documentation/doxygen/irBuilder_8cpp_source.html

/*

**  Copyright (C) - Triton

**

**  This program is under the terms of the Apache License 2.0.

*/


#include <new>


#include <triton/aarch64Semantics.hpp>

#include <triton/arm32Semantics.hpp>

#include <triton/astContext.hpp>

#include <triton/exceptions.hpp>

#include <triton/irBuilder.hpp>

#include <triton/memoryAccess.hpp>

#include <triton/operandWrapper.hpp>

#include <triton/register.hpp>

#include <triton/x86Semantics.hpp>

#ifdef COMPILE_RISCV

#include <triton/riscvSemantics.hpp>

#endif


namespace triton {

  namespace arch {


    IrBuilder::IrBuilder(triton::arch::Architecture* architecture,

                         const triton::modes::SharedModes& modes,

                         const triton::ast::SharedAstContext& astCtxt,

                         triton::engines::symbolic::SymbolicEngine* symbolicEngine,

                         triton::engines::taint::TaintEngine* taintEngine)

      : modes(modes), astCtxt(astCtxt) {


      if (architecture == nullptr)

        throw triton::exceptions::IrBuilder("IrBuilder::IrBuilder(): The architecture API must be defined.");


      if (symbolicEngine == nullptr)

        throw triton::exceptions::IrBuilder("IrBuilder::IrBuilder(): The symbolic engine API must be defined.");


      if (taintEngine == nullptr)

        throw triton::exceptions::IrBuilder("IrBuilder::IrBuilder(): The taint engines API must be defined.");


      this->architecture         = architecture;

      this->symbolicEngine       = symbolicEngine;

      this->taintEngine          = taintEngine;

      this->aarch64Isa           = new(std::nothrow) triton::arch::arm::aarch64::AArch64Semantics(architecture, symbolicEngine, taintEngine, astCtxt);

      this->arm32Isa             = new(std::nothrow) triton::arch::arm::arm32::Arm32Semantics(architecture, symbolicEngine, taintEngine, astCtxt);

      this->x86Isa               = new(std::nothrow) triton::arch::x86::x86Semantics(architecture, symbolicEngine, taintEngine, modes, astCtxt);

      #ifdef COMPILE_RISCV

      this->riscvIsa             = new(std::nothrow) triton::arch::riscv::riscvSemantics(architecture, symbolicEngine, taintEngine, modes, astCtxt);

      #endif


      if (this->x86Isa == nullptr || this->aarch64Isa == nullptr || this->arm32Isa == nullptr

        #ifdef COMPILE_RISCV

        || this->riscvIsa == nullptr

        #endif

      )

        throw triton::exceptions::IrBuilder("IrBuilder::IrBuilder(): Not enough memory.");

    }


    IrBuilder::~IrBuilder() {

      delete this->aarch64Isa;

      delete this->arm32Isa;

      delete this->x86Isa;

      #ifdef COMPILE_RISCV

      delete this->riscvIsa;

      #endif

    }


    triton::arch::exception_e IrBuilder::buildSemantics(triton::arch::Instruction& inst) {

      triton::arch::architecture_e arch = this->architecture->getArchitecture();

      triton::arch::exception_e ret = triton::arch::NO_FAULT;


      if (arch == triton::arch::ARCH_INVALID)

        throw triton::exceptions::IrBuilder("IrBuilder::buildSemantics(): You must define an architecture.");


      /* Initialize the target address of memory operands */

      for (auto& operand : inst.operands) {

        if (operand.getType() == triton::arch::OP_MEM) {

          this->symbolicEngine->initLeaAst(operand.getMemory());

        }

      }


      /* Pre IR processing */

      this->preIrInit(inst);


      /* Processing */

      switch (arch) {

        case triton::arch::ARCH_AARCH64:

          ret = this->aarch64Isa->buildSemantics(inst);

          break;


        case triton::arch::ARCH_ARM32:

          ret = this->arm32Isa->buildSemantics(inst);

          break;


        case triton::arch::ARCH_X86:

        case triton::arch::ARCH_X86_64:

          ret = this->x86Isa->buildSemantics(inst);

          break;


        #ifdef COMPILE_RISCV

        case triton::arch::ARCH_RV64:

        case triton::arch::ARCH_RV32:

          ret = this->riscvIsa->buildSemantics(inst);

          break;

        #endif


        default:

          throw triton::exceptions::IrBuilder("IrBuilder::buildSemantics(): Architecture not supported.");

          break;

      }


      /* Post IR processing */

      this->postIrInit(inst);


      return ret;

