data_access_analysis

The data access analysis computes:

-‘data_access_patterns’ which represent that the address ‘Address’ is

accessed with size ‘Size’ and multiplier ‘Multiplier’ from an instruction in ‘FromWhere’.

-‘preferred_data_access’ the address is most likely accessed from the data access

pattern located at ea_data_access.

data_access_patterns are computed by checking memory accesses and with the help of the value analysis.

data_access_patterns give us very sparse information, but if an address ‘ea’ is accessed with a multiplier, it is likely that ‘ea’+multiplier, ‘ea’+2*multiplier, etc are also accessed the same way. Unfortunately, we do not know until when. Therefore, we propagate these accesses using the multiplier until we reach some other access.

instruction_memory_access_size(EA:address, Op_index:operand_index, Size:unsigned)

• Uses: arch.data_access_size, instruction, instruction_get_dest_op, instruction_get_op, op_indirect, op_regdirect

• Used by: arch.alignment_required

• Recursive: const_value_reg_used, function_inference.function_entry_initial, no_return_call_propagated, next_end, may_fallthrough, jump_table_candidate, block_candidate_boundaries, unresolved_interval_order, inferred_main_in_reg, reg_def_use.return_val_used, inter_procedural_edge, compare_and_jump_immediate, block_limit, value_reg_edge, block_next, reg_has_base_image, stack_def_use.block_last_def, possible_target_from, no_return_block, indefinite_litpool_ref, stack_def_use.used_in_block, adjusts_stack_in_block, split_load_total_points, jump_table_candidate_refined, overlap_with_litpool, value_reg_limit, code_in_block_candidate, candidate_block_is_not_padding, likely_fallthrough, arch.reg_relative_load, arm_jump_table_cmp_limit, value_reg_unsupported, nop_in_padding_candidate, arm_jump_table_block_start, __agg_subclause2, transition_block_limit, block_overlap, no_return_call, data_segment, jump_table_element_access, reg_def_use.flow_def, arm_jump_table_skip_first_entry, block_total_points, stack_def_use.defined_in_block, reg_def_use.ambiguous_last_def_in_block, straight_line_def_used, basic_target, symbol_minus_symbol_litpool_access_pattern, value_reg, reg_def_use.live_var_used, compare_and_jump_indirect_op_valid, litpool_ref, padding_block_candidate, self_contained_segment, data_in_code_propagate, unresolved_interval, unlikely_have_symbolic_immediate, symbolic_expr_from_relocation, hi_load_prop, block_points, wis_memo, split_load_for_symbolization, arm_jump_table_data_block_limit, adrp_used, known_block, wis_has_prior, candidate_block_is_padding, no_return_call_refined, data_in_code, reg_def_use.used, is_padding, reg_def_use.ref_in_block, base_relative_operand, def_used_for_address, reg_def_use.live_var_at_prior_used, block_heuristic, relative_address_start, tls_get_addr, __agg_subclause6, instruction_memory_access_size, start_function, arm_jump_table_candidate, first_block_in_byte_interval, stack_base_reg_move, __agg_subclause3, jump_table_target, base_relative_operation, resolved_reaches, next_start, reg_def_use.live_var_def, must_fallthrough, next_type, arm_jump_table_candidate_start, next_block_in_byte_interval, __agg_single3, split_load, indexed_pc_relative_load_relative, block_instruction_next, stack_def_use.live_var_used_in_block, cmp_defines, block, reg_def_use.block_last_def, overlapping_instruction, code_in_block, no_value_reg_limit, jump_table_signed, impossible_block, block_boundaries, wis_prior, composite_data_access, relocation_adjustment_total, discarded_block, stack_def_use.last_def_in_block, indexed_pc_relative_load, __agg_single6, stack_def_use.live_var_at_block_end, after_end, split_load_candidate, incomplete_block, straight_line_last_def, jump_table_max, block_points_proportional, wis_schedule, arm_jump_table_data_block, compare_and_jump_register, block_candidate_dependency_edge, reg_has_got, data_block_candidate, got_relative_operand, contains_plausible_instr_seq, reg_def_use.ambiguous_block_last_def, invalid_jump_table_candidate, possible_target, relative_address, cmp_reg_to_reg, reg_def_use.def_used, cinf_ldr_add_pc, block_implies_block, contains_implausible_instr_seq, split_load_point, call_tls_get_addr, unresolved_block, split_load_operand, inferred_main_dispatch, gp_relative_operand, code_in_block_candidate_refined, reg_reg_arithmetic_operation_defs, litpool_symbolic_operand, data_access, init_symbol_minus_symbol_candidate_arm, plt_block, invalid, litpool_boundaries, segment_target_range, correlated_live_reg, arm_jump_table_block_instruction, simple_data_access_pattern, reg_def_use.live_var_at_block_end, reg_def_use.defined_in_block, block_last_instruction, flags_and_jump_pair, split_load_conflict, data_block_limit, last_value_reg_limit, reg_used_for, initialized_data_segment, __agg_subclause7, stack_def_use.live_var_at_prior_used, jump_table_start, unresolved_block_overlap, arch.extend_load, stack_def_use.def_used, init_ldr_add_pc, litpool_confidence, tls_desc_call, common_tail, stack_def_use.ref_in_block, arch.simple_data_load, reg_def_use.used_in_block, base_relative_jump, branch_to_calculated_pc_rel_addr, stack_def_use.live_var_def, wis_schedule_iter, jump_table_prelude, negative_block_heuristic, relocation_adjustment, compare_and_jump_indirect, reg_def_use.last_def_in_block, relative_jump_table_entry_candidate, discarded_split_load, __agg_single2, padding_block_limit, reg_def_use.return_block_end, plt_entry, stack_def_use.live_var_used

