CFG

This flag is used to indicate that blocks may legally end on instructions that are not terminators.

This flag is used to indicate that the CFG may legally contain blocks not reachable from the entry-point.

This flag is used to specify that call-to-subroutine statements are not basic block terminators.

Create a standard CFG using a pre-constructed list of basic blocks.

Convenience constructor. Same as CFG(insns, irrdata, null, 0, 0, 0).

Create a CFG by recursively processing a list of sequential instructions.

Delay-slot instruction sets are not supported by this constructor.

Create a CFG by recursively processing a collection of instructions.

Delay-slot instruction sets are not supported by this constructor.

Add a block, does nothing else. The block is not connected, it is up to client code to connect it.

Insert a block, does nothing else. The block is not connected, it is up to client code to connect it.

TODO: rename to connect() and SHOULD NOT USE. This method does nothing if such an edge already exists.

Add a regular edge X->Y.

TODO: Rename to connectIrregular() and SHOULD NOT USE.

Get an instruction-with-address iterator. Also see instructions().

Create a fresh DFA helper object. Clients should use doDataFlowAnalysis() methods instead of using this object directly.

Remove all block edges.

Delete one duplicate edge X->Y.

Delete an edge x->y.

Delete an edge x->y. If duplicates exist, the first one in the list of out-edges deleted.

Delete an irregular edge x->y.

Delete an irregular edge x->y. If duplicates exist, the first one in the list of irrout-edges is deleted.

Delete all irregular output edges for the provided block.

Delete all regular output edges for the provided block.

Perform data flow analysis on the CFG. Default settings are used if not specified.

Perform data flow analysis on the CFG using standard DFA settings. Input registers are integrated into the ud-chains. If possible, the analysis is conservative. Variable-copies are cleaned.

This method does not force a new analysis unless the settings of the last valid analysis do not match the required settings: it is the same as invoking doDataFlowAnalysis(false).

Perform data flow analysis on the CFG. Default settings are used if not specified.

Perform data flow analysis on the CFG.

Locate an instruction.

Format this CFG as an assembly-code listing.

Consider using a CFGFormatter instead of this method.

Format this CFG as an assembly-code listing.

Consider using a CFGFormatter instead of this method.

Retrieve a basic block.

Get a complete map of the basic blocks and their addresses in the CFG. This method is recommended for use when multiple, repeated invocations of #getBlockAt(int) are to be made.

Get the basic block that starts at the provided address or offset.

Get the basic block that contains the provided address.

Note that the address just needs to be in the block address range; it does not need to point to the beginning of an instruction within the block

Get the basic block that ends on the provided address.

Get a copy of the block list of the CFG. The list is ordered by ascending block address. Modifying the list does not impact the CFG.

Get a read-only view of the list of blocks for this CFG. The list is ordered by ascending block address.

Retrieve a list of all current data flow analyses.

Note that the initial value is set to #STANDARD_COLLECTION_FLAGS.

Retrieve a valid DFA object done with standard parameters (conservative, with inputs, no copies).

Retrieve a valid DFA object matching the provided parameters.

Calculate the 'effective' size of this CFG, that is, the sum of the size of each basic block.

Routine highest address (exclusive).

Routine entry-point address. Note that this address may not be the lowest one in the CFG.

Get the entry block. The entry block is unique.

Get the ordered list of exit blocks. A CFG may have zero or more exit blocks; CFG representing standard routines will have at least one (generally one) exit block.

Routine lowest address (inclusive). Note that this address may not be the entry-point address for this routine.

Get the CFG flags. See FLAG_xxx in this class.

Get a list of gaps found in the routine CFG. Gaps are memory spaces between blocks that do not belong to the CFG itself.

Optimizing compilers and obfuscators can produce routines with gaps.

Get the a graph representation of the CFG. The list of edges return use a 1-based node numbering scheme.

Get the instruction located at the exact address.

Get the total number of instructions in the CFG. This method sums the number of instructions of each block of the CFG.

Locate an instruction.

Locate an instruction.

Get the instruction list of this CFG by aggregating each instruction of every block. The list is ordered by ascending address/offset.

