typedef PREDICATE_IA32 LEVEL_BASE::PREDICATE |
Predication type in instructions, see PREDICATE_IA32.
Memory type of argument
Calling standard of the system call instruction.
string LEVEL_CORE::CATEGORY_StringShort | ( | UINT32 | num | ) |
string LEVEL_CORE::EXTENSION_StringShort | ( | UINT32 | num | ) |
ADDRINT LEVEL_PINCLIENT::INS_Address | ( | INS | ins | ) |
INT32 LEVEL_CORE::INS_Category | ( | const INS | ins | ) |
The category of an instruction is a higher level semantic description of an instruction than its opcode (INS_Opcode). So, for instance, you can test for a conditional branch by using INS_Category(ins) == XED_CATEGORY_COND_BR, whereas using INS_Opcode(ins) would require that you enumerate all twenty conditional branch opcodes.
The full mapping of opcodes to categories can be found in the idata.txt file in the XED distribution (which is distributed as part of the Pin kit). The category enumeration can be found in the file "xed-category-enum.h".
A category can be converted into a string by using CATEGORY_StringShort.
ADDRINT LEVEL_PINCLIENT::INS_DirectBranchOrCallTargetAddress | ( | INS | ins | ) |
string LEVEL_CORE::INS_Disassemble | ( | INS | ins | ) |
INT32 LEVEL_CORE::INS_Extension | ( | const INS | ins | ) |
PREDICATE LEVEL_CORE::INS_GetPredicate | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_HasExplicitMemoryReference | ( | INS | ins | ) |
Test if this instruction has an explict memory operand. We include the memory operand in lea.
BOOL LEVEL_CORE::INS_HasFallThrough | ( | INS | ins | ) |
If INS_HasFallThrough(INS) is TRUE, then the instruction may execute the "natural" next instruction (i.e. the one which starts immediately after this one), if it is FALSE, then the instruction following the one tested will not (normally) be executed next. So HasFallThrough is TRUE for instructions which don't change the control flow (most instructions), or for conditional branches (which might change the control flow, but might not), and FALSE for unconditional branches and calls (where the next instruction to be executed is always explicitly specified).
Note that an unconditional branch or call to the next instruction still doesn't have a fall-through, since a fall through is the implicitly following instruction, and an unconditional branch never uses that.
BOOL LEVEL_CORE::INS_HasMemoryRead2 | ( | INS | ins | ) |
INS LEVEL_PINCLIENT::INS_Invalid | ( | ) |
BOOL LEVEL_CORE::INS_IsAtomicUpdate | ( | const INS | ins | ) |
BOOL LEVEL_CORE::INS_IsBranch | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsBranchOrCall | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsCall | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsDirectBranch | ( | INS | ins | ) |
These are supposed to be near relative branches.
BOOL LEVEL_CORE::INS_IsDirectBranchOrCall | ( | INS | ins | ) |
These are supposed to be near relative branches.
BOOL LEVEL_CORE::INS_IsDirectCall | ( | INS | ins | ) |
These are supposed to be near relative branches.
BOOL LEVEL_CORE::INS_IsIndirectBranchOrCall | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsIpRelRead | ( | const INS | ins | ) |
Is an IP-relative read
BOOL LEVEL_CORE::INS_IsIpRelWrite | ( | const INS | ins | ) |
Is an IP-relative write
BOOL LEVEL_CORE::INS_IsLea | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsMemoryRead | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsMemoryWrite | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsNop | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsOriginal | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsPredicated | ( | INS | ins | ) |
We treat these instructions as predicated conditional move (CMOVcc) floating conditional move (FCMOVcc) rep string ops (since they don't execute if GCX==0)
BOOL LEVEL_CORE::INS_IsPrefetch | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsProcedureCall | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsRet | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsStackRead | ( | const INS | ins | ) |
Access to the stack simply means that the instruction accesses memory relative to the stack pointer (ESP or RSP), or the frame pointer (EBP or RBP). In code compiled without a frame pointer (where EBP/RBP is used as a general register), this may give a misleading result.
BOOL LEVEL_CORE::INS_IsStackWrite | ( | const INS | ins | ) |
Detection of stack accesses is done in the same way as for INS_IsStackRead, so the same caveats apply here too.
