register name? (like _RAX)
1275 bool has_regname(void) const { return (flags & CVAR_REGNAME) != 0; }
1276 /// Is variable used in an instruction translated into __asm?
1277 bool in_asm(void) const { return (flags & CVAR_INASM) != 0; }
1278 /// Is a dummy argument (added to fill a hole in the argument list)
1279 bool is_dummy_arg(void) const { return (flags & CVAR_DUMMY) != 0; }
1280 /// Is a local variable? (local variable cannot be an input argument)
1281 bool is_notarg(void) const { return (flags & CVAR_NOTARG) != 0; }
1282 /// Was the variable automatically mapped to another variable?
1283 bool is_automapped(void) const { return (flags & CVAR_AUTOMAP) != 0; }
1284 /// Was the address of the variable taken?
1285 bool is_used_byref(void) const { return (flags & CVAR_BYREF) != 0; }
1286 /// Was declared as __unused by the user? See CVAR_UNUSED
1287 bool is_decl_unused(void) const { return (flags & CVAR_UNUSED) != 0; }
1288 /// Is lvar mapped to several chains
1289 bool is_shared(void) const { return (flags & CVAR_SHARED) != 0; }
1290 void set_used(void) { flags |= CVAR_USED; }
1291 void clear_used(void) { flags &= ~CVAR_USED; }
1292 void set_typed(void) { flags |= CVAR_TYPE; clr_noptr_var(); }
1293 void set_non_typed(void) { flags &= ~CVAR_TYPE; }
1294 void clr_user_info(void) { flags &= ~(CVAR_UNAME|CVAR_UTYPE|CVAR_NOPTR); }
1295 void set_user_name(void) { flags |= CVAR_NAME|CVAR_UNAME; }
1296 void set_user_type(void) { flags |= CVAR_TYPE|CVAR_UTYPE; }
1297 void clr_user_type(void) { flags &= ~CVAR_UTYPE; }
1298 void clr_user_name(void) { flags &= ~CVAR_UNAME; }
1299 void set_mreg_done(void) { flags |= CVAR_MREG; }
1300 void clr_mreg_done(void) { flags &= ~CVAR_MREG; }
1301 void set_unknown_width(void) { flags |= CVAR_NOWD; }
1302 void clr_unknown_width(void) { flags &= ~CVAR_NOWD; }
1303 void set_arg_var(void) { flags |= CVAR_ARG; }
1304 void clr_arg_var(void) { flags &= ~(CVAR_ARG|CVAR_THISARG); }
1305 void set_fake_var(void) { flags |= CVAR_FAKE; }
1306 void clr_fake_var(void) { flags &= ~CVAR_FAKE; }
1307 void set_overlapped_var(void) { flags |= CVAR_OVER; }
1308 void clr_overlapped_var(void) { flags &= ~CVAR_OVER; }
1309 void set_floating_var(void) { flags |= CVAR_FLOAT; }
1310 void clr_floating_var(void) { flags &= ~CVAR_FLOAT; }
1311 void set_spoiled_var(void) { flags |= CVAR_SPOILED; }
1312 void clr_spoiled_var(void) { flags &= ~CVAR_SPOILED; }
1313 void set_mapdst_var(void) { flags |= CVAR_MAPDST; }
1314 void clr_mapdst_var(void) { flags &= ~CVAR_MAPDST; }
1315 void set_partialy_typed(void) { flags |= CVAR_PARTIAL; }
1316 void clr_partialy_typed(void) { flags &= ~CVAR_PARTIAL; }
1317 void set_noptr_var(void) { flags |= CVAR_NOPTR; }
1318 void clr_noptr_var(void) { flags &= ~CVAR_NOPTR; }
1319 void set_thisarg(void) { flags |= CVAR_THISARG; }
1320 void clr_thisarg(void) { flags &= ~CVAR_THISARG; }
1321 void set_forced_var(void) { flags |= CVAR_FORCED; }
1322 void clr_forced_var(void) { flags &= ~CVAR_FORCED; }
1323 void set_dummy_arg(void) { flags |= CVAR_DUMMY; }
1324 void clr_dummy_arg(void) { flags &= ~CVAR_DUMMY; }
1325 void set_notarg(void) { clr_arg_var(); flags |= CVAR_NOTARG; }
1326 void clr_notarg(void) { flags &= ~CVAR_NOTARG; }
1327 void set_automapped(void) { flags |= CVAR_AUTOMAP; }
1328 void clr_automapped(void) { flags &= ~CVAR_AUTOMAP; }
1329 void set_used_byref(void) { flags |= CVAR_BYREF; }
1330 void clr_used_byref(void) { flags &= ~CVAR_BYREF; }
1331 void set_decl_unused(void) { flags |= CVAR_UNUSED; }
1332 void clr_decl_unused(void) { flags &= ~CVAR_UNUSED; }
1333 void set_shared(void) { flags |= CVAR_SHARED; }
1334 void clr_shared(void) { flags &= ~CVAR_SHARED; }
1335
1336 /// Do variables overlap?
1337 bool has_common(const lvar_t &v) const
1338 {
1339 return arglocs_overlap(location, width, v.location, v.width);
1340 }
1341 /// Does the variable overlap with the specified location?
1342 bool has_common_bit(const vdloc_t &loc, asize_t width2) const
1343 {
1344 return arglocs_overlap(location, width, loc, width2);
1345 }
1346 /// Get variable type
1347 const tinfo_t &type(void) const { return tif; }
1348 tinfo_t &type(void) { return tif; }
1349
1350 /// Check if the variable accept the specified type.
1351 /// Some types are forbidden (void, function types, wrong arrays, etc)
1352 bool hexapi accepts_type(const tinfo_t &t, bool may_change_thisarg=false);
1353 /// Set variable type
1354 /// Note: this function does not modify the idb, only the lvar instance
1355 /// in the memory. For permanent changes see modify_user_lvars()
1356 /// Also, the variable type is not considered as final by the decompiler
1357 /// and may be modified later by the type derivation.
1358 /// In some cases set_final_var_type() may work better, but it does not
1359 /// do persistent changes to the database neither.
1360 /// \param t new type
1361 /// \param may_fail if false and type is bad, interr
1362 /// \return success
1363 bool hexapi set_lvar_type(const tinfo_t &t, bool may_fail=false);
1364
1365 /// Set final variable type.
1366 void set_final_lvar_type(const tinfo_t &t)
1367 {
1368 set_lvar_type(t);
1369 set_typed();
1370 }
1371
1372 /// Change the variable width.
1373 /// We call the variable size 'width', it is represents the number of bytes.
1374 /// This function may change the variable type using set_lvar_type().
1375 /// \param w new width
1376 /// \param svw_flags combination of SVW_... bits
1377 /// \return success
1378 bool hexapi set_width(int w, int svw_flags=0);
1379#define SVW_INT 0x00 // integer value
1380#define SVW_FLOAT 0x01 // floating point value
1381#define SVW_SOFT 0x02 // may fail and return false;
1382 // if this bit is not set and the type is bad, interr
1383
1384 /// Append local variable to mlist.
1385 /// \param mba ptr to the current mba_t
1386 /// \param lst list to append to
1387 /// \param pad_if_scattered if true, append padding bytes in case of scattered lvar
1388 void hexapi append_list(const mba_t *mba, mlist_t *lst, bool pad_if_scattered=false) const;
1389
1390 /// Is the variable aliasable?
1391 /// \param mba ptr to the current mba_t
1392 /// Aliasable variables may be modified indirectly (through a pointer)
1393 bool is_aliasable(const mba_t *mba) const
1394 {
1395 return location.is_aliasable(mba, width);
1396 }
1397
1398};
1399DECLARE_TYPE_AS_MOVABLE(lvar_t);
1400
1401/// Vector of local variables
1402struct lvars_t : public qvector<lvar_t>
1403{
1404 /// Find input variable at the specified location.
1405 /// \param argloc variable location
1406 /// \param _size variable size
1407 /// \return -1 if failed, otherwise the index into the variables vector.
1408 int find_input_lvar(const vdloc_t &argloc, int _size) { return find_lvar(argloc, _size, 0); }
1409
1410
1411 /// Find stack variable at the specified location.
1412 /// \param spoff offset from the minimal sp
1413 /// \param width variable size
1414 /// \return -1 if failed, otherwise the index into the variables vector.
1415 int hexapi find_stkvar(sval_t spoff, int width);
1416
1417
1418 /// Find variable at the specified location.
1419 /// \param ll variable location
1420 /// \return pointer to variable or nullptr
1421 lvar_t *hexapi find(const lvar_locator_t &ll);
1422
1423
1424 /// Find variable at the specified location.
1425 /// \param location variable location
1426 /// \param width variable size
1427 /// \param defblk definition block of the lvar. -1 means any block
1428 /// \return -1 if failed, otherwise the index into the variables vector.
1429 int hexapi find_lvar(const vdloc_t &location, int width, int defblk=-1) const;
1430};
1431
1432/// Saved user settings for local variables: name, type, comment.
1433struct lvar_saved_info_t
1434{
1435 lvar_locator_t ll; ///< Variable locator
1436 qstring name; ///< Name
1437 tinfo_t type; ///< Type
1438 qstring cmt; ///< Comment
1439 ssize_t size; ///< Type size (if not initialized then -1)
1440 int flags; ///< \ref LVINF_
1441/// \defgroup LVINF_ saved user lvar info property bits
1442/// Used in lvar_saved_info_t::flags
1443//@{
1444#define LVINF_KEEP 0x0001 ///< preserve saved user settings regardless of vars
1445 ///< for example, if a var loses all its
1446 ///< user-defined attributes or even gets
1447 ///< destroyed, keep its lvar_saved_info_t.
1448 ///< this is used for ephemeral variables that
1449 ///< get destroyed by macro recognition.
1450#define LVINF_FORCE 0x0002 ///< force allocation of a new variable.
1451 ///< forces the decompiler to create a new
1452 ///< variable at ll.defea
1453#define LVINF_NOPTR 0x0004 ///< variable type should not be a pointer
1454#define LVINF_NOMAP 0x0008 ///< forbid automatic mapping of the variable
1455#define LVINF_UNUSED 0x0010 ///< unused argument, corresponds to CVAR_UNUSED
1456//@}
1457 lvar_saved_info_t(void) : size(BADSIZE), flags(0) {}
1458 bool has_info(void) const
1459 {
1460 return !name.empty()
1461 || !type.empty()
1462 || !cmt.empty()
1463 || is_forced_lvar()
1464 || is_noptr_lvar()
1465 || is_nomap_lvar();
1466 }
1467 bool operator==(const lvar_saved_info_t &r) const
1468 {
1469 return name == r.name
1470 && cmt == r.cmt
1471 && ll == r.ll
1472 && type == r.type;
1473 }
1474 bool operator!=(const lvar_saved_info_t &r) const { return !(*this == r); }
1475 bool is_kept(void) const { return (flags & LVINF_KEEP) != 0; }
1476 void clear_keep(void) { flags &= ~LVINF_KEEP; }
1477 void set_keep(void) { flags |= LVINF_KEEP; }
1478 bool is_forced_lvar(void) const { return (flags & LVINF_FORCE) != 0; }
1479 void set_forced_lvar(void) { flags |= LVINF_FORCE; }
1480 void clr_forced_lvar(void) { flags &= ~LVINF_FORCE; }
1481 bool is_noptr_lvar(void) const { return (flags & LVINF_NOPTR) != 0; }
1482 void set_noptr_lvar(void) { flags |= LVINF_NOPTR; }
1483 void clr_noptr_lvar(void) { flags &= ~LVINF_NOPTR; }
1484 bool is_nomap_lvar(void) const { return (flags & LVINF_NOMAP) != 0; }
1485 void set_nomap_lvar(void) { flags |= LVINF_NOMAP; }
1486 void clr_nomap_lvar(void) { flags &= ~LVINF_NOMAP; }
1487 bool is_unused_lvar(void) const { return (flags & LVINF_UNUSED) != 0; }
1488 void set_unused_lvar(void) { flags |= LVINF_UNUSED; }
1489 void clr_unused_lvar(void) { flags &= ~LVINF_UNUSED; }
1490};
1491DECLARE_TYPE_AS_MOVABLE(lvar_saved_info_t);
1492typedef qvector<lvar_saved_info_t> lvar_saved_infos_t;
1493
1494/// Local variable mapping (is used to merge variables)
1495typedef std::map<lvar_locator_t, lvar_locator_t> lvar_mapping_t;
1496
1497/// All user-defined information about local variables
1498struct lvar_uservec_t
1499{
1500 /// User-specified names, types, comments for lvars. Variables without
1501 /// user-specified info are not present in this vector.
1502 lvar_saved_infos_t lvvec;
1503
1504 /// Local variable mapping (used for merging variables)
1505 lvar_mapping_t lmaps;
1506
1507 /// Delta to add to IDA stack offset to calculate Hex-Rays stack offsets.
1508 /// Should be set by the caller before calling save_user_lvar_settings();
1509 uval_t stkoff_delta;
1510
1511 /// Various flags. Possible values are from \ref ULV_
1512 int ulv_flags;
1513/// \defgroup ULV_ lvar_uservec_t property bits
1514/// Used in lvar_uservec_t::ulv_flags
1515//@{
1516#define ULV_PRECISE_DEFEA 0x0001 ///< Use precise defea's for lvar locations
1517//@}
1518
1519 lvar_uservec_t(void) : stkoff_delta(0), ulv_flags(ULV_PRECISE_DEFEA) {}
1520 void swap(lvar_uservec_t &r)
1521 {
1522 lvvec.swap(r.lvvec);
1523 lmaps.swap(r.lmaps);
1524 std::swap(stkoff_delta, r.stkoff_delta);
1525 std::swap(ulv_flags, r.ulv_flags);
1526 }
1527 void clear()
1528 {
1529 lvvec.clear();
1530 lmaps.clear();
1531 stkoff_delta = 0;
1532 ulv_flags = ULV_PRECISE_DEFEA;
1533 }
1534 bool empty() const
1535 {
1536 return lvvec.empty()
1537 && lmaps.empty()
1538 && stkoff_delta == 0
1539 && ulv_flags == ULV_PRECISE_DEFEA;
1540 }
1541
1542 /// find saved user settings for given var
1543 lvar_saved_info_t *find_info(const lvar_locator_t &vloc)
1544 {
1545 for ( lvar_saved_infos_t::iterator p=lvvec.begin(); p != lvvec.end(); ++p )
1546 {
1547 if ( p->ll == vloc )
1548 return p;
1549 }
1550 return nullptr;
1551 }
1552
1553 /// Preserve user settings for given var
1554 void keep_info(const lvar_t &v)
1555 {
1556 lvar_saved_info_t *p = find_info(v);
1557 if ( p != nullptr )
1558 p->set_keep();
1559 }
1560};
1561
1562/// Restore user defined local variable settings in the database.
1563/// \param func_ea entry address of the function
1564/// \param lvinf ptr to output buffer
1565/// \return success
1566
1567bool hexapi restore_user_lvar_settings(lvar_uservec_t *lvinf, ea_t func_ea);
1568
1569
1570/// Save user defined local variable settings into the database.
1571/// \param func_ea entry address of the function
1572/// \param lvinf user-specified info about local variables
1573
1574void hexapi save_user_lvar_settings(ea_t func_ea, const lvar_uservec_t &lvinf);
1575
1576
1577/// Helper class to modify saved local variable settings.
1578struct user_lvar_modifier_t
1579{
1580 /// Modify lvar settings.
1581 /// Returns: true-modified
1582 virtual bool idaapi modify_lvars(lvar_uservec_t *lvinf) = 0;
1583};
1584
1585/// Modify saved local variable settings.
1586/// \param entry_ea function start address
1587/// \param mlv local variable modifier
1588/// \return true if modified variables
1589
1590bool hexapi modify_user_lvars(ea_t entry_ea, user_lvar_modifier_t &mlv);
1591
1592
1593/// Modify saved local variable settings of one variable.
1594/// \param func_ea function start address
1595/// \param info local variable info attrs
1596/// \param mli_flags bits that specify which attrs defined by INFO are to be set
1597/// \return true if modified, false if invalid MLI_FLAGS passed
1598
1599bool hexapi modify_user_lvar_info(
1600 ea_t func_ea,
1601 uint mli_flags,
1602 const lvar_saved_info_t &info);
1603
1604/// \defgroup MLI_ user info bits
1605//@{
1606#define MLI_NAME 0x01 ///< apply lvar name
1607#define MLI_TYPE 0x02 ///< apply lvar type
1608#define MLI_CMT 0x04 ///< apply lvar comment
1609#define MLI_SET_FLAGS 0x08 ///< set LVINF_... bits
1610#define MLI_CLR_FLAGS 0x10 ///< clear LVINF_... bits
1611//@}
1612
1613
1614/// Find a variable by name.
1615/// \param out output buffer for the variable locator
1616/// \param func_ea function start address
1617/// \param varname variable name
1618/// \return success
1619/// Since VARNAME is not always enough to find the variable, it may decompile
1620/// the function.
1621
1622bool hexapi locate_lvar(
1623 lvar_locator_t *out,
1624 ea_t func_ea,
1625 const char *varname);
1626
1627
1628/// Rename a local variable.
1629/// \param func_ea function start address
1630/// \param oldname old name of the variable
1631/// \param newname new name of the variable
1632/// \return success
1633/// This is a convenience function.
1634/// For bulk renaming consider using modify_user_lvars.
1635
1636inline bool rename_lvar(
1637 ea_t func_ea,
1638 const char *oldname,
1639 const char *newname)
1640{
1641 lvar_saved_info_t info;
1642 if ( !locate_lvar(&info.ll, func_ea, oldname) )
1643 return false;
1644 info.name = newname;
1645 return modify_user_lvar_info(func_ea, MLI_NAME, info);
1646}
1647
1648//-------------------------------------------------------------------------
1649/// User-defined function calls
1650struct udcall_t
1651{
1652 qstring name; // name of the function
1653 tinfo_t tif; // function prototype
1654 DECLARE_COMPARISONS(udcall_t)
1655 {
1656 int code = ::compare(name, r.name);
1657 if ( code == 0 )
1658 code = ::compare(tif, r.tif);
1659 return code;
1660 }
1661
1662 bool empty() const { return name.empty() && tif.empty(); }
1663};
1664
1665// All user-defined function calls (map address -> udcall)
1666typedef std::map<ea_t, udcall_t> udcall_map_t;
1667
1668/// Restore user defined function calls from the database.
1669/// \param udcalls ptr to output buffer
1670/// \param func_ea entry address of the function
1671/// \return success
1672
1673bool hexapi restore_user_defined_calls(udcall_map_t *udcalls, ea_t func_ea);
1674
1675
1676/// Save user defined local function calls into the database.
1677/// \param func_ea entry address of the function
1678/// \param udcalls user-specified info about user defined function calls
1679
1680void hexapi save_user_defined_calls(ea_t func_ea, const udcall_map_t &udcalls);
1681
1682
1683/// Convert function type declaration into internal structure
1684/// \param udc - pointer to output structure
1685/// \param decl - function type declaration
1686/// \param silent - if TRUE: do not show warning in case of incorrect type
1687/// \return success
1688
1689bool hexapi parse_user_call(udcall_t *udc, const char *decl, bool silent);
1690
1691
1692/// try to generate user-defined call for an instruction
1693/// \return \ref MERR_ code:
1694/// MERR_OK - user-defined call generated
1695/// else - error (MERR_INSN == inacceptable udc.tif)
1696
1697merror_t hexapi convert_to_user_call(const udcall_t &udc, codegen_t &cdg);
1698
1699
1700//-------------------------------------------------------------------------
1701/// Generic microcode generator class.
1702/// An instance of a derived class can be registered to be used for
1703/// non-standard microcode generation. Before microcode generation for an
1704/// instruction all registered object will be visited by the following way:
1705/// if ( filter->match(cdg) )
1706/// code = filter->apply(cdg);
1707/// if ( code == MERR_OK )
1708/// continue; // filter generated microcode, go to the next instruction
1709struct microcode_filter_t
1710{
1711 /// check if the filter object is to be applied
1712 /// \return success
1713 virtual bool match(codegen_t &cdg) = 0;
1714
1715 /// generate microcode for an instruction
1716 /// \return MERR_... code:
1717 /// MERR_OK - user-defined microcode generated, go to the next instruction
1718 /// MERR_INSN - not generated - the caller should try the standard way
1719 /// else - error
1720 virtual merror_t apply(codegen_t &cdg) = 0;
1721};
1722
1723/// register/unregister non-standard microcode generator
1724/// \param filter - microcode generator object
1725/// \param install - TRUE - register the object, FALSE - unregister
1726/// \return success
1727bool hexapi install_microcode_filter(microcode_filter_t *filter, bool install=true);
1728
1729//-------------------------------------------------------------------------
1730/// Abstract class: User-defined call generator
1731/// derived classes should implement method 'match'
1732class udc_filter_t : public microcode_filter_t
1733{
1734 udcall_t udc;
1735
1736public:
1737 ~udc_filter_t() { cleanup(); }
1738
1739 /// Cleanup the filter
1740 /// This function properly clears type information associated to this filter.
