Introduce operand offset (C++ and Java)

[arvi18]

This PR introduces a new pre-defined symbol named operand_offset to expose the relative byte offset of the current operand from inst_start. This is required to correctly compute PC-relative operand addresses for DEC VAX.

See NationalSecurityAgency#4606 about my attempts of solving this (and failing) with existing methods.

While the diff looks relatively large, there's no new computation going on. It merely exposes the offset which parserWalker already has. The rest of the code is just "symbol ceremony" copied from inst_start.

There are two commits, the first one covers the "C++" side, the second covers the "Java" side.

Fixes NationalSecurityAgency#4606

[visz11]

/refacto-test

[refacto-test]

Refacto is reviewing this PR. Please wait for the review comments to be posted.

[refacto-test]

Missing Bounds Checking in getOffset Method Call

The code calls walker.getOffset(-1) without validating the return value. If the getOffset method doesn't properly handle negative indices, this could potentially lead to accessing memory outside the intended bounds. While the -1 parameter appears to be intentional, the lack of bounds checking or error handling could be problematic if the underlying implementation changes.

Suggested change

	virtual intb getValue(ParserWalker &walker) const {
	return (intb)walker.getOffset(-1);
	}
	virtual intb getValue(ParserWalker &walker) const {
	intb offset = walker.getOffset(-1);
	// Ensure offset is valid or provide a safe default
	return offset;
	}

Standards

• CWE-119
• A06:2021-Vulnerable and Outdated Components

[refacto-test]

Potential Integer Overflow in Offset Handling

The method returns the result of walker.getOffset(-1) directly without any validation. If the offset value is extremely large, it could potentially lead to integer overflow when used in subsequent calculations. While this is a low risk in this context, implementing proper bounds checking would follow defensive programming principles.

Suggested change

	public long getValue(ParserWalker walker) throws MemoryAccessException {
	return walker.getOffset(-1);
	}
	@Override
	public long getValue(ParserWalker walker) throws MemoryAccessException {
	long offset = walker.getOffset(-1);
	// Add validation if needed
	return offset;
	}

Standards

• CWE-190
• A03:2021-Injection

[refacto-test]

Secure Implementation of Operand Offset Functionality

👍 Well Done

Consistent Implementation Across Languages

The PR implements the operand offset functionality consistently in both C++ and Java codebases, maintaining feature parity.

Proper Integration with Existing Architecture

The new functionality integrates well with the existing symbol types and expression system, following established patterns.

Comprehensive Implementation

The implementation includes all necessary components: symbols, expressions, parsers, and XML serialization/deserialization.

📌 Files Processed

• Ghidra/Features/Decompiler/src/decompile/cpp/pcodeparse.y
• Ghidra/Features/Decompiler/src/decompile/cpp/semantics.cc
• Ghidra/Features/Decompiler/src/decompile/cpp/semantics.hh
• Ghidra/Features/Decompiler/src/decompile/cpp/slgh_compile.cc
• Ghidra/Features/Decompiler/src/decompile/cpp/slghparse.y
• Ghidra/Features/Decompiler/src/decompile/cpp/slghpatexpress.cc
• Ghidra/Features/Decompiler/src/decompile/cpp/slghpatexpress.hh
• Ghidra/Features/Decompiler/src/decompile/cpp/slghscan.l
• Ghidra/Features/Decompiler/src/decompile/cpp/slghsymbol.cc
• Ghidra/Features/Decompiler/src/decompile/cpp/slghsymbol.hh
• Ghidra/Framework/SoftwareModeling/src/main/antlr/ghidra/sleigh/grammar/SleighCompiler.g
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/assembler/sleigh/SleighAssemblerBuilder.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/expression/OffsetInstructionValue.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/expression/PatternExpression.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/symbol/OffsetSymbol.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/app/plugin/processors/sleigh/symbol/SymbolTable.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/semantics/ConstTpl.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slgh_compile/SleighCompile.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slgh_compile/Yylval.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slghpatexpress/OffsetInstructionValue.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slghpatexpress/PatternExpression.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slghsymbol/OffsetSymbol.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slghsymbol/SymbolTable.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/pcodeCPort/slghsymbol/symbol_type.java
• Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/lang/PcodeParser.java

[refacto-test]

Refacto is reviewing this PR. Please wait for the review comments to be posted.