CHB: more support for function annotations

Author: sipma

CodeHawk/CHB/bchcmdline/bCHXBinaryAnalyzer.ml

@@ -861,14 +861,21 @@ let main () =
             STR ")"] in
       let _ = load_elf_files () in
       let _ = pr_timing [STR "elf files loaded"] in
+
+      (* symbolic addresses in userdata should be loaded before the header
+         files are parsed. *)
+      let _ = system_info#initialize in
+      let _ = pr_timing [STR "system info initialized"] in
       let _ =
         List.iter
           (fun f -> parse_cil_file ~removeUnused:false f) system_info#ifiles in
       let _ =
         if (List.length system_info#ifiles > 0) then
           pr_timing [STR "c header files parsed"] in
-      let _ = system_info#initialize in
-      let _ = pr_timing [STR "system info initialized"] in
+      (* function annotations in userdata should be loaded after the header
+         files are parsed, so types in the function annotations can be resolved.*)
+      let _ = system_info#initialize_function_annotations in
+
       let index = file_metrics#get_index in
       let logcmd = "analyze_" ^ (string_of_int index) in
       let analysisstart = Unix.gettimeofday () in

CodeHawk/CHB/bchlib/bCHFloc.ml

@@ -859,14 +859,16 @@ object (self)
       ~msg:(__FILE__ ^ ":" ^ (string_of_int __LINE__))
       (fun memref ->
         if memref#is_global_reference then
+          self#get_var_at_address ~size:(Some size) address
+      (*
           TR.tbind
             ~msg:(__FILE__ ^ ":" ^ (string_of_int __LINE__) ^ ": memref:global")
             (fun memoff ->
               TR.tbind
                 ~msg:(__FILE__ ^ ":" ^ (string_of_int __LINE__))
                 (self#env#mk_global_variable ~size)
                 (get_total_constant_offset memoff))
-            memoff_r
+            memoff_r *)
         else
           TR.tbind
             ~msg:(__FILE__ ^ ":" ^ (string_of_int __LINE__))

CodeHawk/CHB/bchlib/bCHGlobalMemoryMap.ml

@@ -351,9 +351,14 @@ object (self)
                    (fun suboff -> Ok (ArrayIndexOffset (indexxpr, suboff)))
                    (self#arrayvar_memory_offset ~tgtsize ~tgtbtype eltty rem)
                 else if is_scalar eltty then
-                  let x2index = XOp (XDiv, [rem; int_constant_expr elsize]) in
-                  let x2index = Xsimplify.simplify_xpr x2index in
-                  Ok (ArrayIndexOffset (x2index, NoOffset))
+                  if iszero rem then
+                    Ok (ArrayIndexOffset (indexxpr, NoOffset))
+                  else
+                    let suboff =
+                      let x2index = XOp (XDiv, [rem; int_constant_expr elsize]) in
+                      let x2index = Xsimplify.simplify_xpr x2index in
+                      ArrayIndexOffset (x2index, NoOffset) in
+                    Ok (ArrayIndexOffset (indexxpr, suboff))
                 else
                   Error[__FILE__ ^ ":" ^ (string_of_int __LINE__) ^ ":"
                         ^ "xoffset: " ^ (x2s xoffset)

CodeHawk/CHB/bchlib/bCHLibTypes.mli

@@ -6217,6 +6217,7 @@ object
 
   (* initialization *)
   method initialize: unit
+  method initialize_function_annotations: unit
   method initialize_jumptables:
            (doubleword_int -> bool) -> (doubleword_int * string) list -> unit
   method initialize_datablocks: (doubleword_int * string) list -> unit
@@ -6347,7 +6348,6 @@ object
   method get_user_struct_count: int
   method get_user_nonreturning_count: int
   method get_user_class_count: int
-  method get_variable_intro_name: doubleword_int -> string
 
   (* predicates *)
   method is_little_endian: bool
@@ -6378,8 +6378,6 @@ object
   method is_trampoline_payload: doubleword_int -> bool
   method is_trampoline_wrapper: doubleword_int -> bool
   method is_trampoline_fallthroughaddr: doubleword_int -> bool
-  method has_variable_intro: doubleword_int -> bool
-  method has_variable_intros: bool
 
   (** [is_thumb addr] returns true if the architecture includes (arm) thumb
       instructions and the virtual address [addr] is in a code section that

CodeHawk/CHB/bchlib/bCHMemoryReference.ml

@@ -481,6 +481,7 @@ let stack_offset_to_name offset =
      "var_" ^ (constant_offset_to_neg_suffix_string n)
   | ConstantOffset (n,NoOffset) when n#equal numerical_zero ->
      "var_0000"
+  | NoOffset -> "var_0000"
   | _ -> "var.[" ^ (memory_offset_to_string offset) ^ "]"
 
