Supply ABB inputs in BNBasicBlockAnalysisContext

zznop · zznop · commit 6a26c6946100 · 2025-04-25T16:08:47.000-04:00
diff --git a/architecture.cpp b/architecture.cpp
@@ -308,12 +308,12 @@ bool Architecture::GetInstructionLowLevelILCallback(
 }
 
 
-bool Architecture::AnalyzeBasicBlocksCallback(void *ctxt, BNFunction* function,
-	bool incrementalUpdate, BNFunctionAnalysisSkipOverride analysisSkipOverride)
+void Architecture::AnalyzeBasicBlocksCallback(void *ctxt, BNFunction* function,
+	BNBasicBlockAnalysisContext* context)
 {
 	CallbackRef<Architecture> arch(ctxt);
 	Ref<Function> func(new Function(BNNewFunctionReference(function)));
-	return arch->AnalyzeBasicBlocks(*func, incrementalUpdate, analysisSkipOverride);
+	arch->AnalyzeBasicBlocks(*func, context);
 }
 
 
@@ -983,36 +983,20 @@ static bool GetNextFunctionAfterAddress(Ref<BinaryView> data, Ref<Platform> plat
 }
 
 
-bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate, BNFunctionAnalysisSkipOverride analysisSkipOverride)
+void Architecture::AnalyzeBasicBlocks(Function& function, BNBasicBlockAnalysisContext* context)
 {
 	auto data = function.GetView();
 	queue<ArchAndAddr> blocksToProcess;
 	map<ArchAndAddr, Ref<BasicBlock>> instrBlocks;
 	set<ArchAndAddr> seenBlocks;
-
-	// TODO - we might just want to create a generic analysis settings object that includes all of these
-	//bool tailCallTranslation = function.GetSettingsCache()->Get<bool>("core.function.translateTailCalls");
-	bool tailCallTranslation = true;
-	//bool disallowBranchToString = owner->IsDisallowBranchToStringEnabled();
-	bool disallowBranchToString = false;
-
-	// TODO: add an API for querying ONLY the indirect branches that are auto-defined
-	auto indirectBranches = function.GetAutoIndirectBranches();
-	map<ArchAndAddr, set<ArchAndAddr>> autoIndirectBranches;
-	for (auto& branchInfo : indirectBranches)
-	{
-		auto sourceLocation = ArchAndAddr(branchInfo.sourceArch, branchInfo.sourceAddr);
-		auto destLocation = ArchAndAddr(branchInfo.destArch, branchInfo.destAddr);
-		autoIndirectBranches[sourceLocation].insert(destLocation);
-	}
-
-	map<ArchAndAddr, set<ArchAndAddr>> userIndirectBranches;
-	indirectBranches = function.GetUserIndirectBranches();
-	for (auto& branchInfo : indirectBranches)
+	map<ArchAndAddr, set<ArchAndAddr>> indirectBranches;
+	for (size_t i = 0; i < context->indirectBranchesCount; i++)
 	{
-		auto sourceLocation = ArchAndAddr(branchInfo.sourceArch, branchInfo.sourceAddr);
-		auto destLocation = ArchAndAddr(branchInfo.destArch, branchInfo.destAddr);
-		userIndirectBranches[sourceLocation].insert(destLocation);
+		auto sourceLocation = ArchAndAddr(new CoreArchitecture(context->indirectBranches[i].sourceArch),
+			context->indirectBranches[i].sourceAddr);
+		auto destLocation = ArchAndAddr(new CoreArchitecture(context->indirectBranches[i].destArch),
+			context->indirectBranches[i].destAddr);
+		indirectBranches[sourceLocation].insert(destLocation);
 	}
 
 	BNStringReference strRef;
@@ -1091,11 +1075,11 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 	}
 
 	uint64_t totalSize = 0;
-	uint64_t maxSize = data->GetMaxFunctionSizeForAnalysis();
+	uint64_t maxSize = context->maxFunctionSize;
 	while (blocksToProcess.size() != 0)
 	{
 		if (data->AnalysisIsAborted())
-			return true;
+			return;
 