data_access(EA:address, Op_index:operand_index, RegSegment:reg_nullable, RegBase:reg_nullable, RegIndex:reg_nullable, Mult:number, Offset:number, Size:unsigned)

• Uses: instruction_get_op, op_indirect_mapped

• Used by: addr_outside_section_used_for_memory_access, data_access_pattern_candidate, dest_enlarged_data_section, jump_table, moved_displacement_candidate, moved_label_class, value_reg_at_operand, value_reg_at_operand_loop

• Recursive: const_value_reg_used, function_inference.function_entry_initial, no_return_call_propagated, next_end, may_fallthrough, jump_table_candidate, block_candidate_boundaries, unresolved_interval_order, inferred_main_in_reg, reg_def_use.return_val_used, inter_procedural_edge, compare_and_jump_immediate, block_limit, value_reg_edge, block_next, reg_has_base_image, stack_def_use.block_last_def, possible_target_from, no_return_block, indefinite_litpool_ref, stack_def_use.used_in_block, adjusts_stack_in_block, split_load_total_points, jump_table_candidate_refined, overlap_with_litpool, value_reg_limit, code_in_block_candidate, candidate_block_is_not_padding, likely_fallthrough, arch.reg_relative_load, arm_jump_table_cmp_limit, value_reg_unsupported, nop_in_padding_candidate, arm_jump_table_block_start, __agg_subclause2, transition_block_limit, block_overlap, no_return_call, data_segment, jump_table_element_access, reg_def_use.flow_def, arm_jump_table_skip_first_entry, block_total_points, stack_def_use.defined_in_block, reg_def_use.ambiguous_last_def_in_block, straight_line_def_used, basic_target, symbol_minus_symbol_litpool_access_pattern, value_reg, reg_def_use.live_var_used, compare_and_jump_indirect_op_valid, litpool_ref, padding_block_candidate, self_contained_segment, data_in_code_propagate, unresolved_interval, unlikely_have_symbolic_immediate, symbolic_expr_from_relocation, hi_load_prop, block_points, wis_memo, split_load_for_symbolization, arm_jump_table_data_block_limit, adrp_used, known_block, wis_has_prior, candidate_block_is_padding, no_return_call_refined, data_in_code, reg_def_use.used, is_padding, reg_def_use.ref_in_block, base_relative_operand, def_used_for_address, reg_def_use.live_var_at_prior_used, block_heuristic, relative_address_start, tls_get_addr, __agg_subclause6, instruction_memory_access_size, start_function, arm_jump_table_candidate, first_block_in_byte_interval, stack_base_reg_move, __agg_subclause3, jump_table_target, base_relative_operation, resolved_reaches, next_start, reg_def_use.live_var_def, must_fallthrough, next_type, arm_jump_table_candidate_start, next_block_in_byte_interval, __agg_single3, split_load, indexed_pc_relative_load_relative, block_instruction_next, stack_def_use.live_var_used_in_block, cmp_defines, block, reg_def_use.block_last_def, overlapping_instruction, code_in_block, no_value_reg_limit, jump_table_signed, impossible_block, block_boundaries, wis_prior, composite_data_access, relocation_adjustment_total, discarded_block, stack_def_use.last_def_in_block, indexed_pc_relative_load, __agg_single6, stack_def_use.live_var_at_block_end, after_end, split_load_candidate, incomplete_block, straight_line_last_def, jump_table_max, block_points_proportional, wis_schedule, arm_jump_table_data_block, compare_and_jump_register, block_candidate_dependency_edge, reg_has_got, data_block_candidate, got_relative_operand, contains_plausible_instr_seq, reg_def_use.ambiguous_block_last_def, invalid_jump_table_candidate, possible_target, relative_address, cmp_reg_to_reg, reg_def_use.def_used, cinf_ldr_add_pc, block_implies_block, contains_implausible_instr_seq, split_load_point, call_tls_get_addr, unresolved_block, split_load_operand, inferred_main_dispatch, gp_relative_operand, code_in_block_candidate_refined, reg_reg_arithmetic_operation_defs, litpool_symbolic_operand, data_access, init_symbol_minus_symbol_candidate_arm, plt_block, invalid, litpool_boundaries, segment_target_range, correlated_live_reg, arm_jump_table_block_instruction, simple_data_access_pattern, reg_def_use.live_var_at_block_end, reg_def_use.defined_in_block, block_last_instruction, flags_and_jump_pair, split_load_conflict, data_block_limit, last_value_reg_limit, reg_used_for, initialized_data_segment, __agg_subclause7, stack_def_use.live_var_at_prior_used, jump_table_start, unresolved_block_overlap, arch.extend_load, stack_def_use.def_used, init_ldr_add_pc, litpool_confidence, tls_desc_call, common_tail, stack_def_use.ref_in_block, arch.simple_data_load, reg_def_use.used_in_block, base_relative_jump, branch_to_calculated_pc_rel_addr, stack_def_use.live_var_def, wis_schedule_iter, jump_table_prelude, negative_block_heuristic, relocation_adjustment, compare_and_jump_indirect, reg_def_use.last_def_in_block, relative_jump_table_entry_candidate, discarded_split_load, __agg_single2, padding_block_limit, reg_def_use.return_block_end, plt_entry, stack_def_use.live_var_used

value_reg_at_operand(EA:address, Op_index:operand_index, Reg:reg_nullable, EA_from:address, Mult:number, Offset:number, Type:symbol)

• Uses: best_value_reg, data_access, reg_def_use.def_used, value_reg_at_operand_loop

• Used by: addr_outside_section_used_for_memory_access, data_access_pattern_candidate, moved_displacement_candidate, moved_label_class

value_reg_at_operand_loop(EA:address, Op_index:operand_index, Reg:reg_nullable, EA_from:address, Mult:number, Offset:number, Type:symbol)

• Uses: best_value_reg, data_access, reg_def_use.def_used

• Used by: dest_enlarged_data_section, value_reg_at_operand

data_access_pattern(Address:address, Size:unsigned, Multiplier:number, FromWhere:address)

The address ‘Address’ is accessed from an instruction at address ‘FromWhere’. The access has size ‘Size’ and uses a multiplier ‘Multiplier’.

