The action queue for the CFG building process.

The basic block factory.

The binary handle.

The control flow graph in LowUIR.

Constant propagation analyzer that is used to incrementally update the dataflow state of the CFG as we recover it.

From a call site of a caller vertex to the caller vertex itself.

Set of callers of this function.

The exception information of the binary.

The address of the function that is being built.

Function name.

Vertices created during gap analysis. These will be added as a unreachable code segment by default. The only exception is when we find a non-returning call instruction and a gap starts right after it, as this indicates that the gap has been considered reachable by the compiler when generating the binary although our non-returning analysis is more conservative (and precise), so we regard this gap as non-reachable.

Gap addresses, which have been identified as data. By adding these addresses to this blacklist, we prevent performing gap analysis on these addresses again.

Gap to be processed.

Table for maintaining intra-function call information of this function.

Is this an external function or not.

Which jump table entry is currently being recovered? (table addr, index)

Jump tables associated with this function.

The channel for accessing the state of the TaskManager.

Is this function a no-return function?

Pending call-edge connection actions (e.g., MakeCall, MakeTlCall, etc) for each callee address. This is to remember the actions that are waiting for the callee to be built.

Thread ID that is currently building this function.

The number of unwinding bytes of the stack when this function returns.

The user-defined per-function context.

Mapping from a program point to a vertex in the LowUIRCFG.

The set of visited BBL program points. This is to prevent visiting the same basic block multiple times when constructing the CFG.

Find a gap between the current function and the next function. This function finds every gap between the current function and the next function. If there are multiple gaps, return all of them.

Find the first overlapping vertex in the CFG. We consider two cases: (1) two vertices share the same address, or (2) a vertex is beyond the range of the current function. If there's no such an overlap, return None. This function will check for the first case by traversing the vertices in the ascending order of addresses. This is crucial for the correctness of the rollback mechanism as we need to figure out which vertex is causing the overlap. Since we run this function after fully over-appriximating the CFG, we can assume that the first overlapping vertex is the problematic one. We then check the second case by assuming that the current function's boundary is determined by the next function's address. If there's a vertex that is located beyond the boundary, we consider it as an overlap. This function will return only the first overlapping vertex even though there may be multiple overlapping vertices.

Scan basic blocks starting from the given entry points. By discovering new basic blocks, existing blocks can be divided into multiple blocks, in which case this will return a sequence of divided edges created by discovering new basic blocks.