 		// Get the next block to process
 		ArchAndAddr location = blocksToProcess.front();
@@ -1120,7 +1104,7 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 		while (true)
 		{
 			if (data->AnalysisIsAborted())
-				return true;
+				return;
 
 			if (!delaySlotCount)
 			{
@@ -1298,7 +1282,7 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 							function.AddDirectCodeReference(location, info.branchTarget[i]);
 
 							auto otherFunc = function.GetCalleeForAnalysis(targetPlatform, target.address, true);
-							if (tailCallTranslation && targetPlatform && otherFunc && (otherFunc->GetStart() != function.GetStart()))
+							if (context->translateTailCalls && targetPlatform && otherFunc && (otherFunc->GetStart() != function.GetStart()))
 							{
 								calledFunctions.insert(otherFunc);
 								if (info.branchType[i] == UnconditionalBranch)
@@ -1313,7 +1297,7 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 									break;
 								}
 							}
-							else if (disallowBranchToString && data->GetStringAtAddress(location.address, strRef) && targetExceedsByteLimit(strRef))
+							else if (context->disallowBranchToString && data->GetStringAtAddress(location.address, strRef) && targetExceedsByteLimit(strRef))
 							{
 								BNLogInfo("Not adding branch target from 0x%" PRIx64 " to string at 0x%" PRIx64
 									" length:%zu",
@@ -1433,15 +1417,8 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 							}
 						}
 
-						indirectBranchIter = userIndirectBranches.find(location);
-						endIter = userIndirectBranches.end();
-
-						if (indirectBranchIter == endIter)
-						{
-							indirectBranchIter = autoIndirectBranches.find(location);
-							endIter = autoIndirectBranches.end();
-						}
-
+						indirectBranchIter = indirectBranches.find(location);
+						endIter = indirectBranches.end();
 						if (indirectBranchIter != endIter)
 						{
 							for (auto& branch : indirectBranchIter->second)
@@ -1452,7 +1429,7 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 									targetPlatform = funcPlatform->GetRelatedPlatform(branch.arch);
 
 								// Normal analysis should not inline indirect targets that are function starts
-								if (tailCallTranslation && data->GetAnalysisFunction(targetPlatform, branch.address))
+								if (context->translateTailCalls && data->GetAnalysisFunction(targetPlatform, branch.address))
 									continue;
 
 								block->AddPendingOutgoingEdge(IndirectBranch, branch.address, branch.arch);
@@ -1539,10 +1516,10 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 			// We prefer to allow disassembly when function analysis is disabled, but only up to the maximum size.
 			// The log message and tag are generated in ProcessAnalysisSkip
 			totalSize += info.length;
-			if (analysisSkipOverride == NeverSkipFunctionAnalysis)
+			if (context->analysisSkipOverride == NeverSkipFunctionAnalysis)
 				maxSize = 0;
-			else if (!maxSize && (analysisSkipOverride == AlwaysSkipFunctionAnalysis))
-				maxSize = data->GetMaxFunctionSizeForAnalysis();
+			else if (!maxSize && (context->analysisSkipOverride == AlwaysSkipFunctionAnalysis))
+				maxSize = context->maxFunctionSize;
 			if (maxSize && (totalSize > maxSize))
 				break;
 
@@ -1558,7 +1535,7 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 				delayInstructionEndsBlock = endsBlock;
 			}
 
-			if (block->CanExit() && tailCallTranslation && !delaySlotCount && hasNextFunc && (location.address == nextFuncAddr))
+			if (block->CanExit() && context->translateTailCalls && !delaySlotCount && hasNextFunc && (location.address == nextFuncAddr))
 			{
 				// Falling through into another function.  Don't consider this a tail call if the current block
 				// called the function, as this indicates a get PC construct.
@@ -1587,7 +1564,6 @@ bool Architecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate
 
 	// Finalize the function basic block list
 	function.FinalizeBasicBlocks();
-	return true;
 }
 