1741 void hexapi cleanup(void);
1742
1743 /// return true if the filter object should be applied to given instruction
1744 virtual bool match(codegen_t &cdg) override = 0;
1745
1746 bool hexapi init(const char *decl);
1747 virtual merror_t hexapi apply(codegen_t &cdg) override;
1748
1749 bool empty(void) const { return udc.empty(); }
1750};
1751
1752//-------------------------------------------------------------------------
1753typedef size_t mbitmap_t;
1754const size_t bitset_width = sizeof(mbitmap_t) * CHAR_BIT;
1755const size_t bitset_align = bitset_width - 1;
1756const size_t bitset_shift = 6;
1757
1758/// Bit set class. See https://en.wikipedia.org/wiki/Bit_array
1759class bitset_t
1760{
1761 mbitmap_t *bitmap; ///< pointer to bitmap
1762 size_t high; ///< highest bit+1 (multiply of bitset_width)
1763
1764public:
1765 bitset_t(void) : bitmap(nullptr), high(0) {}
1766 hexapi bitset_t(const bitset_t &m); // copy constructor
1767 ~bitset_t(void)
1768 {
1769 qfree(bitmap);
1770 bitmap = nullptr;
1771 }
1772 void swap(bitset_t &r)
1773 {
1774 std::swap(bitmap, r.bitmap);
1775 std::swap(high, r.high);
1776 }
1777 bitset_t &operator=(const bitset_t &m) { return copy(m); }
1778 bitset_t &hexapi copy(const bitset_t &m); // assignment operator
1779 bool hexapi add(int bit); // add a bit
1780 bool hexapi add(int bit, int width); // add bits
1781 bool hexapi add(const bitset_t &ml); // add another bitset
1782 bool hexapi sub(int bit); // delete a bit
1783 bool hexapi sub(int bit, int width); // delete bits
1784 bool hexapi sub(const bitset_t &ml); // delete another bitset
1785 bool hexapi cut_at(int maxbit); // delete bits >= maxbit
1786 void hexapi shift_down(int shift); // shift bits down
1787 bool hexapi has(int bit) const; // test presence of a bit
1788 bool hexapi has_all(int bit, int width) const; // test presence of bits
1789 bool hexapi has_any(int bit, int width) const; // test presence of bits
1790 void print(
1791 qstring *vout,
1792 int (*get_bit_name)(qstring *out, int bit, int width, void *ud)=nullptr,
1793 void *ud=nullptr) const;
1794 const char *hexapi dstr() const;
1795 bool hexapi empty(void) const; // is empty?
1796 int hexapi count(void) const; // number of set bits
1797 int hexapi count(int bit) const; // get number set bits starting from 'bit'
1798 int hexapi last(void) const; // get the number of the last bit (-1-no bits)
1799 void clear(void) { high = 0; } // make empty
1800 void hexapi fill_with_ones(int maxbit);
1801 bool hexapi fill_gaps(int total_nbits);
1802 bool hexapi has_common(const bitset_t &ml) const; // has common elements?
1803 bool hexapi intersect(const bitset_t &ml); // intersect sets. returns true if changed
1804 bool hexapi is_subset_of(const bitset_t &ml) const; // is subset of?
1805 bool includes(const bitset_t &ml) const { return ml.is_subset_of(*this); }
1806 void extract(intvec_t &out) const;
1807 DECLARE_COMPARISONS(bitset_t);
1808 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
1809 class iterator
1810 {
1811 friend class bitset_t;
1812 int i;
1813 public:
1814 iterator(int n=-1) : i(n) {}
1815 bool operator==(const iterator &n) const { return i == n.i; }
1816 bool operator!=(const iterator &n) const { return i != n.i; }
1817 int operator*(void) const { return i; }
1818 };
1819 typedef iterator const_iterator;
1820 iterator itat(int n) const { return iterator(goup(n)); }
1821 iterator begin(void) const { return itat(0); }
1822 iterator end(void) const { return iterator(high); }
1823 int front(void) const { return *begin(); }
1824 int back(void) const { return *end(); }
1825 void inc(iterator &p, int n=1) const { p.i = goup(p.i+n); }
1826private:
1827 int hexapi goup(int reg) const;
1828};
1829DECLARE_TYPE_AS_MOVABLE(bitset_t);
1830typedef qvector<bitset_t> array_of_bitsets;
1831
1832//-------------------------------------------------------------------------
1833template <class T>
1834struct ivl_tpl // an interval
1835{
1836 ivl_tpl() = delete;
1837public:
1838 T off;
1839 T size;
1840 ivl_tpl(T _off, T _size) : off(_off), size(_size) {}
1841 bool valid() const { return last() >= off; }
1842 T end() const { return off + size; }
1843 T last() const { return off + size - 1; }
1844
1845 DEFINE_MEMORY_ALLOCATION_FUNCS()
1846};
1847
1848//-------------------------------------------------------------------------
1849typedef ivl_tpl<uval_t> uval_ivl_t;
1850struct ivl_t : public uval_ivl_t
1851{
1852private:
1853 typedef ivl_tpl<uval_t> inherited;
1854
1855public:
1856 ivl_t(uval_t _off=0, uval_t _size=0) : inherited(_off,_size) {}
1857 bool empty(void) const { return size == 0; }
1858 void clear(void) { size = 0; }
1859 void print(qstring *vout) const;
1860 const char *hexapi dstr(void) const;
1861
1862 bool extend_to_cover(const ivl_t &r) // extend interval to cover 'r'
1863 {
1864 uval_t new_end = end();
1865 bool changed = false;
1866 if ( off > r.off )
1867 {
1868 off = r.off;
1869 changed = true;
1870 }
1871 if ( new_end < r.end() )
1872 {
1873 new_end = r.end();
1874 changed = true;
1875 }
1876 if ( changed )
1877 size = new_end - off;
1878 return changed;
1879 }
1880 void intersect(const ivl_t &r)
1881 {
1882 uval_t new_off = qmax(off, r.off);
1883 uval_t new_end = end();
1884 if ( new_end > r.end() )
1885 new_end = r.end();
1886 if ( new_off < new_end )
1887 {
1888 off = new_off;
1889 size = new_end - off;
1890 }
1891 else
1892 {
1893 size = 0;
1894 }
1895 }
1896
1897 // do *this and ivl overlap?
1898 bool overlap(const ivl_t &ivl) const
1899 {
1900 return interval::overlap(off, size, ivl.off, ivl.size);
1901 }
1902 // does *this include ivl?
1903 bool includes(const ivl_t &ivl) const
1904 {
1905 return interval::includes(off, size, ivl.off, ivl.size);
1906 }
1907 // does *this contain off2?
1908 bool contains(uval_t off2) const
1909 {
1910 return interval::contains(off, size, off2);
1911 }
1912
1913 DECLARE_COMPARISONS(ivl_t);
1914 static const ivl_t allmem;
1915#define ALLMEM ivl_t::allmem
1916};
1917DECLARE_TYPE_AS_MOVABLE(ivl_t);
1918
1919//-------------------------------------------------------------------------
1920struct ivl_with_name_t
1921{
1922 ivl_t ivl;
1923 const char *whole; // name of the whole interval
1924 const char *part; // prefix to use for parts of the interval (e.g. sp+4)
1925 ivl_with_name_t(): ivl(0, BADADDR), whole("<unnamed inteval>"), part(nullptr) {}
1926 DEFINE_MEMORY_ALLOCATION_FUNCS()
1927};
1928
1929//-------------------------------------------------------------------------
1930template <class Ivl, class T>
1931class ivlset_tpl // set of intervals
1932{
1933public:
1934 typedef qvector<Ivl> bag_t;
1935
1936protected:
1937 bag_t bag;
1938 bool verify(void) const;
1939 // we do not store the empty intervals in bag so size == 0 denotes
1940 // MAX_VALUE<T>+1, e.g. 0x100000000 for uint32
1941 static bool ivl_all_values(const Ivl &ivl) { return ivl.off == 0 && ivl.size == 0; }
1942
1943public:
1944 ivlset_tpl(void) {}
1945 ivlset_tpl(const Ivl &ivl) { if ( ivl.valid() ) bag.push_back(ivl); }
1946 DEFINE_MEMORY_ALLOCATION_FUNCS()
1947
1948 void swap(ivlset_tpl &r) { bag.swap(r.bag); }
1949 const Ivl &getivl(int idx) const { return bag[idx]; }
1950 const Ivl &lastivl(void) const { return bag.back(); }
1951 size_t nivls(void) const { return bag.size(); }
1952 bool empty(void) const { return bag.empty(); }
1953 void clear(void) { bag.clear(); }
1954 void qclear(void) { bag.qclear(); }
1955 bool all_values() const { return nivls() == 1 && ivl_all_values(bag[0]); }
1956 void set_all_values() { clear(); bag.push_back(Ivl(0, 0)); }
1957 bool single_value() const { return nivls() == 1 && bag[0].size == 1; }
1958 bool single_value(T v) const { return single_value() && bag[0].off == v; }
1959
1960 bool operator==(const Ivl &v) const { return nivls() == 1 && bag[0] == v; }
1961 bool operator!=(const Ivl &v) const { return !(*this == v); }
1962
1963 typedef typename bag_t::iterator iterator;
1964 typedef typename bag_t::const_iterator const_iterator;
1965 const_iterator begin(void) const { return bag.begin(); }
1966 const_iterator end(void) const { return bag.end(); }
1967 iterator begin(void) { return bag.begin(); }
1968 iterator end(void) { return bag.end(); }
1969};
1970
1971//-------------------------------------------------------------------------
1972/// Set of address intervals.
1973/// Bit arrays are efficient only for small sets. Potentially huge
1974/// sets, like memory ranges, require another representation.
1975/// ivlset_t is used for a list of memory locations in our decompiler.
1976typedef ivlset_tpl<ivl_t, uval_t> uval_ivl_ivlset_t;
1977struct ivlset_t : public uval_ivl_ivlset_t
1978{
1979 typedef ivlset_tpl<ivl_t, uval_t> inherited;
1980 ivlset_t() {}
1981 ivlset_t(const ivl_t &ivl) : inherited(ivl) {}
1982 bool hexapi add(const ivl_t &ivl);
1983 bool add(ea_t ea, asize_t size) { return add(ivl_t(ea, size)); }
1984 bool hexapi add(const ivlset_t &ivs);
1985 bool hexapi addmasked(const ivlset_t &ivs, const ivl_t &mask);
1986 bool hexapi sub(const ivl_t &ivl);
1987 bool sub(ea_t ea, asize_t size) { return sub(ivl_t(ea, size)); }
1988 bool hexapi sub(const ivlset_t &ivs);
1989 bool hexapi has_common(const ivl_t &ivl, bool strict=false) const;
1990 void hexapi print(qstring *vout) const;
1991 const char *hexapi dstr(void) const;
1992 asize_t hexapi count(void) const;
1993 bool hexapi has_common(const ivlset_t &ivs) const;
1994 bool hexapi contains(uval_t off) const;
1995 bool hexapi includes(const ivlset_t &ivs) const;
1996 bool hexapi intersect(const ivlset_t &ivs);
1997
1998 DECLARE_COMPARISONS(ivlset_t);
1999
2000};
2001DECLARE_TYPE_AS_MOVABLE(ivlset_t);
2002typedef qvector<ivlset_t> array_of_ivlsets;
2003//-------------------------------------------------------------------------
2004// We use bitset_t to keep list of registers.
2005// This is the most optimal storage for them.
2006class rlist_t : public bitset_t
2007{
2008public:
2009 rlist_t(void) {}
2010 rlist_t(const rlist_t &m) : bitset_t(m)
2011 {
2012 }
2013 rlist_t(mreg_t reg, int width) { add(reg, width); }
2014 ~rlist_t(void) {}
2015 rlist_t &operator=(const rlist_t &) = default;
2016 void hexapi print(qstring *vout) const;
2017 const char *hexapi dstr() const;
2018};
2019DECLARE_TYPE_AS_MOVABLE(rlist_t);
2020
2021//-------------------------------------------------------------------------
2022// Microlist: list of register and memory locations
2023struct mlist_t
2024{
2025 rlist_t reg; // registers
2026 ivlset_t mem; // memory locations
2027
2028 mlist_t(void) {}
2029 mlist_t(const ivl_t &ivl) : mem(ivl) {}
2030 mlist_t(mreg_t r, int size) : reg(r, size) {}
2031
2032 void swap(mlist_t &r) { reg.swap(r.reg); mem.swap(r.mem); }
2033 bool hexapi addmem(ea_t ea, asize_t size);
2034 bool add(mreg_t r, int size) { return add(mlist_t(r, size)); } // also see append_def_list()
2035 bool add(const rlist_t &r) { return reg.add(r); }
2036 bool add(const ivl_t &ivl) { return add(mlist_t(ivl)); }
2037 bool add(const mlist_t &lst) { return reg.add(lst.reg) | mem.add(lst.mem); }
2038 bool sub(mreg_t r, int size) { return sub(mlist_t(r, size)); }
2039 bool sub(const ivl_t &ivl) { return sub(mlist_t(ivl)); }
2040 bool sub(const mlist_t &lst) { return reg.sub(lst.reg) | mem.sub(lst.mem); }
2041 asize_t count(void) const { return reg.count() + mem.count(); }
2042 void hexapi print(qstring *vout) const;
2043 const char *hexapi dstr() const;
2044 bool empty(void) const { return reg.empty() && mem.empty(); }
2045 void clear(void) { reg.clear(); mem.clear(); }
2046 bool has(mreg_t r) const { return reg.has(r); }
2047 bool has_all(mreg_t r, int size) const { return reg.has_all(r, size); }
2048 bool has_any(mreg_t r, int size) const { return reg.has_any(r, size); }
2049 bool has_memory(void) const { return !mem.empty(); }
2050 bool has_allmem(void) const { return mem == ALLMEM; }
2051 bool has_common(const mlist_t &lst) const { return reg.has_common(lst.reg) || mem.has_common(lst.mem); }
2052 bool includes(const mlist_t &lst) const { return reg.includes(lst.reg) && mem.includes(lst.mem); }
2053 bool intersect(const mlist_t &lst) { return reg.intersect(lst.reg) | mem.intersect(lst.mem); }
2054 bool is_subset_of(const mlist_t &lst) const { return lst.includes(*this); }
2055
2056 DECLARE_COMPARISONS(mlist_t);
2057 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2058};
2059DECLARE_TYPE_AS_MOVABLE(mlist_t);
2060typedef qvector<mlist_t> mlistvec_t;
2061DECLARE_TYPE_AS_MOVABLE(mlistvec_t);
2062
2063//-------------------------------------------------------------------------
2064/// Get list of temporary registers.
2065/// Tempregs are temporary registers that are used during code generation.
2066/// They do not map to regular processor registers. They are used only to
2067/// store temporary values during execution of one instruction.
2068/// Tempregs may not be used to pass a value from one block to another.
2069/// In other words, at the end of a block all tempregs must be dead.
2070const mlist_t &hexapi get_temp_regs(void);
2071
2072/// Is a kernel register?
2073/// Kernel registers are temporary registers that can be used freely.
2074/// They may be used to store values that cross instruction or basic block
2075/// boundaries. Kernel registers do not map to regular processor registers.
2076/// See also \ref mba_t::alloc_kreg()
2077bool hexapi is_kreg(mreg_t r);
2078
2079/// Map a processor register to a microregister.
2080/// \param reg processor register number
2081/// \return microregister register id or mr_none
2082mreg_t hexapi reg2mreg(int reg);
2083
2084/// Map a microregister to a processor register.
2085/// \param reg microregister number
2086/// \param width size of microregister in bytes
2087/// \return processor register id or -1
2088int hexapi mreg2reg(mreg_t reg, int width);
2089
2090/// Get the microregister name.
2091/// \param out output buffer, may be nullptr
2092/// \param reg microregister number
2093/// \param width size of microregister in bytes. may be bigger than the real
2094/// register size.
2095/// \param ud reserved, must be nullptr
2096/// \return width of the printed register. this value may be less than
2097/// the WIDTH argument.
2098
2099int hexapi get_mreg_name(qstring *out, mreg_t reg, int width, void *ud=nullptr);
2100
2101//-------------------------------------------------------------------------
2102/// User defined callback to optimize individual microcode instructions
2103struct optinsn_t
2104{
2105 /// Optimize an instruction.
2106 /// \param blk current basic block. maybe nullptr, which means that
2107 /// the instruction must be optimized without context
2108 /// \param ins instruction to optimize; it is always a top-level instruction.
2109 /// the callback may not delete the instruction but may
2110 /// convert it into nop (see mblock_t::make_nop). to optimize
2111 /// sub-instructions, visit them using minsn_visitor_t.
2112 /// sub-instructions may not be converted into nop but
2113 /// can be converted to "mov x,x". for example:
2114 /// add x,0,x => mov x,x
2115 /// this callback may change other instructions in the block,
2116 /// but should do this with care, e.g. to no break the
2117 /// propagation algorithm if called with OPTI_NO_LDXOPT.
2118 /// \param optflags combination of \ref OPTI_ bits
2119 /// \return number of changes made to the instruction.
2120 /// if after this call the instruction's use/def lists have changed,
2121 /// you must mark the block level lists as dirty (see mark_lists_dirty)
2122 virtual int idaapi func(mblock_t *blk, minsn_t *ins, int optflags) = 0;
2123};
2124
2125/// Install an instruction level custom optimizer
2126/// \param opt an instance of optinsn_t. cannot be destroyed before calling
2127/// remove_optinsn_handler().
2128void hexapi install_optinsn_handler(optinsn_t *opt);
2129
2130/// Remove an instruction level custom optimizer
2131bool hexapi remove_optinsn_handler(optinsn_t *opt);
2132
2133/// User defined callback to optimize microcode blocks
2134struct optblock_t
2135{
2136 /// Optimize a block.
2137 /// This function usually performs the optimizations that require analyzing
2138 /// the entire block and/or its neighbors. For example it can recognize
2139 /// patterns and perform conversions like:
2140 /// b0: b0:
2141 /// ... ...
2142 /// jnz x, 0, @b2 => jnz x, 0, @b2
2143 /// b1: b1:
2144 /// add x, 0, y mov x, y
2145 /// ... ...
2146 /// \param blk Basic block to optimize as a whole.
2147 /// \return number of changes made to the block. See also mark_lists_dirty.
2148 virtual int idaapi func(mblock_t *blk) = 0;
2149};
2150
2151/// Install a block level custom optimizer.
2152/// \param opt an instance of optblock_t. cannot be destroyed before calling
2153/// remove_optblock_handler().
2154void hexapi install_optblock_handler(optblock_t *opt);
2155
2156/// Remove a block level custom optimizer
2157bool hexapi remove_optblock_handler(optblock_t *opt);
2158
2159
2160//-------------------------------------------------------------------------
2161// abstract graph interface
2162class simple_graph_t : public gdl_graph_t
2163{
2164public:
2165 qstring title;
2166 bool colored_gdl_edges;
2167private:
2168 friend class iterator;
2169 virtual int goup(int node) const newapi;
2170};
2171
2172//-------------------------------------------------------------------------
2173// Since our data structures are quite complex, we use the visitor pattern
2174// in many of our algorthims. This functionality is available for plugins too.
2175// https://en.wikipedia.org/wiki/Visitor_pattern
2176
2177// All our visitor callbacks return an integer value.
2178// Visiting is interrupted as soon an the return value is non-zero.
2179// This non-zero value is returned as the result of the for_all_... function.
2180// If for_all_... returns 0, it means that it successfully visited all items.
2181
2182/// The context info used by visitors
2183struct op_parent_info_t
2184{
2185 mba_t *mba; // current microcode
2186 mblock_t *blk; // current block
2187 minsn_t *topins; // top level instruction (parent of curins or curins itself)
2188 minsn_t *curins; // currently visited instruction
2189 op_parent_info_t(
2190 mba_t *_mba=nullptr,
2191 mblock_t *_blk=nullptr,
2192 minsn_t *_topins=nullptr)
2193 : mba(_mba), blk(_blk), topins(_topins), curins(nullptr) {}
2194 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2195 bool really_alloc(void) const;
2196};
2197
2198/// Micro instruction visitor.
