Allow function parameters to specify they need to be passed by reference/value without specifying an exact location

Author: D0ntPanic

arch/x86/arch_x86.cpp

@@ -4863,7 +4863,7 @@ class X64SystemVCallingConvention: public X64BaseCallingConvention
 
 		for (auto& param : params)
 		{
-			if (!param.defaultLocation)
+			if (param.locationSource == CustomLocationSource)
 			{
 				// Parameter is not stored in a normal location, use custom variable
 				result.push_back(param.location);
@@ -4887,7 +4887,8 @@ class X64SystemVCallingConvention: public X64BaseCallingConvention
 			size_t width = type->GetWidth();
 			bool indirect = false;
 
-			if (type->GetClass() == ArrayTypeClass)
+			if ((type->GetClass() == ArrayTypeClass || param.locationSource == PassByReferenceLocationSource)
+				&& param.locationSource != PassByValueLocationSource)
 			{
 				type = Type::PointerType(GetArchitecture(), type);
 				indirect = true;

binaryninjaapi.h

@@ -10604,16 +10604,16 @@ namespace BinaryNinja {
 	{
 		std::string name;
 		Confidence<Ref<Type>> type;
-		bool defaultLocation;
+		BNValueLocationSource locationSource;
 		ValueLocation location;
 
 		FunctionParameter() = default;
-		FunctionParameter(const std::string& name, Confidence<Ref<Type>> type): name(name), type(type), defaultLocation(true)
+		FunctionParameter(const std::string& name, Confidence<Ref<Type>> type): name(name), type(type), locationSource(DefaultLocationSource)
 		{}
 
-		FunctionParameter(const std::string& name, const Confidence<Ref<Type>>& type, bool defaultLocation,
+		FunctionParameter(const std::string& name, const Confidence<Ref<Type>>& type, BNValueLocationSource source,
 		    const ValueLocation& location) :
-		    name(name), type(type), defaultLocation(defaultLocation), location(location)
+		    name(name), type(type), locationSource(source), location(location)
 		{}
 
 		static FunctionParameter FromAPIObject(const BNFunctionParameter* param);

binaryninjacore.h

@@ -2637,12 +2637,20 @@ extern "C"
 		uint8_t confidence;
 	} BNValueLocationListWithConfidence;
 
+	BN_ENUM(uint8_t, BNValueLocationSource)
+	{
+		DefaultLocationSource,
+		PassByValueLocationSource,
+		PassByReferenceLocationSource,
+		CustomLocationSource
+	};
+
 	typedef struct BNFunctionParameter
 	{
 		char* name;
 		BNType* type;
 		uint8_t typeConfidence;
-		bool defaultLocation;
+		BNValueLocationSource locationSource;
 		BNValueLocation location;
 	} BNFunctionParameter;
 

demangler/gnu3/demangle_gnu3.cpp

@@ -312,7 +312,7 @@ TypeBuilder DemangleGNU3::DemangleFunction(bool cnst, bool vltl)
 			continue;
 		MyLogDebug("Var_%d - %s\n", i++, param.GetString().c_str());
 		m_functionSubstitute.back().push_back(param);
-		params.push_back({"", param.Finalize(), true, Variable()});
+		params.push_back({"", param.Finalize(), DefaultLocationSource, Variable()});
 	}
 	m_reader.Consume();
 	m_functionSubstitute.pop_back();
@@ -1640,12 +1640,12 @@ void DemangleGNU3::DemangleTemplateArgs(vector<FunctionParameter>& args)
 		{
 		case 'L':
 			expr = DemanglePrimaryExpression();
-			args.push_back({expr, nullptr, true, Variable()});
+			args.push_back({expr, nullptr, DefaultLocationSource, Variable()});
 			tmp = CreateUnknownType(expr);
 			tmpValid = true;
 			break;
 		case 'X':
-			args.push_back({DemangleExpression(), nullptr, true, Variable()});
+			args.push_back({DemangleExpression(), nullptr, DefaultLocationSource, Variable()});
 			if (m_reader.Read() != 'E')
 				throw DemangleException();
 			break;
@@ -1658,7 +1658,7 @@ void DemangleGNU3::DemangleTemplateArgs(vector<FunctionParameter>& args)
 			m_topLevel = false;
 			tmp = DemangleType();
 			m_topLevel = topLevel;
-			args.push_back({tmp.GetString(), nullptr, true, Variable()});
+			args.push_back({tmp.GetString(), nullptr, DefaultLocationSource, Variable()});
 			tmpValid = true;
 		}
 		if (m_topLevel && tmpValid)
@@ -2202,7 +2202,7 @@ TypeBuilder DemangleGNU3::DemangleSymbol(QualifiedName& varName)
 			break;
 		}
 		m_functionSubstitute.back().push_back(param);
-		params.push_back({"", param.Finalize(), true, Variable()});
+		params.push_back({"", param.Finalize(), DefaultLocationSource, Variable()});
 		if (param.GetClass() == VarArgsTypeClass)
 		{
 			if (m_reader.Peek() == 'E')