 
@@ -2151,10 +2127,9 @@ bool CoreArchitecture::GetInstructionLowLevelIL(const uint8_t* data, uint64_t ad
 }
 
 
-bool CoreArchitecture::AnalyzeBasicBlocks(Function& function, bool incrementalUpdate,
-	BNFunctionAnalysisSkipOverride analysisSkipOverride)
+void CoreArchitecture::AnalyzeBasicBlocks(Function& function, BNBasicBlockAnalysisContext* context)
 {
-	return BNArchitectureAnalyzeBasicBlocks(m_object, function.GetObject(), incrementalUpdate, analysisSkipOverride);
+	BNArchitectureAnalyzeBasicBlocks(m_object, function.GetObject(), context);
 }
 
 
diff --git a/binaryninjaapi.h b/binaryninjaapi.h
@@ -8064,8 +8064,7 @@ namespace BinaryNinja {
 		static void FreeInstructionTextCallback(BNInstructionTextToken* tokens, size_t count);
 		static bool GetInstructionLowLevelILCallback(
 		    void* ctxt, const uint8_t* data, uint64_t addr, size_t* len, BNLowLevelILFunction* il);
-		static bool AnalyzeBasicBlocksCallback(void *ctxt, BNFunction* function, bool incrementalUpdate,
-			BNFunctionAnalysisSkipOverride analysisSkipOverride);
+		static void AnalyzeBasicBlocksCallback(void *ctxt, BNFunction* function, BNBasicBlockAnalysisContext* context);
 		static char* GetRegisterNameCallback(void* ctxt, uint32_t reg);
 		static char* GetFlagNameCallback(void* ctxt, uint32_t flag);
 		static char* GetFlagWriteTypeNameCallback(void* ctxt, uint32_t flags);
@@ -8236,8 +8235,7 @@ namespace BinaryNinja {
 		*/
 		virtual bool GetInstructionLowLevelIL(const uint8_t* data, uint64_t addr, size_t& len, LowLevelILFunction& il);
 
-		virtual bool AnalyzeBasicBlocks(Function& function, bool incrementalUpdate,
-			BNFunctionAnalysisSkipOverride analysisSkipOverride);
+		virtual void AnalyzeBasicBlocks(Function& function, BNBasicBlockAnalysisContext* context);
 
 		/*! Gets a register name from a register index.
 
@@ -8632,8 +8630,7 @@ namespace BinaryNinja {
 		    const uint8_t* data, uint64_t addr, size_t& len, std::vector<InstructionTextToken>& result) override;
 		virtual bool GetInstructionLowLevelIL(
 		    const uint8_t* data, uint64_t addr, size_t& len, LowLevelILFunction& il) override;
-		virtual bool AnalyzeBasicBlocks(Function& function, bool incrementalUpdate,
-			BNFunctionAnalysisSkipOverride analysisSkipOverride) override;
+		virtual void AnalyzeBasicBlocks(Function& function, BNBasicBlockAnalysisContext* context) override;
 		virtual std::string GetRegisterName(uint32_t reg) override;
 		virtual std::string GetFlagName(uint32_t flag) override;
 		virtual std::string GetFlagWriteTypeName(uint32_t flags) override;
@@ -11333,8 +11330,6 @@ namespace BinaryNinja {
 		void SetUserIndirectBranches(
 		    Architecture* sourceArch, uint64_t source, const std::vector<ArchAndAddr>& branches);
 
-		std::vector<IndirectBranchInfo> GetAutoIndirectBranches();
-		std::vector<IndirectBranchInfo> GetUserIndirectBranches();
 		std::vector<IndirectBranchInfo> GetIndirectBranches();
 		std::vector<IndirectBranchInfo> GetIndirectBranchesAt(Architecture* arch, uint64_t addr);
 
diff --git a/binaryninjacore.h b/binaryninjacore.h
@@ -307,6 +307,7 @@ extern "C"
 	typedef struct BNLineFormatter BNLineFormatter;
 	typedef struct BNRenderLayer BNRenderLayer;
 	typedef struct BNStringRef BNStringRef;
+	typedef struct BNIndirectBranchInfo BNIndirectBranchInfo;
 