2199/// See mba_t::for_all_topinsns, minsn_t::for_all_insns,
2200/// mblock_::for_all_insns, mba_t::for_all_insns
2201struct minsn_visitor_t : public op_parent_info_t
2202{
2203 minsn_visitor_t(
2204 mba_t *_mba=nullptr,
2205 mblock_t *_blk=nullptr,
2206 minsn_t *_topins=nullptr)
2207 : op_parent_info_t(_mba, _blk, _topins) {}
2208 virtual int idaapi visit_minsn(void) = 0;
2209};
2210
2211/// Micro operand visitor.
2212/// See mop_t::for_all_ops, minsn_t::for_all_ops, mblock_t::for_all_insns,
2213/// mba_t::for_all_insns
2214struct mop_visitor_t : public op_parent_info_t
2215{
2216 mop_visitor_t(
2217 mba_t *_mba=nullptr,
2218 mblock_t *_blk=nullptr,
2219 minsn_t *_topins=nullptr)
2220 : op_parent_info_t(_mba, _blk, _topins), prune(false) {}
2221 /// Should skip sub-operands of the current operand?
2222 /// visit_mop() may set 'prune=true' for that.
2223 bool prune;
2224 virtual int idaapi visit_mop(mop_t *op, const tinfo_t *type, bool is_target) = 0;
2225};
2226
2227/// Scattered mop: visit each of the scattered locations as a separate mop.
2228/// See mop_t::for_all_scattered_submops
2229struct scif_visitor_t
2230{
2231 virtual int idaapi visit_scif_mop(const mop_t &r, int off) = 0;
2232};
2233
2234// Used operand visitor.
2235// See mblock_t::for_all_uses
2236struct mlist_mop_visitor_t
2237{
2238 minsn_t *topins;
2239 minsn_t *curins;
2240 bool changed;
2241 mlist_t *list;
2242 mlist_mop_visitor_t(void): topins(nullptr), curins(nullptr), changed(false), list(nullptr) {}
2243 virtual int idaapi visit_mop(mop_t *op) = 0;
2244};
2245
2246//-------------------------------------------------------------------------
2247/// Instruction operand types
2248
2249typedef uint8 mopt_t;
2250const mopt_t
2251 mop_z = 0, ///< none
2252 mop_r = 1, ///< register (they exist until MMAT_LVARS)
2253 mop_n = 2, ///< immediate number constant
2254 mop_str = 3, ///< immediate string constant (user representation)
2255 mop_d = 4, ///< result of another instruction
2256 mop_S = 5, ///< local stack variable (they exist until MMAT_LVARS)
2257 mop_v = 6, ///< global variable
2258 mop_b = 7, ///< micro basic block (mblock_t)
2259 mop_f = 8, ///< list of arguments
2260 mop_l = 9, ///< local variable
2261 mop_a = 10, ///< mop_addr_t: address of operand (mop_l, mop_v, mop_S, mop_r)
2262 mop_h = 11, ///< helper function
2263 mop_c = 12, ///< mcases
2264 mop_fn = 13, ///< floating point constant
2265 mop_p = 14, ///< operand pair
2266 mop_sc = 15; ///< scattered
2267
2268const int NOSIZE = -1; ///< wrong or unexisting operand size
2269
2270//-------------------------------------------------------------------------
2271/// Reference to a local variable. Used by mop_l
2272struct lvar_ref_t
2273{
2274 /// Pointer to the parent mba_t object.
2275 /// Since we need to access the 'mba->vars' array in order to retrieve
2276 /// the referenced variable, we keep a pointer to mba_t here.
2277 /// Note: this means this class and consequently mop_t, minsn_t, mblock_t
2278 /// are specific to a mba_t object and cannot migrate between
2279 /// them. fortunately this is not something we need to do.
2280 /// second, lvar_ref_t's appear only after MMAT_LVARS.
2281 mba_t *const mba;
2282 sval_t off; ///< offset from the beginning of the variable
2283 int idx; ///< index into mba->vars
2284 lvar_ref_t(mba_t *m, int i, sval_t o=0) : mba(m), off(o), idx(i) {}
2285 lvar_ref_t(const lvar_ref_t &r) : mba(r.mba), off(r.off), idx(r.idx) {}
2286 lvar_ref_t &operator=(const lvar_ref_t &r)
2287 {
2288 off = r.off;
2289 idx = r.idx;
2290 return *this;
2291 }
2292 DECLARE_COMPARISONS(lvar_ref_t);
2293 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2294 void swap(lvar_ref_t &r)
2295 {
2296 std::swap(off, r.off);
2297 std::swap(idx, r.idx);
2298 }
2299 lvar_t &hexapi var(void) const; ///< Retrieve the referenced variable
2300};
2301
2302//-------------------------------------------------------------------------
2303/// Reference to a stack variable. Used for mop_S
2304struct stkvar_ref_t
2305{
2306 /// Pointer to the parent mba_t object.
2307 /// We need it in order to retrieve the referenced stack variable.
2308 /// See notes for lvar_ref_t::mba.
2309 mba_t *const mba;
2310
2311 /// Offset to the stack variable from the bottom of the stack frame.
2312 /// It is called 'decompiler stkoff' and it is different from IDA stkoff.
2313 /// See a note and a picture about 'decompiler stkoff' below.
2314 sval_t off;
2315
2316 stkvar_ref_t(mba_t *m, sval_t o) : mba(m), off(o) {}
2317 DECLARE_COMPARISONS(stkvar_ref_t);
2318 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2319 void swap(stkvar_ref_t &r)
2320 {
2321 std::swap(off, r.off);
2322 }
2323 /// Retrieve the referenced stack variable.
2324 /// \param p_off if specified, will hold IDA stkoff after the call.
2325 /// \return pointer to the stack variable
2326 member_t *hexapi get_stkvar(uval_t *p_off=nullptr) const;
2327};
2328
2329//-------------------------------------------------------------------------
2330/// Scattered operand info. Used for mop_sc
2331struct scif_t : public vdloc_t
2332{
2333 /// Pointer to the parent mba_t object.
2334 /// Some operations may convert a scattered operand into something simpler,
2335 /// (a stack operand, for example). We will need to create stkvar_ref_t at
2336 /// that moment, this is why we need this pointer.
2337 /// See notes for lvar_ref_t::mba.
2338 mba_t *mba;
2339
2340 /// Usually scattered operands are created from a function prototype,
2341 /// which has the name information. We preserve it and use it to name
2342 /// the corresponding local variable.
2343 qstring name;
2344
2345 /// Scattered operands always have type info assigned to them
2346 /// because without it we won't be able to manipulte them.
2347 tinfo_t type;
2348
2349 scif_t(mba_t *_mba, tinfo_t *tif, qstring *n=nullptr) : mba(_mba)
2350 {
2351 if ( n != nullptr )
2352 n->swap(name);
2353 tif->swap(type);
2354 }
2355 scif_t &operator =(const vdloc_t &loc)
2356 {
2357 *(vdloc_t *)this = loc;
2358 return *this;
2359 }
2360};
2361
2362//-------------------------------------------------------------------------
2363/// An integer constant. Used for mop_n
2364/// We support 64-bit values but 128-bit values can be represented with mop_p
2365struct mnumber_t : public operand_locator_t
2366{
2367 uint64 value;
2368 uint64 org_value; // original value before changing the operand size
2369 mnumber_t(uint64 v, ea_t _ea=BADADDR, int n=0)
2370 : operand_locator_t(_ea, n), value(v), org_value(v) {}
2371 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2372 DECLARE_COMPARISONS(mnumber_t)
2373 {
2374 if ( value < r.value )
2375 return -1;
2376 if ( value > r.value )
2377 return -1;
2378 return 0;
2379 }
2380 // always use this function instead of manually modifying the 'value' field
2381 void update_value(uint64 val64)
2382 {
2383 value = val64;
2384 org_value = val64;
2385 }
2386};
2387
2388//-------------------------------------------------------------------------
2389/// Floating point constant. Used for mop_fn
2390/// For more details, please see the ieee.h file from IDA SDK.
2391struct fnumber_t
2392{
2393 fpvalue_t fnum; ///< Internal representation of the number
2394 int nbytes; ///< Original size of the constant in bytes
2395 operator uint16 *(void) { return fnum.w; }
2396 operator const uint16 *(void) const { return fnum.w; }
2397 void hexapi print(qstring *vout) const;
2398 const char *hexapi dstr() const;
2399 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2400 DECLARE_COMPARISONS(fnumber_t)
2401 {
2402 return ecmp(fnum, r.fnum);
2403 }
2404};
2405
2406//-------------------------------------------------------------------------
2407/// \defgroup SHINS_ Bits to control how we print instructions
2408//@{
2409#define SHINS_NUMADDR 0x01 ///< display definition addresses for numbers
2410#define SHINS_VALNUM 0x02 ///< display value numbers
2411#define SHINS_SHORT 0x04 ///< do not display use-def chains and other attrs
2412#define SHINS_LDXEA 0x08 ///< display address of ldx expressions (not used)
2413//@}
2414
2415//-------------------------------------------------------------------------
2416/// How to handle side effect of change_size()
2417/// Sometimes we need to create a temporary operand and change its size in order
2418/// to check some hypothesis. If we revert our changes, we do not want that the
2419/// database (global variables, stack frame, etc) changes in any manner.
2420enum side_effect_t
2421{
2422 NO_SIDEFF, ///< change operand size but ignore side effects
2423 ///< if you decide to keep the changed operand,
2424 ///< handle_new_size() must be called
2425 WITH_SIDEFF, ///< change operand size and handle side effects
2426 ONLY_SIDEFF, ///< only handle side effects
2427 ANY_REGSIZE = 0x80, ///< any register size is permitted
2428 ANY_FPSIZE = 0x100, ///< any size of floating operand is permitted
2429};
2430
2431//-------------------------------------------------------------------------
2432/// A microinstruction operand.
2433/// This is the smallest building block of our microcode.
2434/// Operands will be part of instructions, which are then grouped into basic blocks.
2435/// The microcode consists of an array of such basic blocks + some additional info.
2436class mop_t
2437{
2438 void hexapi copy(const mop_t &rop);
2439public:
2440 /// Operand type.
2441 mopt_t t;
2442
2443 /// Operand properties.
2444 uint8 oprops;
2445#define OPROP_IMPDONE 0x01 ///< imported operand (a pointer) has been dereferenced
2446#define OPROP_UDT 0x02 ///< a struct or union
2447#define OPROP_FLOAT 0x04 ///< possibly floating value
2448#define OPROP_CCFLAGS 0x08 ///< mop_n: a pc-relative value
2449 ///< mop_a: an address obtained from a relocation
2450 ///< else: value of a condition code register (like mr_cc)
2451#define OPROP_UDEFVAL 0x10 ///< uses undefined value
2452#define OPROP_LOWADDR 0x20 ///< a low address offset
2453
2454 /// Value number.
2455 /// Zero means unknown.
2456 /// Operands with the same value number are equal.
2457 uint16 valnum;
2458
2459 /// Operand size.
2460 /// Usually it is 1,2,4,8 or NOSIZE but for UDTs other sizes are permitted
2461 int size;
2462
2463 /// The following union holds additional details about the operand.
2464 /// Depending on the operand type different kinds of info are stored.
2465 /// You should access these fields only after verifying the operand type.
2466 /// All pointers are owned by the operand and are freed by its destructor.
2467 union
2468 {
2469 mreg_t r; // mop_r register number
2470 mnumber_t *nnn; // mop_n immediate value
2471 minsn_t *d; // mop_d result (destination) of another instruction
2472 stkvar_ref_t *s; // mop_S stack variable
2473 ea_t g; // mop_v global variable (its linear address)
2474 int b; // mop_b block number (used in jmp,call instructions)
2475 mcallinfo_t *f; // mop_f function call information
2476 lvar_ref_t *l; // mop_l local variable
2477 mop_addr_t *a; // mop_a variable whose address is taken
2478 char *helper; // mop_h helper function name
2479 char *cstr; // mop_str utf8 string constant, user representation
2480 mcases_t *c; // mop_c cases
2481 fnumber_t *fpc; // mop_fn floating point constant
2482 mop_pair_t *pair; // mop_p operand pair
2483 scif_t *scif; // mop_sc scattered operand info
2484 };
2485 // -- End of data fields, member function declarations follow:
2486
2487 void set_impptr_done(void) { oprops |= OPROP_IMPDONE; }
2488 void set_udt(void) { oprops |= OPROP_UDT; }
2489 void set_undef_val(void) { oprops |= OPROP_UDEFVAL; }
2490 void set_lowaddr(void) { oprops |= OPROP_LOWADDR; }
2491 bool is_impptr_done(void) const { return (oprops & OPROP_IMPDONE) != 0; }
2492 bool is_udt(void) const { return (oprops & OPROP_UDT) != 0; }
2493 bool probably_floating(void) const { return (oprops & OPROP_FLOAT) != 0; }
2494 bool is_undef_val(void) const { return (oprops & OPROP_UDEFVAL) != 0; }
2495 bool is_lowaddr(void) const { return (oprops & OPROP_LOWADDR) != 0; }
2496 bool is_ccflags(void) const
2497 {
2498 return (oprops & OPROP_CCFLAGS) != 0
2499 && (t == mop_l || t == mop_v || t == mop_S || t == mop_r);
2500 }
2501 bool is_pcval(void) const
2502 {
2503 return t == mop_n && (oprops & OPROP_CCFLAGS) != 0;
2504 }
2505 bool is_glbaddr_from_fixup() const
2506 {
2507 return is_glbaddr() && (oprops & OPROP_CCFLAGS) != 0;
2508 }
2509
2510 mop_t(void) { zero(); }
2511 mop_t(const mop_t &rop) { copy(rop); }
2512 mop_t(mreg_t _r, int _s) : t(mop_r), oprops(0), valnum(0), size(_s), r(_r) {}
2513 mop_t &operator=(const mop_t &rop) { return assign(rop); }
2514 mop_t &hexapi assign(const mop_t &rop);
2515 ~mop_t(void)
2516 {
2517 erase();
2518 }
2519 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2520 void zero() { t = mop_z; oprops = 0; valnum = 0; size = NOSIZE; nnn = nullptr; }
2521 void hexapi swap(mop_t &rop);
2522 void hexapi erase(void);
2523 void erase_but_keep_size(void) { int s2 = size; erase(); size = s2; }
2524
2525 void hexapi print(qstring *vout, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
2526 const char *hexapi dstr() const; // use this function for debugging
2527
2528 //-----------------------------------------------------------------------
2529 // Operand creation
2530 //-----------------------------------------------------------------------
2531 /// Create operand from mlist_t.
2532 /// Example: if LST contains 4 bits for R0.4, our operand will be
2533 /// (t=mop_r, r=R0, size=4)
2534 /// \param mba pointer to microcode
2535 /// \param lst list of locations
2536 /// \param fullsize mba->fullsize
2537 /// \return success
2538 bool hexapi create_from_mlist(mba_t *mba, const mlist_t &lst, sval_t fullsize);
2539
2540 /// Create operand from ivlset_t.
2541 /// Example: if IVS contains [glbvar..glbvar+4), our operand will be
2542 /// (t=mop_v, g=&glbvar, size=4)
2543 /// \param mba pointer to microcode
2544 /// \param ivs set of memory intervals
2545 /// \param fullsize mba->fullsize
2546 /// \return success
2547 bool hexapi create_from_ivlset(mba_t *mba, const ivlset_t &ivs, sval_t fullsize);
2548
2549 /// Create operand from vdloc_t.
2550 /// Example: if LOC contains (type=ALOC_REG1, r=R0), our operand will be
2551 /// (t=mop_r, r=R0, size=_SIZE)
2552 /// \param mba pointer to microcode
2553 /// \param loc location
2554 /// \param _size operand size
2555 /// Note: this function cannot handle scattered locations.
2556 /// \return success
2557 void hexapi create_from_vdloc(mba_t *mba, const vdloc_t &loc, int _size);
2558
2559 /// Create operand from scattered vdloc_t.
2560 /// Example: if LOC is (ALOC_DIST, {EAX.4, EDX.4}) and TYPE is _LARGE_INTEGER,
2561 /// our operand will be
2562 /// (t=mop_sc, scif={EAX.4, EDX.4})
2563 /// \param mba pointer to microcode
2564 /// \param name name of the operand, if available
2565 /// \param type type of the operand, must be present
2566 /// \param loc a scattered location
2567 /// \return success
2568 void hexapi create_from_scattered_vdloc(
2569 mba_t *mba,
2570 const char *name,
2571 tinfo_t type,
2572 const vdloc_t &loc);
2573
2574 /// Create operand from an instruction.
2575 /// This function creates a nested instruction that can be used as an operand.
2576 /// Example: if m="add x,y,z", our operand will be (t=mop_d,d=m).
2577 /// The destination operand of 'add' (z) is lost.
2578 /// \param m instruction to embed into operand. may not be nullptr.
2579 void hexapi create_from_insn(const minsn_t *m);
2580
2581 /// Create an integer constant operand.
2582 /// \param _value value to store in the operand
2583 /// \param _size size of the value in bytes (1,2,4,8)
2584 /// \param _ea address of the processor instruction that made the value
2585 /// \param opnum operand number of the processor instruction
2586 void hexapi make_number(uint64 _value, int _size, ea_t _ea=BADADDR, int opnum=0);
2587
2588 /// Create a floating point constant operand.
2589 /// \param bytes pointer to the floating point value as used by the current
2590 /// processor (e.g. for x86 it must be in IEEE 754)
2591 /// \param _size number of bytes occupied by the constant.
2592 /// \return success
2593 bool hexapi make_fpnum(const void *bytes, size_t _size);
2594
2595 /// Create a register operand without erasing previous data.
2596 /// \param reg micro register number
2597 /// Note: this function does not erase the previous contents of the operand;
2598 /// call erase() if necessary
2599 void _make_reg(mreg_t reg)
2600 {
2601 t = mop_r;
2602 r = reg;
2603 }
2604 void _make_reg(mreg_t reg, int _size)
2605 {
2606 t = mop_r;
2607 r = reg;
2608 size = _size;
2609 }
2610 /// Create a register operand.
2611 void make_reg(mreg_t reg) { erase(); _make_reg(reg); }
2612 void make_reg(mreg_t reg, int _size) { erase(); _make_reg(reg, _size); }
2613
2614 /// Create a local variable operand.
2615 /// \param mba pointer to microcode
2616 /// \param idx index into mba->vars
2617 /// \param off offset from the beginning of the variable
2618 /// Note: this function does not erase the previous contents of the operand;
2619 /// call erase() if necessary
2620 void _make_lvar(mba_t *mba, int idx, sval_t off=0)
2621 {
2622 t = mop_l;
2623 l = new lvar_ref_t(mba, idx, off);
2624 }
2625
2626 /// Create a global variable operand without erasing previous data.
2627 /// \param ea address of the variable
2628 /// Note: this function does not erase the previous contents of the operand;
2629 /// call erase() if necessary
2630 void hexapi _make_gvar(ea_t ea);
2631 /// Create a global variable operand.
2632 void hexapi make_gvar(ea_t ea);
2633
2634 /// Create a stack variable operand.
2635 /// \param mba pointer to microcode
2636 /// \param off decompiler stkoff
2637 /// Note: this function does not erase the previous contents of the operand;
2638 /// call erase() if necessary
2639 void _make_stkvar(mba_t *mba, sval_t off)
2640 {
2641 t = mop_S;
2642 s = new stkvar_ref_t(mba, off);
2643 }
2644 void make_stkvar(mba_t *mba, sval_t off) { erase(); _make_stkvar(mba, off); }
2645
2646 /// Create pair of registers.
2647 /// \param loreg register holding the low part of the value
2648 /// \param hireg register holding the high part of the value
2649 /// \param halfsize the size of each of loreg/hireg
2650 void hexapi make_reg_pair(int loreg, int hireg, int halfsize);
2651
2652 /// Create a nested instruction without erasing previous data.
2653 /// \param ins pointer to the instruction to encapsulate into the operand
2654 /// Note: this function does not erase the previous contents of the operand;
2655 /// call erase() if necessary
2656 /// See also create_from_insn, which is higher level
2657 void _make_insn(minsn_t *ins);
2658 /// Create a nested instruction.
2659 void make_insn(minsn_t *ins) { erase(); _make_insn(ins); }
2660
2661 /// Create a block reference operand without erasing previous data.
2662 /// \param blknum block number
2663 /// Note: this function does not erase the previous contents of the operand;
2664 /// call erase() if necessary
2665 void _make_blkref(int blknum)
2666 {
2667 t = mop_b;
2668 b = blknum;
2669 }
2670 /// Create a global variable operand.
