boundary_value_analysis

This analysis looks for comparisons of a register to an immediate in order to bound the possible values of that register.

For example, in the following jump table code, AL is bounded as less than or equal to 11 due to the comparison. This boundary value can be used by the jumptable propagation to determine a max size.

cmp AL,11 ja jumptable_default lea RDI,QWORD PTR [RIP+.L_jumptable] movzx EAX,AL movsxd RAX,DWORD PTR [RDI+RAX*4] add RAX,RDI jmp RAX

flags_and_jump_pair(EA_flags:address, EA_jmp:address, CC:condition_code)

A pair of instructions that sets the flags register and then conditionally jump.

Empty on architectures where a flags register is not used.

• Uses: arch.condition_flags_reg, arch.conditional, arch.jump

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

compare_and_jump_immediate(EA_cmp:address, EA_jmp:address, CC:condition_code, Reg:register, Immediate:number)

A pair of instructions that compares a register to an immediate and then conditionally jumps.

• Uses: arch.cmp_operation, arch.cmp_zero_operation, arch.conditional, arch.jump, cmp_immediate_to_reg, instruction, instruction_get_op, op_regdirect_contains_reg, reg_map, register_access

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

compare_and_jump_register(EA_cmp:address, EA_jmp:address, CC:condition_code, Reg1:register, Reg2:register)

A pair of instructions that compares a register to another register and then conditionally jumps.

• Uses: arch.conditional, arch.jump

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

compare_and_jump_indirect(EA_cmp:address, EA_jmp:address, CC:condition_code, IndirectOp:operand_code, Immediate:number)

A pair of instructions that compares a memory location to an immediate and then conditionally jumps.

• Uses: arch.cmp_operation, instruction, instruction_get_op, op_immediate, op_indirect

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

limit_type_map(CC:condition_code, BranchLT:limit_type, FallthroughLT:limit_type, BranchOffset:number, FallthroughOffset:number)

Map condition codes to limit types

• Used by: arm_jump_table_cmp_limit, value_reg_limit

value_reg_limit(From:address, To:address, Reg:register, Value:number, LimitType:limit_type)

An instruction at EA limits the value of Reg at some MIN or MAX value.

From: the address that creates the limit To: the address at which the limit is active

• Uses: arch.memory_access, arch.move_reg_imm, direct_jump, instruction_get_op, limit_type_map, track_register

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

compare_and_jump_indirect_op_valid(EA_cmp:address, EA_jmp:address, EA:address, IndirectOp:operand_code, Steps:number)

Detect where indirect operand used in a comparison is unmodified afterward.

• Uses: arch.memory_access, arch.store_immediate, instruction_get_op, op_indirect_mapped, reg_def_use.def

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

correlated_live_reg(Block:address, Reg1:register, Reg2:register, Offset:number)

Two live registers are a constant offset from each other at the end of a block.

• Uses: limit_reg_op

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

cmp_defines(EA_jmp:address, EA_dst:address, Reg:register)

A register is compared as NE or EQ and used for a conditional jump.

• Uses: direct_jump

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

no_value_reg_limit(EA_jmp:address)

Jumps where generating a value_reg_limit is not supported.

• Uses: arch.cmp_operation, arch.move_reg_imm, instruction

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

step_limit_small(Limit:unsigned)

• Used by: last_value_reg_limit

last_value_reg_limit(From:address, To:address, Reg:register, Value:number, LimitType:limit_type, Steps:unsigned)

Basic-block propagation of value_reg_limit

From: the address that creates the limit To: the address at which the limit is active