• Uses: dap_max_mult, data_access_pattern_candidate_refined

• Used by: data_access_pattern_non_zero, data_limit_after_access, jump_table, next_data_access, next_dyssynchronous_data_access, preferred_data_access, synchronous_access, synchronous_access_barrier_after_access

data_access_pattern_candidate(Address:address, Size:unsigned, Multiplier:number, FromWhere:address)

Auxiliary predicate that computes initial approximation of data_access_pattern

• Uses: data_access, data_segment, simple_data_access_pattern, value_reg_at_operand

• Used by: addr_outside_section_used_for_memory_access, data_access_pattern_candidate_refined, moved_displacement_candidate, moved_label_class

simple_data_access_pattern(Address:address, Op_index:unsigned, Size:unsigned, FromWhere:address)

The address Address is accessed from instruction at address FromWhere. The access is done from operand Op_index and has size Size. simple_data_access_pattern is a subset of data_access_pattern_candidate that can be computed without using the value register analysis.

• Uses: instruction_has_relocation, pc_relative_operand

• Used by: data_access_pattern_candidate

• Recursive: const_value_reg_used, function_inference.function_entry_initial, no_return_call_propagated, next_end, may_fallthrough, jump_table_candidate, block_candidate_boundaries, unresolved_interval_order, inferred_main_in_reg, reg_def_use.return_val_used, inter_procedural_edge, compare_and_jump_immediate, block_limit, value_reg_edge, block_next, reg_has_base_image, stack_def_use.block_last_def, possible_target_from, no_return_block, indefinite_litpool_ref, stack_def_use.used_in_block, adjusts_stack_in_block, split_load_total_points, jump_table_candidate_refined, overlap_with_litpool, value_reg_limit, code_in_block_candidate, candidate_block_is_not_padding, likely_fallthrough, arch.reg_relative_load, arm_jump_table_cmp_limit, value_reg_unsupported, nop_in_padding_candidate, arm_jump_table_block_start, __agg_subclause2, transition_block_limit, block_overlap, no_return_call, data_segment, jump_table_element_access, reg_def_use.flow_def, arm_jump_table_skip_first_entry, block_total_points, stack_def_use.defined_in_block, reg_def_use.ambiguous_last_def_in_block, straight_line_def_used, basic_target, symbol_minus_symbol_litpool_access_pattern, value_reg, reg_def_use.live_var_used, compare_and_jump_indirect_op_valid, litpool_ref, padding_block_candidate, self_contained_segment, data_in_code_propagate, unresolved_interval, unlikely_have_symbolic_immediate, symbolic_expr_from_relocation, hi_load_prop, block_points, wis_memo, split_load_for_symbolization, arm_jump_table_data_block_limit, adrp_used, known_block, wis_has_prior, candidate_block_is_padding, no_return_call_refined, data_in_code, reg_def_use.used, is_padding, reg_def_use.ref_in_block, base_relative_operand, def_used_for_address, reg_def_use.live_var_at_prior_used, block_heuristic, relative_address_start, tls_get_addr, __agg_subclause6, instruction_memory_access_size, start_function, arm_jump_table_candidate, first_block_in_byte_interval, stack_base_reg_move, __agg_subclause3, jump_table_target, base_relative_operation, resolved_reaches, next_start, reg_def_use.live_var_def, must_fallthrough, next_type, arm_jump_table_candidate_start, next_block_in_byte_interval, __agg_single3, split_load, indexed_pc_relative_load_relative, block_instruction_next, stack_def_use.live_var_used_in_block, cmp_defines, block, reg_def_use.block_last_def, overlapping_instruction, code_in_block, no_value_reg_limit, jump_table_signed, impossible_block, block_boundaries, wis_prior, composite_data_access, relocation_adjustment_total, discarded_block, stack_def_use.last_def_in_block, indexed_pc_relative_load, __agg_single6, stack_def_use.live_var_at_block_end, after_end, split_load_candidate, incomplete_block, straight_line_last_def, jump_table_max, block_points_proportional, wis_schedule, arm_jump_table_data_block, compare_and_jump_register, block_candidate_dependency_edge, reg_has_got, data_block_candidate, got_relative_operand, contains_plausible_instr_seq, reg_def_use.ambiguous_block_last_def, invalid_jump_table_candidate, possible_target, relative_address, cmp_reg_to_reg, reg_def_use.def_used, cinf_ldr_add_pc, block_implies_block, contains_implausible_instr_seq, split_load_point, call_tls_get_addr, unresolved_block, split_load_operand, inferred_main_dispatch, gp_relative_operand, code_in_block_candidate_refined, reg_reg_arithmetic_operation_defs, litpool_symbolic_operand, data_access, init_symbol_minus_symbol_candidate_arm, plt_block, invalid, litpool_boundaries, segment_target_range, correlated_live_reg, arm_jump_table_block_instruction, simple_data_access_pattern, reg_def_use.live_var_at_block_end, reg_def_use.defined_in_block, block_last_instruction, flags_and_jump_pair, split_load_conflict, data_block_limit, last_value_reg_limit, reg_used_for, initialized_data_segment, __agg_subclause7, stack_def_use.live_var_at_prior_used, jump_table_start, unresolved_block_overlap, arch.extend_load, stack_def_use.def_used, init_ldr_add_pc, litpool_confidence, tls_desc_call, common_tail, stack_def_use.ref_in_block, arch.simple_data_load, reg_def_use.used_in_block, base_relative_jump, branch_to_calculated_pc_rel_addr, stack_def_use.live_var_def, wis_schedule_iter, jump_table_prelude, negative_block_heuristic, relocation_adjustment, compare_and_jump_indirect, reg_def_use.last_def_in_block, relative_jump_table_entry_candidate, discarded_split_load, __agg_single2, padding_block_limit, reg_def_use.return_block_end, plt_entry, stack_def_use.live_var_used