2671 void make_blkref(int blknum) { erase(); _make_blkref(blknum); }
2672
2673 /// Create a helper operand.
2674 /// A helper operand usually keeps a built-in function name like "va_start"
2675 /// It is essentially just an arbitrary identifier without any additional info.
2676 void hexapi make_helper(const char *name);
2677
2678 /// Create a constant string operand.
2679 void _make_strlit(const char *str)
2680 {
2681 t = mop_str;
2682 cstr = ::qstrdup(str);
2683 }
2684 void _make_strlit(qstring *str) // str is consumed
2685 {
2686 t = mop_str;
2687 cstr = str->extract();
2688 }
2689
2690 /// Create a call info operand without erasing previous data.
2691 /// \param fi callinfo
2692 /// Note: this function does not erase the previous contents of the operand;
2693 /// call erase() if necessary
2694 void _make_callinfo(mcallinfo_t *fi)
2695 {
2696 t = mop_f;
2697 f = fi;
2698 }
2699
2700 /// Create a 'switch cases' operand without erasing previous data.
2701 /// Note: this function does not erase the previous contents of the operand;
2702 /// call erase() if necessary
2703 void _make_cases(mcases_t *_cases)
2704 {
2705 t = mop_c;
2706 c = _cases;
2707 }
2708
2709 /// Create a pair operand without erasing previous data.
2710 /// Note: this function does not erase the previous contents of the operand;
2711 /// call erase() if necessary
2712 void _make_pair(mop_pair_t *_pair)
2713 {
2714 t = mop_p;
2715 pair = _pair;
2716 }
2717
2718 //-----------------------------------------------------------------------
2719 // Various operand tests
2720 //-----------------------------------------------------------------------
2721 bool empty(void) const { return t == mop_z; }
2722 /// Is a register operand?
2723 /// See also get_mreg_name()
2724 bool is_reg(void) const { return t == mop_r; }
2725 /// Is the specified register?
2726 bool is_reg(mreg_t _r) const { return t == mop_r && r == _r; }
2727 /// Is the specified register of the specified size?
2728 bool is_reg(mreg_t _r, int _size) const { return t == mop_r && r == _r && size == _size; }
2729 /// Is a list of arguments?
2730 bool is_arglist(void) const { return t == mop_f; }
2731 /// Is a condition code?
2732 bool is_cc(void) const { return is_reg() && r >= mr_cf && r < mr_first; }
2733 /// Is a bit register?
2734 /// This includes condition codes and eventually other bit registers
2735 static bool hexapi is_bit_reg(mreg_t reg);
2736 bool is_bit_reg(void) const { return is_reg() && is_bit_reg(r); }
2737 /// Is a kernel register?
2738 bool is_kreg(void) const;
2739 /// Is a block reference to the specified block?
2740 bool is_mob(int serial) const { return t == mop_b && b == serial; }
2741 /// Is a scattered operand?
2742 bool is_scattered(void) const { return t == mop_sc; }
2743 /// Is address of a global memory cell?
2744 bool is_glbaddr() const;
2745 /// Is address of the specified global memory cell?
2746 bool is_glbaddr(ea_t ea) const;
2747 /// Is address of a stack variable?
2748 bool is_stkaddr() const;
2749 /// Is a sub-instruction?
2750 bool is_insn(void) const { return t == mop_d; }
2751 /// Is a sub-instruction with the specified opcode?
2752 bool is_insn(mcode_t code) const;
2753 /// Has any side effects?
2754 /// \param include_ldx_and_divs consider ldx/div/mod as having side effects?
2755 bool has_side_effects(bool include_ldx_and_divs=false) const;
2756 /// Is it possible for the operand to use aliased memory?
2757 bool hexapi may_use_aliased_memory(void) const;
2758
2759 /// Are the possible values of the operand only 0 and 1?
2760 /// This function returns true for 0/1 constants, bit registers,
2761 /// the result of 'set' insns, etc.
2762 bool hexapi is01(void) const;
2763
2764 /// Does the high part of the operand consist of the sign bytes?
2765 /// \param nbytes number of bytes that were sign extended.
2766 /// the remaining size-nbytes high bytes must be sign bytes
2767 /// Example: is_sign_extended_from(xds.4(op.1), 1) -> true
2768 /// because the high 3 bytes are certainly sign bits
2769 bool hexapi is_sign_extended_from(int nbytes) const;
2770
2771 /// Does the high part of the operand consist of zero bytes?
2772 /// \param nbytes number of bytes that were zero extended.
2773 /// the remaining size-nbytes high bytes must be zero
2774 /// Example: is_zero_extended_from(xdu.8(op.1), 2) -> true
2775 /// because the high 6 bytes are certainly zero
2776 bool hexapi is_zero_extended_from(int nbytes) const;
2777
2778 /// Does the high part of the operand consist of zero or sign bytes?
2779 bool is_extended_from(int nbytes, bool is_signed) const
2780 {
2781 if ( is_signed )
2782 return is_sign_extended_from(nbytes);
2783 else
2784 return is_zero_extended_from(nbytes);
2785 }
2786
2787 //-----------------------------------------------------------------------
2788 // Comparisons
2789 //-----------------------------------------------------------------------
2790 /// Compare operands.
2791 /// This is the main comparison function for operands.
2792 /// \param rop operand to compare with
2793 /// \param eqflags combination of \ref EQ_ bits
2794 bool hexapi equal_mops(const mop_t &rop, int eqflags) const;
2795 bool operator==(const mop_t &rop) const { return equal_mops(rop, 0); }
2796 bool operator!=(const mop_t &rop) const { return !equal_mops(rop, 0); }
2797
2798 /// Lexographical operand comparison.
2799 /// It can be used to store mop_t in various containers, like std::set
2800 bool operator <(const mop_t &rop) const { return lexcompare(rop) < 0; }
2801 friend int lexcompare(const mop_t &a, const mop_t &b) { return a.lexcompare(b); }
2802 int hexapi lexcompare(const mop_t &rop) const;
2803
2804 //-----------------------------------------------------------------------
2805 // Visiting operand parts
2806 //-----------------------------------------------------------------------
2807 /// Visit the operand and all its sub-operands.
2808 /// This function visits the current operand as well.
2809 /// \param mv visitor object
2810 /// \param type operand type
2811 /// \param is_target is a destination operand?
2812 int hexapi for_all_ops(
2813 mop_visitor_t &mv,
2814 const tinfo_t *type=nullptr,
2815 bool is_target=false);
2816
2817 /// Visit all sub-operands of a scattered operand.
2818 /// This function does not visit the current operand, only its sub-operands.
2819 /// All sub-operands are synthetic and are destroyed after the visitor.
2820 /// This function works only with scattered operands.
2821 /// \param sv visitor object
2822 int hexapi for_all_scattered_submops(scif_visitor_t &sv) const;
2823
2824 //-----------------------------------------------------------------------
2825 // Working with mop_n operands
2826 //-----------------------------------------------------------------------
2827 /// Retrieve value of a constant integer operand.
2828 /// These functions can be called only for mop_n operands.
2829 /// See is_constant() that can be called on any operand.
2830 uint64 value(bool is_signed) const { return extend_sign(nnn->value, size, is_signed); }
2831 int64 signed_value(void) const { return value(true); }
2832 uint64 unsigned_value(void) const { return value(false); }
2833 void update_numop_value(uint64 val)
2834 {
2835 nnn->update_value(extend_sign(val, size, false));
2836 }
2837
2838 /// Retrieve value of a constant integer operand.
2839 /// \param out pointer to the output buffer
2840 /// \param is_signed should treat the value as signed
2841 /// \return true if the operand is mop_n
2842 bool hexapi is_constant(uint64 *out=nullptr, bool is_signed=true) const;
2843
2844 bool is_equal_to(uint64 n, bool is_signed=true) const
2845 {
2846 uint64 v;
2847 return is_constant(&v, is_signed) && v == n;
2848 }
2849 bool is_zero(void) const { return is_equal_to(0, false); }
2850 bool is_one(void) const { return is_equal_to(1, false); }
2851 bool is_positive_constant(void) const
2852 {
2853 uint64 v;
2854 return is_constant(&v, true) && int64(v) > 0;
2855 }
2856 bool is_negative_constant(void) const
2857 {
2858 uint64 v;
2859 return is_constant(&v, true) && int64(v) < 0;
2860 }
2861
2862 //-----------------------------------------------------------------------
2863 // Working with mop_S operands
2864 //-----------------------------------------------------------------------
2865 /// Retrieve the referenced stack variable.
2866 /// \param p_off if specified, will hold IDA stkoff after the call.
2867 /// \return pointer to the stack variable
2868 member_t *get_stkvar(uval_t *p_off) const { return s->get_stkvar(p_off); }
2869
2870 /// Get the referenced stack offset.
2871 /// This function can also handle mop_sc if it is entirely mapped into
2872 /// a continuous stack region.
2873 /// \param p_off the output buffer
2874 /// \return success
2875 bool hexapi get_stkoff(sval_t *p_off) const;
2876
2877 //-----------------------------------------------------------------------
2878 // Working with mop_d operands
2879 //-----------------------------------------------------------------------
2880 /// Get subinstruction of the operand.
2881 /// If the operand has a subinstruction with the specified opcode, return it.
2882 /// \param code desired opcode
2883 /// \return pointer to the instruction or nullptr
2884 const minsn_t *get_insn(mcode_t code) const;
2885 minsn_t *get_insn(mcode_t code);
2886
2887 //-----------------------------------------------------------------------
2888 // Transforming operands
2889 //-----------------------------------------------------------------------
2890 /// Make the low part of the operand.
2891 /// This function takes into account the memory endianness (byte sex)
2892 /// \param width the desired size of the operand part in bytes
2893 /// \return success
2894 bool hexapi make_low_half(int width);
2895
2896 /// Make the high part of the operand.
2897 /// This function takes into account the memory endianness (byte sex)
2898 /// \param width the desired size of the operand part in bytes
2899 /// \return success
2900 bool hexapi make_high_half(int width);
2901
2902 /// Make the first part of the operand.
2903 /// This function does not care about the memory endianness
2904 /// \param width the desired size of the operand part in bytes
2905 /// \return success
2906 bool hexapi make_first_half(int width);
2907
2908 /// Make the second part of the operand.
2909 /// This function does not care about the memory endianness
2910 /// \param width the desired size of the operand part in bytes
2911 /// \return success
2912 bool hexapi make_second_half(int width);
2913
2914 /// Shift the operand.
2915 /// This function shifts only the beginning of the operand.
2916 /// The operand size will be changed.
2917 /// Examples: shift_mop(AH.1, -1) -> AX.2
2918 /// shift_mop(qword_00000008.8, 4) -> dword_0000000C.4
2919 /// shift_mop(xdu.8(op.4), 4) -> #0.4
2920 /// shift_mop(#0x12345678.4, 3) -> #12.1
2921 /// \param offset shift count (the number of bytes to shift)
2922 /// \return success
2923 bool hexapi shift_mop(int offset);
2924
2925 /// Change the operand size.
2926 /// Examples: change_size(AL.1, 2) -> AX.2
2927 /// change_size(qword_00000008.8, 4) -> dword_00000008.4
2928 /// change_size(xdu.8(op.4), 4) -> op.4
2929 /// change_size(#0x12345678.4, 1) -> #0x78.1
2930 /// \param nsize new operand size
2931 /// \param sideff may modify the database because of the size change?
2932 /// \return success
2933 bool hexapi change_size(int nsize, side_effect_t sideff=WITH_SIDEFF);
2934 bool double_size(side_effect_t sideff=WITH_SIDEFF) { return change_size(size*2, sideff); }
2935
2936 /// Move subinstructions with side effects out of the operand.
2937 /// If we decide to delete an instruction operand, it is a good idea to
2938 /// call this function. Alternatively we should skip such operands
2939 /// by calling mop_t::has_side_effects()
2940 /// For example, if we transform: jnz x, x, @blk => goto @blk
2941 /// then we must call this function before deleting the X operands.
2942 /// \param blk current block
2943 /// \param top top level instruction that contains our operand
2944 /// \param moved_calls pointer to the boolean that will track if all side
2945 /// effects get handled correctly. must be false initially.
2946 /// \return false failed to preserve a side effect, it is not safe to
2947 /// delete the operand
2948 /// true no side effects or successfully preserved them
2949 bool hexapi preserve_side_effects(
2950 mblock_t *blk,
2951 minsn_t *top,
2952 bool *moved_calls=nullptr);
2953
2954 /// Apply a unary opcode to the operand.
2955 /// \param mcode opcode to apply. it must accept 'l' and 'd' operands
2956 /// but not 'r'. examples: m_low/m_high/m_xds/m_xdu
2957 /// \param ea value of minsn_t::ea for the newly created insruction
2958 /// \param newsize new operand size
2959 /// Example: apply_ld_mcode(m_low) will convert op => low(op)
2960 void hexapi apply_ld_mcode(mcode_t mcode, ea_t ea, int newsize);
2961 void apply_xdu(ea_t ea, int newsize) { apply_ld_mcode(m_xdu, ea, newsize); }
2962 void apply_xds(ea_t ea, int newsize) { apply_ld_mcode(m_xds, ea, newsize); }
2963};
2964DECLARE_TYPE_AS_MOVABLE(mop_t);
2965
2966/// Pair of operands
2967class mop_pair_t
2968{
2969public:
2970 mop_t lop; ///< low operand
2971 mop_t hop; ///< high operand
2972 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
2973};
2974
2975/// Address of an operand (mop_l, mop_v, mop_S, mop_r)
2976class mop_addr_t : public mop_t
2977{
2978public:
2979 int insize; // how many bytes of the pointed operand can be read
2980 int outsize; // how many bytes of the pointed operand can be written
2981
2982 mop_addr_t(): insize(NOSIZE), outsize(NOSIZE) {}
2983 mop_addr_t(const mop_addr_t &ra)
2984 : mop_t(ra), insize(ra.insize), outsize(ra.outsize) {}
2985 mop_addr_t(const mop_t &ra, int isz, int osz)
2986 : mop_t(ra), insize(isz), outsize(osz) {}
2987
2988 mop_addr_t &operator=(const mop_addr_t &rop)
2989 {
2990 *(mop_t *)this = mop_t(rop);
2991 insize = rop.insize;
2992 outsize = rop.outsize;
2993 return *this;
2994 }
2995 int lexcompare(const mop_addr_t &ra) const
2996 {
2997 int code = mop_t::lexcompare(ra);
2998 return code != 0 ? code
2999 : insize != ra.insize ? (insize-ra.insize)
3000 : outsize != ra.outsize ? (outsize-ra.outsize)
3001 : 0;
3002 }
3003};
3004
3005/// A call argument
3006class mcallarg_t : public mop_t // #callarg
3007{
3008public:
3009 ea_t ea = BADADDR; ///< address where the argument was initialized.
3010 ///< BADADDR means unknown.
3011 tinfo_t type; ///< formal argument type
3012 qstring name; ///< formal argument name
3013 argloc_t argloc; ///< ida argloc
3014 uint32 flags = 0; ///< FAI_...
3015
3016 mcallarg_t() {}
3017 mcallarg_t(const mop_t &rarg) : mop_t(rarg) {}
3018 void copy_mop(const mop_t &op) { *(mop_t *)this = op; }
3019 void hexapi print(qstring *vout, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
3020 const char *hexapi dstr() const;
3021 void hexapi set_regarg(mreg_t mr, int sz, const tinfo_t &tif);
3022 void set_regarg(mreg_t mr, const tinfo_t &tif)
3023 {
3024 set_regarg(mr, tif.get_size(), tif);
3025 }
3026 void set_regarg(mreg_t mr, char dt, type_sign_t sign = type_unsigned)
3027 {
3028 int sz = get_dtype_size(dt);
3029 set_regarg(mr, sz, get_int_type_by_width_and_sign(sz, sign));
3030 }
3031 void make_int(int val, ea_t val_ea, int opno = 0)
3032 {
3033 type = tinfo_t(BTF_INT);
3034 make_number(val, inf_get_cc_size_i(), val_ea, opno);
3035 }
3036 void make_uint(int val, ea_t val_ea, int opno = 0)
3037 {
3038 type = tinfo_t(BTF_UINT);
3039 make_number(val, inf_get_cc_size_i(), val_ea, opno);
3040 }
3041};
3042DECLARE_TYPE_AS_MOVABLE(mcallarg_t);
3043typedef qvector<mcallarg_t> mcallargs_t;
3044
3045/// Function roles.
3046/// They are used to calculate use/def lists and to recognize functions
3047/// without using string comparisons.
3048enum funcrole_t
3049{
3050 ROLE_UNK, ///< unknown function role
3051 ROLE_EMPTY, ///< empty, does not do anything (maybe spoils regs)
3052 ROLE_MEMSET, ///< memset(void *dst, uchar value, size_t count);
3053 ROLE_MEMSET32, ///< memset32(void *dst, uint32 value, size_t count);
3054 ROLE_MEMSET64, ///< memset64(void *dst, uint64 value, size_t count);
3055 ROLE_MEMCPY, ///< memcpy(void *dst, const void *src, size_t count);
3056 ROLE_STRCPY, ///< strcpy(char *dst, const char *src);
3057 ROLE_STRLEN, ///< strlen(const char *src);
3058 ROLE_STRCAT, ///< strcat(char *dst, const char *src);
3059 ROLE_TAIL, ///< char *tail(const char *str);
3060 ROLE_BUG, ///< BUG() helper macro: never returns, causes exception
3061 ROLE_ALLOCA, ///< alloca() function
3062 ROLE_BSWAP, ///< bswap() function (any size)
3063 ROLE_PRESENT, ///< present() function (used in patterns)
3064 ROLE_CONTAINING_RECORD, ///< CONTAINING_RECORD() macro
3065 ROLE_FASTFAIL, ///< __fastfail()
3066 ROLE_READFLAGS, ///< __readeflags, __readcallersflags
3067 ROLE_IS_MUL_OK, ///< is_mul_ok
3068 ROLE_SATURATED_MUL, ///< saturated_mul
3069 ROLE_BITTEST, ///< [lock] bt
3070 ROLE_BITTESTANDSET, ///< [lock] bts
3071 ROLE_BITTESTANDRESET, ///< [lock] btr
3072 ROLE_BITTESTANDCOMPLEMENT, ///< [lock] btc
3073 ROLE_VA_ARG, ///< va_arg() macro
3074 ROLE_VA_COPY, ///< va_copy() function
3075 ROLE_VA_START, ///< va_start() function
3076 ROLE_VA_END, ///< va_end() function
3077 ROLE_ROL, ///< rotate left
3078 ROLE_ROR, ///< rotate right
3079 ROLE_CFSUB3, ///< carry flag after subtract with carry
3080 ROLE_OFSUB3, ///< overflow flag after subtract with carry
3081 ROLE_ABS, ///< integer absolute value
3082 ROLE_3WAYCMP0, ///< 3-way compare helper, returns -1/0/1
3083 ROLE_3WAYCMP1, ///< 3-way compare helper, returns 0/1/2
3084 ROLE_WMEMCPY, ///< wchar_t *wmemcpy(wchar_t *dst, const wchar_t *src, size_t n)
3085 ROLE_WMEMSET, ///< wchar_t *wmemset(wchar_t *dst, wchar_t wc, size_t n)
3086 ROLE_WCSCPY, ///< wchar_t *wcscpy(wchar_t *dst, const wchar_t *src);
3087 ROLE_WCSLEN, ///< size_t wcslen(const wchar_t *s)
3088 ROLE_WCSCAT, ///< wchar_t *wcscat(wchar_t *dst, const wchar_t *src)
3089 ROLE_SSE_CMP4, ///< e.g. _mm_cmpgt_ss
3090 ROLE_SSE_CMP8, ///< e.g. _mm_cmpgt_sd
3091};
3092
3093/// \defgroup FUNC_NAME_ Well known function names
3094//@{
3095#define FUNC_NAME_MEMCPY "memcpy"
3096#define FUNC_NAME_WMEMCPY "wmemcpy"
3097#define FUNC_NAME_MEMSET "memset"
3098#define FUNC_NAME_WMEMSET "wmemset"
3099#define FUNC_NAME_MEMSET32 "memset32"
3100#define FUNC_NAME_MEMSET64 "memset64"
3101#define FUNC_NAME_STRCPY "strcpy"
3102#define FUNC_NAME_WCSCPY "wcscpy"
3103#define FUNC_NAME_STRLEN "strlen"
3104#define FUNC_NAME_WCSLEN "wcslen"
3105#define FUNC_NAME_STRCAT "strcat"
3106#define FUNC_NAME_WCSCAT "wcscat"
3107#define FUNC_NAME_TAIL "tail"
3108#define FUNC_NAME_VA_ARG "va_arg"
3109#define FUNC_NAME_EMPTY "$empty"
3110#define FUNC_NAME_PRESENT "$present"
3111#define FUNC_NAME_CONTAINING_RECORD "CONTAINING_RECORD"
3112//@}
3113
3114
3115// the default 256 function arguments is too big, we use a lower value
3116#undef MAX_FUNC_ARGS
3117#define MAX_FUNC_ARGS 64
3118
3119/// Information about a call
3120class mcallinfo_t // #callinfo
3121{
3122public:
3123 ea_t callee; ///< address of the called function, if known
3124 int solid_args; ///< number of solid args.
