static-analysis-engineering
diff --git a/‎CodeHawk/CHB/bchlib/bCHLibTypes.mli‎
Lines changed: 16 additions & 0 deletions b/‎CodeHawk/CHB/bchlib/bCHLibTypes.mli‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎CodeHawk/CHB/bchlib/bCHMemoryRecorder.ml‎
Lines changed: 91 additions & 1 deletion b/‎CodeHawk/CHB/bchlib/bCHMemoryRecorder.ml‎
Lines changed: 91 additions & 1 deletion
diff --git a/‎CodeHawk/CHB/bchlibarm32/bCHARMMetrics.ml‎
Lines changed: 54 additions & 47 deletions b/‎CodeHawk/CHB/bchlibarm32/bCHARMMetrics.ml‎
Lines changed: 54 additions & 47 deletions
diff --git a/‎CodeHawk/CHB/bchlibarm32/bCHARMMetrics.mli‎
Lines changed: 1 addition & 1 deletion b/‎CodeHawk/CHB/bchlibarm32/bCHARMMetrics.mli‎
Lines changed: 1 addition & 1 deletion
@@ -5596,6 +5596,14 @@ class type memory_recorder_int =
              -> vtype:btype_t
              -> unit
 
+    method record_load_r:
+             signed:bool
+             -> addr_r:xpr_t traceresult
+             -> var_r:variable_t traceresult
+             -> size:int
+             -> vtype:btype_t
+             -> unit
+
     method record_store:
              addr:xpr_t
              -> var:variable_t
@@ -5604,6 +5612,14 @@ class type memory_recorder_int =
              -> xpr:xpr_t
              -> unit
 
+    method record_store_r:
+             addr_r:xpr_t traceresult
+             -> var_r:variable_t traceresult
+             -> size:int
+             -> vtype:btype_t
+             -> xpr_r:xpr_t traceresult
+             -> unit
+
   end
 
 
 
@@ -4,7 +4,7 @@
    ------------------------------------------------------------------------------
    The MIT License (MIT)
 
-   Copyright (c) 2023-2024  Aarno Labs LLC
+   Copyright (c) 2023-2025  Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
@@ -31,6 +31,7 @@ open CHLanguage
 
 (* chutil *)
 open CHLogger
+open CHTraceResult
 
 (* xprlib *)
 open Xprt
@@ -45,8 +46,11 @@ open BCHGlobalState
 open BCHLibTypes
 open BCHLocation
 
+module TR = CHTraceResult
+
 
 let x2p = xpr_formatter#pr_expr
+let p2s = CHPrettyUtil.pretty_to_string
 
 let mmap = BCHGlobalMemoryMap.global_memory_map
 
@@ -231,6 +235,42 @@ object (self)
                 var#toPretty;
                 STR ")"])
 
+  method record_load_r
+           ~(signed: bool)
+           ~(addr_r: xpr_t traceresult)
+           ~(var_r: variable_t traceresult)
+           ~(size: int)
+           ~(vtype: btype_t) =
+    TR.tfold
+      ~ok:(fun var ->
+        if self#env#is_stack_variable var then
+          TR.tfold
+            ~ok:(fun offset ->
+              match offset with
+              | ConstantOffset (n, NoOffset) ->
+                 self#finfo#stackframe#add_load
+                   ~offset:n#toInt ~size:(Some size) ~typ:(Some vtype) var iaddr
+              | _ ->
+                 log_error_result __FILE__ __LINE__
+                   ["memrecorder:stack"; p2s self#loc#toPretty])
+            ~error:(fun e -> log_error_result __FILE__ __LINE__ e)
+            (self#env#get_memvar_offset var)
+        else
+          TR.tfold
+            ~ok:(fun addr ->
+              match addr with
+              | XConst (IntConst n)
+                   when mmap#is_global_data_address
+                          (numerical_mod_to_doubleword n) ->
+                 mmap#add_gload self#faddr iaddr addr size signed
+              | _ ->
+                 log_error_result __FILE__ __LINE__
+                   ["memrecorder:global"; p2s self#loc#toPretty])
+            ~error:(fun e -> log_error_result __FILE__ __LINE__ e)
+            addr_r)
+      ~error:(fun e -> log_error_result __FILE__ __LINE__ e)
+      var_r
+
   method record_store
            ~(addr: xpr_t)
            ~(var: variable_t)
@@ -284,6 +324,56 @@ object (self)
                 STR "): ";
                 x2p xpr])
 