preferred_data_access(EA:address, Size:unsigned, AccessEA:address)

The address at ‘EA’ is probably accessed with size ‘Size’ using the same pattern as the data access in ‘AccessEA’. Preferred data accesses are computed by propagating data accesses based on their multiplier.

• Uses: data_access_pattern, data_access_pattern_non_zero, next_dyssynchronous_data_access

• Recursive: data_object_conflict, labeled_data_candidate, boundary_sym_expr, symbolic_expr_symbol_minus_symbol, data_object, resolved_transfer, function_inference.function_entry, string_candidate, moved_data_label, labeled_ea, value_reg_address_before, code_pointer_in_data, moved_label_candidate, symbolic_operand_point, discarded_jump_table_entry, data_object_total_points, inferred_special_symbol, data_limit, next_data_limit, code_in_refined_block, data_access_limit, symbol_minus_symbol_from_relocation, +disconnected3, moved_displacement_candidate, best_func_symbol, main_function, data_object_point, data_limit_after_access, symbolic_data, string_candidate_refined, preferred_data_access, address_array, symbolic_expr, split_block, refined_block, moved_label, moved_pc_relative_candidate, +disconnected6, code_in_split_block, +disconnected2, after_address_in_data, address_array_aux, next_address_in_data, best_symexpr_symbol, data_object_candidate, symbolic_expr_attribute, +disconnected1, symbolic_operand_attribute, symbolic_operand, got_reference, block_needs_splitting_at, jump_table, label_conflict, symbol_minus_symbol, block_needs_merging, relative_jump_table_entry, base_relative_symbolic_operand, symbol_minus_symbol_candidate, discarded_data_object, symbol_score, inferred_main_function

data_access_pattern_candidate_refined(Address:address, Size:unsigned, Multiplier:number, FromWhere:address)

Filter out some invalid DAP candidates before performing expensive aggregation

• Uses: address_in_data, data_access_pattern_candidate, indirect_call, indirect_jump, instruction, pe_import_entry, relocation

• Used by: dap_location, dap_max_mult, data_access_pattern, resolved_transfer, resolved_transfer_to_symbol

dap_location(Address:address, Size:unsigned)

Unique DAP Address,Size pairs at which the max must be evaluated.

Prevents evaluating the max for each non-unique copy of the pair.

• Uses: data_access_pattern_candidate_refined

• Used by: dap_max_mult

dap_max_mult(Address:address, Size:unsigned, Max:number)

The largest multiplier for each Address,Size combination among the data access pattern candidates

• Uses: dap_location, data_access_pattern_candidate_refined

• Used by: data_access_pattern

data_access_limit(EA:address)

Data limits are the candidates for labeled data and the boundaries of data segments.