demangler/msvc/demangle_msvc.cpp

@@ -732,7 +732,7 @@ void Demangle::DemangleVariableList(vector<FunctionParameter>& paramList, Backre
 		}
 		vt.name = name.GetString();
 		vt.type = type.Finalize();
-		vt.defaultLocation = true;
+		vt.locationSource = DefaultLocationSource;
 
 		paramList.push_back(vt);
 		m_logger->LogDebug("Argument %zu: '%s' - '%s'\n", i, vt.type->GetString().c_str(), reader.GetRaw());
@@ -1607,7 +1607,7 @@ TypeBuilder Demangle::DemangleFunction(BNNameType classFunctionType, bool pointe
 		QualifiedName thisName = m_varName;
 		if (thisName.size() > 0)
 			thisName.erase(thisName.end() - 1);
-		params.push_back(FunctionParameter("this", Type::PointerType(m_arch, Type::NamedType(thisName, Type::VoidType())), true, {}));
+		params.push_back(FunctionParameter("this", Type::PointerType(m_arch, Type::NamedType(thisName, Type::VoidType())), DefaultLocationSource, {}));
 	}
 
 	DemangleVariableList(params, m_backrefList);

lang/rust/rusttypes.cpp

@@ -173,9 +173,13 @@ vector<InstructionTextToken> RustTypePrinter::GetTypeTokensAfterNameInternal(
 			}
 			tokens.push_back(nameToken);
 			tokens.emplace_back(TextToken, ": ");
+
+			if (params[i].locationSource == PassByReferenceLocationSource || params[i].location.indirect)
+				tokens.emplace_back(baseConfidence, OperationToken, "&");
+
 			tokens.insert(tokens.end(), paramTokens.begin(), paramTokens.end());
 
-			if (!params[i].defaultLocation && platform && var.has_value())
+			if (params[i].locationSource == CustomLocationSource && platform && var.has_value())
 			{
 				switch (var->type)
 				{

objectivec/objc.cpp

@@ -1247,9 +1247,9 @@ bool ObjCProcessor::ApplyMethodType(Class& cls, Method& method, bool isInstanceM
 		cls.associatedName.IsEmpty() ?
 			m_types.id :
 			Type::PointerType(m_data->GetAddressSize(), Type::NamedType(m_data, cls.associatedName)),
-		true, BinaryNinja::Variable()});
+		DefaultLocationSource, BinaryNinja::Variable()});
 
-	params.push_back({"sel", m_types.sel, true, BinaryNinja::Variable()});
+	params.push_back({"sel", m_types.sel, DefaultLocationSource, BinaryNinja::Variable()});
 
 	for (size_t i = 3; i < typeTokens.size(); i++)
 	{
@@ -1259,7 +1259,7 @@ bool ObjCProcessor::ApplyMethodType(Class& cls, Method& method, bool isInstanceM
 		else
 			name = "arg";
 
-		params.push_back({std::move(name), typeForQualifiedNameOrType(typeTokens[i]), true, BinaryNinja::Variable()});
+		params.push_back({std::move(name), typeForQualifiedNameOrType(typeTokens[i]), DefaultLocationSource, BinaryNinja::Variable()});
 	}
 
 	auto funcType = BinaryNinja::Type::FunctionType(retType, cc, params);

plugins/workflow_swift/src/demangler/function_type.rs

@@ -1,7 +1,7 @@
 use binaryninja::architecture::{ArchitectureExt, CoreArchitecture};
 use binaryninja::confidence::Conf;
 use binaryninja::rc::Ref;
-use binaryninja::types::{FunctionParameter, Type, ValueLocation};
+use binaryninja::types::{FunctionParameter, Type, ValueLocation, ValueLocationSource};
 use swift_demangler::{
     Accessor, AccessorKind, ConstructorKind, HasFunctionSignature, HasModule, Metadata,
     MetadataKind, Symbol,
@@ -78,7 +78,7 @@ impl CallingConvention {
         self.leading_params.push(FunctionParameter {
             ty: self_ty.into(),
             name: "self".to_string(),
-            location: None,
+            location: ValueLocationSource::Default,
         });
     }
 
