Package ghidra.pcode.emu.taint.state

Class TaintSpace

java.lang.Object

ghidra.pcode.emu.taint.state.TaintSpace

public class TaintSpace
extends Object

The storage space for taint sets in a single address space (possibly the register space)

This is the actual implementation of the in-memory storage for taint marks. For a stand-alone emulator, this is the full state. For a trace- or Debugger-integrated emulator, this is a cache of taints loaded from a trace backing this emulator. (See TaintPieceHandler.) Most likely, that trace is the user's current trace.

Field Summary

Fields

Modifier and Type	Field	Description
protected final TaintPcodeExecutorStatePiece	piece
protected final AddressSpace	space
protected final NavigableMap<Long,TaintSet>	taints

Constructor Summary

Constructors

Constructor	Description
TaintSpace(AddressSpace space, TaintPcodeExecutorStatePiece piece)

Method Summary

Modifier and Type	Method	Description
void	clear()
TaintVec	get(long offset, int size, PcodeStateCallbacks cb)	Retrieve the taint sets for the variable at the given offset
void	getInto(long offset, TaintVec buf, PcodeStateCallbacks cb)	Retrieve the taint sets for the variable at the given offset
Map.Entry<Long,TaintVec>	getNextEntry(long offset)
Map<Register,TaintVec>	getRegisterValues(List<Register> registers)
void	set(long offset, TaintVec val, PcodeStateCallbacks cb)	Mark the variable at offset with the given taint sets

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

space

protected final AddressSpace space

piece

protected final TaintPcodeExecutorStatePiece piece

taints

protected final NavigableMap<Long,TaintSet> taints

Constructor Details

TaintSpace

public TaintSpace(AddressSpace space,
 TaintPcodeExecutorStatePiece piece)

Method Details

set

public void set(long offset,
 TaintVec val,
 PcodeStateCallbacks cb)

Mark the variable at offset with the given taint sets

This marks possibly several offsets, starting at the given offset. The first taint set in the vector is used to mark the given offset, then each subsequent set marks each subsequent offset. This is analogous to the manner in which bytes would be "written" from a source array into concrete state, starting at a given offset.

Parameters:

offset - the starting offset

val - the vector of taint sets

cb - callbacks to receive emulation events

getInto

public void getInto(long offset,
 TaintVec buf,
 PcodeStateCallbacks cb)

Retrieve the taint sets for the variable at the given offset

This retrieves as many taint sets as there are elements in the given buffer vector. The first element becomes the taint set at the given offset, then each subsequent element becomes the taint set at each subsequent offset until the vector is filled. This is analogous to the manner in which bytes would be "read" from concrete state, starting at a given offset, into a destination array.

Parameters:

offset - the offset

buf - the vector to receive taint sets

cb - callbacks to receive emulation events

get

public TaintVec get(long offset,
 int size,
 PcodeStateCallbacks cb)

Retrieve the taint sets for the variable at the given offset

This works the same as getInto(long, TaintVec, PcodeStateCallbacks), but creates a new vector of the given size, reads the taint sets, and returns the vector.

Parameters:

offset - the offset

size - the size of the variable

cb - callbacks to receive emulation events

Returns:

the taint vector for that variable

clear

public void clear()

getRegisterValues

public Map<Register,TaintVec> getRegisterValues(List<Register> registers)

getNextEntry

public Map.Entry<Long,TaintVec> getNextEntry(long offset)