• Uses: data_access_pattern_non_zero, data_segment, repeated_byte

• Recursive: data_object_conflict, labeled_data_candidate, boundary_sym_expr, symbolic_expr_symbol_minus_symbol, data_object, resolved_transfer, function_inference.function_entry, string_candidate, moved_data_label, labeled_ea, value_reg_address_before, code_pointer_in_data, moved_label_candidate, symbolic_operand_point, discarded_jump_table_entry, data_object_total_points, inferred_special_symbol, data_limit, next_data_limit, code_in_refined_block, data_access_limit, symbol_minus_symbol_from_relocation, +disconnected3, moved_displacement_candidate, best_func_symbol, main_function, data_object_point, data_limit_after_access, symbolic_data, string_candidate_refined, preferred_data_access, address_array, symbolic_expr, split_block, refined_block, moved_label, moved_pc_relative_candidate, +disconnected6, code_in_split_block, +disconnected2, after_address_in_data, address_array_aux, next_address_in_data, best_symexpr_symbol, data_object_candidate, symbolic_expr_attribute, +disconnected1, symbolic_operand_attribute, symbolic_operand, got_reference, block_needs_splitting_at, jump_table, label_conflict, symbol_minus_symbol, block_needs_merging, relative_jump_table_entry, base_relative_symbolic_operand, symbol_minus_symbol_candidate, discarded_data_object, symbol_score, inferred_main_function

data_limit(EA:address)

Labeled data boundaries

• Uses: data_segment

• Recursive: data_object_conflict, labeled_data_candidate, boundary_sym_expr, symbolic_expr_symbol_minus_symbol, data_object, resolved_transfer, function_inference.function_entry, string_candidate, moved_data_label, labeled_ea, value_reg_address_before, code_pointer_in_data, moved_label_candidate, symbolic_operand_point, discarded_jump_table_entry, data_object_total_points, inferred_special_symbol, data_limit, next_data_limit, code_in_refined_block, data_access_limit, symbol_minus_symbol_from_relocation, +disconnected3, moved_displacement_candidate, best_func_symbol, main_function, data_object_point, data_limit_after_access, symbolic_data, string_candidate_refined, preferred_data_access, address_array, symbolic_expr, split_block, refined_block, moved_label, moved_pc_relative_candidate, +disconnected6, code_in_split_block, +disconnected2, after_address_in_data, address_array_aux, next_address_in_data, best_symexpr_symbol, data_object_candidate, symbolic_expr_attribute, +disconnected1, symbolic_operand_attribute, symbolic_operand, got_reference, block_needs_splitting_at, jump_table, label_conflict, symbol_minus_symbol, block_needs_merging, relative_jump_table_entry, base_relative_symbolic_operand, symbol_minus_symbol_candidate, discarded_data_object, symbol_score, inferred_main_function

next_data_limit(EA:address, Next:address)

The next data limit after ‘EA’ is at ‘Next’.

• Uses: data_segment

• Recursive: data_object_conflict, labeled_data_candidate, boundary_sym_expr, symbolic_expr_symbol_minus_symbol, data_object, resolved_transfer, function_inference.function_entry, string_candidate, moved_data_label, labeled_ea, value_reg_address_before, code_pointer_in_data, moved_label_candidate, symbolic_operand_point, discarded_jump_table_entry, data_object_total_points, inferred_special_symbol, data_limit, next_data_limit, code_in_refined_block, data_access_limit, symbol_minus_symbol_from_relocation, +disconnected3, moved_displacement_candidate, best_func_symbol, main_function, data_object_point, data_limit_after_access, symbolic_data, string_candidate_refined, preferred_data_access, address_array, symbolic_expr, split_block, refined_block, moved_label, moved_pc_relative_candidate, +disconnected6, code_in_split_block, +disconnected2, after_address_in_data, address_array_aux, next_address_in_data, best_symexpr_symbol, data_object_candidate, symbolic_expr_attribute, +disconnected1, symbolic_operand_attribute, symbolic_operand, got_reference, block_needs_splitting_at, jump_table, label_conflict, symbol_minus_symbol, block_needs_merging, relative_jump_table_entry, base_relative_symbolic_operand, symbol_minus_symbol_candidate, discarded_data_object, symbol_score, inferred_main_function

data_limit_after_access(Access:address, DataLimit:address)

The first data limit after the data access at address ‘Access’ is at address ‘DataLimit’.