+  method record_store_r
+           ~(addr_r: xpr_t traceresult)
+           ~(var_r: variable_t traceresult)
+           ~(size: int)
+           ~(vtype: btype_t)
+           ~(xpr_r: xpr_t traceresult) =
+    TR.tfold
+      ~ok:(fun var ->
+        if self#env#is_stack_variable var then
+          TR.tfold
+            ~ok:(fun offset ->
+              match offset with
+              | ConstantOffset (n, NoOffset) ->
+                 self#finfo#stackframe#add_store
+                   ~offset:n#toInt
+                   ~size:(Some size)
+                   ~typ:(Some vtype)
+                   ~xpr:(TR.tfold_default (fun x -> Some x) None xpr_r)
+                   var
+                   iaddr
+              | _ ->
+                 log_error_result __FILE__ __LINE__
+                   ["memrecorder:stack"; p2s self#loc#toPretty])
+            ~error:(fun e -> log_error_result __FILE__ __LINE__ e)
+            (self#env#get_memvar_offset var)
+        else
+          TR.tfold
+            ~ok:(fun addr ->
+              match addr with
+              | XConst (IntConst n)
+                   when mmap#is_global_data_address
+                          (numerical_mod_to_doubleword n) ->
+                 let optvalue =
+                   TR.tfold_default
+                     (fun xpr ->
+                       match xpr with
+                       | XConst (IntConst n) -> Some n
+                       | _ -> None)
+                     None
+                     xpr_r in
+                 mmap#add_gstore self#faddr iaddr addr size optvalue
+              | _ ->
+                 log_error_result __FILE__ __LINE__
+                   ["memrecorder:global"; p2s self#loc#toPretty])
+            ~error:(fun e -> log_error_result __FILE__ __LINE__ e)
+            addr_r)
+      ~error:(fun e -> log_error_result __FILE__ __LINE__ e)
+      var_r
+
+
 end
 
 
 
@@ -4,7 +4,7 @@
    ------------------------------------------------------------------------------
    The MIT License (MIT)
 
-   Copyright (c) 2021-2024  Aarno Labs LLC
+   Copyright (c) 2021-2025  Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
@@ -38,45 +38,50 @@ open BCHARMTypes
 module TR = CHTraceResult
 
