The goal is to support a jumptable testcase that is not supported by
the current jump bounds check. The jump bounds check needs to be
augmented so that it understands equality relationships between stack
values and registers, and bounds on both.
This patch tracks when a register points to a concrete stack offset.
As part of this, we droped the AbsDomain instance for AbsBlockState.
Clients should now likely use `fnStartAbsBlockState` in lieu of `top`.
The other client visible change is that the ClassifyFailure
constructor now has an extra argument with details about why
classification failure occured.
This introduces a new datatype CValue for representing constants
in Macaw programs, modifies the existing Value datatype to use then,
and introduces patterns for compatibility with existing datatypes.
The patch also updates the function argument analysis to use more
explicit argument passing rather than monadic updates. The intent is
to help clarify when data is initialized rather than updated.
Finally this updates a README and does some minor updates.
The parseFetchAndExecute in Discovery attempts to identify ParsedITE
terminal statements by examining the value of the ip_reg via
valueAsApp and pattern matching on a Mux statement. This patch adds
specific handling in the Macaw CFG Rewriter to attempt to float Mux
statements upwards (aka "Mux Head Normal Form") so that they will be
the top-most ip_reg value and therefore be recognized as a ParsedITE
terminator.
For macaw-ppc testing of the 988KB gzip binary, this increased the
number of blocks found from 1339 to 37950 (and increased the test
runtime from 1.36s to 88.14s).
This patch focuses on function argument analysis, but includes some
other cleanups.
The main changes are to add additional comments and cleanups to the
function argument analysis code. This also extends the analysis so
that we can annotate the types of some of the functions and use those
types during analysis.
As part of this we tighten the PLTStub checking, and clean up the
elfloader in some minor ways.
WidthEqProofs are now irrelevant. Two proofs with the same
coercision source and destination will be equal. This allows us to
add a transitivity constructor without introducing spurious
inequalities, and will in the future allow us to collapse multiple
bitcasts into a single bitcast.
adjustedLoadRegionIndex is exported for reopt.
TypeRepr now has a pretty instance.
This primarily refines the abstract state propagated to branch
pairs. It was needed on the ARM platform to support the IT blocks
with the changes to the Core representation in macaw-base 0.3.6.
This also includes a few simplifications added and comment
improvements.