• Uses: data_access_pattern, data_segment

• Recursive: data_object_conflict, labeled_data_candidate, boundary_sym_expr, symbolic_expr_symbol_minus_symbol, data_object, resolved_transfer, function_inference.function_entry, string_candidate, moved_data_label, labeled_ea, value_reg_address_before, code_pointer_in_data, moved_label_candidate, symbolic_operand_point, discarded_jump_table_entry, data_object_total_points, inferred_special_symbol, data_limit, next_data_limit, code_in_refined_block, data_access_limit, symbol_minus_symbol_from_relocation, +disconnected3, moved_displacement_candidate, best_func_symbol, main_function, data_object_point, data_limit_after_access, symbolic_data, string_candidate_refined, preferred_data_access, address_array, symbolic_expr, split_block, refined_block, moved_label, moved_pc_relative_candidate, +disconnected6, code_in_split_block, +disconnected2, after_address_in_data, address_array_aux, next_address_in_data, best_symexpr_symbol, data_object_candidate, symbolic_expr_attribute, +disconnected1, symbolic_operand_attribute, symbolic_operand, got_reference, block_needs_splitting_at, jump_table, label_conflict, symbol_minus_symbol, block_needs_merging, relative_jump_table_entry, base_relative_symbolic_operand, symbol_minus_symbol_candidate, discarded_data_object, symbol_score, inferred_main_function

next_data_access(EA:address, Next:address)

The next data access after the one at ‘EA’ is at ‘Next’.

• Uses: data_access_pattern, data_segment

• Used by: next_dyssynchronous_data_access, synchronous_access

data_access_pattern_non_zero(Address:address, Size:unsigned, Multiplier:unsigned, FromWhere:address)

• Uses: data_access_pattern

• Used by: data_access_limit, preferred_data_access, synchronous_access

synchronous_access_barrier(EA:address)

Barriers are the candidates for limiting synchronous access pairing.

• Uses: data_segment, symbol

• Used by: synchronous_access_barrier_after_access

synchronous_access_barrier_after_access(EA:address, Barrier:address)

The first synchronous_access barrier after the data access to ‘EA’ is at address ‘Barrier’.

• Uses: data_access_pattern, synchronous_access_barrier

• Used by: synchronous_access

synchronous_access(RefAccess:address, LastEA:address)

Two data accesses are synchronous if: 1. The second access has multiplier 0 and it originates from the same address

as the first.

2. Or, They have the same multiplier and the space between them

means they do not collide with each other even if they are propagated.

synchronous_access denotes that the access at RefAccess is synchronous with all the accesses from RefAccess to LastEA. For example, if we have the consecutive accesses: A, B, C, D. synchronous_access(A,D) means that A is synchronous with B, C and D.

Note that if synchronous_access(A,D) is generated, so will synchronous_access(A,B) and synchronous_access(A,C) since the computation is incremental. We could use subsumption to remove those intermediate results but that would require reworking first_synchronous_access as well.

• Uses: data_access_pattern, data_access_pattern_non_zero, next_data_access, synchronous_access_barrier_after_access

• Used by: first_synchronous_access, next_dyssynchronous_data_access

• Recursive: synchronous_access

first_synchronous_access(Ref:address, Access:address)

The first synchronous data access of ‘Access’ is located at address ‘Ref’.

• Uses: synchronous_access

• Used by: moved_label_candidate, moved_label_class

next_dyssynchronous_data_access(EA:address, Next:address)

The next data access after ‘EA’ that is not synchronous with ‘EA’ is located at address ‘Next’.

• Uses: data_access_pattern, next_data_access, synchronous_access

• Used by: preferred_data_access