@@ -98,12 +98,12 @@ impl CallingConvention {
         self.trailing_params.push(FunctionParameter {
             ty: void_ptr.clone().into(),
             name: "selfMetadata".to_string(),
-            location: None,
+            location: ValueLocationSource::Default,
         });
         self.trailing_params.push(FunctionParameter {
             ty: void_ptr.into(),
             name: "selfWitnessTable".to_string(),
-            location: None,
+            location: ValueLocationSource::Default,
         });
     }
 
@@ -139,7 +139,7 @@ impl CallingConvention {
             all_params.push(FunctionParameter {
                 ty: error_ty.into(),
                 name: "error".to_string(),
-                location: self.abi.as_ref().and_then(|a| a.error_location()),
+                location: self.abi.as_ref().and_then(|a| a.error_location()).into(),
             });
         }
 
@@ -148,7 +148,11 @@ impl CallingConvention {
             all_params.push(FunctionParameter {
                 ty: ptr_ty.into(),
                 name: "asyncContext".to_string(),
-                location: self.abi.as_ref().and_then(|a| a.async_context_location()),
+                location: self
+                    .abi
+                    .as_ref()
+                    .and_then(|a| a.async_context_location())
+                    .into(),
             });
         }
 
@@ -240,7 +244,7 @@ pub fn build_function_type(symbol: &Symbol, arch: &CoreArchitecture) -> Option<R
             Some(FunctionParameter {
                 ty: ty.into(),
                 name,
-                location: None,
+                location: ValueLocationSource::Default,
             })
         })
         .collect();
@@ -283,7 +287,7 @@ fn build_accessor_type(accessor: &Accessor, arch: &CoreArchitecture) -> Option<R
             let params = vec![FunctionParameter {
                 ty: prop_ty.into(),
                 name: "newValue".to_string(),
-                location: None,
+                location: ValueLocationSource::Default,
             }];
             Some(cc.build_type(&Type::void(), params))
         }
@@ -309,12 +313,12 @@ fn build_metadata_function_type(metadata: &Metadata, arch: &CoreArchitecture) ->
                 FunctionParameter {
                     ty: void_ptr.clone().into(),
                     name: "metadata".to_string(),
-                    location: None,
+                    location: ValueLocationSource::Default,
                 },
                 FunctionParameter {
                     ty: void_ptr.clone().into(),
                     name: "method".to_string(),
-                    location: None,
+                    location: ValueLocationSource::Default,
                 },
             ];
             Some(Type::function(&void_ptr, params, false))

plugins/workflow_swift/src/demangler/type_reconstruction.rs

@@ -1,6 +1,8 @@
 use binaryninja::architecture::{Architecture, CoreArchitecture};
 use binaryninja::rc::Ref;
-use binaryninja::types::{NamedTypeReference, NamedTypeReferenceClass, QualifiedName, Type};
+use binaryninja::types::{
+    NamedTypeReference, NamedTypeReferenceClass, QualifiedName, Type, ValueLocationSource,
+};
 use swift_demangler::{TypeKind, TypeRef};
 
 pub(crate) trait TypeRefExt {
@@ -57,7 +59,7 @@ impl TypeRefExt for TypeRef<'_> {
                         Some(binaryninja::types::FunctionParameter {
                             ty: ty.into(),
                             name,
-                            location: None,
+                            location: ValueLocationSource::Default,
                         })
                     })
                     .collect();

python/types.py

@@ -28,7 +28,7 @@
 from . import _binaryninjacore as core
 from .enums import (
 	InlineDuringAnalysis, StructureVariant, SymbolType, SymbolBinding, TypeClass, NamedTypeReferenceClass,
-	ReferenceType, VariableSourceType,
+	ReferenceType, VariableSourceType, ValueLocationSource,
 	TypeReferenceType, MemberAccess, MemberScope, TypeDefinitionLineType,
 	TokenEscapingType,
 	NameType, PointerSuffix, PointerBaseType
@@ -624,16 +624,21 @@ def _to_core_struct(self) -> core.BNReturnValue:
 class FunctionParameter:
 	type: SomeType
 	name: str = ""
+	location_source: ValueLocationSource = ValueLocationSource.DefaultLocationSource
 	location: Optional['ValueLocation'] = None
 