BOOL LEVEL_CORE::INS_IsSyscall | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_IsSysret | ( | INS | ins | ) |
UINT32 LEVEL_CORE::INS_MaxNumRRegs | ( | INS | x | ) |
UINT32 LEVEL_CORE::INS_MaxNumWRegs | ( | INS | x | ) |
UINT32 LEVEL_CORE::INS_MemoryOperandCount | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_MemoryOperandIsRead | ( | INS | ins, | |
UINT32 | memopIdx | |||
) |
BOOL LEVEL_CORE::INS_MemoryOperandIsWritten | ( | INS | ins, | |
UINT32 | memopIdx | |||
) |
USIZE LEVEL_CORE::INS_MemoryOperandSize | ( | INS | ins, | |
UINT32 | memoryOp | |||
) |
[in] | ins | the instruction. |
[in] | memoryOp | the memory operand index whose size is required. |
USIZE LEVEL_CORE::INS_MemoryReadSize | ( | INS | ins | ) |
USIZE LEVEL_CORE::INS_MemoryWriteSize | ( | INS | ins | ) |
string LEVEL_CORE::INS_Mnemonic | ( | INS | ins | ) |
Only use this function if you really want a printable version of the instruction's opcode.
If you are trying to test what the opcode of an instruction is, use INS_Opcode and compare it with one of the XED_ICLASS values, or use one of the INS_Is... calls such as INS_IsMov, rather than using this function and comparing a string. Generating and comparing strings is much slower than comparing small integer values!
INS LEVEL_PINCLIENT::INS_Next | ( | INS | x | ) |
ADDRINT LEVEL_PINCLIENT::INS_NextAddress | ( | INS | ins | ) |
Get the address of the next instruction.
OPCODE LEVEL_CORE::INS_Opcode | ( | INS | ins | ) |
On ia-32 and Intel64 the opcodes are constants of the form XED_ICLASS_name. The full list of valid opcodes can be found in the idata.txt file in the XED distribution (which is distributed as part of the Pin kit), and the enum definitions are in the file "xed-iclass-enum.h".
Use INS_Mnemonic if you want a string.
BOOL LEVEL_CORE::INS_OperandIsAddressGenerator | ( | INS | ins, | |
UINT32 | n | |||
) |
INS LEVEL_PINCLIENT::INS_Prev | ( | INS | x | ) |
REG LEVEL_CORE::INS_RegR | ( | INS | x, | |
UINT32 | k | |||
) |
BOOL LEVEL_CORE::INS_RegRContain | ( | const INS | ins, | |
const REG | reg | |||
) |
REG LEVEL_CORE::INS_RegW | ( | INS | x, | |
UINT32 | k | |||
) |
BOOL LEVEL_CORE::INS_RegWContain | ( | const INS | ins, | |
const REG | reg | |||
) |
RTN LEVEL_PINCLIENT::INS_Rtn | ( | INS | x | ) |
USIZE LEVEL_PINCLIENT::INS_Size | ( | INS | ins | ) |
BOOL LEVEL_CORE::INS_Stutters | ( | INS | ins | ) |
SYSCALL_STANDARD LEVEL_CORE::INS_SyscallStd | ( | INS | ins | ) |
Check to see if the given instruction is a system call and return corresponding calling standard.
BOOL LEVEL_PINCLIENT::INS_Valid | ( | INS | x | ) |
xed_decoded_inst_t* LEVEL_CORE::INS_XedDec | ( | INS | ins | ) |
REG LEVEL_CORE::INS_XedExactMapToPinReg | ( | unsigned int | r | ) |
Convert a XED xed_reg_enum_t register to a Pin REG type.
string LEVEL_CORE::OPCODE_StringShort | ( | UINT32 | opcode | ) |
GLOBALCONST PIN_DEPRECATED_API UINT32 LEVEL_CORE::VARIABLE_MEMORY_REFERENCE_SIZE = ~0U |
DEPRECATED
VARIABLE_MEMORY_REFERENCE_SIZE is no longer generated by Pin, so all code which used to test for it can (and should ) now be removed, since the definition of this symbol will disappear in a future Pin release.
Pin now treats REP prefixed string ops as implicit loops, with the IPOINT_BEFORE and IPOINT_AFTER instrumentation called once for each iteration. That allows the IARG_MEMORY*_SIZE of the instruction to be that of the un-repped instruction (1,2,4 or 8 bytes), which can be determined at instrumentation time as with any other instruction. In most cases this significantly simplifies tools, which no longer have to special case unbounded memory accesses.
To handle the case of zero iteration REP prefixed instructions (which used to dynamically generate a zero memory size, but which will now generate the statically determined size), REP prefixed instructions are treated as predicated, so you can use INS_InsertPredicatedCall, or IARG_EXECUTING to determine whether the instruction actually executes.
Note that this is the same behavior as for CMOVcc instructions which can also have conditional memory accesses, but have never generated a zero memory size operand.