 

CodeHawk/CHB/bchlib/bCHSystemInfo.ml

@@ -6,7 +6,7 @@
 
    Copyright (c) 2005-2020 Kestrel Technology LLC
    Copyright (c) 2020      Henny Sipma
-   Copyright (c) 2021-2024 Aarno Labs LLC
+   Copyright (c) 2021-2025 Aarno Labs LLC
 
    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
@@ -155,7 +155,6 @@ object (self)
   val initialized_memory = H.create 3
 
   val function_call_targets = H.create 13  (* (faddr, iaddr) -> call_target_t *)
-  val variable_intros = H.create 13 (* iaddr#index -> name *)
 
   val esp_adjustments = H.create 3      (* indexed with faddr, iaddr *)
   val esp_adjustments_i = H.create 3    (* indexed with iaddr *)
@@ -611,6 +610,18 @@ object (self)
       set_functions_file_path ()
     end
 
+  method initialize_function_annotations =
+    match load_userdata_system_file () with
+    | Some node ->
+       let getc = node#getTaggedChild in
+       let hasc = node#hasOneTaggedChild in
+       begin
+         (if hasc "function-annotations" then
+            BCHFunctionData.read_xml_function_annotations
+              (getc "function-annotations"))
+       end
+    | _ -> ()
+
   method private initialize_system_file  =
     try
       match load_system_file () with
@@ -832,13 +843,6 @@ object (self)
       (if hasc "symbolic-addresses" then
 	 BCHGlobalMemoryMap.read_xml_symbolic_addresses (getc "symbolic-addresses"));
 
-      (if hasc "function-annotations" then
-         BCHFunctionData.read_xml_function_annotations
-           (getc "function-annotations"));
-
-      (if hasc "variable-introductions" then
-         self#read_xml_variable_introductions (getc "variable-introductions"));
-
       (if hasc "userdeclared-codesections" then
 	 self#read_xml_userdeclared_codesections
            (getc "userdeclared-codesections"));
@@ -1413,39 +1417,6 @@ object (self)
       let name = get n "n" in
       (functions_data#add_function fa)#add_name name) (getcc "fn")
 
-  method private read_xml_variable_introductions (node: xml_element_int) =
-    let geta n =
-      fail_tvalue
-        (trerror_record
-           (LBLOCK [
-                STR "read_xml_variable_introductions";
-                STR (n#getAttribute "ia")]))
-        (string_to_doubleword (n#getAttribute "ia")) in
-    let getcc = node#getTaggedChildren in
-    begin
-      List.iter (fun n ->
-          let iaddr = geta n in
-          let name = n#getAttribute "name" in
-          H.add variable_intros iaddr#index name) (getcc "vintro");
-      chlog#add
-        "initialization"
-        (LBLOCK [
-             STR "system-info: read ";
-             INT (H.length variable_intros);
-             STR " variable introductions"])
-    end
-
-  method private write_xml_variable_introductions (node: xml_element_int) =
-    let vintros = H.fold (fun k v a -> (k, v)::a) variable_intros [] in
-    List.iter (fun (dwindex, name) ->
-        let vnode = xmlElement "vintro" in
-        begin
-          vnode#setAttribute
-            "ia" (TR.tget_ok (int_to_doubleword dwindex))#to_hex_string;
-          vnode#setAttribute "name" name;
-          node#appendChildren [vnode];
-        end) vintros
-
   method private read_xml_user_nonreturning_functions (node:xml_element_int) =
     let geta n =
       fail_tvalue
@@ -1555,8 +1526,6 @@ object (self)
 	  self#read_xml_thread_start_functions (getc "thread-start-functions")) ;
       (if hasc "goto-returns" then
          self#read_xml_goto_returns (getc "goto-returns"));
-      (if hasc "variable-introductions" then
-         self#read_xml_variable_introductions (getc "variable-introductions"));
       (if hasc "so-imports" then
          self#read_xml_so_imports (getc "so-imports"));
     end
@@ -1714,19 +1683,6 @@ object (self)
         dNode
       end) data_blocks#toList)
 