    }


    triton::arch::exception_e IrBuilder::buildSemantics(triton::arch::BasicBlock& block) {

      triton::arch::exception_e ret = triton::arch::NO_FAULT;

      triton::usize count = block.getSize();


      for (auto& inst : block.getInstructions()) {

        ret = this->buildSemantics(inst);

        if (ret != triton::arch::NO_FAULT) {

          return ret;

        }

        count--;

        if (inst.isControlFlow() && count) {

          throw triton::exceptions::IrBuilder("IrBuilder::buildSemantics(): Do not add instructions in a block after a branch instruction.");

        }

      }


      return ret;

    }


    void IrBuilder::preIrInit(triton::arch::Instruction& inst) {

      /* Clear previous expressions if exist */

      inst.symbolicExpressions.clear();


      /* Clear implicit and explicit previous semantics */

      inst.getLoadAccess().clear();

      inst.getReadRegisters().clear();

      inst.getReadImmediates().clear();

      inst.getStoreAccess().clear();

      inst.getWrittenRegisters().clear();


      /* Update instruction address if undefined */

      if (!inst.getAddress()) {

        inst.setAddress(static_cast<triton::uint64>(this->architecture->getConcreteRegisterValue(this->architecture->getProgramCounter())));

      }

    }


    void IrBuilder::postIrInit(triton::arch::Instruction& inst) {

      std::vector<triton::engines::symbolic::SharedSymbolicExpression> newVector;


      /* Set the taint */

      inst.setTaint();


      /*

       * If the symbolic engine is defined to process symbolic

       * execution only on symbolized expressions, we delete all

       * concrete expressions and their AST nodes.

       */

      if (this->modes->isModeEnabled(triton::modes::ONLY_ON_SYMBOLIZED)) {

        /* Clear memory operands */

        this->collectUnsymbolizedNodes(inst.operands);


        /* Clear implicit and explicit semantics - MEM */

        this->collectUnsymbolizedNodes(inst.getLoadAccess());


        /* Clear implicit and explicit semantics - REG */

        this->collectUnsymbolizedNodes(inst.getReadRegisters());


        /* Clear implicit and explicit semantics - IMM */

        this->collectUnsymbolizedNodes(inst.getReadImmediates());


        /* Clear implicit and explicit semantics - MEM */

        this->collectUnsymbolizedNodes(inst.getStoreAccess());


        /* Clear implicit and explicit semantics - REG */

        this->collectUnsymbolizedNodes(inst.getWrittenRegisters());


        /* Clear symbolic expressions */

        for (const auto& se : inst.symbolicExpressions) {

          if (se->isSymbolized() == false) {

            this->symbolicEngine->removeSymbolicExpression(se);

          }

          else

            newVector.push_back(se);

        }

        inst.symbolicExpressions = newVector;

      }


      /*

       * If the symbolic engine is defined to process symbolic

       * execution only on tainted instructions, we delete all

       * expressions untainted and their AST nodes.

       */

      else if (this->modes->isModeEnabled(triton::modes::ONLY_ON_TAINTED) && !inst.isTainted()) {

        /* Memory operands */

        this->collectNodes(inst.operands);


        /* Implicit and explicit semantics - MEM */

        this->collectNodes(inst.getLoadAccess());


        /* Implicit and explicit semantics - REG */

        this->collectNodes(inst.getReadRegisters());


        /* Implicit and explicit semantics - IMM */

        this->collectNodes(inst.getReadImmediates());


        /* Implicit and explicit semantics - MEM */

        this->collectNodes(inst.getStoreAccess());


        /* Implicit and explicit semantics - REG */

        this->collectNodes(inst.getWrittenRegisters());


        /* Symbolic Expressions */

        this->removeSymbolicExpressions(inst);

      }


      this->astCtxt->garbage();

    }


    void IrBuilder::removeSymbolicExpressions(triton::arch::Instruction& inst) {

      for (const auto& se : inst.symbolicExpressions) {

        this->symbolicEngine->removeSymbolicExpression(se);

      }

      inst.symbolicExpressions.clear();

    }


    template <typename T>

    void IrBuilder::collectNodes(T& items) const {

      items.clear();

    }


    void IrBuilder::collectNodes(std::vector<triton::arch::OperandWrapper>& operands) const {

      for (auto& operand : operands) {

        if (operand.getType() == triton::arch::OP_MEM) {

          operand.getMemory().setLeaAst(nullptr);

        }

      }

    }


    template <typename T>

    void IrBuilder::collectUnsymbolizedNodes(T& items) const {

      T newItems;


      for (const auto& item : items) {

        if (std::get<1>(item) && std::get<1>(item)->isSymbolized() == true)

          newItems.insert(item);

      }


      items.clear();

      items = newItems;