• Uses: conditional_jump, limit_reg_op, step_limit_small

• Recursive: arm_jump_table_cmp_limit, value_reg_unsupported, value_reg, candidate_block_is_not_padding, gp_relative_operand, split_load_total_points, stack_def_use.def_used, indexed_pc_relative_load, branch_to_calculated_pc_rel_addr, code_in_block, jump_table_element_access, compare_and_jump_register, jump_table_candidate, invalid, block_candidate_boundaries, data_in_code_propagate, relocation_adjustment_total, arch.simple_data_load, local_dynamic_tls_candidate, block_limit, block_instruction_next, reg_def_use.used, wis_memo, stack_def_use.live_var_used_in_block, wis_has_prior, arm_jump_table_skip_first_entry, wis_schedule, flags_and_jump_pair, litpool_symbolic_operand, segment_target_range, inferred_main_in_reg, code_in_block_candidate_refined, unresolved_interval, code_in_block_candidate, reg_def_use.return_val_used, start_function, correlated_live_reg, indexed_pc_relative_load_relative, arm_jump_table_block_start, arch.reg_relative_load, arm_jump_table_data_block, next_block_in_byte_interval, impossible_block, reg_def_use.ambiguous_last_def_in_block, reg_def_use.live_var_at_prior_used, data_block_candidate, invalid_jump_table_candidate, compare_and_jump_indirect, reg_def_use.flow_def, arm_jump_table_data_block_limit, stack_base_reg_move, __agg_single3, base_relative_jump, arm_jump_table_block_instruction, __agg_subclause2, no_value_reg_limit, overlap_with_litpool, split_load_candidate, __agg_subclause4, padding_block_candidate, inferred_main_dispatch, relocation_adjustment, tls_get_addr, after_end, stack_def_use.defined_in_block, reg_def_use.used_in_block, stack_def_use.last_def_in_block, candidate_block_is_padding, plt_entry, jump_table_max, reg_def_use.live_var_at_block_end, initialized_data_segment, tls_relative_operand_mips, relative_address, litpool_ref, arm_jump_table_candidate_start, must_fallthrough, may_fallthrough, contains_implausible_instr_seq, __agg_subclause6, no_return_call_refined, block_points_proportional, no_return_block, cinf_ldr_add_pc, relative_address_start, adjusts_stack_in_block, resolved_reaches, block_total_points, next_end, possible_target_from, block_candidate_dependency_edge, block, self_contained_segment, block_next, reg_def_use.live_var_def, jump_table_signed, reg_has_got, no_return_call_propagated, wis_prior, split_load_conflict, jump_table_start, wis_schedule_iter, reg_def_use.ambiguous_block_last_def, jump_table_prelude, first_block_in_byte_interval, arch.extend_load, base_relative_operation, indefinite_litpool_ref, compare_and_jump_immediate, unresolved_block_overlap, split_load, stack_def_use.used_in_block, reg_reg_arithmetic_operation_defs, padding_block_limit, reg_def_use.def_used, tls_desc_call, litpool_boundaries, discarded_block, stack_def_use.live_var_def, base_relative_operand, data_in_code, plt_block, reg_used_for, overlapping_instruction, reg_has_base_image, cmp_defines, nop_in_padding_candidate, compare_and_jump_indirect_op_valid, data_block_limit, __agg_subclause7, block_implies_block, const_value_reg_used, reg_def_use.return_block_end, next_type, __agg_single10, adrp_used, symbol_minus_symbol_litpool_access_pattern, contains_plausible_instr_seq, got_relative_operand, jump_table_candidate_refined, stack_def_use.live_var_at_prior_used, possible_target, instruction_memory_access_size, block_points, basic_target, split_load_operand, incomplete_block, transition_block_limit, data_access, litpool_confidence, block_overlap, arm_jump_table_candidate, reg_def_use.block_last_def, reg_def_use.last_def_in_block, is_padding, simple_data_access_pattern, reg_def_use.live_var_used, straight_line_last_def, __agg_single2, inter_procedural_edge, init_symbol_minus_symbol_candidate_arm, function_inference.function_entry_initial, block_heuristic, hi_load_prop, unresolved_interval_order, symbolic_expr_from_relocation, discarded_split_load, likely_fallthrough, block_boundaries, call_tls_get_addr_mips, stack_def_use.block_last_def, __agg_single6, stack_def_use.live_var_at_block_end, split_load_point, cmp_reg_to_reg, unlikely_have_symbolic_immediate, reg_def_use.defined_in_block, jump_table_target, no_return_call, split_load_for_symbolization, call_tls_get_addr, __agg_subclause3, next_start, stack_def_use.ref_in_block, straight_line_def_used, def_used_for_address, init_ldr_add_pc, last_value_reg_limit, value_reg_edge, data_segment, common_tail, reg_def_use.ref_in_block, known_block, negative_block_heuristic, relative_jump_table_entry_candidate, stack_def_use.live_var_used, unresolved_block, block_last_instruction, value_reg_limit, composite_data_access

limit_reg_op(EA:address, DstReg:register, SrcReg:register, Offset:number)

Move or arithmetic operation on a limited register

• Uses: arch.move_reg_reg, arch.reg_arithmetic_operation

• Used by: correlated_live_reg, last_value_reg_limit