-	def __init__(self, type: SomeType, name: str = "", location: OptionalLocation = None):
+	def __init__(self, type: SomeType, name: str = "", location: OptionalLocation = None, source: Optional['ValueLocationSource'] = None):
 		self.type = type
 		self.name = name
 		location = ValueLocationWithConfidence.from_optional_location(location)
 		if location is not None:
 			self.location = location.location
+			self.location_source = ValueLocationSource.CustomLocationSource
 		else:
 			self.location = None
+			self.location_source = ValueLocationSource.DefaultLocationSource
+		if source is not None:
+			self.location_source = source
 
 	def __repr__(self):
 		ic = self.type.immutable_copy()
@@ -651,11 +656,12 @@ def mutable_copy(self) -> 'FunctionParameter':
 	def _from_core_struct(struct: 'core.BNFunctionParameter', arch: Optional['architecture.Architecture'] = None) -> 'FunctionParameter':
 		name = struct.name
 		ty = Type.from_core_struct(struct.type).with_confidence(struct.typeConfidence)
-		if struct.defaultLocation:
-			location = None
-		else:
+		source = ValueLocationSource(struct.locationSource)
+		if source == ValueLocationSource.CustomLocationSource:
 			location = ValueLocation._from_core_struct(struct.location, arch)
-		return FunctionParameter(ty, name, location)
+		else:
+			location = None
+		return FunctionParameter(ty, name, location, source)
 
 
 @dataclass(frozen=True)
@@ -1514,10 +1520,11 @@ def parameters(self) -> List[FunctionParameter]:
 			param_type = Type.create(
 			    core.BNNewTypeReference(params[i].type), platform=self.platform, confidence=params[i].typeConfidence
 			)
-			if params[i].defaultLocation:
-				param_location = None
-			else:
+			source = ValueLocationSource(params[i].locationSource)
+			if source == ValueLocationSource.CustomLocationSource:
 				param_location = ValueLocation._from_core_struct(params[i].location, arch)
+			else:
+				param_location = None
 			result.append(FunctionParameter(param_type, params[i].name, param_location))
 		core.BNFreeTypeParameterList(params, count.value)
 		return result
@@ -1546,7 +1553,7 @@ def _to_core_struct(params: Optional[ParamsType] = None):
 				core_param.name = ""
 				core_param.type = param.handle
 				core_param.typeConfidence = param.confidence
-				core_param.defaultLocation = True
+				core_param.locationSource = int(ValueLocationSource.DefaultLocationSource)
 				core_param.location.count = 0
 			elif isinstance(param, FunctionParameter):
 				assert param.type is not None, "Attempting to construct function parameter without properly constructed type"
@@ -1555,11 +1562,10 @@ def _to_core_struct(params: Optional[ParamsType] = None):
 				core_param.name = param.name
 				core_param.type = param_type.handle
 				core_param.typeConfidence = param_type.confidence
+				core_param.locationSource = int(param.location_source)
 				if param.location is None:
-					core_param.defaultLocation = True
 					core_param.location.count = 0
 				else:
-					core_param.defaultLocation = False
 					if isinstance(param.location, ValueLocation):
 						core_param.location = param.location._to_core_struct()
 					elif isinstance(param.location, variable.CoreVariable):
@@ -1575,7 +1581,7 @@ def _to_core_struct(params: Optional[ParamsType] = None):
 				core_param.name = name
 				core_param.type = _type.handle
 				core_param.typeConfidence = _type.confidence
-				core_param.defaultLocation = True
+				core_param.locationSource = int(ValueLocationSource.DefaultLocationSource)
 				core_param.location.count = 0
 			else:
 				raise ValueError(f"Conversion from unsupported function parameter type {type(param)}")
@@ -3472,11 +3478,12 @@ def parameters(self) -> List[FunctionParameter]:
 			param_type = Type.create(
 			    core.BNNewTypeReference(params[i].type), platform=self._platform, confidence=params[i].typeConfidence
 			)
-			if params[i].defaultLocation:
-				param_location = None
-			else:
+			source = ValueLocationSource(params[i].locationSource)
+			if source == ValueLocationSource.CustomLocationSource:
 				param_location = ValueLocation._from_core_struct(params[i].location, arch)
-			result.append(FunctionParameter(param_type, params[i].name, param_location))
+			else:
+				param_location = None
+			result.append(FunctionParameter(param_type, params[i].name, param_location, source))
 		core.BNFreeTypeParameterList(params, count.value)
 		return result