    }


    void IrBuilder::collectUnsymbolizedNodes(std::vector<triton::arch::OperandWrapper>& operands) const {

      for (auto& operand : operands) {

        if (operand.getType() == triton::arch::OP_MEM) {

          if (operand.getMemory().getLeaAst() && operand.getMemory().getLeaAst()->isSymbolized() == false) {

            operand.getMemory().setLeaAst(nullptr);

          }

        }

      }

    }


  }; /* arch namespace */

}; /* triton namespace */

aarch64Semantics.hpp

arm32Semantics.hpp

astContext.hpp

triton::arch::Architecture
The abstract architecture class.
Definition architecture.hpp:45

triton::arch::Architecture::getConcreteRegisterValue
TRITON_EXPORT triton::uint512 getConcreteRegisterValue(const triton::arch::Register &reg, bool execCallbacks=true) const
Returns the concrete value of a register.
Definition architecture.cpp:323

triton::arch::Architecture::getArchitecture
TRITON_EXPORT triton::arch::architecture_e getArchitecture(void) const
Returns the kind of architecture as triton::arch::architecture_e.
Definition architecture.cpp:36

triton::arch::BasicBlock
This class is used to represent a basic block.
Definition basicBlock.hpp:38

triton::arch::BasicBlock::getSize
TRITON_EXPORT triton::usize getSize(void) const
Returns the number of instructions in the block.
Definition basicBlock.cpp:63

triton::arch::BasicBlock::getInstructions
TRITON_EXPORT std::vector< triton::arch::Instruction > & getInstructions(void)
Gets all instructions of the block.
Definition basicBlock.cpp:58

triton::arch::Instruction
This class is used to represent an instruction.
Definition instruction.hpp:48

triton::arch::Instruction::getReadRegisters
TRITON_EXPORT std::set< std::pair< triton::arch::Register, triton::ast::SharedAbstractNode > > & getReadRegisters(void)
Returns the list of all implicit and explicit register (flags includes) inputs (read)
Definition instruction.cpp:182

triton::arch::Instruction::getStoreAccess
TRITON_EXPORT std::set< std::pair< triton::arch::MemoryAccess, triton::ast::SharedAbstractNode > > & getStoreAccess(void)
Returns the list of all implicit and explicit store access.
Definition instruction.cpp:177

triton::arch::Instruction::setAddress
TRITON_EXPORT void setAddress(triton::uint64 addr)
Sets the address of the instruction.
Definition instruction.cpp:124

triton::arch::Instruction::getLoadAccess
TRITON_EXPORT std::set< std::pair< triton::arch::MemoryAccess, triton::ast::SharedAbstractNode > > & getLoadAccess(void)
Returns the list of all implicit and explicit load access.
Definition instruction.cpp:172

triton::arch::Instruction::isTainted
TRITON_EXPORT bool isTainted(void) const
Returns true if at least one of its expressions is tainted.
Definition instruction.cpp:382

triton::arch::Instruction::getAddress
TRITON_EXPORT triton::uint64 getAddress(void) const
Returns the address of the instruction.
Definition instruction.cpp:114

triton::arch::Instruction::setTaint
TRITON_EXPORT void setTaint(bool state)
Sets the taint of the instruction.
Definition instruction.cpp:343

triton::arch::Instruction::getWrittenRegisters
TRITON_EXPORT std::set< std::pair< triton::arch::Register, triton::ast::SharedAbstractNode > > & getWrittenRegisters(void)
Returns the list of all implicit and explicit register (flags includes) outputs (write)
Definition instruction.cpp:187

triton::arch::Instruction::operands
std::vector< triton::arch::OperandWrapper > operands
A list of operands.
Definition instruction.hpp:122

triton::arch::Instruction::symbolicExpressions
std::vector< triton::engines::symbolic::SharedSymbolicExpression > symbolicExpressions
The semantics set of the instruction.
Definition instruction.hpp:125

triton::arch::Instruction::getReadImmediates
TRITON_EXPORT std::set< std::pair< triton::arch::Immediate, triton::ast::SharedAbstractNode > > & getReadImmediates(void)
Returns the list of all implicit and explicit immediate inputs (read)
Definition instruction.cpp:192

triton::arch::IrBuilder::~IrBuilder
virtual TRITON_EXPORT ~IrBuilder()
Destructor.
Definition irBuilder.cpp:62

triton::arch::IrBuilder::IrBuilder
TRITON_EXPORT IrBuilder(triton::arch::Architecture *architecture, const triton::modes::SharedModes &modes, const triton::ast::SharedAstContext &astCtxt, triton::engines::symbolic::SymbolicEngine *symbolicEngine, triton::engines::taint::TaintEngine *taintEngine)
Constructor.
Definition irBuilder.cpp:27

triton::arch::IrBuilder::arm32Isa
triton::arch::SemanticsInterface * arm32Isa
ARM32 ISA builder.
Definition irBuilder.hpp:77