 	//! Console log levels
 	typedef enum BNLogLevel
@@ -1849,6 +1850,16 @@ extern "C"
 		AlwaysSkipFunctionAnalysis
 	} BNFunctionAnalysisSkipOverride;
 
+	typedef struct BNBasicBlockAnalysisContext
+	{
+		size_t indirectBranchesCount;
+		BNIndirectBranchInfo* indirectBranches;
+		BNFunctionAnalysisSkipOverride analysisSkipOverride;
+		bool translateTailCalls;
+		bool disallowBranchToString;
+		uint64_t maxFunctionSize;
+	} BNBasicBlockAnalysisContext;
+
 	typedef struct BNCustomArchitecture
 	{
 		void* context;
@@ -1867,8 +1878,7 @@ extern "C"
 		void (*freeInstructionText)(BNInstructionTextToken* tokens, size_t count);
 		bool (*getInstructionLowLevelIL)(
 		    void* ctxt, const uint8_t* data, uint64_t addr, size_t* len, BNLowLevelILFunction* il);
-		bool (*analyzeBasicBlocks)(void* ctxt, BNFunction* function,
-			bool incrementalUpdate, BNFunctionAnalysisSkipOverride analysisSkipOverride);
+		void (*analyzeBasicBlocks)(void* ctxt, BNFunction* function, BNBasicBlockAnalysisContext* context);
 		char* (*getRegisterName)(void* ctxt, uint32_t reg);
 		char* (*getFlagName)(void* ctxt, uint32_t flag);
 		char* (*getFlagWriteTypeName)(void* ctxt, uint32_t flags);
@@ -4470,8 +4480,8 @@ extern "C"
 	BINARYNINJACOREAPI bool BNGetInstructionLowLevelIL(
 	    BNArchitecture* arch, const uint8_t* data, uint64_t addr, size_t* len, BNLowLevelILFunction* il);
 	BINARYNINJACOREAPI void BNFreeInstructionText(BNInstructionTextToken* tokens, size_t count);
-	BINARYNINJACOREAPI bool BNArchitectureAnalyzeBasicBlocks(BNArchitecture* arch, BNFunction* function, 
-		bool incrementalUpdate, BNFunctionAnalysisSkipOverride analysisSkipOverride);
+	BINARYNINJACOREAPI void BNArchitectureAnalyzeBasicBlocks(BNArchitecture* arch, BNFunction* function,
+		BNBasicBlockAnalysisContext* context);
 	BINARYNINJACOREAPI void BNFreeInstructionTextLines(BNInstructionTextLine* lines, size_t count);
 	BINARYNINJACOREAPI char* BNGetArchitectureRegisterName(BNArchitecture* arch, uint32_t reg);
 	BINARYNINJACOREAPI char* BNGetArchitectureFlagName(BNArchitecture* arch, uint32_t flag);
@@ -5023,8 +5033,6 @@ extern "C"
 	BINARYNINJACOREAPI void BNSetUserIndirectBranches(BNFunction* func, BNArchitecture* sourceArch, uint64_t source,
 	    BNArchitectureAndAddress* branches, size_t count);
 
-	BINARYNINJACOREAPI BNIndirectBranchInfo* BNGetAutoIndirectBranches(BNFunction* func, size_t* count);
-	BINARYNINJACOREAPI BNIndirectBranchInfo* BNGetUserIndirectBranches(BNFunction* func, size_t* count);
 	BINARYNINJACOREAPI BNIndirectBranchInfo* BNGetIndirectBranches(BNFunction* func, size_t* count);
 	BINARYNINJACOREAPI BNIndirectBranchInfo* BNGetIndirectBranchesAt(
 	    BNFunction* func, BNArchitecture* arch, uint64_t addr, size_t* count);
diff --git a/function.cpp b/function.cpp
@@ -1755,52 +1755,6 @@ void Function::SetUserIndirectBranches(
 }
 
