The environment for a CFG-based analysis.

Base strategy for building a CFG without any customizable context.

Base strategy for building a CFG.

This is a non-returning function identification strategy that can check conditionally non-returning functions. We currently support only those simple patterns that are handled by compilers, but we may have to extend this as the compilers evolve.

Dummy context.

Summarizes a function in the EVM context. Thanks to the powerful expressiveness of B2R2's IR, we can easily express a function's abstraction, including its unwinding behavior and return behavior.

User-defined context for EVM functions. EVMFunctionSummarizer uses this information to summarize the function, especially the return target.

Base strategy for identifying function entry points.

Base class for summarizing a function in a lightweight manner. One can extend this class to implement a more sophisticated function summarizer.

The interface for a CFG-based analysis, which is performed on a CFG. This interface wraps an analysis function, which can be unwrapped and executed later.

Represents the main interface for CFG recovery strategies.

Represents a callback interface for graph operations in CFG recovery.

Handles the analysis of indirect jumps and conditional jumps during CFG recovery.

The interface for syscall stub analysis. This is to know whether the given syscall instruction is an exit syscall or not. Since this analysis runs in the middle of the CFG building, it should be solely based on the LowUIRCFG, not the SSACFG.

Base class for analyzing jump tables.

Perform stack pointer propgation analysis on the current SSACFG. This analysis performs mainly two tasks: (1) identify stack variables and promote the SSACFG, and (2) calculate the stack frame size of the function.

Basic syscall analysis that only analyzes a single basic block that contains the syscall instruction.