Get the map of addresses to instructions that compose this CFG.

Routine highest address (inclusive).

Retrieve the current variable information provider.

Determine if this CFG has exit blocks, that is, blocks without out-edges.

Determine if this CFG does not have any exit block.

Get an indexed-block iterator.

Get an instruction iterator. Also see addressableInstructions().

Partially invalidate data flow analyses. This method can be used after modifying an instruction of the CFG.

Invalidate all previously performed data flow analyses. This method can be used after a CFG modification that would render DFA objects obsoletes.

Note that the initial value is set to #STANDARD_INTEGRATE_INPUTS.

Get a block iterator.

This method reconnects a block x from y to z, i.e. x->y becomes x->z. If z is null, this method deletes the edge x>y.

This method reconnects a block x from y to z, i.e. x->y becomes x->z. Duplicates edges are forbidden.

See reconnectEdge(BasicBlock, BasicBlock, BasicBlock, Integer).

This method irregularly reconnects a block x from y to z, i.e. x->y becomes x->z. Duplicates edges are forbidden.

See reconnectIrregularEdge(BasicBlock, BasicBlock, BasicBlock, Integer).

This method irregularly reconnects a block x from y to z, i.e. x->y becomes x->z. If z is null, this method deletes the irregular edge x>y.

Remove a block, and update the fixtures. This method is content-agnostic.

A CFG should never contain empty blocks or orphan blocks (no parents). However, when the CFG is optimized, instructions and edges are removed, and some nodes might end up empty or orphans. This transient, stale state is fine AS LONG AS the client knows what it is doing and removes the blocks as soon as they're done, before passing it down the processing chain. This method removes such blocks and updates the edges of connected and connecting blocks.

Caveats:

• 1st caveat: the block's out-degree is one, OR the block's in-degree is one or zero. (Otherwise, stitching up the edges would not be possible.)
• 2nd caveat: duplicate edges can be introduced. The client should remove them if it doesn't like that.
• 3rd caveat: the fixtures update is instruction-agnostic. This means that the client is solely responsible regarding the decision to remove a block. For instance, the last instruction of the predecessor block should be checked and the client should make sure that removing the block and updating the fixtures is an operation compatible with the semantics of that last instruction.

Remove all blocks not reachable from the entry-point.

If the CFG is composed of IResizableInstruction, instruction sizes may be adjusted to avoid the introduction of gaps between blocks.

Remove all blocks not reachable from the entry-point.

Replace an instruction. An existing instruction must exist at the provided address. No adjustment is done (eg, the replaced instruction size is not modified). It is up to the caller to adjust the instruction in order to keep a valid CFG object.

Replace a sequence of instructions contained in a single basic block.

Note that the initial value is set to #STANDARD_COLLECTION_FLAGS.

Note that the initial value is set to #STANDARD_INTEGRATE_INPUTS.

Set an optional timer verifier that will be checked during long operations, including DFA computations.

Set the variable information provider.

The provider is used by two components:
- The data flow analysis components: the provider is used to determine which variables are 'copies' of other variables, and can selectively block their propagation to avoid cluttering live-var data and reaching-var data (especially imporntant to have clean reaching -output information)
- The CFG formatter: when rendering a CFG with data chains: variables are rendered using their names instead of their ids

Perform a shallow duplication of a CFG:
- Block references are optionally copied
- DFA data is not copied

Merge consecutive blocks that can be safely merged.

Usage of this function is not recommended.

Merge the blocks that can be merged, without changing the flow of the graph. WATCH OUT! When merging with mergeOnCalls or mergeOnJumps set to true, the branching instructions are not removed from the merged blocks. It is the responsibility of the client to remove unnecessary branching instructions in those cases.

Necessary conditions include: adjacent blocks, first block falls thru the second one (possibly through two duplicate edges), no block shall have irregular outputs, and only the first block may have irregular inputs.

Data flow analysis: not used; invalidated (if simplifications were performed).

This method uses getBreakingFlow(long) and getRoutineCall(long) to determine block ends.

Get the number of blocks.

Split a block into two blocks.