-  method has_variable_intro (iaddr: doubleword_int) =
-    H.mem variable_intros iaddr#index
-
-  method has_variable_intros: bool = (H.length variable_intros) > 0
-
-  method get_variable_intro_name (iaddr: doubleword_int): string =
-    if self#has_variable_intro iaddr then
-      H.find variable_intros iaddr#index
-    else
-      raise
-        (BCH_failure
-           (LBLOCK [STR "No variable intro found for address "; iaddr#toPretty]))
-
   (* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *
    *                                            stage 2: function entry points *
    * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *)
@@ -2152,7 +2108,6 @@ object (self)
     let gNode = xmlElement "goto-returns" in
     let cbNode = xmlElement "call-back-tables" in
     let stNode = xmlElement "struct-tables" in
-    let viNode = xmlElement "variable-introductions" in
     let soNode = xmlElement "so-imports" in
     begin
       functions_data#write_xml fNode;
@@ -2163,11 +2118,10 @@ object (self)
       self#write_xml_goto_returns gNode;
       self#write_xml_call_back_tables cbNode;
       self#write_xml_struct_tables stNode;
-      self#write_xml_variable_introductions viNode;
       string_table#write_xml sNode;
       self#write_xml_so_imports soNode;
       append [
-          fNode; lNode; dNode; jNode; sNode; tNode; gNode; cbNode; stNode; viNode;
+          fNode; lNode; dNode; jNode; sNode; tNode; gNode; cbNode; stNode;
           soNode]
     end
 

CodeHawk/CHB/bchlib/bCHTypeConstraintStore.ml

@@ -438,7 +438,6 @@ object (self)
            (reg: register_t) (faddr: string) (iaddr: string): btype_t option =
     let evaluation = self#evaluate_reglhs_type reg faddr iaddr in
     let logresults = iaddr = "0xffffffff" in
-    let p2s = CHPrettyUtil.pretty_to_string in
     let log_evaluation () =
       chlog#add
         ("reglhs resolution was not successfull:" ^ faddr)

CodeHawk/CHB/bchlib/bCHVariable.ml

@@ -94,7 +94,10 @@ object (self:'a)
           | "var" -> stack_offset_to_name offset
           | "varr" -> realigned_stack_offset_to_name offset
           | "gv" -> global_offset_to_name size offset
-          | _ -> basename ^ (memory_offset_to_string offset))
+          | _ ->
+             (match offset with
+              | NoOffset -> "__pderef_" ^ basename ^ "_"
+              | _ -> basename ^ (memory_offset_to_string offset)))
       | RegisterVariable reg -> register_to_string reg
       | CPUFlagVariable flag -> flag_to_string flag
       | AuxiliaryVariable a ->
@@ -107,7 +110,7 @@ object (self:'a)
 	| FunctionPointer (fname,cname,address) ->
 	  "fp_" ^ fname ^ "_" ^ cname ^ "_" ^ address
 	| FunctionReturnValue address -> "rtn_" ^ address
-        | TypeCastValue  (iaddr, name, ty, reg) ->
+        | TypeCastValue  (iaddr, name, _, reg) ->
            "typecast_" ^ name ^ "_" ^ iaddr ^ "_" ^ (register_to_string reg)
         | SyscallErrorReturnValue address -> "errval_" ^ address
 	| CallTargetValue tgt ->
@@ -593,6 +596,10 @@ object (self)
   method has_variable_index_offset (v: variable_t): bool =
     match self#get_memvar_offset v with
     | Ok (IndexOffset (v, _, _)) -> self#is_register_variable v
+    | Ok (ArrayIndexOffset (x, _)) ->
+       (match x with
+        | XConst (IntConst _) -> false
+        | _ -> true)
     | _ -> false
 
   method get_memval_offset (v: variable_t): memory_offset_t traceresult =

CodeHawk/CHB/bchlib/bCHVersion.ml

@@ -95,8 +95,8 @@ end
 
 
 let version = new version_info_t 
-  ~version:"0.6.0_2024127"
-  ~date:"2024-12-27"
+  ~version:"0.6.0_20250201"
+  ~date:"2025-02-01"
   ~licensee: None
   ~maxfilesize: None
   ()

CodeHawk/CHB/bchlib/bCHXprUtil.ml

@@ -115,6 +115,9 @@ let get_array_index_offset (xpr: xpr_t) (size: int): (xpr_t * xpr_t) option =
        Some (num_constant_expr quo, num_constant_expr rem)
     | XOp (XMult, [XConst (IntConst n); XVar v]) when n#equal numsize ->
        Some (XVar v, xzero)
+    | XOp (XMult, [XConst (IntConst n); XOp ((XXlsh | XXlsb), [XVar v])])
+         when n#equal numsize ->
+       Some (XVar v, xzero)
     | XOp (XPlus, [XOp (XMult, [XConst (IntConst n1); XVar v]);
                    XConst (IntConst n2)]) when n1#equal numsize ->
        if n2#equal numerical_zero then