3125 ///< there may be variadic args in addtion
3126 int call_spd; ///< sp value at call insn
3127 int stkargs_top; ///< first offset past stack arguments
3128 cm_t cc; ///< calling convention
3129 mcallargs_t args; ///< call arguments
3130 mopvec_t retregs; ///< return register(s) (e.g., AX, AX:DX, etc.)
3131 ///< this vector is built from return_regs
3132 tinfo_t return_type; ///< type of the returned value
3133 argloc_t return_argloc; ///< location of the returned value
3134
3135 mlist_t return_regs; ///< list of values returned by the function
3136 mlist_t spoiled; ///< list of spoiled locations (includes return_regs)
3137 mlist_t pass_regs; ///< passthrough registers: registers that depend on input
3138 ///< values (subset of spoiled)
3139 ivlset_t visible_memory; ///< what memory is visible to the call?
3140 mlist_t dead_regs; ///< registers defined by the function but never used.
3141 ///< upon propagation we do the following:
3142 ///< - dead_regs += return_regs
3143 ///< - retregs.clear() since the call is propagated
3144 int flags; ///< combination of \ref FCI_... bits
3145/// \defgroup FCI_ Call properties
3146//@{
3147#define FCI_PROP 0x001 ///< call has been propagated
3148#define FCI_DEAD 0x002 ///< some return registers were determined dead
3149#define FCI_FINAL 0x004 ///< call type is final, should not be changed
3150#define FCI_NORET 0x008 ///< call does not return
3151#define FCI_PURE 0x010 ///< pure function
3152#define FCI_NOSIDE 0x020 ///< call does not have side effects
3153#define FCI_SPLOK 0x040 ///< spoiled/visible_memory lists have been
3154 ///< optimized. for some functions we can reduce them
3155 ///< as soon as information about the arguments becomes
3156 ///< available. in order not to try optimize them again
3157 ///< we use this bit.
3158#define FCI_HASCALL 0x080 ///< A function is an synthetic helper combined
3159 ///< from several instructions and at least one
3160 ///< of them was a call to a real functions
3161#define FCI_HASFMT 0x100 ///< A variadic function with recognized
3162 ///< printf- or scanf-style format string
3163#define FCI_EXPLOCS 0x400 ///< all arglocs are specified explicitly
3164//@}
3165 funcrole_t role; ///< function role
3166 type_attrs_t fti_attrs; ///< extended function attributes
3167
3168 mcallinfo_t(ea_t _callee=BADADDR, int _sargs=0)
3169 : callee(_callee), solid_args(_sargs), call_spd(0), stkargs_top(0),
3170 cc(CM_CC_INVALID), flags(0), role(ROLE_UNK) {}
3171 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
3172 int hexapi lexcompare(const mcallinfo_t &f) const;
3173 bool hexapi set_type(const tinfo_t &type);
3174 tinfo_t hexapi get_type(void) const;
3175 bool is_vararg(void) const { return is_vararg_cc(cc); }
3176 void hexapi print(qstring *vout, int size=-1, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
3177 const char *hexapi dstr() const;
3178};
3179
3180/// List of switch cases and targets
3181class mcases_t // #cases
3182{
3183public:
3184 casevec_t values; ///< expression values for each target
3185 intvec_t targets; ///< target block numbers
3186
3187 void swap(mcases_t &r) { values.swap(r.values); targets.swap(r.targets); }
3188 DECLARE_COMPARISONS(mcases_t);
3189 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
3190 bool empty(void) const { return targets.empty(); }
3191 size_t size(void) const { return targets.size(); }
3192 void resize(int s) { values.resize(s); targets.resize(s); }
3193 void hexapi print(qstring *vout) const;
3194 const char *hexapi dstr() const;
3195};
3196
3197//-------------------------------------------------------------------------
3198/// Value offset (microregister number or stack offset)
3199struct voff_t
3200{
3201 sval_t off; ///< register number or stack offset
3202 mopt_t type; ///< mop_r - register, mop_S - stack, mop_z - undefined
3203
3204 voff_t() : off(-1), type(mop_z) {}
3205 voff_t(mopt_t _type, sval_t _off) : off(_off), type(_type) {}
3206 voff_t(const mop_t &op) : off(-1), type(mop_z)
3207 {
3208 if ( op.is_reg() || op.t == mop_S )
3209 set(op.t, op.is_reg() ? op.r : op.s->off);
3210 }
3211
3212 void set(mopt_t _type, sval_t _off) { type = _type; off = _off; }
3213 void set_stkoff(sval_t stkoff) { set(mop_S, stkoff); }
3214 void set_reg(mreg_t mreg) { set(mop_r, mreg); }
3215 void undef() { set(mop_z, -1); }
3216
3217 bool defined() const { return type != mop_z; }
3218 bool is_reg() const { return type == mop_r; }
3219 bool is_stkoff() const { return type == mop_S; }
3220 mreg_t get_reg() const { QASSERT(51892, is_reg()); return off; }
3221 sval_t get_stkoff() const { QASSERT(51893, is_stkoff()); return off; }
3222
3223 void inc(sval_t delta) { off += delta; }
3224 voff_t add(int width) const { return voff_t(type, off+width); }
3225 sval_t diff(const voff_t &r) const { QASSERT(51894, type == r.type); return off - r.off; }
3226
3227 DECLARE_COMPARISONS(voff_t)
3228 {
3229 int code = ::compare(type, r.type);
3230 return code != 0 ? code : ::compare(off, r.off);
3231 }
3232};
3233
3234//-------------------------------------------------------------------------
3235/// Value interval (register or stack range)
3236struct vivl_t : voff_t
3237{
3238 int size; ///< Interval size in bytes
3239
3240 vivl_t(mopt_t _type = mop_z, sval_t _off = -1, int _size = 0)
3241 : voff_t(_type, _off), size(_size) {}
3242 vivl_t(const class chain_t &ch);
3243 vivl_t(const mop_t &op) : voff_t(op), size(op.size) {}
3244
3245 // Make a value interval
3246 void set(mopt_t _type, sval_t _off, int _size = 0)
3247 { voff_t::set(_type, _off); size = _size; }
3248 void set(const voff_t &voff, int _size)
3249 { set(voff.type, voff.off, _size); }
3250 void set_stkoff(sval_t stkoff, int sz = 0) { set(mop_S, stkoff, sz); }
3251 void set_reg (mreg_t mreg, int sz = 0) { set(mop_r, mreg, sz); }
3252
3253 /// Extend a value interval using another value interval of the same type
3254 /// \return success
3255 bool hexapi extend_to_cover(const vivl_t &r);
3256
3257 /// Intersect value intervals the same type
3258 /// \return size of the resulting intersection
3259 uval_t hexapi intersect(const vivl_t &r);
3260
3261 /// Do two value intervals overlap?
3262 bool overlap(const vivl_t &r) const
3263 {
3264 return type == r.type
3265 && interval::overlap(off, size, r.off, r.size);
3266 }
3267 /// Does our value interval include another?
3268 bool includes(const vivl_t &r) const
3269 {
3270 return type == r.type
3271 && interval::includes(off, size, r.off, r.size);
3272 }
3273
3274 /// Does our value interval contain the specified value offset?
3275 bool contains(const voff_t &voff2) const
3276 {
3277 return type == voff2.type
3278 && interval::contains(off, size, voff2.off);
3279 }
3280
3281 // Comparisons
3282 DECLARE_COMPARISONS(vivl_t)
3283 {
3284 int code = voff_t::compare(r);
3285 return code; //return code != 0 ? code : ::compare(size, r.size);
3286 }
3287 bool operator==(const mop_t &mop) const
3288 {
3289 return type == mop.t && off == (mop.is_reg() ? mop.r : mop.s->off);
3290 }
3291 void hexapi print(qstring *vout) const;
3292 const char *hexapi dstr() const;
3293};
3294
3295//-------------------------------------------------------------------------
3296/// ud (use->def) and du (def->use) chain.
3297/// We store in chains only the block numbers, not individual instructions
3298/// See https://en.wikipedia.org/wiki/Use-define_chain
3299class chain_t : public intvec_t // sequence of block numbers
3300{
3301 voff_t k; ///< Value offset of the chain.
3302 ///< (what variable is this chain about)
3303
3304public:
3305 int width; ///< size of the value in bytes
3306 int varnum; ///< allocated variable index (-1 - not allocated yet)
3307 uchar flags; ///< combination \ref CHF_ bits
3308/// \defgroup CHF_ Chain properties
3309//@{
3310#define CHF_INITED 0x01 ///< is chain initialized? (valid only after lvar allocation)
3311#define CHF_REPLACED 0x02 ///< chain operands have been replaced?
3312#define CHF_OVER 0x04 ///< overlapped chain
3313#define CHF_FAKE 0x08 ///< fake chain created by widen_chains()
3314#define CHF_PASSTHRU 0x10 ///< pass-thru chain, must use the input variable to the block
3315#define CHF_TERM 0x20 ///< terminating chain; the variable does not survive across the block
3316//@}
3317 chain_t() : width(0), varnum(-1), flags(CHF_INITED) {}
3318 chain_t(mopt_t t, sval_t off, int w=1, int v=-1)
3319 : k(t, off), width(w), varnum(v), flags(CHF_INITED) {}
3320 chain_t(const voff_t &_k, int w=1)
3321 : k(_k), width(w), varnum(-1), flags(CHF_INITED) {}
3322 void set_value(const chain_t &r)
3323 { width = r.width; varnum = r.varnum; flags = r.flags; *(intvec_t *)this = (intvec_t &)r; }
3324 const voff_t &key() const { return k; }
3325 bool is_inited(void) const { return (flags & CHF_INITED) != 0; }
3326 bool is_reg(void) const { return k.is_reg(); }
3327 bool is_stkoff(void) const { return k.is_stkoff(); }
3328 bool is_replaced(void) const { return (flags & CHF_REPLACED) != 0; }
3329 bool is_overlapped(void) const { return (flags & CHF_OVER) != 0; }
3330 bool is_fake(void) const { return (flags & CHF_FAKE) != 0; }
3331 bool is_passreg(void) const { return (flags & CHF_PASSTHRU) != 0; }
3332 bool is_term(void) const { return (flags & CHF_TERM) != 0; }
3333 void set_inited(bool b) { setflag(flags, CHF_INITED, b); }
3334 void set_replaced(bool b) { setflag(flags, CHF_REPLACED, b); }
3335 void set_overlapped(bool b) { setflag(flags, CHF_OVER, b); }
3336 void set_term(bool b) { setflag(flags, CHF_TERM, b); }
3337 mreg_t get_reg() const { return k.get_reg(); }
3338 sval_t get_stkoff() const { return k.get_stkoff(); }
3339 bool overlap(const chain_t &r) const
3340 { return k.type == r.k.type && interval::overlap(k.off, width, r.k.off, r.width); }
3341 bool includes(const chain_t &r) const
3342 { return k.type == r.k.type && interval::includes(k.off, width, r.k.off, r.width); }
3343 const voff_t endoff() const { return k.add(width); }
3344
3345 bool operator<(const chain_t &r) const { return key() < r.key(); }
3346
3347 void hexapi print(qstring *vout) const;
3348 const char *hexapi dstr() const;
3349 /// Append the contents of the chain to the specified list of locations.
3350 void hexapi append_list(const mba_t *mba, mlist_t *list) const;
3351 void clear_varnum(void) { varnum = -1; set_replaced(false); }
3352};
3353
3354//-------------------------------------------------------------------------
3355#if defined(__NT__)
3356# ifdef _DEBUG
3357# define SIZEOF_BLOCK_CHAINS 32
3358#else
3359# define SIZEOF_BLOCK_CHAINS 24
3360# endif
3361#elif defined(__MAC__)
3362# define SIZEOF_BLOCK_CHAINS 32
3363#else
3364# define SIZEOF_BLOCK_CHAINS 56
3365#endif
3366
3367/// Chains of one block.
3368/// Please note that this class is based on std::set and it must be accessed
3369/// using the block_chains_begin(), block_chains_find() and similar functions.
3370/// This is required because different compilers use different implementations
3371/// of std::set. However, since the size of std::set depends on the compilation
3372/// options, we replace it with a byte array.
3373class block_chains_t
3374{
3375 size_t body[SIZEOF_BLOCK_CHAINS/sizeof(size_t)]; // opaque std::set, uncopyable
3376public:
3377 /// Get chain for the specified register
3378 /// \param reg register number
3379 /// \param width size of register in bytes
3380 const chain_t *get_reg_chain(mreg_t reg, int width=1) const
3381 { return get_chain((chain_t(mop_r, reg, width))); }
3382 chain_t *get_reg_chain(mreg_t reg, int width=1)
3383 { return get_chain((chain_t(mop_r, reg, width))); }
3384
3385 /// Get chain for the specified stack offset
3386 /// \param off stack offset
3387 /// \param width size of stack value in bytes
3388 const chain_t *get_stk_chain(sval_t off, int width=1) const
3389 { return get_chain(chain_t(mop_S, off, width)); }
3390 chain_t *get_stk_chain(sval_t off, int width=1)
3391 { return get_chain(chain_t(mop_S, off, width)); }
3392
3393 /// Get chain for the specified value offset.
3394 /// \param k value offset (register number or stack offset)
3395 /// \param width size of value in bytes
3396 const chain_t *get_chain(const voff_t &k, int width=1) const
3397 { return get_chain(chain_t(k, width)); }
3398 chain_t *get_chain(const voff_t &k, int width=1)
3399 { return (chain_t*)((const block_chains_t *)this)->get_chain(k, width); }
3400
3401 /// Get chain similar to the specified chain
3402 /// \param ch chain to search for. only its 'k' and 'width' are used.
3403 const chain_t *hexapi get_chain(const chain_t &ch) const;
3404 chain_t *get_chain(const chain_t &ch)
3405 { return (chain_t*)((const block_chains_t *)this)->get_chain(ch); }
3406
3407 void hexapi print(qstring *vout) const;
3408 const char *hexapi dstr() const;
3409 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
3410};
3411//-------------------------------------------------------------------------
3412/// Chain visitor class
3413struct chain_visitor_t
3414{
3415 block_chains_t *parent; ///< parent of the current chain
3416 chain_visitor_t(void) : parent(nullptr) {}
3417 virtual int idaapi visit_chain(int nblock, chain_t &ch) = 0;
3418};
3419
3420//-------------------------------------------------------------------------
3421/// Graph chains.
3422/// This class represents all ud and du chains of the decompiled function
3423typedef qvector<block_chains_t> block_chains_vec_t;
3424class graph_chains_t : public block_chains_vec_t
3425{
3426 int lock; ///< are chained locked? (in-use)
3427public:
3428 graph_chains_t(void) : lock(0) {}
3429 ~graph_chains_t(void) { QASSERT(50444, !lock); }
3430 /// Visit all chains
3431 /// \param cv chain visitor
3432 /// \param gca_flags combination of GCA_ bits
3433 int hexapi for_all_chains(chain_visitor_t &cv, int gca_flags);
3434 /// \defgroup GCA_ chain visitor flags
3435 //@{
3436#define GCA_EMPTY 0x01 ///< include empty chains
3437#define GCA_SPEC 0x02 ///< include chains for special registers
3438#define GCA_ALLOC 0x04 ///< enumerate only allocated chains
3439#define GCA_NALLOC 0x08 ///< enumerate only non-allocated chains
3440#define GCA_OFIRST 0x10 ///< consider only chains of the first block
3441#define GCA_OLAST 0x20 ///< consider only chains of the last block
3442 //@}
3443 /// Are the chains locked?
3444 /// It is a good idea to lock the chains before using them. This ensures
3445 /// that they won't be recalculated and reallocated during the use.
3446 /// See the \ref chain_keeper_t class for that.
3447 bool is_locked(void) const { return lock != 0; }
3448 /// Lock the chains
3449 void acquire(void) { lock++; }
3450 /// Unlock the chains
3451 void hexapi release(void);
3452 void swap(graph_chains_t &r)
3453 {
3454 qvector<block_chains_t>::swap(r);
3455 std::swap(lock, r.lock);
3456 }
3457};
3458//-------------------------------------------------------------------------
3459/// Microinstruction class #insn
3460class minsn_t
3461{
3462 void hexapi init(ea_t _ea);
3463 void hexapi copy(const minsn_t &m);
3464public:
3465 mcode_t opcode; ///< instruction opcode
3466 int iprops; ///< combination of \ref IPROP_ bits
3467 minsn_t *next; ///< next insn in doubly linked list. check also nexti()
3468 minsn_t *prev; ///< prev insn in doubly linked list. check also previ()
3469 ea_t ea; ///< instruction address
3470 mop_t l; ///< left operand
3471 mop_t r; ///< right operand
3472 mop_t d; ///< destination operand
3473
3474 /// \defgroup IPROP_ instruction property bits
3475 //@{
3476 // bits to be used in patterns:
3477#define IPROP_OPTIONAL 0x0001 ///< optional instruction
3478#define IPROP_PERSIST 0x0002 ///< persistent insn; they are not destroyed
3479#define IPROP_WILDMATCH 0x0004 ///< match multiple insns
3480
3481 // instruction attributes:
3482#define IPROP_CLNPOP 0x0008 ///< the purpose of the instruction is to clean stack
3483 ///< (e.g. "pop ecx" is often used for that)
3484#define IPROP_FPINSN 0x0010 ///< floating point insn
3485#define IPROP_FARCALL 0x0020 ///< call of a far function using push cs/call sequence
3486#define IPROP_TAILCALL 0x0040 ///< tail call
3487#define IPROP_ASSERT 0x0080 ///< assertion: usually mov #val, op.
3488 ///< assertions are used to help the optimizer.
3489 ///< assertions are ignored when generating ctree
3490
3491 // instruction history:
3492#define IPROP_SPLIT 0x0700 ///< the instruction has been split:
3493#define IPROP_SPLIT1 0x0100 ///< into 1 byte
3494#define IPROP_SPLIT2 0x0200 ///< into 2 bytes
3495#define IPROP_SPLIT4 0x0300 ///< into 4 bytes
3496#define IPROP_SPLIT8 0x0400 ///< into 8 bytes
3497#define IPROP_COMBINED 0x0800 ///< insn has been modified because of a partial reference
3498#define IPROP_EXTSTX 0x1000 ///< this is m_ext propagated into m_stx
3499#define IPROP_IGNLOWSRC 0x2000 ///< low part of the instruction source operand
3500 ///< has been created artificially
3501 ///< (this bit is used only for 'and x, 80...')
3502#define IPROP_INV_JX 0x4000 ///< inverted conditional jump
3503#define IPROP_WAS_NORET 0x8000 ///< was noret icall
3504#define IPROP_MULTI_MOV 0x10000 ///< the minsn was generated as part of insn that moves multiple registers
3505 ///< (example: STM on ARM may transfer multiple registers)
3506
3507 ///< bits that can be set by plugins:
3508#define IPROP_DONT_PROP 0x20000 ///< may not propagate
3509#define IPROP_DONT_COMB 0x40000 ///< may not combine this instruction with others
3510#define IPROP_MBARRIER 0x80000 ///< this instruction acts as a memory barrier
3511 ///< (instructions accessing memory may not be reordered past it)
3512#define IPROP_UNMERGED 0x100000 ///< 'goto' instruction was transformed info 'call'
3513 //@}
3514
3515 bool is_optional(void) const { return (iprops & IPROP_OPTIONAL) != 0; }
3516 bool is_combined(void) const { return (iprops & IPROP_COMBINED) != 0; }
3517 bool is_farcall(void) const { return (iprops & IPROP_FARCALL) != 0; }
3518 bool is_cleaning_pop(void) const { return (iprops & IPROP_CLNPOP) != 0; }
3519 bool is_extstx(void) const { return (iprops & IPROP_EXTSTX) != 0; }
3520 bool is_tailcall(void) const { return (iprops & IPROP_TAILCALL) != 0; }
3521 bool is_fpinsn(void) const { return (iprops & IPROP_FPINSN) != 0; }
3522 bool is_assert(void) const { return (iprops & IPROP_ASSERT) != 0; }
3523 bool is_persistent(void) const { return (iprops & IPROP_PERSIST) != 0; }
3524 bool is_wild_match(void) const { return (iprops & IPROP_WILDMATCH) != 0; }
3525 bool is_propagatable(void) const { return (iprops & IPROP_DONT_PROP) == 0; }
3526 bool is_ignlowsrc(void) const { return (iprops & IPROP_IGNLOWSRC) != 0; }
3527 bool is_inverted_jx(void) const { return (iprops & IPROP_INV_JX) != 0; }
3528 bool was_noret_icall(void) const { return (iprops & IPROP_WAS_NORET) != 0; }
3529 bool is_multimov(void) const { return (iprops & IPROP_MULTI_MOV) != 0; }
3530 bool is_combinable(void) const { return (iprops & IPROP_DONT_COMB) == 0; }
3531 bool was_split(void) const { return (iprops & IPROP_SPLIT) != 0; }
3532 bool is_mbarrier(void) const { return (iprops & IPROP_MBARRIER) != 0; }
3533 bool was_unmerged(void) const { return (iprops & IPROP_UNMERGED) != 0; }
3534
3535 void set_optional(void) { iprops |= IPROP_OPTIONAL; }
3536 void hexapi set_combined(void);
3537 void clr_combined(void) { iprops &= ~IPROP_COMBINED; }
3538 void set_farcall(void) { iprops |= IPROP_FARCALL; }
3539 void set_cleaning_pop(void) { iprops |= IPROP_CLNPOP; }
3540 void set_extstx(void) { iprops |= IPROP_EXTSTX; }
3541 void set_tailcall(void) { iprops |= IPROP_TAILCALL; }
3542 void clr_tailcall(void) { iprops &= ~IPROP_TAILCALL; }
3543 void set_fpinsn(void) { iprops |= IPROP_FPINSN; }
3544 void clr_fpinsn(void) { iprops &= ~IPROP_FPINSN; }
3545 void set_assert(void) { iprops |= IPROP_ASSERT; }
3546 void clr_assert(void) { iprops &= ~IPROP_ASSERT; }
3547 void set_persistent(void) { iprops |= IPROP_PERSIST; }
3548 void set_wild_match(void) { iprops |= IPROP_WILDMATCH; }
3549 void clr_propagatable(void) { iprops |= IPROP_DONT_PROP; }
3550 void set_ignlowsrc(void) { iprops |= IPROP_IGNLOWSRC; }
3551 void clr_ignlowsrc(void) { iprops &= ~IPROP_IGNLOWSRC; }
3552 void set_inverted_jx(void) { iprops |= IPROP_INV_JX; }
3553 void set_noret_icall(void) { iprops |= IPROP_WAS_NORET; }
3554 void clr_noret_icall(void) { iprops &= ~IPROP_WAS_NORET; }
3555 void set_multimov(void) { iprops |= IPROP_MULTI_MOV; }
3556 void clr_multimov(void) { iprops &= ~IPROP_MULTI_MOV; }
3557 void set_combinable(void) { iprops &= ~IPROP_DONT_COMB; }
3558 void clr_combinable(void) { iprops |= IPROP_DONT_COMB; }
3559 void set_mbarrier(void) { iprops |= IPROP_MBARRIER; }
3560 void set_unmerged(void) { iprops |= IPROP_UNMERGED; }
3561 void set_split_size(int s)
3562 { // s may be only 1,2,4,8. other values are ignored
3563 iprops &= ~IPROP_SPLIT;
3564 iprops |= (s == 1 ? IPROP_SPLIT1
3565 : s == 2 ? IPROP_SPLIT2
3566 : s == 4 ? IPROP_SPLIT4
3567 : s == 8 ? IPROP_SPLIT8 : 0);
3568 }
3569 int get_split_size(void) const
3570 {
3571 int cnt = (iprops & IPROP_SPLIT) >> 8;
3572 return cnt == 0 ? 0 : 1 << (cnt-1);
3573 }
3574
3575 /// Constructor
3576 minsn_t(ea_t _ea) { init(_ea); }
3577 minsn_t(const minsn_t &m) { next = prev = nullptr; copy(m); } //-V1077 uninitialized: opcode, iprops, ea
3578 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
3579
3580 /// Assignment operator. It does not copy prev/next fields.
3581 minsn_t &operator=(const minsn_t &m) { copy(m); return *this; }
3582
3583 /// Swap two instructions.
3584 /// The prev/next fields are not modified by this function
3585 /// because it would corrupt the doubly linked list.
3586 void hexapi swap(minsn_t &m);
3587
3588 /// Generate insn text into the buffer
3589 void hexapi print(qstring *vout, int shins_flags=SHINS_SHORT|SHINS_VALNUM) const;
3590
3591 /// Get displayable text without tags in a static buffer
3592 const char *hexapi dstr() const;
3593
3594 /// Change the instruction address.
3595 /// This function modifies subinstructions as well.
3596 void hexapi setaddr(ea_t new_ea);
3597
3598 /// Optimize one instruction without context.
3599 /// This function does not have access to the instruction context (the
3600 /// previous and next instructions in the list, the block number, etc).
3601 /// It performs only basic optimizations that are available without this info.
3602 /// \param optflags combination of \ref OPTI_ bits
3603 /// \return number of changes, 0-unchanged
3604 /// See also mblock_t::optimize_insn()
3605 int optimize_solo(int optflags=0) { return optimize_subtree(nullptr, nullptr, nullptr, nullptr, optflags); }
3606 /// \defgroup OPTI_ optimization flags
3607 //@{
3608#define OPTI_ADDREXPRS 0x0001 ///< optimize all address expressions (&x+N; &x-&y)
3609#define OPTI_MINSTKREF 0x0002 ///< may update minstkref
3610#define OPTI_COMBINSNS 0x0004 ///< may combine insns (only for optimize_insn)
3611#define OPTI_NO_LDXOPT 0x0008 ///< the function is called after the
3612 ///< propagation attempt, we do not optimize
3613 ///< low/high(ldx) in this case
3614 //@}
3615
3616 /// Optimize instruction in its context.
3617 /// Do not use this function, use mblock_t::optimize()
3618 int hexapi optimize_subtree(
3619 mblock_t *blk,
3620 minsn_t *top,
3621 minsn_t *parent,
3622 ea_t *converted_call,
3623 int optflags=OPTI_MINSTKREF);
3624
3625 /// Visit all instruction operands.
3626 /// This function visits subinstruction operands as well.
3627 /// \param mv operand visitor
3628 /// \return non-zero value returned by mv.visit_mop() or zero
3629 int hexapi for_all_ops(mop_visitor_t &mv);
3630
3631 /// Visit all instructions.
3632 /// This function visits the instruction itself and all its subinstructions.
3633 /// \param mv instruction visitor
3634 /// \return non-zero value returned by mv.visit_mop() or zero
3635 int hexapi for_all_insns(minsn_visitor_t &mv);
3636
3637 /// Convert instruction to nop.
3638 /// This function erases all info but the prev/next fields.
3639 /// In most cases it is better to use mblock_t::make_nop(), which also
3640 /// marks the block lists as dirty.
3641 void hexapi _make_nop(void);
3642
3643 /// Compare instructions.
3644 /// This is the main comparison function for instructions.
3645 /// \param m instruction to compare with
3646 /// \param eqflags combination of \ref EQ_ bits
3647 bool hexapi equal_insns(const minsn_t &m, int eqflags) const; // intelligent comparison
3648 /// \defgroup EQ_ comparison bits
3649 //@{
3650#define EQ_IGNSIZE 0x0001 ///< ignore source operand sizes
3651#define EQ_IGNCODE 0x0002 ///< ignore instruction opcodes
3652#define EQ_CMPDEST 0x0004 ///< compare instruction destinations
3653#define EQ_OPTINSN 0x0008 ///< optimize mop_d operands
3654 //@}
3655
3656 /// Lexographical comparison
3657 /// It can be used to store minsn_t in various containers, like std::set
3658 bool operator <(const minsn_t &ri) const { return lexcompare(ri) < 0; }
3659 int hexapi lexcompare(const minsn_t &ri) const;
3660
3661 //-----------------------------------------------------------------------
3662 // Call instructions
3663 //-----------------------------------------------------------------------
3664 /// Is a non-returing call?
3665 /// \param flags combination of NORET_... bits
3666 bool hexapi is_noret_call(int flags=0);
3667#define NORET_IGNORE_WAS_NORET_ICALL 0x01 // ignore was_noret_icall() bit
3668#define NORET_FORBID_ANALYSIS 0x02 // forbid additional analysis
3669
3670 /// Is an unknown call?
3671 /// Unknown calls are calls without the argument list (mcallinfo_t).
3672 /// Usually the argument lists are determined by mba_t::analyze_calls().
3673 /// Unknown calls exist until the MMAT_CALLS maturity level.
3674 /// See also \ref mblock_t::is_call_block
3675 bool is_unknown_call(void) const { return is_mcode_call(opcode) && d.empty(); }
3676
3677 /// Is a helper call with the specified name?
3678 /// Helper calls usually have well-known function names (see \ref FUNC_NAME_)
3679 /// but they may have any other name. The decompiler does not assume any
3680 /// special meaning for non-well-known names.
3681 bool hexapi is_helper(const char *name) const;
3682
3683 /// Find a call instruction.
3684 /// Check for the current instruction and its subinstructions.
3685 /// \param with_helpers consider helper calls as well?
3686 minsn_t *hexapi find_call(bool with_helpers=false) const;
3687
3688 /// Does the instruction contain a call?
3689 bool contains_call(bool with_helpers=false) const { return find_call(with_helpers) != nullptr; }
3690
3691 /// Does the instruction have a side effect?
3692 /// \param include_ldx_and_divs consider ldx/div/mod as having side effects?
3693 /// stx is always considered as having side effects.
3694 /// Apart from ldx/std only call may have side effects.
3695 bool hexapi has_side_effects(bool include_ldx_and_divs=false) const;
3696
3697 /// Get the function role of a call
3698 funcrole_t get_role(void) const { return d.is_arglist() ? d.f->role : ROLE_UNK; }
3699 bool is_memcpy(void) const { return get_role() == ROLE_MEMCPY; }
3700 bool is_memset(void) const { return get_role() == ROLE_MEMSET; }
3701 bool is_alloca(void) const { return get_role() == ROLE_ALLOCA; }
3702 bool is_bswap (void) const { return get_role() == ROLE_BSWAP; }
3703 bool is_readflags (void) const { return get_role() == ROLE_READFLAGS; }
3704
3705 //-----------------------------------------------------------------------
3706 // Misc
3707 //-----------------------------------------------------------------------
3708 /// Does the instruction have the specified opcode?
3709 /// This function searches subinstructions as well.
3710 /// \param mcode opcode to search for.
3711 bool contains_opcode(mcode_t mcode) const { return find_opcode(mcode) != nullptr; }
3712
3713 /// Find a (sub)insruction with the specified opcode.
3714 /// \param mcode opcode to search for.
3715 const minsn_t *find_opcode(mcode_t mcode) const { return (CONST_CAST(minsn_t*)(this))->find_opcode(mcode); }
3716 minsn_t *hexapi find_opcode(mcode_t mcode);
3717
3718 /// Find an operand that is a subinsruction with the specified opcode.
3719 /// This function checks only the 'l' and 'r' operands of the current insn.
3720 /// \param[out] other pointer to the other operand
3721 /// (&r if we return &l and vice versa)
3722 /// \param op opcode to search for
3723 /// \return &l or &r or nullptr
3724 const minsn_t *hexapi find_ins_op(const mop_t **other, mcode_t op=m_nop) const;
3725 minsn_t *find_ins_op(mop_t **other, mcode_t op=m_nop) { return CONST_CAST(minsn_t*)((CONST_CAST(const minsn_t*)(this))->find_ins_op((const mop_t**)other, op)); }
3726
3727 /// Find a numeric operand of the current instruction.
3728 /// This function checks only the 'l' and 'r' operands of the current insn.
3729 /// \param[out] other pointer to the other operand
3730 /// (&r if we return &l and vice versa)
3731 /// \return &l or &r or nullptr
3732 const mop_t *hexapi find_num_op(const mop_t **other) const;
3733 mop_t *find_num_op(mop_t **other) { return CONST_CAST(mop_t*)((CONST_CAST(const minsn_t*)(this))->find_num_op((const mop_t**)other)); }
3734
3735 bool is_mov(void) const { return opcode == m_mov || (opcode == m_f2f && l.size == d.size); }
3736 bool is_like_move(void) const { return is_mov() || is_mcode_xdsu(opcode) || opcode == m_low; }
3737
3738 /// Does the instruction modify its 'd' operand?
3739 /// Some instructions (e.g. m_stx) do not modify the 'd' operand.
3740 bool hexapi modifies_d(void) const;
3741 bool modifies_pair_mop(void) const { return d.t == mop_p && modifies_d(); }
3742
3743 /// Is the instruction in the specified range of instructions?
3744 /// \param m1 beginning of the range in the doubly linked list
3745 /// \param m2 end of the range in the doubly linked list (excluded, may be nullptr)
3746 /// This function assumes that m1 and m2 belong to the same basic block
3747 /// and they are top level instructions.
3748 bool hexapi is_between(const minsn_t *m1, const minsn_t *m2) const;
3749
3750 /// Is the instruction after the specified one?
3751 /// \param m the instruction to compare against in the list
3752 bool is_after(const minsn_t *m) const { return m != nullptr && is_between(m->next, nullptr); }
3753
3754 /// Is it possible for the instruction to use aliased memory?
3755 bool hexapi may_use_aliased_memory(void) const;
3756
3757 /// Serialize an instruction
3758 /// \param b the output buffer
3759 /// \return the serialization format that was used to store info
3760 int hexapi serialize(bytevec_t *b) const;
3761
3762 /// Deserialize an instruction
3763 /// \param bytes pointer to serialized data
3764 /// \param nbytes number of bytes to deserialize
3765 /// \param format_version serialization format version. this value is returned by minsn_t::serialize()
3766 /// \return success
3767 bool hexapi deserialize(const uchar *bytes, size_t nbytes, int format_version);
3768
3769};
3770
3771/// Skip assertions forward
3772const minsn_t *hexapi getf_reginsn(const minsn_t *ins);
3773/// Skip assertions backward
3774const minsn_t *hexapi getb_reginsn(const minsn_t *ins);
3775inline minsn_t *getf_reginsn(minsn_t *ins) { return CONST_CAST(minsn_t*)(getf_reginsn(CONST_CAST(const minsn_t *)(ins))); }
3776inline minsn_t *getb_reginsn(minsn_t *ins) { return CONST_CAST(minsn_t*)(getb_reginsn(CONST_CAST(const minsn_t *)(ins))); }
3777
3778//-------------------------------------------------------------------------
3779/// Basic block types
3780enum mblock_type_t
3781{
3782 BLT_NONE = 0, ///< unknown block type
3783 BLT_STOP = 1, ///< stops execution regularly (must be the last block)
3784 BLT_0WAY = 2, ///< does not have successors (tail is a noret function)
3785 BLT_1WAY = 3, ///< passes execution to one block (regular or goto block)
3786 BLT_2WAY = 4, ///< passes execution to two blocks (conditional jump)
3787 BLT_NWAY = 5, ///< passes execution to many blocks (switch idiom)
3788 BLT_XTRN = 6, ///< external block (out of function address)
3789};
3790
3791// Maximal bit range
3792#define MAXRANGE bitrange_t(0, USHRT_MAX)
3793
3794//-------------------------------------------------------------------------
3795/// Microcode of one basic block.
3796/// All blocks are part of a doubly linked list. They can also be addressed
3797/// by indexing the mba->natural array. A block contains a doubly linked list
3798/// of instructions, various location lists that are used for data flow
3799/// analysis, and other attributes.
3800class mblock_t
3801{
3802 friend class codegen_t;
3803 DECLARE_UNCOPYABLE(mblock_t)
3804 void hexapi init(void);
3805public:
3806 mblock_t *nextb; ///< next block in the doubly linked list
3807 mblock_t *prevb; ///< previous block in the doubly linked list
3808 uint32 flags; ///< combination of \ref MBL_ bits
3809 /// \defgroup MBL_ Basic block properties
3810 //@{
3811#define MBL_PRIV 0x0001 ///< private block - no instructions except
3812 ///< the specified are accepted (used in patterns)
3813#define MBL_NONFAKE 0x0000 ///< regular block
3814#define MBL_FAKE 0x0002 ///< fake block
3815#define MBL_GOTO 0x0004 ///< this block is a goto target
3816#define MBL_TCAL 0x0008 ///< aritifical call block for tail calls
3817#define MBL_PUSH 0x0010 ///< needs "convert push/pop instructions"
3818#define MBL_DMT64 0x0020 ///< needs "demote 64bits"
3819#define MBL_COMB 0x0040 ///< needs "combine" pass
3820#define MBL_PROP 0x0080 ///< needs 'propagation' pass
3821#define MBL_DEAD 0x0100 ///< needs "eliminate deads" pass
3822#define MBL_LIST 0x0200 ///< use/def lists are ready (not dirty)
3823#define MBL_INCONST 0x0400 ///< inconsistent lists: we are building them
3824#define MBL_CALL 0x0800 ///< call information has been built
3825#define MBL_BACKPROP 0x1000 ///< performed backprop_cc
3826#define MBL_NORET 0x2000 ///< dead end block: doesn't return execution control
3827#define MBL_DSLOT 0x4000 ///< block for delay slot
3828#define MBL_VALRANGES 0x8000 ///< should optimize using value ranges
3829#define MBL_KEEP 0x10000 ///< do not remove even if unreachable
3830 //@}
3831 ea_t start; ///< start address
3832 ea_t end; ///< end address
3833 ///< note: we cannot rely on start/end addresses
3834 ///< very much because instructions are
3835 ///< propagated between blocks
3836 minsn_t *head; ///< pointer to the first instruction of the block
3837 minsn_t *tail; ///< pointer to the last instruction of the block
3838 mba_t *mba; ///< the parent micro block array
3839 int serial; ///< block number
3840 mblock_type_t type; ///< block type (BLT_NONE - not computed yet)
3841
3842 mlist_t dead_at_start; ///< data that is dead at the block entry
3843 mlist_t mustbuse; ///< data that must be used by the block
3844 mlist_t maybuse; ///< data that may be used by the block
3845 mlist_t mustbdef; ///< data that must be defined by the block
3846 mlist_t maybdef; ///< data that may be defined by the block
3847 mlist_t dnu; ///< data that is defined but not used in the block
3848
3849 sval_t maxbsp; ///< maximal sp value in the block (0...stacksize)
3850 sval_t minbstkref; ///< lowest stack location accessible with indirect
3851 ///< addressing (offset from the stack bottom)
3852 ///< initially it is 0 (not computed)
3853 sval_t minbargref; ///< the same for arguments
3854
3855 intvec_t predset; ///< control flow graph: list of our predecessors
3856 ///< use npred() and pred() to access it
3857 intvec_t succset; ///< control flow graph: list of our successors
3858 ///< use nsucc() and succ() to access it
3859
3860 // the exact size of this class is not documented, there may be more fields
3861 char reserved[];
3862
3863 void mark_lists_dirty(void) { flags &= ~MBL_LIST; request_propagation(); }
3864 void request_propagation(void) { flags |= MBL_PROP; }
3865 bool needs_propagation(void) const { return (flags & MBL_PROP) != 0; }
3866 void request_demote64(void) { flags |= MBL_DMT64; }
3867 bool lists_dirty(void) const { return (flags & MBL_LIST) == 0; }
3868 bool lists_ready(void) const { return (flags & (MBL_LIST|MBL_INCONST)) == MBL_LIST; }
3869 int make_lists_ready(void) // returns number of changes
3870 {
3871 if ( lists_ready() )
3872 return 0;
3873 return build_lists(false);
3874 }
3875
3876 /// Get number of block predecessors
3877 int npred(void) const { return predset.size(); } // number of xrefs to the block
3878 /// Get number of block successors
3879 int nsucc(void) const { return succset.size(); } // number of xrefs from the block
3880 // Get predecessor number N
3881 int pred(int n) const { return predset[n]; }
3882 // Get successor number N
3883 int succ(int n) const { return succset[n]; }
3884
3885 mblock_t(void) = delete;
3886 virtual ~mblock_t(void);
3887 HEXRAYS_MEMORY_ALLOCATION_FUNCS()
3888 bool empty(void) const { return head == nullptr; }
3889
3890 /// Print block contents.
3891 /// \param vp print helpers class. it can be used to direct the printed
3892 /// info to any destination
3893 void hexapi print(vd_printer_t &vp) const;
3894
3895 /// Dump block info.
3896 /// This function is useful for debugging, see mba_t::dump for info
3897 void hexapi dump(void) const;
3898 AS_PRINTF(2, 0) void hexapi vdump_block(const char *title, va_list va) const;
3899 AS_PRINTF(2, 3) void dump_block(const char *title, ...) const
3900 {
3901 va_list va;
3902 va_start(va, title);
3903 vdump_block(title, va);
3904 va_end(va);
3905 }
3906
3907 //-----------------------------------------------------------------------
3908 // Functions to insert/remove insns during the microcode optimization phase.
3909 // See codegen_t, microcode_filter_t, udcall_t classes for the initial
3910 // microcode generation.
3911 //-----------------------------------------------------------------------
3912 /// Insert instruction into the doubly linked list
3913 /// \param nm new instruction
3914 /// \param om existing instruction, part of the doubly linked list
3915 /// if nullptr, then the instruction will be inserted at the beginning
3916 /// of the list
3917 /// NM will be inserted immediately after OM
3918 /// \return pointer to NM
3919 minsn_t *hexapi insert_into_block(minsn_t *nm, minsn_t *om);
3920
3921 /// Remove instruction from the doubly linked list
3922 /// \param m instruction to remove
3923 /// The removed instruction is not deleted, the caller gets its ownership
3924 /// \return pointer to the next instruction
3925 minsn_t *hexapi remove_from_block(minsn_t *m);
3926
3927 //-----------------------------------------------------------------------
3928 // Iterator over instructions and operands
3929 //-----------------------------------------------------------------------
3930 /// Visit all instructions.
3931 /// This function visits subinstructions too.
3932 /// \param mv instruction visitor
3933 /// \return zero or the value returned by mv.visit_insn()
3934 /// See also mba_t::for_all_topinsns()
3935 int hexapi for_all_insns(minsn_visitor_t &mv);
3936
3937 /// Visit all operands.
3938 /// This function visit subinstruction operands too.
3939 /// \param mv operand visitor
3940 /// \return zero or the value returned by mv.visit_mop()
3941 int hexapi for_all_ops(mop_visitor_t &mv);
3942
3943 /// Visit all operands that use LIST.
3944 /// \param list ptr to the list of locations. it may be modified:
3945 /// parts that get redefined by the instructions in [i1,i2)
3946 /// will be deleted.
3947 /// \param i1 starting instruction. must be a top level insn.
3948 /// \param i2 ending instruction (excluded). must be a top level insn.
3949 /// \param mmv operand visitor
3950 /// \return zero or the value returned by mmv.visit_mop()
3951 int hexapi for_all_uses(
3952 mlist_t *list,
3953 minsn_t *i1,
3954 minsn_t *i2,
3955 mlist_mop_visitor_t &mmv);
3956
3957 //-----------------------------------------------------------------------
3958 // Optimization functions
3959 //-----------------------------------------------------------------------
3960 /// Optimize one instruction in the context of the block.
3961 /// \param m pointer to a top level instruction
3962 /// \param optflags combination of \ref OPTI_ bits
3963 /// \return number of changes made to the block
3964 /// This function may change other instructions in the block too.
3965 /// However, it will not destroy top level instructions (it may convert them
3966 /// to nop's). This function performs only intrablock modifications.
3967 /// See also minsn_t::optimize_solo()
3968 int hexapi optimize_insn(minsn_t *m, int optflags=OPTI_MINSTKREF|OPTI_COMBINSNS);
3969
3970 /// Optimize a basic block.
3971 /// Usually there is no need to call this function explicitly because the
3972 /// decompiler will call it itself if optinsn_t::func or optblock_t::func
3973 /// return non-zero.
3974 /// \return number of changes made to the block
3975 int hexapi optimize_block(void);
3976
3977 /// Build def-use lists and eliminate deads.
3978 /// \param kill_deads do delete dead instructions?
3979 /// \return the number of eliminated instructions
3980 /// Better mblock_t::call make_lists_ready() rather than this function.
3981 int hexapi build_lists(bool kill_deads);
3982
3983 /// Remove a jump at the end of the block if it is useless.
3984 /// This function preserves any side effects when removing a useless jump.
3985 /// Both conditional and unconditional jumps are handled (and jtbl too).
3986 /// This function deletes useless jumps, not only replaces them with a nop.
3987 /// (please note that \optimize_insn does not handle useless jumps).
3988 /// \return number of changes made to the block
3989 int hexapi optimize_useless_jump(void);
3990
3991 //-----------------------------------------------------------------------
3992 // Functions that build with use/def lists. These lists are used to
3993 // reprsent list of registers and stack locations that are either modified
3994 // or accessed by microinstructions.
3995 //-----------------------------------------------------------------------
3996 /// Append use-list of an operand.
3997 /// This function calculates list of locations that may or must be used
3998 /// by the operand and appends it to LIST.
3999 /// \param list ptr to the output buffer. we will append to it.
4000 /// \param op operand to calculate the use list of
4001 /// \param maymust should we calculate 'may-use' or 'must-use' list?
4002 /// see \ref maymust_t for more details.
4003 /// \param mask if only part of the operand should be considered,
4004 /// a bitmask can be used to specify which part.
4005 /// example: op=AX,mask=0xFF means that we will consider only AL.
4006 void hexapi append_use_list(
4007 mlist_t *list,
4008 const mop_t &op,
4009 maymust_t maymust,
4010 bitrange_t mask=MAXRANGE) const;
4011
4012 /// Append def-list of an operand.
4013 /// This function calculates list of locations that may or must be modified
4014 /// by the operand and appends it to LIST.
4015 /// \param list ptr to the output buffer. we will append to it.
4016 /// \param op operand to calculate the def list of
4017 /// \param maymust should we calculate 'may-def' or 'must-def' list?
4018 /// see \ref maymust_t for more details.
4019 void hexapi append_def_list(
4020 mlist_t *list,
4021 const mop_t &op,
4022 maymust_t maymust) const;
4023
4024 /// Build use-list of an instruction.
4025 /// This function calculates list of locations that may or must be used
4026 /// by the instruction. Examples:
4027 /// "ldx ds.2, eax.4, ebx.4", may-list: all aliasable memory
4028 /// "ldx ds.2, eax.4, ebx.4", must-list: empty
4029 /// Since LDX uses EAX for indirect access, it may access any aliasable
4030 /// memory. On the other hand, we cannot tell for sure which memory cells
4031 /// will be accessed, this is why the must-list is empty.
4032 /// \param ins instruction to calculate the use list of
4033 /// \param maymust should we calculate 'may-use' or 'must-use' list?
4034 /// see \ref maymust_t for more details.
4035 /// \return the calculated use-list
4036 mlist_t hexapi build_use_list(const minsn_t &ins, maymust_t maymust) const;
4037
4038 /// Build def-list of an instruction.
4039 /// This function calculates list of locations that may or must be modified
4040 /// by the instruction. Examples:
4041 /// "stx ebx.4, ds.2, eax.4", may-list: all aliasable memory
4042 /// "stx ebx.4, ds.2, eax.4", must-list: empty
4043 /// Since STX uses EAX for indirect access, it may modify any aliasable
4044 /// memory. On the other hand, we cannot tell for sure which memory cells
4045 /// will be modified, this is why the must-list is empty.
4046 /// \param ins instruction to calculate the def list of
4047 /// \param maymust should we calculate 'may-def' or 'must-def' list?
4048 /// see \ref maymust_t for more details.
4049 /// \return the calculated def-list
4050 mlist_t hexapi build_def_list(const minsn_t &ins, maymust_t maymust) const;
4051
4052 //-----------------------------------------------------------------------
4053 // The use/def lists can be used to search for interesting instructions
4054 //-----------------------------------------------------------------------
4055 /// Is the list used by the specified instruction range?
4056 /// \param list list of locations. LIST may be modified by the function:
4057 /// redefined locations will be removed from it.
4058 /// \param i1 starting instruction of the range (must be a top level insn)
4059 /// \param i2 end instruction of the range (must be a top level insn)
4060 /// i2 is excluded from the range. it can be specified as nullptr.
4061 /// i1 and i2 must belong to the same block.
4062 /// \param maymust should we search in 'may-access' or 'must-access' mode?
4063 bool is_used(mlist_t *list, const minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const
4064 { return find_first_use(list, i1, i2, maymust) != nullptr; }
4065
4066 /// Find the first insn that uses the specified list in the insn range.
4067 /// \param list list of locations. LIST may be modified by the function:
4068 /// redefined locations will be removed from it.
4069 /// \param i1 starting instruction of the range (must be a top level insn)
4070 /// \param i2 end instruction of the range (must be a top level insn)
4071 /// i2 is excluded from the range. it can be specified as nullptr.
4072 /// i1 and i2 must belong to the same block.
4073 /// \param maymust should we search in 'may-access' or 'must-access' mode?
4074 /// \return pointer to such instruction or nullptr.
4075 /// Upon return LIST will contain only locations not redefined
4076 /// by insns [i1..result]
4077 const minsn_t *hexapi find_first_use(mlist_t *list, const minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const;
4078 minsn_t *find_first_use(mlist_t *list, minsn_t *i1, const minsn_t *i2, maymust_t maymust=MAY_ACCESS) const
4079 {
4080 return CONST_CAST(minsn_t*)(find_first_use(list,
4081 CONST_CAST(const minsn_t*)(i1),
4082 i2,
4083 maymust));
4084 }
4085
4086 /// Is the list redefined by the specified instructions?
4087 /// \param list list of locations to check.
4088 /// \param i1 starting instruction of the range (must be a top level insn)
4089 /// \param i2 end instruction of the range (must be a top level insn)
4090 /// i2 is excluded from the range. it can be specified as nullptr.
4091 /// i1 and i2 must belong to the same block.
4092 /// \param maymust should we search in 'may-access' or 'must-access' mode?
4093 bool is_redefined(
4094 const mlist_t &list,
4095 const minsn_t *i1,
4096 const minsn_t *i2,
4097 maymust_t maymust=MAY_ACCESS) const
4098 {
4099 return find_redefinition(list, i1, i2, maymust) != nullptr;
4100 }
4101
4102 /// Find the first insn that redefines any part of the list in the insn range.
4103 /// \param list list of locations to check.
4104 /// \param i1 starting instruction of the range (must be a top level insn)
4105 /// \param i2 end instruction of the range (must be a top level insn)
4106 /// i2 is excluded from the range. it can be specified as nullptr.
4107 /// i1 and i2 must belong to the same block.
4108 /// \param maymust should we search in 'may-access' or 'must-access' mode?
4109 /// \return pointer to such instruction or nullptr.
4110 const minsn_t *hexapi find_redefinition(
4111 const mlist_t &list,
4112 const minsn_t *i1,
4113 const minsn_t *i2,
4114 maymust_t maymust=MAY_ACCESS) const;
4115 minsn_t *find_redefinition(
4116 const mlist_t &list,
4117 minsn_t *i1,
4118 const minsn_t *i2,
4119 maymust_t maymust=MAY_ACCESS) const
4120 {
4121 return CONST_CAST(minsn_t*)(find_redefinition(list,
4122 CONST_CAST(const minsn_t*)(i1),
4123 i2,
4124 maymust));
4125 }
4126
4127 /// Is the right hand side of the instruction redefined the insn range?
4128 /// "right hand side" corresponds to the source operands of the instruction.
4129 /// \param ins instruction to consider
4130 /// \param i1 starting instruction of the range (must be a top level insn)
4131 /// \param i2 end instruction of the range (must be a top level insn)
4132 /// i2 is excluded from the range. it can be specified as nullptr.
4133 /// i1 and i2 must belong to the same block.
4134 bool hexapi is_rhs_redefined(const minsn_t *ins, const minsn_t *i1, const minsn_t *i2) const;
4135
4136 /// Find the instruction that accesses the specified operand.
4137 /// This function search inside one block.
4138 /// \param op operand to search for
4139 /// \param parent ptr to ptr to a top level instruction.
4140 /// denotes the beginning of the search range.
4141 /// \param mend end instruction of the range (must be a top level insn)
4142 /// mend is excluded from the range. it can be specified as nullptr.
4143 /// parent and mend must belong to the same block.
4144 /// \param fdflags combination of \ref FD_ bits
4145 /// \return the instruction that accesses the operand. this instruction
4146 /// may be a sub-instruction. to find out the top level
4147 /// instruction, check out *p_i1.
4148 /// nullptr means 'not found'.
4149 minsn_t *hexapi find_access(
4150 const mop_t &op,
4151 minsn_t **parent,
4152 const minsn_t *mend,
4153 int fdflags) const;
4154 /// \defgroup FD_ bits for mblock_t::find_access
4155 //@{
4156#define FD_BACKWARD 0x0000 ///< search direction
4157#define FD_FORWARD 0x0001 ///< search direction
4158#define FD_USE 0x0000 ///< look for use
4159#define FD_DEF 0x0002 ///< look for definition
4160#define FD_DIRTY 0x0004 ///< ignore possible implicit definitions
4161 ///< by function calls and indirect memory access
4162 //@}
4163
4164 // Convenience functions:
4165 minsn_t *find_def(
4166 const mop_t &op,
4167 minsn_t **p_i1,
4168 const minsn_t *i2,
4169 int fdflags)
4170 {
4171 return find_access(op, p_i1, i2, fdflags|FD_DEF);
4172 }
4173 minsn_t *find_use(
4174 const mop_t &op,
4175 minsn_t **p_i1,
4176 const minsn_t *i2,
4177 int fdflags)
4178 {
4179 return find_access(op, p_i1, i2, fdflags|FD_USE);
4180 }
4181
4182 /// Find possible values for a block.
4183 /// \param res set of value ranges
4184 /// \param vivl what to search for
4185 /// \param vrflags combination of \ref VR_ bits
4186 bool hexapi get_valranges(
4187 valrng_t *res,
4188 const vivl_t &vivl,
4189 int vrflags) const;
4190
4191 /// Find possible values for an instruction.
4192 /// \param res set of value ranges
4193 /// \param vivl what to search for
4194 /// \param m insn to search value ranges at. \sa VR_ bits
4195 /// \param vrflags combination of \ref VR_ bits
4196 bool hexapi get_valranges(
4197 valrng_t *res,
4198 const vivl_t &vivl,
4199 const minsn_t *m,
4200 int vrflags) const;
4201
4202 /// \defgroup VR_ bits for get_valranges
4203 //@{
4204#define VR_AT_START 0x0000 ///< get value ranges before the instruction or
4205 ///< at the block start (if M is nullptr)
4206#define VR_AT_END 0x0001 ///< get value ranges after the instruction or
4207 ///< at the block end, just after the last
4208 ///< instruction (if M is nullptr)
4209#define VR_EXACT 0x0002 ///< find exact match. if not set, the returned
4210 ///< valrng size will be >= vivl.size
4211 //@}
4212
4213 /// Erase the instruction (convert it to nop) and mark the lists dirty.
4214 /// This is the recommended function to use because it also marks the block
4215 /// use-def lists dirty.
4216 void make_nop(minsn_t *m) { m->_make_nop(); mark_lists_dirty(); }
4217
4218 /// Calculate number of regular instructions in the block.
4219 /// Assertions are skipped by this function.
4220 /// \return Number of non-assertion instructions in the block.
4221 size_t hexapi get_reginsn_qty(void) const;
4222
4223 bool is_call_block(void) const { return tail != nullptr && is_mcode_call(tail->opcode); }
4224 bool is_unknown_call(void) const { return tail != nullptr && tail->is_unknown_call(); }
4225 bool is_nway(void) const { return type == BLT_NWAY; }
4226 bool is_branch(void) const { return type == BLT_2WAY && tail->d.t == mop_b; }
4227 bool is_simple_goto_block(void) const
4228 {
4229 return get_reginsn_qty() == 1
4230 && tail->opcode == m_goto
4231 && tail->l.t == mop_b;
4232 }
4233 bool is_simple_jcnd_block() const
4234 {
4235 return is_branch()
4236 && npred() == 1
4237 && get_reginsn_qty() == 1
4238 && is_mcode_convertible_to_set(tail->opcode);
4239 }
4240};
4241//-------------------------------------------------------------------------
4242/// Warning ids
4243enum warnid_t
4244{
4245 WARN_VARARG_REGS, ///< 0 cannot handle register arguments in vararg function, discarded them
4246 WARN_ILL_PURGED, ///< 1 odd caller purged bytes %d, correcting
4247 WARN_ILL_FUNCTYPE, ///< 2 invalid function type '%s' has been ignored
4248 WARN_VARARG_TCAL, ///< 3 cannot handle tail call to vararg
4249 WARN_VARARG_NOSTK, ///< 4 call vararg without local stack
4250 WARN_VARARG_MANY, ///< 5 too many varargs, some ignored
4251 WARN_ADDR_OUTARGS, ///< 6 cannot handle address arithmetics in outgoing argument area of stack frame -- unused
4252 WARN_DEP_UNK_CALLS, ///< 7 found interdependent unknown calls
4253 WARN_ILL_ELLIPSIS, ///< 8 erroneously detected ellipsis type has been ignored
4254 WARN_GUESSED_TYPE, ///< 9 using guessed type %s;
4255 WARN_EXP_LINVAR, ///< 10 failed to expand a linear variable
4256 WARN_WIDEN_CHAINS, ///< 11 failed to widen chains
4257 WARN_BAD_PURGED, ///< 12 inconsistent function type and number of purged bytes
4258 WARN_CBUILD_LOOPS, ///< 13 too many cbuild loops
4259 WARN_NO_SAVE_REST, ///< 14 could not find valid save-restore pair for %s
4260 WARN_ODD_INPUT_REG, ///< 15 odd input register %s
4261 WARN_ODD_ADDR_USE, ///< 16 odd use of a variable address
4262 WARN_MUST_RET_FP, ///< 17 function return type is incorrect (must be floating point)
4263 WARN_ILL_FPU_STACK, ///< 18 inconsistent fpu stack
4264 WARN_SELFREF_PROP, ///< 19 self-referencing variable has been detected
4265 WARN_WOULD_OVERLAP, ///< 20 variables would overlap: %s
4266 WARN_ARRAY_INARG, ///< 21 array has been used for an input argument
4267 WARN_MAX_ARGS, ///< 22 too many input arguments, some ignored
4268 WARN_BAD_FIELD_TYPE,///< 23 incorrect structure member type for %s::%s, ignored
4269 WARN_WRITE_CONST, ///< 24 write access to const memory at %a has been detected
4270 WARN_BAD_RETVAR, ///< 25 wrong return variable
4271 WARN_FRAG_LVAR, ///< 26 fragmented variable at %s may be wrong
4272 WARN_HUGE_STKOFF, ///< 27 exceedingly huge offset into the stack frame
4273 WARN_UNINITED_REG, ///< 28 reference to an uninitialized register has been removed: %s
4274 WARN_FIXED_MACRO, ///< 29 fixed broken macro-insn
4275 WARN_WRONG_VA_OFF, ///< 30 wrong offset of va_list variable
4276 WARN_CR_NOFIELD, ///< 31 CONTAINING_RECORD: no field '%s' in struct '%s' at %d
4277 WARN_CR_BADOFF, ///< 32 CONTAINING_RECORD: too small offset %d for struct '%s'
4278 WARN_BAD_STROFF, ///< 33 user specified stroff has not been processed: %s
4279 WARN_BAD_VARSIZE, ///< 34 inconsistent variable size for '%s'
4280 WARN_UNSUPP_REG, ///< 35 unsupported processor register '%s'
4281 WARN_UNALIGNED_ARG, ///< 36 unaligned function argument '%s'
4282 WARN_BAD_STD_TYPE, ///< 37 corrupted or unexisting local type '%s'
4283 WARN_BAD_CALL_SP, ///< 38 bad sp value at call
4284 WARN_MISSED_SWITCH, ///< 39 wrong markup of switch jump, skipped it
4285 WARN_BAD_SP, ///< 40 positive sp value %a has been found
4286 WARN_BAD_STKPNT, ///< 41 wrong sp change point
4287 WARN_UNDEF_LVAR, ///< 42 variable '%s' is possibly undefined
4288 WARN_JUMPOUT, ///< 43 control flows out of bounds
4289 WARN_BAD_VALRNG, ///< 44 values range analysis failed
4290 WARN_BAD_SHADOW, ///< 45 ignored the value written to the shadow area of the succeeding call
4291 WARN_OPT_VALRNG, ///< 46 conditional instruction was optimized away because %s
4292 WARN_RET_LOCREF, ///< 47 returning address of temporary local variable '%s'
4293 WARN_BAD_MAPDST, ///< 48 too short map destination '%s' for variable '%s'
4294 WARN_BAD_INSN, ///< 49 bad instruction
4295 WARN_ODD_ABI, ///< 50 encountered odd instruction for the current ABI
4296 WARN_UNBALANCED_STACK, ///< 51 unbalanced stack, ignored a potential tail call
4297
4298 WARN_OPT_VALRNG2, ///< 52 mask 0x%X is shortened because %s <= 0x%X"
4299
4300 WARN_OPT_VALRNG3, ///< 53 masking with 0X%X was optimized away because %s <= 0x%X
4301 WARN_OPT_USELESS_JCND, ///< 54 simplified comparisons for '%s': %s became %s
4302 WARN_MAX, ///< may be used in notes as a placeholder when the
4303 ///< warning id is not available
4304};
4305
4306/// Warning instances
4307struct hexwarn_t
4308{
4309 ea_t ea; ///< Address where the warning occurred
4310 warnid_t id; ///< Warning id
4311 qstring text; ///< Fully formatted text of the warning
4312 DECLARE_COMPARISONS(hexwarn_t)
4313 {
4314 if ( ea < r.ea )
4315 return -1;
4316 if ( ea > r.ea )
4317 return 1;
4318 if ( id < r.id )
4319 return -1;
4320 if ( id > r.id )
4321 return 1;
4322 return strcmp(text.c_str(), r.text.c_str());
4323 }
4324};
4325DECLARE_TYPE_AS_MOVABLE(hexwarn_t);
4326typedef qvector<hexwarn_t> hexwarns_t;
4327
4328//-------------------------------------------------------------------------
4329/// Microcode maturity levels
4330enum mba_maturity_t
4331{
4332 MMAT_ZERO, ///< microcode does not exist
4333 MMAT_GENERATED, ///< generated microcode
4334 MMAT_PREOPTIMIZED, ///< preoptimized pass is complete
4335 MMAT_LOCOPT, ///< local optimization of each basic block is complete.
4336 ///< control flow graph is ready too.
4337 MMAT_CALLS, ///< detected call arguments
4338 MMAT_GLBOPT1, ///< performed the first pass of global optimization
4339 MMAT_GLBOPT2, ///< most global optimization passes are done
4340 MMAT_GLBOPT3, ///< completed all global optimization. microcode is fixed now.
4341 MMAT_LVARS, ///< allocated local variables
4342};
4343
4344//-------------------------------------------------------------------------
4345enum memreg_index_t ///< memory region types
4346{
4347 MMIDX_GLBLOW, ///< global memory: low part
4348 MMIDX_LVARS, ///< stack: local variables
4349 MMIDX_RETADDR, ///< stack: return address
4350 MMIDX_SHADOW, ///< stack: shadow arguments
4351 MMIDX_ARGS, ///< stack: regular stack arguments
4352 MMIDX_GLBHIGH, ///< global memory: high part
4353};
4354
4355//-------------------------------------------------------------------------
4356/// Ranges to decompile. Either a function or an explicit vector of ranges.
4357struct mba_ranges_t
4358{
4359 func_t *pfn = nullptr; ///< function to decompile. if not null, then function mode.
4360 rangevec_t ranges; ///< snippet mode: ranges to decompile.
4361 ///< function mode: list of outlined ranges
4362 mba_ranges_t(func_t *_pfn=nullptr) : pfn(_pfn) {}
4363 mba_ranges_t(const rangevec_t &r) : ranges(r) {}
4364 ea_t start(void) const { return (pfn != nullptr ? *pfn : ranges[0]).start_ea; }
4365 bool empty(void) const { return pfn == nullptr && ranges.empty(); }
4366 void clear(void) { pfn = nullptr; ranges.clear(); }
4367 bool is_snippet(void) const { return pfn == nullptr; }
4368 bool hexapi range_contains(ea_t ea) const;
4369 bool is_fragmented(void) const
4370 {
4371 int n_frags = ranges.size();
4372 if ( pfn != nullptr )
4373 n_frags += pfn->tailqty + 1;
4374 return n_frags > 1;
4375 }
4376};
4377
4378/// Item iterator of arbitrary rangevec items
4379struct range_item_iterator_t
4380{
4381 const rangevec_t *ranges = nullptr;
4382 const range_t *rptr = nullptr; // pointer into ranges
4383 ea_t cur = BADADDR; // current address
4384 bool set(const rangevec_t &r);
4385 bool next_code(void);
4386 ea_t current(void) const { return cur; }
4387};
4388
4389/// Item iterator for mba_ranges_t
4390struct mba_item_iterator_t
4391{
4392 range_item_iterator_t rii;
4393 func_item_iterator_t fii;
4394 bool func_items_done = true;
4395 bool set(const mba_ranges_t &mbr)
4396 {
4397 bool ok = false;
4398 if ( mbr.pfn != nullptr )
4399 {
4400 ok = fii.set(mbr.pfn);
4401 if ( ok )
4402 func_items_done = false;
4403 }
4404 if ( rii.set(mbr.ranges) )
4405 ok = true;
4406 return ok;
4407 }
4408 bool next_code(void)
4409 {
4410 bool ok = false;
4411 if ( !func_items_done )
4412 {
4413 ok = fii.next_code();
4414 if ( !ok )
4415 func_items_done = true;
4416 }
4417 if ( !ok )
4418 ok = rii.next_code();
4419 return ok;
4420 }
4421 ea_t current(void) const
4422 {
4423 return func_items_done ? rii.current() : fii.current();
4424 }
4425};
4426
4427/// Chunk iterator of arbitrary rangevec items
4428struct range_chunk_iterator_t
4429{
4430 const range_t *rptr = nullptr; // pointer into ranges
4431 const range_t *rend = nullptr;
4432 bool set(const rangevec_t &r) { rptr = r.begin(); rend = r.end(); return rptr != rend; }
4433 bool next(void) { return ++rptr != rend; }
4434 const range_t &chunk(void) const { return *rptr; }
4435};
4436
4437/// Chunk iterator for mba_ranges_t
4438struct mba_range_iterator_t
4439{
4440 range_chunk_iterator_t rii;
4441 func_tail_iterator_t fii; // this is used if rii.rptr==nullptr
4442 bool is_snippet(void) const { return rii.rptr != nullptr; }
4443 bool set(const mba_ranges_t &mbr)
4444 {
4445 if ( mbr.is_snippet() )
4446 return rii.set(mbr.ranges);
4447 else
4448 return fii.set(mbr.pfn);
4449 }
4450 bool next(void)
4451 {
4452 if ( is_snippet() )
4453 return rii.next();
4454 else
4455 return fii.next();
4456 }
4457 const range_t &chunk(void) const
4458 {
4459 return is_snippet() ? rii.chunk() : fii.chunk();
4460 }
4461};
4462
4463//-------------------------------------------------------------------------
4464/// Array of micro blocks representing microcode for a decompiled function.
4465/// The first micro block is the entry point, the last one is the exit point.
4466/// The entry and exit blocks are always empty. The exit block is generated
4467/// at MMAT_LOCOPT maturity level.
4468class mba_t
4469{
4470 DECLARE_UNCOPYABLE(mba_t)
4471 uint32 flags;
4472 uint32 flags2;
4473
4474public:
4475 // bits to describe the microcode, set by the decompiler
4476#define MBA_PRCDEFS 0x00000001 ///< use precise defeas for chain-allocated lvars
4477#define MBA_NOFUNC 0x00000002 ///< function is not present, addresses might be wrong
4478#define MBA_PATTERN 0x00000004 ///< microcode pattern, callinfo is present
4479#define MBA_LOADED 0x00000008 ///< loaded gdl, no instructions (debugging)
4480#define MBA_RETFP 0x00000010 ///< function returns floating point value
4481#define MBA_SPLINFO 0x00000020 ///< (final_type ? idb_spoiled : spoiled_regs) is valid
4482#define MBA_PASSREGS 0x00000040 ///< has mcallinfo_t::pass_regs
4483#define MBA_THUNK 0x00000080 ///< thunk function
4484#define MBA_CMNSTK 0x00000100 ///< stkvars+stkargs should be considered as one area
4485
4486 // bits to describe analysis stages and requests
4487#define MBA_PREOPT 0x00000200 ///< preoptimization stage complete
4488#define MBA_CMBBLK 0x00000400 ///< request to combine blocks
4489#define MBA_ASRTOK 0x00000800 ///< assertions have been generated
4490#define MBA_CALLS 0x00001000 ///< callinfo has been built
4491#define MBA_ASRPROP 0x00002000 ///< assertion have been propagated
4492#define MBA_SAVRST 0x00004000 ///< save-restore analysis has been performed
4493#define MBA_RETREF 0x00008000 ///< return type has been refined
4494#define MBA_GLBOPT 0x00010000 ///< microcode has been optimized globally
4495#define MBA_LVARS0 0x00040000 ///< lvar pre-allocation has been performed
4496#define MBA_LVARS1 0x00080000 ///< lvar real allocation has been performed
4497#define MBA_DELPAIRS 0x00100000 ///< pairs have been deleted once
4498#define MBA_CHVARS 0x00200000 ///< can verify chain varnums
4499
4500 // bits that can be set by the caller:
4501#define MBA_SHORT 0x00400000 ///< use short display
4502#define MBA_COLGDL 0x00800000 ///< display graph after each reduction
4503#define MBA_INSGDL 0x01000000 ///< display instruction in graphs
4504#define MBA_NICE 0x02000000 ///< apply transformations to c code
4505#define MBA_REFINE 0x04000000 ///< may refine return value size
4506#define MBA_WINGR32 0x10000000 ///< use wingraph32
4507#define MBA_NUMADDR 0x20000000 ///< display definition addresses for numbers
4508#define MBA_VALNUM 0x40000000 ///< display value numbers
4509
4510#define MBA_INITIAL_FLAGS (MBA_INSGDL|MBA_NICE|MBA_CMBBLK|MBA_REFINE\
4511 |MBA_PRCDEFS|MBA_WINGR32|MBA_VALNUM)
4512
4513#define MBA2_LVARNAMES_OK 0x00000001 ///< may verify lvar_names?
4514#define MBA2_LVARS_RENAMED 0x00000002 ///< accept empty names now?
4515#define MBA2_OVER_CHAINS 0x00000004 ///< has overlapped chains?
4516#define MBA2_VALRNG_DONE 0x00000008 ///< calculated valranges?
4517#define MBA2_IS_CTR 0x00000010 ///< is constructor?
4518#define MBA2_IS_DTR 0x00000020 ///< is destructor?
4519#define MBA2_ARGIDX_OK 0x00000040 ///< may verify input argument list?
4520#define MBA2_NO_DUP_CALLS 0x00000080 ///< forbid multiple calls with the same ea
4521#define MBA2_NO_DUP_LVARS 0x00000100 ///< forbid multiple lvars with the same ea
4522#define MBA2_UNDEF_RETVAR 0x00000200 ///< return value is undefined
4523#define MBA2_ARGIDX_SORTED 0x00000400 ///< args finally sorted according to ABI
4524 ///< (e.g. reverse stkarg order in Borland)
4525#define MBA2_CODE16_BIT 0x00000800 ///< the code16 bit removed
4526#define MBA2_STACK_RETVAL 0x00001000 ///< the return value is on the stack
4527#define MBA2_HAS_OUTLINES 0x00002000 ///< calls to outlined code have been inlined
4528#define MBA2_NO_FRAME 0x00004000 ///< do not use function frame info (only snippet mode)
4529#define MBA2_PROP_COMPLEX 0x00008000 ///< allow propagation of more complex variable definitions
4530
4531#define MBA2_DONT_VERIFY 0x80000000 ///< Do not verify microcode. This flag
4532 ///< is recomended to be set only when
4533 ///< debugging decompiler plugins
4534
4535#define MBA2_INITIAL_FLAGS (MBA2_LVARNAMES_OK|MBA2_LVARS_RENAMED)
4536
4537#define MBA2_ALL_FLAGS 0x0000FFFF
4538
4539 bool precise_defeas(void) const { return (flags & MBA_PRCDEFS) != 0; }
4540 bool optimized(void) const { return (flags & MBA_GLBOPT) != 0; }
4541 bool short_display(void) const { return (flags & MBA_SHORT ) != 0; }
4542 bool show_reduction(void) const { return (flags & MBA_COLGDL) != 0; }
4543 bool graph_insns(void) const { return (flags & MBA_INSGDL) != 0; }
4544 bool loaded_gdl(void) const { return (flags & MBA_LOADED) != 0; }
4545 bool should_beautify(void)const { return (flags & MBA_NICE ) != 0; }
4546 bool rtype_refined(void) const { return (flags & MBA_RETREF) != 0; }
4547 bool may_refine_rettype(void) const { return (flags & MBA_REFINE) != 0; }
4548 bool use_wingraph32(void) const { return (flags & MBA_WINGR32) != 0; }
4549 bool display_numaddrs(void) const { return (flags & MBA_NUMADDR) != 0; }
4550 bool display_valnums(void) const { return (flags & MBA_VALNUM) != 0; }
4551 bool is_pattern(void) const { return (flags & MBA_PATTERN) != 0; }
4552 bool is_thunk(void) const { return (flags & MBA_THUNK) != 0; }
4553 bool saverest_done(void) const { return (flags & MBA_SAVRST) != 0; }
4554 bool callinfo_built(void) const { return (flags & MBA_CALLS) != 0; }
4555 bool really_alloc(void) const { return (flags & MBA_LVARS0) != 0; }
4556 bool lvars_allocated(void)const { return (flags & MBA_LVARS1) != 0; }
4557 bool chain_varnums_ok(void)const { return (flags & MBA_CHVARS) != 0; }
4558 bool returns_fpval(void) const { return (flags & MBA_RETFP) != 0; }
4559 bool has_passregs(void) const { return (flags & MBA_PASSREGS) != 0; }
4560 bool generated_asserts(void) const { return (flags & MBA_ASRTOK) != 0; }
4561 bool propagated_asserts(void) const { return (flags & MBA_ASRPROP) != 0; }
4562 bool deleted_pairs(void) const { return (flags & MBA_DELPAIRS) != 0; }
4563 bool common_stkvars_stkargs(void) const { return (flags & MBA_CMNSTK) != 0; }
4564 bool lvar_names_ok(void) const { return (flags2 & MBA2_LVARNAMES_OK) != 0; }
4565 bool lvars_renamed(void) const { return (flags2 & MBA2_LVARS_RENAMED) != 0; }
4566 bool has_over_chains(void) const { return (flags2 & MBA2_OVER_CHAINS) != 0; }
4567 bool valranges_done(void) const { return (flags2 & MBA2_VALRNG_DONE) != 0; }
4568 bool argidx_ok(void) const { return (flags2 & MBA2_ARGIDX_OK) != 0; }
4569 bool argidx_sorted(void) const { return (flags2 & MBA2_ARGIDX_SORTED) != 0; }
4570 bool code16_bit_removed(void) const { return (flags2 & MBA2_CODE16_BIT) != 0; }
4571 bool has_stack_retval(void) const { return (flags2 & MBA2_STACK_RETVAL) != 0; }
4572 bool has_outlines(void) const { return (flags2 & MBA2_HAS_OUTLINES) != 0; }
4573 bool is_ctr(void) const { return (flags2 & MBA2_IS_CTR) != 0; }
4574 bool is_dtr(void) const { return (flags2 & MBA2_IS_DTR) != 0; }
4575 bool is_cdtr(void) const { return (flags2 & (MBA2_IS_CTR|MBA2_IS_DTR)) != 0; }
4576 bool prop_complex(void) const { return (flags2 & MBA2_PROP_COMPLEX) != 0; }
4577 int get_mba_flags(void) const { return flags; }
4578 int get_mba_flags2(void) const { return flags2; }
4579 void set_mba_flags(int f) { flags |= f; }
4580 void clr_mba_flags(int f) { flags &= ~f; }
4581 void set_mba_flags2(int f) { flags2 |= f; }
4582 void clr_mba_flags2(int f) { flags2 &= ~f; }
4583 void clr_cdtr(void) { flags2 &= ~(MBA2_IS_CTR|MBA2_IS_DTR); }
4584 int calc_shins_flags(void) const
4585 {
4586 int shins_flags = 0;
4587 if ( short_display() )
4588 shins_flags |= SHINS_SHORT;
4589 if ( display_valnums() )
4590 shins_flags |= SHINS_VALNUM;
4591 if ( display_numaddrs() )
4592 shins_flags |= SHINS_NUMADDR;
4593 return shins_flags;
4594 }
4595
4596/*
4597 +-----------+ <- inargtop
4598 | prmN |
4599 | ... | <- minargref
4600 | prm0 |
4601 +-----------+ <- inargoff
4602 |shadow_args|
4603 +-----------+
4604 | retaddr |
4605 frsize+frregs +-----------+ <- initial esp |
4606 | frregs | |
4607 +frsize +-----------+ <- typical ebp |
4608 | | | |
4609 | | | fpd |
4610 | | | |
4611 | frsize | <- current ebp |
4612 | | |
4613 | | |
4614 | | | stacksize
4615 | | |
4616 | | |
4617 | | <- minstkref |
4618 stkvar base off 0 +---.. | | | current
4619 | | | | stack
4620 | | | | pointer
4621 | | | | range
4622 |tmpstk_size| | | (what getspd() returns)
4623 | | | |
4624 | | | |
4625 +-----------+ <- minimal sp | | offset 0 for the decompiler (vd)
4626
4627 There is a detail that may add confusion when working with stack variables.
4628 The decompiler does not use the same stack offsets as IDA.
4629 The picture above should explain the difference:
4630 - IDA stkoffs are displayed on the left, decompiler stkoffs - on the right
4631 - Decompiler stkoffs are always >= 0
4632 - IDA stkoff==0 corresponds to stkoff==tmpstk_size in the decompiler
4633 - See stkoff_vd2ida and stkoff_ida2vd below to convert IDA stkoffs to vd stkoff
4634
4635*/
4636
4637 // convert a stack offset used in vd to a stack offset used in ida stack frame
4638 sval_t hexapi stkoff_vd2ida(sval_t off) const;
4639 // convert a ida stack frame offset to a stack offset used in vd
4640 sval_t hexapi stkoff_ida2vd(sval_t off) const;
4641 sval_t argbase() const
4642 {
4643 return retsize + stacksize;
4644 }
4645 static vdloc_t hexapi idaloc2vd(const argloc_t &loc, int width, sval_t spd);
4646 vdloc_t hexapi idaloc2vd(const argloc_t &loc, int width) const;
4647
4648 static argloc_t hexapi vd2idaloc(const vdloc_t &loc, int width, sval_t spd);
4649 argloc_t hexapi vd2idaloc(const vdloc_t &loc, int width) const;
4650
4651 bool is_stkarg(const lvar_t &v) const
4652 {
4653 return v.is_stk_var() && v.get_stkoff() >= inargoff;
4654 }
4655 member_t *get_stkvar(sval_t vd_stkoff, uval_t *poff) const;
4656 // get lvar location
4657 argloc_t get_ida_argloc(const lvar_t &v) const
4658 {
4659 return vd2idaloc(v.location, v.width);
4660 }
4661 mba_ranges_t mbr;
4662 ea_t entry_ea = BADADDR;
4663 ea_t last_prolog_ea = BADADDR;
4664 ea_t first_epilog_ea = BADADDR;
4665 int qty = 0; ///< number of basic blocks
4666 int npurged = -1; ///< -1 - unknown
4667 cm_t cc = CM_CC_UNKNOWN; ///< calling convention
4668 sval_t tmpstk_size = 0; ///< size of the temporary stack part
4669 ///< (which dynamically changes with push/pops)
4670 sval_t frsize = 0; ///< size of local stkvars range in the stack frame
4671 sval_t frregs = 0; ///< size of saved registers range in the stack frame
4672 sval_t fpd = 0; ///< frame pointer delta
4673 int pfn_flags = 0; ///< copy of func_t::flags
4674 int retsize = 0; ///< size of return address in the stack frame
4675 int shadow_args = 0; ///< size of shadow argument area
4676 sval_t fullsize = 0; ///< Full stack size including incoming args
4677 sval_t stacksize = 0; ///< The maximal size of the function stack including
4678 ///< bytes allocated for outgoing call arguments
4679 ///< (up to retaddr)
4680 sval_t inargoff = 0; ///< offset of the first stack argument;
4681 ///< after fix_scattered_movs() INARGOFF may
4682 ///< be less than STACKSIZE