triton::arch::IrBuilder::aarch64Isa
triton::arch::SemanticsInterface * aarch64Isa
AArch64 ISA builder.
Definition irBuilder.hpp:74

triton::arch::IrBuilder::buildSemantics
TRITON_EXPORT triton::arch::exception_e buildSemantics(triton::arch::Instruction &inst)
Builds the semantics of the instruction. Returns triton::arch::NO_FAULT if succeed.
Definition irBuilder.cpp:72

triton::arch::IrBuilder::preIrInit
TRITON_EXPORT void preIrInit(triton::arch::Instruction &inst)
Everything which must be done before buiding the semantics.
Definition irBuilder.cpp:142

triton::arch::IrBuilder::postIrInit
TRITON_EXPORT void postIrInit(triton::arch::Instruction &inst)
Everything which must be done after building the semantics.
Definition irBuilder.cpp:160

triton::arch::IrBuilder::x86Isa
triton::arch::SemanticsInterface * x86Isa
x86 ISA builder.
Definition irBuilder.hpp:80

triton::arch::SemanticsInterface::buildSemantics
virtual TRITON_EXPORT triton::arch::exception_e buildSemantics(triton::arch::Instruction &inst)=0
Builds the semantics of the instruction. Returns triton::arch::NO_FAULT if succeed.

triton::arch::arm::aarch64::AArch64Semantics
The AArch64 ISA semantics.
Definition aarch64Semantics.hpp:54

triton::arch::arm::arm32::Arm32Semantics
The Arm32 ISA semantics.
Definition arm32Semantics.hpp:54

triton::arch::riscv::riscvSemantics
The RISCV ISA semantics.
Definition riscvSemantics.hpp:47

triton::arch::x86::x86Semantics
The x86 ISA semantics.
Definition x86Semantics.hpp:47

triton::engines::symbolic::SymbolicEngine
The symbolic engine class.
Definition symbolicEngine.hpp:62

triton::engines::symbolic::SymbolicEngine::initLeaAst
TRITON_EXPORT void initLeaAst(triton::arch::MemoryAccess &mem, bool force=true)
Initializes the effective address of a memory access.
Definition symbolicEngine.cpp:1262

triton::engines::symbolic::SymbolicEngine::removeSymbolicExpression
TRITON_EXPORT void removeSymbolicExpression(const SharedSymbolicExpression &expr)
Removes the symbolic expression corresponding to the id.
Definition symbolicEngine.cpp:429

triton::engines::taint::TaintEngine
The taint engine class.
Definition taintEngine.hpp:53

triton::exceptions::IrBuilder
The exception class used by the IR builder.
Definition exceptions.hpp:353

exceptions.hpp

triton::arch::architecture_e
architecture_e
Definition archEnums.hpp:32

triton::arch::exception_e
exception_e
Definition archEnums.hpp:59

triton::arch::ARCH_INVALID
@ ARCH_INVALID
Definition archEnums.hpp:33

triton::arch::ARCH_X86
@ ARCH_X86
Definition archEnums.hpp:40

triton::arch::ARCH_AARCH64
@ ARCH_AARCH64
Definition archEnums.hpp:34

triton::arch::ARCH_ARM32
@ ARCH_ARM32
Definition archEnums.hpp:35

triton::arch::ARCH_X86_64
@ ARCH_X86_64
Definition archEnums.hpp:41

triton::arch::OP_MEM
@ OP_MEM
Definition archEnums.hpp:54

triton::arch::NO_FAULT
@ NO_FAULT
Definition archEnums.hpp:60

triton::ast::SharedAstContext
std::shared_ptr< triton::ast::AstContext > SharedAstContext
Shared AST context.
Definition ast.hpp:65

triton::modes::SharedModes
std::shared_ptr< triton::modes::Modes > SharedModes
Shared Modes.
Definition modes.hpp:66

triton::modes::ONLY_ON_TAINTED
@ ONLY_ON_TAINTED
[symbolic] Perform symbolic execution only on tainted instructions.
Definition modesEnums.hpp:36

triton::modes::ONLY_ON_SYMBOLIZED
@ ONLY_ON_SYMBOLIZED
[symbolic] Perform symbolic execution only on symbolized expressions.
Definition modesEnums.hpp:35

triton::usize
std::size_t usize
unsigned MAX_INT 32 or 64 bits according to the CPU.
Definition tritonTypes.hpp:106

triton::uint64
std::uint64_t uint64
unisgned 64-bits
Definition tritonTypes.hpp:42

irBuilder.hpp

memoryAccess.hpp

triton
The Triton namespace.
Definition architecture.cpp:27

operandWrapper.hpp

register.hpp

riscvSemantics.hpp

x86Semantics.hpp