angr.analyses.reaching_definitions.rd_initializer

class angr.analyses.reaching_definitions.rd_initializer.RDAStateInitializer

Bases: object

This class acts as the basic implementation for the logic that initializes the base state for the reaching definitions analysis.

It also defines the _interface_ that a state initializer should implement, if the language/runtime being analyzed requires more complicated logic to set up the state.

This code/logic was previously part of the ReachingDefinitionsState class, but this was moved here to separate these two concerns, and allow easily changing the initialization logic without having to change the state class.

__init__(arch, project=None)

Parameters:

arch (Arch)

initialize_function_state(state, cc, func_addr, rtoc_value=None)

This is the entry point to the state initialization logic. It will be called during the initialization of an ReachingDefinitionsState, if the state was freshly created (without existing live_definitions)

Return type:

None

Parameters:

• state (ReachingDefinitionsState)

• cc (SimCC | None)

• func_addr (int)

• rtoc_value (int | None)

initialize_all_function_arguments(state, func_addr, ex_loc, cc, prototype)

This method handles the setup for _all_ arguments of a function.

The default implementation uses the calling convention to extract the argument locations, associates them with the type, and passes them to the logic for one argument.

You probably don’t need to override this

Return type:

None

Parameters:

• state (ReachingDefinitionsState)

• func_addr (int)

• ex_loc (ExternalCodeLocation)

• cc (SimCC | None)

• prototype (SimTypeFunction | None)

initialize_one_function_argument(state, func_addr, ex_loc, argument_location, argument_type=None)

This method handles the setup for _one_ argument of a function. This is the main method to override for custom initialization logic.

The default implementation initializes only the argument location itself, but the signature allows this to support extra logic based on the _type_ of the argument as well.

For example if the argument is a pointer to something, the default implementation would only set up the register with the value TOP.

A custom implementation could instead dedicate some memory somewhere (e.g. on the heap), setup whatever object is being pointed to, and then put the actual pointer to this inside the register

Return type:

None

Parameters:

• state (ReachingDefinitionsState)

• func_addr (int)

• ex_loc (ExternalCodeLocation)

• argument_location (SimFunctionArgument)

• argument_type (SimType | None)

initialize_stack_pointer(state, _func_addr, ex_loc)

Return type:

None

Parameters:

• state (ReachingDefinitionsState)

• _func_addr (int)

• ex_loc (ExternalCodeLocation)

initialize_architectural_state(state, func_addr, ex_loc, rtoc_value=None)

Some architectures require initialization that is specific to that architecture.

Override this if you need to add support for an architecture that requires this, and isn’t covered yet

Return type:

None

Parameters:

• state (ReachingDefinitionsState)

• func_addr (int)

• ex_loc (ExternalCodeLocation)

• rtoc_value (int | None)