 
-std::vector<IndirectBranchInfo> Function::GetAutoIndirectBranches()
-{
-	size_t count;
-	BNIndirectBranchInfo* branches = BNGetAutoIndirectBranches(m_object, &count);
-
-	vector<IndirectBranchInfo> result;
-	result.reserve(count);
-	for (size_t i = 0; i < count; i++)
-	{
-		IndirectBranchInfo b;
-		b.sourceArch = new CoreArchitecture(branches[i].sourceArch);
-		b.sourceAddr = branches[i].sourceAddr;
-		b.destArch = new CoreArchitecture(branches[i].destArch);
-		b.destAddr = branches[i].destAddr;
-		b.autoDefined = branches[i].autoDefined;
-		result.push_back(b);
-	}
-
-	BNFreeIndirectBranchList(branches);
-	return result;
-}
-
-
-std::vector<IndirectBranchInfo> Function::GetUserIndirectBranches()
-{
-	size_t count;
-	BNIndirectBranchInfo* branches = BNGetUserIndirectBranches(m_object, &count);
-
-	vector<IndirectBranchInfo> result;
-	result.reserve(count);
-	for (size_t i = 0; i < count; i++)
-	{
-		IndirectBranchInfo b;
-		b.sourceArch = new CoreArchitecture(branches[i].sourceArch);
-		b.sourceAddr = branches[i].sourceAddr;
-		b.destArch = new CoreArchitecture(branches[i].destArch);
-		b.destAddr = branches[i].destAddr;
-		b.autoDefined = branches[i].autoDefined;
-		result.push_back(b);
-	}
-
-	BNFreeIndirectBranchList(branches);
-	return result;
-}
-
-
 vector<IndirectBranchInfo> Function::GetIndirectBranches()
 {
 	size_t count;
diff --git a/rust/src/architecture.rs b/rust/src/architecture.rs
@@ -467,11 +467,8 @@ pub trait Architecture: 'static + Sized + AsRef<CoreArchitecture> {
     fn analyze_basic_blocks(
         &self,
         _function: &mut Function,
-        _incremental_update: bool,
-        _analysis_skip_override: BNFunctionAnalysisSkipOverride,
-    ) -> bool {
-        false
-    }
+        _context: *mut BNBasicBlockAnalysisContext,
+    ) {}
 
     /// Fallback flag value calculation path. This method is invoked when the core is unable to
     /// recover flag use semantics, and resorts to emitting instructions that explicitly set each
@@ -1538,19 +1535,15 @@ impl Architecture for CoreArchitecture {
     fn analyze_basic_blocks(
         &self,
         function: &mut Function,
-        incremental_update: bool,
-        analysis_skip_override: BNFunctionAnalysisSkipOverride,
-    ) -> bool {
-        let success: bool = unsafe {
+        context: *mut BNBasicBlockAnalysisContext,
+    ) {
+        unsafe {
             BNArchitectureAnalyzeBasicBlocks(
                 self.handle,
                 function.handle,
-                incremental_update,
-                analysis_skip_override,
-            )
+                context,
+            );
         };
-
-        return success;
     }
 
     fn flag_write_llil<'a>(
@@ -2265,15 +2258,14 @@ where
     extern "C" fn cb_analyze_basic_blocks<A>(
         ctxt: *mut c_void,
         function: *mut BNFunction,
-        incremental_update: bool,
-        analysis_skip_override: BNFunctionAnalysisSkipOverride,
-    ) -> bool
+        context: *mut BNBasicBlockAnalysisContext,
+    )
     where
         A: 'static + Architecture<Handle = CustomArchitectureHandle<A>> + Send + Sync,
     {
         let custom_arch = unsafe { &*(ctxt as *mut A) };
         let mut function = unsafe { Function::from_raw(function) };
-        return custom_arch.analyze_basic_blocks(&mut function, incremental_update, analysis_skip_override);
+        custom_arch.analyze_basic_blocks(&mut function, context);
     }
 
     extern "C" fn cb_reg_name<A>(ctxt: *mut c_void, reg: u32) -> *mut c_char