 
-let get_arm_op_metrics (f:arm_assembly_function_int) (finfo:function_info_int) =
+let get_arm_op_metrics (f:arm_assembly_function_int) (_finfo:function_info_int) =
   let faddr = f#get_address in
   let reads = ref 0 in
   let qreads = ref 0 in
   let writes = ref 0 in
   let qwrites = ref 0 in
-  let is_memory_op op =
+  let count_memory_ops (op: arm_operand_int): int =
     match op#get_kind with
-    | ARMMemMultiple _
-      | ARMOffsetAddress _ -> true
-    | _ -> false in
-  let is_loc_unknown floc (op: arm_operand_int) =
+    | ARMMemMultiple (_, _, n, _) -> n
+    | ARMOffsetAddress _ -> 1
+    | _ -> 0 in
+
+  let count_unknown_reads floc (op: arm_operand_int): int =
+    match op#get_kind with
+    | ARMMemMultiple _ ->
+       let (lhs_rl, _) = op#to_multiple_lhs floc in
+       List.fold_left (fun acc lhs_r ->
+           if Result.is_error lhs_r then acc + 1 else acc) 0 lhs_rl
+    | ARMOffsetAddress _ ->
+       if Result.is_error (op#to_lhs floc) then 1 else 0
+    | _ -> 0 in
+
+  let count_unknown_writes floc (op: arm_operand_int): int =
     match op#get_kind with
     | ARMMemMultiple _ ->
-       TR.tfold_default
-         (fun (vlist, _) ->
-          match vlist with
-          | v::_ -> v#isTmp || (finfo#env#is_unknown_memory_variable v)
-          | _ -> true)
-         true
-         (op#to_multiple_lhs floc)
+       let rhs_rl = op#to_multiple_expr floc in
+       List.fold_left (fun acc rhs_r ->
+           if Result.is_error rhs_r then acc + 1 else acc) 0 rhs_rl
     | ARMOffsetAddress _ ->
-       TR.tfold_default
-         (fun (v, _) -> v#isTmp || (finfo#env#is_unknown_memory_variable v))
-         true
-         (op#to_lhs floc)
-    | _ -> false in
-  let add_read floc (op: arm_operand_int) =
-    if is_memory_op op then
-      begin
-        reads := !reads + 1;
-        if is_loc_unknown floc op then qreads := !qreads + 1
-      end in
-  let add_write floc (op: arm_operand_int) =
-    if is_memory_op op then
-      begin
-        writes := !writes + 1;
-        if is_loc_unknown floc op then qwrites := !qwrites + 1
-      end in
+       if Result.is_error (op#to_expr floc) then 1 else 0
+    | _ -> 0 in
+
+  let add_reads floc (op: arm_operand_int) =
+    begin
+      reads := !reads + (count_memory_ops op);
+      qreads := !qreads + (count_unknown_reads floc op)
+    end in
+
+  let add_writes floc (op: arm_operand_int) =
+    begin
+      writes := !writes + (count_memory_ops op);
+      qwrites := !qwrites + (count_unknown_writes floc op)
+    end in
+
   let _ =
     f#iteri (fun _ ctxtiaddr instr ->
         let ops = get_arm_operands instr#get_opcode in
@@ -87,14 +92,15 @@ let get_arm_op_metrics (f:arm_assembly_function_int) (finfo:function_info_int) =
            let floc = get_floc loc in
            List.iter (fun (op: arm_operand_int) ->
                match op#get_mode with
-               | RD -> add_read floc op
-               | WR -> add_write floc op
+               | RD -> add_reads floc op
+               | WR -> add_writes floc op
                | RW ->
                   begin
-                    add_read floc op;
-                    add_write floc op
+                    add_reads floc op;
+                    add_writes floc op
                   end) ops) in
-  (!reads,!qreads,!writes,!qwrites)
+  (!reads, !qreads, !writes, !qwrites)
+
 
 let get_arm_stackpointer_metrics
       (f: arm_assembly_function_int) (_finfo: function_info_int) =
@@ -111,28 +117,29 @@ let get_arm_stackpointer_metrics
           esptop := !esptop + 1
         else match range#singleton with
                Some _ -> () | _ -> esprange := !esprange + 1) in
-  (!esptop,!esprange)
+  (!esptop, !esprange)
 
 
 let get_arm_memory_access_metrics
       (f: arm_assembly_function_int) (finfo: function_info_int) =
   let (reads,qreads,writes,qwrites) = get_arm_op_metrics f finfo in
   let (esptop,esprange) = get_arm_stackpointer_metrics f finfo in
-  { mmem_reads = reads ;
-    mmem_qreads = qreads ;
-    mmem_writes = writes ;
-    mmem_qwrites = qwrites ;
-    mmem_esptop = esptop ;
+  { mmem_reads = reads;
+    mmem_qreads = qreads;
+    mmem_writes = writes;
+    mmem_qwrites = qwrites;
+    mmem_esptop = esptop;
     mmem_esprange = esprange
   }
 
+
 let get_arm_cfg_metrics
       (f: arm_assembly_function_int) (_env: function_environment_int) =
   let _ = record_arm_loop_levels f#get_address in
-  { mcfg_instrs = f#get_instruction_count ;
-    mcfg_bblocks = f#get_block_count ;
-    mcfg_loops = get_arm_loop_count_from_table f ;
-    mcfg_loopdepth = get_arm_loop_depth_from_table f ;
-    mcfg_complexity = 0 ;
+  { mcfg_instrs = f#get_instruction_count;
+    mcfg_bblocks = f#get_block_count;
+    mcfg_loops = get_arm_loop_count_from_table f;
+    mcfg_loopdepth = get_arm_loop_depth_from_table f;
+    mcfg_complexity = 0;
     mcfg_vc_complexity = 0.0
   }
@@ -4,7 +4,7 @@
    ------------------------------------------------------------------------------
    The MIT License (MIT)
  
-   Copyright (c) 2021-2024  Aarno Labs LLC
+   Copyright (c) 2021-2025  Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal