package ghidra.app.plugin.core.analysis;

import ghidra.app.cmd.function.CreateFunctionCmd;
import ghidra.app.plugin.core.clear.ClearFlowAndRepairCmd;
import ghidra.app.services.AbstractAnalyzer;
import ghidra.app.services.AnalysisPriority;
import ghidra.app.services.AnalyzerType;
import ghidra.app.tablechooser.AddressableRowObject;
import ghidra.app.util.HelpTopics;
import ghidra.app.util.importer.MessageLog;
import ghidra.framework.options.Options;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressOverflowException;
import ghidra.program.model.address.AddressSet;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.block.CodeBlock;
import ghidra.program.model.block.CodeBlockReference;
import ghidra.program.model.block.CodeBlockReferenceIterator;
import ghidra.program.model.block.SimpleBlockModel;
import ghidra.program.model.lang.GhidraLanguagePropertyKeys;
import ghidra.program.model.listing.CodeUnit;
import ghidra.program.model.listing.Data;
import ghidra.program.model.listing.FlowOverride;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.FunctionIterator;
import ghidra.program.model.listing.FunctionManager;
import ghidra.program.model.listing.Instruction;
import ghidra.program.model.listing.Listing;
import ghidra.program.model.listing.Program;
import ghidra.program.model.symbol.FlowType;
import ghidra.program.model.symbol.RefType;
import ghidra.program.model.symbol.Reference;
import ghidra.program.model.symbol.ReferenceIterator;
import ghidra.util.HelpLocation;
import ghidra.util.exception.CancelledException;
import ghidra.util.task.TaskMonitor;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Stack;

/* loaded from: input_file:ghidra/app/plugin/core/analysis/FindNoReturnFunctionsAnalyzer.class */
public class FindNoReturnFunctionsAnalyzer extends AbstractAnalyzer {
    private static final String NAME = "Non-Returning Functions - Discovered";
    protected static final String DESCRIPTION = "As code is disassembled, discovers indications that functions do not return.  When a threshold of evidence is crossed, functions are marked non-returning.The one-shot analysis action can be used if functions were created while this analyzer was disabled or not present.";
    private static final String OPTION_FUNCTION_NONRETURN_THRESHOLD = "Function Non-return Threshold";
    private static final String OPTION_DESCRIPTION_FUNCTION_NONRETURN_THRESHOLD = "Enter the number of indications for a given function before it is considered non-returning.";
    private static final int OPTION_DEFAULT_EVIDENCE_THRESHOLD = 3;
    private int evidenceThresholdFunctions;
    private static final String OPTION_NAME_REPAIR_DAMAGE = "Repair Flow Damage";
    private static final String OPTION_DESCRIPTION_REPAIR_DAMAGE = "Signals to repair any flow after a call to found non-returning functions.";
    private static final boolean OPTION_DEFAULT_REPAIR_DAMAGE_ENABLED = true;
    private static final String OPTION_NAME_CREATE_BOOKMARKS = "Create Analysis Bookmarks";
    private static final String OPTION_DESCRIPTION_CREATE_BOOKMARKS = "Signals to create an analysis bookmark on each function marked as non-returning.";
    private static final boolean OPTION_DEFAULT_CREATE_BOOKMARKS_ENABLED = true;
    private boolean repairDamageEnabled;
    private boolean createBookmarksEnabled;
    private Program program;
    private TaskMonitor monitor;
    private List<NoReturnLocations> reasonList;
    private Address lastGetNextFuncAddress;
    private Address nextFunction;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ghidra/app/plugin/core/analysis/FindNoReturnFunctionsAnalyzer$NoReturnLocations.class */
    public class NoReturnLocations implements AddressableRowObject {
        private Address addr;
        private Address whyAddr;
        private String explanation;

        NoReturnLocations(FindNoReturnFunctionsAnalyzer findNoReturnFunctionsAnalyzer, Address address, Address address2, String str) {
            this.addr = address;
            this.whyAddr = address2;
            this.explanation = str;
        }

        @Override // ghidra.app.tablechooser.AddressableRowObject
        public Address getAddress() {
            return getNoReturnAddr();
        }

        public Address getNoReturnAddr() {
            return this.addr;
        }

        public Address getWhyAddr() {
            return this.whyAddr;
        }

        public String getExplanation() {
            return this.explanation;
        }

        public String toString() {
            return "NoReturn At:" + String.valueOf(getAddress()) + "  because: " + getExplanation() + (this.whyAddr != null ? " at " + String.valueOf(this.whyAddr) : "");
        }
    }

    public FindNoReturnFunctionsAnalyzer() {
        this(NAME, DESCRIPTION, AnalyzerType.INSTRUCTION_ANALYZER);
    }

    public FindNoReturnFunctionsAnalyzer(String str, String str2, AnalyzerType analyzerType) {
        super(str, str2, analyzerType);
        this.evidenceThresholdFunctions = 3;
        this.repairDamageEnabled = true;
        this.createBookmarksEnabled = true;
        this.reasonList = null;
        this.lastGetNextFuncAddress = null;
        this.nextFunction = null;
        setPriority(AnalysisPriority.DISASSEMBLY.after());
        setSupportsOneTimeAnalysis();
    }

    @Override // ghidra.app.services.Analyzer
    public boolean added(Program program, AddressSetView addressSetView, TaskMonitor taskMonitor, MessageLog messageLog) throws CancelledException {
        try {
            this.program = program;
            this.monitor = taskMonitor;
            this.reasonList = new ArrayList();
            this.lastGetNextFuncAddress = null;
            taskMonitor.setMessage("NoReturn - Finding non-returning functions");
            AddressSet addressSet = new AddressSet();
            if (detectNoReturn(this.program, addressSet, addressSetView)) {
                detectNoReturn(this.program, addressSet, addressSetView);
            }
            for (Address address : addressSet.getAddresses(true)) {
                taskMonitor.checkCancelled();
                setFunctionNonReturning(this.program, address);
                taskMonitor.setMessage("NoReturn - Clearing fallthrough at: " + String.valueOf(address));
                setNoFallThru(this.program, address);
                taskMonitor.setMessage("NoReturn - Fixup function bodies for: " + String.valueOf(address));
                fixCallingFunctionBody(this.program, address);
            }
            if (this.repairDamageEnabled) {
                Iterator<Address> it = addressSet.getAddresses(true).iterator();
                while (it.hasNext()) {
                    repairDamagedLocations(taskMonitor, findPotentialDamagedLocations(this.program, it.next()), addressSet);
                }
            }
            return true;
        } finally {
            this.program = null;
            this.monitor = null;
            this.reasonList = null;
        }
    }

    private void repairDamagedLocations(TaskMonitor taskMonitor, AddressSet addressSet, AddressSet addressSet2) {
        if (addressSet == null || addressSet.isEmpty()) {
            return;
        }
        new ClearFlowAndRepairCmd(addressSet, AutoAnalysisManager.getAnalysisManager(this.program).getProtectedLocations().union(addressSet2), true, false, true).applyTo(this.program, taskMonitor);
    }

    private void setFunctionNonReturning(Program program, Address address) {
        Function functionAt = program.getFunctionManager().getFunctionAt(address);
        if (functionAt == null) {
            new CreateFunctionCmd(address).applyTo(program);
            functionAt = program.getFunctionManager().getFunctionAt(address);
            if (functionAt == null) {
                return;
            }
        }
        functionAt.setNoReturn(true);
    }

    protected void setNoFallThru(Program program, Address address) {
        ReferenceIterator referencesTo = this.program.getReferenceManager().getReferencesTo(address);
        while (referencesTo.hasNext()) {
            Reference next = referencesTo.next();
            if (next.getReferenceType().isCall()) {
                Instruction instructionAt = this.program.getListing().getInstructionAt(next.getFromAddress());
                if (instructionAt != null && instructionAt.getFallThrough() != null) {
                    instructionAt.setFlowOverride(FlowOverride.CALL_RETURN);
                }
            }
        }
    }

    private AddressSet findPotentialDamagedLocations(Program program, Address address) {
        String address2 = address.toString();
        Function functionAt = program.getFunctionManager().getFunctionAt(address);
        if (functionAt != null) {
            address2 = functionAt.getName();
        }
        try {
            this.monitor.setMessage("NoReturn - Clearing and repairing flows for: " + address2);
            return findRepairLocations(program, address);
        } catch (CancelledException e) {
            return new AddressSet();
        }
    }

    protected AddressSet findRepairLocations(Program program, Address address) throws CancelledException {
        AddressSet addressSet = new AddressSet();
        AddressSet addressSet2 = new AddressSet();
        ReferenceIterator referencesTo = this.program.getReferenceManager().getReferencesTo(address);
        while (referencesTo.hasNext()) {
            Reference next = referencesTo.next();
            if (next.getReferenceType().isCall()) {
                Instruction instructionAt = this.program.getListing().getInstructionAt(next.getFromAddress());
                if (instructionAt != null) {
                    Address fallThrough = instructionAt.getFallThrough();
                    if (fallThrough == null) {
                        try {
                            fallThrough = instructionAt.getMinAddress().addNoWrap(instructionAt.getDefaultFallThroughOffset());
                        } catch (AddressOverflowException e) {
                        }
                    }
                    if (fallThrough != null && !fallThrough.equals(address)) {
                        Address skipNOPS = skipNOPS(fallThrough);
                        if (!this.program.getSymbolTable().isExternalEntryPoint(skipNOPS) && !this.program.getSymbolTable().isExternalEntryPoint(fallThrough) && !hasFlowRefInto(fallThrough) && !hasFlowRefInto(skipNOPS)) {
                            if (this.program.getListing().getInstructionAt(fallThrough) != null) {
                                addressSet.add(fallThrough);
                            } else {
                                addressSet2.add(fallThrough);
                            }
                        }
                    }
                }
            }
        }
        if (!addressSet2.isEmpty()) {
            ClearFlowAndRepairCmd.clearBadBookmarks(this.program, addressSet2, this.monitor);
        }
        return addressSet;
    }

    private boolean detectNoReturn(Program program, AddressSet addressSet, AddressSetView addressSetView) throws CancelledException {
        Instruction instructionAt;
        AddressSet addressSet2 = new AddressSet();
        boolean z = false;
        for (Address address : program.getReferenceManager().getReferenceSourceIterator(addressSetView, true)) {
            this.monitor.checkCancelled();
            if (!addressSet2.contains(address)) {
                addressSet2.add(address);
                Instruction instructionAt2 = program.getListing().getInstructionAt(address);
                if (instructionAt2 != null && instructionAt2.getFlowType().isCall() && instructionAt2.getFlowType().hasFallthrough() && checkNonReturningIndicators(instructionAt2, addressSet)) {
                    for (Address address2 : instructionAt2.getFlows()) {
                        int i = 1;
                        Iterator<Reference> it = program.getReferenceManager().getReferencesTo(address2).iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Reference next = it.next();
                            if (next.getReferenceType().isCall()) {
                                Address fromAddress = next.getFromAddress();
                                if (!addressSet2.contains(fromAddress)) {
                                    addressSet2.add(fromAddress);
                                    if (!addressSet.contains(address2) && (instructionAt = program.getListing().getInstructionAt(fromAddress)) != null && checkNonReturningIndicators(instructionAt, addressSet)) {
                                        i++;
                                        if (i >= this.evidenceThresholdFunctions) {
                                            addressSet.add(address2);
                                            break;
                                        }
                                    }
                                } else {
                                    continue;
                                }
                            }
                        }
                        if (i < this.evidenceThresholdFunctions) {
                            if (targetOnlyCallsNoReturn(program, address2, addressSet)) {
                                this.reasonList.add(new NoReturnLocations(this, address2, null, "Calls only non-returing function"));
                                addressSet.add(address2);
                            } else {
                                z = true;
                            }
                        }
                    }
                }
            }
        }
        return z;
    }

    private boolean targetOnlyCallsNoReturn(Program program, Address address, AddressSet addressSet) throws CancelledException {
        SimpleBlockModel simpleBlockModel = new SimpleBlockModel(program);
        Stack stack = new Stack();
        stack.push(address);
        AddressSet addressSet2 = new AddressSet();
        boolean z = false;
        while (!stack.isEmpty()) {
            Address address2 = (Address) stack.pop();
            CodeBlock codeBlockAt = simpleBlockModel.getCodeBlockAt(address2, this.monitor);
            if (codeBlockAt == null) {
                return false;
            }
            if (!addressSet2.contains(address2)) {
                addressSet2.add(address2);
                FlowType flowType = codeBlockAt.getFlowType();
                if (flowType.isTerminal() && !flowType.isCall()) {
                    return false;
                }
                CodeBlockReferenceIterator destinations = codeBlockAt.getDestinations(this.monitor);
                if (!destinations.hasNext()) {
                    return false;
                }
                while (destinations.hasNext()) {
                    CodeBlockReference next = destinations.next();
                    Address reference = next.getReference();
                    FlowType flowType2 = next.getFlowType();
                    if (flowType2.isCall() || flowType2.isJump()) {
                        if (addressSet.contains(reference)) {
                            z = true;
                        } else {
                            Function functionAt = program.getFunctionManager().getFunctionAt(reference);
                            if (functionAt != null && functionAt.hasNoReturn()) {
                                z = true;
                            } else if (flowType.isTerminal() && (flowType2.isCall() || functionAt != null)) {
                                return false;
                            }
                        }
                    }
                    if (!flowType2.isCall() && !flowType2.isIndirect()) {
                        stack.push(reference);
                    }
                }
            }
        }
        return z;
    }

    private boolean checkNonReturningIndicators(Instruction instruction, AddressSet addressSet) throws CancelledException {
        Address fallThrough = instruction.getFallThrough();
        FunctionManager functionManager = this.program.getFunctionManager();
        Function functionContaining = functionManager.getFunctionContaining(instruction.getMinAddress());
        Address address = null;
        Address[] flows = instruction.getFlows();
        if (flows != null && flows.length > 0) {
            address = flows[0];
        }
        Address functionAfter = getFunctionAfter(fallThrough);
        Listing listing = this.program.getListing();
        while (fallThrough != null) {
            if (functionAfter != null && functionAfter.equals(fallThrough)) {
                this.reasonList.add(new NoReturnLocations(this, address, fallThrough, "Function defined after call"));
                return true;
            }
            CodeUnit codeUnitAt = listing.getCodeUnitAt(fallThrough);
            if (codeUnitAt == null || (codeUnitAt instanceof Data)) {
                this.reasonList.add(new NoReturnLocations(this, address, instruction.getMinAddress(), "Falls into data after call"));
                return true;
            }
            Instruction instruction2 = (Instruction) codeUnitAt;
            if (functionAfter != null && codeUnitAt.contains(functionAfter)) {
                this.reasonList.add(new NoReturnLocations(this, address, fallThrough, "Function defined in instruction after call"));
                return true;
            }
            if (hasInconsistentRefsTo(fallThrough, functionManager, functionContaining, address)) {
                return true;
            }
            if (listing.getDefinedDataAt(fallThrough) != null) {
                this.reasonList.add(new NoReturnLocations(this, address, fallThrough, "Data after call"));
                return true;
            }
            fallThrough = null;
            if (instruction2.getFlowType().isFallthrough()) {
                fallThrough = instruction2.getFallThrough();
            }
        }
        return false;
    }

    private boolean hasInconsistentRefsTo(Address address, FunctionManager functionManager, Function function, Address address2) {
        if (!this.program.getReferenceManager().hasReferencesTo(address)) {
            return false;
        }
        ReferenceIterator referencesTo = this.program.getReferenceManager().getReferencesTo(address);
        while (referencesTo.hasNext()) {
            Reference next = referencesTo.next();
            RefType referenceType = next.getReferenceType();
            if (referenceType.isRead() || referenceType.isWrite()) {
                if (function == null) {
                    this.reasonList.add(new NoReturnLocations(this, address2, next.getToAddress(), "Data Reference after call"));
                    return true;
                }
                if (function.equals(functionManager.getFunctionContaining(next.getFromAddress()))) {
                    this.reasonList.add(new NoReturnLocations(this, address2, next.getToAddress(), "Data Reference from same function after call"));
                    return true;
                }
            }
            if (referenceType.isCall()) {
                this.reasonList.add(new NoReturnLocations(this, address2, next.getToAddress(), "Call Reference after call"));
                return true;
            }
        }
        return false;
    }

    private Address getFunctionAfter(Address address) {
        if (address == null) {
            return null;
        }
        if (this.lastGetNextFuncAddress != null && address.compareTo(this.lastGetNextFuncAddress) >= 0 && (this.nextFunction == null || address.compareTo(this.nextFunction) <= 0)) {
            return this.nextFunction;
        }
        FunctionIterator functions = this.program.getFunctionManager().getFunctions(address, true);
        this.nextFunction = null;
        this.lastGetNextFuncAddress = address;
        if (functions.hasNext()) {
            this.nextFunction = functions.next().getEntryPoint();
        }
        return this.nextFunction;
    }

    protected void fixCallingFunctionBody(Program program, Address address) throws CancelledException {
        Function functionContaining;
        if (this.createBookmarksEnabled) {
            program.getBookmarkManager().setBookmark(address, "Analysis", "Non-Returning Function", "Non-Returning Function Found");
        }
        AddressSet addressSet = new AddressSet();
        ReferenceIterator referencesTo = program.getReferenceManager().getReferencesTo(address);
        while (referencesTo.hasNext()) {
            Reference next = referencesTo.next();
            if (next.getReferenceType().isCall()) {
                Address fromAddress = next.getFromAddress();
                if (!addressSet.contains(fromAddress) && (functionContaining = program.getFunctionManager().getFunctionContaining(fromAddress)) != null) {
                    AddressSetView body = functionContaining.getBody();
                    AddressSetView functionBody = CreateFunctionCmd.getFunctionBody(program, functionContaining.getEntryPoint());
                    if (body.equals(functionBody)) {
                        addressSet.add(functionBody);
                    } else {
                        CreateFunctionCmd.fixupFunctionBody(program, functionContaining, this.monitor);
                        Function functionContaining2 = program.getFunctionManager().getFunctionContaining(fromAddress);
                        if (functionContaining2 != null) {
                            addressSet.add(functionContaining2.getBody());
                        }
                    }
                }
            }
        }
    }

    private boolean hasFlowRefInto(Address address) {
        if (address == null) {
            return false;
        }
        ReferenceIterator referencesTo = this.program.getReferenceManager().getReferencesTo(address);
        while (referencesTo.hasNext()) {
            if (referencesTo.next().getReferenceType().isFlow()) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0056  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private ghidra.program.model.address.Address skipNOPS(ghidra.program.model.address.Address r4) {
        /*
            r3 = this;
            r0 = 0
            r5 = r0
        L2:
            r0 = r4
            if (r0 == 0) goto Lc6
            r0 = r5
            r1 = 16
            if (r0 >= r1) goto Lc6
            r0 = r3
            ghidra.program.model.listing.Program r0 = r0.program
            ghidra.program.model.listing.Listing r0 = r0.getListing()
            r1 = r4
            ghidra.program.model.listing.Instruction r0 = r0.getInstructionAt(r1)
            r6 = r0
            r0 = r6
            if (r0 != 0) goto L22
            r0 = r4
            return r0
        L22:
            r0 = r6
            ghidra.program.model.symbol.FlowType r0 = r0.getFlowType()
            boolean r0 = r0.isFallthrough()
            if (r0 != 0) goto L30
            r0 = r4
            return r0
        L30:
            r0 = r6
            ghidra.program.model.pcode.PcodeOp[] r0 = r0.getPcode()
            r7 = r0
            r0 = r7
            if (r0 == 0) goto Lae
            r0 = r7
            int r0 = r0.length
            if (r0 == 0) goto Lae
            r0 = r7
            r8 = r0
            r0 = r8
            int r0 = r0.length
            r9 = r0
            r0 = 0
            r10 = r0
        L4f:
            r0 = r10
            r1 = r9
            if (r0 >= r1) goto Lae
            r0 = r8
            r1 = r10
            r0 = r0[r1]
            r11 = r0
            r0 = r11
            int r0 = r0.getOpcode()
            r12 = r0
            r0 = r12
            switch(r0) {
                case 2: goto L90;
                case 3: goto L90;
                case 9: goto L90;
                case 67: goto L90;
                default: goto L92;
            }
        L90:
            r0 = r4
            return r0
        L92:
            r0 = r11
            ghidra.program.model.pcode.Varnode r0 = r0.getOutput()
            r13 = r0
            r0 = r13
            if (r0 == 0) goto La8
            r0 = r13
            boolean r0 = r0.isUnique()
            if (r0 != 0) goto La8
            r0 = r4
            return r0
        La8:
            int r10 = r10 + 1
            goto L4f
        Lae:
            r0 = r6
            ghidra.program.model.address.Address r0 = r0.getFallThrough()
            r4 = r0
            r0 = r4
            if (r0 != 0) goto Lc0
            r0 = r6
            ghidra.program.model.address.Address r0 = r0.getMinAddress()
            return r0
        Lc0:
            int r5 = r5 + 1
            goto L2
        Lc6:
            r0 = r4
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: ghidra.app.plugin.core.analysis.FindNoReturnFunctionsAnalyzer.skipNOPS(ghidra.program.model.address.Address):ghidra.program.model.address.Address");
    }

    @Override // ghidra.app.services.AbstractAnalyzer, ghidra.app.services.Analyzer
    public boolean getDefaultEnablement(Program program) {
        return program.getLanguage().getPropertyAsBoolean(GhidraLanguagePropertyKeys.ENABLE_NO_RETURN_ANALYSIS, true);
    }

    @Override // ghidra.app.services.AbstractAnalyzer, ghidra.app.services.Analyzer
    public void registerOptions(Options options, Program program) {
        options.registerOption(OPTION_FUNCTION_NONRETURN_THRESHOLD, 3, new HelpLocation(HelpTopics.AUTO_ANALYSIS, "Auto_Analysis_Option_Instructions"), OPTION_DESCRIPTION_FUNCTION_NONRETURN_THRESHOLD);
        options.registerOption(OPTION_NAME_REPAIR_DAMAGE, Boolean.valueOf(this.repairDamageEnabled), null, OPTION_DESCRIPTION_REPAIR_DAMAGE);
        options.registerOption("Create Analysis Bookmarks", Boolean.valueOf(this.createBookmarksEnabled), null, OPTION_DESCRIPTION_CREATE_BOOKMARKS);
    }

    @Override // ghidra.app.services.AbstractAnalyzer, ghidra.app.services.Analyzer
    public void optionsChanged(Options options, Program program) {
        this.evidenceThresholdFunctions = options.getInt(OPTION_FUNCTION_NONRETURN_THRESHOLD, 3);
        this.repairDamageEnabled = options.getBoolean(OPTION_NAME_REPAIR_DAMAGE, this.repairDamageEnabled);
        this.createBookmarksEnabled = options.getBoolean("Create Analysis Bookmarks", this.createBookmarksEnabled);
    }
}
